1
/*
2
 *	Neighbour Discovery for IPv6
3
 *	Linux INET6 implementation
4
 *
5
 *	Authors:
6
 *	Pedro Roque		<[email protected]>
7
 *	Mike Shaver		<[email protected]>
8
 *
9
 *	This program is free software; you can redistribute it and/or
10
 *      modify it under the terms of the GNU General Public License
11
 *      as published by the Free Software Foundation; either version
12
 *      2 of the License, or (at your option) any later version.
13
 */
14

15
/*
16
 *	Changes:
17
 *
18
 *	Pierre Ynard			:	export userland ND options
19
 *						through netlink (RDNSS support)
20
 *	Lars Fenneberg			:	fixed MTU setting on receipt
21
 *						of an RA.
22
 *	Janos Farkas			:	kmalloc failure checks
23
 *	Alexey Kuznetsov		:	state machine reworked
24
 *						and moved to net/core.
25
 *	Pekka Savola			:	RFC2461 validation
26
 *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
27
 */
28

29
/* Set to 3 to get tracing... */
30
#define ND_DEBUG 1
31

32
#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33
#define ND_NOPRINTK(x...) do { ; } while(0)
34
#define ND_PRINTK0 ND_PRINTK
35
#define ND_PRINTK1 ND_NOPRINTK
36
#define ND_PRINTK2 ND_NOPRINTK
37
#define ND_PRINTK3 ND_NOPRINTK
38
#if ND_DEBUG >= 1
39
#undef ND_PRINTK1
40
#define ND_PRINTK1 ND_PRINTK
41
#endif
42
#if ND_DEBUG >= 2
43
#undef ND_PRINTK2
44
#define ND_PRINTK2 ND_PRINTK
45
#endif
46
#if ND_DEBUG >= 3
47
#undef ND_PRINTK3
48
#define ND_PRINTK3 ND_PRINTK
49
#endif
50

51
#include <linux/module.h>
52
#include <linux/errno.h>
53
#include <linux/types.h>
54
#include <linux/socket.h>
55
#include <linux/sockios.h>
56
#include <linux/sched.h>
57
#include <linux/net.h>
58
#include <linux/in6.h>
59
#include <linux/route.h>
60
#include <linux/init.h>
61
#include <linux/rcupdate.h>
62
#include <linux/slab.h>
63
#ifdef CONFIG_SYSCTL
64
#include <linux/sysctl.h>
65
#endif
66

67
#include <linux/if_addr.h>
68
#include <linux/if_arp.h>
69
#include <linux/ipv6.h>
70
#include <linux/icmpv6.h>
71
#include <linux/jhash.h>
72

73
#include <net/sock.h>
74
#include <net/snmp.h>
75

76
#include <net/ipv6.h>
77
#include <net/protocol.h>
78
#include <net/ndisc.h>
79
#include <net/ip6_route.h>
80
#include <net/addrconf.h>
81
#include <net/icmp.h>
82

83
#include <net/netlink.h>
84
#include <linux/rtnetlink.h>
85

86
#include <net/flow.h>
87
#include <net/ip6_checksum.h>
88
#include <net/inet_common.h>
89
#include <linux/proc_fs.h>
90

91
#include <linux/netfilter.h>
92
#include <linux/netfilter_ipv6.h>
93

94
static u32 ndisc_hash(const void *pkey,
95
		      const struct net_device *dev,
96
		      __u32 rnd);
97
static int ndisc_constructor(struct neighbour *neigh);
98
static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99
static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100
static int pndisc_constructor(struct pneigh_entry *n);
101
static void pndisc_destructor(struct pneigh_entry *n);
102
static void pndisc_redo(struct sk_buff *skb);
103

104
static const struct neigh_ops ndisc_generic_ops = {
105
	.family =		AF_INET6,
106
	.solicit =		ndisc_solicit,
107
	.error_report =		ndisc_error_report,
108
	.output =		neigh_resolve_output,
109
	.connected_output =	neigh_connected_output,
110
	.hh_output =		dev_queue_xmit,
111
	.queue_xmit =		dev_queue_xmit,
112
};
113

114
static const struct neigh_ops ndisc_hh_ops = {
115
	.family =		AF_INET6,
116
	.solicit =		ndisc_solicit,
117
	.error_report =		ndisc_error_report,
118
	.output =		neigh_resolve_output,
119
	.connected_output =	neigh_resolve_output,
120
	.hh_output =		dev_queue_xmit,
121
	.queue_xmit =		dev_queue_xmit,
122
};
123

124

125
static const struct neigh_ops ndisc_direct_ops = {
126
	.family =		AF_INET6,
127
	.output =		dev_queue_xmit,
128
	.connected_output =	dev_queue_xmit,
129
	.hh_output =		dev_queue_xmit,
130
	.queue_xmit =		dev_queue_xmit,
131
};
132

133
struct neigh_table nd_tbl = {
134
	.family =	AF_INET6,
135
	.entry_size =	sizeof(struct neighbour) + sizeof(struct in6_addr),
136
	.key_len =	sizeof(struct in6_addr),
137
	.hash =		ndisc_hash,
138
	.constructor =	ndisc_constructor,
139
	.pconstructor =	pndisc_constructor,
140
	.pdestructor =	pndisc_destructor,
141
	.proxy_redo =	pndisc_redo,
142
	.id =		"ndisc_cache",
143
	.parms = {
144
		.tbl			= &nd_tbl,
145
		.base_reachable_time	= ND_REACHABLE_TIME,
146
		.retrans_time		= ND_RETRANS_TIMER,
147
		.gc_staletime		= 60 * HZ,
148
		.reachable_time		= ND_REACHABLE_TIME,
149
		.delay_probe_time	= 5 * HZ,
150
		.queue_len		= 3,
151
		.ucast_probes		= 3,
152
		.mcast_probes		= 3,
153
		.anycast_delay		= 1 * HZ,
154
		.proxy_delay		= (8 * HZ) / 10,
155
		.proxy_qlen		= 64,
156
	},
157
	.gc_interval =	  30 * HZ,
158
	.gc_thresh1 =	 128,
159
	.gc_thresh2 =	 512,
160
	.gc_thresh3 =	1024,
161
};
162

163
/* ND options */
164
struct ndisc_options {
165
	struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
166
#ifdef CONFIG_IPV6_ROUTE_INFO
167
	struct nd_opt_hdr *nd_opts_ri;
168
	struct nd_opt_hdr *nd_opts_ri_end;
169
#endif
170
	struct nd_opt_hdr *nd_useropts;
171
	struct nd_opt_hdr *nd_useropts_end;
172
};
173

174
#define nd_opts_src_lladdr	nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
175
#define nd_opts_tgt_lladdr	nd_opt_array[ND_OPT_TARGET_LL_ADDR]
176
#define nd_opts_pi		nd_opt_array[ND_OPT_PREFIX_INFO]
177
#define nd_opts_pi_end		nd_opt_array[__ND_OPT_PREFIX_INFO_END]
178
#define nd_opts_rh		nd_opt_array[ND_OPT_REDIRECT_HDR]
179
#define nd_opts_mtu		nd_opt_array[ND_OPT_MTU]
180

181
#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
182

183
/*
184
 * Return the padding between the option length and the start of the
185
 * link addr.  Currently only IP-over-InfiniBand needs this, although
186
 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
187
 * also need a pad of 2.
188
 */
189
static int ndisc_addr_option_pad(unsigned short type)
190
{
191
	switch (type) {
192
	case ARPHRD_INFINIBAND: return 2;
193
	default:                return 0;
194
	}
195
}
196

197
static inline int ndisc_opt_addr_space(struct net_device *dev)
198
{
199
	return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
200
}
201

202
static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
203
				  unsigned short addr_type)
204
{
205
	int space = NDISC_OPT_SPACE(data_len);
206
	int pad   = ndisc_addr_option_pad(addr_type);
207

208
	opt[0] = type;
209
	opt[1] = space>>3;
210

211
	memset(opt + 2, 0, pad);
212
	opt   += pad;
213
	space -= pad;
214

215
	memcpy(opt+2, data, data_len);
216
	data_len += 2;
217
	opt += data_len;
218
	if ((space -= data_len) > 0)
219
		memset(opt, 0, space);
220
	return opt + space;
221
}
222

223
static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
224
					    struct nd_opt_hdr *end)
225
{
226
	int type;
227
	if (!cur || !end || cur >= end)
228
		return NULL;
229
	type = cur->nd_opt_type;
230
	do {
231
		cur = ((void *)cur) + (cur->nd_opt_len << 3);
232
	} while(cur < end && cur->nd_opt_type != type);
233
	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
234
}
235

236
static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
237
{
238
	return opt->nd_opt_type == ND_OPT_RDNSS;
239
}
240

241
static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
242
					     struct nd_opt_hdr *end)
243
{
244
	if (!cur || !end || cur >= end)
245
		return NULL;
246
	do {
247
		cur = ((void *)cur) + (cur->nd_opt_len << 3);
248
	} while(cur < end && !ndisc_is_useropt(cur));
249
	return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
250
}
251

252
static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
253
						 struct ndisc_options *ndopts)
254
{
255
	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
256

257
	if (!nd_opt || opt_len < 0 || !ndopts)
258
		return NULL;
259
	memset(ndopts, 0, sizeof(*ndopts));
260
	while (opt_len) {
261
		int l;
262
		if (opt_len < sizeof(struct nd_opt_hdr))
263
			return NULL;
264
		l = nd_opt->nd_opt_len << 3;
265
		if (opt_len < l || l == 0)
266
			return NULL;
267
		switch (nd_opt->nd_opt_type) {
268
		case ND_OPT_SOURCE_LL_ADDR:
269
		case ND_OPT_TARGET_LL_ADDR:
270
		case ND_OPT_MTU:
271
		case ND_OPT_REDIRECT_HDR:
272
			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
273
				ND_PRINTK2(KERN_WARNING
274
					   "%s(): duplicated ND6 option found: type=%d\n",
275
					   __func__,
276
					   nd_opt->nd_opt_type);
277
			} else {
278
				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279
			}
280
			break;
281
		case ND_OPT_PREFIX_INFO:
282
			ndopts->nd_opts_pi_end = nd_opt;
283
			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
284
				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
285
			break;
286
#ifdef CONFIG_IPV6_ROUTE_INFO
287
		case ND_OPT_ROUTE_INFO:
288
			ndopts->nd_opts_ri_end = nd_opt;
289
			if (!ndopts->nd_opts_ri)
290
				ndopts->nd_opts_ri = nd_opt;
291
			break;
292
#endif
293
		default:
294
			if (ndisc_is_useropt(nd_opt)) {
295
				ndopts->nd_useropts_end = nd_opt;
296
				if (!ndopts->nd_useropts)
297
					ndopts->nd_useropts = nd_opt;
298
			} else {
299
				/*
300
				 * Unknown options must be silently ignored,
301
				 * to accommodate future extension to the
302
				 * protocol.
303
				 */
304
				ND_PRINTK2(KERN_NOTICE
305
					   "%s(): ignored unsupported option; type=%d, len=%d\n",
306
					   __func__,
307
					   nd_opt->nd_opt_type, nd_opt->nd_opt_len);
308
			}
309
		}
310
		opt_len -= l;
311
		nd_opt = ((void *)nd_opt) + l;
312
	}
313
	return ndopts;
314
}
315

316
static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
317
				      struct net_device *dev)
318
{
319
	u8 *lladdr = (u8 *)(p + 1);
320
	int lladdrlen = p->nd_opt_len << 3;
321
	int prepad = ndisc_addr_option_pad(dev->type);
322
	if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
323
		return NULL;
324
	return lladdr + prepad;
325
}
326

327
int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
328
{
329
	switch (dev->type) {
330
	case ARPHRD_ETHER:
331
	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
332
	case ARPHRD_FDDI:
333
		ipv6_eth_mc_map(addr, buf);
334
		return 0;
335
	case ARPHRD_IEEE802_TR:
336
		ipv6_tr_mc_map(addr,buf);
337
		return 0;
338
	case ARPHRD_ARCNET:
339
		ipv6_arcnet_mc_map(addr, buf);
340
		return 0;
341
	case ARPHRD_INFINIBAND:
342
		ipv6_ib_mc_map(addr, dev->broadcast, buf);
343
		return 0;
344
	case ARPHRD_IPGRE:
345
		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
346
	default:
347
		if (dir) {
348
			memcpy(buf, dev->broadcast, dev->addr_len);
349
			return 0;
350
		}
351
	}
352
	return -EINVAL;
353
}
354

355
EXPORT_SYMBOL(ndisc_mc_map);
356

357
static u32 ndisc_hash(const void *pkey,
358
		      const struct net_device *dev,
359
		      __u32 hash_rnd)
360
{
361
	const u32 *p32 = pkey;
362
	u32 addr_hash, i;
363

364
	addr_hash = 0;
365
	for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
366
		addr_hash ^= *p32++;
367

368
	return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
369
}
370

371
static int ndisc_constructor(struct neighbour *neigh)
372
{
373
	struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
374
	struct net_device *dev = neigh->dev;
375
	struct inet6_dev *in6_dev;
376
	struct neigh_parms *parms;
377
	int is_multicast = ipv6_addr_is_multicast(addr);
378

379
	rcu_read_lock();
380
	in6_dev = in6_dev_get(dev);
381
	if (in6_dev == NULL) {
382
		rcu_read_unlock();
383
		return -EINVAL;
384
	}
385

386
	parms = in6_dev->nd_parms;
387
	__neigh_parms_put(neigh->parms);
388
	neigh->parms = neigh_parms_clone(parms);
389
	rcu_read_unlock();
390

391
	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
392
	if (!dev->header_ops) {
393
		neigh->nud_state = NUD_NOARP;
394
		neigh->ops = &ndisc_direct_ops;
395
		neigh->output = neigh->ops->queue_xmit;
396
	} else {
397
		if (is_multicast) {
398
			neigh->nud_state = NUD_NOARP;
399
			ndisc_mc_map(addr, neigh->ha, dev, 1);
400
		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
401
			neigh->nud_state = NUD_NOARP;
402
			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
403
			if (dev->flags&IFF_LOOPBACK)
404
				neigh->type = RTN_LOCAL;
405
		} else if (dev->flags&IFF_POINTOPOINT) {
406
			neigh->nud_state = NUD_NOARP;
407
			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
408
		}
409
		if (dev->header_ops->cache)
410
			neigh->ops = &ndisc_hh_ops;
411
		else
412
			neigh->ops = &ndisc_generic_ops;
413
		if (neigh->nud_state&NUD_VALID)
414
			neigh->output = neigh->ops->connected_output;
415
		else
416
			neigh->output = neigh->ops->output;
417
	}
418
	in6_dev_put(in6_dev);
419
	return 0;
420
}
421

422
static int pndisc_constructor(struct pneigh_entry *n)
423
{
424
	struct in6_addr *addr = (struct in6_addr*)&n->key;
425
	struct in6_addr maddr;
426
	struct net_device *dev = n->dev;
427

428
	if (dev == NULL || __in6_dev_get(dev) == NULL)
429
		return -EINVAL;
430
	addrconf_addr_solict_mult(addr, &maddr);
431
	ipv6_dev_mc_inc(dev, &maddr);
432
	return 0;
433
}
434

435
static void pndisc_destructor(struct pneigh_entry *n)
436
{
437
	struct in6_addr *addr = (struct in6_addr*)&n->key;
438
	struct in6_addr maddr;
439
	struct net_device *dev = n->dev;
440

441
	if (dev == NULL || __in6_dev_get(dev) == NULL)
442
		return;
443
	addrconf_addr_solict_mult(addr, &maddr);
444
	ipv6_dev_mc_dec(dev, &maddr);
445
}
446

447
struct sk_buff *ndisc_build_skb(struct net_device *dev,
448
				const struct in6_addr *daddr,
449
				const struct in6_addr *saddr,
450
				struct icmp6hdr *icmp6h,
451
				const struct in6_addr *target,
452
				int llinfo)
453
{
454
	struct net *net = dev_net(dev);
455
	struct sock *sk = net->ipv6.ndisc_sk;
456
	struct sk_buff *skb;
457
	struct icmp6hdr *hdr;
458
	int len;
459
	int err;
460
	u8 *opt;
461

462
	if (!dev->addr_len)
463
		llinfo = 0;
464

465
	len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
466
	if (llinfo)
467
		len += ndisc_opt_addr_space(dev);
468

469
	skb = sock_alloc_send_skb(sk,
470
				  (MAX_HEADER + sizeof(struct ipv6hdr) +
471
				   len + LL_ALLOCATED_SPACE(dev)),
472
				  1, &err);
473
	if (!skb) {
474
		ND_PRINTK0(KERN_ERR
475
			   "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
476
			   __func__, err);
477
		return NULL;
478
	}
479

480
	skb_reserve(skb, LL_RESERVED_SPACE(dev));
481
	ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
482

483
	skb->transport_header = skb->tail;
484
	skb_put(skb, len);
485

486
	hdr = (struct icmp6hdr *)skb_transport_header(skb);
487
	memcpy(hdr, icmp6h, sizeof(*hdr));
488

489
	opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
490
	if (target) {
491
		ipv6_addr_copy((struct in6_addr *)opt, target);
492
		opt += sizeof(*target);
493
	}
494

495
	if (llinfo)
496
		ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
497
				       dev->addr_len, dev->type);
498

499
	hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
500
					   IPPROTO_ICMPV6,
501
					   csum_partial(hdr,
502
							len, 0));
503

504
	return skb;
505
}
506

507
EXPORT_SYMBOL(ndisc_build_skb);
508

509
void ndisc_send_skb(struct sk_buff *skb,
510
		    struct net_device *dev,
511
		    struct neighbour *neigh,
512
		    const struct in6_addr *daddr,
513
		    const struct in6_addr *saddr,
514
		    struct icmp6hdr *icmp6h)
515
{
516
	struct flowi6 fl6;
517
	struct dst_entry *dst;
518
	struct net *net = dev_net(dev);
519
	struct sock *sk = net->ipv6.ndisc_sk;
520
	struct inet6_dev *idev;
521
	int err;
522
	u8 type;
523

524
	type = icmp6h->icmp6_type;
525

526
	icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
527

528
	dst = icmp6_dst_alloc(dev, neigh, daddr);
529
	if (!dst) {
530
		kfree_skb(skb);
531
		return;
532
	}
533

534
	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
535
	if (IS_ERR(dst)) {
536
		kfree_skb(skb);
537
		return;
538
	}
539

540
	skb_dst_set(skb, dst);
541

542
	idev = in6_dev_get(dst->dev);
543
	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
544

545
	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
546
		      dst_output);
547
	if (!err) {
548
		ICMP6MSGOUT_INC_STATS(net, idev, type);
549
		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
550
	}
551

552
	if (likely(idev != NULL))
553
		in6_dev_put(idev);
554
}
555

556
EXPORT_SYMBOL(ndisc_send_skb);
557

558
/*
559
 *	Send a Neighbour Discover packet
560
 */
561
static void __ndisc_send(struct net_device *dev,
562
			 struct neighbour *neigh,
563
			 const struct in6_addr *daddr,
564
			 const struct in6_addr *saddr,
565
			 struct icmp6hdr *icmp6h, const struct in6_addr *target,
566
			 int llinfo)
567
{
568
	struct sk_buff *skb;
569

570
	skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
571
	if (!skb)
572
		return;
573

574
	ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
575
}
576

577
static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
578
			  const struct in6_addr *daddr,
579
			  const struct in6_addr *solicited_addr,
580
			  int router, int solicited, int override, int inc_opt)
581
{
582
	struct in6_addr tmpaddr;
583
	struct inet6_ifaddr *ifp;
584
	const struct in6_addr *src_addr;
585
	struct icmp6hdr icmp6h = {
586
		.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
587
	};
588

589
	/* for anycast or proxy, solicited_addr != src_addr */
590
	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
591
	if (ifp) {
592
		src_addr = solicited_addr;
593
		if (ifp->flags & IFA_F_OPTIMISTIC)
594
			override = 0;
595
		inc_opt |= ifp->idev->cnf.force_tllao;
596
		in6_ifa_put(ifp);
597
	} else {
598
		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
599
				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
600
				       &tmpaddr))
601
			return;
602
		src_addr = &tmpaddr;
603
	}
604

605
	icmp6h.icmp6_router = router;
606
	icmp6h.icmp6_solicited = solicited;
607
	icmp6h.icmp6_override = override;
608

609
	__ndisc_send(dev, neigh, daddr, src_addr,
610
		     &icmp6h, solicited_addr,
611
		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
612
}
613

614
static void ndisc_send_unsol_na(struct net_device *dev)
615
{
616
	struct inet6_dev *idev;
617
	struct inet6_ifaddr *ifa;
618
	struct in6_addr mcaddr;
619

620
	idev = in6_dev_get(dev);
621
	if (!idev)
622
		return;
623

624
	read_lock_bh(&idev->lock);
625
	list_for_each_entry(ifa, &idev->addr_list, if_list) {
626
		addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
627
		ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
628
			      /*router=*/ !!idev->cnf.forwarding,
629
			      /*solicited=*/ false, /*override=*/ true,
630
			      /*inc_opt=*/ true);
631
	}
632
	read_unlock_bh(&idev->lock);
633

634
	in6_dev_put(idev);
635
}
636

637
void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
638
		   const struct in6_addr *solicit,
639
		   const struct in6_addr *daddr, const struct in6_addr *saddr)
640
{
641
	struct in6_addr addr_buf;
642
	struct icmp6hdr icmp6h = {
643
		.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
644
	};
645

646
	if (saddr == NULL) {
647
		if (ipv6_get_lladdr(dev, &addr_buf,
648
				   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
649
			return;
650
		saddr = &addr_buf;
651
	}
652

653
	__ndisc_send(dev, neigh, daddr, saddr,
654
		     &icmp6h, solicit,
655
		     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
656
}
657

658
void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
659
		   const struct in6_addr *daddr)
660
{
661
	struct icmp6hdr icmp6h = {
662
		.icmp6_type = NDISC_ROUTER_SOLICITATION,
663
	};
664
	int send_sllao = dev->addr_len;
665

666
#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
667
	/*
668
	 * According to section 2.2 of RFC 4429, we must not
669
	 * send router solicitations with a sllao from
670
	 * optimistic addresses, but we may send the solicitation
671
	 * if we don't include the sllao.  So here we check
672
	 * if our address is optimistic, and if so, we
673
	 * suppress the inclusion of the sllao.
674
	 */
675
	if (send_sllao) {
676
		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
677
							   dev, 1);
678
		if (ifp) {
679
			if (ifp->flags & IFA_F_OPTIMISTIC)  {
680
				send_sllao = 0;
681
			}
682
			in6_ifa_put(ifp);
683
		} else {
684
			send_sllao = 0;
685
		}
686
	}
687
#endif
688
	__ndisc_send(dev, NULL, daddr, saddr,
689
		     &icmp6h, NULL,
690
		     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
691
}
692

693

694
static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
695
{
696
	/*
697
	 *	"The sender MUST return an ICMP
698
	 *	 destination unreachable"
699
	 */
700
	dst_link_failure(skb);
701
	kfree_skb(skb);
702
}
703

704
/* Called with locked neigh: either read or both */
705

706
static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
707
{
708
	struct in6_addr *saddr = NULL;
709
	struct in6_addr mcaddr;
710
	struct net_device *dev = neigh->dev;
711
	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
712
	int probes = atomic_read(&neigh->probes);
713

714
	if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
715
		saddr = &ipv6_hdr(skb)->saddr;
716

717
	if ((probes -= neigh->parms->ucast_probes) < 0) {
718
		if (!(neigh->nud_state & NUD_VALID)) {
719
			ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
720
				   __func__, target);
721
		}
722
		ndisc_send_ns(dev, neigh, target, target, saddr);
723
	} else if ((probes -= neigh->parms->app_probes) < 0) {
724
#ifdef CONFIG_ARPD
725
		neigh_app_ns(neigh);
726
#endif
727
	} else {
728
		addrconf_addr_solict_mult(target, &mcaddr);
729
		ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
730
	}
731
}
732

733
static int pndisc_is_router(const void *pkey,
734
			    struct net_device *dev)
735
{
736
	struct pneigh_entry *n;
737
	int ret = -1;
738

739
	read_lock_bh(&nd_tbl.lock);
740
	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
741
	if (n)
742
		ret = !!(n->flags & NTF_ROUTER);
743
	read_unlock_bh(&nd_tbl.lock);
744

745
	return ret;
746
}
747

748
static void ndisc_recv_ns(struct sk_buff *skb)
749
{
750
	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
751
	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
752
	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
753
	u8 *lladdr = NULL;
754
	u32 ndoptlen = skb->tail - (skb->transport_header +
755
				    offsetof(struct nd_msg, opt));
756
	struct ndisc_options ndopts;
757
	struct net_device *dev = skb->dev;
758
	struct inet6_ifaddr *ifp;
759
	struct inet6_dev *idev = NULL;
760
	struct neighbour *neigh;
761
	int dad = ipv6_addr_any(saddr);
762
	int inc;
763
	int is_router = -1;
764

765
	if (ipv6_addr_is_multicast(&msg->target)) {
766
		ND_PRINTK2(KERN_WARNING
767
			   "ICMPv6 NS: multicast target address");
768
		return;
769
	}
770

771
	/*
772
	 * RFC2461 7.1.1:
773
	 * DAD has to be destined for solicited node multicast address.
774
	 */
775
	if (dad &&
776
	    !(daddr->s6_addr32[0] == htonl(0xff020000) &&
777
	      daddr->s6_addr32[1] == htonl(0x00000000) &&
778
	      daddr->s6_addr32[2] == htonl(0x00000001) &&
779
	      daddr->s6_addr [12] == 0xff )) {
780
		ND_PRINTK2(KERN_WARNING
781
			   "ICMPv6 NS: bad DAD packet (wrong destination)\n");
782
		return;
783
	}
784

785
	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
786
		ND_PRINTK2(KERN_WARNING
787
			   "ICMPv6 NS: invalid ND options\n");
788
		return;
789
	}
790

791
	if (ndopts.nd_opts_src_lladdr) {
792
		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
793
		if (!lladdr) {
794
			ND_PRINTK2(KERN_WARNING
795
				   "ICMPv6 NS: invalid link-layer address length\n");
796
			return;
797
		}
798

799
		/* RFC2461 7.1.1:
800
		 *	If the IP source address is the unspecified address,
801
		 *	there MUST NOT be source link-layer address option
802
		 *	in the message.
803
		 */
804
		if (dad) {
805
			ND_PRINTK2(KERN_WARNING
806
				   "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
807
			return;
808
		}
809
	}
810

811
	inc = ipv6_addr_is_multicast(daddr);
812

813
	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
814
	if (ifp) {
815

816
		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
817
			if (dad) {
818
				if (dev->type == ARPHRD_IEEE802_TR) {
819
					const unsigned char *sadr;
820
					sadr = skb_mac_header(skb);
821
					if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
822
					    sadr[9] == dev->dev_addr[1] &&
823
					    sadr[10] == dev->dev_addr[2] &&
824
					    sadr[11] == dev->dev_addr[3] &&
825
					    sadr[12] == dev->dev_addr[4] &&
826
					    sadr[13] == dev->dev_addr[5]) {
827
						/* looped-back to us */
828
						goto out;
829
					}
830
				}
831

832
				/*
833
				 * We are colliding with another node
834
				 * who is doing DAD
835
				 * so fail our DAD process
836
				 */
837
				addrconf_dad_failure(ifp);
838
				return;
839
			} else {
840
				/*
841
				 * This is not a dad solicitation.
842
				 * If we are an optimistic node,
843
				 * we should respond.
844
				 * Otherwise, we should ignore it.
845
				 */
846
				if (!(ifp->flags & IFA_F_OPTIMISTIC))
847
					goto out;
848
			}
849
		}
850

851
		idev = ifp->idev;
852
	} else {
853
		struct net *net = dev_net(dev);
854

855
		idev = in6_dev_get(dev);
856
		if (!idev) {
857
			/* XXX: count this drop? */
858
			return;
859
		}
860

861
		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
862
		    (idev->cnf.forwarding &&
863
		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
864
		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
865
			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
866
			    skb->pkt_type != PACKET_HOST &&
867
			    inc != 0 &&
868
			    idev->nd_parms->proxy_delay != 0) {
869
				/*
870
				 * for anycast or proxy,
871
				 * sender should delay its response
872
				 * by a random time between 0 and
873
				 * MAX_ANYCAST_DELAY_TIME seconds.
874
				 * (RFC2461) -- yoshfuji
875
				 */
876
				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
877
				if (n)
878
					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
879
				goto out;
880
			}
881
		} else
882
			goto out;
883
	}
884

885
	if (is_router < 0)
886
		is_router = !!idev->cnf.forwarding;
887

888
	if (dad) {
889
		ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
890
			      is_router, 0, (ifp != NULL), 1);
891
		goto out;
892
	}
893

894
	if (inc)
895
		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
896
	else
897
		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
898

899
	/*
900
	 *	update / create cache entry
901
	 *	for the source address
902
	 */
903
	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
904
			       !inc || lladdr || !dev->addr_len);
905
	if (neigh)
906
		neigh_update(neigh, lladdr, NUD_STALE,
907
			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
908
			     NEIGH_UPDATE_F_OVERRIDE);
909
	if (neigh || !dev->header_ops) {
910
		ndisc_send_na(dev, neigh, saddr, &msg->target,
911
			      is_router,
912
			      1, (ifp != NULL && inc), inc);
913
		if (neigh)
914
			neigh_release(neigh);
915
	}
916

917
out:
918
	if (ifp)
919
		in6_ifa_put(ifp);
920
	else
921
		in6_dev_put(idev);
922
}
923

924
static void ndisc_recv_na(struct sk_buff *skb)
925
{
926
	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
927
	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
928
	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
929
	u8 *lladdr = NULL;
930
	u32 ndoptlen = skb->tail - (skb->transport_header +
931
				    offsetof(struct nd_msg, opt));
932
	struct ndisc_options ndopts;
933
	struct net_device *dev = skb->dev;
934
	struct inet6_ifaddr *ifp;
935
	struct neighbour *neigh;
936

937
	if (skb->len < sizeof(struct nd_msg)) {
938
		ND_PRINTK2(KERN_WARNING
939
			   "ICMPv6 NA: packet too short\n");
940
		return;
941
	}
942

943
	if (ipv6_addr_is_multicast(&msg->target)) {
944
		ND_PRINTK2(KERN_WARNING
945
			   "ICMPv6 NA: target address is multicast.\n");
946
		return;
947
	}
948

949
	if (ipv6_addr_is_multicast(daddr) &&
950
	    msg->icmph.icmp6_solicited) {
951
		ND_PRINTK2(KERN_WARNING
952
			   "ICMPv6 NA: solicited NA is multicasted.\n");
953
		return;
954
	}
955

956
	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
957
		ND_PRINTK2(KERN_WARNING
958
			   "ICMPv6 NS: invalid ND option\n");
959
		return;
960
	}
961
	if (ndopts.nd_opts_tgt_lladdr) {
962
		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
963
		if (!lladdr) {
964
			ND_PRINTK2(KERN_WARNING
965
				   "ICMPv6 NA: invalid link-layer address length\n");
966
			return;
967
		}
968
	}
969
	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
970
	if (ifp) {
971
		if (skb->pkt_type != PACKET_LOOPBACK
972
		    && (ifp->flags & IFA_F_TENTATIVE)) {
973
				addrconf_dad_failure(ifp);
974
				return;
975
		}
976
		/* What should we make now? The advertisement
977
		   is invalid, but ndisc specs say nothing
978
		   about it. It could be misconfiguration, or
979
		   an smart proxy agent tries to help us :-)
980

981
		   We should not print the error if NA has been
982
		   received from loopback - it is just our own
983
		   unsolicited advertisement.
984
		 */
985
		if (skb->pkt_type != PACKET_LOOPBACK)
986
			ND_PRINTK1(KERN_WARNING
987
			   "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
988
			   &ifp->addr, ifp->idev->dev->name);
989
		in6_ifa_put(ifp);
990
		return;
991
	}
992
	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
993

994
	if (neigh) {
995
		u8 old_flags = neigh->flags;
996
		struct net *net = dev_net(dev);
997

998
		if (neigh->nud_state & NUD_FAILED)
999
			goto out;
1000

1001
		/*
1002
		 * Don't update the neighbor cache entry on a proxy NA from
1003
		 * ourselves because either the proxied node is off link or it
1004
		 * has already sent a NA to us.
1005
		 */
1006
		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1007
		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1008
		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1009
			/* XXX: idev->cnf.prixy_ndp */
1010
			goto out;
1011
		}
1012

1013
		neigh_update(neigh, lladdr,
1014
			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1015
			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1016
			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1017
			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1018
			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1019

1020
		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1021
			/*
1022
			 * Change: router to host
1023
			 */
1024
			struct rt6_info *rt;
1025
			rt = rt6_get_dflt_router(saddr, dev);
1026
			if (rt)
1027
				ip6_del_rt(rt);
1028
		}
1029

1030
out:
1031
		neigh_release(neigh);
1032
	}
1033
}
1034

1035
static void ndisc_recv_rs(struct sk_buff *skb)
1036
{
1037
	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1038
	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1039
	struct neighbour *neigh;
1040
	struct inet6_dev *idev;
1041
	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1042
	struct ndisc_options ndopts;
1043
	u8 *lladdr = NULL;
1044

1045
	if (skb->len < sizeof(*rs_msg))
1046
		return;
1047

1048
	idev = in6_dev_get(skb->dev);
1049
	if (!idev) {
1050
		if (net_ratelimit())
1051
			ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1052
		return;
1053
	}
1054

1055
	/* Don't accept RS if we're not in router mode */
1056
	if (!idev->cnf.forwarding)
1057
		goto out;
1058

1059
	/*
1060
	 * Don't update NCE if src = ::;
1061
	 * this implies that the source node has no ip address assigned yet.
1062
	 */
1063
	if (ipv6_addr_any(saddr))
1064
		goto out;
1065

1066
	/* Parse ND options */
1067
	if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1068
		if (net_ratelimit())
1069
			ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1070
		goto out;
1071
	}
1072

1073
	if (ndopts.nd_opts_src_lladdr) {
1074
		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1075
					     skb->dev);
1076
		if (!lladdr)
1077
			goto out;
1078
	}
1079

1080
	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1081
	if (neigh) {
1082
		neigh_update(neigh, lladdr, NUD_STALE,
1083
			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1084
			     NEIGH_UPDATE_F_OVERRIDE|
1085
			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1086
		neigh_release(neigh);
1087
	}
1088
out:
1089
	in6_dev_put(idev);
1090
}
1091

1092
static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1093
{
1094
	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1095
	struct sk_buff *skb;
1096
	struct nlmsghdr *nlh;
1097
	struct nduseroptmsg *ndmsg;
1098
	struct net *net = dev_net(ra->dev);
1099
	int err;
1100
	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1101
				    + (opt->nd_opt_len << 3));
1102
	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1103

1104
	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1105
	if (skb == NULL) {
1106
		err = -ENOBUFS;
1107
		goto errout;
1108
	}
1109

1110
	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1111
	if (nlh == NULL) {
1112
		goto nla_put_failure;
1113
	}
1114

1115
	ndmsg = nlmsg_data(nlh);
1116
	ndmsg->nduseropt_family = AF_INET6;
1117
	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1118
	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1119
	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1120
	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1121

1122
	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1123

1124
	NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1125
		&ipv6_hdr(ra)->saddr);
1126
	nlmsg_end(skb, nlh);
1127

1128
	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1129
	return;
1130

1131
nla_put_failure:
1132
	nlmsg_free(skb);
1133
	err = -EMSGSIZE;
1134
errout:
1135
	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1136
}
1137

1138
static inline int accept_ra(struct inet6_dev *in6_dev)
1139
{
1140
	/*
1141
	 * If forwarding is enabled, RA are not accepted unless the special
1142
	 * hybrid mode (accept_ra=2) is enabled.
1143
	 */
1144
	if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1145
		return 0;
1146

1147
	return in6_dev->cnf.accept_ra;
1148
}
1149

1150
static void ndisc_router_discovery(struct sk_buff *skb)
1151
{
1152
	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1153
	struct neighbour *neigh = NULL;
1154
	struct inet6_dev *in6_dev;
1155
	struct rt6_info *rt = NULL;
1156
	int lifetime;
1157
	struct ndisc_options ndopts;
1158
	int optlen;
1159
	unsigned int pref = 0;
1160

1161
	__u8 * opt = (__u8 *)(ra_msg + 1);
1162

1163
	optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1164

1165
	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1166
		ND_PRINTK2(KERN_WARNING
1167
			   "ICMPv6 RA: source address is not link-local.\n");
1168
		return;
1169
	}
1170
	if (optlen < 0) {
1171
		ND_PRINTK2(KERN_WARNING
1172
			   "ICMPv6 RA: packet too short\n");
1173
		return;
1174
	}
1175

1176
#ifdef CONFIG_IPV6_NDISC_NODETYPE
1177
	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1178
		ND_PRINTK2(KERN_WARNING
1179
			   "ICMPv6 RA: from host or unauthorized router\n");
1180
		return;
1181
	}
1182
#endif
1183

1184
	/*
1185
	 *	set the RA_RECV flag in the interface
1186
	 */
1187

1188
	in6_dev = in6_dev_get(skb->dev);
1189
	if (in6_dev == NULL) {
1190
		ND_PRINTK0(KERN_ERR
1191
			   "ICMPv6 RA: can't find inet6 device for %s.\n",
1192
			   skb->dev->name);
1193
		return;
1194
	}
1195

1196
	if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1197
		in6_dev_put(in6_dev);
1198
		ND_PRINTK2(KERN_WARNING
1199
			   "ICMP6 RA: invalid ND options\n");
1200
		return;
1201
	}
1202

1203
	if (!accept_ra(in6_dev))
1204
		goto skip_linkparms;
1205

1206
#ifdef CONFIG_IPV6_NDISC_NODETYPE
1207
	/* skip link-specific parameters from interior routers */
1208
	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1209
		goto skip_linkparms;
1210
#endif
1211

1212
	if (in6_dev->if_flags & IF_RS_SENT) {
1213
		/*
1214
		 *	flag that an RA was received after an RS was sent
1215
		 *	out on this interface.
1216
		 */
1217
		in6_dev->if_flags |= IF_RA_RCVD;
1218
	}
1219

1220
	/*
1221
	 * Remember the managed/otherconf flags from most recently
1222
	 * received RA message (RFC 2462) -- yoshfuji
1223
	 */
1224
	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1225
				IF_RA_OTHERCONF)) |
1226
				(ra_msg->icmph.icmp6_addrconf_managed ?
1227
					IF_RA_MANAGED : 0) |
1228
				(ra_msg->icmph.icmp6_addrconf_other ?
1229
					IF_RA_OTHERCONF : 0);
1230

1231
	if (!in6_dev->cnf.accept_ra_defrtr)
1232
		goto skip_defrtr;
1233

1234
	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1235

1236
#ifdef CONFIG_IPV6_ROUTER_PREF
1237
	pref = ra_msg->icmph.icmp6_router_pref;
1238
	/* 10b is handled as if it were 00b (medium) */
1239
	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1240
	    !in6_dev->cnf.accept_ra_rtr_pref)
1241
		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1242
#endif
1243

1244
	rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1245

1246
	if (rt)
1247
		neigh = rt->rt6i_nexthop;
1248

1249
	if (rt && lifetime == 0) {
1250
		neigh_clone(neigh);
1251
		ip6_del_rt(rt);
1252
		rt = NULL;
1253
	}
1254

1255
	if (rt == NULL && lifetime) {
1256
		ND_PRINTK3(KERN_DEBUG
1257
			   "ICMPv6 RA: adding default router.\n");
1258

1259
		rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1260
		if (rt == NULL) {
1261
			ND_PRINTK0(KERN_ERR
1262
				   "ICMPv6 RA: %s() failed to add default route.\n",
1263
				   __func__);
1264
			in6_dev_put(in6_dev);
1265
			return;
1266
		}
1267

1268
		neigh = rt->rt6i_nexthop;
1269
		if (neigh == NULL) {
1270
			ND_PRINTK0(KERN_ERR
1271
				   "ICMPv6 RA: %s() got default router without neighbour.\n",
1272
				   __func__);
1273
			dst_release(&rt->dst);
1274
			in6_dev_put(in6_dev);
1275
			return;
1276
		}
1277
		neigh->flags |= NTF_ROUTER;
1278
	} else if (rt) {
1279
		rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1280
	}
1281

1282
	if (rt)
1283
		rt->rt6i_expires = jiffies + (HZ * lifetime);
1284

1285
	if (ra_msg->icmph.icmp6_hop_limit) {
1286
		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1287
		if (rt)
1288
			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1289
				       ra_msg->icmph.icmp6_hop_limit);
1290
	}
1291

1292
skip_defrtr:
1293

1294
	/*
1295
	 *	Update Reachable Time and Retrans Timer
1296
	 */
1297

1298
	if (in6_dev->nd_parms) {
1299
		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1300

1301
		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1302
			rtime = (rtime*HZ)/1000;
1303
			if (rtime < HZ/10)
1304
				rtime = HZ/10;
1305
			in6_dev->nd_parms->retrans_time = rtime;
1306
			in6_dev->tstamp = jiffies;
1307
			inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1308
		}
1309

1310
		rtime = ntohl(ra_msg->reachable_time);
1311
		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1312
			rtime = (rtime*HZ)/1000;
1313

1314
			if (rtime < HZ/10)
1315
				rtime = HZ/10;
1316

1317
			if (rtime != in6_dev->nd_parms->base_reachable_time) {
1318
				in6_dev->nd_parms->base_reachable_time = rtime;
1319
				in6_dev->nd_parms->gc_staletime = 3 * rtime;
1320
				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1321
				in6_dev->tstamp = jiffies;
1322
				inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1323
			}
1324
		}
1325
	}
1326

1327
skip_linkparms:
1328

1329
	/*
1330
	 *	Process options.
1331
	 */
1332

1333
	if (!neigh)
1334
		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1335
				       skb->dev, 1);
1336
	if (neigh) {
1337
		u8 *lladdr = NULL;
1338
		if (ndopts.nd_opts_src_lladdr) {
1339
			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1340
						     skb->dev);
1341
			if (!lladdr) {
1342
				ND_PRINTK2(KERN_WARNING
1343
					   "ICMPv6 RA: invalid link-layer address length\n");
1344
				goto out;
1345
			}
1346
		}
1347
		neigh_update(neigh, lladdr, NUD_STALE,
1348
			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1349
			     NEIGH_UPDATE_F_OVERRIDE|
1350
			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1351
			     NEIGH_UPDATE_F_ISROUTER);
1352
	}
1353

1354
	if (!accept_ra(in6_dev))
1355
		goto out;
1356

1357
#ifdef CONFIG_IPV6_ROUTE_INFO
1358
	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1359
		struct nd_opt_hdr *p;
1360
		for (p = ndopts.nd_opts_ri;
1361
		     p;
1362
		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1363
			struct route_info *ri = (struct route_info *)p;
1364
#ifdef CONFIG_IPV6_NDISC_NODETYPE
1365
			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1366
			    ri->prefix_len == 0)
1367
				continue;
1368
#endif
1369
			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1370
				continue;
1371
			rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1372
				      &ipv6_hdr(skb)->saddr);
1373
		}
1374
	}
1375
#endif
1376

1377
#ifdef CONFIG_IPV6_NDISC_NODETYPE
1378
	/* skip link-specific ndopts from interior routers */
1379
	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1380
		goto out;
1381
#endif
1382

1383
	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1384
		struct nd_opt_hdr *p;
1385
		for (p = ndopts.nd_opts_pi;
1386
		     p;
1387
		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1388
			addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1389
		}
1390
	}
1391

1392
	if (ndopts.nd_opts_mtu) {
1393
		__be32 n;
1394
		u32 mtu;
1395

1396
		memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1397
		mtu = ntohl(n);
1398

1399
		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1400
			ND_PRINTK2(KERN_WARNING
1401
				   "ICMPv6 RA: invalid mtu: %d\n",
1402
				   mtu);
1403
		} else if (in6_dev->cnf.mtu6 != mtu) {
1404
			in6_dev->cnf.mtu6 = mtu;
1405

1406
			if (rt)
1407
				dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1408

1409
			rt6_mtu_change(skb->dev, mtu);
1410
		}
1411
	}
1412

1413
	if (ndopts.nd_useropts) {
1414
		struct nd_opt_hdr *p;
1415
		for (p = ndopts.nd_useropts;
1416
		     p;
1417
		     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1418
			ndisc_ra_useropt(skb, p);
1419
		}
1420
	}
1421

1422
	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1423
		ND_PRINTK2(KERN_WARNING
1424
			   "ICMPv6 RA: invalid RA options");
1425
	}
1426
out:
1427
	if (rt)
1428
		dst_release(&rt->dst);
1429
	else if (neigh)
1430
		neigh_release(neigh);
1431
	in6_dev_put(in6_dev);
1432
}
1433

1434
static void ndisc_redirect_rcv(struct sk_buff *skb)
1435
{
1436
	struct inet6_dev *in6_dev;
1437
	struct icmp6hdr *icmph;
1438
	const struct in6_addr *dest;
1439
	const struct in6_addr *target;	/* new first hop to destination */
1440
	struct neighbour *neigh;
1441
	int on_link = 0;
1442
	struct ndisc_options ndopts;
1443
	int optlen;
1444
	u8 *lladdr = NULL;
1445

1446
#ifdef CONFIG_IPV6_NDISC_NODETYPE
1447
	switch (skb->ndisc_nodetype) {
1448
	case NDISC_NODETYPE_HOST:
1449
	case NDISC_NODETYPE_NODEFAULT:
1450
		ND_PRINTK2(KERN_WARNING
1451
			   "ICMPv6 Redirect: from host or unauthorized router\n");
1452
		return;
1453
	}
1454
#endif
1455

1456
	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1457
		ND_PRINTK2(KERN_WARNING
1458
			   "ICMPv6 Redirect: source address is not link-local.\n");
1459
		return;
1460
	}
1461

1462
	optlen = skb->tail - skb->transport_header;
1463
	optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1464

1465
	if (optlen < 0) {
1466
		ND_PRINTK2(KERN_WARNING
1467
			   "ICMPv6 Redirect: packet too short\n");
1468
		return;
1469
	}
1470

1471
	icmph = icmp6_hdr(skb);
1472
	target = (const struct in6_addr *) (icmph + 1);
1473
	dest = target + 1;
1474

1475
	if (ipv6_addr_is_multicast(dest)) {
1476
		ND_PRINTK2(KERN_WARNING
1477
			   "ICMPv6 Redirect: destination address is multicast.\n");
1478
		return;
1479
	}
1480

1481
	if (ipv6_addr_equal(dest, target)) {
1482
		on_link = 1;
1483
	} else if (ipv6_addr_type(target) !=
1484
		   (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1485
		ND_PRINTK2(KERN_WARNING
1486
			   "ICMPv6 Redirect: target address is not link-local unicast.\n");
1487
		return;
1488
	}
1489

1490
	in6_dev = in6_dev_get(skb->dev);
1491
	if (!in6_dev)
1492
		return;
1493
	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1494
		in6_dev_put(in6_dev);
1495
		return;
1496
	}
1497

1498
	/* RFC2461 8.1:
1499
	 *	The IP source address of the Redirect MUST be the same as the current
1500
	 *	first-hop router for the specified ICMP Destination Address.
1501
	 */
1502

1503
	if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1504
		ND_PRINTK2(KERN_WARNING
1505
			   "ICMPv6 Redirect: invalid ND options\n");
1506
		in6_dev_put(in6_dev);
1507
		return;
1508
	}
1509
	if (ndopts.nd_opts_tgt_lladdr) {
1510
		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1511
					     skb->dev);
1512
		if (!lladdr) {
1513
			ND_PRINTK2(KERN_WARNING
1514
				   "ICMPv6 Redirect: invalid link-layer address length\n");
1515
			in6_dev_put(in6_dev);
1516
			return;
1517
		}
1518
	}
1519

1520
	neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1521
	if (neigh) {
1522
		rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1523
			     &ipv6_hdr(skb)->saddr, neigh, lladdr,
1524
			     on_link);
1525
		neigh_release(neigh);
1526
	}
1527
	in6_dev_put(in6_dev);
1528
}
1529

1530
void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1531
			 const struct in6_addr *target)
1532
{
1533
	struct net_device *dev = skb->dev;
1534
	struct net *net = dev_net(dev);
1535
	struct sock *sk = net->ipv6.ndisc_sk;
1536
	int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1537
	struct sk_buff *buff;
1538
	struct icmp6hdr *icmph;
1539
	struct in6_addr saddr_buf;
1540
	struct in6_addr *addrp;
1541
	struct rt6_info *rt;
1542
	struct dst_entry *dst;
1543
	struct inet6_dev *idev;
1544
	struct flowi6 fl6;
1545
	u8 *opt;
1546
	int rd_len;
1547
	int err;
1548
	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1549

1550
	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1551
		ND_PRINTK2(KERN_WARNING
1552
			   "ICMPv6 Redirect: no link-local address on %s\n",
1553
			   dev->name);
1554
		return;
1555
	}
1556

1557
	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1558
	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1559
		ND_PRINTK2(KERN_WARNING
1560
			"ICMPv6 Redirect: target address is not link-local unicast.\n");
1561
		return;
1562
	}
1563

1564
	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1565
			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1566

1567
	dst = ip6_route_output(net, NULL, &fl6);
1568
	if (dst == NULL)
1569
		return;
1570

1571
	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1572
	if (IS_ERR(dst))
1573
		return;
1574

1575
	rt = (struct rt6_info *) dst;
1576

1577
	if (rt->rt6i_flags & RTF_GATEWAY) {
1578
		ND_PRINTK2(KERN_WARNING
1579
			   "ICMPv6 Redirect: destination is not a neighbour.\n");
1580
		goto release;
1581
	}
1582
	if (!rt->rt6i_peer)
1583
		rt6_bind_peer(rt, 1);
1584
	if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1585
		goto release;
1586

1587
	if (dev->addr_len) {
1588
		read_lock_bh(&neigh->lock);
1589
		if (neigh->nud_state & NUD_VALID) {
1590
			memcpy(ha_buf, neigh->ha, dev->addr_len);
1591
			read_unlock_bh(&neigh->lock);
1592
			ha = ha_buf;
1593
			len += ndisc_opt_addr_space(dev);
1594
		} else
1595
			read_unlock_bh(&neigh->lock);
1596
	}
1597

1598
	rd_len = min_t(unsigned int,
1599
		     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1600
	rd_len &= ~0x7;
1601
	len += rd_len;
1602

1603
	buff = sock_alloc_send_skb(sk,
1604
				   (MAX_HEADER + sizeof(struct ipv6hdr) +
1605
				    len + LL_ALLOCATED_SPACE(dev)),
1606
				   1, &err);
1607
	if (buff == NULL) {
1608
		ND_PRINTK0(KERN_ERR
1609
			   "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1610
			   __func__, err);
1611
		goto release;
1612
	}
1613

1614
	skb_reserve(buff, LL_RESERVED_SPACE(dev));
1615
	ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1616
		   IPPROTO_ICMPV6, len);
1617

1618
	skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1619
	skb_put(buff, len);
1620
	icmph = icmp6_hdr(buff);
1621

1622
	memset(icmph, 0, sizeof(struct icmp6hdr));
1623
	icmph->icmp6_type = NDISC_REDIRECT;
1624

1625
	/*
1626
	 *	copy target and destination addresses
1627
	 */
1628

1629
	addrp = (struct in6_addr *)(icmph + 1);
1630
	ipv6_addr_copy(addrp, target);
1631
	addrp++;
1632
	ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1633

1634
	opt = (u8*) (addrp + 1);
1635

1636
	/*
1637
	 *	include target_address option
1638
	 */
1639

1640
	if (ha)
1641
		opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1642
					     dev->addr_len, dev->type);
1643

1644
	/*
1645
	 *	build redirect option and copy skb over to the new packet.
1646
	 */
1647

1648
	memset(opt, 0, 8);
1649
	*(opt++) = ND_OPT_REDIRECT_HDR;
1650
	*(opt++) = (rd_len >> 3);
1651
	opt += 6;
1652

1653
	memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1654

1655
	icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1656
					     len, IPPROTO_ICMPV6,
1657
					     csum_partial(icmph, len, 0));
1658

1659
	skb_dst_set(buff, dst);
1660
	idev = in6_dev_get(dst->dev);
1661
	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1662
	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1663
		      dst_output);
1664
	if (!err) {
1665
		ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1666
		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1667
	}
1668

1669
	if (likely(idev != NULL))
1670
		in6_dev_put(idev);
1671
	return;
1672

1673
release:
1674
	dst_release(dst);
1675
}
1676

1677
static void pndisc_redo(struct sk_buff *skb)
1678
{
1679
	ndisc_recv_ns(skb);
1680
	kfree_skb(skb);
1681
}
1682

1683
int ndisc_rcv(struct sk_buff *skb)
1684
{
1685
	struct nd_msg *msg;
1686

1687
	if (!pskb_may_pull(skb, skb->len))
1688
		return 0;
1689

1690
	msg = (struct nd_msg *)skb_transport_header(skb);
1691

1692
	__skb_push(skb, skb->data - skb_transport_header(skb));
1693

1694
	if (ipv6_hdr(skb)->hop_limit != 255) {
1695
		ND_PRINTK2(KERN_WARNING
1696
			   "ICMPv6 NDISC: invalid hop-limit: %d\n",
1697
			   ipv6_hdr(skb)->hop_limit);
1698
		return 0;
1699
	}
1700

1701
	if (msg->icmph.icmp6_code != 0) {
1702
		ND_PRINTK2(KERN_WARNING
1703
			   "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1704
			   msg->icmph.icmp6_code);
1705
		return 0;
1706
	}
1707

1708
	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1709

1710
	switch (msg->icmph.icmp6_type) {
1711
	case NDISC_NEIGHBOUR_SOLICITATION:
1712
		ndisc_recv_ns(skb);
1713
		break;
1714

1715
	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1716
		ndisc_recv_na(skb);
1717
		break;
1718

1719
	case NDISC_ROUTER_SOLICITATION:
1720
		ndisc_recv_rs(skb);
1721
		break;
1722

1723
	case NDISC_ROUTER_ADVERTISEMENT:
1724
		ndisc_router_discovery(skb);
1725
		break;
1726

1727
	case NDISC_REDIRECT:
1728
		ndisc_redirect_rcv(skb);
1729
		break;
1730
	}
1731

1732
	return 0;
1733
}
1734

1735
static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1736
{
1737
	struct net_device *dev = ptr;
1738
	struct net *net = dev_net(dev);
1739

1740
	switch (event) {
1741
	case NETDEV_CHANGEADDR:
1742
		neigh_changeaddr(&nd_tbl, dev);
1743
		fib6_run_gc(~0UL, net);
1744
		break;
1745
	case NETDEV_DOWN:
1746
		neigh_ifdown(&nd_tbl, dev);
1747
		fib6_run_gc(~0UL, net);
1748
		break;
1749
	case NETDEV_NOTIFY_PEERS:
1750
		ndisc_send_unsol_na(dev);
1751
		break;
1752
	default:
1753
		break;
1754
	}
1755

1756
	return NOTIFY_DONE;
1757
}
1758

1759
static struct notifier_block ndisc_netdev_notifier = {
1760
	.notifier_call = ndisc_netdev_event,
1761
};
1762

1763
#ifdef CONFIG_SYSCTL
1764
static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1765
					 const char *func, const char *dev_name)
1766
{
1767
	static char warncomm[TASK_COMM_LEN];
1768
	static int warned;
1769
	if (strcmp(warncomm, current->comm) && warned < 5) {
1770
		strcpy(warncomm, current->comm);
1771
		printk(KERN_WARNING
1772
			"process `%s' is using deprecated sysctl (%s) "
1773
			"net.ipv6.neigh.%s.%s; "
1774
			"Use net.ipv6.neigh.%s.%s_ms "
1775
			"instead.\n",
1776
			warncomm, func,
1777
			dev_name, ctl->procname,
1778
			dev_name, ctl->procname);
1779
		warned++;
1780
	}
1781
}
1782

1783
int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1784
{
1785
	struct net_device *dev = ctl->extra1;
1786
	struct inet6_dev *idev;
1787
	int ret;
1788

1789
	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1790
	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1791
		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1792

1793
	if (strcmp(ctl->procname, "retrans_time") == 0)
1794
		ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1795

1796
	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1797
		ret = proc_dointvec_jiffies(ctl, write,
1798
					    buffer, lenp, ppos);
1799

1800
	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1801
		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1802
		ret = proc_dointvec_ms_jiffies(ctl, write,
1803
					       buffer, lenp, ppos);
1804
	else
1805
		ret = -1;
1806

1807
	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1808
		if (ctl->data == &idev->nd_parms->base_reachable_time)
1809
			idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1810
		idev->tstamp = jiffies;
1811
		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1812
		in6_dev_put(idev);
1813
	}
1814
	return ret;
1815
}
1816

1817

1818
#endif
1819

1820
static int __net_init ndisc_net_init(struct net *net)
1821
{
1822
	struct ipv6_pinfo *np;
1823
	struct sock *sk;
1824
	int err;
1825

1826
	err = inet_ctl_sock_create(&sk, PF_INET6,
1827
				   SOCK_RAW, IPPROTO_ICMPV6, net);
1828
	if (err < 0) {
1829
		ND_PRINTK0(KERN_ERR
1830
			   "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1831
			   err);
1832
		return err;
1833
	}
1834

1835
	net->ipv6.ndisc_sk = sk;
1836

1837
	np = inet6_sk(sk);
1838
	np->hop_limit = 255;
1839
	/* Do not loopback ndisc messages */
1840
	np->mc_loop = 0;
1841

1842
	return 0;
1843
}
1844

1845
static void __net_exit ndisc_net_exit(struct net *net)
1846
{
1847
	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1848
}
1849

1850
static struct pernet_operations ndisc_net_ops = {
1851
	.init = ndisc_net_init,
1852
	.exit = ndisc_net_exit,
1853
};
1854

1855
int __init ndisc_init(void)
1856
{
1857
	int err;
1858

1859
	err = register_pernet_subsys(&ndisc_net_ops);
1860
	if (err)
1861
		return err;
1862
	/*
1863
	 * Initialize the neighbour table
1864
	 */
1865
	neigh_table_init(&nd_tbl);
1866

1867
#ifdef CONFIG_SYSCTL
1868
	err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1869
				    &ndisc_ifinfo_sysctl_change);
1870
	if (err)
1871
		goto out_unregister_pernet;
1872
#endif
1873
	err = register_netdevice_notifier(&ndisc_netdev_notifier);
1874
	if (err)
1875
		goto out_unregister_sysctl;
1876
out:
1877
	return err;
1878

1879
out_unregister_sysctl:
1880
#ifdef CONFIG_SYSCTL
1881
	neigh_sysctl_unregister(&nd_tbl.parms);
1882
out_unregister_pernet:
1883
#endif
1884
	unregister_pernet_subsys(&ndisc_net_ops);
1885
	goto out;
1886
}
1887

1888
void ndisc_cleanup(void)
1889
{
1890
	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1891
#ifdef CONFIG_SYSCTL
1892
	neigh_sysctl_unregister(&nd_tbl.parms);
1893
#endif
1894
	neigh_table_clear(&nd_tbl);
1895
	unregister_pernet_subsys(&ndisc_net_ops);
1896
}
1897

1898