--- zzzz-none-000/linux-5.15.111/net/ipv6/ip6_input.c	2023-05-11 14:00:40.000000000 +0000
+++ puma7-atom-6670-761/linux-5.15.111/net/ipv6/ip6_input.c	2024-02-07 10:23:30.000000000 +0000
@@ -14,6 +14,12 @@
  *	Mitsuru KANDA @USAGI and
  *	YOSHIFUJI Hideaki @USAGI: Remove ipv6_parse_exthdrs().
  */
+/*
+ * Includes Intel Corporation's changes/modifications dated: 2018.
+ * Changed/modified portions - Copyright (c) 2018, Intel Corporation.
+ */
+
+#define pr_fmt(fmt) "IPv6: " fmt
 
 #include <linux/errno.h>
 #include <linux/types.h>
@@ -45,6 +51,8 @@
 #include <net/inet_ecn.h>
 #include <net/dst_metadata.h>
 
+#include <avm/pa/avm_pa.h>
+
 static void ip6_rcv_finish_core(struct net *net, struct sock *sk,
 				struct sk_buff *skb)
 {
@@ -148,7 +156,7 @@
 static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
 				    struct net *net)
 {
-	const struct ipv6hdr *hdr;
+	struct ipv6hdr *hdr;
 	u32 pkt_len;
 	struct inet6_dev *idev;
 
@@ -275,6 +283,18 @@
 		}
 	}
 
+#ifdef CONFIG_INTEL_NS_DEVICE_FILTER
+	if (hdr->nexthdr == IPPROTO_ICMPV6)
+	{
+		struct icmp6hdr *icmpv6_hdr;
+		icmpv6_hdr = icmp6_hdr(skb);
+		if (icmpv6_hdr->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION)
+		{
+			if (intel_ns_handler (skb->dev,&(hdr->daddr),IFA_F_TENTATIVE) == 0)
+			goto drop;
+		}
+	}
+#endif
 	rcu_read_unlock();
 
 	/* Must drop socket now because of tproxy. */
@@ -460,7 +480,7 @@
 	kfree_skb(skb);
 }
 
-static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
+int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
 	rcu_read_lock();
 	ip6_protocol_deliver_rcu(net, skb, 0, false);
@@ -468,7 +488,7 @@
 
 	return 0;
 }
-
+EXPORT_SYMBOL(ip6_input_finish);
 
 int ip6_input(struct sk_buff *skb)
 {
@@ -574,3 +594,44 @@
 
 	return 0;
 }
+
+static void ip6_avm_pa_transmit(void *arg, struct sk_buff *skb)
+{
+	/* We can safely pass NULL as sk parameter, it is just required
+	 * to be a valid netfilter hook. The initiator, ip6_input()
+	 * passes a NULL sock because it doesn't even know the socket yet.
+	 */
+	ip6_input_finish((struct net *) arg, NULL, skb);
+}
+
+static void __init ip6_avm_pa_register(void)
+{
+	struct avm_pa_dev_info *ip6_dev = AVM_PA_NET_IP6_DEVINFO(&init_net);
+	struct avm_pa_pid_cfg cfg = {0};
+	struct avm_pa_pid_ecfg ecfg = {0};
+
+	if (!ip6_dev)
+		return;
+
+	strlcpy(cfg.name, "ipv6", sizeof(cfg.name));
+	cfg.framing = avm_pa_framing_ipdev;
+	cfg.default_mtu = 0xffff;
+	cfg.tx_func = &ip6_avm_pa_transmit;
+	cfg.tx_arg = &init_net;
+
+	if (avm_pa_dev_pid_register(ip6_dev, &cfg) < 0) {
+		pr_err("failed to register avm_pa pid %s\n", cfg.name);
+		return;
+	}
+
+	/* ip6_input_finish() needs a valid IP6CB */
+	ecfg.version = AVM_PA_PID_ECFG_VERSION;
+	ecfg.cb_start = 0;
+	ecfg.cb_len = sizeof(struct inet6_skb_parm);
+	avm_pa_pid_set_ecfg(ip6_dev->pid_handle, &ecfg);
+}
+
+void __init ip6_input_init(void)
+{
+	ip6_avm_pa_register();
+}