[IPv6]: Export userland ND options through netlink (RDNSS support)
[linux-2.6] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Pierre Ynard                    :       export userland ND options
19  *                                              through netlink (RDNSS support)
20  *      Lars Fenneberg                  :       fixed MTU setting on receipt
21  *                                              of an RA.
22  *      Janos Farkas                    :       kmalloc failure checks
23  *      Alexey Kuznetsov                :       state machine reworked
24  *                                              and moved to net/core.
25  *      Pekka Savola                    :       RFC2461 validation
26  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
27  */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71
72 #include <net/sock.h>
73 #include <net/snmp.h>
74
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91
92 static struct socket *ndisc_socket;
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static struct neigh_ops ndisc_generic_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_connected_output,
108         .hh_output =            dev_queue_xmit,
109         .queue_xmit =           dev_queue_xmit,
110 };
111
112 static struct neigh_ops ndisc_hh_ops = {
113         .family =               AF_INET6,
114         .solicit =              ndisc_solicit,
115         .error_report =         ndisc_error_report,
116         .output =               neigh_resolve_output,
117         .connected_output =     neigh_resolve_output,
118         .hh_output =            dev_queue_xmit,
119         .queue_xmit =           dev_queue_xmit,
120 };
121
122
123 static struct neigh_ops ndisc_direct_ops = {
124         .family =               AF_INET6,
125         .output =               dev_queue_xmit,
126         .connected_output =     dev_queue_xmit,
127         .hh_output =            dev_queue_xmit,
128         .queue_xmit =           dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132         .family =       AF_INET6,
133         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
134         .key_len =      sizeof(struct in6_addr),
135         .hash =         ndisc_hash,
136         .constructor =  ndisc_constructor,
137         .pconstructor = pndisc_constructor,
138         .pdestructor =  pndisc_destructor,
139         .proxy_redo =   pndisc_redo,
140         .id =           "ndisc_cache",
141         .parms = {
142                 .tbl =                  &nd_tbl,
143                 .base_reachable_time =  30 * HZ,
144                 .retrans_time =  1 * HZ,
145                 .gc_staletime = 60 * HZ,
146                 .reachable_time =               30 * HZ,
147                 .delay_probe_time =      5 * HZ,
148                 .queue_len =             3,
149                 .ucast_probes =  3,
150                 .mcast_probes =  3,
151                 .anycast_delay =         1 * HZ,
152                 .proxy_delay =          (8 * HZ) / 10,
153                 .proxy_qlen =           64,
154         },
155         .gc_interval =    30 * HZ,
156         .gc_thresh1 =    128,
157         .gc_thresh2 =    512,
158         .gc_thresh3 =   1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165         struct nd_opt_hdr *nd_opts_ri;
166         struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168         struct nd_opt_hdr *nd_useropts;
169         struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182  * Return the padding between the option length and the start of the
183  * link addr.  Currently only IP-over-InfiniBand needs this, although
184  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185  * also need a pad of 2.
186  */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189         switch (type) {
190         case ARPHRD_INFINIBAND: return 2;
191         default:                return 0;
192         }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201                                   unsigned short addr_type)
202 {
203         int space = NDISC_OPT_SPACE(data_len);
204         int pad   = ndisc_addr_option_pad(addr_type);
205
206         opt[0] = type;
207         opt[1] = space>>3;
208
209         memset(opt + 2, 0, pad);
210         opt   += pad;
211         space -= pad;
212
213         memcpy(opt+2, data, data_len);
214         data_len += 2;
215         opt += data_len;
216         if ((space -= data_len) > 0)
217                 memset(opt, 0, space);
218         return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222                                             struct nd_opt_hdr *end)
223 {
224         int type;
225         if (!cur || !end || cur >= end)
226                 return NULL;
227         type = cur->nd_opt_type;
228         do {
229                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230         } while(cur < end && cur->nd_opt_type != type);
231         return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236         return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240                                              struct nd_opt_hdr *end)
241 {
242         if (!cur || !end || cur >= end)
243                 return NULL;
244         do {
245                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246         } while(cur < end && !ndisc_is_useropt(cur));
247         return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251                                                  struct ndisc_options *ndopts)
252 {
253         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255         if (!nd_opt || opt_len < 0 || !ndopts)
256                 return NULL;
257         memset(ndopts, 0, sizeof(*ndopts));
258         while (opt_len) {
259                 int l;
260                 if (opt_len < sizeof(struct nd_opt_hdr))
261                         return NULL;
262                 l = nd_opt->nd_opt_len << 3;
263                 if (opt_len < l || l == 0)
264                         return NULL;
265                 switch (nd_opt->nd_opt_type) {
266                 case ND_OPT_SOURCE_LL_ADDR:
267                 case ND_OPT_TARGET_LL_ADDR:
268                 case ND_OPT_MTU:
269                 case ND_OPT_REDIRECT_HDR:
270                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271                                 ND_PRINTK2(KERN_WARNING
272                                            "%s(): duplicated ND6 option found: type=%d\n",
273                                            __FUNCTION__,
274                                            nd_opt->nd_opt_type);
275                         } else {
276                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277                         }
278                         break;
279                 case ND_OPT_PREFIX_INFO:
280                         ndopts->nd_opts_pi_end = nd_opt;
281                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283                         break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285                 case ND_OPT_ROUTE_INFO:
286                         ndopts->nd_opts_ri_end = nd_opt;
287                         if (!ndopts->nd_opts_ri)
288                                 ndopts->nd_opts_ri = nd_opt;
289                         break;
290 #endif
291                 default:
292                         if (ndisc_is_useropt(nd_opt)) {
293                                 ndopts->nd_useropts_end = nd_opt;
294                                 if (!ndopts->nd_useropts)
295                                         ndopts->nd_useropts = nd_opt;
296                         } else {
297                                 /*
298                                  * Unknown options must be silently ignored,
299                                  * to accommodate future extension to the
300                                  * protocol.
301                                  */
302                                 ND_PRINTK2(KERN_NOTICE
303                                            "%s(): ignored unsupported option; type=%d, len=%d\n",
304                                            __FUNCTION__,
305                                            nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306                         }
307                 }
308                 opt_len -= l;
309                 nd_opt = ((void *)nd_opt) + l;
310         }
311         return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315                                       struct net_device *dev)
316 {
317         u8 *lladdr = (u8 *)(p + 1);
318         int lladdrlen = p->nd_opt_len << 3;
319         int prepad = ndisc_addr_option_pad(dev->type);
320         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321                 return NULL;
322         return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327         switch (dev->type) {
328         case ARPHRD_ETHER:
329         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
330         case ARPHRD_FDDI:
331                 ipv6_eth_mc_map(addr, buf);
332                 return 0;
333         case ARPHRD_IEEE802_TR:
334                 ipv6_tr_mc_map(addr,buf);
335                 return 0;
336         case ARPHRD_ARCNET:
337                 ipv6_arcnet_mc_map(addr, buf);
338                 return 0;
339         case ARPHRD_INFINIBAND:
340                 ipv6_ib_mc_map(addr, buf);
341                 return 0;
342         default:
343                 if (dir) {
344                         memcpy(buf, dev->broadcast, dev->addr_len);
345                         return 0;
346                 }
347         }
348         return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355         const u32 *p32 = pkey;
356         u32 addr_hash, i;
357
358         addr_hash = 0;
359         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360                 addr_hash ^= *p32++;
361
362         return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368         struct net_device *dev = neigh->dev;
369         struct inet6_dev *in6_dev;
370         struct neigh_parms *parms;
371         int is_multicast = ipv6_addr_is_multicast(addr);
372
373         rcu_read_lock();
374         in6_dev = in6_dev_get(dev);
375         if (in6_dev == NULL) {
376                 rcu_read_unlock();
377                 return -EINVAL;
378         }
379
380         parms = in6_dev->nd_parms;
381         __neigh_parms_put(neigh->parms);
382         neigh->parms = neigh_parms_clone(parms);
383         rcu_read_unlock();
384
385         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386         if (!dev->header_ops) {
387                 neigh->nud_state = NUD_NOARP;
388                 neigh->ops = &ndisc_direct_ops;
389                 neigh->output = neigh->ops->queue_xmit;
390         } else {
391                 if (is_multicast) {
392                         neigh->nud_state = NUD_NOARP;
393                         ndisc_mc_map(addr, neigh->ha, dev, 1);
394                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395                         neigh->nud_state = NUD_NOARP;
396                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397                         if (dev->flags&IFF_LOOPBACK)
398                                 neigh->type = RTN_LOCAL;
399                 } else if (dev->flags&IFF_POINTOPOINT) {
400                         neigh->nud_state = NUD_NOARP;
401                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402                 }
403                 if (dev->header_ops->cache)
404                         neigh->ops = &ndisc_hh_ops;
405                 else
406                         neigh->ops = &ndisc_generic_ops;
407                 if (neigh->nud_state&NUD_VALID)
408                         neigh->output = neigh->ops->connected_output;
409                 else
410                         neigh->output = neigh->ops->output;
411         }
412         in6_dev_put(in6_dev);
413         return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418         struct in6_addr *addr = (struct in6_addr*)&n->key;
419         struct in6_addr maddr;
420         struct net_device *dev = n->dev;
421
422         if (dev == NULL || __in6_dev_get(dev) == NULL)
423                 return -EINVAL;
424         addrconf_addr_solict_mult(addr, &maddr);
425         ipv6_dev_mc_inc(dev, &maddr);
426         return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431         struct in6_addr *addr = (struct in6_addr*)&n->key;
432         struct in6_addr maddr;
433         struct net_device *dev = n->dev;
434
435         if (dev == NULL || __in6_dev_get(dev) == NULL)
436                 return;
437         addrconf_addr_solict_mult(addr, &maddr);
438         ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 /*
442  *      Send a Neighbour Advertisement
443  */
444
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446                             struct in6_addr *saddr, struct in6_addr *daddr,
447                             int oif)
448 {
449         memset(fl, 0, sizeof(*fl));
450         ipv6_addr_copy(&fl->fl6_src, saddr);
451         ipv6_addr_copy(&fl->fl6_dst, daddr);
452         fl->proto               = IPPROTO_ICMPV6;
453         fl->fl_icmp_type        = type;
454         fl->fl_icmp_code        = 0;
455         fl->oif                 = oif;
456         security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458
459 static void __ndisc_send(struct net_device *dev,
460                          struct neighbour *neigh,
461                          struct in6_addr *daddr, struct in6_addr *saddr,
462                          struct icmp6hdr *icmp6h, struct in6_addr *target,
463                          int llinfo)
464 {
465         struct flowi fl;
466         struct dst_entry *dst;
467         struct sock *sk = ndisc_socket->sk;
468         struct sk_buff *skb;
469         struct icmp6hdr *hdr;
470         struct inet6_dev *idev;
471         int len;
472         int err;
473         u8 *opt, type;
474
475         type = icmp6h->icmp6_type;
476
477         ndisc_flow_init(&fl, type, saddr, daddr,
478                         dev->ifindex);
479
480         dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481         if (!dst)
482                 return;
483
484         err = xfrm_lookup(&dst, &fl, NULL, 0);
485         if (err < 0)
486                 return;
487
488         if (!dev->addr_len)
489                 llinfo = 0;
490
491         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492         if (llinfo)
493                 len += ndisc_opt_addr_space(dev);
494
495         skb = sock_alloc_send_skb(sk,
496                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
497                                    len + LL_RESERVED_SPACE(dev)),
498                                   1, &err);
499         if (!skb) {
500                 ND_PRINTK0(KERN_ERR
501                            "ICMPv6 ND: %s() failed to allocate an skb.\n",
502                            __FUNCTION__);
503                 dst_release(dst);
504                 return;
505         }
506
507         skb_reserve(skb, LL_RESERVED_SPACE(dev));
508         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510         skb->transport_header = skb->tail;
511         skb_put(skb, len);
512
513         hdr = (struct icmp6hdr *)skb_transport_header(skb);
514         memcpy(hdr, icmp6h, sizeof(*hdr));
515
516         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517         if (target) {
518                 ipv6_addr_copy((struct in6_addr *)opt, target);
519                 opt += sizeof(*target);
520         }
521
522         if (llinfo)
523                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524                                        dev->addr_len, dev->type);
525
526         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527                                            IPPROTO_ICMPV6,
528                                            csum_partial((__u8 *) hdr,
529                                                         len, 0));
530
531         skb->dst = dst;
532
533         idev = in6_dev_get(dst->dev);
534         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
537         if (!err) {
538                 ICMP6MSGOUT_INC_STATS(idev, type);
539                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
540         }
541
542         if (likely(idev != NULL))
543                 in6_dev_put(idev);
544 }
545
546 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
547                    struct in6_addr *daddr, struct in6_addr *solicited_addr,
548                    int router, int solicited, int override, int inc_opt)
549 {
550         struct in6_addr tmpaddr;
551         struct inet6_ifaddr *ifp;
552         struct in6_addr *src_addr;
553         struct icmp6hdr icmp6h = {
554                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
555         };
556
557         /* for anycast or proxy, solicited_addr != src_addr */
558         ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
559         if (ifp) {
560                 src_addr = solicited_addr;
561                 if (ifp->flags & IFA_F_OPTIMISTIC)
562                         override = 0;
563                 in6_ifa_put(ifp);
564         } else {
565                 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
566                         return;
567                 src_addr = &tmpaddr;
568         }
569
570         icmp6h.icmp6_router = router;
571         icmp6h.icmp6_solicited = solicited;
572         icmp6h.icmp6_override = override;
573
574         __ndisc_send(dev, neigh, daddr, src_addr,
575                      &icmp6h, solicited_addr,
576                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577 }
578
579 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
580                    struct in6_addr *solicit,
581                    struct in6_addr *daddr, struct in6_addr *saddr)
582 {
583         struct in6_addr addr_buf;
584         struct icmp6hdr icmp6h = {
585                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
586         };
587
588         if (saddr == NULL) {
589                 if (ipv6_get_lladdr(dev, &addr_buf,
590                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
591                         return;
592                 saddr = &addr_buf;
593         }
594
595         __ndisc_send(dev, neigh, daddr, saddr,
596                      &icmp6h, solicit,
597                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
598 }
599
600 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
601                    struct in6_addr *daddr)
602 {
603         struct icmp6hdr icmp6h = {
604                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
605         };
606         int send_sllao = dev->addr_len;
607
608 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
609         /*
610          * According to section 2.2 of RFC 4429, we must not
611          * send router solicitations with a sllao from
612          * optimistic addresses, but we may send the solicitation
613          * if we don't include the sllao.  So here we check
614          * if our address is optimistic, and if so, we
615          * supress the inclusion of the sllao.
616          */
617         if (send_sllao) {
618                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
619                 if (ifp) {
620                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
621                                 send_sllao = 0;
622                         }
623                         in6_ifa_put(ifp);
624                 } else {
625                         send_sllao = 0;
626                 }
627         }
628 #endif
629         __ndisc_send(dev, NULL, daddr, saddr,
630                      &icmp6h, NULL,
631                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
632 }
633
634
635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636 {
637         /*
638          *      "The sender MUST return an ICMP
639          *       destination unreachable"
640          */
641         dst_link_failure(skb);
642         kfree_skb(skb);
643 }
644
645 /* Called with locked neigh: either read or both */
646
647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648 {
649         struct in6_addr *saddr = NULL;
650         struct in6_addr mcaddr;
651         struct net_device *dev = neigh->dev;
652         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653         int probes = atomic_read(&neigh->probes);
654
655         if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1))
656                 saddr = &ipv6_hdr(skb)->saddr;
657
658         if ((probes -= neigh->parms->ucast_probes) < 0) {
659                 if (!(neigh->nud_state & NUD_VALID)) {
660                         ND_PRINTK1(KERN_DEBUG
661                                    "%s(): trying to ucast probe in NUD_INVALID: "
662                                    NIP6_FMT "\n",
663                                    __FUNCTION__,
664                                    NIP6(*target));
665                 }
666                 ndisc_send_ns(dev, neigh, target, target, saddr);
667         } else if ((probes -= neigh->parms->app_probes) < 0) {
668 #ifdef CONFIG_ARPD
669                 neigh_app_ns(neigh);
670 #endif
671         } else {
672                 addrconf_addr_solict_mult(target, &mcaddr);
673                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674         }
675 }
676
677 static void ndisc_recv_ns(struct sk_buff *skb)
678 {
679         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
680         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
681         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
682         u8 *lladdr = NULL;
683         u32 ndoptlen = skb->tail - (skb->transport_header +
684                                     offsetof(struct nd_msg, opt));
685         struct ndisc_options ndopts;
686         struct net_device *dev = skb->dev;
687         struct inet6_ifaddr *ifp;
688         struct inet6_dev *idev = NULL;
689         struct neighbour *neigh;
690         struct pneigh_entry *pneigh = NULL;
691         int dad = ipv6_addr_any(saddr);
692         int inc;
693         int is_router;
694
695         if (ipv6_addr_is_multicast(&msg->target)) {
696                 ND_PRINTK2(KERN_WARNING
697                            "ICMPv6 NS: multicast target address");
698                 return;
699         }
700
701         /*
702          * RFC2461 7.1.1:
703          * DAD has to be destined for solicited node multicast address.
704          */
705         if (dad &&
706             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
707               daddr->s6_addr32[1] == htonl(0x00000000) &&
708               daddr->s6_addr32[2] == htonl(0x00000001) &&
709               daddr->s6_addr [12] == 0xff )) {
710                 ND_PRINTK2(KERN_WARNING
711                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
712                 return;
713         }
714
715         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
716                 ND_PRINTK2(KERN_WARNING
717                            "ICMPv6 NS: invalid ND options\n");
718                 return;
719         }
720
721         if (ndopts.nd_opts_src_lladdr) {
722                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
723                 if (!lladdr) {
724                         ND_PRINTK2(KERN_WARNING
725                                    "ICMPv6 NS: invalid link-layer address length\n");
726                         return;
727                 }
728
729                 /* RFC2461 7.1.1:
730                  *      If the IP source address is the unspecified address,
731                  *      there MUST NOT be source link-layer address option
732                  *      in the message.
733                  */
734                 if (dad) {
735                         ND_PRINTK2(KERN_WARNING
736                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
737                         return;
738                 }
739         }
740
741         inc = ipv6_addr_is_multicast(daddr);
742
743         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
744
745                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
746                         if (dad) {
747                                 if (dev->type == ARPHRD_IEEE802_TR) {
748                                         const unsigned char *sadr;
749                                         sadr = skb_mac_header(skb);
750                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
751                                             sadr[9] == dev->dev_addr[1] &&
752                                             sadr[10] == dev->dev_addr[2] &&
753                                             sadr[11] == dev->dev_addr[3] &&
754                                             sadr[12] == dev->dev_addr[4] &&
755                                             sadr[13] == dev->dev_addr[5]) {
756                                                 /* looped-back to us */
757                                                 goto out;
758                                         }
759                                 }
760
761                                 /*
762                                  * We are colliding with another node
763                                  * who is doing DAD
764                                  * so fail our DAD process
765                                  */
766                                 addrconf_dad_failure(ifp);
767                                 return;
768                         } else {
769                                 /*
770                                  * This is not a dad solicitation.
771                                  * If we are an optimistic node,
772                                  * we should respond.
773                                  * Otherwise, we should ignore it.
774                                  */
775                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
776                                         goto out;
777                         }
778                 }
779
780                 idev = ifp->idev;
781         } else {
782                 idev = in6_dev_get(dev);
783                 if (!idev) {
784                         /* XXX: count this drop? */
785                         return;
786                 }
787
788                 if (ipv6_chk_acast_addr(dev, &msg->target) ||
789                     (idev->cnf.forwarding &&
790                      (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
791                      (pneigh = pneigh_lookup(&nd_tbl,
792                                              &msg->target, dev, 0)) != NULL)) {
793                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
794                             skb->pkt_type != PACKET_HOST &&
795                             inc != 0 &&
796                             idev->nd_parms->proxy_delay != 0) {
797                                 /*
798                                  * for anycast or proxy,
799                                  * sender should delay its response
800                                  * by a random time between 0 and
801                                  * MAX_ANYCAST_DELAY_TIME seconds.
802                                  * (RFC2461) -- yoshfuji
803                                  */
804                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
805                                 if (n)
806                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
807                                 goto out;
808                         }
809                 } else
810                         goto out;
811         }
812
813         is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
814
815         if (dad) {
816                 struct in6_addr maddr;
817
818                 ipv6_addr_all_nodes(&maddr);
819                 ndisc_send_na(dev, NULL, &maddr, &msg->target,
820                               is_router, 0, (ifp != NULL), 1);
821                 goto out;
822         }
823
824         if (inc)
825                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
826         else
827                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
828
829         /*
830          *      update / create cache entry
831          *      for the source address
832          */
833         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
834                                !inc || lladdr || !dev->addr_len);
835         if (neigh)
836                 neigh_update(neigh, lladdr, NUD_STALE,
837                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
838                              NEIGH_UPDATE_F_OVERRIDE);
839         if (neigh || !dev->header_ops) {
840                 ndisc_send_na(dev, neigh, saddr, &msg->target,
841                               is_router,
842                               1, (ifp != NULL && inc), inc);
843                 if (neigh)
844                         neigh_release(neigh);
845         }
846
847 out:
848         if (ifp)
849                 in6_ifa_put(ifp);
850         else
851                 in6_dev_put(idev);
852
853         return;
854 }
855
856 static void ndisc_recv_na(struct sk_buff *skb)
857 {
858         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
859         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
860         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
861         u8 *lladdr = NULL;
862         u32 ndoptlen = skb->tail - (skb->transport_header +
863                                     offsetof(struct nd_msg, opt));
864         struct ndisc_options ndopts;
865         struct net_device *dev = skb->dev;
866         struct inet6_ifaddr *ifp;
867         struct neighbour *neigh;
868
869         if (skb->len < sizeof(struct nd_msg)) {
870                 ND_PRINTK2(KERN_WARNING
871                            "ICMPv6 NA: packet too short\n");
872                 return;
873         }
874
875         if (ipv6_addr_is_multicast(&msg->target)) {
876                 ND_PRINTK2(KERN_WARNING
877                            "ICMPv6 NA: target address is multicast.\n");
878                 return;
879         }
880
881         if (ipv6_addr_is_multicast(daddr) &&
882             msg->icmph.icmp6_solicited) {
883                 ND_PRINTK2(KERN_WARNING
884                            "ICMPv6 NA: solicited NA is multicasted.\n");
885                 return;
886         }
887
888         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
889                 ND_PRINTK2(KERN_WARNING
890                            "ICMPv6 NS: invalid ND option\n");
891                 return;
892         }
893         if (ndopts.nd_opts_tgt_lladdr) {
894                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
895                 if (!lladdr) {
896                         ND_PRINTK2(KERN_WARNING
897                                    "ICMPv6 NA: invalid link-layer address length\n");
898                         return;
899                 }
900         }
901         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
902                 if (ifp->flags & IFA_F_TENTATIVE) {
903                         addrconf_dad_failure(ifp);
904                         return;
905                 }
906                 /* What should we make now? The advertisement
907                    is invalid, but ndisc specs say nothing
908                    about it. It could be misconfiguration, or
909                    an smart proxy agent tries to help us :-)
910                  */
911                 ND_PRINTK1(KERN_WARNING
912                            "ICMPv6 NA: someone advertises our address on %s!\n",
913                            ifp->idev->dev->name);
914                 in6_ifa_put(ifp);
915                 return;
916         }
917         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
918
919         if (neigh) {
920                 u8 old_flags = neigh->flags;
921
922                 if (neigh->nud_state & NUD_FAILED)
923                         goto out;
924
925                 /*
926                  * Don't update the neighbor cache entry on a proxy NA from
927                  * ourselves because either the proxied node is off link or it
928                  * has already sent a NA to us.
929                  */
930                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
931                     ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
932                     pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
933                         /* XXX: idev->cnf.prixy_ndp */
934                         goto out;
935                 }
936
937                 neigh_update(neigh, lladdr,
938                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
939                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
940                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
941                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
942                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
943
944                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
945                         /*
946                          * Change: router to host
947                          */
948                         struct rt6_info *rt;
949                         rt = rt6_get_dflt_router(saddr, dev);
950                         if (rt)
951                                 ip6_del_rt(rt);
952                 }
953
954 out:
955                 neigh_release(neigh);
956         }
957 }
958
959 static void ndisc_recv_rs(struct sk_buff *skb)
960 {
961         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
962         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
963         struct neighbour *neigh;
964         struct inet6_dev *idev;
965         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
966         struct ndisc_options ndopts;
967         u8 *lladdr = NULL;
968
969         if (skb->len < sizeof(*rs_msg))
970                 return;
971
972         idev = in6_dev_get(skb->dev);
973         if (!idev) {
974                 if (net_ratelimit())
975                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
976                 return;
977         }
978
979         /* Don't accept RS if we're not in router mode */
980         if (!idev->cnf.forwarding)
981                 goto out;
982
983         /*
984          * Don't update NCE if src = ::;
985          * this implies that the source node has no ip address assigned yet.
986          */
987         if (ipv6_addr_any(saddr))
988                 goto out;
989
990         /* Parse ND options */
991         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
992                 if (net_ratelimit())
993                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
994                 goto out;
995         }
996
997         if (ndopts.nd_opts_src_lladdr) {
998                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
999                                              skb->dev);
1000                 if (!lladdr)
1001                         goto out;
1002         }
1003
1004         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1005         if (neigh) {
1006                 neigh_update(neigh, lladdr, NUD_STALE,
1007                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1008                              NEIGH_UPDATE_F_OVERRIDE|
1009                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1010                 neigh_release(neigh);
1011         }
1012 out:
1013         in6_dev_put(idev);
1014 }
1015
1016 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1017 {
1018         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1019         struct sk_buff *skb;
1020         struct nlmsghdr *nlh;
1021         struct nduseroptmsg *ndmsg;
1022         int err;
1023         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1024                                     + (opt->nd_opt_len << 3));
1025         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1026
1027         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1028         if (skb == NULL) {
1029                 err = -ENOBUFS;
1030                 goto errout;
1031         }
1032
1033         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1034         if (nlh == NULL) {
1035                 goto nla_put_failure;
1036         }
1037
1038         ndmsg = nlmsg_data(nlh);
1039         ndmsg->nduseropt_family = AF_INET6;
1040         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1041         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1042         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1043
1044         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1045
1046         NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1047                 &ipv6_hdr(ra)->saddr);
1048         nlmsg_end(skb, nlh);
1049
1050         err = rtnl_notify(skb, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1051         if (err < 0)
1052                 goto errout;
1053
1054         return;
1055
1056 nla_put_failure:
1057         nlmsg_free(skb);
1058         err = -EMSGSIZE;
1059 errout:
1060         rtnl_set_sk_err(RTNLGRP_ND_USEROPT, err);
1061 }
1062
1063 static void ndisc_router_discovery(struct sk_buff *skb)
1064 {
1065         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1066         struct neighbour *neigh = NULL;
1067         struct inet6_dev *in6_dev;
1068         struct rt6_info *rt = NULL;
1069         int lifetime;
1070         struct ndisc_options ndopts;
1071         int optlen;
1072         unsigned int pref = 0;
1073
1074         __u8 * opt = (__u8 *)(ra_msg + 1);
1075
1076         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1077
1078         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1079                 ND_PRINTK2(KERN_WARNING
1080                            "ICMPv6 RA: source address is not link-local.\n");
1081                 return;
1082         }
1083         if (optlen < 0) {
1084                 ND_PRINTK2(KERN_WARNING
1085                            "ICMPv6 RA: packet too short\n");
1086                 return;
1087         }
1088
1089         /*
1090          *      set the RA_RECV flag in the interface
1091          */
1092
1093         in6_dev = in6_dev_get(skb->dev);
1094         if (in6_dev == NULL) {
1095                 ND_PRINTK0(KERN_ERR
1096                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1097                            skb->dev->name);
1098                 return;
1099         }
1100         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1101                 in6_dev_put(in6_dev);
1102                 return;
1103         }
1104
1105         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1106                 in6_dev_put(in6_dev);
1107                 ND_PRINTK2(KERN_WARNING
1108                            "ICMP6 RA: invalid ND options\n");
1109                 return;
1110         }
1111
1112         if (in6_dev->if_flags & IF_RS_SENT) {
1113                 /*
1114                  *      flag that an RA was received after an RS was sent
1115                  *      out on this interface.
1116                  */
1117                 in6_dev->if_flags |= IF_RA_RCVD;
1118         }
1119
1120         /*
1121          * Remember the managed/otherconf flags from most recently
1122          * received RA message (RFC 2462) -- yoshfuji
1123          */
1124         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1125                                 IF_RA_OTHERCONF)) |
1126                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1127                                         IF_RA_MANAGED : 0) |
1128                                 (ra_msg->icmph.icmp6_addrconf_other ?
1129                                         IF_RA_OTHERCONF : 0);
1130
1131         if (!in6_dev->cnf.accept_ra_defrtr)
1132                 goto skip_defrtr;
1133
1134         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1135
1136 #ifdef CONFIG_IPV6_ROUTER_PREF
1137         pref = ra_msg->icmph.icmp6_router_pref;
1138         /* 10b is handled as if it were 00b (medium) */
1139         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1140             !in6_dev->cnf.accept_ra_rtr_pref)
1141                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1142 #endif
1143
1144         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1145
1146         if (rt)
1147                 neigh = rt->rt6i_nexthop;
1148
1149         if (rt && lifetime == 0) {
1150                 neigh_clone(neigh);
1151                 ip6_del_rt(rt);
1152                 rt = NULL;
1153         }
1154
1155         if (rt == NULL && lifetime) {
1156                 ND_PRINTK3(KERN_DEBUG
1157                            "ICMPv6 RA: adding default router.\n");
1158
1159                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1160                 if (rt == NULL) {
1161                         ND_PRINTK0(KERN_ERR
1162                                    "ICMPv6 RA: %s() failed to add default route.\n",
1163                                    __FUNCTION__);
1164                         in6_dev_put(in6_dev);
1165                         return;
1166                 }
1167
1168                 neigh = rt->rt6i_nexthop;
1169                 if (neigh == NULL) {
1170                         ND_PRINTK0(KERN_ERR
1171                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1172                                    __FUNCTION__);
1173                         dst_release(&rt->u.dst);
1174                         in6_dev_put(in6_dev);
1175                         return;
1176                 }
1177                 neigh->flags |= NTF_ROUTER;
1178         } else if (rt) {
1179                 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1180         }
1181
1182         if (rt)
1183                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1184
1185         if (ra_msg->icmph.icmp6_hop_limit) {
1186                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1187                 if (rt)
1188                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1189         }
1190
1191 skip_defrtr:
1192
1193         /*
1194          *      Update Reachable Time and Retrans Timer
1195          */
1196
1197         if (in6_dev->nd_parms) {
1198                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1199
1200                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1201                         rtime = (rtime*HZ)/1000;
1202                         if (rtime < HZ/10)
1203                                 rtime = HZ/10;
1204                         in6_dev->nd_parms->retrans_time = rtime;
1205                         in6_dev->tstamp = jiffies;
1206                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1207                 }
1208
1209                 rtime = ntohl(ra_msg->reachable_time);
1210                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1211                         rtime = (rtime*HZ)/1000;
1212
1213                         if (rtime < HZ/10)
1214                                 rtime = HZ/10;
1215
1216                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1217                                 in6_dev->nd_parms->base_reachable_time = rtime;
1218                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1219                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1220                                 in6_dev->tstamp = jiffies;
1221                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1222                         }
1223                 }
1224         }
1225
1226         /*
1227          *      Process options.
1228          */
1229
1230         if (!neigh)
1231                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1232                                        skb->dev, 1);
1233         if (neigh) {
1234                 u8 *lladdr = NULL;
1235                 if (ndopts.nd_opts_src_lladdr) {
1236                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1237                                                      skb->dev);
1238                         if (!lladdr) {
1239                                 ND_PRINTK2(KERN_WARNING
1240                                            "ICMPv6 RA: invalid link-layer address length\n");
1241                                 goto out;
1242                         }
1243                 }
1244                 neigh_update(neigh, lladdr, NUD_STALE,
1245                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1246                              NEIGH_UPDATE_F_OVERRIDE|
1247                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1248                              NEIGH_UPDATE_F_ISROUTER);
1249         }
1250
1251 #ifdef CONFIG_IPV6_ROUTE_INFO
1252         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1253                 struct nd_opt_hdr *p;
1254                 for (p = ndopts.nd_opts_ri;
1255                      p;
1256                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1257                         if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1258                                 continue;
1259                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1260                                       &ipv6_hdr(skb)->saddr);
1261                 }
1262         }
1263 #endif
1264
1265         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1266                 struct nd_opt_hdr *p;
1267                 for (p = ndopts.nd_opts_pi;
1268                      p;
1269                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1270                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1271                 }
1272         }
1273
1274         if (ndopts.nd_opts_mtu) {
1275                 __be32 n;
1276                 u32 mtu;
1277
1278                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1279                 mtu = ntohl(n);
1280
1281                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1282                         ND_PRINTK2(KERN_WARNING
1283                                    "ICMPv6 RA: invalid mtu: %d\n",
1284                                    mtu);
1285                 } else if (in6_dev->cnf.mtu6 != mtu) {
1286                         in6_dev->cnf.mtu6 = mtu;
1287
1288                         if (rt)
1289                                 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1290
1291                         rt6_mtu_change(skb->dev, mtu);
1292                 }
1293         }
1294
1295         if (ndopts.nd_useropts) {
1296                 struct nd_opt_hdr *opt;
1297                 for (opt = ndopts.nd_useropts;
1298                      opt;
1299                      opt = ndisc_next_useropt(opt, ndopts.nd_useropts_end)) {
1300                                 ndisc_ra_useropt(skb, opt);
1301                 }
1302         }
1303
1304         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1305                 ND_PRINTK2(KERN_WARNING
1306                            "ICMPv6 RA: invalid RA options");
1307         }
1308 out:
1309         if (rt)
1310                 dst_release(&rt->u.dst);
1311         else if (neigh)
1312                 neigh_release(neigh);
1313         in6_dev_put(in6_dev);
1314 }
1315
1316 static void ndisc_redirect_rcv(struct sk_buff *skb)
1317 {
1318         struct inet6_dev *in6_dev;
1319         struct icmp6hdr *icmph;
1320         struct in6_addr *dest;
1321         struct in6_addr *target;        /* new first hop to destination */
1322         struct neighbour *neigh;
1323         int on_link = 0;
1324         struct ndisc_options ndopts;
1325         int optlen;
1326         u8 *lladdr = NULL;
1327
1328         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1329                 ND_PRINTK2(KERN_WARNING
1330                            "ICMPv6 Redirect: source address is not link-local.\n");
1331                 return;
1332         }
1333
1334         optlen = skb->tail - skb->transport_header;
1335         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1336
1337         if (optlen < 0) {
1338                 ND_PRINTK2(KERN_WARNING
1339                            "ICMPv6 Redirect: packet too short\n");
1340                 return;
1341         }
1342
1343         icmph = icmp6_hdr(skb);
1344         target = (struct in6_addr *) (icmph + 1);
1345         dest = target + 1;
1346
1347         if (ipv6_addr_is_multicast(dest)) {
1348                 ND_PRINTK2(KERN_WARNING
1349                            "ICMPv6 Redirect: destination address is multicast.\n");
1350                 return;
1351         }
1352
1353         if (ipv6_addr_equal(dest, target)) {
1354                 on_link = 1;
1355         } else if (ipv6_addr_type(target) !=
1356                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1357                 ND_PRINTK2(KERN_WARNING
1358                            "ICMPv6 Redirect: target address is not link-local unicast.\n");
1359                 return;
1360         }
1361
1362         in6_dev = in6_dev_get(skb->dev);
1363         if (!in6_dev)
1364                 return;
1365         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1366                 in6_dev_put(in6_dev);
1367                 return;
1368         }
1369
1370         /* RFC2461 8.1:
1371          *      The IP source address of the Redirect MUST be the same as the current
1372          *      first-hop router for the specified ICMP Destination Address.
1373          */
1374
1375         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1376                 ND_PRINTK2(KERN_WARNING
1377                            "ICMPv6 Redirect: invalid ND options\n");
1378                 in6_dev_put(in6_dev);
1379                 return;
1380         }
1381         if (ndopts.nd_opts_tgt_lladdr) {
1382                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1383                                              skb->dev);
1384                 if (!lladdr) {
1385                         ND_PRINTK2(KERN_WARNING
1386                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1387                         in6_dev_put(in6_dev);
1388                         return;
1389                 }
1390         }
1391
1392         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1393         if (neigh) {
1394                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1395                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1396                              on_link);
1397                 neigh_release(neigh);
1398         }
1399         in6_dev_put(in6_dev);
1400 }
1401
1402 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1403                          struct in6_addr *target)
1404 {
1405         struct sock *sk = ndisc_socket->sk;
1406         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1407         struct sk_buff *buff;
1408         struct icmp6hdr *icmph;
1409         struct in6_addr saddr_buf;
1410         struct in6_addr *addrp;
1411         struct net_device *dev;
1412         struct rt6_info *rt;
1413         struct dst_entry *dst;
1414         struct inet6_dev *idev;
1415         struct flowi fl;
1416         u8 *opt;
1417         int rd_len;
1418         int err;
1419         int hlen;
1420         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1421
1422         dev = skb->dev;
1423
1424         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1425                 ND_PRINTK2(KERN_WARNING
1426                            "ICMPv6 Redirect: no link-local address on %s\n",
1427                            dev->name);
1428                 return;
1429         }
1430
1431         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1432             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1433                 ND_PRINTK2(KERN_WARNING
1434                         "ICMPv6 Redirect: target address is not link-local unicast.\n");
1435                 return;
1436         }
1437
1438         ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1439                         dev->ifindex);
1440
1441         dst = ip6_route_output(NULL, &fl);
1442         if (dst == NULL)
1443                 return;
1444
1445         err = xfrm_lookup(&dst, &fl, NULL, 0);
1446         if (err)
1447                 return;
1448
1449         rt = (struct rt6_info *) dst;
1450
1451         if (rt->rt6i_flags & RTF_GATEWAY) {
1452                 ND_PRINTK2(KERN_WARNING
1453                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1454                 dst_release(dst);
1455                 return;
1456         }
1457         if (!xrlim_allow(dst, 1*HZ)) {
1458                 dst_release(dst);
1459                 return;
1460         }
1461
1462         if (dev->addr_len) {
1463                 read_lock_bh(&neigh->lock);
1464                 if (neigh->nud_state & NUD_VALID) {
1465                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1466                         read_unlock_bh(&neigh->lock);
1467                         ha = ha_buf;
1468                         len += ndisc_opt_addr_space(dev);
1469                 } else
1470                         read_unlock_bh(&neigh->lock);
1471         }
1472
1473         rd_len = min_t(unsigned int,
1474                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1475         rd_len &= ~0x7;
1476         len += rd_len;
1477
1478         buff = sock_alloc_send_skb(sk,
1479                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1480                                     len + LL_RESERVED_SPACE(dev)),
1481                                    1, &err);
1482         if (buff == NULL) {
1483                 ND_PRINTK0(KERN_ERR
1484                            "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1485                            __FUNCTION__);
1486                 dst_release(dst);
1487                 return;
1488         }
1489
1490         hlen = 0;
1491
1492         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1493         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1494                    IPPROTO_ICMPV6, len);
1495
1496         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1497         skb_put(buff, len);
1498         icmph = icmp6_hdr(buff);
1499
1500         memset(icmph, 0, sizeof(struct icmp6hdr));
1501         icmph->icmp6_type = NDISC_REDIRECT;
1502
1503         /*
1504          *      copy target and destination addresses
1505          */
1506
1507         addrp = (struct in6_addr *)(icmph + 1);
1508         ipv6_addr_copy(addrp, target);
1509         addrp++;
1510         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1511
1512         opt = (u8*) (addrp + 1);
1513
1514         /*
1515          *      include target_address option
1516          */
1517
1518         if (ha)
1519                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1520                                              dev->addr_len, dev->type);
1521
1522         /*
1523          *      build redirect option and copy skb over to the new packet.
1524          */
1525
1526         memset(opt, 0, 8);
1527         *(opt++) = ND_OPT_REDIRECT_HDR;
1528         *(opt++) = (rd_len >> 3);
1529         opt += 6;
1530
1531         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1532
1533         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1534                                              len, IPPROTO_ICMPV6,
1535                                              csum_partial((u8 *) icmph, len, 0));
1536
1537         buff->dst = dst;
1538         idev = in6_dev_get(dst->dev);
1539         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1540         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1541         if (!err) {
1542                 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1543                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1544         }
1545
1546         if (likely(idev != NULL))
1547                 in6_dev_put(idev);
1548 }
1549
1550 static void pndisc_redo(struct sk_buff *skb)
1551 {
1552         ndisc_recv_ns(skb);
1553         kfree_skb(skb);
1554 }
1555
1556 int ndisc_rcv(struct sk_buff *skb)
1557 {
1558         struct nd_msg *msg;
1559
1560         if (!pskb_may_pull(skb, skb->len))
1561                 return 0;
1562
1563         msg = (struct nd_msg *)skb_transport_header(skb);
1564
1565         __skb_push(skb, skb->data - skb_transport_header(skb));
1566
1567         if (ipv6_hdr(skb)->hop_limit != 255) {
1568                 ND_PRINTK2(KERN_WARNING
1569                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1570                            ipv6_hdr(skb)->hop_limit);
1571                 return 0;
1572         }
1573
1574         if (msg->icmph.icmp6_code != 0) {
1575                 ND_PRINTK2(KERN_WARNING
1576                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1577                            msg->icmph.icmp6_code);
1578                 return 0;
1579         }
1580
1581         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1582
1583         switch (msg->icmph.icmp6_type) {
1584         case NDISC_NEIGHBOUR_SOLICITATION:
1585                 ndisc_recv_ns(skb);
1586                 break;
1587
1588         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1589                 ndisc_recv_na(skb);
1590                 break;
1591
1592         case NDISC_ROUTER_SOLICITATION:
1593                 ndisc_recv_rs(skb);
1594                 break;
1595
1596         case NDISC_ROUTER_ADVERTISEMENT:
1597                 ndisc_router_discovery(skb);
1598                 break;
1599
1600         case NDISC_REDIRECT:
1601                 ndisc_redirect_rcv(skb);
1602                 break;
1603         }
1604
1605         return 0;
1606 }
1607
1608 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1609 {
1610         struct net_device *dev = ptr;
1611
1612         if (dev->nd_net != &init_net)
1613                 return NOTIFY_DONE;
1614
1615         switch (event) {
1616         case NETDEV_CHANGEADDR:
1617                 neigh_changeaddr(&nd_tbl, dev);
1618                 fib6_run_gc(~0UL);
1619                 break;
1620         case NETDEV_DOWN:
1621                 neigh_ifdown(&nd_tbl, dev);
1622                 fib6_run_gc(~0UL);
1623                 break;
1624         default:
1625                 break;
1626         }
1627
1628         return NOTIFY_DONE;
1629 }
1630
1631 static struct notifier_block ndisc_netdev_notifier = {
1632         .notifier_call = ndisc_netdev_event,
1633 };
1634
1635 #ifdef CONFIG_SYSCTL
1636 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1637                                          const char *func, const char *dev_name)
1638 {
1639         static char warncomm[TASK_COMM_LEN];
1640         static int warned;
1641         if (strcmp(warncomm, current->comm) && warned < 5) {
1642                 strcpy(warncomm, current->comm);
1643                 printk(KERN_WARNING
1644                         "process `%s' is using deprecated sysctl (%s) "
1645                         "net.ipv6.neigh.%s.%s; "
1646                         "Use net.ipv6.neigh.%s.%s_ms "
1647                         "instead.\n",
1648                         warncomm, func,
1649                         dev_name, ctl->procname,
1650                         dev_name, ctl->procname);
1651                 warned++;
1652         }
1653 }
1654
1655 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1656 {
1657         struct net_device *dev = ctl->extra1;
1658         struct inet6_dev *idev;
1659         int ret;
1660
1661         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1662             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1663                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1664
1665         switch (ctl->ctl_name) {
1666         case NET_NEIGH_RETRANS_TIME:
1667                 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1668                 break;
1669         case NET_NEIGH_REACHABLE_TIME:
1670                 ret = proc_dointvec_jiffies(ctl, write,
1671                                             filp, buffer, lenp, ppos);
1672                 break;
1673         case NET_NEIGH_RETRANS_TIME_MS:
1674         case NET_NEIGH_REACHABLE_TIME_MS:
1675                 ret = proc_dointvec_ms_jiffies(ctl, write,
1676                                                filp, buffer, lenp, ppos);
1677                 break;
1678         default:
1679                 ret = -1;
1680         }
1681
1682         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1683                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1684                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1685                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1686                 idev->tstamp = jiffies;
1687                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1688                 in6_dev_put(idev);
1689         }
1690         return ret;
1691 }
1692
1693 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1694                                         int nlen, void __user *oldval,
1695                                         size_t __user *oldlenp,
1696                                         void __user *newval, size_t newlen)
1697 {
1698         struct net_device *dev = ctl->extra1;
1699         struct inet6_dev *idev;
1700         int ret;
1701
1702         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1703             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1704                 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1705
1706         switch (ctl->ctl_name) {
1707         case NET_NEIGH_REACHABLE_TIME:
1708                 ret = sysctl_jiffies(ctl, name, nlen,
1709                                      oldval, oldlenp, newval, newlen);
1710                 break;
1711         case NET_NEIGH_RETRANS_TIME_MS:
1712         case NET_NEIGH_REACHABLE_TIME_MS:
1713                  ret = sysctl_ms_jiffies(ctl, name, nlen,
1714                                          oldval, oldlenp, newval, newlen);
1715                  break;
1716         default:
1717                 ret = 0;
1718         }
1719
1720         if (newval && newlen && ret > 0 &&
1721             dev && (idev = in6_dev_get(dev)) != NULL) {
1722                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1723                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1724                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1725                 idev->tstamp = jiffies;
1726                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1727                 in6_dev_put(idev);
1728         }
1729
1730         return ret;
1731 }
1732
1733 #endif
1734
1735 int __init ndisc_init(struct net_proto_family *ops)
1736 {
1737         struct ipv6_pinfo *np;
1738         struct sock *sk;
1739         int err;
1740
1741         err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1742         if (err < 0) {
1743                 ND_PRINTK0(KERN_ERR
1744                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1745                            err);
1746                 ndisc_socket = NULL; /* For safety. */
1747                 return err;
1748         }
1749
1750         sk = ndisc_socket->sk;
1751         np = inet6_sk(sk);
1752         sk->sk_allocation = GFP_ATOMIC;
1753         np->hop_limit = 255;
1754         /* Do not loopback ndisc messages */
1755         np->mc_loop = 0;
1756         sk->sk_prot->unhash(sk);
1757
1758         /*
1759          * Initialize the neighbour table
1760          */
1761
1762         neigh_table_init(&nd_tbl);
1763
1764 #ifdef CONFIG_SYSCTL
1765         neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1766                               "ipv6",
1767                               &ndisc_ifinfo_sysctl_change,
1768                               &ndisc_ifinfo_sysctl_strategy);
1769 #endif
1770
1771         register_netdevice_notifier(&ndisc_netdev_notifier);
1772         return 0;
1773 }
1774
1775 void ndisc_cleanup(void)
1776 {
1777         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1778 #ifdef CONFIG_SYSCTL
1779         neigh_sysctl_unregister(&nd_tbl.parms);
1780 #endif
1781         neigh_table_clear(&nd_tbl);
1782         sock_release(ndisc_socket);
1783         ndisc_socket = NULL; /* For safety. */
1784 }