xref: /openbmc/linux/net/ipv6/ndisc.c (revision e87c65ae)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Neighbour Discovery for IPv6
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  *	Mike Shaver		<shaver@ingenia.com>
9  */
10 
11 /*
12  *	Changes:
13  *
14  *	Alexey I. Froloff		:	RFC6106 (DNSSL) support
15  *	Pierre Ynard			:	export userland ND options
16  *						through netlink (RDNSS support)
17  *	Lars Fenneberg			:	fixed MTU setting on receipt
18  *						of an RA.
19  *	Janos Farkas			:	kmalloc failure checks
20  *	Alexey Kuznetsov		:	state machine reworked
21  *						and moved to net/core.
22  *	Pekka Savola			:	RFC2461 validation
23  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
24  */
25 
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27 
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43 
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50 
51 #include <net/sock.h>
52 #include <net/snmp.h>
53 
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60 
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63 
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68 
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71 
72 static u32 ndisc_hash(const void *pkey,
73 		      const struct net_device *dev,
74 		      __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 			    struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85 
86 static const struct neigh_ops ndisc_generic_ops = {
87 	.family =		AF_INET6,
88 	.solicit =		ndisc_solicit,
89 	.error_report =		ndisc_error_report,
90 	.output =		neigh_resolve_output,
91 	.connected_output =	neigh_connected_output,
92 };
93 
94 static const struct neigh_ops ndisc_hh_ops = {
95 	.family =		AF_INET6,
96 	.solicit =		ndisc_solicit,
97 	.error_report =		ndisc_error_report,
98 	.output =		neigh_resolve_output,
99 	.connected_output =	neigh_resolve_output,
100 };
101 
102 
103 static const struct neigh_ops ndisc_direct_ops = {
104 	.family =		AF_INET6,
105 	.output =		neigh_direct_output,
106 	.connected_output =	neigh_direct_output,
107 };
108 
109 struct neigh_table nd_tbl = {
110 	.family =	AF_INET6,
111 	.key_len =	sizeof(struct in6_addr),
112 	.protocol =	cpu_to_be16(ETH_P_IPV6),
113 	.hash =		ndisc_hash,
114 	.key_eq =	ndisc_key_eq,
115 	.constructor =	ndisc_constructor,
116 	.pconstructor =	pndisc_constructor,
117 	.pdestructor =	pndisc_destructor,
118 	.proxy_redo =	pndisc_redo,
119 	.is_multicast =	ndisc_is_multicast,
120 	.allow_add  =   ndisc_allow_add,
121 	.id =		"ndisc_cache",
122 	.parms = {
123 		.tbl			= &nd_tbl,
124 		.reachable_time		= ND_REACHABLE_TIME,
125 		.data = {
126 			[NEIGH_VAR_MCAST_PROBES] = 3,
127 			[NEIGH_VAR_UCAST_PROBES] = 3,
128 			[NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 			[NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 			[NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 			[NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 			[NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 			[NEIGH_VAR_PROXY_QLEN] = 64,
134 			[NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 			[NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 		},
137 	},
138 	.gc_interval =	  30 * HZ,
139 	.gc_thresh1 =	 128,
140 	.gc_thresh2 =	 512,
141 	.gc_thresh3 =	1024,
142 };
143 EXPORT_SYMBOL_GPL(nd_tbl);
144 
145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
146 			      int data_len, int pad)
147 {
148 	int space = __ndisc_opt_addr_space(data_len, pad);
149 	u8 *opt = skb_put(skb, space);
150 
151 	opt[0] = type;
152 	opt[1] = space>>3;
153 
154 	memset(opt + 2, 0, pad);
155 	opt   += pad;
156 	space -= pad;
157 
158 	memcpy(opt+2, data, data_len);
159 	data_len += 2;
160 	opt += data_len;
161 	space -= data_len;
162 	if (space > 0)
163 		memset(opt, 0, space);
164 }
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166 
167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 					  const void *data, u8 icmp6_type)
169 {
170 	__ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 				 ndisc_addr_option_pad(skb->dev->type));
172 	ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173 }
174 
175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 						   void *ha,
177 						   const u8 *ops_data)
178 {
179 	ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 	ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
181 }
182 
183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 					    struct nd_opt_hdr *end)
185 {
186 	int type;
187 	if (!cur || !end || cur >= end)
188 		return NULL;
189 	type = cur->nd_opt_type;
190 	do {
191 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 	} while (cur < end && cur->nd_opt_type != type);
193 	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
194 }
195 
196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 				   struct nd_opt_hdr *opt)
198 {
199 	return opt->nd_opt_type == ND_OPT_RDNSS ||
200 		opt->nd_opt_type == ND_OPT_DNSSL ||
201 		opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 		opt->nd_opt_type == ND_OPT_PREF64 ||
203 		ndisc_ops_is_useropt(dev, opt->nd_opt_type);
204 }
205 
206 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 					     struct nd_opt_hdr *cur,
208 					     struct nd_opt_hdr *end)
209 {
210 	if (!cur || !end || cur >= end)
211 		return NULL;
212 	do {
213 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 	} while (cur < end && !ndisc_is_useropt(dev, cur));
215 	return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
216 }
217 
218 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 					  u8 *opt, int opt_len,
220 					  struct ndisc_options *ndopts)
221 {
222 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223 
224 	if (!nd_opt || opt_len < 0 || !ndopts)
225 		return NULL;
226 	memset(ndopts, 0, sizeof(*ndopts));
227 	while (opt_len) {
228 		int l;
229 		if (opt_len < sizeof(struct nd_opt_hdr))
230 			return NULL;
231 		l = nd_opt->nd_opt_len << 3;
232 		if (opt_len < l || l == 0)
233 			return NULL;
234 		if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 			goto next_opt;
236 		switch (nd_opt->nd_opt_type) {
237 		case ND_OPT_SOURCE_LL_ADDR:
238 		case ND_OPT_TARGET_LL_ADDR:
239 		case ND_OPT_MTU:
240 		case ND_OPT_NONCE:
241 		case ND_OPT_REDIRECT_HDR:
242 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 				ND_PRINTK(2, warn,
244 					  "%s: duplicated ND6 option found: type=%d\n",
245 					  __func__, nd_opt->nd_opt_type);
246 			} else {
247 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 			}
249 			break;
250 		case ND_OPT_PREFIX_INFO:
251 			ndopts->nd_opts_pi_end = nd_opt;
252 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 			break;
255 #ifdef CONFIG_IPV6_ROUTE_INFO
256 		case ND_OPT_ROUTE_INFO:
257 			ndopts->nd_opts_ri_end = nd_opt;
258 			if (!ndopts->nd_opts_ri)
259 				ndopts->nd_opts_ri = nd_opt;
260 			break;
261 #endif
262 		default:
263 			if (ndisc_is_useropt(dev, nd_opt)) {
264 				ndopts->nd_useropts_end = nd_opt;
265 				if (!ndopts->nd_useropts)
266 					ndopts->nd_useropts = nd_opt;
267 			} else {
268 				/*
269 				 * Unknown options must be silently ignored,
270 				 * to accommodate future extension to the
271 				 * protocol.
272 				 */
273 				ND_PRINTK(2, notice,
274 					  "%s: ignored unsupported option; type=%d, len=%d\n",
275 					  __func__,
276 					  nd_opt->nd_opt_type,
277 					  nd_opt->nd_opt_len);
278 			}
279 		}
280 next_opt:
281 		opt_len -= l;
282 		nd_opt = ((void *)nd_opt) + l;
283 	}
284 	return ndopts;
285 }
286 
287 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
288 {
289 	switch (dev->type) {
290 	case ARPHRD_ETHER:
291 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
292 	case ARPHRD_FDDI:
293 		ipv6_eth_mc_map(addr, buf);
294 		return 0;
295 	case ARPHRD_ARCNET:
296 		ipv6_arcnet_mc_map(addr, buf);
297 		return 0;
298 	case ARPHRD_INFINIBAND:
299 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
300 		return 0;
301 	case ARPHRD_IPGRE:
302 		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
303 	default:
304 		if (dir) {
305 			memcpy(buf, dev->broadcast, dev->addr_len);
306 			return 0;
307 		}
308 	}
309 	return -EINVAL;
310 }
311 EXPORT_SYMBOL(ndisc_mc_map);
312 
313 static u32 ndisc_hash(const void *pkey,
314 		      const struct net_device *dev,
315 		      __u32 *hash_rnd)
316 {
317 	return ndisc_hashfn(pkey, dev, hash_rnd);
318 }
319 
320 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321 {
322 	return neigh_key_eq128(n, pkey);
323 }
324 
325 static int ndisc_constructor(struct neighbour *neigh)
326 {
327 	struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 	struct net_device *dev = neigh->dev;
329 	struct inet6_dev *in6_dev;
330 	struct neigh_parms *parms;
331 	bool is_multicast = ipv6_addr_is_multicast(addr);
332 
333 	in6_dev = in6_dev_get(dev);
334 	if (!in6_dev) {
335 		return -EINVAL;
336 	}
337 
338 	parms = in6_dev->nd_parms;
339 	__neigh_parms_put(neigh->parms);
340 	neigh->parms = neigh_parms_clone(parms);
341 
342 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 	if (!dev->header_ops) {
344 		neigh->nud_state = NUD_NOARP;
345 		neigh->ops = &ndisc_direct_ops;
346 		neigh->output = neigh_direct_output;
347 	} else {
348 		if (is_multicast) {
349 			neigh->nud_state = NUD_NOARP;
350 			ndisc_mc_map(addr, neigh->ha, dev, 1);
351 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 			neigh->nud_state = NUD_NOARP;
353 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 			if (dev->flags&IFF_LOOPBACK)
355 				neigh->type = RTN_LOCAL;
356 		} else if (dev->flags&IFF_POINTOPOINT) {
357 			neigh->nud_state = NUD_NOARP;
358 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 		}
360 		if (dev->header_ops->cache)
361 			neigh->ops = &ndisc_hh_ops;
362 		else
363 			neigh->ops = &ndisc_generic_ops;
364 		if (neigh->nud_state&NUD_VALID)
365 			neigh->output = neigh->ops->connected_output;
366 		else
367 			neigh->output = neigh->ops->output;
368 	}
369 	in6_dev_put(in6_dev);
370 	return 0;
371 }
372 
373 static int pndisc_constructor(struct pneigh_entry *n)
374 {
375 	struct in6_addr *addr = (struct in6_addr *)&n->key;
376 	struct in6_addr maddr;
377 	struct net_device *dev = n->dev;
378 
379 	if (!dev || !__in6_dev_get(dev))
380 		return -EINVAL;
381 	addrconf_addr_solict_mult(addr, &maddr);
382 	ipv6_dev_mc_inc(dev, &maddr);
383 	return 0;
384 }
385 
386 static void pndisc_destructor(struct pneigh_entry *n)
387 {
388 	struct in6_addr *addr = (struct in6_addr *)&n->key;
389 	struct in6_addr maddr;
390 	struct net_device *dev = n->dev;
391 
392 	if (!dev || !__in6_dev_get(dev))
393 		return;
394 	addrconf_addr_solict_mult(addr, &maddr);
395 	ipv6_dev_mc_dec(dev, &maddr);
396 }
397 
398 /* called with rtnl held */
399 static bool ndisc_allow_add(const struct net_device *dev,
400 			    struct netlink_ext_ack *extack)
401 {
402 	struct inet6_dev *idev = __in6_dev_get(dev);
403 
404 	if (!idev || idev->cnf.disable_ipv6) {
405 		NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 		return false;
407 	}
408 
409 	return true;
410 }
411 
412 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 				       int len)
414 {
415 	int hlen = LL_RESERVED_SPACE(dev);
416 	int tlen = dev->needed_tailroom;
417 	struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 	struct sk_buff *skb;
419 
420 	skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 	if (!skb) {
422 		ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 			  __func__);
424 		return NULL;
425 	}
426 
427 	skb->protocol = htons(ETH_P_IPV6);
428 	skb->dev = dev;
429 
430 	skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 	skb_reset_transport_header(skb);
432 
433 	/* Manually assign socket ownership as we avoid calling
434 	 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 	 */
436 	skb_set_owner_w(skb, sk);
437 
438 	return skb;
439 }
440 
441 static void ip6_nd_hdr(struct sk_buff *skb,
442 		       const struct in6_addr *saddr,
443 		       const struct in6_addr *daddr,
444 		       int hop_limit, int len)
445 {
446 	struct ipv6hdr *hdr;
447 	struct inet6_dev *idev;
448 	unsigned tclass;
449 
450 	rcu_read_lock();
451 	idev = __in6_dev_get(skb->dev);
452 	tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 	rcu_read_unlock();
454 
455 	skb_push(skb, sizeof(*hdr));
456 	skb_reset_network_header(skb);
457 	hdr = ipv6_hdr(skb);
458 
459 	ip6_flow_hdr(hdr, tclass, 0);
460 
461 	hdr->payload_len = htons(len);
462 	hdr->nexthdr = IPPROTO_ICMPV6;
463 	hdr->hop_limit = hop_limit;
464 
465 	hdr->saddr = *saddr;
466 	hdr->daddr = *daddr;
467 }
468 
469 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
470 		    const struct in6_addr *saddr)
471 {
472 	struct dst_entry *dst = skb_dst(skb);
473 	struct net *net = dev_net(skb->dev);
474 	struct sock *sk = net->ipv6.ndisc_sk;
475 	struct inet6_dev *idev;
476 	int err;
477 	struct icmp6hdr *icmp6h = icmp6_hdr(skb);
478 	u8 type;
479 
480 	type = icmp6h->icmp6_type;
481 
482 	if (!dst) {
483 		struct flowi6 fl6;
484 		int oif = skb->dev->ifindex;
485 
486 		icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
487 		dst = icmp6_dst_alloc(skb->dev, &fl6);
488 		if (IS_ERR(dst)) {
489 			kfree_skb(skb);
490 			return;
491 		}
492 
493 		skb_dst_set(skb, dst);
494 	}
495 
496 	icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
497 					      IPPROTO_ICMPV6,
498 					      csum_partial(icmp6h,
499 							   skb->len, 0));
500 
501 	ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
502 
503 	rcu_read_lock();
504 	idev = __in6_dev_get(dst->dev);
505 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
506 
507 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
508 		      net, sk, skb, NULL, dst->dev,
509 		      dst_output);
510 	if (!err) {
511 		ICMP6MSGOUT_INC_STATS(net, idev, type);
512 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
513 	}
514 
515 	rcu_read_unlock();
516 }
517 EXPORT_SYMBOL(ndisc_send_skb);
518 
519 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 		   const struct in6_addr *solicited_addr,
521 		   bool router, bool solicited, bool override, bool inc_opt)
522 {
523 	struct sk_buff *skb;
524 	struct in6_addr tmpaddr;
525 	struct inet6_ifaddr *ifp;
526 	const struct in6_addr *src_addr;
527 	struct nd_msg *msg;
528 	int optlen = 0;
529 
530 	/* for anycast or proxy, solicited_addr != src_addr */
531 	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 	if (ifp) {
533 		src_addr = solicited_addr;
534 		if (ifp->flags & IFA_F_OPTIMISTIC)
535 			override = false;
536 		inc_opt |= ifp->idev->cnf.force_tllao;
537 		in6_ifa_put(ifp);
538 	} else {
539 		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
541 				       &tmpaddr))
542 			return;
543 		src_addr = &tmpaddr;
544 	}
545 
546 	if (!dev->addr_len)
547 		inc_opt = false;
548 	if (inc_opt)
549 		optlen += ndisc_opt_addr_space(dev,
550 					       NDISC_NEIGHBOUR_ADVERTISEMENT);
551 
552 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
553 	if (!skb)
554 		return;
555 
556 	msg = skb_put(skb, sizeof(*msg));
557 	*msg = (struct nd_msg) {
558 		.icmph = {
559 			.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 			.icmp6_router = router,
561 			.icmp6_solicited = solicited,
562 			.icmp6_override = override,
563 		},
564 		.target = *solicited_addr,
565 	};
566 
567 	if (inc_opt)
568 		ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 				       dev->dev_addr,
570 				       NDISC_NEIGHBOUR_ADVERTISEMENT);
571 
572 	ndisc_send_skb(skb, daddr, src_addr);
573 }
574 
575 static void ndisc_send_unsol_na(struct net_device *dev)
576 {
577 	struct inet6_dev *idev;
578 	struct inet6_ifaddr *ifa;
579 
580 	idev = in6_dev_get(dev);
581 	if (!idev)
582 		return;
583 
584 	read_lock_bh(&idev->lock);
585 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
586 		/* skip tentative addresses until dad completes */
587 		if (ifa->flags & IFA_F_TENTATIVE &&
588 		    !(ifa->flags & IFA_F_OPTIMISTIC))
589 			continue;
590 
591 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 			      /*router=*/ !!idev->cnf.forwarding,
593 			      /*solicited=*/ false, /*override=*/ true,
594 			      /*inc_opt=*/ true);
595 	}
596 	read_unlock_bh(&idev->lock);
597 
598 	in6_dev_put(idev);
599 }
600 
601 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
602 				const struct in6_addr *saddr, u64 nonce)
603 {
604 	int inc_opt = dev->addr_len;
605 	struct sk_buff *skb;
606 	struct nd_msg *msg;
607 	int optlen = 0;
608 
609 	if (!saddr)
610 		return NULL;
611 
612 	if (ipv6_addr_any(saddr))
613 		inc_opt = false;
614 	if (inc_opt)
615 		optlen += ndisc_opt_addr_space(dev,
616 					       NDISC_NEIGHBOUR_SOLICITATION);
617 	if (nonce != 0)
618 		optlen += 8;
619 
620 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
621 	if (!skb)
622 		return NULL;
623 
624 	msg = skb_put(skb, sizeof(*msg));
625 	*msg = (struct nd_msg) {
626 		.icmph = {
627 			.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
628 		},
629 		.target = *solicit,
630 	};
631 
632 	if (inc_opt)
633 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
634 				       dev->dev_addr,
635 				       NDISC_NEIGHBOUR_SOLICITATION);
636 	if (nonce != 0) {
637 		u8 *opt = skb_put(skb, 8);
638 
639 		opt[0] = ND_OPT_NONCE;
640 		opt[1] = 8 >> 3;
641 		memcpy(opt + 2, &nonce, 6);
642 	}
643 
644 	return skb;
645 }
646 EXPORT_SYMBOL(ndisc_ns_create);
647 
648 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
649 		   const struct in6_addr *daddr, const struct in6_addr *saddr,
650 		   u64 nonce)
651 {
652 	struct in6_addr addr_buf;
653 	struct sk_buff *skb;
654 
655 	if (!saddr) {
656 		if (ipv6_get_lladdr(dev, &addr_buf,
657 				    (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
658 			return;
659 		saddr = &addr_buf;
660 	}
661 
662 	skb = ndisc_ns_create(dev, solicit, saddr, nonce);
663 
664 	if (skb)
665 		ndisc_send_skb(skb, daddr, saddr);
666 }
667 
668 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
669 		   const struct in6_addr *daddr)
670 {
671 	struct sk_buff *skb;
672 	struct rs_msg *msg;
673 	int send_sllao = dev->addr_len;
674 	int optlen = 0;
675 
676 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
677 	/*
678 	 * According to section 2.2 of RFC 4429, we must not
679 	 * send router solicitations with a sllao from
680 	 * optimistic addresses, but we may send the solicitation
681 	 * if we don't include the sllao.  So here we check
682 	 * if our address is optimistic, and if so, we
683 	 * suppress the inclusion of the sllao.
684 	 */
685 	if (send_sllao) {
686 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
687 							   dev, 1);
688 		if (ifp) {
689 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
690 				send_sllao = 0;
691 			}
692 			in6_ifa_put(ifp);
693 		} else {
694 			send_sllao = 0;
695 		}
696 	}
697 #endif
698 	if (send_sllao)
699 		optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
700 
701 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
702 	if (!skb)
703 		return;
704 
705 	msg = skb_put(skb, sizeof(*msg));
706 	*msg = (struct rs_msg) {
707 		.icmph = {
708 			.icmp6_type = NDISC_ROUTER_SOLICITATION,
709 		},
710 	};
711 
712 	if (send_sllao)
713 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
714 				       dev->dev_addr,
715 				       NDISC_ROUTER_SOLICITATION);
716 
717 	ndisc_send_skb(skb, daddr, saddr);
718 }
719 
720 
721 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
722 {
723 	/*
724 	 *	"The sender MUST return an ICMP
725 	 *	 destination unreachable"
726 	 */
727 	dst_link_failure(skb);
728 	kfree_skb(skb);
729 }
730 
731 /* Called with locked neigh: either read or both */
732 
733 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
734 {
735 	struct in6_addr *saddr = NULL;
736 	struct in6_addr mcaddr;
737 	struct net_device *dev = neigh->dev;
738 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
739 	int probes = atomic_read(&neigh->probes);
740 
741 	if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
742 					   dev, false, 1,
743 					   IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
744 		saddr = &ipv6_hdr(skb)->saddr;
745 	probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
746 	if (probes < 0) {
747 		if (!(neigh->nud_state & NUD_VALID)) {
748 			ND_PRINTK(1, dbg,
749 				  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
750 				  __func__, target);
751 		}
752 		ndisc_send_ns(dev, target, target, saddr, 0);
753 	} else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
754 		neigh_app_ns(neigh);
755 	} else {
756 		addrconf_addr_solict_mult(target, &mcaddr);
757 		ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
758 	}
759 }
760 
761 static int pndisc_is_router(const void *pkey,
762 			    struct net_device *dev)
763 {
764 	struct pneigh_entry *n;
765 	int ret = -1;
766 
767 	read_lock_bh(&nd_tbl.lock);
768 	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
769 	if (n)
770 		ret = !!(n->flags & NTF_ROUTER);
771 	read_unlock_bh(&nd_tbl.lock);
772 
773 	return ret;
774 }
775 
776 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
777 		  const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
778 		  struct ndisc_options *ndopts)
779 {
780 	neigh_update(neigh, lladdr, new, flags, 0);
781 	/* report ndisc ops about neighbour update */
782 	ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
783 }
784 
785 static void ndisc_recv_ns(struct sk_buff *skb)
786 {
787 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
788 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
789 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
790 	u8 *lladdr = NULL;
791 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
792 				    offsetof(struct nd_msg, opt));
793 	struct ndisc_options ndopts;
794 	struct net_device *dev = skb->dev;
795 	struct inet6_ifaddr *ifp;
796 	struct inet6_dev *idev = NULL;
797 	struct neighbour *neigh;
798 	int dad = ipv6_addr_any(saddr);
799 	bool inc;
800 	int is_router = -1;
801 	u64 nonce = 0;
802 
803 	if (skb->len < sizeof(struct nd_msg)) {
804 		ND_PRINTK(2, warn, "NS: packet too short\n");
805 		return;
806 	}
807 
808 	if (ipv6_addr_is_multicast(&msg->target)) {
809 		ND_PRINTK(2, warn, "NS: multicast target address\n");
810 		return;
811 	}
812 
813 	/*
814 	 * RFC2461 7.1.1:
815 	 * DAD has to be destined for solicited node multicast address.
816 	 */
817 	if (dad && !ipv6_addr_is_solict_mult(daddr)) {
818 		ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
819 		return;
820 	}
821 
822 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
823 		ND_PRINTK(2, warn, "NS: invalid ND options\n");
824 		return;
825 	}
826 
827 	if (ndopts.nd_opts_src_lladdr) {
828 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
829 		if (!lladdr) {
830 			ND_PRINTK(2, warn,
831 				  "NS: invalid link-layer address length\n");
832 			return;
833 		}
834 
835 		/* RFC2461 7.1.1:
836 		 *	If the IP source address is the unspecified address,
837 		 *	there MUST NOT be source link-layer address option
838 		 *	in the message.
839 		 */
840 		if (dad) {
841 			ND_PRINTK(2, warn,
842 				  "NS: bad DAD packet (link-layer address option)\n");
843 			return;
844 		}
845 	}
846 	if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
847 		memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
848 
849 	inc = ipv6_addr_is_multicast(daddr);
850 
851 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
852 	if (ifp) {
853 have_ifp:
854 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
855 			if (dad) {
856 				if (nonce != 0 && ifp->dad_nonce == nonce) {
857 					u8 *np = (u8 *)&nonce;
858 					/* Matching nonce if looped back */
859 					ND_PRINTK(2, notice,
860 						  "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
861 						  ifp->idev->dev->name,
862 						  &ifp->addr, np);
863 					goto out;
864 				}
865 				/*
866 				 * We are colliding with another node
867 				 * who is doing DAD
868 				 * so fail our DAD process
869 				 */
870 				addrconf_dad_failure(skb, ifp);
871 				return;
872 			} else {
873 				/*
874 				 * This is not a dad solicitation.
875 				 * If we are an optimistic node,
876 				 * we should respond.
877 				 * Otherwise, we should ignore it.
878 				 */
879 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
880 					goto out;
881 			}
882 		}
883 
884 		idev = ifp->idev;
885 	} else {
886 		struct net *net = dev_net(dev);
887 
888 		/* perhaps an address on the master device */
889 		if (netif_is_l3_slave(dev)) {
890 			struct net_device *mdev;
891 
892 			mdev = netdev_master_upper_dev_get_rcu(dev);
893 			if (mdev) {
894 				ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
895 				if (ifp)
896 					goto have_ifp;
897 			}
898 		}
899 
900 		idev = in6_dev_get(dev);
901 		if (!idev) {
902 			/* XXX: count this drop? */
903 			return;
904 		}
905 
906 		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
907 		    (idev->cnf.forwarding &&
908 		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
909 		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
910 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
911 			    skb->pkt_type != PACKET_HOST &&
912 			    inc &&
913 			    NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
914 				/*
915 				 * for anycast or proxy,
916 				 * sender should delay its response
917 				 * by a random time between 0 and
918 				 * MAX_ANYCAST_DELAY_TIME seconds.
919 				 * (RFC2461) -- yoshfuji
920 				 */
921 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
922 				if (n)
923 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
924 				goto out;
925 			}
926 		} else
927 			goto out;
928 	}
929 
930 	if (is_router < 0)
931 		is_router = idev->cnf.forwarding;
932 
933 	if (dad) {
934 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
935 			      !!is_router, false, (ifp != NULL), true);
936 		goto out;
937 	}
938 
939 	if (inc)
940 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
941 	else
942 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
943 
944 	/*
945 	 *	update / create cache entry
946 	 *	for the source address
947 	 */
948 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
949 			       !inc || lladdr || !dev->addr_len);
950 	if (neigh)
951 		ndisc_update(dev, neigh, lladdr, NUD_STALE,
952 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
953 			     NEIGH_UPDATE_F_OVERRIDE,
954 			     NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
955 	if (neigh || !dev->header_ops) {
956 		ndisc_send_na(dev, saddr, &msg->target, !!is_router,
957 			      true, (ifp != NULL && inc), inc);
958 		if (neigh)
959 			neigh_release(neigh);
960 	}
961 
962 out:
963 	if (ifp)
964 		in6_ifa_put(ifp);
965 	else
966 		in6_dev_put(idev);
967 }
968 
969 static void ndisc_recv_na(struct sk_buff *skb)
970 {
971 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
972 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
974 	u8 *lladdr = NULL;
975 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
976 				    offsetof(struct nd_msg, opt));
977 	struct ndisc_options ndopts;
978 	struct net_device *dev = skb->dev;
979 	struct inet6_dev *idev = __in6_dev_get(dev);
980 	struct inet6_ifaddr *ifp;
981 	struct neighbour *neigh;
982 
983 	if (skb->len < sizeof(struct nd_msg)) {
984 		ND_PRINTK(2, warn, "NA: packet too short\n");
985 		return;
986 	}
987 
988 	if (ipv6_addr_is_multicast(&msg->target)) {
989 		ND_PRINTK(2, warn, "NA: target address is multicast\n");
990 		return;
991 	}
992 
993 	if (ipv6_addr_is_multicast(daddr) &&
994 	    msg->icmph.icmp6_solicited) {
995 		ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
996 		return;
997 	}
998 
999 	/* For some 802.11 wireless deployments (and possibly other networks),
1000 	 * there will be a NA proxy and unsolicitd packets are attacks
1001 	 * and thus should not be accepted.
1002 	 */
1003 	if (!msg->icmph.icmp6_solicited && idev &&
1004 	    idev->cnf.drop_unsolicited_na)
1005 		return;
1006 
1007 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
1008 		ND_PRINTK(2, warn, "NS: invalid ND option\n");
1009 		return;
1010 	}
1011 	if (ndopts.nd_opts_tgt_lladdr) {
1012 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1013 		if (!lladdr) {
1014 			ND_PRINTK(2, warn,
1015 				  "NA: invalid link-layer address length\n");
1016 			return;
1017 		}
1018 	}
1019 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1020 	if (ifp) {
1021 		if (skb->pkt_type != PACKET_LOOPBACK
1022 		    && (ifp->flags & IFA_F_TENTATIVE)) {
1023 				addrconf_dad_failure(skb, ifp);
1024 				return;
1025 		}
1026 		/* What should we make now? The advertisement
1027 		   is invalid, but ndisc specs say nothing
1028 		   about it. It could be misconfiguration, or
1029 		   an smart proxy agent tries to help us :-)
1030 
1031 		   We should not print the error if NA has been
1032 		   received from loopback - it is just our own
1033 		   unsolicited advertisement.
1034 		 */
1035 		if (skb->pkt_type != PACKET_LOOPBACK)
1036 			ND_PRINTK(1, warn,
1037 				  "NA: %pM advertised our address %pI6c on %s!\n",
1038 				  eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1039 		in6_ifa_put(ifp);
1040 		return;
1041 	}
1042 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1043 
1044 	if (neigh) {
1045 		u8 old_flags = neigh->flags;
1046 		struct net *net = dev_net(dev);
1047 
1048 		if (neigh->nud_state & NUD_FAILED)
1049 			goto out;
1050 
1051 		/*
1052 		 * Don't update the neighbor cache entry on a proxy NA from
1053 		 * ourselves because either the proxied node is off link or it
1054 		 * has already sent a NA to us.
1055 		 */
1056 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1057 		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1058 		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1059 			/* XXX: idev->cnf.proxy_ndp */
1060 			goto out;
1061 		}
1062 
1063 		ndisc_update(dev, neigh, lladdr,
1064 			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1065 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1066 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1067 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1068 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1069 			     NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1070 
1071 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1072 			/*
1073 			 * Change: router to host
1074 			 */
1075 			rt6_clean_tohost(dev_net(dev),  saddr);
1076 		}
1077 
1078 out:
1079 		neigh_release(neigh);
1080 	}
1081 }
1082 
1083 static void ndisc_recv_rs(struct sk_buff *skb)
1084 {
1085 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1086 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1087 	struct neighbour *neigh;
1088 	struct inet6_dev *idev;
1089 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1090 	struct ndisc_options ndopts;
1091 	u8 *lladdr = NULL;
1092 
1093 	if (skb->len < sizeof(*rs_msg))
1094 		return;
1095 
1096 	idev = __in6_dev_get(skb->dev);
1097 	if (!idev) {
1098 		ND_PRINTK(1, err, "RS: can't find in6 device\n");
1099 		return;
1100 	}
1101 
1102 	/* Don't accept RS if we're not in router mode */
1103 	if (!idev->cnf.forwarding)
1104 		goto out;
1105 
1106 	/*
1107 	 * Don't update NCE if src = ::;
1108 	 * this implies that the source node has no ip address assigned yet.
1109 	 */
1110 	if (ipv6_addr_any(saddr))
1111 		goto out;
1112 
1113 	/* Parse ND options */
1114 	if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1115 		ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1116 		goto out;
1117 	}
1118 
1119 	if (ndopts.nd_opts_src_lladdr) {
1120 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1121 					     skb->dev);
1122 		if (!lladdr)
1123 			goto out;
1124 	}
1125 
1126 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1127 	if (neigh) {
1128 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1129 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1130 			     NEIGH_UPDATE_F_OVERRIDE|
1131 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1132 			     NDISC_ROUTER_SOLICITATION, &ndopts);
1133 		neigh_release(neigh);
1134 	}
1135 out:
1136 	return;
1137 }
1138 
1139 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1140 {
1141 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1142 	struct sk_buff *skb;
1143 	struct nlmsghdr *nlh;
1144 	struct nduseroptmsg *ndmsg;
1145 	struct net *net = dev_net(ra->dev);
1146 	int err;
1147 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1148 				    + (opt->nd_opt_len << 3));
1149 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1150 
1151 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1152 	if (!skb) {
1153 		err = -ENOBUFS;
1154 		goto errout;
1155 	}
1156 
1157 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1158 	if (!nlh) {
1159 		goto nla_put_failure;
1160 	}
1161 
1162 	ndmsg = nlmsg_data(nlh);
1163 	ndmsg->nduseropt_family = AF_INET6;
1164 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1165 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1166 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1167 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1168 
1169 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1170 
1171 	if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1172 		goto nla_put_failure;
1173 	nlmsg_end(skb, nlh);
1174 
1175 	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1176 	return;
1177 
1178 nla_put_failure:
1179 	nlmsg_free(skb);
1180 	err = -EMSGSIZE;
1181 errout:
1182 	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1183 }
1184 
1185 static void ndisc_router_discovery(struct sk_buff *skb)
1186 {
1187 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1188 	struct neighbour *neigh = NULL;
1189 	struct inet6_dev *in6_dev;
1190 	struct fib6_info *rt = NULL;
1191 	u32 defrtr_usr_metric;
1192 	struct net *net;
1193 	int lifetime;
1194 	struct ndisc_options ndopts;
1195 	int optlen;
1196 	unsigned int pref = 0;
1197 	__u32 old_if_flags;
1198 	bool send_ifinfo_notify = false;
1199 
1200 	__u8 *opt = (__u8 *)(ra_msg + 1);
1201 
1202 	optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1203 		sizeof(struct ra_msg);
1204 
1205 	ND_PRINTK(2, info,
1206 		  "RA: %s, dev: %s\n",
1207 		  __func__, skb->dev->name);
1208 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1209 		ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1210 		return;
1211 	}
1212 	if (optlen < 0) {
1213 		ND_PRINTK(2, warn, "RA: packet too short\n");
1214 		return;
1215 	}
1216 
1217 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1218 	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1219 		ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1220 		return;
1221 	}
1222 #endif
1223 
1224 	/*
1225 	 *	set the RA_RECV flag in the interface
1226 	 */
1227 
1228 	in6_dev = __in6_dev_get(skb->dev);
1229 	if (!in6_dev) {
1230 		ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1231 			  skb->dev->name);
1232 		return;
1233 	}
1234 
1235 	if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1236 		ND_PRINTK(2, warn, "RA: invalid ND options\n");
1237 		return;
1238 	}
1239 
1240 	if (!ipv6_accept_ra(in6_dev)) {
1241 		ND_PRINTK(2, info,
1242 			  "RA: %s, did not accept ra for dev: %s\n",
1243 			  __func__, skb->dev->name);
1244 		goto skip_linkparms;
1245 	}
1246 
1247 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1248 	/* skip link-specific parameters from interior routers */
1249 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1250 		ND_PRINTK(2, info,
1251 			  "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1252 			  __func__, skb->dev->name);
1253 		goto skip_linkparms;
1254 	}
1255 #endif
1256 
1257 	if (in6_dev->if_flags & IF_RS_SENT) {
1258 		/*
1259 		 *	flag that an RA was received after an RS was sent
1260 		 *	out on this interface.
1261 		 */
1262 		in6_dev->if_flags |= IF_RA_RCVD;
1263 	}
1264 
1265 	/*
1266 	 * Remember the managed/otherconf flags from most recently
1267 	 * received RA message (RFC 2462) -- yoshfuji
1268 	 */
1269 	old_if_flags = in6_dev->if_flags;
1270 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1271 				IF_RA_OTHERCONF)) |
1272 				(ra_msg->icmph.icmp6_addrconf_managed ?
1273 					IF_RA_MANAGED : 0) |
1274 				(ra_msg->icmph.icmp6_addrconf_other ?
1275 					IF_RA_OTHERCONF : 0);
1276 
1277 	if (old_if_flags != in6_dev->if_flags)
1278 		send_ifinfo_notify = true;
1279 
1280 	if (!in6_dev->cnf.accept_ra_defrtr) {
1281 		ND_PRINTK(2, info,
1282 			  "RA: %s, defrtr is false for dev: %s\n",
1283 			  __func__, skb->dev->name);
1284 		goto skip_defrtr;
1285 	}
1286 
1287 	/* Do not accept RA with source-addr found on local machine unless
1288 	 * accept_ra_from_local is set to true.
1289 	 */
1290 	net = dev_net(in6_dev->dev);
1291 	if (!in6_dev->cnf.accept_ra_from_local &&
1292 	    ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1293 		ND_PRINTK(2, info,
1294 			  "RA from local address detected on dev: %s: default router ignored\n",
1295 			  skb->dev->name);
1296 		goto skip_defrtr;
1297 	}
1298 
1299 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1300 
1301 #ifdef CONFIG_IPV6_ROUTER_PREF
1302 	pref = ra_msg->icmph.icmp6_router_pref;
1303 	/* 10b is handled as if it were 00b (medium) */
1304 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1305 	    !in6_dev->cnf.accept_ra_rtr_pref)
1306 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1307 #endif
1308 	/* routes added from RAs do not use nexthop objects */
1309 	rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1310 	if (rt) {
1311 		neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1312 					 rt->fib6_nh->fib_nh_dev, NULL,
1313 					  &ipv6_hdr(skb)->saddr);
1314 		if (!neigh) {
1315 			ND_PRINTK(0, err,
1316 				  "RA: %s got default router without neighbour\n",
1317 				  __func__);
1318 			fib6_info_release(rt);
1319 			return;
1320 		}
1321 	}
1322 	/* Set default route metric as specified by user */
1323 	defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1324 	/* delete the route if lifetime is 0 or if metric needs change */
1325 	if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1326 		ip6_del_rt(net, rt, false);
1327 		rt = NULL;
1328 	}
1329 
1330 	ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, metric: %d, for dev: %s\n",
1331 		  rt, lifetime, defrtr_usr_metric, skb->dev->name);
1332 	if (!rt && lifetime) {
1333 		ND_PRINTK(3, info, "RA: adding default router\n");
1334 
1335 		rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1336 					 skb->dev, pref, defrtr_usr_metric);
1337 		if (!rt) {
1338 			ND_PRINTK(0, err,
1339 				  "RA: %s failed to add default route\n",
1340 				  __func__);
1341 			return;
1342 		}
1343 
1344 		neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1345 					 rt->fib6_nh->fib_nh_dev, NULL,
1346 					  &ipv6_hdr(skb)->saddr);
1347 		if (!neigh) {
1348 			ND_PRINTK(0, err,
1349 				  "RA: %s got default router without neighbour\n",
1350 				  __func__);
1351 			fib6_info_release(rt);
1352 			return;
1353 		}
1354 		neigh->flags |= NTF_ROUTER;
1355 	} else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1356 		struct nl_info nlinfo = {
1357 			.nl_net = net,
1358 		};
1359 		rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1360 		inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1361 	}
1362 
1363 	if (rt)
1364 		fib6_set_expires(rt, jiffies + (HZ * lifetime));
1365 	if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1366 	    ra_msg->icmph.icmp6_hop_limit) {
1367 		if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1368 			in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1369 			fib6_metric_set(rt, RTAX_HOPLIMIT,
1370 					ra_msg->icmph.icmp6_hop_limit);
1371 		} else {
1372 			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1373 		}
1374 	}
1375 
1376 skip_defrtr:
1377 
1378 	/*
1379 	 *	Update Reachable Time and Retrans Timer
1380 	 */
1381 
1382 	if (in6_dev->nd_parms) {
1383 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1384 
1385 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1386 			rtime = (rtime*HZ)/1000;
1387 			if (rtime < HZ/100)
1388 				rtime = HZ/100;
1389 			NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1390 			in6_dev->tstamp = jiffies;
1391 			send_ifinfo_notify = true;
1392 		}
1393 
1394 		rtime = ntohl(ra_msg->reachable_time);
1395 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1396 			rtime = (rtime*HZ)/1000;
1397 
1398 			if (rtime < HZ/10)
1399 				rtime = HZ/10;
1400 
1401 			if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1402 				NEIGH_VAR_SET(in6_dev->nd_parms,
1403 					      BASE_REACHABLE_TIME, rtime);
1404 				NEIGH_VAR_SET(in6_dev->nd_parms,
1405 					      GC_STALETIME, 3 * rtime);
1406 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1407 				in6_dev->tstamp = jiffies;
1408 				send_ifinfo_notify = true;
1409 			}
1410 		}
1411 	}
1412 
1413 skip_linkparms:
1414 
1415 	/*
1416 	 *	Process options.
1417 	 */
1418 
1419 	if (!neigh)
1420 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1421 				       skb->dev, 1);
1422 	if (neigh) {
1423 		u8 *lladdr = NULL;
1424 		if (ndopts.nd_opts_src_lladdr) {
1425 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1426 						     skb->dev);
1427 			if (!lladdr) {
1428 				ND_PRINTK(2, warn,
1429 					  "RA: invalid link-layer address length\n");
1430 				goto out;
1431 			}
1432 		}
1433 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1434 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1435 			     NEIGH_UPDATE_F_OVERRIDE|
1436 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1437 			     NEIGH_UPDATE_F_ISROUTER,
1438 			     NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1439 	}
1440 
1441 	if (!ipv6_accept_ra(in6_dev)) {
1442 		ND_PRINTK(2, info,
1443 			  "RA: %s, accept_ra is false for dev: %s\n",
1444 			  __func__, skb->dev->name);
1445 		goto out;
1446 	}
1447 
1448 #ifdef CONFIG_IPV6_ROUTE_INFO
1449 	if (!in6_dev->cnf.accept_ra_from_local &&
1450 	    ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1451 			  in6_dev->dev, 0)) {
1452 		ND_PRINTK(2, info,
1453 			  "RA from local address detected on dev: %s: router info ignored.\n",
1454 			  skb->dev->name);
1455 		goto skip_routeinfo;
1456 	}
1457 
1458 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1459 		struct nd_opt_hdr *p;
1460 		for (p = ndopts.nd_opts_ri;
1461 		     p;
1462 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1463 			struct route_info *ri = (struct route_info *)p;
1464 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1465 			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1466 			    ri->prefix_len == 0)
1467 				continue;
1468 #endif
1469 			if (ri->prefix_len == 0 &&
1470 			    !in6_dev->cnf.accept_ra_defrtr)
1471 				continue;
1472 			if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1473 				continue;
1474 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1475 				continue;
1476 			rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1477 				      &ipv6_hdr(skb)->saddr);
1478 		}
1479 	}
1480 
1481 skip_routeinfo:
1482 #endif
1483 
1484 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1485 	/* skip link-specific ndopts from interior routers */
1486 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1487 		ND_PRINTK(2, info,
1488 			  "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1489 			  __func__, skb->dev->name);
1490 		goto out;
1491 	}
1492 #endif
1493 
1494 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1495 		struct nd_opt_hdr *p;
1496 		for (p = ndopts.nd_opts_pi;
1497 		     p;
1498 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1499 			addrconf_prefix_rcv(skb->dev, (u8 *)p,
1500 					    (p->nd_opt_len) << 3,
1501 					    ndopts.nd_opts_src_lladdr != NULL);
1502 		}
1503 	}
1504 
1505 	if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1506 		__be32 n;
1507 		u32 mtu;
1508 
1509 		memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1510 		mtu = ntohl(n);
1511 
1512 		if (in6_dev->ra_mtu != mtu) {
1513 			in6_dev->ra_mtu = mtu;
1514 			send_ifinfo_notify = true;
1515 		}
1516 
1517 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1518 			ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1519 		} else if (in6_dev->cnf.mtu6 != mtu) {
1520 			in6_dev->cnf.mtu6 = mtu;
1521 			fib6_metric_set(rt, RTAX_MTU, mtu);
1522 			rt6_mtu_change(skb->dev, mtu);
1523 		}
1524 	}
1525 
1526 	if (ndopts.nd_useropts) {
1527 		struct nd_opt_hdr *p;
1528 		for (p = ndopts.nd_useropts;
1529 		     p;
1530 		     p = ndisc_next_useropt(skb->dev, p,
1531 					    ndopts.nd_useropts_end)) {
1532 			ndisc_ra_useropt(skb, p);
1533 		}
1534 	}
1535 
1536 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1537 		ND_PRINTK(2, warn, "RA: invalid RA options\n");
1538 	}
1539 out:
1540 	/* Send a notify if RA changed managed/otherconf flags or
1541 	 * timer settings or ra_mtu value
1542 	 */
1543 	if (send_ifinfo_notify)
1544 		inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1545 
1546 	fib6_info_release(rt);
1547 	if (neigh)
1548 		neigh_release(neigh);
1549 }
1550 
1551 static void ndisc_redirect_rcv(struct sk_buff *skb)
1552 {
1553 	u8 *hdr;
1554 	struct ndisc_options ndopts;
1555 	struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1556 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1557 				    offsetof(struct rd_msg, opt));
1558 
1559 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1560 	switch (skb->ndisc_nodetype) {
1561 	case NDISC_NODETYPE_HOST:
1562 	case NDISC_NODETYPE_NODEFAULT:
1563 		ND_PRINTK(2, warn,
1564 			  "Redirect: from host or unauthorized router\n");
1565 		return;
1566 	}
1567 #endif
1568 
1569 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1570 		ND_PRINTK(2, warn,
1571 			  "Redirect: source address is not link-local\n");
1572 		return;
1573 	}
1574 
1575 	if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1576 		return;
1577 
1578 	if (!ndopts.nd_opts_rh) {
1579 		ip6_redirect_no_header(skb, dev_net(skb->dev),
1580 					skb->dev->ifindex);
1581 		return;
1582 	}
1583 
1584 	hdr = (u8 *)ndopts.nd_opts_rh;
1585 	hdr += 8;
1586 	if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1587 		return;
1588 
1589 	icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1590 }
1591 
1592 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1593 					   struct sk_buff *orig_skb,
1594 					   int rd_len)
1595 {
1596 	u8 *opt = skb_put(skb, rd_len);
1597 
1598 	memset(opt, 0, 8);
1599 	*(opt++) = ND_OPT_REDIRECT_HDR;
1600 	*(opt++) = (rd_len >> 3);
1601 	opt += 6;
1602 
1603 	skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1604 		      rd_len - 8);
1605 }
1606 
1607 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1608 {
1609 	struct net_device *dev = skb->dev;
1610 	struct net *net = dev_net(dev);
1611 	struct sock *sk = net->ipv6.ndisc_sk;
1612 	int optlen = 0;
1613 	struct inet_peer *peer;
1614 	struct sk_buff *buff;
1615 	struct rd_msg *msg;
1616 	struct in6_addr saddr_buf;
1617 	struct rt6_info *rt;
1618 	struct dst_entry *dst;
1619 	struct flowi6 fl6;
1620 	int rd_len;
1621 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1622 	   ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1623 	bool ret;
1624 
1625 	if (netif_is_l3_master(skb->dev)) {
1626 		dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1627 		if (!dev)
1628 			return;
1629 	}
1630 
1631 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1632 		ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1633 			  dev->name);
1634 		return;
1635 	}
1636 
1637 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1638 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1639 		ND_PRINTK(2, warn,
1640 			  "Redirect: target address is not link-local unicast\n");
1641 		return;
1642 	}
1643 
1644 	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1645 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1646 
1647 	dst = ip6_route_output(net, NULL, &fl6);
1648 	if (dst->error) {
1649 		dst_release(dst);
1650 		return;
1651 	}
1652 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1653 	if (IS_ERR(dst))
1654 		return;
1655 
1656 	rt = (struct rt6_info *) dst;
1657 
1658 	if (rt->rt6i_flags & RTF_GATEWAY) {
1659 		ND_PRINTK(2, warn,
1660 			  "Redirect: destination is not a neighbour\n");
1661 		goto release;
1662 	}
1663 	peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1664 	ret = inet_peer_xrlim_allow(peer, 1*HZ);
1665 	if (peer)
1666 		inet_putpeer(peer);
1667 	if (!ret)
1668 		goto release;
1669 
1670 	if (dev->addr_len) {
1671 		struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1672 		if (!neigh) {
1673 			ND_PRINTK(2, warn,
1674 				  "Redirect: no neigh for target address\n");
1675 			goto release;
1676 		}
1677 
1678 		read_lock_bh(&neigh->lock);
1679 		if (neigh->nud_state & NUD_VALID) {
1680 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1681 			read_unlock_bh(&neigh->lock);
1682 			ha = ha_buf;
1683 			optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1684 								ops_data_buf,
1685 								&ops_data);
1686 		} else
1687 			read_unlock_bh(&neigh->lock);
1688 
1689 		neigh_release(neigh);
1690 	}
1691 
1692 	rd_len = min_t(unsigned int,
1693 		       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1694 		       skb->len + 8);
1695 	rd_len &= ~0x7;
1696 	optlen += rd_len;
1697 
1698 	buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1699 	if (!buff)
1700 		goto release;
1701 
1702 	msg = skb_put(buff, sizeof(*msg));
1703 	*msg = (struct rd_msg) {
1704 		.icmph = {
1705 			.icmp6_type = NDISC_REDIRECT,
1706 		},
1707 		.target = *target,
1708 		.dest = ipv6_hdr(skb)->daddr,
1709 	};
1710 
1711 	/*
1712 	 *	include target_address option
1713 	 */
1714 
1715 	if (ha)
1716 		ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1717 
1718 	/*
1719 	 *	build redirect option and copy skb over to the new packet.
1720 	 */
1721 
1722 	if (rd_len)
1723 		ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1724 
1725 	skb_dst_set(buff, dst);
1726 	ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1727 	return;
1728 
1729 release:
1730 	dst_release(dst);
1731 }
1732 
1733 static void pndisc_redo(struct sk_buff *skb)
1734 {
1735 	ndisc_recv_ns(skb);
1736 	kfree_skb(skb);
1737 }
1738 
1739 static int ndisc_is_multicast(const void *pkey)
1740 {
1741 	return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1742 }
1743 
1744 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1745 {
1746 	struct inet6_dev *idev = __in6_dev_get(skb->dev);
1747 
1748 	if (!idev)
1749 		return true;
1750 	if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1751 	    idev->cnf.suppress_frag_ndisc) {
1752 		net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1753 		return true;
1754 	}
1755 	return false;
1756 }
1757 
1758 int ndisc_rcv(struct sk_buff *skb)
1759 {
1760 	struct nd_msg *msg;
1761 
1762 	if (ndisc_suppress_frag_ndisc(skb))
1763 		return 0;
1764 
1765 	if (skb_linearize(skb))
1766 		return 0;
1767 
1768 	msg = (struct nd_msg *)skb_transport_header(skb);
1769 
1770 	__skb_push(skb, skb->data - skb_transport_header(skb));
1771 
1772 	if (ipv6_hdr(skb)->hop_limit != 255) {
1773 		ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1774 			  ipv6_hdr(skb)->hop_limit);
1775 		return 0;
1776 	}
1777 
1778 	if (msg->icmph.icmp6_code != 0) {
1779 		ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1780 			  msg->icmph.icmp6_code);
1781 		return 0;
1782 	}
1783 
1784 	switch (msg->icmph.icmp6_type) {
1785 	case NDISC_NEIGHBOUR_SOLICITATION:
1786 		memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1787 		ndisc_recv_ns(skb);
1788 		break;
1789 
1790 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1791 		ndisc_recv_na(skb);
1792 		break;
1793 
1794 	case NDISC_ROUTER_SOLICITATION:
1795 		ndisc_recv_rs(skb);
1796 		break;
1797 
1798 	case NDISC_ROUTER_ADVERTISEMENT:
1799 		ndisc_router_discovery(skb);
1800 		break;
1801 
1802 	case NDISC_REDIRECT:
1803 		ndisc_redirect_rcv(skb);
1804 		break;
1805 	}
1806 
1807 	return 0;
1808 }
1809 
1810 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1811 {
1812 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1813 	struct netdev_notifier_change_info *change_info;
1814 	struct net *net = dev_net(dev);
1815 	struct inet6_dev *idev;
1816 	bool evict_nocarrier;
1817 
1818 	switch (event) {
1819 	case NETDEV_CHANGEADDR:
1820 		neigh_changeaddr(&nd_tbl, dev);
1821 		fib6_run_gc(0, net, false);
1822 		fallthrough;
1823 	case NETDEV_UP:
1824 		idev = in6_dev_get(dev);
1825 		if (!idev)
1826 			break;
1827 		if (idev->cnf.ndisc_notify ||
1828 		    net->ipv6.devconf_all->ndisc_notify)
1829 			ndisc_send_unsol_na(dev);
1830 		in6_dev_put(idev);
1831 		break;
1832 	case NETDEV_CHANGE:
1833 		idev = in6_dev_get(dev);
1834 		if (!idev)
1835 			evict_nocarrier = true;
1836 		else {
1837 			evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1838 					  net->ipv6.devconf_all->ndisc_evict_nocarrier;
1839 			in6_dev_put(idev);
1840 		}
1841 
1842 		change_info = ptr;
1843 		if (change_info->flags_changed & IFF_NOARP)
1844 			neigh_changeaddr(&nd_tbl, dev);
1845 		if (evict_nocarrier && !netif_carrier_ok(dev))
1846 			neigh_carrier_down(&nd_tbl, dev);
1847 		break;
1848 	case NETDEV_DOWN:
1849 		neigh_ifdown(&nd_tbl, dev);
1850 		fib6_run_gc(0, net, false);
1851 		break;
1852 	case NETDEV_NOTIFY_PEERS:
1853 		ndisc_send_unsol_na(dev);
1854 		break;
1855 	default:
1856 		break;
1857 	}
1858 
1859 	return NOTIFY_DONE;
1860 }
1861 
1862 static struct notifier_block ndisc_netdev_notifier = {
1863 	.notifier_call = ndisc_netdev_event,
1864 	.priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1865 };
1866 
1867 #ifdef CONFIG_SYSCTL
1868 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1869 					 const char *func, const char *dev_name)
1870 {
1871 	static char warncomm[TASK_COMM_LEN];
1872 	static int warned;
1873 	if (strcmp(warncomm, current->comm) && warned < 5) {
1874 		strcpy(warncomm, current->comm);
1875 		pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1876 			warncomm, func,
1877 			dev_name, ctl->procname,
1878 			dev_name, ctl->procname);
1879 		warned++;
1880 	}
1881 }
1882 
1883 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1884 		size_t *lenp, loff_t *ppos)
1885 {
1886 	struct net_device *dev = ctl->extra1;
1887 	struct inet6_dev *idev;
1888 	int ret;
1889 
1890 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1891 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1892 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1893 
1894 	if (strcmp(ctl->procname, "retrans_time") == 0)
1895 		ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1896 
1897 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1898 		ret = neigh_proc_dointvec_jiffies(ctl, write,
1899 						  buffer, lenp, ppos);
1900 
1901 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1902 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1903 		ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1904 						     buffer, lenp, ppos);
1905 	else
1906 		ret = -1;
1907 
1908 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1909 		if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1910 			idev->nd_parms->reachable_time =
1911 					neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1912 		idev->tstamp = jiffies;
1913 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1914 		in6_dev_put(idev);
1915 	}
1916 	return ret;
1917 }
1918 
1919 
1920 #endif
1921 
1922 static int __net_init ndisc_net_init(struct net *net)
1923 {
1924 	struct ipv6_pinfo *np;
1925 	struct sock *sk;
1926 	int err;
1927 
1928 	err = inet_ctl_sock_create(&sk, PF_INET6,
1929 				   SOCK_RAW, IPPROTO_ICMPV6, net);
1930 	if (err < 0) {
1931 		ND_PRINTK(0, err,
1932 			  "NDISC: Failed to initialize the control socket (err %d)\n",
1933 			  err);
1934 		return err;
1935 	}
1936 
1937 	net->ipv6.ndisc_sk = sk;
1938 
1939 	np = inet6_sk(sk);
1940 	np->hop_limit = 255;
1941 	/* Do not loopback ndisc messages */
1942 	np->mc_loop = 0;
1943 
1944 	return 0;
1945 }
1946 
1947 static void __net_exit ndisc_net_exit(struct net *net)
1948 {
1949 	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1950 }
1951 
1952 static struct pernet_operations ndisc_net_ops = {
1953 	.init = ndisc_net_init,
1954 	.exit = ndisc_net_exit,
1955 };
1956 
1957 int __init ndisc_init(void)
1958 {
1959 	int err;
1960 
1961 	err = register_pernet_subsys(&ndisc_net_ops);
1962 	if (err)
1963 		return err;
1964 	/*
1965 	 * Initialize the neighbour table
1966 	 */
1967 	neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1968 
1969 #ifdef CONFIG_SYSCTL
1970 	err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1971 				    ndisc_ifinfo_sysctl_change);
1972 	if (err)
1973 		goto out_unregister_pernet;
1974 out:
1975 #endif
1976 	return err;
1977 
1978 #ifdef CONFIG_SYSCTL
1979 out_unregister_pernet:
1980 	unregister_pernet_subsys(&ndisc_net_ops);
1981 	goto out;
1982 #endif
1983 }
1984 
1985 int __init ndisc_late_init(void)
1986 {
1987 	return register_netdevice_notifier(&ndisc_netdev_notifier);
1988 }
1989 
1990 void ndisc_late_cleanup(void)
1991 {
1992 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1993 }
1994 
1995 void ndisc_cleanup(void)
1996 {
1997 #ifdef CONFIG_SYSCTL
1998 	neigh_sysctl_unregister(&nd_tbl.parms);
1999 #endif
2000 	neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2001 	unregister_pernet_subsys(&ndisc_net_ops);
2002 }
2003