[NET]: cleanup extra semicolons
[linux-2.6.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Lars Fenneberg                  :       fixed MTU setting on receipt
19  *                                              of an RA.
20  *
21  *      Janos Farkas                    :       kmalloc failure checks
22  *      Alexey Kuznetsov                :       state machine reworked
23  *                                              and moved to net/core.
24  *      Pekka Savola                    :       RFC2461 validation
25  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
26  */
27
28 /* Set to 3 to get tracing... */
29 #define ND_DEBUG 1
30
31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
36 #define ND_PRINTK3 ND_NOPRINTK
37 #if ND_DEBUG >= 1
38 #undef ND_PRINTK1
39 #define ND_PRINTK1 ND_PRINTK
40 #endif
41 #if ND_DEBUG >= 2
42 #undef ND_PRINTK2
43 #define ND_PRINTK2 ND_PRINTK
44 #endif
45 #if ND_DEBUG >= 3
46 #undef ND_PRINTK3
47 #define ND_PRINTK3 ND_PRINTK
48 #endif
49
50 #include <linux/module.h>
51 #include <linux/errno.h>
52 #include <linux/types.h>
53 #include <linux/socket.h>
54 #include <linux/sockios.h>
55 #include <linux/sched.h>
56 #include <linux/net.h>
57 #include <linux/in6.h>
58 #include <linux/route.h>
59 #include <linux/init.h>
60 #include <linux/rcupdate.h>
61 #ifdef CONFIG_SYSCTL
62 #include <linux/sysctl.h>
63 #endif
64
65 #include <linux/if_addr.h>
66 #include <linux/if_arp.h>
67 #include <linux/ipv6.h>
68 #include <linux/icmpv6.h>
69 #include <linux/jhash.h>
70
71 #include <net/sock.h>
72 #include <net/snmp.h>
73
74 #include <net/ipv6.h>
75 #include <net/protocol.h>
76 #include <net/ndisc.h>
77 #include <net/ip6_route.h>
78 #include <net/addrconf.h>
79 #include <net/icmp.h>
80
81 #include <net/flow.h>
82 #include <net/ip6_checksum.h>
83 #include <linux/proc_fs.h>
84
85 #include <linux/netfilter.h>
86 #include <linux/netfilter_ipv6.h>
87
88 static struct socket *ndisc_socket;
89
90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91 static int ndisc_constructor(struct neighbour *neigh);
92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94 static int pndisc_constructor(struct pneigh_entry *n);
95 static void pndisc_destructor(struct pneigh_entry *n);
96 static void pndisc_redo(struct sk_buff *skb);
97
98 static struct neigh_ops ndisc_generic_ops = {
99         .family =               AF_INET6,
100         .solicit =              ndisc_solicit,
101         .error_report =         ndisc_error_report,
102         .output =               neigh_resolve_output,
103         .connected_output =     neigh_connected_output,
104         .hh_output =            dev_queue_xmit,
105         .queue_xmit =           dev_queue_xmit,
106 };
107
108 static struct neigh_ops ndisc_hh_ops = {
109         .family =               AF_INET6,
110         .solicit =              ndisc_solicit,
111         .error_report =         ndisc_error_report,
112         .output =               neigh_resolve_output,
113         .connected_output =     neigh_resolve_output,
114         .hh_output =            dev_queue_xmit,
115         .queue_xmit =           dev_queue_xmit,
116 };
117
118
119 static struct neigh_ops ndisc_direct_ops = {
120         .family =               AF_INET6,
121         .output =               dev_queue_xmit,
122         .connected_output =     dev_queue_xmit,
123         .hh_output =            dev_queue_xmit,
124         .queue_xmit =           dev_queue_xmit,
125 };
126
127 struct neigh_table nd_tbl = {
128         .family =       AF_INET6,
129         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
130         .key_len =      sizeof(struct in6_addr),
131         .hash =         ndisc_hash,
132         .constructor =  ndisc_constructor,
133         .pconstructor = pndisc_constructor,
134         .pdestructor =  pndisc_destructor,
135         .proxy_redo =   pndisc_redo,
136         .id =           "ndisc_cache",
137         .parms = {
138                 .tbl =                  &nd_tbl,
139                 .base_reachable_time =  30 * HZ,
140                 .retrans_time =  1 * HZ,
141                 .gc_staletime = 60 * HZ,
142                 .reachable_time =               30 * HZ,
143                 .delay_probe_time =      5 * HZ,
144                 .queue_len =             3,
145                 .ucast_probes =  3,
146                 .mcast_probes =  3,
147                 .anycast_delay =         1 * HZ,
148                 .proxy_delay =          (8 * HZ) / 10,
149                 .proxy_qlen =           64,
150         },
151         .gc_interval =    30 * HZ,
152         .gc_thresh1 =    128,
153         .gc_thresh2 =    512,
154         .gc_thresh3 =   1024,
155 };
156
157 /* ND options */
158 struct ndisc_options {
159         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160 #ifdef CONFIG_IPV6_ROUTE_INFO
161         struct nd_opt_hdr *nd_opts_ri;
162         struct nd_opt_hdr *nd_opts_ri_end;
163 #endif
164 };
165
166 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
167 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
168 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
169 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
170 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
171 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
172
173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
174
175 /*
176  * Return the padding between the option length and the start of the
177  * link addr.  Currently only IP-over-InfiniBand needs this, although
178  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
179  * also need a pad of 2.
180  */
181 static int ndisc_addr_option_pad(unsigned short type)
182 {
183         switch (type) {
184         case ARPHRD_INFINIBAND: return 2;
185         default:                return 0;
186         }
187 }
188
189 static inline int ndisc_opt_addr_space(struct net_device *dev)
190 {
191         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
192 }
193
194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
195                                   unsigned short addr_type)
196 {
197         int space = NDISC_OPT_SPACE(data_len);
198         int pad   = ndisc_addr_option_pad(addr_type);
199
200         opt[0] = type;
201         opt[1] = space>>3;
202
203         memset(opt + 2, 0, pad);
204         opt   += pad;
205         space -= pad;
206
207         memcpy(opt+2, data, data_len);
208         data_len += 2;
209         opt += data_len;
210         if ((space -= data_len) > 0)
211                 memset(opt, 0, space);
212         return opt + space;
213 }
214
215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
216                                             struct nd_opt_hdr *end)
217 {
218         int type;
219         if (!cur || !end || cur >= end)
220                 return NULL;
221         type = cur->nd_opt_type;
222         do {
223                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
224         } while(cur < end && cur->nd_opt_type != type);
225         return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
226 }
227
228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
229                                                  struct ndisc_options *ndopts)
230 {
231         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
232
233         if (!nd_opt || opt_len < 0 || !ndopts)
234                 return NULL;
235         memset(ndopts, 0, sizeof(*ndopts));
236         while (opt_len) {
237                 int l;
238                 if (opt_len < sizeof(struct nd_opt_hdr))
239                         return NULL;
240                 l = nd_opt->nd_opt_len << 3;
241                 if (opt_len < l || l == 0)
242                         return NULL;
243                 switch (nd_opt->nd_opt_type) {
244                 case ND_OPT_SOURCE_LL_ADDR:
245                 case ND_OPT_TARGET_LL_ADDR:
246                 case ND_OPT_MTU:
247                 case ND_OPT_REDIRECT_HDR:
248                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
249                                 ND_PRINTK2(KERN_WARNING
250                                            "%s(): duplicated ND6 option found: type=%d\n",
251                                            __FUNCTION__,
252                                            nd_opt->nd_opt_type);
253                         } else {
254                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255                         }
256                         break;
257                 case ND_OPT_PREFIX_INFO:
258                         ndopts->nd_opts_pi_end = nd_opt;
259                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
260                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
261                         break;
262 #ifdef CONFIG_IPV6_ROUTE_INFO
263                 case ND_OPT_ROUTE_INFO:
264                         ndopts->nd_opts_ri_end = nd_opt;
265                         if (!ndopts->nd_opts_ri)
266                                 ndopts->nd_opts_ri = nd_opt;
267                         break;
268 #endif
269                 default:
270                         /*
271                          * Unknown options must be silently ignored,
272                          * to accommodate future extension to the protocol.
273                          */
274                         ND_PRINTK2(KERN_NOTICE
275                                    "%s(): ignored unsupported option; type=%d, len=%d\n",
276                                    __FUNCTION__,
277                                    nd_opt->nd_opt_type, nd_opt->nd_opt_len);
278                 }
279                 opt_len -= l;
280                 nd_opt = ((void *)nd_opt) + l;
281         }
282         return ndopts;
283 }
284
285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
286                                       struct net_device *dev)
287 {
288         u8 *lladdr = (u8 *)(p + 1);
289         int lladdrlen = p->nd_opt_len << 3;
290         int prepad = ndisc_addr_option_pad(dev->type);
291         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
292                 return NULL;
293         return (lladdr + prepad);
294 }
295
296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
297 {
298         switch (dev->type) {
299         case ARPHRD_ETHER:
300         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
301         case ARPHRD_FDDI:
302                 ipv6_eth_mc_map(addr, buf);
303                 return 0;
304         case ARPHRD_IEEE802_TR:
305                 ipv6_tr_mc_map(addr,buf);
306                 return 0;
307         case ARPHRD_ARCNET:
308                 ipv6_arcnet_mc_map(addr, buf);
309                 return 0;
310         case ARPHRD_INFINIBAND:
311                 ipv6_ib_mc_map(addr, buf);
312                 return 0;
313         default:
314                 if (dir) {
315                         memcpy(buf, dev->broadcast, dev->addr_len);
316                         return 0;
317                 }
318         }
319         return -EINVAL;
320 }
321
322 EXPORT_SYMBOL(ndisc_mc_map);
323
324 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
325 {
326         const u32 *p32 = pkey;
327         u32 addr_hash, i;
328
329         addr_hash = 0;
330         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
331                 addr_hash ^= *p32++;
332
333         return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
334 }
335
336 static int ndisc_constructor(struct neighbour *neigh)
337 {
338         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
339         struct net_device *dev = neigh->dev;
340         struct inet6_dev *in6_dev;
341         struct neigh_parms *parms;
342         int is_multicast = ipv6_addr_is_multicast(addr);
343
344         rcu_read_lock();
345         in6_dev = in6_dev_get(dev);
346         if (in6_dev == NULL) {
347                 rcu_read_unlock();
348                 return -EINVAL;
349         }
350
351         parms = in6_dev->nd_parms;
352         __neigh_parms_put(neigh->parms);
353         neigh->parms = neigh_parms_clone(parms);
354         rcu_read_unlock();
355
356         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
357         if (dev->hard_header == NULL) {
358                 neigh->nud_state = NUD_NOARP;
359                 neigh->ops = &ndisc_direct_ops;
360                 neigh->output = neigh->ops->queue_xmit;
361         } else {
362                 if (is_multicast) {
363                         neigh->nud_state = NUD_NOARP;
364                         ndisc_mc_map(addr, neigh->ha, dev, 1);
365                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
366                         neigh->nud_state = NUD_NOARP;
367                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
368                         if (dev->flags&IFF_LOOPBACK)
369                                 neigh->type = RTN_LOCAL;
370                 } else if (dev->flags&IFF_POINTOPOINT) {
371                         neigh->nud_state = NUD_NOARP;
372                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
373                 }
374                 if (dev->hard_header_cache)
375                         neigh->ops = &ndisc_hh_ops;
376                 else
377                         neigh->ops = &ndisc_generic_ops;
378                 if (neigh->nud_state&NUD_VALID)
379                         neigh->output = neigh->ops->connected_output;
380                 else
381                         neigh->output = neigh->ops->output;
382         }
383         in6_dev_put(in6_dev);
384         return 0;
385 }
386
387 static int pndisc_constructor(struct pneigh_entry *n)
388 {
389         struct in6_addr *addr = (struct in6_addr*)&n->key;
390         struct in6_addr maddr;
391         struct net_device *dev = n->dev;
392
393         if (dev == NULL || __in6_dev_get(dev) == NULL)
394                 return -EINVAL;
395         addrconf_addr_solict_mult(addr, &maddr);
396         ipv6_dev_mc_inc(dev, &maddr);
397         return 0;
398 }
399
400 static void pndisc_destructor(struct pneigh_entry *n)
401 {
402         struct in6_addr *addr = (struct in6_addr*)&n->key;
403         struct in6_addr maddr;
404         struct net_device *dev = n->dev;
405
406         if (dev == NULL || __in6_dev_get(dev) == NULL)
407                 return;
408         addrconf_addr_solict_mult(addr, &maddr);
409         ipv6_dev_mc_dec(dev, &maddr);
410 }
411
412 /*
413  *      Send a Neighbour Advertisement
414  */
415
416 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
417                             struct in6_addr *saddr, struct in6_addr *daddr,
418                             int oif)
419 {
420         memset(fl, 0, sizeof(*fl));
421         ipv6_addr_copy(&fl->fl6_src, saddr);
422         ipv6_addr_copy(&fl->fl6_dst, daddr);
423         fl->proto               = IPPROTO_ICMPV6;
424         fl->fl_icmp_type        = type;
425         fl->fl_icmp_code        = 0;
426         fl->oif                 = oif;
427         security_sk_classify_flow(ndisc_socket->sk, fl);
428 }
429
430 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
431                    struct in6_addr *daddr, struct in6_addr *solicited_addr,
432                    int router, int solicited, int override, int inc_opt)
433 {
434         struct in6_addr tmpaddr;
435         struct inet6_ifaddr *ifp;
436         struct inet6_dev *idev;
437         struct flowi fl;
438         struct dst_entry* dst;
439         struct sock *sk = ndisc_socket->sk;
440         struct in6_addr *src_addr;
441         struct nd_msg *msg;
442         int len;
443         struct sk_buff *skb;
444         int err;
445
446         len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
447
448         /* for anycast or proxy, solicited_addr != src_addr */
449         ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
450         if (ifp) {
451                 src_addr = solicited_addr;
452                 if (ifp->flags & IFA_F_OPTIMISTIC)
453                         override = 0;
454                 in6_ifa_put(ifp);
455         } else {
456                 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
457                         return;
458                 src_addr = &tmpaddr;
459         }
460
461         ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr,
462                         dev->ifindex);
463
464         dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
465         if (!dst)
466                 return;
467
468         err = xfrm_lookup(&dst, &fl, NULL, 0);
469         if (err < 0)
470                 return;
471
472         if (inc_opt) {
473                 if (dev->addr_len)
474                         len += ndisc_opt_addr_space(dev);
475                 else
476                         inc_opt = 0;
477         }
478
479         skb = sock_alloc_send_skb(sk,
480                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
481                                    len + LL_RESERVED_SPACE(dev)),
482                                   1, &err);
483
484         if (skb == NULL) {
485                 ND_PRINTK0(KERN_ERR
486                            "ICMPv6 NA: %s() failed to allocate an skb.\n",
487                            __FUNCTION__);
488                 dst_release(dst);
489                 return;
490         }
491
492         skb_reserve(skb, LL_RESERVED_SPACE(dev));
493         ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
494
495         skb->transport_header = skb->tail;
496         skb_put(skb, len);
497         msg = (struct nd_msg *)skb_transport_header(skb);
498
499         msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
500         msg->icmph.icmp6_code = 0;
501         msg->icmph.icmp6_cksum = 0;
502
503         msg->icmph.icmp6_unused = 0;
504         msg->icmph.icmp6_router    = router;
505         msg->icmph.icmp6_solicited = solicited;
506         msg->icmph.icmp6_override  = override;
507
508         /* Set the target address. */
509         ipv6_addr_copy(&msg->target, solicited_addr);
510
511         if (inc_opt)
512                 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr,
513                                        dev->addr_len, dev->type);
514
515         /* checksum */
516         msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
517                                                  IPPROTO_ICMPV6,
518                                                  csum_partial((__u8 *) msg,
519                                                               len, 0));
520
521         skb->dst = dst;
522         idev = in6_dev_get(dst->dev);
523         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
524         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
525         if (!err) {
526                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
527                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
528         }
529
530         if (likely(idev != NULL))
531                 in6_dev_put(idev);
532 }
533
534 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
535                    struct in6_addr *solicit,
536                    struct in6_addr *daddr, struct in6_addr *saddr)
537 {
538         struct flowi fl;
539         struct dst_entry* dst;
540         struct inet6_dev *idev;
541         struct sock *sk = ndisc_socket->sk;
542         struct sk_buff *skb;
543         struct nd_msg *msg;
544         struct in6_addr addr_buf;
545         int len;
546         int err;
547         int send_llinfo;
548
549         if (saddr == NULL) {
550                 if (ipv6_get_lladdr(dev, &addr_buf,
551                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
552                         return;
553                 saddr = &addr_buf;
554         }
555
556         ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr,
557                         dev->ifindex);
558
559         dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
560         if (!dst)
561                 return;
562
563         err = xfrm_lookup(&dst, &fl, NULL, 0);
564         if (err < 0)
565                 return;
566
567         len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
568         send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
569         if (send_llinfo)
570                 len += ndisc_opt_addr_space(dev);
571
572         skb = sock_alloc_send_skb(sk,
573                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
574                                    len + LL_RESERVED_SPACE(dev)),
575                                   1, &err);
576         if (skb == NULL) {
577                 ND_PRINTK0(KERN_ERR
578                            "ICMPv6 NA: %s() failed to allocate an skb.\n",
579                            __FUNCTION__);
580                 dst_release(dst);
581                 return;
582         }
583
584         skb_reserve(skb, LL_RESERVED_SPACE(dev));
585         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
586
587         skb->transport_header = skb->tail;
588         skb_put(skb, len);
589         msg = (struct nd_msg *)skb_transport_header(skb);
590         msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
591         msg->icmph.icmp6_code = 0;
592         msg->icmph.icmp6_cksum = 0;
593         msg->icmph.icmp6_unused = 0;
594
595         /* Set the target address. */
596         ipv6_addr_copy(&msg->target, solicit);
597
598         if (send_llinfo)
599                 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
600                                        dev->addr_len, dev->type);
601
602         /* checksum */
603         msg->icmph.icmp6_cksum = csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
604                                                  daddr, len,
605                                                  IPPROTO_ICMPV6,
606                                                  csum_partial((__u8 *) msg,
607                                                               len, 0));
608         /* send it! */
609         skb->dst = dst;
610         idev = in6_dev_get(dst->dev);
611         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
612         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
613         if (!err) {
614                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
615                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
616         }
617
618         if (likely(idev != NULL))
619                 in6_dev_put(idev);
620 }
621
622 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
623                    struct in6_addr *daddr)
624 {
625         struct flowi fl;
626         struct dst_entry* dst;
627         struct inet6_dev *idev;
628         struct sock *sk = ndisc_socket->sk;
629         struct sk_buff *skb;
630         struct icmp6hdr *hdr;
631         __u8 * opt;
632         int send_sllao = dev->addr_len;
633         int len;
634         int err;
635
636
637 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
638         /*
639          * According to section 2.2 of RFC 4429, we must not
640          * send router solicitations with a sllao from
641          * optimistic addresses, but we may send the solicitation
642          * if we don't include the sllao.  So here we check
643          * if our address is optimistic, and if so, we
644          * supress the inclusion of the sllao.
645          */
646         if (send_sllao) {
647                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
648                 if (ifp) {
649                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
650                                 send_sllao = 0;
651                         }
652                         in6_ifa_put(ifp);
653                 } else {
654                         send_sllao = 0;
655                 }
656         }
657 #endif
658         ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr,
659                         dev->ifindex);
660
661         dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output);
662         if (!dst)
663                 return;
664
665         err = xfrm_lookup(&dst, &fl, NULL, 0);
666         if (err < 0)
667                 return;
668
669         len = sizeof(struct icmp6hdr);
670         if (send_sllao)
671                 len += ndisc_opt_addr_space(dev);
672
673         skb = sock_alloc_send_skb(sk,
674                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
675                                    len + LL_RESERVED_SPACE(dev)),
676                                   1, &err);
677         if (skb == NULL) {
678                 ND_PRINTK0(KERN_ERR
679                            "ICMPv6 RS: %s() failed to allocate an skb.\n",
680                            __FUNCTION__);
681                 dst_release(dst);
682                 return;
683         }
684
685         skb_reserve(skb, LL_RESERVED_SPACE(dev));
686         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
687
688         skb->transport_header = skb->tail;
689         skb_put(skb, len);
690         hdr = icmp6_hdr(skb);
691         hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
692         hdr->icmp6_code = 0;
693         hdr->icmp6_cksum = 0;
694         hdr->icmp6_unused = 0;
695
696         opt = (u8*) (hdr + 1);
697
698         if (send_sllao)
699                 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
700                                        dev->addr_len, dev->type);
701
702         /* checksum */
703         hdr->icmp6_cksum = csum_ipv6_magic(&ipv6_hdr(skb)->saddr, daddr, len,
704                                            IPPROTO_ICMPV6,
705                                            csum_partial((__u8 *) hdr, len, 0));
706
707         /* send it! */
708         skb->dst = dst;
709         idev = in6_dev_get(dst->dev);
710         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
711         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
712         if (!err) {
713                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
714                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
715         }
716
717         if (likely(idev != NULL))
718                 in6_dev_put(idev);
719 }
720
721
722 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
723 {
724         /*
725          *      "The sender MUST return an ICMP
726          *       destination unreachable"
727          */
728         dst_link_failure(skb);
729         kfree_skb(skb);
730 }
731
732 /* Called with locked neigh: either read or both */
733
734 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
735 {
736         struct in6_addr *saddr = NULL;
737         struct in6_addr mcaddr;
738         struct net_device *dev = neigh->dev;
739         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
740         int probes = atomic_read(&neigh->probes);
741
742         if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1))
743                 saddr = &ipv6_hdr(skb)->saddr;
744
745         if ((probes -= neigh->parms->ucast_probes) < 0) {
746                 if (!(neigh->nud_state & NUD_VALID)) {
747                         ND_PRINTK1(KERN_DEBUG
748                                    "%s(): trying to ucast probe in NUD_INVALID: "
749                                    NIP6_FMT "\n",
750                                    __FUNCTION__,
751                                    NIP6(*target));
752                 }
753                 ndisc_send_ns(dev, neigh, target, target, saddr);
754         } else if ((probes -= neigh->parms->app_probes) < 0) {
755 #ifdef CONFIG_ARPD
756                 neigh_app_ns(neigh);
757 #endif
758         } else {
759                 addrconf_addr_solict_mult(target, &mcaddr);
760                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
761         }
762 }
763
764 static void ndisc_recv_ns(struct sk_buff *skb)
765 {
766         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
767         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
768         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
769         u8 *lladdr = NULL;
770         u32 ndoptlen = skb->tail - (skb->transport_header +
771                                     offsetof(struct nd_msg, opt));
772         struct ndisc_options ndopts;
773         struct net_device *dev = skb->dev;
774         struct inet6_ifaddr *ifp;
775         struct inet6_dev *idev = NULL;
776         struct neighbour *neigh;
777         struct pneigh_entry *pneigh = NULL;
778         int dad = ipv6_addr_any(saddr);
779         int inc;
780         int is_router;
781
782         if (ipv6_addr_is_multicast(&msg->target)) {
783                 ND_PRINTK2(KERN_WARNING
784                            "ICMPv6 NS: multicast target address");
785                 return;
786         }
787
788         /*
789          * RFC2461 7.1.1:
790          * DAD has to be destined for solicited node multicast address.
791          */
792         if (dad &&
793             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
794               daddr->s6_addr32[1] == htonl(0x00000000) &&
795               daddr->s6_addr32[2] == htonl(0x00000001) &&
796               daddr->s6_addr [12] == 0xff )) {
797                 ND_PRINTK2(KERN_WARNING
798                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
799                 return;
800         }
801
802         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
803                 ND_PRINTK2(KERN_WARNING
804                            "ICMPv6 NS: invalid ND options\n");
805                 return;
806         }
807
808         if (ndopts.nd_opts_src_lladdr) {
809                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
810                 if (!lladdr) {
811                         ND_PRINTK2(KERN_WARNING
812                                    "ICMPv6 NS: invalid link-layer address length\n");
813                         return;
814                 }
815
816                 /* RFC2461 7.1.1:
817                  *      If the IP source address is the unspecified address,
818                  *      there MUST NOT be source link-layer address option
819                  *      in the message.
820                  */
821                 if (dad) {
822                         ND_PRINTK2(KERN_WARNING
823                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
824                         return;
825                 }
826         }
827
828         inc = ipv6_addr_is_multicast(daddr);
829
830         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
831
832                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
833                         if (dad) {
834                                 if (dev->type == ARPHRD_IEEE802_TR) {
835                                         const unsigned char *sadr;
836                                         sadr = skb_mac_header(skb);
837                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
838                                             sadr[9] == dev->dev_addr[1] &&
839                                             sadr[10] == dev->dev_addr[2] &&
840                                             sadr[11] == dev->dev_addr[3] &&
841                                             sadr[12] == dev->dev_addr[4] &&
842                                             sadr[13] == dev->dev_addr[5]) {
843                                                 /* looped-back to us */
844                                                 goto out;
845                                         }
846                                 }
847
848                                 /*
849                                  * We are colliding with another node
850                                  * who is doing DAD
851                                  * so fail our DAD process
852                                  */
853                                 addrconf_dad_failure(ifp);
854                                 goto out;
855                         } else {
856                                 /*
857                                  * This is not a dad solicitation.
858                                  * If we are an optimistic node,
859                                  * we should respond.
860                                  * Otherwise, we should ignore it.
861                                  */
862                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
863                                         goto out;
864                         }
865                 }
866
867                 idev = ifp->idev;
868         } else {
869                 idev = in6_dev_get(dev);
870                 if (!idev) {
871                         /* XXX: count this drop? */
872                         return;
873                 }
874
875                 if (ipv6_chk_acast_addr(dev, &msg->target) ||
876                     (idev->cnf.forwarding &&
877                      (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
878                      (pneigh = pneigh_lookup(&nd_tbl,
879                                              &msg->target, dev, 0)) != NULL)) {
880                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
881                             skb->pkt_type != PACKET_HOST &&
882                             inc != 0 &&
883                             idev->nd_parms->proxy_delay != 0) {
884                                 /*
885                                  * for anycast or proxy,
886                                  * sender should delay its response
887                                  * by a random time between 0 and
888                                  * MAX_ANYCAST_DELAY_TIME seconds.
889                                  * (RFC2461) -- yoshfuji
890                                  */
891                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
892                                 if (n)
893                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
894                                 goto out;
895                         }
896                 } else
897                         goto out;
898         }
899
900         is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
901
902         if (dad) {
903                 struct in6_addr maddr;
904
905                 ipv6_addr_all_nodes(&maddr);
906                 ndisc_send_na(dev, NULL, &maddr, &msg->target,
907                               is_router, 0, (ifp != NULL), 1);
908                 goto out;
909         }
910
911         if (inc)
912                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
913         else
914                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
915
916         /*
917          *      update / create cache entry
918          *      for the source address
919          */
920         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
921                                !inc || lladdr || !dev->addr_len);
922         if (neigh)
923                 neigh_update(neigh, lladdr, NUD_STALE,
924                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
925                              NEIGH_UPDATE_F_OVERRIDE);
926         if (neigh || !dev->hard_header) {
927                 ndisc_send_na(dev, neigh, saddr, &msg->target,
928                               is_router,
929                               1, (ifp != NULL && inc), inc);
930                 if (neigh)
931                         neigh_release(neigh);
932         }
933
934 out:
935         if (ifp)
936                 in6_ifa_put(ifp);
937         else
938                 in6_dev_put(idev);
939
940         return;
941 }
942
943 static void ndisc_recv_na(struct sk_buff *skb)
944 {
945         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
946         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
947         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
948         u8 *lladdr = NULL;
949         u32 ndoptlen = skb->tail - (skb->transport_header +
950                                     offsetof(struct nd_msg, opt));
951         struct ndisc_options ndopts;
952         struct net_device *dev = skb->dev;
953         struct inet6_ifaddr *ifp;
954         struct neighbour *neigh;
955
956         if (skb->len < sizeof(struct nd_msg)) {
957                 ND_PRINTK2(KERN_WARNING
958                            "ICMPv6 NA: packet too short\n");
959                 return;
960         }
961
962         if (ipv6_addr_is_multicast(&msg->target)) {
963                 ND_PRINTK2(KERN_WARNING
964                            "ICMPv6 NA: target address is multicast.\n");
965                 return;
966         }
967
968         if (ipv6_addr_is_multicast(daddr) &&
969             msg->icmph.icmp6_solicited) {
970                 ND_PRINTK2(KERN_WARNING
971                            "ICMPv6 NA: solicited NA is multicasted.\n");
972                 return;
973         }
974
975         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
976                 ND_PRINTK2(KERN_WARNING
977                            "ICMPv6 NS: invalid ND option\n");
978                 return;
979         }
980         if (ndopts.nd_opts_tgt_lladdr) {
981                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
982                 if (!lladdr) {
983                         ND_PRINTK2(KERN_WARNING
984                                    "ICMPv6 NA: invalid link-layer address length\n");
985                         return;
986                 }
987         }
988         if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
989                 if (ifp->flags & IFA_F_TENTATIVE) {
990                         addrconf_dad_failure(ifp);
991                         return;
992                 }
993                 /* What should we make now? The advertisement
994                    is invalid, but ndisc specs say nothing
995                    about it. It could be misconfiguration, or
996                    an smart proxy agent tries to help us :-)
997                  */
998                 ND_PRINTK1(KERN_WARNING
999                            "ICMPv6 NA: someone advertises our address on %s!\n",
1000                            ifp->idev->dev->name);
1001                 in6_ifa_put(ifp);
1002                 return;
1003         }
1004         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1005
1006         if (neigh) {
1007                 u8 old_flags = neigh->flags;
1008
1009                 if (neigh->nud_state & NUD_FAILED)
1010                         goto out;
1011
1012                 /*
1013                  * Don't update the neighbor cache entry on a proxy NA from
1014                  * ourselves because either the proxied node is off link or it
1015                  * has already sent a NA to us.
1016                  */
1017                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1018                     ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
1019                     pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
1020                         /* XXX: idev->cnf.prixy_ndp */
1021                         goto out;
1022                 }
1023
1024                 neigh_update(neigh, lladdr,
1025                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1026                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1027                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1028                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1029                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1030
1031                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1032                         /*
1033                          * Change: router to host
1034                          */
1035                         struct rt6_info *rt;
1036                         rt = rt6_get_dflt_router(saddr, dev);
1037                         if (rt)
1038                                 ip6_del_rt(rt);
1039                 }
1040
1041 out:
1042                 neigh_release(neigh);
1043         }
1044 }
1045
1046 static void ndisc_recv_rs(struct sk_buff *skb)
1047 {
1048         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1049         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1050         struct neighbour *neigh;
1051         struct inet6_dev *idev;
1052         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1053         struct ndisc_options ndopts;
1054         u8 *lladdr = NULL;
1055
1056         if (skb->len < sizeof(*rs_msg))
1057                 return;
1058
1059         idev = in6_dev_get(skb->dev);
1060         if (!idev) {
1061                 if (net_ratelimit())
1062                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1063                 return;
1064         }
1065
1066         /* Don't accept RS if we're not in router mode */
1067         if (!idev->cnf.forwarding)
1068                 goto out;
1069
1070         /*
1071          * Don't update NCE if src = ::;
1072          * this implies that the source node has no ip address assigned yet.
1073          */
1074         if (ipv6_addr_any(saddr))
1075                 goto out;
1076
1077         /* Parse ND options */
1078         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1079                 if (net_ratelimit())
1080                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1081                 goto out;
1082         }
1083
1084         if (ndopts.nd_opts_src_lladdr) {
1085                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1086                                              skb->dev);
1087                 if (!lladdr)
1088                         goto out;
1089         }
1090
1091         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1092         if (neigh) {
1093                 neigh_update(neigh, lladdr, NUD_STALE,
1094                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1095                              NEIGH_UPDATE_F_OVERRIDE|
1096                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1097                 neigh_release(neigh);
1098         }
1099 out:
1100         in6_dev_put(idev);
1101 }
1102
1103 static void ndisc_router_discovery(struct sk_buff *skb)
1104 {
1105         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1106         struct neighbour *neigh = NULL;
1107         struct inet6_dev *in6_dev;
1108         struct rt6_info *rt = NULL;
1109         int lifetime;
1110         struct ndisc_options ndopts;
1111         int optlen;
1112         unsigned int pref = 0;
1113
1114         __u8 * opt = (__u8 *)(ra_msg + 1);
1115
1116         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1117
1118         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1119                 ND_PRINTK2(KERN_WARNING
1120                            "ICMPv6 RA: source address is not link-local.\n");
1121                 return;
1122         }
1123         if (optlen < 0) {
1124                 ND_PRINTK2(KERN_WARNING
1125                            "ICMPv6 RA: packet too short\n");
1126                 return;
1127         }
1128
1129         /*
1130          *      set the RA_RECV flag in the interface
1131          */
1132
1133         in6_dev = in6_dev_get(skb->dev);
1134         if (in6_dev == NULL) {
1135                 ND_PRINTK0(KERN_ERR
1136                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1137                            skb->dev->name);
1138                 return;
1139         }
1140         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1141                 in6_dev_put(in6_dev);
1142                 return;
1143         }
1144
1145         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1146                 in6_dev_put(in6_dev);
1147                 ND_PRINTK2(KERN_WARNING
1148                            "ICMP6 RA: invalid ND options\n");
1149                 return;
1150         }
1151
1152         if (in6_dev->if_flags & IF_RS_SENT) {
1153                 /*
1154                  *      flag that an RA was received after an RS was sent
1155                  *      out on this interface.
1156                  */
1157                 in6_dev->if_flags |= IF_RA_RCVD;
1158         }
1159
1160         /*
1161          * Remember the managed/otherconf flags from most recently
1162          * received RA message (RFC 2462) -- yoshfuji
1163          */
1164         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1165                                 IF_RA_OTHERCONF)) |
1166                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1167                                         IF_RA_MANAGED : 0) |
1168                                 (ra_msg->icmph.icmp6_addrconf_other ?
1169                                         IF_RA_OTHERCONF : 0);
1170
1171         if (!in6_dev->cnf.accept_ra_defrtr)
1172                 goto skip_defrtr;
1173
1174         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1175
1176 #ifdef CONFIG_IPV6_ROUTER_PREF
1177         pref = ra_msg->icmph.icmp6_router_pref;
1178         /* 10b is handled as if it were 00b (medium) */
1179         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1180             in6_dev->cnf.accept_ra_rtr_pref)
1181                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1182 #endif
1183
1184         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1185
1186         if (rt)
1187                 neigh = rt->rt6i_nexthop;
1188
1189         if (rt && lifetime == 0) {
1190                 neigh_clone(neigh);
1191                 ip6_del_rt(rt);
1192                 rt = NULL;
1193         }
1194
1195         if (rt == NULL && lifetime) {
1196                 ND_PRINTK3(KERN_DEBUG
1197                            "ICMPv6 RA: adding default router.\n");
1198
1199                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1200                 if (rt == NULL) {
1201                         ND_PRINTK0(KERN_ERR
1202                                    "ICMPv6 RA: %s() failed to add default route.\n",
1203                                    __FUNCTION__);
1204                         in6_dev_put(in6_dev);
1205                         return;
1206                 }
1207
1208                 neigh = rt->rt6i_nexthop;
1209                 if (neigh == NULL) {
1210                         ND_PRINTK0(KERN_ERR
1211                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1212                                    __FUNCTION__);
1213                         dst_release(&rt->u.dst);
1214                         in6_dev_put(in6_dev);
1215                         return;
1216                 }
1217                 neigh->flags |= NTF_ROUTER;
1218         } else if (rt) {
1219                 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1220         }
1221
1222         if (rt)
1223                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1224
1225         if (ra_msg->icmph.icmp6_hop_limit) {
1226                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1227                 if (rt)
1228                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1229         }
1230
1231 skip_defrtr:
1232
1233         /*
1234          *      Update Reachable Time and Retrans Timer
1235          */
1236
1237         if (in6_dev->nd_parms) {
1238                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1239
1240                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1241                         rtime = (rtime*HZ)/1000;
1242                         if (rtime < HZ/10)
1243                                 rtime = HZ/10;
1244                         in6_dev->nd_parms->retrans_time = rtime;
1245                         in6_dev->tstamp = jiffies;
1246                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1247                 }
1248
1249                 rtime = ntohl(ra_msg->reachable_time);
1250                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1251                         rtime = (rtime*HZ)/1000;
1252
1253                         if (rtime < HZ/10)
1254                                 rtime = HZ/10;
1255
1256                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1257                                 in6_dev->nd_parms->base_reachable_time = rtime;
1258                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1259                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1260                                 in6_dev->tstamp = jiffies;
1261                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1262                         }
1263                 }
1264         }
1265
1266         /*
1267          *      Process options.
1268          */
1269
1270         if (!neigh)
1271                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1272                                        skb->dev, 1);
1273         if (neigh) {
1274                 u8 *lladdr = NULL;
1275                 if (ndopts.nd_opts_src_lladdr) {
1276                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1277                                                      skb->dev);
1278                         if (!lladdr) {
1279                                 ND_PRINTK2(KERN_WARNING
1280                                            "ICMPv6 RA: invalid link-layer address length\n");
1281                                 goto out;
1282                         }
1283                 }
1284                 neigh_update(neigh, lladdr, NUD_STALE,
1285                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1286                              NEIGH_UPDATE_F_OVERRIDE|
1287                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1288                              NEIGH_UPDATE_F_ISROUTER);
1289         }
1290
1291 #ifdef CONFIG_IPV6_ROUTE_INFO
1292         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1293                 struct nd_opt_hdr *p;
1294                 for (p = ndopts.nd_opts_ri;
1295                      p;
1296                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1297                         if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1298                                 continue;
1299                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1300                                       &ipv6_hdr(skb)->saddr);
1301                 }
1302         }
1303 #endif
1304
1305         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1306                 struct nd_opt_hdr *p;
1307                 for (p = ndopts.nd_opts_pi;
1308                      p;
1309                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1310                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1311                 }
1312         }
1313
1314         if (ndopts.nd_opts_mtu) {
1315                 __be32 n;
1316                 u32 mtu;
1317
1318                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1319                 mtu = ntohl(n);
1320
1321                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1322                         ND_PRINTK2(KERN_WARNING
1323                                    "ICMPv6 RA: invalid mtu: %d\n",
1324                                    mtu);
1325                 } else if (in6_dev->cnf.mtu6 != mtu) {
1326                         in6_dev->cnf.mtu6 = mtu;
1327
1328                         if (rt)
1329                                 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1330
1331                         rt6_mtu_change(skb->dev, mtu);
1332                 }
1333         }
1334
1335         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1336                 ND_PRINTK2(KERN_WARNING
1337                            "ICMPv6 RA: invalid RA options");
1338         }
1339 out:
1340         if (rt)
1341                 dst_release(&rt->u.dst);
1342         else if (neigh)
1343                 neigh_release(neigh);
1344         in6_dev_put(in6_dev);
1345 }
1346
1347 static void ndisc_redirect_rcv(struct sk_buff *skb)
1348 {
1349         struct inet6_dev *in6_dev;
1350         struct icmp6hdr *icmph;
1351         struct in6_addr *dest;
1352         struct in6_addr *target;        /* new first hop to destination */
1353         struct neighbour *neigh;
1354         int on_link = 0;
1355         struct ndisc_options ndopts;
1356         int optlen;
1357         u8 *lladdr = NULL;
1358
1359         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1360                 ND_PRINTK2(KERN_WARNING
1361                            "ICMPv6 Redirect: source address is not link-local.\n");
1362                 return;
1363         }
1364
1365         optlen = skb->tail - skb->transport_header;
1366         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1367
1368         if (optlen < 0) {
1369                 ND_PRINTK2(KERN_WARNING
1370                            "ICMPv6 Redirect: packet too short\n");
1371                 return;
1372         }
1373
1374         icmph = icmp6_hdr(skb);
1375         target = (struct in6_addr *) (icmph + 1);
1376         dest = target + 1;
1377
1378         if (ipv6_addr_is_multicast(dest)) {
1379                 ND_PRINTK2(KERN_WARNING
1380                            "ICMPv6 Redirect: destination address is multicast.\n");
1381                 return;
1382         }
1383
1384         if (ipv6_addr_equal(dest, target)) {
1385                 on_link = 1;
1386         } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1387                 ND_PRINTK2(KERN_WARNING
1388                            "ICMPv6 Redirect: target address is not link-local.\n");
1389                 return;
1390         }
1391
1392         in6_dev = in6_dev_get(skb->dev);
1393         if (!in6_dev)
1394                 return;
1395         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1396                 in6_dev_put(in6_dev);
1397                 return;
1398         }
1399
1400         /* RFC2461 8.1:
1401          *      The IP source address of the Redirect MUST be the same as the current
1402          *      first-hop router for the specified ICMP Destination Address.
1403          */
1404
1405         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1406                 ND_PRINTK2(KERN_WARNING
1407                            "ICMPv6 Redirect: invalid ND options\n");
1408                 in6_dev_put(in6_dev);
1409                 return;
1410         }
1411         if (ndopts.nd_opts_tgt_lladdr) {
1412                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1413                                              skb->dev);
1414                 if (!lladdr) {
1415                         ND_PRINTK2(KERN_WARNING
1416                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1417                         in6_dev_put(in6_dev);
1418                         return;
1419                 }
1420         }
1421
1422         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1423         if (neigh) {
1424                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1425                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1426                              on_link);
1427                 neigh_release(neigh);
1428         }
1429         in6_dev_put(in6_dev);
1430 }
1431
1432 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1433                          struct in6_addr *target)
1434 {
1435         struct sock *sk = ndisc_socket->sk;
1436         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1437         struct sk_buff *buff;
1438         struct icmp6hdr *icmph;
1439         struct in6_addr saddr_buf;
1440         struct in6_addr *addrp;
1441         struct net_device *dev;
1442         struct rt6_info *rt;
1443         struct dst_entry *dst;
1444         struct inet6_dev *idev;
1445         struct flowi fl;
1446         u8 *opt;
1447         int rd_len;
1448         int err;
1449         int hlen;
1450         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1451
1452         dev = skb->dev;
1453
1454         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1455                 ND_PRINTK2(KERN_WARNING
1456                            "ICMPv6 Redirect: no link-local address on %s\n",
1457                            dev->name);
1458                 return;
1459         }
1460
1461         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1462             !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1463                 ND_PRINTK2(KERN_WARNING
1464                         "ICMPv6 Redirect: target address is not link-local.\n");
1465                 return;
1466         }
1467
1468         ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1469                         dev->ifindex);
1470
1471         dst = ip6_route_output(NULL, &fl);
1472         if (dst == NULL)
1473                 return;
1474
1475         err = xfrm_lookup(&dst, &fl, NULL, 0);
1476         if (err)
1477                 return;
1478
1479         rt = (struct rt6_info *) dst;
1480
1481         if (rt->rt6i_flags & RTF_GATEWAY) {
1482                 ND_PRINTK2(KERN_WARNING
1483                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1484                 dst_release(dst);
1485                 return;
1486         }
1487         if (!xrlim_allow(dst, 1*HZ)) {
1488                 dst_release(dst);
1489                 return;
1490         }
1491
1492         if (dev->addr_len) {
1493                 read_lock_bh(&neigh->lock);
1494                 if (neigh->nud_state & NUD_VALID) {
1495                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1496                         read_unlock_bh(&neigh->lock);
1497                         ha = ha_buf;
1498                         len += ndisc_opt_addr_space(dev);
1499                 } else
1500                         read_unlock_bh(&neigh->lock);
1501         }
1502
1503         rd_len = min_t(unsigned int,
1504                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1505         rd_len &= ~0x7;
1506         len += rd_len;
1507
1508         buff = sock_alloc_send_skb(sk,
1509                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1510                                     len + LL_RESERVED_SPACE(dev)),
1511                                    1, &err);
1512         if (buff == NULL) {
1513                 ND_PRINTK0(KERN_ERR
1514                            "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1515                            __FUNCTION__);
1516                 dst_release(dst);
1517                 return;
1518         }
1519
1520         hlen = 0;
1521
1522         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1523         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1524                    IPPROTO_ICMPV6, len);
1525
1526         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1527         skb_put(buff, len);
1528         icmph = icmp6_hdr(buff);
1529
1530         memset(icmph, 0, sizeof(struct icmp6hdr));
1531         icmph->icmp6_type = NDISC_REDIRECT;
1532
1533         /*
1534          *      copy target and destination addresses
1535          */
1536
1537         addrp = (struct in6_addr *)(icmph + 1);
1538         ipv6_addr_copy(addrp, target);
1539         addrp++;
1540         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1541
1542         opt = (u8*) (addrp + 1);
1543
1544         /*
1545          *      include target_address option
1546          */
1547
1548         if (ha)
1549                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1550                                              dev->addr_len, dev->type);
1551
1552         /*
1553          *      build redirect option and copy skb over to the new packet.
1554          */
1555
1556         memset(opt, 0, 8);
1557         *(opt++) = ND_OPT_REDIRECT_HDR;
1558         *(opt++) = (rd_len >> 3);
1559         opt += 6;
1560
1561         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1562
1563         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1564                                              len, IPPROTO_ICMPV6,
1565                                              csum_partial((u8 *) icmph, len, 0));
1566
1567         buff->dst = dst;
1568         idev = in6_dev_get(dst->dev);
1569         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1570         err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1571         if (!err) {
1572                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
1573                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1574         }
1575
1576         if (likely(idev != NULL))
1577                 in6_dev_put(idev);
1578 }
1579
1580 static void pndisc_redo(struct sk_buff *skb)
1581 {
1582         ndisc_recv_ns(skb);
1583         kfree_skb(skb);
1584 }
1585
1586 int ndisc_rcv(struct sk_buff *skb)
1587 {
1588         struct nd_msg *msg;
1589
1590         if (!pskb_may_pull(skb, skb->len))
1591                 return 0;
1592
1593         msg = (struct nd_msg *)skb_transport_header(skb);
1594
1595         __skb_push(skb, skb->data - skb_transport_header(skb));
1596
1597         if (ipv6_hdr(skb)->hop_limit != 255) {
1598                 ND_PRINTK2(KERN_WARNING
1599                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1600                            ipv6_hdr(skb)->hop_limit);
1601                 return 0;
1602         }
1603
1604         if (msg->icmph.icmp6_code != 0) {
1605                 ND_PRINTK2(KERN_WARNING
1606                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1607                            msg->icmph.icmp6_code);
1608                 return 0;
1609         }
1610
1611         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1612
1613         switch (msg->icmph.icmp6_type) {
1614         case NDISC_NEIGHBOUR_SOLICITATION:
1615                 ndisc_recv_ns(skb);
1616                 break;
1617
1618         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1619                 ndisc_recv_na(skb);
1620                 break;
1621
1622         case NDISC_ROUTER_SOLICITATION:
1623                 ndisc_recv_rs(skb);
1624                 break;
1625
1626         case NDISC_ROUTER_ADVERTISEMENT:
1627                 ndisc_router_discovery(skb);
1628                 break;
1629
1630         case NDISC_REDIRECT:
1631                 ndisc_redirect_rcv(skb);
1632                 break;
1633         }
1634
1635         return 0;
1636 }
1637
1638 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1639 {
1640         struct net_device *dev = ptr;
1641
1642         switch (event) {
1643         case NETDEV_CHANGEADDR:
1644                 neigh_changeaddr(&nd_tbl, dev);
1645                 fib6_run_gc(~0UL);
1646                 break;
1647         case NETDEV_DOWN:
1648                 neigh_ifdown(&nd_tbl, dev);
1649                 fib6_run_gc(~0UL);
1650                 break;
1651         default:
1652                 break;
1653         }
1654
1655         return NOTIFY_DONE;
1656 }
1657
1658 static struct notifier_block ndisc_netdev_notifier = {
1659         .notifier_call = ndisc_netdev_event,
1660 };
1661
1662 #ifdef CONFIG_SYSCTL
1663 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1664                                          const char *func, const char *dev_name)
1665 {
1666         static char warncomm[TASK_COMM_LEN];
1667         static int warned;
1668         if (strcmp(warncomm, current->comm) && warned < 5) {
1669                 strcpy(warncomm, current->comm);
1670                 printk(KERN_WARNING
1671                         "process `%s' is using deprecated sysctl (%s) "
1672                         "net.ipv6.neigh.%s.%s; "
1673                         "Use net.ipv6.neigh.%s.%s_ms "
1674                         "instead.\n",
1675                         warncomm, func,
1676                         dev_name, ctl->procname,
1677                         dev_name, ctl->procname);
1678                 warned++;
1679         }
1680 }
1681
1682 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1683 {
1684         struct net_device *dev = ctl->extra1;
1685         struct inet6_dev *idev;
1686         int ret;
1687
1688         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1689             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1690                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1691
1692         switch (ctl->ctl_name) {
1693         case NET_NEIGH_RETRANS_TIME:
1694                 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1695                 break;
1696         case NET_NEIGH_REACHABLE_TIME:
1697                 ret = proc_dointvec_jiffies(ctl, write,
1698                                             filp, buffer, lenp, ppos);
1699                 break;
1700         case NET_NEIGH_RETRANS_TIME_MS:
1701         case NET_NEIGH_REACHABLE_TIME_MS:
1702                 ret = proc_dointvec_ms_jiffies(ctl, write,
1703                                                filp, buffer, lenp, ppos);
1704                 break;
1705         default:
1706                 ret = -1;
1707         }
1708
1709         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1710                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1711                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1712                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1713                 idev->tstamp = jiffies;
1714                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1715                 in6_dev_put(idev);
1716         }
1717         return ret;
1718 }
1719
1720 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1721                                         int nlen, void __user *oldval,
1722                                         size_t __user *oldlenp,
1723                                         void __user *newval, size_t newlen)
1724 {
1725         struct net_device *dev = ctl->extra1;
1726         struct inet6_dev *idev;
1727         int ret;
1728
1729         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1730             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1731                 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1732
1733         switch (ctl->ctl_name) {
1734         case NET_NEIGH_REACHABLE_TIME:
1735                 ret = sysctl_jiffies(ctl, name, nlen,
1736                                      oldval, oldlenp, newval, newlen);
1737                 break;
1738         case NET_NEIGH_RETRANS_TIME_MS:
1739         case NET_NEIGH_REACHABLE_TIME_MS:
1740                  ret = sysctl_ms_jiffies(ctl, name, nlen,
1741                                          oldval, oldlenp, newval, newlen);
1742                  break;
1743         default:
1744                 ret = 0;
1745         }
1746
1747         if (newval && newlen && ret > 0 &&
1748             dev && (idev = in6_dev_get(dev)) != NULL) {
1749                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1750                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1751                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1752                 idev->tstamp = jiffies;
1753                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1754                 in6_dev_put(idev);
1755         }
1756
1757         return ret;
1758 }
1759
1760 #endif
1761
1762 int __init ndisc_init(struct net_proto_family *ops)
1763 {
1764         struct ipv6_pinfo *np;
1765         struct sock *sk;
1766         int err;
1767
1768         err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1769         if (err < 0) {
1770                 ND_PRINTK0(KERN_ERR
1771                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1772                            err);
1773                 ndisc_socket = NULL; /* For safety. */
1774                 return err;
1775         }
1776
1777         sk = ndisc_socket->sk;
1778         np = inet6_sk(sk);
1779         sk->sk_allocation = GFP_ATOMIC;
1780         np->hop_limit = 255;
1781         /* Do not loopback ndisc messages */
1782         np->mc_loop = 0;
1783         sk->sk_prot->unhash(sk);
1784
1785         /*
1786          * Initialize the neighbour table
1787          */
1788
1789         neigh_table_init(&nd_tbl);
1790
1791 #ifdef CONFIG_SYSCTL
1792         neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1793                               "ipv6",
1794                               &ndisc_ifinfo_sysctl_change,
1795                               &ndisc_ifinfo_sysctl_strategy);
1796 #endif
1797
1798         register_netdevice_notifier(&ndisc_netdev_notifier);
1799         return 0;
1800 }
1801
1802 void ndisc_cleanup(void)
1803 {
1804         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1805 #ifdef CONFIG_SYSCTL
1806         neigh_sysctl_unregister(&nd_tbl.parms);
1807 #endif
1808         neigh_table_clear(&nd_tbl);
1809         sock_release(ndisc_socket);
1810         ndisc_socket = NULL; /* For safety. */
1811 }