xref: /openbmc/linux/net/ipv6/ndisc.c (revision 9d749629)
1 /*
2  *	Neighbour Discovery for IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Mike Shaver		<shaver@ingenia.com>
8  *
9  *	This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14 
15 /*
16  *	Changes:
17  *
18  *	Alexey I. Froloff		:	RFC6106 (DNSSL) support
19  *	Pierre Ynard			:	export userland ND options
20  *						through netlink (RDNSS support)
21  *	Lars Fenneberg			:	fixed MTU setting on receipt
22  *						of an RA.
23  *	Janos Farkas			:	kmalloc failure checks
24  *	Alexey Kuznetsov		:	state machine reworked
25  *						and moved to net/core.
26  *	Pekka Savola			:	RFC2461 validation
27  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
28  */
29 
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31 
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47 
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53 
54 #include <net/sock.h>
55 #include <net/snmp.h>
56 
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63 
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66 
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71 
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74 
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77 
78 #define ND_PRINTK(val, level, fmt, ...)				\
79 do {								\
80 	if (val <= ND_DEBUG)					\
81 		net_##level##_ratelimited(fmt, ##__VA_ARGS__);	\
82 } while (0)
83 
84 static u32 ndisc_hash(const void *pkey,
85 		      const struct net_device *dev,
86 		      __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93 
94 static const struct neigh_ops ndisc_generic_ops = {
95 	.family =		AF_INET6,
96 	.solicit =		ndisc_solicit,
97 	.error_report =		ndisc_error_report,
98 	.output =		neigh_resolve_output,
99 	.connected_output =	neigh_connected_output,
100 };
101 
102 static const struct neigh_ops ndisc_hh_ops = {
103 	.family =		AF_INET6,
104 	.solicit =		ndisc_solicit,
105 	.error_report =		ndisc_error_report,
106 	.output =		neigh_resolve_output,
107 	.connected_output =	neigh_resolve_output,
108 };
109 
110 
111 static const struct neigh_ops ndisc_direct_ops = {
112 	.family =		AF_INET6,
113 	.output =		neigh_direct_output,
114 	.connected_output =	neigh_direct_output,
115 };
116 
117 struct neigh_table nd_tbl = {
118 	.family =	AF_INET6,
119 	.key_len =	sizeof(struct in6_addr),
120 	.hash =		ndisc_hash,
121 	.constructor =	ndisc_constructor,
122 	.pconstructor =	pndisc_constructor,
123 	.pdestructor =	pndisc_destructor,
124 	.proxy_redo =	pndisc_redo,
125 	.id =		"ndisc_cache",
126 	.parms = {
127 		.tbl			= &nd_tbl,
128 		.base_reachable_time	= ND_REACHABLE_TIME,
129 		.retrans_time		= ND_RETRANS_TIMER,
130 		.gc_staletime		= 60 * HZ,
131 		.reachable_time		= ND_REACHABLE_TIME,
132 		.delay_probe_time	= 5 * HZ,
133 		.queue_len_bytes	= 64*1024,
134 		.ucast_probes		= 3,
135 		.mcast_probes		= 3,
136 		.anycast_delay		= 1 * HZ,
137 		.proxy_delay		= (8 * HZ) / 10,
138 		.proxy_qlen		= 64,
139 	},
140 	.gc_interval =	  30 * HZ,
141 	.gc_thresh1 =	 128,
142 	.gc_thresh2 =	 512,
143 	.gc_thresh3 =	1024,
144 };
145 
146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147 {
148 	int pad   = ndisc_addr_option_pad(skb->dev->type);
149 	int data_len = skb->dev->addr_len;
150 	int space = ndisc_opt_addr_space(skb->dev);
151 	u8 *opt = skb_put(skb, space);
152 
153 	opt[0] = type;
154 	opt[1] = space>>3;
155 
156 	memset(opt + 2, 0, pad);
157 	opt   += pad;
158 	space -= pad;
159 
160 	memcpy(opt+2, data, data_len);
161 	data_len += 2;
162 	opt += data_len;
163 	if ((space -= data_len) > 0)
164 		memset(opt, 0, space);
165 }
166 
167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168 					    struct nd_opt_hdr *end)
169 {
170 	int type;
171 	if (!cur || !end || cur >= end)
172 		return NULL;
173 	type = cur->nd_opt_type;
174 	do {
175 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
176 	} while(cur < end && cur->nd_opt_type != type);
177 	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178 }
179 
180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181 {
182 	return opt->nd_opt_type == ND_OPT_RDNSS ||
183 		opt->nd_opt_type == ND_OPT_DNSSL;
184 }
185 
186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187 					     struct nd_opt_hdr *end)
188 {
189 	if (!cur || !end || cur >= end)
190 		return NULL;
191 	do {
192 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 	} while(cur < end && !ndisc_is_useropt(cur));
194 	return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195 }
196 
197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198 					  struct ndisc_options *ndopts)
199 {
200 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201 
202 	if (!nd_opt || opt_len < 0 || !ndopts)
203 		return NULL;
204 	memset(ndopts, 0, sizeof(*ndopts));
205 	while (opt_len) {
206 		int l;
207 		if (opt_len < sizeof(struct nd_opt_hdr))
208 			return NULL;
209 		l = nd_opt->nd_opt_len << 3;
210 		if (opt_len < l || l == 0)
211 			return NULL;
212 		switch (nd_opt->nd_opt_type) {
213 		case ND_OPT_SOURCE_LL_ADDR:
214 		case ND_OPT_TARGET_LL_ADDR:
215 		case ND_OPT_MTU:
216 		case ND_OPT_REDIRECT_HDR:
217 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218 				ND_PRINTK(2, warn,
219 					  "%s: duplicated ND6 option found: type=%d\n",
220 					  __func__, nd_opt->nd_opt_type);
221 			} else {
222 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223 			}
224 			break;
225 		case ND_OPT_PREFIX_INFO:
226 			ndopts->nd_opts_pi_end = nd_opt;
227 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229 			break;
230 #ifdef CONFIG_IPV6_ROUTE_INFO
231 		case ND_OPT_ROUTE_INFO:
232 			ndopts->nd_opts_ri_end = nd_opt;
233 			if (!ndopts->nd_opts_ri)
234 				ndopts->nd_opts_ri = nd_opt;
235 			break;
236 #endif
237 		default:
238 			if (ndisc_is_useropt(nd_opt)) {
239 				ndopts->nd_useropts_end = nd_opt;
240 				if (!ndopts->nd_useropts)
241 					ndopts->nd_useropts = nd_opt;
242 			} else {
243 				/*
244 				 * Unknown options must be silently ignored,
245 				 * to accommodate future extension to the
246 				 * protocol.
247 				 */
248 				ND_PRINTK(2, notice,
249 					  "%s: ignored unsupported option; type=%d, len=%d\n",
250 					  __func__,
251 					  nd_opt->nd_opt_type,
252 					  nd_opt->nd_opt_len);
253 			}
254 		}
255 		opt_len -= l;
256 		nd_opt = ((void *)nd_opt) + l;
257 	}
258 	return ndopts;
259 }
260 
261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262 {
263 	switch (dev->type) {
264 	case ARPHRD_ETHER:
265 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
266 	case ARPHRD_FDDI:
267 		ipv6_eth_mc_map(addr, buf);
268 		return 0;
269 	case ARPHRD_ARCNET:
270 		ipv6_arcnet_mc_map(addr, buf);
271 		return 0;
272 	case ARPHRD_INFINIBAND:
273 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
274 		return 0;
275 	case ARPHRD_IPGRE:
276 		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277 	default:
278 		if (dir) {
279 			memcpy(buf, dev->broadcast, dev->addr_len);
280 			return 0;
281 		}
282 	}
283 	return -EINVAL;
284 }
285 
286 EXPORT_SYMBOL(ndisc_mc_map);
287 
288 static u32 ndisc_hash(const void *pkey,
289 		      const struct net_device *dev,
290 		      __u32 *hash_rnd)
291 {
292 	return ndisc_hashfn(pkey, dev, hash_rnd);
293 }
294 
295 static int ndisc_constructor(struct neighbour *neigh)
296 {
297 	struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298 	struct net_device *dev = neigh->dev;
299 	struct inet6_dev *in6_dev;
300 	struct neigh_parms *parms;
301 	bool is_multicast = ipv6_addr_is_multicast(addr);
302 
303 	in6_dev = in6_dev_get(dev);
304 	if (in6_dev == NULL) {
305 		return -EINVAL;
306 	}
307 
308 	parms = in6_dev->nd_parms;
309 	__neigh_parms_put(neigh->parms);
310 	neigh->parms = neigh_parms_clone(parms);
311 
312 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313 	if (!dev->header_ops) {
314 		neigh->nud_state = NUD_NOARP;
315 		neigh->ops = &ndisc_direct_ops;
316 		neigh->output = neigh_direct_output;
317 	} else {
318 		if (is_multicast) {
319 			neigh->nud_state = NUD_NOARP;
320 			ndisc_mc_map(addr, neigh->ha, dev, 1);
321 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322 			neigh->nud_state = NUD_NOARP;
323 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324 			if (dev->flags&IFF_LOOPBACK)
325 				neigh->type = RTN_LOCAL;
326 		} else if (dev->flags&IFF_POINTOPOINT) {
327 			neigh->nud_state = NUD_NOARP;
328 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329 		}
330 		if (dev->header_ops->cache)
331 			neigh->ops = &ndisc_hh_ops;
332 		else
333 			neigh->ops = &ndisc_generic_ops;
334 		if (neigh->nud_state&NUD_VALID)
335 			neigh->output = neigh->ops->connected_output;
336 		else
337 			neigh->output = neigh->ops->output;
338 	}
339 	in6_dev_put(in6_dev);
340 	return 0;
341 }
342 
343 static int pndisc_constructor(struct pneigh_entry *n)
344 {
345 	struct in6_addr *addr = (struct in6_addr*)&n->key;
346 	struct in6_addr maddr;
347 	struct net_device *dev = n->dev;
348 
349 	if (dev == NULL || __in6_dev_get(dev) == NULL)
350 		return -EINVAL;
351 	addrconf_addr_solict_mult(addr, &maddr);
352 	ipv6_dev_mc_inc(dev, &maddr);
353 	return 0;
354 }
355 
356 static void pndisc_destructor(struct pneigh_entry *n)
357 {
358 	struct in6_addr *addr = (struct in6_addr*)&n->key;
359 	struct in6_addr maddr;
360 	struct net_device *dev = n->dev;
361 
362 	if (dev == NULL || __in6_dev_get(dev) == NULL)
363 		return;
364 	addrconf_addr_solict_mult(addr, &maddr);
365 	ipv6_dev_mc_dec(dev, &maddr);
366 }
367 
368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369 				       int len)
370 {
371 	int hlen = LL_RESERVED_SPACE(dev);
372 	int tlen = dev->needed_tailroom;
373 	struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374 	struct sk_buff *skb;
375 	int err;
376 
377 	skb = sock_alloc_send_skb(sk,
378 				  hlen + sizeof(struct ipv6hdr) + len + tlen,
379 				  1, &err);
380 	if (!skb) {
381 		ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
382 			  __func__, err);
383 		return NULL;
384 	}
385 
386 	skb->protocol = htons(ETH_P_IPV6);
387 	skb->dev = dev;
388 
389 	skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
390 	skb_reset_transport_header(skb);
391 
392 	return skb;
393 }
394 
395 static void ip6_nd_hdr(struct sk_buff *skb,
396 		       const struct in6_addr *saddr,
397 		       const struct in6_addr *daddr,
398 		       int hop_limit, int len)
399 {
400 	struct ipv6hdr *hdr;
401 
402 	skb_push(skb, sizeof(*hdr));
403 	skb_reset_network_header(skb);
404 	hdr = ipv6_hdr(skb);
405 
406 	ip6_flow_hdr(hdr, 0, 0);
407 
408 	hdr->payload_len = htons(len);
409 	hdr->nexthdr = IPPROTO_ICMPV6;
410 	hdr->hop_limit = hop_limit;
411 
412 	hdr->saddr = *saddr;
413 	hdr->daddr = *daddr;
414 }
415 
416 static void ndisc_send_skb(struct sk_buff *skb,
417 			   const struct in6_addr *daddr,
418 			   const struct in6_addr *saddr)
419 {
420 	struct dst_entry *dst = skb_dst(skb);
421 	struct net *net = dev_net(skb->dev);
422 	struct sock *sk = net->ipv6.ndisc_sk;
423 	struct inet6_dev *idev;
424 	int err;
425 	struct icmp6hdr *icmp6h = icmp6_hdr(skb);
426 	u8 type;
427 
428 	type = icmp6h->icmp6_type;
429 
430 	if (!dst) {
431 		struct sock *sk = net->ipv6.ndisc_sk;
432 		struct flowi6 fl6;
433 
434 		icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
435 		dst = icmp6_dst_alloc(skb->dev, &fl6);
436 		if (IS_ERR(dst)) {
437 			kfree_skb(skb);
438 			return;
439 		}
440 
441 		skb_dst_set(skb, dst);
442 	}
443 
444 	icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
445 					      IPPROTO_ICMPV6,
446 					      csum_partial(icmp6h,
447 							   skb->len, 0));
448 
449 	ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
450 
451 	rcu_read_lock();
452 	idev = __in6_dev_get(dst->dev);
453 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
454 
455 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
456 		      dst_output);
457 	if (!err) {
458 		ICMP6MSGOUT_INC_STATS(net, idev, type);
459 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
460 	}
461 
462 	rcu_read_unlock();
463 }
464 
465 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
466 			  const struct in6_addr *daddr,
467 			  const struct in6_addr *solicited_addr,
468 			  bool router, bool solicited, bool override, bool inc_opt)
469 {
470 	struct sk_buff *skb;
471 	struct in6_addr tmpaddr;
472 	struct inet6_ifaddr *ifp;
473 	const struct in6_addr *src_addr;
474 	struct nd_msg *msg;
475 	int optlen = 0;
476 
477 	/* for anycast or proxy, solicited_addr != src_addr */
478 	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
479 	if (ifp) {
480 		src_addr = solicited_addr;
481 		if (ifp->flags & IFA_F_OPTIMISTIC)
482 			override = 0;
483 		inc_opt |= ifp->idev->cnf.force_tllao;
484 		in6_ifa_put(ifp);
485 	} else {
486 		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
487 				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
488 				       &tmpaddr))
489 			return;
490 		src_addr = &tmpaddr;
491 	}
492 
493 	if (!dev->addr_len)
494 		inc_opt = 0;
495 	if (inc_opt)
496 		optlen += ndisc_opt_addr_space(dev);
497 
498 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
499 	if (!skb)
500 		return;
501 
502 	msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
503 	*msg = (struct nd_msg) {
504 		.icmph = {
505 			.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
506 			.icmp6_router = router,
507 			.icmp6_solicited = solicited,
508 			.icmp6_override = override,
509 		},
510 		.target = *solicited_addr,
511 	};
512 
513 	if (inc_opt)
514 		ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
515 				       dev->dev_addr);
516 
517 
518 	ndisc_send_skb(skb, daddr, src_addr);
519 }
520 
521 static void ndisc_send_unsol_na(struct net_device *dev)
522 {
523 	struct inet6_dev *idev;
524 	struct inet6_ifaddr *ifa;
525 
526 	idev = in6_dev_get(dev);
527 	if (!idev)
528 		return;
529 
530 	read_lock_bh(&idev->lock);
531 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
532 		ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
533 			      /*router=*/ !!idev->cnf.forwarding,
534 			      /*solicited=*/ false, /*override=*/ true,
535 			      /*inc_opt=*/ true);
536 	}
537 	read_unlock_bh(&idev->lock);
538 
539 	in6_dev_put(idev);
540 }
541 
542 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
543 		   const struct in6_addr *solicit,
544 		   const struct in6_addr *daddr, const struct in6_addr *saddr)
545 {
546 	struct sk_buff *skb;
547 	struct in6_addr addr_buf;
548 	int inc_opt = dev->addr_len;
549 	int optlen = 0;
550 	struct nd_msg *msg;
551 
552 	if (saddr == NULL) {
553 		if (ipv6_get_lladdr(dev, &addr_buf,
554 				   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
555 			return;
556 		saddr = &addr_buf;
557 	}
558 
559 	if (ipv6_addr_any(saddr))
560 		inc_opt = 0;
561 	if (inc_opt)
562 		optlen += ndisc_opt_addr_space(dev);
563 
564 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
565 	if (!skb)
566 		return;
567 
568 	msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
569 	*msg = (struct nd_msg) {
570 		.icmph = {
571 			.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
572 		},
573 		.target = *solicit,
574 	};
575 
576 	if (inc_opt)
577 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
578 				       dev->dev_addr);
579 
580 	ndisc_send_skb(skb, daddr, saddr);
581 }
582 
583 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
584 		   const struct in6_addr *daddr)
585 {
586 	struct sk_buff *skb;
587 	struct rs_msg *msg;
588 	int send_sllao = dev->addr_len;
589 	int optlen = 0;
590 
591 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
592 	/*
593 	 * According to section 2.2 of RFC 4429, we must not
594 	 * send router solicitations with a sllao from
595 	 * optimistic addresses, but we may send the solicitation
596 	 * if we don't include the sllao.  So here we check
597 	 * if our address is optimistic, and if so, we
598 	 * suppress the inclusion of the sllao.
599 	 */
600 	if (send_sllao) {
601 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
602 							   dev, 1);
603 		if (ifp) {
604 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
605 				send_sllao = 0;
606 			}
607 			in6_ifa_put(ifp);
608 		} else {
609 			send_sllao = 0;
610 		}
611 	}
612 #endif
613 	if (!dev->addr_len)
614 		send_sllao = 0;
615 	if (send_sllao)
616 		optlen += ndisc_opt_addr_space(dev);
617 
618 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
619 	if (!skb)
620 		return;
621 
622 	msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
623 	*msg = (struct rs_msg) {
624 		.icmph = {
625 			.icmp6_type = NDISC_ROUTER_SOLICITATION,
626 		},
627 	};
628 
629 	if (send_sllao)
630 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
631 				       dev->dev_addr);
632 
633 	ndisc_send_skb(skb, daddr, saddr);
634 }
635 
636 
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639 	/*
640 	 *	"The sender MUST return an ICMP
641 	 *	 destination unreachable"
642 	 */
643 	dst_link_failure(skb);
644 	kfree_skb(skb);
645 }
646 
647 /* Called with locked neigh: either read or both */
648 
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651 	struct in6_addr *saddr = NULL;
652 	struct in6_addr mcaddr;
653 	struct net_device *dev = neigh->dev;
654 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 	int probes = atomic_read(&neigh->probes);
656 
657 	if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
658 		saddr = &ipv6_hdr(skb)->saddr;
659 
660 	if ((probes -= neigh->parms->ucast_probes) < 0) {
661 		if (!(neigh->nud_state & NUD_VALID)) {
662 			ND_PRINTK(1, dbg,
663 				  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
664 				  __func__, target);
665 		}
666 		ndisc_send_ns(dev, neigh, target, target, saddr);
667 	} else if ((probes -= neigh->parms->app_probes) < 0) {
668 #ifdef CONFIG_ARPD
669 		neigh_app_ns(neigh);
670 #endif
671 	} else {
672 		addrconf_addr_solict_mult(target, &mcaddr);
673 		ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674 	}
675 }
676 
677 static int pndisc_is_router(const void *pkey,
678 			    struct net_device *dev)
679 {
680 	struct pneigh_entry *n;
681 	int ret = -1;
682 
683 	read_lock_bh(&nd_tbl.lock);
684 	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
685 	if (n)
686 		ret = !!(n->flags & NTF_ROUTER);
687 	read_unlock_bh(&nd_tbl.lock);
688 
689 	return ret;
690 }
691 
692 static void ndisc_recv_ns(struct sk_buff *skb)
693 {
694 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
695 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
696 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
697 	u8 *lladdr = NULL;
698 	u32 ndoptlen = skb->tail - (skb->transport_header +
699 				    offsetof(struct nd_msg, opt));
700 	struct ndisc_options ndopts;
701 	struct net_device *dev = skb->dev;
702 	struct inet6_ifaddr *ifp;
703 	struct inet6_dev *idev = NULL;
704 	struct neighbour *neigh;
705 	int dad = ipv6_addr_any(saddr);
706 	bool inc;
707 	int is_router = -1;
708 
709 	if (skb->len < sizeof(struct nd_msg)) {
710 		ND_PRINTK(2, warn, "NS: packet too short\n");
711 		return;
712 	}
713 
714 	if (ipv6_addr_is_multicast(&msg->target)) {
715 		ND_PRINTK(2, warn, "NS: multicast target address\n");
716 		return;
717 	}
718 
719 	/*
720 	 * RFC2461 7.1.1:
721 	 * DAD has to be destined for solicited node multicast address.
722 	 */
723 	if (dad && !ipv6_addr_is_solict_mult(daddr)) {
724 		ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
725 		return;
726 	}
727 
728 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
729 		ND_PRINTK(2, warn, "NS: invalid ND options\n");
730 		return;
731 	}
732 
733 	if (ndopts.nd_opts_src_lladdr) {
734 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
735 		if (!lladdr) {
736 			ND_PRINTK(2, warn,
737 				  "NS: invalid link-layer address length\n");
738 			return;
739 		}
740 
741 		/* RFC2461 7.1.1:
742 		 *	If the IP source address is the unspecified address,
743 		 *	there MUST NOT be source link-layer address option
744 		 *	in the message.
745 		 */
746 		if (dad) {
747 			ND_PRINTK(2, warn,
748 				  "NS: bad DAD packet (link-layer address option)\n");
749 			return;
750 		}
751 	}
752 
753 	inc = ipv6_addr_is_multicast(daddr);
754 
755 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
756 	if (ifp) {
757 
758 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
759 			if (dad) {
760 				/*
761 				 * We are colliding with another node
762 				 * who is doing DAD
763 				 * so fail our DAD process
764 				 */
765 				addrconf_dad_failure(ifp);
766 				return;
767 			} else {
768 				/*
769 				 * This is not a dad solicitation.
770 				 * If we are an optimistic node,
771 				 * we should respond.
772 				 * Otherwise, we should ignore it.
773 				 */
774 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
775 					goto out;
776 			}
777 		}
778 
779 		idev = ifp->idev;
780 	} else {
781 		struct net *net = dev_net(dev);
782 
783 		idev = in6_dev_get(dev);
784 		if (!idev) {
785 			/* XXX: count this drop? */
786 			return;
787 		}
788 
789 		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
790 		    (idev->cnf.forwarding &&
791 		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
792 		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
793 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
794 			    skb->pkt_type != PACKET_HOST &&
795 			    inc != 0 &&
796 			    idev->nd_parms->proxy_delay != 0) {
797 				/*
798 				 * for anycast or proxy,
799 				 * sender should delay its response
800 				 * by a random time between 0 and
801 				 * MAX_ANYCAST_DELAY_TIME seconds.
802 				 * (RFC2461) -- yoshfuji
803 				 */
804 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
805 				if (n)
806 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
807 				goto out;
808 			}
809 		} else
810 			goto out;
811 	}
812 
813 	if (is_router < 0)
814 		is_router = idev->cnf.forwarding;
815 
816 	if (dad) {
817 		ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
818 			      !!is_router, false, (ifp != NULL), true);
819 		goto out;
820 	}
821 
822 	if (inc)
823 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
824 	else
825 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
826 
827 	/*
828 	 *	update / create cache entry
829 	 *	for the source address
830 	 */
831 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
832 			       !inc || lladdr || !dev->addr_len);
833 	if (neigh)
834 		neigh_update(neigh, lladdr, NUD_STALE,
835 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
836 			     NEIGH_UPDATE_F_OVERRIDE);
837 	if (neigh || !dev->header_ops) {
838 		ndisc_send_na(dev, neigh, saddr, &msg->target,
839 			      !!is_router,
840 			      true, (ifp != NULL && inc), inc);
841 		if (neigh)
842 			neigh_release(neigh);
843 	}
844 
845 out:
846 	if (ifp)
847 		in6_ifa_put(ifp);
848 	else
849 		in6_dev_put(idev);
850 }
851 
852 static void ndisc_recv_na(struct sk_buff *skb)
853 {
854 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
855 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
856 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
857 	u8 *lladdr = NULL;
858 	u32 ndoptlen = skb->tail - (skb->transport_header +
859 				    offsetof(struct nd_msg, opt));
860 	struct ndisc_options ndopts;
861 	struct net_device *dev = skb->dev;
862 	struct inet6_ifaddr *ifp;
863 	struct neighbour *neigh;
864 
865 	if (skb->len < sizeof(struct nd_msg)) {
866 		ND_PRINTK(2, warn, "NA: packet too short\n");
867 		return;
868 	}
869 
870 	if (ipv6_addr_is_multicast(&msg->target)) {
871 		ND_PRINTK(2, warn, "NA: target address is multicast\n");
872 		return;
873 	}
874 
875 	if (ipv6_addr_is_multicast(daddr) &&
876 	    msg->icmph.icmp6_solicited) {
877 		ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
878 		return;
879 	}
880 
881 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
882 		ND_PRINTK(2, warn, "NS: invalid ND option\n");
883 		return;
884 	}
885 	if (ndopts.nd_opts_tgt_lladdr) {
886 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
887 		if (!lladdr) {
888 			ND_PRINTK(2, warn,
889 				  "NA: invalid link-layer address length\n");
890 			return;
891 		}
892 	}
893 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
894 	if (ifp) {
895 		if (skb->pkt_type != PACKET_LOOPBACK
896 		    && (ifp->flags & IFA_F_TENTATIVE)) {
897 				addrconf_dad_failure(ifp);
898 				return;
899 		}
900 		/* What should we make now? The advertisement
901 		   is invalid, but ndisc specs say nothing
902 		   about it. It could be misconfiguration, or
903 		   an smart proxy agent tries to help us :-)
904 
905 		   We should not print the error if NA has been
906 		   received from loopback - it is just our own
907 		   unsolicited advertisement.
908 		 */
909 		if (skb->pkt_type != PACKET_LOOPBACK)
910 			ND_PRINTK(1, warn,
911 				  "NA: someone advertises our address %pI6 on %s!\n",
912 				  &ifp->addr, ifp->idev->dev->name);
913 		in6_ifa_put(ifp);
914 		return;
915 	}
916 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
917 
918 	if (neigh) {
919 		u8 old_flags = neigh->flags;
920 		struct net *net = dev_net(dev);
921 
922 		if (neigh->nud_state & NUD_FAILED)
923 			goto out;
924 
925 		/*
926 		 * Don't update the neighbor cache entry on a proxy NA from
927 		 * ourselves because either the proxied node is off link or it
928 		 * has already sent a NA to us.
929 		 */
930 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
931 		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
932 		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
933 			/* XXX: idev->cnf.proxy_ndp */
934 			goto out;
935 		}
936 
937 		neigh_update(neigh, lladdr,
938 			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
939 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
940 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
941 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
942 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
943 
944 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
945 			/*
946 			 * Change: router to host
947 			 */
948 			struct rt6_info *rt;
949 			rt = rt6_get_dflt_router(saddr, dev);
950 			if (rt)
951 				ip6_del_rt(rt);
952 		}
953 
954 out:
955 		neigh_release(neigh);
956 	}
957 }
958 
959 static void ndisc_recv_rs(struct sk_buff *skb)
960 {
961 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
962 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
963 	struct neighbour *neigh;
964 	struct inet6_dev *idev;
965 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
966 	struct ndisc_options ndopts;
967 	u8 *lladdr = NULL;
968 
969 	if (skb->len < sizeof(*rs_msg))
970 		return;
971 
972 	idev = __in6_dev_get(skb->dev);
973 	if (!idev) {
974 		ND_PRINTK(1, err, "RS: can't find in6 device\n");
975 		return;
976 	}
977 
978 	/* Don't accept RS if we're not in router mode */
979 	if (!idev->cnf.forwarding)
980 		goto out;
981 
982 	/*
983 	 * Don't update NCE if src = ::;
984 	 * this implies that the source node has no ip address assigned yet.
985 	 */
986 	if (ipv6_addr_any(saddr))
987 		goto out;
988 
989 	/* Parse ND options */
990 	if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
991 		ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
992 		goto out;
993 	}
994 
995 	if (ndopts.nd_opts_src_lladdr) {
996 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
997 					     skb->dev);
998 		if (!lladdr)
999 			goto out;
1000 	}
1001 
1002 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1003 	if (neigh) {
1004 		neigh_update(neigh, lladdr, NUD_STALE,
1005 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1006 			     NEIGH_UPDATE_F_OVERRIDE|
1007 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1008 		neigh_release(neigh);
1009 	}
1010 out:
1011 	return;
1012 }
1013 
1014 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1015 {
1016 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1017 	struct sk_buff *skb;
1018 	struct nlmsghdr *nlh;
1019 	struct nduseroptmsg *ndmsg;
1020 	struct net *net = dev_net(ra->dev);
1021 	int err;
1022 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1023 				    + (opt->nd_opt_len << 3));
1024 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1025 
1026 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1027 	if (skb == NULL) {
1028 		err = -ENOBUFS;
1029 		goto errout;
1030 	}
1031 
1032 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1033 	if (nlh == NULL) {
1034 		goto nla_put_failure;
1035 	}
1036 
1037 	ndmsg = nlmsg_data(nlh);
1038 	ndmsg->nduseropt_family = AF_INET6;
1039 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1040 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1041 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1042 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1043 
1044 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1045 
1046 	if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1047 		    &ipv6_hdr(ra)->saddr))
1048 		goto nla_put_failure;
1049 	nlmsg_end(skb, nlh);
1050 
1051 	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1052 	return;
1053 
1054 nla_put_failure:
1055 	nlmsg_free(skb);
1056 	err = -EMSGSIZE;
1057 errout:
1058 	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1059 }
1060 
1061 static void ndisc_router_discovery(struct sk_buff *skb)
1062 {
1063 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1064 	struct neighbour *neigh = NULL;
1065 	struct inet6_dev *in6_dev;
1066 	struct rt6_info *rt = NULL;
1067 	int lifetime;
1068 	struct ndisc_options ndopts;
1069 	int optlen;
1070 	unsigned int pref = 0;
1071 
1072 	__u8 * opt = (__u8 *)(ra_msg + 1);
1073 
1074 	optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1075 
1076 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1077 		ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1078 		return;
1079 	}
1080 	if (optlen < 0) {
1081 		ND_PRINTK(2, warn, "RA: packet too short\n");
1082 		return;
1083 	}
1084 
1085 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1086 	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1087 		ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1088 		return;
1089 	}
1090 #endif
1091 
1092 	/*
1093 	 *	set the RA_RECV flag in the interface
1094 	 */
1095 
1096 	in6_dev = __in6_dev_get(skb->dev);
1097 	if (in6_dev == NULL) {
1098 		ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1099 			  skb->dev->name);
1100 		return;
1101 	}
1102 
1103 	if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1104 		ND_PRINTK(2, warn, "RA: invalid ND options\n");
1105 		return;
1106 	}
1107 
1108 	if (!ipv6_accept_ra(in6_dev))
1109 		goto skip_linkparms;
1110 
1111 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1112 	/* skip link-specific parameters from interior routers */
1113 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1114 		goto skip_linkparms;
1115 #endif
1116 
1117 	if (in6_dev->if_flags & IF_RS_SENT) {
1118 		/*
1119 		 *	flag that an RA was received after an RS was sent
1120 		 *	out on this interface.
1121 		 */
1122 		in6_dev->if_flags |= IF_RA_RCVD;
1123 	}
1124 
1125 	/*
1126 	 * Remember the managed/otherconf flags from most recently
1127 	 * received RA message (RFC 2462) -- yoshfuji
1128 	 */
1129 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1130 				IF_RA_OTHERCONF)) |
1131 				(ra_msg->icmph.icmp6_addrconf_managed ?
1132 					IF_RA_MANAGED : 0) |
1133 				(ra_msg->icmph.icmp6_addrconf_other ?
1134 					IF_RA_OTHERCONF : 0);
1135 
1136 	if (!in6_dev->cnf.accept_ra_defrtr)
1137 		goto skip_defrtr;
1138 
1139 	if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1140 		goto skip_defrtr;
1141 
1142 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1143 
1144 #ifdef CONFIG_IPV6_ROUTER_PREF
1145 	pref = ra_msg->icmph.icmp6_router_pref;
1146 	/* 10b is handled as if it were 00b (medium) */
1147 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1148 	    !in6_dev->cnf.accept_ra_rtr_pref)
1149 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1150 #endif
1151 
1152 	rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1153 
1154 	if (rt) {
1155 		neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1156 		if (!neigh) {
1157 			ND_PRINTK(0, err,
1158 				  "RA: %s got default router without neighbour\n",
1159 				  __func__);
1160 			ip6_rt_put(rt);
1161 			return;
1162 		}
1163 	}
1164 	if (rt && lifetime == 0) {
1165 		ip6_del_rt(rt);
1166 		rt = NULL;
1167 	}
1168 
1169 	if (rt == NULL && lifetime) {
1170 		ND_PRINTK(3, dbg, "RA: adding default router\n");
1171 
1172 		rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1173 		if (rt == NULL) {
1174 			ND_PRINTK(0, err,
1175 				  "RA: %s failed to add default route\n",
1176 				  __func__);
1177 			return;
1178 		}
1179 
1180 		neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1181 		if (neigh == NULL) {
1182 			ND_PRINTK(0, err,
1183 				  "RA: %s got default router without neighbour\n",
1184 				  __func__);
1185 			ip6_rt_put(rt);
1186 			return;
1187 		}
1188 		neigh->flags |= NTF_ROUTER;
1189 	} else if (rt) {
1190 		rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1191 	}
1192 
1193 	if (rt)
1194 		rt6_set_expires(rt, jiffies + (HZ * lifetime));
1195 	if (ra_msg->icmph.icmp6_hop_limit) {
1196 		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1197 		if (rt)
1198 			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1199 				       ra_msg->icmph.icmp6_hop_limit);
1200 	}
1201 
1202 skip_defrtr:
1203 
1204 	/*
1205 	 *	Update Reachable Time and Retrans Timer
1206 	 */
1207 
1208 	if (in6_dev->nd_parms) {
1209 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1210 
1211 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1212 			rtime = (rtime*HZ)/1000;
1213 			if (rtime < HZ/10)
1214 				rtime = HZ/10;
1215 			in6_dev->nd_parms->retrans_time = rtime;
1216 			in6_dev->tstamp = jiffies;
1217 			inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1218 		}
1219 
1220 		rtime = ntohl(ra_msg->reachable_time);
1221 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1222 			rtime = (rtime*HZ)/1000;
1223 
1224 			if (rtime < HZ/10)
1225 				rtime = HZ/10;
1226 
1227 			if (rtime != in6_dev->nd_parms->base_reachable_time) {
1228 				in6_dev->nd_parms->base_reachable_time = rtime;
1229 				in6_dev->nd_parms->gc_staletime = 3 * rtime;
1230 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1231 				in6_dev->tstamp = jiffies;
1232 				inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1233 			}
1234 		}
1235 	}
1236 
1237 skip_linkparms:
1238 
1239 	/*
1240 	 *	Process options.
1241 	 */
1242 
1243 	if (!neigh)
1244 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1245 				       skb->dev, 1);
1246 	if (neigh) {
1247 		u8 *lladdr = NULL;
1248 		if (ndopts.nd_opts_src_lladdr) {
1249 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1250 						     skb->dev);
1251 			if (!lladdr) {
1252 				ND_PRINTK(2, warn,
1253 					  "RA: invalid link-layer address length\n");
1254 				goto out;
1255 			}
1256 		}
1257 		neigh_update(neigh, lladdr, NUD_STALE,
1258 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1259 			     NEIGH_UPDATE_F_OVERRIDE|
1260 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1261 			     NEIGH_UPDATE_F_ISROUTER);
1262 	}
1263 
1264 	if (!ipv6_accept_ra(in6_dev))
1265 		goto out;
1266 
1267 #ifdef CONFIG_IPV6_ROUTE_INFO
1268 	if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1269 		goto skip_routeinfo;
1270 
1271 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1272 		struct nd_opt_hdr *p;
1273 		for (p = ndopts.nd_opts_ri;
1274 		     p;
1275 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1276 			struct route_info *ri = (struct route_info *)p;
1277 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1278 			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1279 			    ri->prefix_len == 0)
1280 				continue;
1281 #endif
1282 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1283 				continue;
1284 			rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1285 				      &ipv6_hdr(skb)->saddr);
1286 		}
1287 	}
1288 
1289 skip_routeinfo:
1290 #endif
1291 
1292 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1293 	/* skip link-specific ndopts from interior routers */
1294 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1295 		goto out;
1296 #endif
1297 
1298 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1299 		struct nd_opt_hdr *p;
1300 		for (p = ndopts.nd_opts_pi;
1301 		     p;
1302 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1303 			addrconf_prefix_rcv(skb->dev, (u8 *)p,
1304 					    (p->nd_opt_len) << 3,
1305 					    ndopts.nd_opts_src_lladdr != NULL);
1306 		}
1307 	}
1308 
1309 	if (ndopts.nd_opts_mtu) {
1310 		__be32 n;
1311 		u32 mtu;
1312 
1313 		memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1314 		mtu = ntohl(n);
1315 
1316 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1317 			ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1318 		} else if (in6_dev->cnf.mtu6 != mtu) {
1319 			in6_dev->cnf.mtu6 = mtu;
1320 
1321 			if (rt)
1322 				dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1323 
1324 			rt6_mtu_change(skb->dev, mtu);
1325 		}
1326 	}
1327 
1328 	if (ndopts.nd_useropts) {
1329 		struct nd_opt_hdr *p;
1330 		for (p = ndopts.nd_useropts;
1331 		     p;
1332 		     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1333 			ndisc_ra_useropt(skb, p);
1334 		}
1335 	}
1336 
1337 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1338 		ND_PRINTK(2, warn, "RA: invalid RA options\n");
1339 	}
1340 out:
1341 	ip6_rt_put(rt);
1342 	if (neigh)
1343 		neigh_release(neigh);
1344 }
1345 
1346 static void ndisc_redirect_rcv(struct sk_buff *skb)
1347 {
1348 	u8 *hdr;
1349 	struct ndisc_options ndopts;
1350 	struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1351 	u32 ndoptlen = skb->tail - (skb->transport_header +
1352 				    offsetof(struct rd_msg, opt));
1353 
1354 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1355 	switch (skb->ndisc_nodetype) {
1356 	case NDISC_NODETYPE_HOST:
1357 	case NDISC_NODETYPE_NODEFAULT:
1358 		ND_PRINTK(2, warn,
1359 			  "Redirect: from host or unauthorized router\n");
1360 		return;
1361 	}
1362 #endif
1363 
1364 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1365 		ND_PRINTK(2, warn,
1366 			  "Redirect: source address is not link-local\n");
1367 		return;
1368 	}
1369 
1370 	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1371 		return;
1372 
1373 	if (!ndopts.nd_opts_rh)
1374 		return;
1375 
1376 	hdr = (u8 *)ndopts.nd_opts_rh;
1377 	hdr += 8;
1378 	if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1379 		return;
1380 
1381 	icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1382 }
1383 
1384 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1385 					   struct sk_buff *orig_skb,
1386 					   int rd_len)
1387 {
1388 	u8 *opt = skb_put(skb, rd_len);
1389 
1390 	memset(opt, 0, 8);
1391 	*(opt++) = ND_OPT_REDIRECT_HDR;
1392 	*(opt++) = (rd_len >> 3);
1393 	opt += 6;
1394 
1395 	memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1396 }
1397 
1398 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1399 {
1400 	struct net_device *dev = skb->dev;
1401 	struct net *net = dev_net(dev);
1402 	struct sock *sk = net->ipv6.ndisc_sk;
1403 	int optlen = 0;
1404 	struct inet_peer *peer;
1405 	struct sk_buff *buff;
1406 	struct rd_msg *msg;
1407 	struct in6_addr saddr_buf;
1408 	struct rt6_info *rt;
1409 	struct dst_entry *dst;
1410 	struct flowi6 fl6;
1411 	int rd_len;
1412 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1413 	bool ret;
1414 
1415 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1416 		ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1417 			  dev->name);
1418 		return;
1419 	}
1420 
1421 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1422 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1423 		ND_PRINTK(2, warn,
1424 			  "Redirect: target address is not link-local unicast\n");
1425 		return;
1426 	}
1427 
1428 	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1429 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1430 
1431 	dst = ip6_route_output(net, NULL, &fl6);
1432 	if (dst->error) {
1433 		dst_release(dst);
1434 		return;
1435 	}
1436 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1437 	if (IS_ERR(dst))
1438 		return;
1439 
1440 	rt = (struct rt6_info *) dst;
1441 
1442 	if (rt->rt6i_flags & RTF_GATEWAY) {
1443 		ND_PRINTK(2, warn,
1444 			  "Redirect: destination is not a neighbour\n");
1445 		goto release;
1446 	}
1447 	peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1448 	ret = inet_peer_xrlim_allow(peer, 1*HZ);
1449 	if (peer)
1450 		inet_putpeer(peer);
1451 	if (!ret)
1452 		goto release;
1453 
1454 	if (dev->addr_len) {
1455 		struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1456 		if (!neigh) {
1457 			ND_PRINTK(2, warn,
1458 				  "Redirect: no neigh for target address\n");
1459 			goto release;
1460 		}
1461 
1462 		read_lock_bh(&neigh->lock);
1463 		if (neigh->nud_state & NUD_VALID) {
1464 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1465 			read_unlock_bh(&neigh->lock);
1466 			ha = ha_buf;
1467 			optlen += ndisc_opt_addr_space(dev);
1468 		} else
1469 			read_unlock_bh(&neigh->lock);
1470 
1471 		neigh_release(neigh);
1472 	}
1473 
1474 	rd_len = min_t(unsigned int,
1475 		       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1476 		       skb->len + 8);
1477 	rd_len &= ~0x7;
1478 	optlen += rd_len;
1479 
1480 	buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1481 	if (!buff)
1482 		goto release;
1483 
1484 	msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1485 	*msg = (struct rd_msg) {
1486 		.icmph = {
1487 			.icmp6_type = NDISC_REDIRECT,
1488 		},
1489 		.target = *target,
1490 		.dest = ipv6_hdr(skb)->daddr,
1491 	};
1492 
1493 	/*
1494 	 *	include target_address option
1495 	 */
1496 
1497 	if (ha)
1498 		ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha);
1499 
1500 	/*
1501 	 *	build redirect option and copy skb over to the new packet.
1502 	 */
1503 
1504 	if (rd_len)
1505 		ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1506 
1507 	skb_dst_set(buff, dst);
1508 	ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1509 	return;
1510 
1511 release:
1512 	dst_release(dst);
1513 }
1514 
1515 static void pndisc_redo(struct sk_buff *skb)
1516 {
1517 	ndisc_recv_ns(skb);
1518 	kfree_skb(skb);
1519 }
1520 
1521 int ndisc_rcv(struct sk_buff *skb)
1522 {
1523 	struct nd_msg *msg;
1524 
1525 	if (skb_linearize(skb))
1526 		return 0;
1527 
1528 	msg = (struct nd_msg *)skb_transport_header(skb);
1529 
1530 	__skb_push(skb, skb->data - skb_transport_header(skb));
1531 
1532 	if (ipv6_hdr(skb)->hop_limit != 255) {
1533 		ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1534 			  ipv6_hdr(skb)->hop_limit);
1535 		return 0;
1536 	}
1537 
1538 	if (msg->icmph.icmp6_code != 0) {
1539 		ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1540 			  msg->icmph.icmp6_code);
1541 		return 0;
1542 	}
1543 
1544 	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1545 
1546 	switch (msg->icmph.icmp6_type) {
1547 	case NDISC_NEIGHBOUR_SOLICITATION:
1548 		ndisc_recv_ns(skb);
1549 		break;
1550 
1551 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1552 		ndisc_recv_na(skb);
1553 		break;
1554 
1555 	case NDISC_ROUTER_SOLICITATION:
1556 		ndisc_recv_rs(skb);
1557 		break;
1558 
1559 	case NDISC_ROUTER_ADVERTISEMENT:
1560 		ndisc_router_discovery(skb);
1561 		break;
1562 
1563 	case NDISC_REDIRECT:
1564 		ndisc_redirect_rcv(skb);
1565 		break;
1566 	}
1567 
1568 	return 0;
1569 }
1570 
1571 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1572 {
1573 	struct net_device *dev = ptr;
1574 	struct net *net = dev_net(dev);
1575 	struct inet6_dev *idev;
1576 
1577 	switch (event) {
1578 	case NETDEV_CHANGEADDR:
1579 		neigh_changeaddr(&nd_tbl, dev);
1580 		fib6_run_gc(~0UL, net);
1581 		idev = in6_dev_get(dev);
1582 		if (!idev)
1583 			break;
1584 		if (idev->cnf.ndisc_notify)
1585 			ndisc_send_unsol_na(dev);
1586 		in6_dev_put(idev);
1587 		break;
1588 	case NETDEV_DOWN:
1589 		neigh_ifdown(&nd_tbl, dev);
1590 		fib6_run_gc(~0UL, net);
1591 		break;
1592 	case NETDEV_NOTIFY_PEERS:
1593 		ndisc_send_unsol_na(dev);
1594 		break;
1595 	default:
1596 		break;
1597 	}
1598 
1599 	return NOTIFY_DONE;
1600 }
1601 
1602 static struct notifier_block ndisc_netdev_notifier = {
1603 	.notifier_call = ndisc_netdev_event,
1604 };
1605 
1606 #ifdef CONFIG_SYSCTL
1607 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1608 					 const char *func, const char *dev_name)
1609 {
1610 	static char warncomm[TASK_COMM_LEN];
1611 	static int warned;
1612 	if (strcmp(warncomm, current->comm) && warned < 5) {
1613 		strcpy(warncomm, current->comm);
1614 		pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1615 			warncomm, func,
1616 			dev_name, ctl->procname,
1617 			dev_name, ctl->procname);
1618 		warned++;
1619 	}
1620 }
1621 
1622 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1623 {
1624 	struct net_device *dev = ctl->extra1;
1625 	struct inet6_dev *idev;
1626 	int ret;
1627 
1628 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1629 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1630 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1631 
1632 	if (strcmp(ctl->procname, "retrans_time") == 0)
1633 		ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1634 
1635 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1636 		ret = proc_dointvec_jiffies(ctl, write,
1637 					    buffer, lenp, ppos);
1638 
1639 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1640 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1641 		ret = proc_dointvec_ms_jiffies(ctl, write,
1642 					       buffer, lenp, ppos);
1643 	else
1644 		ret = -1;
1645 
1646 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1647 		if (ctl->data == &idev->nd_parms->base_reachable_time)
1648 			idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1649 		idev->tstamp = jiffies;
1650 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1651 		in6_dev_put(idev);
1652 	}
1653 	return ret;
1654 }
1655 
1656 
1657 #endif
1658 
1659 static int __net_init ndisc_net_init(struct net *net)
1660 {
1661 	struct ipv6_pinfo *np;
1662 	struct sock *sk;
1663 	int err;
1664 
1665 	err = inet_ctl_sock_create(&sk, PF_INET6,
1666 				   SOCK_RAW, IPPROTO_ICMPV6, net);
1667 	if (err < 0) {
1668 		ND_PRINTK(0, err,
1669 			  "NDISC: Failed to initialize the control socket (err %d)\n",
1670 			  err);
1671 		return err;
1672 	}
1673 
1674 	net->ipv6.ndisc_sk = sk;
1675 
1676 	np = inet6_sk(sk);
1677 	np->hop_limit = 255;
1678 	/* Do not loopback ndisc messages */
1679 	np->mc_loop = 0;
1680 
1681 	return 0;
1682 }
1683 
1684 static void __net_exit ndisc_net_exit(struct net *net)
1685 {
1686 	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1687 }
1688 
1689 static struct pernet_operations ndisc_net_ops = {
1690 	.init = ndisc_net_init,
1691 	.exit = ndisc_net_exit,
1692 };
1693 
1694 int __init ndisc_init(void)
1695 {
1696 	int err;
1697 
1698 	err = register_pernet_subsys(&ndisc_net_ops);
1699 	if (err)
1700 		return err;
1701 	/*
1702 	 * Initialize the neighbour table
1703 	 */
1704 	neigh_table_init(&nd_tbl);
1705 
1706 #ifdef CONFIG_SYSCTL
1707 	err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1708 				    &ndisc_ifinfo_sysctl_change);
1709 	if (err)
1710 		goto out_unregister_pernet;
1711 #endif
1712 	err = register_netdevice_notifier(&ndisc_netdev_notifier);
1713 	if (err)
1714 		goto out_unregister_sysctl;
1715 out:
1716 	return err;
1717 
1718 out_unregister_sysctl:
1719 #ifdef CONFIG_SYSCTL
1720 	neigh_sysctl_unregister(&nd_tbl.parms);
1721 out_unregister_pernet:
1722 #endif
1723 	unregister_pernet_subsys(&ndisc_net_ops);
1724 	goto out;
1725 }
1726 
1727 void ndisc_cleanup(void)
1728 {
1729 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1730 #ifdef CONFIG_SYSCTL
1731 	neigh_sysctl_unregister(&nd_tbl.parms);
1732 #endif
1733 	neigh_table_clear(&nd_tbl);
1734 	unregister_pernet_subsys(&ndisc_net_ops);
1735 }
1736