 @@ -1,1204 +1,1200 @@
-/*	$NetBSD: ip6_input.c,v 1.155 2016/02/04 02:48:37 riastradh Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.156 2016/04/01 05:11:38 ozaki-r Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1982, 1986, 1988, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.155 2016/02/04 02:48:37 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.156 2016/04/01 05:11:38 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
 #include "opt_compat_netbsd.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/domain.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
 #include <sys/time.h>
 #include <sys/kernel.h>
 #include <sys/syslog.h>
 #include <sys/proc.h>
 #include <sys/sysctl.h>
 #include <sys/cprng.h>
 #include <net/if.h>
 #include <net/if_types.h>
 #include <net/if_dl.h>
 #include <net/route.h>
 #include <net/pktqueue.h>
 #include <net/pfil.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #ifdef INET
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip_icmp.h>
 #endif /* INET */
 #include <netinet/ip6.h>
 #include <netinet/portalgo.h>
 #include <netinet6/in6_var.h>
 #include <netinet6/ip6_var.h>
 #include <netinet6/ip6_private.h>
 #include <netinet6/in6_pcb.h>
 #include <netinet/icmp6.h>
 #include <netinet6/scope6_var.h>
 #include <netinet6/in6_ifattach.h>
 #include <netinet6/nd6.h>
 #ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
 #endif /* IPSEC */
 #ifdef COMPAT_50
 #include <compat/sys/time.h>
 #include <compat/sys/socket.h>
 #endif
 #include <netinet6/ip6protosw.h>
 #include "faith.h"
 #include <net/net_osdep.h>
 extern struct domain inet6domain;
 u_char ip6_protox[IPPROTO_MAX];
 struct in6_ifaddr *in6_ifaddr;
 pktqueue_t *ip6_pktq __read_mostly;
 int ip6_forward_srcrt;			/* XXX */
 int ip6_sourcecheck;			/* XXX */
 int ip6_sourcecheck_interval;		/* XXX */
 pfil_head_t *inet6_pfil_hook;
 percpu_t *ip6stat_percpu;
-static void ip6_init2(void *);
+static void ip6_init2(void);
 static void ip6intr(void *);
 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *);
 static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *,
 	u_int32_t *);
 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
 static void sysctl_net_inet6_ip6_setup(struct sysctllog **);
 /*
  * IP6 initialization: fill in IP6 protocol switch table.
  * All protocols not implemented in kernel go to raw IP6 protocol handler.
  */
 void
 ip6_init(void)
+{
 	const struct ip6protosw *pr;
 	int i;
 	sysctl_net_inet6_ip6_setup(NULL);
 	pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
 	if (pr == 0)
 		panic("ip6_init");
 	for (i = 0; i < IPPROTO_MAX; i++)
 		ip6_protox[i] = pr - inet6sw;
 	for (pr = (const struct ip6protosw *)inet6domain.dom_protosw;
 	    pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++)
 		if (pr->pr_domain->dom_family == PF_INET6 &&
 		    pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
 			ip6_protox[pr->pr_protocol] = pr - inet6sw;
 	ip6_pktq = pktq_create(IFQ_MAXLEN, ip6intr, NULL);
 	KASSERT(ip6_pktq != NULL);
 	scope6_init();
 	addrsel_policy_init();
 	nd6_init();
 	frag6_init();
 	ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR;
-	ip6_init2(NULL);
+	ip6_init2();
 #ifdef GATEWAY
 	ip6flow_init(ip6_hashsize);
 #endif
 	/* Register our Packet Filter hook. */
 	inet6_pfil_hook = pfil_head_create(PFIL_TYPE_AF, (void *)AF_INET6);
 	KASSERT(inet6_pfil_hook != NULL);
 	ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS);
+}
 static void
-ip6_init2(void *dummy)
+ip6_init2(void)
+{
 	/* nd6_timer_init */
 	callout_init(&nd6_timer_ch, CALLOUT_MPSAFE);
 	callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL);
 	/* timer for regeneranation of temporary addresses randomize ID */
 	callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE);
 	callout_reset(&in6_tmpaddrtimer_ch,
 		      (ip6_temp_preferred_lifetime - ip6_desync_factor -
 		       ip6_temp_regen_advance) * hz,
 		      in6_tmpaddrtimer, NULL);
+}
 /*
  * IP6 input interrupt handling. Just pass the packet to ip6_input.
  */
 static void
 ip6intr(void *arg __unused)
+{
 	struct mbuf *m;
 	mutex_enter(softnet_lock);
 	while ((m = pktq_dequeue(ip6_pktq)) != NULL) {
 		const ifnet_t *ifp = m->m_pkthdr.rcvif;
 		/*
 		 * Drop the packet if IPv6 is disabled on the interface.
 		 */
 		if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) {
 			m_freem(m);
 			continue;
+		}
 		ip6_input(m);
+	}
 	mutex_exit(softnet_lock);
+}
 extern struct	route ip6_forward_rt;
 void
 ip6_input(struct mbuf *m)
+{
 	struct ip6_hdr *ip6;
 	int hit, off = sizeof(struct ip6_hdr), nest;
 	u_int32_t plen;
 	u_int32_t rtalert = ~0;
 	int nxt, ours = 0, rh_present = 0;
 	struct ifnet *deliverifp = NULL;
 	int srcrt = 0;
 	const struct rtentry *rt;
 	union {
 		struct sockaddr		dst;
 		struct sockaddr_in6	dst6;
 	} u;
 	/*
 	 * make sure we don't have onion peering information into m_tag.
 	 */
 	ip6_delaux(m);
 	/*
 	 * mbuf statistics
 	 */
 	if (m->m_flags & M_EXT) {
 		if (m->m_next)
 			IP6_STATINC(IP6_STAT_MEXT2M);
 		else
 			IP6_STATINC(IP6_STAT_MEXT1);
 	} else {
 #define M2MMAX	32
 		if (m->m_next) {
 			if (m->m_flags & M_LOOP) {
 			/*XXX*/	IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index);
 			} else if (m->m_pkthdr.rcvif->if_index < M2MMAX) {
 				IP6_STATINC(IP6_STAT_M2M +
 					    m->m_pkthdr.rcvif->if_index);
 			} else
 				IP6_STATINC(IP6_STAT_M2M);
 		} else
 			IP6_STATINC(IP6_STAT_M1);
 #undef M2MMAX
+	}
 	in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive);
 	IP6_STATINC(IP6_STAT_TOTAL);
 	/*
 	 * If the IPv6 header is not aligned, slurp it up into a new
 	 * mbuf with space for link headers, in the event we forward
 	 * it.  Otherwise, if it is aligned, make sure the entire base
 	 * IPv6 header is in the first mbuf of the chain.
 	 */
 	if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) {
 		struct ifnet *inifp = m->m_pkthdr.rcvif;
 		if ((m = m_copyup(m, sizeof(struct ip6_hdr),
 				  (max_linkhdr + 3) & ~3)) == NULL) {
 			/* XXXJRT new stat, please */
 			IP6_STATINC(IP6_STAT_TOOSMALL);
 			in6_ifstat_inc(inifp, ifs6_in_hdrerr);
 			return;
+		}
 	} else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
 		struct ifnet *inifp = m->m_pkthdr.rcvif;
 		if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
 			IP6_STATINC(IP6_STAT_TOOSMALL);
 			in6_ifstat_inc(inifp, ifs6_in_hdrerr);
 			return;
+		}
+	}
 	ip6 = mtod(m, struct ip6_hdr *);
 	if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
 		IP6_STATINC(IP6_STAT_BADVERS);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
 		goto bad;
+	}
 	/*
 	 * Assume that we can create a fast-forward IP flow entry
 	 * based on this packet.
 	 */
 	m->m_flags |= M_CANFASTFWD;
 	/*
 	 * Run through list of hooks for input packets.  If there are any
 	 * filters which require that additional packets in the flow are
 	 * not fast-forwarded, they must clear the M_CANFASTFWD flag.
 	 * Note that filters must _never_ set this flag, as another filter
 	 * in the list may have previously cleared it.
 	 */
 	/*
 	 * let ipfilter look at packet on the wire,
 	 * not the decapsulated packet.
 	 */
 #if defined(IPSEC)
 	if (!ipsec_used || !ipsec_indone(m))
 #else
 	if (1)
 #endif
+	{
 		struct in6_addr odst;
 		odst = ip6->ip6_dst;
 		if (pfil_run_hooks(inet6_pfil_hook, &m, m->m_pkthdr.rcvif,
 				   PFIL_IN) != 0)
 			return;
 		if (m == NULL)
 			return;
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
+	}
 	IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt);
 #ifdef ALTQ
 	if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {
 		/* packet is dropped by traffic conditioner */
 		return;
+	}
 #endif
 	/*
 	 * Check against address spoofing/corruption.
 	 */
 	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
 		/*
 		 * XXX: "badscope" is not very suitable for a multicast source.
 		 */
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
+	}
 	/*
 	 * The following check is not documented in specs.  A malicious
 	 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack
 	 * and bypass security checks (act as if it was from 127.0.0.1 by using
 	 * IPv6 src ::ffff:127.0.0.1).  Be cautious.
+	 *
 	 * This check chokes if we are in an SIIT cloud.  As none of BSDs
 	 * support IPv4-less kernel compilation, we cannot support SIIT
 	 * environment at all.  So, it makes more sense for us to reject any
 	 * malicious packets for non-SIIT environment, than try to do a
 	 * partial support for SIIT environment.
 	 */
 	if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
+	}
 #if 0
 	/*
 	 * Reject packets with IPv4 compatible addresses (auto tunnel).
+	 *
 	 * The code forbids auto tunnel relay case in RFC1933 (the check is
 	 * stronger than RFC1933).  We may want to re-enable it if mech-xx
 	 * is revised to forbid relaying case.
 	 */
 	if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
+	}
 #endif
 	/*
 	 * Disambiguate address scope zones (if there is ambiguity).
 	 * We first make sure that the original source or destination address
 	 * is not in our internal form for scoped addresses.  Such addresses
 	 * are not necessarily invalid spec-wise, but we cannot accept them due
 	 * to the usage conflict.
 	 * in6_setscope() then also checks and rejects the cases where src or
 	 * dst are the loopback address and the receiving interface
 	 * is not loopback.
 	 */
 	if (__predict_false(
 	    m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT)))
 		goto bad;
 	ip6 = mtod(m, struct ip6_hdr *);
 	if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);	/* XXX */
 		goto bad;
+	}
 	if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) ||
 	    in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		goto bad;
+	}
 	/*
 	 * Multicast check
 	 */
 	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
 	  	struct	in6_multi *in6m = 0;
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast);
 		/*
 		 * See if we belong to the destination multicast group on the
 		 * arrival interface.
 		 */
 		IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m);
 		if (in6m)
 			ours = 1;
 		else if (!ip6_mrouter) {
 			uint64_t *ip6s = IP6_STAT_GETREF();
 			ip6s[IP6_STAT_NOTMEMBER]++;
 			ip6s[IP6_STAT_CANTFORWARD]++;
 			IP6_STAT_PUTREF();
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
 			goto bad;
+		}
 		deliverifp = m->m_pkthdr.rcvif;
 		goto hbhcheck;
+	}
 	sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0);
 	/*
 	 *  Unicast check
 	 */
 	rt = rtcache_lookup2(&ip6_forward_rt, &u.dst, 1, &hit);
 	if (hit)
 		IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT);
 	else
 		IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS);
 #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt))
 	/*
 	 * Accept the packet if the forwarding interface to the destination
 	 * according to the routing table is the loopback interface,
 	 * unless the associated route has a gateway.
 	 * Note that this approach causes to accept a packet if there is a
 	 * route to the loopback interface for the destination of the packet.
 	 * But we think it's even useful in some situations, e.g. when using
 	 * a special daemon which wants to intercept the packet.
 	 */
 	if (rt != NULL &&
 	    (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST &&
 	    !(rt->rt_flags & RTF_CLONED) &&
 #if 0
 	    /*
 	     * The check below is redundant since the comparison of
 	     * the destination and the key of the rtentry has
 	     * already done through looking up the routing table.
 	     */
 	    IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) &&
 #endif
 	    rt->rt_ifp->if_type == IFT_LOOP) {
 		struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa;
 		if (ia6->ia6_flags & IN6_IFF_ANYCAST)
 			m->m_flags |= M_ANYCAST6;
 		/*
 		 * packets to a tentative, duplicated, or somehow invalid
 		 * address must not be accepted.
 		 */
 		if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) {
 			/* this address is ready */
 			ours = 1;
 			deliverifp = ia6->ia_ifp;	/* correct? */
 			goto hbhcheck;
 		} else {
 			/* address is not ready, so discard the packet. */
 			nd6log((LOG_INFO,
 			    "ip6_input: packet to an unready address %s->%s\n",
 			    ip6_sprintf(&ip6->ip6_src),
 			    ip6_sprintf(&ip6->ip6_dst)));
 			goto bad;
+		}
+	}
 	/*
 	 * FAITH (Firewall Aided Internet Translator)
 	 */
 #if defined(NFAITH) && 0 < NFAITH
 	if (ip6_keepfaith) {
 		if (rt != NULL && rt->rt_ifp != NULL &&
 		    rt->rt_ifp->if_type == IFT_FAITH) {
 			/* XXX do we need more sanity checks? */
 			ours = 1;
 			deliverifp = rt->rt_ifp; /* faith */
 			goto hbhcheck;
+		}
+	}
 #endif
 #if 0
+    {
 	/*
 	 * Last resort: check in6_ifaddr for incoming interface.
 	 * The code is here until I update the "goto ours hack" code above
 	 * working right.
 	 */
 	struct ifaddr *ifa;
 	IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) {
 		if (ifa->ifa_addr == NULL)
 			continue;	/* just for safety */
 		if (ifa->ifa_addr->sa_family != AF_INET6)
 			continue;
 		if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) {
 			ours = 1;
 			deliverifp = ifa->ifa_ifp;
 			goto hbhcheck;
+		}
+	}
+    }
 #endif
 	/*
 	 * Now there is no reason to process the packet if it's not our own
 	 * and we're not a router.
 	 */
 	if (!ip6_forwarding) {
 		IP6_STATINC(IP6_STAT_CANTFORWARD);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
 		goto bad;
+	}
   hbhcheck:
 	/*
 	 * record address information into m_tag, if we don't have one yet.
 	 * note that we are unable to record it, if the address is not listed
 	 * as our interface address (e.g. multicast addresses, addresses
 	 * within FAITH prefixes and such).
 	 */
 	if (deliverifp && ip6_getdstifaddr(m) == NULL) {
 		struct in6_ifaddr *ia6;
 		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
 		if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) {
 			/*
 			 * XXX maybe we should drop the packet here,
 			 * as we could not provide enough information
 			 * to the upper layers.
 			 */
+		}
+	}
 	/*
 	 * Process Hop-by-Hop options header if it's contained.
 	 * m may be modified in ip6_hopopts_input().
 	 * If a JumboPayload option is included, plen will also be modified.
 	 */
 	plen = (u_int32_t)ntohs(ip6->ip6_plen);
 	if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
 		struct ip6_hbh *hbh;
 		if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) {
 #if 0	/*touches NULL pointer*/
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
 #endif
 			return;	/* m have already been freed */
+		}
 		/* adjust pointer */
 		ip6 = mtod(m, struct ip6_hdr *);
 		/*
 		 * if the payload length field is 0 and the next header field
 		 * indicates Hop-by-Hop Options header, then a Jumbo Payload
 		 * option MUST be included.
 		 */
 		if (ip6->ip6_plen == 0 && plen == 0) {
 			/*
 			 * Note that if a valid jumbo payload option is
 			 * contained, ip6_hopopts_input() must set a valid
 			 * (non-zero) payload length to the variable plen.
 			 */
 			IP6_STATINC(IP6_STAT_BADOPTIONS);
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
 			icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    (char *)&ip6->ip6_plen - (char *)ip6);
 			return;
+		}
 		IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
 			sizeof(struct ip6_hbh));
 		if (hbh == NULL) {
 			IP6_STATINC(IP6_STAT_TOOSHORT);
 			return;
+		}
 		KASSERT(IP6_HDR_ALIGNED_P(hbh));
 		nxt = hbh->ip6h_nxt;
 		/*
 		 * accept the packet if a router alert option is included
 		 * and we act as an IPv6 router.
 		 */
 		if (rtalert != ~0 && ip6_forwarding)
 			ours = 1;
 	} else
 		nxt = ip6->ip6_nxt;
 	/*
 	 * Check that the amount of data in the buffers
 	 * is as at least much as the IPv6 header would have us expect.
 	 * Trim mbufs if longer than we expect.
 	 * Drop packet if shorter than we expect.
 	 */
 	if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
 		IP6_STATINC(IP6_STAT_TOOSHORT);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
 		goto bad;
+	}
 	if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
 		if (m->m_len == m->m_pkthdr.len) {
 			m->m_len = sizeof(struct ip6_hdr) + plen;
 			m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
 		} else
 			m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len);
+	}
 	/*
 	 * Forward if desirable.
 	 */
 	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
 		/*
 		 * If we are acting as a multicast router, all
 		 * incoming multicast packets are passed to the
 		 * kernel-level multicast forwarding function.
 		 * The packet is returned (relatively) intact; if
 		 * ip6_mforward() returns a non-zero value, the packet
 		 * must be discarded, else it may be accepted below.
 		 */
 		if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) {
 			IP6_STATINC(IP6_STAT_CANTFORWARD);
 			m_freem(m);
 			return;
+		}
 		if (!ours) {
 			m_freem(m);
 			return;
+		}
 	} else if (!ours) {
 		ip6_forward(m, srcrt);
 		return;
+	}
 	ip6 = mtod(m, struct ip6_hdr *);
 	/*
 	 * Malicious party may be able to use IPv4 mapped addr to confuse
 	 * tcp/udp stack and bypass security checks (act as if it was from
 	 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1).  Be cautious.
+	 *
 	 * For SIIT end node behavior, you may want to disable the check.
 	 * However, you will  become vulnerable to attacks using IPv4 mapped
 	 * source.
 	 */
 	if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
+	}
 	/*
 	 * Tell launch routine the next header
 	 */
 #ifdef IFA_STATS
 	if (deliverifp != NULL) {
 		struct in6_ifaddr *ia6;
 		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
 		if (ia6)
 			ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len;
+	}
 #endif
 	IP6_STATINC(IP6_STAT_DELIVERED);
 	in6_ifstat_inc(deliverifp, ifs6_in_deliver);
 	nest = 0;
 	rh_present = 0;
 	while (nxt != IPPROTO_DONE) {
 		if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
 			IP6_STATINC(IP6_STAT_TOOMANYHDR);
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
 			goto bad;
+		}
 		/*
 		 * protection against faulty packet - there should be
 		 * more sanity checks in header chain processing.
 		 */
 		if (m->m_pkthdr.len < off) {
 			IP6_STATINC(IP6_STAT_TOOSHORT);
 			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
 			goto bad;
+		}
 		if (nxt == IPPROTO_ROUTING) {
 			if (rh_present++) {
 				in6_ifstat_inc(m->m_pkthdr.rcvif,
 				    ifs6_in_hdrerr);
 				IP6_STATINC(IP6_STAT_BADOPTIONS);
 				goto bad;
+			}
+		}
 #ifdef IPSEC
 		if (ipsec_used) {
 			/*
 			 * enforce IPsec policy checking if we are seeing last
 			 * header. note that we do not visit this with
 			 * protocols with pcb layer code - like udp/tcp/raw ip.
 			 */
 			if ((inet6sw[ip_protox[nxt]].pr_flags
 			    & PR_LASTHDR) != 0) {
 				int error = ipsec6_input(m);
 				if (error)
 					goto bad;
+			}
+		}
 #endif /* IPSEC */
 		nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
+	}
 	return;
  bad:
 	m_freem(m);
+}
 /*
  * set/grab in6_ifaddr correspond to IPv6 destination address.
  */
 static struct m_tag *
 ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia)
+{
 	struct m_tag *mtag;
 	struct ip6aux *ip6a;
 	mtag = ip6_addaux(m);
 	if (mtag == NULL)
 		return NULL;
 	ip6a = (struct ip6aux *)(mtag + 1);
 	if (in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id)) {
 		IP6_STATINC(IP6_STAT_BADSCOPE);
 		return NULL;
+	}
 	ip6a->ip6a_src = ia->ia_addr.sin6_addr;
 	ip6a->ip6a_flags = ia->ia6_flags;
 	return mtag;
+}
 const struct ip6aux *
 ip6_getdstifaddr(struct mbuf *m)
+{
 	struct m_tag *mtag;
 	mtag = ip6_findaux(m);
 	if (mtag != NULL)
 		return (struct ip6aux *)(mtag + 1);
 	else
 		return NULL;
+}
 /*
  * Hop-by-Hop options header processing. If a valid jumbo payload option is
  * included, the real payload length will be stored in plenp.
+ *
  * rtalertp - XXX: should be stored more smart way
  */
 int
 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp,
 	struct mbuf **mp, int *offp)
+{
 	struct mbuf *m = *mp;
 	int off = *offp, hbhlen;
 	struct ip6_hbh *hbh;
 	/* validation of the length of the header */
 	IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m,
 		sizeof(struct ip6_hdr), sizeof(struct ip6_hbh));
 	if (hbh == NULL) {
 		IP6_STATINC(IP6_STAT_TOOSHORT);
 		return -1;
+	}
 	hbhlen = (hbh->ip6h_len + 1) << 3;
 	IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
 		hbhlen);
 	if (hbh == NULL) {
 		IP6_STATINC(IP6_STAT_TOOSHORT);
 		return -1;
+	}
 	KASSERT(IP6_HDR_ALIGNED_P(hbh));
 	off += hbhlen;
 	hbhlen -= sizeof(struct ip6_hbh);
 	if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh),
 				hbhlen, rtalertp, plenp) < 0)
 		return (-1);
 	*offp = off;
 	*mp = m;
 	return (0);
+}
 /*
  * Search header for all Hop-by-hop options and process each option.
  * This function is separate from ip6_hopopts_input() in order to
  * handle a case where the sending node itself process its hop-by-hop
  * options header. In such a case, the function is called from ip6_output().
+ *
  * The function assumes that hbh header is located right after the IPv6 header
  * (RFC2460 p7), opthead is pointer into data content in m, and opthead to
  * opthead + hbhlen is located in continuous memory region.
  */
 static int
 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen,
 	u_int32_t *rtalertp, u_int32_t *plenp)
+{
 	struct ip6_hdr *ip6;
 	int optlen = 0;
 	u_int8_t *opt = opthead;
 	u_int16_t rtalert_val;
 	u_int32_t jumboplen;
 	const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh);
 	for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) {
 		switch (*opt) {
 		case IP6OPT_PAD1:
 			optlen = 1;
 			break;
 		case IP6OPT_PADN:
 			if (hbhlen < IP6OPT_MINLEN) {
 				IP6_STATINC(IP6_STAT_TOOSMALL);
 				goto bad;
+			}
 			optlen = *(opt + 1) + 2;
 			break;
 		case IP6OPT_RTALERT:
 			/* XXX may need check for alignment */
 			if (hbhlen < IP6OPT_RTALERT_LEN) {
 				IP6_STATINC(IP6_STAT_TOOSMALL);
 				goto bad;
+			}
 			if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) {
 				/* XXX stat */
 				icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    erroff + opt + 1 - opthead);
 				return (-1);
+			}
 			optlen = IP6OPT_RTALERT_LEN;
 			memcpy((void *)&rtalert_val, (void *)(opt + 2), 2);
 			*rtalertp = ntohs(rtalert_val);
 			break;
 		case IP6OPT_JUMBO:
 			/* XXX may need check for alignment */
 			if (hbhlen < IP6OPT_JUMBO_LEN) {
 				IP6_STATINC(IP6_STAT_TOOSMALL);
 				goto bad;
+			}
 			if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) {
 				/* XXX stat */
 				icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    erroff + opt + 1 - opthead);
 				return (-1);
+			}
 			optlen = IP6OPT_JUMBO_LEN;
 			/*
 			 * IPv6 packets that have non 0 payload length
 			 * must not contain a jumbo payload option.
 			 */
 			ip6 = mtod(m, struct ip6_hdr *);
 			if (ip6->ip6_plen) {
 				IP6_STATINC(IP6_STAT_BADOPTIONS);
 				icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    erroff + opt - opthead);
 				return (-1);
+			}
 			/*
 			 * We may see jumbolen in unaligned location, so
 			 * we'd need to perform bcopy().
 			 */
 			memcpy(&jumboplen, opt + 2, sizeof(jumboplen));
 			jumboplen = (u_int32_t)htonl(jumboplen);
 #if 1
 			/*
 			 * if there are multiple jumbo payload options,
 			 * *plenp will be non-zero and the packet will be
 			 * rejected.
 			 * the behavior may need some debate in ipngwg -
 			 * multiple options does not make sense, however,
 			 * there's no explicit mention in specification.
 			 */
 			if (*plenp != 0) {
 				IP6_STATINC(IP6_STAT_BADOPTIONS);
 				icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    erroff + opt + 2 - opthead);
 				return (-1);
+			}
 #endif
 			/*
 			 * jumbo payload length must be larger than 65535.
 			 */
 			if (jumboplen <= IPV6_MAXPACKET) {
 				IP6_STATINC(IP6_STAT_BADOPTIONS);
 				icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_HEADER,
 				    erroff + opt + 2 - opthead);
 				return (-1);
+			}
 			*plenp = jumboplen;
 			break;
 		default:		/* unknown option */
 			if (hbhlen < IP6OPT_MINLEN) {
 				IP6_STATINC(IP6_STAT_TOOSMALL);
 				goto bad;
+			}
 			optlen = ip6_unknown_opt(opt, m,
 			    erroff + opt - opthead);
 			if (optlen == -1)
 				return (-1);
 			optlen += 2;
 			break;
+		}
+	}
 	return (0);
   bad:
 	m_freem(m);
 	return (-1);
+}
 /*
  * Unknown option processing.
  * The third argument `off' is the offset from the IPv6 header to the option,
  * which is necessary if the IPv6 header the and option header and IPv6 header
  * is not continuous in order to return an ICMPv6 error.
  */
 int
 ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off)
+{
 	struct ip6_hdr *ip6;
 	switch (IP6OPT_TYPE(*optp)) {
 	case IP6OPT_TYPE_SKIP: /* ignore the option */
 		return ((int)*(optp + 1));
 	case IP6OPT_TYPE_DISCARD:	/* silently discard */
 		m_freem(m);
 		return (-1);
 	case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */
 		IP6_STATINC(IP6_STAT_BADOPTIONS);
 		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off);
 		return (-1);
 	case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */
 		IP6_STATINC(IP6_STAT_BADOPTIONS);
 		ip6 = mtod(m, struct ip6_hdr *);
 		if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
 		    (m->m_flags & (M_BCAST|M_MCAST)))
 			m_freem(m);
 		else
 			icmp6_error(m, ICMP6_PARAM_PROB,
 				    ICMP6_PARAMPROB_OPTION, off);
 		return (-1);
+	}
 	m_freem(m);		/* XXX: NOTREACHED */
 	return (-1);
+}
 /*
  * Create the "control" list for this pcb.
+ *
  * The routine will be called from upper layer handlers like tcp6_input().
  * Thus the routine assumes that the caller (tcp6_input) have already
  * called IP6_EXTHDR_CHECK() and all the extension headers are located in the
  * very first mbuf on the mbuf chain.
  * We may want to add some infinite loop prevention or sanity checks for safety.
  * (This applies only when you are using KAME mbuf chain restriction, i.e.
  * you are using IP6_EXTHDR_CHECK() not m_pulldown())
  */
 void
 ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp,
 	struct ip6_hdr *ip6, struct mbuf *m)
+{
 #ifdef RFC2292
 #define IS2292(x, y)	((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
 #else
 #define IS2292(x, y)	(y)
 #endif
 	if (in6p->in6p_socket->so_options & SO_TIMESTAMP
 #ifdef SO_OTIMESTAMP
 	    || in6p->in6p_socket->so_options & SO_OTIMESTAMP
 #endif
 	) {
 		struct timeval tv;
 		microtime(&tv);
 #ifdef SO_OTIMESTAMP
 		if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) {
 			struct timeval50 tv50;
 			timeval_to_timeval50(&tv, &tv50);
 			*mp = sbcreatecontrol((void *) &tv50, sizeof(tv50),
 			    SCM_OTIMESTAMP, SOL_SOCKET);
 		} else
 #endif
 		*mp = sbcreatecontrol((void *) &tv, sizeof(tv),
 		    SCM_TIMESTAMP, SOL_SOCKET);
 		if (*mp)
 			mp = &(*mp)->m_next;
+	}
 	/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */
 	if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
 		return;
 	/* RFC 2292 sec. 5 */
 	if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) {
 		struct in6_pktinfo pi6;
 		memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr));
 		in6_clearscope(&pi6.ipi6_addr);	/* XXX */
 		pi6.ipi6_ifindex = m->m_pkthdr.rcvif ?
 		    m->m_pkthdr.rcvif->if_index : 0;
 		*mp = sbcreatecontrol((void *) &pi6,
 		    sizeof(struct in6_pktinfo),
 		    IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6);
 		if (*mp)
 			mp = &(*mp)->m_next;
+	}
 	if (in6p->in6p_flags & IN6P_HOPLIMIT) {
 		int hlim = ip6->ip6_hlim & 0xff;
 		*mp = sbcreatecontrol((void *) &hlim, sizeof(int),
 		    IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6);
 		if (*mp)
 			mp = &(*mp)->m_next;
+	}
 	if ((in6p->in6p_flags & IN6P_TCLASS) != 0) {
 		u_int32_t flowinfo;
 		int tclass;
 		flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK);
 		flowinfo >>= 20;
 		tclass = flowinfo & 0xff;
 		*mp = sbcreatecontrol((void *)&tclass, sizeof(tclass),
 		    IPV6_TCLASS, IPPROTO_IPV6);
 		if (*mp)
 			mp = &(*mp)->m_next;
+	}
 	/*
 	 * IPV6_HOPOPTS socket option.  Recall that we required super-user
 	 * privilege for the option (see ip6_ctloutput), but it might be too
 	 * strict, since there might be some hop-by-hop options which can be
 	 * returned to normal user.
 	 * See also RFC3542 section 8 (or RFC2292 section 6).
 	 */
 	if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) {
 		/*
 		 * Check if a hop-by-hop options header is contatined in the
 		 * received packet, and if so, store the options as ancillary
 		 * data. Note that a hop-by-hop options header must be
 		 * just after the IPv6 header, which fact is assured through
 		 * the IPv6 input processing.
 		 */
 		struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *);
 		if (xip6->ip6_nxt == IPPROTO_HOPOPTS) {
 			struct ip6_hbh *hbh;
 			int hbhlen;
 			struct mbuf *ext;
 			ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr),
 			    xip6->ip6_nxt);
 			if (ext == NULL) {
 				IP6_STATINC(IP6_STAT_TOOSHORT);
 				return;
+			}
 			hbh = mtod(ext, struct ip6_hbh *);
 			hbhlen = (hbh->ip6h_len + 1) << 3;
 			if (hbhlen != ext->m_len) {
 				m_freem(ext);
 				IP6_STATINC(IP6_STAT_TOOSHORT);
 				return;
+			}
 			/*
 			 * XXX: We copy whole the header even if a jumbo
 			 * payload option is included, which option is to
 			 * be removed before returning in the RFC 2292.
 			 * Note: this constraint is removed in RFC3542.
 			 */
 			*mp = sbcreatecontrol((void *)hbh, hbhlen,
 			    IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS),
 			    IPPROTO_IPV6);
 			if (*mp)
 				mp = &(*mp)->m_next;
 			m_freem(ext);
+		}
+	}
 	/* IPV6_DSTOPTS and IPV6_RTHDR socket options */
 	if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) {
 		struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *);
 		int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr);
 		/*
 		 * Search for destination options headers or routing
 		 * header(s) through the header chain, and stores each
 		 * header as ancillary data.
 		 * Note that the order of the headers remains in
 		 * the chain of ancillary data.
 		 */
 		for (;;) {	/* is explicit loop prevention necessary? */
 			struct ip6_ext *ip6e = NULL;
 			int elen;
 			struct mbuf *ext = NULL;
 			/*
 			 * if it is not an extension header, don't try to
 			 * pull it from the chain.
 			 */
 			switch (nxt) {
 			case IPPROTO_DSTOPTS:
 			case IPPROTO_ROUTING:
 			case IPPROTO_HOPOPTS:
 			case IPPROTO_AH: /* is it possible? */
 				break;
 			default:
 				goto loopend;
+			}
 			ext = ip6_pullexthdr(m, off, nxt);
 			if (ext == NULL) {
 				IP6_STATINC(IP6_STAT_TOOSHORT);
 				return;
+			}
 			ip6e = mtod(ext, struct ip6_ext *);
 			if (nxt == IPPROTO_AH)
 				elen = (ip6e->ip6e_len + 2) << 2;
 			else
 				elen = (ip6e->ip6e_len + 1) << 3;
 			if (elen != ext->m_len) {
 				m_freem(ext);
 				IP6_STATINC(IP6_STAT_TOOSHORT);
 				return;
+			}
 			KASSERT(IP6_HDR_ALIGNED_P(ip6e));
 			switch (nxt) {
 			case IPPROTO_DSTOPTS:
 				if (!(in6p->in6p_flags & IN6P_DSTOPTS))

 @@ -1,1594 +1,1588 @@
-/*	$NetBSD: nd6.c,v 1.185 2016/02/04 02:48:37 riastradh Exp $	*/
+/*	$NetBSD: nd6.c,v 1.186 2016/04/01 05:11:38 ozaki-r Exp $	*/
 /*	$KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.185 2016/02/04 02:48:37 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.186 2016/04/01 05:11:38 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_net_mpsafe.h"
 #endif
 #include "bridge.h"
 #include "carp.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/callout.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/sockio.h>
 #include <sys/time.h>
 #include <sys/kernel.h>
 #include <sys/protosw.h>
 #include <sys/errno.h>
 #include <sys/ioctl.h>
 #include <sys/syslog.h>
 #include <sys/queue.h>
 #include <sys/cprng.h>
 #include <net/if.h>
 #include <net/if_dl.h>
 #include <net/if_llatbl.h>
 #include <net/if_types.h>
 #include <net/route.h>
 #include <net/if_ether.h>
 #include <net/if_fddi.h>
 #include <net/if_arc.h>
 #include <netinet/in.h>
 #include <netinet6/in6_var.h>
 #include <netinet/ip6.h>
 #include <netinet6/ip6_var.h>
 #include <netinet6/scope6_var.h>
 #include <netinet6/nd6.h>
 #include <netinet6/in6_ifattach.h>
 #include <netinet/icmp6.h>
 #include <netinet6/icmp6_private.h>
 #include <net/net_osdep.h>
 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */
 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */
 /* timer values */
 int	nd6_prune	= 1;	/* walk list every 1 seconds */
 int	nd6_delay	= 5;	/* delay first probe time 5 second */
 int	nd6_umaxtries	= 3;	/* maximum unicast query */
 int	nd6_mmaxtries	= 3;	/* maximum multicast query */
 int	nd6_useloopback = 1;	/* use loopback interface for local traffic */
 int	nd6_gctimer	= (60 * 60 * 24); /* 1 day: garbage collection timer */
 /* preventing too many loops in ND option parsing */
 int nd6_maxndopt = 10;	/* max # of ND options allowed */
 int nd6_maxnudhint = 0;	/* max # of subsequent upper layer hints */
 int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */
 #ifdef ND6_DEBUG
 int nd6_debug = 1;
 #else
 int nd6_debug = 0;
 #endif
 /* for debugging? */
 static int nd6_inuse, nd6_allocated;
 struct nd_drhead nd_defrouter;
 struct nd_prhead nd_prefix = { 0 };
 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL;
 static const struct sockaddr_in6 all1_sa = {
 	  .sin6_family = AF_INET6
 	, .sin6_len = sizeof(struct sockaddr_in6)
 	, .sin6_addr = {.s6_addr = {0xff, 0xff, 0xff, 0xff,
 xff, 0xff, 0xff, 0xff,
 xff, 0xff, 0xff, 0xff,
 xff, 0xff, 0xff, 0xff}}
 };
 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *);
 static void nd6_slowtimo(void *);
 static int regen_tmpaddr(struct in6_ifaddr *);
 static void nd6_free(struct rtentry *, struct llentry *, int);
 static void nd6_llinfo_timer(void *);
 static void nd6_timer(void *);
 static void clear_llinfo_pqueue(struct llentry *);
-callout_t nd6_slowtimo_ch;
+static callout_t nd6_slowtimo_ch;
-callout_t nd6_timer_ch;
+static callout_t nd6_timer_ch;
 static int fill_drlist(void *, size_t *, size_t);
 static int fill_prlist(void *, size_t *, size_t);
 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery");
 void
 nd6_init(void)
+{
 	static int nd6_init_done = 0;
 	if (nd6_init_done) {
 		log(LOG_NOTICE, "nd6_init called more than once(ignored)\n");
 		return;
 	/* initialization of the default router list */
 	TAILQ_INIT(&nd_defrouter);
 	nd6_init_done = 1;
 	callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE);
 	callout_init(&nd6_timer_ch, CALLOUT_MPSAFE);
 	/* start timer */
 	callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
 	    nd6_slowtimo, NULL);
 	callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL);
+}
 struct nd_ifinfo *
 nd6_ifattach(struct ifnet *ifp)
+{
 	struct nd_ifinfo *nd;
 	nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO);
 	nd->initialized = 1;
 	nd->chlim = IPV6_DEFHLIM;
 	nd->basereachable = REACHABLE_TIME;
 	nd->reachable = ND_COMPUTE_RTIME(nd->basereachable);
 	nd->retrans = RETRANS_TIMER;
 	nd->flags = ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV;
 	/* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL.
 	 * A bridge interface should not have ND6_IFF_AUTO_LINKLOCAL
 	 * because one of its members should. */
 	if ((ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) ||
 	    (ifp->if_flags & IFF_LOOPBACK))
 		nd->flags |= ND6_IFF_AUTO_LINKLOCAL;
 	/* A loopback interface does not need to accept RTADV.
 	 * A bridge interface should not accept RTADV
 	 * because one of its members should. */
 	if (ip6_accept_rtadv &&
 	    !(ifp->if_flags & IFF_LOOPBACK) &&
 	    !(ifp->if_type != IFT_BRIDGE))
 		nd->flags |= ND6_IFF_ACCEPT_RTADV;
 	/* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */
 	nd6_setmtu0(ifp, nd);
 	return nd;
+}
 void
 nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext)
+{
 	nd6_purge(ifp, ext);
 	free(ext->nd_ifinfo, M_IP6NDP);
+}
 void
 nd6_setmtu(struct ifnet *ifp)
+{
 	nd6_setmtu0(ifp, ND_IFINFO(ifp));
+}
 void
 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi)
+{
 	u_int32_t omaxmtu;
 	omaxmtu = ndi->maxmtu;
 	switch (ifp->if_type) {
 	case IFT_ARCNET:
 		ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */
 		break;
 	case IFT_FDDI:
 		ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu);
 		break;
 	default:
 		ndi->maxmtu = ifp->if_mtu;
 		break;
+	}
 	/*
 	 * Decreasing the interface MTU under IPV6 minimum MTU may cause
 	 * undesirable situation.  We thus notify the operator of the change
 	 * explicitly.  The check for omaxmtu is necessary to restrict the
 	 * log to the case of changing the MTU, not initializing it.
 	 */
 	if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) {
 		log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too"
 		    " small for IPv6 which needs %lu\n",
 		    if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long)
 		    IPV6_MMTU);
+	}
 	if (ndi->maxmtu > in6_maxmtu)
 		in6_setmaxmtu(); /* check all interfaces just in case */
+}
 void
 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts)
+{
 	memset(ndopts, 0, sizeof(*ndopts));
 	ndopts->nd_opts_search = (struct nd_opt_hdr *)opt;
 	ndopts->nd_opts_last
 		= (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len);
 	if (icmp6len == 0) {
 		ndopts->nd_opts_done = 1;
 		ndopts->nd_opts_search = NULL;
+	}
+}
 /*
  * Take one ND option.
  */
 struct nd_opt_hdr *
 nd6_option(union nd_opts *ndopts)
+{
 	struct nd_opt_hdr *nd_opt;
 	int olen;
 	KASSERT(ndopts != NULL);
 	KASSERT(ndopts->nd_opts_last != NULL);
 	if (ndopts->nd_opts_search == NULL)
 		return NULL;
 	if (ndopts->nd_opts_done)
 		return NULL;
 	nd_opt = ndopts->nd_opts_search;
 	/* make sure nd_opt_len is inside the buffer */
 	if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) {
 		memset(ndopts, 0, sizeof(*ndopts));
 		return NULL;
+	}
 	olen = nd_opt->nd_opt_len << 3;
 	if (olen == 0) {
 		/*
 		 * Message validation requires that all included
 		 * options have a length that is greater than zero.
 		 */
 		memset(ndopts, 0, sizeof(*ndopts));
 		return NULL;
+	}
 	ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen);
 	if (ndopts->nd_opts_search > ndopts->nd_opts_last) {
 		/* option overruns the end of buffer, invalid */
 		memset(ndopts, 0, sizeof(*ndopts));
 		return NULL;
 	} else if (ndopts->nd_opts_search == ndopts->nd_opts_last) {
 		/* reached the end of options chain */
 		ndopts->nd_opts_done = 1;
 		ndopts->nd_opts_search = NULL;
+	}
 	return nd_opt;
+}
 /*
  * Parse multiple ND options.
  * This function is much easier to use, for ND routines that do not need
  * multiple options of the same type.
  */
 int
 nd6_options(union nd_opts *ndopts)
+{
 	struct nd_opt_hdr *nd_opt;
 	int i = 0;
 	KASSERT(ndopts != NULL);
 	KASSERT(ndopts->nd_opts_last != NULL);
 	if (ndopts->nd_opts_search == NULL)
 		return 0;
 	while (1) {
 		nd_opt = nd6_option(ndopts);
 		if (nd_opt == NULL && ndopts->nd_opts_last == NULL) {
 			/*
 			 * Message validation requires that all included
 			 * options have a length that is greater than zero.
 			 */
 			ICMP6_STATINC(ICMP6_STAT_ND_BADOPT);
 			memset(ndopts, 0, sizeof(*ndopts));
 			return -1;
+		}
 		if (nd_opt == NULL)
 			goto skip1;
 		switch (nd_opt->nd_opt_type) {
 		case ND_OPT_SOURCE_LINKADDR:
 		case ND_OPT_TARGET_LINKADDR:
 		case ND_OPT_MTU:
 		case ND_OPT_REDIRECTED_HEADER:
 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 				nd6log((LOG_INFO,
 				    "duplicated ND6 option found (type=%d)\n",
 				    nd_opt->nd_opt_type));
 				/* XXX bark? */
 			} else {
 				ndopts->nd_opt_array[nd_opt->nd_opt_type]
 					= nd_opt;
+			}
 			break;
 		case ND_OPT_PREFIX_INFORMATION:
 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) {
 				ndopts->nd_opt_array[nd_opt->nd_opt_type]
 					= nd_opt;
+			}
 			ndopts->nd_opts_pi_end =
 				(struct nd_opt_prefix_info *)nd_opt;
 			break;
 		default:
 			/*
 			 * Unknown options must be silently ignored,
 			 * to accommodate future extension to the protocol.
 			 */
 			nd6log((LOG_DEBUG,
 			    "nd6_options: unsupported option %d - "
 			    "option ignored\n", nd_opt->nd_opt_type));
+		}
 skip1:
 		i++;
 		if (i > nd6_maxndopt) {
 			ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT);
 			nd6log((LOG_INFO, "too many loop in nd opt\n"));
 			break;
+		}
 		if (ndopts->nd_opts_done)
 			break;
+	}
 	return 0;
+}
 /*
  * ND6 timer routine to handle ND6 entries
  */
 void
 nd6_llinfo_settimer_locked(struct llentry *ln, time_t xtick)
+{
 	CTASSERT(sizeof(time_t) > sizeof(int));
 	LLE_WLOCK_ASSERT(ln);
 	if (xtick < 0) {
 		ln->ln_expire = 0;
 		ln->ln_ntick = 0;
 		callout_halt(&ln->ln_timer_ch, &ln->lle_lock);
 	} else {
 		ln->ln_expire = time_uptime + xtick / hz;
 		LLE_ADDREF(ln);
 		if (xtick > INT_MAX) {
 			ln->ln_ntick = xtick - INT_MAX;
 			callout_reset(&ln->ln_timer_ch, INT_MAX,
 			    nd6_llinfo_timer, ln);
 		} else {
 			ln->ln_ntick = 0;
 			callout_reset(&ln->ln_timer_ch, xtick,
 			    nd6_llinfo_timer, ln);
+		}
+	}
+}
 void
 nd6_llinfo_settimer(struct llentry *ln, time_t xtick)
+{
 	LLE_WLOCK(ln);
 	nd6_llinfo_settimer_locked(ln, xtick);
 	LLE_WUNLOCK(ln);
+}
 /*
  * Gets source address of the first packet in hold queue
  * and stores it in @src.
  * Returns pointer to @src (if hold queue is not empty) or NULL.
  */
 static struct in6_addr *
 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src)
+{
 	struct ip6_hdr *hip6;
 	if (ln == NULL || ln->ln_hold == NULL)
 		return NULL;
 	/*
 	 * assuming every packet in ln_hold has the same IP header
 	 */
 	hip6 = mtod(ln->ln_hold, struct ip6_hdr *);
 	/* XXX pullup? */
 	if (sizeof(*hip6) < ln->ln_hold->m_len)
 		*src = hip6->ip6_src;
 	else
 		src = NULL;
 	return src;
+}
 static void
 nd6_llinfo_timer(void *arg)
+{
 	struct llentry *ln = arg;
 	struct rtentry *rt;
 	const struct sockaddr_in6 *dst;
 	struct ifnet *ifp;
 	struct nd_ifinfo *ndi = NULL;
 	bool send_ns = false;
 	const struct in6_addr *daddr6 = NULL;
 	mutex_enter(softnet_lock);
 	KERNEL_LOCK(1, NULL);
 	LLE_WLOCK(ln);
 	if (ln->ln_ntick > 0) {
 		nd6_llinfo_settimer_locked(ln, ln->ln_ntick);
 		goto out;
+	}
 	if (callout_pending(&ln->la_timer)) {
 		/*
 		 * Here we are a bit odd here in the treatment of
 		 * active/pending. If the pending bit is set, it got
 		 * rescheduled before I ran. The active
 		 * bit we ignore, since if it was stopped
 		 * in ll_tablefree() and was currently running
 		 * it would have return 0 so the code would
 		 * not have deleted it since the callout could
 		 * not be stopped so we want to go through
 		 * with the delete here now. If the callout
 		 * was restarted, the pending bit will be back on and
 		 * we just want to bail since the callout_reset would
 		 * return 1 and our reference would have been removed
 		 * by nd6_llinfo_settimer_locked above since canceled
 		 * would have been 1.
 		 */
 		goto out;
+	}
 	ifp = ln->lle_tbl->llt_ifp;
 	rt = ln->ln_rt;
 	KASSERT(rt != NULL);
 	KASSERT(ifp != NULL);
 	ndi = ND_IFINFO(ifp);
 	dst = satocsin6(rt_getkey(rt));
 	/* sanity check */
 	if (rt->rt_llinfo && (struct llentry *)rt->rt_llinfo != ln)
 		panic("rt_llinfo(%p) is not equal to ln(%p)",
 		      rt->rt_llinfo, ln);
 	if (!dst)
 		panic("dst=0 in nd6_timer(ln=%p)", ln);
 	switch (ln->ln_state) {
 	case ND6_LLINFO_INCOMPLETE:
 		if (ln->ln_asked < nd6_mmaxtries) {
 			ln->ln_asked++;
 			send_ns = true;
 		} else {
 			struct mbuf *m = ln->ln_hold;
 			if (m) {
 				struct mbuf *m0;
 				/*
 				 * assuming every packet in ln_hold has
 				 * the same IP header
 				 */
 				m0 = m->m_nextpkt;
 				m->m_nextpkt = NULL;
 				ln->ln_hold = m0;
 				clear_llinfo_pqueue(ln);
+ 			}
 			nd6_free(rt, ln, 0);
 			ln = NULL;
 			if (m != NULL)
 				icmp6_error2(m, ICMP6_DST_UNREACH,
 				    ICMP6_DST_UNREACH_ADDR, 0, ifp);
+		}
 		break;
 	case ND6_LLINFO_REACHABLE:
 		if (!ND6_LLINFO_PERMANENT(ln)) {
 			ln->ln_state = ND6_LLINFO_STALE;
 			nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz);
+		}
 		break;
 	case ND6_LLINFO_PURGE:
 	case ND6_LLINFO_STALE:
 		/* Garbage Collection(RFC 2461 5.3) */
 		if (!ND6_LLINFO_PERMANENT(ln)) {
 			nd6_free(rt, ln, 1);
 			ln = NULL;
+		}
 		break;
 	case ND6_LLINFO_DELAY:
 		if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) {
 			/* We need NUD */
 			ln->ln_asked = 1;
 			ln->ln_state = ND6_LLINFO_PROBE;
 			daddr6 = &dst->sin6_addr;
 			send_ns = true;
 		} else {
 			ln->ln_state = ND6_LLINFO_STALE; /* XXX */
 			nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz);
+		}
 		break;
 	case ND6_LLINFO_PROBE:
 		if (ln->ln_asked < nd6_umaxtries) {
 			ln->ln_asked++;
 			daddr6 = &dst->sin6_addr;
 			send_ns = true;
 		} else {
 			nd6_free(rt, ln, 0);
 			ln = NULL;
+		}
 		break;
+	}
 	if (send_ns) {
 		struct in6_addr src, *psrc;
 		nd6_llinfo_settimer_locked(ln, ndi->retrans * hz / 1000);
 		psrc = nd6_llinfo_get_holdsrc(ln, &src);
 		LLE_FREE_LOCKED(ln);
 		ln = NULL;
 		nd6_ns_output(ifp, daddr6, &dst->sin6_addr, psrc, 0);
+	}
 out:
 	if (ln != NULL)
 		LLE_FREE_LOCKED(ln);
 	KERNEL_UNLOCK_ONE(NULL);
 	mutex_exit(softnet_lock);
+}
 /*
  * ND6 timer routine to expire default route list and prefix list
  */
-void
+static void
 nd6_timer(void *ignored_arg)
+{
 	struct nd_defrouter *next_dr, *dr;
 	struct nd_prefix *next_pr, *pr;
 	struct in6_ifaddr *ia6, *nia6;
 	callout_reset(&nd6_timer_ch, nd6_prune * hz,
 	    nd6_timer, NULL);
 	mutex_enter(softnet_lock);
 	KERNEL_LOCK(1, NULL);
 	/* expire default router list */
 	TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, next_dr) {
 		if (dr->expire && dr->expire < time_uptime) {
 			defrtrlist_del(dr, NULL);
+		}
+	}
 	/*
 	 * expire interface addresses.
 	 * in the past the loop was inside prefix expiry processing.
 	 * However, from a stricter speci-confrmance standpoint, we should
 	 * rather separate address lifetimes and prefix lifetimes.
 	 */
   addrloop:
 	for (ia6 = in6_ifaddr; ia6; ia6 = nia6) {
 		nia6 = ia6->ia_next;
 		/* check address lifetime */
 		if (IFA6_IS_INVALID(ia6)) {
 			int regen = 0;
 			/*
 			 * If the expiring address is temporary, try
 			 * regenerating a new one.  This would be useful when
 			 * we suspended a laptop PC, then turned it on after a
 			 * period that could invalidate all temporary
 			 * addresses.  Although we may have to restart the
 			 * loop (see below), it must be after purging the
 			 * address.  Otherwise, we'd see an infinite loop of
 			 * regeneration.
 			 */
 			if (ip6_use_tempaddr &&
 			    (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
 				if (regen_tmpaddr(ia6) == 0)
 					regen = 1;
+			}
  			in6_purgeaddr(&ia6->ia_ifa);
 			if (regen)
 				goto addrloop; /* XXX: see below */
 		} else if (IFA6_IS_DEPRECATED(ia6)) {
 			int oldflags = ia6->ia6_flags;
 			if ((oldflags & IN6_IFF_DEPRECATED) == 0) {
 				ia6->ia6_flags |= IN6_IFF_DEPRECATED;
 				rt_newaddrmsg(RTM_NEWADDR,
 				    (struct ifaddr *)ia6, 0, NULL);
+			}
 			/*
 			 * If a temporary address has just become deprecated,
 			 * regenerate a new one if possible.
 			 */
 			if (ip6_use_tempaddr &&
 			    (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
 			    (oldflags & IN6_IFF_DEPRECATED) == 0) {
 				if (regen_tmpaddr(ia6) == 0) {
 					/*
 					 * A new temporary address is
 					 * generated.
 					 * XXX: this means the address chain
 					 * has changed while we are still in
 					 * the loop.  Although the change
 					 * would not cause disaster (because
 					 * it's not a deletion, but an
 					 * addition,) we'd rather restart the
 					 * loop just for safety.  Or does this
 					 * significantly reduce performance??
 					 */
 					goto addrloop;
+				}
+			}
 		} else {
 			/*
 			 * A new RA might have made a deprecated address
 			 * preferred.
 			 */
 			if (ia6->ia6_flags & IN6_IFF_DEPRECATED) {
 				ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
 				rt_newaddrmsg(RTM_NEWADDR,
 				    (struct ifaddr *)ia6, 0, NULL);
+			}
+		}
+	}
 	/* expire prefix list */
 	LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, next_pr) {
 		/*
 		 * check prefix lifetime.
 		 * since pltime is just for autoconf, pltime processing for
 		 * prefix is not necessary.
 		 */
 		if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME &&
 		    time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) {
 			/*
 			 * address expiration and prefix expiration are
 			 * separate.  NEVER perform in6_purgeaddr here.
 			 */
 			prelist_remove(pr);
+		}
+	}
 	KERNEL_UNLOCK_ONE(NULL);
 	mutex_exit(softnet_lock);
+}
 /* ia6: deprecated/invalidated temporary address */
 static int
 regen_tmpaddr(struct in6_ifaddr *ia6)
+{
 	struct ifaddr *ifa;
 	struct ifnet *ifp;
 	struct in6_ifaddr *public_ifa6 = NULL;
 	ifp = ia6->ia_ifa.ifa_ifp;
 	IFADDR_FOREACH(ifa, ifp) {
 		struct in6_ifaddr *it6;
 		if (ifa->ifa_addr->sa_family != AF_INET6)
 			continue;
 		it6 = (struct in6_ifaddr *)ifa;
 		/* ignore no autoconf addresses. */
 		if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0)
 			continue;
 		/* ignore autoconf addresses with different prefixes. */
 		if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr)
 			continue;
 		/*
 		 * Now we are looking at an autoconf address with the same
 		 * prefix as ours.  If the address is temporary and is still
 		 * preferred, do not create another one.  It would be rare, but
 		 * could happen, for example, when we resume a laptop PC after
 		 * a long period.
 		 */
 		if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
 		    !IFA6_IS_DEPRECATED(it6)) {
 			public_ifa6 = NULL;
 			break;
+		}
 		/*
 		 * This is a public autoconf address that has the same prefix
 		 * as ours.  If it is preferred, keep it.  We can't break the
 		 * loop here, because there may be a still-preferred temporary
 		 * address with the prefix.
 		 */
 		if (!IFA6_IS_DEPRECATED(it6))
 		    public_ifa6 = it6;
+	}
 	if (public_ifa6 != NULL) {
 		int e;
 		/*
 		 * Random factor is introduced in the preferred lifetime, so
 		 * we do not need additional delay (3rd arg to in6_tmpifadd).
 		 */
 		if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) {
 			log(LOG_NOTICE, "regen_tmpaddr: failed to create a new"
 			    " tmp addr, errno=%d\n", e);
 			return -1;
+		}
 		return 0;
+	}
 	return -1;
+}
 bool
 nd6_accepts_rtadv(const struct nd_ifinfo *ndi)
+{
 	switch (ndi->flags & (ND6_IFF_ACCEPT_RTADV|ND6_IFF_OVERRIDE_RTADV)) {
 	case ND6_IFF_OVERRIDE_RTADV|ND6_IFF_ACCEPT_RTADV:
 		return true;
 	case ND6_IFF_ACCEPT_RTADV:
 		return ip6_accept_rtadv != 0;
 	case ND6_IFF_OVERRIDE_RTADV:
 	case 0:
 	default:
 		return false;
+	}
+}
 /*
  * Nuke neighbor cache/prefix/default router management table, right before
  * ifp goes away.
  */
 void
 nd6_purge(struct ifnet *ifp, struct in6_ifextra *ext)
+{
 	struct nd_defrouter *dr, *ndr;
 	struct nd_prefix *pr, *npr;
 	/*
 	 * During detach, the ND info might be already removed, but
 	 * then is explitly passed as argument.
 	 * Otherwise get it from ifp->if_afdata.
 	 */
 	if (ext == NULL)
 		ext = ifp->if_afdata[AF_INET6];
 	if (ext == NULL)
 		return;
 	/*
 	 * Nuke default router list entries toward ifp.
 	 * We defer removal of default router list entries that is installed
 	 * in the routing table, in order to keep additional side effects as
 	 * small as possible.
 	 */
 	TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) {
 		if (dr->installed)
 			continue;
 		if (dr->ifp == ifp) {
 			KASSERT(ext != NULL);
 			defrtrlist_del(dr, ext);
+		}
+	}
 	TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) {
 		if (!dr->installed)
 			continue;
 		if (dr->ifp == ifp) {
 			KASSERT(ext != NULL);
 			defrtrlist_del(dr, ext);
+		}
+	}
 	/* Nuke prefix list entries toward ifp */
 	LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, npr) {
 		if (pr->ndpr_ifp == ifp) {
 			/*
 			 * Because if_detach() does *not* release prefixes
 			 * while purging addresses the reference count will
 			 * still be above zero. We therefore reset it to
 			 * make sure that the prefix really gets purged.
 			 */
 			pr->ndpr_refcnt = 0;
 			/*
 			 * Previously, pr->ndpr_addr is removed as well,
 			 * but I strongly believe we don't have to do it.
 			 * nd6_purge() is only called from in6_ifdetach(),
 			 * which removes all the associated interface addresses
 			 * by itself.
 			 * (jinmei@kame.net 20010129)
 			 */
 			prelist_remove(pr);
+		}
+	}
 	/* cancel default outgoing interface setting */
 	if (nd6_defifindex == ifp->if_index)
 		nd6_setdefaultiface(0);
 	/* XXX: too restrictive? */
 	if (!ip6_forwarding && ifp->if_afdata[AF_INET6]) {
 		struct nd_ifinfo *ndi = ND_IFINFO(ifp);
 		if (ndi && nd6_accepts_rtadv(ndi)) {
 			/* refresh default router list */
 			defrouter_select();
+		}
+	}
 	/*
 	 * We may not need to nuke the neighbor cache entries here
 	 * because the neighbor cache is kept in if_afdata[AF_INET6].
 	 * nd6_purge() is invoked by in6_ifdetach() which is called
 	 * from if_detach() where everything gets purged. However
 	 * in6_ifdetach is directly called from vlan(4), so we still
 	 * need to purge entries here.
 	 */
 	if (ext->lltable != NULL)
 		lltable_purge_entries(ext->lltable);
+}
 static struct rtentry *
 nd6_lookup1(const struct in6_addr *addr6, int create, struct ifnet *ifp,
     int cloning)
+{
 	struct rtentry *rt;
 	struct sockaddr_in6 sin6;
 	sockaddr_in6_init(&sin6, addr6, 0, 0, 0);
 	rt = rtalloc1((struct sockaddr *)&sin6, create);
 	if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) {
 		/*
 		 * This is the case for the default route.
 		 * If we want to create a neighbor cache for the address, we
 		 * should free the route for the destination and allocate an
 		 * interface route.
 		 */
 		if (create) {
 			rtfree(rt);
 			rt = NULL;
+		}
+	}
 	if (rt != NULL)
+		;
 	else if (create && ifp) {
 		int e;
 		/*
 		 * If no route is available and create is set,
 		 * we allocate a host route for the destination
 		 * and treat it like an interface route.
 		 * This hack is necessary for a neighbor which can't
 		 * be covered by our own prefix.
 		 */
 		struct ifaddr *ifa =
 		    ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp);
 		if (ifa == NULL)
 			return NULL;
 		/*
 		 * Create a new route.  RTF_LLINFO is necessary
 		 * to create a Neighbor Cache entry for the
 		 * destination in nd6_rtrequest which will be
 		 * called in rtrequest via ifa->ifa_rtrequest.
 		 */
 		if ((e = rtrequest(RTM_ADD, (const struct sockaddr *)&sin6,
 		    ifa->ifa_addr, (const struct sockaddr *)&all1_sa,
 		    (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) &
 		    ~RTF_CLONING, &rt)) != 0) {
 #if 0
 			log(LOG_ERR,
 			    "nd6_lookup: failed to add route for a "
 			    "neighbor(%s), errno=%d\n",
 			    ip6_sprintf(addr6), e);
 #endif
 			return NULL;
+		}
 		if (rt == NULL)
 			return NULL;
 		if (rt->rt_llinfo) {
 			struct llentry *ln = rt->rt_llinfo;
 			ln->ln_state = ND6_LLINFO_NOSTATE;
+		}
 	} else
 		return NULL;
 	/*
 	 * Check for a cloning route to match the address.
 	 * This should only be set from in6_is_addr_neighbor so we avoid
 	 * a potentially expensive second call to rtalloc1.
 	 */
 	if (cloning &&
 	    rt->rt_flags & (RTF_CLONING | RTF_CLONED) &&
 	    (rt->rt_ifp == ifp
 #if NBRIDGE > 0
 	    || rt->rt_ifp->if_bridge == ifp->if_bridge
 #endif
 #if NCARP > 0
 	    || (ifp->if_type == IFT_CARP && rt->rt_ifp == ifp->if_carpdev) ||
 	    (rt->rt_ifp->if_type == IFT_CARP && rt->rt_ifp->if_carpdev == ifp)||
 	    (ifp->if_type == IFT_CARP && rt->rt_ifp->if_type == IFT_CARP &&
 	    rt->rt_ifp->if_carpdev == ifp->if_carpdev)
 #endif
 	    ))
 		return rt;
 	/*
 	 * Validation for the entry.
 	 * Note that the check for rt_llinfo is necessary because a cloned
 	 * route from a parent route that has the L flag (e.g. the default
 	 * route to a p2p interface) may have the flag, too, while the
 	 * destination is not actually a neighbor.
 	 * XXX: we can't use rt->rt_ifp to check for the interface, since
 	 *      it might be the loopback interface if the entry is for our
 	 *      own address on a non-loopback interface. Instead, we should
 	 *      use rt->rt_ifa->ifa_ifp, which would specify the REAL
 	 *	interface.
 	 * Note also that ifa_ifp and ifp may differ when we connect two
 	 * interfaces to a same link, install a link prefix to an interface,
 	 * and try to install a neighbor cache on an interface that does not
 	 * have a route to the prefix.
 	 */
 	if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 ||
 	    rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL ||
 	    (ifp && rt->rt_ifa->ifa_ifp != ifp)) {
 		if (create) {
 			nd6log((LOG_DEBUG,
 			    "nd6_lookup: failed to lookup %s (if = %s)\n",
 			    ip6_sprintf(addr6),
 			    ifp ? if_name(ifp) : "unspec"));
+		}
 		rtfree(rt);
 		return NULL;
+	}
 	return rt;
+}
 struct rtentry *
 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp)
+{
 	return nd6_lookup1(addr6, create, ifp, 0);
+}
 /*
  * Detect if a given IPv6 address identifies a neighbor on a given link.
  * XXX: should take care of the destination of a p2p link?
  */
 int
 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp)
+{
 	struct nd_prefix *pr;
 	struct rtentry *rt;
 	/*
 	 * A link-local address is always a neighbor.
 	 * XXX: a link does not necessarily specify a single interface.
 	 */
 	if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) {
 		struct sockaddr_in6 sin6_copy;
 		u_int32_t zone;
 		/*
 		 * We need sin6_copy since sa6_recoverscope() may modify the
 		 * content (XXX).
 		 */
 		sin6_copy = *addr;
 		if (sa6_recoverscope(&sin6_copy))
 			return 0; /* XXX: should be impossible */
 		if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone))
 			return 0;
 		if (sin6_copy.sin6_scope_id == zone)
 			return 1;
 		else
 			return 0;
+	}
 	/*
 	 * If the address matches one of our on-link prefixes, it should be a
 	 * neighbor.
 	 */
 	LIST_FOREACH(pr, &nd_prefix, ndpr_entry) {
 		if (pr->ndpr_ifp != ifp)
 			continue;
 		if (!(pr->ndpr_stateflags & NDPRF_ONLINK))
 			continue;
 		if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,
 		    &addr->sin6_addr, &pr->ndpr_mask))
 			return 1;
+	}
 	/*
 	 * If the default router list is empty, all addresses are regarded
 	 * as on-link, and thus, as a neighbor.
 	 * XXX: we restrict the condition to hosts, because routers usually do
 	 * not have the "default router list".
 	 */
 	if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL &&
 	    nd6_defifindex == ifp->if_index) {
 		return 1;
+	}
 	/*
 	 * Even if the address matches none of our addresses, it might match
 	 * a cloning route or be in the neighbor cache.
 	 */
 	rt = nd6_lookup1(&addr->sin6_addr, 0, ifp, 1);
 	if (rt != NULL) {
 		rtfree(rt);
 		return 1;
+	}
 	return 0;
+}
 /*
  * Free an nd6 llinfo entry.
  * Since the function would cause significant changes in the kernel, DO NOT
  * make it global, unless you have a strong reason for the change, and are sure
  * that the change is safe.
  */
 static void
 nd6_free(struct rtentry *rt, struct llentry *ln, int gc)
+{
 	struct in6_addr in6 = satocsin6(rt_getkey(rt))->sin6_addr;
 	struct nd_defrouter *dr;
 	int error;
 	KASSERT(ln != NULL);
 	KASSERT(ln == rt->rt_llinfo);
 	LLE_WLOCK_ASSERT(ln);
 	/*
 	 * we used to have pfctlinput(PRC_HOSTDEAD) here.
 	 * even though it is not harmful, it was not really necessary.
 	 */
 	/* cancel timer */
 	nd6_llinfo_settimer_locked(ln, -1);
 	if (!ip6_forwarding) {
 		int s;
 		s = splsoftnet();
 		dr = defrouter_lookup(&satocsin6(rt_getkey(rt))->sin6_addr,
 		    rt->rt_ifp);
 		if (dr != NULL && dr->expire &&
 		    ln->ln_state == ND6_LLINFO_STALE && gc) {
 			/*
 			 * If the reason for the deletion is just garbage
 			 * collection, and the neighbor is an active default
 			 * router, do not delete it.  Instead, reset the GC
 			 * timer using the router's lifetime.
 			 * Simply deleting the entry would affect default
 			 * router selection, which is not necessarily a good
 			 * thing, especially when we're using router preference
 			 * values.
 			 * XXX: the check for ln_state would be redundant,
 			 *      but we intentionally keep it just in case.
 			 */
 			if (dr->expire > time_uptime)
 				nd6_llinfo_settimer_locked(ln,
 				    (dr->expire - time_uptime) * hz);
 			else
 				nd6_llinfo_settimer_locked(ln,
 				    nd6_gctimer * hz);
 			splx(s);
 			LLE_WUNLOCK(ln);
 			return;
+		}
 		if (ln->ln_router || dr) {
 			/*
 			 * rt6_flush must be called whether or not the neighbor
 			 * is in the Default Router List.
 			 * See a corresponding comment in nd6_na_input().
 			 */
 			rt6_flush(&in6, rt->rt_ifp);
+		}
 		if (dr) {
 			/*
 			 * Unreachablity of a router might affect the default
 			 * router selection and on-link detection of advertised
 			 * prefixes.
 			 */
 			/*
 			 * Temporarily fake the state to choose a new default
 			 * router and to perform on-link determination of
 			 * prefixes correctly.
 			 * Below the state will be set correctly,
 			 * or the entry itself will be deleted.
 			 */
 			ln->ln_state = ND6_LLINFO_INCOMPLETE;
 			/*
 			 * Since defrouter_select() does not affect the
 			 * on-link determination and MIP6 needs the check
 			 * before the default router selection, we perform
 			 * the check now.
 			 */
 			pfxlist_onlink_check();
 			/*
 			 * refresh default router list
 			 */
 			defrouter_select();
+		}
 		splx(s);
+	}
 	LLE_WUNLOCK(ln);
 	/*
 	 * Detach the route from the routing tree and the list of neighbor
 	 * caches, and disable the route entry not to be used in already
 	 * cached routes.
 	 */
 	error = rtrequest_newmsg(RTM_DELETE, rt_getkey(rt), NULL,
 	    rt_mask(rt), 0);
 	if (error != 0) {
 		/* XXX need error message? */;
+	}
+}
 /*
  * Upper-layer reachability hint for Neighbor Unreachability Detection.
+ *
  * XXX cost-effective methods?
  */
 void
 nd6_nud_hint(struct rtentry *rt)
+{
 	struct llentry *ln;
 	if (rt == NULL)
 		return;
 	if ((rt->rt_flags & RTF_GATEWAY) != 0 ||
 	    (rt->rt_flags & RTF_LLINFO) == 0 ||
 	    !rt->rt_llinfo || !rt->rt_gateway ||
 	    rt->rt_gateway->sa_family != AF_LINK) {
 		/* This is not a host route. */
 		return;
+	}
 	ln = rt->rt_llinfo;
 	if (ln->ln_state < ND6_LLINFO_REACHABLE)
 		return;
 	/*
 	 * if we get upper-layer reachability confirmation many times,
 	 * it is possible we have false information.
 	 */
 	ln->ln_byhint++;
 	if (ln->ln_byhint > nd6_maxnudhint)
 		return;
 	ln->ln_state = ND6_LLINFO_REACHABLE;
 	if (!ND6_LLINFO_PERMANENT(ln)) {
 		nd6_llinfo_settimer(ln,
 		    ND_IFINFO(rt->rt_ifp)->reachable * hz);
+	}
 	return;
+}
 static int
 nd6_purge_entry(struct lltable *llt, struct llentry *ln, void *farg)
+{
 	int *n = farg;
 	if (*n <= 0)
 		return 0;
 	if (ND6_LLINFO_PERMANENT(ln))
 		return 0;
 	LLE_WLOCK(ln);
 	if (ln->ln_state > ND6_LLINFO_INCOMPLETE)
 		ln->ln_state = ND6_LLINFO_STALE;
 	else
 		ln->ln_state = ND6_LLINFO_PURGE;
 	nd6_llinfo_settimer_locked(ln, 0);
 	LLE_WUNLOCK(ln);
 	(*n)--;
 	return 0;
+}
 static void
 nd6_gc_neighbors(struct lltable *llt)
+{
 	int max_gc_entries = 10;
 	if (ip6_neighborgcthresh >= 0 &&
 	    lltable_get_entry_count(llt) >= ip6_neighborgcthresh) {
 		/*
 		 * XXX entries that are "less recently used" should be
 		 * freed first.
 		 */
 		lltable_foreach_lle(llt, nd6_purge_entry, &max_gc_entries);
+	}
+}
 void
 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info)
+{
 	struct sockaddr *gate = rt->rt_gateway;
 	struct llentry *ln;
 	struct ifnet *ifp = rt->rt_ifp;
 	uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen;
 	struct ifaddr *ifa;
 	int flags = 0;
 	bool use_lo0ifp = false;
 	RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 	if (req == RTM_LLINFO_UPD) {
 		int rc;
 		struct in6_addr *in6;
 		struct in6_addr in6_all;
 		int anycast;
 		if ((ifa = info->rti_ifa) == NULL)
 			return;
 		in6 = &ifatoia6(ifa)->ia_addr.sin6_addr;
 		anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST;
 		in6_all = in6addr_linklocal_allnodes;
 		if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) {
 			log(LOG_ERR, "%s: failed to set scope %s "
 			    "(errno=%d)\n", __func__, if_name(ifp), rc);
 			return;
+		}
 		/* XXX don't set Override for proxy addresses */
 		nd6_na_output(ifa->ifa_ifp, &in6_all, in6,
 		    (anycast ? 0 : ND_NA_FLAG_OVERRIDE)
 #if 0
 		    | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0)
 #endif
 		    , 1, NULL);
 		return;
+	}
 	if ((rt->rt_flags & RTF_GATEWAY) != 0)
 		return;
 	if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) {
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/*
 		 * This is probably an interface direct route for a link
 		 * which does not need neighbor caches (e.g. fe80::%lo0/64).
 		 * We do not need special treatment below for such a route.
 		 * Moreover, the RTF_LLINFO flag which would be set below
 		 * would annoy the ndp(8) command.
 		 */
 		return;
+	}
 	IF_AFDATA_RLOCK(ifp);
 	ln = lla_lookup(LLTABLE6(ifp), flags, rt_getkey(rt));
 	IF_AFDATA_RUNLOCK(ifp);
 	if (req == RTM_RESOLVE &&
 	    (nd6_need_cache(ifp) == 0 || /* stf case */
 	     !nd6_is_addr_neighbor(satocsin6(rt_getkey(rt)), ifp))) {
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/*
 		 * FreeBSD and BSD/OS often make a cloned host route based
 		 * on a less-specific route (e.g. the default route).
 		 * If the less specific route does not have a "gateway"
 		 * (this is the case when the route just goes to a p2p or an
 		 * stf interface), we'll mistakenly make a neighbor cache for
 		 * the host route, and will see strange neighbor solicitation
 		 * for the corresponding destination.  In order to avoid the
 		 * confusion, we check if the destination of the route is
 		 * a neighbor in terms of neighbor discovery, and stop the
 		 * process if not.  Additionally, we remove the LLINFO flag
 		 * so that ndp(8) will not try to get the neighbor information
 		 * of the destination.
 		 */
 		rt->rt_flags &= ~RTF_LLINFO;
 		return;
+	}
 	switch (req) {
 	case RTM_ADD:
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/*
 		 * There is no backward compatibility :)
+		 *
 		 * if ((rt->rt_flags & RTF_HOST) == 0 &&
 		 *     SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff)
 		 *	   rt->rt_flags |= RTF_CLONING;
 		 */
 		if ((rt->rt_flags & RTF_CLONING) ||
 		    ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) {
 			union {
 				struct sockaddr sa;
 				struct sockaddr_dl sdl;
 				struct sockaddr_storage ss;
 			} u;
 			/*
 			 * Case 1: This route should come from a route to
 			 * interface (RTF_CLONING case) or the route should be
 			 * treated as on-link but is currently not
 			 * (RTF_LLINFO && ln == NULL case).
 			 */
 			if (sockaddr_dl_init(&u.sdl, sizeof(u.ss),
 			    ifp->if_index, ifp->if_type,
 			    NULL, namelen, NULL, addrlen) == NULL) {
 				printf("%s.%d: sockaddr_dl_init(, %zu, ) "
 				    "failed on %s\n", __func__, __LINE__,
 				    sizeof(u.ss), if_name(ifp));
+			}
 			rt_setgate(rt, &u.sa);
 			gate = rt->rt_gateway;
 			RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 			if (ln != NULL)
 				nd6_llinfo_settimer_locked(ln, 0);
 			RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 			if ((rt->rt_flags & RTF_CLONING) != 0)
 				break;
+		}
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/*
 		 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here.
 		 * We don't do that here since llinfo is not ready yet.
+		 *
 		 * There are also couple of other things to be discussed:
 		 * - unsolicited NA code needs improvement beforehand
 		 * - RFC2461 says we MAY send multicast unsolicited NA
 		 *   (7.2.6 paragraph 4), however, it also says that we
 		 *   SHOULD provide a mechanism to prevent multicast NA storm.
 		 *   we don't have anything like it right now.
 		 *   note that the mechanism needs a mutual agreement
 		 *   between proxies, which means that we need to implement
 		 *   a new protocol, or a new kludge.
 		 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA.
 		 *   we need to check ip6forwarding before sending it.
 		 *   (or should we allow proxy ND configuration only for
 		 *   routers?  there's no mention about proxy ND from hosts)
 		 */
 #if 0
 		/* XXX it does not work */
 		if (rt->rt_flags & RTF_ANNOUNCE)
 			nd6_na_output(ifp,
 			      &satocsin6(rt_getkey(rt))->sin6_addr,
 			      &satocsin6(rt_getkey(rt))->sin6_addr,
 			      ip6_forwarding ? ND_NA_FLAG_ROUTER : 0,
 , NULL);
 #endif
 		/* FALLTHROUGH */
 	case RTM_RESOLVE:
 		if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) {
 			RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 			/*
 			 * Address resolution isn't necessary for a point to
 			 * point link, so we can skip this test for a p2p link.
 			 */
 			if (gate->sa_family != AF_LINK ||
 			    gate->sa_len <
 			    sockaddr_dl_measure(namelen, addrlen)) {
 				log(LOG_DEBUG,
 				    "nd6_rtrequest: bad gateway value: %s\n",
 				    if_name(ifp));
 				break;
+			}
 			satosdl(gate)->sdl_type = ifp->if_type;
 			satosdl(gate)->sdl_index = ifp->if_index;
 			RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
+		}
 		if (ln != NULL)
 			break;	/* This happens on a route change */
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/* Determine to use lo0ifp or not before lla_create */
 		ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
 		    &satocsin6(rt_getkey(rt))->sin6_addr);
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		if (ifa != NULL && nd6_useloopback)
 			use_lo0ifp = true;
 		/*
 		 * Case 2: This route may come from cloning, or a manual route
 		 * add with a LL address.
 		 */
 		flags = LLE_EXCLUSIVE;
 		if ((rt->rt_flags & RTF_CLONED) == 0)
 			flags |= LLE_IFADDR;
 #define	_IFP()	(use_lo0ifp ? lo0ifp : ifp)
 		IF_AFDATA_WLOCK(_IFP());
 		ln = lla_create(LLTABLE6(_IFP()), flags, rt_getkey(rt));
 		IF_AFDATA_WUNLOCK(_IFP());
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		if (ln == NULL) {
 			log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n");
 			break;
+		}
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		nd6_inuse++;
 		nd6_allocated++;
 		ln->ln_rt = rt;
 		rt->rt_refcnt++;
 		rt->rt_llinfo = ln;
 		LLE_ADDREF(ln);
 		rt->rt_flags |= RTF_LLINFO;
 		switch (_IFP()->if_type) {
 #if NTOKEN > 0
 		case IFT_ISO88025:
 			ln->la_opaque = kmem_alloc(sizeof(struct token_rif),
 			    KM_SLEEP);
 			break;
 #endif /* NTOKEN > 0 */
 		default:
 			break;
+		}
 #undef _IFP
 		/* this is required for "ndp" command. - shin */
 		if (req == RTM_ADD) {
 		        /*
 			 * gate should have some valid AF_LINK entry,
 			 * and ln->ln_expire should have some lifetime
 			 * which is specified by ndp command.
 			 */
 			ln->ln_state = ND6_LLINFO_REACHABLE;
 			ln->ln_byhint = 0;
 		} else {
 		        /*
 			 * When req == RTM_RESOLVE, rt is created and
 			 * initialized in rtrequest(), so rt_expire is 0.
 			 */
 			ln->ln_state = ND6_LLINFO_NOSTATE;
 			nd6_llinfo_settimer_locked(ln, 0);
+		}
 		RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt));
 		/*
 		 * check if rt_getkey(rt) is an address assigned
 		 * to the interface.
 		 */
 		if (ifa != NULL) {
 			const void *mac;
 			nd6_llinfo_settimer_locked(ln, -1);
 			ln->ln_state = ND6_LLINFO_REACHABLE;
 			ln->ln_byhint = 0;
 			if ((mac = nd6_ifptomac(ifp)) != NULL) {
 				/* XXX check for error */
 				if (sockaddr_dl_setaddr(satosdl(gate),
 				    gate->sa_len, mac,
 				    ifp->if_addrlen) == NULL) {
 					printf("%s.%d: "
 					    "sockaddr_dl_setaddr(, %d, ) "
 					    "failed on %s\n", __func__,
 					    __LINE__, gate->sa_len,
 					    if_name(ifp));
+				}
+			}
 			if (nd6_useloopback) {
 				ifp = rt->rt_ifp = lo0ifp;	/* XXX */
 				/*
 				 * Make sure rt_ifa be equal to the ifaddr
 				 * corresponding to the address.
 				 * We need this because when we refer
 				 * rt_ifa->ia6_flags in ip6_input, we assume
 				 * that the rt_ifa points to the address instead
 				 * of the loopback address.
 				 */
 				if (ifa != rt->rt_ifa)
 					rt_replace_ifa(rt, ifa);
 				rt->rt_rmx.rmx_mtu = 0;
 				rt->rt_flags &= ~RTF_CLONED;
+			}
 			rt->rt_flags |= RTF_LOCAL;
 		} else if (rt->rt_flags & RTF_ANNOUNCE) {
 			nd6_llinfo_settimer_locked(ln, -1);
 			ln->ln_state = ND6_LLINFO_REACHABLE;
 			ln->ln_byhint = 0;
 			/* join solicited node multicast for proxy ND */
 			if (ifp->if_flags & IFF_MULTICAST) {
 				struct in6_addr llsol;
 				int error;
 				llsol = satocsin6(rt_getkey(rt))->sin6_addr;
 				llsol.s6_addr32[0] = htonl(0xff020000);
 				llsol.s6_addr32[1] = 0;
 				llsol.s6_addr32[2] = htonl(1);
 				llsol.s6_addr8[12] = 0xff;
 				if (in6_setscope(&llsol, ifp, NULL))
 					break;
 				if (!in6_addmulti(&llsol, ifp, &error, 0)) {
 					nd6log((LOG_ERR, "%s: failed to join "
 					    "%s (errno=%d)\n", if_name(ifp),
 					    ip6_sprintf(&llsol), error));
+				}
+			}
+		}
 		LLE_WUNLOCK(ln);
 		/*
 		 * If we have too many cache entries, initiate immediate
 		 * purging for some entries.
 		 */
 		nd6_gc_neighbors(ln->lle_tbl);
 		ln = NULL;
 		break;
 	case RTM_DELETE:
 		if (ln == NULL)
 			break;
 		/* leave from solicited node multicast for proxy ND */
 		if ((rt->rt_flags & RTF_ANNOUNCE) != 0 &&
 		    (ifp->if_flags & IFF_MULTICAST) != 0) {
 			struct in6_addr llsol;

 @@ -1,459 +1,456 @@
-/*	$NetBSD: nd6.h,v 1.69 2015/12/07 06:19:13 ozaki-r Exp $	*/
+/*	$NetBSD: nd6.h,v 1.70 2016/04/01 05:11:38 ozaki-r Exp $	*/
 /*	$KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #ifndef _NETINET6_ND6_H_
 #define _NETINET6_ND6_H_
 #include <sys/queue.h>
 #include <sys/callout.h>
 #define ND6_LLINFO_PURGE	-3
 #define ND6_LLINFO_NOSTATE	-2
 /*
  * We don't need the WAITDELETE state any more, but we keep the definition
  * in a comment line instead of removing it. This is necessary to avoid
  * unintentionally reusing the value for another purpose, which might
  * affect backward compatibility with old applications.
  * (20000711 jinmei@kame.net)
  */
 /* #define ND6_LLINFO_WAITDELETE	-1 */
 #define ND6_LLINFO_INCOMPLETE	0
 #define ND6_LLINFO_REACHABLE	1
 #define ND6_LLINFO_STALE	2
 #define ND6_LLINFO_DELAY	3
 #define ND6_LLINFO_PROBE	4
 #define ND6_IS_LLINFO_PROBREACH(n) ((n)->ln_state > ND6_LLINFO_INCOMPLETE)
 #define ND6_LLINFO_PERMANENT(n)	(((n)->ln_expire == 0) && ((n)->ln_state > ND6_LLINFO_INCOMPLETE))
 struct nd_ifinfo {
 	u_int32_t linkmtu;		/* LinkMTU */
 	u_int32_t maxmtu;		/* Upper bound of LinkMTU */
 	u_int32_t basereachable;	/* BaseReachableTime */
 	u_int32_t reachable;		/* Reachable Time */
 	u_int32_t retrans;		/* Retrans Timer */
 	u_int32_t flags;		/* Flags */
 	int recalctm;			/* BaseReacable re-calculation timer */
 	u_int8_t chlim;			/* CurHopLimit */
 	u_int8_t initialized; /* Flag to see the entry is initialized */
 	/* the following 3 members are for privacy extension for addrconf */
 	u_int8_t randomseed0[8]; /* upper 64 bits of MD5 digest */
 	u_int8_t randomseed1[8]; /* lower 64 bits (usually the EUI64 IFID) */
 	u_int8_t randomid[8];	/* current random ID */
 };
 #define ND6_IFF_PERFORMNUD	0x01
 #define ND6_IFF_ACCEPT_RTADV	0x02	/* See "RTADV Key", below. */
 #define ND6_IFF_PREFER_SOURCE	0x04	/* XXX: not related to ND. */
 #define ND6_IFF_IFDISABLED	0x08	/* IPv6 operation is disabled due to
 					 * DAD failure.  (XXX: not ND-specific)
 					 */
 #define	ND6_IFF_OVERRIDE_RTADV	0x10	/* See "RTADV Key", below. */
 #define	ND6_IFF_AUTO_LINKLOCAL	0x20
 /*
  * RTADV Key
+ *
  * The flags ND6_IFF_ACCEPT_RTADV and ND6_IFF_OVERRIDE_RTADV form a
  * tri-state variable.  (There are actually four different states, but
  * two of the states are functionally identical.)
+ *
  * ND6_IFF_OVERRIDE_RTADV or 0:	This interface does not accept
  *				Router Advertisements.
+ *
  * ND6_IFF_OVERRIDE_RTADV|
  * ND6_IFF_ACCEPT_RTADV:	This interface accepts Router
  *				Advertisements regardless of the
  *				global setting, ip6_accept_rtadv.
+ *
  * ND6_IFF_ACCEPT_RTADV:	This interface follows the global setting,
  *				ip6_accept_rtadv.  If ip6_accept_rtadv == 0,
  *				this interface does not accept Router
  *				Advertisements.  If ip6_accept_rtadv != 0,
  *				this interface does accept them.
  */
 #ifdef _KERNEL
 #define ND_IFINFO(ifp) \
 	(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->nd_ifinfo)
 #define IN6_LINKMTU(ifp) \
 	((ND_IFINFO(ifp)->linkmtu && ND_IFINFO(ifp)->linkmtu < (ifp)->if_mtu) \
 	    ? ND_IFINFO(ifp)->linkmtu \
 	    : ((ND_IFINFO(ifp)->maxmtu && ND_IFINFO(ifp)->maxmtu < (ifp)->if_mtu) \
 		? ND_IFINFO(ifp)->maxmtu : (ifp)->if_mtu))
 #endif
 struct in6_nbrinfo {
 	char ifname[IFNAMSIZ];	/* if name, e.g. "en0" */
 	struct in6_addr addr;	/* IPv6 address of the neighbor */
 	long	asked;		/* number of queries already sent for this addr */
 	int	isrouter;	/* if it acts as a router */
 	int	state;		/* reachability state */
 	int	expire;		/* lifetime for NDP state transition */
 };
 #define DRLSTSIZ 10
 #define PRLSTSIZ 10
 struct	in6_drlist {
 	char ifname[IFNAMSIZ];
 	struct {
 		struct	in6_addr rtaddr;
 		u_char	flags;
 		u_short	rtlifetime;
 		u_long	expire;
 		u_short if_index;
 	} defrouter[DRLSTSIZ];
 };
 struct	in6_defrouter {
 	struct	sockaddr_in6 rtaddr;
 	u_char	flags;
 	u_short	rtlifetime;
 	u_long	expire;
 	u_short if_index;
 };
 #ifdef _KERNEL
 struct	in6_oprlist {
 	char ifname[IFNAMSIZ];
 	struct {
 		struct	in6_addr prefix;
 		struct prf_ra raflags;
 		u_char	prefixlen;
 		u_char	origin;
 		u_long vltime;
 		u_long pltime;
 		u_long expire;
 		u_short if_index;
 		u_short advrtrs; /* number of advertisement routers */
 		struct	in6_addr advrtr[DRLSTSIZ]; /* XXX: explicit limit */
 	} prefix[PRLSTSIZ];
 };
 #endif
 struct	in6_prlist {
 	char ifname[IFNAMSIZ];
 	struct {
 		struct	in6_addr prefix;
 		struct prf_ra raflags;
 		u_char	prefixlen;
 		u_char	origin;
 		u_int32_t vltime;
 		u_int32_t pltime;
 		time_t expire;
 		u_short if_index;
 		u_short advrtrs; /* number of advertisement routers */
 		struct	in6_addr advrtr[DRLSTSIZ]; /* XXX: explicit limit */
 	} prefix[PRLSTSIZ];
 };
 struct in6_prefix {
 	struct	sockaddr_in6 prefix;
 	struct prf_ra raflags;
 	u_char	prefixlen;
 	u_char	origin;
 	u_int32_t vltime;
 	u_int32_t pltime;
 	time_t expire;
 	u_int32_t flags;
 	int refcnt;
 	u_short if_index;
 	u_short advrtrs; /* number of advertisement routers */
 	/* struct sockaddr_in6 advrtr[] */
 };
 #ifdef _KERNEL
 struct	in6_ondireq {
 	char ifname[IFNAMSIZ];
 	struct {
 		u_int32_t linkmtu;	/* LinkMTU */
 		u_int32_t maxmtu;	/* Upper bound of LinkMTU */
 		u_int32_t basereachable; /* BaseReachableTime */
 		u_int32_t reachable;	/* Reachable Time */
 		u_int32_t retrans;	/* Retrans Timer */
 		u_int32_t flags;	/* Flags */
 		int recalctm;		/* BaseReacable re-calculation timer */
 		u_int8_t chlim;		/* CurHopLimit */
 		u_int8_t receivedra;
 	} ndi;
 };
 #endif
 struct	in6_ndireq {
 	char ifname[IFNAMSIZ];
 	struct nd_ifinfo ndi;
 };
 struct	in6_ndifreq {
 	char ifname[IFNAMSIZ];
 	u_long ifindex;
 };
 /* Prefix status */
 #define NDPRF_ONLINK		0x1
 #define NDPRF_DETACHED		0x2
 #define NDPRF_HOME		0x4
 /* protocol constants */
 #define MAX_RTR_SOLICITATION_DELAY	1	/* 1sec */
 #define RTR_SOLICITATION_INTERVAL	4	/* 4sec */
 #define MAX_RTR_SOLICITATIONS		3
 #define ND6_INFINITE_LIFETIME		((u_int32_t)~0)
 #ifdef _KERNEL
 /* node constants */
 #define MAX_REACHABLE_TIME		3600000	/* msec */
 #define REACHABLE_TIME			30000	/* msec */
 #define RETRANS_TIMER			1000	/* msec */
 #define MIN_RANDOM_FACTOR		512	/* 1024 * 0.5 */
 #define MAX_RANDOM_FACTOR		1536	/* 1024 * 1.5 */
 #define DEF_TEMP_VALID_LIFETIME		604800	/* 1 week */
 #define DEF_TEMP_PREFERRED_LIFETIME	86400	/* 1 day */
 #define TEMPADDR_REGEN_ADVANCE		5	/* sec */
 #define MAX_TEMP_DESYNC_FACTOR		600	/* 10 min */
 #define ND_COMPUTE_RTIME(x) \
 		(((MIN_RANDOM_FACTOR * (x >> 10)) + (cprng_fast32() & \
 		((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000)
 TAILQ_HEAD(nd_drhead, nd_defrouter);
 struct	nd_defrouter {
 	TAILQ_ENTRY(nd_defrouter) dr_entry;
 	struct	in6_addr rtaddr;
 	u_char	flags;		/* flags on RA message */
 	u_short	rtlifetime;
 	u_long	expire;
 	struct  ifnet *ifp;
 	int	installed;	/* is installed into kernel routing table */
 };
 struct nd_prefixctl {
 	struct ifnet *ndprc_ifp;
 	/* prefix */
 	struct sockaddr_in6 ndprc_prefix;
 	u_char	ndprc_plen;
 	u_int32_t ndprc_vltime;	/* advertised valid lifetime */
 	u_int32_t ndprc_pltime;	/* advertised preferred lifetime */
 	struct prf_ra ndprc_flags;
 };
 #define ndprc_raf		ndprc_flags
 #define ndprc_raf_onlink	ndprc_flags.onlink
 #define ndprc_raf_auto		ndprc_flags.autonomous
 #define ndprc_raf_router	ndprc_flags.router
 struct nd_prefix {
 	struct ifnet *ndpr_ifp;
 	LIST_ENTRY(nd_prefix) ndpr_entry;
 	struct sockaddr_in6 ndpr_prefix;	/* prefix */
 	struct in6_addr ndpr_mask; /* netmask derived from the prefix */
 	u_int32_t ndpr_vltime;	/* advertised valid lifetime */
 	u_int32_t ndpr_pltime;	/* advertised preferred lifetime */
 	time_t ndpr_expire;	/* expiration time of the prefix */
 	time_t ndpr_preferred;	/* preferred time of the prefix */
 	time_t ndpr_lastupdate; /* reception time of last advertisement */
 	struct prf_ra ndpr_flags;
 	u_int32_t ndpr_stateflags; /* actual state flags */
 	/* list of routers that advertise the prefix: */
 	LIST_HEAD(pr_rtrhead, nd_pfxrouter) ndpr_advrtrs;
 	u_char	ndpr_plen;
 	int	ndpr_refcnt;	/* reference couter from addresses */
 };
 #define ndpr_next		ndpr_entry.le_next
 #define ndpr_raf		ndpr_flags
 #define ndpr_raf_onlink		ndpr_flags.onlink
 #define ndpr_raf_auto		ndpr_flags.autonomous
 #define ndpr_raf_router		ndpr_flags.router
 /*
  * Message format for use in obtaining information about prefixes
  * from inet6 sysctl function
  */
 struct inet6_ndpr_msghdr {
 	u_short	inpm_msglen;	/* to skip over non-understood messages */
 	u_char	inpm_version;	/* future binary compatibility */
 	u_char	inpm_type;	/* message type */
 	struct in6_addr inpm_prefix;
 	u_long	prm_vltim;
 	u_long	prm_pltime;
 	u_long	prm_expire;
 	u_long	prm_preferred;
 	struct in6_prflags prm_flags;
 	u_short	prm_index;	/* index for associated ifp */
 	u_char	prm_plen;	/* length of prefix in bits */
 };
 #define prm_raf_onlink		prm_flags.prf_ra.onlink
 #define prm_raf_auto		prm_flags.prf_ra.autonomous
 #define prm_statef_onlink	prm_flags.prf_state.onlink
 #define prm_rrf_decrvalid	prm_flags.prf_rr.decrvalid
 #define prm_rrf_decrprefd	prm_flags.prf_rr.decrprefd
 struct nd_pfxrouter {
 	LIST_ENTRY(nd_pfxrouter) pfr_entry;
 	struct nd_defrouter *router;
 };
 LIST_HEAD(nd_prhead, nd_prefix);
 #include <sys/mallocvar.h>
 MALLOC_DECLARE(M_IP6NDP);
 /* nd6.c */
 extern int nd6_prune;
 extern int nd6_delay;
 extern int nd6_umaxtries;
 extern int nd6_mmaxtries;
 extern int nd6_useloopback;
 extern int nd6_maxnudhint;
 extern int nd6_gctimer;
 extern struct nd_drhead nd_defrouter;
 extern struct nd_prhead nd_prefix;
 extern int nd6_debug;
 #define nd6log(x)	do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0)
 extern struct callout nd6_timer_ch;
 /* nd6_rtr.c */
 extern int nd6_defifindex;
 extern int ip6_desync_factor;	/* seconds */
 extern u_int32_t ip6_temp_preferred_lifetime; /* seconds */
 extern u_int32_t ip6_temp_valid_lifetime; /* seconds */
 extern int ip6_temp_regen_advance; /* seconds */
 extern int nd6_numroutes;
 union nd_opts {
 	struct nd_opt_hdr *nd_opt_array[8];
 	struct {
 		struct nd_opt_hdr *zero;
 		struct nd_opt_hdr *src_lladdr;
 		struct nd_opt_hdr *tgt_lladdr;
 		struct nd_opt_prefix_info *pi_beg; /* multiple opts, start */
 		struct nd_opt_rd_hdr *rh;
 		struct nd_opt_mtu *mtu;
 		struct nd_opt_hdr *search;	/* multiple opts */
 		struct nd_opt_hdr *last;	/* multiple opts */
 		int done;
 		struct nd_opt_prefix_info *pi_end;/* multiple opts, end */
 	} nd_opt_each;
 };
 #define nd_opts_src_lladdr	nd_opt_each.src_lladdr
 #define nd_opts_tgt_lladdr	nd_opt_each.tgt_lladdr
 #define nd_opts_pi		nd_opt_each.pi_beg
 #define nd_opts_pi_end		nd_opt_each.pi_end
 #define nd_opts_rh		nd_opt_each.rh
 #define nd_opts_mtu		nd_opt_each.mtu
 #define nd_opts_search		nd_opt_each.search
 #define nd_opts_last		nd_opt_each.last
 #define nd_opts_done		nd_opt_each.done
 #include <net/if_llatbl.h>
 /* XXX: need nd6_var.h?? */
 /* nd6.c */
 void nd6_init(void);
 struct nd_ifinfo *nd6_ifattach(struct ifnet *);
 void nd6_ifdetach(struct ifnet *, struct in6_ifextra *);
 int nd6_is_addr_neighbor(const struct sockaddr_in6 *, struct ifnet *);
 void nd6_option_init(void *, int, union nd_opts *);
 struct nd_opt_hdr *nd6_option(union nd_opts *);
 int nd6_options(union nd_opts *);
 struct	rtentry *nd6_lookup(const struct in6_addr *, int, struct ifnet *);
 void nd6_setmtu(struct ifnet *);
 void nd6_llinfo_settimer(struct llentry *, time_t);
 void nd6_llinfo_settimer_locked(struct llentry *, time_t);
 void nd6_timer(void *);
 void nd6_purge(struct ifnet *, struct in6_ifextra *);
 void nd6_nud_hint(struct rtentry *);
 int nd6_resolve(struct ifnet *, struct rtentry *,
 	struct mbuf *, struct sockaddr *, u_char *);
 void nd6_rtrequest(int, struct rtentry *, const struct rt_addrinfo *);
 int nd6_ioctl(u_long, void *, struct ifnet *);
 void nd6_cache_lladdr(struct ifnet *, struct in6_addr *,
 	char *, int, int, int);
 int nd6_output(struct ifnet *, struct ifnet *, struct mbuf *,
 	const struct sockaddr_in6 *, struct rtentry *);
 int nd6_storelladdr(const struct ifnet *, const struct rtentry *, struct mbuf *,
 	const struct sockaddr *, uint8_t *, size_t);
 int nd6_sysctl(int, void *, size_t *, void *, size_t);
 int nd6_need_cache(struct ifnet *);
 void nd6_llinfo_release_pkts(struct llentry *, struct ifnet *,
     struct rtentry *);
 /* nd6_nbr.c */
 void nd6_na_input(struct mbuf *, int, int);
 void nd6_na_output(struct ifnet *, const struct in6_addr *,
 	const struct in6_addr *, u_long, int, const struct sockaddr *);
 void nd6_ns_input(struct mbuf *, int, int);
 void nd6_ns_output(struct ifnet *, const struct in6_addr *,
 	const struct in6_addr *, struct in6_addr *, int);
 const void *nd6_ifptomac(const struct ifnet *);
 void nd6_dad_start(struct ifaddr *, int);
 void nd6_dad_stop(struct ifaddr *);
 void nd6_dad_duplicated(struct ifaddr *);
 /* nd6_rtr.c */
 void nd6_rs_input(struct mbuf *, int, int);
 void nd6_ra_input(struct mbuf *, int, int);
 void prelist_del(struct nd_prefix *);
 void defrouter_addreq(struct nd_defrouter *);
 void defrouter_reset(void);
 void defrouter_select(void);
 void defrtrlist_del(struct nd_defrouter *, struct in6_ifextra *);
 void prelist_remove(struct nd_prefix *);
 int nd6_prelist_add(struct nd_prefixctl *, struct nd_defrouter *,
 	struct nd_prefix **);
 int nd6_prefix_onlink(struct nd_prefix *);
 int nd6_prefix_offlink(struct nd_prefix *);
 void pfxlist_onlink_check(void);
 struct nd_defrouter *defrouter_lookup(const struct in6_addr *, struct ifnet *);
 struct nd_prefix *nd6_prefix_lookup(struct nd_prefixctl *);
 int in6_ifdel(struct ifnet *, struct in6_addr *);
 void rt6_flush(struct in6_addr *, struct ifnet *);
 int nd6_setdefaultiface(int);
 int in6_tmpifadd(const struct in6_ifaddr *, int, int);
 bool nd6_accepts_rtadv(const struct nd_ifinfo *);
 #endif /* _KERNEL */
 #endif /* !_NETINET6_ND6_H_ */