xref: /openbmc/linux/net/ipv6/ndisc.c (revision 81d67439)
1 /*
2  *	Neighbour Discovery for IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Mike Shaver		<shaver@ingenia.com>
8  *
9  *	This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14 
15 /*
16  *	Changes:
17  *
18  *	Pierre Ynard			:	export userland ND options
19  *						through netlink (RDNSS support)
20  *	Lars Fenneberg			:	fixed MTU setting on receipt
21  *						of an RA.
22  *	Janos Farkas			:	kmalloc failure checks
23  *	Alexey Kuznetsov		:	state machine reworked
24  *						and moved to net/core.
25  *	Pekka Savola			:	RFC2461 validation
26  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
27  */
28 
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31 
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50 
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66 
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72 
73 #include <net/sock.h>
74 #include <net/snmp.h>
75 
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82 
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85 
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90 
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93 
94 static u32 ndisc_hash(const void *pkey,
95 		      const struct net_device *dev,
96 		      __u32 rnd);
97 static int ndisc_constructor(struct neighbour *neigh);
98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100 static int pndisc_constructor(struct pneigh_entry *n);
101 static void pndisc_destructor(struct pneigh_entry *n);
102 static void pndisc_redo(struct sk_buff *skb);
103 
104 static const struct neigh_ops ndisc_generic_ops = {
105 	.family =		AF_INET6,
106 	.solicit =		ndisc_solicit,
107 	.error_report =		ndisc_error_report,
108 	.output =		neigh_resolve_output,
109 	.connected_output =	neigh_connected_output,
110 };
111 
112 static const struct neigh_ops ndisc_hh_ops = {
113 	.family =		AF_INET6,
114 	.solicit =		ndisc_solicit,
115 	.error_report =		ndisc_error_report,
116 	.output =		neigh_resolve_output,
117 	.connected_output =	neigh_resolve_output,
118 };
119 
120 
121 static const struct neigh_ops ndisc_direct_ops = {
122 	.family =		AF_INET6,
123 	.output =		neigh_direct_output,
124 	.connected_output =	neigh_direct_output,
125 };
126 
127 struct neigh_table nd_tbl = {
128 	.family =	AF_INET6,
129 	.entry_size =	sizeof(struct neighbour) + sizeof(struct in6_addr),
130 	.key_len =	sizeof(struct in6_addr),
131 	.hash =		ndisc_hash,
132 	.constructor =	ndisc_constructor,
133 	.pconstructor =	pndisc_constructor,
134 	.pdestructor =	pndisc_destructor,
135 	.proxy_redo =	pndisc_redo,
136 	.id =		"ndisc_cache",
137 	.parms = {
138 		.tbl			= &nd_tbl,
139 		.base_reachable_time	= ND_REACHABLE_TIME,
140 		.retrans_time		= ND_RETRANS_TIMER,
141 		.gc_staletime		= 60 * HZ,
142 		.reachable_time		= ND_REACHABLE_TIME,
143 		.delay_probe_time	= 5 * HZ,
144 		.queue_len		= 3,
145 		.ucast_probes		= 3,
146 		.mcast_probes		= 3,
147 		.anycast_delay		= 1 * HZ,
148 		.proxy_delay		= (8 * HZ) / 10,
149 		.proxy_qlen		= 64,
150 	},
151 	.gc_interval =	  30 * HZ,
152 	.gc_thresh1 =	 128,
153 	.gc_thresh2 =	 512,
154 	.gc_thresh3 =	1024,
155 };
156 
157 /* ND options */
158 struct ndisc_options {
159 	struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160 #ifdef CONFIG_IPV6_ROUTE_INFO
161 	struct nd_opt_hdr *nd_opts_ri;
162 	struct nd_opt_hdr *nd_opts_ri_end;
163 #endif
164 	struct nd_opt_hdr *nd_useropts;
165 	struct nd_opt_hdr *nd_useropts_end;
166 };
167 
168 #define nd_opts_src_lladdr	nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
169 #define nd_opts_tgt_lladdr	nd_opt_array[ND_OPT_TARGET_LL_ADDR]
170 #define nd_opts_pi		nd_opt_array[ND_OPT_PREFIX_INFO]
171 #define nd_opts_pi_end		nd_opt_array[__ND_OPT_PREFIX_INFO_END]
172 #define nd_opts_rh		nd_opt_array[ND_OPT_REDIRECT_HDR]
173 #define nd_opts_mtu		nd_opt_array[ND_OPT_MTU]
174 
175 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
176 
177 /*
178  * Return the padding between the option length and the start of the
179  * link addr.  Currently only IP-over-InfiniBand needs this, although
180  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
181  * also need a pad of 2.
182  */
183 static int ndisc_addr_option_pad(unsigned short type)
184 {
185 	switch (type) {
186 	case ARPHRD_INFINIBAND: return 2;
187 	default:                return 0;
188 	}
189 }
190 
191 static inline int ndisc_opt_addr_space(struct net_device *dev)
192 {
193 	return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
194 }
195 
196 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
197 				  unsigned short addr_type)
198 {
199 	int space = NDISC_OPT_SPACE(data_len);
200 	int pad   = ndisc_addr_option_pad(addr_type);
201 
202 	opt[0] = type;
203 	opt[1] = space>>3;
204 
205 	memset(opt + 2, 0, pad);
206 	opt   += pad;
207 	space -= pad;
208 
209 	memcpy(opt+2, data, data_len);
210 	data_len += 2;
211 	opt += data_len;
212 	if ((space -= data_len) > 0)
213 		memset(opt, 0, space);
214 	return opt + space;
215 }
216 
217 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
218 					    struct nd_opt_hdr *end)
219 {
220 	int type;
221 	if (!cur || !end || cur >= end)
222 		return NULL;
223 	type = cur->nd_opt_type;
224 	do {
225 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
226 	} while(cur < end && cur->nd_opt_type != type);
227 	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
228 }
229 
230 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
231 {
232 	return opt->nd_opt_type == ND_OPT_RDNSS;
233 }
234 
235 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
236 					     struct nd_opt_hdr *end)
237 {
238 	if (!cur || !end || cur >= end)
239 		return NULL;
240 	do {
241 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
242 	} while(cur < end && !ndisc_is_useropt(cur));
243 	return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
244 }
245 
246 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
247 						 struct ndisc_options *ndopts)
248 {
249 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
250 
251 	if (!nd_opt || opt_len < 0 || !ndopts)
252 		return NULL;
253 	memset(ndopts, 0, sizeof(*ndopts));
254 	while (opt_len) {
255 		int l;
256 		if (opt_len < sizeof(struct nd_opt_hdr))
257 			return NULL;
258 		l = nd_opt->nd_opt_len << 3;
259 		if (opt_len < l || l == 0)
260 			return NULL;
261 		switch (nd_opt->nd_opt_type) {
262 		case ND_OPT_SOURCE_LL_ADDR:
263 		case ND_OPT_TARGET_LL_ADDR:
264 		case ND_OPT_MTU:
265 		case ND_OPT_REDIRECT_HDR:
266 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
267 				ND_PRINTK2(KERN_WARNING
268 					   "%s(): duplicated ND6 option found: type=%d\n",
269 					   __func__,
270 					   nd_opt->nd_opt_type);
271 			} else {
272 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
273 			}
274 			break;
275 		case ND_OPT_PREFIX_INFO:
276 			ndopts->nd_opts_pi_end = nd_opt;
277 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
278 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279 			break;
280 #ifdef CONFIG_IPV6_ROUTE_INFO
281 		case ND_OPT_ROUTE_INFO:
282 			ndopts->nd_opts_ri_end = nd_opt;
283 			if (!ndopts->nd_opts_ri)
284 				ndopts->nd_opts_ri = nd_opt;
285 			break;
286 #endif
287 		default:
288 			if (ndisc_is_useropt(nd_opt)) {
289 				ndopts->nd_useropts_end = nd_opt;
290 				if (!ndopts->nd_useropts)
291 					ndopts->nd_useropts = nd_opt;
292 			} else {
293 				/*
294 				 * Unknown options must be silently ignored,
295 				 * to accommodate future extension to the
296 				 * protocol.
297 				 */
298 				ND_PRINTK2(KERN_NOTICE
299 					   "%s(): ignored unsupported option; type=%d, len=%d\n",
300 					   __func__,
301 					   nd_opt->nd_opt_type, nd_opt->nd_opt_len);
302 			}
303 		}
304 		opt_len -= l;
305 		nd_opt = ((void *)nd_opt) + l;
306 	}
307 	return ndopts;
308 }
309 
310 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
311 				      struct net_device *dev)
312 {
313 	u8 *lladdr = (u8 *)(p + 1);
314 	int lladdrlen = p->nd_opt_len << 3;
315 	int prepad = ndisc_addr_option_pad(dev->type);
316 	if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
317 		return NULL;
318 	return lladdr + prepad;
319 }
320 
321 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
322 {
323 	switch (dev->type) {
324 	case ARPHRD_ETHER:
325 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
326 	case ARPHRD_FDDI:
327 		ipv6_eth_mc_map(addr, buf);
328 		return 0;
329 	case ARPHRD_IEEE802_TR:
330 		ipv6_tr_mc_map(addr,buf);
331 		return 0;
332 	case ARPHRD_ARCNET:
333 		ipv6_arcnet_mc_map(addr, buf);
334 		return 0;
335 	case ARPHRD_INFINIBAND:
336 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
337 		return 0;
338 	case ARPHRD_IPGRE:
339 		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
340 	default:
341 		if (dir) {
342 			memcpy(buf, dev->broadcast, dev->addr_len);
343 			return 0;
344 		}
345 	}
346 	return -EINVAL;
347 }
348 
349 EXPORT_SYMBOL(ndisc_mc_map);
350 
351 static u32 ndisc_hash(const void *pkey,
352 		      const struct net_device *dev,
353 		      __u32 hash_rnd)
354 {
355 	const u32 *p32 = pkey;
356 	u32 addr_hash, i;
357 
358 	addr_hash = 0;
359 	for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 		addr_hash ^= *p32++;
361 
362 	return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
363 }
364 
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 	struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 	struct net_device *dev = neigh->dev;
369 	struct inet6_dev *in6_dev;
370 	struct neigh_parms *parms;
371 	int is_multicast = ipv6_addr_is_multicast(addr);
372 
373 	rcu_read_lock();
374 	in6_dev = in6_dev_get(dev);
375 	if (in6_dev == NULL) {
376 		rcu_read_unlock();
377 		return -EINVAL;
378 	}
379 
380 	parms = in6_dev->nd_parms;
381 	__neigh_parms_put(neigh->parms);
382 	neigh->parms = neigh_parms_clone(parms);
383 	rcu_read_unlock();
384 
385 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 	if (!dev->header_ops) {
387 		neigh->nud_state = NUD_NOARP;
388 		neigh->ops = &ndisc_direct_ops;
389 		neigh->output = neigh_direct_output;
390 	} else {
391 		if (is_multicast) {
392 			neigh->nud_state = NUD_NOARP;
393 			ndisc_mc_map(addr, neigh->ha, dev, 1);
394 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 			neigh->nud_state = NUD_NOARP;
396 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 			if (dev->flags&IFF_LOOPBACK)
398 				neigh->type = RTN_LOCAL;
399 		} else if (dev->flags&IFF_POINTOPOINT) {
400 			neigh->nud_state = NUD_NOARP;
401 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 		}
403 		if (dev->header_ops->cache)
404 			neigh->ops = &ndisc_hh_ops;
405 		else
406 			neigh->ops = &ndisc_generic_ops;
407 		if (neigh->nud_state&NUD_VALID)
408 			neigh->output = neigh->ops->connected_output;
409 		else
410 			neigh->output = neigh->ops->output;
411 	}
412 	in6_dev_put(in6_dev);
413 	return 0;
414 }
415 
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 	struct in6_addr *addr = (struct in6_addr*)&n->key;
419 	struct in6_addr maddr;
420 	struct net_device *dev = n->dev;
421 
422 	if (dev == NULL || __in6_dev_get(dev) == NULL)
423 		return -EINVAL;
424 	addrconf_addr_solict_mult(addr, &maddr);
425 	ipv6_dev_mc_inc(dev, &maddr);
426 	return 0;
427 }
428 
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 	struct in6_addr *addr = (struct in6_addr*)&n->key;
432 	struct in6_addr maddr;
433 	struct net_device *dev = n->dev;
434 
435 	if (dev == NULL || __in6_dev_get(dev) == NULL)
436 		return;
437 	addrconf_addr_solict_mult(addr, &maddr);
438 	ipv6_dev_mc_dec(dev, &maddr);
439 }
440 
441 struct sk_buff *ndisc_build_skb(struct net_device *dev,
442 				const struct in6_addr *daddr,
443 				const struct in6_addr *saddr,
444 				struct icmp6hdr *icmp6h,
445 				const struct in6_addr *target,
446 				int llinfo)
447 {
448 	struct net *net = dev_net(dev);
449 	struct sock *sk = net->ipv6.ndisc_sk;
450 	struct sk_buff *skb;
451 	struct icmp6hdr *hdr;
452 	int len;
453 	int err;
454 	u8 *opt;
455 
456 	if (!dev->addr_len)
457 		llinfo = 0;
458 
459 	len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
460 	if (llinfo)
461 		len += ndisc_opt_addr_space(dev);
462 
463 	skb = sock_alloc_send_skb(sk,
464 				  (MAX_HEADER + sizeof(struct ipv6hdr) +
465 				   len + LL_ALLOCATED_SPACE(dev)),
466 				  1, &err);
467 	if (!skb) {
468 		ND_PRINTK0(KERN_ERR
469 			   "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
470 			   __func__, err);
471 		return NULL;
472 	}
473 
474 	skb_reserve(skb, LL_RESERVED_SPACE(dev));
475 	ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
476 
477 	skb->transport_header = skb->tail;
478 	skb_put(skb, len);
479 
480 	hdr = (struct icmp6hdr *)skb_transport_header(skb);
481 	memcpy(hdr, icmp6h, sizeof(*hdr));
482 
483 	opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
484 	if (target) {
485 		ipv6_addr_copy((struct in6_addr *)opt, target);
486 		opt += sizeof(*target);
487 	}
488 
489 	if (llinfo)
490 		ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491 				       dev->addr_len, dev->type);
492 
493 	hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494 					   IPPROTO_ICMPV6,
495 					   csum_partial(hdr,
496 							len, 0));
497 
498 	return skb;
499 }
500 
501 EXPORT_SYMBOL(ndisc_build_skb);
502 
503 void ndisc_send_skb(struct sk_buff *skb,
504 		    struct net_device *dev,
505 		    struct neighbour *neigh,
506 		    const struct in6_addr *daddr,
507 		    const struct in6_addr *saddr,
508 		    struct icmp6hdr *icmp6h)
509 {
510 	struct flowi6 fl6;
511 	struct dst_entry *dst;
512 	struct net *net = dev_net(dev);
513 	struct sock *sk = net->ipv6.ndisc_sk;
514 	struct inet6_dev *idev;
515 	int err;
516 	u8 type;
517 
518 	type = icmp6h->icmp6_type;
519 
520 	icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
521 
522 	dst = icmp6_dst_alloc(dev, neigh, daddr);
523 	if (!dst) {
524 		kfree_skb(skb);
525 		return;
526 	}
527 
528 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
529 	if (IS_ERR(dst)) {
530 		kfree_skb(skb);
531 		return;
532 	}
533 
534 	skb_dst_set(skb, dst);
535 
536 	idev = in6_dev_get(dst->dev);
537 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
538 
539 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
540 		      dst_output);
541 	if (!err) {
542 		ICMP6MSGOUT_INC_STATS(net, idev, type);
543 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
544 	}
545 
546 	if (likely(idev != NULL))
547 		in6_dev_put(idev);
548 }
549 
550 EXPORT_SYMBOL(ndisc_send_skb);
551 
552 /*
553  *	Send a Neighbour Discover packet
554  */
555 static void __ndisc_send(struct net_device *dev,
556 			 struct neighbour *neigh,
557 			 const struct in6_addr *daddr,
558 			 const struct in6_addr *saddr,
559 			 struct icmp6hdr *icmp6h, const struct in6_addr *target,
560 			 int llinfo)
561 {
562 	struct sk_buff *skb;
563 
564 	skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
565 	if (!skb)
566 		return;
567 
568 	ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
569 }
570 
571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572 			  const struct in6_addr *daddr,
573 			  const struct in6_addr *solicited_addr,
574 			  int router, int solicited, int override, int inc_opt)
575 {
576 	struct in6_addr tmpaddr;
577 	struct inet6_ifaddr *ifp;
578 	const struct in6_addr *src_addr;
579 	struct icmp6hdr icmp6h = {
580 		.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
581 	};
582 
583 	/* for anycast or proxy, solicited_addr != src_addr */
584 	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
585 	if (ifp) {
586 		src_addr = solicited_addr;
587 		if (ifp->flags & IFA_F_OPTIMISTIC)
588 			override = 0;
589 		inc_opt |= ifp->idev->cnf.force_tllao;
590 		in6_ifa_put(ifp);
591 	} else {
592 		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
593 				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
594 				       &tmpaddr))
595 			return;
596 		src_addr = &tmpaddr;
597 	}
598 
599 	icmp6h.icmp6_router = router;
600 	icmp6h.icmp6_solicited = solicited;
601 	icmp6h.icmp6_override = override;
602 
603 	__ndisc_send(dev, neigh, daddr, src_addr,
604 		     &icmp6h, solicited_addr,
605 		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
606 }
607 
608 static void ndisc_send_unsol_na(struct net_device *dev)
609 {
610 	struct inet6_dev *idev;
611 	struct inet6_ifaddr *ifa;
612 	struct in6_addr mcaddr;
613 
614 	idev = in6_dev_get(dev);
615 	if (!idev)
616 		return;
617 
618 	read_lock_bh(&idev->lock);
619 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
620 		addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
621 		ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
622 			      /*router=*/ !!idev->cnf.forwarding,
623 			      /*solicited=*/ false, /*override=*/ true,
624 			      /*inc_opt=*/ true);
625 	}
626 	read_unlock_bh(&idev->lock);
627 
628 	in6_dev_put(idev);
629 }
630 
631 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
632 		   const struct in6_addr *solicit,
633 		   const struct in6_addr *daddr, const struct in6_addr *saddr)
634 {
635 	struct in6_addr addr_buf;
636 	struct icmp6hdr icmp6h = {
637 		.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
638 	};
639 
640 	if (saddr == NULL) {
641 		if (ipv6_get_lladdr(dev, &addr_buf,
642 				   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
643 			return;
644 		saddr = &addr_buf;
645 	}
646 
647 	__ndisc_send(dev, neigh, daddr, saddr,
648 		     &icmp6h, solicit,
649 		     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
650 }
651 
652 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
653 		   const struct in6_addr *daddr)
654 {
655 	struct icmp6hdr icmp6h = {
656 		.icmp6_type = NDISC_ROUTER_SOLICITATION,
657 	};
658 	int send_sllao = dev->addr_len;
659 
660 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
661 	/*
662 	 * According to section 2.2 of RFC 4429, we must not
663 	 * send router solicitations with a sllao from
664 	 * optimistic addresses, but we may send the solicitation
665 	 * if we don't include the sllao.  So here we check
666 	 * if our address is optimistic, and if so, we
667 	 * suppress the inclusion of the sllao.
668 	 */
669 	if (send_sllao) {
670 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
671 							   dev, 1);
672 		if (ifp) {
673 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
674 				send_sllao = 0;
675 			}
676 			in6_ifa_put(ifp);
677 		} else {
678 			send_sllao = 0;
679 		}
680 	}
681 #endif
682 	__ndisc_send(dev, NULL, daddr, saddr,
683 		     &icmp6h, NULL,
684 		     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
685 }
686 
687 
688 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
689 {
690 	/*
691 	 *	"The sender MUST return an ICMP
692 	 *	 destination unreachable"
693 	 */
694 	dst_link_failure(skb);
695 	kfree_skb(skb);
696 }
697 
698 /* Called with locked neigh: either read or both */
699 
700 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
701 {
702 	struct in6_addr *saddr = NULL;
703 	struct in6_addr mcaddr;
704 	struct net_device *dev = neigh->dev;
705 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
706 	int probes = atomic_read(&neigh->probes);
707 
708 	if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
709 		saddr = &ipv6_hdr(skb)->saddr;
710 
711 	if ((probes -= neigh->parms->ucast_probes) < 0) {
712 		if (!(neigh->nud_state & NUD_VALID)) {
713 			ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
714 				   __func__, target);
715 		}
716 		ndisc_send_ns(dev, neigh, target, target, saddr);
717 	} else if ((probes -= neigh->parms->app_probes) < 0) {
718 #ifdef CONFIG_ARPD
719 		neigh_app_ns(neigh);
720 #endif
721 	} else {
722 		addrconf_addr_solict_mult(target, &mcaddr);
723 		ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
724 	}
725 }
726 
727 static int pndisc_is_router(const void *pkey,
728 			    struct net_device *dev)
729 {
730 	struct pneigh_entry *n;
731 	int ret = -1;
732 
733 	read_lock_bh(&nd_tbl.lock);
734 	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
735 	if (n)
736 		ret = !!(n->flags & NTF_ROUTER);
737 	read_unlock_bh(&nd_tbl.lock);
738 
739 	return ret;
740 }
741 
742 static void ndisc_recv_ns(struct sk_buff *skb)
743 {
744 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
745 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
746 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
747 	u8 *lladdr = NULL;
748 	u32 ndoptlen = skb->tail - (skb->transport_header +
749 				    offsetof(struct nd_msg, opt));
750 	struct ndisc_options ndopts;
751 	struct net_device *dev = skb->dev;
752 	struct inet6_ifaddr *ifp;
753 	struct inet6_dev *idev = NULL;
754 	struct neighbour *neigh;
755 	int dad = ipv6_addr_any(saddr);
756 	int inc;
757 	int is_router = -1;
758 
759 	if (ipv6_addr_is_multicast(&msg->target)) {
760 		ND_PRINTK2(KERN_WARNING
761 			   "ICMPv6 NS: multicast target address");
762 		return;
763 	}
764 
765 	/*
766 	 * RFC2461 7.1.1:
767 	 * DAD has to be destined for solicited node multicast address.
768 	 */
769 	if (dad &&
770 	    !(daddr->s6_addr32[0] == htonl(0xff020000) &&
771 	      daddr->s6_addr32[1] == htonl(0x00000000) &&
772 	      daddr->s6_addr32[2] == htonl(0x00000001) &&
773 	      daddr->s6_addr [12] == 0xff )) {
774 		ND_PRINTK2(KERN_WARNING
775 			   "ICMPv6 NS: bad DAD packet (wrong destination)\n");
776 		return;
777 	}
778 
779 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
780 		ND_PRINTK2(KERN_WARNING
781 			   "ICMPv6 NS: invalid ND options\n");
782 		return;
783 	}
784 
785 	if (ndopts.nd_opts_src_lladdr) {
786 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
787 		if (!lladdr) {
788 			ND_PRINTK2(KERN_WARNING
789 				   "ICMPv6 NS: invalid link-layer address length\n");
790 			return;
791 		}
792 
793 		/* RFC2461 7.1.1:
794 		 *	If the IP source address is the unspecified address,
795 		 *	there MUST NOT be source link-layer address option
796 		 *	in the message.
797 		 */
798 		if (dad) {
799 			ND_PRINTK2(KERN_WARNING
800 				   "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
801 			return;
802 		}
803 	}
804 
805 	inc = ipv6_addr_is_multicast(daddr);
806 
807 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
808 	if (ifp) {
809 
810 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
811 			if (dad) {
812 				if (dev->type == ARPHRD_IEEE802_TR) {
813 					const unsigned char *sadr;
814 					sadr = skb_mac_header(skb);
815 					if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
816 					    sadr[9] == dev->dev_addr[1] &&
817 					    sadr[10] == dev->dev_addr[2] &&
818 					    sadr[11] == dev->dev_addr[3] &&
819 					    sadr[12] == dev->dev_addr[4] &&
820 					    sadr[13] == dev->dev_addr[5]) {
821 						/* looped-back to us */
822 						goto out;
823 					}
824 				}
825 
826 				/*
827 				 * We are colliding with another node
828 				 * who is doing DAD
829 				 * so fail our DAD process
830 				 */
831 				addrconf_dad_failure(ifp);
832 				return;
833 			} else {
834 				/*
835 				 * This is not a dad solicitation.
836 				 * If we are an optimistic node,
837 				 * we should respond.
838 				 * Otherwise, we should ignore it.
839 				 */
840 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
841 					goto out;
842 			}
843 		}
844 
845 		idev = ifp->idev;
846 	} else {
847 		struct net *net = dev_net(dev);
848 
849 		idev = in6_dev_get(dev);
850 		if (!idev) {
851 			/* XXX: count this drop? */
852 			return;
853 		}
854 
855 		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
856 		    (idev->cnf.forwarding &&
857 		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
858 		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
859 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
860 			    skb->pkt_type != PACKET_HOST &&
861 			    inc != 0 &&
862 			    idev->nd_parms->proxy_delay != 0) {
863 				/*
864 				 * for anycast or proxy,
865 				 * sender should delay its response
866 				 * by a random time between 0 and
867 				 * MAX_ANYCAST_DELAY_TIME seconds.
868 				 * (RFC2461) -- yoshfuji
869 				 */
870 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
871 				if (n)
872 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
873 				goto out;
874 			}
875 		} else
876 			goto out;
877 	}
878 
879 	if (is_router < 0)
880 		is_router = !!idev->cnf.forwarding;
881 
882 	if (dad) {
883 		ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
884 			      is_router, 0, (ifp != NULL), 1);
885 		goto out;
886 	}
887 
888 	if (inc)
889 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
890 	else
891 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
892 
893 	/*
894 	 *	update / create cache entry
895 	 *	for the source address
896 	 */
897 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
898 			       !inc || lladdr || !dev->addr_len);
899 	if (neigh)
900 		neigh_update(neigh, lladdr, NUD_STALE,
901 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
902 			     NEIGH_UPDATE_F_OVERRIDE);
903 	if (neigh || !dev->header_ops) {
904 		ndisc_send_na(dev, neigh, saddr, &msg->target,
905 			      is_router,
906 			      1, (ifp != NULL && inc), inc);
907 		if (neigh)
908 			neigh_release(neigh);
909 	}
910 
911 out:
912 	if (ifp)
913 		in6_ifa_put(ifp);
914 	else
915 		in6_dev_put(idev);
916 }
917 
918 static void ndisc_recv_na(struct sk_buff *skb)
919 {
920 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
921 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
922 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
923 	u8 *lladdr = NULL;
924 	u32 ndoptlen = skb->tail - (skb->transport_header +
925 				    offsetof(struct nd_msg, opt));
926 	struct ndisc_options ndopts;
927 	struct net_device *dev = skb->dev;
928 	struct inet6_ifaddr *ifp;
929 	struct neighbour *neigh;
930 
931 	if (skb->len < sizeof(struct nd_msg)) {
932 		ND_PRINTK2(KERN_WARNING
933 			   "ICMPv6 NA: packet too short\n");
934 		return;
935 	}
936 
937 	if (ipv6_addr_is_multicast(&msg->target)) {
938 		ND_PRINTK2(KERN_WARNING
939 			   "ICMPv6 NA: target address is multicast.\n");
940 		return;
941 	}
942 
943 	if (ipv6_addr_is_multicast(daddr) &&
944 	    msg->icmph.icmp6_solicited) {
945 		ND_PRINTK2(KERN_WARNING
946 			   "ICMPv6 NA: solicited NA is multicasted.\n");
947 		return;
948 	}
949 
950 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
951 		ND_PRINTK2(KERN_WARNING
952 			   "ICMPv6 NS: invalid ND option\n");
953 		return;
954 	}
955 	if (ndopts.nd_opts_tgt_lladdr) {
956 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
957 		if (!lladdr) {
958 			ND_PRINTK2(KERN_WARNING
959 				   "ICMPv6 NA: invalid link-layer address length\n");
960 			return;
961 		}
962 	}
963 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
964 	if (ifp) {
965 		if (skb->pkt_type != PACKET_LOOPBACK
966 		    && (ifp->flags & IFA_F_TENTATIVE)) {
967 				addrconf_dad_failure(ifp);
968 				return;
969 		}
970 		/* What should we make now? The advertisement
971 		   is invalid, but ndisc specs say nothing
972 		   about it. It could be misconfiguration, or
973 		   an smart proxy agent tries to help us :-)
974 
975 		   We should not print the error if NA has been
976 		   received from loopback - it is just our own
977 		   unsolicited advertisement.
978 		 */
979 		if (skb->pkt_type != PACKET_LOOPBACK)
980 			ND_PRINTK1(KERN_WARNING
981 			   "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
982 			   &ifp->addr, ifp->idev->dev->name);
983 		in6_ifa_put(ifp);
984 		return;
985 	}
986 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
987 
988 	if (neigh) {
989 		u8 old_flags = neigh->flags;
990 		struct net *net = dev_net(dev);
991 
992 		if (neigh->nud_state & NUD_FAILED)
993 			goto out;
994 
995 		/*
996 		 * Don't update the neighbor cache entry on a proxy NA from
997 		 * ourselves because either the proxied node is off link or it
998 		 * has already sent a NA to us.
999 		 */
1000 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1001 		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1002 		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1003 			/* XXX: idev->cnf.prixy_ndp */
1004 			goto out;
1005 		}
1006 
1007 		neigh_update(neigh, lladdr,
1008 			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1009 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1011 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1012 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1013 
1014 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1015 			/*
1016 			 * Change: router to host
1017 			 */
1018 			struct rt6_info *rt;
1019 			rt = rt6_get_dflt_router(saddr, dev);
1020 			if (rt)
1021 				ip6_del_rt(rt);
1022 		}
1023 
1024 out:
1025 		neigh_release(neigh);
1026 	}
1027 }
1028 
1029 static void ndisc_recv_rs(struct sk_buff *skb)
1030 {
1031 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1032 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1033 	struct neighbour *neigh;
1034 	struct inet6_dev *idev;
1035 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1036 	struct ndisc_options ndopts;
1037 	u8 *lladdr = NULL;
1038 
1039 	if (skb->len < sizeof(*rs_msg))
1040 		return;
1041 
1042 	idev = in6_dev_get(skb->dev);
1043 	if (!idev) {
1044 		if (net_ratelimit())
1045 			ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1046 		return;
1047 	}
1048 
1049 	/* Don't accept RS if we're not in router mode */
1050 	if (!idev->cnf.forwarding)
1051 		goto out;
1052 
1053 	/*
1054 	 * Don't update NCE if src = ::;
1055 	 * this implies that the source node has no ip address assigned yet.
1056 	 */
1057 	if (ipv6_addr_any(saddr))
1058 		goto out;
1059 
1060 	/* Parse ND options */
1061 	if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1062 		if (net_ratelimit())
1063 			ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1064 		goto out;
1065 	}
1066 
1067 	if (ndopts.nd_opts_src_lladdr) {
1068 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1069 					     skb->dev);
1070 		if (!lladdr)
1071 			goto out;
1072 	}
1073 
1074 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1075 	if (neigh) {
1076 		neigh_update(neigh, lladdr, NUD_STALE,
1077 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1078 			     NEIGH_UPDATE_F_OVERRIDE|
1079 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1080 		neigh_release(neigh);
1081 	}
1082 out:
1083 	in6_dev_put(idev);
1084 }
1085 
1086 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1087 {
1088 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1089 	struct sk_buff *skb;
1090 	struct nlmsghdr *nlh;
1091 	struct nduseroptmsg *ndmsg;
1092 	struct net *net = dev_net(ra->dev);
1093 	int err;
1094 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1095 				    + (opt->nd_opt_len << 3));
1096 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1097 
1098 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1099 	if (skb == NULL) {
1100 		err = -ENOBUFS;
1101 		goto errout;
1102 	}
1103 
1104 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1105 	if (nlh == NULL) {
1106 		goto nla_put_failure;
1107 	}
1108 
1109 	ndmsg = nlmsg_data(nlh);
1110 	ndmsg->nduseropt_family = AF_INET6;
1111 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1112 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1113 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1114 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1115 
1116 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1117 
1118 	NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1119 		&ipv6_hdr(ra)->saddr);
1120 	nlmsg_end(skb, nlh);
1121 
1122 	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1123 	return;
1124 
1125 nla_put_failure:
1126 	nlmsg_free(skb);
1127 	err = -EMSGSIZE;
1128 errout:
1129 	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1130 }
1131 
1132 static inline int accept_ra(struct inet6_dev *in6_dev)
1133 {
1134 	/*
1135 	 * If forwarding is enabled, RA are not accepted unless the special
1136 	 * hybrid mode (accept_ra=2) is enabled.
1137 	 */
1138 	if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1139 		return 0;
1140 
1141 	return in6_dev->cnf.accept_ra;
1142 }
1143 
1144 static void ndisc_router_discovery(struct sk_buff *skb)
1145 {
1146 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1147 	struct neighbour *neigh = NULL;
1148 	struct inet6_dev *in6_dev;
1149 	struct rt6_info *rt = NULL;
1150 	int lifetime;
1151 	struct ndisc_options ndopts;
1152 	int optlen;
1153 	unsigned int pref = 0;
1154 
1155 	__u8 * opt = (__u8 *)(ra_msg + 1);
1156 
1157 	optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1158 
1159 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1160 		ND_PRINTK2(KERN_WARNING
1161 			   "ICMPv6 RA: source address is not link-local.\n");
1162 		return;
1163 	}
1164 	if (optlen < 0) {
1165 		ND_PRINTK2(KERN_WARNING
1166 			   "ICMPv6 RA: packet too short\n");
1167 		return;
1168 	}
1169 
1170 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 		ND_PRINTK2(KERN_WARNING
1173 			   "ICMPv6 RA: from host or unauthorized router\n");
1174 		return;
1175 	}
1176 #endif
1177 
1178 	/*
1179 	 *	set the RA_RECV flag in the interface
1180 	 */
1181 
1182 	in6_dev = in6_dev_get(skb->dev);
1183 	if (in6_dev == NULL) {
1184 		ND_PRINTK0(KERN_ERR
1185 			   "ICMPv6 RA: can't find inet6 device for %s.\n",
1186 			   skb->dev->name);
1187 		return;
1188 	}
1189 
1190 	if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1191 		in6_dev_put(in6_dev);
1192 		ND_PRINTK2(KERN_WARNING
1193 			   "ICMP6 RA: invalid ND options\n");
1194 		return;
1195 	}
1196 
1197 	if (!accept_ra(in6_dev))
1198 		goto skip_linkparms;
1199 
1200 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1201 	/* skip link-specific parameters from interior routers */
1202 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1203 		goto skip_linkparms;
1204 #endif
1205 
1206 	if (in6_dev->if_flags & IF_RS_SENT) {
1207 		/*
1208 		 *	flag that an RA was received after an RS was sent
1209 		 *	out on this interface.
1210 		 */
1211 		in6_dev->if_flags |= IF_RA_RCVD;
1212 	}
1213 
1214 	/*
1215 	 * Remember the managed/otherconf flags from most recently
1216 	 * received RA message (RFC 2462) -- yoshfuji
1217 	 */
1218 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1219 				IF_RA_OTHERCONF)) |
1220 				(ra_msg->icmph.icmp6_addrconf_managed ?
1221 					IF_RA_MANAGED : 0) |
1222 				(ra_msg->icmph.icmp6_addrconf_other ?
1223 					IF_RA_OTHERCONF : 0);
1224 
1225 	if (!in6_dev->cnf.accept_ra_defrtr)
1226 		goto skip_defrtr;
1227 
1228 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1229 
1230 #ifdef CONFIG_IPV6_ROUTER_PREF
1231 	pref = ra_msg->icmph.icmp6_router_pref;
1232 	/* 10b is handled as if it were 00b (medium) */
1233 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1234 	    !in6_dev->cnf.accept_ra_rtr_pref)
1235 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1236 #endif
1237 
1238 	rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1239 
1240 	if (rt)
1241 		neigh = dst_get_neighbour(&rt->dst);
1242 
1243 	if (rt && lifetime == 0) {
1244 		neigh_clone(neigh);
1245 		ip6_del_rt(rt);
1246 		rt = NULL;
1247 	}
1248 
1249 	if (rt == NULL && lifetime) {
1250 		ND_PRINTK3(KERN_DEBUG
1251 			   "ICMPv6 RA: adding default router.\n");
1252 
1253 		rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1254 		if (rt == NULL) {
1255 			ND_PRINTK0(KERN_ERR
1256 				   "ICMPv6 RA: %s() failed to add default route.\n",
1257 				   __func__);
1258 			in6_dev_put(in6_dev);
1259 			return;
1260 		}
1261 
1262 		neigh = dst_get_neighbour(&rt->dst);
1263 		if (neigh == NULL) {
1264 			ND_PRINTK0(KERN_ERR
1265 				   "ICMPv6 RA: %s() got default router without neighbour.\n",
1266 				   __func__);
1267 			dst_release(&rt->dst);
1268 			in6_dev_put(in6_dev);
1269 			return;
1270 		}
1271 		neigh->flags |= NTF_ROUTER;
1272 	} else if (rt) {
1273 		rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1274 	}
1275 
1276 	if (rt)
1277 		rt->rt6i_expires = jiffies + (HZ * lifetime);
1278 
1279 	if (ra_msg->icmph.icmp6_hop_limit) {
1280 		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1281 		if (rt)
1282 			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1283 				       ra_msg->icmph.icmp6_hop_limit);
1284 	}
1285 
1286 skip_defrtr:
1287 
1288 	/*
1289 	 *	Update Reachable Time and Retrans Timer
1290 	 */
1291 
1292 	if (in6_dev->nd_parms) {
1293 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1294 
1295 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1296 			rtime = (rtime*HZ)/1000;
1297 			if (rtime < HZ/10)
1298 				rtime = HZ/10;
1299 			in6_dev->nd_parms->retrans_time = rtime;
1300 			in6_dev->tstamp = jiffies;
1301 			inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1302 		}
1303 
1304 		rtime = ntohl(ra_msg->reachable_time);
1305 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1306 			rtime = (rtime*HZ)/1000;
1307 
1308 			if (rtime < HZ/10)
1309 				rtime = HZ/10;
1310 
1311 			if (rtime != in6_dev->nd_parms->base_reachable_time) {
1312 				in6_dev->nd_parms->base_reachable_time = rtime;
1313 				in6_dev->nd_parms->gc_staletime = 3 * rtime;
1314 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1315 				in6_dev->tstamp = jiffies;
1316 				inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1317 			}
1318 		}
1319 	}
1320 
1321 skip_linkparms:
1322 
1323 	/*
1324 	 *	Process options.
1325 	 */
1326 
1327 	if (!neigh)
1328 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1329 				       skb->dev, 1);
1330 	if (neigh) {
1331 		u8 *lladdr = NULL;
1332 		if (ndopts.nd_opts_src_lladdr) {
1333 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1334 						     skb->dev);
1335 			if (!lladdr) {
1336 				ND_PRINTK2(KERN_WARNING
1337 					   "ICMPv6 RA: invalid link-layer address length\n");
1338 				goto out;
1339 			}
1340 		}
1341 		neigh_update(neigh, lladdr, NUD_STALE,
1342 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1343 			     NEIGH_UPDATE_F_OVERRIDE|
1344 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1345 			     NEIGH_UPDATE_F_ISROUTER);
1346 	}
1347 
1348 	if (!accept_ra(in6_dev))
1349 		goto out;
1350 
1351 #ifdef CONFIG_IPV6_ROUTE_INFO
1352 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1353 		struct nd_opt_hdr *p;
1354 		for (p = ndopts.nd_opts_ri;
1355 		     p;
1356 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1357 			struct route_info *ri = (struct route_info *)p;
1358 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1359 			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1360 			    ri->prefix_len == 0)
1361 				continue;
1362 #endif
1363 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1364 				continue;
1365 			rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1366 				      &ipv6_hdr(skb)->saddr);
1367 		}
1368 	}
1369 #endif
1370 
1371 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1372 	/* skip link-specific ndopts from interior routers */
1373 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1374 		goto out;
1375 #endif
1376 
1377 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1378 		struct nd_opt_hdr *p;
1379 		for (p = ndopts.nd_opts_pi;
1380 		     p;
1381 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1382 			addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1383 		}
1384 	}
1385 
1386 	if (ndopts.nd_opts_mtu) {
1387 		__be32 n;
1388 		u32 mtu;
1389 
1390 		memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1391 		mtu = ntohl(n);
1392 
1393 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1394 			ND_PRINTK2(KERN_WARNING
1395 				   "ICMPv6 RA: invalid mtu: %d\n",
1396 				   mtu);
1397 		} else if (in6_dev->cnf.mtu6 != mtu) {
1398 			in6_dev->cnf.mtu6 = mtu;
1399 
1400 			if (rt)
1401 				dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1402 
1403 			rt6_mtu_change(skb->dev, mtu);
1404 		}
1405 	}
1406 
1407 	if (ndopts.nd_useropts) {
1408 		struct nd_opt_hdr *p;
1409 		for (p = ndopts.nd_useropts;
1410 		     p;
1411 		     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1412 			ndisc_ra_useropt(skb, p);
1413 		}
1414 	}
1415 
1416 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1417 		ND_PRINTK2(KERN_WARNING
1418 			   "ICMPv6 RA: invalid RA options");
1419 	}
1420 out:
1421 	if (rt)
1422 		dst_release(&rt->dst);
1423 	else if (neigh)
1424 		neigh_release(neigh);
1425 	in6_dev_put(in6_dev);
1426 }
1427 
1428 static void ndisc_redirect_rcv(struct sk_buff *skb)
1429 {
1430 	struct inet6_dev *in6_dev;
1431 	struct icmp6hdr *icmph;
1432 	const struct in6_addr *dest;
1433 	const struct in6_addr *target;	/* new first hop to destination */
1434 	struct neighbour *neigh;
1435 	int on_link = 0;
1436 	struct ndisc_options ndopts;
1437 	int optlen;
1438 	u8 *lladdr = NULL;
1439 
1440 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1441 	switch (skb->ndisc_nodetype) {
1442 	case NDISC_NODETYPE_HOST:
1443 	case NDISC_NODETYPE_NODEFAULT:
1444 		ND_PRINTK2(KERN_WARNING
1445 			   "ICMPv6 Redirect: from host or unauthorized router\n");
1446 		return;
1447 	}
1448 #endif
1449 
1450 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1451 		ND_PRINTK2(KERN_WARNING
1452 			   "ICMPv6 Redirect: source address is not link-local.\n");
1453 		return;
1454 	}
1455 
1456 	optlen = skb->tail - skb->transport_header;
1457 	optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1458 
1459 	if (optlen < 0) {
1460 		ND_PRINTK2(KERN_WARNING
1461 			   "ICMPv6 Redirect: packet too short\n");
1462 		return;
1463 	}
1464 
1465 	icmph = icmp6_hdr(skb);
1466 	target = (const struct in6_addr *) (icmph + 1);
1467 	dest = target + 1;
1468 
1469 	if (ipv6_addr_is_multicast(dest)) {
1470 		ND_PRINTK2(KERN_WARNING
1471 			   "ICMPv6 Redirect: destination address is multicast.\n");
1472 		return;
1473 	}
1474 
1475 	if (ipv6_addr_equal(dest, target)) {
1476 		on_link = 1;
1477 	} else if (ipv6_addr_type(target) !=
1478 		   (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1479 		ND_PRINTK2(KERN_WARNING
1480 			   "ICMPv6 Redirect: target address is not link-local unicast.\n");
1481 		return;
1482 	}
1483 
1484 	in6_dev = in6_dev_get(skb->dev);
1485 	if (!in6_dev)
1486 		return;
1487 	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1488 		in6_dev_put(in6_dev);
1489 		return;
1490 	}
1491 
1492 	/* RFC2461 8.1:
1493 	 *	The IP source address of the Redirect MUST be the same as the current
1494 	 *	first-hop router for the specified ICMP Destination Address.
1495 	 */
1496 
1497 	if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1498 		ND_PRINTK2(KERN_WARNING
1499 			   "ICMPv6 Redirect: invalid ND options\n");
1500 		in6_dev_put(in6_dev);
1501 		return;
1502 	}
1503 	if (ndopts.nd_opts_tgt_lladdr) {
1504 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1505 					     skb->dev);
1506 		if (!lladdr) {
1507 			ND_PRINTK2(KERN_WARNING
1508 				   "ICMPv6 Redirect: invalid link-layer address length\n");
1509 			in6_dev_put(in6_dev);
1510 			return;
1511 		}
1512 	}
1513 
1514 	neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1515 	if (neigh) {
1516 		rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1517 			     &ipv6_hdr(skb)->saddr, neigh, lladdr,
1518 			     on_link);
1519 		neigh_release(neigh);
1520 	}
1521 	in6_dev_put(in6_dev);
1522 }
1523 
1524 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1525 			 const struct in6_addr *target)
1526 {
1527 	struct net_device *dev = skb->dev;
1528 	struct net *net = dev_net(dev);
1529 	struct sock *sk = net->ipv6.ndisc_sk;
1530 	int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1531 	struct sk_buff *buff;
1532 	struct icmp6hdr *icmph;
1533 	struct in6_addr saddr_buf;
1534 	struct in6_addr *addrp;
1535 	struct rt6_info *rt;
1536 	struct dst_entry *dst;
1537 	struct inet6_dev *idev;
1538 	struct flowi6 fl6;
1539 	u8 *opt;
1540 	int rd_len;
1541 	int err;
1542 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1543 
1544 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1545 		ND_PRINTK2(KERN_WARNING
1546 			   "ICMPv6 Redirect: no link-local address on %s\n",
1547 			   dev->name);
1548 		return;
1549 	}
1550 
1551 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1552 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1553 		ND_PRINTK2(KERN_WARNING
1554 			"ICMPv6 Redirect: target address is not link-local unicast.\n");
1555 		return;
1556 	}
1557 
1558 	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1559 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1560 
1561 	dst = ip6_route_output(net, NULL, &fl6);
1562 	if (dst == NULL)
1563 		return;
1564 
1565 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1566 	if (IS_ERR(dst))
1567 		return;
1568 
1569 	rt = (struct rt6_info *) dst;
1570 
1571 	if (rt->rt6i_flags & RTF_GATEWAY) {
1572 		ND_PRINTK2(KERN_WARNING
1573 			   "ICMPv6 Redirect: destination is not a neighbour.\n");
1574 		goto release;
1575 	}
1576 	if (!rt->rt6i_peer)
1577 		rt6_bind_peer(rt, 1);
1578 	if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1579 		goto release;
1580 
1581 	if (dev->addr_len) {
1582 		read_lock_bh(&neigh->lock);
1583 		if (neigh->nud_state & NUD_VALID) {
1584 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1585 			read_unlock_bh(&neigh->lock);
1586 			ha = ha_buf;
1587 			len += ndisc_opt_addr_space(dev);
1588 		} else
1589 			read_unlock_bh(&neigh->lock);
1590 	}
1591 
1592 	rd_len = min_t(unsigned int,
1593 		     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1594 	rd_len &= ~0x7;
1595 	len += rd_len;
1596 
1597 	buff = sock_alloc_send_skb(sk,
1598 				   (MAX_HEADER + sizeof(struct ipv6hdr) +
1599 				    len + LL_ALLOCATED_SPACE(dev)),
1600 				   1, &err);
1601 	if (buff == NULL) {
1602 		ND_PRINTK0(KERN_ERR
1603 			   "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1604 			   __func__, err);
1605 		goto release;
1606 	}
1607 
1608 	skb_reserve(buff, LL_RESERVED_SPACE(dev));
1609 	ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1610 		   IPPROTO_ICMPV6, len);
1611 
1612 	skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1613 	skb_put(buff, len);
1614 	icmph = icmp6_hdr(buff);
1615 
1616 	memset(icmph, 0, sizeof(struct icmp6hdr));
1617 	icmph->icmp6_type = NDISC_REDIRECT;
1618 
1619 	/*
1620 	 *	copy target and destination addresses
1621 	 */
1622 
1623 	addrp = (struct in6_addr *)(icmph + 1);
1624 	ipv6_addr_copy(addrp, target);
1625 	addrp++;
1626 	ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1627 
1628 	opt = (u8*) (addrp + 1);
1629 
1630 	/*
1631 	 *	include target_address option
1632 	 */
1633 
1634 	if (ha)
1635 		opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1636 					     dev->addr_len, dev->type);
1637 
1638 	/*
1639 	 *	build redirect option and copy skb over to the new packet.
1640 	 */
1641 
1642 	memset(opt, 0, 8);
1643 	*(opt++) = ND_OPT_REDIRECT_HDR;
1644 	*(opt++) = (rd_len >> 3);
1645 	opt += 6;
1646 
1647 	memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1648 
1649 	icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1650 					     len, IPPROTO_ICMPV6,
1651 					     csum_partial(icmph, len, 0));
1652 
1653 	skb_dst_set(buff, dst);
1654 	idev = in6_dev_get(dst->dev);
1655 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1656 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1657 		      dst_output);
1658 	if (!err) {
1659 		ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1660 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1661 	}
1662 
1663 	if (likely(idev != NULL))
1664 		in6_dev_put(idev);
1665 	return;
1666 
1667 release:
1668 	dst_release(dst);
1669 }
1670 
1671 static void pndisc_redo(struct sk_buff *skb)
1672 {
1673 	ndisc_recv_ns(skb);
1674 	kfree_skb(skb);
1675 }
1676 
1677 int ndisc_rcv(struct sk_buff *skb)
1678 {
1679 	struct nd_msg *msg;
1680 
1681 	if (!pskb_may_pull(skb, skb->len))
1682 		return 0;
1683 
1684 	msg = (struct nd_msg *)skb_transport_header(skb);
1685 
1686 	__skb_push(skb, skb->data - skb_transport_header(skb));
1687 
1688 	if (ipv6_hdr(skb)->hop_limit != 255) {
1689 		ND_PRINTK2(KERN_WARNING
1690 			   "ICMPv6 NDISC: invalid hop-limit: %d\n",
1691 			   ipv6_hdr(skb)->hop_limit);
1692 		return 0;
1693 	}
1694 
1695 	if (msg->icmph.icmp6_code != 0) {
1696 		ND_PRINTK2(KERN_WARNING
1697 			   "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1698 			   msg->icmph.icmp6_code);
1699 		return 0;
1700 	}
1701 
1702 	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1703 
1704 	switch (msg->icmph.icmp6_type) {
1705 	case NDISC_NEIGHBOUR_SOLICITATION:
1706 		ndisc_recv_ns(skb);
1707 		break;
1708 
1709 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1710 		ndisc_recv_na(skb);
1711 		break;
1712 
1713 	case NDISC_ROUTER_SOLICITATION:
1714 		ndisc_recv_rs(skb);
1715 		break;
1716 
1717 	case NDISC_ROUTER_ADVERTISEMENT:
1718 		ndisc_router_discovery(skb);
1719 		break;
1720 
1721 	case NDISC_REDIRECT:
1722 		ndisc_redirect_rcv(skb);
1723 		break;
1724 	}
1725 
1726 	return 0;
1727 }
1728 
1729 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1730 {
1731 	struct net_device *dev = ptr;
1732 	struct net *net = dev_net(dev);
1733 
1734 	switch (event) {
1735 	case NETDEV_CHANGEADDR:
1736 		neigh_changeaddr(&nd_tbl, dev);
1737 		fib6_run_gc(~0UL, net);
1738 		break;
1739 	case NETDEV_DOWN:
1740 		neigh_ifdown(&nd_tbl, dev);
1741 		fib6_run_gc(~0UL, net);
1742 		break;
1743 	case NETDEV_NOTIFY_PEERS:
1744 		ndisc_send_unsol_na(dev);
1745 		break;
1746 	default:
1747 		break;
1748 	}
1749 
1750 	return NOTIFY_DONE;
1751 }
1752 
1753 static struct notifier_block ndisc_netdev_notifier = {
1754 	.notifier_call = ndisc_netdev_event,
1755 };
1756 
1757 #ifdef CONFIG_SYSCTL
1758 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1759 					 const char *func, const char *dev_name)
1760 {
1761 	static char warncomm[TASK_COMM_LEN];
1762 	static int warned;
1763 	if (strcmp(warncomm, current->comm) && warned < 5) {
1764 		strcpy(warncomm, current->comm);
1765 		printk(KERN_WARNING
1766 			"process `%s' is using deprecated sysctl (%s) "
1767 			"net.ipv6.neigh.%s.%s; "
1768 			"Use net.ipv6.neigh.%s.%s_ms "
1769 			"instead.\n",
1770 			warncomm, func,
1771 			dev_name, ctl->procname,
1772 			dev_name, ctl->procname);
1773 		warned++;
1774 	}
1775 }
1776 
1777 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1778 {
1779 	struct net_device *dev = ctl->extra1;
1780 	struct inet6_dev *idev;
1781 	int ret;
1782 
1783 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1784 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1785 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1786 
1787 	if (strcmp(ctl->procname, "retrans_time") == 0)
1788 		ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1789 
1790 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1791 		ret = proc_dointvec_jiffies(ctl, write,
1792 					    buffer, lenp, ppos);
1793 
1794 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1795 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1796 		ret = proc_dointvec_ms_jiffies(ctl, write,
1797 					       buffer, lenp, ppos);
1798 	else
1799 		ret = -1;
1800 
1801 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1802 		if (ctl->data == &idev->nd_parms->base_reachable_time)
1803 			idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1804 		idev->tstamp = jiffies;
1805 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1806 		in6_dev_put(idev);
1807 	}
1808 	return ret;
1809 }
1810 
1811 
1812 #endif
1813 
1814 static int __net_init ndisc_net_init(struct net *net)
1815 {
1816 	struct ipv6_pinfo *np;
1817 	struct sock *sk;
1818 	int err;
1819 
1820 	err = inet_ctl_sock_create(&sk, PF_INET6,
1821 				   SOCK_RAW, IPPROTO_ICMPV6, net);
1822 	if (err < 0) {
1823 		ND_PRINTK0(KERN_ERR
1824 			   "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1825 			   err);
1826 		return err;
1827 	}
1828 
1829 	net->ipv6.ndisc_sk = sk;
1830 
1831 	np = inet6_sk(sk);
1832 	np->hop_limit = 255;
1833 	/* Do not loopback ndisc messages */
1834 	np->mc_loop = 0;
1835 
1836 	return 0;
1837 }
1838 
1839 static void __net_exit ndisc_net_exit(struct net *net)
1840 {
1841 	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1842 }
1843 
1844 static struct pernet_operations ndisc_net_ops = {
1845 	.init = ndisc_net_init,
1846 	.exit = ndisc_net_exit,
1847 };
1848 
1849 int __init ndisc_init(void)
1850 {
1851 	int err;
1852 
1853 	err = register_pernet_subsys(&ndisc_net_ops);
1854 	if (err)
1855 		return err;
1856 	/*
1857 	 * Initialize the neighbour table
1858 	 */
1859 	neigh_table_init(&nd_tbl);
1860 
1861 #ifdef CONFIG_SYSCTL
1862 	err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1863 				    &ndisc_ifinfo_sysctl_change);
1864 	if (err)
1865 		goto out_unregister_pernet;
1866 #endif
1867 	err = register_netdevice_notifier(&ndisc_netdev_notifier);
1868 	if (err)
1869 		goto out_unregister_sysctl;
1870 out:
1871 	return err;
1872 
1873 out_unregister_sysctl:
1874 #ifdef CONFIG_SYSCTL
1875 	neigh_sysctl_unregister(&nd_tbl.parms);
1876 out_unregister_pernet:
1877 #endif
1878 	unregister_pernet_subsys(&ndisc_net_ops);
1879 	goto out;
1880 }
1881 
1882 void ndisc_cleanup(void)
1883 {
1884 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1885 #ifdef CONFIG_SYSCTL
1886 	neigh_sysctl_unregister(&nd_tbl.parms);
1887 #endif
1888 	neigh_table_clear(&nd_tbl);
1889 	unregister_pernet_subsys(&ndisc_net_ops);
1890 }
1891