ipv6: Unshare ip6_nd_hdr() and change return type to void.
[firefly-linux-kernel-4.4.55.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
19  *      Pierre Ynard                    :       export userland ND options
20  *                                              through netlink (RDNSS support)
21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
22  *                                              of an RA.
23  *      Janos Farkas                    :       kmalloc failure checks
24  *      Alexey Kuznetsov                :       state machine reworked
25  *                                              and moved to net/core.
26  *      Pekka Savola                    :       RFC2461 validation
27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
28  */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...)                         \
79 do {                                                            \
80         if (val <= ND_DEBUG)                                    \
81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85                       const struct net_device *dev,
86                       __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95         .family =               AF_INET6,
96         .solicit =              ndisc_solicit,
97         .error_report =         ndisc_error_report,
98         .output =               neigh_resolve_output,
99         .connected_output =     neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112         .family =               AF_INET6,
113         .output =               neigh_direct_output,
114         .connected_output =     neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118         .family =       AF_INET6,
119         .key_len =      sizeof(struct in6_addr),
120         .hash =         ndisc_hash,
121         .constructor =  ndisc_constructor,
122         .pconstructor = pndisc_constructor,
123         .pdestructor =  pndisc_destructor,
124         .proxy_redo =   pndisc_redo,
125         .id =           "ndisc_cache",
126         .parms = {
127                 .tbl                    = &nd_tbl,
128                 .base_reachable_time    = ND_REACHABLE_TIME,
129                 .retrans_time           = ND_RETRANS_TIMER,
130                 .gc_staletime           = 60 * HZ,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .delay_probe_time       = 5 * HZ,
133                 .queue_len_bytes        = 64*1024,
134                 .ucast_probes           = 3,
135                 .mcast_probes           = 3,
136                 .anycast_delay          = 1 * HZ,
137                 .proxy_delay            = (8 * HZ) / 10,
138                 .proxy_qlen             = 64,
139         },
140         .gc_interval =    30 * HZ,
141         .gc_thresh1 =    128,
142         .gc_thresh2 =    512,
143         .gc_thresh3 =   1024,
144 };
145
146 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data,
147                                   struct net_device *dev)
148 {
149         int pad   = ndisc_addr_option_pad(dev->type);
150         int data_len = dev->addr_len;
151         int space = ndisc_opt_addr_space(dev);
152
153         opt[0] = type;
154         opt[1] = space>>3;
155
156         memset(opt + 2, 0, pad);
157         opt   += pad;
158         space -= pad;
159
160         memcpy(opt+2, data, data_len);
161         data_len += 2;
162         opt += data_len;
163         if ((space -= data_len) > 0)
164                 memset(opt, 0, space);
165         return opt + space;
166 }
167
168 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
169                                             struct nd_opt_hdr *end)
170 {
171         int type;
172         if (!cur || !end || cur >= end)
173                 return NULL;
174         type = cur->nd_opt_type;
175         do {
176                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
177         } while(cur < end && cur->nd_opt_type != type);
178         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
179 }
180
181 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
182 {
183         return opt->nd_opt_type == ND_OPT_RDNSS ||
184                 opt->nd_opt_type == ND_OPT_DNSSL;
185 }
186
187 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
188                                              struct nd_opt_hdr *end)
189 {
190         if (!cur || !end || cur >= end)
191                 return NULL;
192         do {
193                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
194         } while(cur < end && !ndisc_is_useropt(cur));
195         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
196 }
197
198 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
199                                           struct ndisc_options *ndopts)
200 {
201         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
202
203         if (!nd_opt || opt_len < 0 || !ndopts)
204                 return NULL;
205         memset(ndopts, 0, sizeof(*ndopts));
206         while (opt_len) {
207                 int l;
208                 if (opt_len < sizeof(struct nd_opt_hdr))
209                         return NULL;
210                 l = nd_opt->nd_opt_len << 3;
211                 if (opt_len < l || l == 0)
212                         return NULL;
213                 switch (nd_opt->nd_opt_type) {
214                 case ND_OPT_SOURCE_LL_ADDR:
215                 case ND_OPT_TARGET_LL_ADDR:
216                 case ND_OPT_MTU:
217                 case ND_OPT_REDIRECT_HDR:
218                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
219                                 ND_PRINTK(2, warn,
220                                           "%s: duplicated ND6 option found: type=%d\n",
221                                           __func__, nd_opt->nd_opt_type);
222                         } else {
223                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
224                         }
225                         break;
226                 case ND_OPT_PREFIX_INFO:
227                         ndopts->nd_opts_pi_end = nd_opt;
228                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
229                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
230                         break;
231 #ifdef CONFIG_IPV6_ROUTE_INFO
232                 case ND_OPT_ROUTE_INFO:
233                         ndopts->nd_opts_ri_end = nd_opt;
234                         if (!ndopts->nd_opts_ri)
235                                 ndopts->nd_opts_ri = nd_opt;
236                         break;
237 #endif
238                 default:
239                         if (ndisc_is_useropt(nd_opt)) {
240                                 ndopts->nd_useropts_end = nd_opt;
241                                 if (!ndopts->nd_useropts)
242                                         ndopts->nd_useropts = nd_opt;
243                         } else {
244                                 /*
245                                  * Unknown options must be silently ignored,
246                                  * to accommodate future extension to the
247                                  * protocol.
248                                  */
249                                 ND_PRINTK(2, notice,
250                                           "%s: ignored unsupported option; type=%d, len=%d\n",
251                                           __func__,
252                                           nd_opt->nd_opt_type,
253                                           nd_opt->nd_opt_len);
254                         }
255                 }
256                 opt_len -= l;
257                 nd_opt = ((void *)nd_opt) + l;
258         }
259         return ndopts;
260 }
261
262 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
263 {
264         switch (dev->type) {
265         case ARPHRD_ETHER:
266         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
267         case ARPHRD_FDDI:
268                 ipv6_eth_mc_map(addr, buf);
269                 return 0;
270         case ARPHRD_ARCNET:
271                 ipv6_arcnet_mc_map(addr, buf);
272                 return 0;
273         case ARPHRD_INFINIBAND:
274                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
275                 return 0;
276         case ARPHRD_IPGRE:
277                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
278         default:
279                 if (dir) {
280                         memcpy(buf, dev->broadcast, dev->addr_len);
281                         return 0;
282                 }
283         }
284         return -EINVAL;
285 }
286
287 EXPORT_SYMBOL(ndisc_mc_map);
288
289 static u32 ndisc_hash(const void *pkey,
290                       const struct net_device *dev,
291                       __u32 *hash_rnd)
292 {
293         return ndisc_hashfn(pkey, dev, hash_rnd);
294 }
295
296 static int ndisc_constructor(struct neighbour *neigh)
297 {
298         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
299         struct net_device *dev = neigh->dev;
300         struct inet6_dev *in6_dev;
301         struct neigh_parms *parms;
302         bool is_multicast = ipv6_addr_is_multicast(addr);
303
304         in6_dev = in6_dev_get(dev);
305         if (in6_dev == NULL) {
306                 return -EINVAL;
307         }
308
309         parms = in6_dev->nd_parms;
310         __neigh_parms_put(neigh->parms);
311         neigh->parms = neigh_parms_clone(parms);
312
313         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
314         if (!dev->header_ops) {
315                 neigh->nud_state = NUD_NOARP;
316                 neigh->ops = &ndisc_direct_ops;
317                 neigh->output = neigh_direct_output;
318         } else {
319                 if (is_multicast) {
320                         neigh->nud_state = NUD_NOARP;
321                         ndisc_mc_map(addr, neigh->ha, dev, 1);
322                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
323                         neigh->nud_state = NUD_NOARP;
324                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
325                         if (dev->flags&IFF_LOOPBACK)
326                                 neigh->type = RTN_LOCAL;
327                 } else if (dev->flags&IFF_POINTOPOINT) {
328                         neigh->nud_state = NUD_NOARP;
329                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
330                 }
331                 if (dev->header_ops->cache)
332                         neigh->ops = &ndisc_hh_ops;
333                 else
334                         neigh->ops = &ndisc_generic_ops;
335                 if (neigh->nud_state&NUD_VALID)
336                         neigh->output = neigh->ops->connected_output;
337                 else
338                         neigh->output = neigh->ops->output;
339         }
340         in6_dev_put(in6_dev);
341         return 0;
342 }
343
344 static int pndisc_constructor(struct pneigh_entry *n)
345 {
346         struct in6_addr *addr = (struct in6_addr*)&n->key;
347         struct in6_addr maddr;
348         struct net_device *dev = n->dev;
349
350         if (dev == NULL || __in6_dev_get(dev) == NULL)
351                 return -EINVAL;
352         addrconf_addr_solict_mult(addr, &maddr);
353         ipv6_dev_mc_inc(dev, &maddr);
354         return 0;
355 }
356
357 static void pndisc_destructor(struct pneigh_entry *n)
358 {
359         struct in6_addr *addr = (struct in6_addr*)&n->key;
360         struct in6_addr maddr;
361         struct net_device *dev = n->dev;
362
363         if (dev == NULL || __in6_dev_get(dev) == NULL)
364                 return;
365         addrconf_addr_solict_mult(addr, &maddr);
366         ipv6_dev_mc_dec(dev, &maddr);
367 }
368
369 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
370                                        int len)
371 {
372         int hlen = LL_RESERVED_SPACE(dev);
373         int tlen = dev->needed_tailroom;
374         struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
375         struct sk_buff *skb;
376         int err;
377
378         skb = sock_alloc_send_skb(sk,
379                                   hlen + sizeof(struct ipv6hdr) + len + tlen,
380                                   1, &err);
381         if (!skb) {
382                 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
383                           __func__, err);
384                 return NULL;
385         }
386
387         skb_reserve(skb, hlen);
388
389         return skb;
390 }
391
392 static void ip6_nd_hdr(struct sock *sk,
393                        struct sk_buff *skb, struct net_device *dev,
394                        const struct in6_addr *saddr,
395                        const struct in6_addr *daddr,
396                        int proto, int len)
397 {
398         struct ipv6hdr *hdr;
399
400         skb->protocol = htons(ETH_P_IPV6);
401         skb->dev = dev;
402
403         skb_reset_network_header(skb);
404         skb_put(skb, sizeof(struct ipv6hdr));
405         hdr = ipv6_hdr(skb);
406
407         ip6_flow_hdr(hdr, 0, 0);
408
409         hdr->payload_len = htons(len);
410         hdr->nexthdr = proto;
411         hdr->hop_limit = inet6_sk(sk)->hop_limit;
412
413         hdr->saddr = *saddr;
414         hdr->daddr = *daddr;
415 }
416
417 static struct sk_buff *ndisc_build_skb(struct net_device *dev,
418                                        const struct in6_addr *daddr,
419                                        const struct in6_addr *saddr,
420                                        struct icmp6hdr *icmp6h,
421                                        const struct in6_addr *target,
422                                        int llinfo)
423 {
424         struct net *net = dev_net(dev);
425         struct sock *sk = net->ipv6.ndisc_sk;
426         struct sk_buff *skb;
427         struct icmp6hdr *hdr;
428         int len;
429         u8 *opt;
430
431         if (!dev->addr_len)
432                 llinfo = 0;
433
434         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
435         if (llinfo)
436                 len += ndisc_opt_addr_space(dev);
437
438         skb = ndisc_alloc_skb(dev, len);
439         if (!skb)
440                 return NULL;
441
442         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
443
444         skb->transport_header = skb->tail;
445         skb_put(skb, len);
446
447         hdr = (struct icmp6hdr *)skb_transport_header(skb);
448         memcpy(hdr, icmp6h, sizeof(*hdr));
449
450         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
451         if (target) {
452                 *(struct in6_addr *)opt = *target;
453                 opt += sizeof(*target);
454         }
455
456         if (llinfo)
457                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, dev);
458
459         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
460                                            IPPROTO_ICMPV6,
461                                            csum_partial(hdr,
462                                                         len, 0));
463
464         return skb;
465 }
466
467 static void ndisc_send_skb(struct sk_buff *skb, struct net_device *dev,
468                            const struct in6_addr *daddr,
469                            const struct in6_addr *saddr,
470                            struct icmp6hdr *icmp6h)
471 {
472         struct flowi6 fl6;
473         struct dst_entry *dst;
474         struct net *net = dev_net(dev);
475         struct sock *sk = net->ipv6.ndisc_sk;
476         struct inet6_dev *idev;
477         int err;
478         u8 type;
479
480         type = icmp6h->icmp6_type;
481
482         icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
483         dst = icmp6_dst_alloc(dev, &fl6);
484         if (IS_ERR(dst)) {
485                 kfree_skb(skb);
486                 return;
487         }
488
489         skb_dst_set(skb, dst);
490
491         rcu_read_lock();
492         idev = __in6_dev_get(dst->dev);
493         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
494
495         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
496                       dst_output);
497         if (!err) {
498                 ICMP6MSGOUT_INC_STATS(net, idev, type);
499                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
500         }
501
502         rcu_read_unlock();
503 }
504
505 /*
506  *      Send a Neighbour Discover packet
507  */
508 static void __ndisc_send(struct net_device *dev,
509                          const struct in6_addr *daddr,
510                          const struct in6_addr *saddr,
511                          struct icmp6hdr *icmp6h, const struct in6_addr *target,
512                          int llinfo)
513 {
514         struct sk_buff *skb;
515
516         skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
517         if (!skb)
518                 return;
519
520         ndisc_send_skb(skb, dev, daddr, saddr, icmp6h);
521 }
522
523 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
524                           const struct in6_addr *daddr,
525                           const struct in6_addr *solicited_addr,
526                           bool router, bool solicited, bool override, bool inc_opt)
527 {
528         struct in6_addr tmpaddr;
529         struct inet6_ifaddr *ifp;
530         const struct in6_addr *src_addr;
531         struct icmp6hdr icmp6h = {
532                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
533         };
534
535         /* for anycast or proxy, solicited_addr != src_addr */
536         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
537         if (ifp) {
538                 src_addr = solicited_addr;
539                 if (ifp->flags & IFA_F_OPTIMISTIC)
540                         override = 0;
541                 inc_opt |= ifp->idev->cnf.force_tllao;
542                 in6_ifa_put(ifp);
543         } else {
544                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
545                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
546                                        &tmpaddr))
547                         return;
548                 src_addr = &tmpaddr;
549         }
550
551         icmp6h.icmp6_router = router;
552         icmp6h.icmp6_solicited = solicited;
553         icmp6h.icmp6_override = override;
554
555         __ndisc_send(dev, daddr, src_addr, &icmp6h, solicited_addr,
556                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
557 }
558
559 static void ndisc_send_unsol_na(struct net_device *dev)
560 {
561         struct inet6_dev *idev;
562         struct inet6_ifaddr *ifa;
563
564         idev = in6_dev_get(dev);
565         if (!idev)
566                 return;
567
568         read_lock_bh(&idev->lock);
569         list_for_each_entry(ifa, &idev->addr_list, if_list) {
570                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
571                               /*router=*/ !!idev->cnf.forwarding,
572                               /*solicited=*/ false, /*override=*/ true,
573                               /*inc_opt=*/ true);
574         }
575         read_unlock_bh(&idev->lock);
576
577         in6_dev_put(idev);
578 }
579
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581                    const struct in6_addr *solicit,
582                    const struct in6_addr *daddr, const struct in6_addr *saddr)
583 {
584         struct in6_addr addr_buf;
585         struct icmp6hdr icmp6h = {
586                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587         };
588
589         if (saddr == NULL) {
590                 if (ipv6_get_lladdr(dev, &addr_buf,
591                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592                         return;
593                 saddr = &addr_buf;
594         }
595
596         __ndisc_send(dev, daddr, saddr, &icmp6h, solicit,
597                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
598 }
599
600 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
601                    const struct in6_addr *daddr)
602 {
603         struct icmp6hdr icmp6h = {
604                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
605         };
606         int send_sllao = dev->addr_len;
607
608 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
609         /*
610          * According to section 2.2 of RFC 4429, we must not
611          * send router solicitations with a sllao from
612          * optimistic addresses, but we may send the solicitation
613          * if we don't include the sllao.  So here we check
614          * if our address is optimistic, and if so, we
615          * suppress the inclusion of the sllao.
616          */
617         if (send_sllao) {
618                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
619                                                            dev, 1);
620                 if (ifp) {
621                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
622                                 send_sllao = 0;
623                         }
624                         in6_ifa_put(ifp);
625                 } else {
626                         send_sllao = 0;
627                 }
628         }
629 #endif
630         __ndisc_send(dev, daddr, saddr, &icmp6h, NULL,
631                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
632 }
633
634
635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636 {
637         /*
638          *      "The sender MUST return an ICMP
639          *       destination unreachable"
640          */
641         dst_link_failure(skb);
642         kfree_skb(skb);
643 }
644
645 /* Called with locked neigh: either read or both */
646
647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648 {
649         struct in6_addr *saddr = NULL;
650         struct in6_addr mcaddr;
651         struct net_device *dev = neigh->dev;
652         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653         int probes = atomic_read(&neigh->probes);
654
655         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
656                 saddr = &ipv6_hdr(skb)->saddr;
657
658         if ((probes -= neigh->parms->ucast_probes) < 0) {
659                 if (!(neigh->nud_state & NUD_VALID)) {
660                         ND_PRINTK(1, dbg,
661                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
662                                   __func__, target);
663                 }
664                 ndisc_send_ns(dev, neigh, target, target, saddr);
665         } else if ((probes -= neigh->parms->app_probes) < 0) {
666 #ifdef CONFIG_ARPD
667                 neigh_app_ns(neigh);
668 #endif
669         } else {
670                 addrconf_addr_solict_mult(target, &mcaddr);
671                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
672         }
673 }
674
675 static int pndisc_is_router(const void *pkey,
676                             struct net_device *dev)
677 {
678         struct pneigh_entry *n;
679         int ret = -1;
680
681         read_lock_bh(&nd_tbl.lock);
682         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
683         if (n)
684                 ret = !!(n->flags & NTF_ROUTER);
685         read_unlock_bh(&nd_tbl.lock);
686
687         return ret;
688 }
689
690 static void ndisc_recv_ns(struct sk_buff *skb)
691 {
692         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
693         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
694         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
695         u8 *lladdr = NULL;
696         u32 ndoptlen = skb->tail - (skb->transport_header +
697                                     offsetof(struct nd_msg, opt));
698         struct ndisc_options ndopts;
699         struct net_device *dev = skb->dev;
700         struct inet6_ifaddr *ifp;
701         struct inet6_dev *idev = NULL;
702         struct neighbour *neigh;
703         int dad = ipv6_addr_any(saddr);
704         bool inc;
705         int is_router = -1;
706
707         if (skb->len < sizeof(struct nd_msg)) {
708                 ND_PRINTK(2, warn, "NS: packet too short\n");
709                 return;
710         }
711
712         if (ipv6_addr_is_multicast(&msg->target)) {
713                 ND_PRINTK(2, warn, "NS: multicast target address\n");
714                 return;
715         }
716
717         /*
718          * RFC2461 7.1.1:
719          * DAD has to be destined for solicited node multicast address.
720          */
721         if (dad && !ipv6_addr_is_solict_mult(daddr)) {
722                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
723                 return;
724         }
725
726         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
727                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
728                 return;
729         }
730
731         if (ndopts.nd_opts_src_lladdr) {
732                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
733                 if (!lladdr) {
734                         ND_PRINTK(2, warn,
735                                   "NS: invalid link-layer address length\n");
736                         return;
737                 }
738
739                 /* RFC2461 7.1.1:
740                  *      If the IP source address is the unspecified address,
741                  *      there MUST NOT be source link-layer address option
742                  *      in the message.
743                  */
744                 if (dad) {
745                         ND_PRINTK(2, warn,
746                                   "NS: bad DAD packet (link-layer address option)\n");
747                         return;
748                 }
749         }
750
751         inc = ipv6_addr_is_multicast(daddr);
752
753         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
754         if (ifp) {
755
756                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
757                         if (dad) {
758                                 /*
759                                  * We are colliding with another node
760                                  * who is doing DAD
761                                  * so fail our DAD process
762                                  */
763                                 addrconf_dad_failure(ifp);
764                                 return;
765                         } else {
766                                 /*
767                                  * This is not a dad solicitation.
768                                  * If we are an optimistic node,
769                                  * we should respond.
770                                  * Otherwise, we should ignore it.
771                                  */
772                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
773                                         goto out;
774                         }
775                 }
776
777                 idev = ifp->idev;
778         } else {
779                 struct net *net = dev_net(dev);
780
781                 idev = in6_dev_get(dev);
782                 if (!idev) {
783                         /* XXX: count this drop? */
784                         return;
785                 }
786
787                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
788                     (idev->cnf.forwarding &&
789                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
790                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
791                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
792                             skb->pkt_type != PACKET_HOST &&
793                             inc != 0 &&
794                             idev->nd_parms->proxy_delay != 0) {
795                                 /*
796                                  * for anycast or proxy,
797                                  * sender should delay its response
798                                  * by a random time between 0 and
799                                  * MAX_ANYCAST_DELAY_TIME seconds.
800                                  * (RFC2461) -- yoshfuji
801                                  */
802                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
803                                 if (n)
804                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
805                                 goto out;
806                         }
807                 } else
808                         goto out;
809         }
810
811         if (is_router < 0)
812                 is_router = idev->cnf.forwarding;
813
814         if (dad) {
815                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
816                               !!is_router, false, (ifp != NULL), true);
817                 goto out;
818         }
819
820         if (inc)
821                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
822         else
823                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
824
825         /*
826          *      update / create cache entry
827          *      for the source address
828          */
829         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
830                                !inc || lladdr || !dev->addr_len);
831         if (neigh)
832                 neigh_update(neigh, lladdr, NUD_STALE,
833                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
834                              NEIGH_UPDATE_F_OVERRIDE);
835         if (neigh || !dev->header_ops) {
836                 ndisc_send_na(dev, neigh, saddr, &msg->target,
837                               !!is_router,
838                               true, (ifp != NULL && inc), inc);
839                 if (neigh)
840                         neigh_release(neigh);
841         }
842
843 out:
844         if (ifp)
845                 in6_ifa_put(ifp);
846         else
847                 in6_dev_put(idev);
848 }
849
850 static void ndisc_recv_na(struct sk_buff *skb)
851 {
852         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
853         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
854         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
855         u8 *lladdr = NULL;
856         u32 ndoptlen = skb->tail - (skb->transport_header +
857                                     offsetof(struct nd_msg, opt));
858         struct ndisc_options ndopts;
859         struct net_device *dev = skb->dev;
860         struct inet6_ifaddr *ifp;
861         struct neighbour *neigh;
862
863         if (skb->len < sizeof(struct nd_msg)) {
864                 ND_PRINTK(2, warn, "NA: packet too short\n");
865                 return;
866         }
867
868         if (ipv6_addr_is_multicast(&msg->target)) {
869                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
870                 return;
871         }
872
873         if (ipv6_addr_is_multicast(daddr) &&
874             msg->icmph.icmp6_solicited) {
875                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
876                 return;
877         }
878
879         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
880                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
881                 return;
882         }
883         if (ndopts.nd_opts_tgt_lladdr) {
884                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
885                 if (!lladdr) {
886                         ND_PRINTK(2, warn,
887                                   "NA: invalid link-layer address length\n");
888                         return;
889                 }
890         }
891         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
892         if (ifp) {
893                 if (skb->pkt_type != PACKET_LOOPBACK
894                     && (ifp->flags & IFA_F_TENTATIVE)) {
895                                 addrconf_dad_failure(ifp);
896                                 return;
897                 }
898                 /* What should we make now? The advertisement
899                    is invalid, but ndisc specs say nothing
900                    about it. It could be misconfiguration, or
901                    an smart proxy agent tries to help us :-)
902
903                    We should not print the error if NA has been
904                    received from loopback - it is just our own
905                    unsolicited advertisement.
906                  */
907                 if (skb->pkt_type != PACKET_LOOPBACK)
908                         ND_PRINTK(1, warn,
909                                   "NA: someone advertises our address %pI6 on %s!\n",
910                                   &ifp->addr, ifp->idev->dev->name);
911                 in6_ifa_put(ifp);
912                 return;
913         }
914         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
915
916         if (neigh) {
917                 u8 old_flags = neigh->flags;
918                 struct net *net = dev_net(dev);
919
920                 if (neigh->nud_state & NUD_FAILED)
921                         goto out;
922
923                 /*
924                  * Don't update the neighbor cache entry on a proxy NA from
925                  * ourselves because either the proxied node is off link or it
926                  * has already sent a NA to us.
927                  */
928                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
929                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
930                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
931                         /* XXX: idev->cnf.proxy_ndp */
932                         goto out;
933                 }
934
935                 neigh_update(neigh, lladdr,
936                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
938                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
941
942                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
943                         /*
944                          * Change: router to host
945                          */
946                         struct rt6_info *rt;
947                         rt = rt6_get_dflt_router(saddr, dev);
948                         if (rt)
949                                 ip6_del_rt(rt);
950                 }
951
952 out:
953                 neigh_release(neigh);
954         }
955 }
956
957 static void ndisc_recv_rs(struct sk_buff *skb)
958 {
959         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
960         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
961         struct neighbour *neigh;
962         struct inet6_dev *idev;
963         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
964         struct ndisc_options ndopts;
965         u8 *lladdr = NULL;
966
967         if (skb->len < sizeof(*rs_msg))
968                 return;
969
970         idev = __in6_dev_get(skb->dev);
971         if (!idev) {
972                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
973                 return;
974         }
975
976         /* Don't accept RS if we're not in router mode */
977         if (!idev->cnf.forwarding)
978                 goto out;
979
980         /*
981          * Don't update NCE if src = ::;
982          * this implies that the source node has no ip address assigned yet.
983          */
984         if (ipv6_addr_any(saddr))
985                 goto out;
986
987         /* Parse ND options */
988         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
989                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
990                 goto out;
991         }
992
993         if (ndopts.nd_opts_src_lladdr) {
994                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
995                                              skb->dev);
996                 if (!lladdr)
997                         goto out;
998         }
999
1000         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1001         if (neigh) {
1002                 neigh_update(neigh, lladdr, NUD_STALE,
1003                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1004                              NEIGH_UPDATE_F_OVERRIDE|
1005                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1006                 neigh_release(neigh);
1007         }
1008 out:
1009         return;
1010 }
1011
1012 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1013 {
1014         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1015         struct sk_buff *skb;
1016         struct nlmsghdr *nlh;
1017         struct nduseroptmsg *ndmsg;
1018         struct net *net = dev_net(ra->dev);
1019         int err;
1020         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1021                                     + (opt->nd_opt_len << 3));
1022         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1023
1024         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1025         if (skb == NULL) {
1026                 err = -ENOBUFS;
1027                 goto errout;
1028         }
1029
1030         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1031         if (nlh == NULL) {
1032                 goto nla_put_failure;
1033         }
1034
1035         ndmsg = nlmsg_data(nlh);
1036         ndmsg->nduseropt_family = AF_INET6;
1037         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1038         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1039         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1040         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1041
1042         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1043
1044         if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1045                     &ipv6_hdr(ra)->saddr))
1046                 goto nla_put_failure;
1047         nlmsg_end(skb, nlh);
1048
1049         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1050         return;
1051
1052 nla_put_failure:
1053         nlmsg_free(skb);
1054         err = -EMSGSIZE;
1055 errout:
1056         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1057 }
1058
1059 static void ndisc_router_discovery(struct sk_buff *skb)
1060 {
1061         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1062         struct neighbour *neigh = NULL;
1063         struct inet6_dev *in6_dev;
1064         struct rt6_info *rt = NULL;
1065         int lifetime;
1066         struct ndisc_options ndopts;
1067         int optlen;
1068         unsigned int pref = 0;
1069
1070         __u8 * opt = (__u8 *)(ra_msg + 1);
1071
1072         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1073
1074         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076                 return;
1077         }
1078         if (optlen < 0) {
1079                 ND_PRINTK(2, warn, "RA: packet too short\n");
1080                 return;
1081         }
1082
1083 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1084         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086                 return;
1087         }
1088 #endif
1089
1090         /*
1091          *      set the RA_RECV flag in the interface
1092          */
1093
1094         in6_dev = __in6_dev_get(skb->dev);
1095         if (in6_dev == NULL) {
1096                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097                           skb->dev->name);
1098                 return;
1099         }
1100
1101         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103                 return;
1104         }
1105
1106         if (!ipv6_accept_ra(in6_dev))
1107                 goto skip_linkparms;
1108
1109 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1110         /* skip link-specific parameters from interior routers */
1111         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112                 goto skip_linkparms;
1113 #endif
1114
1115         if (in6_dev->if_flags & IF_RS_SENT) {
1116                 /*
1117                  *      flag that an RA was received after an RS was sent
1118                  *      out on this interface.
1119                  */
1120                 in6_dev->if_flags |= IF_RA_RCVD;
1121         }
1122
1123         /*
1124          * Remember the managed/otherconf flags from most recently
1125          * received RA message (RFC 2462) -- yoshfuji
1126          */
1127         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128                                 IF_RA_OTHERCONF)) |
1129                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1130                                         IF_RA_MANAGED : 0) |
1131                                 (ra_msg->icmph.icmp6_addrconf_other ?
1132                                         IF_RA_OTHERCONF : 0);
1133
1134         if (!in6_dev->cnf.accept_ra_defrtr)
1135                 goto skip_defrtr;
1136
1137         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138                 goto skip_defrtr;
1139
1140         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141
1142 #ifdef CONFIG_IPV6_ROUTER_PREF
1143         pref = ra_msg->icmph.icmp6_router_pref;
1144         /* 10b is handled as if it were 00b (medium) */
1145         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146             !in6_dev->cnf.accept_ra_rtr_pref)
1147                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148 #endif
1149
1150         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151
1152         if (rt) {
1153                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154                 if (!neigh) {
1155                         ND_PRINTK(0, err,
1156                                   "RA: %s got default router without neighbour\n",
1157                                   __func__);
1158                         ip6_rt_put(rt);
1159                         return;
1160                 }
1161         }
1162         if (rt && lifetime == 0) {
1163                 ip6_del_rt(rt);
1164                 rt = NULL;
1165         }
1166
1167         if (rt == NULL && lifetime) {
1168                 ND_PRINTK(3, dbg, "RA: adding default router\n");
1169
1170                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171                 if (rt == NULL) {
1172                         ND_PRINTK(0, err,
1173                                   "RA: %s failed to add default route\n",
1174                                   __func__);
1175                         return;
1176                 }
1177
1178                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179                 if (neigh == NULL) {
1180                         ND_PRINTK(0, err,
1181                                   "RA: %s got default router without neighbour\n",
1182                                   __func__);
1183                         ip6_rt_put(rt);
1184                         return;
1185                 }
1186                 neigh->flags |= NTF_ROUTER;
1187         } else if (rt) {
1188                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189         }
1190
1191         if (rt)
1192                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193         if (ra_msg->icmph.icmp6_hop_limit) {
1194                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1195                 if (rt)
1196                         dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1197                                        ra_msg->icmph.icmp6_hop_limit);
1198         }
1199
1200 skip_defrtr:
1201
1202         /*
1203          *      Update Reachable Time and Retrans Timer
1204          */
1205
1206         if (in6_dev->nd_parms) {
1207                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1208
1209                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1210                         rtime = (rtime*HZ)/1000;
1211                         if (rtime < HZ/10)
1212                                 rtime = HZ/10;
1213                         in6_dev->nd_parms->retrans_time = rtime;
1214                         in6_dev->tstamp = jiffies;
1215                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1216                 }
1217
1218                 rtime = ntohl(ra_msg->reachable_time);
1219                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1220                         rtime = (rtime*HZ)/1000;
1221
1222                         if (rtime < HZ/10)
1223                                 rtime = HZ/10;
1224
1225                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1226                                 in6_dev->nd_parms->base_reachable_time = rtime;
1227                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1228                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1229                                 in6_dev->tstamp = jiffies;
1230                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1231                         }
1232                 }
1233         }
1234
1235 skip_linkparms:
1236
1237         /*
1238          *      Process options.
1239          */
1240
1241         if (!neigh)
1242                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1243                                        skb->dev, 1);
1244         if (neigh) {
1245                 u8 *lladdr = NULL;
1246                 if (ndopts.nd_opts_src_lladdr) {
1247                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1248                                                      skb->dev);
1249                         if (!lladdr) {
1250                                 ND_PRINTK(2, warn,
1251                                           "RA: invalid link-layer address length\n");
1252                                 goto out;
1253                         }
1254                 }
1255                 neigh_update(neigh, lladdr, NUD_STALE,
1256                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1257                              NEIGH_UPDATE_F_OVERRIDE|
1258                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1259                              NEIGH_UPDATE_F_ISROUTER);
1260         }
1261
1262         if (!ipv6_accept_ra(in6_dev))
1263                 goto out;
1264
1265 #ifdef CONFIG_IPV6_ROUTE_INFO
1266         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1267                 goto skip_routeinfo;
1268
1269         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1270                 struct nd_opt_hdr *p;
1271                 for (p = ndopts.nd_opts_ri;
1272                      p;
1273                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1274                         struct route_info *ri = (struct route_info *)p;
1275 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1276                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1277                             ri->prefix_len == 0)
1278                                 continue;
1279 #endif
1280                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1281                                 continue;
1282                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1283                                       &ipv6_hdr(skb)->saddr);
1284                 }
1285         }
1286
1287 skip_routeinfo:
1288 #endif
1289
1290 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1291         /* skip link-specific ndopts from interior routers */
1292         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1293                 goto out;
1294 #endif
1295
1296         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1297                 struct nd_opt_hdr *p;
1298                 for (p = ndopts.nd_opts_pi;
1299                      p;
1300                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1301                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1302                                             (p->nd_opt_len) << 3,
1303                                             ndopts.nd_opts_src_lladdr != NULL);
1304                 }
1305         }
1306
1307         if (ndopts.nd_opts_mtu) {
1308                 __be32 n;
1309                 u32 mtu;
1310
1311                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1312                 mtu = ntohl(n);
1313
1314                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1315                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1316                 } else if (in6_dev->cnf.mtu6 != mtu) {
1317                         in6_dev->cnf.mtu6 = mtu;
1318
1319                         if (rt)
1320                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1321
1322                         rt6_mtu_change(skb->dev, mtu);
1323                 }
1324         }
1325
1326         if (ndopts.nd_useropts) {
1327                 struct nd_opt_hdr *p;
1328                 for (p = ndopts.nd_useropts;
1329                      p;
1330                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1331                         ndisc_ra_useropt(skb, p);
1332                 }
1333         }
1334
1335         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1336                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1337         }
1338 out:
1339         ip6_rt_put(rt);
1340         if (neigh)
1341                 neigh_release(neigh);
1342 }
1343
1344 static void ndisc_redirect_rcv(struct sk_buff *skb)
1345 {
1346         u8 *hdr;
1347         struct ndisc_options ndopts;
1348         struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1349         u32 ndoptlen = skb->tail - (skb->transport_header +
1350                                     offsetof(struct rd_msg, opt));
1351
1352 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1353         switch (skb->ndisc_nodetype) {
1354         case NDISC_NODETYPE_HOST:
1355         case NDISC_NODETYPE_NODEFAULT:
1356                 ND_PRINTK(2, warn,
1357                           "Redirect: from host or unauthorized router\n");
1358                 return;
1359         }
1360 #endif
1361
1362         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1363                 ND_PRINTK(2, warn,
1364                           "Redirect: source address is not link-local\n");
1365                 return;
1366         }
1367
1368         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1369                 return;
1370
1371         if (!ndopts.nd_opts_rh)
1372                 return;
1373
1374         hdr = (u8 *)ndopts.nd_opts_rh;
1375         hdr += 8;
1376         if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1377                 return;
1378
1379         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1380 }
1381
1382 static u8 *ndisc_fill_redirect_hdr_option(u8 *opt, struct sk_buff *orig_skb,
1383                                           int rd_len)
1384 {
1385         memset(opt, 0, 8);
1386         *(opt++) = ND_OPT_REDIRECT_HDR;
1387         *(opt++) = (rd_len >> 3);
1388         opt += 6;
1389
1390         memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1391
1392         return opt + rd_len - 8;
1393 }
1394
1395 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1396 {
1397         struct net_device *dev = skb->dev;
1398         struct net *net = dev_net(dev);
1399         struct sock *sk = net->ipv6.ndisc_sk;
1400         int len = sizeof(struct rd_msg);
1401         struct inet_peer *peer;
1402         struct sk_buff *buff;
1403         struct rd_msg *msg;
1404         struct in6_addr saddr_buf;
1405         struct rt6_info *rt;
1406         struct dst_entry *dst;
1407         struct inet6_dev *idev;
1408         struct flowi6 fl6;
1409         u8 *opt;
1410         int rd_len;
1411         int err;
1412         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1413         bool ret;
1414
1415         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1416                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1417                           dev->name);
1418                 return;
1419         }
1420
1421         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1422             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1423                 ND_PRINTK(2, warn,
1424                           "Redirect: target address is not link-local unicast\n");
1425                 return;
1426         }
1427
1428         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1429                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1430
1431         dst = ip6_route_output(net, NULL, &fl6);
1432         if (dst->error) {
1433                 dst_release(dst);
1434                 return;
1435         }
1436         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1437         if (IS_ERR(dst))
1438                 return;
1439
1440         rt = (struct rt6_info *) dst;
1441
1442         if (rt->rt6i_flags & RTF_GATEWAY) {
1443                 ND_PRINTK(2, warn,
1444                           "Redirect: destination is not a neighbour\n");
1445                 goto release;
1446         }
1447         peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1448         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1449         if (peer)
1450                 inet_putpeer(peer);
1451         if (!ret)
1452                 goto release;
1453
1454         if (dev->addr_len) {
1455                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1456                 if (!neigh) {
1457                         ND_PRINTK(2, warn,
1458                                   "Redirect: no neigh for target address\n");
1459                         goto release;
1460                 }
1461
1462                 read_lock_bh(&neigh->lock);
1463                 if (neigh->nud_state & NUD_VALID) {
1464                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1465                         read_unlock_bh(&neigh->lock);
1466                         ha = ha_buf;
1467                         len += ndisc_opt_addr_space(dev);
1468                 } else
1469                         read_unlock_bh(&neigh->lock);
1470
1471                 neigh_release(neigh);
1472         }
1473
1474         rd_len = min_t(unsigned int,
1475                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1476         rd_len &= ~0x7;
1477         len += rd_len;
1478
1479         buff = ndisc_alloc_skb(dev, len);
1480         if (!buff)
1481                 goto release;
1482
1483         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1484                    IPPROTO_ICMPV6, len);
1485
1486         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1487         skb_put(buff, len);
1488         msg = (struct rd_msg *)icmp6_hdr(buff);
1489
1490         memset(&msg->icmph, 0, sizeof(struct icmp6hdr));
1491         msg->icmph.icmp6_type = NDISC_REDIRECT;
1492
1493         /*
1494          *      copy target and destination addresses
1495          */
1496
1497         msg->target = *target;
1498         msg->dest = ipv6_hdr(skb)->daddr;
1499
1500         opt = msg->opt;
1501
1502         /*
1503          *      include target_address option
1504          */
1505
1506         if (ha)
1507                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, dev);
1508
1509         /*
1510          *      build redirect option and copy skb over to the new packet.
1511          */
1512
1513         if (rd_len)
1514                 opt = ndisc_fill_redirect_hdr_option(opt, skb, rd_len);
1515
1516         msg->icmph.icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1517                                                  len, IPPROTO_ICMPV6,
1518                                                  csum_partial(msg, len, 0));
1519
1520         skb_dst_set(buff, dst);
1521         rcu_read_lock();
1522         idev = __in6_dev_get(dst->dev);
1523         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1524         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1525                       dst_output);
1526         if (!err) {
1527                 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1528                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1529         }
1530
1531         rcu_read_unlock();
1532         return;
1533
1534 release:
1535         dst_release(dst);
1536 }
1537
1538 static void pndisc_redo(struct sk_buff *skb)
1539 {
1540         ndisc_recv_ns(skb);
1541         kfree_skb(skb);
1542 }
1543
1544 int ndisc_rcv(struct sk_buff *skb)
1545 {
1546         struct nd_msg *msg;
1547
1548         if (skb_linearize(skb))
1549                 return 0;
1550
1551         msg = (struct nd_msg *)skb_transport_header(skb);
1552
1553         __skb_push(skb, skb->data - skb_transport_header(skb));
1554
1555         if (ipv6_hdr(skb)->hop_limit != 255) {
1556                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1557                           ipv6_hdr(skb)->hop_limit);
1558                 return 0;
1559         }
1560
1561         if (msg->icmph.icmp6_code != 0) {
1562                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1563                           msg->icmph.icmp6_code);
1564                 return 0;
1565         }
1566
1567         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1568
1569         switch (msg->icmph.icmp6_type) {
1570         case NDISC_NEIGHBOUR_SOLICITATION:
1571                 ndisc_recv_ns(skb);
1572                 break;
1573
1574         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1575                 ndisc_recv_na(skb);
1576                 break;
1577
1578         case NDISC_ROUTER_SOLICITATION:
1579                 ndisc_recv_rs(skb);
1580                 break;
1581
1582         case NDISC_ROUTER_ADVERTISEMENT:
1583                 ndisc_router_discovery(skb);
1584                 break;
1585
1586         case NDISC_REDIRECT:
1587                 ndisc_redirect_rcv(skb);
1588                 break;
1589         }
1590
1591         return 0;
1592 }
1593
1594 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1595 {
1596         struct net_device *dev = ptr;
1597         struct net *net = dev_net(dev);
1598         struct inet6_dev *idev;
1599
1600         switch (event) {
1601         case NETDEV_CHANGEADDR:
1602                 neigh_changeaddr(&nd_tbl, dev);
1603                 fib6_run_gc(~0UL, net);
1604                 idev = in6_dev_get(dev);
1605                 if (!idev)
1606                         break;
1607                 if (idev->cnf.ndisc_notify)
1608                         ndisc_send_unsol_na(dev);
1609                 in6_dev_put(idev);
1610                 break;
1611         case NETDEV_DOWN:
1612                 neigh_ifdown(&nd_tbl, dev);
1613                 fib6_run_gc(~0UL, net);
1614                 break;
1615         case NETDEV_NOTIFY_PEERS:
1616                 ndisc_send_unsol_na(dev);
1617                 break;
1618         default:
1619                 break;
1620         }
1621
1622         return NOTIFY_DONE;
1623 }
1624
1625 static struct notifier_block ndisc_netdev_notifier = {
1626         .notifier_call = ndisc_netdev_event,
1627 };
1628
1629 #ifdef CONFIG_SYSCTL
1630 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1631                                          const char *func, const char *dev_name)
1632 {
1633         static char warncomm[TASK_COMM_LEN];
1634         static int warned;
1635         if (strcmp(warncomm, current->comm) && warned < 5) {
1636                 strcpy(warncomm, current->comm);
1637                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1638                         warncomm, func,
1639                         dev_name, ctl->procname,
1640                         dev_name, ctl->procname);
1641                 warned++;
1642         }
1643 }
1644
1645 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1646 {
1647         struct net_device *dev = ctl->extra1;
1648         struct inet6_dev *idev;
1649         int ret;
1650
1651         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1652             (strcmp(ctl->procname, "base_reachable_time") == 0))
1653                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1654
1655         if (strcmp(ctl->procname, "retrans_time") == 0)
1656                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1657
1658         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1659                 ret = proc_dointvec_jiffies(ctl, write,
1660                                             buffer, lenp, ppos);
1661
1662         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1663                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1664                 ret = proc_dointvec_ms_jiffies(ctl, write,
1665                                                buffer, lenp, ppos);
1666         else
1667                 ret = -1;
1668
1669         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1670                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1671                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1672                 idev->tstamp = jiffies;
1673                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1674                 in6_dev_put(idev);
1675         }
1676         return ret;
1677 }
1678
1679
1680 #endif
1681
1682 static int __net_init ndisc_net_init(struct net *net)
1683 {
1684         struct ipv6_pinfo *np;
1685         struct sock *sk;
1686         int err;
1687
1688         err = inet_ctl_sock_create(&sk, PF_INET6,
1689                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1690         if (err < 0) {
1691                 ND_PRINTK(0, err,
1692                           "NDISC: Failed to initialize the control socket (err %d)\n",
1693                           err);
1694                 return err;
1695         }
1696
1697         net->ipv6.ndisc_sk = sk;
1698
1699         np = inet6_sk(sk);
1700         np->hop_limit = 255;
1701         /* Do not loopback ndisc messages */
1702         np->mc_loop = 0;
1703
1704         return 0;
1705 }
1706
1707 static void __net_exit ndisc_net_exit(struct net *net)
1708 {
1709         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1710 }
1711
1712 static struct pernet_operations ndisc_net_ops = {
1713         .init = ndisc_net_init,
1714         .exit = ndisc_net_exit,
1715 };
1716
1717 int __init ndisc_init(void)
1718 {
1719         int err;
1720
1721         err = register_pernet_subsys(&ndisc_net_ops);
1722         if (err)
1723                 return err;
1724         /*
1725          * Initialize the neighbour table
1726          */
1727         neigh_table_init(&nd_tbl);
1728
1729 #ifdef CONFIG_SYSCTL
1730         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1731                                     &ndisc_ifinfo_sysctl_change);
1732         if (err)
1733                 goto out_unregister_pernet;
1734 #endif
1735         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1736         if (err)
1737                 goto out_unregister_sysctl;
1738 out:
1739         return err;
1740
1741 out_unregister_sysctl:
1742 #ifdef CONFIG_SYSCTL
1743         neigh_sysctl_unregister(&nd_tbl.parms);
1744 out_unregister_pernet:
1745 #endif
1746         unregister_pernet_subsys(&ndisc_net_ops);
1747         goto out;
1748 }
1749
1750 void ndisc_cleanup(void)
1751 {
1752         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1753 #ifdef CONFIG_SYSCTL
1754         neigh_sysctl_unregister(&nd_tbl.parms);
1755 #endif
1756         neigh_table_clear(&nd_tbl);
1757         unregister_pernet_subsys(&ndisc_net_ops);
1758 }