[NEIGH]: Revert 'Fix race between neigh_parms_release and neightbl_fill_parms'
[linux-2.6] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Pierre Ynard                    :       export userland ND options
19  *                                              through netlink (RDNSS support)
20  *      Lars Fenneberg                  :       fixed MTU setting on receipt
21  *                                              of an RA.
22  *      Janos Farkas                    :       kmalloc failure checks
23  *      Alexey Kuznetsov                :       state machine reworked
24  *                                              and moved to net/core.
25  *      Pekka Savola                    :       RFC2461 validation
26  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
27  */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71
72 #include <net/sock.h>
73 #include <net/snmp.h>
74
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91
92 static struct socket *ndisc_socket;
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static struct neigh_ops ndisc_generic_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_connected_output,
108         .hh_output =            dev_queue_xmit,
109         .queue_xmit =           dev_queue_xmit,
110 };
111
112 static struct neigh_ops ndisc_hh_ops = {
113         .family =               AF_INET6,
114         .solicit =              ndisc_solicit,
115         .error_report =         ndisc_error_report,
116         .output =               neigh_resolve_output,
117         .connected_output =     neigh_resolve_output,
118         .hh_output =            dev_queue_xmit,
119         .queue_xmit =           dev_queue_xmit,
120 };
121
122
123 static struct neigh_ops ndisc_direct_ops = {
124         .family =               AF_INET6,
125         .output =               dev_queue_xmit,
126         .connected_output =     dev_queue_xmit,
127         .hh_output =            dev_queue_xmit,
128         .queue_xmit =           dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132         .family =       AF_INET6,
133         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
134         .key_len =      sizeof(struct in6_addr),
135         .hash =         ndisc_hash,
136         .constructor =  ndisc_constructor,
137         .pconstructor = pndisc_constructor,
138         .pdestructor =  pndisc_destructor,
139         .proxy_redo =   pndisc_redo,
140         .id =           "ndisc_cache",
141         .parms = {
142                 .tbl =                  &nd_tbl,
143                 .base_reachable_time =  30 * HZ,
144                 .retrans_time =  1 * HZ,
145                 .gc_staletime = 60 * HZ,
146                 .reachable_time =               30 * HZ,
147                 .delay_probe_time =      5 * HZ,
148                 .queue_len =             3,
149                 .ucast_probes =  3,
150                 .mcast_probes =  3,
151                 .anycast_delay =         1 * HZ,
152                 .proxy_delay =          (8 * HZ) / 10,
153                 .proxy_qlen =           64,
154         },
155         .gc_interval =    30 * HZ,
156         .gc_thresh1 =    128,
157         .gc_thresh2 =    512,
158         .gc_thresh3 =   1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165         struct nd_opt_hdr *nd_opts_ri;
166         struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168         struct nd_opt_hdr *nd_useropts;
169         struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182  * Return the padding between the option length and the start of the
183  * link addr.  Currently only IP-over-InfiniBand needs this, although
184  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185  * also need a pad of 2.
186  */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189         switch (type) {
190         case ARPHRD_INFINIBAND: return 2;
191         default:                return 0;
192         }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201                                   unsigned short addr_type)
202 {
203         int space = NDISC_OPT_SPACE(data_len);
204         int pad   = ndisc_addr_option_pad(addr_type);
205
206         opt[0] = type;
207         opt[1] = space>>3;
208
209         memset(opt + 2, 0, pad);
210         opt   += pad;
211         space -= pad;
212
213         memcpy(opt+2, data, data_len);
214         data_len += 2;
215         opt += data_len;
216         if ((space -= data_len) > 0)
217                 memset(opt, 0, space);
218         return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222                                             struct nd_opt_hdr *end)
223 {
224         int type;
225         if (!cur || !end || cur >= end)
226                 return NULL;
227         type = cur->nd_opt_type;
228         do {
229                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230         } while(cur < end && cur->nd_opt_type != type);
231         return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236         return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240                                              struct nd_opt_hdr *end)
241 {
242         if (!cur || !end || cur >= end)
243                 return NULL;
244         do {
245                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246         } while(cur < end && !ndisc_is_useropt(cur));
247         return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251                                                  struct ndisc_options *ndopts)
252 {
253         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255         if (!nd_opt || opt_len < 0 || !ndopts)
256                 return NULL;
257         memset(ndopts, 0, sizeof(*ndopts));
258         while (opt_len) {
259                 int l;
260                 if (opt_len < sizeof(struct nd_opt_hdr))
261                         return NULL;
262                 l = nd_opt->nd_opt_len << 3;
263                 if (opt_len < l || l == 0)
264                         return NULL;
265                 switch (nd_opt->nd_opt_type) {
266                 case ND_OPT_SOURCE_LL_ADDR:
267                 case ND_OPT_TARGET_LL_ADDR:
268                 case ND_OPT_MTU:
269                 case ND_OPT_REDIRECT_HDR:
270                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271                                 ND_PRINTK2(KERN_WARNING
272                                            "%s(): duplicated ND6 option found: type=%d\n",
273                                            __FUNCTION__,
274                                            nd_opt->nd_opt_type);
275                         } else {
276                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277                         }
278                         break;
279                 case ND_OPT_PREFIX_INFO:
280                         ndopts->nd_opts_pi_end = nd_opt;
281                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283                         break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285                 case ND_OPT_ROUTE_INFO:
286                         ndopts->nd_opts_ri_end = nd_opt;
287                         if (!ndopts->nd_opts_ri)
288                                 ndopts->nd_opts_ri = nd_opt;
289                         break;
290 #endif
291                 default:
292                         if (ndisc_is_useropt(nd_opt)) {
293                                 ndopts->nd_useropts_end = nd_opt;
294                                 if (!ndopts->nd_useropts)
295                                         ndopts->nd_useropts = nd_opt;
296                         } else {
297                                 /*
298                                  * Unknown options must be silently ignored,
299                                  * to accommodate future extension to the
300                                  * protocol.
301                                  */
302                                 ND_PRINTK2(KERN_NOTICE
303                                            "%s(): ignored unsupported option; type=%d, len=%d\n",
304                                            __FUNCTION__,
305                                            nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306                         }
307                 }
308                 opt_len -= l;
309                 nd_opt = ((void *)nd_opt) + l;
310         }
311         return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315                                       struct net_device *dev)
316 {
317         u8 *lladdr = (u8 *)(p + 1);
318         int lladdrlen = p->nd_opt_len << 3;
319         int prepad = ndisc_addr_option_pad(dev->type);
320         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321                 return NULL;
322         return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327         switch (dev->type) {
328         case ARPHRD_ETHER:
329         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
330         case ARPHRD_FDDI:
331                 ipv6_eth_mc_map(addr, buf);
332                 return 0;
333         case ARPHRD_IEEE802_TR:
334                 ipv6_tr_mc_map(addr,buf);
335                 return 0;
336         case ARPHRD_ARCNET:
337                 ipv6_arcnet_mc_map(addr, buf);
338                 return 0;
339         case ARPHRD_INFINIBAND:
340                 ipv6_ib_mc_map(addr, buf);
341                 return 0;
342         default:
343                 if (dir) {
344                         memcpy(buf, dev->broadcast, dev->addr_len);
345                         return 0;
346                 }
347         }
348         return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355         const u32 *p32 = pkey;
356         u32 addr_hash, i;
357
358         addr_hash = 0;
359         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360                 addr_hash ^= *p32++;
361
362         return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368         struct net_device *dev = neigh->dev;
369         struct inet6_dev *in6_dev;
370         struct neigh_parms *parms;
371         int is_multicast = ipv6_addr_is_multicast(addr);
372
373         rcu_read_lock();
374         in6_dev = in6_dev_get(dev);
375         if (in6_dev == NULL) {
376                 rcu_read_unlock();
377                 return -EINVAL;
378         }
379
380         parms = in6_dev->nd_parms;
381         __neigh_parms_put(neigh->parms);
382         neigh->parms = neigh_parms_clone(parms);
383         rcu_read_unlock();
384
385         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386         if (!dev->header_ops) {
387                 neigh->nud_state = NUD_NOARP;
388                 neigh->ops = &ndisc_direct_ops;
389                 neigh->output = neigh->ops->queue_xmit;
390         } else {
391                 if (is_multicast) {
392                         neigh->nud_state = NUD_NOARP;
393                         ndisc_mc_map(addr, neigh->ha, dev, 1);
394                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395                         neigh->nud_state = NUD_NOARP;
396                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397                         if (dev->flags&IFF_LOOPBACK)
398                                 neigh->type = RTN_LOCAL;
399                 } else if (dev->flags&IFF_POINTOPOINT) {
400                         neigh->nud_state = NUD_NOARP;
401                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402                 }
403                 if (dev->header_ops->cache)
404                         neigh->ops = &ndisc_hh_ops;
405                 else
406                         neigh->ops = &ndisc_generic_ops;
407                 if (neigh->nud_state&NUD_VALID)
408                         neigh->output = neigh->ops->connected_output;
409                 else
410                         neigh->output = neigh->ops->output;
411         }
412         in6_dev_put(in6_dev);
413         return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418         struct in6_addr *addr = (struct in6_addr*)&n->key;
419         struct in6_addr maddr;
420         struct net_device *dev = n->dev;
421
422         if (dev == NULL || __in6_dev_get(dev) == NULL)
423                 return -EINVAL;
424         addrconf_addr_solict_mult(addr, &maddr);
425         ipv6_dev_mc_inc(dev, &maddr);
426         return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431         struct in6_addr *addr = (struct in6_addr*)&n->key;
432         struct in6_addr maddr;
433         struct net_device *dev = n->dev;
434
435         if (dev == NULL || __in6_dev_get(dev) == NULL)
436                 return;
437         addrconf_addr_solict_mult(addr, &maddr);
438         ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 /*
442  *      Send a Neighbour Advertisement
443  */
444
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446                             struct in6_addr *saddr, struct in6_addr *daddr,
447                             int oif)
448 {
449         memset(fl, 0, sizeof(*fl));
450         ipv6_addr_copy(&fl->fl6_src, saddr);
451         ipv6_addr_copy(&fl->fl6_dst, daddr);
452         fl->proto               = IPPROTO_ICMPV6;
453         fl->fl_icmp_type        = type;
454         fl->fl_icmp_code        = 0;
455         fl->oif                 = oif;
456         security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458
459 static void __ndisc_send(struct net_device *dev,
460                          struct neighbour *neigh,
461                          struct in6_addr *daddr, struct in6_addr *saddr,
462                          struct icmp6hdr *icmp6h, struct in6_addr *target,
463                          int llinfo)
464 {
465         struct flowi fl;
466         struct dst_entry *dst;
467         struct sock *sk = ndisc_socket->sk;
468         struct sk_buff *skb;
469         struct icmp6hdr *hdr;
470         struct inet6_dev *idev;
471         int len;
472         int err;
473         u8 *opt, type;
474
475         type = icmp6h->icmp6_type;
476
477         ndisc_flow_init(&fl, type, saddr, daddr,
478                         dev->ifindex);
479
480         dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481         if (!dst)
482                 return;
483
484         err = xfrm_lookup(&dst, &fl, NULL, 0);
485         if (err < 0)
486                 return;
487
488         if (!dev->addr_len)
489                 llinfo = 0;
490
491         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492         if (llinfo)
493                 len += ndisc_opt_addr_space(dev);
494
495         skb = sock_alloc_send_skb(sk,
496                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
497                                    len + LL_RESERVED_SPACE(dev)),
498                                   1, &err);
499         if (!skb) {
500                 ND_PRINTK0(KERN_ERR
501                            "ICMPv6 ND: %s() failed to allocate an skb.\n",
502                            __FUNCTION__);
503                 dst_release(dst);
504                 return;
505         }
506
507         skb_reserve(skb, LL_RESERVED_SPACE(dev));
508         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510         skb->transport_header = skb->tail;
511         skb_put(skb, len);
512
513         hdr = (struct icmp6hdr *)skb_transport_header(skb);
514         memcpy(hdr, icmp6h, sizeof(*hdr));
515
516         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517         if (target) {
518                 ipv6_addr_copy((struct in6_addr *)opt, target);
519                 opt += sizeof(*target);
520         }
521
522         if (llinfo)
523                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524                                        dev->addr_len, dev->type);
525
526         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527                                            IPPROTO_ICMPV6,
528                                            csum_partial((__u8 *) hdr,
529                                                         len, 0));
530
531         skb->dst = dst;
532
533         idev = in6_dev_get(dst->dev);
534         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
537         if (!err) {
538                 ICMP6MSGOUT_INC_STATS(idev, type);
539                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
540         }
541
542         if (likely(idev != NULL))
543                 in6_dev_put(idev);
544 }
545
546 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
547                    struct in6_addr *daddr, struct in6_addr *solicited_addr,
548                    int router, int solicited, int override, int inc_opt)
549 {
550         struct in6_addr tmpaddr;
551         struct inet6_ifaddr *ifp;
552         struct in6_addr *src_addr;
553         struct icmp6hdr icmp6h = {
554                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
555         };
556
557         /* for anycast or proxy, solicited_addr != src_addr */
558         ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
559         if (ifp) {
560                 src_addr = solicited_addr;
561                 if (ifp->flags & IFA_F_OPTIMISTIC)
562                         override = 0;
563                 in6_ifa_put(ifp);
564         } else {
565                 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
566                         return;
567                 src_addr = &tmpaddr;
568         }
569
570         icmp6h.icmp6_router = router;
571         icmp6h.icmp6_solicited = solicited;
572         icmp6h.icmp6_override = override;
573
574         __ndisc_send(dev, neigh, daddr, src_addr,
575                      &icmp6h, solicited_addr,
576                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577 }
578
579 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
580                    struct in6_addr *solicit,
581                    struct in6_addr *daddr, struct in6_addr *saddr)
582 {
583         struct in6_addr addr_buf;
584         struct icmp6hdr icmp6h = {
585                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
586         };
587
588         if (saddr == NULL) {
589                 if (ipv6_get_lladdr(dev, &addr_buf,
590                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
591                         return;
592                 saddr = &addr_buf;
593         }
594
595         __ndisc_send(dev, neigh, daddr, saddr,
596                      &icmp6h, solicit,
597                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
598 }
599
600 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
601                    struct in6_addr *daddr)
602 {
603         struct icmp6hdr icmp6h = {
604                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
605         };
606         int send_sllao = dev->addr_len;
607
608 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
609         /*
610          * According to section 2.2 of RFC 4429, we must not
611          * send router solicitations with a sllao from
612          * optimistic addresses, but we may send the solicitation
613          * if we don't include the sllao.  So here we check
614          * if our address is optimistic, and if so, we
615          * suppress the inclusion of the sllao.
616          */
617         if (send_sllao) {
618                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
619                 if (ifp) {
620                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
621                                 send_sllao = 0;
622                         }
623                         in6_ifa_put(ifp);
624                 } else {
625                         send_sllao = 0;
626                 }
627         }
628 #endif
629         __ndisc_send(dev, NULL, daddr, saddr,
630                      &icmp6h, NULL,
631                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
632 }
633
634
635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636 {
637         /*
638          *      "The sender MUST return an ICMP
639          *       destination unreachable"
640          */
641         dst_link_failure(skb);
642         kfree_skb(skb);
643 }
644
645 /* Called with locked neigh: either read or both */
646
647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648 {
649         struct in6_addr *saddr = NULL;
650         struct in6_addr mcaddr;
651         struct net_device *dev = neigh->dev;
652         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653         int probes = atomic_read(&neigh->probes);
654
655         if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1))
656                 saddr = &ipv6_hdr(skb)->saddr;
657
658         if ((probes -= neigh->parms->ucast_probes) < 0) {
659                 if (!(neigh->nud_state & NUD_VALID)) {
660                         ND_PRINTK1(KERN_DEBUG
661                                    "%s(): trying to ucast probe in NUD_INVALID: "
662                                    NIP6_FMT "\n",
663                                    __FUNCTION__,
664                                    NIP6(*target));
665                 }
666                 ndisc_send_ns(dev, neigh, target, target, saddr);
667         } else if ((probes -= neigh->parms->app_probes) < 0) {
668 #ifdef CONFIG_ARPD
669                 neigh_app_ns(neigh);
670 #endif
671         } else {
672                 addrconf_addr_solict_mult(target, &mcaddr);
673                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674         }
675 }
676
677 static void ndisc_recv_ns(struct sk_buff *skb)
678 {
679         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
680         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
681         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
682         u8 *lladdr = NULL;
683         u32 ndoptlen = skb->tail - (skb->transport_header +
684                                     offsetof(struct nd_msg, opt));
685         struct ndisc_options ndopts;
686         struct net_device *dev = skb->dev;
687         struct inet6_ifaddr *ifp;
688         struct inet6_dev *idev = NULL;
689         struct neighbour *neigh;
690         struct pneigh_entry *pneigh = NULL;
691         int dad = ipv6_addr_any(saddr);
692         int inc;
693         int is_router;
694
695         if (ipv6_addr_is_multicast(&msg->target)) {
696                 ND_PRINTK2(KERN_WARNING
697                            "ICMPv6 NS: multicast target address");
698                 return;
699         }
700
701         /*
702          * RFC2461 7.1.1:
703          * DAD has to be destined for solicited node multicast address.
704          */
705         if (dad &&
706             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
707               daddr->s6_addr32[1] == htonl(0x00000000) &&
708               daddr->s6_addr32[2] == htonl(0x00000001) &&
709               daddr->s6_addr [12] == 0xff )) {
710                 ND_PRINTK2(KERN_WARNING
711                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
712                 return;
713         }
714
715         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
716                 ND_PRINTK2(KERN_WARNING
717                            "ICMPv6 NS: invalid ND options\n");
718                 return;
719         }
720
721         if (ndopts.nd_opts_src_lladdr) {
722                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
723                 if (!lladdr) {
724                         ND_PRINTK2(KERN_WARNING
725                                    "ICMPv6 NS: invalid link-layer address length\n");
726                         return;
727                 }
728
729                 /* RFC2461 7.1.1:
730                  *      If the IP source address is the unspecified address,
731                  *      there MUST NOT be source link-layer address option
732                  *      in the message.
733                  */
734                 if (dad) {
735                         ND_PRINTK2(KERN_WARNING
736                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
737                         return;
738                 }
739         }
740
741         inc = ipv6_addr_is_multicast(daddr);
742
743         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
744
745                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
746                         if (dad) {
747                                 if (dev->type == ARPHRD_IEEE802_TR) {
748                                         const unsigned char *sadr;
749                                         sadr = skb_mac_header(skb);
750                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
751                                             sadr[9] == dev->dev_addr[1] &&
752                                             sadr[10] == dev->dev_addr[2] &&
753                                             sadr[11] == dev->dev_addr[3] &&
754                                             sadr[12] == dev->dev_addr[4] &&
755                                             sadr[13] == dev->dev_addr[5]) {
756                                                 /* looped-back to us */
757                                                 goto out;
758                                         }
759                                 }
760
761                                 /*
762                                  * We are colliding with another node
763                                  * who is doing DAD
764                                  * so fail our DAD process
765                                  */
766                                 addrconf_dad_failure(ifp);
767                                 return;
768                         } else {
769                                 /*
770                                  * This is not a dad solicitation.
771                                  * If we are an optimistic node,
772                                  * we should respond.
773                                  * Otherwise, we should ignore it.
774                                  */
775                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
776                                         goto out;
777                         }
778                 }
779
780                 idev = ifp->idev;
781         } else {
782                 idev = in6_dev_get(dev);
783                 if (!idev) {
784                         /* XXX: count this drop? */
785                         return;
786                 }
787
788                 if (ipv6_chk_acast_addr(dev, &msg->target) ||
789                     (idev->cnf.forwarding &&
790                      (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
791                      (pneigh = pneigh_lookup(&nd_tbl,
792                                              &msg->target, dev, 0)) != NULL)) {
793                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
794                             skb->pkt_type != PACKET_HOST &&
795                             inc != 0 &&
796                             idev->nd_parms->proxy_delay != 0) {
797                                 /*
798                                  * for anycast or proxy,
799                                  * sender should delay its response
800                                  * by a random time between 0 and
801                                  * MAX_ANYCAST_DELAY_TIME seconds.
802                                  * (RFC2461) -- yoshfuji
803                                  */
804                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
805                                 if (n)
806                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
807                                 goto out;
808                         }
809                 } else
810                         goto out;
811         }
812
813         is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
814
815         if (dad) {
816                 struct in6_addr maddr;
817
818                 ipv6_addr_all_nodes(&maddr);
819                 ndisc_send_na(dev, NULL, &maddr, &msg->target,
820                               is_router, 0, (ifp != NULL), 1);
821                 goto out;
822         }
823
824         if (inc)
825                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
826         else
827                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
828
829         /*
830          *      update / create cache entry
831          *      for the source address
832          */
833         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
834                                !inc || lladdr || !dev->addr_len);
835         if (neigh)
836                 neigh_update(neigh, lladdr, NUD_STALE,
837                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
838                              NEIGH_UPDATE_F_OVERRIDE);
839         if (neigh || !dev->header_ops) {
840                 ndisc_send_na(dev, neigh, saddr, &msg->target,
841                               is_router,
842                               1, (ifp != NULL && inc), inc);
843                 if (neigh)
844                         neigh_release(neigh);
845         }
846
847 out:
848         if (ifp)
849                 in6_ifa_put(ifp);
850         else
851                 in6_dev_put(idev);
852
853         return;
854 }
855
856 static void ndisc_recv_na(struct sk_buff *skb)
857 {
858         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
859         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
860         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
861         u8 *lladdr = NULL;
862         u32 ndoptlen = skb->tail - (skb->transport_header +
863                                     offsetof(struct nd_msg, opt));
864         struct ndisc_options ndopts;
865         struct net_device *dev = skb->dev;
866         struct inet6_ifaddr *ifp;
867         struct neighbour *neigh;
868
869         if (skb->len < sizeof(struct nd_msg)) {
870                 ND_PRINTK2(KERN_WARNING
871                            "ICMPv6 NA: packet too short\n");
872                 return;
873         }
874
875         if (ipv6_addr_is_multicast(&msg->target)) {
876                 ND_PRINTK2(KERN_WARNING
877                            "ICMPv6 NA: target address is multicast.\n");
878                 return;
879         }
880
881         if (ipv6_addr_is_multicast(daddr) &&
882             msg->icmph.icmp6_solicited) {
883                 ND_PRINTK2(KERN_WARNING
884                            "ICMPv6 NA: solicited NA is multicasted.\n");
885                 return;
886         }
887
888         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
889                 ND_PRINTK2(KERN_WARNING
890                            "ICMPv6 NS: invalid ND option\n");
891                 return;
892         }
893         if (ndopts.nd_opts_tgt_lladdr) {
894                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
895                 if (!lladdr) {
896                         ND_PRINTK2(KERN_WARNING
897                                    "ICMPv6 NA: invalid link-layer address length\n");
898                         return;
899                 }
900         }
901         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
902                 if (ifp->flags & IFA_F_TENTATIVE) {
903                         addrconf_dad_failure(ifp);
904                         return;
905                 }
906                 /* What should we make now? The advertisement
907                    is invalid, but ndisc specs say nothing
908                    about it. It could be misconfiguration, or
909                    an smart proxy agent tries to help us :-)
910                  */
911                 ND_PRINTK1(KERN_WARNING
912                            "ICMPv6 NA: someone advertises our address on %s!\n",
913                            ifp->idev->dev->name);
914                 in6_ifa_put(ifp);
915                 return;
916         }
917         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
918
919         if (neigh) {
920                 u8 old_flags = neigh->flags;
921
922                 if (neigh->nud_state & NUD_FAILED)
923                         goto out;
924
925                 /*
926                  * Don't update the neighbor cache entry on a proxy NA from
927                  * ourselves because either the proxied node is off link or it
928                  * has already sent a NA to us.
929                  */
930                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
931                     ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
932                     pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
933                         /* XXX: idev->cnf.prixy_ndp */
934                         goto out;
935                 }
936
937                 neigh_update(neigh, lladdr,
938                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
939                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
940                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
941                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
942                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
943
944                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
945                         /*
946                          * Change: router to host
947                          */
948                         struct rt6_info *rt;
949                         rt = rt6_get_dflt_router(saddr, dev);
950                         if (rt)
951                                 ip6_del_rt(rt);
952                 }
953
954 out:
955                 neigh_release(neigh);
956         }
957 }
958
959 static void ndisc_recv_rs(struct sk_buff *skb)
960 {
961         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
962         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
963         struct neighbour *neigh;
964         struct inet6_dev *idev;
965         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
966         struct ndisc_options ndopts;
967         u8 *lladdr = NULL;
968
969         if (skb->len < sizeof(*rs_msg))
970                 return;
971
972         idev = in6_dev_get(skb->dev);
973         if (!idev) {
974                 if (net_ratelimit())
975                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
976                 return;
977         }
978
979         /* Don't accept RS if we're not in router mode */
980         if (!idev->cnf.forwarding)
981                 goto out;
982
983         /*
984          * Don't update NCE if src = ::;
985          * this implies that the source node has no ip address assigned yet.
986          */
987         if (ipv6_addr_any(saddr))
988                 goto out;
989
990         /* Parse ND options */
991         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
992                 if (net_ratelimit())
993                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
994                 goto out;
995         }
996
997         if (ndopts.nd_opts_src_lladdr) {
998                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
999                                              skb->dev);
1000                 if (!lladdr)
1001                         goto out;
1002         }
1003
1004         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1005         if (neigh) {
1006                 neigh_update(neigh, lladdr, NUD_STALE,
1007                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1008                              NEIGH_UPDATE_F_OVERRIDE|
1009                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1010                 neigh_release(neigh);
1011         }
1012 out:
1013         in6_dev_put(idev);
1014 }
1015
1016 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1017 {
1018         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1019         struct sk_buff *skb;
1020         struct nlmsghdr *nlh;
1021         struct nduseroptmsg *ndmsg;
1022         int err;
1023         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1024                                     + (opt->nd_opt_len << 3));
1025         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1026
1027         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1028         if (skb == NULL) {
1029                 err = -ENOBUFS;
1030                 goto errout;
1031         }
1032
1033         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1034         if (nlh == NULL) {
1035                 goto nla_put_failure;
1036         }
1037
1038         ndmsg = nlmsg_data(nlh);
1039         ndmsg->nduseropt_family = AF_INET6;
1040         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1041         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1042         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1043         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1044
1045         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1046
1047         NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1048                 &ipv6_hdr(ra)->saddr);
1049         nlmsg_end(skb, nlh);
1050
1051         err = rtnl_notify(skb, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1052         if (err < 0)
1053                 goto errout;
1054
1055         return;
1056
1057 nla_put_failure:
1058         nlmsg_free(skb);
1059         err = -EMSGSIZE;
1060 errout:
1061         rtnl_set_sk_err(RTNLGRP_ND_USEROPT, err);
1062 }
1063
1064 static void ndisc_router_discovery(struct sk_buff *skb)
1065 {
1066         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1067         struct neighbour *neigh = NULL;
1068         struct inet6_dev *in6_dev;
1069         struct rt6_info *rt = NULL;
1070         int lifetime;
1071         struct ndisc_options ndopts;
1072         int optlen;
1073         unsigned int pref = 0;
1074
1075         __u8 * opt = (__u8 *)(ra_msg + 1);
1076
1077         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1078
1079         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1080                 ND_PRINTK2(KERN_WARNING
1081                            "ICMPv6 RA: source address is not link-local.\n");
1082                 return;
1083         }
1084         if (optlen < 0) {
1085                 ND_PRINTK2(KERN_WARNING
1086                            "ICMPv6 RA: packet too short\n");
1087                 return;
1088         }
1089
1090         /*
1091          *      set the RA_RECV flag in the interface
1092          */
1093
1094         in6_dev = in6_dev_get(skb->dev);
1095         if (in6_dev == NULL) {
1096                 ND_PRINTK0(KERN_ERR
1097                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1098                            skb->dev->name);
1099                 return;
1100         }
1101         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1102                 in6_dev_put(in6_dev);
1103                 return;
1104         }
1105
1106         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1107                 in6_dev_put(in6_dev);
1108                 ND_PRINTK2(KERN_WARNING
1109                            "ICMP6 RA: invalid ND options\n");
1110                 return;
1111         }
1112
1113         if (in6_dev->if_flags & IF_RS_SENT) {
1114                 /*
1115                  *      flag that an RA was received after an RS was sent
1116                  *      out on this interface.
1117                  */
1118                 in6_dev->if_flags |= IF_RA_RCVD;
1119         }
1120
1121         /*
1122          * Remember the managed/otherconf flags from most recently
1123          * received RA message (RFC 2462) -- yoshfuji
1124          */
1125         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1126                                 IF_RA_OTHERCONF)) |
1127                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1128                                         IF_RA_MANAGED : 0) |
1129                                 (ra_msg->icmph.icmp6_addrconf_other ?
1130                                         IF_RA_OTHERCONF : 0);
1131
1132         if (!in6_dev->cnf.accept_ra_defrtr)
1133                 goto skip_defrtr;
1134
1135         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1136
1137 #ifdef CONFIG_IPV6_ROUTER_PREF
1138         pref = ra_msg->icmph.icmp6_router_pref;
1139         /* 10b is handled as if it were 00b (medium) */
1140         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1141             !in6_dev->cnf.accept_ra_rtr_pref)
1142                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1143 #endif
1144
1145         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1146
1147         if (rt)
1148                 neigh = rt->rt6i_nexthop;
1149
1150         if (rt && lifetime == 0) {
1151                 neigh_clone(neigh);
1152                 ip6_del_rt(rt);
1153                 rt = NULL;
1154         }
1155
1156         if (rt == NULL && lifetime) {
1157                 ND_PRINTK3(KERN_DEBUG
1158                            "ICMPv6 RA: adding default router.\n");
1159
1160                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1161                 if (rt == NULL) {
1162                         ND_PRINTK0(KERN_ERR
1163                                    "ICMPv6 RA: %s() failed to add default route.\n",
1164                                    __FUNCTION__);
1165                         in6_dev_put(in6_dev);
1166                         return;
1167                 }
1168
1169                 neigh = rt->rt6i_nexthop;
1170                 if (neigh == NULL) {
1171                         ND_PRINTK0(KERN_ERR
1172                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1173                                    __FUNCTION__);
1174                         dst_release(&rt->u.dst);
1175                         in6_dev_put(in6_dev);
1176                         return;
1177                 }
1178                 neigh->flags |= NTF_ROUTER;
1179         } else if (rt) {
1180                 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1181         }
1182
1183         if (rt)
1184                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1185
1186         if (ra_msg->icmph.icmp6_hop_limit) {
1187                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1188                 if (rt)
1189                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1190         }
1191
1192 skip_defrtr:
1193
1194         /*
1195          *      Update Reachable Time and Retrans Timer
1196          */
1197
1198         if (in6_dev->nd_parms) {
1199                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1200
1201                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1202                         rtime = (rtime*HZ)/1000;
1203                         if (rtime < HZ/10)
1204                                 rtime = HZ/10;
1205                         in6_dev->nd_parms->retrans_time = rtime;
1206                         in6_dev->tstamp = jiffies;
1207                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1208                 }
1209
1210                 rtime = ntohl(ra_msg->reachable_time);
1211                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1212                         rtime = (rtime*HZ)/1000;
1213
1214                         if (rtime < HZ/10)
1215                                 rtime = HZ/10;
1216
1217                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1218                                 in6_dev->nd_parms->base_reachable_time = rtime;
1219                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1220                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1221                                 in6_dev->tstamp = jiffies;
1222                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1223                         }
1224                 }
1225         }
1226
1227         /*
1228          *      Process options.
1229          */
1230
1231         if (!neigh)
1232                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1233                                        skb->dev, 1);
1234         if (neigh) {
1235                 u8 *lladdr = NULL;
1236                 if (ndopts.nd_opts_src_lladdr) {
1237                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1238                                                      skb->dev);
1239                         if (!lladdr) {
1240                                 ND_PRINTK2(KERN_WARNING
1241                                            "ICMPv6 RA: invalid link-layer address length\n");
1242                                 goto out;
1243                         }
1244                 }
1245                 neigh_update(neigh, lladdr, NUD_STALE,
1246                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1247                              NEIGH_UPDATE_F_OVERRIDE|
1248                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1249                              NEIGH_UPDATE_F_ISROUTER);
1250         }
1251
1252 #ifdef CONFIG_IPV6_ROUTE_INFO
1253         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1254                 struct nd_opt_hdr *p;
1255                 for (p = ndopts.nd_opts_ri;
1256                      p;
1257                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1258                         if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1259                                 continue;
1260                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1261                                       &ipv6_hdr(skb)->saddr);
1262                 }
1263         }
1264 #endif
1265
1266         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1267                 struct nd_opt_hdr *p;
1268                 for (p = ndopts.nd_opts_pi;
1269                      p;
1270                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1271                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1272                 }
1273         }
1274
1275         if (ndopts.nd_opts_mtu) {
1276                 __be32 n;
1277                 u32 mtu;
1278
1279                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1280                 mtu = ntohl(n);
1281
1282                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1283                         ND_PRINTK2(KERN_WARNING
1284                                    "ICMPv6 RA: invalid mtu: %d\n",
1285                                    mtu);
1286                 } else if (in6_dev->cnf.mtu6 != mtu) {
1287                         in6_dev->cnf.mtu6 = mtu;
1288
1289                         if (rt)
1290                                 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1291
1292                         rt6_mtu_change(skb->dev, mtu);
1293                 }
1294         }
1295
1296         if (ndopts.nd_useropts) {
1297                 struct nd_opt_hdr *opt;
1298                 for (opt = ndopts.nd_useropts;
1299                      opt;
1300                      opt = ndisc_next_useropt(opt, ndopts.nd_useropts_end)) {
1301                                 ndisc_ra_useropt(skb, opt);
1302                 }
1303         }
1304
1305         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1306                 ND_PRINTK2(KERN_WARNING
1307                            "ICMPv6 RA: invalid RA options");
1308         }
1309 out:
1310         if (rt)
1311                 dst_release(&rt->u.dst);
1312         else if (neigh)
1313                 neigh_release(neigh);
1314         in6_dev_put(in6_dev);
1315 }
1316
1317 static void ndisc_redirect_rcv(struct sk_buff *skb)
1318 {
1319         struct inet6_dev *in6_dev;
1320         struct icmp6hdr *icmph;
1321         struct in6_addr *dest;
1322         struct in6_addr *target;        /* new first hop to destination */
1323         struct neighbour *neigh;
1324         int on_link = 0;
1325         struct ndisc_options ndopts;
1326         int optlen;
1327         u8 *lladdr = NULL;
1328
1329         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1330                 ND_PRINTK2(KERN_WARNING
1331                            "ICMPv6 Redirect: source address is not link-local.\n");
1332                 return;
1333         }
1334
1335         optlen = skb->tail - skb->transport_header;
1336         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1337
1338         if (optlen < 0) {
1339                 ND_PRINTK2(KERN_WARNING
1340                            "ICMPv6 Redirect: packet too short\n");
1341                 return;
1342         }
1343
1344         icmph = icmp6_hdr(skb);
1345         target = (struct in6_addr *) (icmph + 1);
1346         dest = target + 1;
1347
1348         if (ipv6_addr_is_multicast(dest)) {
1349                 ND_PRINTK2(KERN_WARNING
1350                            "ICMPv6 Redirect: destination address is multicast.\n");
1351                 return;
1352         }
1353
1354         if (ipv6_addr_equal(dest, target)) {
1355                 on_link = 1;
1356         } else if (ipv6_addr_type(target) !=
1357                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1358                 ND_PRINTK2(KERN_WARNING
1359                            "ICMPv6 Redirect: target address is not link-local unicast.\n");
1360                 return;
1361         }
1362
1363         in6_dev = in6_dev_get(skb->dev);
1364         if (!in6_dev)
1365                 return;
1366         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1367                 in6_dev_put(in6_dev);
1368                 return;
1369         }
1370
1371         /* RFC2461 8.1:
1372          *      The IP source address of the Redirect MUST be the same as the current
1373          *      first-hop router for the specified ICMP Destination Address.
1374          */
1375
1376         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1377                 ND_PRINTK2(KERN_WARNING
1378                            "ICMPv6 Redirect: invalid ND options\n");
1379                 in6_dev_put(in6_dev);
1380                 return;
1381         }
1382         if (ndopts.nd_opts_tgt_lladdr) {
1383                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1384                                              skb->dev);
1385                 if (!lladdr) {
1386                         ND_PRINTK2(KERN_WARNING
1387                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1388                         in6_dev_put(in6_dev);
1389                         return;
1390                 }
1391         }
1392
1393         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1394         if (neigh) {
1395                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1396                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1397                              on_link);
1398                 neigh_release(neigh);
1399         }
1400         in6_dev_put(in6_dev);
1401 }
1402
1403 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1404                          struct in6_addr *target)
1405 {
1406         struct sock *sk = ndisc_socket->sk;
1407         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1408         struct sk_buff *buff;
1409         struct icmp6hdr *icmph;
1410         struct in6_addr saddr_buf;
1411         struct in6_addr *addrp;
1412         struct net_device *dev;
1413         struct rt6_info *rt;
1414         struct dst_entry *dst;
1415         struct inet6_dev *idev;
1416         struct flowi fl;
1417         u8 *opt;
1418         int rd_len;
1419         int err;
1420         int hlen;
1421         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1422
1423         dev = skb->dev;
1424
1425         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1426                 ND_PRINTK2(KERN_WARNING
1427                            "ICMPv6 Redirect: no link-local address on %s\n",
1428                            dev->name);
1429                 return;
1430         }
1431
1432         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1433             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1434                 ND_PRINTK2(KERN_WARNING
1435                         "ICMPv6 Redirect: target address is not link-local unicast.\n");
1436                 return;
1437         }
1438
1439         ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1440                         dev->ifindex);
1441
1442         dst = ip6_route_output(NULL, &fl);
1443         if (dst == NULL)
1444                 return;
1445
1446         err = xfrm_lookup(&dst, &fl, NULL, 0);
1447         if (err)
1448                 return;
1449
1450         rt = (struct rt6_info *) dst;
1451
1452         if (rt->rt6i_flags & RTF_GATEWAY) {
1453                 ND_PRINTK2(KERN_WARNING
1454                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1455                 dst_release(dst);
1456                 return;
1457         }
1458         if (!xrlim_allow(dst, 1*HZ)) {
1459                 dst_release(dst);
1460                 return;
1461         }
1462
1463         if (dev->addr_len) {
1464                 read_lock_bh(&neigh->lock);
1465                 if (neigh->nud_state & NUD_VALID) {
1466                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1467                         read_unlock_bh(&neigh->lock);
1468                         ha = ha_buf;
1469                         len += ndisc_opt_addr_space(dev);
1470                 } else
1471                         read_unlock_bh(&neigh->lock);
1472         }
1473
1474         rd_len = min_t(unsigned int,
1475                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1476         rd_len &= ~0x7;
1477         len += rd_len;
1478
1479         buff = sock_alloc_send_skb(sk,
1480                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1481                                     len + LL_RESERVED_SPACE(dev)),
1482                                    1, &err);
1483         if (buff == NULL) {
1484                 ND_PRINTK0(KERN_ERR
1485                            "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1486                            __FUNCTION__);
1487                 dst_release(dst);
1488                 return;
1489         }
1490
1491         hlen = 0;
1492
1493         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1494         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1495                    IPPROTO_ICMPV6, len);
1496
1497         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1498         skb_put(buff, len);
1499         icmph = icmp6_hdr(buff);
1500
1501         memset(icmph, 0, sizeof(struct icmp6hdr));
1502         icmph->icmp6_type = NDISC_REDIRECT;
1503
1504         /*
1505          *      copy target and destination addresses
1506          */
1507
1508         addrp = (struct in6_addr *)(icmph + 1);
1509         ipv6_addr_copy(addrp, target);
1510         addrp++;
1511         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1512
1513         opt = (u8*) (addrp + 1);
1514
1515         /*
1516          *      include target_address option
1517          */
1518
1519         if (ha)
1520                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1521                                              dev->addr_len, dev->type);
1522
1523         /*
1524          *      build redirect option and copy skb over to the new packet.
1525          */
1526
1527         memset(opt, 0, 8);
1528         *(opt++) = ND_OPT_REDIRECT_HDR;
1529         *(opt++) = (rd_len >> 3);
1530         opt += 6;
1531
1532         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1533
1534         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1535                                              len, IPPROTO_ICMPV6,
1536                                              csum_partial((u8 *) icmph, len, 0));
1537
1538         buff->dst = dst;
1539         idev = in6_dev_get(dst->dev);
1540         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1541         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1542         if (!err) {
1543                 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1544                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1545         }
1546
1547         if (likely(idev != NULL))
1548                 in6_dev_put(idev);
1549 }
1550
1551 static void pndisc_redo(struct sk_buff *skb)
1552 {
1553         ndisc_recv_ns(skb);
1554         kfree_skb(skb);
1555 }
1556
1557 int ndisc_rcv(struct sk_buff *skb)
1558 {
1559         struct nd_msg *msg;
1560
1561         if (!pskb_may_pull(skb, skb->len))
1562                 return 0;
1563
1564         msg = (struct nd_msg *)skb_transport_header(skb);
1565
1566         __skb_push(skb, skb->data - skb_transport_header(skb));
1567
1568         if (ipv6_hdr(skb)->hop_limit != 255) {
1569                 ND_PRINTK2(KERN_WARNING
1570                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1571                            ipv6_hdr(skb)->hop_limit);
1572                 return 0;
1573         }
1574
1575         if (msg->icmph.icmp6_code != 0) {
1576                 ND_PRINTK2(KERN_WARNING
1577                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1578                            msg->icmph.icmp6_code);
1579                 return 0;
1580         }
1581
1582         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1583
1584         switch (msg->icmph.icmp6_type) {
1585         case NDISC_NEIGHBOUR_SOLICITATION:
1586                 ndisc_recv_ns(skb);
1587                 break;
1588
1589         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1590                 ndisc_recv_na(skb);
1591                 break;
1592
1593         case NDISC_ROUTER_SOLICITATION:
1594                 ndisc_recv_rs(skb);
1595                 break;
1596
1597         case NDISC_ROUTER_ADVERTISEMENT:
1598                 ndisc_router_discovery(skb);
1599                 break;
1600
1601         case NDISC_REDIRECT:
1602                 ndisc_redirect_rcv(skb);
1603                 break;
1604         }
1605
1606         return 0;
1607 }
1608
1609 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1610 {
1611         struct net_device *dev = ptr;
1612
1613         if (dev->nd_net != &init_net)
1614                 return NOTIFY_DONE;
1615
1616         switch (event) {
1617         case NETDEV_CHANGEADDR:
1618                 neigh_changeaddr(&nd_tbl, dev);
1619                 fib6_run_gc(~0UL);
1620                 break;
1621         case NETDEV_DOWN:
1622                 neigh_ifdown(&nd_tbl, dev);
1623                 fib6_run_gc(~0UL);
1624                 break;
1625         default:
1626                 break;
1627         }
1628
1629         return NOTIFY_DONE;
1630 }
1631
1632 static struct notifier_block ndisc_netdev_notifier = {
1633         .notifier_call = ndisc_netdev_event,
1634 };
1635
1636 #ifdef CONFIG_SYSCTL
1637 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1638                                          const char *func, const char *dev_name)
1639 {
1640         static char warncomm[TASK_COMM_LEN];
1641         static int warned;
1642         if (strcmp(warncomm, current->comm) && warned < 5) {
1643                 strcpy(warncomm, current->comm);
1644                 printk(KERN_WARNING
1645                         "process `%s' is using deprecated sysctl (%s) "
1646                         "net.ipv6.neigh.%s.%s; "
1647                         "Use net.ipv6.neigh.%s.%s_ms "
1648                         "instead.\n",
1649                         warncomm, func,
1650                         dev_name, ctl->procname,
1651                         dev_name, ctl->procname);
1652                 warned++;
1653         }
1654 }
1655
1656 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1657 {
1658         struct net_device *dev = ctl->extra1;
1659         struct inet6_dev *idev;
1660         int ret;
1661
1662         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1663             (strcmp(ctl->procname, "base_reachable_time") == 0))
1664                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1665
1666         if (strcmp(ctl->procname, "retrans_time") == 0)
1667                 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1668
1669         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1670                 ret = proc_dointvec_jiffies(ctl, write,
1671                                             filp, buffer, lenp, ppos);
1672
1673         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1674                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1675                 ret = proc_dointvec_ms_jiffies(ctl, write,
1676                                                filp, buffer, lenp, ppos);
1677         else
1678                 ret = -1;
1679
1680         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1681                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1682                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1683                 idev->tstamp = jiffies;
1684                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1685                 in6_dev_put(idev);
1686         }
1687         return ret;
1688 }
1689
1690 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1691                                         int nlen, void __user *oldval,
1692                                         size_t __user *oldlenp,
1693                                         void __user *newval, size_t newlen)
1694 {
1695         struct net_device *dev = ctl->extra1;
1696         struct inet6_dev *idev;
1697         int ret;
1698
1699         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1700             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1701                 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1702
1703         switch (ctl->ctl_name) {
1704         case NET_NEIGH_REACHABLE_TIME:
1705                 ret = sysctl_jiffies(ctl, name, nlen,
1706                                      oldval, oldlenp, newval, newlen);
1707                 break;
1708         case NET_NEIGH_RETRANS_TIME_MS:
1709         case NET_NEIGH_REACHABLE_TIME_MS:
1710                  ret = sysctl_ms_jiffies(ctl, name, nlen,
1711                                          oldval, oldlenp, newval, newlen);
1712                  break;
1713         default:
1714                 ret = 0;
1715         }
1716
1717         if (newval && newlen && ret > 0 &&
1718             dev && (idev = in6_dev_get(dev)) != NULL) {
1719                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1720                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1721                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1722                 idev->tstamp = jiffies;
1723                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1724                 in6_dev_put(idev);
1725         }
1726
1727         return ret;
1728 }
1729
1730 #endif
1731
1732 int __init ndisc_init(struct net_proto_family *ops)
1733 {
1734         struct ipv6_pinfo *np;
1735         struct sock *sk;
1736         int err;
1737
1738         err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1739         if (err < 0) {
1740                 ND_PRINTK0(KERN_ERR
1741                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1742                            err);
1743                 ndisc_socket = NULL; /* For safety. */
1744                 return err;
1745         }
1746
1747         sk = ndisc_socket->sk;
1748         np = inet6_sk(sk);
1749         sk->sk_allocation = GFP_ATOMIC;
1750         np->hop_limit = 255;
1751         /* Do not loopback ndisc messages */
1752         np->mc_loop = 0;
1753         sk->sk_prot->unhash(sk);
1754
1755         /*
1756          * Initialize the neighbour table
1757          */
1758
1759         neigh_table_init(&nd_tbl);
1760
1761 #ifdef CONFIG_SYSCTL
1762         neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1763                               "ipv6",
1764                               &ndisc_ifinfo_sysctl_change,
1765                               &ndisc_ifinfo_sysctl_strategy);
1766 #endif
1767
1768         register_netdevice_notifier(&ndisc_netdev_notifier);
1769         return 0;
1770 }
1771
1772 void ndisc_cleanup(void)
1773 {
1774         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1775 #ifdef CONFIG_SYSCTL
1776         neigh_sysctl_unregister(&nd_tbl.parms);
1777 #endif
1778         neigh_table_clear(&nd_tbl);
1779         sock_release(ndisc_socket);
1780         ndisc_socket = NULL; /* For safety. */
1781 }