xref: /openbmc/linux/net/ipv6/ndisc.c (revision 643d1f7f)
1 /*
2  *	Neighbour Discovery for IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Mike Shaver		<shaver@ingenia.com>
8  *
9  *	This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14 
15 /*
16  *	Changes:
17  *
18  *	Pierre Ynard			:	export userland ND options
19  *						through netlink (RDNSS support)
20  *	Lars Fenneberg			:	fixed MTU setting on receipt
21  *						of an RA.
22  *	Janos Farkas			:	kmalloc failure checks
23  *	Alexey Kuznetsov		:	state machine reworked
24  *						and moved to net/core.
25  *	Pekka Savola			:	RFC2461 validation
26  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
27  */
28 
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31 
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50 
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65 
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71 
72 #include <net/sock.h>
73 #include <net/snmp.h>
74 
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81 
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84 
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88 
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91 
92 static struct socket *ndisc_socket;
93 
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101 
102 static struct neigh_ops ndisc_generic_ops = {
103 	.family =		AF_INET6,
104 	.solicit =		ndisc_solicit,
105 	.error_report =		ndisc_error_report,
106 	.output =		neigh_resolve_output,
107 	.connected_output =	neigh_connected_output,
108 	.hh_output =		dev_queue_xmit,
109 	.queue_xmit =		dev_queue_xmit,
110 };
111 
112 static struct neigh_ops ndisc_hh_ops = {
113 	.family =		AF_INET6,
114 	.solicit =		ndisc_solicit,
115 	.error_report =		ndisc_error_report,
116 	.output =		neigh_resolve_output,
117 	.connected_output =	neigh_resolve_output,
118 	.hh_output =		dev_queue_xmit,
119 	.queue_xmit =		dev_queue_xmit,
120 };
121 
122 
123 static struct neigh_ops ndisc_direct_ops = {
124 	.family =		AF_INET6,
125 	.output =		dev_queue_xmit,
126 	.connected_output =	dev_queue_xmit,
127 	.hh_output =		dev_queue_xmit,
128 	.queue_xmit =		dev_queue_xmit,
129 };
130 
131 struct neigh_table nd_tbl = {
132 	.family =	AF_INET6,
133 	.entry_size =	sizeof(struct neighbour) + sizeof(struct in6_addr),
134 	.key_len =	sizeof(struct in6_addr),
135 	.hash =		ndisc_hash,
136 	.constructor =	ndisc_constructor,
137 	.pconstructor =	pndisc_constructor,
138 	.pdestructor =	pndisc_destructor,
139 	.proxy_redo =	pndisc_redo,
140 	.id =		"ndisc_cache",
141 	.parms = {
142 		.tbl =			&nd_tbl,
143 		.base_reachable_time =	30 * HZ,
144 		.retrans_time =	 1 * HZ,
145 		.gc_staletime =	60 * HZ,
146 		.reachable_time =		30 * HZ,
147 		.delay_probe_time =	 5 * HZ,
148 		.queue_len =		 3,
149 		.ucast_probes =	 3,
150 		.mcast_probes =	 3,
151 		.anycast_delay =	 1 * HZ,
152 		.proxy_delay =		(8 * HZ) / 10,
153 		.proxy_qlen =		64,
154 	},
155 	.gc_interval =	  30 * HZ,
156 	.gc_thresh1 =	 128,
157 	.gc_thresh2 =	 512,
158 	.gc_thresh3 =	1024,
159 };
160 
161 /* ND options */
162 struct ndisc_options {
163 	struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 	struct nd_opt_hdr *nd_opts_ri;
166 	struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168 	struct nd_opt_hdr *nd_useropts;
169 	struct nd_opt_hdr *nd_useropts_end;
170 };
171 
172 #define nd_opts_src_lladdr	nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr	nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi		nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end		nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh		nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu		nd_opt_array[ND_OPT_MTU]
178 
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180 
181 /*
182  * Return the padding between the option length and the start of the
183  * link addr.  Currently only IP-over-InfiniBand needs this, although
184  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185  * also need a pad of 2.
186  */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189 	switch (type) {
190 	case ARPHRD_INFINIBAND: return 2;
191 	default:                return 0;
192 	}
193 }
194 
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197 	return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199 
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 				  unsigned short addr_type)
202 {
203 	int space = NDISC_OPT_SPACE(data_len);
204 	int pad   = ndisc_addr_option_pad(addr_type);
205 
206 	opt[0] = type;
207 	opt[1] = space>>3;
208 
209 	memset(opt + 2, 0, pad);
210 	opt   += pad;
211 	space -= pad;
212 
213 	memcpy(opt+2, data, data_len);
214 	data_len += 2;
215 	opt += data_len;
216 	if ((space -= data_len) > 0)
217 		memset(opt, 0, space);
218 	return opt + space;
219 }
220 
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 					    struct nd_opt_hdr *end)
223 {
224 	int type;
225 	if (!cur || !end || cur >= end)
226 		return NULL;
227 	type = cur->nd_opt_type;
228 	do {
229 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 	} while(cur < end && cur->nd_opt_type != type);
231 	return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233 
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236 	return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238 
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 					     struct nd_opt_hdr *end)
241 {
242 	if (!cur || !end || cur >= end)
243 		return NULL;
244 	do {
245 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 	} while(cur < end && !ndisc_is_useropt(cur));
247 	return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249 
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 						 struct ndisc_options *ndopts)
252 {
253 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254 
255 	if (!nd_opt || opt_len < 0 || !ndopts)
256 		return NULL;
257 	memset(ndopts, 0, sizeof(*ndopts));
258 	while (opt_len) {
259 		int l;
260 		if (opt_len < sizeof(struct nd_opt_hdr))
261 			return NULL;
262 		l = nd_opt->nd_opt_len << 3;
263 		if (opt_len < l || l == 0)
264 			return NULL;
265 		switch (nd_opt->nd_opt_type) {
266 		case ND_OPT_SOURCE_LL_ADDR:
267 		case ND_OPT_TARGET_LL_ADDR:
268 		case ND_OPT_MTU:
269 		case ND_OPT_REDIRECT_HDR:
270 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 				ND_PRINTK2(KERN_WARNING
272 					   "%s(): duplicated ND6 option found: type=%d\n",
273 					   __FUNCTION__,
274 					   nd_opt->nd_opt_type);
275 			} else {
276 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277 			}
278 			break;
279 		case ND_OPT_PREFIX_INFO:
280 			ndopts->nd_opts_pi_end = nd_opt;
281 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 			break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 		case ND_OPT_ROUTE_INFO:
286 			ndopts->nd_opts_ri_end = nd_opt;
287 			if (!ndopts->nd_opts_ri)
288 				ndopts->nd_opts_ri = nd_opt;
289 			break;
290 #endif
291 		default:
292 			if (ndisc_is_useropt(nd_opt)) {
293 				ndopts->nd_useropts_end = nd_opt;
294 				if (!ndopts->nd_useropts)
295 					ndopts->nd_useropts = nd_opt;
296 			} else {
297 				/*
298 				 * Unknown options must be silently ignored,
299 				 * to accommodate future extension to the
300 				 * protocol.
301 				 */
302 				ND_PRINTK2(KERN_NOTICE
303 					   "%s(): ignored unsupported option; type=%d, len=%d\n",
304 					   __FUNCTION__,
305 					   nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 			}
307 		}
308 		opt_len -= l;
309 		nd_opt = ((void *)nd_opt) + l;
310 	}
311 	return ndopts;
312 }
313 
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 				      struct net_device *dev)
316 {
317 	u8 *lladdr = (u8 *)(p + 1);
318 	int lladdrlen = p->nd_opt_len << 3;
319 	int prepad = ndisc_addr_option_pad(dev->type);
320 	if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 		return NULL;
322 	return (lladdr + prepad);
323 }
324 
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327 	switch (dev->type) {
328 	case ARPHRD_ETHER:
329 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
330 	case ARPHRD_FDDI:
331 		ipv6_eth_mc_map(addr, buf);
332 		return 0;
333 	case ARPHRD_IEEE802_TR:
334 		ipv6_tr_mc_map(addr,buf);
335 		return 0;
336 	case ARPHRD_ARCNET:
337 		ipv6_arcnet_mc_map(addr, buf);
338 		return 0;
339 	case ARPHRD_INFINIBAND:
340 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
341 		return 0;
342 	default:
343 		if (dir) {
344 			memcpy(buf, dev->broadcast, dev->addr_len);
345 			return 0;
346 		}
347 	}
348 	return -EINVAL;
349 }
350 
351 EXPORT_SYMBOL(ndisc_mc_map);
352 
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355 	const u32 *p32 = pkey;
356 	u32 addr_hash, i;
357 
358 	addr_hash = 0;
359 	for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 		addr_hash ^= *p32++;
361 
362 	return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364 
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 	struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 	struct net_device *dev = neigh->dev;
369 	struct inet6_dev *in6_dev;
370 	struct neigh_parms *parms;
371 	int is_multicast = ipv6_addr_is_multicast(addr);
372 
373 	rcu_read_lock();
374 	in6_dev = in6_dev_get(dev);
375 	if (in6_dev == NULL) {
376 		rcu_read_unlock();
377 		return -EINVAL;
378 	}
379 
380 	parms = in6_dev->nd_parms;
381 	__neigh_parms_put(neigh->parms);
382 	neigh->parms = neigh_parms_clone(parms);
383 	rcu_read_unlock();
384 
385 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 	if (!dev->header_ops) {
387 		neigh->nud_state = NUD_NOARP;
388 		neigh->ops = &ndisc_direct_ops;
389 		neigh->output = neigh->ops->queue_xmit;
390 	} else {
391 		if (is_multicast) {
392 			neigh->nud_state = NUD_NOARP;
393 			ndisc_mc_map(addr, neigh->ha, dev, 1);
394 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 			neigh->nud_state = NUD_NOARP;
396 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 			if (dev->flags&IFF_LOOPBACK)
398 				neigh->type = RTN_LOCAL;
399 		} else if (dev->flags&IFF_POINTOPOINT) {
400 			neigh->nud_state = NUD_NOARP;
401 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 		}
403 		if (dev->header_ops->cache)
404 			neigh->ops = &ndisc_hh_ops;
405 		else
406 			neigh->ops = &ndisc_generic_ops;
407 		if (neigh->nud_state&NUD_VALID)
408 			neigh->output = neigh->ops->connected_output;
409 		else
410 			neigh->output = neigh->ops->output;
411 	}
412 	in6_dev_put(in6_dev);
413 	return 0;
414 }
415 
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 	struct in6_addr *addr = (struct in6_addr*)&n->key;
419 	struct in6_addr maddr;
420 	struct net_device *dev = n->dev;
421 
422 	if (dev == NULL || __in6_dev_get(dev) == NULL)
423 		return -EINVAL;
424 	addrconf_addr_solict_mult(addr, &maddr);
425 	ipv6_dev_mc_inc(dev, &maddr);
426 	return 0;
427 }
428 
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 	struct in6_addr *addr = (struct in6_addr*)&n->key;
432 	struct in6_addr maddr;
433 	struct net_device *dev = n->dev;
434 
435 	if (dev == NULL || __in6_dev_get(dev) == NULL)
436 		return;
437 	addrconf_addr_solict_mult(addr, &maddr);
438 	ipv6_dev_mc_dec(dev, &maddr);
439 }
440 
441 /*
442  *	Send a Neighbour Advertisement
443  */
444 
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 			    struct in6_addr *saddr, struct in6_addr *daddr,
447 			    int oif)
448 {
449 	memset(fl, 0, sizeof(*fl));
450 	ipv6_addr_copy(&fl->fl6_src, saddr);
451 	ipv6_addr_copy(&fl->fl6_dst, daddr);
452 	fl->proto	 	= IPPROTO_ICMPV6;
453 	fl->fl_icmp_type	= type;
454 	fl->fl_icmp_code	= 0;
455 	fl->oif			= oif;
456 	security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458 
459 static void __ndisc_send(struct net_device *dev,
460 			 struct neighbour *neigh,
461 			 struct in6_addr *daddr, struct in6_addr *saddr,
462 			 struct icmp6hdr *icmp6h, struct in6_addr *target,
463 			 int llinfo)
464 {
465 	struct flowi fl;
466 	struct dst_entry *dst;
467 	struct sock *sk = ndisc_socket->sk;
468 	struct sk_buff *skb;
469 	struct icmp6hdr *hdr;
470 	struct inet6_dev *idev;
471 	int len;
472 	int err;
473 	u8 *opt, type;
474 
475 	type = icmp6h->icmp6_type;
476 
477 	ndisc_flow_init(&fl, type, saddr, daddr,
478 			dev->ifindex);
479 
480 	dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481 	if (!dst)
482 		return;
483 
484 	err = xfrm_lookup(&dst, &fl, NULL, 0);
485 	if (err < 0)
486 		return;
487 
488 	if (!dev->addr_len)
489 		llinfo = 0;
490 
491 	len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492 	if (llinfo)
493 		len += ndisc_opt_addr_space(dev);
494 
495 	skb = sock_alloc_send_skb(sk,
496 				  (MAX_HEADER + sizeof(struct ipv6hdr) +
497 				   len + LL_RESERVED_SPACE(dev)),
498 				  1, &err);
499 	if (!skb) {
500 		ND_PRINTK0(KERN_ERR
501 			   "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 			   __FUNCTION__);
503 		dst_release(dst);
504 		return;
505 	}
506 
507 	skb_reserve(skb, LL_RESERVED_SPACE(dev));
508 	ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509 
510 	skb->transport_header = skb->tail;
511 	skb_put(skb, len);
512 
513 	hdr = (struct icmp6hdr *)skb_transport_header(skb);
514 	memcpy(hdr, icmp6h, sizeof(*hdr));
515 
516 	opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517 	if (target) {
518 		ipv6_addr_copy((struct in6_addr *)opt, target);
519 		opt += sizeof(*target);
520 	}
521 
522 	if (llinfo)
523 		ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524 				       dev->addr_len, dev->type);
525 
526 	hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527 					   IPPROTO_ICMPV6,
528 					   csum_partial((__u8 *) hdr,
529 							len, 0));
530 
531 	skb->dst = dst;
532 
533 	idev = in6_dev_get(dst->dev);
534 	IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535 
536 	err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537 		      dst_output);
538 	if (!err) {
539 		ICMP6MSGOUT_INC_STATS(idev, type);
540 		ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
541 	}
542 
543 	if (likely(idev != NULL))
544 		in6_dev_put(idev);
545 }
546 
547 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548 		   struct in6_addr *daddr, struct in6_addr *solicited_addr,
549 		   int router, int solicited, int override, int inc_opt)
550 {
551 	struct in6_addr tmpaddr;
552 	struct inet6_ifaddr *ifp;
553 	struct in6_addr *src_addr;
554 	struct icmp6hdr icmp6h = {
555 		.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
556 	};
557 
558 	/* for anycast or proxy, solicited_addr != src_addr */
559 	ifp = ipv6_get_ifaddr(&init_net, solicited_addr, dev, 1);
560 	if (ifp) {
561 		src_addr = solicited_addr;
562 		if (ifp->flags & IFA_F_OPTIMISTIC)
563 			override = 0;
564 		in6_ifa_put(ifp);
565 	} else {
566 		if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
567 			return;
568 		src_addr = &tmpaddr;
569 	}
570 
571 	icmp6h.icmp6_router = router;
572 	icmp6h.icmp6_solicited = solicited;
573 	icmp6h.icmp6_override = override;
574 
575 	__ndisc_send(dev, neigh, daddr, src_addr,
576 		     &icmp6h, solicited_addr,
577 		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
578 }
579 
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581 		   struct in6_addr *solicit,
582 		   struct in6_addr *daddr, struct in6_addr *saddr)
583 {
584 	struct in6_addr addr_buf;
585 	struct icmp6hdr icmp6h = {
586 		.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587 	};
588 
589 	if (saddr == NULL) {
590 		if (ipv6_get_lladdr(dev, &addr_buf,
591 				   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592 			return;
593 		saddr = &addr_buf;
594 	}
595 
596 	__ndisc_send(dev, neigh, daddr, saddr,
597 		     &icmp6h, solicit,
598 		     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
599 }
600 
601 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
602 		   struct in6_addr *daddr)
603 {
604 	struct icmp6hdr icmp6h = {
605 		.icmp6_type = NDISC_ROUTER_SOLICITATION,
606 	};
607 	int send_sllao = dev->addr_len;
608 
609 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
610 	/*
611 	 * According to section 2.2 of RFC 4429, we must not
612 	 * send router solicitations with a sllao from
613 	 * optimistic addresses, but we may send the solicitation
614 	 * if we don't include the sllao.  So here we check
615 	 * if our address is optimistic, and if so, we
616 	 * suppress the inclusion of the sllao.
617 	 */
618 	if (send_sllao) {
619 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(&init_net, saddr,
620 							   dev, 1);
621 		if (ifp) {
622 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
623 				send_sllao = 0;
624 			}
625 			in6_ifa_put(ifp);
626 		} else {
627 			send_sllao = 0;
628 		}
629 	}
630 #endif
631 	__ndisc_send(dev, NULL, daddr, saddr,
632 		     &icmp6h, NULL,
633 		     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
634 }
635 
636 
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639 	/*
640 	 *	"The sender MUST return an ICMP
641 	 *	 destination unreachable"
642 	 */
643 	dst_link_failure(skb);
644 	kfree_skb(skb);
645 }
646 
647 /* Called with locked neigh: either read or both */
648 
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651 	struct in6_addr *saddr = NULL;
652 	struct in6_addr mcaddr;
653 	struct net_device *dev = neigh->dev;
654 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 	int probes = atomic_read(&neigh->probes);
656 
657 	if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1))
658 		saddr = &ipv6_hdr(skb)->saddr;
659 
660 	if ((probes -= neigh->parms->ucast_probes) < 0) {
661 		if (!(neigh->nud_state & NUD_VALID)) {
662 			ND_PRINTK1(KERN_DEBUG
663 				   "%s(): trying to ucast probe in NUD_INVALID: "
664 				   NIP6_FMT "\n",
665 				   __FUNCTION__,
666 				   NIP6(*target));
667 		}
668 		ndisc_send_ns(dev, neigh, target, target, saddr);
669 	} else if ((probes -= neigh->parms->app_probes) < 0) {
670 #ifdef CONFIG_ARPD
671 		neigh_app_ns(neigh);
672 #endif
673 	} else {
674 		addrconf_addr_solict_mult(target, &mcaddr);
675 		ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
676 	}
677 }
678 
679 static void ndisc_recv_ns(struct sk_buff *skb)
680 {
681 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
682 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
683 	struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
684 	u8 *lladdr = NULL;
685 	u32 ndoptlen = skb->tail - (skb->transport_header +
686 				    offsetof(struct nd_msg, opt));
687 	struct ndisc_options ndopts;
688 	struct net_device *dev = skb->dev;
689 	struct inet6_ifaddr *ifp;
690 	struct inet6_dev *idev = NULL;
691 	struct neighbour *neigh;
692 	struct pneigh_entry *pneigh = NULL;
693 	int dad = ipv6_addr_any(saddr);
694 	int inc;
695 	int is_router;
696 
697 	if (ipv6_addr_is_multicast(&msg->target)) {
698 		ND_PRINTK2(KERN_WARNING
699 			   "ICMPv6 NS: multicast target address");
700 		return;
701 	}
702 
703 	/*
704 	 * RFC2461 7.1.1:
705 	 * DAD has to be destined for solicited node multicast address.
706 	 */
707 	if (dad &&
708 	    !(daddr->s6_addr32[0] == htonl(0xff020000) &&
709 	      daddr->s6_addr32[1] == htonl(0x00000000) &&
710 	      daddr->s6_addr32[2] == htonl(0x00000001) &&
711 	      daddr->s6_addr [12] == 0xff )) {
712 		ND_PRINTK2(KERN_WARNING
713 			   "ICMPv6 NS: bad DAD packet (wrong destination)\n");
714 		return;
715 	}
716 
717 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
718 		ND_PRINTK2(KERN_WARNING
719 			   "ICMPv6 NS: invalid ND options\n");
720 		return;
721 	}
722 
723 	if (ndopts.nd_opts_src_lladdr) {
724 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
725 		if (!lladdr) {
726 			ND_PRINTK2(KERN_WARNING
727 				   "ICMPv6 NS: invalid link-layer address length\n");
728 			return;
729 		}
730 
731 		/* RFC2461 7.1.1:
732 		 *	If the IP source address is the unspecified address,
733 		 *	there MUST NOT be source link-layer address option
734 		 *	in the message.
735 		 */
736 		if (dad) {
737 			ND_PRINTK2(KERN_WARNING
738 				   "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
739 			return;
740 		}
741 	}
742 
743 	inc = ipv6_addr_is_multicast(daddr);
744 
745 	if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1)) != NULL) {
746 
747 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
748 			if (dad) {
749 				if (dev->type == ARPHRD_IEEE802_TR) {
750 					const unsigned char *sadr;
751 					sadr = skb_mac_header(skb);
752 					if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
753 					    sadr[9] == dev->dev_addr[1] &&
754 					    sadr[10] == dev->dev_addr[2] &&
755 					    sadr[11] == dev->dev_addr[3] &&
756 					    sadr[12] == dev->dev_addr[4] &&
757 					    sadr[13] == dev->dev_addr[5]) {
758 						/* looped-back to us */
759 						goto out;
760 					}
761 				}
762 
763 				/*
764 				 * We are colliding with another node
765 				 * who is doing DAD
766 				 * so fail our DAD process
767 				 */
768 				addrconf_dad_failure(ifp);
769 				return;
770 			} else {
771 				/*
772 				 * This is not a dad solicitation.
773 				 * If we are an optimistic node,
774 				 * we should respond.
775 				 * Otherwise, we should ignore it.
776 				 */
777 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
778 					goto out;
779 			}
780 		}
781 
782 		idev = ifp->idev;
783 	} else {
784 		idev = in6_dev_get(dev);
785 		if (!idev) {
786 			/* XXX: count this drop? */
787 			return;
788 		}
789 
790 		if (ipv6_chk_acast_addr(dev, &msg->target) ||
791 		    (idev->cnf.forwarding &&
792 		     (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
793 		     (pneigh = pneigh_lookup(&nd_tbl, &init_net,
794 					     &msg->target, dev, 0)) != NULL)) {
795 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
796 			    skb->pkt_type != PACKET_HOST &&
797 			    inc != 0 &&
798 			    idev->nd_parms->proxy_delay != 0) {
799 				/*
800 				 * for anycast or proxy,
801 				 * sender should delay its response
802 				 * by a random time between 0 and
803 				 * MAX_ANYCAST_DELAY_TIME seconds.
804 				 * (RFC2461) -- yoshfuji
805 				 */
806 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
807 				if (n)
808 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
809 				goto out;
810 			}
811 		} else
812 			goto out;
813 	}
814 
815 	is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
816 
817 	if (dad) {
818 		struct in6_addr maddr;
819 
820 		ipv6_addr_all_nodes(&maddr);
821 		ndisc_send_na(dev, NULL, &maddr, &msg->target,
822 			      is_router, 0, (ifp != NULL), 1);
823 		goto out;
824 	}
825 
826 	if (inc)
827 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
828 	else
829 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
830 
831 	/*
832 	 *	update / create cache entry
833 	 *	for the source address
834 	 */
835 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
836 			       !inc || lladdr || !dev->addr_len);
837 	if (neigh)
838 		neigh_update(neigh, lladdr, NUD_STALE,
839 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
840 			     NEIGH_UPDATE_F_OVERRIDE);
841 	if (neigh || !dev->header_ops) {
842 		ndisc_send_na(dev, neigh, saddr, &msg->target,
843 			      is_router,
844 			      1, (ifp != NULL && inc), inc);
845 		if (neigh)
846 			neigh_release(neigh);
847 	}
848 
849 out:
850 	if (ifp)
851 		in6_ifa_put(ifp);
852 	else
853 		in6_dev_put(idev);
854 
855 	return;
856 }
857 
858 static void ndisc_recv_na(struct sk_buff *skb)
859 {
860 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
861 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
862 	struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
863 	u8 *lladdr = NULL;
864 	u32 ndoptlen = skb->tail - (skb->transport_header +
865 				    offsetof(struct nd_msg, opt));
866 	struct ndisc_options ndopts;
867 	struct net_device *dev = skb->dev;
868 	struct inet6_ifaddr *ifp;
869 	struct neighbour *neigh;
870 
871 	if (skb->len < sizeof(struct nd_msg)) {
872 		ND_PRINTK2(KERN_WARNING
873 			   "ICMPv6 NA: packet too short\n");
874 		return;
875 	}
876 
877 	if (ipv6_addr_is_multicast(&msg->target)) {
878 		ND_PRINTK2(KERN_WARNING
879 			   "ICMPv6 NA: target address is multicast.\n");
880 		return;
881 	}
882 
883 	if (ipv6_addr_is_multicast(daddr) &&
884 	    msg->icmph.icmp6_solicited) {
885 		ND_PRINTK2(KERN_WARNING
886 			   "ICMPv6 NA: solicited NA is multicasted.\n");
887 		return;
888 	}
889 
890 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
891 		ND_PRINTK2(KERN_WARNING
892 			   "ICMPv6 NS: invalid ND option\n");
893 		return;
894 	}
895 	if (ndopts.nd_opts_tgt_lladdr) {
896 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
897 		if (!lladdr) {
898 			ND_PRINTK2(KERN_WARNING
899 				   "ICMPv6 NA: invalid link-layer address length\n");
900 			return;
901 		}
902 	}
903 	if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1))) {
904 		if (ifp->flags & IFA_F_TENTATIVE) {
905 			addrconf_dad_failure(ifp);
906 			return;
907 		}
908 		/* What should we make now? The advertisement
909 		   is invalid, but ndisc specs say nothing
910 		   about it. It could be misconfiguration, or
911 		   an smart proxy agent tries to help us :-)
912 		 */
913 		ND_PRINTK1(KERN_WARNING
914 			   "ICMPv6 NA: someone advertises our address on %s!\n",
915 			   ifp->idev->dev->name);
916 		in6_ifa_put(ifp);
917 		return;
918 	}
919 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
920 
921 	if (neigh) {
922 		u8 old_flags = neigh->flags;
923 
924 		if (neigh->nud_state & NUD_FAILED)
925 			goto out;
926 
927 		/*
928 		 * Don't update the neighbor cache entry on a proxy NA from
929 		 * ourselves because either the proxied node is off link or it
930 		 * has already sent a NA to us.
931 		 */
932 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
933 		    ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
934 		    pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
935 			/* XXX: idev->cnf.prixy_ndp */
936 			goto out;
937 		}
938 
939 		neigh_update(neigh, lladdr,
940 			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
941 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
942 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
943 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
944 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
945 
946 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
947 			/*
948 			 * Change: router to host
949 			 */
950 			struct rt6_info *rt;
951 			rt = rt6_get_dflt_router(saddr, dev);
952 			if (rt)
953 				ip6_del_rt(rt);
954 		}
955 
956 out:
957 		neigh_release(neigh);
958 	}
959 }
960 
961 static void ndisc_recv_rs(struct sk_buff *skb)
962 {
963 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
964 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
965 	struct neighbour *neigh;
966 	struct inet6_dev *idev;
967 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
968 	struct ndisc_options ndopts;
969 	u8 *lladdr = NULL;
970 
971 	if (skb->len < sizeof(*rs_msg))
972 		return;
973 
974 	idev = in6_dev_get(skb->dev);
975 	if (!idev) {
976 		if (net_ratelimit())
977 			ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
978 		return;
979 	}
980 
981 	/* Don't accept RS if we're not in router mode */
982 	if (!idev->cnf.forwarding)
983 		goto out;
984 
985 	/*
986 	 * Don't update NCE if src = ::;
987 	 * this implies that the source node has no ip address assigned yet.
988 	 */
989 	if (ipv6_addr_any(saddr))
990 		goto out;
991 
992 	/* Parse ND options */
993 	if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
994 		if (net_ratelimit())
995 			ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
996 		goto out;
997 	}
998 
999 	if (ndopts.nd_opts_src_lladdr) {
1000 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1001 					     skb->dev);
1002 		if (!lladdr)
1003 			goto out;
1004 	}
1005 
1006 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1007 	if (neigh) {
1008 		neigh_update(neigh, lladdr, NUD_STALE,
1009 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010 			     NEIGH_UPDATE_F_OVERRIDE|
1011 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1012 		neigh_release(neigh);
1013 	}
1014 out:
1015 	in6_dev_put(idev);
1016 }
1017 
1018 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1019 {
1020 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1021 	struct sk_buff *skb;
1022 	struct nlmsghdr *nlh;
1023 	struct nduseroptmsg *ndmsg;
1024 	int err;
1025 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1026 				    + (opt->nd_opt_len << 3));
1027 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1028 
1029 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1030 	if (skb == NULL) {
1031 		err = -ENOBUFS;
1032 		goto errout;
1033 	}
1034 
1035 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1036 	if (nlh == NULL) {
1037 		goto nla_put_failure;
1038 	}
1039 
1040 	ndmsg = nlmsg_data(nlh);
1041 	ndmsg->nduseropt_family = AF_INET6;
1042 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1043 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1044 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1045 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1046 
1047 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1048 
1049 	NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1050 		&ipv6_hdr(ra)->saddr);
1051 	nlmsg_end(skb, nlh);
1052 
1053 	err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL,
1054 			  GFP_ATOMIC);
1055 	if (err < 0)
1056 		goto errout;
1057 
1058 	return;
1059 
1060 nla_put_failure:
1061 	nlmsg_free(skb);
1062 	err = -EMSGSIZE;
1063 errout:
1064 	rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err);
1065 }
1066 
1067 static void ndisc_router_discovery(struct sk_buff *skb)
1068 {
1069 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1070 	struct neighbour *neigh = NULL;
1071 	struct inet6_dev *in6_dev;
1072 	struct rt6_info *rt = NULL;
1073 	int lifetime;
1074 	struct ndisc_options ndopts;
1075 	int optlen;
1076 	unsigned int pref = 0;
1077 
1078 	__u8 * opt = (__u8 *)(ra_msg + 1);
1079 
1080 	optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1081 
1082 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1083 		ND_PRINTK2(KERN_WARNING
1084 			   "ICMPv6 RA: source address is not link-local.\n");
1085 		return;
1086 	}
1087 	if (optlen < 0) {
1088 		ND_PRINTK2(KERN_WARNING
1089 			   "ICMPv6 RA: packet too short\n");
1090 		return;
1091 	}
1092 
1093 	/*
1094 	 *	set the RA_RECV flag in the interface
1095 	 */
1096 
1097 	in6_dev = in6_dev_get(skb->dev);
1098 	if (in6_dev == NULL) {
1099 		ND_PRINTK0(KERN_ERR
1100 			   "ICMPv6 RA: can't find inet6 device for %s.\n",
1101 			   skb->dev->name);
1102 		return;
1103 	}
1104 	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1105 		in6_dev_put(in6_dev);
1106 		return;
1107 	}
1108 
1109 	if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1110 		in6_dev_put(in6_dev);
1111 		ND_PRINTK2(KERN_WARNING
1112 			   "ICMP6 RA: invalid ND options\n");
1113 		return;
1114 	}
1115 
1116 	if (in6_dev->if_flags & IF_RS_SENT) {
1117 		/*
1118 		 *	flag that an RA was received after an RS was sent
1119 		 *	out on this interface.
1120 		 */
1121 		in6_dev->if_flags |= IF_RA_RCVD;
1122 	}
1123 
1124 	/*
1125 	 * Remember the managed/otherconf flags from most recently
1126 	 * received RA message (RFC 2462) -- yoshfuji
1127 	 */
1128 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1129 				IF_RA_OTHERCONF)) |
1130 				(ra_msg->icmph.icmp6_addrconf_managed ?
1131 					IF_RA_MANAGED : 0) |
1132 				(ra_msg->icmph.icmp6_addrconf_other ?
1133 					IF_RA_OTHERCONF : 0);
1134 
1135 	if (!in6_dev->cnf.accept_ra_defrtr)
1136 		goto skip_defrtr;
1137 
1138 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1139 
1140 #ifdef CONFIG_IPV6_ROUTER_PREF
1141 	pref = ra_msg->icmph.icmp6_router_pref;
1142 	/* 10b is handled as if it were 00b (medium) */
1143 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1144 	    !in6_dev->cnf.accept_ra_rtr_pref)
1145 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1146 #endif
1147 
1148 	rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1149 
1150 	if (rt)
1151 		neigh = rt->rt6i_nexthop;
1152 
1153 	if (rt && lifetime == 0) {
1154 		neigh_clone(neigh);
1155 		ip6_del_rt(rt);
1156 		rt = NULL;
1157 	}
1158 
1159 	if (rt == NULL && lifetime) {
1160 		ND_PRINTK3(KERN_DEBUG
1161 			   "ICMPv6 RA: adding default router.\n");
1162 
1163 		rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1164 		if (rt == NULL) {
1165 			ND_PRINTK0(KERN_ERR
1166 				   "ICMPv6 RA: %s() failed to add default route.\n",
1167 				   __FUNCTION__);
1168 			in6_dev_put(in6_dev);
1169 			return;
1170 		}
1171 
1172 		neigh = rt->rt6i_nexthop;
1173 		if (neigh == NULL) {
1174 			ND_PRINTK0(KERN_ERR
1175 				   "ICMPv6 RA: %s() got default router without neighbour.\n",
1176 				   __FUNCTION__);
1177 			dst_release(&rt->u.dst);
1178 			in6_dev_put(in6_dev);
1179 			return;
1180 		}
1181 		neigh->flags |= NTF_ROUTER;
1182 	} else if (rt) {
1183 		rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1184 	}
1185 
1186 	if (rt)
1187 		rt->rt6i_expires = jiffies + (HZ * lifetime);
1188 
1189 	if (ra_msg->icmph.icmp6_hop_limit) {
1190 		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1191 		if (rt)
1192 			rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1193 	}
1194 
1195 skip_defrtr:
1196 
1197 	/*
1198 	 *	Update Reachable Time and Retrans Timer
1199 	 */
1200 
1201 	if (in6_dev->nd_parms) {
1202 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1203 
1204 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1205 			rtime = (rtime*HZ)/1000;
1206 			if (rtime < HZ/10)
1207 				rtime = HZ/10;
1208 			in6_dev->nd_parms->retrans_time = rtime;
1209 			in6_dev->tstamp = jiffies;
1210 			inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1211 		}
1212 
1213 		rtime = ntohl(ra_msg->reachable_time);
1214 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1215 			rtime = (rtime*HZ)/1000;
1216 
1217 			if (rtime < HZ/10)
1218 				rtime = HZ/10;
1219 
1220 			if (rtime != in6_dev->nd_parms->base_reachable_time) {
1221 				in6_dev->nd_parms->base_reachable_time = rtime;
1222 				in6_dev->nd_parms->gc_staletime = 3 * rtime;
1223 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1224 				in6_dev->tstamp = jiffies;
1225 				inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1226 			}
1227 		}
1228 	}
1229 
1230 	/*
1231 	 *	Process options.
1232 	 */
1233 
1234 	if (!neigh)
1235 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1236 				       skb->dev, 1);
1237 	if (neigh) {
1238 		u8 *lladdr = NULL;
1239 		if (ndopts.nd_opts_src_lladdr) {
1240 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1241 						     skb->dev);
1242 			if (!lladdr) {
1243 				ND_PRINTK2(KERN_WARNING
1244 					   "ICMPv6 RA: invalid link-layer address length\n");
1245 				goto out;
1246 			}
1247 		}
1248 		neigh_update(neigh, lladdr, NUD_STALE,
1249 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1250 			     NEIGH_UPDATE_F_OVERRIDE|
1251 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1252 			     NEIGH_UPDATE_F_ISROUTER);
1253 	}
1254 
1255 #ifdef CONFIG_IPV6_ROUTE_INFO
1256 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1257 		struct nd_opt_hdr *p;
1258 		for (p = ndopts.nd_opts_ri;
1259 		     p;
1260 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1261 			if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1262 				continue;
1263 			rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1264 				      &ipv6_hdr(skb)->saddr);
1265 		}
1266 	}
1267 #endif
1268 
1269 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1270 		struct nd_opt_hdr *p;
1271 		for (p = ndopts.nd_opts_pi;
1272 		     p;
1273 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1274 			addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1275 		}
1276 	}
1277 
1278 	if (ndopts.nd_opts_mtu) {
1279 		__be32 n;
1280 		u32 mtu;
1281 
1282 		memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1283 		mtu = ntohl(n);
1284 
1285 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1286 			ND_PRINTK2(KERN_WARNING
1287 				   "ICMPv6 RA: invalid mtu: %d\n",
1288 				   mtu);
1289 		} else if (in6_dev->cnf.mtu6 != mtu) {
1290 			in6_dev->cnf.mtu6 = mtu;
1291 
1292 			if (rt)
1293 				rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1294 
1295 			rt6_mtu_change(skb->dev, mtu);
1296 		}
1297 	}
1298 
1299 	if (ndopts.nd_useropts) {
1300 		struct nd_opt_hdr *p;
1301 		for (p = ndopts.nd_useropts;
1302 		     p;
1303 		     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1304 			ndisc_ra_useropt(skb, p);
1305 		}
1306 	}
1307 
1308 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1309 		ND_PRINTK2(KERN_WARNING
1310 			   "ICMPv6 RA: invalid RA options");
1311 	}
1312 out:
1313 	if (rt)
1314 		dst_release(&rt->u.dst);
1315 	else if (neigh)
1316 		neigh_release(neigh);
1317 	in6_dev_put(in6_dev);
1318 }
1319 
1320 static void ndisc_redirect_rcv(struct sk_buff *skb)
1321 {
1322 	struct inet6_dev *in6_dev;
1323 	struct icmp6hdr *icmph;
1324 	struct in6_addr *dest;
1325 	struct in6_addr *target;	/* new first hop to destination */
1326 	struct neighbour *neigh;
1327 	int on_link = 0;
1328 	struct ndisc_options ndopts;
1329 	int optlen;
1330 	u8 *lladdr = NULL;
1331 
1332 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1333 		ND_PRINTK2(KERN_WARNING
1334 			   "ICMPv6 Redirect: source address is not link-local.\n");
1335 		return;
1336 	}
1337 
1338 	optlen = skb->tail - skb->transport_header;
1339 	optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1340 
1341 	if (optlen < 0) {
1342 		ND_PRINTK2(KERN_WARNING
1343 			   "ICMPv6 Redirect: packet too short\n");
1344 		return;
1345 	}
1346 
1347 	icmph = icmp6_hdr(skb);
1348 	target = (struct in6_addr *) (icmph + 1);
1349 	dest = target + 1;
1350 
1351 	if (ipv6_addr_is_multicast(dest)) {
1352 		ND_PRINTK2(KERN_WARNING
1353 			   "ICMPv6 Redirect: destination address is multicast.\n");
1354 		return;
1355 	}
1356 
1357 	if (ipv6_addr_equal(dest, target)) {
1358 		on_link = 1;
1359 	} else if (ipv6_addr_type(target) !=
1360 		   (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1361 		ND_PRINTK2(KERN_WARNING
1362 			   "ICMPv6 Redirect: target address is not link-local unicast.\n");
1363 		return;
1364 	}
1365 
1366 	in6_dev = in6_dev_get(skb->dev);
1367 	if (!in6_dev)
1368 		return;
1369 	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1370 		in6_dev_put(in6_dev);
1371 		return;
1372 	}
1373 
1374 	/* RFC2461 8.1:
1375 	 *	The IP source address of the Redirect MUST be the same as the current
1376 	 *	first-hop router for the specified ICMP Destination Address.
1377 	 */
1378 
1379 	if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1380 		ND_PRINTK2(KERN_WARNING
1381 			   "ICMPv6 Redirect: invalid ND options\n");
1382 		in6_dev_put(in6_dev);
1383 		return;
1384 	}
1385 	if (ndopts.nd_opts_tgt_lladdr) {
1386 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1387 					     skb->dev);
1388 		if (!lladdr) {
1389 			ND_PRINTK2(KERN_WARNING
1390 				   "ICMPv6 Redirect: invalid link-layer address length\n");
1391 			in6_dev_put(in6_dev);
1392 			return;
1393 		}
1394 	}
1395 
1396 	neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1397 	if (neigh) {
1398 		rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1399 			     &ipv6_hdr(skb)->saddr, neigh, lladdr,
1400 			     on_link);
1401 		neigh_release(neigh);
1402 	}
1403 	in6_dev_put(in6_dev);
1404 }
1405 
1406 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1407 			 struct in6_addr *target)
1408 {
1409 	struct sock *sk = ndisc_socket->sk;
1410 	int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1411 	struct sk_buff *buff;
1412 	struct icmp6hdr *icmph;
1413 	struct in6_addr saddr_buf;
1414 	struct in6_addr *addrp;
1415 	struct net_device *dev;
1416 	struct rt6_info *rt;
1417 	struct dst_entry *dst;
1418 	struct inet6_dev *idev;
1419 	struct flowi fl;
1420 	u8 *opt;
1421 	int rd_len;
1422 	int err;
1423 	int hlen;
1424 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1425 
1426 	dev = skb->dev;
1427 
1428 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1429 		ND_PRINTK2(KERN_WARNING
1430 			   "ICMPv6 Redirect: no link-local address on %s\n",
1431 			   dev->name);
1432 		return;
1433 	}
1434 
1435 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1436 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1437 		ND_PRINTK2(KERN_WARNING
1438 			"ICMPv6 Redirect: target address is not link-local unicast.\n");
1439 		return;
1440 	}
1441 
1442 	ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1443 			dev->ifindex);
1444 
1445 	dst = ip6_route_output(NULL, &fl);
1446 	if (dst == NULL)
1447 		return;
1448 
1449 	err = xfrm_lookup(&dst, &fl, NULL, 0);
1450 	if (err)
1451 		return;
1452 
1453 	rt = (struct rt6_info *) dst;
1454 
1455 	if (rt->rt6i_flags & RTF_GATEWAY) {
1456 		ND_PRINTK2(KERN_WARNING
1457 			   "ICMPv6 Redirect: destination is not a neighbour.\n");
1458 		dst_release(dst);
1459 		return;
1460 	}
1461 	if (!xrlim_allow(dst, 1*HZ)) {
1462 		dst_release(dst);
1463 		return;
1464 	}
1465 
1466 	if (dev->addr_len) {
1467 		read_lock_bh(&neigh->lock);
1468 		if (neigh->nud_state & NUD_VALID) {
1469 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1470 			read_unlock_bh(&neigh->lock);
1471 			ha = ha_buf;
1472 			len += ndisc_opt_addr_space(dev);
1473 		} else
1474 			read_unlock_bh(&neigh->lock);
1475 	}
1476 
1477 	rd_len = min_t(unsigned int,
1478 		     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1479 	rd_len &= ~0x7;
1480 	len += rd_len;
1481 
1482 	buff = sock_alloc_send_skb(sk,
1483 				   (MAX_HEADER + sizeof(struct ipv6hdr) +
1484 				    len + LL_RESERVED_SPACE(dev)),
1485 				   1, &err);
1486 	if (buff == NULL) {
1487 		ND_PRINTK0(KERN_ERR
1488 			   "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1489 			   __FUNCTION__);
1490 		dst_release(dst);
1491 		return;
1492 	}
1493 
1494 	hlen = 0;
1495 
1496 	skb_reserve(buff, LL_RESERVED_SPACE(dev));
1497 	ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1498 		   IPPROTO_ICMPV6, len);
1499 
1500 	skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1501 	skb_put(buff, len);
1502 	icmph = icmp6_hdr(buff);
1503 
1504 	memset(icmph, 0, sizeof(struct icmp6hdr));
1505 	icmph->icmp6_type = NDISC_REDIRECT;
1506 
1507 	/*
1508 	 *	copy target and destination addresses
1509 	 */
1510 
1511 	addrp = (struct in6_addr *)(icmph + 1);
1512 	ipv6_addr_copy(addrp, target);
1513 	addrp++;
1514 	ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1515 
1516 	opt = (u8*) (addrp + 1);
1517 
1518 	/*
1519 	 *	include target_address option
1520 	 */
1521 
1522 	if (ha)
1523 		opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1524 					     dev->addr_len, dev->type);
1525 
1526 	/*
1527 	 *	build redirect option and copy skb over to the new packet.
1528 	 */
1529 
1530 	memset(opt, 0, 8);
1531 	*(opt++) = ND_OPT_REDIRECT_HDR;
1532 	*(opt++) = (rd_len >> 3);
1533 	opt += 6;
1534 
1535 	memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1536 
1537 	icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1538 					     len, IPPROTO_ICMPV6,
1539 					     csum_partial((u8 *) icmph, len, 0));
1540 
1541 	buff->dst = dst;
1542 	idev = in6_dev_get(dst->dev);
1543 	IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1544 	err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1545 		      dst_output);
1546 	if (!err) {
1547 		ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1548 		ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1549 	}
1550 
1551 	if (likely(idev != NULL))
1552 		in6_dev_put(idev);
1553 }
1554 
1555 static void pndisc_redo(struct sk_buff *skb)
1556 {
1557 	ndisc_recv_ns(skb);
1558 	kfree_skb(skb);
1559 }
1560 
1561 int ndisc_rcv(struct sk_buff *skb)
1562 {
1563 	struct nd_msg *msg;
1564 
1565 	if (!pskb_may_pull(skb, skb->len))
1566 		return 0;
1567 
1568 	msg = (struct nd_msg *)skb_transport_header(skb);
1569 
1570 	__skb_push(skb, skb->data - skb_transport_header(skb));
1571 
1572 	if (ipv6_hdr(skb)->hop_limit != 255) {
1573 		ND_PRINTK2(KERN_WARNING
1574 			   "ICMPv6 NDISC: invalid hop-limit: %d\n",
1575 			   ipv6_hdr(skb)->hop_limit);
1576 		return 0;
1577 	}
1578 
1579 	if (msg->icmph.icmp6_code != 0) {
1580 		ND_PRINTK2(KERN_WARNING
1581 			   "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1582 			   msg->icmph.icmp6_code);
1583 		return 0;
1584 	}
1585 
1586 	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1587 
1588 	switch (msg->icmph.icmp6_type) {
1589 	case NDISC_NEIGHBOUR_SOLICITATION:
1590 		ndisc_recv_ns(skb);
1591 		break;
1592 
1593 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1594 		ndisc_recv_na(skb);
1595 		break;
1596 
1597 	case NDISC_ROUTER_SOLICITATION:
1598 		ndisc_recv_rs(skb);
1599 		break;
1600 
1601 	case NDISC_ROUTER_ADVERTISEMENT:
1602 		ndisc_router_discovery(skb);
1603 		break;
1604 
1605 	case NDISC_REDIRECT:
1606 		ndisc_redirect_rcv(skb);
1607 		break;
1608 	}
1609 
1610 	return 0;
1611 }
1612 
1613 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1614 {
1615 	struct net_device *dev = ptr;
1616 
1617 	if (dev->nd_net != &init_net)
1618 		return NOTIFY_DONE;
1619 
1620 	switch (event) {
1621 	case NETDEV_CHANGEADDR:
1622 		neigh_changeaddr(&nd_tbl, dev);
1623 		fib6_run_gc(~0UL);
1624 		break;
1625 	case NETDEV_DOWN:
1626 		neigh_ifdown(&nd_tbl, dev);
1627 		fib6_run_gc(~0UL);
1628 		break;
1629 	default:
1630 		break;
1631 	}
1632 
1633 	return NOTIFY_DONE;
1634 }
1635 
1636 static struct notifier_block ndisc_netdev_notifier = {
1637 	.notifier_call = ndisc_netdev_event,
1638 };
1639 
1640 #ifdef CONFIG_SYSCTL
1641 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1642 					 const char *func, const char *dev_name)
1643 {
1644 	static char warncomm[TASK_COMM_LEN];
1645 	static int warned;
1646 	if (strcmp(warncomm, current->comm) && warned < 5) {
1647 		strcpy(warncomm, current->comm);
1648 		printk(KERN_WARNING
1649 			"process `%s' is using deprecated sysctl (%s) "
1650 			"net.ipv6.neigh.%s.%s; "
1651 			"Use net.ipv6.neigh.%s.%s_ms "
1652 			"instead.\n",
1653 			warncomm, func,
1654 			dev_name, ctl->procname,
1655 			dev_name, ctl->procname);
1656 		warned++;
1657 	}
1658 }
1659 
1660 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1661 {
1662 	struct net_device *dev = ctl->extra1;
1663 	struct inet6_dev *idev;
1664 	int ret;
1665 
1666 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1667 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1668 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1669 
1670 	if (strcmp(ctl->procname, "retrans_time") == 0)
1671 		ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1672 
1673 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1674 		ret = proc_dointvec_jiffies(ctl, write,
1675 					    filp, buffer, lenp, ppos);
1676 
1677 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1678 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1679 		ret = proc_dointvec_ms_jiffies(ctl, write,
1680 					       filp, buffer, lenp, ppos);
1681 	else
1682 		ret = -1;
1683 
1684 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1685 		if (ctl->data == &idev->nd_parms->base_reachable_time)
1686 			idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1687 		idev->tstamp = jiffies;
1688 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1689 		in6_dev_put(idev);
1690 	}
1691 	return ret;
1692 }
1693 
1694 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1695 					int nlen, void __user *oldval,
1696 					size_t __user *oldlenp,
1697 					void __user *newval, size_t newlen)
1698 {
1699 	struct net_device *dev = ctl->extra1;
1700 	struct inet6_dev *idev;
1701 	int ret;
1702 
1703 	if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1704 	    ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1705 		ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1706 
1707 	switch (ctl->ctl_name) {
1708 	case NET_NEIGH_REACHABLE_TIME:
1709 		ret = sysctl_jiffies(ctl, name, nlen,
1710 				     oldval, oldlenp, newval, newlen);
1711 		break;
1712 	case NET_NEIGH_RETRANS_TIME_MS:
1713 	case NET_NEIGH_REACHABLE_TIME_MS:
1714 		 ret = sysctl_ms_jiffies(ctl, name, nlen,
1715 					 oldval, oldlenp, newval, newlen);
1716 		 break;
1717 	default:
1718 		ret = 0;
1719 	}
1720 
1721 	if (newval && newlen && ret > 0 &&
1722 	    dev && (idev = in6_dev_get(dev)) != NULL) {
1723 		if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1724 		    ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1725 			idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1726 		idev->tstamp = jiffies;
1727 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1728 		in6_dev_put(idev);
1729 	}
1730 
1731 	return ret;
1732 }
1733 
1734 #endif
1735 
1736 int __init ndisc_init(struct net_proto_family *ops)
1737 {
1738 	struct ipv6_pinfo *np;
1739 	struct sock *sk;
1740 	int err;
1741 
1742 	err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1743 	if (err < 0) {
1744 		ND_PRINTK0(KERN_ERR
1745 			   "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1746 			   err);
1747 		ndisc_socket = NULL; /* For safety. */
1748 		return err;
1749 	}
1750 
1751 	sk = ndisc_socket->sk;
1752 	np = inet6_sk(sk);
1753 	sk->sk_allocation = GFP_ATOMIC;
1754 	np->hop_limit = 255;
1755 	/* Do not loopback ndisc messages */
1756 	np->mc_loop = 0;
1757 	sk->sk_prot->unhash(sk);
1758 
1759 	/*
1760 	 * Initialize the neighbour table
1761 	 */
1762 
1763 	neigh_table_init(&nd_tbl);
1764 
1765 #ifdef CONFIG_SYSCTL
1766 	neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1767 			      "ipv6",
1768 			      &ndisc_ifinfo_sysctl_change,
1769 			      &ndisc_ifinfo_sysctl_strategy);
1770 #endif
1771 
1772 	register_netdevice_notifier(&ndisc_netdev_notifier);
1773 	return 0;
1774 }
1775 
1776 void ndisc_cleanup(void)
1777 {
1778 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1779 #ifdef CONFIG_SYSCTL
1780 	neigh_sysctl_unregister(&nd_tbl.parms);
1781 #endif
1782 	neigh_table_clear(&nd_tbl);
1783 	sock_release(ndisc_socket);
1784 	ndisc_socket = NULL; /* For safety. */
1785 }
1786