[ipv6] Replace IPv6 stack

Replace the existing partially-implemented IPv6 stack with a fresh
implementation.

This implementation is not yet complete.  The IPv6 transmit and
receive datapaths are functional (including fragment reassembly and
parsing of arbitrary extension headers).  NDP neighbour solicitations
and advertisements are supported.  ICMPv6 echo is supported.

At present, only link-local addresses may be used, and there is no way
to specify an IPv6 address as part of a URI (either directly or via
a DNS lookup).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

4 files changed, 1097 insertions, 480 deletions

diff --git a/src/net/icmpv6.c b/src/net/icmpv6.c
index 7242380..54426be 100644
--- a/src/net/icmpv6.c
+++ b/src/net/icmpv6.c
@@ -1,126 +1,172 @@
-#include <stdint.h>
+/*
+ * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
 #include <string.h>
-#include <byteswap.h>
 #include <errno.h>
+#include <byteswap.h>
 #include <ipxe/in.h>
-#include <ipxe/ip6.h>
-#include <ipxe/if_ether.h>
 #include <ipxe/iobuf.h>
-#include <ipxe/ndp.h>
-#include <ipxe/icmp6.h>
 #include <ipxe/tcpip.h>
-#include <ipxe/netdevice.h>
+#include <ipxe/icmpv6.h>
+
+/** @file
+ *
+ * ICMPv6 protocol
+ *
+ */
 
 /**
- * Send neighbour solicitation packet
+ * Process received ICMPv6 echo request packet
  *
- * @v netdev	Network device
- * @v src	Source address
- * @v dest	Destination address
+ * @v iobuf		I/O buffer
+ * @v netdev		Network device
+ * @v sin6_src		Source socket address
+ * @v sin6_dest		Destination socket address
+ * @ret rc		Return status code
+ */
+static int icmpv6_rx_echo ( struct io_buffer *iobuf,
+			    struct net_device *netdev,
+			    struct sockaddr_in6 *sin6_src,
+			    struct sockaddr_in6 *sin6_dest __unused ) {
+	struct sockaddr_tcpip *st_src =
+		( ( struct sockaddr_tcpip * ) sin6_src );
+	struct icmpv6_echo *echo = iobuf->data;
+	size_t len = iob_len ( iobuf );
+	int rc;
+
+	/* Sanity check */
+	if ( iob_len ( iobuf ) < sizeof ( *echo ) ) {
+		DBGC ( netdev, "ICMPv6 echo request too short at %zd bytes "
+		       "(min %zd bytes)\n", iob_len ( iobuf ),
+		       sizeof ( *echo ) );
+		rc = -EINVAL;
+		goto done;
+	}
+	DBGC ( netdev, "ICMPv6 echo request from %s (id %#04x seq %#04x)\n",
+	       inet6_ntoa ( &sin6_dest->sin6_addr ), ntohs ( echo->ident ),
+	       ntohs ( echo->sequence ) );
+
+	/* Convert echo request to echo reply and recalculate checksum */
+	echo->icmp.type = ICMPV6_ECHO_REPLY;
+	echo->icmp.chksum = 0;
+	echo->icmp.chksum = tcpip_chksum ( echo, len );
+
+	/* Transmit echo reply */
+	if ( ( rc = tcpip_tx ( iob_disown ( iobuf ), &icmpv6_protocol, NULL,
+			       st_src, netdev, &echo->icmp.chksum ) ) != 0 ) {
+		DBGC ( netdev, "ICMPv6 could not transmit reply: %s\n",
+		       strerror ( rc ) );
+		goto done;
+	}
+
+ done:
+	free_iob ( iobuf );
+	return rc;
+}
+
+/** ICMPv6 echo request handlers */
+struct icmpv6_handler icmpv6_echo_handler __icmpv6_handler = {
+	.type = ICMPV6_ECHO_REQUEST,
+	.rx = icmpv6_rx_echo,
+};
+
+/**
+ * Identify ICMPv6 handler
  *
- * This function prepares a neighbour solicitation packet and sends it to the
- * network layer.
+ * @v type		ICMPv6 type
+ * @ret handler		ICMPv6 handler, or NULL if not found
  */
-int icmp6_send_solicit ( struct net_device *netdev, struct in6_addr *src __unused,
-			 struct in6_addr *dest ) {
-	union {
-		struct sockaddr_in6 sin6;
-		struct sockaddr_tcpip st;
-	} st_dest;
-	struct ll_protocol *ll_protocol = netdev->ll_protocol;
-	struct neighbour_solicit *nsolicit;
-	struct io_buffer *iobuf = alloc_iob ( sizeof ( *nsolicit ) + MIN_IOB_LEN );
-	iob_reserve ( iobuf, MAX_HDR_LEN );
-	nsolicit = iob_put ( iobuf, sizeof ( *nsolicit ) );
-
-	/* Fill up the headers */
-	memset ( nsolicit, 0, sizeof ( *nsolicit ) );
-	nsolicit->type = ICMP6_NSOLICIT;
-	nsolicit->code = 0;
-	nsolicit->target = *dest;
-	nsolicit->opt_type = 1;
-	nsolicit->opt_len = ( 2 + ll_protocol->ll_addr_len ) / 8;
-	memcpy ( nsolicit->opt_ll_addr, netdev->ll_addr,
-				netdev->ll_protocol->ll_addr_len );
-	/* Partial checksum */
-	nsolicit->csum = 0;
-	nsolicit->csum = tcpip_chksum ( nsolicit, sizeof ( *nsolicit ) );
-
-	/* Solicited multicast address */
-	st_dest.sin6.sin6_family = AF_INET6;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr8[0] = 0xff;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr8[2] = 0x02;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr16[1] = 0x0000;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr32[1] = 0x00000000;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr16[4] = 0x0000;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr16[5] = 0x0001;
-	st_dest.sin6.sin6_addr.in6_u.u6_addr32[3] = dest->in6_u.u6_addr32[3];
-	st_dest.sin6.sin6_addr.in6_u.u6_addr8[13] = 0xff;
-	
-	/* Send packet over IP6 */
-	return tcpip_tx ( iobuf, &icmp6_protocol, NULL, &st_dest.st,
-			  NULL, &nsolicit->csum );
+static struct icmpv6_handler * icmpv6_handler ( unsigned int type ) {
+	struct icmpv6_handler *handler;
+
+	for_each_table_entry ( handler, ICMPV6_HANDLERS ) {
+		if ( handler->type == type )
+			return handler;
+	}
+	return NULL;
 }
 
 /**
- * Process ICMP6 headers
+ * Process a received packet
  *
- * @v iobuf	I/O buffer
- * @v st_src	Source address
- * @v st_dest	Destination address
+ * @v iobuf		I/O buffer
+ * @v netdev		Network device
+ * @v st_src		Partially-filled source address
+ * @v st_dest		Partially-filled destination address
+ * @v pshdr_csum	Pseudo-header checksum
+ * @ret rc		Return status code
  */
-static int icmp6_rx ( struct io_buffer *iobuf, struct net_device *netdev __unused, struct sockaddr_tcpip *st_src,
-		      struct sockaddr_tcpip *st_dest, __unused uint16_t pshdr_csum ) {
-	struct icmp6_header *icmp6hdr = iobuf->data;
+static int icmpv6_rx ( struct io_buffer *iobuf, struct net_device *netdev,
+		       struct sockaddr_tcpip *st_src,
+		       struct sockaddr_tcpip *st_dest, uint16_t pshdr_csum ) {
+	struct sockaddr_in6 *sin6_src = ( ( struct sockaddr_in6 * ) st_src );
+	struct sockaddr_in6 *sin6_dest = ( ( struct sockaddr_in6 * ) st_dest );
+	struct icmpv6_header *icmp = iobuf->data;
+	size_t len = iob_len ( iobuf );
+	struct icmpv6_handler *handler;
+	unsigned int csum;
+	int rc;
 
 	/* Sanity check */
-	if ( iob_len ( iobuf ) < sizeof ( *icmp6hdr ) ) {
-		DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) );
-		free_iob ( iobuf );
-		return -EINVAL;
+	if ( len < sizeof ( *icmp ) ) {
+		DBGC ( netdev, "ICMPv6 packet too short at %zd bytes (min %zd "
+		       "bytes)\n", len, sizeof ( *icmp ) );
+		rc = -EINVAL;
+		goto done;
 	}
 
-	/* TODO: Verify checksum */
+	/* Verify checksum */
+	csum = tcpip_continue_chksum ( pshdr_csum, icmp, len );
+	if ( csum != 0 ) {
+		DBGC ( netdev, "ICMPv6 checksum incorrect (is %04x, should be "
+		       "0000)\n", csum );
+		DBGC_HDA ( netdev, 0, icmp, len );
+		rc = -EINVAL;
+		goto done;
+	}
 
-	/* Process the ICMP header */
-	switch ( icmp6hdr->type ) {
-	case ICMP6_NADVERT:
-		return ndp_process_advert ( iobuf, st_src, st_dest );
+	/* Identify handler */
+	handler = icmpv6_handler ( icmp->type );
+	if ( ! handler ) {
+		DBGC ( netdev, "ICMPv6 unrecognised type %d\n", icmp->type );
+		rc = -ENOTSUP;
+		goto done;
+	}
+
+	/* Pass to handler */
+	if ( ( rc = handler->rx ( iob_disown ( iobuf ), netdev, sin6_src,
+				  sin6_dest ) ) != 0 ) {
+		DBGC ( netdev, "ICMPv6 could not handle type %d: %s\n",
+		       icmp->type, strerror ( rc ) );
+		goto done;
 	}
-	return -ENOSYS;
-}
 
-#if 0
-void icmp6_test_nadvert (struct net_device *netdev, struct sockaddr_in6 *server_p, char *ll_addr) {
-
-		struct sockaddr_in6 server;
-		memcpy ( &server, server_p, sizeof ( server ) );
-                struct io_buffer *rxiobuf = alloc_iob ( 500 );
-                iob_reserve ( rxiobuf, MAX_HDR_LEN );
-                struct neighbour_advert *nadvert = iob_put ( rxiobuf, sizeof ( *nadvert ) );
-                nadvert->type = 136;
-                nadvert->code = 0;
-                nadvert->flags = ICMP6_FLAGS_SOLICITED;
-		nadvert->csum = 0xffff;
-		nadvert->target = server.sin6_addr;
-                nadvert->opt_type = 2;
-                nadvert->opt_len = 1;
-                memcpy ( nadvert->opt_ll_addr, ll_addr, 6 );
-                struct ip6_header *ip6hdr = iob_push ( rxiobuf, sizeof ( *ip6hdr ) );
-                ip6hdr->ver_traffic_class_flow_label = htonl ( 0x60000000 );
-		ip6hdr->hop_limit = 255;
-		ip6hdr->nxt_hdr = 58;
-		ip6hdr->payload_len = htons ( sizeof ( *nadvert ) );
-                ip6hdr->src = server.sin6_addr;
-                ip6hdr->dest = server.sin6_addr;
-		hex_dump ( rxiobuf->data, iob_len ( rxiobuf ) );
-                net_rx ( rxiobuf, netdev, htons ( ETH_P_IPV6 ), ll_addr );
+ done:
+	free_iob ( iobuf );
+	return rc;
 }
-#endif
 
-/** ICMP6 protocol */
-struct tcpip_protocol icmp6_protocol __tcpip_protocol = {
-	.name = "ICMP6",
-	.rx = icmp6_rx,
-	.tcpip_proto = IP_ICMP6, // 58
+/** ICMPv6 TCP/IP protocol */
+struct tcpip_protocol icmpv6_protocol __tcpip_protocol = {
+	.name = "ICMPv6",
+	.rx = icmpv6_rx,
+	.tcpip_proto = IP_ICMP6,
 };
diff --git a/src/net/ipv4.c b/src/net/ipv4.c
index bd31880..46f774e 100644
--- a/src/net/ipv4.c
+++ b/src/net/ipv4.c
@@ -290,7 +290,7 @@ static int ipv4_tx ( struct io_buffer *iobuf,
 			DBGC ( sin_dest->sin_addr, "IPv4 could not hash "
 			       "multicast %s: %s\n",
 			       inet_ntoa ( next_hop ), strerror ( rc ) );
-			return rc;
+			goto err;
 		}
 		ll_dest = ll_dest_buf;
 	} else {
diff --git a/src/net/ipv6.c b/src/net/ipv6.c
index 077118d..69feba1 100644
--- a/src/net/ipv6.c
+++ b/src/net/ipv6.c
@@ -1,76 +1,162 @@
-#include <errno.h>
+/*
+ * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
 #include <stdint.h>
-#include <string.h>
-#include <stdlib.h>
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
 #include <byteswap.h>
-#include <ipxe/in.h>
-#include <ipxe/ip6.h>
-#include <ipxe/ndp.h>
-#include <ipxe/list.h>
-#include <ipxe/icmp6.h>
-#include <ipxe/tcpip.h>
-#include <ipxe/socket.h>
 #include <ipxe/iobuf.h>
-#include <ipxe/netdevice.h>
+#include <ipxe/tcpip.h>
 #include <ipxe/if_ether.h>
+#include <ipxe/crc32.h>
+#include <ipxe/fragment.h>
+#include <ipxe/ndp.h>
+#include <ipxe/ipv6.h>
 
-/* Unspecified IP6 address */
-static struct in6_addr ip6_none = {
-        .in6_u.u6_addr32 = { 0,0,0,0 }
-};
+/** @file
+ *
+ * IPv6 protocol
+ *
+ */
 
-/** An IPv6 routing table entry */
-struct ipv6_miniroute {
-	/* List of miniroutes */
-	struct list_head list;
+/* Disambiguate the various error causes */
+#define EINVAL_LEN __einfo_error ( EINFO_EINVAL_LEN )
+#define EINFO_EINVAL_LEN \
+	__einfo_uniqify ( EINFO_EINVAL, 0x01, "Invalid length" )
+#define ENOTSUP_VER __einfo_error ( EINFO_ENOTSUP_VER )
+#define EINFO_ENOTSUP_VER \
+	__einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Unsupported version" )
+#define ENOTSUP_HDR __einfo_error ( EINFO_ENOTSUP_HDR )
+#define EINFO_ENOTSUP_HDR \
+	__einfo_uniqify ( EINFO_ENOTSUP, 0x02, "Unsupported header type" )
+#define ENOTSUP_OPT __einfo_error ( EINFO_ENOTSUP_OPT )
+#define EINFO_ENOTSUP_OPT \
+	__einfo_uniqify ( EINFO_ENOTSUP, 0x03, "Unsupported option" )
 
-	/* Network device */
-	struct net_device *netdev;
+/** List of IPv6 miniroutes */
+struct list_head ipv6_miniroutes = LIST_HEAD_INIT ( ipv6_miniroutes );
 
-	/* Destination prefix */
-	struct in6_addr prefix;
-	/* Prefix length */
-	int prefix_len;
-	/* IPv6 address of interface */
-	struct in6_addr address;
-	/* Gateway address */
-	struct in6_addr gateway;
-};
+/**
+ * Determine debugging colour for IPv6 debug messages
+ *
+ * @v in		IPv6 address
+ * @ret col		Debugging colour (for DBGC())
+ */
+static uint32_t ipv6col ( struct in6_addr *in ) {
+	return crc32_le ( 0, in, sizeof ( *in ) );
+}
 
-/** List of IPv6 miniroutes */
-static LIST_HEAD ( miniroutes );
+/**
+ * Check if network device has a specific IPv6 address
+ *
+ * @v netdev		Network device
+ * @v addr		IPv6 address
+ * @ret has_addr	Network device has this IPv6 address
+ */
+int ipv6_has_addr ( struct net_device *netdev, struct in6_addr *addr ) {
+	struct ipv6_miniroute *miniroute;
+
+	list_for_each_entry ( miniroute, &ipv6_miniroutes, list ) {
+		if ( ( miniroute->netdev == netdev ) &&
+		     ( memcmp ( &miniroute->address, addr,
+				sizeof ( miniroute->address ) ) == 0 ) ) {
+			/* Found matching address */
+			return 1;
+		}
+	}
+	return 0;
+}
+
+/**
+ * Check if IPv6 address is within a routing table entry's local network
+ *
+ * @v miniroute		Routing table entry
+ * @v address		IPv6 address
+ * @ret is_local	Address is within this entry's local network
+ */
+static int ipv6_is_local ( struct ipv6_miniroute *miniroute,
+			   struct in6_addr *address ) {
+	unsigned int i;
+
+	for ( i = 0 ; i < ( sizeof ( address->s6_addr32 ) /
+			    sizeof ( address->s6_addr32[0] ) ) ; i++ ) {
+		if ( (( address->s6_addr32[i] ^ miniroute->address.s6_addr32[i])
+		      & miniroute->prefix_mask.s6_addr32[i] ) != 0 )
+			return 0;
+	}
+	return 1;
+}
 
 /**
  * Add IPv6 minirouting table entry
  *
  * @v netdev		Network device
- * @v prefix		Destination prefix
- * @v address		Address of the interface
- * @v gateway		Gateway address (or ::0 for no gateway)
- * @ret miniroute	Routing table entry, or NULL
+ * @v address		IPv6 address
+ * @v prefix_len	Prefix length
+ * @v router		Router address (or NULL)
+ * @ret miniroute	Routing table entry, or NULL on failure
  */
-static struct ipv6_miniroute * __malloc 
-add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr prefix,
-		     int prefix_len, struct in6_addr address,
-		     struct in6_addr gateway ) {
+static struct ipv6_miniroute * __malloc
+add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr *address,
+		     unsigned int prefix_len, struct in6_addr *router ) {
 	struct ipv6_miniroute *miniroute;
-	
-	miniroute = malloc ( sizeof ( *miniroute ) );
-	if ( miniroute ) {
-		/* Record routing information */
-		miniroute->netdev = netdev_get ( netdev );
-		miniroute->prefix = prefix;
-		miniroute->prefix_len = prefix_len;
-		miniroute->address = address;
-		miniroute->gateway = gateway;
-		
-		/* Add miniroute to list of miniroutes */
-		if ( !IP6_EQUAL ( gateway, ip6_none ) ) {
-			list_add_tail ( &miniroute->list, &miniroutes );
-		} else {
-			list_add ( &miniroute->list, &miniroutes );
-		}
+	uint8_t *prefix_mask;
+
+	DBGC ( netdev, "IPv6 add %s/%d ", inet6_ntoa ( address ), prefix_len );
+	if ( router )
+		DBGC ( netdev, "router %s ", inet6_ntoa ( router ) );
+	DBGC ( netdev, "via %s\n", netdev->name );
+
+	/* Allocate and populate miniroute structure */
+	miniroute = zalloc ( sizeof ( *miniroute ) );
+	if ( ! miniroute )
+		return NULL;
+
+	/* Record routing information */
+	miniroute->netdev = netdev_get ( netdev );
+	memcpy ( &miniroute->address, address, sizeof ( miniroute->address ) );
+	miniroute->prefix_len = prefix_len;
+	assert ( prefix_len <= ( 8 * sizeof ( miniroute->prefix_mask ) ) );
+	for ( prefix_mask = miniroute->prefix_mask.s6_addr ; prefix_len >= 8 ;
+	      prefix_mask++, prefix_len -= 8 ) {
+		*prefix_mask = 0xff;
+	}
+	if ( prefix_len )
+		*prefix_mask <<= ( 8 - prefix_len );
+	if ( router ) {
+		miniroute->has_router = 1;
+		memcpy ( &miniroute->router, router,
+			 sizeof ( miniroute->router ) );
+	}
+
+	/* Add to end of list if we have a gateway, otherwise to start
+	 * of list.
+	 */
+	if ( router ) {
+		list_add_tail ( &miniroute->list, &ipv6_miniroutes );
+	} else {
+		list_add ( &miniroute->list, &ipv6_miniroutes );
 	}
 
 	return miniroute;
@@ -82,290 +168,516 @@ add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr prefix,
  * @v miniroute		Routing table entry
  */
 static void del_ipv6_miniroute ( struct ipv6_miniroute *miniroute ) {
+	struct net_device *netdev = miniroute->netdev;
+
+	DBGC ( netdev, "IPv6 del %s/%d ", inet6_ntoa ( &miniroute->address ),
+	       miniroute->prefix_len );
+	if ( miniroute->has_router )
+		DBGC ( netdev, "router %s ", inet6_ntoa ( &miniroute->router ));
+	DBGC ( netdev, "via %s\n", netdev->name );
+
 	netdev_put ( miniroute->netdev );
 	list_del ( &miniroute->list );
 	free ( miniroute );
 }
 
 /**
- * Add IPv6 interface
+ * Perform IPv6 routing
  *
- * @v netdev	Network device
- * @v prefix	Destination prefix
- * @v address	Address of the interface
- * @v gateway	Gateway address (or ::0 for no gateway)
+ * @v scope_id		Destination address scope ID (for link-local addresses)
+ * @v dest		Final destination address
+ * @ret dest		Next hop destination address
+ * @ret miniroute	Routing table entry to use, or NULL if no route
  */
-int add_ipv6_address ( struct net_device *netdev, struct in6_addr prefix,
-		       int prefix_len, struct in6_addr address,
-		       struct in6_addr gateway ) {
+static struct ipv6_miniroute * ipv6_route ( unsigned int scope_id,
+					   struct in6_addr **dest ) {
 	struct ipv6_miniroute *miniroute;
+	int local;
+
+	/* Find first usable route in routing table */
+	list_for_each_entry ( miniroute, &ipv6_miniroutes, list ) {
+
+		/* Skip closed network devices */
+		if ( ! netdev_is_open ( miniroute->netdev ) )
+			continue;
+
+		/* For link-local addresses, skip devices that are not
+		 * the specified network device.
+		 */
+		if ( IN6_IS_ADDR_LINKLOCAL ( *dest ) &&
+		     ( miniroute->netdev->index != scope_id ) )
+			continue;
+
+		/* Skip non-gateway devices for which the prefix does
+		 * not match.
+		 */
+		local = ipv6_is_local ( miniroute, *dest );
+		if ( ! ( local || miniroute->has_router ) )
+			continue;
+
+		/* Update next hop if applicable */
+		if ( ! local )
+			*dest = &miniroute->router;
+
+		return miniroute;
+	}
 
-	/* Clear any existing address for this net device */
-	del_ipv6_address ( netdev );
-
-	/* Add new miniroute */
-	miniroute = add_ipv6_miniroute ( netdev, prefix, prefix_len, address,
-					 gateway );
-	if ( ! miniroute )
-		return -ENOMEM;
-
-	return 0;
+	return NULL;
 }
 
 /**
- * Remove IPv6 interface
+ * Check that received options can be safely ignored
  *
- * @v netdev	Network device
+ * @v iphdr		IPv6 header
+ * @v options		Options extension header
+ * @v len		Maximum length of header
+ * @ret rc		Return status code
  */
-void del_ipv6_address ( struct net_device *netdev ) {
-	struct ipv6_miniroute *miniroute;
-
-	list_for_each_entry ( miniroute, &miniroutes, list ) {
-		if ( miniroute->netdev == netdev ) {
-			del_ipv6_miniroute ( miniroute );
-			break;
+static int ipv6_check_options ( struct ipv6_header *iphdr,
+				struct ipv6_options_header *options,
+				size_t len ) {
+	struct ipv6_option *option = options->options;
+	struct ipv6_option *end = ( ( ( void * ) options ) + len );
+
+	while ( option < end ) {
+		if ( ! IPV6_CAN_IGNORE_OPT ( option->type ) ) {
+			DBGC ( ipv6col ( &iphdr->src ), "IPv6 unrecognised "
+			       "option type %#02x:\n", option->type );
+			DBGC_HDA ( ipv6col ( &iphdr->src ), 0,
+				   options, len );
+			return -ENOTSUP_OPT;
+		}
+		if ( option->type == IPV6_OPT_PAD1 ) {
+			option = ( ( ( void * ) option ) + 1 );
+		} else {
+			option = ( ( ( void * ) option ) + option->len );
 		}
 	}
+	return 0;
 }
 
 /**
- * Calculate TCPIP checksum
+ * Check if fragment matches fragment reassembly buffer
  *
- * @v iobuf	I/O buffer
- * @v tcpip	TCP/IP protocol
+ * @v fragment		Fragment reassembly buffer
+ * @v iobuf		I/O buffer
+ * @v hdrlen		Length of non-fragmentable potion of I/O buffer
+ * @ret is_fragment	Fragment matches this reassembly buffer
+ */
+static int ipv6_is_fragment ( struct fragment *fragment,
+			      struct io_buffer *iobuf, size_t hdrlen ) {
+	struct ipv6_header *frag_iphdr = fragment->iobuf->data;
+	struct ipv6_fragment_header *frag_fhdr =
+		( fragment->iobuf->data + fragment->hdrlen -
+		  sizeof ( *frag_fhdr ) );
+	struct ipv6_header *iphdr = iobuf->data;
+	struct ipv6_fragment_header *fhdr =
+		( iobuf->data + hdrlen - sizeof ( *fhdr ) );
+
+	return ( ( memcmp ( &iphdr->src, &frag_iphdr->src,
+			    sizeof ( iphdr->src ) ) == 0 ) &&
+		 ( fhdr->ident == frag_fhdr->ident ) );
+}
+
+/**
+ * Get fragment offset
  *
- * This function constructs the pseudo header and completes the checksum in the
- * upper layer header.
+ * @v iobuf		I/O buffer
+ * @v hdrlen		Length of non-fragmentable potion of I/O buffer
+ * @ret offset		Offset
  */
-static uint16_t ipv6_tx_csum ( struct io_buffer *iobuf, uint16_t csum ) {
-	struct ip6_header *ip6hdr = iobuf->data;
-	struct ipv6_pseudo_header pshdr;
+static size_t ipv6_fragment_offset ( struct io_buffer *iobuf, size_t hdrlen ) {
+	struct ipv6_fragment_header *fhdr =
+		( iobuf->data + hdrlen - sizeof ( *fhdr ) );
 
-	/* Calculate pseudo header */
-	memset ( &pshdr, 0, sizeof ( pshdr ) );
-	pshdr.src = ip6hdr->src;
-	pshdr.dest = ip6hdr->dest;
-	pshdr.len = htons ( iob_len ( iobuf ) - sizeof ( *ip6hdr ) );
-	pshdr.nxt_hdr = ip6hdr->nxt_hdr;
+	return ( ntohs ( fhdr->offset_more ) & IPV6_MASK_OFFSET );
+}
 
-	/* Update checksum value */
-	return tcpip_continue_chksum ( csum, &pshdr, sizeof ( pshdr ) );
+/**
+ * Check if more fragments exist
+ *
+ * @v iobuf		I/O buffer
+ * @v hdrlen		Length of non-fragmentable potion of I/O buffer
+ * @ret more_frags	More fragments exist
+ */
+static int ipv6_more_fragments ( struct io_buffer *iobuf, size_t hdrlen ) {
+	struct ipv6_fragment_header *fhdr =
+		( iobuf->data + hdrlen - sizeof ( *fhdr ) );
+
+	return ( fhdr->offset_more & htons ( IPV6_MASK_MOREFRAGS ) );
 }
 
+/** Fragment reassembler */
+static struct fragment_reassembler ipv6_reassembler = {
+	.list = LIST_HEAD_INIT ( ipv6_reassembler.list ),
+	.is_fragment = ipv6_is_fragment,
+	.fragment_offset = ipv6_fragment_offset,
+	.more_fragments = ipv6_more_fragments,
+};
+
 /**
- * Dump IP6 header for debugging
+ * Calculate IPv6 pseudo-header checksum
  *
- * ip6hdr	IPv6 header
+ * @v iphdr		IPv6 header
+ * @v len		Payload length
+ * @v next_header	Next header type
+ * @v csum		Existing checksum
+ * @ret csum		Updated checksum
  */
-void ipv6_dump ( struct ip6_header *ip6hdr ) {
-	DBG ( "IP6 %p src %s dest %s nxt_hdr %d len %d\n", ip6hdr,
-	      inet6_ntoa ( ip6hdr->src ), inet6_ntoa ( ip6hdr->dest ),
-	      ip6hdr->nxt_hdr, ntohs ( ip6hdr->payload_len ) );
+static uint16_t ipv6_pshdr_chksum ( struct ipv6_header *iphdr, size_t len,
+				    int next_header, uint16_t csum ) {
+	struct ipv6_pseudo_header pshdr;
+
+	/* Build pseudo-header */
+	memcpy ( &pshdr.src, &iphdr->src, sizeof ( pshdr.src ) );
+	memcpy ( &pshdr.dest, &iphdr->dest, sizeof ( pshdr.dest ) );
+	pshdr.len = htonl ( len );
+	memset ( pshdr.zero, 0, sizeof ( pshdr.zero ) );
+	pshdr.next_header = next_header;
+
+	/* Update the checksum value */
+	return tcpip_continue_chksum ( csum, &pshdr, sizeof ( pshdr ) );
 }
 
 /**
- * Transmit IP6 packet
+ * Transmit IPv6 packet
  *
- * iobuf		I/O buffer
- * tcpip	TCP/IP protocol
- * st_dest	Destination socket address
+ * @v iobuf		I/O buffer
+ * @v tcpip		Transport-layer protocol
+ * @v st_src		Source network-layer address
+ * @v st_dest		Destination network-layer address
+ * @v netdev		Network device to use if no route found, or NULL
+ * @v trans_csum	Transport-layer checksum to complete, or NULL
+ * @ret rc		Status
  *
- * This function prepends the IPv6 headers to the payload an transmits it.
+ * This function expects a transport-layer segment and prepends the
+ * IPv6 header
  */
 static int ipv6_tx ( struct io_buffer *iobuf,
-		     struct tcpip_protocol *tcpip,
-		     struct sockaddr_tcpip *st_src __unused,
+		     struct tcpip_protocol *tcpip_protocol,
+		     struct sockaddr_tcpip *st_src,
 		     struct sockaddr_tcpip *st_dest,
 		     struct net_device *netdev,
 		     uint16_t *trans_csum ) {
-	struct sockaddr_in6 *dest = ( struct sockaddr_in6* ) st_dest;
-	struct in6_addr next_hop;
+	struct sockaddr_in6 *sin6_src = ( ( struct sockaddr_in6 * ) st_src );
+	struct sockaddr_in6 *sin6_dest = ( ( struct sockaddr_in6 * ) st_dest );
 	struct ipv6_miniroute *miniroute;
+	struct ipv6_header *iphdr;
+	struct in6_addr *next_hop;
 	uint8_t ll_dest_buf[MAX_LL_ADDR_LEN];
-	const uint8_t *ll_dest = ll_dest_buf;
+	const void *ll_dest;
+	size_t len;
 	int rc;
 
-	/* Construct the IPv6 packet */
-	struct ip6_header *ip6hdr = iob_push ( iobuf, sizeof ( *ip6hdr ) );
-	memset ( ip6hdr, 0, sizeof ( *ip6hdr) );
-	ip6hdr->ver_traffic_class_flow_label = htonl ( 0x60000000 );//IP6_VERSION;
-	ip6hdr->payload_len = htons ( iob_len ( iobuf ) - sizeof ( *ip6hdr ) );
-	ip6hdr->nxt_hdr = tcpip->tcpip_proto;
-	ip6hdr->hop_limit = IP6_HOP_LIMIT; // 255
-
-	/* Determine the next hop address and interface
-	 *
-	 * TODO: Implement the routing table.
-	 */
-	next_hop = dest->sin6_addr;
-	list_for_each_entry ( miniroute, &miniroutes, list ) {
-		if ( ( memcmp ( &ip6hdr->dest, &miniroute->prefix,
-					miniroute->prefix_len ) == 0 ) ||
-		     ( IP6_EQUAL ( miniroute->gateway, ip6_none ) ) ) {
-			netdev = miniroute->netdev;
-			ip6hdr->src = miniroute->address;
-			if ( ! ( IS_UNSPECIFIED ( miniroute->gateway ) ) ) {
-				next_hop = miniroute->gateway;
-			}
-			break;
-		}
+	/* Fill up the IPv6 header, except source address */
+	len = iob_len ( iobuf );
+	iphdr = iob_push ( iobuf, sizeof ( *iphdr ) );
+	memset ( iphdr, 0, sizeof ( *iphdr ) );
+	iphdr->ver_tc_label = htonl ( IPV6_VER );
+	iphdr->len = htons ( len );
+	iphdr->next_header = tcpip_protocol->tcpip_proto;
+	iphdr->hop_limit = IPV6_HOP_LIMIT;
+	memcpy ( &iphdr->dest, &sin6_dest->sin6_addr, sizeof ( iphdr->dest ) );
+
+	/* Use routing table to identify next hop and transmitting netdev */
+	next_hop = &iphdr->dest;
+	if ( sin6_src ) {
+		memcpy ( &iphdr->src, &sin6_src->sin6_addr,
+			 sizeof ( iphdr->src ) );
+	}
+	if ( ( ! IN6_IS_ADDR_MULTICAST ( next_hop ) ) &&
+	     ( ( miniroute = ipv6_route ( ntohl ( sin6_dest->sin6_scope_id ),
+					  &next_hop ) ) != NULL ) ) {
+		memcpy ( &iphdr->src, &miniroute->address,
+			 sizeof ( iphdr->src ) );
+		netdev = miniroute->netdev;
 	}
-	/* No network interface identified */
-	if ( !netdev ) {
-		DBG ( "No route to host %s\n", inet6_ntoa ( ip6hdr->dest ) );
+	if ( ! netdev ) {
+		DBGC ( ipv6col ( &iphdr->dest ), "IPv6 has no route to %s\n",
+		       inet6_ntoa ( &iphdr->dest ) );
 		rc = -ENETUNREACH;
 		goto err;
 	}
 
-	/* Complete the transport layer checksum */
-	if ( trans_csum )
-		*trans_csum = ipv6_tx_csum ( iobuf, *trans_csum );
-
-	/* Print IPv6 header */
-	ipv6_dump ( ip6hdr );
-	
-	/* Resolve link layer address */
-	if ( next_hop.in6_u.u6_addr8[0] == 0xff ) {
-		ll_dest_buf[0] = 0x33;
-		ll_dest_buf[1] = 0x33;
-		ll_dest_buf[2] = next_hop.in6_u.u6_addr8[12];
-		ll_dest_buf[3] = next_hop.in6_u.u6_addr8[13];
-		ll_dest_buf[4] = next_hop.in6_u.u6_addr8[14];
-		ll_dest_buf[5] = next_hop.in6_u.u6_addr8[15];
-	} else {
-		/* Unicast address needs to be resolved by NDP */
-		if ( ( rc = ndp_resolve ( netdev, &next_hop, &ip6hdr->src,
-					  ll_dest_buf ) ) != 0 ) {
-			DBG ( "No entry for %s\n", inet6_ntoa ( next_hop ) );
+	/* Fix up checksums */
+	if ( trans_csum ) {
+		*trans_csum = ipv6_pshdr_chksum ( iphdr, len,
+						  tcpip_protocol->tcpip_proto,
+						  *trans_csum );
+	}
+
+	/* Print IPv6 header for debugging */
+	DBGC2 ( ipv6col ( &iphdr->dest ), "IPv6 TX %s->",
+		inet6_ntoa ( &iphdr->src ) );
+	DBGC2 ( ipv6col ( &iphdr->dest ), "%s len %zd next %d\n",
+		inet6_ntoa ( &iphdr->dest ), len, iphdr->next_header );
+
+	/* Calculate link-layer destination address, if possible */
+	if ( IN6_IS_ADDR_MULTICAST ( next_hop ) ) {
+		/* Multicast address */
+		if ( ( rc = netdev->ll_protocol->mc_hash ( AF_INET6, next_hop,
+							   ll_dest_buf ) ) !=0){
+			DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not hash "
+			       "multicast %s: %s\n", inet6_ntoa ( next_hop ),
+			       strerror ( rc ) );
 			goto err;
 		}
+		ll_dest = ll_dest_buf;
+	} else {
+		/* Unicast address */
+		ll_dest = NULL;
+	}
+
+	/* Hand off to link layer (via NDP if applicable) */
+	if ( ll_dest ) {
+		if ( ( rc = net_tx ( iobuf, netdev, &ipv6_protocol, ll_dest,
+				     netdev->ll_addr ) ) != 0 ) {
+			DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not "
+			       "transmit packet via %s: %s\n",
+			       netdev->name, strerror ( rc ) );
+			return rc;
+		}
+	} else {
+		if ( ( rc = ndp_tx ( iobuf, netdev, next_hop, &iphdr->src,
+				     netdev->ll_addr ) ) != 0 ) {
+			DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not "
+			       "transmit packet via %s: %s\n",
+			       netdev->name, strerror ( rc ) );
+			return rc;
+		}
 	}
 
-	/* Transmit packet */
-	return net_tx ( iobuf, netdev, &ipv6_protocol, ll_dest,
-			netdev->ll_addr );
+	return 0;
 
-  err:
+ err:
 	free_iob ( iobuf );
 	return rc;
 }
 
 /**
- * Process next IP6 header
- *
- * @v iobuf	I/O buffer
- * @v nxt_hdr	Next header number
- * @v src	Source socket address
- * @v dest	Destination socket address
- *
- * Refer http://www.iana.org/assignments/ipv6-parameters for the numbers
- */
-static int ipv6_process_nxt_hdr ( struct io_buffer *iobuf,
-				  struct net_device *netdev, uint8_t nxt_hdr,
-		struct sockaddr_tcpip *src, struct sockaddr_tcpip *dest ) {
-	switch ( nxt_hdr ) {
-	case IP6_HOPBYHOP: 
-	case IP6_ROUTING: 
-	case IP6_FRAGMENT: 
-	case IP6_AUTHENTICATION: 
-	case IP6_DEST_OPTS: 
-	case IP6_ESP: 
-		DBG ( "Function not implemented for header %d\n", nxt_hdr );
-		return -ENOSYS;
-	case IP6_ICMP6: 
-		break;
-	case IP6_NO_HEADER: 
-		DBG ( "No next header\n" );
-		return 0;
-	}
-	/* Next header is not a IPv6 extension header */
-	return tcpip_rx ( iobuf, netdev, nxt_hdr, src, dest, 0 /* fixme */ );
-}
-
-/**
- * Process incoming IP6 packets
+ * Process incoming IPv6 packets
  *
  * @v iobuf		I/O buffer
  * @v netdev		Network device
  * @v ll_dest		Link-layer destination address
- * @v ll_source		Link-layer source address
+ * @v ll_source		Link-layer destination source
  * @v flags		Packet flags
+ * @ret rc		Return status code
  *
- * This function processes a IPv6 packet
+ * This function expects an IPv6 network datagram. It processes the
+ * headers and sends it to the transport layer.
  */
-static int ipv6_rx ( struct io_buffer *iobuf,
-		     __unused struct net_device *netdev,
-		     __unused const void *ll_dest,
-		     __unused const void *ll_source,
-		     __unused unsigned int flags ) {
-
-	struct ip6_header *ip6hdr = iobuf->data;
+static int ipv6_rx ( struct io_buffer *iobuf, struct net_device *netdev,
+		     const void *ll_dest __unused,
+		     const void *ll_source __unused,
+		     unsigned int flags __unused ) {
+	struct ipv6_header *iphdr = iobuf->data;
+	union ipv6_extension_header *ext;
 	union {
 		struct sockaddr_in6 sin6;
 		struct sockaddr_tcpip st;
 	} src, dest;
+	uint16_t pshdr_csum;
+	size_t len;
+	size_t hdrlen;
+	size_t extlen;
+	int this_header;
+	int next_header;
+	int rc;
 
-	/* Sanity check */
-	if ( iob_len ( iobuf ) < sizeof ( *ip6hdr ) ) {
-		DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) );
-		goto drop;
+	/* Sanity check the IPv6 header */
+	if ( iob_len ( iobuf ) < sizeof ( *iphdr ) ) {
+		DBGC ( ipv6col ( &iphdr->src ), "IPv6 packet too short at %zd "
+		       "bytes (min %zd bytes)\n", iob_len ( iobuf ),
+		       sizeof ( *iphdr ) );
+		rc = -EINVAL_LEN;
+		goto err;
 	}
-
-	/* TODO: Verify checksum */
-
-	/* Print IP6 header for debugging */
-	ipv6_dump ( ip6hdr );
-
-	/* Check header version */
-	if ( ( ip6hdr->ver_traffic_class_flow_label & 0xf0000000 ) != 0x60000000 ) {
-		DBG ( "Invalid protocol version\n" );
-		goto drop;
+	if ( ( iphdr->ver_tc_label & htonl ( IPV6_MASK_VER ) ) !=
+	     htonl ( IPV6_VER ) ) {
+		DBGC ( ipv6col ( &iphdr->src ), "IPv6 version %#08x not "
+		       "supported\n", ntohl ( iphdr->ver_tc_label ) );
+		rc = -ENOTSUP_VER;
+		goto err;
 	}
 
-	/* Check the payload length */
-	if ( ntohs ( ip6hdr->payload_len ) > iob_len ( iobuf ) ) {
-		DBG ( "Inconsistent packet length (%d bytes)\n",
-			ip6hdr->payload_len );
-		goto drop;
+	/* Truncate packet to specified length */
+	len = ntohs ( iphdr->len );
+	if ( len > iob_len ( iobuf ) ) {
+		DBGC ( ipv6col ( &iphdr->src ), "IPv6 length too long at %zd "
+		       "bytes (packet is %zd bytes)\n", len, iob_len ( iobuf ));
+		rc = -EINVAL_LEN;
+		goto err;
 	}
+	iob_unput ( iobuf, ( iob_len ( iobuf ) - len - sizeof ( *iphdr ) ) );
+	hdrlen = sizeof ( *iphdr );
+
+	/* Print IPv6 header for debugging */
+	DBGC2 ( ipv6col ( &iphdr->src ), "IPv6 RX %s<-",
+		inet6_ntoa ( &iphdr->dest ) );
+	DBGC2 ( ipv6col ( &iphdr->src ), "%s len %zd next %d\n",
+		inet6_ntoa ( &iphdr->src ), len, iphdr->next_header );
+
+	/* Discard unicast packets not destined for us */
+	if ( ( ! ( flags & LL_MULTICAST ) ) &&
+	     ( ! ipv6_has_addr ( netdev, &iphdr->dest ) ) ) {
+		DBGC ( ipv6col ( &iphdr->src ), "IPv6 discarding non-local "
+		       "unicast packet for %s\n", inet6_ntoa ( &iphdr->dest ) );
+		rc = -EPIPE;
+		goto err;
+	}
+
+	/* Process any extension headers */
+	next_header = iphdr->next_header;
+	while ( 1 ) {
+
+		/* Extract extension header */
+		this_header = next_header;
+		ext = ( iobuf->data + hdrlen );
+		extlen = sizeof ( ext->pad );
+		if ( iob_len ( iobuf ) < ( hdrlen + extlen ) ) {
+			DBGC ( ipv6col ( &iphdr->src ), "IPv6 too short for "
+			       "extension header type %d at %zd bytes (min "
+			       "%zd bytes)\n", this_header,
+			       ( iob_len ( iobuf ) - hdrlen ), extlen );
+			rc = -EINVAL_LEN;
+			goto err;
+		}
 
-	/* Ignore the traffic class and flow control values */
+		/* Determine size of extension header (if applicable) */
+		if ( ( this_header == IPV6_HOPBYHOP ) ||
+		     ( this_header == IPV6_DESTINATION ) ||
+		     ( this_header == IPV6_ROUTING ) ) {
+			/* Length field is present */
+			extlen += ext->common.len;
+		} else if ( this_header == IPV6_FRAGMENT ) {
+			/* Length field is reserved and ignored (RFC2460) */
+		} else {
+			/* Not an extension header; assume rest is payload */
+			break;
+		}
+		if ( iob_len ( iobuf ) < ( hdrlen + extlen ) ) {
+			DBGC ( ipv6col ( &iphdr->src ), "IPv6 too short for "
+			       "extension header type %d at %zd bytes (min "
+			       "%zd bytes)\n", this_header,
+			       ( iob_len ( iobuf ) - hdrlen ), extlen );
+			rc = -EINVAL_LEN;
+			goto err;
+		}
+		hdrlen += extlen;
+		next_header = ext->common.next_header;
+		DBGC2 ( ipv6col ( &iphdr->src ), "IPv6 RX %s<-",
+			inet6_ntoa ( &iphdr->dest ) );
+		DBGC2 ( ipv6col ( &iphdr->src ), "%s ext type %d len %zd next "
+			"%d\n", inet6_ntoa ( &iphdr->src ), this_header,
+			extlen, next_header );
+
+		/* Process this extension header */
+		if ( ( this_header == IPV6_HOPBYHOP ) ||
+		     ( this_header == IPV6_DESTINATION ) ) {
+
+			/* Check that all options can be ignored */
+			if ( ( rc = ipv6_check_options ( iphdr, &ext->options,
+							 extlen ) ) != 0 )
+				goto err;
+
+		} else if ( this_header == IPV6_FRAGMENT ) {
+
+			/* Reassemble fragments */
+			iobuf = fragment_reassemble ( &ipv6_reassembler, iobuf,
+						      &hdrlen );
+			if ( ! iobuf )
+				return 0;
+			iphdr = iobuf->data;
+		}
+	}
 
-	/* Construct socket address */
+	/* Construct socket address, calculate pseudo-header checksum,
+	 * and hand off to transport layer
+	 */
 	memset ( &src, 0, sizeof ( src ) );
 	src.sin6.sin6_family = AF_INET6;
-	src.sin6.sin6_addr = ip6hdr->src;
+	memcpy ( &src.sin6.sin6_addr, &iphdr->src,
+		 sizeof ( src.sin6.sin6_addr ) );
+	src.sin6.sin6_scope_id = htonl ( netdev->index );
 	memset ( &dest, 0, sizeof ( dest ) );
 	dest.sin6.sin6_family = AF_INET6;
-	dest.sin6.sin6_addr = ip6hdr->dest;
-
-	/* Strip header */
-	iob_unput ( iobuf, iob_len ( iobuf ) - ntohs ( ip6hdr->payload_len ) -
-							sizeof ( *ip6hdr ) );
-	iob_pull ( iobuf, sizeof ( *ip6hdr ) );
+	memcpy ( &dest.sin6.sin6_addr, &iphdr->dest,
+		 sizeof ( dest.sin6.sin6_addr ) );
+	dest.sin6.sin6_scope_id = htonl ( netdev->index );
+	iob_pull ( iobuf, hdrlen );
+	pshdr_csum = ipv6_pshdr_chksum ( iphdr, iob_len ( iobuf ),
+					 next_header, TCPIP_EMPTY_CSUM );
+	if ( ( rc = tcpip_rx ( iobuf, netdev, next_header, &src.st, &dest.st,
+			       pshdr_csum ) ) != 0 ) {
+		DBGC ( ipv6col ( &src.sin6.sin6_addr ), "IPv6 received packet "
+				"rejected by stack: %s\n", strerror ( rc ) );
+		return rc;
+	}
 
-	/* Send it to the transport layer */
-	return ipv6_process_nxt_hdr ( iobuf, netdev, ip6hdr->nxt_hdr, &src.st, &dest.st );
+	return 0;
 
-  drop:
-	DBG ( "Packet dropped\n" );
+ err:
 	free_iob ( iobuf );
-	return -1;
+	return rc;
 }
 
 /**
- * Print a IP6 address as xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
+ * Convert IPv6 address to standard notation
+ *
+ * @v in	IPv6 address
+ * @ret string	IPv6 address in standard notation
+ *
+ * RFC5952 defines the canonical format for IPv6 textual representation.
  */
-char * inet6_ntoa ( struct in6_addr in6 ) {
-	static char buf[40];
-	uint16_t *bytes = ( uint16_t* ) &in6;
-	sprintf ( buf, "%x:%x:%x:%x:%x:%x:%x:%x", bytes[0], bytes[1], bytes[2],
-			bytes[3], bytes[4], bytes[5], bytes[6], bytes[7] );
-	return buf;
+char * inet6_ntoa ( const struct in6_addr *in ) {
+	static char buf[41]; /* ":xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" */
+	char *out = buf;
+	char *longest_start = NULL;
+	char *start = NULL;
+	int longest_len = 1;
+	int len = 0;
+	char *dest;
+	unsigned int i;
+	uint16_t value;
+
+	/* Format address, keeping track of longest run of zeros */
+	for ( i = 0 ; i < ( sizeof ( in->s6_addr16 ) /
+			    sizeof ( in->s6_addr16[0] ) ) ; i++ ) {
+		value = ntohs ( in->s6_addr16[i] );
+		if ( value == 0 ) {
+			if ( len++ == 0 )
+				start = out;
+			if ( len > longest_len ) {
+				longest_start = start;
+				longest_len = len;
+			}
+		} else {
+			len = 0;
+		}
+		out += sprintf ( out, ":%x", value );
+	}
+
+	/* Abbreviate longest run of zeros, if applicable */
+	if ( longest_start ) {
+		dest = strcpy ( ( longest_start + 1 ),
+				( longest_start + ( 2 * longest_len ) ) );
+		if ( dest[0] == '\0' )
+			dest[1] = '\0';
+		dest[0] = ':';
+	}
+	return ( ( longest_start == buf ) ? buf : ( buf + 1 ) );
 }
 
+/**
+ * Transcribe IPv6 address
+ *
+ * @v net_addr	IPv6 address
+ * @ret string	IPv6 address in standard notation
+ *
+ */
 static const char * ipv6_ntoa ( const void *net_addr ) {
-	return inet6_ntoa ( * ( ( struct in6_addr * ) net_addr ) );
+	return inet6_ntoa ( net_addr );
 }
 
 /** IPv6 protocol */
@@ -383,3 +695,72 @@ struct tcpip_net_protocol ipv6_tcpip_protocol __tcpip_net_protocol = {
 	.sa_family = AF_INET6,
 	.tx = ipv6_tx,
 };
+
+/**
+ * Create IPv6 network device
+ *
+ * @v netdev		Network device
+ * @ret rc		Return status code
+ */
+static int ipv6_probe ( struct net_device *netdev ) {
+	struct ipv6_miniroute *miniroute;
+	struct in6_addr address;
+	int prefix_len;
+	int rc;
+
+	/* Construct link-local address from EUI-64 as per RFC 2464 */
+	prefix_len = ipv6_link_local ( &address, netdev );
+	if ( prefix_len < 0 ) {
+		rc = prefix_len;
+		DBGC ( netdev, "IPv6 %s could not construct link-local "
+		       "address: %s\n", netdev->name, strerror ( rc ) );
+		return rc;
+	}
+
+	/* Create link-local address for this network device */
+	miniroute = add_ipv6_miniroute ( netdev, &address, prefix_len, NULL );
+	if ( ! miniroute )
+		return -ENOMEM;
+
+	return 0;
+}
+
+/**
+ * Handle IPv6 network device or link state change
+ *
+ * @v netdev		Network device
+ */
+static void ipv6_notify ( struct net_device *netdev __unused ) {
+
+	/* Nothing to do */
+}
+
+/**
+ * Destroy IPv6 network device
+ *
+ * @v netdev		Network device
+ */
+static void ipv6_remove ( struct net_device *netdev ) {
+	struct ipv6_miniroute *miniroute;
+	struct ipv6_miniroute *tmp;
+
+	/* Delete all miniroutes for this network device */
+	list_for_each_entry_safe ( miniroute, tmp, &ipv6_miniroutes, list ) {
+		if ( miniroute->netdev == netdev )
+			del_ipv6_miniroute ( miniroute );
+	}
+}
+
+/** IPv6 network device driver */
+struct net_driver ipv6_driver __net_driver = {
+	.name = "IPv6",
+	.probe = ipv6_probe,
+	.notify = ipv6_notify,
+	.remove = ipv6_remove,
+};
+
+/* Drag in ICMPv6 */
+REQUIRE_OBJECT ( icmpv6 );
+
+/* Drag in NDP */
+REQUIRE_OBJECT ( ndp );
diff --git a/src/net/ndp.c b/src/net/ndp.c
index 4d37133..48b16d0 100644
--- a/src/net/ndp.c
+++ b/src/net/ndp.c
@@ -1,180 +1,370 @@
-#include <stdint.h>
+/*
+ * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
 #include <string.h>
-#include <byteswap.h>
 #include <errno.h>
-#include <ipxe/if_ether.h>
+#include <byteswap.h>
+#include <ipxe/in.h>
 #include <ipxe/iobuf.h>
+#include <ipxe/tcpip.h>
+#include <ipxe/ipv6.h>
+#include <ipxe/icmpv6.h>
+#include <ipxe/neighbour.h>
 #include <ipxe/ndp.h>
-#include <ipxe/icmp6.h>
-#include <ipxe/ip6.h>
-#include <ipxe/netdevice.h>
 
 /** @file
  *
- * Neighbour Discovery Protocol
+ * IPv6 neighbour discovery protocol
  *
- * This file implements address resolution as specified by the neighbour
- * discovery protocol in RFC2461. This protocol is part of the IPv6 protocol
- * family.
  */
 
-/* A neighbour entry */
-struct ndp_entry {
-	/** Target IP6 address */
-	struct in6_addr in6;
-	/** Link layer protocol */
-	struct ll_protocol *ll_protocol;
-	/** Link-layer address */
-	uint8_t ll_addr[MAX_LL_ADDR_LEN];
-	/** State of the neighbour entry */
-	int state;
-};
-
-/** Number of entries in the neighbour cache table */
-#define NUM_NDP_ENTRIES 4
-
-/** The neighbour cache table */
-static struct ndp_entry ndp_table[NUM_NDP_ENTRIES];
-#define ndp_table_end &ndp_table[NUM_NDP_ENTRIES]
-
-static unsigned int next_new_ndp_entry = 0;
-
 /**
- * Find entry in the neighbour cache
+ * Transmit NDP neighbour solicitation/advertisement packet
  *
- * @v in6	IP6 address
+ * @v netdev		Network device
+ * @v sin6_src		Source socket address
+ * @v sin6_dest		Destination socket address
+ * @v target		Neighbour target address
+ * @v icmp_type		ICMPv6 type
+ * @v flags		NDP flags
+ * @v option_type	NDP option type
+ * @ret rc		Return status code
  */
-static struct ndp_entry *
-ndp_find_entry ( struct in6_addr *in6 ) {
-	struct ndp_entry *ndp;
-
-	for ( ndp = ndp_table ; ndp < ndp_table_end ; ndp++ ) {
-		if ( IP6_EQUAL ( ( *in6 ), ndp->in6 ) && 
-		     ( ndp->state != NDP_STATE_INVALID ) ) {
-			return ndp;
-		}
+static int ndp_tx_neighbour ( struct net_device *netdev,
+			      struct sockaddr_in6 *sin6_src,
+			      struct sockaddr_in6 *sin6_dest,
+			      const struct in6_addr *target,
+			      unsigned int icmp_type,
+			      unsigned int flags,
+			      unsigned int option_type ) {
+	struct sockaddr_tcpip *st_src =
+		( ( struct sockaddr_tcpip * ) sin6_src );
+	struct sockaddr_tcpip *st_dest =
+		( ( struct sockaddr_tcpip * ) sin6_dest );
+	struct ll_protocol *ll_protocol = netdev->ll_protocol;
+	struct io_buffer *iobuf;
+	struct ndp_header *ndp;
+	size_t option_len;
+	size_t len;
+	int rc;
+
+	/* Allocate and populate buffer */
+	option_len = ( ( sizeof ( ndp->option[0] ) + ll_protocol->ll_addr_len +
+			 NDP_OPTION_BLKSZ - 1 ) &
+		       ~( NDP_OPTION_BLKSZ - 1 ) );
+	len = ( sizeof ( *ndp ) + option_len );
+	iobuf = alloc_iob ( MAX_LL_NET_HEADER_LEN + len );
+	if ( ! iobuf )
+		return -ENOMEM;
+	iob_reserve ( iobuf, MAX_LL_NET_HEADER_LEN );
+	ndp = iob_put ( iobuf, len );
+	memset ( ndp, 0, len );
+	ndp->icmp.type = icmp_type;
+	ndp->flags = flags;
+	memcpy ( &ndp->target, target, sizeof ( ndp->target ) );
+	ndp->option[0].type = option_type;
+	ndp->option[0].blocks = ( option_len / NDP_OPTION_BLKSZ );
+	memcpy ( ndp->option[0].value, netdev->ll_addr,
+		 ll_protocol->ll_addr_len );
+	ndp->icmp.chksum = tcpip_chksum ( ndp, len );
+
+	/* Transmit packet */
+	if ( ( rc = tcpip_tx ( iobuf, &icmpv6_protocol, st_src, st_dest,
+			       netdev, &ndp->icmp.chksum ) ) != 0 ) {
+		DBGC ( netdev, "NDP could not transmit packet: %s\n",
+		       strerror ( rc ) );
+		return rc;
 	}
-	return NULL;
+
+	return 0;
 }
 
 /**
- * Add NDP entry
- * 
- * @v netdev	Network device
- * @v in6	IP6 address
- * @v ll_addr	Link-layer address
- * @v state	State of the entry - one of the NDP_STATE_XXX values
+ * Transmit NDP neighbour discovery request
+ *
+ * @v netdev		Network device
+ * @v net_protocol	Network-layer protocol
+ * @v net_dest		Destination network-layer address
+ * @v net_source	Source network-layer address
+ * @ret rc		Return status code
  */
-static void 
-add_ndp_entry ( struct net_device *netdev, struct in6_addr *in6,
-		void *ll_addr, int state ) {
-	struct ndp_entry *ndp;
-	ndp = &ndp_table[next_new_ndp_entry++ % NUM_NDP_ENTRIES];
-
-	/* Fill up entry */
-	ndp->ll_protocol = netdev->ll_protocol;
-	memcpy ( &ndp->in6, &( *in6 ), sizeof ( *in6 ) );
-	if ( ll_addr ) {
-		memcpy ( ndp->ll_addr, ll_addr, netdev->ll_protocol->ll_addr_len );
-	} else {
-		memset ( ndp->ll_addr, 0, netdev->ll_protocol->ll_addr_len );
-	}
-	ndp->state = state;
-	DBG ( "New neighbour cache entry: IP6 %s => %s %s\n",
-	      inet6_ntoa ( ndp->in6 ), netdev->ll_protocol->name,
-	      netdev->ll_protocol->ntoa ( ndp->ll_addr ) );
+static int ndp_tx_request ( struct net_device *netdev,
+			    struct net_protocol *net_protocol __unused,
+			    const void *net_dest, const void *net_source ) {
+	struct sockaddr_in6 sin6_src;
+	struct sockaddr_in6 sin6_dest;
+
+	/* Construct source address */
+	memset ( &sin6_src, 0, sizeof ( sin6_src ) );
+	sin6_src.sin6_family = AF_INET6;
+	memcpy ( &sin6_src.sin6_addr, net_source,
+		 sizeof ( sin6_src.sin6_addr ) );
+	sin6_src.sin6_scope_id = htons ( netdev->index );
+
+	/* Construct multicast destination address */
+	memset ( &sin6_dest, 0, sizeof ( sin6_dest ) );
+	sin6_dest.sin6_family = AF_INET6;
+	sin6_dest.sin6_scope_id = htons ( netdev->index );
+	ipv6_solicited_node ( &sin6_dest.sin6_addr, net_dest );
+
+	/* Transmit neighbour discovery packet */
+	return ndp_tx_neighbour ( netdev, &sin6_src, &sin6_dest, net_dest,
+				  ICMPV6_NDP_NEIGHBOUR_SOLICITATION, 0,
+				  NDP_OPT_LL_SOURCE );
 }
 
+/** NDP neighbour discovery protocol */
+struct neighbour_discovery ndp_discovery = {
+	.name = "NDP",
+	.tx_request = ndp_tx_request,
+};
+
 /**
- * Resolve the link-layer address
+ * Process NDP neighbour solicitation source link-layer address option
  *
  * @v netdev		Network device
- * @v dest		Destination address
- * @v src		Source address
- * @ret dest_ll_addr	Destination link-layer address or NULL
- * @ret rc		Status
- *
- * This function looks up the neighbour cache for an entry corresponding to the
- * destination address. If it finds a valid entry, it fills up dest_ll_addr and
- * returns 0. Otherwise it sends a neighbour solicitation to the solicited
- * multicast address.
+ * @v sin6_src		Source socket address
+ * @v ndp		NDP packet
+ * @v ll_addr		Source link-layer address
+ * @v ll_addr_len	Source link-layer address length
+ * @ret rc		Return status code
  */
-int ndp_resolve ( struct net_device *netdev, struct in6_addr *dest,
-		  struct in6_addr *src, void *dest_ll_addr ) {
+static int ndp_rx_neighbour_solicitation ( struct net_device *netdev,
+					   struct sockaddr_in6 *sin6_src,
+					   struct ndp_header *ndp __unused,
+					   const void *ll_addr,
+					   size_t ll_addr_len ) {
 	struct ll_protocol *ll_protocol = netdev->ll_protocol;
-	struct ndp_entry *ndp;
 	int rc;
 
-	ndp = ndp_find_entry ( dest );
-	/* Check if the entry is valid */
-	if ( ndp && ndp->state == NDP_STATE_REACHABLE ) {
-		DBG ( "Neighbour cache hit: IP6 %s => %s %s\n",
-		      inet6_ntoa ( *dest ), ll_protocol->name,
-		      ll_protocol->ntoa ( ndp->ll_addr ) );
-		memcpy ( dest_ll_addr, ndp->ll_addr, ll_protocol->ll_addr_len );
+	/* Silently ignore neighbour solicitations for addresses we do
+	 * not own.
+	 */
+	if ( ! ipv6_has_addr ( netdev, &ndp->target ) )
 		return 0;
-	}
 
-	/* Check if the entry was already created */
-	if ( ndp ) {
-		DBG ( "Awaiting neighbour advertisement\n" );
-		/* For test */
-//		ndp->state = NDP_STATE_REACHABLE;
-//		memcpy ( ndp->ll_addr, netdev->ll_addr, 6 );
-//		assert ( ndp->ll_protocol->ll_addr_len == 6 );
-//		icmp6_test_nadvert ( netdev, dest, ndp->ll_addr );
-//		assert ( ndp->state == NDP_STATE_REACHABLE );
-		/* Take it out till here */
-		return -ENOENT;
+	/* Sanity check */
+	if ( ll_addr_len < ll_protocol->ll_addr_len ) {
+		DBGC ( netdev, "NDP neighbour solicitation link-layer address "
+		       "too short at %zd bytes (min %d bytes)\n",
+		       ll_addr_len, ll_protocol->ll_addr_len );
+		return -EINVAL;
 	}
-	DBG ( "Neighbour cache miss: IP6 %s\n", inet6_ntoa ( *dest ) );
 
-	/* Add entry in the neighbour cache */
-	add_ndp_entry ( netdev, dest, NULL, NDP_STATE_INCOMPLETE );
+	/* Create or update neighbour cache entry */
+	if ( ( rc = neighbour_define ( netdev, &ipv6_protocol,
+				       &sin6_src->sin6_addr,
+				       ll_addr ) ) != 0 ) {
+		DBGC ( netdev, "NDP could not define %s => %s: %s\n",
+		       inet6_ntoa ( &sin6_src->sin6_addr ),
+		       ll_protocol->ntoa ( ll_addr ), strerror ( rc ) );
+		return rc;
+	}
 
-	/* Send neighbour solicitation */
-	if ( ( rc = icmp6_send_solicit ( netdev, src, dest ) ) != 0 ) {
+	/* Send neighbour advertisement */
+	if ( ( rc = ndp_tx_neighbour ( netdev, NULL, sin6_src, &ndp->target,
+				       ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT,
+				       ( NDP_SOLICITED | NDP_OVERRIDE ),
+				       NDP_OPT_LL_TARGET ) ) != 0 ) {
 		return rc;
 	}
-	return -ENOENT;
+
+	return 0;
 }
 
 /**
- * Process neighbour advertisement
+ * Process NDP neighbour advertisement target link-layer address option
  *
- * @v iobuf	I/O buffer
- * @v st_src	Source address
- * @v st_dest	Destination address 
+ * @v netdev		Network device
+ * @v sin6_src		Source socket address
+ * @v ndp		NDP packet
+ * @v ll_addr		Target link-layer address
+ * @v ll_addr_len	Target link-layer address length
+ * @ret rc		Return status code
  */
-int ndp_process_advert ( struct io_buffer *iobuf, struct sockaddr_tcpip *st_src __unused,
-			   struct sockaddr_tcpip *st_dest __unused ) {
-	struct neighbour_advert *nadvert = iobuf->data;
-	struct ndp_entry *ndp;
+static int
+ndp_rx_neighbour_advertisement ( struct net_device *netdev,
+				 struct sockaddr_in6 *sin6_src __unused,
+				 struct ndp_header *ndp, const void *ll_addr,
+				 size_t ll_addr_len ) {
+	struct ll_protocol *ll_protocol = netdev->ll_protocol;
+	int rc;
 
 	/* Sanity check */
-	if ( iob_len ( iobuf ) < sizeof ( *nadvert ) ) {
-		DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) );
+	if ( ll_addr_len < ll_protocol->ll_addr_len ) {
+		DBGC ( netdev, "NDP neighbour advertisement link-layer address "
+		       "too short at %zd bytes (min %d bytes)\n",
+		       ll_addr_len, ll_protocol->ll_addr_len );
 		return -EINVAL;
 	}
 
-	assert ( nadvert->code == 0 );
-	assert ( nadvert->flags & ICMP6_FLAGS_SOLICITED );
-	assert ( nadvert->opt_type == 2 );
+	/* Update neighbour cache entry, if any */
+	if ( ( rc = neighbour_update ( netdev, &ipv6_protocol, &ndp->target,
+				       ll_addr ) ) != 0 ) {
+		DBGC ( netdev, "NDP could not update %s => %s: %s\n",
+		       inet6_ntoa ( &ndp->target ),
+		       ll_protocol->ntoa ( ll_addr ), strerror ( rc ) );
+		return rc;
+	}
 
-	/* Update the neighbour cache, if entry is present */
-	ndp = ndp_find_entry ( &nadvert->target );
-	if ( ndp ) {
+	return 0;
+}
 
-	assert ( nadvert->opt_len ==
-			( ( 2 + ndp->ll_protocol->ll_addr_len ) / 8 ) );
+/** An NDP option handler */
+struct ndp_option_handler {
+	/** ICMPv6 type */
+	uint8_t icmp_type;
+	/** Option type */
+	uint8_t option_type;
+	/**
+	 * Handle received option
+	 *
+	 * @v netdev		Network device
+	 * @v sin6_src		Source socket address
+	 * @v ndp		NDP packet
+	 * @v value		Option value
+	 * @v len		Option length
+	 * @ret rc		Return status code
+	 */
+	int ( * rx ) ( struct net_device *netdev, struct sockaddr_in6 *sin6_src,
+		       struct ndp_header *ndp, const void *value, size_t len );
+};
 
-		if ( IP6_EQUAL ( ndp->in6, nadvert->target ) ) {
-			memcpy ( ndp->ll_addr, nadvert->opt_ll_addr,
-				 ndp->ll_protocol->ll_addr_len );
-			ndp->state = NDP_STATE_REACHABLE;
-			return 0;
+/** NDP option handlers */
+static struct ndp_option_handler ndp_option_handlers[] = {
+	{
+		.icmp_type = ICMPV6_NDP_NEIGHBOUR_SOLICITATION,
+		.option_type = NDP_OPT_LL_SOURCE,
+		.rx = ndp_rx_neighbour_solicitation,
+	},
+	{
+		.icmp_type = ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT,
+		.option_type = NDP_OPT_LL_TARGET,
+		.rx = ndp_rx_neighbour_advertisement,
+	},
+};
+
+/**
+ * Process received NDP option
+ *
+ * @v netdev		Network device
+ * @v sin6_src		Source socket address
+ * @v ndp		NDP packet
+ * @v type		Option type
+ * @v value		Option value
+ * @v len		Option length
+ * @ret rc		Return status code
+ */
+static int ndp_rx_option ( struct net_device *netdev,
+			   struct sockaddr_in6 *sin6_src,
+			   struct ndp_header *ndp, unsigned int type,
+			   const void *value, size_t len ) {
+	struct ndp_option_handler *handler;
+	unsigned int i;
+
+	/* Locate a suitable option handler, if any */
+	for ( i = 0 ; i < ( sizeof ( ndp_option_handlers ) /
+			    sizeof ( ndp_option_handlers[0] ) ) ; i++ ) {
+		handler = &ndp_option_handlers[i];
+		if ( ( handler->icmp_type == ndp->icmp.type ) &&
+		     ( handler->option_type == type ) ) {
+			return handler->rx ( netdev, sin6_src, ndp,
+					     value, len );
 		}
 	}
-	DBG ( "Unsolicited advertisement (dropping packet)\n" );
+
+	/* Silently ignore unknown options as per RFC 4861 */
 	return 0;
 }
+
+/**
+ * Process received NDP packet
+ *
+ * @v iobuf		I/O buffer
+ * @v netdev		Network device
+ * @v sin6_src		Source socket address
+ * @v sin6_dest		Destination socket address
+ * @ret rc		Return status code
+ */
+static int ndp_rx ( struct io_buffer *iobuf,
+		    struct net_device *netdev,
+		    struct sockaddr_in6 *sin6_src,
+		    struct sockaddr_in6 *sin6_dest __unused ) {
+	struct ndp_header *ndp = iobuf->data;
+	struct ndp_option *option;
+	size_t remaining;
+	size_t option_len;
+	size_t option_value_len;
+	int rc;
+
+	/* Sanity check */
+	if ( iob_len ( iobuf ) < sizeof ( *ndp ) ) {
+		DBGC ( netdev, "NDP packet too short at %zd bytes (min %zd "
+		       "bytes)\n", iob_len ( iobuf ), sizeof ( *ndp ) );
+		rc = -EINVAL;
+		goto done;
+	}
+
+	/* Search for option */
+	option = ndp->option;
+	remaining = ( iob_len ( iobuf ) - offsetof ( typeof ( *ndp ), option ));
+	while ( remaining ) {
+
+		/* Sanity check */
+		if ( ( remaining < sizeof ( *option ) ) ||
+		     ( option->blocks == 0 ) ||
+		     ( remaining < ( option->blocks * NDP_OPTION_BLKSZ ) ) ) {
+			DBGC ( netdev, "NDP bad option length:\n" );
+			DBGC_HDA ( netdev, 0, option, remaining );
+			rc = -EINVAL;
+			goto done;
+		}
+		option_len = ( option->blocks * NDP_OPTION_BLKSZ );
+		option_value_len = ( option_len - sizeof ( *option ) );
+
+		/* Handle option */
+		if ( ( rc = ndp_rx_option ( netdev, sin6_src, ndp,
+					    option->type, option->value,
+					    option_value_len ) ) != 0 ) {
+			goto done;
+		}
+
+		/* Move to next option */
+		option = ( ( ( void * ) option ) + option_len );
+		remaining -= option_len;
+	}
+
+ done:
+	free_iob ( iobuf );
+	return rc;
+}
+
+/** NDP ICMPv6 handlers */
+struct icmpv6_handler ndp_handlers[] __icmpv6_handler = {
+	{
+		.type = ICMPV6_NDP_NEIGHBOUR_SOLICITATION,
+		.rx = ndp_rx,
+	},
+	{
+		.type = ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT,
+		.rx = ndp_rx,
+	},
+};