Merge branches 'fixes' and 'fixes2' into devel-late
[platform/adaptation/renesas_rcar/renesas_kernel.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
19  *      Pierre Ynard                    :       export userland ND options
20  *                                              through netlink (RDNSS support)
21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
22  *                                              of an RA.
23  *      Janos Farkas                    :       kmalloc failure checks
24  *      Alexey Kuznetsov                :       state machine reworked
25  *                                              and moved to net/core.
26  *      Pekka Savola                    :       RFC2461 validation
27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
28  */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...)                         \
79 do {                                                            \
80         if (val <= ND_DEBUG)                                    \
81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85                       const struct net_device *dev,
86                       __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95         .family =               AF_INET6,
96         .solicit =              ndisc_solicit,
97         .error_report =         ndisc_error_report,
98         .output =               neigh_resolve_output,
99         .connected_output =     neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112         .family =               AF_INET6,
113         .output =               neigh_direct_output,
114         .connected_output =     neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118         .family =       AF_INET6,
119         .key_len =      sizeof(struct in6_addr),
120         .hash =         ndisc_hash,
121         .constructor =  ndisc_constructor,
122         .pconstructor = pndisc_constructor,
123         .pdestructor =  pndisc_destructor,
124         .proxy_redo =   pndisc_redo,
125         .id =           "ndisc_cache",
126         .parms = {
127                 .tbl                    = &nd_tbl,
128                 .base_reachable_time    = ND_REACHABLE_TIME,
129                 .retrans_time           = ND_RETRANS_TIMER,
130                 .gc_staletime           = 60 * HZ,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .delay_probe_time       = 5 * HZ,
133                 .queue_len_bytes        = 64*1024,
134                 .ucast_probes           = 3,
135                 .mcast_probes           = 3,
136                 .anycast_delay          = 1 * HZ,
137                 .proxy_delay            = (8 * HZ) / 10,
138                 .proxy_qlen             = 64,
139         },
140         .gc_interval =    30 * HZ,
141         .gc_thresh1 =    128,
142         .gc_thresh2 =    512,
143         .gc_thresh3 =   1024,
144 };
145
146 /* ND options */
147 struct ndisc_options {
148         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
149 #ifdef CONFIG_IPV6_ROUTE_INFO
150         struct nd_opt_hdr *nd_opts_ri;
151         struct nd_opt_hdr *nd_opts_ri_end;
152 #endif
153         struct nd_opt_hdr *nd_useropts;
154         struct nd_opt_hdr *nd_useropts_end;
155 };
156
157 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
158 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
159 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
160 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
161 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
162 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
163
164 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
165
166 /*
167  * Return the padding between the option length and the start of the
168  * link addr.  Currently only IP-over-InfiniBand needs this, although
169  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
170  * also need a pad of 2.
171  */
172 static int ndisc_addr_option_pad(unsigned short type)
173 {
174         switch (type) {
175         case ARPHRD_INFINIBAND: return 2;
176         default:                return 0;
177         }
178 }
179
180 static inline int ndisc_opt_addr_space(struct net_device *dev)
181 {
182         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
183 }
184
185 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
186                                   unsigned short addr_type)
187 {
188         int space = NDISC_OPT_SPACE(data_len);
189         int pad   = ndisc_addr_option_pad(addr_type);
190
191         opt[0] = type;
192         opt[1] = space>>3;
193
194         memset(opt + 2, 0, pad);
195         opt   += pad;
196         space -= pad;
197
198         memcpy(opt+2, data, data_len);
199         data_len += 2;
200         opt += data_len;
201         if ((space -= data_len) > 0)
202                 memset(opt, 0, space);
203         return opt + space;
204 }
205
206 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
207                                             struct nd_opt_hdr *end)
208 {
209         int type;
210         if (!cur || !end || cur >= end)
211                 return NULL;
212         type = cur->nd_opt_type;
213         do {
214                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
215         } while(cur < end && cur->nd_opt_type != type);
216         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
217 }
218
219 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
220 {
221         return opt->nd_opt_type == ND_OPT_RDNSS ||
222                 opt->nd_opt_type == ND_OPT_DNSSL;
223 }
224
225 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
226                                              struct nd_opt_hdr *end)
227 {
228         if (!cur || !end || cur >= end)
229                 return NULL;
230         do {
231                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
232         } while(cur < end && !ndisc_is_useropt(cur));
233         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
234 }
235
236 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
237                                                  struct ndisc_options *ndopts)
238 {
239         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
240
241         if (!nd_opt || opt_len < 0 || !ndopts)
242                 return NULL;
243         memset(ndopts, 0, sizeof(*ndopts));
244         while (opt_len) {
245                 int l;
246                 if (opt_len < sizeof(struct nd_opt_hdr))
247                         return NULL;
248                 l = nd_opt->nd_opt_len << 3;
249                 if (opt_len < l || l == 0)
250                         return NULL;
251                 switch (nd_opt->nd_opt_type) {
252                 case ND_OPT_SOURCE_LL_ADDR:
253                 case ND_OPT_TARGET_LL_ADDR:
254                 case ND_OPT_MTU:
255                 case ND_OPT_REDIRECT_HDR:
256                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
257                                 ND_PRINTK(2, warn,
258                                           "%s: duplicated ND6 option found: type=%d\n",
259                                           __func__, nd_opt->nd_opt_type);
260                         } else {
261                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
262                         }
263                         break;
264                 case ND_OPT_PREFIX_INFO:
265                         ndopts->nd_opts_pi_end = nd_opt;
266                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
267                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
268                         break;
269 #ifdef CONFIG_IPV6_ROUTE_INFO
270                 case ND_OPT_ROUTE_INFO:
271                         ndopts->nd_opts_ri_end = nd_opt;
272                         if (!ndopts->nd_opts_ri)
273                                 ndopts->nd_opts_ri = nd_opt;
274                         break;
275 #endif
276                 default:
277                         if (ndisc_is_useropt(nd_opt)) {
278                                 ndopts->nd_useropts_end = nd_opt;
279                                 if (!ndopts->nd_useropts)
280                                         ndopts->nd_useropts = nd_opt;
281                         } else {
282                                 /*
283                                  * Unknown options must be silently ignored,
284                                  * to accommodate future extension to the
285                                  * protocol.
286                                  */
287                                 ND_PRINTK(2, notice,
288                                           "%s: ignored unsupported option; type=%d, len=%d\n",
289                                           __func__,
290                                           nd_opt->nd_opt_type,
291                                           nd_opt->nd_opt_len);
292                         }
293                 }
294                 opt_len -= l;
295                 nd_opt = ((void *)nd_opt) + l;
296         }
297         return ndopts;
298 }
299
300 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
301                                       struct net_device *dev)
302 {
303         u8 *lladdr = (u8 *)(p + 1);
304         int lladdrlen = p->nd_opt_len << 3;
305         int prepad = ndisc_addr_option_pad(dev->type);
306         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
307                 return NULL;
308         return lladdr + prepad;
309 }
310
311 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
312 {
313         switch (dev->type) {
314         case ARPHRD_ETHER:
315         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
316         case ARPHRD_FDDI:
317                 ipv6_eth_mc_map(addr, buf);
318                 return 0;
319         case ARPHRD_ARCNET:
320                 ipv6_arcnet_mc_map(addr, buf);
321                 return 0;
322         case ARPHRD_INFINIBAND:
323                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
324                 return 0;
325         case ARPHRD_IPGRE:
326                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
327         default:
328                 if (dir) {
329                         memcpy(buf, dev->broadcast, dev->addr_len);
330                         return 0;
331                 }
332         }
333         return -EINVAL;
334 }
335
336 EXPORT_SYMBOL(ndisc_mc_map);
337
338 static u32 ndisc_hash(const void *pkey,
339                       const struct net_device *dev,
340                       __u32 *hash_rnd)
341 {
342         return ndisc_hashfn(pkey, dev, hash_rnd);
343 }
344
345 static int ndisc_constructor(struct neighbour *neigh)
346 {
347         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
348         struct net_device *dev = neigh->dev;
349         struct inet6_dev *in6_dev;
350         struct neigh_parms *parms;
351         bool is_multicast = ipv6_addr_is_multicast(addr);
352
353         in6_dev = in6_dev_get(dev);
354         if (in6_dev == NULL) {
355                 return -EINVAL;
356         }
357
358         parms = in6_dev->nd_parms;
359         __neigh_parms_put(neigh->parms);
360         neigh->parms = neigh_parms_clone(parms);
361
362         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
363         if (!dev->header_ops) {
364                 neigh->nud_state = NUD_NOARP;
365                 neigh->ops = &ndisc_direct_ops;
366                 neigh->output = neigh_direct_output;
367         } else {
368                 if (is_multicast) {
369                         neigh->nud_state = NUD_NOARP;
370                         ndisc_mc_map(addr, neigh->ha, dev, 1);
371                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
372                         neigh->nud_state = NUD_NOARP;
373                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
374                         if (dev->flags&IFF_LOOPBACK)
375                                 neigh->type = RTN_LOCAL;
376                 } else if (dev->flags&IFF_POINTOPOINT) {
377                         neigh->nud_state = NUD_NOARP;
378                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
379                 }
380                 if (dev->header_ops->cache)
381                         neigh->ops = &ndisc_hh_ops;
382                 else
383                         neigh->ops = &ndisc_generic_ops;
384                 if (neigh->nud_state&NUD_VALID)
385                         neigh->output = neigh->ops->connected_output;
386                 else
387                         neigh->output = neigh->ops->output;
388         }
389         in6_dev_put(in6_dev);
390         return 0;
391 }
392
393 static int pndisc_constructor(struct pneigh_entry *n)
394 {
395         struct in6_addr *addr = (struct in6_addr*)&n->key;
396         struct in6_addr maddr;
397         struct net_device *dev = n->dev;
398
399         if (dev == NULL || __in6_dev_get(dev) == NULL)
400                 return -EINVAL;
401         addrconf_addr_solict_mult(addr, &maddr);
402         ipv6_dev_mc_inc(dev, &maddr);
403         return 0;
404 }
405
406 static void pndisc_destructor(struct pneigh_entry *n)
407 {
408         struct in6_addr *addr = (struct in6_addr*)&n->key;
409         struct in6_addr maddr;
410         struct net_device *dev = n->dev;
411
412         if (dev == NULL || __in6_dev_get(dev) == NULL)
413                 return;
414         addrconf_addr_solict_mult(addr, &maddr);
415         ipv6_dev_mc_dec(dev, &maddr);
416 }
417
418 struct sk_buff *ndisc_build_skb(struct net_device *dev,
419                                 const struct in6_addr *daddr,
420                                 const struct in6_addr *saddr,
421                                 struct icmp6hdr *icmp6h,
422                                 const struct in6_addr *target,
423                                 int llinfo)
424 {
425         struct net *net = dev_net(dev);
426         struct sock *sk = net->ipv6.ndisc_sk;
427         struct sk_buff *skb;
428         struct icmp6hdr *hdr;
429         int hlen = LL_RESERVED_SPACE(dev);
430         int tlen = dev->needed_tailroom;
431         int len;
432         int err;
433         u8 *opt;
434
435         if (!dev->addr_len)
436                 llinfo = 0;
437
438         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
439         if (llinfo)
440                 len += ndisc_opt_addr_space(dev);
441
442         skb = sock_alloc_send_skb(sk,
443                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
444                                    len + hlen + tlen),
445                                   1, &err);
446         if (!skb) {
447                 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
448                           __func__, err);
449                 return NULL;
450         }
451
452         skb_reserve(skb, hlen);
453         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
454
455         skb->transport_header = skb->tail;
456         skb_put(skb, len);
457
458         hdr = (struct icmp6hdr *)skb_transport_header(skb);
459         memcpy(hdr, icmp6h, sizeof(*hdr));
460
461         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
462         if (target) {
463                 *(struct in6_addr *)opt = *target;
464                 opt += sizeof(*target);
465         }
466
467         if (llinfo)
468                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
469                                        dev->addr_len, dev->type);
470
471         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
472                                            IPPROTO_ICMPV6,
473                                            csum_partial(hdr,
474                                                         len, 0));
475
476         return skb;
477 }
478
479 EXPORT_SYMBOL(ndisc_build_skb);
480
481 void ndisc_send_skb(struct sk_buff *skb,
482                     struct net_device *dev,
483                     struct neighbour *neigh,
484                     const struct in6_addr *daddr,
485                     const struct in6_addr *saddr,
486                     struct icmp6hdr *icmp6h)
487 {
488         struct flowi6 fl6;
489         struct dst_entry *dst;
490         struct net *net = dev_net(dev);
491         struct sock *sk = net->ipv6.ndisc_sk;
492         struct inet6_dev *idev;
493         int err;
494         u8 type;
495
496         type = icmp6h->icmp6_type;
497
498         icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
499         dst = icmp6_dst_alloc(dev, neigh, &fl6);
500         if (IS_ERR(dst)) {
501                 kfree_skb(skb);
502                 return;
503         }
504
505         skb_dst_set(skb, dst);
506
507         rcu_read_lock();
508         idev = __in6_dev_get(dst->dev);
509         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
510
511         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
512                       dst_output);
513         if (!err) {
514                 ICMP6MSGOUT_INC_STATS(net, idev, type);
515                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
516         }
517
518         rcu_read_unlock();
519 }
520
521 EXPORT_SYMBOL(ndisc_send_skb);
522
523 /*
524  *      Send a Neighbour Discover packet
525  */
526 static void __ndisc_send(struct net_device *dev,
527                          struct neighbour *neigh,
528                          const struct in6_addr *daddr,
529                          const struct in6_addr *saddr,
530                          struct icmp6hdr *icmp6h, const struct in6_addr *target,
531                          int llinfo)
532 {
533         struct sk_buff *skb;
534
535         skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
536         if (!skb)
537                 return;
538
539         ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
540 }
541
542 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
543                           const struct in6_addr *daddr,
544                           const struct in6_addr *solicited_addr,
545                           int router, int solicited, int override, int inc_opt)
546 {
547         struct in6_addr tmpaddr;
548         struct inet6_ifaddr *ifp;
549         const struct in6_addr *src_addr;
550         struct icmp6hdr icmp6h = {
551                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
552         };
553
554         /* for anycast or proxy, solicited_addr != src_addr */
555         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
556         if (ifp) {
557                 src_addr = solicited_addr;
558                 if (ifp->flags & IFA_F_OPTIMISTIC)
559                         override = 0;
560                 inc_opt |= ifp->idev->cnf.force_tllao;
561                 in6_ifa_put(ifp);
562         } else {
563                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
564                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
565                                        &tmpaddr))
566                         return;
567                 src_addr = &tmpaddr;
568         }
569
570         icmp6h.icmp6_router = router;
571         icmp6h.icmp6_solicited = solicited;
572         icmp6h.icmp6_override = override;
573
574         __ndisc_send(dev, neigh, daddr, src_addr,
575                      &icmp6h, solicited_addr,
576                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577 }
578
579 static void ndisc_send_unsol_na(struct net_device *dev)
580 {
581         struct inet6_dev *idev;
582         struct inet6_ifaddr *ifa;
583         struct in6_addr mcaddr;
584
585         idev = in6_dev_get(dev);
586         if (!idev)
587                 return;
588
589         read_lock_bh(&idev->lock);
590         list_for_each_entry(ifa, &idev->addr_list, if_list) {
591                 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
592                 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
593                               /*router=*/ !!idev->cnf.forwarding,
594                               /*solicited=*/ false, /*override=*/ true,
595                               /*inc_opt=*/ true);
596         }
597         read_unlock_bh(&idev->lock);
598
599         in6_dev_put(idev);
600 }
601
602 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
603                    const struct in6_addr *solicit,
604                    const struct in6_addr *daddr, const struct in6_addr *saddr)
605 {
606         struct in6_addr addr_buf;
607         struct icmp6hdr icmp6h = {
608                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
609         };
610
611         if (saddr == NULL) {
612                 if (ipv6_get_lladdr(dev, &addr_buf,
613                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
614                         return;
615                 saddr = &addr_buf;
616         }
617
618         __ndisc_send(dev, neigh, daddr, saddr,
619                      &icmp6h, solicit,
620                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
621 }
622
623 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624                    const struct in6_addr *daddr)
625 {
626         struct icmp6hdr icmp6h = {
627                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
628         };
629         int send_sllao = dev->addr_len;
630
631 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632         /*
633          * According to section 2.2 of RFC 4429, we must not
634          * send router solicitations with a sllao from
635          * optimistic addresses, but we may send the solicitation
636          * if we don't include the sllao.  So here we check
637          * if our address is optimistic, and if so, we
638          * suppress the inclusion of the sllao.
639          */
640         if (send_sllao) {
641                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642                                                            dev, 1);
643                 if (ifp) {
644                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
645                                 send_sllao = 0;
646                         }
647                         in6_ifa_put(ifp);
648                 } else {
649                         send_sllao = 0;
650                 }
651         }
652 #endif
653         __ndisc_send(dev, NULL, daddr, saddr,
654                      &icmp6h, NULL,
655                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
656 }
657
658
659 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
660 {
661         /*
662          *      "The sender MUST return an ICMP
663          *       destination unreachable"
664          */
665         dst_link_failure(skb);
666         kfree_skb(skb);
667 }
668
669 /* Called with locked neigh: either read or both */
670
671 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
672 {
673         struct in6_addr *saddr = NULL;
674         struct in6_addr mcaddr;
675         struct net_device *dev = neigh->dev;
676         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
677         int probes = atomic_read(&neigh->probes);
678
679         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
680                 saddr = &ipv6_hdr(skb)->saddr;
681
682         if ((probes -= neigh->parms->ucast_probes) < 0) {
683                 if (!(neigh->nud_state & NUD_VALID)) {
684                         ND_PRINTK(1, dbg,
685                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
686                                   __func__, target);
687                 }
688                 ndisc_send_ns(dev, neigh, target, target, saddr);
689         } else if ((probes -= neigh->parms->app_probes) < 0) {
690 #ifdef CONFIG_ARPD
691                 neigh_app_ns(neigh);
692 #endif
693         } else {
694                 addrconf_addr_solict_mult(target, &mcaddr);
695                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
696         }
697 }
698
699 static int pndisc_is_router(const void *pkey,
700                             struct net_device *dev)
701 {
702         struct pneigh_entry *n;
703         int ret = -1;
704
705         read_lock_bh(&nd_tbl.lock);
706         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
707         if (n)
708                 ret = !!(n->flags & NTF_ROUTER);
709         read_unlock_bh(&nd_tbl.lock);
710
711         return ret;
712 }
713
714 static void ndisc_recv_ns(struct sk_buff *skb)
715 {
716         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
717         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
718         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
719         u8 *lladdr = NULL;
720         u32 ndoptlen = skb->tail - (skb->transport_header +
721                                     offsetof(struct nd_msg, opt));
722         struct ndisc_options ndopts;
723         struct net_device *dev = skb->dev;
724         struct inet6_ifaddr *ifp;
725         struct inet6_dev *idev = NULL;
726         struct neighbour *neigh;
727         int dad = ipv6_addr_any(saddr);
728         bool inc;
729         int is_router = -1;
730
731         if (ipv6_addr_is_multicast(&msg->target)) {
732                 ND_PRINTK(2, warn, "NS: multicast target address\n");
733                 return;
734         }
735
736         /*
737          * RFC2461 7.1.1:
738          * DAD has to be destined for solicited node multicast address.
739          */
740         if (dad &&
741             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
742               daddr->s6_addr32[1] == htonl(0x00000000) &&
743               daddr->s6_addr32[2] == htonl(0x00000001) &&
744               daddr->s6_addr [12] == 0xff )) {
745                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
746                 return;
747         }
748
749         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
750                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
751                 return;
752         }
753
754         if (ndopts.nd_opts_src_lladdr) {
755                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
756                 if (!lladdr) {
757                         ND_PRINTK(2, warn,
758                                   "NS: invalid link-layer address length\n");
759                         return;
760                 }
761
762                 /* RFC2461 7.1.1:
763                  *      If the IP source address is the unspecified address,
764                  *      there MUST NOT be source link-layer address option
765                  *      in the message.
766                  */
767                 if (dad) {
768                         ND_PRINTK(2, warn,
769                                   "NS: bad DAD packet (link-layer address option)\n");
770                         return;
771                 }
772         }
773
774         inc = ipv6_addr_is_multicast(daddr);
775
776         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
777         if (ifp) {
778
779                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
780                         if (dad) {
781                                 /*
782                                  * We are colliding with another node
783                                  * who is doing DAD
784                                  * so fail our DAD process
785                                  */
786                                 addrconf_dad_failure(ifp);
787                                 return;
788                         } else {
789                                 /*
790                                  * This is not a dad solicitation.
791                                  * If we are an optimistic node,
792                                  * we should respond.
793                                  * Otherwise, we should ignore it.
794                                  */
795                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
796                                         goto out;
797                         }
798                 }
799
800                 idev = ifp->idev;
801         } else {
802                 struct net *net = dev_net(dev);
803
804                 idev = in6_dev_get(dev);
805                 if (!idev) {
806                         /* XXX: count this drop? */
807                         return;
808                 }
809
810                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
811                     (idev->cnf.forwarding &&
812                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
813                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
814                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
815                             skb->pkt_type != PACKET_HOST &&
816                             inc != 0 &&
817                             idev->nd_parms->proxy_delay != 0) {
818                                 /*
819                                  * for anycast or proxy,
820                                  * sender should delay its response
821                                  * by a random time between 0 and
822                                  * MAX_ANYCAST_DELAY_TIME seconds.
823                                  * (RFC2461) -- yoshfuji
824                                  */
825                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
826                                 if (n)
827                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
828                                 goto out;
829                         }
830                 } else
831                         goto out;
832         }
833
834         if (is_router < 0)
835                 is_router = !!idev->cnf.forwarding;
836
837         if (dad) {
838                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
839                               is_router, 0, (ifp != NULL), 1);
840                 goto out;
841         }
842
843         if (inc)
844                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
845         else
846                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
847
848         /*
849          *      update / create cache entry
850          *      for the source address
851          */
852         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
853                                !inc || lladdr || !dev->addr_len);
854         if (neigh)
855                 neigh_update(neigh, lladdr, NUD_STALE,
856                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
857                              NEIGH_UPDATE_F_OVERRIDE);
858         if (neigh || !dev->header_ops) {
859                 ndisc_send_na(dev, neigh, saddr, &msg->target,
860                               is_router,
861                               1, (ifp != NULL && inc), inc);
862                 if (neigh)
863                         neigh_release(neigh);
864         }
865
866 out:
867         if (ifp)
868                 in6_ifa_put(ifp);
869         else
870                 in6_dev_put(idev);
871 }
872
873 static void ndisc_recv_na(struct sk_buff *skb)
874 {
875         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
876         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
877         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
878         u8 *lladdr = NULL;
879         u32 ndoptlen = skb->tail - (skb->transport_header +
880                                     offsetof(struct nd_msg, opt));
881         struct ndisc_options ndopts;
882         struct net_device *dev = skb->dev;
883         struct inet6_ifaddr *ifp;
884         struct neighbour *neigh;
885
886         if (skb->len < sizeof(struct nd_msg)) {
887                 ND_PRINTK(2, warn, "NA: packet too short\n");
888                 return;
889         }
890
891         if (ipv6_addr_is_multicast(&msg->target)) {
892                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
893                 return;
894         }
895
896         if (ipv6_addr_is_multicast(daddr) &&
897             msg->icmph.icmp6_solicited) {
898                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
899                 return;
900         }
901
902         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
903                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
904                 return;
905         }
906         if (ndopts.nd_opts_tgt_lladdr) {
907                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
908                 if (!lladdr) {
909                         ND_PRINTK(2, warn,
910                                   "NA: invalid link-layer address length\n");
911                         return;
912                 }
913         }
914         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
915         if (ifp) {
916                 if (skb->pkt_type != PACKET_LOOPBACK
917                     && (ifp->flags & IFA_F_TENTATIVE)) {
918                                 addrconf_dad_failure(ifp);
919                                 return;
920                 }
921                 /* What should we make now? The advertisement
922                    is invalid, but ndisc specs say nothing
923                    about it. It could be misconfiguration, or
924                    an smart proxy agent tries to help us :-)
925
926                    We should not print the error if NA has been
927                    received from loopback - it is just our own
928                    unsolicited advertisement.
929                  */
930                 if (skb->pkt_type != PACKET_LOOPBACK)
931                         ND_PRINTK(1, warn,
932                                   "NA: someone advertises our address %pI6 on %s!\n",
933                                   &ifp->addr, ifp->idev->dev->name);
934                 in6_ifa_put(ifp);
935                 return;
936         }
937         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
938
939         if (neigh) {
940                 u8 old_flags = neigh->flags;
941                 struct net *net = dev_net(dev);
942
943                 if (neigh->nud_state & NUD_FAILED)
944                         goto out;
945
946                 /*
947                  * Don't update the neighbor cache entry on a proxy NA from
948                  * ourselves because either the proxied node is off link or it
949                  * has already sent a NA to us.
950                  */
951                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
952                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
953                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
954                         /* XXX: idev->cnf.prixy_ndp */
955                         goto out;
956                 }
957
958                 neigh_update(neigh, lladdr,
959                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
960                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
961                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
962                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
963                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
964
965                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
966                         /*
967                          * Change: router to host
968                          */
969                         struct rt6_info *rt;
970                         rt = rt6_get_dflt_router(saddr, dev);
971                         if (rt)
972                                 ip6_del_rt(rt);
973                 }
974
975 out:
976                 neigh_release(neigh);
977         }
978 }
979
980 static void ndisc_recv_rs(struct sk_buff *skb)
981 {
982         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
983         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
984         struct neighbour *neigh;
985         struct inet6_dev *idev;
986         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
987         struct ndisc_options ndopts;
988         u8 *lladdr = NULL;
989
990         if (skb->len < sizeof(*rs_msg))
991                 return;
992
993         idev = __in6_dev_get(skb->dev);
994         if (!idev) {
995                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
996                 return;
997         }
998
999         /* Don't accept RS if we're not in router mode */
1000         if (!idev->cnf.forwarding)
1001                 goto out;
1002
1003         /*
1004          * Don't update NCE if src = ::;
1005          * this implies that the source node has no ip address assigned yet.
1006          */
1007         if (ipv6_addr_any(saddr))
1008                 goto out;
1009
1010         /* Parse ND options */
1011         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1012                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1013                 goto out;
1014         }
1015
1016         if (ndopts.nd_opts_src_lladdr) {
1017                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1018                                              skb->dev);
1019                 if (!lladdr)
1020                         goto out;
1021         }
1022
1023         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1024         if (neigh) {
1025                 neigh_update(neigh, lladdr, NUD_STALE,
1026                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1027                              NEIGH_UPDATE_F_OVERRIDE|
1028                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1029                 neigh_release(neigh);
1030         }
1031 out:
1032         return;
1033 }
1034
1035 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1036 {
1037         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1038         struct sk_buff *skb;
1039         struct nlmsghdr *nlh;
1040         struct nduseroptmsg *ndmsg;
1041         struct net *net = dev_net(ra->dev);
1042         int err;
1043         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1044                                     + (opt->nd_opt_len << 3));
1045         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1046
1047         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1048         if (skb == NULL) {
1049                 err = -ENOBUFS;
1050                 goto errout;
1051         }
1052
1053         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1054         if (nlh == NULL) {
1055                 goto nla_put_failure;
1056         }
1057
1058         ndmsg = nlmsg_data(nlh);
1059         ndmsg->nduseropt_family = AF_INET6;
1060         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1061         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1062         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1063         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1064
1065         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1066
1067         if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1068                     &ipv6_hdr(ra)->saddr))
1069                 goto nla_put_failure;
1070         nlmsg_end(skb, nlh);
1071
1072         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1073         return;
1074
1075 nla_put_failure:
1076         nlmsg_free(skb);
1077         err = -EMSGSIZE;
1078 errout:
1079         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1080 }
1081
1082 static inline int accept_ra(struct inet6_dev *in6_dev)
1083 {
1084         /*
1085          * If forwarding is enabled, RA are not accepted unless the special
1086          * hybrid mode (accept_ra=2) is enabled.
1087          */
1088         if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1089                 return 0;
1090
1091         return in6_dev->cnf.accept_ra;
1092 }
1093
1094 static void ndisc_router_discovery(struct sk_buff *skb)
1095 {
1096         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1097         struct neighbour *neigh = NULL;
1098         struct inet6_dev *in6_dev;
1099         struct rt6_info *rt = NULL;
1100         int lifetime;
1101         struct ndisc_options ndopts;
1102         int optlen;
1103         unsigned int pref = 0;
1104
1105         __u8 * opt = (__u8 *)(ra_msg + 1);
1106
1107         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1108
1109         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1110                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1111                 return;
1112         }
1113         if (optlen < 0) {
1114                 ND_PRINTK(2, warn, "RA: packet too short\n");
1115                 return;
1116         }
1117
1118 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1119         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1120                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1121                 return;
1122         }
1123 #endif
1124
1125         /*
1126          *      set the RA_RECV flag in the interface
1127          */
1128
1129         in6_dev = __in6_dev_get(skb->dev);
1130         if (in6_dev == NULL) {
1131                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1132                           skb->dev->name);
1133                 return;
1134         }
1135
1136         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1137                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1138                 return;
1139         }
1140
1141         if (!accept_ra(in6_dev))
1142                 goto skip_linkparms;
1143
1144 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1145         /* skip link-specific parameters from interior routers */
1146         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1147                 goto skip_linkparms;
1148 #endif
1149
1150         if (in6_dev->if_flags & IF_RS_SENT) {
1151                 /*
1152                  *      flag that an RA was received after an RS was sent
1153                  *      out on this interface.
1154                  */
1155                 in6_dev->if_flags |= IF_RA_RCVD;
1156         }
1157
1158         /*
1159          * Remember the managed/otherconf flags from most recently
1160          * received RA message (RFC 2462) -- yoshfuji
1161          */
1162         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1163                                 IF_RA_OTHERCONF)) |
1164                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1165                                         IF_RA_MANAGED : 0) |
1166                                 (ra_msg->icmph.icmp6_addrconf_other ?
1167                                         IF_RA_OTHERCONF : 0);
1168
1169         if (!in6_dev->cnf.accept_ra_defrtr)
1170                 goto skip_defrtr;
1171
1172         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1173                 goto skip_defrtr;
1174
1175         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1176
1177 #ifdef CONFIG_IPV6_ROUTER_PREF
1178         pref = ra_msg->icmph.icmp6_router_pref;
1179         /* 10b is handled as if it were 00b (medium) */
1180         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1181             !in6_dev->cnf.accept_ra_rtr_pref)
1182                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1183 #endif
1184
1185         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1186
1187         if (rt) {
1188                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1189                 if (!neigh) {
1190                         ND_PRINTK(0, err,
1191                                   "RA: %s got default router without neighbour\n",
1192                                   __func__);
1193                         dst_release(&rt->dst);
1194                         return;
1195                 }
1196         }
1197         if (rt && lifetime == 0) {
1198                 ip6_del_rt(rt);
1199                 rt = NULL;
1200         }
1201
1202         if (rt == NULL && lifetime) {
1203                 ND_PRINTK(3, dbg, "RA: adding default router\n");
1204
1205                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1206                 if (rt == NULL) {
1207                         ND_PRINTK(0, err,
1208                                   "RA: %s failed to add default route\n",
1209                                   __func__);
1210                         return;
1211                 }
1212
1213                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1214                 if (neigh == NULL) {
1215                         ND_PRINTK(0, err,
1216                                   "RA: %s got default router without neighbour\n",
1217                                   __func__);
1218                         dst_release(&rt->dst);
1219                         return;
1220                 }
1221                 neigh->flags |= NTF_ROUTER;
1222         } else if (rt) {
1223                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1224         }
1225
1226         if (rt)
1227                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1228         if (ra_msg->icmph.icmp6_hop_limit) {
1229                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1230                 if (rt)
1231                         dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1232                                        ra_msg->icmph.icmp6_hop_limit);
1233         }
1234
1235 skip_defrtr:
1236
1237         /*
1238          *      Update Reachable Time and Retrans Timer
1239          */
1240
1241         if (in6_dev->nd_parms) {
1242                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1243
1244                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1245                         rtime = (rtime*HZ)/1000;
1246                         if (rtime < HZ/10)
1247                                 rtime = HZ/10;
1248                         in6_dev->nd_parms->retrans_time = rtime;
1249                         in6_dev->tstamp = jiffies;
1250                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1251                 }
1252
1253                 rtime = ntohl(ra_msg->reachable_time);
1254                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1255                         rtime = (rtime*HZ)/1000;
1256
1257                         if (rtime < HZ/10)
1258                                 rtime = HZ/10;
1259
1260                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1261                                 in6_dev->nd_parms->base_reachable_time = rtime;
1262                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1263                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1264                                 in6_dev->tstamp = jiffies;
1265                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1266                         }
1267                 }
1268         }
1269
1270 skip_linkparms:
1271
1272         /*
1273          *      Process options.
1274          */
1275
1276         if (!neigh)
1277                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1278                                        skb->dev, 1);
1279         if (neigh) {
1280                 u8 *lladdr = NULL;
1281                 if (ndopts.nd_opts_src_lladdr) {
1282                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1283                                                      skb->dev);
1284                         if (!lladdr) {
1285                                 ND_PRINTK(2, warn,
1286                                           "RA: invalid link-layer address length\n");
1287                                 goto out;
1288                         }
1289                 }
1290                 neigh_update(neigh, lladdr, NUD_STALE,
1291                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1292                              NEIGH_UPDATE_F_OVERRIDE|
1293                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1294                              NEIGH_UPDATE_F_ISROUTER);
1295         }
1296
1297         if (!accept_ra(in6_dev))
1298                 goto out;
1299
1300 #ifdef CONFIG_IPV6_ROUTE_INFO
1301         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1302                 goto skip_routeinfo;
1303
1304         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1305                 struct nd_opt_hdr *p;
1306                 for (p = ndopts.nd_opts_ri;
1307                      p;
1308                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1309                         struct route_info *ri = (struct route_info *)p;
1310 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1311                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1312                             ri->prefix_len == 0)
1313                                 continue;
1314 #endif
1315                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1316                                 continue;
1317                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1318                                       &ipv6_hdr(skb)->saddr);
1319                 }
1320         }
1321
1322 skip_routeinfo:
1323 #endif
1324
1325 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1326         /* skip link-specific ndopts from interior routers */
1327         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1328                 goto out;
1329 #endif
1330
1331         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1332                 struct nd_opt_hdr *p;
1333                 for (p = ndopts.nd_opts_pi;
1334                      p;
1335                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1336                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1337                                             (p->nd_opt_len) << 3,
1338                                             ndopts.nd_opts_src_lladdr != NULL);
1339                 }
1340         }
1341
1342         if (ndopts.nd_opts_mtu) {
1343                 __be32 n;
1344                 u32 mtu;
1345
1346                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1347                 mtu = ntohl(n);
1348
1349                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1350                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1351                 } else if (in6_dev->cnf.mtu6 != mtu) {
1352                         in6_dev->cnf.mtu6 = mtu;
1353
1354                         if (rt)
1355                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1356
1357                         rt6_mtu_change(skb->dev, mtu);
1358                 }
1359         }
1360
1361         if (ndopts.nd_useropts) {
1362                 struct nd_opt_hdr *p;
1363                 for (p = ndopts.nd_useropts;
1364                      p;
1365                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1366                         ndisc_ra_useropt(skb, p);
1367                 }
1368         }
1369
1370         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1371                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1372         }
1373 out:
1374         if (rt)
1375                 dst_release(&rt->dst);
1376         if (neigh)
1377                 neigh_release(neigh);
1378 }
1379
1380 static void ndisc_redirect_rcv(struct sk_buff *skb)
1381 {
1382         struct inet6_dev *in6_dev;
1383         struct icmp6hdr *icmph;
1384         const struct in6_addr *dest;
1385         const struct in6_addr *target;  /* new first hop to destination */
1386         struct neighbour *neigh;
1387         int on_link = 0;
1388         struct ndisc_options ndopts;
1389         int optlen;
1390         u8 *lladdr = NULL;
1391
1392 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1393         switch (skb->ndisc_nodetype) {
1394         case NDISC_NODETYPE_HOST:
1395         case NDISC_NODETYPE_NODEFAULT:
1396                 ND_PRINTK(2, warn,
1397                           "Redirect: from host or unauthorized router\n");
1398                 return;
1399         }
1400 #endif
1401
1402         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1403                 ND_PRINTK(2, warn,
1404                           "Redirect: source address is not link-local\n");
1405                 return;
1406         }
1407
1408         optlen = skb->tail - skb->transport_header;
1409         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1410
1411         if (optlen < 0) {
1412                 ND_PRINTK(2, warn, "Redirect: packet too short\n");
1413                 return;
1414         }
1415
1416         icmph = icmp6_hdr(skb);
1417         target = (const struct in6_addr *) (icmph + 1);
1418         dest = target + 1;
1419
1420         if (ipv6_addr_is_multicast(dest)) {
1421                 ND_PRINTK(2, warn,
1422                           "Redirect: destination address is multicast\n");
1423                 return;
1424         }
1425
1426         if (ipv6_addr_equal(dest, target)) {
1427                 on_link = 1;
1428         } else if (ipv6_addr_type(target) !=
1429                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1430                 ND_PRINTK(2, warn,
1431                           "Redirect: target address is not link-local unicast\n");
1432                 return;
1433         }
1434
1435         in6_dev = __in6_dev_get(skb->dev);
1436         if (!in6_dev)
1437                 return;
1438         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1439                 return;
1440
1441         /* RFC2461 8.1:
1442          *      The IP source address of the Redirect MUST be the same as the current
1443          *      first-hop router for the specified ICMP Destination Address.
1444          */
1445
1446         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1447                 ND_PRINTK(2, warn, "Redirect: invalid ND options\n");
1448                 return;
1449         }
1450         if (ndopts.nd_opts_tgt_lladdr) {
1451                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1452                                              skb->dev);
1453                 if (!lladdr) {
1454                         ND_PRINTK(2, warn,
1455                                   "Redirect: invalid link-layer address length\n");
1456                         return;
1457                 }
1458         }
1459
1460         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1461         if (neigh) {
1462                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1463                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1464                              on_link);
1465                 neigh_release(neigh);
1466         }
1467 }
1468
1469 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1470 {
1471         struct net_device *dev = skb->dev;
1472         struct net *net = dev_net(dev);
1473         struct sock *sk = net->ipv6.ndisc_sk;
1474         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1475         struct sk_buff *buff;
1476         struct icmp6hdr *icmph;
1477         struct in6_addr saddr_buf;
1478         struct in6_addr *addrp;
1479         struct rt6_info *rt;
1480         struct dst_entry *dst;
1481         struct inet6_dev *idev;
1482         struct flowi6 fl6;
1483         u8 *opt;
1484         int hlen, tlen;
1485         int rd_len;
1486         int err;
1487         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1488
1489         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1490                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1491                           dev->name);
1492                 return;
1493         }
1494
1495         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1496             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1497                 ND_PRINTK(2, warn,
1498                           "Redirect: target address is not link-local unicast\n");
1499                 return;
1500         }
1501
1502         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1503                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1504
1505         dst = ip6_route_output(net, NULL, &fl6);
1506         if (dst->error) {
1507                 dst_release(dst);
1508                 return;
1509         }
1510         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1511         if (IS_ERR(dst))
1512                 return;
1513
1514         rt = (struct rt6_info *) dst;
1515
1516         if (rt->rt6i_flags & RTF_GATEWAY) {
1517                 ND_PRINTK(2, warn,
1518                           "Redirect: destination is not a neighbour\n");
1519                 goto release;
1520         }
1521         if (!rt->rt6i_peer)
1522                 rt6_bind_peer(rt, 1);
1523         if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1524                 goto release;
1525
1526         if (dev->addr_len) {
1527                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1528                 if (!neigh) {
1529                         ND_PRINTK(2, warn,
1530                                   "Redirect: no neigh for target address\n");
1531                         goto release;
1532                 }
1533
1534                 read_lock_bh(&neigh->lock);
1535                 if (neigh->nud_state & NUD_VALID) {
1536                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1537                         read_unlock_bh(&neigh->lock);
1538                         ha = ha_buf;
1539                         len += ndisc_opt_addr_space(dev);
1540                 } else
1541                         read_unlock_bh(&neigh->lock);
1542
1543                 neigh_release(neigh);
1544         }
1545
1546         rd_len = min_t(unsigned int,
1547                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1548         rd_len &= ~0x7;
1549         len += rd_len;
1550
1551         hlen = LL_RESERVED_SPACE(dev);
1552         tlen = dev->needed_tailroom;
1553         buff = sock_alloc_send_skb(sk,
1554                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1555                                     len + hlen + tlen),
1556                                    1, &err);
1557         if (buff == NULL) {
1558                 ND_PRINTK(0, err,
1559                           "Redirect: %s failed to allocate an skb, err=%d\n",
1560                           __func__, err);
1561                 goto release;
1562         }
1563
1564         skb_reserve(buff, hlen);
1565         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1566                    IPPROTO_ICMPV6, len);
1567
1568         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1569         skb_put(buff, len);
1570         icmph = icmp6_hdr(buff);
1571
1572         memset(icmph, 0, sizeof(struct icmp6hdr));
1573         icmph->icmp6_type = NDISC_REDIRECT;
1574
1575         /*
1576          *      copy target and destination addresses
1577          */
1578
1579         addrp = (struct in6_addr *)(icmph + 1);
1580         *addrp = *target;
1581         addrp++;
1582         *addrp = ipv6_hdr(skb)->daddr;
1583
1584         opt = (u8*) (addrp + 1);
1585
1586         /*
1587          *      include target_address option
1588          */
1589
1590         if (ha)
1591                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1592                                              dev->addr_len, dev->type);
1593
1594         /*
1595          *      build redirect option and copy skb over to the new packet.
1596          */
1597
1598         memset(opt, 0, 8);
1599         *(opt++) = ND_OPT_REDIRECT_HDR;
1600         *(opt++) = (rd_len >> 3);
1601         opt += 6;
1602
1603         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1604
1605         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1606                                              len, IPPROTO_ICMPV6,
1607                                              csum_partial(icmph, len, 0));
1608
1609         skb_dst_set(buff, dst);
1610         rcu_read_lock();
1611         idev = __in6_dev_get(dst->dev);
1612         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1613         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1614                       dst_output);
1615         if (!err) {
1616                 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1617                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1618         }
1619
1620         rcu_read_unlock();
1621         return;
1622
1623 release:
1624         dst_release(dst);
1625 }
1626
1627 static void pndisc_redo(struct sk_buff *skb)
1628 {
1629         ndisc_recv_ns(skb);
1630         kfree_skb(skb);
1631 }
1632
1633 int ndisc_rcv(struct sk_buff *skb)
1634 {
1635         struct nd_msg *msg;
1636
1637         if (!pskb_may_pull(skb, skb->len))
1638                 return 0;
1639
1640         msg = (struct nd_msg *)skb_transport_header(skb);
1641
1642         __skb_push(skb, skb->data - skb_transport_header(skb));
1643
1644         if (ipv6_hdr(skb)->hop_limit != 255) {
1645                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1646                           ipv6_hdr(skb)->hop_limit);
1647                 return 0;
1648         }
1649
1650         if (msg->icmph.icmp6_code != 0) {
1651                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1652                           msg->icmph.icmp6_code);
1653                 return 0;
1654         }
1655
1656         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1657
1658         switch (msg->icmph.icmp6_type) {
1659         case NDISC_NEIGHBOUR_SOLICITATION:
1660                 ndisc_recv_ns(skb);
1661                 break;
1662
1663         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1664                 ndisc_recv_na(skb);
1665                 break;
1666
1667         case NDISC_ROUTER_SOLICITATION:
1668                 ndisc_recv_rs(skb);
1669                 break;
1670
1671         case NDISC_ROUTER_ADVERTISEMENT:
1672                 ndisc_router_discovery(skb);
1673                 break;
1674
1675         case NDISC_REDIRECT:
1676                 ndisc_redirect_rcv(skb);
1677                 break;
1678         }
1679
1680         return 0;
1681 }
1682
1683 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1684 {
1685         struct net_device *dev = ptr;
1686         struct net *net = dev_net(dev);
1687
1688         switch (event) {
1689         case NETDEV_CHANGEADDR:
1690                 neigh_changeaddr(&nd_tbl, dev);
1691                 fib6_run_gc(~0UL, net);
1692                 break;
1693         case NETDEV_DOWN:
1694                 neigh_ifdown(&nd_tbl, dev);
1695                 fib6_run_gc(~0UL, net);
1696                 break;
1697         case NETDEV_NOTIFY_PEERS:
1698                 ndisc_send_unsol_na(dev);
1699                 break;
1700         default:
1701                 break;
1702         }
1703
1704         return NOTIFY_DONE;
1705 }
1706
1707 static struct notifier_block ndisc_netdev_notifier = {
1708         .notifier_call = ndisc_netdev_event,
1709 };
1710
1711 #ifdef CONFIG_SYSCTL
1712 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1713                                          const char *func, const char *dev_name)
1714 {
1715         static char warncomm[TASK_COMM_LEN];
1716         static int warned;
1717         if (strcmp(warncomm, current->comm) && warned < 5) {
1718                 strcpy(warncomm, current->comm);
1719                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1720                         warncomm, func,
1721                         dev_name, ctl->procname,
1722                         dev_name, ctl->procname);
1723                 warned++;
1724         }
1725 }
1726
1727 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1728 {
1729         struct net_device *dev = ctl->extra1;
1730         struct inet6_dev *idev;
1731         int ret;
1732
1733         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1734             (strcmp(ctl->procname, "base_reachable_time") == 0))
1735                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1736
1737         if (strcmp(ctl->procname, "retrans_time") == 0)
1738                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1739
1740         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1741                 ret = proc_dointvec_jiffies(ctl, write,
1742                                             buffer, lenp, ppos);
1743
1744         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1745                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1746                 ret = proc_dointvec_ms_jiffies(ctl, write,
1747                                                buffer, lenp, ppos);
1748         else
1749                 ret = -1;
1750
1751         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1752                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1753                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1754                 idev->tstamp = jiffies;
1755                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1756                 in6_dev_put(idev);
1757         }
1758         return ret;
1759 }
1760
1761
1762 #endif
1763
1764 static int __net_init ndisc_net_init(struct net *net)
1765 {
1766         struct ipv6_pinfo *np;
1767         struct sock *sk;
1768         int err;
1769
1770         err = inet_ctl_sock_create(&sk, PF_INET6,
1771                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1772         if (err < 0) {
1773                 ND_PRINTK(0, err,
1774                           "NDISC: Failed to initialize the control socket (err %d)\n",
1775                           err);
1776                 return err;
1777         }
1778
1779         net->ipv6.ndisc_sk = sk;
1780
1781         np = inet6_sk(sk);
1782         np->hop_limit = 255;
1783         /* Do not loopback ndisc messages */
1784         np->mc_loop = 0;
1785
1786         return 0;
1787 }
1788
1789 static void __net_exit ndisc_net_exit(struct net *net)
1790 {
1791         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1792 }
1793
1794 static struct pernet_operations ndisc_net_ops = {
1795         .init = ndisc_net_init,
1796         .exit = ndisc_net_exit,
1797 };
1798
1799 int __init ndisc_init(void)
1800 {
1801         int err;
1802
1803         err = register_pernet_subsys(&ndisc_net_ops);
1804         if (err)
1805                 return err;
1806         /*
1807          * Initialize the neighbour table
1808          */
1809         neigh_table_init(&nd_tbl);
1810
1811 #ifdef CONFIG_SYSCTL
1812         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1813                                     &ndisc_ifinfo_sysctl_change);
1814         if (err)
1815                 goto out_unregister_pernet;
1816 #endif
1817         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1818         if (err)
1819                 goto out_unregister_sysctl;
1820 out:
1821         return err;
1822
1823 out_unregister_sysctl:
1824 #ifdef CONFIG_SYSCTL
1825         neigh_sysctl_unregister(&nd_tbl.parms);
1826 out_unregister_pernet:
1827 #endif
1828         unregister_pernet_subsys(&ndisc_net_ops);
1829         goto out;
1830 }
1831
1832 void ndisc_cleanup(void)
1833 {
1834         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1835 #ifdef CONFIG_SYSCTL
1836         neigh_sysctl_unregister(&nd_tbl.parms);
1837 #endif
1838         neigh_table_clear(&nd_tbl);
1839         unregister_pernet_subsys(&ndisc_net_ops);
1840 }