cw1200: When debug is enabled, display all wakeup conditions for the wait_event_inter...
[firefly-linux-kernel-4.4.55.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
19  *      Pierre Ynard                    :       export userland ND options
20  *                                              through netlink (RDNSS support)
21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
22  *                                              of an RA.
23  *      Janos Farkas                    :       kmalloc failure checks
24  *      Alexey Kuznetsov                :       state machine reworked
25  *                                              and moved to net/core.
26  *      Pekka Savola                    :       RFC2461 validation
27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
28  */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...)                         \
79 do {                                                            \
80         if (val <= ND_DEBUG)                                    \
81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85                       const struct net_device *dev,
86                       __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95         .family =               AF_INET6,
96         .solicit =              ndisc_solicit,
97         .error_report =         ndisc_error_report,
98         .output =               neigh_resolve_output,
99         .connected_output =     neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112         .family =               AF_INET6,
113         .output =               neigh_direct_output,
114         .connected_output =     neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118         .family =       AF_INET6,
119         .key_len =      sizeof(struct in6_addr),
120         .hash =         ndisc_hash,
121         .constructor =  ndisc_constructor,
122         .pconstructor = pndisc_constructor,
123         .pdestructor =  pndisc_destructor,
124         .proxy_redo =   pndisc_redo,
125         .id =           "ndisc_cache",
126         .parms = {
127                 .tbl                    = &nd_tbl,
128                 .base_reachable_time    = ND_REACHABLE_TIME,
129                 .retrans_time           = ND_RETRANS_TIMER,
130                 .gc_staletime           = 60 * HZ,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .delay_probe_time       = 5 * HZ,
133                 .queue_len_bytes        = 64*1024,
134                 .ucast_probes           = 3,
135                 .mcast_probes           = 3,
136                 .anycast_delay          = 1 * HZ,
137                 .proxy_delay            = (8 * HZ) / 10,
138                 .proxy_qlen             = 64,
139         },
140         .gc_interval =    30 * HZ,
141         .gc_thresh1 =    128,
142         .gc_thresh2 =    512,
143         .gc_thresh3 =   1024,
144 };
145
146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147 {
148         int pad   = ndisc_addr_option_pad(skb->dev->type);
149         int data_len = skb->dev->addr_len;
150         int space = ndisc_opt_addr_space(skb->dev);
151         u8 *opt = skb_put(skb, space);
152
153         opt[0] = type;
154         opt[1] = space>>3;
155
156         memset(opt + 2, 0, pad);
157         opt   += pad;
158         space -= pad;
159
160         memcpy(opt+2, data, data_len);
161         data_len += 2;
162         opt += data_len;
163         if ((space -= data_len) > 0)
164                 memset(opt, 0, space);
165 }
166
167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168                                             struct nd_opt_hdr *end)
169 {
170         int type;
171         if (!cur || !end || cur >= end)
172                 return NULL;
173         type = cur->nd_opt_type;
174         do {
175                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
176         } while(cur < end && cur->nd_opt_type != type);
177         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178 }
179
180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181 {
182         return opt->nd_opt_type == ND_OPT_RDNSS ||
183                 opt->nd_opt_type == ND_OPT_DNSSL;
184 }
185
186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187                                              struct nd_opt_hdr *end)
188 {
189         if (!cur || !end || cur >= end)
190                 return NULL;
191         do {
192                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193         } while(cur < end && !ndisc_is_useropt(cur));
194         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195 }
196
197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198                                           struct ndisc_options *ndopts)
199 {
200         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201
202         if (!nd_opt || opt_len < 0 || !ndopts)
203                 return NULL;
204         memset(ndopts, 0, sizeof(*ndopts));
205         while (opt_len) {
206                 int l;
207                 if (opt_len < sizeof(struct nd_opt_hdr))
208                         return NULL;
209                 l = nd_opt->nd_opt_len << 3;
210                 if (opt_len < l || l == 0)
211                         return NULL;
212                 switch (nd_opt->nd_opt_type) {
213                 case ND_OPT_SOURCE_LL_ADDR:
214                 case ND_OPT_TARGET_LL_ADDR:
215                 case ND_OPT_MTU:
216                 case ND_OPT_REDIRECT_HDR:
217                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218                                 ND_PRINTK(2, warn,
219                                           "%s: duplicated ND6 option found: type=%d\n",
220                                           __func__, nd_opt->nd_opt_type);
221                         } else {
222                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223                         }
224                         break;
225                 case ND_OPT_PREFIX_INFO:
226                         ndopts->nd_opts_pi_end = nd_opt;
227                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229                         break;
230 #ifdef CONFIG_IPV6_ROUTE_INFO
231                 case ND_OPT_ROUTE_INFO:
232                         ndopts->nd_opts_ri_end = nd_opt;
233                         if (!ndopts->nd_opts_ri)
234                                 ndopts->nd_opts_ri = nd_opt;
235                         break;
236 #endif
237                 default:
238                         if (ndisc_is_useropt(nd_opt)) {
239                                 ndopts->nd_useropts_end = nd_opt;
240                                 if (!ndopts->nd_useropts)
241                                         ndopts->nd_useropts = nd_opt;
242                         } else {
243                                 /*
244                                  * Unknown options must be silently ignored,
245                                  * to accommodate future extension to the
246                                  * protocol.
247                                  */
248                                 ND_PRINTK(2, notice,
249                                           "%s: ignored unsupported option; type=%d, len=%d\n",
250                                           __func__,
251                                           nd_opt->nd_opt_type,
252                                           nd_opt->nd_opt_len);
253                         }
254                 }
255                 opt_len -= l;
256                 nd_opt = ((void *)nd_opt) + l;
257         }
258         return ndopts;
259 }
260
261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262 {
263         switch (dev->type) {
264         case ARPHRD_ETHER:
265         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
266         case ARPHRD_FDDI:
267                 ipv6_eth_mc_map(addr, buf);
268                 return 0;
269         case ARPHRD_ARCNET:
270                 ipv6_arcnet_mc_map(addr, buf);
271                 return 0;
272         case ARPHRD_INFINIBAND:
273                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
274                 return 0;
275         case ARPHRD_IPGRE:
276                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277         default:
278                 if (dir) {
279                         memcpy(buf, dev->broadcast, dev->addr_len);
280                         return 0;
281                 }
282         }
283         return -EINVAL;
284 }
285
286 EXPORT_SYMBOL(ndisc_mc_map);
287
288 static u32 ndisc_hash(const void *pkey,
289                       const struct net_device *dev,
290                       __u32 *hash_rnd)
291 {
292         return ndisc_hashfn(pkey, dev, hash_rnd);
293 }
294
295 static int ndisc_constructor(struct neighbour *neigh)
296 {
297         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298         struct net_device *dev = neigh->dev;
299         struct inet6_dev *in6_dev;
300         struct neigh_parms *parms;
301         bool is_multicast = ipv6_addr_is_multicast(addr);
302
303         in6_dev = in6_dev_get(dev);
304         if (in6_dev == NULL) {
305                 return -EINVAL;
306         }
307
308         parms = in6_dev->nd_parms;
309         __neigh_parms_put(neigh->parms);
310         neigh->parms = neigh_parms_clone(parms);
311
312         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313         if (!dev->header_ops) {
314                 neigh->nud_state = NUD_NOARP;
315                 neigh->ops = &ndisc_direct_ops;
316                 neigh->output = neigh_direct_output;
317         } else {
318                 if (is_multicast) {
319                         neigh->nud_state = NUD_NOARP;
320                         ndisc_mc_map(addr, neigh->ha, dev, 1);
321                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322                         neigh->nud_state = NUD_NOARP;
323                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324                         if (dev->flags&IFF_LOOPBACK)
325                                 neigh->type = RTN_LOCAL;
326                 } else if (dev->flags&IFF_POINTOPOINT) {
327                         neigh->nud_state = NUD_NOARP;
328                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329                 }
330                 if (dev->header_ops->cache)
331                         neigh->ops = &ndisc_hh_ops;
332                 else
333                         neigh->ops = &ndisc_generic_ops;
334                 if (neigh->nud_state&NUD_VALID)
335                         neigh->output = neigh->ops->connected_output;
336                 else
337                         neigh->output = neigh->ops->output;
338         }
339         in6_dev_put(in6_dev);
340         return 0;
341 }
342
343 static int pndisc_constructor(struct pneigh_entry *n)
344 {
345         struct in6_addr *addr = (struct in6_addr*)&n->key;
346         struct in6_addr maddr;
347         struct net_device *dev = n->dev;
348
349         if (dev == NULL || __in6_dev_get(dev) == NULL)
350                 return -EINVAL;
351         addrconf_addr_solict_mult(addr, &maddr);
352         ipv6_dev_mc_inc(dev, &maddr);
353         return 0;
354 }
355
356 static void pndisc_destructor(struct pneigh_entry *n)
357 {
358         struct in6_addr *addr = (struct in6_addr*)&n->key;
359         struct in6_addr maddr;
360         struct net_device *dev = n->dev;
361
362         if (dev == NULL || __in6_dev_get(dev) == NULL)
363                 return;
364         addrconf_addr_solict_mult(addr, &maddr);
365         ipv6_dev_mc_dec(dev, &maddr);
366 }
367
368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369                                        int len)
370 {
371         int hlen = LL_RESERVED_SPACE(dev);
372         int tlen = dev->needed_tailroom;
373         struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374         struct sk_buff *skb;
375         int err;
376
377         skb = sock_alloc_send_skb(sk,
378                                   hlen + sizeof(struct ipv6hdr) + len + tlen,
379                                   1, &err);
380         if (!skb) {
381                 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
382                           __func__, err);
383                 return NULL;
384         }
385
386         skb->protocol = htons(ETH_P_IPV6);
387         skb->dev = dev;
388
389         skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
390         skb_reset_transport_header(skb);
391
392         return skb;
393 }
394
395 static void ip6_nd_hdr(struct sk_buff *skb,
396                        const struct in6_addr *saddr,
397                        const struct in6_addr *daddr,
398                        int hop_limit, int len)
399 {
400         struct ipv6hdr *hdr;
401
402         skb_push(skb, sizeof(*hdr));
403         skb_reset_network_header(skb);
404         hdr = ipv6_hdr(skb);
405
406         ip6_flow_hdr(hdr, 0, 0);
407
408         hdr->payload_len = htons(len);
409         hdr->nexthdr = IPPROTO_ICMPV6;
410         hdr->hop_limit = hop_limit;
411
412         hdr->saddr = *saddr;
413         hdr->daddr = *daddr;
414 }
415
416 static void ndisc_send_skb(struct sk_buff *skb,
417                            const struct in6_addr *daddr,
418                            const struct in6_addr *saddr)
419 {
420         struct dst_entry *dst = skb_dst(skb);
421         struct net *net = dev_net(skb->dev);
422         struct sock *sk = net->ipv6.ndisc_sk;
423         struct inet6_dev *idev;
424         int err;
425         struct icmp6hdr *icmp6h = icmp6_hdr(skb);
426         u8 type;
427
428         type = icmp6h->icmp6_type;
429
430         if (!dst) {
431                 struct sock *sk = net->ipv6.ndisc_sk;
432                 struct flowi6 fl6;
433
434                 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
435                 dst = icmp6_dst_alloc(skb->dev, &fl6);
436                 if (IS_ERR(dst)) {
437                         kfree_skb(skb);
438                         return;
439                 }
440
441                 skb_dst_set(skb, dst);
442         }
443
444         icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
445                                               IPPROTO_ICMPV6,
446                                               csum_partial(icmp6h,
447                                                            skb->len, 0));
448
449         ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
450
451         rcu_read_lock();
452         idev = __in6_dev_get(dst->dev);
453         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
454
455         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
456                       dst_output);
457         if (!err) {
458                 ICMP6MSGOUT_INC_STATS(net, idev, type);
459                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
460         }
461
462         rcu_read_unlock();
463 }
464
465 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
466                           const struct in6_addr *daddr,
467                           const struct in6_addr *solicited_addr,
468                           bool router, bool solicited, bool override, bool inc_opt)
469 {
470         struct sk_buff *skb;
471         struct in6_addr tmpaddr;
472         struct inet6_ifaddr *ifp;
473         const struct in6_addr *src_addr;
474         struct nd_msg *msg;
475         int optlen = 0;
476
477         /* for anycast or proxy, solicited_addr != src_addr */
478         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
479         if (ifp) {
480                 src_addr = solicited_addr;
481                 if (ifp->flags & IFA_F_OPTIMISTIC)
482                         override = 0;
483                 inc_opt |= ifp->idev->cnf.force_tllao;
484                 in6_ifa_put(ifp);
485         } else {
486                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
487                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
488                                        &tmpaddr))
489                         return;
490                 src_addr = &tmpaddr;
491         }
492
493         if (!dev->addr_len)
494                 inc_opt = 0;
495         if (inc_opt)
496                 optlen += ndisc_opt_addr_space(dev);
497
498         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
499         if (!skb)
500                 return;
501
502         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
503         *msg = (struct nd_msg) {
504                 .icmph = {
505                         .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
506                         .icmp6_router = router,
507                         .icmp6_solicited = solicited,
508                         .icmp6_override = override,
509                 },
510                 .target = *solicited_addr,
511         };
512
513         if (inc_opt)
514                 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
515                                        dev->dev_addr);
516
517
518         ndisc_send_skb(skb, daddr, src_addr);
519 }
520
521 static void ndisc_send_unsol_na(struct net_device *dev)
522 {
523         struct inet6_dev *idev;
524         struct inet6_ifaddr *ifa;
525
526         idev = in6_dev_get(dev);
527         if (!idev)
528                 return;
529
530         read_lock_bh(&idev->lock);
531         list_for_each_entry(ifa, &idev->addr_list, if_list) {
532                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
533                               /*router=*/ !!idev->cnf.forwarding,
534                               /*solicited=*/ false, /*override=*/ true,
535                               /*inc_opt=*/ true);
536         }
537         read_unlock_bh(&idev->lock);
538
539         in6_dev_put(idev);
540 }
541
542 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
543                    const struct in6_addr *solicit,
544                    const struct in6_addr *daddr, const struct in6_addr *saddr)
545 {
546         struct sk_buff *skb;
547         struct in6_addr addr_buf;
548         int inc_opt = dev->addr_len;
549         int optlen = 0;
550         struct nd_msg *msg;
551
552         if (saddr == NULL) {
553                 if (ipv6_get_lladdr(dev, &addr_buf,
554                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
555                         return;
556                 saddr = &addr_buf;
557         }
558
559         if (ipv6_addr_any(saddr))
560                 inc_opt = 0;
561         if (inc_opt)
562                 optlen += ndisc_opt_addr_space(dev);
563
564         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
565         if (!skb)
566                 return;
567
568         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
569         *msg = (struct nd_msg) {
570                 .icmph = {
571                         .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
572                 },
573                 .target = *solicit,
574         };
575
576         if (inc_opt)
577                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
578                                        dev->dev_addr);
579
580         ndisc_send_skb(skb, daddr, saddr);
581 }
582
583 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
584                    const struct in6_addr *daddr)
585 {
586         struct sk_buff *skb;
587         struct rs_msg *msg;
588         int send_sllao = dev->addr_len;
589         int optlen = 0;
590
591 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
592         /*
593          * According to section 2.2 of RFC 4429, we must not
594          * send router solicitations with a sllao from
595          * optimistic addresses, but we may send the solicitation
596          * if we don't include the sllao.  So here we check
597          * if our address is optimistic, and if so, we
598          * suppress the inclusion of the sllao.
599          */
600         if (send_sllao) {
601                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
602                                                            dev, 1);
603                 if (ifp) {
604                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
605                                 send_sllao = 0;
606                         }
607                         in6_ifa_put(ifp);
608                 } else {
609                         send_sllao = 0;
610                 }
611         }
612 #endif
613         if (send_sllao)
614                 optlen += ndisc_opt_addr_space(dev);
615
616         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
617         if (!skb)
618                 return;
619
620         msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
621         *msg = (struct rs_msg) {
622                 .icmph = {
623                         .icmp6_type = NDISC_ROUTER_SOLICITATION,
624                 },
625         };
626
627         if (send_sllao)
628                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
629                                        dev->dev_addr);
630
631         ndisc_send_skb(skb, daddr, saddr);
632 }
633
634
635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636 {
637         /*
638          *      "The sender MUST return an ICMP
639          *       destination unreachable"
640          */
641         dst_link_failure(skb);
642         kfree_skb(skb);
643 }
644
645 /* Called with locked neigh: either read or both */
646
647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648 {
649         struct in6_addr *saddr = NULL;
650         struct in6_addr mcaddr;
651         struct net_device *dev = neigh->dev;
652         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653         int probes = atomic_read(&neigh->probes);
654
655         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
656                 saddr = &ipv6_hdr(skb)->saddr;
657
658         if ((probes -= neigh->parms->ucast_probes) < 0) {
659                 if (!(neigh->nud_state & NUD_VALID)) {
660                         ND_PRINTK(1, dbg,
661                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
662                                   __func__, target);
663                 }
664                 ndisc_send_ns(dev, neigh, target, target, saddr);
665         } else if ((probes -= neigh->parms->app_probes) < 0) {
666 #ifdef CONFIG_ARPD
667                 neigh_app_ns(neigh);
668 #endif
669         } else {
670                 addrconf_addr_solict_mult(target, &mcaddr);
671                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
672         }
673 }
674
675 static int pndisc_is_router(const void *pkey,
676                             struct net_device *dev)
677 {
678         struct pneigh_entry *n;
679         int ret = -1;
680
681         read_lock_bh(&nd_tbl.lock);
682         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
683         if (n)
684                 ret = !!(n->flags & NTF_ROUTER);
685         read_unlock_bh(&nd_tbl.lock);
686
687         return ret;
688 }
689
690 static void ndisc_recv_ns(struct sk_buff *skb)
691 {
692         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
693         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
694         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
695         u8 *lladdr = NULL;
696         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
697                                     offsetof(struct nd_msg, opt));
698         struct ndisc_options ndopts;
699         struct net_device *dev = skb->dev;
700         struct inet6_ifaddr *ifp;
701         struct inet6_dev *idev = NULL;
702         struct neighbour *neigh;
703         int dad = ipv6_addr_any(saddr);
704         bool inc;
705         int is_router = -1;
706
707         if (skb->len < sizeof(struct nd_msg)) {
708                 ND_PRINTK(2, warn, "NS: packet too short\n");
709                 return;
710         }
711
712         if (ipv6_addr_is_multicast(&msg->target)) {
713                 ND_PRINTK(2, warn, "NS: multicast target address\n");
714                 return;
715         }
716
717         /*
718          * RFC2461 7.1.1:
719          * DAD has to be destined for solicited node multicast address.
720          */
721         if (dad && !ipv6_addr_is_solict_mult(daddr)) {
722                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
723                 return;
724         }
725
726         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
727                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
728                 return;
729         }
730
731         if (ndopts.nd_opts_src_lladdr) {
732                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
733                 if (!lladdr) {
734                         ND_PRINTK(2, warn,
735                                   "NS: invalid link-layer address length\n");
736                         return;
737                 }
738
739                 /* RFC2461 7.1.1:
740                  *      If the IP source address is the unspecified address,
741                  *      there MUST NOT be source link-layer address option
742                  *      in the message.
743                  */
744                 if (dad) {
745                         ND_PRINTK(2, warn,
746                                   "NS: bad DAD packet (link-layer address option)\n");
747                         return;
748                 }
749         }
750
751         inc = ipv6_addr_is_multicast(daddr);
752
753         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
754         if (ifp) {
755
756                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
757                         if (dad) {
758                                 /*
759                                  * We are colliding with another node
760                                  * who is doing DAD
761                                  * so fail our DAD process
762                                  */
763                                 addrconf_dad_failure(ifp);
764                                 return;
765                         } else {
766                                 /*
767                                  * This is not a dad solicitation.
768                                  * If we are an optimistic node,
769                                  * we should respond.
770                                  * Otherwise, we should ignore it.
771                                  */
772                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
773                                         goto out;
774                         }
775                 }
776
777                 idev = ifp->idev;
778         } else {
779                 struct net *net = dev_net(dev);
780
781                 idev = in6_dev_get(dev);
782                 if (!idev) {
783                         /* XXX: count this drop? */
784                         return;
785                 }
786
787                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
788                     (idev->cnf.forwarding &&
789                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
790                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
791                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
792                             skb->pkt_type != PACKET_HOST &&
793                             inc != 0 &&
794                             idev->nd_parms->proxy_delay != 0) {
795                                 /*
796                                  * for anycast or proxy,
797                                  * sender should delay its response
798                                  * by a random time between 0 and
799                                  * MAX_ANYCAST_DELAY_TIME seconds.
800                                  * (RFC2461) -- yoshfuji
801                                  */
802                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
803                                 if (n)
804                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
805                                 goto out;
806                         }
807                 } else
808                         goto out;
809         }
810
811         if (is_router < 0)
812                 is_router = idev->cnf.forwarding;
813
814         if (dad) {
815                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
816                               !!is_router, false, (ifp != NULL), true);
817                 goto out;
818         }
819
820         if (inc)
821                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
822         else
823                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
824
825         /*
826          *      update / create cache entry
827          *      for the source address
828          */
829         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
830                                !inc || lladdr || !dev->addr_len);
831         if (neigh)
832                 neigh_update(neigh, lladdr, NUD_STALE,
833                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
834                              NEIGH_UPDATE_F_OVERRIDE);
835         if (neigh || !dev->header_ops) {
836                 ndisc_send_na(dev, neigh, saddr, &msg->target,
837                               !!is_router,
838                               true, (ifp != NULL && inc), inc);
839                 if (neigh)
840                         neigh_release(neigh);
841         }
842
843 out:
844         if (ifp)
845                 in6_ifa_put(ifp);
846         else
847                 in6_dev_put(idev);
848 }
849
850 static void ndisc_recv_na(struct sk_buff *skb)
851 {
852         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
853         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
854         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
855         u8 *lladdr = NULL;
856         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
857                                     offsetof(struct nd_msg, opt));
858         struct ndisc_options ndopts;
859         struct net_device *dev = skb->dev;
860         struct inet6_ifaddr *ifp;
861         struct neighbour *neigh;
862
863         if (skb->len < sizeof(struct nd_msg)) {
864                 ND_PRINTK(2, warn, "NA: packet too short\n");
865                 return;
866         }
867
868         if (ipv6_addr_is_multicast(&msg->target)) {
869                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
870                 return;
871         }
872
873         if (ipv6_addr_is_multicast(daddr) &&
874             msg->icmph.icmp6_solicited) {
875                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
876                 return;
877         }
878
879         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
880                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
881                 return;
882         }
883         if (ndopts.nd_opts_tgt_lladdr) {
884                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
885                 if (!lladdr) {
886                         ND_PRINTK(2, warn,
887                                   "NA: invalid link-layer address length\n");
888                         return;
889                 }
890         }
891         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
892         if (ifp) {
893                 if (skb->pkt_type != PACKET_LOOPBACK
894                     && (ifp->flags & IFA_F_TENTATIVE)) {
895                                 addrconf_dad_failure(ifp);
896                                 return;
897                 }
898                 /* What should we make now? The advertisement
899                    is invalid, but ndisc specs say nothing
900                    about it. It could be misconfiguration, or
901                    an smart proxy agent tries to help us :-)
902
903                    We should not print the error if NA has been
904                    received from loopback - it is just our own
905                    unsolicited advertisement.
906                  */
907                 if (skb->pkt_type != PACKET_LOOPBACK)
908                         ND_PRINTK(1, warn,
909                                   "NA: someone advertises our address %pI6 on %s!\n",
910                                   &ifp->addr, ifp->idev->dev->name);
911                 in6_ifa_put(ifp);
912                 return;
913         }
914         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
915
916         if (neigh) {
917                 u8 old_flags = neigh->flags;
918                 struct net *net = dev_net(dev);
919
920                 if (neigh->nud_state & NUD_FAILED)
921                         goto out;
922
923                 /*
924                  * Don't update the neighbor cache entry on a proxy NA from
925                  * ourselves because either the proxied node is off link or it
926                  * has already sent a NA to us.
927                  */
928                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
929                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
930                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
931                         /* XXX: idev->cnf.proxy_ndp */
932                         goto out;
933                 }
934
935                 neigh_update(neigh, lladdr,
936                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
938                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
941
942                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
943                         /*
944                          * Change: router to host
945                          */
946                         struct rt6_info *rt;
947                         rt = rt6_get_dflt_router(saddr, dev);
948                         if (rt)
949                                 ip6_del_rt(rt);
950                 }
951
952 out:
953                 neigh_release(neigh);
954         }
955 }
956
957 static void ndisc_recv_rs(struct sk_buff *skb)
958 {
959         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
960         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
961         struct neighbour *neigh;
962         struct inet6_dev *idev;
963         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
964         struct ndisc_options ndopts;
965         u8 *lladdr = NULL;
966
967         if (skb->len < sizeof(*rs_msg))
968                 return;
969
970         idev = __in6_dev_get(skb->dev);
971         if (!idev) {
972                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
973                 return;
974         }
975
976         /* Don't accept RS if we're not in router mode */
977         if (!idev->cnf.forwarding)
978                 goto out;
979
980         /*
981          * Don't update NCE if src = ::;
982          * this implies that the source node has no ip address assigned yet.
983          */
984         if (ipv6_addr_any(saddr))
985                 goto out;
986
987         /* Parse ND options */
988         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
989                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
990                 goto out;
991         }
992
993         if (ndopts.nd_opts_src_lladdr) {
994                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
995                                              skb->dev);
996                 if (!lladdr)
997                         goto out;
998         }
999
1000         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1001         if (neigh) {
1002                 neigh_update(neigh, lladdr, NUD_STALE,
1003                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1004                              NEIGH_UPDATE_F_OVERRIDE|
1005                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1006                 neigh_release(neigh);
1007         }
1008 out:
1009         return;
1010 }
1011
1012 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1013 {
1014         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1015         struct sk_buff *skb;
1016         struct nlmsghdr *nlh;
1017         struct nduseroptmsg *ndmsg;
1018         struct net *net = dev_net(ra->dev);
1019         int err;
1020         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1021                                     + (opt->nd_opt_len << 3));
1022         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1023
1024         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1025         if (skb == NULL) {
1026                 err = -ENOBUFS;
1027                 goto errout;
1028         }
1029
1030         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1031         if (nlh == NULL) {
1032                 goto nla_put_failure;
1033         }
1034
1035         ndmsg = nlmsg_data(nlh);
1036         ndmsg->nduseropt_family = AF_INET6;
1037         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1038         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1039         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1040         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1041
1042         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1043
1044         if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1045                     &ipv6_hdr(ra)->saddr))
1046                 goto nla_put_failure;
1047         nlmsg_end(skb, nlh);
1048
1049         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1050         return;
1051
1052 nla_put_failure:
1053         nlmsg_free(skb);
1054         err = -EMSGSIZE;
1055 errout:
1056         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1057 }
1058
1059 static void ndisc_router_discovery(struct sk_buff *skb)
1060 {
1061         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1062         struct neighbour *neigh = NULL;
1063         struct inet6_dev *in6_dev;
1064         struct rt6_info *rt = NULL;
1065         int lifetime;
1066         struct ndisc_options ndopts;
1067         int optlen;
1068         unsigned int pref = 0;
1069
1070         __u8 * opt = (__u8 *)(ra_msg + 1);
1071
1072         optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1073                 sizeof(struct ra_msg);
1074
1075         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1076                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1077                 return;
1078         }
1079         if (optlen < 0) {
1080                 ND_PRINTK(2, warn, "RA: packet too short\n");
1081                 return;
1082         }
1083
1084 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1085         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1086                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1087                 return;
1088         }
1089 #endif
1090
1091         /*
1092          *      set the RA_RECV flag in the interface
1093          */
1094
1095         in6_dev = __in6_dev_get(skb->dev);
1096         if (in6_dev == NULL) {
1097                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1098                           skb->dev->name);
1099                 return;
1100         }
1101
1102         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1103                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1104                 return;
1105         }
1106
1107         if (!ipv6_accept_ra(in6_dev))
1108                 goto skip_linkparms;
1109
1110 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1111         /* skip link-specific parameters from interior routers */
1112         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1113                 goto skip_linkparms;
1114 #endif
1115
1116         if (in6_dev->if_flags & IF_RS_SENT) {
1117                 /*
1118                  *      flag that an RA was received after an RS was sent
1119                  *      out on this interface.
1120                  */
1121                 in6_dev->if_flags |= IF_RA_RCVD;
1122         }
1123
1124         /*
1125          * Remember the managed/otherconf flags from most recently
1126          * received RA message (RFC 2462) -- yoshfuji
1127          */
1128         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1129                                 IF_RA_OTHERCONF)) |
1130                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1131                                         IF_RA_MANAGED : 0) |
1132                                 (ra_msg->icmph.icmp6_addrconf_other ?
1133                                         IF_RA_OTHERCONF : 0);
1134
1135         if (!in6_dev->cnf.accept_ra_defrtr)
1136                 goto skip_defrtr;
1137
1138         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1139                 goto skip_defrtr;
1140
1141         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1142
1143 #ifdef CONFIG_IPV6_ROUTER_PREF
1144         pref = ra_msg->icmph.icmp6_router_pref;
1145         /* 10b is handled as if it were 00b (medium) */
1146         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1147             !in6_dev->cnf.accept_ra_rtr_pref)
1148                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1149 #endif
1150
1151         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1152
1153         if (rt) {
1154                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1155                 if (!neigh) {
1156                         ND_PRINTK(0, err,
1157                                   "RA: %s got default router without neighbour\n",
1158                                   __func__);
1159                         ip6_rt_put(rt);
1160                         return;
1161                 }
1162         }
1163         if (rt && lifetime == 0) {
1164                 ip6_del_rt(rt);
1165                 rt = NULL;
1166         }
1167
1168         if (rt == NULL && lifetime) {
1169                 ND_PRINTK(3, dbg, "RA: adding default router\n");
1170
1171                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1172                 if (rt == NULL) {
1173                         ND_PRINTK(0, err,
1174                                   "RA: %s failed to add default route\n",
1175                                   __func__);
1176                         return;
1177                 }
1178
1179                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1180                 if (neigh == NULL) {
1181                         ND_PRINTK(0, err,
1182                                   "RA: %s got default router without neighbour\n",
1183                                   __func__);
1184                         ip6_rt_put(rt);
1185                         return;
1186                 }
1187                 neigh->flags |= NTF_ROUTER;
1188         } else if (rt) {
1189                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1190         }
1191
1192         if (rt)
1193                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1194         if (ra_msg->icmph.icmp6_hop_limit) {
1195                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1196                 if (rt)
1197                         dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1198                                        ra_msg->icmph.icmp6_hop_limit);
1199         }
1200
1201 skip_defrtr:
1202
1203         /*
1204          *      Update Reachable Time and Retrans Timer
1205          */
1206
1207         if (in6_dev->nd_parms) {
1208                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1209
1210                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1211                         rtime = (rtime*HZ)/1000;
1212                         if (rtime < HZ/10)
1213                                 rtime = HZ/10;
1214                         in6_dev->nd_parms->retrans_time = rtime;
1215                         in6_dev->tstamp = jiffies;
1216                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1217                 }
1218
1219                 rtime = ntohl(ra_msg->reachable_time);
1220                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1221                         rtime = (rtime*HZ)/1000;
1222
1223                         if (rtime < HZ/10)
1224                                 rtime = HZ/10;
1225
1226                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1227                                 in6_dev->nd_parms->base_reachable_time = rtime;
1228                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1229                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1230                                 in6_dev->tstamp = jiffies;
1231                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1232                         }
1233                 }
1234         }
1235
1236 skip_linkparms:
1237
1238         /*
1239          *      Process options.
1240          */
1241
1242         if (!neigh)
1243                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1244                                        skb->dev, 1);
1245         if (neigh) {
1246                 u8 *lladdr = NULL;
1247                 if (ndopts.nd_opts_src_lladdr) {
1248                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1249                                                      skb->dev);
1250                         if (!lladdr) {
1251                                 ND_PRINTK(2, warn,
1252                                           "RA: invalid link-layer address length\n");
1253                                 goto out;
1254                         }
1255                 }
1256                 neigh_update(neigh, lladdr, NUD_STALE,
1257                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1258                              NEIGH_UPDATE_F_OVERRIDE|
1259                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1260                              NEIGH_UPDATE_F_ISROUTER);
1261         }
1262
1263         if (!ipv6_accept_ra(in6_dev))
1264                 goto out;
1265
1266 #ifdef CONFIG_IPV6_ROUTE_INFO
1267         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1268                 goto skip_routeinfo;
1269
1270         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1271                 struct nd_opt_hdr *p;
1272                 for (p = ndopts.nd_opts_ri;
1273                      p;
1274                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1275                         struct route_info *ri = (struct route_info *)p;
1276 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1277                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1278                             ri->prefix_len == 0)
1279                                 continue;
1280 #endif
1281                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1282                                 continue;
1283                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1284                                       &ipv6_hdr(skb)->saddr);
1285                 }
1286         }
1287
1288 skip_routeinfo:
1289 #endif
1290
1291 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1292         /* skip link-specific ndopts from interior routers */
1293         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1294                 goto out;
1295 #endif
1296
1297         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1298                 struct nd_opt_hdr *p;
1299                 for (p = ndopts.nd_opts_pi;
1300                      p;
1301                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1302                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1303                                             (p->nd_opt_len) << 3,
1304                                             ndopts.nd_opts_src_lladdr != NULL);
1305                 }
1306         }
1307
1308         if (ndopts.nd_opts_mtu) {
1309                 __be32 n;
1310                 u32 mtu;
1311
1312                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1313                 mtu = ntohl(n);
1314
1315                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1316                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1317                 } else if (in6_dev->cnf.mtu6 != mtu) {
1318                         in6_dev->cnf.mtu6 = mtu;
1319
1320                         if (rt)
1321                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1322
1323                         rt6_mtu_change(skb->dev, mtu);
1324                 }
1325         }
1326
1327         if (ndopts.nd_useropts) {
1328                 struct nd_opt_hdr *p;
1329                 for (p = ndopts.nd_useropts;
1330                      p;
1331                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1332                         ndisc_ra_useropt(skb, p);
1333                 }
1334         }
1335
1336         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1337                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1338         }
1339 out:
1340         ip6_rt_put(rt);
1341         if (neigh)
1342                 neigh_release(neigh);
1343 }
1344
1345 static void ndisc_redirect_rcv(struct sk_buff *skb)
1346 {
1347         u8 *hdr;
1348         struct ndisc_options ndopts;
1349         struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1350         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1351                                     offsetof(struct rd_msg, opt));
1352
1353 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1354         switch (skb->ndisc_nodetype) {
1355         case NDISC_NODETYPE_HOST:
1356         case NDISC_NODETYPE_NODEFAULT:
1357                 ND_PRINTK(2, warn,
1358                           "Redirect: from host or unauthorized router\n");
1359                 return;
1360         }
1361 #endif
1362
1363         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1364                 ND_PRINTK(2, warn,
1365                           "Redirect: source address is not link-local\n");
1366                 return;
1367         }
1368
1369         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1370                 return;
1371
1372         if (!ndopts.nd_opts_rh)
1373                 return;
1374
1375         hdr = (u8 *)ndopts.nd_opts_rh;
1376         hdr += 8;
1377         if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1378                 return;
1379
1380         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1381 }
1382
1383 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1384                                            struct sk_buff *orig_skb,
1385                                            int rd_len)
1386 {
1387         u8 *opt = skb_put(skb, rd_len);
1388
1389         memset(opt, 0, 8);
1390         *(opt++) = ND_OPT_REDIRECT_HDR;
1391         *(opt++) = (rd_len >> 3);
1392         opt += 6;
1393
1394         memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1395 }
1396
1397 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1398 {
1399         struct net_device *dev = skb->dev;
1400         struct net *net = dev_net(dev);
1401         struct sock *sk = net->ipv6.ndisc_sk;
1402         int optlen = 0;
1403         struct inet_peer *peer;
1404         struct sk_buff *buff;
1405         struct rd_msg *msg;
1406         struct in6_addr saddr_buf;
1407         struct rt6_info *rt;
1408         struct dst_entry *dst;
1409         struct flowi6 fl6;
1410         int rd_len;
1411         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1412         bool ret;
1413
1414         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1415                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1416                           dev->name);
1417                 return;
1418         }
1419
1420         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1421             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1422                 ND_PRINTK(2, warn,
1423                           "Redirect: target address is not link-local unicast\n");
1424                 return;
1425         }
1426
1427         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1428                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1429
1430         dst = ip6_route_output(net, NULL, &fl6);
1431         if (dst->error) {
1432                 dst_release(dst);
1433                 return;
1434         }
1435         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1436         if (IS_ERR(dst))
1437                 return;
1438
1439         rt = (struct rt6_info *) dst;
1440
1441         if (rt->rt6i_flags & RTF_GATEWAY) {
1442                 ND_PRINTK(2, warn,
1443                           "Redirect: destination is not a neighbour\n");
1444                 goto release;
1445         }
1446         peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1447         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1448         if (peer)
1449                 inet_putpeer(peer);
1450         if (!ret)
1451                 goto release;
1452
1453         if (dev->addr_len) {
1454                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1455                 if (!neigh) {
1456                         ND_PRINTK(2, warn,
1457                                   "Redirect: no neigh for target address\n");
1458                         goto release;
1459                 }
1460
1461                 read_lock_bh(&neigh->lock);
1462                 if (neigh->nud_state & NUD_VALID) {
1463                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1464                         read_unlock_bh(&neigh->lock);
1465                         ha = ha_buf;
1466                         optlen += ndisc_opt_addr_space(dev);
1467                 } else
1468                         read_unlock_bh(&neigh->lock);
1469
1470                 neigh_release(neigh);
1471         }
1472
1473         rd_len = min_t(unsigned int,
1474                        IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1475                        skb->len + 8);
1476         rd_len &= ~0x7;
1477         optlen += rd_len;
1478
1479         buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1480         if (!buff)
1481                 goto release;
1482
1483         msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1484         *msg = (struct rd_msg) {
1485                 .icmph = {
1486                         .icmp6_type = NDISC_REDIRECT,
1487                 },
1488                 .target = *target,
1489                 .dest = ipv6_hdr(skb)->daddr,
1490         };
1491
1492         /*
1493          *      include target_address option
1494          */
1495
1496         if (ha)
1497                 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1498
1499         /*
1500          *      build redirect option and copy skb over to the new packet.
1501          */
1502
1503         if (rd_len)
1504                 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1505
1506         skb_dst_set(buff, dst);
1507         ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1508         return;
1509
1510 release:
1511         dst_release(dst);
1512 }
1513
1514 static void pndisc_redo(struct sk_buff *skb)
1515 {
1516         ndisc_recv_ns(skb);
1517         kfree_skb(skb);
1518 }
1519
1520 int ndisc_rcv(struct sk_buff *skb)
1521 {
1522         struct nd_msg *msg;
1523
1524         if (skb_linearize(skb))
1525                 return 0;
1526
1527         msg = (struct nd_msg *)skb_transport_header(skb);
1528
1529         __skb_push(skb, skb->data - skb_transport_header(skb));
1530
1531         if (ipv6_hdr(skb)->hop_limit != 255) {
1532                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1533                           ipv6_hdr(skb)->hop_limit);
1534                 return 0;
1535         }
1536
1537         if (msg->icmph.icmp6_code != 0) {
1538                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1539                           msg->icmph.icmp6_code);
1540                 return 0;
1541         }
1542
1543         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1544
1545         switch (msg->icmph.icmp6_type) {
1546         case NDISC_NEIGHBOUR_SOLICITATION:
1547                 ndisc_recv_ns(skb);
1548                 break;
1549
1550         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1551                 ndisc_recv_na(skb);
1552                 break;
1553
1554         case NDISC_ROUTER_SOLICITATION:
1555                 ndisc_recv_rs(skb);
1556                 break;
1557
1558         case NDISC_ROUTER_ADVERTISEMENT:
1559                 ndisc_router_discovery(skb);
1560                 break;
1561
1562         case NDISC_REDIRECT:
1563                 ndisc_redirect_rcv(skb);
1564                 break;
1565         }
1566
1567         return 0;
1568 }
1569
1570 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1571 {
1572         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1573         struct net *net = dev_net(dev);
1574         struct inet6_dev *idev;
1575
1576         switch (event) {
1577         case NETDEV_CHANGEADDR:
1578                 neigh_changeaddr(&nd_tbl, dev);
1579                 fib6_run_gc(~0UL, net);
1580                 idev = in6_dev_get(dev);
1581                 if (!idev)
1582                         break;
1583                 if (idev->cnf.ndisc_notify)
1584                         ndisc_send_unsol_na(dev);
1585                 in6_dev_put(idev);
1586                 break;
1587         case NETDEV_DOWN:
1588                 neigh_ifdown(&nd_tbl, dev);
1589                 fib6_run_gc(~0UL, net);
1590                 break;
1591         case NETDEV_NOTIFY_PEERS:
1592                 ndisc_send_unsol_na(dev);
1593                 break;
1594         default:
1595                 break;
1596         }
1597
1598         return NOTIFY_DONE;
1599 }
1600
1601 static struct notifier_block ndisc_netdev_notifier = {
1602         .notifier_call = ndisc_netdev_event,
1603 };
1604
1605 #ifdef CONFIG_SYSCTL
1606 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1607                                          const char *func, const char *dev_name)
1608 {
1609         static char warncomm[TASK_COMM_LEN];
1610         static int warned;
1611         if (strcmp(warncomm, current->comm) && warned < 5) {
1612                 strcpy(warncomm, current->comm);
1613                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1614                         warncomm, func,
1615                         dev_name, ctl->procname,
1616                         dev_name, ctl->procname);
1617                 warned++;
1618         }
1619 }
1620
1621 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1622 {
1623         struct net_device *dev = ctl->extra1;
1624         struct inet6_dev *idev;
1625         int ret;
1626
1627         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1628             (strcmp(ctl->procname, "base_reachable_time") == 0))
1629                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1630
1631         if (strcmp(ctl->procname, "retrans_time") == 0)
1632                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1633
1634         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1635                 ret = proc_dointvec_jiffies(ctl, write,
1636                                             buffer, lenp, ppos);
1637
1638         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1639                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1640                 ret = proc_dointvec_ms_jiffies(ctl, write,
1641                                                buffer, lenp, ppos);
1642         else
1643                 ret = -1;
1644
1645         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1646                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1647                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1648                 idev->tstamp = jiffies;
1649                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1650                 in6_dev_put(idev);
1651         }
1652         return ret;
1653 }
1654
1655
1656 #endif
1657
1658 static int __net_init ndisc_net_init(struct net *net)
1659 {
1660         struct ipv6_pinfo *np;
1661         struct sock *sk;
1662         int err;
1663
1664         err = inet_ctl_sock_create(&sk, PF_INET6,
1665                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1666         if (err < 0) {
1667                 ND_PRINTK(0, err,
1668                           "NDISC: Failed to initialize the control socket (err %d)\n",
1669                           err);
1670                 return err;
1671         }
1672
1673         net->ipv6.ndisc_sk = sk;
1674
1675         np = inet6_sk(sk);
1676         np->hop_limit = 255;
1677         /* Do not loopback ndisc messages */
1678         np->mc_loop = 0;
1679
1680         return 0;
1681 }
1682
1683 static void __net_exit ndisc_net_exit(struct net *net)
1684 {
1685         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1686 }
1687
1688 static struct pernet_operations ndisc_net_ops = {
1689         .init = ndisc_net_init,
1690         .exit = ndisc_net_exit,
1691 };
1692
1693 int __init ndisc_init(void)
1694 {
1695         int err;
1696
1697         err = register_pernet_subsys(&ndisc_net_ops);
1698         if (err)
1699                 return err;
1700         /*
1701          * Initialize the neighbour table
1702          */
1703         neigh_table_init(&nd_tbl);
1704
1705 #ifdef CONFIG_SYSCTL
1706         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1707                                     &ndisc_ifinfo_sysctl_change);
1708         if (err)
1709                 goto out_unregister_pernet;
1710 #endif
1711         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1712         if (err)
1713                 goto out_unregister_sysctl;
1714 out:
1715         return err;
1716
1717 out_unregister_sysctl:
1718 #ifdef CONFIG_SYSCTL
1719         neigh_sysctl_unregister(&nd_tbl.parms);
1720 out_unregister_pernet:
1721 #endif
1722         unregister_pernet_subsys(&ndisc_net_ops);
1723         goto out;
1724 }
1725
1726 void ndisc_cleanup(void)
1727 {
1728         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1729 #ifdef CONFIG_SYSCTL
1730         neigh_sysctl_unregister(&nd_tbl.parms);
1731 #endif
1732         neigh_table_clear(&nd_tbl);
1733         unregister_pernet_subsys(&ndisc_net_ops);
1734 }