xref: /linux/net/ipv6/ndisc.c (revision 24bce201d79807b668bf9d9e0aca801c5c0d5f78)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Neighbour Discovery for IPv6
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  *	Mike Shaver		<shaver@ingenia.com>
9  */
10 
11 /*
12  *	Changes:
13  *
14  *	Alexey I. Froloff		:	RFC6106 (DNSSL) support
15  *	Pierre Ynard			:	export userland ND options
16  *						through netlink (RDNSS support)
17  *	Lars Fenneberg			:	fixed MTU setting on receipt
18  *						of an RA.
19  *	Janos Farkas			:	kmalloc failure checks
20  *	Alexey Kuznetsov		:	state machine reworked
21  *						and moved to net/core.
22  *	Pekka Savola			:	RFC2461 validation
23  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
24  */
25 
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27 
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43 
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50 
51 #include <net/sock.h>
52 #include <net/snmp.h>
53 
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60 
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63 
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68 
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71 
72 static u32 ndisc_hash(const void *pkey,
73 		      const struct net_device *dev,
74 		      __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 			    struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85 
86 static const struct neigh_ops ndisc_generic_ops = {
87 	.family =		AF_INET6,
88 	.solicit =		ndisc_solicit,
89 	.error_report =		ndisc_error_report,
90 	.output =		neigh_resolve_output,
91 	.connected_output =	neigh_connected_output,
92 };
93 
94 static const struct neigh_ops ndisc_hh_ops = {
95 	.family =		AF_INET6,
96 	.solicit =		ndisc_solicit,
97 	.error_report =		ndisc_error_report,
98 	.output =		neigh_resolve_output,
99 	.connected_output =	neigh_resolve_output,
100 };
101 
102 
103 static const struct neigh_ops ndisc_direct_ops = {
104 	.family =		AF_INET6,
105 	.output =		neigh_direct_output,
106 	.connected_output =	neigh_direct_output,
107 };
108 
109 struct neigh_table nd_tbl = {
110 	.family =	AF_INET6,
111 	.key_len =	sizeof(struct in6_addr),
112 	.protocol =	cpu_to_be16(ETH_P_IPV6),
113 	.hash =		ndisc_hash,
114 	.key_eq =	ndisc_key_eq,
115 	.constructor =	ndisc_constructor,
116 	.pconstructor =	pndisc_constructor,
117 	.pdestructor =	pndisc_destructor,
118 	.proxy_redo =	pndisc_redo,
119 	.is_multicast =	ndisc_is_multicast,
120 	.allow_add  =   ndisc_allow_add,
121 	.id =		"ndisc_cache",
122 	.parms = {
123 		.tbl			= &nd_tbl,
124 		.reachable_time		= ND_REACHABLE_TIME,
125 		.data = {
126 			[NEIGH_VAR_MCAST_PROBES] = 3,
127 			[NEIGH_VAR_UCAST_PROBES] = 3,
128 			[NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 			[NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 			[NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 			[NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 			[NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 			[NEIGH_VAR_PROXY_QLEN] = 64,
134 			[NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 			[NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 		},
137 	},
138 	.gc_interval =	  30 * HZ,
139 	.gc_thresh1 =	 128,
140 	.gc_thresh2 =	 512,
141 	.gc_thresh3 =	1024,
142 };
143 EXPORT_SYMBOL_GPL(nd_tbl);
144 
145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
146 			      int data_len, int pad)
147 {
148 	int space = __ndisc_opt_addr_space(data_len, pad);
149 	u8 *opt = skb_put(skb, space);
150 
151 	opt[0] = type;
152 	opt[1] = space>>3;
153 
154 	memset(opt + 2, 0, pad);
155 	opt   += pad;
156 	space -= pad;
157 
158 	memcpy(opt+2, data, data_len);
159 	data_len += 2;
160 	opt += data_len;
161 	space -= data_len;
162 	if (space > 0)
163 		memset(opt, 0, space);
164 }
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166 
167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 					  const void *data, u8 icmp6_type)
169 {
170 	__ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 				 ndisc_addr_option_pad(skb->dev->type));
172 	ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173 }
174 
175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 						   void *ha,
177 						   const u8 *ops_data)
178 {
179 	ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 	ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
181 }
182 
183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 					    struct nd_opt_hdr *end)
185 {
186 	int type;
187 	if (!cur || !end || cur >= end)
188 		return NULL;
189 	type = cur->nd_opt_type;
190 	do {
191 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 	} while (cur < end && cur->nd_opt_type != type);
193 	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
194 }
195 
196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 				   struct nd_opt_hdr *opt)
198 {
199 	return opt->nd_opt_type == ND_OPT_RDNSS ||
200 		opt->nd_opt_type == ND_OPT_DNSSL ||
201 		opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 		opt->nd_opt_type == ND_OPT_PREF64 ||
203 		ndisc_ops_is_useropt(dev, opt->nd_opt_type);
204 }
205 
206 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 					     struct nd_opt_hdr *cur,
208 					     struct nd_opt_hdr *end)
209 {
210 	if (!cur || !end || cur >= end)
211 		return NULL;
212 	do {
213 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 	} while (cur < end && !ndisc_is_useropt(dev, cur));
215 	return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
216 }
217 
218 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 					  u8 *opt, int opt_len,
220 					  struct ndisc_options *ndopts)
221 {
222 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223 
224 	if (!nd_opt || opt_len < 0 || !ndopts)
225 		return NULL;
226 	memset(ndopts, 0, sizeof(*ndopts));
227 	while (opt_len) {
228 		int l;
229 		if (opt_len < sizeof(struct nd_opt_hdr))
230 			return NULL;
231 		l = nd_opt->nd_opt_len << 3;
232 		if (opt_len < l || l == 0)
233 			return NULL;
234 		if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 			goto next_opt;
236 		switch (nd_opt->nd_opt_type) {
237 		case ND_OPT_SOURCE_LL_ADDR:
238 		case ND_OPT_TARGET_LL_ADDR:
239 		case ND_OPT_MTU:
240 		case ND_OPT_NONCE:
241 		case ND_OPT_REDIRECT_HDR:
242 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 				ND_PRINTK(2, warn,
244 					  "%s: duplicated ND6 option found: type=%d\n",
245 					  __func__, nd_opt->nd_opt_type);
246 			} else {
247 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 			}
249 			break;
250 		case ND_OPT_PREFIX_INFO:
251 			ndopts->nd_opts_pi_end = nd_opt;
252 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 			break;
255 #ifdef CONFIG_IPV6_ROUTE_INFO
256 		case ND_OPT_ROUTE_INFO:
257 			ndopts->nd_opts_ri_end = nd_opt;
258 			if (!ndopts->nd_opts_ri)
259 				ndopts->nd_opts_ri = nd_opt;
260 			break;
261 #endif
262 		default:
263 			if (ndisc_is_useropt(dev, nd_opt)) {
264 				ndopts->nd_useropts_end = nd_opt;
265 				if (!ndopts->nd_useropts)
266 					ndopts->nd_useropts = nd_opt;
267 			} else {
268 				/*
269 				 * Unknown options must be silently ignored,
270 				 * to accommodate future extension to the
271 				 * protocol.
272 				 */
273 				ND_PRINTK(2, notice,
274 					  "%s: ignored unsupported option; type=%d, len=%d\n",
275 					  __func__,
276 					  nd_opt->nd_opt_type,
277 					  nd_opt->nd_opt_len);
278 			}
279 		}
280 next_opt:
281 		opt_len -= l;
282 		nd_opt = ((void *)nd_opt) + l;
283 	}
284 	return ndopts;
285 }
286 
287 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
288 {
289 	switch (dev->type) {
290 	case ARPHRD_ETHER:
291 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
292 	case ARPHRD_FDDI:
293 		ipv6_eth_mc_map(addr, buf);
294 		return 0;
295 	case ARPHRD_ARCNET:
296 		ipv6_arcnet_mc_map(addr, buf);
297 		return 0;
298 	case ARPHRD_INFINIBAND:
299 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
300 		return 0;
301 	case ARPHRD_IPGRE:
302 		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
303 	default:
304 		if (dir) {
305 			memcpy(buf, dev->broadcast, dev->addr_len);
306 			return 0;
307 		}
308 	}
309 	return -EINVAL;
310 }
311 EXPORT_SYMBOL(ndisc_mc_map);
312 
313 static u32 ndisc_hash(const void *pkey,
314 		      const struct net_device *dev,
315 		      __u32 *hash_rnd)
316 {
317 	return ndisc_hashfn(pkey, dev, hash_rnd);
318 }
319 
320 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321 {
322 	return neigh_key_eq128(n, pkey);
323 }
324 
325 static int ndisc_constructor(struct neighbour *neigh)
326 {
327 	struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 	struct net_device *dev = neigh->dev;
329 	struct inet6_dev *in6_dev;
330 	struct neigh_parms *parms;
331 	bool is_multicast = ipv6_addr_is_multicast(addr);
332 
333 	in6_dev = in6_dev_get(dev);
334 	if (!in6_dev) {
335 		return -EINVAL;
336 	}
337 
338 	parms = in6_dev->nd_parms;
339 	__neigh_parms_put(neigh->parms);
340 	neigh->parms = neigh_parms_clone(parms);
341 
342 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 	if (!dev->header_ops) {
344 		neigh->nud_state = NUD_NOARP;
345 		neigh->ops = &ndisc_direct_ops;
346 		neigh->output = neigh_direct_output;
347 	} else {
348 		if (is_multicast) {
349 			neigh->nud_state = NUD_NOARP;
350 			ndisc_mc_map(addr, neigh->ha, dev, 1);
351 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 			neigh->nud_state = NUD_NOARP;
353 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 			if (dev->flags&IFF_LOOPBACK)
355 				neigh->type = RTN_LOCAL;
356 		} else if (dev->flags&IFF_POINTOPOINT) {
357 			neigh->nud_state = NUD_NOARP;
358 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 		}
360 		if (dev->header_ops->cache)
361 			neigh->ops = &ndisc_hh_ops;
362 		else
363 			neigh->ops = &ndisc_generic_ops;
364 		if (neigh->nud_state&NUD_VALID)
365 			neigh->output = neigh->ops->connected_output;
366 		else
367 			neigh->output = neigh->ops->output;
368 	}
369 	in6_dev_put(in6_dev);
370 	return 0;
371 }
372 
373 static int pndisc_constructor(struct pneigh_entry *n)
374 {
375 	struct in6_addr *addr = (struct in6_addr *)&n->key;
376 	struct in6_addr maddr;
377 	struct net_device *dev = n->dev;
378 
379 	if (!dev || !__in6_dev_get(dev))
380 		return -EINVAL;
381 	addrconf_addr_solict_mult(addr, &maddr);
382 	ipv6_dev_mc_inc(dev, &maddr);
383 	return 0;
384 }
385 
386 static void pndisc_destructor(struct pneigh_entry *n)
387 {
388 	struct in6_addr *addr = (struct in6_addr *)&n->key;
389 	struct in6_addr maddr;
390 	struct net_device *dev = n->dev;
391 
392 	if (!dev || !__in6_dev_get(dev))
393 		return;
394 	addrconf_addr_solict_mult(addr, &maddr);
395 	ipv6_dev_mc_dec(dev, &maddr);
396 }
397 
398 /* called with rtnl held */
399 static bool ndisc_allow_add(const struct net_device *dev,
400 			    struct netlink_ext_ack *extack)
401 {
402 	struct inet6_dev *idev = __in6_dev_get(dev);
403 
404 	if (!idev || idev->cnf.disable_ipv6) {
405 		NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 		return false;
407 	}
408 
409 	return true;
410 }
411 
412 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 				       int len)
414 {
415 	int hlen = LL_RESERVED_SPACE(dev);
416 	int tlen = dev->needed_tailroom;
417 	struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 	struct sk_buff *skb;
419 
420 	skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 	if (!skb) {
422 		ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 			  __func__);
424 		return NULL;
425 	}
426 
427 	skb->protocol = htons(ETH_P_IPV6);
428 	skb->dev = dev;
429 
430 	skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 	skb_reset_transport_header(skb);
432 
433 	/* Manually assign socket ownership as we avoid calling
434 	 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 	 */
436 	skb_set_owner_w(skb, sk);
437 
438 	return skb;
439 }
440 
441 static void ip6_nd_hdr(struct sk_buff *skb,
442 		       const struct in6_addr *saddr,
443 		       const struct in6_addr *daddr,
444 		       int hop_limit, int len)
445 {
446 	struct ipv6hdr *hdr;
447 	struct inet6_dev *idev;
448 	unsigned tclass;
449 
450 	rcu_read_lock();
451 	idev = __in6_dev_get(skb->dev);
452 	tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 	rcu_read_unlock();
454 
455 	skb_push(skb, sizeof(*hdr));
456 	skb_reset_network_header(skb);
457 	hdr = ipv6_hdr(skb);
458 
459 	ip6_flow_hdr(hdr, tclass, 0);
460 
461 	hdr->payload_len = htons(len);
462 	hdr->nexthdr = IPPROTO_ICMPV6;
463 	hdr->hop_limit = hop_limit;
464 
465 	hdr->saddr = *saddr;
466 	hdr->daddr = *daddr;
467 }
468 
469 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
470 		    const struct in6_addr *saddr)
471 {
472 	struct dst_entry *dst = skb_dst(skb);
473 	struct net *net = dev_net(skb->dev);
474 	struct sock *sk = net->ipv6.ndisc_sk;
475 	struct inet6_dev *idev;
476 	int err;
477 	struct icmp6hdr *icmp6h = icmp6_hdr(skb);
478 	u8 type;
479 
480 	type = icmp6h->icmp6_type;
481 
482 	if (!dst) {
483 		struct flowi6 fl6;
484 		int oif = skb->dev->ifindex;
485 
486 		icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
487 		dst = icmp6_dst_alloc(skb->dev, &fl6);
488 		if (IS_ERR(dst)) {
489 			kfree_skb(skb);
490 			return;
491 		}
492 
493 		skb_dst_set(skb, dst);
494 	}
495 
496 	icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
497 					      IPPROTO_ICMPV6,
498 					      csum_partial(icmp6h,
499 							   skb->len, 0));
500 
501 	ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
502 
503 	rcu_read_lock();
504 	idev = __in6_dev_get(dst->dev);
505 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
506 
507 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
508 		      net, sk, skb, NULL, dst->dev,
509 		      dst_output);
510 	if (!err) {
511 		ICMP6MSGOUT_INC_STATS(net, idev, type);
512 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
513 	}
514 
515 	rcu_read_unlock();
516 }
517 EXPORT_SYMBOL(ndisc_send_skb);
518 
519 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 		   const struct in6_addr *solicited_addr,
521 		   bool router, bool solicited, bool override, bool inc_opt)
522 {
523 	struct sk_buff *skb;
524 	struct in6_addr tmpaddr;
525 	struct inet6_ifaddr *ifp;
526 	const struct in6_addr *src_addr;
527 	struct nd_msg *msg;
528 	int optlen = 0;
529 
530 	/* for anycast or proxy, solicited_addr != src_addr */
531 	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 	if (ifp) {
533 		src_addr = solicited_addr;
534 		if (ifp->flags & IFA_F_OPTIMISTIC)
535 			override = false;
536 		inc_opt |= ifp->idev->cnf.force_tllao;
537 		in6_ifa_put(ifp);
538 	} else {
539 		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
541 				       &tmpaddr))
542 			return;
543 		src_addr = &tmpaddr;
544 	}
545 
546 	if (!dev->addr_len)
547 		inc_opt = false;
548 	if (inc_opt)
549 		optlen += ndisc_opt_addr_space(dev,
550 					       NDISC_NEIGHBOUR_ADVERTISEMENT);
551 
552 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
553 	if (!skb)
554 		return;
555 
556 	msg = skb_put(skb, sizeof(*msg));
557 	*msg = (struct nd_msg) {
558 		.icmph = {
559 			.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 			.icmp6_router = router,
561 			.icmp6_solicited = solicited,
562 			.icmp6_override = override,
563 		},
564 		.target = *solicited_addr,
565 	};
566 
567 	if (inc_opt)
568 		ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 				       dev->dev_addr,
570 				       NDISC_NEIGHBOUR_ADVERTISEMENT);
571 
572 	ndisc_send_skb(skb, daddr, src_addr);
573 }
574 
575 static void ndisc_send_unsol_na(struct net_device *dev)
576 {
577 	struct inet6_dev *idev;
578 	struct inet6_ifaddr *ifa;
579 
580 	idev = in6_dev_get(dev);
581 	if (!idev)
582 		return;
583 
584 	read_lock_bh(&idev->lock);
585 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
586 		/* skip tentative addresses until dad completes */
587 		if (ifa->flags & IFA_F_TENTATIVE &&
588 		    !(ifa->flags & IFA_F_OPTIMISTIC))
589 			continue;
590 
591 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 			      /*router=*/ !!idev->cnf.forwarding,
593 			      /*solicited=*/ false, /*override=*/ true,
594 			      /*inc_opt=*/ true);
595 	}
596 	read_unlock_bh(&idev->lock);
597 
598 	in6_dev_put(idev);
599 }
600 
601 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
602 				const struct in6_addr *saddr, u64 nonce)
603 {
604 	int inc_opt = dev->addr_len;
605 	struct sk_buff *skb;
606 	struct nd_msg *msg;
607 	int optlen = 0;
608 
609 	if (!saddr)
610 		return NULL;
611 
612 	if (ipv6_addr_any(saddr))
613 		inc_opt = false;
614 	if (inc_opt)
615 		optlen += ndisc_opt_addr_space(dev,
616 					       NDISC_NEIGHBOUR_SOLICITATION);
617 	if (nonce != 0)
618 		optlen += 8;
619 
620 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
621 	if (!skb)
622 		return NULL;
623 
624 	msg = skb_put(skb, sizeof(*msg));
625 	*msg = (struct nd_msg) {
626 		.icmph = {
627 			.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
628 		},
629 		.target = *solicit,
630 	};
631 
632 	if (inc_opt)
633 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
634 				       dev->dev_addr,
635 				       NDISC_NEIGHBOUR_SOLICITATION);
636 	if (nonce != 0) {
637 		u8 *opt = skb_put(skb, 8);
638 
639 		opt[0] = ND_OPT_NONCE;
640 		opt[1] = 8 >> 3;
641 		memcpy(opt + 2, &nonce, 6);
642 	}
643 
644 	return skb;
645 }
646 EXPORT_SYMBOL(ndisc_ns_create);
647 
648 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
649 		   const struct in6_addr *daddr, const struct in6_addr *saddr,
650 		   u64 nonce)
651 {
652 	struct in6_addr addr_buf;
653 	struct sk_buff *skb;
654 
655 	if (!saddr) {
656 		if (ipv6_get_lladdr(dev, &addr_buf,
657 				    (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
658 			return;
659 		saddr = &addr_buf;
660 	}
661 
662 	skb = ndisc_ns_create(dev, solicit, saddr, nonce);
663 
664 	if (skb)
665 		ndisc_send_skb(skb, daddr, saddr);
666 }
667 
668 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
669 		   const struct in6_addr *daddr)
670 {
671 	struct sk_buff *skb;
672 	struct rs_msg *msg;
673 	int send_sllao = dev->addr_len;
674 	int optlen = 0;
675 
676 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
677 	/*
678 	 * According to section 2.2 of RFC 4429, we must not
679 	 * send router solicitations with a sllao from
680 	 * optimistic addresses, but we may send the solicitation
681 	 * if we don't include the sllao.  So here we check
682 	 * if our address is optimistic, and if so, we
683 	 * suppress the inclusion of the sllao.
684 	 */
685 	if (send_sllao) {
686 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
687 							   dev, 1);
688 		if (ifp) {
689 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
690 				send_sllao = 0;
691 			}
692 			in6_ifa_put(ifp);
693 		} else {
694 			send_sllao = 0;
695 		}
696 	}
697 #endif
698 	if (send_sllao)
699 		optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
700 
701 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
702 	if (!skb)
703 		return;
704 
705 	msg = skb_put(skb, sizeof(*msg));
706 	*msg = (struct rs_msg) {
707 		.icmph = {
708 			.icmp6_type = NDISC_ROUTER_SOLICITATION,
709 		},
710 	};
711 
712 	if (send_sllao)
713 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
714 				       dev->dev_addr,
715 				       NDISC_ROUTER_SOLICITATION);
716 
717 	ndisc_send_skb(skb, daddr, saddr);
718 }
719 
720 
721 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
722 {
723 	/*
724 	 *	"The sender MUST return an ICMP
725 	 *	 destination unreachable"
726 	 */
727 	dst_link_failure(skb);
728 	kfree_skb(skb);
729 }
730 
731 /* Called with locked neigh: either read or both */
732 
733 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
734 {
735 	struct in6_addr *saddr = NULL;
736 	struct in6_addr mcaddr;
737 	struct net_device *dev = neigh->dev;
738 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
739 	int probes = atomic_read(&neigh->probes);
740 
741 	if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
742 					   dev, false, 1,
743 					   IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
744 		saddr = &ipv6_hdr(skb)->saddr;
745 	probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
746 	if (probes < 0) {
747 		if (!(neigh->nud_state & NUD_VALID)) {
748 			ND_PRINTK(1, dbg,
749 				  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
750 				  __func__, target);
751 		}
752 		ndisc_send_ns(dev, target, target, saddr, 0);
753 	} else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
754 		neigh_app_ns(neigh);
755 	} else {
756 		addrconf_addr_solict_mult(target, &mcaddr);
757 		ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
758 	}
759 }
760 
761 static int pndisc_is_router(const void *pkey,
762 			    struct net_device *dev)
763 {
764 	struct pneigh_entry *n;
765 	int ret = -1;
766 
767 	read_lock_bh(&nd_tbl.lock);
768 	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
769 	if (n)
770 		ret = !!(n->flags & NTF_ROUTER);
771 	read_unlock_bh(&nd_tbl.lock);
772 
773 	return ret;
774 }
775 
776 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
777 		  const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
778 		  struct ndisc_options *ndopts)
779 {
780 	neigh_update(neigh, lladdr, new, flags, 0);
781 	/* report ndisc ops about neighbour update */
782 	ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
783 }
784 
785 static void ndisc_recv_ns(struct sk_buff *skb)
786 {
787 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
788 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
789 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
790 	u8 *lladdr = NULL;
791 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
792 				    offsetof(struct nd_msg, opt));
793 	struct ndisc_options ndopts;
794 	struct net_device *dev = skb->dev;
795 	struct inet6_ifaddr *ifp;
796 	struct inet6_dev *idev = NULL;
797 	struct neighbour *neigh;
798 	int dad = ipv6_addr_any(saddr);
799 	bool inc;
800 	int is_router = -1;
801 	u64 nonce = 0;
802 
803 	if (skb->len < sizeof(struct nd_msg)) {
804 		ND_PRINTK(2, warn, "NS: packet too short\n");
805 		return;
806 	}
807 
808 	if (ipv6_addr_is_multicast(&msg->target)) {
809 		ND_PRINTK(2, warn, "NS: multicast target address\n");
810 		return;
811 	}
812 
813 	/*
814 	 * RFC2461 7.1.1:
815 	 * DAD has to be destined for solicited node multicast address.
816 	 */
817 	if (dad && !ipv6_addr_is_solict_mult(daddr)) {
818 		ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
819 		return;
820 	}
821 
822 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
823 		ND_PRINTK(2, warn, "NS: invalid ND options\n");
824 		return;
825 	}
826 
827 	if (ndopts.nd_opts_src_lladdr) {
828 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
829 		if (!lladdr) {
830 			ND_PRINTK(2, warn,
831 				  "NS: invalid link-layer address length\n");
832 			return;
833 		}
834 
835 		/* RFC2461 7.1.1:
836 		 *	If the IP source address is the unspecified address,
837 		 *	there MUST NOT be source link-layer address option
838 		 *	in the message.
839 		 */
840 		if (dad) {
841 			ND_PRINTK(2, warn,
842 				  "NS: bad DAD packet (link-layer address option)\n");
843 			return;
844 		}
845 	}
846 	if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
847 		memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
848 
849 	inc = ipv6_addr_is_multicast(daddr);
850 
851 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
852 	if (ifp) {
853 have_ifp:
854 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
855 			if (dad) {
856 				if (nonce != 0 && ifp->dad_nonce == nonce) {
857 					u8 *np = (u8 *)&nonce;
858 					/* Matching nonce if looped back */
859 					ND_PRINTK(2, notice,
860 						  "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
861 						  ifp->idev->dev->name,
862 						  &ifp->addr, np);
863 					goto out;
864 				}
865 				/*
866 				 * We are colliding with another node
867 				 * who is doing DAD
868 				 * so fail our DAD process
869 				 */
870 				addrconf_dad_failure(skb, ifp);
871 				return;
872 			} else {
873 				/*
874 				 * This is not a dad solicitation.
875 				 * If we are an optimistic node,
876 				 * we should respond.
877 				 * Otherwise, we should ignore it.
878 				 */
879 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
880 					goto out;
881 			}
882 		}
883 
884 		idev = ifp->idev;
885 	} else {
886 		struct net *net = dev_net(dev);
887 
888 		/* perhaps an address on the master device */
889 		if (netif_is_l3_slave(dev)) {
890 			struct net_device *mdev;
891 
892 			mdev = netdev_master_upper_dev_get_rcu(dev);
893 			if (mdev) {
894 				ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
895 				if (ifp)
896 					goto have_ifp;
897 			}
898 		}
899 
900 		idev = in6_dev_get(dev);
901 		if (!idev) {
902 			/* XXX: count this drop? */
903 			return;
904 		}
905 
906 		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
907 		    (idev->cnf.forwarding &&
908 		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
909 		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
910 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
911 			    skb->pkt_type != PACKET_HOST &&
912 			    inc &&
913 			    NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
914 				/*
915 				 * for anycast or proxy,
916 				 * sender should delay its response
917 				 * by a random time between 0 and
918 				 * MAX_ANYCAST_DELAY_TIME seconds.
919 				 * (RFC2461) -- yoshfuji
920 				 */
921 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
922 				if (n)
923 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
924 				goto out;
925 			}
926 		} else
927 			goto out;
928 	}
929 
930 	if (is_router < 0)
931 		is_router = idev->cnf.forwarding;
932 
933 	if (dad) {
934 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
935 			      !!is_router, false, (ifp != NULL), true);
936 		goto out;
937 	}
938 
939 	if (inc)
940 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
941 	else
942 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
943 
944 	/*
945 	 *	update / create cache entry
946 	 *	for the source address
947 	 */
948 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
949 			       !inc || lladdr || !dev->addr_len);
950 	if (neigh)
951 		ndisc_update(dev, neigh, lladdr, NUD_STALE,
952 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
953 			     NEIGH_UPDATE_F_OVERRIDE,
954 			     NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
955 	if (neigh || !dev->header_ops) {
956 		ndisc_send_na(dev, saddr, &msg->target, !!is_router,
957 			      true, (ifp != NULL && inc), inc);
958 		if (neigh)
959 			neigh_release(neigh);
960 	}
961 
962 out:
963 	if (ifp)
964 		in6_ifa_put(ifp);
965 	else
966 		in6_dev_put(idev);
967 }
968 
969 static void ndisc_recv_na(struct sk_buff *skb)
970 {
971 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
972 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
974 	u8 *lladdr = NULL;
975 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
976 				    offsetof(struct nd_msg, opt));
977 	struct ndisc_options ndopts;
978 	struct net_device *dev = skb->dev;
979 	struct inet6_dev *idev = __in6_dev_get(dev);
980 	struct inet6_ifaddr *ifp;
981 	struct neighbour *neigh;
982 	u8 new_state;
983 
984 	if (skb->len < sizeof(struct nd_msg)) {
985 		ND_PRINTK(2, warn, "NA: packet too short\n");
986 		return;
987 	}
988 
989 	if (ipv6_addr_is_multicast(&msg->target)) {
990 		ND_PRINTK(2, warn, "NA: target address is multicast\n");
991 		return;
992 	}
993 
994 	if (ipv6_addr_is_multicast(daddr) &&
995 	    msg->icmph.icmp6_solicited) {
996 		ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
997 		return;
998 	}
999 
1000 	/* For some 802.11 wireless deployments (and possibly other networks),
1001 	 * there will be a NA proxy and unsolicitd packets are attacks
1002 	 * and thus should not be accepted.
1003 	 * drop_unsolicited_na takes precedence over accept_untracked_na
1004 	 */
1005 	if (!msg->icmph.icmp6_solicited && idev &&
1006 	    idev->cnf.drop_unsolicited_na)
1007 		return;
1008 
1009 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
1010 		ND_PRINTK(2, warn, "NS: invalid ND option\n");
1011 		return;
1012 	}
1013 	if (ndopts.nd_opts_tgt_lladdr) {
1014 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1015 		if (!lladdr) {
1016 			ND_PRINTK(2, warn,
1017 				  "NA: invalid link-layer address length\n");
1018 			return;
1019 		}
1020 	}
1021 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1022 	if (ifp) {
1023 		if (skb->pkt_type != PACKET_LOOPBACK
1024 		    && (ifp->flags & IFA_F_TENTATIVE)) {
1025 				addrconf_dad_failure(skb, ifp);
1026 				return;
1027 		}
1028 		/* What should we make now? The advertisement
1029 		   is invalid, but ndisc specs say nothing
1030 		   about it. It could be misconfiguration, or
1031 		   an smart proxy agent tries to help us :-)
1032 
1033 		   We should not print the error if NA has been
1034 		   received from loopback - it is just our own
1035 		   unsolicited advertisement.
1036 		 */
1037 		if (skb->pkt_type != PACKET_LOOPBACK)
1038 			ND_PRINTK(1, warn,
1039 				  "NA: %pM advertised our address %pI6c on %s!\n",
1040 				  eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1041 		in6_ifa_put(ifp);
1042 		return;
1043 	}
1044 
1045 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1046 
1047 	/* RFC 9131 updates original Neighbour Discovery RFC 4861.
1048 	 * NAs with Target LL Address option without a corresponding
1049 	 * entry in the neighbour cache can now create a STALE neighbour
1050 	 * cache entry on routers.
1051 	 *
1052 	 *   entry accept  fwding  solicited        behaviour
1053 	 * ------- ------  ------  ---------    ----------------------
1054 	 * present      X       X         0     Set state to STALE
1055 	 * present      X       X         1     Set state to REACHABLE
1056 	 *  absent      0       X         X     Do nothing
1057 	 *  absent      1       0         X     Do nothing
1058 	 *  absent      1       1         X     Add a new STALE entry
1059 	 *
1060 	 * Note that we don't do a (daddr == all-routers-mcast) check.
1061 	 */
1062 	new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1063 	if (!neigh && lladdr &&
1064 	    idev && idev->cnf.forwarding &&
1065 	    idev->cnf.accept_untracked_na) {
1066 		neigh = neigh_create(&nd_tbl, &msg->target, dev);
1067 		new_state = NUD_STALE;
1068 	}
1069 
1070 	if (neigh && !IS_ERR(neigh)) {
1071 		u8 old_flags = neigh->flags;
1072 		struct net *net = dev_net(dev);
1073 
1074 		if (neigh->nud_state & NUD_FAILED)
1075 			goto out;
1076 
1077 		/*
1078 		 * Don't update the neighbor cache entry on a proxy NA from
1079 		 * ourselves because either the proxied node is off link or it
1080 		 * has already sent a NA to us.
1081 		 */
1082 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1083 		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1084 		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1085 			/* XXX: idev->cnf.proxy_ndp */
1086 			goto out;
1087 		}
1088 
1089 		ndisc_update(dev, neigh, lladdr,
1090 			     new_state,
1091 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1092 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1093 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1094 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1095 			     NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1096 
1097 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1098 			/*
1099 			 * Change: router to host
1100 			 */
1101 			rt6_clean_tohost(dev_net(dev),  saddr);
1102 		}
1103 
1104 out:
1105 		neigh_release(neigh);
1106 	}
1107 }
1108 
1109 static void ndisc_recv_rs(struct sk_buff *skb)
1110 {
1111 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1112 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1113 	struct neighbour *neigh;
1114 	struct inet6_dev *idev;
1115 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1116 	struct ndisc_options ndopts;
1117 	u8 *lladdr = NULL;
1118 
1119 	if (skb->len < sizeof(*rs_msg))
1120 		return;
1121 
1122 	idev = __in6_dev_get(skb->dev);
1123 	if (!idev) {
1124 		ND_PRINTK(1, err, "RS: can't find in6 device\n");
1125 		return;
1126 	}
1127 
1128 	/* Don't accept RS if we're not in router mode */
1129 	if (!idev->cnf.forwarding)
1130 		goto out;
1131 
1132 	/*
1133 	 * Don't update NCE if src = ::;
1134 	 * this implies that the source node has no ip address assigned yet.
1135 	 */
1136 	if (ipv6_addr_any(saddr))
1137 		goto out;
1138 
1139 	/* Parse ND options */
1140 	if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1141 		ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1142 		goto out;
1143 	}
1144 
1145 	if (ndopts.nd_opts_src_lladdr) {
1146 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1147 					     skb->dev);
1148 		if (!lladdr)
1149 			goto out;
1150 	}
1151 
1152 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1153 	if (neigh) {
1154 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1155 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1156 			     NEIGH_UPDATE_F_OVERRIDE|
1157 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1158 			     NDISC_ROUTER_SOLICITATION, &ndopts);
1159 		neigh_release(neigh);
1160 	}
1161 out:
1162 	return;
1163 }
1164 
1165 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1166 {
1167 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1168 	struct sk_buff *skb;
1169 	struct nlmsghdr *nlh;
1170 	struct nduseroptmsg *ndmsg;
1171 	struct net *net = dev_net(ra->dev);
1172 	int err;
1173 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1174 				    + (opt->nd_opt_len << 3));
1175 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1176 
1177 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1178 	if (!skb) {
1179 		err = -ENOBUFS;
1180 		goto errout;
1181 	}
1182 
1183 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1184 	if (!nlh) {
1185 		goto nla_put_failure;
1186 	}
1187 
1188 	ndmsg = nlmsg_data(nlh);
1189 	ndmsg->nduseropt_family = AF_INET6;
1190 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1191 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1192 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1193 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1194 
1195 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1196 
1197 	if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1198 		goto nla_put_failure;
1199 	nlmsg_end(skb, nlh);
1200 
1201 	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1202 	return;
1203 
1204 nla_put_failure:
1205 	nlmsg_free(skb);
1206 	err = -EMSGSIZE;
1207 errout:
1208 	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1209 }
1210 
1211 static void ndisc_router_discovery(struct sk_buff *skb)
1212 {
1213 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1214 	struct neighbour *neigh = NULL;
1215 	struct inet6_dev *in6_dev;
1216 	struct fib6_info *rt = NULL;
1217 	u32 defrtr_usr_metric;
1218 	struct net *net;
1219 	int lifetime;
1220 	struct ndisc_options ndopts;
1221 	int optlen;
1222 	unsigned int pref = 0;
1223 	__u32 old_if_flags;
1224 	bool send_ifinfo_notify = false;
1225 
1226 	__u8 *opt = (__u8 *)(ra_msg + 1);
1227 
1228 	optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1229 		sizeof(struct ra_msg);
1230 
1231 	ND_PRINTK(2, info,
1232 		  "RA: %s, dev: %s\n",
1233 		  __func__, skb->dev->name);
1234 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1235 		ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1236 		return;
1237 	}
1238 	if (optlen < 0) {
1239 		ND_PRINTK(2, warn, "RA: packet too short\n");
1240 		return;
1241 	}
1242 
1243 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1244 	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1245 		ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1246 		return;
1247 	}
1248 #endif
1249 
1250 	/*
1251 	 *	set the RA_RECV flag in the interface
1252 	 */
1253 
1254 	in6_dev = __in6_dev_get(skb->dev);
1255 	if (!in6_dev) {
1256 		ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1257 			  skb->dev->name);
1258 		return;
1259 	}
1260 
1261 	if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1262 		ND_PRINTK(2, warn, "RA: invalid ND options\n");
1263 		return;
1264 	}
1265 
1266 	if (!ipv6_accept_ra(in6_dev)) {
1267 		ND_PRINTK(2, info,
1268 			  "RA: %s, did not accept ra for dev: %s\n",
1269 			  __func__, skb->dev->name);
1270 		goto skip_linkparms;
1271 	}
1272 
1273 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1274 	/* skip link-specific parameters from interior routers */
1275 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1276 		ND_PRINTK(2, info,
1277 			  "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1278 			  __func__, skb->dev->name);
1279 		goto skip_linkparms;
1280 	}
1281 #endif
1282 
1283 	if (in6_dev->if_flags & IF_RS_SENT) {
1284 		/*
1285 		 *	flag that an RA was received after an RS was sent
1286 		 *	out on this interface.
1287 		 */
1288 		in6_dev->if_flags |= IF_RA_RCVD;
1289 	}
1290 
1291 	/*
1292 	 * Remember the managed/otherconf flags from most recently
1293 	 * received RA message (RFC 2462) -- yoshfuji
1294 	 */
1295 	old_if_flags = in6_dev->if_flags;
1296 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1297 				IF_RA_OTHERCONF)) |
1298 				(ra_msg->icmph.icmp6_addrconf_managed ?
1299 					IF_RA_MANAGED : 0) |
1300 				(ra_msg->icmph.icmp6_addrconf_other ?
1301 					IF_RA_OTHERCONF : 0);
1302 
1303 	if (old_if_flags != in6_dev->if_flags)
1304 		send_ifinfo_notify = true;
1305 
1306 	if (!in6_dev->cnf.accept_ra_defrtr) {
1307 		ND_PRINTK(2, info,
1308 			  "RA: %s, defrtr is false for dev: %s\n",
1309 			  __func__, skb->dev->name);
1310 		goto skip_defrtr;
1311 	}
1312 
1313 	/* Do not accept RA with source-addr found on local machine unless
1314 	 * accept_ra_from_local is set to true.
1315 	 */
1316 	net = dev_net(in6_dev->dev);
1317 	if (!in6_dev->cnf.accept_ra_from_local &&
1318 	    ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1319 		ND_PRINTK(2, info,
1320 			  "RA from local address detected on dev: %s: default router ignored\n",
1321 			  skb->dev->name);
1322 		goto skip_defrtr;
1323 	}
1324 
1325 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1326 
1327 #ifdef CONFIG_IPV6_ROUTER_PREF
1328 	pref = ra_msg->icmph.icmp6_router_pref;
1329 	/* 10b is handled as if it were 00b (medium) */
1330 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1331 	    !in6_dev->cnf.accept_ra_rtr_pref)
1332 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1333 #endif
1334 	/* routes added from RAs do not use nexthop objects */
1335 	rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1336 	if (rt) {
1337 		neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1338 					 rt->fib6_nh->fib_nh_dev, NULL,
1339 					  &ipv6_hdr(skb)->saddr);
1340 		if (!neigh) {
1341 			ND_PRINTK(0, err,
1342 				  "RA: %s got default router without neighbour\n",
1343 				  __func__);
1344 			fib6_info_release(rt);
1345 			return;
1346 		}
1347 	}
1348 	/* Set default route metric as specified by user */
1349 	defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1350 	/* delete the route if lifetime is 0 or if metric needs change */
1351 	if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1352 		ip6_del_rt(net, rt, false);
1353 		rt = NULL;
1354 	}
1355 
1356 	ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, metric: %d, for dev: %s\n",
1357 		  rt, lifetime, defrtr_usr_metric, skb->dev->name);
1358 	if (!rt && lifetime) {
1359 		ND_PRINTK(3, info, "RA: adding default router\n");
1360 
1361 		rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1362 					 skb->dev, pref, defrtr_usr_metric);
1363 		if (!rt) {
1364 			ND_PRINTK(0, err,
1365 				  "RA: %s failed to add default route\n",
1366 				  __func__);
1367 			return;
1368 		}
1369 
1370 		neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1371 					 rt->fib6_nh->fib_nh_dev, NULL,
1372 					  &ipv6_hdr(skb)->saddr);
1373 		if (!neigh) {
1374 			ND_PRINTK(0, err,
1375 				  "RA: %s got default router without neighbour\n",
1376 				  __func__);
1377 			fib6_info_release(rt);
1378 			return;
1379 		}
1380 		neigh->flags |= NTF_ROUTER;
1381 	} else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1382 		struct nl_info nlinfo = {
1383 			.nl_net = net,
1384 		};
1385 		rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1386 		inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1387 	}
1388 
1389 	if (rt)
1390 		fib6_set_expires(rt, jiffies + (HZ * lifetime));
1391 	if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1392 	    ra_msg->icmph.icmp6_hop_limit) {
1393 		if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1394 			in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1395 			fib6_metric_set(rt, RTAX_HOPLIMIT,
1396 					ra_msg->icmph.icmp6_hop_limit);
1397 		} else {
1398 			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1399 		}
1400 	}
1401 
1402 skip_defrtr:
1403 
1404 	/*
1405 	 *	Update Reachable Time and Retrans Timer
1406 	 */
1407 
1408 	if (in6_dev->nd_parms) {
1409 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1410 
1411 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1412 			rtime = (rtime*HZ)/1000;
1413 			if (rtime < HZ/100)
1414 				rtime = HZ/100;
1415 			NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1416 			in6_dev->tstamp = jiffies;
1417 			send_ifinfo_notify = true;
1418 		}
1419 
1420 		rtime = ntohl(ra_msg->reachable_time);
1421 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1422 			rtime = (rtime*HZ)/1000;
1423 
1424 			if (rtime < HZ/10)
1425 				rtime = HZ/10;
1426 
1427 			if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1428 				NEIGH_VAR_SET(in6_dev->nd_parms,
1429 					      BASE_REACHABLE_TIME, rtime);
1430 				NEIGH_VAR_SET(in6_dev->nd_parms,
1431 					      GC_STALETIME, 3 * rtime);
1432 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1433 				in6_dev->tstamp = jiffies;
1434 				send_ifinfo_notify = true;
1435 			}
1436 		}
1437 	}
1438 
1439 skip_linkparms:
1440 
1441 	/*
1442 	 *	Process options.
1443 	 */
1444 
1445 	if (!neigh)
1446 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1447 				       skb->dev, 1);
1448 	if (neigh) {
1449 		u8 *lladdr = NULL;
1450 		if (ndopts.nd_opts_src_lladdr) {
1451 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1452 						     skb->dev);
1453 			if (!lladdr) {
1454 				ND_PRINTK(2, warn,
1455 					  "RA: invalid link-layer address length\n");
1456 				goto out;
1457 			}
1458 		}
1459 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1460 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1461 			     NEIGH_UPDATE_F_OVERRIDE|
1462 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1463 			     NEIGH_UPDATE_F_ISROUTER,
1464 			     NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1465 	}
1466 
1467 	if (!ipv6_accept_ra(in6_dev)) {
1468 		ND_PRINTK(2, info,
1469 			  "RA: %s, accept_ra is false for dev: %s\n",
1470 			  __func__, skb->dev->name);
1471 		goto out;
1472 	}
1473 
1474 #ifdef CONFIG_IPV6_ROUTE_INFO
1475 	if (!in6_dev->cnf.accept_ra_from_local &&
1476 	    ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1477 			  in6_dev->dev, 0)) {
1478 		ND_PRINTK(2, info,
1479 			  "RA from local address detected on dev: %s: router info ignored.\n",
1480 			  skb->dev->name);
1481 		goto skip_routeinfo;
1482 	}
1483 
1484 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1485 		struct nd_opt_hdr *p;
1486 		for (p = ndopts.nd_opts_ri;
1487 		     p;
1488 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1489 			struct route_info *ri = (struct route_info *)p;
1490 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1491 			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1492 			    ri->prefix_len == 0)
1493 				continue;
1494 #endif
1495 			if (ri->prefix_len == 0 &&
1496 			    !in6_dev->cnf.accept_ra_defrtr)
1497 				continue;
1498 			if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1499 				continue;
1500 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1501 				continue;
1502 			rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1503 				      &ipv6_hdr(skb)->saddr);
1504 		}
1505 	}
1506 
1507 skip_routeinfo:
1508 #endif
1509 
1510 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1511 	/* skip link-specific ndopts from interior routers */
1512 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1513 		ND_PRINTK(2, info,
1514 			  "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1515 			  __func__, skb->dev->name);
1516 		goto out;
1517 	}
1518 #endif
1519 
1520 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1521 		struct nd_opt_hdr *p;
1522 		for (p = ndopts.nd_opts_pi;
1523 		     p;
1524 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1525 			addrconf_prefix_rcv(skb->dev, (u8 *)p,
1526 					    (p->nd_opt_len) << 3,
1527 					    ndopts.nd_opts_src_lladdr != NULL);
1528 		}
1529 	}
1530 
1531 	if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1532 		__be32 n;
1533 		u32 mtu;
1534 
1535 		memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1536 		mtu = ntohl(n);
1537 
1538 		if (in6_dev->ra_mtu != mtu) {
1539 			in6_dev->ra_mtu = mtu;
1540 			send_ifinfo_notify = true;
1541 		}
1542 
1543 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1544 			ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1545 		} else if (in6_dev->cnf.mtu6 != mtu) {
1546 			in6_dev->cnf.mtu6 = mtu;
1547 			fib6_metric_set(rt, RTAX_MTU, mtu);
1548 			rt6_mtu_change(skb->dev, mtu);
1549 		}
1550 	}
1551 
1552 	if (ndopts.nd_useropts) {
1553 		struct nd_opt_hdr *p;
1554 		for (p = ndopts.nd_useropts;
1555 		     p;
1556 		     p = ndisc_next_useropt(skb->dev, p,
1557 					    ndopts.nd_useropts_end)) {
1558 			ndisc_ra_useropt(skb, p);
1559 		}
1560 	}
1561 
1562 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1563 		ND_PRINTK(2, warn, "RA: invalid RA options\n");
1564 	}
1565 out:
1566 	/* Send a notify if RA changed managed/otherconf flags or
1567 	 * timer settings or ra_mtu value
1568 	 */
1569 	if (send_ifinfo_notify)
1570 		inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1571 
1572 	fib6_info_release(rt);
1573 	if (neigh)
1574 		neigh_release(neigh);
1575 }
1576 
1577 static void ndisc_redirect_rcv(struct sk_buff *skb)
1578 {
1579 	u8 *hdr;
1580 	struct ndisc_options ndopts;
1581 	struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1582 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1583 				    offsetof(struct rd_msg, opt));
1584 
1585 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1586 	switch (skb->ndisc_nodetype) {
1587 	case NDISC_NODETYPE_HOST:
1588 	case NDISC_NODETYPE_NODEFAULT:
1589 		ND_PRINTK(2, warn,
1590 			  "Redirect: from host or unauthorized router\n");
1591 		return;
1592 	}
1593 #endif
1594 
1595 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1596 		ND_PRINTK(2, warn,
1597 			  "Redirect: source address is not link-local\n");
1598 		return;
1599 	}
1600 
1601 	if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1602 		return;
1603 
1604 	if (!ndopts.nd_opts_rh) {
1605 		ip6_redirect_no_header(skb, dev_net(skb->dev),
1606 					skb->dev->ifindex);
1607 		return;
1608 	}
1609 
1610 	hdr = (u8 *)ndopts.nd_opts_rh;
1611 	hdr += 8;
1612 	if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1613 		return;
1614 
1615 	icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1616 }
1617 
1618 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1619 					   struct sk_buff *orig_skb,
1620 					   int rd_len)
1621 {
1622 	u8 *opt = skb_put(skb, rd_len);
1623 
1624 	memset(opt, 0, 8);
1625 	*(opt++) = ND_OPT_REDIRECT_HDR;
1626 	*(opt++) = (rd_len >> 3);
1627 	opt += 6;
1628 
1629 	skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1630 		      rd_len - 8);
1631 }
1632 
1633 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1634 {
1635 	struct net_device *dev = skb->dev;
1636 	struct net *net = dev_net(dev);
1637 	struct sock *sk = net->ipv6.ndisc_sk;
1638 	int optlen = 0;
1639 	struct inet_peer *peer;
1640 	struct sk_buff *buff;
1641 	struct rd_msg *msg;
1642 	struct in6_addr saddr_buf;
1643 	struct rt6_info *rt;
1644 	struct dst_entry *dst;
1645 	struct flowi6 fl6;
1646 	int rd_len;
1647 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1648 	   ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1649 	bool ret;
1650 
1651 	if (netif_is_l3_master(skb->dev)) {
1652 		dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1653 		if (!dev)
1654 			return;
1655 	}
1656 
1657 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1658 		ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1659 			  dev->name);
1660 		return;
1661 	}
1662 
1663 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1664 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1665 		ND_PRINTK(2, warn,
1666 			  "Redirect: target address is not link-local unicast\n");
1667 		return;
1668 	}
1669 
1670 	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1671 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1672 
1673 	dst = ip6_route_output(net, NULL, &fl6);
1674 	if (dst->error) {
1675 		dst_release(dst);
1676 		return;
1677 	}
1678 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1679 	if (IS_ERR(dst))
1680 		return;
1681 
1682 	rt = (struct rt6_info *) dst;
1683 
1684 	if (rt->rt6i_flags & RTF_GATEWAY) {
1685 		ND_PRINTK(2, warn,
1686 			  "Redirect: destination is not a neighbour\n");
1687 		goto release;
1688 	}
1689 	peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1690 	ret = inet_peer_xrlim_allow(peer, 1*HZ);
1691 	if (peer)
1692 		inet_putpeer(peer);
1693 	if (!ret)
1694 		goto release;
1695 
1696 	if (dev->addr_len) {
1697 		struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1698 		if (!neigh) {
1699 			ND_PRINTK(2, warn,
1700 				  "Redirect: no neigh for target address\n");
1701 			goto release;
1702 		}
1703 
1704 		read_lock_bh(&neigh->lock);
1705 		if (neigh->nud_state & NUD_VALID) {
1706 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1707 			read_unlock_bh(&neigh->lock);
1708 			ha = ha_buf;
1709 			optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1710 								ops_data_buf,
1711 								&ops_data);
1712 		} else
1713 			read_unlock_bh(&neigh->lock);
1714 
1715 		neigh_release(neigh);
1716 	}
1717 
1718 	rd_len = min_t(unsigned int,
1719 		       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1720 		       skb->len + 8);
1721 	rd_len &= ~0x7;
1722 	optlen += rd_len;
1723 
1724 	buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1725 	if (!buff)
1726 		goto release;
1727 
1728 	msg = skb_put(buff, sizeof(*msg));
1729 	*msg = (struct rd_msg) {
1730 		.icmph = {
1731 			.icmp6_type = NDISC_REDIRECT,
1732 		},
1733 		.target = *target,
1734 		.dest = ipv6_hdr(skb)->daddr,
1735 	};
1736 
1737 	/*
1738 	 *	include target_address option
1739 	 */
1740 
1741 	if (ha)
1742 		ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1743 
1744 	/*
1745 	 *	build redirect option and copy skb over to the new packet.
1746 	 */
1747 
1748 	if (rd_len)
1749 		ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1750 
1751 	skb_dst_set(buff, dst);
1752 	ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1753 	return;
1754 
1755 release:
1756 	dst_release(dst);
1757 }
1758 
1759 static void pndisc_redo(struct sk_buff *skb)
1760 {
1761 	ndisc_recv_ns(skb);
1762 	kfree_skb(skb);
1763 }
1764 
1765 static int ndisc_is_multicast(const void *pkey)
1766 {
1767 	return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1768 }
1769 
1770 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1771 {
1772 	struct inet6_dev *idev = __in6_dev_get(skb->dev);
1773 
1774 	if (!idev)
1775 		return true;
1776 	if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1777 	    idev->cnf.suppress_frag_ndisc) {
1778 		net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1779 		return true;
1780 	}
1781 	return false;
1782 }
1783 
1784 int ndisc_rcv(struct sk_buff *skb)
1785 {
1786 	struct nd_msg *msg;
1787 
1788 	if (ndisc_suppress_frag_ndisc(skb))
1789 		return 0;
1790 
1791 	if (skb_linearize(skb))
1792 		return 0;
1793 
1794 	msg = (struct nd_msg *)skb_transport_header(skb);
1795 
1796 	__skb_push(skb, skb->data - skb_transport_header(skb));
1797 
1798 	if (ipv6_hdr(skb)->hop_limit != 255) {
1799 		ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1800 			  ipv6_hdr(skb)->hop_limit);
1801 		return 0;
1802 	}
1803 
1804 	if (msg->icmph.icmp6_code != 0) {
1805 		ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1806 			  msg->icmph.icmp6_code);
1807 		return 0;
1808 	}
1809 
1810 	switch (msg->icmph.icmp6_type) {
1811 	case NDISC_NEIGHBOUR_SOLICITATION:
1812 		memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1813 		ndisc_recv_ns(skb);
1814 		break;
1815 
1816 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1817 		ndisc_recv_na(skb);
1818 		break;
1819 
1820 	case NDISC_ROUTER_SOLICITATION:
1821 		ndisc_recv_rs(skb);
1822 		break;
1823 
1824 	case NDISC_ROUTER_ADVERTISEMENT:
1825 		ndisc_router_discovery(skb);
1826 		break;
1827 
1828 	case NDISC_REDIRECT:
1829 		ndisc_redirect_rcv(skb);
1830 		break;
1831 	}
1832 
1833 	return 0;
1834 }
1835 
1836 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1837 {
1838 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1839 	struct netdev_notifier_change_info *change_info;
1840 	struct net *net = dev_net(dev);
1841 	struct inet6_dev *idev;
1842 	bool evict_nocarrier;
1843 
1844 	switch (event) {
1845 	case NETDEV_CHANGEADDR:
1846 		neigh_changeaddr(&nd_tbl, dev);
1847 		fib6_run_gc(0, net, false);
1848 		fallthrough;
1849 	case NETDEV_UP:
1850 		idev = in6_dev_get(dev);
1851 		if (!idev)
1852 			break;
1853 		if (idev->cnf.ndisc_notify ||
1854 		    net->ipv6.devconf_all->ndisc_notify)
1855 			ndisc_send_unsol_na(dev);
1856 		in6_dev_put(idev);
1857 		break;
1858 	case NETDEV_CHANGE:
1859 		idev = in6_dev_get(dev);
1860 		if (!idev)
1861 			evict_nocarrier = true;
1862 		else {
1863 			evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1864 					  net->ipv6.devconf_all->ndisc_evict_nocarrier;
1865 			in6_dev_put(idev);
1866 		}
1867 
1868 		change_info = ptr;
1869 		if (change_info->flags_changed & IFF_NOARP)
1870 			neigh_changeaddr(&nd_tbl, dev);
1871 		if (evict_nocarrier && !netif_carrier_ok(dev))
1872 			neigh_carrier_down(&nd_tbl, dev);
1873 		break;
1874 	case NETDEV_DOWN:
1875 		neigh_ifdown(&nd_tbl, dev);
1876 		fib6_run_gc(0, net, false);
1877 		break;
1878 	case NETDEV_NOTIFY_PEERS:
1879 		ndisc_send_unsol_na(dev);
1880 		break;
1881 	default:
1882 		break;
1883 	}
1884 
1885 	return NOTIFY_DONE;
1886 }
1887 
1888 static struct notifier_block ndisc_netdev_notifier = {
1889 	.notifier_call = ndisc_netdev_event,
1890 	.priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1891 };
1892 
1893 #ifdef CONFIG_SYSCTL
1894 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1895 					 const char *func, const char *dev_name)
1896 {
1897 	static char warncomm[TASK_COMM_LEN];
1898 	static int warned;
1899 	if (strcmp(warncomm, current->comm) && warned < 5) {
1900 		strcpy(warncomm, current->comm);
1901 		pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1902 			warncomm, func,
1903 			dev_name, ctl->procname,
1904 			dev_name, ctl->procname);
1905 		warned++;
1906 	}
1907 }
1908 
1909 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1910 		size_t *lenp, loff_t *ppos)
1911 {
1912 	struct net_device *dev = ctl->extra1;
1913 	struct inet6_dev *idev;
1914 	int ret;
1915 
1916 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1917 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1918 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1919 
1920 	if (strcmp(ctl->procname, "retrans_time") == 0)
1921 		ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1922 
1923 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1924 		ret = neigh_proc_dointvec_jiffies(ctl, write,
1925 						  buffer, lenp, ppos);
1926 
1927 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1928 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1929 		ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1930 						     buffer, lenp, ppos);
1931 	else
1932 		ret = -1;
1933 
1934 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1935 		if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1936 			idev->nd_parms->reachable_time =
1937 					neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1938 		idev->tstamp = jiffies;
1939 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1940 		in6_dev_put(idev);
1941 	}
1942 	return ret;
1943 }
1944 
1945 
1946 #endif
1947 
1948 static int __net_init ndisc_net_init(struct net *net)
1949 {
1950 	struct ipv6_pinfo *np;
1951 	struct sock *sk;
1952 	int err;
1953 
1954 	err = inet_ctl_sock_create(&sk, PF_INET6,
1955 				   SOCK_RAW, IPPROTO_ICMPV6, net);
1956 	if (err < 0) {
1957 		ND_PRINTK(0, err,
1958 			  "NDISC: Failed to initialize the control socket (err %d)\n",
1959 			  err);
1960 		return err;
1961 	}
1962 
1963 	net->ipv6.ndisc_sk = sk;
1964 
1965 	np = inet6_sk(sk);
1966 	np->hop_limit = 255;
1967 	/* Do not loopback ndisc messages */
1968 	np->mc_loop = 0;
1969 
1970 	return 0;
1971 }
1972 
1973 static void __net_exit ndisc_net_exit(struct net *net)
1974 {
1975 	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1976 }
1977 
1978 static struct pernet_operations ndisc_net_ops = {
1979 	.init = ndisc_net_init,
1980 	.exit = ndisc_net_exit,
1981 };
1982 
1983 int __init ndisc_init(void)
1984 {
1985 	int err;
1986 
1987 	err = register_pernet_subsys(&ndisc_net_ops);
1988 	if (err)
1989 		return err;
1990 	/*
1991 	 * Initialize the neighbour table
1992 	 */
1993 	neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1994 
1995 #ifdef CONFIG_SYSCTL
1996 	err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1997 				    ndisc_ifinfo_sysctl_change);
1998 	if (err)
1999 		goto out_unregister_pernet;
2000 out:
2001 #endif
2002 	return err;
2003 
2004 #ifdef CONFIG_SYSCTL
2005 out_unregister_pernet:
2006 	unregister_pernet_subsys(&ndisc_net_ops);
2007 	goto out;
2008 #endif
2009 }
2010 
2011 int __init ndisc_late_init(void)
2012 {
2013 	return register_netdevice_notifier(&ndisc_netdev_notifier);
2014 }
2015 
2016 void ndisc_late_cleanup(void)
2017 {
2018 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
2019 }
2020 
2021 void ndisc_cleanup(void)
2022 {
2023 #ifdef CONFIG_SYSCTL
2024 	neigh_sysctl_unregister(&nd_tbl.parms);
2025 #endif
2026 	neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2027 	unregister_pernet_subsys(&ndisc_net_ops);
2028 }
2029