[PATCH] make TLLAO option for NA packets configurable

[PATCH] make TLLAO option for NA packets configurable

[Cosmin Ratiu]

Hello,

This is a patch that adds a sysctl to control the sending of the Target Link 
Layer Address Option (TLLAO) with Neighbor Advertisements responding to 
unicast NS. The patch was made for kernel 2.6.7 (yes it is ancient), but the 
code is similar with the current kernel and I can rework it if you want it in.

RFC 2461, page 24 suggests that this option should be included with NAs to 
avoid a race with the sender clearing its cache after sending an unicast NS, 
but before receiving a NA.

It seems there are some Juniper routers (MX series) that expect this option to 
be included with all NAs.

Another solution is to always send this option, as it has little overhead.

Please let me know what you think,
Cosmin.

Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
--- //packages/linux_2.6.7/main/src/include/linux/sysctl.h
+++ /home/z/w1/packages/linux_2.6.7/main/src/include/linux/sysctl.h
@@ -444,6 +444,7 @@                                                
        NET_IPV6_IP6FRAG_TIME=23,                                  
        NET_IPV6_IP6FRAG_SECRET_INTERVAL=24,                       
        NET_IPV6_MLD_MAX_MSF=25,                                   
+       NET_IPV6_NDISC_FORCE_TLLAO=26,                             
 };                                                                
                                                                   
 enum {                                                            
--- //packages/linux_2.6.7/main/src/include/net/ipv6.h             
+++ /home/z/w1/packages/linux_2.6.7/main/src/include/net/ipv6.h
@@ -479,6 +479,7 @@
 extern int sysctl_ip6frag_low_thresh;
 extern int sysctl_ip6frag_time;
 extern int sysctl_ip6frag_secret_interval;
+extern int sysctl_ndisc_force_tllao;

 #endif /* __KERNEL__ */
 #endif /* _NET_IPV6_H */
--- //packages/linux_2.6.7/main/src/net/ipv6/ndisc.c
+++ /home/z/w1/packages/linux_2.6.7/main/src/net/ipv6/ndisc.c
@@ -169,6 +169,8 @@

 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)

+int sysctl_ndisc_force_tllao;
+
 static u8 *ndisc_fill_option(u8 *opt, int type, void *data, int data_len)
 {
        int space = NDISC_OPT_SPACE(data_len);
@@ -399,6 +401,9 @@
                return;
        }

+       if (sysctl_ndisc_force_tllao)
+               inc_opt = 1;
+
        if (inc_opt) {
                if (dev->addr_len)
                        len += NDISC_OPT_SPACE(dev->addr_len);
--- //packages/linux_2.6.7/main/src/net/ipv6/sysctl_net_ipv6.c
+++ /home/z/w1/packages/linux_2.6.7/main/src/net/ipv6/sysctl_net_ipv6.c
@@ -84,6 +84,14 @@
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
+       {
+               .ctl_name       = NET_IPV6_NDISC_FORCE_TLLAO,
+               .procname       = "ndisc_force_tllao",
+               .data           = &sysctl_ndisc_force_tllao,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec,
+       },
        { .ctl_name = 0 }
 };

Re: [PATCH] make TLLAO option for NA packets configurable

[Stephen Hemminger]

On Thu, 1 Oct 2009 19:16:40 +0300
Cosmin Ratiu <cratiu@ixiacom.com> wrote:

> Hello,
> 
> This is a patch that adds a sysctl to control the sending of the Target Link 
> Layer Address Option (TLLAO) with Neighbor Advertisements responding to 
> unicast NS. The patch was made for kernel 2.6.7 (yes it is ancient), but the 
> code is similar with the current kernel and I can rework it if you want it in.
> 
> RFC 2461, page 24 suggests that this option should be included with NAs to 
> avoid a race with the sender clearing its cache after sending an unicast NS, 
> but before receiving a NA.
> 
> It seems there are some Juniper routers (MX series) that expect this option to 
> be included with all NAs.
> 
> Another solution is to always send this option, as it has little overhead.
> 
> Please let me know what you think,
> Cosmin.
> 
> Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
> --- //packages/linux_2.6.7/main/src/include/linux/sysctl.h
> +++ /home/z/w1/packages/linux_2.6.7/main/src/include/linux/sysctl.h
> @@ -444,6 +444,7 @@                                                
>         NET_IPV6_IP6FRAG_TIME=23,                                  
>         NET_IPV6_IP6FRAG_SECRET_INTERVAL=24,                       
>         NET_IPV6_MLD_MAX_MSF=25,                                   
> +       NET_IPV6_NDISC_FORCE_TLLAO=26,                             

Since numbered sysctl values are deprecated, can you use CTL_UNNUMBERED
to avoid having to add yet another value?

Re: [PATCH] make TLLAO option for NA packets configurable

[Cosmin Ratiu]

On Thursday 01 October 2009 19:21:00 Stephen Hemminger wrote:
> On Thu, 1 Oct 2009 19:16:40 +0300
>
> Cosmin Ratiu <cratiu@ixiacom.com> wrote:
> > Hello,
> >
> > This is a patch that adds a sysctl to control the sending of the Target
> > Link Layer Address Option (TLLAO) with Neighbor Advertisements responding
> > to unicast NS. The patch was made for kernel 2.6.7 (yes it is ancient),
> > but the code is similar with the current kernel and I can rework it if
> > you want it in.
> >
> > RFC 2461, page 24 suggests that this option should be included with NAs
> > to avoid a race with the sender clearing its cache after sending an
> > unicast NS, but before receiving a NA.
> >
> > It seems there are some Juniper routers (MX series) that expect this
> > option to be included with all NAs.
> >
> > Another solution is to always send this option, as it has little
> > overhead.
> >
> > Please let me know what you think,
> > Cosmin.
> >
> > Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
> > --- //packages/linux_2.6.7/main/src/include/linux/sysctl.h
> > +++ /home/z/w1/packages/linux_2.6.7/main/src/include/linux/sysctl.h
> > @@ -444,6 +444,7 @@
> >         NET_IPV6_IP6FRAG_TIME=23,
> >         NET_IPV6_IP6FRAG_SECRET_INTERVAL=24,
> >         NET_IPV6_MLD_MAX_MSF=25,
> > +       NET_IPV6_NDISC_FORCE_TLLAO=26,
>
> Since numbered sysctl values are deprecated, can you use CTL_UNNUMBERED
> to avoid having to add yet another value?

Of course, but that is a detail.
If you decide on the sysctl solution, I'll do it.
If you decide on making this the default behavior, it's even better.

Cosmin.

Re: [PATCH] make TLLAO option for NA packets configurable

[David Miller]

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Thu, 1 Oct 2009 09:21:00 -0700

>> Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
>> --- //packages/linux_2.6.7/main/src/include/linux/sysctl.h
>> +++ /home/z/w1/packages/linux_2.6.7/main/src/include/linux/sysctl.h
>> @@ -444,6 +444,7 @@                                                
>>         NET_IPV6_IP6FRAG_TIME=23,                                  
>>         NET_IPV6_IP6FRAG_SECRET_INTERVAL=24,                       
>>         NET_IPV6_MLD_MAX_MSF=25,                                   
>> +       NET_IPV6_NDISC_FORCE_TLLAO=26,                             
> 
> Since numbered sysctl values are deprecated, can you use CTL_UNNUMBERED
> to avoid having to add yet another value?

Using CLT_UNNUMBERED is a must these days.

Also, please fix the prefixing of the paths in your patch.
See Documentation/SubmittingPatches in the kernel tree.

Re: [PATCH] make TLLAO option for NA packets configurable

[Cosmin Ratiu]

[-- Attachment #1: Type: text/plain, Size: 409 bytes --]

On Thursday 01 October 2009 19:43:56 David Miller wrote:
> Using CLT_UNNUMBERED is a must these days.
>
> Also, please fix the prefixing of the paths in your patch.
> See Documentation/SubmittingPatches in the kernel tree.

Here is the new variant. Please let me know what you think.

And I apologize for using [PATCH] instead of [RFC] in the subject, I don't 
know much about netdev protocol (yet).

Cosmin.

[-- Attachment #2: 0001-ipv6-new-sysctl-for-sending-TLLAO-with-NAs.patch --]
[-- Type: text/x-patch, Size: 2274 bytes --]

From 1911a98df800cedf4c3a63b897163e2935c5f602 Mon Sep 17 00:00:00 2001
From: Cosmin Ratiu <cratiu@ixiacom.com>
Date: Thu, 1 Oct 2009 20:27:39 +0300
Subject: [PATCH] ipv6: new sysctl for sending TLLAO with NAs

Neighbor advertisements responding to unicast Neighbor Solicitations did
not include the TLLAO option. This patch makes this configurable via
/proc/sys/net/ipv6/ndisc_force_tllao, which by default is off.

The need for this arose because certain routers expect the TLLAO in some
situations even as a response to unicast NS packets.

Moreover, RFC 2461 recommends on page 24 sending this to avoid a race.

Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
---
 include/net/netns/ipv6.h   |    1 +
 net/ipv6/ndisc.c           |    1 +
 net/ipv6/sysctl_net_ipv6.c |    8 ++++++++
 3 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index dfeb2d7..dd0a95b 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -16,6 +16,7 @@ struct netns_sysctl_ipv6 {
 	struct ctl_table_header *frags_hdr;
 #endif
 	int bindv6only;
+	int ndisc_force_tllao;
 	int flush_delay;
 	int ip6_rt_max_size;
 	int ip6_rt_gc_min_interval;
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index f74e4e2..f08cf65 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -598,6 +598,7 @@ static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 	icmp6h.icmp6_solicited = solicited;
 	icmp6h.icmp6_override = override;
 
+	inc_opt |= dev_net(dev)->ipv6.sysctl.ndisc_force_tllao;
 	__ndisc_send(dev, neigh, daddr, src_addr,
 		     &icmp6h, solicited_addr,
 		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 0dc6a4e..fb423ce 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -37,6 +37,14 @@ static ctl_table ipv6_table_template[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec
 	},
+	{
+		.ctl_name	= CTL_UNNUMBERED,
+		.procname	= "ndisc_force_tllao",
+		.data		= &init_net.ipv6.sysctl.ndisc_force_tllao,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec
+	},
 	{ .ctl_name = 0 }
 };
 
-- 
1.6.3.3

Re: [PATCH] make TLLAO option for NA packets configurable

[Stephen Hemminger]

On Thu, 1 Oct 2009 21:08:40 +0300
Cosmin Ratiu <cratiu@ixiacom.com> wrote:

> On Thursday 01 October 2009 19:43:56 David Miller wrote:
> > Using CLT_UNNUMBERED is a must these days.
> >
> > Also, please fix the prefixing of the paths in your patch.
> > See Documentation/SubmittingPatches in the kernel tree.
> 
> Here is the new variant. Please let me know what you think.
> 
> And I apologize for using [PATCH] instead of [RFC] in the subject, I don't 
> know much about netdev protocol (yet).
> 
> Cosmin.

Probably this should be a per interface property rather than per namespace.

Re: [PATCH] make TLLAO option for NA packets configurable

[Octavian Purdila]

On Thursday 01 October 2009 21:14:50 you wrote:
> 
> Probably this should be a per interface property rather than per namespace.

In our case, where we have lots of interfaces active, it would be nice to have 
the per namespace property as well.

But, as Cosmin suggested, perhaps it would be better to just send this options 
by default? (its a RFC SHOULD after all...)

Thanks,
tavi
 

Re: [PATCH] make TLLAO option for NA packets configurable

[Stephen Hemminger]

On Thu, 1 Oct 2009 21:39:32 +0300
Octavian Purdila <opurdila@ixiacom.com> wrote:

> On Thursday 01 October 2009 21:14:50 you wrote:
> > 
> > Probably this should be a per interface property rather than per namespace.
> 
> In our case, where we have lots of interfaces active, it would be nice to have 
> the per namespace property as well.

The ipv6 control infrastructure already has that option. If you changed your
patch to use a per-interface control then there would be:

  /proc/sys/net/ipv6/conf/all/force_tllao

Re: [PATCH] make TLLAO option for NA packets configurable

[David Miller]

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Thu, 1 Oct 2009 11:56:11 -0700

> On Thu, 1 Oct 2009 21:39:32 +0300
> Octavian Purdila <opurdila@ixiacom.com> wrote:
> 
>> On Thursday 01 October 2009 21:14:50 you wrote:
>> > 
>> > Probably this should be a per interface property rather than per namespace.
>> 
>> In our case, where we have lots of interfaces active, it would be nice to have 
>> the per namespace property as well.
> 
> The ipv6 control infrastructure already has that option. If you changed your
> patch to use a per-interface control then there would be:
> 
>   /proc/sys/net/ipv6/conf/all/force_tllao

Right, this would work a lot better.

Re: [PATCH] make TLLAO option for NA packets configurable

[Octavian Purdila]

[-- Attachment #1: Type: Text/Plain, Size: 835 bytes --]

On Thursday 01 October 2009 22:37:40 you wrote:
> From: Stephen Hemminger <shemminger@vyatta.com>
> Date: Thu, 1 Oct 2009 11:56:11 -0700
> 
> > On Thu, 1 Oct 2009 21:39:32 +0300
> >
> > Octavian Purdila <opurdila@ixiacom.com> wrote:
> >> On Thursday 01 October 2009 21:14:50 you wrote:
> >> > Probably this should be a per interface property rather than per
> >> > namespace.
> >>
> >> In our case, where we have lots of interfaces active, it would be nice
> >> to have the per namespace property as well.
> >
> > The ipv6 control infrastructure already has that option. If you changed
> > your patch to use a per-interface control then there would be:
> >
> >   /proc/sys/net/ipv6/conf/all/force_tllao
> 
> Right, this would work a lot better.
> 

Here is v3 which also updates Documentation/networking/ip-sysctl.txt.

Thanks,
tavi



[-- Attachment #2: 0001-ipv6-new-sysctl-for-sending-TLLAO-with-unicast-NAs.patch --]
[-- Type: text/x-patch, Size: 3868 bytes --]

From fa7fcaca49da1a34ada7b4d3e0e2046148ffa337 Mon Sep 17 00:00:00 2001
From: Octavian Purdila <opurdila@ixiacom.com>
Date: Fri, 2 Oct 2009 00:51:15 +0300
Subject: [PATCH] ipv6: new sysctl for sending TLLAO with unicast NAs

Neighbor advertisements responding to unicast neighbor solicitations
did not include the target link-layer address option. This patch adds
a new sysctl option (disabled by default) which controls whether this
option should be sent even with unicast NAs.

The need for this arose because certain routers expect the TLLAO in
some situations even as a response to unicast NS packets.

Moreover, RFC 2461 recommends sending this to avoid a race condition
(section 4.4, Target link-layer address)

Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
---
 Documentation/networking/ip-sysctl.txt |   18 ++++++++++++++++++
 include/linux/ipv6.h                   |    1 +
 net/ipv6/addrconf.c                    |    8 ++++++++
 net/ipv6/ndisc.c                       |    1 +
 4 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index fbe427a..301e19e 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1086,6 +1086,24 @@ accept_dad - INTEGER
 	2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
 	   link-local address has been found.
 
+ndisc_force_tllao - BOOLEAN
+	Enable sending the target link-layer address option even when
+	responding to a unicast neighbor solicitation.
+	Default: FALSE
+
+	Quoting from RFC 2461, section 4.4, Target link-layer address:
+
+	"The option MUST be included for multicast solicitations in order to
+	avoid infinite Neighbor Solicitation "recursion" when the peer node
+	does not have a cache entry to return a Neighbor Advertisements
+	message.  When responding to unicast solicitations, the option can be
+	omitted since the sender of the solicitation has the correct link-
+	layer address; otherwise it would not have be able to send the unicast
+	solicitation in the first place. However, including the link-layer
+	address in this case adds little overhead and eliminates a potential
+	race condition where the sender deletes the cached link-layer address
+	prior to receiving a response to a previous solicitation."
+
 icmp/*:
 ratelimit - INTEGER
 	Limit the maximal rates for sending ICMPv6 packets.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index c662efa..3d7b2ca 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -167,6 +167,7 @@ struct ipv6_devconf {
 #endif
 	__s32		disable_ipv6;
 	__s32		accept_dad;
+	__s32		ndisc_force_tllao;
 	void		*sysctl;
 };
 
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 1fd0a3d..ffa4747 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4353,6 +4353,14 @@ static struct addrconf_sysctl_table
 			.proc_handler	=	proc_dointvec,
 		},
 		{
+			.ctl_name       = CTL_UNNUMBERED,
+			.procname       = "ndisc_force_tllao",
+			.data           = &ipv6_devconf.ndisc_force_tllao,
+			.maxlen         = sizeof(int),
+			.mode           = 0644,
+			.proc_handler   = proc_dointvec
+		},
+		{
 			.ctl_name	=	0,	/* sentinel */
 		}
 	},
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index f74e4e2..27af229 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -598,6 +598,7 @@ static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 	icmp6h.icmp6_solicited = solicited;
 	icmp6h.icmp6_override = override;
 
+	inc_opt |= ifp->idev->cnf.ndisc_force_tllao;
 	__ndisc_send(dev, neigh, daddr, src_addr,
 		     &icmp6h, solicited_addr,
 		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
-- 
1.5.6.5

Re: [PATCH] make TLLAO option for NA packets configurable

[Stephen Hemminger]

On Fri, 2 Oct 2009 01:19:47 +0300
Octavian Purdila <opurdila@ixiacom.com> wrote:

> On Thursday 01 October 2009 22:37:40 you wrote:
> > From: Stephen Hemminger <shemminger@vyatta.com>
> > Date: Thu, 1 Oct 2009 11:56:11 -0700
> > 
> > > On Thu, 1 Oct 2009 21:39:32 +0300
> > >
> > > Octavian Purdila <opurdila@ixiacom.com> wrote:
> > >> On Thursday 01 October 2009 21:14:50 you wrote:
> > >> > Probably this should be a per interface property rather than per
> > >> > namespace.
> > >>
> > >> In our case, where we have lots of interfaces active, it would be nice
> > >> to have the per namespace property as well.
> > >
> > > The ipv6 control infrastructure already has that option. If you changed
> > > your patch to use a per-interface control then there would be:
> > >
> > >   /proc/sys/net/ipv6/conf/all/force_tllao
> > 
> > Right, this would work a lot better.
> > 
> 
> Here is v3 which also updates Documentation/networking/ip-sysctl.txt.
> 
> Thanks,
> tavi
> 
> 

This is good although I would have shortened the name.


-- 

Re: [PATCH] make TLLAO option for NA packets configurable

[Octavian Purdila]

[-- Attachment #1: Type: text/plain, Size: 157 bytes --]

On Friday 02 October 2009 20:53:51 you wrote:

> This is good although I would have shortened the name.

Ah, I knew I forgot something :) Here is v4. 

tavi

[-- Attachment #2: 0001-ipv6-new-sysctl-for-sending-TLLAO-with-unicast-NAs.patch --]
[-- Type: text/x-patch, Size: 3838 bytes --]

From 24d96d825b9fa832b22878cc6c990d5711968734 Mon Sep 17 00:00:00 2001
From: Octavian Purdila <opurdila@ixiacom.com>
Date: Fri, 2 Oct 2009 00:51:15 +0300
Subject: [PATCH] ipv6: new sysctl for sending TLLAO with unicast NAs

Neighbor advertisements responding to unicast neighbor solicitations
did not include the target link-layer address option. This patch adds
a new sysctl option (disabled by default) which controls whether this
option should be sent even with unicast NAs.

The need for this arose because certain routers expect the TLLAO in
some situations even as a response to unicast NS packets.

Moreover, RFC 2461 recommends sending this to avoid a race condition
(section 4.4, Target link-layer address)

Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
---
 Documentation/networking/ip-sysctl.txt |   18 ++++++++++++++++++
 include/linux/ipv6.h                   |    1 +
 net/ipv6/addrconf.c                    |    8 ++++++++
 net/ipv6/ndisc.c                       |    1 +
 4 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index fbe427a..a0e134d 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1086,6 +1086,24 @@ accept_dad - INTEGER
 	2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
 	   link-local address has been found.
 
+force_tllao - BOOLEAN
+	Enable sending the target link-layer address option even when
+	responding to a unicast neighbor solicitation.
+	Default: FALSE
+
+	Quoting from RFC 2461, section 4.4, Target link-layer address:
+
+	"The option MUST be included for multicast solicitations in order to
+	avoid infinite Neighbor Solicitation "recursion" when the peer node
+	does not have a cache entry to return a Neighbor Advertisements
+	message.  When responding to unicast solicitations, the option can be
+	omitted since the sender of the solicitation has the correct link-
+	layer address; otherwise it would not have be able to send the unicast
+	solicitation in the first place. However, including the link-layer
+	address in this case adds little overhead and eliminates a potential
+	race condition where the sender deletes the cached link-layer address
+	prior to receiving a response to a previous solicitation."
+
 icmp/*:
 ratelimit - INTEGER
 	Limit the maximal rates for sending ICMPv6 packets.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index c662efa..ae74ede 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -167,6 +167,7 @@ struct ipv6_devconf {
 #endif
 	__s32		disable_ipv6;
 	__s32		accept_dad;
+	__s32		force_tllao;
 	void		*sysctl;
 };
 
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 1fd0a3d..bdcee69 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4353,6 +4353,14 @@ static struct addrconf_sysctl_table
 			.proc_handler	=	proc_dointvec,
 		},
 		{
+			.ctl_name       = CTL_UNNUMBERED,
+			.procname       = "force_tllao",
+			.data           = &ipv6_devconf.force_tllao,
+			.maxlen         = sizeof(int),
+			.mode           = 0644,
+			.proc_handler   = proc_dointvec
+		},
+		{
 			.ctl_name	=	0,	/* sentinel */
 		}
 	},
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index f74e4e2..3507cfe 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -598,6 +598,7 @@ static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 	icmp6h.icmp6_solicited = solicited;
 	icmp6h.icmp6_override = override;
 
+	inc_opt |= ifp->idev->cnf.force_tllao;
 	__ndisc_send(dev, neigh, daddr, src_addr,
 		     &icmp6h, solicited_addr,
 		     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
-- 
1.5.6.5

Re: [PATCH] make TLLAO option for NA packets configurable

[David Miller]

From: Octavian Purdila <opurdila@ixiacom.com>
Date: Sat, 3 Oct 2009 00:39:15 +0300

> Subject: [PATCH] ipv6: new sysctl for sending TLLAO with unicast NAs
> 
> Neighbor advertisements responding to unicast neighbor solicitations
> did not include the target link-layer address option. This patch adds
> a new sysctl option (disabled by default) which controls whether this
> option should be sent even with unicast NAs.
> 
> The need for this arose because certain routers expect the TLLAO in
> some situations even as a response to unicast NS packets.
> 
> Moreover, RFC 2461 recommends sending this to avoid a race condition
> (section 4.4, Target link-layer address)
> 
> Signed-off-by: Cosmin Ratiu <cratiu@ixiacom.com>
> Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>

Applied, thanks!