69a0051cea67b9d22c7fbe6d61718b2ab20111bb
[linux-3.10.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Pierre Ynard                    :       export userland ND options
19  *                                              through netlink (RDNSS support)
20  *      Lars Fenneberg                  :       fixed MTU setting on receipt
21  *                                              of an RA.
22  *      Janos Farkas                    :       kmalloc failure checks
23  *      Alexey Kuznetsov                :       state machine reworked
24  *                                              and moved to net/core.
25  *      Pekka Savola                    :       RFC2461 validation
26  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
27  */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72
73 #include <net/sock.h>
74 #include <net/snmp.h>
75
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static const struct neigh_ops ndisc_generic_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_connected_output,
108         .hh_output =            dev_queue_xmit,
109         .queue_xmit =           dev_queue_xmit,
110 };
111
112 static const struct neigh_ops ndisc_hh_ops = {
113         .family =               AF_INET6,
114         .solicit =              ndisc_solicit,
115         .error_report =         ndisc_error_report,
116         .output =               neigh_resolve_output,
117         .connected_output =     neigh_resolve_output,
118         .hh_output =            dev_queue_xmit,
119         .queue_xmit =           dev_queue_xmit,
120 };
121
122
123 static const struct neigh_ops ndisc_direct_ops = {
124         .family =               AF_INET6,
125         .output =               dev_queue_xmit,
126         .connected_output =     dev_queue_xmit,
127         .hh_output =            dev_queue_xmit,
128         .queue_xmit =           dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132         .family =       AF_INET6,
133         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
134         .key_len =      sizeof(struct in6_addr),
135         .hash =         ndisc_hash,
136         .constructor =  ndisc_constructor,
137         .pconstructor = pndisc_constructor,
138         .pdestructor =  pndisc_destructor,
139         .proxy_redo =   pndisc_redo,
140         .id =           "ndisc_cache",
141         .parms = {
142                 .tbl =                  &nd_tbl,
143                 .base_reachable_time =  30 * HZ,
144                 .retrans_time =  1 * HZ,
145                 .gc_staletime = 60 * HZ,
146                 .reachable_time =               30 * HZ,
147                 .delay_probe_time =      5 * HZ,
148                 .queue_len =             3,
149                 .ucast_probes =  3,
150                 .mcast_probes =  3,
151                 .anycast_delay =         1 * HZ,
152                 .proxy_delay =          (8 * HZ) / 10,
153                 .proxy_qlen =           64,
154         },
155         .gc_interval =    30 * HZ,
156         .gc_thresh1 =    128,
157         .gc_thresh2 =    512,
158         .gc_thresh3 =   1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165         struct nd_opt_hdr *nd_opts_ri;
166         struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168         struct nd_opt_hdr *nd_useropts;
169         struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182  * Return the padding between the option length and the start of the
183  * link addr.  Currently only IP-over-InfiniBand needs this, although
184  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185  * also need a pad of 2.
186  */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189         switch (type) {
190         case ARPHRD_INFINIBAND: return 2;
191         default:                return 0;
192         }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201                                   unsigned short addr_type)
202 {
203         int space = NDISC_OPT_SPACE(data_len);
204         int pad   = ndisc_addr_option_pad(addr_type);
205
206         opt[0] = type;
207         opt[1] = space>>3;
208
209         memset(opt + 2, 0, pad);
210         opt   += pad;
211         space -= pad;
212
213         memcpy(opt+2, data, data_len);
214         data_len += 2;
215         opt += data_len;
216         if ((space -= data_len) > 0)
217                 memset(opt, 0, space);
218         return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222                                             struct nd_opt_hdr *end)
223 {
224         int type;
225         if (!cur || !end || cur >= end)
226                 return NULL;
227         type = cur->nd_opt_type;
228         do {
229                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230         } while(cur < end && cur->nd_opt_type != type);
231         return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236         return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240                                              struct nd_opt_hdr *end)
241 {
242         if (!cur || !end || cur >= end)
243                 return NULL;
244         do {
245                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246         } while(cur < end && !ndisc_is_useropt(cur));
247         return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251                                                  struct ndisc_options *ndopts)
252 {
253         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255         if (!nd_opt || opt_len < 0 || !ndopts)
256                 return NULL;
257         memset(ndopts, 0, sizeof(*ndopts));
258         while (opt_len) {
259                 int l;
260                 if (opt_len < sizeof(struct nd_opt_hdr))
261                         return NULL;
262                 l = nd_opt->nd_opt_len << 3;
263                 if (opt_len < l || l == 0)
264                         return NULL;
265                 switch (nd_opt->nd_opt_type) {
266                 case ND_OPT_SOURCE_LL_ADDR:
267                 case ND_OPT_TARGET_LL_ADDR:
268                 case ND_OPT_MTU:
269                 case ND_OPT_REDIRECT_HDR:
270                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271                                 ND_PRINTK2(KERN_WARNING
272                                            "%s(): duplicated ND6 option found: type=%d\n",
273                                            __func__,
274                                            nd_opt->nd_opt_type);
275                         } else {
276                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277                         }
278                         break;
279                 case ND_OPT_PREFIX_INFO:
280                         ndopts->nd_opts_pi_end = nd_opt;
281                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283                         break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285                 case ND_OPT_ROUTE_INFO:
286                         ndopts->nd_opts_ri_end = nd_opt;
287                         if (!ndopts->nd_opts_ri)
288                                 ndopts->nd_opts_ri = nd_opt;
289                         break;
290 #endif
291                 default:
292                         if (ndisc_is_useropt(nd_opt)) {
293                                 ndopts->nd_useropts_end = nd_opt;
294                                 if (!ndopts->nd_useropts)
295                                         ndopts->nd_useropts = nd_opt;
296                         } else {
297                                 /*
298                                  * Unknown options must be silently ignored,
299                                  * to accommodate future extension to the
300                                  * protocol.
301                                  */
302                                 ND_PRINTK2(KERN_NOTICE
303                                            "%s(): ignored unsupported option; type=%d, len=%d\n",
304                                            __func__,
305                                            nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306                         }
307                 }
308                 opt_len -= l;
309                 nd_opt = ((void *)nd_opt) + l;
310         }
311         return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315                                       struct net_device *dev)
316 {
317         u8 *lladdr = (u8 *)(p + 1);
318         int lladdrlen = p->nd_opt_len << 3;
319         int prepad = ndisc_addr_option_pad(dev->type);
320         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321                 return NULL;
322         return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327         switch (dev->type) {
328         case ARPHRD_ETHER:
329         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
330         case ARPHRD_FDDI:
331                 ipv6_eth_mc_map(addr, buf);
332                 return 0;
333         case ARPHRD_IEEE802_TR:
334                 ipv6_tr_mc_map(addr,buf);
335                 return 0;
336         case ARPHRD_ARCNET:
337                 ipv6_arcnet_mc_map(addr, buf);
338                 return 0;
339         case ARPHRD_INFINIBAND:
340                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341                 return 0;
342         default:
343                 if (dir) {
344                         memcpy(buf, dev->broadcast, dev->addr_len);
345                         return 0;
346                 }
347         }
348         return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355         const u32 *p32 = pkey;
356         u32 addr_hash, i;
357
358         addr_hash = 0;
359         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360                 addr_hash ^= *p32++;
361
362         return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368         struct net_device *dev = neigh->dev;
369         struct inet6_dev *in6_dev;
370         struct neigh_parms *parms;
371         int is_multicast = ipv6_addr_is_multicast(addr);
372
373         rcu_read_lock();
374         in6_dev = in6_dev_get(dev);
375         if (in6_dev == NULL) {
376                 rcu_read_unlock();
377                 return -EINVAL;
378         }
379
380         parms = in6_dev->nd_parms;
381         __neigh_parms_put(neigh->parms);
382         neigh->parms = neigh_parms_clone(parms);
383         rcu_read_unlock();
384
385         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386         if (!dev->header_ops) {
387                 neigh->nud_state = NUD_NOARP;
388                 neigh->ops = &ndisc_direct_ops;
389                 neigh->output = neigh->ops->queue_xmit;
390         } else {
391                 if (is_multicast) {
392                         neigh->nud_state = NUD_NOARP;
393                         ndisc_mc_map(addr, neigh->ha, dev, 1);
394                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395                         neigh->nud_state = NUD_NOARP;
396                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397                         if (dev->flags&IFF_LOOPBACK)
398                                 neigh->type = RTN_LOCAL;
399                 } else if (dev->flags&IFF_POINTOPOINT) {
400                         neigh->nud_state = NUD_NOARP;
401                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402                 }
403                 if (dev->header_ops->cache)
404                         neigh->ops = &ndisc_hh_ops;
405                 else
406                         neigh->ops = &ndisc_generic_ops;
407                 if (neigh->nud_state&NUD_VALID)
408                         neigh->output = neigh->ops->connected_output;
409                 else
410                         neigh->output = neigh->ops->output;
411         }
412         in6_dev_put(in6_dev);
413         return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418         struct in6_addr *addr = (struct in6_addr*)&n->key;
419         struct in6_addr maddr;
420         struct net_device *dev = n->dev;
421
422         if (dev == NULL || __in6_dev_get(dev) == NULL)
423                 return -EINVAL;
424         addrconf_addr_solict_mult(addr, &maddr);
425         ipv6_dev_mc_inc(dev, &maddr);
426         return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431         struct in6_addr *addr = (struct in6_addr*)&n->key;
432         struct in6_addr maddr;
433         struct net_device *dev = n->dev;
434
435         if (dev == NULL || __in6_dev_get(dev) == NULL)
436                 return;
437         addrconf_addr_solict_mult(addr, &maddr);
438         ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 struct sk_buff *ndisc_build_skb(struct net_device *dev,
442                                 const struct in6_addr *daddr,
443                                 const struct in6_addr *saddr,
444                                 struct icmp6hdr *icmp6h,
445                                 const struct in6_addr *target,
446                                 int llinfo)
447 {
448         struct net *net = dev_net(dev);
449         struct sock *sk = net->ipv6.ndisc_sk;
450         struct sk_buff *skb;
451         struct icmp6hdr *hdr;
452         int len;
453         int err;
454         u8 *opt;
455
456         if (!dev->addr_len)
457                 llinfo = 0;
458
459         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
460         if (llinfo)
461                 len += ndisc_opt_addr_space(dev);
462
463         skb = sock_alloc_send_skb(sk,
464                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
465                                    len + LL_ALLOCATED_SPACE(dev)),
466                                   1, &err);
467         if (!skb) {
468                 ND_PRINTK0(KERN_ERR
469                            "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
470                            __func__, err);
471                 return NULL;
472         }
473
474         skb_reserve(skb, LL_RESERVED_SPACE(dev));
475         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
476
477         skb->transport_header = skb->tail;
478         skb_put(skb, len);
479
480         hdr = (struct icmp6hdr *)skb_transport_header(skb);
481         memcpy(hdr, icmp6h, sizeof(*hdr));
482
483         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
484         if (target) {
485                 ipv6_addr_copy((struct in6_addr *)opt, target);
486                 opt += sizeof(*target);
487         }
488
489         if (llinfo)
490                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491                                        dev->addr_len, dev->type);
492
493         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494                                            IPPROTO_ICMPV6,
495                                            csum_partial(hdr,
496                                                         len, 0));
497
498         return skb;
499 }
500
501 EXPORT_SYMBOL(ndisc_build_skb);
502
503 void ndisc_send_skb(struct sk_buff *skb,
504                     struct net_device *dev,
505                     struct neighbour *neigh,
506                     const struct in6_addr *daddr,
507                     const struct in6_addr *saddr,
508                     struct icmp6hdr *icmp6h)
509 {
510         struct flowi fl;
511         struct dst_entry *dst;
512         struct net *net = dev_net(dev);
513         struct sock *sk = net->ipv6.ndisc_sk;
514         struct inet6_dev *idev;
515         int err;
516         u8 type;
517
518         type = icmp6h->icmp6_type;
519
520         icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
521
522         dst = icmp6_dst_alloc(dev, neigh, daddr);
523         if (!dst) {
524                 kfree_skb(skb);
525                 return;
526         }
527
528         err = xfrm_lookup(net, &dst, &fl, NULL, 0);
529         if (err < 0) {
530                 kfree_skb(skb);
531                 return;
532         }
533
534         skb_dst_set(skb, dst);
535
536         idev = in6_dev_get(dst->dev);
537         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
538
539         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
540                       dst_output);
541         if (!err) {
542                 ICMP6MSGOUT_INC_STATS(net, idev, type);
543                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
544         }
545
546         if (likely(idev != NULL))
547                 in6_dev_put(idev);
548 }
549
550 EXPORT_SYMBOL(ndisc_send_skb);
551
552 /*
553  *      Send a Neighbour Discover packet
554  */
555 static void __ndisc_send(struct net_device *dev,
556                          struct neighbour *neigh,
557                          const struct in6_addr *daddr,
558                          const struct in6_addr *saddr,
559                          struct icmp6hdr *icmp6h, const struct in6_addr *target,
560                          int llinfo)
561 {
562         struct sk_buff *skb;
563
564         skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
565         if (!skb)
566                 return;
567
568         ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
569 }
570
571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572                           const struct in6_addr *daddr,
573                           const struct in6_addr *solicited_addr,
574                           int router, int solicited, int override, int inc_opt)
575 {
576         struct in6_addr tmpaddr;
577         struct inet6_ifaddr *ifp;
578         const struct in6_addr *src_addr;
579         struct icmp6hdr icmp6h = {
580                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
581         };
582
583         /* for anycast or proxy, solicited_addr != src_addr */
584         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
585         if (ifp) {
586                 src_addr = solicited_addr;
587                 if (ifp->flags & IFA_F_OPTIMISTIC)
588                         override = 0;
589                 inc_opt |= ifp->idev->cnf.force_tllao;
590                 in6_ifa_put(ifp);
591         } else {
592                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
593                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
594                                        &tmpaddr))
595                         return;
596                 src_addr = &tmpaddr;
597         }
598
599         icmp6h.icmp6_router = router;
600         icmp6h.icmp6_solicited = solicited;
601         icmp6h.icmp6_override = override;
602
603         __ndisc_send(dev, neigh, daddr, src_addr,
604                      &icmp6h, solicited_addr,
605                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
606 }
607
608 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
609                    const struct in6_addr *solicit,
610                    const struct in6_addr *daddr, const struct in6_addr *saddr)
611 {
612         struct in6_addr addr_buf;
613         struct icmp6hdr icmp6h = {
614                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
615         };
616
617         if (saddr == NULL) {
618                 if (ipv6_get_lladdr(dev, &addr_buf,
619                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
620                         return;
621                 saddr = &addr_buf;
622         }
623
624         __ndisc_send(dev, neigh, daddr, saddr,
625                      &icmp6h, solicit,
626                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
627 }
628
629 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
630                    const struct in6_addr *daddr)
631 {
632         struct icmp6hdr icmp6h = {
633                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
634         };
635         int send_sllao = dev->addr_len;
636
637 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
638         /*
639          * According to section 2.2 of RFC 4429, we must not
640          * send router solicitations with a sllao from
641          * optimistic addresses, but we may send the solicitation
642          * if we don't include the sllao.  So here we check
643          * if our address is optimistic, and if so, we
644          * suppress the inclusion of the sllao.
645          */
646         if (send_sllao) {
647                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
648                                                            dev, 1);
649                 if (ifp) {
650                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
651                                 send_sllao = 0;
652                         }
653                         in6_ifa_put(ifp);
654                 } else {
655                         send_sllao = 0;
656                 }
657         }
658 #endif
659         __ndisc_send(dev, NULL, daddr, saddr,
660                      &icmp6h, NULL,
661                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
662 }
663
664
665 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
666 {
667         /*
668          *      "The sender MUST return an ICMP
669          *       destination unreachable"
670          */
671         dst_link_failure(skb);
672         kfree_skb(skb);
673 }
674
675 /* Called with locked neigh: either read or both */
676
677 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
678 {
679         struct in6_addr *saddr = NULL;
680         struct in6_addr mcaddr;
681         struct net_device *dev = neigh->dev;
682         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
683         int probes = atomic_read(&neigh->probes);
684
685         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
686                 saddr = &ipv6_hdr(skb)->saddr;
687
688         if ((probes -= neigh->parms->ucast_probes) < 0) {
689                 if (!(neigh->nud_state & NUD_VALID)) {
690                         ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
691                                    __func__, target);
692                 }
693                 ndisc_send_ns(dev, neigh, target, target, saddr);
694         } else if ((probes -= neigh->parms->app_probes) < 0) {
695 #ifdef CONFIG_ARPD
696                 neigh_app_ns(neigh);
697 #endif
698         } else {
699                 addrconf_addr_solict_mult(target, &mcaddr);
700                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
701         }
702 }
703
704 static int pndisc_is_router(const void *pkey,
705                             struct net_device *dev)
706 {
707         struct pneigh_entry *n;
708         int ret = -1;
709
710         read_lock_bh(&nd_tbl.lock);
711         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
712         if (n)
713                 ret = !!(n->flags & NTF_ROUTER);
714         read_unlock_bh(&nd_tbl.lock);
715
716         return ret;
717 }
718
719 static void ndisc_recv_ns(struct sk_buff *skb)
720 {
721         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
722         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
723         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
724         u8 *lladdr = NULL;
725         u32 ndoptlen = skb->tail - (skb->transport_header +
726                                     offsetof(struct nd_msg, opt));
727         struct ndisc_options ndopts;
728         struct net_device *dev = skb->dev;
729         struct inet6_ifaddr *ifp;
730         struct inet6_dev *idev = NULL;
731         struct neighbour *neigh;
732         int dad = ipv6_addr_any(saddr);
733         int inc;
734         int is_router = -1;
735
736         if (ipv6_addr_is_multicast(&msg->target)) {
737                 ND_PRINTK2(KERN_WARNING
738                            "ICMPv6 NS: multicast target address");
739                 return;
740         }
741
742         /*
743          * RFC2461 7.1.1:
744          * DAD has to be destined for solicited node multicast address.
745          */
746         if (dad &&
747             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
748               daddr->s6_addr32[1] == htonl(0x00000000) &&
749               daddr->s6_addr32[2] == htonl(0x00000001) &&
750               daddr->s6_addr [12] == 0xff )) {
751                 ND_PRINTK2(KERN_WARNING
752                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
753                 return;
754         }
755
756         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
757                 ND_PRINTK2(KERN_WARNING
758                            "ICMPv6 NS: invalid ND options\n");
759                 return;
760         }
761
762         if (ndopts.nd_opts_src_lladdr) {
763                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
764                 if (!lladdr) {
765                         ND_PRINTK2(KERN_WARNING
766                                    "ICMPv6 NS: invalid link-layer address length\n");
767                         return;
768                 }
769
770                 /* RFC2461 7.1.1:
771                  *      If the IP source address is the unspecified address,
772                  *      there MUST NOT be source link-layer address option
773                  *      in the message.
774                  */
775                 if (dad) {
776                         ND_PRINTK2(KERN_WARNING
777                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
778                         return;
779                 }
780         }
781
782         inc = ipv6_addr_is_multicast(daddr);
783
784         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
785         if (ifp) {
786
787                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
788                         if (dad) {
789                                 if (dev->type == ARPHRD_IEEE802_TR) {
790                                         const unsigned char *sadr;
791                                         sadr = skb_mac_header(skb);
792                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
793                                             sadr[9] == dev->dev_addr[1] &&
794                                             sadr[10] == dev->dev_addr[2] &&
795                                             sadr[11] == dev->dev_addr[3] &&
796                                             sadr[12] == dev->dev_addr[4] &&
797                                             sadr[13] == dev->dev_addr[5]) {
798                                                 /* looped-back to us */
799                                                 goto out;
800                                         }
801                                 }
802
803                                 /*
804                                  * We are colliding with another node
805                                  * who is doing DAD
806                                  * so fail our DAD process
807                                  */
808                                 addrconf_dad_failure(ifp);
809                                 return;
810                         } else {
811                                 /*
812                                  * This is not a dad solicitation.
813                                  * If we are an optimistic node,
814                                  * we should respond.
815                                  * Otherwise, we should ignore it.
816                                  */
817                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
818                                         goto out;
819                         }
820                 }
821
822                 idev = ifp->idev;
823         } else {
824                 struct net *net = dev_net(dev);
825
826                 idev = in6_dev_get(dev);
827                 if (!idev) {
828                         /* XXX: count this drop? */
829                         return;
830                 }
831
832                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
833                     (idev->cnf.forwarding &&
834                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
835                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
836                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
837                             skb->pkt_type != PACKET_HOST &&
838                             inc != 0 &&
839                             idev->nd_parms->proxy_delay != 0) {
840                                 /*
841                                  * for anycast or proxy,
842                                  * sender should delay its response
843                                  * by a random time between 0 and
844                                  * MAX_ANYCAST_DELAY_TIME seconds.
845                                  * (RFC2461) -- yoshfuji
846                                  */
847                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
848                                 if (n)
849                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
850                                 goto out;
851                         }
852                 } else
853                         goto out;
854         }
855
856         if (is_router < 0)
857                 is_router = !!idev->cnf.forwarding;
858
859         if (dad) {
860                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
861                               is_router, 0, (ifp != NULL), 1);
862                 goto out;
863         }
864
865         if (inc)
866                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
867         else
868                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
869
870         /*
871          *      update / create cache entry
872          *      for the source address
873          */
874         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
875                                !inc || lladdr || !dev->addr_len);
876         if (neigh)
877                 neigh_update(neigh, lladdr, NUD_STALE,
878                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
879                              NEIGH_UPDATE_F_OVERRIDE);
880         if (neigh || !dev->header_ops) {
881                 ndisc_send_na(dev, neigh, saddr, &msg->target,
882                               is_router,
883                               1, (ifp != NULL && inc), inc);
884                 if (neigh)
885                         neigh_release(neigh);
886         }
887
888 out:
889         if (ifp)
890                 in6_ifa_put(ifp);
891         else
892                 in6_dev_put(idev);
893 }
894
895 static void ndisc_recv_na(struct sk_buff *skb)
896 {
897         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
898         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
899         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
900         u8 *lladdr = NULL;
901         u32 ndoptlen = skb->tail - (skb->transport_header +
902                                     offsetof(struct nd_msg, opt));
903         struct ndisc_options ndopts;
904         struct net_device *dev = skb->dev;
905         struct inet6_ifaddr *ifp;
906         struct neighbour *neigh;
907
908         if (skb->len < sizeof(struct nd_msg)) {
909                 ND_PRINTK2(KERN_WARNING
910                            "ICMPv6 NA: packet too short\n");
911                 return;
912         }
913
914         if (ipv6_addr_is_multicast(&msg->target)) {
915                 ND_PRINTK2(KERN_WARNING
916                            "ICMPv6 NA: target address is multicast.\n");
917                 return;
918         }
919
920         if (ipv6_addr_is_multicast(daddr) &&
921             msg->icmph.icmp6_solicited) {
922                 ND_PRINTK2(KERN_WARNING
923                            "ICMPv6 NA: solicited NA is multicasted.\n");
924                 return;
925         }
926
927         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
928                 ND_PRINTK2(KERN_WARNING
929                            "ICMPv6 NS: invalid ND option\n");
930                 return;
931         }
932         if (ndopts.nd_opts_tgt_lladdr) {
933                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
934                 if (!lladdr) {
935                         ND_PRINTK2(KERN_WARNING
936                                    "ICMPv6 NA: invalid link-layer address length\n");
937                         return;
938                 }
939         }
940         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
941         if (ifp) {
942                 if (ifp->flags & IFA_F_TENTATIVE) {
943                         addrconf_dad_failure(ifp);
944                         return;
945                 }
946                 /* What should we make now? The advertisement
947                    is invalid, but ndisc specs say nothing
948                    about it. It could be misconfiguration, or
949                    an smart proxy agent tries to help us :-)
950
951                    We should not print the error if NA has been
952                    received from loopback - it is just our own
953                    unsolicited advertisement.
954                  */
955                 if (skb->pkt_type != PACKET_LOOPBACK)
956                         ND_PRINTK1(KERN_WARNING
957                            "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
958                            &ifp->addr, ifp->idev->dev->name);
959                 in6_ifa_put(ifp);
960                 return;
961         }
962         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
963
964         if (neigh) {
965                 u8 old_flags = neigh->flags;
966                 struct net *net = dev_net(dev);
967
968                 if (neigh->nud_state & NUD_FAILED)
969                         goto out;
970
971                 /*
972                  * Don't update the neighbor cache entry on a proxy NA from
973                  * ourselves because either the proxied node is off link or it
974                  * has already sent a NA to us.
975                  */
976                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
977                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
978                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
979                         /* XXX: idev->cnf.prixy_ndp */
980                         goto out;
981                 }
982
983                 neigh_update(neigh, lladdr,
984                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
985                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
986                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
987                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
988                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
989
990                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
991                         /*
992                          * Change: router to host
993                          */
994                         struct rt6_info *rt;
995                         rt = rt6_get_dflt_router(saddr, dev);
996                         if (rt)
997                                 ip6_del_rt(rt);
998                 }
999
1000 out:
1001                 neigh_release(neigh);
1002         }
1003 }
1004
1005 static void ndisc_recv_rs(struct sk_buff *skb)
1006 {
1007         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1008         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1009         struct neighbour *neigh;
1010         struct inet6_dev *idev;
1011         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1012         struct ndisc_options ndopts;
1013         u8 *lladdr = NULL;
1014
1015         if (skb->len < sizeof(*rs_msg))
1016                 return;
1017
1018         idev = in6_dev_get(skb->dev);
1019         if (!idev) {
1020                 if (net_ratelimit())
1021                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1022                 return;
1023         }
1024
1025         /* Don't accept RS if we're not in router mode */
1026         if (!idev->cnf.forwarding)
1027                 goto out;
1028
1029         /*
1030          * Don't update NCE if src = ::;
1031          * this implies that the source node has no ip address assigned yet.
1032          */
1033         if (ipv6_addr_any(saddr))
1034                 goto out;
1035
1036         /* Parse ND options */
1037         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1038                 if (net_ratelimit())
1039                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1040                 goto out;
1041         }
1042
1043         if (ndopts.nd_opts_src_lladdr) {
1044                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1045                                              skb->dev);
1046                 if (!lladdr)
1047                         goto out;
1048         }
1049
1050         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1051         if (neigh) {
1052                 neigh_update(neigh, lladdr, NUD_STALE,
1053                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1054                              NEIGH_UPDATE_F_OVERRIDE|
1055                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1056                 neigh_release(neigh);
1057         }
1058 out:
1059         in6_dev_put(idev);
1060 }
1061
1062 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1063 {
1064         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1065         struct sk_buff *skb;
1066         struct nlmsghdr *nlh;
1067         struct nduseroptmsg *ndmsg;
1068         struct net *net = dev_net(ra->dev);
1069         int err;
1070         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1071                                     + (opt->nd_opt_len << 3));
1072         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1073
1074         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1075         if (skb == NULL) {
1076                 err = -ENOBUFS;
1077                 goto errout;
1078         }
1079
1080         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1081         if (nlh == NULL) {
1082                 goto nla_put_failure;
1083         }
1084
1085         ndmsg = nlmsg_data(nlh);
1086         ndmsg->nduseropt_family = AF_INET6;
1087         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1088         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1089         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1090         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1091
1092         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1093
1094         NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1095                 &ipv6_hdr(ra)->saddr);
1096         nlmsg_end(skb, nlh);
1097
1098         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1099         return;
1100
1101 nla_put_failure:
1102         nlmsg_free(skb);
1103         err = -EMSGSIZE;
1104 errout:
1105         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1106 }
1107
1108 static inline int accept_ra(struct inet6_dev *in6_dev)
1109 {
1110         /*
1111          * If forwarding is enabled, RA are not accepted unless the special
1112          * hybrid mode (accept_ra=2) is enabled.
1113          */
1114         if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1115                 return 0;
1116
1117         return in6_dev->cnf.accept_ra;
1118 }
1119
1120 static void ndisc_router_discovery(struct sk_buff *skb)
1121 {
1122         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1123         struct neighbour *neigh = NULL;
1124         struct inet6_dev *in6_dev;
1125         struct rt6_info *rt = NULL;
1126         int lifetime;
1127         struct ndisc_options ndopts;
1128         int optlen;
1129         unsigned int pref = 0;
1130
1131         __u8 * opt = (__u8 *)(ra_msg + 1);
1132
1133         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1134
1135         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1136                 ND_PRINTK2(KERN_WARNING
1137                            "ICMPv6 RA: source address is not link-local.\n");
1138                 return;
1139         }
1140         if (optlen < 0) {
1141                 ND_PRINTK2(KERN_WARNING
1142                            "ICMPv6 RA: packet too short\n");
1143                 return;
1144         }
1145
1146 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1147         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1148                 ND_PRINTK2(KERN_WARNING
1149                            "ICMPv6 RA: from host or unauthorized router\n");
1150                 return;
1151         }
1152 #endif
1153
1154         /*
1155          *      set the RA_RECV flag in the interface
1156          */
1157
1158         in6_dev = in6_dev_get(skb->dev);
1159         if (in6_dev == NULL) {
1160                 ND_PRINTK0(KERN_ERR
1161                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1162                            skb->dev->name);
1163                 return;
1164         }
1165
1166         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1167                 in6_dev_put(in6_dev);
1168                 ND_PRINTK2(KERN_WARNING
1169                            "ICMP6 RA: invalid ND options\n");
1170                 return;
1171         }
1172
1173         if (!accept_ra(in6_dev))
1174                 goto skip_linkparms;
1175
1176 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1177         /* skip link-specific parameters from interior routers */
1178         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1179                 goto skip_linkparms;
1180 #endif
1181
1182         if (in6_dev->if_flags & IF_RS_SENT) {
1183                 /*
1184                  *      flag that an RA was received after an RS was sent
1185                  *      out on this interface.
1186                  */
1187                 in6_dev->if_flags |= IF_RA_RCVD;
1188         }
1189
1190         /*
1191          * Remember the managed/otherconf flags from most recently
1192          * received RA message (RFC 2462) -- yoshfuji
1193          */
1194         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1195                                 IF_RA_OTHERCONF)) |
1196                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1197                                         IF_RA_MANAGED : 0) |
1198                                 (ra_msg->icmph.icmp6_addrconf_other ?
1199                                         IF_RA_OTHERCONF : 0);
1200
1201         if (!in6_dev->cnf.accept_ra_defrtr)
1202                 goto skip_defrtr;
1203
1204         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1205
1206 #ifdef CONFIG_IPV6_ROUTER_PREF
1207         pref = ra_msg->icmph.icmp6_router_pref;
1208         /* 10b is handled as if it were 00b (medium) */
1209         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1210             !in6_dev->cnf.accept_ra_rtr_pref)
1211                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1212 #endif
1213
1214         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1215
1216         if (rt)
1217                 neigh = rt->rt6i_nexthop;
1218
1219         if (rt && lifetime == 0) {
1220                 neigh_clone(neigh);
1221                 ip6_del_rt(rt);
1222                 rt = NULL;
1223         }
1224
1225         if (rt == NULL && lifetime) {
1226                 ND_PRINTK3(KERN_DEBUG
1227                            "ICMPv6 RA: adding default router.\n");
1228
1229                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1230                 if (rt == NULL) {
1231                         ND_PRINTK0(KERN_ERR
1232                                    "ICMPv6 RA: %s() failed to add default route.\n",
1233                                    __func__);
1234                         in6_dev_put(in6_dev);
1235                         return;
1236                 }
1237
1238                 neigh = rt->rt6i_nexthop;
1239                 if (neigh == NULL) {
1240                         ND_PRINTK0(KERN_ERR
1241                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1242                                    __func__);
1243                         dst_release(&rt->dst);
1244                         in6_dev_put(in6_dev);
1245                         return;
1246                 }
1247                 neigh->flags |= NTF_ROUTER;
1248         } else if (rt) {
1249                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1250         }
1251
1252         if (rt)
1253                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1254
1255         if (ra_msg->icmph.icmp6_hop_limit) {
1256                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1257                 if (rt)
1258                         rt->dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1259         }
1260
1261 skip_defrtr:
1262
1263         /*
1264          *      Update Reachable Time and Retrans Timer
1265          */
1266
1267         if (in6_dev->nd_parms) {
1268                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1269
1270                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1271                         rtime = (rtime*HZ)/1000;
1272                         if (rtime < HZ/10)
1273                                 rtime = HZ/10;
1274                         in6_dev->nd_parms->retrans_time = rtime;
1275                         in6_dev->tstamp = jiffies;
1276                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1277                 }
1278
1279                 rtime = ntohl(ra_msg->reachable_time);
1280                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1281                         rtime = (rtime*HZ)/1000;
1282
1283                         if (rtime < HZ/10)
1284                                 rtime = HZ/10;
1285
1286                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1287                                 in6_dev->nd_parms->base_reachable_time = rtime;
1288                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1289                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1290                                 in6_dev->tstamp = jiffies;
1291                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1292                         }
1293                 }
1294         }
1295
1296 skip_linkparms:
1297
1298         /*
1299          *      Process options.
1300          */
1301
1302         if (!neigh)
1303                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1304                                        skb->dev, 1);
1305         if (neigh) {
1306                 u8 *lladdr = NULL;
1307                 if (ndopts.nd_opts_src_lladdr) {
1308                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1309                                                      skb->dev);
1310                         if (!lladdr) {
1311                                 ND_PRINTK2(KERN_WARNING
1312                                            "ICMPv6 RA: invalid link-layer address length\n");
1313                                 goto out;
1314                         }
1315                 }
1316                 neigh_update(neigh, lladdr, NUD_STALE,
1317                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1318                              NEIGH_UPDATE_F_OVERRIDE|
1319                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1320                              NEIGH_UPDATE_F_ISROUTER);
1321         }
1322
1323         if (!accept_ra(in6_dev))
1324                 goto out;
1325
1326 #ifdef CONFIG_IPV6_ROUTE_INFO
1327         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1328                 struct nd_opt_hdr *p;
1329                 for (p = ndopts.nd_opts_ri;
1330                      p;
1331                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1332                         struct route_info *ri = (struct route_info *)p;
1333 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1334                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1335                             ri->prefix_len == 0)
1336                                 continue;
1337 #endif
1338                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1339                                 continue;
1340                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1341                                       &ipv6_hdr(skb)->saddr);
1342                 }
1343         }
1344 #endif
1345
1346 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1347         /* skip link-specific ndopts from interior routers */
1348         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1349                 goto out;
1350 #endif
1351
1352         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1353                 struct nd_opt_hdr *p;
1354                 for (p = ndopts.nd_opts_pi;
1355                      p;
1356                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1357                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1358                 }
1359         }
1360
1361         if (ndopts.nd_opts_mtu) {
1362                 __be32 n;
1363                 u32 mtu;
1364
1365                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1366                 mtu = ntohl(n);
1367
1368                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1369                         ND_PRINTK2(KERN_WARNING
1370                                    "ICMPv6 RA: invalid mtu: %d\n",
1371                                    mtu);
1372                 } else if (in6_dev->cnf.mtu6 != mtu) {
1373                         in6_dev->cnf.mtu6 = mtu;
1374
1375                         if (rt)
1376                                 rt->dst.metrics[RTAX_MTU-1] = mtu;
1377
1378                         rt6_mtu_change(skb->dev, mtu);
1379                 }
1380         }
1381
1382         if (ndopts.nd_useropts) {
1383                 struct nd_opt_hdr *p;
1384                 for (p = ndopts.nd_useropts;
1385                      p;
1386                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1387                         ndisc_ra_useropt(skb, p);
1388                 }
1389         }
1390
1391         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1392                 ND_PRINTK2(KERN_WARNING
1393                            "ICMPv6 RA: invalid RA options");
1394         }
1395 out:
1396         if (rt)
1397                 dst_release(&rt->dst);
1398         else if (neigh)
1399                 neigh_release(neigh);
1400         in6_dev_put(in6_dev);
1401 }
1402
1403 static void ndisc_redirect_rcv(struct sk_buff *skb)
1404 {
1405         struct inet6_dev *in6_dev;
1406         struct icmp6hdr *icmph;
1407         struct in6_addr *dest;
1408         struct in6_addr *target;        /* new first hop to destination */
1409         struct neighbour *neigh;
1410         int on_link = 0;
1411         struct ndisc_options ndopts;
1412         int optlen;
1413         u8 *lladdr = NULL;
1414
1415 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1416         switch (skb->ndisc_nodetype) {
1417         case NDISC_NODETYPE_HOST:
1418         case NDISC_NODETYPE_NODEFAULT:
1419                 ND_PRINTK2(KERN_WARNING
1420                            "ICMPv6 Redirect: from host or unauthorized router\n");
1421                 return;
1422         }
1423 #endif
1424
1425         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1426                 ND_PRINTK2(KERN_WARNING
1427                            "ICMPv6 Redirect: source address is not link-local.\n");
1428                 return;
1429         }
1430
1431         optlen = skb->tail - skb->transport_header;
1432         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1433
1434         if (optlen < 0) {
1435                 ND_PRINTK2(KERN_WARNING
1436                            "ICMPv6 Redirect: packet too short\n");
1437                 return;
1438         }
1439
1440         icmph = icmp6_hdr(skb);
1441         target = (struct in6_addr *) (icmph + 1);
1442         dest = target + 1;
1443
1444         if (ipv6_addr_is_multicast(dest)) {
1445                 ND_PRINTK2(KERN_WARNING
1446                            "ICMPv6 Redirect: destination address is multicast.\n");
1447                 return;
1448         }
1449
1450         if (ipv6_addr_equal(dest, target)) {
1451                 on_link = 1;
1452         } else if (ipv6_addr_type(target) !=
1453                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1454                 ND_PRINTK2(KERN_WARNING
1455                            "ICMPv6 Redirect: target address is not link-local unicast.\n");
1456                 return;
1457         }
1458
1459         in6_dev = in6_dev_get(skb->dev);
1460         if (!in6_dev)
1461                 return;
1462         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1463                 in6_dev_put(in6_dev);
1464                 return;
1465         }
1466
1467         /* RFC2461 8.1:
1468          *      The IP source address of the Redirect MUST be the same as the current
1469          *      first-hop router for the specified ICMP Destination Address.
1470          */
1471
1472         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1473                 ND_PRINTK2(KERN_WARNING
1474                            "ICMPv6 Redirect: invalid ND options\n");
1475                 in6_dev_put(in6_dev);
1476                 return;
1477         }
1478         if (ndopts.nd_opts_tgt_lladdr) {
1479                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1480                                              skb->dev);
1481                 if (!lladdr) {
1482                         ND_PRINTK2(KERN_WARNING
1483                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1484                         in6_dev_put(in6_dev);
1485                         return;
1486                 }
1487         }
1488
1489         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1490         if (neigh) {
1491                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1492                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1493                              on_link);
1494                 neigh_release(neigh);
1495         }
1496         in6_dev_put(in6_dev);
1497 }
1498
1499 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1500                          const struct in6_addr *target)
1501 {
1502         struct net_device *dev = skb->dev;
1503         struct net *net = dev_net(dev);
1504         struct sock *sk = net->ipv6.ndisc_sk;
1505         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1506         struct sk_buff *buff;
1507         struct icmp6hdr *icmph;
1508         struct in6_addr saddr_buf;
1509         struct in6_addr *addrp;
1510         struct rt6_info *rt;
1511         struct dst_entry *dst;
1512         struct inet6_dev *idev;
1513         struct flowi fl;
1514         u8 *opt;
1515         int rd_len;
1516         int err;
1517         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1518
1519         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1520                 ND_PRINTK2(KERN_WARNING
1521                            "ICMPv6 Redirect: no link-local address on %s\n",
1522                            dev->name);
1523                 return;
1524         }
1525
1526         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1527             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1528                 ND_PRINTK2(KERN_WARNING
1529                         "ICMPv6 Redirect: target address is not link-local unicast.\n");
1530                 return;
1531         }
1532
1533         icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1534                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1535
1536         dst = ip6_route_output(net, NULL, &fl);
1537         if (dst == NULL)
1538                 return;
1539
1540         err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1541         if (err)
1542                 return;
1543
1544         rt = (struct rt6_info *) dst;
1545
1546         if (rt->rt6i_flags & RTF_GATEWAY) {
1547                 ND_PRINTK2(KERN_WARNING
1548                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1549                 goto release;
1550         }
1551         if (!xrlim_allow(dst, 1*HZ))
1552                 goto release;
1553
1554         if (dev->addr_len) {
1555                 read_lock_bh(&neigh->lock);
1556                 if (neigh->nud_state & NUD_VALID) {
1557                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1558                         read_unlock_bh(&neigh->lock);
1559                         ha = ha_buf;
1560                         len += ndisc_opt_addr_space(dev);
1561                 } else
1562                         read_unlock_bh(&neigh->lock);
1563         }
1564
1565         rd_len = min_t(unsigned int,
1566                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1567         rd_len &= ~0x7;
1568         len += rd_len;
1569
1570         buff = sock_alloc_send_skb(sk,
1571                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1572                                     len + LL_ALLOCATED_SPACE(dev)),
1573                                    1, &err);
1574         if (buff == NULL) {
1575                 ND_PRINTK0(KERN_ERR
1576                            "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1577                            __func__, err);
1578                 goto release;
1579         }
1580
1581         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1582         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1583                    IPPROTO_ICMPV6, len);
1584
1585         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1586         skb_put(buff, len);
1587         icmph = icmp6_hdr(buff);
1588
1589         memset(icmph, 0, sizeof(struct icmp6hdr));
1590         icmph->icmp6_type = NDISC_REDIRECT;
1591
1592         /*
1593          *      copy target and destination addresses
1594          */
1595
1596         addrp = (struct in6_addr *)(icmph + 1);
1597         ipv6_addr_copy(addrp, target);
1598         addrp++;
1599         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1600
1601         opt = (u8*) (addrp + 1);
1602
1603         /*
1604          *      include target_address option
1605          */
1606
1607         if (ha)
1608                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1609                                              dev->addr_len, dev->type);
1610
1611         /*
1612          *      build redirect option and copy skb over to the new packet.
1613          */
1614
1615         memset(opt, 0, 8);
1616         *(opt++) = ND_OPT_REDIRECT_HDR;
1617         *(opt++) = (rd_len >> 3);
1618         opt += 6;
1619
1620         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1621
1622         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1623                                              len, IPPROTO_ICMPV6,
1624                                              csum_partial(icmph, len, 0));
1625
1626         skb_dst_set(buff, dst);
1627         idev = in6_dev_get(dst->dev);
1628         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1629         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1630                       dst_output);
1631         if (!err) {
1632                 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1633                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1634         }
1635
1636         if (likely(idev != NULL))
1637                 in6_dev_put(idev);
1638         return;
1639
1640 release:
1641         dst_release(dst);
1642 }
1643
1644 static void pndisc_redo(struct sk_buff *skb)
1645 {
1646         ndisc_recv_ns(skb);
1647         kfree_skb(skb);
1648 }
1649
1650 int ndisc_rcv(struct sk_buff *skb)
1651 {
1652         struct nd_msg *msg;
1653
1654         if (!pskb_may_pull(skb, skb->len))
1655                 return 0;
1656
1657         msg = (struct nd_msg *)skb_transport_header(skb);
1658
1659         __skb_push(skb, skb->data - skb_transport_header(skb));
1660
1661         if (ipv6_hdr(skb)->hop_limit != 255) {
1662                 ND_PRINTK2(KERN_WARNING
1663                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1664                            ipv6_hdr(skb)->hop_limit);
1665                 return 0;
1666         }
1667
1668         if (msg->icmph.icmp6_code != 0) {
1669                 ND_PRINTK2(KERN_WARNING
1670                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1671                            msg->icmph.icmp6_code);
1672                 return 0;
1673         }
1674
1675         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1676
1677         switch (msg->icmph.icmp6_type) {
1678         case NDISC_NEIGHBOUR_SOLICITATION:
1679                 ndisc_recv_ns(skb);
1680                 break;
1681
1682         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1683                 ndisc_recv_na(skb);
1684                 break;
1685
1686         case NDISC_ROUTER_SOLICITATION:
1687                 ndisc_recv_rs(skb);
1688                 break;
1689
1690         case NDISC_ROUTER_ADVERTISEMENT:
1691                 ndisc_router_discovery(skb);
1692                 break;
1693
1694         case NDISC_REDIRECT:
1695                 ndisc_redirect_rcv(skb);
1696                 break;
1697         }
1698
1699         return 0;
1700 }
1701
1702 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1703 {
1704         struct net_device *dev = ptr;
1705         struct net *net = dev_net(dev);
1706
1707         switch (event) {
1708         case NETDEV_CHANGEADDR:
1709                 neigh_changeaddr(&nd_tbl, dev);
1710                 fib6_run_gc(~0UL, net);
1711                 break;
1712         case NETDEV_DOWN:
1713                 neigh_ifdown(&nd_tbl, dev);
1714                 fib6_run_gc(~0UL, net);
1715                 break;
1716         default:
1717                 break;
1718         }
1719
1720         return NOTIFY_DONE;
1721 }
1722
1723 static struct notifier_block ndisc_netdev_notifier = {
1724         .notifier_call = ndisc_netdev_event,
1725 };
1726
1727 #ifdef CONFIG_SYSCTL
1728 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1729                                          const char *func, const char *dev_name)
1730 {
1731         static char warncomm[TASK_COMM_LEN];
1732         static int warned;
1733         if (strcmp(warncomm, current->comm) && warned < 5) {
1734                 strcpy(warncomm, current->comm);
1735                 printk(KERN_WARNING
1736                         "process `%s' is using deprecated sysctl (%s) "
1737                         "net.ipv6.neigh.%s.%s; "
1738                         "Use net.ipv6.neigh.%s.%s_ms "
1739                         "instead.\n",
1740                         warncomm, func,
1741                         dev_name, ctl->procname,
1742                         dev_name, ctl->procname);
1743                 warned++;
1744         }
1745 }
1746
1747 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1748 {
1749         struct net_device *dev = ctl->extra1;
1750         struct inet6_dev *idev;
1751         int ret;
1752
1753         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1754             (strcmp(ctl->procname, "base_reachable_time") == 0))
1755                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1756
1757         if (strcmp(ctl->procname, "retrans_time") == 0)
1758                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1759
1760         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1761                 ret = proc_dointvec_jiffies(ctl, write,
1762                                             buffer, lenp, ppos);
1763
1764         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1765                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1766                 ret = proc_dointvec_ms_jiffies(ctl, write,
1767                                                buffer, lenp, ppos);
1768         else
1769                 ret = -1;
1770
1771         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1772                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1773                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1774                 idev->tstamp = jiffies;
1775                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1776                 in6_dev_put(idev);
1777         }
1778         return ret;
1779 }
1780
1781
1782 #endif
1783
1784 static int __net_init ndisc_net_init(struct net *net)
1785 {
1786         struct ipv6_pinfo *np;
1787         struct sock *sk;
1788         int err;
1789
1790         err = inet_ctl_sock_create(&sk, PF_INET6,
1791                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1792         if (err < 0) {
1793                 ND_PRINTK0(KERN_ERR
1794                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1795                            err);
1796                 return err;
1797         }
1798
1799         net->ipv6.ndisc_sk = sk;
1800
1801         np = inet6_sk(sk);
1802         np->hop_limit = 255;
1803         /* Do not loopback ndisc messages */
1804         np->mc_loop = 0;
1805
1806         return 0;
1807 }
1808
1809 static void __net_exit ndisc_net_exit(struct net *net)
1810 {
1811         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1812 }
1813
1814 static struct pernet_operations ndisc_net_ops = {
1815         .init = ndisc_net_init,
1816         .exit = ndisc_net_exit,
1817 };
1818
1819 int __init ndisc_init(void)
1820 {
1821         int err;
1822
1823         err = register_pernet_subsys(&ndisc_net_ops);
1824         if (err)
1825                 return err;
1826         /*
1827          * Initialize the neighbour table
1828          */
1829         neigh_table_init(&nd_tbl);
1830
1831 #ifdef CONFIG_SYSCTL
1832         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1833                                     &ndisc_ifinfo_sysctl_change);
1834         if (err)
1835                 goto out_unregister_pernet;
1836 #endif
1837         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1838         if (err)
1839                 goto out_unregister_sysctl;
1840 out:
1841         return err;
1842
1843 out_unregister_sysctl:
1844 #ifdef CONFIG_SYSCTL
1845         neigh_sysctl_unregister(&nd_tbl.parms);
1846 out_unregister_pernet:
1847 #endif
1848         unregister_pernet_subsys(&ndisc_net_ops);
1849         goto out;
1850 }
1851
1852 void ndisc_cleanup(void)
1853 {
1854         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1855 #ifdef CONFIG_SYSCTL
1856         neigh_sysctl_unregister(&nd_tbl.parms);
1857 #endif
1858         neigh_table_clear(&nd_tbl);
1859         unregister_pernet_subsys(&ndisc_net_ops);
1860 }