ndisc: Fix padding error in link-layer address option.
[~shefty/rdma-dev.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
19  *      Pierre Ynard                    :       export userland ND options
20  *                                              through netlink (RDNSS support)
21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
22  *                                              of an RA.
23  *      Janos Farkas                    :       kmalloc failure checks
24  *      Alexey Kuznetsov                :       state machine reworked
25  *                                              and moved to net/core.
26  *      Pekka Savola                    :       RFC2461 validation
27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
28  */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...)                         \
79 do {                                                            \
80         if (val <= ND_DEBUG)                                    \
81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85                       const struct net_device *dev,
86                       __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95         .family =               AF_INET6,
96         .solicit =              ndisc_solicit,
97         .error_report =         ndisc_error_report,
98         .output =               neigh_resolve_output,
99         .connected_output =     neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112         .family =               AF_INET6,
113         .output =               neigh_direct_output,
114         .connected_output =     neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118         .family =       AF_INET6,
119         .key_len =      sizeof(struct in6_addr),
120         .hash =         ndisc_hash,
121         .constructor =  ndisc_constructor,
122         .pconstructor = pndisc_constructor,
123         .pdestructor =  pndisc_destructor,
124         .proxy_redo =   pndisc_redo,
125         .id =           "ndisc_cache",
126         .parms = {
127                 .tbl                    = &nd_tbl,
128                 .base_reachable_time    = ND_REACHABLE_TIME,
129                 .retrans_time           = ND_RETRANS_TIMER,
130                 .gc_staletime           = 60 * HZ,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .delay_probe_time       = 5 * HZ,
133                 .queue_len_bytes        = 64*1024,
134                 .ucast_probes           = 3,
135                 .mcast_probes           = 3,
136                 .anycast_delay          = 1 * HZ,
137                 .proxy_delay            = (8 * HZ) / 10,
138                 .proxy_qlen             = 64,
139         },
140         .gc_interval =    30 * HZ,
141         .gc_thresh1 =    128,
142         .gc_thresh2 =    512,
143         .gc_thresh3 =   1024,
144 };
145
146 static inline int ndisc_opt_addr_space(struct net_device *dev)
147 {
148         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
149 }
150
151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
152                                   unsigned short addr_type)
153 {
154         int pad   = ndisc_addr_option_pad(addr_type);
155         int space = NDISC_OPT_SPACE(data_len + pad);
156
157         opt[0] = type;
158         opt[1] = space>>3;
159
160         memset(opt + 2, 0, pad);
161         opt   += pad;
162         space -= pad;
163
164         memcpy(opt+2, data, data_len);
165         data_len += 2;
166         opt += data_len;
167         if ((space -= data_len) > 0)
168                 memset(opt, 0, space);
169         return opt + space;
170 }
171
172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
173                                             struct nd_opt_hdr *end)
174 {
175         int type;
176         if (!cur || !end || cur >= end)
177                 return NULL;
178         type = cur->nd_opt_type;
179         do {
180                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
181         } while(cur < end && cur->nd_opt_type != type);
182         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
183 }
184
185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
186 {
187         return opt->nd_opt_type == ND_OPT_RDNSS ||
188                 opt->nd_opt_type == ND_OPT_DNSSL;
189 }
190
191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
192                                              struct nd_opt_hdr *end)
193 {
194         if (!cur || !end || cur >= end)
195                 return NULL;
196         do {
197                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
198         } while(cur < end && !ndisc_is_useropt(cur));
199         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
200 }
201
202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
203                                           struct ndisc_options *ndopts)
204 {
205         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
206
207         if (!nd_opt || opt_len < 0 || !ndopts)
208                 return NULL;
209         memset(ndopts, 0, sizeof(*ndopts));
210         while (opt_len) {
211                 int l;
212                 if (opt_len < sizeof(struct nd_opt_hdr))
213                         return NULL;
214                 l = nd_opt->nd_opt_len << 3;
215                 if (opt_len < l || l == 0)
216                         return NULL;
217                 switch (nd_opt->nd_opt_type) {
218                 case ND_OPT_SOURCE_LL_ADDR:
219                 case ND_OPT_TARGET_LL_ADDR:
220                 case ND_OPT_MTU:
221                 case ND_OPT_REDIRECT_HDR:
222                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
223                                 ND_PRINTK(2, warn,
224                                           "%s: duplicated ND6 option found: type=%d\n",
225                                           __func__, nd_opt->nd_opt_type);
226                         } else {
227                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
228                         }
229                         break;
230                 case ND_OPT_PREFIX_INFO:
231                         ndopts->nd_opts_pi_end = nd_opt;
232                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
233                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
234                         break;
235 #ifdef CONFIG_IPV6_ROUTE_INFO
236                 case ND_OPT_ROUTE_INFO:
237                         ndopts->nd_opts_ri_end = nd_opt;
238                         if (!ndopts->nd_opts_ri)
239                                 ndopts->nd_opts_ri = nd_opt;
240                         break;
241 #endif
242                 default:
243                         if (ndisc_is_useropt(nd_opt)) {
244                                 ndopts->nd_useropts_end = nd_opt;
245                                 if (!ndopts->nd_useropts)
246                                         ndopts->nd_useropts = nd_opt;
247                         } else {
248                                 /*
249                                  * Unknown options must be silently ignored,
250                                  * to accommodate future extension to the
251                                  * protocol.
252                                  */
253                                 ND_PRINTK(2, notice,
254                                           "%s: ignored unsupported option; type=%d, len=%d\n",
255                                           __func__,
256                                           nd_opt->nd_opt_type,
257                                           nd_opt->nd_opt_len);
258                         }
259                 }
260                 opt_len -= l;
261                 nd_opt = ((void *)nd_opt) + l;
262         }
263         return ndopts;
264 }
265
266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
267 {
268         switch (dev->type) {
269         case ARPHRD_ETHER:
270         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
271         case ARPHRD_FDDI:
272                 ipv6_eth_mc_map(addr, buf);
273                 return 0;
274         case ARPHRD_ARCNET:
275                 ipv6_arcnet_mc_map(addr, buf);
276                 return 0;
277         case ARPHRD_INFINIBAND:
278                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
279                 return 0;
280         case ARPHRD_IPGRE:
281                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
282         default:
283                 if (dir) {
284                         memcpy(buf, dev->broadcast, dev->addr_len);
285                         return 0;
286                 }
287         }
288         return -EINVAL;
289 }
290
291 EXPORT_SYMBOL(ndisc_mc_map);
292
293 static u32 ndisc_hash(const void *pkey,
294                       const struct net_device *dev,
295                       __u32 *hash_rnd)
296 {
297         return ndisc_hashfn(pkey, dev, hash_rnd);
298 }
299
300 static int ndisc_constructor(struct neighbour *neigh)
301 {
302         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
303         struct net_device *dev = neigh->dev;
304         struct inet6_dev *in6_dev;
305         struct neigh_parms *parms;
306         bool is_multicast = ipv6_addr_is_multicast(addr);
307
308         in6_dev = in6_dev_get(dev);
309         if (in6_dev == NULL) {
310                 return -EINVAL;
311         }
312
313         parms = in6_dev->nd_parms;
314         __neigh_parms_put(neigh->parms);
315         neigh->parms = neigh_parms_clone(parms);
316
317         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
318         if (!dev->header_ops) {
319                 neigh->nud_state = NUD_NOARP;
320                 neigh->ops = &ndisc_direct_ops;
321                 neigh->output = neigh_direct_output;
322         } else {
323                 if (is_multicast) {
324                         neigh->nud_state = NUD_NOARP;
325                         ndisc_mc_map(addr, neigh->ha, dev, 1);
326                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
327                         neigh->nud_state = NUD_NOARP;
328                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
329                         if (dev->flags&IFF_LOOPBACK)
330                                 neigh->type = RTN_LOCAL;
331                 } else if (dev->flags&IFF_POINTOPOINT) {
332                         neigh->nud_state = NUD_NOARP;
333                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
334                 }
335                 if (dev->header_ops->cache)
336                         neigh->ops = &ndisc_hh_ops;
337                 else
338                         neigh->ops = &ndisc_generic_ops;
339                 if (neigh->nud_state&NUD_VALID)
340                         neigh->output = neigh->ops->connected_output;
341                 else
342                         neigh->output = neigh->ops->output;
343         }
344         in6_dev_put(in6_dev);
345         return 0;
346 }
347
348 static int pndisc_constructor(struct pneigh_entry *n)
349 {
350         struct in6_addr *addr = (struct in6_addr*)&n->key;
351         struct in6_addr maddr;
352         struct net_device *dev = n->dev;
353
354         if (dev == NULL || __in6_dev_get(dev) == NULL)
355                 return -EINVAL;
356         addrconf_addr_solict_mult(addr, &maddr);
357         ipv6_dev_mc_inc(dev, &maddr);
358         return 0;
359 }
360
361 static void pndisc_destructor(struct pneigh_entry *n)
362 {
363         struct in6_addr *addr = (struct in6_addr*)&n->key;
364         struct in6_addr maddr;
365         struct net_device *dev = n->dev;
366
367         if (dev == NULL || __in6_dev_get(dev) == NULL)
368                 return;
369         addrconf_addr_solict_mult(addr, &maddr);
370         ipv6_dev_mc_dec(dev, &maddr);
371 }
372
373 static struct sk_buff *ndisc_build_skb(struct net_device *dev,
374                                        const struct in6_addr *daddr,
375                                        const struct in6_addr *saddr,
376                                        struct icmp6hdr *icmp6h,
377                                        const struct in6_addr *target,
378                                        int llinfo)
379 {
380         struct net *net = dev_net(dev);
381         struct sock *sk = net->ipv6.ndisc_sk;
382         struct sk_buff *skb;
383         struct icmp6hdr *hdr;
384         int hlen = LL_RESERVED_SPACE(dev);
385         int tlen = dev->needed_tailroom;
386         int len;
387         int err;
388         u8 *opt;
389
390         if (!dev->addr_len)
391                 llinfo = 0;
392
393         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
394         if (llinfo)
395                 len += ndisc_opt_addr_space(dev);
396
397         skb = sock_alloc_send_skb(sk,
398                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
399                                    len + hlen + tlen),
400                                   1, &err);
401         if (!skb) {
402                 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
403                           __func__, err);
404                 return NULL;
405         }
406
407         skb_reserve(skb, hlen);
408         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
409
410         skb->transport_header = skb->tail;
411         skb_put(skb, len);
412
413         hdr = (struct icmp6hdr *)skb_transport_header(skb);
414         memcpy(hdr, icmp6h, sizeof(*hdr));
415
416         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
417         if (target) {
418                 *(struct in6_addr *)opt = *target;
419                 opt += sizeof(*target);
420         }
421
422         if (llinfo)
423                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
424                                        dev->addr_len, dev->type);
425
426         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
427                                            IPPROTO_ICMPV6,
428                                            csum_partial(hdr,
429                                                         len, 0));
430
431         return skb;
432 }
433
434 static void ndisc_send_skb(struct sk_buff *skb, struct net_device *dev,
435                            struct neighbour *neigh,
436                            const struct in6_addr *daddr,
437                            const struct in6_addr *saddr,
438                            struct icmp6hdr *icmp6h)
439 {
440         struct flowi6 fl6;
441         struct dst_entry *dst;
442         struct net *net = dev_net(dev);
443         struct sock *sk = net->ipv6.ndisc_sk;
444         struct inet6_dev *idev;
445         int err;
446         u8 type;
447
448         type = icmp6h->icmp6_type;
449
450         icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
451         dst = icmp6_dst_alloc(dev, neigh, &fl6);
452         if (IS_ERR(dst)) {
453                 kfree_skb(skb);
454                 return;
455         }
456
457         skb_dst_set(skb, dst);
458
459         rcu_read_lock();
460         idev = __in6_dev_get(dst->dev);
461         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
462
463         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
464                       dst_output);
465         if (!err) {
466                 ICMP6MSGOUT_INC_STATS(net, idev, type);
467                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
468         }
469
470         rcu_read_unlock();
471 }
472
473 /*
474  *      Send a Neighbour Discover packet
475  */
476 static void __ndisc_send(struct net_device *dev,
477                          struct neighbour *neigh,
478                          const struct in6_addr *daddr,
479                          const struct in6_addr *saddr,
480                          struct icmp6hdr *icmp6h, const struct in6_addr *target,
481                          int llinfo)
482 {
483         struct sk_buff *skb;
484
485         skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
486         if (!skb)
487                 return;
488
489         ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
490 }
491
492 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
493                           const struct in6_addr *daddr,
494                           const struct in6_addr *solicited_addr,
495                           int router, int solicited, int override, int inc_opt)
496 {
497         struct in6_addr tmpaddr;
498         struct inet6_ifaddr *ifp;
499         const struct in6_addr *src_addr;
500         struct icmp6hdr icmp6h = {
501                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
502         };
503
504         /* for anycast or proxy, solicited_addr != src_addr */
505         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
506         if (ifp) {
507                 src_addr = solicited_addr;
508                 if (ifp->flags & IFA_F_OPTIMISTIC)
509                         override = 0;
510                 inc_opt |= ifp->idev->cnf.force_tllao;
511                 in6_ifa_put(ifp);
512         } else {
513                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
514                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
515                                        &tmpaddr))
516                         return;
517                 src_addr = &tmpaddr;
518         }
519
520         icmp6h.icmp6_router = router;
521         icmp6h.icmp6_solicited = solicited;
522         icmp6h.icmp6_override = override;
523
524         __ndisc_send(dev, neigh, daddr, src_addr,
525                      &icmp6h, solicited_addr,
526                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
527 }
528
529 static void ndisc_send_unsol_na(struct net_device *dev)
530 {
531         struct inet6_dev *idev;
532         struct inet6_ifaddr *ifa;
533
534         idev = in6_dev_get(dev);
535         if (!idev)
536                 return;
537
538         read_lock_bh(&idev->lock);
539         list_for_each_entry(ifa, &idev->addr_list, if_list) {
540                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
541                               /*router=*/ !!idev->cnf.forwarding,
542                               /*solicited=*/ false, /*override=*/ true,
543                               /*inc_opt=*/ true);
544         }
545         read_unlock_bh(&idev->lock);
546
547         in6_dev_put(idev);
548 }
549
550 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
551                    const struct in6_addr *solicit,
552                    const struct in6_addr *daddr, const struct in6_addr *saddr)
553 {
554         struct in6_addr addr_buf;
555         struct icmp6hdr icmp6h = {
556                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
557         };
558
559         if (saddr == NULL) {
560                 if (ipv6_get_lladdr(dev, &addr_buf,
561                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
562                         return;
563                 saddr = &addr_buf;
564         }
565
566         __ndisc_send(dev, neigh, daddr, saddr,
567                      &icmp6h, solicit,
568                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
569 }
570
571 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
572                    const struct in6_addr *daddr)
573 {
574         struct icmp6hdr icmp6h = {
575                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
576         };
577         int send_sllao = dev->addr_len;
578
579 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
580         /*
581          * According to section 2.2 of RFC 4429, we must not
582          * send router solicitations with a sllao from
583          * optimistic addresses, but we may send the solicitation
584          * if we don't include the sllao.  So here we check
585          * if our address is optimistic, and if so, we
586          * suppress the inclusion of the sllao.
587          */
588         if (send_sllao) {
589                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
590                                                            dev, 1);
591                 if (ifp) {
592                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
593                                 send_sllao = 0;
594                         }
595                         in6_ifa_put(ifp);
596                 } else {
597                         send_sllao = 0;
598                 }
599         }
600 #endif
601         __ndisc_send(dev, NULL, daddr, saddr,
602                      &icmp6h, NULL,
603                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
604 }
605
606
607 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
608 {
609         /*
610          *      "The sender MUST return an ICMP
611          *       destination unreachable"
612          */
613         dst_link_failure(skb);
614         kfree_skb(skb);
615 }
616
617 /* Called with locked neigh: either read or both */
618
619 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
620 {
621         struct in6_addr *saddr = NULL;
622         struct in6_addr mcaddr;
623         struct net_device *dev = neigh->dev;
624         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
625         int probes = atomic_read(&neigh->probes);
626
627         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
628                 saddr = &ipv6_hdr(skb)->saddr;
629
630         if ((probes -= neigh->parms->ucast_probes) < 0) {
631                 if (!(neigh->nud_state & NUD_VALID)) {
632                         ND_PRINTK(1, dbg,
633                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
634                                   __func__, target);
635                 }
636                 ndisc_send_ns(dev, neigh, target, target, saddr);
637         } else if ((probes -= neigh->parms->app_probes) < 0) {
638 #ifdef CONFIG_ARPD
639                 neigh_app_ns(neigh);
640 #endif
641         } else {
642                 addrconf_addr_solict_mult(target, &mcaddr);
643                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
644         }
645 }
646
647 static int pndisc_is_router(const void *pkey,
648                             struct net_device *dev)
649 {
650         struct pneigh_entry *n;
651         int ret = -1;
652
653         read_lock_bh(&nd_tbl.lock);
654         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
655         if (n)
656                 ret = !!(n->flags & NTF_ROUTER);
657         read_unlock_bh(&nd_tbl.lock);
658
659         return ret;
660 }
661
662 static void ndisc_recv_ns(struct sk_buff *skb)
663 {
664         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
665         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
666         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
667         u8 *lladdr = NULL;
668         u32 ndoptlen = skb->tail - (skb->transport_header +
669                                     offsetof(struct nd_msg, opt));
670         struct ndisc_options ndopts;
671         struct net_device *dev = skb->dev;
672         struct inet6_ifaddr *ifp;
673         struct inet6_dev *idev = NULL;
674         struct neighbour *neigh;
675         int dad = ipv6_addr_any(saddr);
676         bool inc;
677         int is_router = -1;
678
679         if (ipv6_addr_is_multicast(&msg->target)) {
680                 ND_PRINTK(2, warn, "NS: multicast target address\n");
681                 return;
682         }
683
684         /*
685          * RFC2461 7.1.1:
686          * DAD has to be destined for solicited node multicast address.
687          */
688         if (dad &&
689             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
690               daddr->s6_addr32[1] == htonl(0x00000000) &&
691               daddr->s6_addr32[2] == htonl(0x00000001) &&
692               daddr->s6_addr [12] == 0xff )) {
693                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
694                 return;
695         }
696
697         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
698                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
699                 return;
700         }
701
702         if (ndopts.nd_opts_src_lladdr) {
703                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
704                 if (!lladdr) {
705                         ND_PRINTK(2, warn,
706                                   "NS: invalid link-layer address length\n");
707                         return;
708                 }
709
710                 /* RFC2461 7.1.1:
711                  *      If the IP source address is the unspecified address,
712                  *      there MUST NOT be source link-layer address option
713                  *      in the message.
714                  */
715                 if (dad) {
716                         ND_PRINTK(2, warn,
717                                   "NS: bad DAD packet (link-layer address option)\n");
718                         return;
719                 }
720         }
721
722         inc = ipv6_addr_is_multicast(daddr);
723
724         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
725         if (ifp) {
726
727                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
728                         if (dad) {
729                                 /*
730                                  * We are colliding with another node
731                                  * who is doing DAD
732                                  * so fail our DAD process
733                                  */
734                                 addrconf_dad_failure(ifp);
735                                 return;
736                         } else {
737                                 /*
738                                  * This is not a dad solicitation.
739                                  * If we are an optimistic node,
740                                  * we should respond.
741                                  * Otherwise, we should ignore it.
742                                  */
743                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
744                                         goto out;
745                         }
746                 }
747
748                 idev = ifp->idev;
749         } else {
750                 struct net *net = dev_net(dev);
751
752                 idev = in6_dev_get(dev);
753                 if (!idev) {
754                         /* XXX: count this drop? */
755                         return;
756                 }
757
758                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
759                     (idev->cnf.forwarding &&
760                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
761                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
762                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
763                             skb->pkt_type != PACKET_HOST &&
764                             inc != 0 &&
765                             idev->nd_parms->proxy_delay != 0) {
766                                 /*
767                                  * for anycast or proxy,
768                                  * sender should delay its response
769                                  * by a random time between 0 and
770                                  * MAX_ANYCAST_DELAY_TIME seconds.
771                                  * (RFC2461) -- yoshfuji
772                                  */
773                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
774                                 if (n)
775                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
776                                 goto out;
777                         }
778                 } else
779                         goto out;
780         }
781
782         if (is_router < 0)
783                 is_router = !!idev->cnf.forwarding;
784
785         if (dad) {
786                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
787                               is_router, 0, (ifp != NULL), 1);
788                 goto out;
789         }
790
791         if (inc)
792                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
793         else
794                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
795
796         /*
797          *      update / create cache entry
798          *      for the source address
799          */
800         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
801                                !inc || lladdr || !dev->addr_len);
802         if (neigh)
803                 neigh_update(neigh, lladdr, NUD_STALE,
804                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
805                              NEIGH_UPDATE_F_OVERRIDE);
806         if (neigh || !dev->header_ops) {
807                 ndisc_send_na(dev, neigh, saddr, &msg->target,
808                               is_router,
809                               1, (ifp != NULL && inc), inc);
810                 if (neigh)
811                         neigh_release(neigh);
812         }
813
814 out:
815         if (ifp)
816                 in6_ifa_put(ifp);
817         else
818                 in6_dev_put(idev);
819 }
820
821 static void ndisc_recv_na(struct sk_buff *skb)
822 {
823         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
824         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
825         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
826         u8 *lladdr = NULL;
827         u32 ndoptlen = skb->tail - (skb->transport_header +
828                                     offsetof(struct nd_msg, opt));
829         struct ndisc_options ndopts;
830         struct net_device *dev = skb->dev;
831         struct inet6_ifaddr *ifp;
832         struct neighbour *neigh;
833
834         if (skb->len < sizeof(struct nd_msg)) {
835                 ND_PRINTK(2, warn, "NA: packet too short\n");
836                 return;
837         }
838
839         if (ipv6_addr_is_multicast(&msg->target)) {
840                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
841                 return;
842         }
843
844         if (ipv6_addr_is_multicast(daddr) &&
845             msg->icmph.icmp6_solicited) {
846                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
847                 return;
848         }
849
850         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
851                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
852                 return;
853         }
854         if (ndopts.nd_opts_tgt_lladdr) {
855                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
856                 if (!lladdr) {
857                         ND_PRINTK(2, warn,
858                                   "NA: invalid link-layer address length\n");
859                         return;
860                 }
861         }
862         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
863         if (ifp) {
864                 if (skb->pkt_type != PACKET_LOOPBACK
865                     && (ifp->flags & IFA_F_TENTATIVE)) {
866                                 addrconf_dad_failure(ifp);
867                                 return;
868                 }
869                 /* What should we make now? The advertisement
870                    is invalid, but ndisc specs say nothing
871                    about it. It could be misconfiguration, or
872                    an smart proxy agent tries to help us :-)
873
874                    We should not print the error if NA has been
875                    received from loopback - it is just our own
876                    unsolicited advertisement.
877                  */
878                 if (skb->pkt_type != PACKET_LOOPBACK)
879                         ND_PRINTK(1, warn,
880                                   "NA: someone advertises our address %pI6 on %s!\n",
881                                   &ifp->addr, ifp->idev->dev->name);
882                 in6_ifa_put(ifp);
883                 return;
884         }
885         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
886
887         if (neigh) {
888                 u8 old_flags = neigh->flags;
889                 struct net *net = dev_net(dev);
890
891                 if (neigh->nud_state & NUD_FAILED)
892                         goto out;
893
894                 /*
895                  * Don't update the neighbor cache entry on a proxy NA from
896                  * ourselves because either the proxied node is off link or it
897                  * has already sent a NA to us.
898                  */
899                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
900                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
901                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
902                         /* XXX: idev->cnf.proxy_ndp */
903                         goto out;
904                 }
905
906                 neigh_update(neigh, lladdr,
907                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
908                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
909                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
910                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
911                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
912
913                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
914                         /*
915                          * Change: router to host
916                          */
917                         struct rt6_info *rt;
918                         rt = rt6_get_dflt_router(saddr, dev);
919                         if (rt)
920                                 ip6_del_rt(rt);
921                 }
922
923 out:
924                 neigh_release(neigh);
925         }
926 }
927
928 static void ndisc_recv_rs(struct sk_buff *skb)
929 {
930         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
931         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
932         struct neighbour *neigh;
933         struct inet6_dev *idev;
934         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
935         struct ndisc_options ndopts;
936         u8 *lladdr = NULL;
937
938         if (skb->len < sizeof(*rs_msg))
939                 return;
940
941         idev = __in6_dev_get(skb->dev);
942         if (!idev) {
943                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
944                 return;
945         }
946
947         /* Don't accept RS if we're not in router mode */
948         if (!idev->cnf.forwarding)
949                 goto out;
950
951         /*
952          * Don't update NCE if src = ::;
953          * this implies that the source node has no ip address assigned yet.
954          */
955         if (ipv6_addr_any(saddr))
956                 goto out;
957
958         /* Parse ND options */
959         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
960                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
961                 goto out;
962         }
963
964         if (ndopts.nd_opts_src_lladdr) {
965                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
966                                              skb->dev);
967                 if (!lladdr)
968                         goto out;
969         }
970
971         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
972         if (neigh) {
973                 neigh_update(neigh, lladdr, NUD_STALE,
974                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
975                              NEIGH_UPDATE_F_OVERRIDE|
976                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
977                 neigh_release(neigh);
978         }
979 out:
980         return;
981 }
982
983 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
984 {
985         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
986         struct sk_buff *skb;
987         struct nlmsghdr *nlh;
988         struct nduseroptmsg *ndmsg;
989         struct net *net = dev_net(ra->dev);
990         int err;
991         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
992                                     + (opt->nd_opt_len << 3));
993         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
994
995         skb = nlmsg_new(msg_size, GFP_ATOMIC);
996         if (skb == NULL) {
997                 err = -ENOBUFS;
998                 goto errout;
999         }
1000
1001         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1002         if (nlh == NULL) {
1003                 goto nla_put_failure;
1004         }
1005
1006         ndmsg = nlmsg_data(nlh);
1007         ndmsg->nduseropt_family = AF_INET6;
1008         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1009         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1010         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1011         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1012
1013         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1014
1015         if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1016                     &ipv6_hdr(ra)->saddr))
1017                 goto nla_put_failure;
1018         nlmsg_end(skb, nlh);
1019
1020         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1021         return;
1022
1023 nla_put_failure:
1024         nlmsg_free(skb);
1025         err = -EMSGSIZE;
1026 errout:
1027         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1028 }
1029
1030 static void ndisc_router_discovery(struct sk_buff *skb)
1031 {
1032         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1033         struct neighbour *neigh = NULL;
1034         struct inet6_dev *in6_dev;
1035         struct rt6_info *rt = NULL;
1036         int lifetime;
1037         struct ndisc_options ndopts;
1038         int optlen;
1039         unsigned int pref = 0;
1040
1041         __u8 * opt = (__u8 *)(ra_msg + 1);
1042
1043         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1044
1045         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1046                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1047                 return;
1048         }
1049         if (optlen < 0) {
1050                 ND_PRINTK(2, warn, "RA: packet too short\n");
1051                 return;
1052         }
1053
1054 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1055         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1056                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1057                 return;
1058         }
1059 #endif
1060
1061         /*
1062          *      set the RA_RECV flag in the interface
1063          */
1064
1065         in6_dev = __in6_dev_get(skb->dev);
1066         if (in6_dev == NULL) {
1067                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1068                           skb->dev->name);
1069                 return;
1070         }
1071
1072         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1073                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1074                 return;
1075         }
1076
1077         if (!ipv6_accept_ra(in6_dev))
1078                 goto skip_linkparms;
1079
1080 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1081         /* skip link-specific parameters from interior routers */
1082         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1083                 goto skip_linkparms;
1084 #endif
1085
1086         if (in6_dev->if_flags & IF_RS_SENT) {
1087                 /*
1088                  *      flag that an RA was received after an RS was sent
1089                  *      out on this interface.
1090                  */
1091                 in6_dev->if_flags |= IF_RA_RCVD;
1092         }
1093
1094         /*
1095          * Remember the managed/otherconf flags from most recently
1096          * received RA message (RFC 2462) -- yoshfuji
1097          */
1098         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1099                                 IF_RA_OTHERCONF)) |
1100                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1101                                         IF_RA_MANAGED : 0) |
1102                                 (ra_msg->icmph.icmp6_addrconf_other ?
1103                                         IF_RA_OTHERCONF : 0);
1104
1105         if (!in6_dev->cnf.accept_ra_defrtr)
1106                 goto skip_defrtr;
1107
1108         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1109                 goto skip_defrtr;
1110
1111         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1112
1113 #ifdef CONFIG_IPV6_ROUTER_PREF
1114         pref = ra_msg->icmph.icmp6_router_pref;
1115         /* 10b is handled as if it were 00b (medium) */
1116         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1117             !in6_dev->cnf.accept_ra_rtr_pref)
1118                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1119 #endif
1120
1121         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1122
1123         if (rt) {
1124                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1125                 if (!neigh) {
1126                         ND_PRINTK(0, err,
1127                                   "RA: %s got default router without neighbour\n",
1128                                   __func__);
1129                         ip6_rt_put(rt);
1130                         return;
1131                 }
1132         }
1133         if (rt && lifetime == 0) {
1134                 ip6_del_rt(rt);
1135                 rt = NULL;
1136         }
1137
1138         if (rt == NULL && lifetime) {
1139                 ND_PRINTK(3, dbg, "RA: adding default router\n");
1140
1141                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1142                 if (rt == NULL) {
1143                         ND_PRINTK(0, err,
1144                                   "RA: %s failed to add default route\n",
1145                                   __func__);
1146                         return;
1147                 }
1148
1149                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1150                 if (neigh == NULL) {
1151                         ND_PRINTK(0, err,
1152                                   "RA: %s got default router without neighbour\n",
1153                                   __func__);
1154                         ip6_rt_put(rt);
1155                         return;
1156                 }
1157                 neigh->flags |= NTF_ROUTER;
1158         } else if (rt) {
1159                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1160         }
1161
1162         if (rt)
1163                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1164         if (ra_msg->icmph.icmp6_hop_limit) {
1165                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1166                 if (rt)
1167                         dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1168                                        ra_msg->icmph.icmp6_hop_limit);
1169         }
1170
1171 skip_defrtr:
1172
1173         /*
1174          *      Update Reachable Time and Retrans Timer
1175          */
1176
1177         if (in6_dev->nd_parms) {
1178                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1179
1180                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1181                         rtime = (rtime*HZ)/1000;
1182                         if (rtime < HZ/10)
1183                                 rtime = HZ/10;
1184                         in6_dev->nd_parms->retrans_time = rtime;
1185                         in6_dev->tstamp = jiffies;
1186                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1187                 }
1188
1189                 rtime = ntohl(ra_msg->reachable_time);
1190                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1191                         rtime = (rtime*HZ)/1000;
1192
1193                         if (rtime < HZ/10)
1194                                 rtime = HZ/10;
1195
1196                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1197                                 in6_dev->nd_parms->base_reachable_time = rtime;
1198                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1199                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1200                                 in6_dev->tstamp = jiffies;
1201                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1202                         }
1203                 }
1204         }
1205
1206 skip_linkparms:
1207
1208         /*
1209          *      Process options.
1210          */
1211
1212         if (!neigh)
1213                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1214                                        skb->dev, 1);
1215         if (neigh) {
1216                 u8 *lladdr = NULL;
1217                 if (ndopts.nd_opts_src_lladdr) {
1218                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1219                                                      skb->dev);
1220                         if (!lladdr) {
1221                                 ND_PRINTK(2, warn,
1222                                           "RA: invalid link-layer address length\n");
1223                                 goto out;
1224                         }
1225                 }
1226                 neigh_update(neigh, lladdr, NUD_STALE,
1227                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1228                              NEIGH_UPDATE_F_OVERRIDE|
1229                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1230                              NEIGH_UPDATE_F_ISROUTER);
1231         }
1232
1233         if (!ipv6_accept_ra(in6_dev))
1234                 goto out;
1235
1236 #ifdef CONFIG_IPV6_ROUTE_INFO
1237         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1238                 goto skip_routeinfo;
1239
1240         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1241                 struct nd_opt_hdr *p;
1242                 for (p = ndopts.nd_opts_ri;
1243                      p;
1244                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1245                         struct route_info *ri = (struct route_info *)p;
1246 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1247                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1248                             ri->prefix_len == 0)
1249                                 continue;
1250 #endif
1251                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1252                                 continue;
1253                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1254                                       &ipv6_hdr(skb)->saddr);
1255                 }
1256         }
1257
1258 skip_routeinfo:
1259 #endif
1260
1261 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1262         /* skip link-specific ndopts from interior routers */
1263         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1264                 goto out;
1265 #endif
1266
1267         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1268                 struct nd_opt_hdr *p;
1269                 for (p = ndopts.nd_opts_pi;
1270                      p;
1271                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1272                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1273                                             (p->nd_opt_len) << 3,
1274                                             ndopts.nd_opts_src_lladdr != NULL);
1275                 }
1276         }
1277
1278         if (ndopts.nd_opts_mtu) {
1279                 __be32 n;
1280                 u32 mtu;
1281
1282                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1283                 mtu = ntohl(n);
1284
1285                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1286                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1287                 } else if (in6_dev->cnf.mtu6 != mtu) {
1288                         in6_dev->cnf.mtu6 = mtu;
1289
1290                         if (rt)
1291                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1292
1293                         rt6_mtu_change(skb->dev, mtu);
1294                 }
1295         }
1296
1297         if (ndopts.nd_useropts) {
1298                 struct nd_opt_hdr *p;
1299                 for (p = ndopts.nd_useropts;
1300                      p;
1301                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1302                         ndisc_ra_useropt(skb, p);
1303                 }
1304         }
1305
1306         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1307                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1308         }
1309 out:
1310         ip6_rt_put(rt);
1311         if (neigh)
1312                 neigh_release(neigh);
1313 }
1314
1315 static void ndisc_redirect_rcv(struct sk_buff *skb)
1316 {
1317 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1318         switch (skb->ndisc_nodetype) {
1319         case NDISC_NODETYPE_HOST:
1320         case NDISC_NODETYPE_NODEFAULT:
1321                 ND_PRINTK(2, warn,
1322                           "Redirect: from host or unauthorized router\n");
1323                 return;
1324         }
1325 #endif
1326
1327         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1328                 ND_PRINTK(2, warn,
1329                           "Redirect: source address is not link-local\n");
1330                 return;
1331         }
1332
1333         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1334 }
1335
1336 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1337 {
1338         struct net_device *dev = skb->dev;
1339         struct net *net = dev_net(dev);
1340         struct sock *sk = net->ipv6.ndisc_sk;
1341         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1342         struct inet_peer *peer;
1343         struct sk_buff *buff;
1344         struct icmp6hdr *icmph;
1345         struct in6_addr saddr_buf;
1346         struct in6_addr *addrp;
1347         struct rt6_info *rt;
1348         struct dst_entry *dst;
1349         struct inet6_dev *idev;
1350         struct flowi6 fl6;
1351         u8 *opt;
1352         int hlen, tlen;
1353         int rd_len;
1354         int err;
1355         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1356         bool ret;
1357
1358         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1359                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1360                           dev->name);
1361                 return;
1362         }
1363
1364         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1365             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1366                 ND_PRINTK(2, warn,
1367                           "Redirect: target address is not link-local unicast\n");
1368                 return;
1369         }
1370
1371         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1372                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1373
1374         dst = ip6_route_output(net, NULL, &fl6);
1375         if (dst->error) {
1376                 dst_release(dst);
1377                 return;
1378         }
1379         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1380         if (IS_ERR(dst))
1381                 return;
1382
1383         rt = (struct rt6_info *) dst;
1384
1385         if (rt->rt6i_flags & RTF_GATEWAY) {
1386                 ND_PRINTK(2, warn,
1387                           "Redirect: destination is not a neighbour\n");
1388                 goto release;
1389         }
1390         peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1391         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1392         if (peer)
1393                 inet_putpeer(peer);
1394         if (!ret)
1395                 goto release;
1396
1397         if (dev->addr_len) {
1398                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1399                 if (!neigh) {
1400                         ND_PRINTK(2, warn,
1401                                   "Redirect: no neigh for target address\n");
1402                         goto release;
1403                 }
1404
1405                 read_lock_bh(&neigh->lock);
1406                 if (neigh->nud_state & NUD_VALID) {
1407                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1408                         read_unlock_bh(&neigh->lock);
1409                         ha = ha_buf;
1410                         len += ndisc_opt_addr_space(dev);
1411                 } else
1412                         read_unlock_bh(&neigh->lock);
1413
1414                 neigh_release(neigh);
1415         }
1416
1417         rd_len = min_t(unsigned int,
1418                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1419         rd_len &= ~0x7;
1420         len += rd_len;
1421
1422         hlen = LL_RESERVED_SPACE(dev);
1423         tlen = dev->needed_tailroom;
1424         buff = sock_alloc_send_skb(sk,
1425                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1426                                     len + hlen + tlen),
1427                                    1, &err);
1428         if (buff == NULL) {
1429                 ND_PRINTK(0, err,
1430                           "Redirect: %s failed to allocate an skb, err=%d\n",
1431                           __func__, err);
1432                 goto release;
1433         }
1434
1435         skb_reserve(buff, hlen);
1436         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1437                    IPPROTO_ICMPV6, len);
1438
1439         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1440         skb_put(buff, len);
1441         icmph = icmp6_hdr(buff);
1442
1443         memset(icmph, 0, sizeof(struct icmp6hdr));
1444         icmph->icmp6_type = NDISC_REDIRECT;
1445
1446         /*
1447          *      copy target and destination addresses
1448          */
1449
1450         addrp = (struct in6_addr *)(icmph + 1);
1451         *addrp = *target;
1452         addrp++;
1453         *addrp = ipv6_hdr(skb)->daddr;
1454
1455         opt = (u8*) (addrp + 1);
1456
1457         /*
1458          *      include target_address option
1459          */
1460
1461         if (ha)
1462                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1463                                              dev->addr_len, dev->type);
1464
1465         /*
1466          *      build redirect option and copy skb over to the new packet.
1467          */
1468
1469         memset(opt, 0, 8);
1470         *(opt++) = ND_OPT_REDIRECT_HDR;
1471         *(opt++) = (rd_len >> 3);
1472         opt += 6;
1473
1474         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1475
1476         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1477                                              len, IPPROTO_ICMPV6,
1478                                              csum_partial(icmph, len, 0));
1479
1480         skb_dst_set(buff, dst);
1481         rcu_read_lock();
1482         idev = __in6_dev_get(dst->dev);
1483         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1484         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1485                       dst_output);
1486         if (!err) {
1487                 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1488                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1489         }
1490
1491         rcu_read_unlock();
1492         return;
1493
1494 release:
1495         dst_release(dst);
1496 }
1497
1498 static void pndisc_redo(struct sk_buff *skb)
1499 {
1500         ndisc_recv_ns(skb);
1501         kfree_skb(skb);
1502 }
1503
1504 int ndisc_rcv(struct sk_buff *skb)
1505 {
1506         struct nd_msg *msg;
1507
1508         if (!pskb_may_pull(skb, skb->len))
1509                 return 0;
1510
1511         msg = (struct nd_msg *)skb_transport_header(skb);
1512
1513         __skb_push(skb, skb->data - skb_transport_header(skb));
1514
1515         if (ipv6_hdr(skb)->hop_limit != 255) {
1516                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1517                           ipv6_hdr(skb)->hop_limit);
1518                 return 0;
1519         }
1520
1521         if (msg->icmph.icmp6_code != 0) {
1522                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1523                           msg->icmph.icmp6_code);
1524                 return 0;
1525         }
1526
1527         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1528
1529         switch (msg->icmph.icmp6_type) {
1530         case NDISC_NEIGHBOUR_SOLICITATION:
1531                 ndisc_recv_ns(skb);
1532                 break;
1533
1534         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1535                 ndisc_recv_na(skb);
1536                 break;
1537
1538         case NDISC_ROUTER_SOLICITATION:
1539                 ndisc_recv_rs(skb);
1540                 break;
1541
1542         case NDISC_ROUTER_ADVERTISEMENT:
1543                 ndisc_router_discovery(skb);
1544                 break;
1545
1546         case NDISC_REDIRECT:
1547                 ndisc_redirect_rcv(skb);
1548                 break;
1549         }
1550
1551         return 0;
1552 }
1553
1554 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1555 {
1556         struct net_device *dev = ptr;
1557         struct net *net = dev_net(dev);
1558         struct inet6_dev *idev;
1559
1560         switch (event) {
1561         case NETDEV_CHANGEADDR:
1562                 neigh_changeaddr(&nd_tbl, dev);
1563                 fib6_run_gc(~0UL, net);
1564                 idev = in6_dev_get(dev);
1565                 if (!idev)
1566                         break;
1567                 if (idev->cnf.ndisc_notify)
1568                         ndisc_send_unsol_na(dev);
1569                 in6_dev_put(idev);
1570                 break;
1571         case NETDEV_DOWN:
1572                 neigh_ifdown(&nd_tbl, dev);
1573                 fib6_run_gc(~0UL, net);
1574                 break;
1575         case NETDEV_NOTIFY_PEERS:
1576                 ndisc_send_unsol_na(dev);
1577                 break;
1578         default:
1579                 break;
1580         }
1581
1582         return NOTIFY_DONE;
1583 }
1584
1585 static struct notifier_block ndisc_netdev_notifier = {
1586         .notifier_call = ndisc_netdev_event,
1587 };
1588
1589 #ifdef CONFIG_SYSCTL
1590 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1591                                          const char *func, const char *dev_name)
1592 {
1593         static char warncomm[TASK_COMM_LEN];
1594         static int warned;
1595         if (strcmp(warncomm, current->comm) && warned < 5) {
1596                 strcpy(warncomm, current->comm);
1597                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1598                         warncomm, func,
1599                         dev_name, ctl->procname,
1600                         dev_name, ctl->procname);
1601                 warned++;
1602         }
1603 }
1604
1605 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1606 {
1607         struct net_device *dev = ctl->extra1;
1608         struct inet6_dev *idev;
1609         int ret;
1610
1611         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1612             (strcmp(ctl->procname, "base_reachable_time") == 0))
1613                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1614
1615         if (strcmp(ctl->procname, "retrans_time") == 0)
1616                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1617
1618         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1619                 ret = proc_dointvec_jiffies(ctl, write,
1620                                             buffer, lenp, ppos);
1621
1622         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1623                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1624                 ret = proc_dointvec_ms_jiffies(ctl, write,
1625                                                buffer, lenp, ppos);
1626         else
1627                 ret = -1;
1628
1629         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1630                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1631                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1632                 idev->tstamp = jiffies;
1633                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1634                 in6_dev_put(idev);
1635         }
1636         return ret;
1637 }
1638
1639
1640 #endif
1641
1642 static int __net_init ndisc_net_init(struct net *net)
1643 {
1644         struct ipv6_pinfo *np;
1645         struct sock *sk;
1646         int err;
1647
1648         err = inet_ctl_sock_create(&sk, PF_INET6,
1649                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1650         if (err < 0) {
1651                 ND_PRINTK(0, err,
1652                           "NDISC: Failed to initialize the control socket (err %d)\n",
1653                           err);
1654                 return err;
1655         }
1656
1657         net->ipv6.ndisc_sk = sk;
1658
1659         np = inet6_sk(sk);
1660         np->hop_limit = 255;
1661         /* Do not loopback ndisc messages */
1662         np->mc_loop = 0;
1663
1664         return 0;
1665 }
1666
1667 static void __net_exit ndisc_net_exit(struct net *net)
1668 {
1669         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1670 }
1671
1672 static struct pernet_operations ndisc_net_ops = {
1673         .init = ndisc_net_init,
1674         .exit = ndisc_net_exit,
1675 };
1676
1677 int __init ndisc_init(void)
1678 {
1679         int err;
1680
1681         err = register_pernet_subsys(&ndisc_net_ops);
1682         if (err)
1683                 return err;
1684         /*
1685          * Initialize the neighbour table
1686          */
1687         neigh_table_init(&nd_tbl);
1688
1689 #ifdef CONFIG_SYSCTL
1690         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1691                                     &ndisc_ifinfo_sysctl_change);
1692         if (err)
1693                 goto out_unregister_pernet;
1694 #endif
1695         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1696         if (err)
1697                 goto out_unregister_sysctl;
1698 out:
1699         return err;
1700
1701 out_unregister_sysctl:
1702 #ifdef CONFIG_SYSCTL
1703         neigh_sysctl_unregister(&nd_tbl.parms);
1704 out_unregister_pernet:
1705 #endif
1706         unregister_pernet_subsys(&ndisc_net_ops);
1707         goto out;
1708 }
1709
1710 void ndisc_cleanup(void)
1711 {
1712         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1713 #ifdef CONFIG_SYSCTL
1714         neigh_sysctl_unregister(&nd_tbl.parms);
1715 #endif
1716         neigh_table_clear(&nd_tbl);
1717         unregister_pernet_subsys(&ndisc_net_ops);
1718 }