[IPV6] NDISC: Sparse: Use different variable name for local use.
[linux-2.6.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Pierre Ynard                    :       export userland ND options
19  *                                              through netlink (RDNSS support)
20  *      Lars Fenneberg                  :       fixed MTU setting on receipt
21  *                                              of an RA.
22  *      Janos Farkas                    :       kmalloc failure checks
23  *      Alexey Kuznetsov                :       state machine reworked
24  *                                              and moved to net/core.
25  *      Pekka Savola                    :       RFC2461 validation
26  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
27  */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71
72 #include <net/sock.h>
73 #include <net/snmp.h>
74
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91
92 static struct socket *ndisc_socket;
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static struct neigh_ops ndisc_generic_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_connected_output,
108         .hh_output =            dev_queue_xmit,
109         .queue_xmit =           dev_queue_xmit,
110 };
111
112 static struct neigh_ops ndisc_hh_ops = {
113         .family =               AF_INET6,
114         .solicit =              ndisc_solicit,
115         .error_report =         ndisc_error_report,
116         .output =               neigh_resolve_output,
117         .connected_output =     neigh_resolve_output,
118         .hh_output =            dev_queue_xmit,
119         .queue_xmit =           dev_queue_xmit,
120 };
121
122
123 static struct neigh_ops ndisc_direct_ops = {
124         .family =               AF_INET6,
125         .output =               dev_queue_xmit,
126         .connected_output =     dev_queue_xmit,
127         .hh_output =            dev_queue_xmit,
128         .queue_xmit =           dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132         .family =       AF_INET6,
133         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
134         .key_len =      sizeof(struct in6_addr),
135         .hash =         ndisc_hash,
136         .constructor =  ndisc_constructor,
137         .pconstructor = pndisc_constructor,
138         .pdestructor =  pndisc_destructor,
139         .proxy_redo =   pndisc_redo,
140         .id =           "ndisc_cache",
141         .parms = {
142                 .tbl =                  &nd_tbl,
143                 .base_reachable_time =  30 * HZ,
144                 .retrans_time =  1 * HZ,
145                 .gc_staletime = 60 * HZ,
146                 .reachable_time =               30 * HZ,
147                 .delay_probe_time =      5 * HZ,
148                 .queue_len =             3,
149                 .ucast_probes =  3,
150                 .mcast_probes =  3,
151                 .anycast_delay =         1 * HZ,
152                 .proxy_delay =          (8 * HZ) / 10,
153                 .proxy_qlen =           64,
154         },
155         .gc_interval =    30 * HZ,
156         .gc_thresh1 =    128,
157         .gc_thresh2 =    512,
158         .gc_thresh3 =   1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165         struct nd_opt_hdr *nd_opts_ri;
166         struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168         struct nd_opt_hdr *nd_useropts;
169         struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182  * Return the padding between the option length and the start of the
183  * link addr.  Currently only IP-over-InfiniBand needs this, although
184  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185  * also need a pad of 2.
186  */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189         switch (type) {
190         case ARPHRD_INFINIBAND: return 2;
191         default:                return 0;
192         }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201                                   unsigned short addr_type)
202 {
203         int space = NDISC_OPT_SPACE(data_len);
204         int pad   = ndisc_addr_option_pad(addr_type);
205
206         opt[0] = type;
207         opt[1] = space>>3;
208
209         memset(opt + 2, 0, pad);
210         opt   += pad;
211         space -= pad;
212
213         memcpy(opt+2, data, data_len);
214         data_len += 2;
215         opt += data_len;
216         if ((space -= data_len) > 0)
217                 memset(opt, 0, space);
218         return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222                                             struct nd_opt_hdr *end)
223 {
224         int type;
225         if (!cur || !end || cur >= end)
226                 return NULL;
227         type = cur->nd_opt_type;
228         do {
229                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230         } while(cur < end && cur->nd_opt_type != type);
231         return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236         return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240                                              struct nd_opt_hdr *end)
241 {
242         if (!cur || !end || cur >= end)
243                 return NULL;
244         do {
245                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246         } while(cur < end && !ndisc_is_useropt(cur));
247         return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251                                                  struct ndisc_options *ndopts)
252 {
253         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255         if (!nd_opt || opt_len < 0 || !ndopts)
256                 return NULL;
257         memset(ndopts, 0, sizeof(*ndopts));
258         while (opt_len) {
259                 int l;
260                 if (opt_len < sizeof(struct nd_opt_hdr))
261                         return NULL;
262                 l = nd_opt->nd_opt_len << 3;
263                 if (opt_len < l || l == 0)
264                         return NULL;
265                 switch (nd_opt->nd_opt_type) {
266                 case ND_OPT_SOURCE_LL_ADDR:
267                 case ND_OPT_TARGET_LL_ADDR:
268                 case ND_OPT_MTU:
269                 case ND_OPT_REDIRECT_HDR:
270                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271                                 ND_PRINTK2(KERN_WARNING
272                                            "%s(): duplicated ND6 option found: type=%d\n",
273                                            __FUNCTION__,
274                                            nd_opt->nd_opt_type);
275                         } else {
276                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277                         }
278                         break;
279                 case ND_OPT_PREFIX_INFO:
280                         ndopts->nd_opts_pi_end = nd_opt;
281                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283                         break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285                 case ND_OPT_ROUTE_INFO:
286                         ndopts->nd_opts_ri_end = nd_opt;
287                         if (!ndopts->nd_opts_ri)
288                                 ndopts->nd_opts_ri = nd_opt;
289                         break;
290 #endif
291                 default:
292                         if (ndisc_is_useropt(nd_opt)) {
293                                 ndopts->nd_useropts_end = nd_opt;
294                                 if (!ndopts->nd_useropts)
295                                         ndopts->nd_useropts = nd_opt;
296                         } else {
297                                 /*
298                                  * Unknown options must be silently ignored,
299                                  * to accommodate future extension to the
300                                  * protocol.
301                                  */
302                                 ND_PRINTK2(KERN_NOTICE
303                                            "%s(): ignored unsupported option; type=%d, len=%d\n",
304                                            __FUNCTION__,
305                                            nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306                         }
307                 }
308                 opt_len -= l;
309                 nd_opt = ((void *)nd_opt) + l;
310         }
311         return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315                                       struct net_device *dev)
316 {
317         u8 *lladdr = (u8 *)(p + 1);
318         int lladdrlen = p->nd_opt_len << 3;
319         int prepad = ndisc_addr_option_pad(dev->type);
320         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321                 return NULL;
322         return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327         switch (dev->type) {
328         case ARPHRD_ETHER:
329         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
330         case ARPHRD_FDDI:
331                 ipv6_eth_mc_map(addr, buf);
332                 return 0;
333         case ARPHRD_IEEE802_TR:
334                 ipv6_tr_mc_map(addr,buf);
335                 return 0;
336         case ARPHRD_ARCNET:
337                 ipv6_arcnet_mc_map(addr, buf);
338                 return 0;
339         case ARPHRD_INFINIBAND:
340                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341                 return 0;
342         default:
343                 if (dir) {
344                         memcpy(buf, dev->broadcast, dev->addr_len);
345                         return 0;
346                 }
347         }
348         return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355         const u32 *p32 = pkey;
356         u32 addr_hash, i;
357
358         addr_hash = 0;
359         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360                 addr_hash ^= *p32++;
361
362         return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368         struct net_device *dev = neigh->dev;
369         struct inet6_dev *in6_dev;
370         struct neigh_parms *parms;
371         int is_multicast = ipv6_addr_is_multicast(addr);
372
373         rcu_read_lock();
374         in6_dev = in6_dev_get(dev);
375         if (in6_dev == NULL) {
376                 rcu_read_unlock();
377                 return -EINVAL;
378         }
379
380         parms = in6_dev->nd_parms;
381         __neigh_parms_put(neigh->parms);
382         neigh->parms = neigh_parms_clone(parms);
383         rcu_read_unlock();
384
385         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386         if (!dev->header_ops) {
387                 neigh->nud_state = NUD_NOARP;
388                 neigh->ops = &ndisc_direct_ops;
389                 neigh->output = neigh->ops->queue_xmit;
390         } else {
391                 if (is_multicast) {
392                         neigh->nud_state = NUD_NOARP;
393                         ndisc_mc_map(addr, neigh->ha, dev, 1);
394                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395                         neigh->nud_state = NUD_NOARP;
396                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397                         if (dev->flags&IFF_LOOPBACK)
398                                 neigh->type = RTN_LOCAL;
399                 } else if (dev->flags&IFF_POINTOPOINT) {
400                         neigh->nud_state = NUD_NOARP;
401                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402                 }
403                 if (dev->header_ops->cache)
404                         neigh->ops = &ndisc_hh_ops;
405                 else
406                         neigh->ops = &ndisc_generic_ops;
407                 if (neigh->nud_state&NUD_VALID)
408                         neigh->output = neigh->ops->connected_output;
409                 else
410                         neigh->output = neigh->ops->output;
411         }
412         in6_dev_put(in6_dev);
413         return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418         struct in6_addr *addr = (struct in6_addr*)&n->key;
419         struct in6_addr maddr;
420         struct net_device *dev = n->dev;
421
422         if (dev == NULL || __in6_dev_get(dev) == NULL)
423                 return -EINVAL;
424         addrconf_addr_solict_mult(addr, &maddr);
425         ipv6_dev_mc_inc(dev, &maddr);
426         return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431         struct in6_addr *addr = (struct in6_addr*)&n->key;
432         struct in6_addr maddr;
433         struct net_device *dev = n->dev;
434
435         if (dev == NULL || __in6_dev_get(dev) == NULL)
436                 return;
437         addrconf_addr_solict_mult(addr, &maddr);
438         ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 /*
442  *      Send a Neighbour Advertisement
443  */
444
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446                             struct in6_addr *saddr, struct in6_addr *daddr,
447                             int oif)
448 {
449         memset(fl, 0, sizeof(*fl));
450         ipv6_addr_copy(&fl->fl6_src, saddr);
451         ipv6_addr_copy(&fl->fl6_dst, daddr);
452         fl->proto               = IPPROTO_ICMPV6;
453         fl->fl_icmp_type        = type;
454         fl->fl_icmp_code        = 0;
455         fl->oif                 = oif;
456         security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458
459 static void __ndisc_send(struct net_device *dev,
460                          struct neighbour *neigh,
461                          struct in6_addr *daddr, struct in6_addr *saddr,
462                          struct icmp6hdr *icmp6h, struct in6_addr *target,
463                          int llinfo)
464 {
465         struct flowi fl;
466         struct dst_entry *dst;
467         struct sock *sk = ndisc_socket->sk;
468         struct sk_buff *skb;
469         struct icmp6hdr *hdr;
470         struct inet6_dev *idev;
471         int len;
472         int err;
473         u8 *opt, type;
474
475         type = icmp6h->icmp6_type;
476
477         ndisc_flow_init(&fl, type, saddr, daddr,
478                         dev->ifindex);
479
480         dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481         if (!dst)
482                 return;
483
484         err = xfrm_lookup(&dst, &fl, NULL, 0);
485         if (err < 0)
486                 return;
487
488         if (!dev->addr_len)
489                 llinfo = 0;
490
491         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492         if (llinfo)
493                 len += ndisc_opt_addr_space(dev);
494
495         skb = sock_alloc_send_skb(sk,
496                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
497                                    len + LL_RESERVED_SPACE(dev)),
498                                   1, &err);
499         if (!skb) {
500                 ND_PRINTK0(KERN_ERR
501                            "ICMPv6 ND: %s() failed to allocate an skb.\n",
502                            __FUNCTION__);
503                 dst_release(dst);
504                 return;
505         }
506
507         skb_reserve(skb, LL_RESERVED_SPACE(dev));
508         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510         skb->transport_header = skb->tail;
511         skb_put(skb, len);
512
513         hdr = (struct icmp6hdr *)skb_transport_header(skb);
514         memcpy(hdr, icmp6h, sizeof(*hdr));
515
516         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517         if (target) {
518                 ipv6_addr_copy((struct in6_addr *)opt, target);
519                 opt += sizeof(*target);
520         }
521
522         if (llinfo)
523                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524                                        dev->addr_len, dev->type);
525
526         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527                                            IPPROTO_ICMPV6,
528                                            csum_partial((__u8 *) hdr,
529                                                         len, 0));
530
531         skb->dst = dst;
532
533         idev = in6_dev_get(dst->dev);
534         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536         err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537                       dst_output);
538         if (!err) {
539                 ICMP6MSGOUT_INC_STATS(idev, type);
540                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
541         }
542
543         if (likely(idev != NULL))
544                 in6_dev_put(idev);
545 }
546
547 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548                    struct in6_addr *daddr, struct in6_addr *solicited_addr,
549                    int router, int solicited, int override, int inc_opt)
550 {
551         struct in6_addr tmpaddr;
552         struct inet6_ifaddr *ifp;
553         struct in6_addr *src_addr;
554         struct icmp6hdr icmp6h = {
555                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
556         };
557
558         /* for anycast or proxy, solicited_addr != src_addr */
559         ifp = ipv6_get_ifaddr(&init_net, solicited_addr, dev, 1);
560         if (ifp) {
561                 src_addr = solicited_addr;
562                 if (ifp->flags & IFA_F_OPTIMISTIC)
563                         override = 0;
564                 in6_ifa_put(ifp);
565         } else {
566                 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
567                         return;
568                 src_addr = &tmpaddr;
569         }
570
571         icmp6h.icmp6_router = router;
572         icmp6h.icmp6_solicited = solicited;
573         icmp6h.icmp6_override = override;
574
575         __ndisc_send(dev, neigh, daddr, src_addr,
576                      &icmp6h, solicited_addr,
577                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
578 }
579
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581                    struct in6_addr *solicit,
582                    struct in6_addr *daddr, struct in6_addr *saddr)
583 {
584         struct in6_addr addr_buf;
585         struct icmp6hdr icmp6h = {
586                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587         };
588
589         if (saddr == NULL) {
590                 if (ipv6_get_lladdr(dev, &addr_buf,
591                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592                         return;
593                 saddr = &addr_buf;
594         }
595
596         __ndisc_send(dev, neigh, daddr, saddr,
597                      &icmp6h, solicit,
598                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
599 }
600
601 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
602                    struct in6_addr *daddr)
603 {
604         struct icmp6hdr icmp6h = {
605                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
606         };
607         int send_sllao = dev->addr_len;
608
609 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
610         /*
611          * According to section 2.2 of RFC 4429, we must not
612          * send router solicitations with a sllao from
613          * optimistic addresses, but we may send the solicitation
614          * if we don't include the sllao.  So here we check
615          * if our address is optimistic, and if so, we
616          * suppress the inclusion of the sllao.
617          */
618         if (send_sllao) {
619                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(&init_net, saddr,
620                                                            dev, 1);
621                 if (ifp) {
622                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
623                                 send_sllao = 0;
624                         }
625                         in6_ifa_put(ifp);
626                 } else {
627                         send_sllao = 0;
628                 }
629         }
630 #endif
631         __ndisc_send(dev, NULL, daddr, saddr,
632                      &icmp6h, NULL,
633                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
634 }
635
636
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639         /*
640          *      "The sender MUST return an ICMP
641          *       destination unreachable"
642          */
643         dst_link_failure(skb);
644         kfree_skb(skb);
645 }
646
647 /* Called with locked neigh: either read or both */
648
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651         struct in6_addr *saddr = NULL;
652         struct in6_addr mcaddr;
653         struct net_device *dev = neigh->dev;
654         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655         int probes = atomic_read(&neigh->probes);
656
657         if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1))
658                 saddr = &ipv6_hdr(skb)->saddr;
659
660         if ((probes -= neigh->parms->ucast_probes) < 0) {
661                 if (!(neigh->nud_state & NUD_VALID)) {
662                         ND_PRINTK1(KERN_DEBUG
663                                    "%s(): trying to ucast probe in NUD_INVALID: "
664                                    NIP6_FMT "\n",
665                                    __FUNCTION__,
666                                    NIP6(*target));
667                 }
668                 ndisc_send_ns(dev, neigh, target, target, saddr);
669         } else if ((probes -= neigh->parms->app_probes) < 0) {
670 #ifdef CONFIG_ARPD
671                 neigh_app_ns(neigh);
672 #endif
673         } else {
674                 addrconf_addr_solict_mult(target, &mcaddr);
675                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
676         }
677 }
678
679 static void ndisc_recv_ns(struct sk_buff *skb)
680 {
681         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
682         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
683         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
684         u8 *lladdr = NULL;
685         u32 ndoptlen = skb->tail - (skb->transport_header +
686                                     offsetof(struct nd_msg, opt));
687         struct ndisc_options ndopts;
688         struct net_device *dev = skb->dev;
689         struct inet6_ifaddr *ifp;
690         struct inet6_dev *idev = NULL;
691         struct neighbour *neigh;
692         struct pneigh_entry *pneigh = NULL;
693         int dad = ipv6_addr_any(saddr);
694         int inc;
695         int is_router;
696
697         if (ipv6_addr_is_multicast(&msg->target)) {
698                 ND_PRINTK2(KERN_WARNING
699                            "ICMPv6 NS: multicast target address");
700                 return;
701         }
702
703         /*
704          * RFC2461 7.1.1:
705          * DAD has to be destined for solicited node multicast address.
706          */
707         if (dad &&
708             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
709               daddr->s6_addr32[1] == htonl(0x00000000) &&
710               daddr->s6_addr32[2] == htonl(0x00000001) &&
711               daddr->s6_addr [12] == 0xff )) {
712                 ND_PRINTK2(KERN_WARNING
713                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
714                 return;
715         }
716
717         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
718                 ND_PRINTK2(KERN_WARNING
719                            "ICMPv6 NS: invalid ND options\n");
720                 return;
721         }
722
723         if (ndopts.nd_opts_src_lladdr) {
724                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
725                 if (!lladdr) {
726                         ND_PRINTK2(KERN_WARNING
727                                    "ICMPv6 NS: invalid link-layer address length\n");
728                         return;
729                 }
730
731                 /* RFC2461 7.1.1:
732                  *      If the IP source address is the unspecified address,
733                  *      there MUST NOT be source link-layer address option
734                  *      in the message.
735                  */
736                 if (dad) {
737                         ND_PRINTK2(KERN_WARNING
738                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
739                         return;
740                 }
741         }
742
743         inc = ipv6_addr_is_multicast(daddr);
744
745         if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1)) != NULL) {
746
747                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
748                         if (dad) {
749                                 if (dev->type == ARPHRD_IEEE802_TR) {
750                                         const unsigned char *sadr;
751                                         sadr = skb_mac_header(skb);
752                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
753                                             sadr[9] == dev->dev_addr[1] &&
754                                             sadr[10] == dev->dev_addr[2] &&
755                                             sadr[11] == dev->dev_addr[3] &&
756                                             sadr[12] == dev->dev_addr[4] &&
757                                             sadr[13] == dev->dev_addr[5]) {
758                                                 /* looped-back to us */
759                                                 goto out;
760                                         }
761                                 }
762
763                                 /*
764                                  * We are colliding with another node
765                                  * who is doing DAD
766                                  * so fail our DAD process
767                                  */
768                                 addrconf_dad_failure(ifp);
769                                 return;
770                         } else {
771                                 /*
772                                  * This is not a dad solicitation.
773                                  * If we are an optimistic node,
774                                  * we should respond.
775                                  * Otherwise, we should ignore it.
776                                  */
777                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
778                                         goto out;
779                         }
780                 }
781
782                 idev = ifp->idev;
783         } else {
784                 idev = in6_dev_get(dev);
785                 if (!idev) {
786                         /* XXX: count this drop? */
787                         return;
788                 }
789
790                 if (ipv6_chk_acast_addr(dev, &msg->target) ||
791                     (idev->cnf.forwarding &&
792                      (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
793                      (pneigh = pneigh_lookup(&nd_tbl, &init_net,
794                                              &msg->target, dev, 0)) != NULL)) {
795                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
796                             skb->pkt_type != PACKET_HOST &&
797                             inc != 0 &&
798                             idev->nd_parms->proxy_delay != 0) {
799                                 /*
800                                  * for anycast or proxy,
801                                  * sender should delay its response
802                                  * by a random time between 0 and
803                                  * MAX_ANYCAST_DELAY_TIME seconds.
804                                  * (RFC2461) -- yoshfuji
805                                  */
806                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
807                                 if (n)
808                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
809                                 goto out;
810                         }
811                 } else
812                         goto out;
813         }
814
815         is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
816
817         if (dad) {
818                 struct in6_addr maddr;
819
820                 ipv6_addr_all_nodes(&maddr);
821                 ndisc_send_na(dev, NULL, &maddr, &msg->target,
822                               is_router, 0, (ifp != NULL), 1);
823                 goto out;
824         }
825
826         if (inc)
827                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
828         else
829                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
830
831         /*
832          *      update / create cache entry
833          *      for the source address
834          */
835         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
836                                !inc || lladdr || !dev->addr_len);
837         if (neigh)
838                 neigh_update(neigh, lladdr, NUD_STALE,
839                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
840                              NEIGH_UPDATE_F_OVERRIDE);
841         if (neigh || !dev->header_ops) {
842                 ndisc_send_na(dev, neigh, saddr, &msg->target,
843                               is_router,
844                               1, (ifp != NULL && inc), inc);
845                 if (neigh)
846                         neigh_release(neigh);
847         }
848
849 out:
850         if (ifp)
851                 in6_ifa_put(ifp);
852         else
853                 in6_dev_put(idev);
854
855         return;
856 }
857
858 static void ndisc_recv_na(struct sk_buff *skb)
859 {
860         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
861         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
862         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
863         u8 *lladdr = NULL;
864         u32 ndoptlen = skb->tail - (skb->transport_header +
865                                     offsetof(struct nd_msg, opt));
866         struct ndisc_options ndopts;
867         struct net_device *dev = skb->dev;
868         struct inet6_ifaddr *ifp;
869         struct neighbour *neigh;
870
871         if (skb->len < sizeof(struct nd_msg)) {
872                 ND_PRINTK2(KERN_WARNING
873                            "ICMPv6 NA: packet too short\n");
874                 return;
875         }
876
877         if (ipv6_addr_is_multicast(&msg->target)) {
878                 ND_PRINTK2(KERN_WARNING
879                            "ICMPv6 NA: target address is multicast.\n");
880                 return;
881         }
882
883         if (ipv6_addr_is_multicast(daddr) &&
884             msg->icmph.icmp6_solicited) {
885                 ND_PRINTK2(KERN_WARNING
886                            "ICMPv6 NA: solicited NA is multicasted.\n");
887                 return;
888         }
889
890         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
891                 ND_PRINTK2(KERN_WARNING
892                            "ICMPv6 NS: invalid ND option\n");
893                 return;
894         }
895         if (ndopts.nd_opts_tgt_lladdr) {
896                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
897                 if (!lladdr) {
898                         ND_PRINTK2(KERN_WARNING
899                                    "ICMPv6 NA: invalid link-layer address length\n");
900                         return;
901                 }
902         }
903         if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1))) {
904                 if (ifp->flags & IFA_F_TENTATIVE) {
905                         addrconf_dad_failure(ifp);
906                         return;
907                 }
908                 /* What should we make now? The advertisement
909                    is invalid, but ndisc specs say nothing
910                    about it. It could be misconfiguration, or
911                    an smart proxy agent tries to help us :-)
912                  */
913                 ND_PRINTK1(KERN_WARNING
914                            "ICMPv6 NA: someone advertises our address on %s!\n",
915                            ifp->idev->dev->name);
916                 in6_ifa_put(ifp);
917                 return;
918         }
919         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
920
921         if (neigh) {
922                 u8 old_flags = neigh->flags;
923
924                 if (neigh->nud_state & NUD_FAILED)
925                         goto out;
926
927                 /*
928                  * Don't update the neighbor cache entry on a proxy NA from
929                  * ourselves because either the proxied node is off link or it
930                  * has already sent a NA to us.
931                  */
932                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
933                     ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
934                     pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
935                         /* XXX: idev->cnf.prixy_ndp */
936                         goto out;
937                 }
938
939                 neigh_update(neigh, lladdr,
940                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
941                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
942                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
943                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
944                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
945
946                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
947                         /*
948                          * Change: router to host
949                          */
950                         struct rt6_info *rt;
951                         rt = rt6_get_dflt_router(saddr, dev);
952                         if (rt)
953                                 ip6_del_rt(rt);
954                 }
955
956 out:
957                 neigh_release(neigh);
958         }
959 }
960
961 static void ndisc_recv_rs(struct sk_buff *skb)
962 {
963         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
964         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
965         struct neighbour *neigh;
966         struct inet6_dev *idev;
967         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
968         struct ndisc_options ndopts;
969         u8 *lladdr = NULL;
970
971         if (skb->len < sizeof(*rs_msg))
972                 return;
973
974         idev = in6_dev_get(skb->dev);
975         if (!idev) {
976                 if (net_ratelimit())
977                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
978                 return;
979         }
980
981         /* Don't accept RS if we're not in router mode */
982         if (!idev->cnf.forwarding)
983                 goto out;
984
985         /*
986          * Don't update NCE if src = ::;
987          * this implies that the source node has no ip address assigned yet.
988          */
989         if (ipv6_addr_any(saddr))
990                 goto out;
991
992         /* Parse ND options */
993         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
994                 if (net_ratelimit())
995                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
996                 goto out;
997         }
998
999         if (ndopts.nd_opts_src_lladdr) {
1000                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1001                                              skb->dev);
1002                 if (!lladdr)
1003                         goto out;
1004         }
1005
1006         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1007         if (neigh) {
1008                 neigh_update(neigh, lladdr, NUD_STALE,
1009                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010                              NEIGH_UPDATE_F_OVERRIDE|
1011                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1012                 neigh_release(neigh);
1013         }
1014 out:
1015         in6_dev_put(idev);
1016 }
1017
1018 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1019 {
1020         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1021         struct sk_buff *skb;
1022         struct nlmsghdr *nlh;
1023         struct nduseroptmsg *ndmsg;
1024         int err;
1025         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1026                                     + (opt->nd_opt_len << 3));
1027         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1028
1029         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1030         if (skb == NULL) {
1031                 err = -ENOBUFS;
1032                 goto errout;
1033         }
1034
1035         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1036         if (nlh == NULL) {
1037                 goto nla_put_failure;
1038         }
1039
1040         ndmsg = nlmsg_data(nlh);
1041         ndmsg->nduseropt_family = AF_INET6;
1042         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1043         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1044         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1045         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1046
1047         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1048
1049         NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1050                 &ipv6_hdr(ra)->saddr);
1051         nlmsg_end(skb, nlh);
1052
1053         err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL,
1054                           GFP_ATOMIC);
1055         if (err < 0)
1056                 goto errout;
1057
1058         return;
1059
1060 nla_put_failure:
1061         nlmsg_free(skb);
1062         err = -EMSGSIZE;
1063 errout:
1064         rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err);
1065 }
1066
1067 static void ndisc_router_discovery(struct sk_buff *skb)
1068 {
1069         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1070         struct neighbour *neigh = NULL;
1071         struct inet6_dev *in6_dev;
1072         struct rt6_info *rt = NULL;
1073         int lifetime;
1074         struct ndisc_options ndopts;
1075         int optlen;
1076         unsigned int pref = 0;
1077
1078         __u8 * opt = (__u8 *)(ra_msg + 1);
1079
1080         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1081
1082         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1083                 ND_PRINTK2(KERN_WARNING
1084                            "ICMPv6 RA: source address is not link-local.\n");
1085                 return;
1086         }
1087         if (optlen < 0) {
1088                 ND_PRINTK2(KERN_WARNING
1089                            "ICMPv6 RA: packet too short\n");
1090                 return;
1091         }
1092
1093         /*
1094          *      set the RA_RECV flag in the interface
1095          */
1096
1097         in6_dev = in6_dev_get(skb->dev);
1098         if (in6_dev == NULL) {
1099                 ND_PRINTK0(KERN_ERR
1100                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1101                            skb->dev->name);
1102                 return;
1103         }
1104         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1105                 in6_dev_put(in6_dev);
1106                 return;
1107         }
1108
1109         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1110                 in6_dev_put(in6_dev);
1111                 ND_PRINTK2(KERN_WARNING
1112                            "ICMP6 RA: invalid ND options\n");
1113                 return;
1114         }
1115
1116         if (in6_dev->if_flags & IF_RS_SENT) {
1117                 /*
1118                  *      flag that an RA was received after an RS was sent
1119                  *      out on this interface.
1120                  */
1121                 in6_dev->if_flags |= IF_RA_RCVD;
1122         }
1123
1124         /*
1125          * Remember the managed/otherconf flags from most recently
1126          * received RA message (RFC 2462) -- yoshfuji
1127          */
1128         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1129                                 IF_RA_OTHERCONF)) |
1130                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1131                                         IF_RA_MANAGED : 0) |
1132                                 (ra_msg->icmph.icmp6_addrconf_other ?
1133                                         IF_RA_OTHERCONF : 0);
1134
1135         if (!in6_dev->cnf.accept_ra_defrtr)
1136                 goto skip_defrtr;
1137
1138         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1139
1140 #ifdef CONFIG_IPV6_ROUTER_PREF
1141         pref = ra_msg->icmph.icmp6_router_pref;
1142         /* 10b is handled as if it were 00b (medium) */
1143         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1144             !in6_dev->cnf.accept_ra_rtr_pref)
1145                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1146 #endif
1147
1148         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1149
1150         if (rt)
1151                 neigh = rt->rt6i_nexthop;
1152
1153         if (rt && lifetime == 0) {
1154                 neigh_clone(neigh);
1155                 ip6_del_rt(rt);
1156                 rt = NULL;
1157         }
1158
1159         if (rt == NULL && lifetime) {
1160                 ND_PRINTK3(KERN_DEBUG
1161                            "ICMPv6 RA: adding default router.\n");
1162
1163                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1164                 if (rt == NULL) {
1165                         ND_PRINTK0(KERN_ERR
1166                                    "ICMPv6 RA: %s() failed to add default route.\n",
1167                                    __FUNCTION__);
1168                         in6_dev_put(in6_dev);
1169                         return;
1170                 }
1171
1172                 neigh = rt->rt6i_nexthop;
1173                 if (neigh == NULL) {
1174                         ND_PRINTK0(KERN_ERR
1175                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1176                                    __FUNCTION__);
1177                         dst_release(&rt->u.dst);
1178                         in6_dev_put(in6_dev);
1179                         return;
1180                 }
1181                 neigh->flags |= NTF_ROUTER;
1182         } else if (rt) {
1183                 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1184         }
1185
1186         if (rt)
1187                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1188
1189         if (ra_msg->icmph.icmp6_hop_limit) {
1190                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1191                 if (rt)
1192                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1193         }
1194
1195 skip_defrtr:
1196
1197         /*
1198          *      Update Reachable Time and Retrans Timer
1199          */
1200
1201         if (in6_dev->nd_parms) {
1202                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1203
1204                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1205                         rtime = (rtime*HZ)/1000;
1206                         if (rtime < HZ/10)
1207                                 rtime = HZ/10;
1208                         in6_dev->nd_parms->retrans_time = rtime;
1209                         in6_dev->tstamp = jiffies;
1210                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1211                 }
1212
1213                 rtime = ntohl(ra_msg->reachable_time);
1214                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1215                         rtime = (rtime*HZ)/1000;
1216
1217                         if (rtime < HZ/10)
1218                                 rtime = HZ/10;
1219
1220                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1221                                 in6_dev->nd_parms->base_reachable_time = rtime;
1222                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1223                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1224                                 in6_dev->tstamp = jiffies;
1225                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1226                         }
1227                 }
1228         }
1229
1230         /*
1231          *      Process options.
1232          */
1233
1234         if (!neigh)
1235                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1236                                        skb->dev, 1);
1237         if (neigh) {
1238                 u8 *lladdr = NULL;
1239                 if (ndopts.nd_opts_src_lladdr) {
1240                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1241                                                      skb->dev);
1242                         if (!lladdr) {
1243                                 ND_PRINTK2(KERN_WARNING
1244                                            "ICMPv6 RA: invalid link-layer address length\n");
1245                                 goto out;
1246                         }
1247                 }
1248                 neigh_update(neigh, lladdr, NUD_STALE,
1249                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1250                              NEIGH_UPDATE_F_OVERRIDE|
1251                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1252                              NEIGH_UPDATE_F_ISROUTER);
1253         }
1254
1255 #ifdef CONFIG_IPV6_ROUTE_INFO
1256         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1257                 struct nd_opt_hdr *p;
1258                 for (p = ndopts.nd_opts_ri;
1259                      p;
1260                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1261                         if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1262                                 continue;
1263                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1264                                       &ipv6_hdr(skb)->saddr);
1265                 }
1266         }
1267 #endif
1268
1269         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1270                 struct nd_opt_hdr *p;
1271                 for (p = ndopts.nd_opts_pi;
1272                      p;
1273                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1274                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1275                 }
1276         }
1277
1278         if (ndopts.nd_opts_mtu) {
1279                 __be32 n;
1280                 u32 mtu;
1281
1282                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1283                 mtu = ntohl(n);
1284
1285                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1286                         ND_PRINTK2(KERN_WARNING
1287                                    "ICMPv6 RA: invalid mtu: %d\n",
1288                                    mtu);
1289                 } else if (in6_dev->cnf.mtu6 != mtu) {
1290                         in6_dev->cnf.mtu6 = mtu;
1291
1292                         if (rt)
1293                                 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1294
1295                         rt6_mtu_change(skb->dev, mtu);
1296                 }
1297         }
1298
1299         if (ndopts.nd_useropts) {
1300                 struct nd_opt_hdr *p;
1301                 for (p = ndopts.nd_useropts;
1302                      p;
1303                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1304                         ndisc_ra_useropt(skb, p);
1305                 }
1306         }
1307
1308         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1309                 ND_PRINTK2(KERN_WARNING
1310                            "ICMPv6 RA: invalid RA options");
1311         }
1312 out:
1313         if (rt)
1314                 dst_release(&rt->u.dst);
1315         else if (neigh)
1316                 neigh_release(neigh);
1317         in6_dev_put(in6_dev);
1318 }
1319
1320 static void ndisc_redirect_rcv(struct sk_buff *skb)
1321 {
1322         struct inet6_dev *in6_dev;
1323         struct icmp6hdr *icmph;
1324         struct in6_addr *dest;
1325         struct in6_addr *target;        /* new first hop to destination */
1326         struct neighbour *neigh;
1327         int on_link = 0;
1328         struct ndisc_options ndopts;
1329         int optlen;
1330         u8 *lladdr = NULL;
1331
1332         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1333                 ND_PRINTK2(KERN_WARNING
1334                            "ICMPv6 Redirect: source address is not link-local.\n");
1335                 return;
1336         }
1337
1338         optlen = skb->tail - skb->transport_header;
1339         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1340
1341         if (optlen < 0) {
1342                 ND_PRINTK2(KERN_WARNING
1343                            "ICMPv6 Redirect: packet too short\n");
1344                 return;
1345         }
1346
1347         icmph = icmp6_hdr(skb);
1348         target = (struct in6_addr *) (icmph + 1);
1349         dest = target + 1;
1350
1351         if (ipv6_addr_is_multicast(dest)) {
1352                 ND_PRINTK2(KERN_WARNING
1353                            "ICMPv6 Redirect: destination address is multicast.\n");
1354                 return;
1355         }
1356
1357         if (ipv6_addr_equal(dest, target)) {
1358                 on_link = 1;
1359         } else if (ipv6_addr_type(target) !=
1360                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1361                 ND_PRINTK2(KERN_WARNING
1362                            "ICMPv6 Redirect: target address is not link-local unicast.\n");
1363                 return;
1364         }
1365
1366         in6_dev = in6_dev_get(skb->dev);
1367         if (!in6_dev)
1368                 return;
1369         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1370                 in6_dev_put(in6_dev);
1371                 return;
1372         }
1373
1374         /* RFC2461 8.1:
1375          *      The IP source address of the Redirect MUST be the same as the current
1376          *      first-hop router for the specified ICMP Destination Address.
1377          */
1378
1379         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1380                 ND_PRINTK2(KERN_WARNING
1381                            "ICMPv6 Redirect: invalid ND options\n");
1382                 in6_dev_put(in6_dev);
1383                 return;
1384         }
1385         if (ndopts.nd_opts_tgt_lladdr) {
1386                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1387                                              skb->dev);
1388                 if (!lladdr) {
1389                         ND_PRINTK2(KERN_WARNING
1390                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1391                         in6_dev_put(in6_dev);
1392                         return;
1393                 }
1394         }
1395
1396         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1397         if (neigh) {
1398                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1399                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1400                              on_link);
1401                 neigh_release(neigh);
1402         }
1403         in6_dev_put(in6_dev);
1404 }
1405
1406 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1407                          struct in6_addr *target)
1408 {
1409         struct sock *sk = ndisc_socket->sk;
1410         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1411         struct sk_buff *buff;
1412         struct icmp6hdr *icmph;
1413         struct in6_addr saddr_buf;
1414         struct in6_addr *addrp;
1415         struct net_device *dev;
1416         struct rt6_info *rt;
1417         struct dst_entry *dst;
1418         struct inet6_dev *idev;
1419         struct flowi fl;
1420         u8 *opt;
1421         int rd_len;
1422         int err;
1423         int hlen;
1424         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1425
1426         dev = skb->dev;
1427
1428         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1429                 ND_PRINTK2(KERN_WARNING
1430                            "ICMPv6 Redirect: no link-local address on %s\n",
1431                            dev->name);
1432                 return;
1433         }
1434
1435         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1436             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1437                 ND_PRINTK2(KERN_WARNING
1438                         "ICMPv6 Redirect: target address is not link-local unicast.\n");
1439                 return;
1440         }
1441
1442         ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1443                         dev->ifindex);
1444
1445         dst = ip6_route_output(NULL, &fl);
1446         if (dst == NULL)
1447                 return;
1448
1449         err = xfrm_lookup(&dst, &fl, NULL, 0);
1450         if (err)
1451                 return;
1452
1453         rt = (struct rt6_info *) dst;
1454
1455         if (rt->rt6i_flags & RTF_GATEWAY) {
1456                 ND_PRINTK2(KERN_WARNING
1457                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1458                 dst_release(dst);
1459                 return;
1460         }
1461         if (!xrlim_allow(dst, 1*HZ)) {
1462                 dst_release(dst);
1463                 return;
1464         }
1465
1466         if (dev->addr_len) {
1467                 read_lock_bh(&neigh->lock);
1468                 if (neigh->nud_state & NUD_VALID) {
1469                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1470                         read_unlock_bh(&neigh->lock);
1471                         ha = ha_buf;
1472                         len += ndisc_opt_addr_space(dev);
1473                 } else
1474                         read_unlock_bh(&neigh->lock);
1475         }
1476
1477         rd_len = min_t(unsigned int,
1478                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1479         rd_len &= ~0x7;
1480         len += rd_len;
1481
1482         buff = sock_alloc_send_skb(sk,
1483                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1484                                     len + LL_RESERVED_SPACE(dev)),
1485                                    1, &err);
1486         if (buff == NULL) {
1487                 ND_PRINTK0(KERN_ERR
1488                            "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1489                            __FUNCTION__);
1490                 dst_release(dst);
1491                 return;
1492         }
1493
1494         hlen = 0;
1495
1496         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1497         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1498                    IPPROTO_ICMPV6, len);
1499
1500         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1501         skb_put(buff, len);
1502         icmph = icmp6_hdr(buff);
1503
1504         memset(icmph, 0, sizeof(struct icmp6hdr));
1505         icmph->icmp6_type = NDISC_REDIRECT;
1506
1507         /*
1508          *      copy target and destination addresses
1509          */
1510
1511         addrp = (struct in6_addr *)(icmph + 1);
1512         ipv6_addr_copy(addrp, target);
1513         addrp++;
1514         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1515
1516         opt = (u8*) (addrp + 1);
1517
1518         /*
1519          *      include target_address option
1520          */
1521
1522         if (ha)
1523                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1524                                              dev->addr_len, dev->type);
1525
1526         /*
1527          *      build redirect option and copy skb over to the new packet.
1528          */
1529
1530         memset(opt, 0, 8);
1531         *(opt++) = ND_OPT_REDIRECT_HDR;
1532         *(opt++) = (rd_len >> 3);
1533         opt += 6;
1534
1535         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1536
1537         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1538                                              len, IPPROTO_ICMPV6,
1539                                              csum_partial((u8 *) icmph, len, 0));
1540
1541         buff->dst = dst;
1542         idev = in6_dev_get(dst->dev);
1543         IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1544         err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1545                       dst_output);
1546         if (!err) {
1547                 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1548                 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1549         }
1550
1551         if (likely(idev != NULL))
1552                 in6_dev_put(idev);
1553 }
1554
1555 static void pndisc_redo(struct sk_buff *skb)
1556 {
1557         ndisc_recv_ns(skb);
1558         kfree_skb(skb);
1559 }
1560
1561 int ndisc_rcv(struct sk_buff *skb)
1562 {
1563         struct nd_msg *msg;
1564
1565         if (!pskb_may_pull(skb, skb->len))
1566                 return 0;
1567
1568         msg = (struct nd_msg *)skb_transport_header(skb);
1569
1570         __skb_push(skb, skb->data - skb_transport_header(skb));
1571
1572         if (ipv6_hdr(skb)->hop_limit != 255) {
1573                 ND_PRINTK2(KERN_WARNING
1574                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1575                            ipv6_hdr(skb)->hop_limit);
1576                 return 0;
1577         }
1578
1579         if (msg->icmph.icmp6_code != 0) {
1580                 ND_PRINTK2(KERN_WARNING
1581                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1582                            msg->icmph.icmp6_code);
1583                 return 0;
1584         }
1585
1586         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1587
1588         switch (msg->icmph.icmp6_type) {
1589         case NDISC_NEIGHBOUR_SOLICITATION:
1590                 ndisc_recv_ns(skb);
1591                 break;
1592
1593         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1594                 ndisc_recv_na(skb);
1595                 break;
1596
1597         case NDISC_ROUTER_SOLICITATION:
1598                 ndisc_recv_rs(skb);
1599                 break;
1600
1601         case NDISC_ROUTER_ADVERTISEMENT:
1602                 ndisc_router_discovery(skb);
1603                 break;
1604
1605         case NDISC_REDIRECT:
1606                 ndisc_redirect_rcv(skb);
1607                 break;
1608         }
1609
1610         return 0;
1611 }
1612
1613 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1614 {
1615         struct net_device *dev = ptr;
1616
1617         if (dev->nd_net != &init_net)
1618                 return NOTIFY_DONE;
1619
1620         switch (event) {
1621         case NETDEV_CHANGEADDR:
1622                 neigh_changeaddr(&nd_tbl, dev);
1623                 fib6_run_gc(~0UL);
1624                 break;
1625         case NETDEV_DOWN:
1626                 neigh_ifdown(&nd_tbl, dev);
1627                 fib6_run_gc(~0UL);
1628                 break;
1629         default:
1630                 break;
1631         }
1632
1633         return NOTIFY_DONE;
1634 }
1635
1636 static struct notifier_block ndisc_netdev_notifier = {
1637         .notifier_call = ndisc_netdev_event,
1638 };
1639
1640 #ifdef CONFIG_SYSCTL
1641 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1642                                          const char *func, const char *dev_name)
1643 {
1644         static char warncomm[TASK_COMM_LEN];
1645         static int warned;
1646         if (strcmp(warncomm, current->comm) && warned < 5) {
1647                 strcpy(warncomm, current->comm);
1648                 printk(KERN_WARNING
1649                         "process `%s' is using deprecated sysctl (%s) "
1650                         "net.ipv6.neigh.%s.%s; "
1651                         "Use net.ipv6.neigh.%s.%s_ms "
1652                         "instead.\n",
1653                         warncomm, func,
1654                         dev_name, ctl->procname,
1655                         dev_name, ctl->procname);
1656                 warned++;
1657         }
1658 }
1659
1660 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1661 {
1662         struct net_device *dev = ctl->extra1;
1663         struct inet6_dev *idev;
1664         int ret;
1665
1666         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1667             (strcmp(ctl->procname, "base_reachable_time") == 0))
1668                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1669
1670         if (strcmp(ctl->procname, "retrans_time") == 0)
1671                 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1672
1673         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1674                 ret = proc_dointvec_jiffies(ctl, write,
1675                                             filp, buffer, lenp, ppos);
1676
1677         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1678                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1679                 ret = proc_dointvec_ms_jiffies(ctl, write,
1680                                                filp, buffer, lenp, ppos);
1681         else
1682                 ret = -1;
1683
1684         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1685                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1686                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1687                 idev->tstamp = jiffies;
1688                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1689                 in6_dev_put(idev);
1690         }
1691         return ret;
1692 }
1693
1694 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1695                                         int nlen, void __user *oldval,
1696                                         size_t __user *oldlenp,
1697                                         void __user *newval, size_t newlen)
1698 {
1699         struct net_device *dev = ctl->extra1;
1700         struct inet6_dev *idev;
1701         int ret;
1702
1703         if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1704             ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1705                 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1706
1707         switch (ctl->ctl_name) {
1708         case NET_NEIGH_REACHABLE_TIME:
1709                 ret = sysctl_jiffies(ctl, name, nlen,
1710                                      oldval, oldlenp, newval, newlen);
1711                 break;
1712         case NET_NEIGH_RETRANS_TIME_MS:
1713         case NET_NEIGH_REACHABLE_TIME_MS:
1714                  ret = sysctl_ms_jiffies(ctl, name, nlen,
1715                                          oldval, oldlenp, newval, newlen);
1716                  break;
1717         default:
1718                 ret = 0;
1719         }
1720
1721         if (newval && newlen && ret > 0 &&
1722             dev && (idev = in6_dev_get(dev)) != NULL) {
1723                 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1724                     ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1725                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1726                 idev->tstamp = jiffies;
1727                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1728                 in6_dev_put(idev);
1729         }
1730
1731         return ret;
1732 }
1733
1734 #endif
1735
1736 int __init ndisc_init(struct net_proto_family *ops)
1737 {
1738         struct ipv6_pinfo *np;
1739         struct sock *sk;
1740         int err;
1741
1742         err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1743         if (err < 0) {
1744                 ND_PRINTK0(KERN_ERR
1745                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1746                            err);
1747                 ndisc_socket = NULL; /* For safety. */
1748                 return err;
1749         }
1750
1751         sk = ndisc_socket->sk;
1752         np = inet6_sk(sk);
1753         sk->sk_allocation = GFP_ATOMIC;
1754         np->hop_limit = 255;
1755         /* Do not loopback ndisc messages */
1756         np->mc_loop = 0;
1757         sk->sk_prot->unhash(sk);
1758
1759         /*
1760          * Initialize the neighbour table
1761          */
1762
1763         neigh_table_init(&nd_tbl);
1764
1765 #ifdef CONFIG_SYSCTL
1766         neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1767                               "ipv6",
1768                               &ndisc_ifinfo_sysctl_change,
1769                               &ndisc_ifinfo_sysctl_strategy);
1770 #endif
1771
1772         register_netdevice_notifier(&ndisc_netdev_notifier);
1773         return 0;
1774 }
1775
1776 void ndisc_cleanup(void)
1777 {
1778         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1779 #ifdef CONFIG_SYSCTL
1780         neigh_sysctl_unregister(&nd_tbl.parms);
1781 #endif
1782         neigh_table_clear(&nd_tbl);
1783         sock_release(ndisc_socket);
1784         ndisc_socket = NULL; /* For safety. */
1785 }