xref: /openbmc/linux/net/ipv6/addrconf.c (revision 0d51aa80a9b1db43920c0770c3bb842dd823c005)
1 /*
2  *	IPv6 Address [auto]configuration
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Alexey Kuznetsov	<kuznet@ms2.inr.ac.ru>
8  *
9  *	$Id: addrconf.c,v 1.69 2001/10/31 21:55:54 davem Exp $
10  *
11  *	This program is free software; you can redistribute it and/or
12  *      modify it under the terms of the GNU General Public License
13  *      as published by the Free Software Foundation; either version
14  *      2 of the License, or (at your option) any later version.
15  */
16 
17 /*
18  *	Changes:
19  *
20  *	Janos Farkas			:	delete timer on ifdown
21  *	<chexum@bankinf.banki.hu>
22  *	Andi Kleen			:	kill double kfree on module
23  *						unload.
24  *	Maciej W. Rozycki		:	FDDI support
25  *	sekiya@USAGI			:	Don't send too many RS
26  *						packets.
27  *	yoshfuji@USAGI			:       Fixed interval between DAD
28  *						packets.
29  *	YOSHIFUJI Hideaki @USAGI	:	improved accuracy of
30  *						address validation timer.
31  *	YOSHIFUJI Hideaki @USAGI	:	Privacy Extensions (RFC3041)
32  *						support.
33  *	Yuji SEKIYA @USAGI		:	Don't assign a same IPv6
34  *						address on a same interface.
35  *	YOSHIFUJI Hideaki @USAGI	:	ARCnet support
36  *	YOSHIFUJI Hideaki @USAGI	:	convert /proc/net/if_inet6 to
37  *						seq_file.
38  */
39 
40 #include <linux/config.h>
41 #include <linux/errno.h>
42 #include <linux/types.h>
43 #include <linux/socket.h>
44 #include <linux/sockios.h>
45 #include <linux/sched.h>
46 #include <linux/net.h>
47 #include <linux/in6.h>
48 #include <linux/netdevice.h>
49 #include <linux/if_arp.h>
50 #include <linux/if_arcnet.h>
51 #include <linux/if_infiniband.h>
52 #include <linux/route.h>
53 #include <linux/inetdevice.h>
54 #include <linux/init.h>
55 #ifdef CONFIG_SYSCTL
56 #include <linux/sysctl.h>
57 #endif
58 #include <linux/delay.h>
59 #include <linux/notifier.h>
60 
61 #include <net/sock.h>
62 #include <net/snmp.h>
63 
64 #include <net/ipv6.h>
65 #include <net/protocol.h>
66 #include <net/ndisc.h>
67 #include <net/ip6_route.h>
68 #include <net/addrconf.h>
69 #include <net/tcp.h>
70 #include <net/ip.h>
71 #include <linux/if_tunnel.h>
72 #include <linux/rtnetlink.h>
73 
74 #ifdef CONFIG_IPV6_PRIVACY
75 #include <linux/random.h>
76 #include <linux/crypto.h>
77 #include <asm/scatterlist.h>
78 #endif
79 
80 #include <asm/uaccess.h>
81 
82 #include <linux/proc_fs.h>
83 #include <linux/seq_file.h>
84 
85 /* Set to 3 to get tracing... */
86 #define ACONF_DEBUG 2
87 
88 #if ACONF_DEBUG >= 3
89 #define ADBG(x) printk x
90 #else
91 #define ADBG(x)
92 #endif
93 
94 #define	INFINITY_LIFE_TIME	0xFFFFFFFF
95 #define TIME_DELTA(a,b) ((unsigned long)((long)(a) - (long)(b)))
96 
97 #ifdef CONFIG_SYSCTL
98 static void addrconf_sysctl_register(struct inet6_dev *idev, struct ipv6_devconf *p);
99 static void addrconf_sysctl_unregister(struct ipv6_devconf *p);
100 #endif
101 
102 #ifdef CONFIG_IPV6_PRIVACY
103 static int __ipv6_regen_rndid(struct inet6_dev *idev);
104 static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
105 static void ipv6_regen_rndid(unsigned long data);
106 
107 static int desync_factor = MAX_DESYNC_FACTOR * HZ;
108 static struct crypto_tfm *md5_tfm;
109 static DEFINE_SPINLOCK(md5_tfm_lock);
110 #endif
111 
112 static int ipv6_count_addresses(struct inet6_dev *idev);
113 
114 /*
115  *	Configured unicast address hash table
116  */
117 static struct inet6_ifaddr		*inet6_addr_lst[IN6_ADDR_HSIZE];
118 static DEFINE_RWLOCK(addrconf_hash_lock);
119 
120 /* Protects inet6 devices */
121 DEFINE_RWLOCK(addrconf_lock);
122 
123 static void addrconf_verify(unsigned long);
124 
125 static struct timer_list addr_chk_timer =
126 			TIMER_INITIALIZER(addrconf_verify, 0, 0);
127 static DEFINE_SPINLOCK(addrconf_verify_lock);
128 
129 static void addrconf_join_anycast(struct inet6_ifaddr *ifp);
130 static void addrconf_leave_anycast(struct inet6_ifaddr *ifp);
131 
132 static int addrconf_ifdown(struct net_device *dev, int how);
133 
134 static void addrconf_dad_start(struct inet6_ifaddr *ifp, u32 flags);
135 static void addrconf_dad_timer(unsigned long data);
136 static void addrconf_dad_completed(struct inet6_ifaddr *ifp);
137 static void addrconf_rs_timer(unsigned long data);
138 static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
139 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
140 
141 static void inet6_prefix_notify(int event, struct inet6_dev *idev,
142 				struct prefix_info *pinfo);
143 static int ipv6_chk_same_addr(const struct in6_addr *addr, struct net_device *dev);
144 
145 static struct notifier_block *inet6addr_chain;
146 
147 struct ipv6_devconf ipv6_devconf = {
148 	.forwarding		= 0,
149 	.hop_limit		= IPV6_DEFAULT_HOPLIMIT,
150 	.mtu6			= IPV6_MIN_MTU,
151 	.accept_ra		= 1,
152 	.accept_redirects	= 1,
153 	.autoconf		= 1,
154 	.force_mld_version	= 0,
155 	.dad_transmits		= 1,
156 	.rtr_solicits		= MAX_RTR_SOLICITATIONS,
157 	.rtr_solicit_interval	= RTR_SOLICITATION_INTERVAL,
158 	.rtr_solicit_delay	= MAX_RTR_SOLICITATION_DELAY,
159 #ifdef CONFIG_IPV6_PRIVACY
160 	.use_tempaddr 		= 0,
161 	.temp_valid_lft		= TEMP_VALID_LIFETIME,
162 	.temp_prefered_lft	= TEMP_PREFERRED_LIFETIME,
163 	.regen_max_retry	= REGEN_MAX_RETRY,
164 	.max_desync_factor	= MAX_DESYNC_FACTOR,
165 #endif
166 	.max_addresses		= IPV6_MAX_ADDRESSES,
167 };
168 
169 static struct ipv6_devconf ipv6_devconf_dflt = {
170 	.forwarding		= 0,
171 	.hop_limit		= IPV6_DEFAULT_HOPLIMIT,
172 	.mtu6			= IPV6_MIN_MTU,
173 	.accept_ra		= 1,
174 	.accept_redirects	= 1,
175 	.autoconf		= 1,
176 	.dad_transmits		= 1,
177 	.rtr_solicits		= MAX_RTR_SOLICITATIONS,
178 	.rtr_solicit_interval	= RTR_SOLICITATION_INTERVAL,
179 	.rtr_solicit_delay	= MAX_RTR_SOLICITATION_DELAY,
180 #ifdef CONFIG_IPV6_PRIVACY
181 	.use_tempaddr		= 0,
182 	.temp_valid_lft		= TEMP_VALID_LIFETIME,
183 	.temp_prefered_lft	= TEMP_PREFERRED_LIFETIME,
184 	.regen_max_retry	= REGEN_MAX_RETRY,
185 	.max_desync_factor	= MAX_DESYNC_FACTOR,
186 #endif
187 	.max_addresses		= IPV6_MAX_ADDRESSES,
188 };
189 
190 /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
191 #if 0
192 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
193 #endif
194 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
195 
196 int ipv6_addr_type(const struct in6_addr *addr)
197 {
198 	int type;
199 	u32 st;
200 
201 	st = addr->s6_addr32[0];
202 
203 	if ((st & htonl(0xFF000000)) == htonl(0xFF000000)) {
204 		type = IPV6_ADDR_MULTICAST;
205 
206 		switch((st & htonl(0x00FF0000))) {
207 			case __constant_htonl(0x00010000):
208 				type |= IPV6_ADDR_LOOPBACK;
209 				break;
210 
211 			case __constant_htonl(0x00020000):
212 				type |= IPV6_ADDR_LINKLOCAL;
213 				break;
214 
215 			case __constant_htonl(0x00050000):
216 				type |= IPV6_ADDR_SITELOCAL;
217 				break;
218 		};
219 		return type;
220 	}
221 
222 	type = IPV6_ADDR_UNICAST;
223 
224 	/* Consider all addresses with the first three bits different of
225 	   000 and 111 as finished.
226 	 */
227 	if ((st & htonl(0xE0000000)) != htonl(0x00000000) &&
228 	    (st & htonl(0xE0000000)) != htonl(0xE0000000))
229 		return type;
230 
231 	if ((st & htonl(0xFFC00000)) == htonl(0xFE800000))
232 		return (IPV6_ADDR_LINKLOCAL | type);
233 
234 	if ((st & htonl(0xFFC00000)) == htonl(0xFEC00000))
235 		return (IPV6_ADDR_SITELOCAL | type);
236 
237 	if ((addr->s6_addr32[0] | addr->s6_addr32[1]) == 0) {
238 		if (addr->s6_addr32[2] == 0) {
239 			if (addr->s6_addr32[3] == 0)
240 				return IPV6_ADDR_ANY;
241 
242 			if (addr->s6_addr32[3] == htonl(0x00000001))
243 				return (IPV6_ADDR_LOOPBACK | type);
244 
245 			return (IPV6_ADDR_COMPATv4 | type);
246 		}
247 
248 		if (addr->s6_addr32[2] == htonl(0x0000ffff))
249 			return IPV6_ADDR_MAPPED;
250 	}
251 
252 	st &= htonl(0xFF000000);
253 	if (st == 0)
254 		return IPV6_ADDR_RESERVED;
255 	st &= htonl(0xFE000000);
256 	if (st == htonl(0x02000000))
257 		return IPV6_ADDR_RESERVED;	/* for NSAP */
258 	if (st == htonl(0x04000000))
259 		return IPV6_ADDR_RESERVED;	/* for IPX */
260 	return type;
261 }
262 
263 static void addrconf_del_timer(struct inet6_ifaddr *ifp)
264 {
265 	if (del_timer(&ifp->timer))
266 		__in6_ifa_put(ifp);
267 }
268 
269 enum addrconf_timer_t
270 {
271 	AC_NONE,
272 	AC_DAD,
273 	AC_RS,
274 };
275 
276 static void addrconf_mod_timer(struct inet6_ifaddr *ifp,
277 			       enum addrconf_timer_t what,
278 			       unsigned long when)
279 {
280 	if (!del_timer(&ifp->timer))
281 		in6_ifa_hold(ifp);
282 
283 	switch (what) {
284 	case AC_DAD:
285 		ifp->timer.function = addrconf_dad_timer;
286 		break;
287 	case AC_RS:
288 		ifp->timer.function = addrconf_rs_timer;
289 		break;
290 	default:;
291 	}
292 	ifp->timer.expires = jiffies + when;
293 	add_timer(&ifp->timer);
294 }
295 
296 /* Nobody refers to this device, we may destroy it. */
297 
298 void in6_dev_finish_destroy(struct inet6_dev *idev)
299 {
300 	struct net_device *dev = idev->dev;
301 	BUG_TRAP(idev->addr_list==NULL);
302 	BUG_TRAP(idev->mc_list==NULL);
303 #ifdef NET_REFCNT_DEBUG
304 	printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL");
305 #endif
306 	dev_put(dev);
307 	if (!idev->dead) {
308 		printk("Freeing alive inet6 device %p\n", idev);
309 		return;
310 	}
311 	snmp6_free_dev(idev);
312 	kfree(idev);
313 }
314 
315 static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
316 {
317 	struct inet6_dev *ndev;
318 
319 	ASSERT_RTNL();
320 
321 	if (dev->mtu < IPV6_MIN_MTU)
322 		return NULL;
323 
324 	ndev = kmalloc(sizeof(struct inet6_dev), GFP_KERNEL);
325 
326 	if (ndev) {
327 		memset(ndev, 0, sizeof(struct inet6_dev));
328 
329 		rwlock_init(&ndev->lock);
330 		ndev->dev = dev;
331 		memcpy(&ndev->cnf, &ipv6_devconf_dflt, sizeof(ndev->cnf));
332 		ndev->cnf.mtu6 = dev->mtu;
333 		ndev->cnf.sysctl = NULL;
334 		ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
335 		if (ndev->nd_parms == NULL) {
336 			kfree(ndev);
337 			return NULL;
338 		}
339 		/* We refer to the device */
340 		dev_hold(dev);
341 
342 		if (snmp6_alloc_dev(ndev) < 0) {
343 			ADBG((KERN_WARNING
344 				"%s(): cannot allocate memory for statistics; dev=%s.\n",
345 				__FUNCTION__, dev->name));
346 			neigh_parms_release(&nd_tbl, ndev->nd_parms);
347 			ndev->dead = 1;
348 			in6_dev_finish_destroy(ndev);
349 			return NULL;
350 		}
351 
352 		if (snmp6_register_dev(ndev) < 0) {
353 			ADBG((KERN_WARNING
354 				"%s(): cannot create /proc/net/dev_snmp6/%s\n",
355 				__FUNCTION__, dev->name));
356 			neigh_parms_release(&nd_tbl, ndev->nd_parms);
357 			ndev->dead = 1;
358 			in6_dev_finish_destroy(ndev);
359 			return NULL;
360 		}
361 
362 		/* One reference from device.  We must do this before
363 		 * we invoke __ipv6_regen_rndid().
364 		 */
365 		in6_dev_hold(ndev);
366 
367 #ifdef CONFIG_IPV6_PRIVACY
368 		get_random_bytes(ndev->rndid, sizeof(ndev->rndid));
369 		get_random_bytes(ndev->entropy, sizeof(ndev->entropy));
370 		init_timer(&ndev->regen_timer);
371 		ndev->regen_timer.function = ipv6_regen_rndid;
372 		ndev->regen_timer.data = (unsigned long) ndev;
373 		if ((dev->flags&IFF_LOOPBACK) ||
374 		    dev->type == ARPHRD_TUNNEL ||
375 		    dev->type == ARPHRD_NONE ||
376 		    dev->type == ARPHRD_SIT) {
377 			printk(KERN_INFO
378 				"Disabled Privacy Extensions on device %p(%s)\n",
379 				dev, dev->name);
380 			ndev->cnf.use_tempaddr = -1;
381 		} else {
382 			in6_dev_hold(ndev);
383 			ipv6_regen_rndid((unsigned long) ndev);
384 		}
385 #endif
386 
387 		write_lock_bh(&addrconf_lock);
388 		dev->ip6_ptr = ndev;
389 		write_unlock_bh(&addrconf_lock);
390 
391 		ipv6_mc_init_dev(ndev);
392 		ndev->tstamp = jiffies;
393 #ifdef CONFIG_SYSCTL
394 		neigh_sysctl_register(dev, ndev->nd_parms, NET_IPV6,
395 				      NET_IPV6_NEIGH, "ipv6",
396 				      &ndisc_ifinfo_sysctl_change,
397 				      NULL);
398 		addrconf_sysctl_register(ndev, &ndev->cnf);
399 #endif
400 	}
401 	return ndev;
402 }
403 
404 static struct inet6_dev * ipv6_find_idev(struct net_device *dev)
405 {
406 	struct inet6_dev *idev;
407 
408 	ASSERT_RTNL();
409 
410 	if ((idev = __in6_dev_get(dev)) == NULL) {
411 		if ((idev = ipv6_add_dev(dev)) == NULL)
412 			return NULL;
413 	}
414 	if (dev->flags&IFF_UP)
415 		ipv6_mc_up(idev);
416 	return idev;
417 }
418 
419 #ifdef CONFIG_SYSCTL
420 static void dev_forward_change(struct inet6_dev *idev)
421 {
422 	struct net_device *dev;
423 	struct inet6_ifaddr *ifa;
424 	struct in6_addr addr;
425 
426 	if (!idev)
427 		return;
428 	dev = idev->dev;
429 	if (dev && (dev->flags & IFF_MULTICAST)) {
430 		ipv6_addr_all_routers(&addr);
431 
432 		if (idev->cnf.forwarding)
433 			ipv6_dev_mc_inc(dev, &addr);
434 		else
435 			ipv6_dev_mc_dec(dev, &addr);
436 	}
437 	for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) {
438 		if (idev->cnf.forwarding)
439 			addrconf_join_anycast(ifa);
440 		else
441 			addrconf_leave_anycast(ifa);
442 	}
443 }
444 
445 
446 static void addrconf_forward_change(void)
447 {
448 	struct net_device *dev;
449 	struct inet6_dev *idev;
450 
451 	read_lock(&dev_base_lock);
452 	for (dev=dev_base; dev; dev=dev->next) {
453 		read_lock(&addrconf_lock);
454 		idev = __in6_dev_get(dev);
455 		if (idev) {
456 			int changed = (!idev->cnf.forwarding) ^ (!ipv6_devconf.forwarding);
457 			idev->cnf.forwarding = ipv6_devconf.forwarding;
458 			if (changed)
459 				dev_forward_change(idev);
460 		}
461 		read_unlock(&addrconf_lock);
462 	}
463 	read_unlock(&dev_base_lock);
464 }
465 #endif
466 
467 /* Nobody refers to this ifaddr, destroy it */
468 
469 void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp)
470 {
471 	BUG_TRAP(ifp->if_next==NULL);
472 	BUG_TRAP(ifp->lst_next==NULL);
473 #ifdef NET_REFCNT_DEBUG
474 	printk(KERN_DEBUG "inet6_ifa_finish_destroy\n");
475 #endif
476 
477 	in6_dev_put(ifp->idev);
478 
479 	if (del_timer(&ifp->timer))
480 		printk("Timer is still running, when freeing ifa=%p\n", ifp);
481 
482 	if (!ifp->dead) {
483 		printk("Freeing alive inet6 address %p\n", ifp);
484 		return;
485 	}
486 	dst_release(&ifp->rt->u.dst);
487 
488 	kfree(ifp);
489 }
490 
491 /* On success it returns ifp with increased reference count */
492 
493 static struct inet6_ifaddr *
494 ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
495 	      int scope, u32 flags)
496 {
497 	struct inet6_ifaddr *ifa = NULL;
498 	struct rt6_info *rt;
499 	int hash;
500 	int err = 0;
501 
502 	read_lock_bh(&addrconf_lock);
503 	if (idev->dead) {
504 		err = -ENODEV;			/*XXX*/
505 		goto out2;
506 	}
507 
508 	write_lock(&addrconf_hash_lock);
509 
510 	/* Ignore adding duplicate addresses on an interface */
511 	if (ipv6_chk_same_addr(addr, idev->dev)) {
512 		ADBG(("ipv6_add_addr: already assigned\n"));
513 		err = -EEXIST;
514 		goto out;
515 	}
516 
517 	ifa = kmalloc(sizeof(struct inet6_ifaddr), GFP_ATOMIC);
518 
519 	if (ifa == NULL) {
520 		ADBG(("ipv6_add_addr: malloc failed\n"));
521 		err = -ENOBUFS;
522 		goto out;
523 	}
524 
525 	rt = addrconf_dst_alloc(idev, addr, 0);
526 	if (IS_ERR(rt)) {
527 		err = PTR_ERR(rt);
528 		goto out;
529 	}
530 
531 	memset(ifa, 0, sizeof(struct inet6_ifaddr));
532 	ipv6_addr_copy(&ifa->addr, addr);
533 
534 	spin_lock_init(&ifa->lock);
535 	init_timer(&ifa->timer);
536 	ifa->timer.data = (unsigned long) ifa;
537 	ifa->scope = scope;
538 	ifa->prefix_len = pfxlen;
539 	ifa->flags = flags | IFA_F_TENTATIVE;
540 	ifa->cstamp = ifa->tstamp = jiffies;
541 
542 	ifa->idev = idev;
543 	in6_dev_hold(idev);
544 	/* For caller */
545 	in6_ifa_hold(ifa);
546 
547 	/* Add to big hash table */
548 	hash = ipv6_addr_hash(addr);
549 
550 	ifa->lst_next = inet6_addr_lst[hash];
551 	inet6_addr_lst[hash] = ifa;
552 	in6_ifa_hold(ifa);
553 	write_unlock(&addrconf_hash_lock);
554 
555 	write_lock(&idev->lock);
556 	/* Add to inet6_dev unicast addr list. */
557 	ifa->if_next = idev->addr_list;
558 	idev->addr_list = ifa;
559 
560 #ifdef CONFIG_IPV6_PRIVACY
561 	if (ifa->flags&IFA_F_TEMPORARY) {
562 		ifa->tmp_next = idev->tempaddr_list;
563 		idev->tempaddr_list = ifa;
564 		in6_ifa_hold(ifa);
565 	}
566 #endif
567 
568 	ifa->rt = rt;
569 
570 	in6_ifa_hold(ifa);
571 	write_unlock(&idev->lock);
572 out2:
573 	read_unlock_bh(&addrconf_lock);
574 
575 	if (likely(err == 0))
576 		notifier_call_chain(&inet6addr_chain, NETDEV_UP, ifa);
577 	else {
578 		kfree(ifa);
579 		ifa = ERR_PTR(err);
580 	}
581 
582 	return ifa;
583 out:
584 	write_unlock(&addrconf_hash_lock);
585 	goto out2;
586 }
587 
588 /* This function wants to get referenced ifp and releases it before return */
589 
590 static void ipv6_del_addr(struct inet6_ifaddr *ifp)
591 {
592 	struct inet6_ifaddr *ifa, **ifap;
593 	struct inet6_dev *idev = ifp->idev;
594 	int hash;
595 	int deleted = 0, onlink = 0;
596 	unsigned long expires = jiffies;
597 
598 	hash = ipv6_addr_hash(&ifp->addr);
599 
600 	ifp->dead = 1;
601 
602 	write_lock_bh(&addrconf_hash_lock);
603 	for (ifap = &inet6_addr_lst[hash]; (ifa=*ifap) != NULL;
604 	     ifap = &ifa->lst_next) {
605 		if (ifa == ifp) {
606 			*ifap = ifa->lst_next;
607 			__in6_ifa_put(ifp);
608 			ifa->lst_next = NULL;
609 			break;
610 		}
611 	}
612 	write_unlock_bh(&addrconf_hash_lock);
613 
614 	write_lock_bh(&idev->lock);
615 #ifdef CONFIG_IPV6_PRIVACY
616 	if (ifp->flags&IFA_F_TEMPORARY) {
617 		for (ifap = &idev->tempaddr_list; (ifa=*ifap) != NULL;
618 		     ifap = &ifa->tmp_next) {
619 			if (ifa == ifp) {
620 				*ifap = ifa->tmp_next;
621 				if (ifp->ifpub) {
622 					in6_ifa_put(ifp->ifpub);
623 					ifp->ifpub = NULL;
624 				}
625 				__in6_ifa_put(ifp);
626 				ifa->tmp_next = NULL;
627 				break;
628 			}
629 		}
630 	}
631 #endif
632 
633 	for (ifap = &idev->addr_list; (ifa=*ifap) != NULL;
634 	     ifap = &ifa->if_next) {
635 		if (ifa == ifp) {
636 			*ifap = ifa->if_next;
637 			__in6_ifa_put(ifp);
638 			ifa->if_next = NULL;
639 			if (!(ifp->flags & IFA_F_PERMANENT) || onlink > 0)
640 				break;
641 			deleted = 1;
642 		} else if (ifp->flags & IFA_F_PERMANENT) {
643 			if (ipv6_prefix_equal(&ifa->addr, &ifp->addr,
644 					      ifp->prefix_len)) {
645 				if (ifa->flags & IFA_F_PERMANENT) {
646 					onlink = 1;
647 					if (deleted)
648 						break;
649 				} else {
650 					unsigned long lifetime;
651 
652 					if (!onlink)
653 						onlink = -1;
654 
655 					spin_lock(&ifa->lock);
656 					lifetime = min_t(unsigned long,
657 							 ifa->valid_lft, 0x7fffffffUL/HZ);
658 					if (time_before(expires,
659 							ifa->tstamp + lifetime * HZ))
660 						expires = ifa->tstamp + lifetime * HZ;
661 					spin_unlock(&ifa->lock);
662 				}
663 			}
664 		}
665 	}
666 	write_unlock_bh(&idev->lock);
667 
668 	ipv6_ifa_notify(RTM_DELADDR, ifp);
669 
670 	notifier_call_chain(&inet6addr_chain,NETDEV_DOWN,ifp);
671 
672 	addrconf_del_timer(ifp);
673 
674 	/*
675 	 * Purge or update corresponding prefix
676 	 *
677 	 * 1) we don't purge prefix here if address was not permanent.
678 	 *    prefix is managed by its own lifetime.
679 	 * 2) if there're no addresses, delete prefix.
680 	 * 3) if there're still other permanent address(es),
681 	 *    corresponding prefix is still permanent.
682 	 * 4) otherwise, update prefix lifetime to the
683 	 *    longest valid lifetime among the corresponding
684 	 *    addresses on the device.
685 	 *    Note: subsequent RA will update lifetime.
686 	 *
687 	 * --yoshfuji
688 	 */
689 	if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) {
690 		struct in6_addr prefix;
691 		struct rt6_info *rt;
692 
693 		ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
694 		rt = rt6_lookup(&prefix, NULL, ifp->idev->dev->ifindex, 1);
695 
696 		if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
697 			if (onlink == 0) {
698 				ip6_del_rt(rt, NULL, NULL, NULL);
699 				rt = NULL;
700 			} else if (!(rt->rt6i_flags & RTF_EXPIRES)) {
701 				rt->rt6i_expires = expires;
702 				rt->rt6i_flags |= RTF_EXPIRES;
703 			}
704 		}
705 		dst_release(&rt->u.dst);
706 	}
707 
708 	in6_ifa_put(ifp);
709 }
710 
711 #ifdef CONFIG_IPV6_PRIVACY
712 static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, struct inet6_ifaddr *ift)
713 {
714 	struct inet6_dev *idev = ifp->idev;
715 	struct in6_addr addr, *tmpaddr;
716 	unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp;
717 	int tmp_plen;
718 	int ret = 0;
719 	int max_addresses;
720 
721 	write_lock(&idev->lock);
722 	if (ift) {
723 		spin_lock_bh(&ift->lock);
724 		memcpy(&addr.s6_addr[8], &ift->addr.s6_addr[8], 8);
725 		spin_unlock_bh(&ift->lock);
726 		tmpaddr = &addr;
727 	} else {
728 		tmpaddr = NULL;
729 	}
730 retry:
731 	in6_dev_hold(idev);
732 	if (idev->cnf.use_tempaddr <= 0) {
733 		write_unlock(&idev->lock);
734 		printk(KERN_INFO
735 			"ipv6_create_tempaddr(): use_tempaddr is disabled.\n");
736 		in6_dev_put(idev);
737 		ret = -1;
738 		goto out;
739 	}
740 	spin_lock_bh(&ifp->lock);
741 	if (ifp->regen_count++ >= idev->cnf.regen_max_retry) {
742 		idev->cnf.use_tempaddr = -1;	/*XXX*/
743 		spin_unlock_bh(&ifp->lock);
744 		write_unlock(&idev->lock);
745 		printk(KERN_WARNING
746 			"ipv6_create_tempaddr(): regeneration time exceeded. disabled temporary address support.\n");
747 		in6_dev_put(idev);
748 		ret = -1;
749 		goto out;
750 	}
751 	in6_ifa_hold(ifp);
752 	memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
753 	if (__ipv6_try_regen_rndid(idev, tmpaddr) < 0) {
754 		spin_unlock_bh(&ifp->lock);
755 		write_unlock(&idev->lock);
756 		printk(KERN_WARNING
757 			"ipv6_create_tempaddr(): regeneration of randomized interface id failed.\n");
758 		in6_ifa_put(ifp);
759 		in6_dev_put(idev);
760 		ret = -1;
761 		goto out;
762 	}
763 	memcpy(&addr.s6_addr[8], idev->rndid, 8);
764 	tmp_valid_lft = min_t(__u32,
765 			      ifp->valid_lft,
766 			      idev->cnf.temp_valid_lft);
767 	tmp_prefered_lft = min_t(__u32,
768 				 ifp->prefered_lft,
769 				 idev->cnf.temp_prefered_lft - desync_factor / HZ);
770 	tmp_plen = ifp->prefix_len;
771 	max_addresses = idev->cnf.max_addresses;
772 	tmp_cstamp = ifp->cstamp;
773 	tmp_tstamp = ifp->tstamp;
774 	spin_unlock_bh(&ifp->lock);
775 
776 	write_unlock(&idev->lock);
777 	ift = !max_addresses ||
778 	      ipv6_count_addresses(idev) < max_addresses ?
779 		ipv6_add_addr(idev, &addr, tmp_plen,
780 			      ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, IFA_F_TEMPORARY) : NULL;
781 	if (!ift || IS_ERR(ift)) {
782 		in6_ifa_put(ifp);
783 		in6_dev_put(idev);
784 		printk(KERN_INFO
785 			"ipv6_create_tempaddr(): retry temporary address regeneration.\n");
786 		tmpaddr = &addr;
787 		write_lock(&idev->lock);
788 		goto retry;
789 	}
790 
791 	spin_lock_bh(&ift->lock);
792 	ift->ifpub = ifp;
793 	ift->valid_lft = tmp_valid_lft;
794 	ift->prefered_lft = tmp_prefered_lft;
795 	ift->cstamp = tmp_cstamp;
796 	ift->tstamp = tmp_tstamp;
797 	spin_unlock_bh(&ift->lock);
798 
799 	addrconf_dad_start(ift, 0);
800 	in6_ifa_put(ift);
801 	in6_dev_put(idev);
802 out:
803 	return ret;
804 }
805 #endif
806 
807 /*
808  *	Choose an appropriate source address
809  *	should do:
810  *	i)	get an address with an appropriate scope
811  *	ii)	see if there is a specific route for the destination and use
812  *		an address of the attached interface
813  *	iii)	don't use deprecated addresses
814  */
815 static int inline ipv6_saddr_pref(const struct inet6_ifaddr *ifp, u8 invpref)
816 {
817 	int pref;
818 	pref = ifp->flags&IFA_F_DEPRECATED ? 0 : 2;
819 #ifdef CONFIG_IPV6_PRIVACY
820 	pref |= (ifp->flags^invpref)&IFA_F_TEMPORARY ? 0 : 1;
821 #endif
822 	return pref;
823 }
824 
825 #ifdef CONFIG_IPV6_PRIVACY
826 #define IPV6_GET_SADDR_MAXSCORE(score)	((score) == 3)
827 #else
828 #define IPV6_GET_SADDR_MAXSCORE(score)	(score)
829 #endif
830 
831 int ipv6_dev_get_saddr(struct net_device *dev,
832 		       struct in6_addr *daddr, struct in6_addr *saddr)
833 {
834 	struct inet6_ifaddr *ifp = NULL;
835 	struct inet6_ifaddr *match = NULL;
836 	struct inet6_dev *idev;
837 	int scope;
838 	int err;
839 	int hiscore = -1, score;
840 
841 	scope = ipv6_addr_scope(daddr);
842 
843 	/*
844 	 *	known dev
845 	 *	search dev and walk through dev addresses
846 	 */
847 
848 	if (dev) {
849 		if (dev->flags & IFF_LOOPBACK)
850 			scope = IFA_HOST;
851 
852 		read_lock(&addrconf_lock);
853 		idev = __in6_dev_get(dev);
854 		if (idev) {
855 			read_lock_bh(&idev->lock);
856 			for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
857 				if (ifp->scope == scope) {
858 					if (ifp->flags&IFA_F_TENTATIVE)
859 						continue;
860 #ifdef CONFIG_IPV6_PRIVACY
861 					score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0);
862 #else
863 					score = ipv6_saddr_pref(ifp, 0);
864 #endif
865 					if (score <= hiscore)
866 						continue;
867 
868 					if (match)
869 						in6_ifa_put(match);
870 					match = ifp;
871 					hiscore = score;
872 					in6_ifa_hold(ifp);
873 
874 					if (IPV6_GET_SADDR_MAXSCORE(score)) {
875 						read_unlock_bh(&idev->lock);
876 						read_unlock(&addrconf_lock);
877 						goto out;
878 					}
879 				}
880 			}
881 			read_unlock_bh(&idev->lock);
882 		}
883 		read_unlock(&addrconf_lock);
884 	}
885 
886 	if (scope == IFA_LINK)
887 		goto out;
888 
889 	/*
890 	 *	dev == NULL or search failed for specified dev
891 	 */
892 
893 	read_lock(&dev_base_lock);
894 	read_lock(&addrconf_lock);
895 	for (dev = dev_base; dev; dev=dev->next) {
896 		idev = __in6_dev_get(dev);
897 		if (idev) {
898 			read_lock_bh(&idev->lock);
899 			for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
900 				if (ifp->scope == scope) {
901 					if (ifp->flags&IFA_F_TENTATIVE)
902 						continue;
903 #ifdef CONFIG_IPV6_PRIVACY
904 					score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0);
905 #else
906 					score = ipv6_saddr_pref(ifp, 0);
907 #endif
908 					if (score <= hiscore)
909 						continue;
910 
911 					if (match)
912 						in6_ifa_put(match);
913 					match = ifp;
914 					hiscore = score;
915 					in6_ifa_hold(ifp);
916 
917 					if (IPV6_GET_SADDR_MAXSCORE(score)) {
918 						read_unlock_bh(&idev->lock);
919 						goto out_unlock_base;
920 					}
921 				}
922 			}
923 			read_unlock_bh(&idev->lock);
924 		}
925 	}
926 
927 out_unlock_base:
928 	read_unlock(&addrconf_lock);
929 	read_unlock(&dev_base_lock);
930 
931 out:
932 	err = -EADDRNOTAVAIL;
933 	if (match) {
934 		ipv6_addr_copy(saddr, &match->addr);
935 		err = 0;
936 		in6_ifa_put(match);
937 	}
938 
939 	return err;
940 }
941 
942 
943 int ipv6_get_saddr(struct dst_entry *dst,
944 		   struct in6_addr *daddr, struct in6_addr *saddr)
945 {
946 	return ipv6_dev_get_saddr(dst ? ((struct rt6_info *)dst)->rt6i_idev->dev : NULL, daddr, saddr);
947 }
948 
949 
950 int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr)
951 {
952 	struct inet6_dev *idev;
953 	int err = -EADDRNOTAVAIL;
954 
955 	read_lock(&addrconf_lock);
956 	if ((idev = __in6_dev_get(dev)) != NULL) {
957 		struct inet6_ifaddr *ifp;
958 
959 		read_lock_bh(&idev->lock);
960 		for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
961 			if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) {
962 				ipv6_addr_copy(addr, &ifp->addr);
963 				err = 0;
964 				break;
965 			}
966 		}
967 		read_unlock_bh(&idev->lock);
968 	}
969 	read_unlock(&addrconf_lock);
970 	return err;
971 }
972 
973 static int ipv6_count_addresses(struct inet6_dev *idev)
974 {
975 	int cnt = 0;
976 	struct inet6_ifaddr *ifp;
977 
978 	read_lock_bh(&idev->lock);
979 	for (ifp=idev->addr_list; ifp; ifp=ifp->if_next)
980 		cnt++;
981 	read_unlock_bh(&idev->lock);
982 	return cnt;
983 }
984 
985 int ipv6_chk_addr(struct in6_addr *addr, struct net_device *dev, int strict)
986 {
987 	struct inet6_ifaddr * ifp;
988 	u8 hash = ipv6_addr_hash(addr);
989 
990 	read_lock_bh(&addrconf_hash_lock);
991 	for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
992 		if (ipv6_addr_equal(&ifp->addr, addr) &&
993 		    !(ifp->flags&IFA_F_TENTATIVE)) {
994 			if (dev == NULL || ifp->idev->dev == dev ||
995 			    !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))
996 				break;
997 		}
998 	}
999 	read_unlock_bh(&addrconf_hash_lock);
1000 	return ifp != NULL;
1001 }
1002 
1003 static
1004 int ipv6_chk_same_addr(const struct in6_addr *addr, struct net_device *dev)
1005 {
1006 	struct inet6_ifaddr * ifp;
1007 	u8 hash = ipv6_addr_hash(addr);
1008 
1009 	for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
1010 		if (ipv6_addr_equal(&ifp->addr, addr)) {
1011 			if (dev == NULL || ifp->idev->dev == dev)
1012 				break;
1013 		}
1014 	}
1015 	return ifp != NULL;
1016 }
1017 
1018 struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr, struct net_device *dev, int strict)
1019 {
1020 	struct inet6_ifaddr * ifp;
1021 	u8 hash = ipv6_addr_hash(addr);
1022 
1023 	read_lock_bh(&addrconf_hash_lock);
1024 	for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
1025 		if (ipv6_addr_equal(&ifp->addr, addr)) {
1026 			if (dev == NULL || ifp->idev->dev == dev ||
1027 			    !(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) {
1028 				in6_ifa_hold(ifp);
1029 				break;
1030 			}
1031 		}
1032 	}
1033 	read_unlock_bh(&addrconf_hash_lock);
1034 
1035 	return ifp;
1036 }
1037 
1038 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
1039 {
1040 	const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
1041 	const struct in6_addr *sk2_rcv_saddr6 = tcp_v6_rcv_saddr(sk2);
1042 	u32 sk_rcv_saddr = inet_sk(sk)->rcv_saddr;
1043 	u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
1044 	int sk_ipv6only = ipv6_only_sock(sk);
1045 	int sk2_ipv6only = tcp_v6_ipv6only(sk2);
1046 	int addr_type = ipv6_addr_type(sk_rcv_saddr6);
1047 	int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED;
1048 
1049 	if (!sk2_rcv_saddr && !sk_ipv6only)
1050 		return 1;
1051 
1052 	if (addr_type2 == IPV6_ADDR_ANY &&
1053 	    !(sk2_ipv6only && addr_type == IPV6_ADDR_MAPPED))
1054 		return 1;
1055 
1056 	if (addr_type == IPV6_ADDR_ANY &&
1057 	    !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
1058 		return 1;
1059 
1060 	if (sk2_rcv_saddr6 &&
1061 	    ipv6_addr_equal(sk_rcv_saddr6, sk2_rcv_saddr6))
1062 		return 1;
1063 
1064 	if (addr_type == IPV6_ADDR_MAPPED &&
1065 	    !sk2_ipv6only &&
1066 	    (!sk2_rcv_saddr || !sk_rcv_saddr || sk_rcv_saddr == sk2_rcv_saddr))
1067 		return 1;
1068 
1069 	return 0;
1070 }
1071 
1072 /* Gets referenced address, destroys ifaddr */
1073 
1074 void addrconf_dad_failure(struct inet6_ifaddr *ifp)
1075 {
1076 	if (net_ratelimit())
1077 		printk(KERN_INFO "%s: duplicate address detected!\n", ifp->idev->dev->name);
1078 	if (ifp->flags&IFA_F_PERMANENT) {
1079 		spin_lock_bh(&ifp->lock);
1080 		addrconf_del_timer(ifp);
1081 		ifp->flags |= IFA_F_TENTATIVE;
1082 		spin_unlock_bh(&ifp->lock);
1083 		in6_ifa_put(ifp);
1084 #ifdef CONFIG_IPV6_PRIVACY
1085 	} else if (ifp->flags&IFA_F_TEMPORARY) {
1086 		struct inet6_ifaddr *ifpub;
1087 		spin_lock_bh(&ifp->lock);
1088 		ifpub = ifp->ifpub;
1089 		if (ifpub) {
1090 			in6_ifa_hold(ifpub);
1091 			spin_unlock_bh(&ifp->lock);
1092 			ipv6_create_tempaddr(ifpub, ifp);
1093 			in6_ifa_put(ifpub);
1094 		} else {
1095 			spin_unlock_bh(&ifp->lock);
1096 		}
1097 		ipv6_del_addr(ifp);
1098 #endif
1099 	} else
1100 		ipv6_del_addr(ifp);
1101 }
1102 
1103 
1104 /* Join to solicited addr multicast group. */
1105 
1106 void addrconf_join_solict(struct net_device *dev, struct in6_addr *addr)
1107 {
1108 	struct in6_addr maddr;
1109 
1110 	if (dev->flags&(IFF_LOOPBACK|IFF_NOARP))
1111 		return;
1112 
1113 	addrconf_addr_solict_mult(addr, &maddr);
1114 	ipv6_dev_mc_inc(dev, &maddr);
1115 }
1116 
1117 void addrconf_leave_solict(struct inet6_dev *idev, struct in6_addr *addr)
1118 {
1119 	struct in6_addr maddr;
1120 
1121 	if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP))
1122 		return;
1123 
1124 	addrconf_addr_solict_mult(addr, &maddr);
1125 	__ipv6_dev_mc_dec(idev, &maddr);
1126 }
1127 
1128 void addrconf_join_anycast(struct inet6_ifaddr *ifp)
1129 {
1130 	struct in6_addr addr;
1131 	ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
1132 	if (ipv6_addr_any(&addr))
1133 		return;
1134 	ipv6_dev_ac_inc(ifp->idev->dev, &addr);
1135 }
1136 
1137 void addrconf_leave_anycast(struct inet6_ifaddr *ifp)
1138 {
1139 	struct in6_addr addr;
1140 	ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
1141 	if (ipv6_addr_any(&addr))
1142 		return;
1143 	__ipv6_dev_ac_dec(ifp->idev, &addr);
1144 }
1145 
1146 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
1147 {
1148 	switch (dev->type) {
1149 	case ARPHRD_ETHER:
1150 	case ARPHRD_FDDI:
1151 	case ARPHRD_IEEE802_TR:
1152 		if (dev->addr_len != ETH_ALEN)
1153 			return -1;
1154 		memcpy(eui, dev->dev_addr, 3);
1155 		memcpy(eui + 5, dev->dev_addr + 3, 3);
1156 
1157 		/*
1158 		 * The zSeries OSA network cards can be shared among various
1159 		 * OS instances, but the OSA cards have only one MAC address.
1160 		 * This leads to duplicate address conflicts in conjunction
1161 		 * with IPv6 if more than one instance uses the same card.
1162 		 *
1163 		 * The driver for these cards can deliver a unique 16-bit
1164 		 * identifier for each instance sharing the same card.  It is
1165 		 * placed instead of 0xFFFE in the interface identifier.  The
1166 		 * "u" bit of the interface identifier is not inverted in this
1167 		 * case.  Hence the resulting interface identifier has local
1168 		 * scope according to RFC2373.
1169 		 */
1170 		if (dev->dev_id) {
1171 			eui[3] = (dev->dev_id >> 8) & 0xFF;
1172 			eui[4] = dev->dev_id & 0xFF;
1173 		} else {
1174 			eui[3] = 0xFF;
1175 			eui[4] = 0xFE;
1176 			eui[0] ^= 2;
1177 		}
1178 		return 0;
1179 	case ARPHRD_ARCNET:
1180 		/* XXX: inherit EUI-64 from other interface -- yoshfuji */
1181 		if (dev->addr_len != ARCNET_ALEN)
1182 			return -1;
1183 		memset(eui, 0, 7);
1184 		eui[7] = *(u8*)dev->dev_addr;
1185 		return 0;
1186 	case ARPHRD_INFINIBAND:
1187 		if (dev->addr_len != INFINIBAND_ALEN)
1188 			return -1;
1189 		memcpy(eui, dev->dev_addr + 12, 8);
1190 		eui[0] |= 2;
1191 		return 0;
1192 	}
1193 	return -1;
1194 }
1195 
1196 static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
1197 {
1198 	int err = -1;
1199 	struct inet6_ifaddr *ifp;
1200 
1201 	read_lock_bh(&idev->lock);
1202 	for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
1203 		if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) {
1204 			memcpy(eui, ifp->addr.s6_addr+8, 8);
1205 			err = 0;
1206 			break;
1207 		}
1208 	}
1209 	read_unlock_bh(&idev->lock);
1210 	return err;
1211 }
1212 
1213 #ifdef CONFIG_IPV6_PRIVACY
1214 /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
1215 static int __ipv6_regen_rndid(struct inet6_dev *idev)
1216 {
1217 	struct net_device *dev;
1218 	struct scatterlist sg[2];
1219 
1220 	sg[0].page = virt_to_page(idev->entropy);
1221 	sg[0].offset = offset_in_page(idev->entropy);
1222 	sg[0].length = 8;
1223 	sg[1].page = virt_to_page(idev->work_eui64);
1224 	sg[1].offset = offset_in_page(idev->work_eui64);
1225 	sg[1].length = 8;
1226 
1227 	dev = idev->dev;
1228 
1229 	if (ipv6_generate_eui64(idev->work_eui64, dev)) {
1230 		printk(KERN_INFO
1231 			"__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n",
1232 			idev);
1233 		get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64));
1234 	}
1235 regen:
1236 	spin_lock(&md5_tfm_lock);
1237 	if (unlikely(md5_tfm == NULL)) {
1238 		spin_unlock(&md5_tfm_lock);
1239 		return -1;
1240 	}
1241 	crypto_digest_init(md5_tfm);
1242 	crypto_digest_update(md5_tfm, sg, 2);
1243 	crypto_digest_final(md5_tfm, idev->work_digest);
1244 	spin_unlock(&md5_tfm_lock);
1245 
1246 	memcpy(idev->rndid, &idev->work_digest[0], 8);
1247 	idev->rndid[0] &= ~0x02;
1248 	memcpy(idev->entropy, &idev->work_digest[8], 8);
1249 
1250 	/*
1251 	 * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
1252 	 * check if generated address is not inappropriate
1253 	 *
1254 	 *  - Reserved subnet anycast (RFC 2526)
1255 	 *	11111101 11....11 1xxxxxxx
1256 	 *  - ISATAP (draft-ietf-ngtrans-isatap-13.txt) 5.1
1257 	 *	00-00-5E-FE-xx-xx-xx-xx
1258 	 *  - value 0
1259 	 *  - XXX: already assigned to an address on the device
1260 	 */
1261 	if (idev->rndid[0] == 0xfd &&
1262 	    (idev->rndid[1]&idev->rndid[2]&idev->rndid[3]&idev->rndid[4]&idev->rndid[5]&idev->rndid[6]) == 0xff &&
1263 	    (idev->rndid[7]&0x80))
1264 		goto regen;
1265 	if ((idev->rndid[0]|idev->rndid[1]) == 0) {
1266 		if (idev->rndid[2] == 0x5e && idev->rndid[3] == 0xfe)
1267 			goto regen;
1268 		if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00)
1269 			goto regen;
1270 	}
1271 
1272 	return 0;
1273 }
1274 
1275 static void ipv6_regen_rndid(unsigned long data)
1276 {
1277 	struct inet6_dev *idev = (struct inet6_dev *) data;
1278 	unsigned long expires;
1279 
1280 	read_lock_bh(&addrconf_lock);
1281 	write_lock_bh(&idev->lock);
1282 
1283 	if (idev->dead)
1284 		goto out;
1285 
1286 	if (__ipv6_regen_rndid(idev) < 0)
1287 		goto out;
1288 
1289 	expires = jiffies +
1290 		idev->cnf.temp_prefered_lft * HZ -
1291 		idev->cnf.regen_max_retry * idev->cnf.dad_transmits * idev->nd_parms->retrans_time - desync_factor;
1292 	if (time_before(expires, jiffies)) {
1293 		printk(KERN_WARNING
1294 			"ipv6_regen_rndid(): too short regeneration interval; timer disabled for %s.\n",
1295 			idev->dev->name);
1296 		goto out;
1297 	}
1298 
1299 	if (!mod_timer(&idev->regen_timer, expires))
1300 		in6_dev_hold(idev);
1301 
1302 out:
1303 	write_unlock_bh(&idev->lock);
1304 	read_unlock_bh(&addrconf_lock);
1305 	in6_dev_put(idev);
1306 }
1307 
1308 static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr) {
1309 	int ret = 0;
1310 
1311 	if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0)
1312 		ret = __ipv6_regen_rndid(idev);
1313 	return ret;
1314 }
1315 #endif
1316 
1317 /*
1318  *	Add prefix route.
1319  */
1320 
1321 static void
1322 addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1323 		      unsigned long expires, u32 flags)
1324 {
1325 	struct in6_rtmsg rtmsg;
1326 
1327 	memset(&rtmsg, 0, sizeof(rtmsg));
1328 	ipv6_addr_copy(&rtmsg.rtmsg_dst, pfx);
1329 	rtmsg.rtmsg_dst_len = plen;
1330 	rtmsg.rtmsg_metric = IP6_RT_PRIO_ADDRCONF;
1331 	rtmsg.rtmsg_ifindex = dev->ifindex;
1332 	rtmsg.rtmsg_info = expires;
1333 	rtmsg.rtmsg_flags = RTF_UP|flags;
1334 	rtmsg.rtmsg_type = RTMSG_NEWROUTE;
1335 
1336 	/* Prevent useless cloning on PtP SIT.
1337 	   This thing is done here expecting that the whole
1338 	   class of non-broadcast devices need not cloning.
1339 	 */
1340 	if (dev->type == ARPHRD_SIT && (dev->flags&IFF_POINTOPOINT))
1341 		rtmsg.rtmsg_flags |= RTF_NONEXTHOP;
1342 
1343 	ip6_route_add(&rtmsg, NULL, NULL, NULL);
1344 }
1345 
1346 /* Create "default" multicast route to the interface */
1347 
1348 static void addrconf_add_mroute(struct net_device *dev)
1349 {
1350 	struct in6_rtmsg rtmsg;
1351 
1352 	memset(&rtmsg, 0, sizeof(rtmsg));
1353 	ipv6_addr_set(&rtmsg.rtmsg_dst,
1354 		      htonl(0xFF000000), 0, 0, 0);
1355 	rtmsg.rtmsg_dst_len = 8;
1356 	rtmsg.rtmsg_metric = IP6_RT_PRIO_ADDRCONF;
1357 	rtmsg.rtmsg_ifindex = dev->ifindex;
1358 	rtmsg.rtmsg_flags = RTF_UP;
1359 	rtmsg.rtmsg_type = RTMSG_NEWROUTE;
1360 	ip6_route_add(&rtmsg, NULL, NULL, NULL);
1361 }
1362 
1363 static void sit_route_add(struct net_device *dev)
1364 {
1365 	struct in6_rtmsg rtmsg;
1366 
1367 	memset(&rtmsg, 0, sizeof(rtmsg));
1368 
1369 	rtmsg.rtmsg_type	= RTMSG_NEWROUTE;
1370 	rtmsg.rtmsg_metric	= IP6_RT_PRIO_ADDRCONF;
1371 
1372 	/* prefix length - 96 bits "::d.d.d.d" */
1373 	rtmsg.rtmsg_dst_len	= 96;
1374 	rtmsg.rtmsg_flags	= RTF_UP|RTF_NONEXTHOP;
1375 	rtmsg.rtmsg_ifindex	= dev->ifindex;
1376 
1377 	ip6_route_add(&rtmsg, NULL, NULL, NULL);
1378 }
1379 
1380 static void addrconf_add_lroute(struct net_device *dev)
1381 {
1382 	struct in6_addr addr;
1383 
1384 	ipv6_addr_set(&addr,  htonl(0xFE800000), 0, 0, 0);
1385 	addrconf_prefix_route(&addr, 64, dev, 0, 0);
1386 }
1387 
1388 static struct inet6_dev *addrconf_add_dev(struct net_device *dev)
1389 {
1390 	struct inet6_dev *idev;
1391 
1392 	ASSERT_RTNL();
1393 
1394 	if ((idev = ipv6_find_idev(dev)) == NULL)
1395 		return NULL;
1396 
1397 	/* Add default multicast route */
1398 	addrconf_add_mroute(dev);
1399 
1400 	/* Add link local route */
1401 	addrconf_add_lroute(dev);
1402 	return idev;
1403 }
1404 
1405 void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1406 {
1407 	struct prefix_info *pinfo;
1408 	__u32 valid_lft;
1409 	__u32 prefered_lft;
1410 	int addr_type;
1411 	unsigned long rt_expires;
1412 	struct inet6_dev *in6_dev;
1413 
1414 	pinfo = (struct prefix_info *) opt;
1415 
1416 	if (len < sizeof(struct prefix_info)) {
1417 		ADBG(("addrconf: prefix option too short\n"));
1418 		return;
1419 	}
1420 
1421 	/*
1422 	 *	Validation checks ([ADDRCONF], page 19)
1423 	 */
1424 
1425 	addr_type = ipv6_addr_type(&pinfo->prefix);
1426 
1427 	if (addr_type & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL))
1428 		return;
1429 
1430 	valid_lft = ntohl(pinfo->valid);
1431 	prefered_lft = ntohl(pinfo->prefered);
1432 
1433 	if (prefered_lft > valid_lft) {
1434 		if (net_ratelimit())
1435 			printk(KERN_WARNING "addrconf: prefix option has invalid lifetime\n");
1436 		return;
1437 	}
1438 
1439 	in6_dev = in6_dev_get(dev);
1440 
1441 	if (in6_dev == NULL) {
1442 		if (net_ratelimit())
1443 			printk(KERN_DEBUG "addrconf: device %s not configured\n", dev->name);
1444 		return;
1445 	}
1446 
1447 	/*
1448 	 *	Two things going on here:
1449 	 *	1) Add routes for on-link prefixes
1450 	 *	2) Configure prefixes with the auto flag set
1451 	 */
1452 
1453 	/* Avoid arithmetic overflow. Really, we could
1454 	   save rt_expires in seconds, likely valid_lft,
1455 	   but it would require division in fib gc, that it
1456 	   not good.
1457 	 */
1458 	if (valid_lft >= 0x7FFFFFFF/HZ)
1459 		rt_expires = 0;
1460 	else
1461 		rt_expires = jiffies + valid_lft * HZ;
1462 
1463 	if (pinfo->onlink) {
1464 		struct rt6_info *rt;
1465 		rt = rt6_lookup(&pinfo->prefix, NULL, dev->ifindex, 1);
1466 
1467 		if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
1468 			if (rt->rt6i_flags&RTF_EXPIRES) {
1469 				if (valid_lft == 0) {
1470 					ip6_del_rt(rt, NULL, NULL, NULL);
1471 					rt = NULL;
1472 				} else {
1473 					rt->rt6i_expires = rt_expires;
1474 				}
1475 			}
1476 		} else if (valid_lft) {
1477 			addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len,
1478 					      dev, rt_expires, RTF_ADDRCONF|RTF_EXPIRES|RTF_PREFIX_RT);
1479 		}
1480 		if (rt)
1481 			dst_release(&rt->u.dst);
1482 	}
1483 
1484 	/* Try to figure out our local address for this prefix */
1485 
1486 	if (pinfo->autoconf && in6_dev->cnf.autoconf) {
1487 		struct inet6_ifaddr * ifp;
1488 		struct in6_addr addr;
1489 		int create = 0, update_lft = 0;
1490 
1491 		if (pinfo->prefix_len == 64) {
1492 			memcpy(&addr, &pinfo->prefix, 8);
1493 			if (ipv6_generate_eui64(addr.s6_addr + 8, dev) &&
1494 			    ipv6_inherit_eui64(addr.s6_addr + 8, in6_dev)) {
1495 				in6_dev_put(in6_dev);
1496 				return;
1497 			}
1498 			goto ok;
1499 		}
1500 		if (net_ratelimit())
1501 			printk(KERN_DEBUG "IPv6 addrconf: prefix with wrong length %d\n",
1502 			       pinfo->prefix_len);
1503 		in6_dev_put(in6_dev);
1504 		return;
1505 
1506 ok:
1507 
1508 		ifp = ipv6_get_ifaddr(&addr, dev, 1);
1509 
1510 		if (ifp == NULL && valid_lft) {
1511 			int max_addresses = in6_dev->cnf.max_addresses;
1512 
1513 			/* Do not allow to create too much of autoconfigured
1514 			 * addresses; this would be too easy way to crash kernel.
1515 			 */
1516 			if (!max_addresses ||
1517 			    ipv6_count_addresses(in6_dev) < max_addresses)
1518 				ifp = ipv6_add_addr(in6_dev, &addr, pinfo->prefix_len,
1519 						    addr_type&IPV6_ADDR_SCOPE_MASK, 0);
1520 
1521 			if (!ifp || IS_ERR(ifp)) {
1522 				in6_dev_put(in6_dev);
1523 				return;
1524 			}
1525 
1526 			update_lft = create = 1;
1527 			ifp->cstamp = jiffies;
1528 			addrconf_dad_start(ifp, RTF_ADDRCONF|RTF_PREFIX_RT);
1529 		}
1530 
1531 		if (ifp) {
1532 			int flags;
1533 			unsigned long now;
1534 #ifdef CONFIG_IPV6_PRIVACY
1535 			struct inet6_ifaddr *ift;
1536 #endif
1537 			u32 stored_lft;
1538 
1539 			/* update lifetime (RFC2462 5.5.3 e) */
1540 			spin_lock(&ifp->lock);
1541 			now = jiffies;
1542 			if (ifp->valid_lft > (now - ifp->tstamp) / HZ)
1543 				stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ;
1544 			else
1545 				stored_lft = 0;
1546 			if (!update_lft && stored_lft) {
1547 				if (valid_lft > MIN_VALID_LIFETIME ||
1548 				    valid_lft > stored_lft)
1549 					update_lft = 1;
1550 				else if (stored_lft <= MIN_VALID_LIFETIME) {
1551 					/* valid_lft <= stored_lft is always true */
1552 					/* XXX: IPsec */
1553 					update_lft = 0;
1554 				} else {
1555 					valid_lft = MIN_VALID_LIFETIME;
1556 					if (valid_lft < prefered_lft)
1557 						prefered_lft = valid_lft;
1558 					update_lft = 1;
1559 				}
1560 			}
1561 
1562 			if (update_lft) {
1563 				ifp->valid_lft = valid_lft;
1564 				ifp->prefered_lft = prefered_lft;
1565 				ifp->tstamp = now;
1566 				flags = ifp->flags;
1567 				ifp->flags &= ~IFA_F_DEPRECATED;
1568 				spin_unlock(&ifp->lock);
1569 
1570 				if (!(flags&IFA_F_TENTATIVE))
1571 					ipv6_ifa_notify(0, ifp);
1572 			} else
1573 				spin_unlock(&ifp->lock);
1574 
1575 #ifdef CONFIG_IPV6_PRIVACY
1576 			read_lock_bh(&in6_dev->lock);
1577 			/* update all temporary addresses in the list */
1578 			for (ift=in6_dev->tempaddr_list; ift; ift=ift->tmp_next) {
1579 				/*
1580 				 * When adjusting the lifetimes of an existing
1581 				 * temporary address, only lower the lifetimes.
1582 				 * Implementations must not increase the
1583 				 * lifetimes of an existing temporary address
1584 				 * when processing a Prefix Information Option.
1585 				 */
1586 				spin_lock(&ift->lock);
1587 				flags = ift->flags;
1588 				if (ift->valid_lft > valid_lft &&
1589 				    ift->valid_lft - valid_lft > (jiffies - ift->tstamp) / HZ)
1590 					ift->valid_lft = valid_lft + (jiffies - ift->tstamp) / HZ;
1591 				if (ift->prefered_lft > prefered_lft &&
1592 				    ift->prefered_lft - prefered_lft > (jiffies - ift->tstamp) / HZ)
1593 					ift->prefered_lft = prefered_lft + (jiffies - ift->tstamp) / HZ;
1594 				spin_unlock(&ift->lock);
1595 				if (!(flags&IFA_F_TENTATIVE))
1596 					ipv6_ifa_notify(0, ift);
1597 			}
1598 
1599 			if (create && in6_dev->cnf.use_tempaddr > 0) {
1600 				/*
1601 				 * When a new public address is created as described in [ADDRCONF],
1602 				 * also create a new temporary address.
1603 				 */
1604 				read_unlock_bh(&in6_dev->lock);
1605 				ipv6_create_tempaddr(ifp, NULL);
1606 			} else {
1607 				read_unlock_bh(&in6_dev->lock);
1608 			}
1609 #endif
1610 			in6_ifa_put(ifp);
1611 			addrconf_verify(0);
1612 		}
1613 	}
1614 	inet6_prefix_notify(RTM_NEWPREFIX, in6_dev, pinfo);
1615 	in6_dev_put(in6_dev);
1616 }
1617 
1618 /*
1619  *	Set destination address.
1620  *	Special case for SIT interfaces where we create a new "virtual"
1621  *	device.
1622  */
1623 int addrconf_set_dstaddr(void __user *arg)
1624 {
1625 	struct in6_ifreq ireq;
1626 	struct net_device *dev;
1627 	int err = -EINVAL;
1628 
1629 	rtnl_lock();
1630 
1631 	err = -EFAULT;
1632 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
1633 		goto err_exit;
1634 
1635 	dev = __dev_get_by_index(ireq.ifr6_ifindex);
1636 
1637 	err = -ENODEV;
1638 	if (dev == NULL)
1639 		goto err_exit;
1640 
1641 	if (dev->type == ARPHRD_SIT) {
1642 		struct ifreq ifr;
1643 		mm_segment_t	oldfs;
1644 		struct ip_tunnel_parm p;
1645 
1646 		err = -EADDRNOTAVAIL;
1647 		if (!(ipv6_addr_type(&ireq.ifr6_addr) & IPV6_ADDR_COMPATv4))
1648 			goto err_exit;
1649 
1650 		memset(&p, 0, sizeof(p));
1651 		p.iph.daddr = ireq.ifr6_addr.s6_addr32[3];
1652 		p.iph.saddr = 0;
1653 		p.iph.version = 4;
1654 		p.iph.ihl = 5;
1655 		p.iph.protocol = IPPROTO_IPV6;
1656 		p.iph.ttl = 64;
1657 		ifr.ifr_ifru.ifru_data = (void __user *)&p;
1658 
1659 		oldfs = get_fs(); set_fs(KERNEL_DS);
1660 		err = dev->do_ioctl(dev, &ifr, SIOCADDTUNNEL);
1661 		set_fs(oldfs);
1662 
1663 		if (err == 0) {
1664 			err = -ENOBUFS;
1665 			if ((dev = __dev_get_by_name(p.name)) == NULL)
1666 				goto err_exit;
1667 			err = dev_open(dev);
1668 		}
1669 	}
1670 
1671 err_exit:
1672 	rtnl_unlock();
1673 	return err;
1674 }
1675 
1676 /*
1677  *	Manual configuration of address on an interface
1678  */
1679 static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen)
1680 {
1681 	struct inet6_ifaddr *ifp;
1682 	struct inet6_dev *idev;
1683 	struct net_device *dev;
1684 	int scope;
1685 
1686 	ASSERT_RTNL();
1687 
1688 	if ((dev = __dev_get_by_index(ifindex)) == NULL)
1689 		return -ENODEV;
1690 
1691 	if (!(dev->flags&IFF_UP))
1692 		return -ENETDOWN;
1693 
1694 	if ((idev = addrconf_add_dev(dev)) == NULL)
1695 		return -ENOBUFS;
1696 
1697 	scope = ipv6_addr_scope(pfx);
1698 
1699 	ifp = ipv6_add_addr(idev, pfx, plen, scope, IFA_F_PERMANENT);
1700 	if (!IS_ERR(ifp)) {
1701 		addrconf_dad_start(ifp, 0);
1702 		in6_ifa_put(ifp);
1703 		return 0;
1704 	}
1705 
1706 	return PTR_ERR(ifp);
1707 }
1708 
1709 static int inet6_addr_del(int ifindex, struct in6_addr *pfx, int plen)
1710 {
1711 	struct inet6_ifaddr *ifp;
1712 	struct inet6_dev *idev;
1713 	struct net_device *dev;
1714 
1715 	if ((dev = __dev_get_by_index(ifindex)) == NULL)
1716 		return -ENODEV;
1717 
1718 	if ((idev = __in6_dev_get(dev)) == NULL)
1719 		return -ENXIO;
1720 
1721 	read_lock_bh(&idev->lock);
1722 	for (ifp = idev->addr_list; ifp; ifp=ifp->if_next) {
1723 		if (ifp->prefix_len == plen &&
1724 		    ipv6_addr_equal(pfx, &ifp->addr)) {
1725 			in6_ifa_hold(ifp);
1726 			read_unlock_bh(&idev->lock);
1727 
1728 			ipv6_del_addr(ifp);
1729 
1730 			/* If the last address is deleted administratively,
1731 			   disable IPv6 on this interface.
1732 			 */
1733 			if (idev->addr_list == NULL)
1734 				addrconf_ifdown(idev->dev, 1);
1735 			return 0;
1736 		}
1737 	}
1738 	read_unlock_bh(&idev->lock);
1739 	return -EADDRNOTAVAIL;
1740 }
1741 
1742 
1743 int addrconf_add_ifaddr(void __user *arg)
1744 {
1745 	struct in6_ifreq ireq;
1746 	int err;
1747 
1748 	if (!capable(CAP_NET_ADMIN))
1749 		return -EPERM;
1750 
1751 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
1752 		return -EFAULT;
1753 
1754 	rtnl_lock();
1755 	err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen);
1756 	rtnl_unlock();
1757 	return err;
1758 }
1759 
1760 int addrconf_del_ifaddr(void __user *arg)
1761 {
1762 	struct in6_ifreq ireq;
1763 	int err;
1764 
1765 	if (!capable(CAP_NET_ADMIN))
1766 		return -EPERM;
1767 
1768 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
1769 		return -EFAULT;
1770 
1771 	rtnl_lock();
1772 	err = inet6_addr_del(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen);
1773 	rtnl_unlock();
1774 	return err;
1775 }
1776 
1777 static void sit_add_v4_addrs(struct inet6_dev *idev)
1778 {
1779 	struct inet6_ifaddr * ifp;
1780 	struct in6_addr addr;
1781 	struct net_device *dev;
1782 	int scope;
1783 
1784 	ASSERT_RTNL();
1785 
1786 	memset(&addr, 0, sizeof(struct in6_addr));
1787 	memcpy(&addr.s6_addr32[3], idev->dev->dev_addr, 4);
1788 
1789 	if (idev->dev->flags&IFF_POINTOPOINT) {
1790 		addr.s6_addr32[0] = htonl(0xfe800000);
1791 		scope = IFA_LINK;
1792 	} else {
1793 		scope = IPV6_ADDR_COMPATv4;
1794 	}
1795 
1796 	if (addr.s6_addr32[3]) {
1797 		ifp = ipv6_add_addr(idev, &addr, 128, scope, IFA_F_PERMANENT);
1798 		if (!IS_ERR(ifp)) {
1799 			spin_lock_bh(&ifp->lock);
1800 			ifp->flags &= ~IFA_F_TENTATIVE;
1801 			spin_unlock_bh(&ifp->lock);
1802 			ipv6_ifa_notify(RTM_NEWADDR, ifp);
1803 			in6_ifa_put(ifp);
1804 		}
1805 		return;
1806 	}
1807 
1808         for (dev = dev_base; dev != NULL; dev = dev->next) {
1809 		struct in_device * in_dev = __in_dev_get(dev);
1810 		if (in_dev && (dev->flags & IFF_UP)) {
1811 			struct in_ifaddr * ifa;
1812 
1813 			int flag = scope;
1814 
1815 			for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
1816 				int plen;
1817 
1818 				addr.s6_addr32[3] = ifa->ifa_local;
1819 
1820 				if (ifa->ifa_scope == RT_SCOPE_LINK)
1821 					continue;
1822 				if (ifa->ifa_scope >= RT_SCOPE_HOST) {
1823 					if (idev->dev->flags&IFF_POINTOPOINT)
1824 						continue;
1825 					flag |= IFA_HOST;
1826 				}
1827 				if (idev->dev->flags&IFF_POINTOPOINT)
1828 					plen = 64;
1829 				else
1830 					plen = 96;
1831 
1832 				ifp = ipv6_add_addr(idev, &addr, plen, flag,
1833 						    IFA_F_PERMANENT);
1834 				if (!IS_ERR(ifp)) {
1835 					spin_lock_bh(&ifp->lock);
1836 					ifp->flags &= ~IFA_F_TENTATIVE;
1837 					spin_unlock_bh(&ifp->lock);
1838 					ipv6_ifa_notify(RTM_NEWADDR, ifp);
1839 					in6_ifa_put(ifp);
1840 				}
1841 			}
1842 		}
1843         }
1844 }
1845 
1846 static void init_loopback(struct net_device *dev)
1847 {
1848 	struct inet6_dev  *idev;
1849 	struct inet6_ifaddr * ifp;
1850 
1851 	/* ::1 */
1852 
1853 	ASSERT_RTNL();
1854 
1855 	if ((idev = ipv6_find_idev(dev)) == NULL) {
1856 		printk(KERN_DEBUG "init loopback: add_dev failed\n");
1857 		return;
1858 	}
1859 
1860 	ifp = ipv6_add_addr(idev, &in6addr_loopback, 128, IFA_HOST, IFA_F_PERMANENT);
1861 	if (!IS_ERR(ifp)) {
1862 		spin_lock_bh(&ifp->lock);
1863 		ifp->flags &= ~IFA_F_TENTATIVE;
1864 		spin_unlock_bh(&ifp->lock);
1865 		ipv6_ifa_notify(RTM_NEWADDR, ifp);
1866 		in6_ifa_put(ifp);
1867 	}
1868 }
1869 
1870 static void addrconf_add_linklocal(struct inet6_dev *idev, struct in6_addr *addr)
1871 {
1872 	struct inet6_ifaddr * ifp;
1873 
1874 	ifp = ipv6_add_addr(idev, addr, 64, IFA_LINK, IFA_F_PERMANENT);
1875 	if (!IS_ERR(ifp)) {
1876 		addrconf_dad_start(ifp, 0);
1877 		in6_ifa_put(ifp);
1878 	}
1879 }
1880 
1881 static void addrconf_dev_config(struct net_device *dev)
1882 {
1883 	struct in6_addr addr;
1884 	struct inet6_dev    * idev;
1885 
1886 	ASSERT_RTNL();
1887 
1888 	if ((dev->type != ARPHRD_ETHER) &&
1889 	    (dev->type != ARPHRD_FDDI) &&
1890 	    (dev->type != ARPHRD_IEEE802_TR) &&
1891 	    (dev->type != ARPHRD_ARCNET) &&
1892 	    (dev->type != ARPHRD_INFINIBAND)) {
1893 		/* Alas, we support only Ethernet autoconfiguration. */
1894 		return;
1895 	}
1896 
1897 	idev = addrconf_add_dev(dev);
1898 	if (idev == NULL)
1899 		return;
1900 
1901 	memset(&addr, 0, sizeof(struct in6_addr));
1902 	addr.s6_addr32[0] = htonl(0xFE800000);
1903 
1904 	if (ipv6_generate_eui64(addr.s6_addr + 8, dev) == 0)
1905 		addrconf_add_linklocal(idev, &addr);
1906 }
1907 
1908 static void addrconf_sit_config(struct net_device *dev)
1909 {
1910 	struct inet6_dev *idev;
1911 
1912 	ASSERT_RTNL();
1913 
1914 	/*
1915 	 * Configure the tunnel with one of our IPv4
1916 	 * addresses... we should configure all of
1917 	 * our v4 addrs in the tunnel
1918 	 */
1919 
1920 	if ((idev = ipv6_find_idev(dev)) == NULL) {
1921 		printk(KERN_DEBUG "init sit: add_dev failed\n");
1922 		return;
1923 	}
1924 
1925 	sit_add_v4_addrs(idev);
1926 
1927 	if (dev->flags&IFF_POINTOPOINT) {
1928 		addrconf_add_mroute(dev);
1929 		addrconf_add_lroute(dev);
1930 	} else
1931 		sit_route_add(dev);
1932 }
1933 
1934 static inline int
1935 ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev)
1936 {
1937 	struct in6_addr lladdr;
1938 
1939 	if (!ipv6_get_lladdr(link_dev, &lladdr)) {
1940 		addrconf_add_linklocal(idev, &lladdr);
1941 		return 0;
1942 	}
1943 	return -1;
1944 }
1945 
1946 static void ip6_tnl_add_linklocal(struct inet6_dev *idev)
1947 {
1948 	struct net_device *link_dev;
1949 
1950 	/* first try to inherit the link-local address from the link device */
1951 	if (idev->dev->iflink &&
1952 	    (link_dev = __dev_get_by_index(idev->dev->iflink))) {
1953 		if (!ipv6_inherit_linklocal(idev, link_dev))
1954 			return;
1955 	}
1956 	/* then try to inherit it from any device */
1957 	for (link_dev = dev_base; link_dev; link_dev = link_dev->next) {
1958 		if (!ipv6_inherit_linklocal(idev, link_dev))
1959 			return;
1960 	}
1961 	printk(KERN_DEBUG "init ip6-ip6: add_linklocal failed\n");
1962 }
1963 
1964 /*
1965  * Autoconfigure tunnel with a link-local address so routing protocols,
1966  * DHCPv6, MLD etc. can be run over the virtual link
1967  */
1968 
1969 static void addrconf_ip6_tnl_config(struct net_device *dev)
1970 {
1971 	struct inet6_dev *idev;
1972 
1973 	ASSERT_RTNL();
1974 
1975 	if ((idev = addrconf_add_dev(dev)) == NULL) {
1976 		printk(KERN_DEBUG "init ip6-ip6: add_dev failed\n");
1977 		return;
1978 	}
1979 	ip6_tnl_add_linklocal(idev);
1980 	addrconf_add_mroute(dev);
1981 }
1982 
1983 static int addrconf_notify(struct notifier_block *this, unsigned long event,
1984 			   void * data)
1985 {
1986 	struct net_device *dev = (struct net_device *) data;
1987 	struct inet6_dev *idev = __in6_dev_get(dev);
1988 
1989 	switch(event) {
1990 	case NETDEV_UP:
1991 		switch(dev->type) {
1992 		case ARPHRD_SIT:
1993 			addrconf_sit_config(dev);
1994 			break;
1995 		case ARPHRD_TUNNEL6:
1996 			addrconf_ip6_tnl_config(dev);
1997 			break;
1998 		case ARPHRD_LOOPBACK:
1999 			init_loopback(dev);
2000 			break;
2001 
2002 		default:
2003 			addrconf_dev_config(dev);
2004 			break;
2005 		};
2006 		if (idev) {
2007 			/* If the MTU changed during the interface down, when the
2008 			   interface up, the changed MTU must be reflected in the
2009 			   idev as well as routers.
2010 			 */
2011 			if (idev->cnf.mtu6 != dev->mtu && dev->mtu >= IPV6_MIN_MTU) {
2012 				rt6_mtu_change(dev, dev->mtu);
2013 				idev->cnf.mtu6 = dev->mtu;
2014 			}
2015 			idev->tstamp = jiffies;
2016 			inet6_ifinfo_notify(RTM_NEWLINK, idev);
2017 			/* If the changed mtu during down is lower than IPV6_MIN_MTU
2018 			   stop IPv6 on this interface.
2019 			 */
2020 			if (dev->mtu < IPV6_MIN_MTU)
2021 				addrconf_ifdown(dev, event != NETDEV_DOWN);
2022 		}
2023 		break;
2024 
2025 	case NETDEV_CHANGEMTU:
2026 		if ( idev && dev->mtu >= IPV6_MIN_MTU) {
2027 			rt6_mtu_change(dev, dev->mtu);
2028 			idev->cnf.mtu6 = dev->mtu;
2029 			break;
2030 		}
2031 
2032 		/* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
2033 
2034 	case NETDEV_DOWN:
2035 	case NETDEV_UNREGISTER:
2036 		/*
2037 		 *	Remove all addresses from this interface.
2038 		 */
2039 		addrconf_ifdown(dev, event != NETDEV_DOWN);
2040 		break;
2041 	case NETDEV_CHANGE:
2042 		break;
2043 	case NETDEV_CHANGENAME:
2044 #ifdef CONFIG_SYSCTL
2045 		if (idev) {
2046 			addrconf_sysctl_unregister(&idev->cnf);
2047 			neigh_sysctl_unregister(idev->nd_parms);
2048 			neigh_sysctl_register(dev, idev->nd_parms,
2049 					      NET_IPV6, NET_IPV6_NEIGH, "ipv6",
2050 					      &ndisc_ifinfo_sysctl_change,
2051 					      NULL);
2052 			addrconf_sysctl_register(idev, &idev->cnf);
2053 		}
2054 #endif
2055 		break;
2056 	};
2057 
2058 	return NOTIFY_OK;
2059 }
2060 
2061 /*
2062  *	addrconf module should be notified of a device going up
2063  */
2064 static struct notifier_block ipv6_dev_notf = {
2065 	.notifier_call = addrconf_notify,
2066 	.priority = 0
2067 };
2068 
2069 static int addrconf_ifdown(struct net_device *dev, int how)
2070 {
2071 	struct inet6_dev *idev;
2072 	struct inet6_ifaddr *ifa, **bifa;
2073 	int i;
2074 
2075 	ASSERT_RTNL();
2076 
2077 	if (dev == &loopback_dev && how == 1)
2078 		how = 0;
2079 
2080 	rt6_ifdown(dev);
2081 	neigh_ifdown(&nd_tbl, dev);
2082 
2083 	idev = __in6_dev_get(dev);
2084 	if (idev == NULL)
2085 		return -ENODEV;
2086 
2087 	/* Step 1: remove reference to ipv6 device from parent device.
2088 	           Do not dev_put!
2089 	 */
2090 	if (how == 1) {
2091 		write_lock_bh(&addrconf_lock);
2092 		dev->ip6_ptr = NULL;
2093 		idev->dead = 1;
2094 		write_unlock_bh(&addrconf_lock);
2095 
2096 		/* Step 1.5: remove snmp6 entry */
2097 		snmp6_unregister_dev(idev);
2098 
2099 	}
2100 
2101 	/* Step 2: clear hash table */
2102 	for (i=0; i<IN6_ADDR_HSIZE; i++) {
2103 		bifa = &inet6_addr_lst[i];
2104 
2105 		write_lock_bh(&addrconf_hash_lock);
2106 		while ((ifa = *bifa) != NULL) {
2107 			if (ifa->idev == idev) {
2108 				*bifa = ifa->lst_next;
2109 				ifa->lst_next = NULL;
2110 				addrconf_del_timer(ifa);
2111 				in6_ifa_put(ifa);
2112 				continue;
2113 			}
2114 			bifa = &ifa->lst_next;
2115 		}
2116 		write_unlock_bh(&addrconf_hash_lock);
2117 	}
2118 
2119 	write_lock_bh(&idev->lock);
2120 
2121 	/* Step 3: clear flags for stateless addrconf */
2122 	if (how != 1)
2123 		idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD);
2124 
2125 	/* Step 4: clear address list */
2126 #ifdef CONFIG_IPV6_PRIVACY
2127 	if (how == 1 && del_timer(&idev->regen_timer))
2128 		in6_dev_put(idev);
2129 
2130 	/* clear tempaddr list */
2131 	while ((ifa = idev->tempaddr_list) != NULL) {
2132 		idev->tempaddr_list = ifa->tmp_next;
2133 		ifa->tmp_next = NULL;
2134 		ifa->dead = 1;
2135 		write_unlock_bh(&idev->lock);
2136 		spin_lock_bh(&ifa->lock);
2137 
2138 		if (ifa->ifpub) {
2139 			in6_ifa_put(ifa->ifpub);
2140 			ifa->ifpub = NULL;
2141 		}
2142 		spin_unlock_bh(&ifa->lock);
2143 		in6_ifa_put(ifa);
2144 		write_lock_bh(&idev->lock);
2145 	}
2146 #endif
2147 	while ((ifa = idev->addr_list) != NULL) {
2148 		idev->addr_list = ifa->if_next;
2149 		ifa->if_next = NULL;
2150 		ifa->dead = 1;
2151 		addrconf_del_timer(ifa);
2152 		write_unlock_bh(&idev->lock);
2153 
2154 		__ipv6_ifa_notify(RTM_DELADDR, ifa);
2155 		in6_ifa_put(ifa);
2156 
2157 		write_lock_bh(&idev->lock);
2158 	}
2159 	write_unlock_bh(&idev->lock);
2160 
2161 	/* Step 5: Discard multicast list */
2162 
2163 	if (how == 1)
2164 		ipv6_mc_destroy_dev(idev);
2165 	else
2166 		ipv6_mc_down(idev);
2167 
2168 	/* Step 5: netlink notification of this interface */
2169 	idev->tstamp = jiffies;
2170 	inet6_ifinfo_notify(RTM_NEWLINK, idev);
2171 
2172 	/* Shot the device (if unregistered) */
2173 
2174 	if (how == 1) {
2175 #ifdef CONFIG_SYSCTL
2176 		addrconf_sysctl_unregister(&idev->cnf);
2177 		neigh_sysctl_unregister(idev->nd_parms);
2178 #endif
2179 		neigh_parms_release(&nd_tbl, idev->nd_parms);
2180 		neigh_ifdown(&nd_tbl, dev);
2181 		in6_dev_put(idev);
2182 	}
2183 	return 0;
2184 }
2185 
2186 static void addrconf_rs_timer(unsigned long data)
2187 {
2188 	struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data;
2189 
2190 	if (ifp->idev->cnf.forwarding)
2191 		goto out;
2192 
2193 	if (ifp->idev->if_flags & IF_RA_RCVD) {
2194 		/*
2195 		 *	Announcement received after solicitation
2196 		 *	was sent
2197 		 */
2198 		goto out;
2199 	}
2200 
2201 	spin_lock(&ifp->lock);
2202 	if (ifp->probes++ < ifp->idev->cnf.rtr_solicits) {
2203 		struct in6_addr all_routers;
2204 
2205 		/* The wait after the last probe can be shorter */
2206 		addrconf_mod_timer(ifp, AC_RS,
2207 				   (ifp->probes == ifp->idev->cnf.rtr_solicits) ?
2208 				   ifp->idev->cnf.rtr_solicit_delay :
2209 				   ifp->idev->cnf.rtr_solicit_interval);
2210 		spin_unlock(&ifp->lock);
2211 
2212 		ipv6_addr_all_routers(&all_routers);
2213 
2214 		ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers);
2215 	} else {
2216 		spin_unlock(&ifp->lock);
2217 		/*
2218 		 * Note: we do not support deprecated "all on-link"
2219 		 * assumption any longer.
2220 		 */
2221 		printk(KERN_DEBUG "%s: no IPv6 routers present\n",
2222 		       ifp->idev->dev->name);
2223 	}
2224 
2225 out:
2226 	in6_ifa_put(ifp);
2227 }
2228 
2229 /*
2230  *	Duplicate Address Detection
2231  */
2232 static void addrconf_dad_start(struct inet6_ifaddr *ifp, u32 flags)
2233 {
2234 	struct inet6_dev *idev = ifp->idev;
2235 	struct net_device *dev = idev->dev;
2236 	unsigned long rand_num;
2237 
2238 	addrconf_join_solict(dev, &ifp->addr);
2239 
2240 	if (ifp->prefix_len != 128 && (ifp->flags&IFA_F_PERMANENT))
2241 		addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev, 0,
2242 					flags);
2243 
2244 	net_srandom(ifp->addr.s6_addr32[3]);
2245 	rand_num = net_random() % (idev->cnf.rtr_solicit_delay ? : 1);
2246 
2247 	read_lock_bh(&idev->lock);
2248 	if (ifp->dead)
2249 		goto out;
2250 	spin_lock_bh(&ifp->lock);
2251 
2252 	if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
2253 	    !(ifp->flags&IFA_F_TENTATIVE)) {
2254 		ifp->flags &= ~IFA_F_TENTATIVE;
2255 		spin_unlock_bh(&ifp->lock);
2256 		read_unlock_bh(&idev->lock);
2257 
2258 		addrconf_dad_completed(ifp);
2259 		return;
2260 	}
2261 
2262 	ifp->probes = idev->cnf.dad_transmits;
2263 	addrconf_mod_timer(ifp, AC_DAD, rand_num);
2264 
2265 	spin_unlock_bh(&ifp->lock);
2266 out:
2267 	read_unlock_bh(&idev->lock);
2268 }
2269 
2270 static void addrconf_dad_timer(unsigned long data)
2271 {
2272 	struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data;
2273 	struct inet6_dev *idev = ifp->idev;
2274 	struct in6_addr unspec;
2275 	struct in6_addr mcaddr;
2276 
2277 	read_lock_bh(&idev->lock);
2278 	if (idev->dead) {
2279 		read_unlock_bh(&idev->lock);
2280 		goto out;
2281 	}
2282 	spin_lock_bh(&ifp->lock);
2283 	if (ifp->probes == 0) {
2284 		/*
2285 		 * DAD was successful
2286 		 */
2287 
2288 		ifp->flags &= ~IFA_F_TENTATIVE;
2289 		spin_unlock_bh(&ifp->lock);
2290 		read_unlock_bh(&idev->lock);
2291 
2292 		addrconf_dad_completed(ifp);
2293 
2294 		goto out;
2295 	}
2296 
2297 	ifp->probes--;
2298 	addrconf_mod_timer(ifp, AC_DAD, ifp->idev->nd_parms->retrans_time);
2299 	spin_unlock_bh(&ifp->lock);
2300 	read_unlock_bh(&idev->lock);
2301 
2302 	/* send a neighbour solicitation for our addr */
2303 	memset(&unspec, 0, sizeof(unspec));
2304 	addrconf_addr_solict_mult(&ifp->addr, &mcaddr);
2305 	ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &unspec);
2306 out:
2307 	in6_ifa_put(ifp);
2308 }
2309 
2310 static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
2311 {
2312 	struct net_device *	dev = ifp->idev->dev;
2313 
2314 	/*
2315 	 *	Configure the address for reception. Now it is valid.
2316 	 */
2317 
2318 	ipv6_ifa_notify(RTM_NEWADDR, ifp);
2319 
2320 	/* If added prefix is link local and forwarding is off,
2321 	   start sending router solicitations.
2322 	 */
2323 
2324 	if (ifp->idev->cnf.forwarding == 0 &&
2325 	    ifp->idev->cnf.rtr_solicits > 0 &&
2326 	    (dev->flags&IFF_LOOPBACK) == 0 &&
2327 	    (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
2328 		struct in6_addr all_routers;
2329 
2330 		ipv6_addr_all_routers(&all_routers);
2331 
2332 		/*
2333 		 *	If a host as already performed a random delay
2334 		 *	[...] as part of DAD [...] there is no need
2335 		 *	to delay again before sending the first RS
2336 		 */
2337 		ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers);
2338 
2339 		spin_lock_bh(&ifp->lock);
2340 		ifp->probes = 1;
2341 		ifp->idev->if_flags |= IF_RS_SENT;
2342 		addrconf_mod_timer(ifp, AC_RS, ifp->idev->cnf.rtr_solicit_interval);
2343 		spin_unlock_bh(&ifp->lock);
2344 	}
2345 }
2346 
2347 #ifdef CONFIG_PROC_FS
2348 struct if6_iter_state {
2349 	int bucket;
2350 };
2351 
2352 static struct inet6_ifaddr *if6_get_first(struct seq_file *seq)
2353 {
2354 	struct inet6_ifaddr *ifa = NULL;
2355 	struct if6_iter_state *state = seq->private;
2356 
2357 	for (state->bucket = 0; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) {
2358 		ifa = inet6_addr_lst[state->bucket];
2359 		if (ifa)
2360 			break;
2361 	}
2362 	return ifa;
2363 }
2364 
2365 static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, struct inet6_ifaddr *ifa)
2366 {
2367 	struct if6_iter_state *state = seq->private;
2368 
2369 	ifa = ifa->lst_next;
2370 try_again:
2371 	if (!ifa && ++state->bucket < IN6_ADDR_HSIZE) {
2372 		ifa = inet6_addr_lst[state->bucket];
2373 		goto try_again;
2374 	}
2375 	return ifa;
2376 }
2377 
2378 static struct inet6_ifaddr *if6_get_idx(struct seq_file *seq, loff_t pos)
2379 {
2380 	struct inet6_ifaddr *ifa = if6_get_first(seq);
2381 
2382 	if (ifa)
2383 		while(pos && (ifa = if6_get_next(seq, ifa)) != NULL)
2384 			--pos;
2385 	return pos ? NULL : ifa;
2386 }
2387 
2388 static void *if6_seq_start(struct seq_file *seq, loff_t *pos)
2389 {
2390 	read_lock_bh(&addrconf_hash_lock);
2391 	return if6_get_idx(seq, *pos);
2392 }
2393 
2394 static void *if6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2395 {
2396 	struct inet6_ifaddr *ifa;
2397 
2398 	ifa = if6_get_next(seq, v);
2399 	++*pos;
2400 	return ifa;
2401 }
2402 
2403 static void if6_seq_stop(struct seq_file *seq, void *v)
2404 {
2405 	read_unlock_bh(&addrconf_hash_lock);
2406 }
2407 
2408 static int if6_seq_show(struct seq_file *seq, void *v)
2409 {
2410 	struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
2411 	seq_printf(seq,
2412 		   "%04x%04x%04x%04x%04x%04x%04x%04x %02x %02x %02x %02x %8s\n",
2413 		   NIP6(ifp->addr),
2414 		   ifp->idev->dev->ifindex,
2415 		   ifp->prefix_len,
2416 		   ifp->scope,
2417 		   ifp->flags,
2418 		   ifp->idev->dev->name);
2419 	return 0;
2420 }
2421 
2422 static struct seq_operations if6_seq_ops = {
2423 	.start	= if6_seq_start,
2424 	.next	= if6_seq_next,
2425 	.show	= if6_seq_show,
2426 	.stop	= if6_seq_stop,
2427 };
2428 
2429 static int if6_seq_open(struct inode *inode, struct file *file)
2430 {
2431 	struct seq_file *seq;
2432 	int rc = -ENOMEM;
2433 	struct if6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
2434 
2435 	if (!s)
2436 		goto out;
2437 	memset(s, 0, sizeof(*s));
2438 
2439 	rc = seq_open(file, &if6_seq_ops);
2440 	if (rc)
2441 		goto out_kfree;
2442 
2443 	seq = file->private_data;
2444 	seq->private = s;
2445 out:
2446 	return rc;
2447 out_kfree:
2448 	kfree(s);
2449 	goto out;
2450 }
2451 
2452 static struct file_operations if6_fops = {
2453 	.owner		= THIS_MODULE,
2454 	.open		= if6_seq_open,
2455 	.read		= seq_read,
2456 	.llseek		= seq_lseek,
2457 	.release	= seq_release_private,
2458 };
2459 
2460 int __init if6_proc_init(void)
2461 {
2462 	if (!proc_net_fops_create("if_inet6", S_IRUGO, &if6_fops))
2463 		return -ENOMEM;
2464 	return 0;
2465 }
2466 
2467 void if6_proc_exit(void)
2468 {
2469 	proc_net_remove("if_inet6");
2470 }
2471 #endif	/* CONFIG_PROC_FS */
2472 
2473 /*
2474  *	Periodic address status verification
2475  */
2476 
2477 static void addrconf_verify(unsigned long foo)
2478 {
2479 	struct inet6_ifaddr *ifp;
2480 	unsigned long now, next;
2481 	int i;
2482 
2483 	spin_lock_bh(&addrconf_verify_lock);
2484 	now = jiffies;
2485 	next = now + ADDR_CHECK_FREQUENCY;
2486 
2487 	del_timer(&addr_chk_timer);
2488 
2489 	for (i=0; i < IN6_ADDR_HSIZE; i++) {
2490 
2491 restart:
2492 		write_lock(&addrconf_hash_lock);
2493 		for (ifp=inet6_addr_lst[i]; ifp; ifp=ifp->lst_next) {
2494 			unsigned long age;
2495 #ifdef CONFIG_IPV6_PRIVACY
2496 			unsigned long regen_advance;
2497 #endif
2498 
2499 			if (ifp->flags & IFA_F_PERMANENT)
2500 				continue;
2501 
2502 			spin_lock(&ifp->lock);
2503 			age = (now - ifp->tstamp) / HZ;
2504 
2505 #ifdef CONFIG_IPV6_PRIVACY
2506 			regen_advance = ifp->idev->cnf.regen_max_retry *
2507 					ifp->idev->cnf.dad_transmits *
2508 					ifp->idev->nd_parms->retrans_time / HZ;
2509 #endif
2510 
2511 			if (age >= ifp->valid_lft) {
2512 				spin_unlock(&ifp->lock);
2513 				in6_ifa_hold(ifp);
2514 				write_unlock(&addrconf_hash_lock);
2515 				ipv6_del_addr(ifp);
2516 				goto restart;
2517 			} else if (age >= ifp->prefered_lft) {
2518 				/* jiffies - ifp->tsamp > age >= ifp->prefered_lft */
2519 				int deprecate = 0;
2520 
2521 				if (!(ifp->flags&IFA_F_DEPRECATED)) {
2522 					deprecate = 1;
2523 					ifp->flags |= IFA_F_DEPRECATED;
2524 				}
2525 
2526 				if (time_before(ifp->tstamp + ifp->valid_lft * HZ, next))
2527 					next = ifp->tstamp + ifp->valid_lft * HZ;
2528 
2529 				spin_unlock(&ifp->lock);
2530 
2531 				if (deprecate) {
2532 					in6_ifa_hold(ifp);
2533 					write_unlock(&addrconf_hash_lock);
2534 
2535 					ipv6_ifa_notify(0, ifp);
2536 					in6_ifa_put(ifp);
2537 					goto restart;
2538 				}
2539 #ifdef CONFIG_IPV6_PRIVACY
2540 			} else if ((ifp->flags&IFA_F_TEMPORARY) &&
2541 				   !(ifp->flags&IFA_F_TENTATIVE)) {
2542 				if (age >= ifp->prefered_lft - regen_advance) {
2543 					struct inet6_ifaddr *ifpub = ifp->ifpub;
2544 					if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
2545 						next = ifp->tstamp + ifp->prefered_lft * HZ;
2546 					if (!ifp->regen_count && ifpub) {
2547 						ifp->regen_count++;
2548 						in6_ifa_hold(ifp);
2549 						in6_ifa_hold(ifpub);
2550 						spin_unlock(&ifp->lock);
2551 						write_unlock(&addrconf_hash_lock);
2552 						ipv6_create_tempaddr(ifpub, ifp);
2553 						in6_ifa_put(ifpub);
2554 						in6_ifa_put(ifp);
2555 						goto restart;
2556 					}
2557 				} else if (time_before(ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ, next))
2558 					next = ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ;
2559 				spin_unlock(&ifp->lock);
2560 #endif
2561 			} else {
2562 				/* ifp->prefered_lft <= ifp->valid_lft */
2563 				if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
2564 					next = ifp->tstamp + ifp->prefered_lft * HZ;
2565 				spin_unlock(&ifp->lock);
2566 			}
2567 		}
2568 		write_unlock(&addrconf_hash_lock);
2569 	}
2570 
2571 	addr_chk_timer.expires = time_before(next, jiffies + HZ) ? jiffies + HZ : next;
2572 	add_timer(&addr_chk_timer);
2573 	spin_unlock_bh(&addrconf_verify_lock);
2574 }
2575 
2576 static int
2577 inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2578 {
2579 	struct rtattr **rta = arg;
2580 	struct ifaddrmsg *ifm = NLMSG_DATA(nlh);
2581 	struct in6_addr *pfx;
2582 
2583 	pfx = NULL;
2584 	if (rta[IFA_ADDRESS-1]) {
2585 		if (RTA_PAYLOAD(rta[IFA_ADDRESS-1]) < sizeof(*pfx))
2586 			return -EINVAL;
2587 		pfx = RTA_DATA(rta[IFA_ADDRESS-1]);
2588 	}
2589 	if (rta[IFA_LOCAL-1]) {
2590 		if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx)))
2591 			return -EINVAL;
2592 		pfx = RTA_DATA(rta[IFA_LOCAL-1]);
2593 	}
2594 	if (pfx == NULL)
2595 		return -EINVAL;
2596 
2597 	return inet6_addr_del(ifm->ifa_index, pfx, ifm->ifa_prefixlen);
2598 }
2599 
2600 static int
2601 inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2602 {
2603 	struct rtattr  **rta = arg;
2604 	struct ifaddrmsg *ifm = NLMSG_DATA(nlh);
2605 	struct in6_addr *pfx;
2606 
2607 	pfx = NULL;
2608 	if (rta[IFA_ADDRESS-1]) {
2609 		if (RTA_PAYLOAD(rta[IFA_ADDRESS-1]) < sizeof(*pfx))
2610 			return -EINVAL;
2611 		pfx = RTA_DATA(rta[IFA_ADDRESS-1]);
2612 	}
2613 	if (rta[IFA_LOCAL-1]) {
2614 		if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx)))
2615 			return -EINVAL;
2616 		pfx = RTA_DATA(rta[IFA_LOCAL-1]);
2617 	}
2618 	if (pfx == NULL)
2619 		return -EINVAL;
2620 
2621 	return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen);
2622 }
2623 
2624 static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
2625 			     u32 pid, u32 seq, int event, unsigned int flags)
2626 {
2627 	struct ifaddrmsg *ifm;
2628 	struct nlmsghdr  *nlh;
2629 	struct ifa_cacheinfo ci;
2630 	unsigned char	 *b = skb->tail;
2631 
2632 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*ifm), flags);
2633 	ifm = NLMSG_DATA(nlh);
2634 	ifm->ifa_family = AF_INET6;
2635 	ifm->ifa_prefixlen = ifa->prefix_len;
2636 	ifm->ifa_flags = ifa->flags;
2637 	ifm->ifa_scope = RT_SCOPE_UNIVERSE;
2638 	if (ifa->scope&IFA_HOST)
2639 		ifm->ifa_scope = RT_SCOPE_HOST;
2640 	else if (ifa->scope&IFA_LINK)
2641 		ifm->ifa_scope = RT_SCOPE_LINK;
2642 	else if (ifa->scope&IFA_SITE)
2643 		ifm->ifa_scope = RT_SCOPE_SITE;
2644 	ifm->ifa_index = ifa->idev->dev->ifindex;
2645 	RTA_PUT(skb, IFA_ADDRESS, 16, &ifa->addr);
2646 	if (!(ifa->flags&IFA_F_PERMANENT)) {
2647 		ci.ifa_prefered = ifa->prefered_lft;
2648 		ci.ifa_valid = ifa->valid_lft;
2649 		if (ci.ifa_prefered != INFINITY_LIFE_TIME) {
2650 			long tval = (jiffies - ifa->tstamp)/HZ;
2651 			ci.ifa_prefered -= tval;
2652 			if (ci.ifa_valid != INFINITY_LIFE_TIME)
2653 				ci.ifa_valid -= tval;
2654 		}
2655 	} else {
2656 		ci.ifa_prefered = INFINITY_LIFE_TIME;
2657 		ci.ifa_valid = INFINITY_LIFE_TIME;
2658 	}
2659 	ci.cstamp = (__u32)(TIME_DELTA(ifa->cstamp, INITIAL_JIFFIES) / HZ * 100
2660 		    + TIME_DELTA(ifa->cstamp, INITIAL_JIFFIES) % HZ * 100 / HZ);
2661 	ci.tstamp = (__u32)(TIME_DELTA(ifa->tstamp, INITIAL_JIFFIES) / HZ * 100
2662 		    + TIME_DELTA(ifa->tstamp, INITIAL_JIFFIES) % HZ * 100 / HZ);
2663 	RTA_PUT(skb, IFA_CACHEINFO, sizeof(ci), &ci);
2664 	nlh->nlmsg_len = skb->tail - b;
2665 	return skb->len;
2666 
2667 nlmsg_failure:
2668 rtattr_failure:
2669 	skb_trim(skb, b - skb->data);
2670 	return -1;
2671 }
2672 
2673 static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
2674 				u32 pid, u32 seq, int event, u16 flags)
2675 {
2676 	struct ifaddrmsg *ifm;
2677 	struct nlmsghdr  *nlh;
2678 	struct ifa_cacheinfo ci;
2679 	unsigned char	 *b = skb->tail;
2680 
2681 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*ifm), flags);
2682 	ifm = NLMSG_DATA(nlh);
2683 	ifm->ifa_family = AF_INET6;
2684 	ifm->ifa_prefixlen = 128;
2685 	ifm->ifa_flags = IFA_F_PERMANENT;
2686 	ifm->ifa_scope = RT_SCOPE_UNIVERSE;
2687 	if (ipv6_addr_scope(&ifmca->mca_addr)&IFA_SITE)
2688 		ifm->ifa_scope = RT_SCOPE_SITE;
2689 	ifm->ifa_index = ifmca->idev->dev->ifindex;
2690 	RTA_PUT(skb, IFA_MULTICAST, 16, &ifmca->mca_addr);
2691 	ci.cstamp = (__u32)(TIME_DELTA(ifmca->mca_cstamp, INITIAL_JIFFIES) / HZ
2692 		    * 100 + TIME_DELTA(ifmca->mca_cstamp, INITIAL_JIFFIES) % HZ
2693 		    * 100 / HZ);
2694 	ci.tstamp = (__u32)(TIME_DELTA(ifmca->mca_tstamp, INITIAL_JIFFIES) / HZ
2695 		    * 100 + TIME_DELTA(ifmca->mca_tstamp, INITIAL_JIFFIES) % HZ
2696 		    * 100 / HZ);
2697 	ci.ifa_prefered = INFINITY_LIFE_TIME;
2698 	ci.ifa_valid = INFINITY_LIFE_TIME;
2699 	RTA_PUT(skb, IFA_CACHEINFO, sizeof(ci), &ci);
2700 	nlh->nlmsg_len = skb->tail - b;
2701 	return skb->len;
2702 
2703 nlmsg_failure:
2704 rtattr_failure:
2705 	skb_trim(skb, b - skb->data);
2706 	return -1;
2707 }
2708 
2709 static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
2710 				u32 pid, u32 seq, int event, unsigned int flags)
2711 {
2712 	struct ifaddrmsg *ifm;
2713 	struct nlmsghdr  *nlh;
2714 	struct ifa_cacheinfo ci;
2715 	unsigned char	 *b = skb->tail;
2716 
2717 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*ifm), flags);
2718 	ifm = NLMSG_DATA(nlh);
2719 	ifm->ifa_family = AF_INET6;
2720 	ifm->ifa_prefixlen = 128;
2721 	ifm->ifa_flags = IFA_F_PERMANENT;
2722 	ifm->ifa_scope = RT_SCOPE_UNIVERSE;
2723 	if (ipv6_addr_scope(&ifaca->aca_addr)&IFA_SITE)
2724 		ifm->ifa_scope = RT_SCOPE_SITE;
2725 	ifm->ifa_index = ifaca->aca_idev->dev->ifindex;
2726 	RTA_PUT(skb, IFA_ANYCAST, 16, &ifaca->aca_addr);
2727 	ci.cstamp = (__u32)(TIME_DELTA(ifaca->aca_cstamp, INITIAL_JIFFIES) / HZ
2728 		    * 100 + TIME_DELTA(ifaca->aca_cstamp, INITIAL_JIFFIES) % HZ
2729 		    * 100 / HZ);
2730 	ci.tstamp = (__u32)(TIME_DELTA(ifaca->aca_tstamp, INITIAL_JIFFIES) / HZ
2731 		    * 100 + TIME_DELTA(ifaca->aca_tstamp, INITIAL_JIFFIES) % HZ
2732 		    * 100 / HZ);
2733 	ci.ifa_prefered = INFINITY_LIFE_TIME;
2734 	ci.ifa_valid = INFINITY_LIFE_TIME;
2735 	RTA_PUT(skb, IFA_CACHEINFO, sizeof(ci), &ci);
2736 	nlh->nlmsg_len = skb->tail - b;
2737 	return skb->len;
2738 
2739 nlmsg_failure:
2740 rtattr_failure:
2741 	skb_trim(skb, b - skb->data);
2742 	return -1;
2743 }
2744 
2745 enum addr_type_t
2746 {
2747 	UNICAST_ADDR,
2748 	MULTICAST_ADDR,
2749 	ANYCAST_ADDR,
2750 };
2751 
2752 static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
2753 			   enum addr_type_t type)
2754 {
2755 	int idx, ip_idx;
2756 	int s_idx, s_ip_idx;
2757 	int err = 1;
2758 	struct net_device *dev;
2759 	struct inet6_dev *idev = NULL;
2760 	struct inet6_ifaddr *ifa;
2761 	struct ifmcaddr6 *ifmca;
2762 	struct ifacaddr6 *ifaca;
2763 
2764 	s_idx = cb->args[0];
2765 	s_ip_idx = ip_idx = cb->args[1];
2766 	read_lock(&dev_base_lock);
2767 
2768 	for (dev = dev_base, idx = 0; dev; dev = dev->next, idx++) {
2769 		if (idx < s_idx)
2770 			continue;
2771 		if (idx > s_idx)
2772 			s_ip_idx = 0;
2773 		ip_idx = 0;
2774 		if ((idev = in6_dev_get(dev)) == NULL)
2775 			continue;
2776 		read_lock_bh(&idev->lock);
2777 		switch (type) {
2778 		case UNICAST_ADDR:
2779 			/* unicast address */
2780 			for (ifa = idev->addr_list; ifa;
2781 			     ifa = ifa->if_next, ip_idx++) {
2782 				if (ip_idx < s_ip_idx)
2783 					continue;
2784 				if ((err = inet6_fill_ifaddr(skb, ifa,
2785 				    NETLINK_CB(cb->skb).pid,
2786 				    cb->nlh->nlmsg_seq, RTM_NEWADDR,
2787 				    NLM_F_MULTI)) <= 0)
2788 					goto done;
2789 			}
2790 			/* temp addr */
2791 #ifdef CONFIG_IPV6_PRIVACY
2792 			for (ifa = idev->tempaddr_list; ifa;
2793 			     ifa = ifa->tmp_next, ip_idx++) {
2794 				if (ip_idx < s_ip_idx)
2795 					continue;
2796 				if ((err = inet6_fill_ifaddr(skb, ifa,
2797 				    NETLINK_CB(cb->skb).pid,
2798 				    cb->nlh->nlmsg_seq, RTM_NEWADDR,
2799 				    NLM_F_MULTI)) <= 0)
2800 					goto done;
2801 			}
2802 #endif
2803 			break;
2804 		case MULTICAST_ADDR:
2805 			/* multicast address */
2806 			for (ifmca = idev->mc_list; ifmca;
2807 			     ifmca = ifmca->next, ip_idx++) {
2808 				if (ip_idx < s_ip_idx)
2809 					continue;
2810 				if ((err = inet6_fill_ifmcaddr(skb, ifmca,
2811 				    NETLINK_CB(cb->skb).pid,
2812 				    cb->nlh->nlmsg_seq, RTM_GETMULTICAST,
2813 				    NLM_F_MULTI)) <= 0)
2814 					goto done;
2815 			}
2816 			break;
2817 		case ANYCAST_ADDR:
2818 			/* anycast address */
2819 			for (ifaca = idev->ac_list; ifaca;
2820 			     ifaca = ifaca->aca_next, ip_idx++) {
2821 				if (ip_idx < s_ip_idx)
2822 					continue;
2823 				if ((err = inet6_fill_ifacaddr(skb, ifaca,
2824 				    NETLINK_CB(cb->skb).pid,
2825 				    cb->nlh->nlmsg_seq, RTM_GETANYCAST,
2826 				    NLM_F_MULTI)) <= 0)
2827 					goto done;
2828 			}
2829 			break;
2830 		default:
2831 			break;
2832 		}
2833 		read_unlock_bh(&idev->lock);
2834 		in6_dev_put(idev);
2835 	}
2836 done:
2837 	if (err <= 0) {
2838 		read_unlock_bh(&idev->lock);
2839 		in6_dev_put(idev);
2840 	}
2841 	read_unlock(&dev_base_lock);
2842 	cb->args[0] = idx;
2843 	cb->args[1] = ip_idx;
2844 	return skb->len;
2845 }
2846 
2847 static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
2848 {
2849 	enum addr_type_t type = UNICAST_ADDR;
2850 	return inet6_dump_addr(skb, cb, type);
2851 }
2852 
2853 static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
2854 {
2855 	enum addr_type_t type = MULTICAST_ADDR;
2856 	return inet6_dump_addr(skb, cb, type);
2857 }
2858 
2859 
2860 static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
2861 {
2862 	enum addr_type_t type = ANYCAST_ADDR;
2863 	return inet6_dump_addr(skb, cb, type);
2864 }
2865 
2866 static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
2867 {
2868 	struct sk_buff *skb;
2869 	int size = NLMSG_SPACE(sizeof(struct ifaddrmsg)+128);
2870 
2871 	skb = alloc_skb(size, GFP_ATOMIC);
2872 	if (!skb) {
2873 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFADDR, ENOBUFS);
2874 		return;
2875 	}
2876 	if (inet6_fill_ifaddr(skb, ifa, current->pid, 0, event, 0) < 0) {
2877 		kfree_skb(skb);
2878 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFADDR, EINVAL);
2879 		return;
2880 	}
2881 	NETLINK_CB(skb).dst_groups = RTMGRP_IPV6_IFADDR;
2882 	netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_IFADDR, GFP_ATOMIC);
2883 }
2884 
2885 static void inline ipv6_store_devconf(struct ipv6_devconf *cnf,
2886 				__s32 *array, int bytes)
2887 {
2888 	memset(array, 0, bytes);
2889 	array[DEVCONF_FORWARDING] = cnf->forwarding;
2890 	array[DEVCONF_HOPLIMIT] = cnf->hop_limit;
2891 	array[DEVCONF_MTU6] = cnf->mtu6;
2892 	array[DEVCONF_ACCEPT_RA] = cnf->accept_ra;
2893 	array[DEVCONF_ACCEPT_REDIRECTS] = cnf->accept_redirects;
2894 	array[DEVCONF_AUTOCONF] = cnf->autoconf;
2895 	array[DEVCONF_DAD_TRANSMITS] = cnf->dad_transmits;
2896 	array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits;
2897 	array[DEVCONF_RTR_SOLICIT_INTERVAL] = cnf->rtr_solicit_interval;
2898 	array[DEVCONF_RTR_SOLICIT_DELAY] = cnf->rtr_solicit_delay;
2899 	array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version;
2900 #ifdef CONFIG_IPV6_PRIVACY
2901 	array[DEVCONF_USE_TEMPADDR] = cnf->use_tempaddr;
2902 	array[DEVCONF_TEMP_VALID_LFT] = cnf->temp_valid_lft;
2903 	array[DEVCONF_TEMP_PREFERED_LFT] = cnf->temp_prefered_lft;
2904 	array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry;
2905 	array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
2906 #endif
2907 	array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
2908 }
2909 
2910 static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
2911 			     u32 pid, u32 seq, int event, unsigned int flags)
2912 {
2913 	struct net_device	*dev = idev->dev;
2914 	__s32			*array = NULL;
2915 	struct ifinfomsg	*r;
2916 	struct nlmsghdr 	*nlh;
2917 	unsigned char		*b = skb->tail;
2918 	struct rtattr		*subattr;
2919 	__u32			mtu = dev->mtu;
2920 	struct ifla_cacheinfo	ci;
2921 
2922 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*r), flags);
2923 	r = NLMSG_DATA(nlh);
2924 	r->ifi_family = AF_INET6;
2925 	r->ifi_type = dev->type;
2926 	r->ifi_index = dev->ifindex;
2927 	r->ifi_flags = dev_get_flags(dev);
2928 	r->ifi_change = 0;
2929 
2930 	RTA_PUT(skb, IFLA_IFNAME, strlen(dev->name)+1, dev->name);
2931 
2932 	if (dev->addr_len)
2933 		RTA_PUT(skb, IFLA_ADDRESS, dev->addr_len, dev->dev_addr);
2934 
2935 	RTA_PUT(skb, IFLA_MTU, sizeof(mtu), &mtu);
2936 	if (dev->ifindex != dev->iflink)
2937 		RTA_PUT(skb, IFLA_LINK, sizeof(int), &dev->iflink);
2938 
2939 	subattr = (struct rtattr*)skb->tail;
2940 
2941 	RTA_PUT(skb, IFLA_PROTINFO, 0, NULL);
2942 
2943 	/* return the device flags */
2944 	RTA_PUT(skb, IFLA_INET6_FLAGS, sizeof(__u32), &idev->if_flags);
2945 
2946 	/* return interface cacheinfo */
2947 	ci.max_reasm_len = IPV6_MAXPLEN;
2948 	ci.tstamp = (__u32)(TIME_DELTA(idev->tstamp, INITIAL_JIFFIES) / HZ * 100
2949 		    + TIME_DELTA(idev->tstamp, INITIAL_JIFFIES) % HZ * 100 / HZ);
2950 	ci.reachable_time = idev->nd_parms->reachable_time;
2951 	ci.retrans_time = idev->nd_parms->retrans_time;
2952 	RTA_PUT(skb, IFLA_INET6_CACHEINFO, sizeof(ci), &ci);
2953 
2954 	/* return the device sysctl params */
2955 	if ((array = kmalloc(DEVCONF_MAX * sizeof(*array), GFP_ATOMIC)) == NULL)
2956 		goto rtattr_failure;
2957 	ipv6_store_devconf(&idev->cnf, array, DEVCONF_MAX * sizeof(*array));
2958 	RTA_PUT(skb, IFLA_INET6_CONF, DEVCONF_MAX * sizeof(*array), array);
2959 
2960 	/* XXX - Statistics/MC not implemented */
2961 	subattr->rta_len = skb->tail - (u8*)subattr;
2962 
2963 	nlh->nlmsg_len = skb->tail - b;
2964 	kfree(array);
2965 	return skb->len;
2966 
2967 nlmsg_failure:
2968 rtattr_failure:
2969 	if (array)
2970 		kfree(array);
2971 	skb_trim(skb, b - skb->data);
2972 	return -1;
2973 }
2974 
2975 static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
2976 {
2977 	int idx, err;
2978 	int s_idx = cb->args[0];
2979 	struct net_device *dev;
2980 	struct inet6_dev *idev;
2981 
2982 	read_lock(&dev_base_lock);
2983 	for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) {
2984 		if (idx < s_idx)
2985 			continue;
2986 		if ((idev = in6_dev_get(dev)) == NULL)
2987 			continue;
2988 		err = inet6_fill_ifinfo(skb, idev, NETLINK_CB(cb->skb).pid,
2989 				cb->nlh->nlmsg_seq, RTM_NEWLINK, NLM_F_MULTI);
2990 		in6_dev_put(idev);
2991 		if (err <= 0)
2992 			break;
2993 	}
2994 	read_unlock(&dev_base_lock);
2995 	cb->args[0] = idx;
2996 
2997 	return skb->len;
2998 }
2999 
3000 void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
3001 {
3002 	struct sk_buff *skb;
3003 	/* 128 bytes ?? */
3004 	int size = NLMSG_SPACE(sizeof(struct ifinfomsg)+128);
3005 
3006 	skb = alloc_skb(size, GFP_ATOMIC);
3007 	if (!skb) {
3008 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFINFO, ENOBUFS);
3009 		return;
3010 	}
3011 	if (inet6_fill_ifinfo(skb, idev, current->pid, 0, event, 0) < 0) {
3012 		kfree_skb(skb);
3013 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFINFO, EINVAL);
3014 		return;
3015 	}
3016 	NETLINK_CB(skb).dst_groups = RTMGRP_IPV6_IFINFO;
3017 	netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_IFINFO, GFP_ATOMIC);
3018 }
3019 
3020 static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev,
3021 			struct prefix_info *pinfo, u32 pid, u32 seq,
3022 			int event, unsigned int flags)
3023 {
3024 	struct prefixmsg	*pmsg;
3025 	struct nlmsghdr 	*nlh;
3026 	unsigned char		*b = skb->tail;
3027 	struct prefix_cacheinfo	ci;
3028 
3029 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*pmsg), flags);
3030 	pmsg = NLMSG_DATA(nlh);
3031 	pmsg->prefix_family = AF_INET6;
3032 	pmsg->prefix_ifindex = idev->dev->ifindex;
3033 	pmsg->prefix_len = pinfo->prefix_len;
3034 	pmsg->prefix_type = pinfo->type;
3035 
3036 	pmsg->prefix_flags = 0;
3037 	if (pinfo->onlink)
3038 		pmsg->prefix_flags |= IF_PREFIX_ONLINK;
3039 	if (pinfo->autoconf)
3040 		pmsg->prefix_flags |= IF_PREFIX_AUTOCONF;
3041 
3042 	RTA_PUT(skb, PREFIX_ADDRESS, sizeof(pinfo->prefix), &pinfo->prefix);
3043 
3044 	ci.preferred_time = ntohl(pinfo->prefered);
3045 	ci.valid_time = ntohl(pinfo->valid);
3046 	RTA_PUT(skb, PREFIX_CACHEINFO, sizeof(ci), &ci);
3047 
3048 	nlh->nlmsg_len = skb->tail - b;
3049 	return skb->len;
3050 
3051 nlmsg_failure:
3052 rtattr_failure:
3053 	skb_trim(skb, b - skb->data);
3054 	return -1;
3055 }
3056 
3057 static void inet6_prefix_notify(int event, struct inet6_dev *idev,
3058 			 struct prefix_info *pinfo)
3059 {
3060 	struct sk_buff *skb;
3061 	int size = NLMSG_SPACE(sizeof(struct prefixmsg)+128);
3062 
3063 	skb = alloc_skb(size, GFP_ATOMIC);
3064 	if (!skb) {
3065 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_PREFIX, ENOBUFS);
3066 		return;
3067 	}
3068 	if (inet6_fill_prefix(skb, idev, pinfo, current->pid, 0, event, 0) < 0) {
3069 		kfree_skb(skb);
3070 		netlink_set_err(rtnl, 0, RTMGRP_IPV6_PREFIX, EINVAL);
3071 		return;
3072 	}
3073 	NETLINK_CB(skb).dst_groups = RTMGRP_IPV6_PREFIX;
3074 	netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_PREFIX, GFP_ATOMIC);
3075 }
3076 
3077 static struct rtnetlink_link inet6_rtnetlink_table[RTM_NR_MSGTYPES] = {
3078 	[RTM_GETLINK - RTM_BASE] = { .dumpit	= inet6_dump_ifinfo, },
3079 	[RTM_NEWADDR - RTM_BASE] = { .doit	= inet6_rtm_newaddr, },
3080 	[RTM_DELADDR - RTM_BASE] = { .doit	= inet6_rtm_deladdr, },
3081 	[RTM_GETADDR - RTM_BASE] = { .dumpit	= inet6_dump_ifaddr, },
3082 	[RTM_GETMULTICAST - RTM_BASE] = { .dumpit = inet6_dump_ifmcaddr, },
3083 	[RTM_GETANYCAST - RTM_BASE] = { .dumpit	= inet6_dump_ifacaddr, },
3084 	[RTM_NEWROUTE - RTM_BASE] = { .doit	= inet6_rtm_newroute, },
3085 	[RTM_DELROUTE - RTM_BASE] = { .doit	= inet6_rtm_delroute, },
3086 	[RTM_GETROUTE - RTM_BASE] = { .doit	= inet6_rtm_getroute,
3087 				      .dumpit	= inet6_dump_fib, },
3088 };
3089 
3090 static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
3091 {
3092 	inet6_ifa_notify(event ? : RTM_NEWADDR, ifp);
3093 
3094 	switch (event) {
3095 	case RTM_NEWADDR:
3096 		dst_hold(&ifp->rt->u.dst);
3097 		if (ip6_ins_rt(ifp->rt, NULL, NULL, NULL))
3098 			dst_release(&ifp->rt->u.dst);
3099 		if (ifp->idev->cnf.forwarding)
3100 			addrconf_join_anycast(ifp);
3101 		break;
3102 	case RTM_DELADDR:
3103 		if (ifp->idev->cnf.forwarding)
3104 			addrconf_leave_anycast(ifp);
3105 		addrconf_leave_solict(ifp->idev, &ifp->addr);
3106 		dst_hold(&ifp->rt->u.dst);
3107 		if (ip6_del_rt(ifp->rt, NULL, NULL, NULL))
3108 			dst_free(&ifp->rt->u.dst);
3109 		else
3110 			dst_release(&ifp->rt->u.dst);
3111 		break;
3112 	}
3113 }
3114 
3115 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
3116 {
3117 	read_lock_bh(&addrconf_lock);
3118 	if (likely(ifp->idev->dead == 0))
3119 		__ipv6_ifa_notify(event, ifp);
3120 	read_unlock_bh(&addrconf_lock);
3121 }
3122 
3123 #ifdef CONFIG_SYSCTL
3124 
3125 static
3126 int addrconf_sysctl_forward(ctl_table *ctl, int write, struct file * filp,
3127 			   void __user *buffer, size_t *lenp, loff_t *ppos)
3128 {
3129 	int *valp = ctl->data;
3130 	int val = *valp;
3131 	int ret;
3132 
3133 	ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
3134 
3135 	if (write && valp != &ipv6_devconf_dflt.forwarding) {
3136 		if (valp != &ipv6_devconf.forwarding) {
3137 			if ((!*valp) ^ (!val)) {
3138 				struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1;
3139 				if (idev == NULL)
3140 					return ret;
3141 				dev_forward_change(idev);
3142 			}
3143 		} else {
3144 			ipv6_devconf_dflt.forwarding = ipv6_devconf.forwarding;
3145 			addrconf_forward_change();
3146 		}
3147 		if (*valp)
3148 			rt6_purge_dflt_routers();
3149 	}
3150 
3151         return ret;
3152 }
3153 
3154 static int addrconf_sysctl_forward_strategy(ctl_table *table,
3155 					    int __user *name, int nlen,
3156 					    void __user *oldval,
3157 					    size_t __user *oldlenp,
3158 					    void __user *newval, size_t newlen,
3159 					    void **context)
3160 {
3161 	int *valp = table->data;
3162 	int new;
3163 
3164 	if (!newval || !newlen)
3165 		return 0;
3166 	if (newlen != sizeof(int))
3167 		return -EINVAL;
3168 	if (get_user(new, (int __user *)newval))
3169 		return -EFAULT;
3170 	if (new == *valp)
3171 		return 0;
3172 	if (oldval && oldlenp) {
3173 		size_t len;
3174 		if (get_user(len, oldlenp))
3175 			return -EFAULT;
3176 		if (len) {
3177 			if (len > table->maxlen)
3178 				len = table->maxlen;
3179 			if (copy_to_user(oldval, valp, len))
3180 				return -EFAULT;
3181 			if (put_user(len, oldlenp))
3182 				return -EFAULT;
3183 		}
3184 	}
3185 
3186 	if (valp != &ipv6_devconf_dflt.forwarding) {
3187 		if (valp != &ipv6_devconf.forwarding) {
3188 			struct inet6_dev *idev = (struct inet6_dev *)table->extra1;
3189 			int changed;
3190 			if (unlikely(idev == NULL))
3191 				return -ENODEV;
3192 			changed = (!*valp) ^ (!new);
3193 			*valp = new;
3194 			if (changed)
3195 				dev_forward_change(idev);
3196 		} else {
3197 			*valp = new;
3198 			addrconf_forward_change();
3199 		}
3200 
3201 		if (*valp)
3202 			rt6_purge_dflt_routers();
3203 	} else
3204 		*valp = new;
3205 
3206 	return 1;
3207 }
3208 
3209 static struct addrconf_sysctl_table
3210 {
3211 	struct ctl_table_header *sysctl_header;
3212 	ctl_table addrconf_vars[__NET_IPV6_MAX];
3213 	ctl_table addrconf_dev[2];
3214 	ctl_table addrconf_conf_dir[2];
3215 	ctl_table addrconf_proto_dir[2];
3216 	ctl_table addrconf_root_dir[2];
3217 } addrconf_sysctl = {
3218 	.sysctl_header = NULL,
3219 	.addrconf_vars = {
3220         	{
3221 			.ctl_name	=	NET_IPV6_FORWARDING,
3222 			.procname	=	"forwarding",
3223          		.data		=	&ipv6_devconf.forwarding,
3224 			.maxlen		=	sizeof(int),
3225 			.mode		=	0644,
3226          		.proc_handler	=	&addrconf_sysctl_forward,
3227 			.strategy	=	&addrconf_sysctl_forward_strategy,
3228 		},
3229 		{
3230 			.ctl_name	=	NET_IPV6_HOP_LIMIT,
3231 			.procname	=	"hop_limit",
3232          		.data		=	&ipv6_devconf.hop_limit,
3233 			.maxlen		=	sizeof(int),
3234 			.mode		=	0644,
3235 			.proc_handler	=	proc_dointvec,
3236 		},
3237 		{
3238 			.ctl_name	=	NET_IPV6_MTU,
3239 			.procname	=	"mtu",
3240 			.data		=	&ipv6_devconf.mtu6,
3241          		.maxlen		=	sizeof(int),
3242 			.mode		=	0644,
3243          		.proc_handler	=	&proc_dointvec,
3244 		},
3245 		{
3246 			.ctl_name	=	NET_IPV6_ACCEPT_RA,
3247 			.procname	=	"accept_ra",
3248          		.data		=	&ipv6_devconf.accept_ra,
3249 			.maxlen		=	sizeof(int),
3250 			.mode		=	0644,
3251          		.proc_handler	=	&proc_dointvec,
3252 		},
3253 		{
3254 			.ctl_name	=	NET_IPV6_ACCEPT_REDIRECTS,
3255 			.procname	=	"accept_redirects",
3256          		.data		=	&ipv6_devconf.accept_redirects,
3257 			.maxlen		=	sizeof(int),
3258 			.mode		=	0644,
3259          		.proc_handler	=	&proc_dointvec,
3260 		},
3261 		{
3262 			.ctl_name	=	NET_IPV6_AUTOCONF,
3263 			.procname	=	"autoconf",
3264          		.data		=	&ipv6_devconf.autoconf,
3265 			.maxlen		=	sizeof(int),
3266 			.mode		=	0644,
3267          		.proc_handler	=	&proc_dointvec,
3268 		},
3269 		{
3270 			.ctl_name	=	NET_IPV6_DAD_TRANSMITS,
3271 			.procname	=	"dad_transmits",
3272          		.data		=	&ipv6_devconf.dad_transmits,
3273 			.maxlen		=	sizeof(int),
3274 			.mode		=	0644,
3275          		.proc_handler	=	&proc_dointvec,
3276 		},
3277 		{
3278 			.ctl_name	=	NET_IPV6_RTR_SOLICITS,
3279 			.procname	=	"router_solicitations",
3280          		.data		=	&ipv6_devconf.rtr_solicits,
3281 			.maxlen		=	sizeof(int),
3282 			.mode		=	0644,
3283          		.proc_handler	=	&proc_dointvec,
3284 		},
3285 		{
3286 			.ctl_name	=	NET_IPV6_RTR_SOLICIT_INTERVAL,
3287 			.procname	=	"router_solicitation_interval",
3288          		.data		=	&ipv6_devconf.rtr_solicit_interval,
3289 			.maxlen		=	sizeof(int),
3290 			.mode		=	0644,
3291          		.proc_handler	=	&proc_dointvec_jiffies,
3292 			.strategy	=	&sysctl_jiffies,
3293 		},
3294 		{
3295 			.ctl_name	=	NET_IPV6_RTR_SOLICIT_DELAY,
3296 			.procname	=	"router_solicitation_delay",
3297          		.data		=	&ipv6_devconf.rtr_solicit_delay,
3298 			.maxlen		=	sizeof(int),
3299 			.mode		=	0644,
3300          		.proc_handler	=	&proc_dointvec_jiffies,
3301 			.strategy	=	&sysctl_jiffies,
3302 		},
3303 		{
3304 			.ctl_name	=	NET_IPV6_FORCE_MLD_VERSION,
3305 			.procname	=	"force_mld_version",
3306          		.data		=	&ipv6_devconf.force_mld_version,
3307 			.maxlen		=	sizeof(int),
3308 			.mode		=	0644,
3309          		.proc_handler	=	&proc_dointvec,
3310 		},
3311 #ifdef CONFIG_IPV6_PRIVACY
3312 		{
3313 			.ctl_name	=	NET_IPV6_USE_TEMPADDR,
3314 			.procname	=	"use_tempaddr",
3315 	 		.data		=	&ipv6_devconf.use_tempaddr,
3316 			.maxlen		=	sizeof(int),
3317 			.mode		=	0644,
3318 	 		.proc_handler	=	&proc_dointvec,
3319 		},
3320 		{
3321 			.ctl_name	=	NET_IPV6_TEMP_VALID_LFT,
3322 			.procname	=	"temp_valid_lft",
3323 	 		.data		=	&ipv6_devconf.temp_valid_lft,
3324 			.maxlen		=	sizeof(int),
3325 			.mode		=	0644,
3326 	 		.proc_handler	=	&proc_dointvec,
3327 		},
3328 		{
3329 			.ctl_name	=	NET_IPV6_TEMP_PREFERED_LFT,
3330 			.procname	=	"temp_prefered_lft",
3331 	 		.data		=	&ipv6_devconf.temp_prefered_lft,
3332 			.maxlen		=	sizeof(int),
3333 			.mode		=	0644,
3334 	 		.proc_handler	=	&proc_dointvec,
3335 		},
3336 		{
3337 			.ctl_name	=	NET_IPV6_REGEN_MAX_RETRY,
3338 			.procname	=	"regen_max_retry",
3339 	 		.data		=	&ipv6_devconf.regen_max_retry,
3340 			.maxlen		=	sizeof(int),
3341 			.mode		=	0644,
3342 	 		.proc_handler	=	&proc_dointvec,
3343 		},
3344 		{
3345 			.ctl_name	=	NET_IPV6_MAX_DESYNC_FACTOR,
3346 			.procname	=	"max_desync_factor",
3347 	 		.data		=	&ipv6_devconf.max_desync_factor,
3348 			.maxlen		=	sizeof(int),
3349 			.mode		=	0644,
3350 	 		.proc_handler	=	&proc_dointvec,
3351 		},
3352 #endif
3353 		{
3354 			.ctl_name	=	NET_IPV6_MAX_ADDRESSES,
3355 			.procname	=	"max_addresses",
3356 			.data		=	&ipv6_devconf.max_addresses,
3357 			.maxlen		=	sizeof(int),
3358 			.mode		=	0644,
3359 			.proc_handler	=	&proc_dointvec,
3360 		},
3361 		{
3362 			.ctl_name	=	0,	/* sentinel */
3363 		}
3364 	},
3365 	.addrconf_dev = {
3366 		{
3367 			.ctl_name	=	NET_PROTO_CONF_ALL,
3368 			.procname	=	"all",
3369 			.mode		=	0555,
3370 			.child		=	addrconf_sysctl.addrconf_vars,
3371 		},
3372 		{
3373 			.ctl_name	=	0,	/* sentinel */
3374 		}
3375 	},
3376 	.addrconf_conf_dir = {
3377 		{
3378 			.ctl_name	=	NET_IPV6_CONF,
3379 			.procname	=	"conf",
3380 			.mode		=	0555,
3381 			.child		=	addrconf_sysctl.addrconf_dev,
3382 		},
3383 		{
3384 			.ctl_name	=	0,	/* sentinel */
3385 		}
3386 	},
3387 	.addrconf_proto_dir = {
3388 		{
3389 			.ctl_name	=	NET_IPV6,
3390 			.procname	=	"ipv6",
3391 			.mode		=	0555,
3392 			.child		=	addrconf_sysctl.addrconf_conf_dir,
3393 		},
3394 		{
3395 			.ctl_name	=	0,	/* sentinel */
3396 		}
3397 	},
3398 	.addrconf_root_dir = {
3399 		{
3400 			.ctl_name	=	CTL_NET,
3401 			.procname	=	"net",
3402 			.mode		=	0555,
3403 			.child		=	addrconf_sysctl.addrconf_proto_dir,
3404 		},
3405 		{
3406 			.ctl_name	=	0,	/* sentinel */
3407 		}
3408 	},
3409 };
3410 
3411 static void addrconf_sysctl_register(struct inet6_dev *idev, struct ipv6_devconf *p)
3412 {
3413 	int i;
3414 	struct net_device *dev = idev ? idev->dev : NULL;
3415 	struct addrconf_sysctl_table *t;
3416 	char *dev_name = NULL;
3417 
3418 	t = kmalloc(sizeof(*t), GFP_KERNEL);
3419 	if (t == NULL)
3420 		return;
3421 	memcpy(t, &addrconf_sysctl, sizeof(*t));
3422 	for (i=0; t->addrconf_vars[i].data; i++) {
3423 		t->addrconf_vars[i].data += (char*)p - (char*)&ipv6_devconf;
3424 		t->addrconf_vars[i].de = NULL;
3425 		t->addrconf_vars[i].extra1 = idev; /* embedded; no ref */
3426 	}
3427 	if (dev) {
3428 		dev_name = dev->name;
3429 		t->addrconf_dev[0].ctl_name = dev->ifindex;
3430 	} else {
3431 		dev_name = "default";
3432 		t->addrconf_dev[0].ctl_name = NET_PROTO_CONF_DEFAULT;
3433 	}
3434 
3435 	/*
3436 	 * Make a copy of dev_name, because '.procname' is regarded as const
3437 	 * by sysctl and we wouldn't want anyone to change it under our feet
3438 	 * (see SIOCSIFNAME).
3439 	 */
3440 	dev_name = net_sysctl_strdup(dev_name);
3441 	if (!dev_name)
3442 	    goto free;
3443 
3444 	t->addrconf_dev[0].procname = dev_name;
3445 
3446 	t->addrconf_dev[0].child = t->addrconf_vars;
3447 	t->addrconf_dev[0].de = NULL;
3448 	t->addrconf_conf_dir[0].child = t->addrconf_dev;
3449 	t->addrconf_conf_dir[0].de = NULL;
3450 	t->addrconf_proto_dir[0].child = t->addrconf_conf_dir;
3451 	t->addrconf_proto_dir[0].de = NULL;
3452 	t->addrconf_root_dir[0].child = t->addrconf_proto_dir;
3453 	t->addrconf_root_dir[0].de = NULL;
3454 
3455 	t->sysctl_header = register_sysctl_table(t->addrconf_root_dir, 0);
3456 	if (t->sysctl_header == NULL)
3457 		goto free_procname;
3458 	else
3459 		p->sysctl = t;
3460 	return;
3461 
3462 	/* error path */
3463  free_procname:
3464 	kfree(dev_name);
3465  free:
3466 	kfree(t);
3467 
3468 	return;
3469 }
3470 
3471 static void addrconf_sysctl_unregister(struct ipv6_devconf *p)
3472 {
3473 	if (p->sysctl) {
3474 		struct addrconf_sysctl_table *t = p->sysctl;
3475 		p->sysctl = NULL;
3476 		unregister_sysctl_table(t->sysctl_header);
3477 		kfree(t->addrconf_dev[0].procname);
3478 		kfree(t);
3479 	}
3480 }
3481 
3482 
3483 #endif
3484 
3485 /*
3486  *      Device notifier
3487  */
3488 
3489 int register_inet6addr_notifier(struct notifier_block *nb)
3490 {
3491         return notifier_chain_register(&inet6addr_chain, nb);
3492 }
3493 
3494 int unregister_inet6addr_notifier(struct notifier_block *nb)
3495 {
3496         return notifier_chain_unregister(&inet6addr_chain,nb);
3497 }
3498 
3499 /*
3500  *	Init / cleanup code
3501  */
3502 
3503 int __init addrconf_init(void)
3504 {
3505 	int err = 0;
3506 
3507 	/* The addrconf netdev notifier requires that loopback_dev
3508 	 * has it's ipv6 private information allocated and setup
3509 	 * before it can bring up and give link-local addresses
3510 	 * to other devices which are up.
3511 	 *
3512 	 * Unfortunately, loopback_dev is not necessarily the first
3513 	 * entry in the global dev_base list of net devices.  In fact,
3514 	 * it is likely to be the very last entry on that list.
3515 	 * So this causes the notifier registry below to try and
3516 	 * give link-local addresses to all devices besides loopback_dev
3517 	 * first, then loopback_dev, which cases all the non-loopback_dev
3518 	 * devices to fail to get a link-local address.
3519 	 *
3520 	 * So, as a temporary fix, allocate the ipv6 structure for
3521 	 * loopback_dev first by hand.
3522 	 * Longer term, all of the dependencies ipv6 has upon the loopback
3523 	 * device and it being up should be removed.
3524 	 */
3525 	rtnl_lock();
3526 	if (!ipv6_add_dev(&loopback_dev))
3527 		err = -ENOMEM;
3528 	rtnl_unlock();
3529 	if (err)
3530 		return err;
3531 
3532 	register_netdevice_notifier(&ipv6_dev_notf);
3533 
3534 #ifdef CONFIG_IPV6_PRIVACY
3535 	md5_tfm = crypto_alloc_tfm("md5", 0);
3536 	if (unlikely(md5_tfm == NULL))
3537 		printk(KERN_WARNING
3538 			"failed to load transform for md5\n");
3539 #endif
3540 
3541 	addrconf_verify(0);
3542 	rtnetlink_links[PF_INET6] = inet6_rtnetlink_table;
3543 #ifdef CONFIG_SYSCTL
3544 	addrconf_sysctl.sysctl_header =
3545 		register_sysctl_table(addrconf_sysctl.addrconf_root_dir, 0);
3546 	addrconf_sysctl_register(NULL, &ipv6_devconf_dflt);
3547 #endif
3548 
3549 	return 0;
3550 }
3551 
3552 void __exit addrconf_cleanup(void)
3553 {
3554  	struct net_device *dev;
3555  	struct inet6_dev *idev;
3556  	struct inet6_ifaddr *ifa;
3557 	int i;
3558 
3559 	unregister_netdevice_notifier(&ipv6_dev_notf);
3560 
3561 	rtnetlink_links[PF_INET6] = NULL;
3562 #ifdef CONFIG_SYSCTL
3563 	addrconf_sysctl_unregister(&ipv6_devconf_dflt);
3564 	addrconf_sysctl_unregister(&ipv6_devconf);
3565 #endif
3566 
3567 	rtnl_lock();
3568 
3569 	/*
3570 	 *	clean dev list.
3571 	 */
3572 
3573 	for (dev=dev_base; dev; dev=dev->next) {
3574 		if ((idev = __in6_dev_get(dev)) == NULL)
3575 			continue;
3576 		addrconf_ifdown(dev, 1);
3577 	}
3578 	addrconf_ifdown(&loopback_dev, 2);
3579 
3580 	/*
3581 	 *	Check hash table.
3582 	 */
3583 
3584 	write_lock_bh(&addrconf_hash_lock);
3585 	for (i=0; i < IN6_ADDR_HSIZE; i++) {
3586 		for (ifa=inet6_addr_lst[i]; ifa; ) {
3587 			struct inet6_ifaddr *bifa;
3588 
3589 			bifa = ifa;
3590 			ifa = ifa->lst_next;
3591 			printk(KERN_DEBUG "bug: IPv6 address leakage detected: ifa=%p\n", bifa);
3592 			/* Do not free it; something is wrong.
3593 			   Now we can investigate it with debugger.
3594 			 */
3595 		}
3596 	}
3597 	write_unlock_bh(&addrconf_hash_lock);
3598 
3599 	del_timer(&addr_chk_timer);
3600 
3601 	rtnl_unlock();
3602 
3603 #ifdef CONFIG_IPV6_PRIVACY
3604 	if (likely(md5_tfm != NULL)) {
3605 		crypto_free_tfm(md5_tfm);
3606 		md5_tfm = NULL;
3607 	}
3608 #endif
3609 
3610 #ifdef CONFIG_PROC_FS
3611 	proc_net_remove("if_inet6");
3612 #endif
3613 }
3614