1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define DEBUG
45 #define NEIGH_DEBUG 1
46 #define neigh_dbg(level, fmt, ...) \
47 do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50 } while (0)
51
52 #define PNEIGH_HASHMASK 0xF
53
54 static void neigh_timer_handler(struct timer_list *t);
55 static void __neigh_notify(struct neighbour *n, int type, int flags,
56 u32 pid);
57 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
58 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
59 struct net_device *dev);
60
61 #ifdef CONFIG_PROC_FS
62 static const struct seq_operations neigh_stat_seq_ops;
63 #endif
64
65 /*
66 Neighbour hash table buckets are protected with rwlock tbl->lock.
67
68 - All the scans/updates to hash buckets MUST be made under this lock.
69 - NOTHING clever should be made under this lock: no callbacks
70 to protocol backends, no attempts to send something to network.
71 It will result in deadlocks, if backend/driver wants to use neighbour
72 cache.
73 - If the entry requires some non-trivial actions, increase
74 its reference count and release table lock.
75
76 Neighbour entries are protected:
77 - with reference count.
78 - with rwlock neigh->lock
79
80 Reference count prevents destruction.
81
82 neigh->lock mainly serializes ll address data and its validity state.
83 However, the same lock is used to protect another entry fields:
84 - timer
85 - resolution queue
86
87 Again, nothing clever shall be made under neigh->lock,
88 the most complicated procedure, which we allow is dev->hard_header.
89 It is supposed, that dev->hard_header is simplistic and does
90 not make callbacks to neighbour tables.
91 */
92
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)93 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
94 {
95 kfree_skb(skb);
96 return -ENETDOWN;
97 }
98
neigh_cleanup_and_release(struct neighbour * neigh)99 static void neigh_cleanup_and_release(struct neighbour *neigh)
100 {
101 trace_neigh_cleanup_and_release(neigh, 0);
102 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
103 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
104 neigh_release(neigh);
105 }
106
107 /*
108 * It is random distribution in the interval (1/2)*base...(3/2)*base.
109 * It corresponds to default IPv6 settings and is not overridable,
110 * because it is really reasonable choice.
111 */
112
neigh_rand_reach_time(unsigned long base)113 unsigned long neigh_rand_reach_time(unsigned long base)
114 {
115 return base ? (prandom_u32() % base) + (base >> 1) : 0;
116 }
117 EXPORT_SYMBOL(neigh_rand_reach_time);
118
neigh_mark_dead(struct neighbour * n)119 static void neigh_mark_dead(struct neighbour *n)
120 {
121 n->dead = 1;
122 if (!list_empty(&n->gc_list)) {
123 list_del_init(&n->gc_list);
124 atomic_dec(&n->tbl->gc_entries);
125 }
126 }
127
neigh_update_gc_list(struct neighbour * n)128 static void neigh_update_gc_list(struct neighbour *n)
129 {
130 bool on_gc_list, exempt_from_gc;
131
132 write_lock_bh(&n->tbl->lock);
133 write_lock(&n->lock);
134
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153
154 out:
155 write_unlock(&n->lock);
156 write_unlock_bh(&n->tbl->lock);
157 }
158
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)159 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
160 int *notify)
161 {
162 bool rc = false;
163 u8 ndm_flags;
164
165 if (!(flags & NEIGH_UPDATE_F_ADMIN))
166 return rc;
167
168 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
169 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
170 if (ndm_flags & NTF_EXT_LEARNED)
171 neigh->flags |= NTF_EXT_LEARNED;
172 else
173 neigh->flags &= ~NTF_EXT_LEARNED;
174 rc = true;
175 *notify = 1;
176 }
177
178 return rc;
179 }
180
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)181 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
182 struct neigh_table *tbl)
183 {
184 bool retval = false;
185
186 write_lock(&n->lock);
187 if (refcount_read(&n->refcnt) == 1) {
188 struct neighbour *neigh;
189
190 neigh = rcu_dereference_protected(n->next,
191 lockdep_is_held(&tbl->lock));
192 rcu_assign_pointer(*np, neigh);
193 neigh_mark_dead(n);
194 retval = true;
195 }
196 write_unlock(&n->lock);
197 if (retval)
198 neigh_cleanup_and_release(n);
199 return retval;
200 }
201
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)202 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
203 {
204 struct neigh_hash_table *nht;
205 void *pkey = ndel->primary_key;
206 u32 hash_val;
207 struct neighbour *n;
208 struct neighbour __rcu **np;
209
210 nht = rcu_dereference_protected(tbl->nht,
211 lockdep_is_held(&tbl->lock));
212 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
213 hash_val = hash_val >> (32 - nht->hash_shift);
214
215 np = &nht->hash_buckets[hash_val];
216 while ((n = rcu_dereference_protected(*np,
217 lockdep_is_held(&tbl->lock)))) {
218 if (n == ndel)
219 return neigh_del(n, np, tbl);
220 np = &n->next;
221 }
222 return false;
223 }
224
neigh_forced_gc(struct neigh_table * tbl)225 static int neigh_forced_gc(struct neigh_table *tbl)
226 {
227 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
228 unsigned long tref = jiffies - 5 * HZ;
229 struct neighbour *n, *tmp;
230 int shrunk = 0;
231
232 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
233
234 write_lock_bh(&tbl->lock);
235
236 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
237 if (refcount_read(&n->refcnt) == 1) {
238 bool remove = false;
239
240 write_lock(&n->lock);
241 if ((n->nud_state == NUD_FAILED) ||
242 (n->nud_state == NUD_NOARP) ||
243 (tbl->is_multicast &&
244 tbl->is_multicast(n->primary_key)) ||
245 time_after(tref, n->updated))
246 remove = true;
247 write_unlock(&n->lock);
248
249 if (remove && neigh_remove_one(n, tbl))
250 shrunk++;
251 if (shrunk >= max_clean)
252 break;
253 }
254 }
255
256 tbl->last_flush = jiffies;
257
258 write_unlock_bh(&tbl->lock);
259
260 return shrunk;
261 }
262
neigh_add_timer(struct neighbour * n,unsigned long when)263 static void neigh_add_timer(struct neighbour *n, unsigned long when)
264 {
265 neigh_hold(n);
266 if (unlikely(mod_timer(&n->timer, when))) {
267 printk("NEIGH: BUG, double timer add, state is %x\n",
268 n->nud_state);
269 dump_stack();
270 }
271 }
272
neigh_del_timer(struct neighbour * n)273 static int neigh_del_timer(struct neighbour *n)
274 {
275 if ((n->nud_state & NUD_IN_TIMER) &&
276 del_timer(&n->timer)) {
277 neigh_release(n);
278 return 1;
279 }
280 return 0;
281 }
282
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)283 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
284 {
285 struct sk_buff_head tmp;
286 unsigned long flags;
287 struct sk_buff *skb;
288
289 skb_queue_head_init(&tmp);
290 spin_lock_irqsave(&list->lock, flags);
291 skb = skb_peek(list);
292 while (skb != NULL) {
293 struct sk_buff *skb_next = skb_peek_next(skb, list);
294 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
295 __skb_unlink(skb, list);
296 __skb_queue_tail(&tmp, skb);
297 }
298 skb = skb_next;
299 }
300 spin_unlock_irqrestore(&list->lock, flags);
301
302 while ((skb = __skb_dequeue(&tmp))) {
303 dev_put(skb->dev);
304 kfree_skb(skb);
305 }
306 }
307
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)308 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
309 bool skip_perm)
310 {
311 int i;
312 struct neigh_hash_table *nht;
313
314 nht = rcu_dereference_protected(tbl->nht,
315 lockdep_is_held(&tbl->lock));
316
317 for (i = 0; i < (1 << nht->hash_shift); i++) {
318 struct neighbour *n;
319 struct neighbour __rcu **np = &nht->hash_buckets[i];
320
321 while ((n = rcu_dereference_protected(*np,
322 lockdep_is_held(&tbl->lock))) != NULL) {
323 if (dev && n->dev != dev) {
324 np = &n->next;
325 continue;
326 }
327 if (skip_perm && n->nud_state & NUD_PERMANENT) {
328 np = &n->next;
329 continue;
330 }
331 rcu_assign_pointer(*np,
332 rcu_dereference_protected(n->next,
333 lockdep_is_held(&tbl->lock)));
334 write_lock(&n->lock);
335 neigh_del_timer(n);
336 neigh_mark_dead(n);
337 if (refcount_read(&n->refcnt) != 1) {
338 /* The most unpleasant situation.
339 We must destroy neighbour entry,
340 but someone still uses it.
341
342 The destroy will be delayed until
343 the last user releases us, but
344 we must kill timers etc. and move
345 it to safe state.
346 */
347 __skb_queue_purge(&n->arp_queue);
348 n->arp_queue_len_bytes = 0;
349 n->output = neigh_blackhole;
350 if (n->nud_state & NUD_VALID)
351 n->nud_state = NUD_NOARP;
352 else
353 n->nud_state = NUD_NONE;
354 neigh_dbg(2, "neigh %p is stray\n", n);
355 }
356 write_unlock(&n->lock);
357 neigh_cleanup_and_release(n);
358 }
359 }
360 }
361
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)362 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
363 {
364 write_lock_bh(&tbl->lock);
365 neigh_flush_dev(tbl, dev, false);
366 write_unlock_bh(&tbl->lock);
367 }
368 EXPORT_SYMBOL(neigh_changeaddr);
369
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)370 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
371 bool skip_perm)
372 {
373 write_lock_bh(&tbl->lock);
374 neigh_flush_dev(tbl, dev, skip_perm);
375 pneigh_ifdown_and_unlock(tbl, dev);
376 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
377 if (skb_queue_empty_lockless(&tbl->proxy_queue))
378 del_timer_sync(&tbl->proxy_timer);
379 return 0;
380 }
381
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)382 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
383 {
384 __neigh_ifdown(tbl, dev, true);
385 return 0;
386 }
387 EXPORT_SYMBOL(neigh_carrier_down);
388
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)389 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
390 {
391 __neigh_ifdown(tbl, dev, false);
392 return 0;
393 }
394 EXPORT_SYMBOL(neigh_ifdown);
395
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)396 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
397 struct net_device *dev,
398 u8 flags, bool exempt_from_gc)
399 {
400 struct neighbour *n = NULL;
401 unsigned long now = jiffies;
402 int entries;
403
404 if (exempt_from_gc)
405 goto do_alloc;
406
407 entries = atomic_inc_return(&tbl->gc_entries) - 1;
408 if (entries >= tbl->gc_thresh3 ||
409 (entries >= tbl->gc_thresh2 &&
410 time_after(now, tbl->last_flush + 5 * HZ))) {
411 if (!neigh_forced_gc(tbl) &&
412 entries >= tbl->gc_thresh3) {
413 net_info_ratelimited("%s: neighbor table overflow!\n",
414 tbl->id);
415 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
416 goto out_entries;
417 }
418 }
419
420 do_alloc:
421 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
422 if (!n)
423 goto out_entries;
424
425 __skb_queue_head_init(&n->arp_queue);
426 rwlock_init(&n->lock);
427 seqlock_init(&n->ha_lock);
428 n->updated = n->used = now;
429 n->nud_state = NUD_NONE;
430 n->output = neigh_blackhole;
431 n->flags = flags;
432 seqlock_init(&n->hh.hh_lock);
433 n->parms = neigh_parms_clone(&tbl->parms);
434 timer_setup(&n->timer, neigh_timer_handler, 0);
435
436 NEIGH_CACHE_STAT_INC(tbl, allocs);
437 n->tbl = tbl;
438 refcount_set(&n->refcnt, 1);
439 n->dead = 1;
440 INIT_LIST_HEAD(&n->gc_list);
441
442 atomic_inc(&tbl->entries);
443 out:
444 return n;
445
446 out_entries:
447 if (!exempt_from_gc)
448 atomic_dec(&tbl->gc_entries);
449 goto out;
450 }
451
neigh_get_hash_rnd(u32 * x)452 static void neigh_get_hash_rnd(u32 *x)
453 {
454 *x = get_random_u32() | 1;
455 }
456
neigh_hash_alloc(unsigned int shift)457 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
458 {
459 size_t size = (1 << shift) * sizeof(struct neighbour *);
460 struct neigh_hash_table *ret;
461 struct neighbour __rcu **buckets;
462 int i;
463
464 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
465 if (!ret)
466 return NULL;
467 if (size <= PAGE_SIZE) {
468 buckets = kzalloc(size, GFP_ATOMIC);
469 } else {
470 buckets = (struct neighbour __rcu **)
471 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
472 get_order(size));
473 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
474 }
475 if (!buckets) {
476 kfree(ret);
477 return NULL;
478 }
479 ret->hash_buckets = buckets;
480 ret->hash_shift = shift;
481 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
482 neigh_get_hash_rnd(&ret->hash_rnd[i]);
483 return ret;
484 }
485
neigh_hash_free_rcu(struct rcu_head * head)486 static void neigh_hash_free_rcu(struct rcu_head *head)
487 {
488 struct neigh_hash_table *nht = container_of(head,
489 struct neigh_hash_table,
490 rcu);
491 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
492 struct neighbour __rcu **buckets = nht->hash_buckets;
493
494 if (size <= PAGE_SIZE) {
495 kfree(buckets);
496 } else {
497 kmemleak_free(buckets);
498 free_pages((unsigned long)buckets, get_order(size));
499 }
500 kfree(nht);
501 }
502
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)503 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
504 unsigned long new_shift)
505 {
506 unsigned int i, hash;
507 struct neigh_hash_table *new_nht, *old_nht;
508
509 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
510
511 old_nht = rcu_dereference_protected(tbl->nht,
512 lockdep_is_held(&tbl->lock));
513 new_nht = neigh_hash_alloc(new_shift);
514 if (!new_nht)
515 return old_nht;
516
517 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
518 struct neighbour *n, *next;
519
520 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
521 lockdep_is_held(&tbl->lock));
522 n != NULL;
523 n = next) {
524 hash = tbl->hash(n->primary_key, n->dev,
525 new_nht->hash_rnd);
526
527 hash >>= (32 - new_nht->hash_shift);
528 next = rcu_dereference_protected(n->next,
529 lockdep_is_held(&tbl->lock));
530
531 rcu_assign_pointer(n->next,
532 rcu_dereference_protected(
533 new_nht->hash_buckets[hash],
534 lockdep_is_held(&tbl->lock)));
535 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
536 }
537 }
538
539 rcu_assign_pointer(tbl->nht, new_nht);
540 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
541 return new_nht;
542 }
543
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)544 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
545 struct net_device *dev)
546 {
547 struct neighbour *n;
548
549 NEIGH_CACHE_STAT_INC(tbl, lookups);
550
551 rcu_read_lock_bh();
552 n = __neigh_lookup_noref(tbl, pkey, dev);
553 if (n) {
554 if (!refcount_inc_not_zero(&n->refcnt))
555 n = NULL;
556 NEIGH_CACHE_STAT_INC(tbl, hits);
557 }
558
559 rcu_read_unlock_bh();
560 return n;
561 }
562 EXPORT_SYMBOL(neigh_lookup);
563
neigh_lookup_nodev(struct neigh_table * tbl,struct net * net,const void * pkey)564 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
565 const void *pkey)
566 {
567 struct neighbour *n;
568 unsigned int key_len = tbl->key_len;
569 u32 hash_val;
570 struct neigh_hash_table *nht;
571
572 NEIGH_CACHE_STAT_INC(tbl, lookups);
573
574 rcu_read_lock_bh();
575 nht = rcu_dereference_bh(tbl->nht);
576 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
577
578 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
579 n != NULL;
580 n = rcu_dereference_bh(n->next)) {
581 if (!memcmp(n->primary_key, pkey, key_len) &&
582 net_eq(dev_net(n->dev), net)) {
583 if (!refcount_inc_not_zero(&n->refcnt))
584 n = NULL;
585 NEIGH_CACHE_STAT_INC(tbl, hits);
586 break;
587 }
588 }
589
590 rcu_read_unlock_bh();
591 return n;
592 }
593 EXPORT_SYMBOL(neigh_lookup_nodev);
594
595 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)596 ___neigh_create(struct neigh_table *tbl, const void *pkey,
597 struct net_device *dev, u8 flags,
598 bool exempt_from_gc, bool want_ref)
599 {
600 u32 hash_val, key_len = tbl->key_len;
601 struct neighbour *n1, *rc, *n;
602 struct neigh_hash_table *nht;
603 int error;
604
605 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
606 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
607 if (!n) {
608 rc = ERR_PTR(-ENOBUFS);
609 goto out;
610 }
611
612 memcpy(n->primary_key, pkey, key_len);
613 n->dev = dev;
614 dev_hold(dev);
615
616 /* Protocol specific setup. */
617 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
618 rc = ERR_PTR(error);
619 goto out_neigh_release;
620 }
621
622 if (dev->netdev_ops->ndo_neigh_construct) {
623 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
624 if (error < 0) {
625 rc = ERR_PTR(error);
626 goto out_neigh_release;
627 }
628 }
629
630 /* Device specific setup. */
631 if (n->parms->neigh_setup &&
632 (error = n->parms->neigh_setup(n)) < 0) {
633 rc = ERR_PTR(error);
634 goto out_neigh_release;
635 }
636
637 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
638
639 write_lock_bh(&tbl->lock);
640 nht = rcu_dereference_protected(tbl->nht,
641 lockdep_is_held(&tbl->lock));
642
643 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
644 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
645
646 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
647
648 if (n->parms->dead) {
649 rc = ERR_PTR(-EINVAL);
650 goto out_tbl_unlock;
651 }
652
653 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
654 lockdep_is_held(&tbl->lock));
655 n1 != NULL;
656 n1 = rcu_dereference_protected(n1->next,
657 lockdep_is_held(&tbl->lock))) {
658 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
659 if (want_ref)
660 neigh_hold(n1);
661 rc = n1;
662 goto out_tbl_unlock;
663 }
664 }
665
666 n->dead = 0;
667 if (!exempt_from_gc)
668 list_add_tail(&n->gc_list, &n->tbl->gc_list);
669
670 if (want_ref)
671 neigh_hold(n);
672 rcu_assign_pointer(n->next,
673 rcu_dereference_protected(nht->hash_buckets[hash_val],
674 lockdep_is_held(&tbl->lock)));
675 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
676 write_unlock_bh(&tbl->lock);
677 neigh_dbg(2, "neigh %p is created\n", n);
678 rc = n;
679 out:
680 return rc;
681 out_tbl_unlock:
682 write_unlock_bh(&tbl->lock);
683 out_neigh_release:
684 if (!exempt_from_gc)
685 atomic_dec(&tbl->gc_entries);
686 neigh_release(n);
687 goto out;
688 }
689
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)690 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
691 struct net_device *dev, bool want_ref)
692 {
693 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
694 }
695 EXPORT_SYMBOL(__neigh_create);
696
pneigh_hash(const void * pkey,unsigned int key_len)697 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
698 {
699 u32 hash_val = *(u32 *)(pkey + key_len - 4);
700 hash_val ^= (hash_val >> 16);
701 hash_val ^= hash_val >> 8;
702 hash_val ^= hash_val >> 4;
703 hash_val &= PNEIGH_HASHMASK;
704 return hash_val;
705 }
706
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)707 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
708 struct net *net,
709 const void *pkey,
710 unsigned int key_len,
711 struct net_device *dev)
712 {
713 while (n) {
714 if (!memcmp(n->key, pkey, key_len) &&
715 net_eq(pneigh_net(n), net) &&
716 (n->dev == dev || !n->dev))
717 return n;
718 n = n->next;
719 }
720 return NULL;
721 }
722
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)723 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
724 struct net *net, const void *pkey, struct net_device *dev)
725 {
726 unsigned int key_len = tbl->key_len;
727 u32 hash_val = pneigh_hash(pkey, key_len);
728
729 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
730 net, pkey, key_len, dev);
731 }
732 EXPORT_SYMBOL_GPL(__pneigh_lookup);
733
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)734 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
735 struct net *net, const void *pkey,
736 struct net_device *dev, int creat)
737 {
738 struct pneigh_entry *n;
739 unsigned int key_len = tbl->key_len;
740 u32 hash_val = pneigh_hash(pkey, key_len);
741
742 read_lock_bh(&tbl->lock);
743 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
744 net, pkey, key_len, dev);
745 read_unlock_bh(&tbl->lock);
746
747 if (n || !creat)
748 goto out;
749
750 ASSERT_RTNL();
751
752 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
753 if (!n)
754 goto out;
755
756 write_pnet(&n->net, net);
757 memcpy(n->key, pkey, key_len);
758 n->dev = dev;
759 if (dev)
760 dev_hold(dev);
761
762 if (tbl->pconstructor && tbl->pconstructor(n)) {
763 if (dev)
764 dev_put(dev);
765 kfree(n);
766 n = NULL;
767 goto out;
768 }
769
770 write_lock_bh(&tbl->lock);
771 n->next = tbl->phash_buckets[hash_val];
772 tbl->phash_buckets[hash_val] = n;
773 write_unlock_bh(&tbl->lock);
774 out:
775 return n;
776 }
777 EXPORT_SYMBOL(pneigh_lookup);
778
779
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)780 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
781 struct net_device *dev)
782 {
783 struct pneigh_entry *n, **np;
784 unsigned int key_len = tbl->key_len;
785 u32 hash_val = pneigh_hash(pkey, key_len);
786
787 write_lock_bh(&tbl->lock);
788 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
789 np = &n->next) {
790 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
791 net_eq(pneigh_net(n), net)) {
792 *np = n->next;
793 write_unlock_bh(&tbl->lock);
794 if (tbl->pdestructor)
795 tbl->pdestructor(n);
796 if (n->dev)
797 dev_put(n->dev);
798 kfree(n);
799 return 0;
800 }
801 }
802 write_unlock_bh(&tbl->lock);
803 return -ENOENT;
804 }
805
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)806 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
807 struct net_device *dev)
808 {
809 struct pneigh_entry *n, **np, *freelist = NULL;
810 u32 h;
811
812 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
813 np = &tbl->phash_buckets[h];
814 while ((n = *np) != NULL) {
815 if (!dev || n->dev == dev) {
816 *np = n->next;
817 n->next = freelist;
818 freelist = n;
819 continue;
820 }
821 np = &n->next;
822 }
823 }
824 write_unlock_bh(&tbl->lock);
825 while ((n = freelist)) {
826 freelist = n->next;
827 n->next = NULL;
828 if (tbl->pdestructor)
829 tbl->pdestructor(n);
830 if (n->dev)
831 dev_put(n->dev);
832 kfree(n);
833 }
834 return -ENOENT;
835 }
836
837 static void neigh_parms_destroy(struct neigh_parms *parms);
838
neigh_parms_put(struct neigh_parms * parms)839 static inline void neigh_parms_put(struct neigh_parms *parms)
840 {
841 if (refcount_dec_and_test(&parms->refcnt))
842 neigh_parms_destroy(parms);
843 }
844
845 /*
846 * neighbour must already be out of the table;
847 *
848 */
neigh_destroy(struct neighbour * neigh)849 void neigh_destroy(struct neighbour *neigh)
850 {
851 struct net_device *dev = neigh->dev;
852
853 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
854
855 if (!neigh->dead) {
856 pr_warn("Destroying alive neighbour %p\n", neigh);
857 dump_stack();
858 return;
859 }
860
861 if (neigh_del_timer(neigh))
862 pr_warn("Impossible event\n");
863
864 write_lock_bh(&neigh->lock);
865 __skb_queue_purge(&neigh->arp_queue);
866 write_unlock_bh(&neigh->lock);
867 neigh->arp_queue_len_bytes = 0;
868
869 if (dev->netdev_ops->ndo_neigh_destroy)
870 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
871
872 dev_put(dev);
873 neigh_parms_put(neigh->parms);
874
875 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
876
877 atomic_dec(&neigh->tbl->entries);
878 kfree_rcu(neigh, rcu);
879 }
880 EXPORT_SYMBOL(neigh_destroy);
881
882 /* Neighbour state is suspicious;
883 disable fast path.
884
885 Called with write_locked neigh.
886 */
neigh_suspect(struct neighbour * neigh)887 static void neigh_suspect(struct neighbour *neigh)
888 {
889 neigh_dbg(2, "neigh %p is suspected\n", neigh);
890
891 neigh->output = neigh->ops->output;
892 }
893
894 /* Neighbour state is OK;
895 enable fast path.
896
897 Called with write_locked neigh.
898 */
neigh_connect(struct neighbour * neigh)899 static void neigh_connect(struct neighbour *neigh)
900 {
901 neigh_dbg(2, "neigh %p is connected\n", neigh);
902
903 neigh->output = neigh->ops->connected_output;
904 }
905
neigh_periodic_work(struct work_struct * work)906 static void neigh_periodic_work(struct work_struct *work)
907 {
908 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
909 struct neighbour *n;
910 struct neighbour __rcu **np;
911 unsigned int i;
912 struct neigh_hash_table *nht;
913
914 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
915
916 write_lock_bh(&tbl->lock);
917 nht = rcu_dereference_protected(tbl->nht,
918 lockdep_is_held(&tbl->lock));
919
920 /*
921 * periodically recompute ReachableTime from random function
922 */
923
924 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
925 struct neigh_parms *p;
926 tbl->last_rand = jiffies;
927 list_for_each_entry(p, &tbl->parms_list, list)
928 p->reachable_time =
929 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
930 }
931
932 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
933 goto out;
934
935 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
936 np = &nht->hash_buckets[i];
937
938 while ((n = rcu_dereference_protected(*np,
939 lockdep_is_held(&tbl->lock))) != NULL) {
940 unsigned int state;
941
942 write_lock(&n->lock);
943
944 state = n->nud_state;
945 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
946 (n->flags & NTF_EXT_LEARNED)) {
947 write_unlock(&n->lock);
948 goto next_elt;
949 }
950
951 if (time_before(n->used, n->confirmed))
952 n->used = n->confirmed;
953
954 if (refcount_read(&n->refcnt) == 1 &&
955 (state == NUD_FAILED ||
956 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
957 *np = n->next;
958 neigh_mark_dead(n);
959 write_unlock(&n->lock);
960 neigh_cleanup_and_release(n);
961 continue;
962 }
963 write_unlock(&n->lock);
964
965 next_elt:
966 np = &n->next;
967 }
968 /*
969 * It's fine to release lock here, even if hash table
970 * grows while we are preempted.
971 */
972 write_unlock_bh(&tbl->lock);
973 cond_resched();
974 write_lock_bh(&tbl->lock);
975 nht = rcu_dereference_protected(tbl->nht,
976 lockdep_is_held(&tbl->lock));
977 }
978 out:
979 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
980 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
981 * BASE_REACHABLE_TIME.
982 */
983 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
984 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
985 write_unlock_bh(&tbl->lock);
986 }
987
neigh_max_probes(struct neighbour * n)988 static __inline__ int neigh_max_probes(struct neighbour *n)
989 {
990 struct neigh_parms *p = n->parms;
991 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
992 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
993 NEIGH_VAR(p, MCAST_PROBES));
994 }
995
neigh_invalidate(struct neighbour * neigh)996 static void neigh_invalidate(struct neighbour *neigh)
997 __releases(neigh->lock)
998 __acquires(neigh->lock)
999 {
1000 struct sk_buff *skb;
1001
1002 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1003 neigh_dbg(2, "neigh %p is failed\n", neigh);
1004 neigh->updated = jiffies;
1005
1006 /* It is very thin place. report_unreachable is very complicated
1007 routine. Particularly, it can hit the same neighbour entry!
1008
1009 So that, we try to be accurate and avoid dead loop. --ANK
1010 */
1011 while (neigh->nud_state == NUD_FAILED &&
1012 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1013 write_unlock(&neigh->lock);
1014 neigh->ops->error_report(neigh, skb);
1015 write_lock(&neigh->lock);
1016 }
1017 __skb_queue_purge(&neigh->arp_queue);
1018 neigh->arp_queue_len_bytes = 0;
1019 }
1020
neigh_probe(struct neighbour * neigh)1021 static void neigh_probe(struct neighbour *neigh)
1022 __releases(neigh->lock)
1023 {
1024 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1025 /* keep skb alive even if arp_queue overflows */
1026 if (skb)
1027 skb = skb_clone(skb, GFP_ATOMIC);
1028 write_unlock(&neigh->lock);
1029 if (neigh->ops->solicit)
1030 neigh->ops->solicit(neigh, skb);
1031 atomic_inc(&neigh->probes);
1032 consume_skb(skb);
1033 }
1034
1035 /* Called when a timer expires for a neighbour entry. */
1036
neigh_timer_handler(struct timer_list * t)1037 static void neigh_timer_handler(struct timer_list *t)
1038 {
1039 unsigned long now, next;
1040 struct neighbour *neigh = from_timer(neigh, t, timer);
1041 unsigned int state;
1042 int notify = 0;
1043
1044 write_lock(&neigh->lock);
1045
1046 state = neigh->nud_state;
1047 now = jiffies;
1048 next = now + HZ;
1049
1050 if (!(state & NUD_IN_TIMER))
1051 goto out;
1052
1053 if (state & NUD_REACHABLE) {
1054 if (time_before_eq(now,
1055 neigh->confirmed + neigh->parms->reachable_time)) {
1056 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1057 next = neigh->confirmed + neigh->parms->reachable_time;
1058 } else if (time_before_eq(now,
1059 neigh->used +
1060 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1061 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1062 neigh->nud_state = NUD_DELAY;
1063 neigh->updated = jiffies;
1064 neigh_suspect(neigh);
1065 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1066 } else {
1067 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1068 neigh->nud_state = NUD_STALE;
1069 neigh->updated = jiffies;
1070 neigh_suspect(neigh);
1071 notify = 1;
1072 }
1073 } else if (state & NUD_DELAY) {
1074 if (time_before_eq(now,
1075 neigh->confirmed +
1076 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1077 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1078 neigh->nud_state = NUD_REACHABLE;
1079 neigh->updated = jiffies;
1080 neigh_connect(neigh);
1081 notify = 1;
1082 next = neigh->confirmed + neigh->parms->reachable_time;
1083 } else {
1084 neigh_dbg(2, "neigh %p is probed\n", neigh);
1085 neigh->nud_state = NUD_PROBE;
1086 neigh->updated = jiffies;
1087 atomic_set(&neigh->probes, 0);
1088 notify = 1;
1089 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1090 HZ/100);
1091 }
1092 } else {
1093 /* NUD_PROBE|NUD_INCOMPLETE */
1094 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1095 }
1096
1097 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1098 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1099 neigh->nud_state = NUD_FAILED;
1100 notify = 1;
1101 neigh_invalidate(neigh);
1102 goto out;
1103 }
1104
1105 if (neigh->nud_state & NUD_IN_TIMER) {
1106 if (time_before(next, jiffies + HZ/100))
1107 next = jiffies + HZ/100;
1108 if (!mod_timer(&neigh->timer, next))
1109 neigh_hold(neigh);
1110 }
1111 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1112 neigh_probe(neigh);
1113 } else {
1114 out:
1115 write_unlock(&neigh->lock);
1116 }
1117
1118 if (notify)
1119 neigh_update_notify(neigh, 0);
1120
1121 trace_neigh_timer_handler(neigh, 0);
1122
1123 neigh_release(neigh);
1124 }
1125
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1126 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1127 {
1128 int rc;
1129 bool immediate_probe = false;
1130
1131 write_lock_bh(&neigh->lock);
1132
1133 rc = 0;
1134 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1135 goto out_unlock_bh;
1136 if (neigh->dead)
1137 goto out_dead;
1138
1139 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1140 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1141 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1142 unsigned long next, now = jiffies;
1143
1144 atomic_set(&neigh->probes,
1145 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1146 neigh_del_timer(neigh);
1147 neigh->nud_state = NUD_INCOMPLETE;
1148 neigh->updated = now;
1149 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1150 HZ/100);
1151 neigh_add_timer(neigh, next);
1152 immediate_probe = true;
1153 } else {
1154 neigh->nud_state = NUD_FAILED;
1155 neigh->updated = jiffies;
1156 write_unlock_bh(&neigh->lock);
1157
1158 kfree_skb(skb);
1159 return 1;
1160 }
1161 } else if (neigh->nud_state & NUD_STALE) {
1162 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1163 neigh_del_timer(neigh);
1164 neigh->nud_state = NUD_DELAY;
1165 neigh->updated = jiffies;
1166 neigh_add_timer(neigh, jiffies +
1167 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1168 }
1169
1170 if (neigh->nud_state == NUD_INCOMPLETE) {
1171 if (skb) {
1172 while (neigh->arp_queue_len_bytes + skb->truesize >
1173 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1174 struct sk_buff *buff;
1175
1176 buff = __skb_dequeue(&neigh->arp_queue);
1177 if (!buff)
1178 break;
1179 neigh->arp_queue_len_bytes -= buff->truesize;
1180 kfree_skb(buff);
1181 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1182 }
1183 skb_dst_force(skb);
1184 __skb_queue_tail(&neigh->arp_queue, skb);
1185 neigh->arp_queue_len_bytes += skb->truesize;
1186 }
1187 rc = 1;
1188 }
1189 out_unlock_bh:
1190 if (immediate_probe)
1191 neigh_probe(neigh);
1192 else
1193 write_unlock(&neigh->lock);
1194 local_bh_enable();
1195 trace_neigh_event_send_done(neigh, rc);
1196 return rc;
1197
1198 out_dead:
1199 if (neigh->nud_state & NUD_STALE)
1200 goto out_unlock_bh;
1201 write_unlock_bh(&neigh->lock);
1202 kfree_skb(skb);
1203 trace_neigh_event_send_dead(neigh, 1);
1204 return 1;
1205 }
1206 EXPORT_SYMBOL(__neigh_event_send);
1207
neigh_update_hhs(struct neighbour * neigh)1208 static void neigh_update_hhs(struct neighbour *neigh)
1209 {
1210 struct hh_cache *hh;
1211 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1212 = NULL;
1213
1214 if (neigh->dev->header_ops)
1215 update = neigh->dev->header_ops->cache_update;
1216
1217 if (update) {
1218 hh = &neigh->hh;
1219 if (READ_ONCE(hh->hh_len)) {
1220 write_seqlock_bh(&hh->hh_lock);
1221 update(hh, neigh->dev, neigh->ha);
1222 write_sequnlock_bh(&hh->hh_lock);
1223 }
1224 }
1225 }
1226
1227
1228
1229 /* Generic update routine.
1230 -- lladdr is new lladdr or NULL, if it is not supplied.
1231 -- new is new state.
1232 -- flags
1233 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1234 if it is different.
1235 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1236 lladdr instead of overriding it
1237 if it is different.
1238 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1239 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1240 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1241 NTF_ROUTER flag.
1242 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1243 a router.
1244
1245 Caller MUST hold reference count on the entry.
1246 */
1247
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1248 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1249 u8 new, u32 flags, u32 nlmsg_pid,
1250 struct netlink_ext_ack *extack)
1251 {
1252 bool ext_learn_change = false;
1253 u8 old;
1254 int err;
1255 int notify = 0;
1256 struct net_device *dev;
1257 int update_isrouter = 0;
1258
1259 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1260
1261 write_lock_bh(&neigh->lock);
1262
1263 dev = neigh->dev;
1264 old = neigh->nud_state;
1265 err = -EPERM;
1266
1267 if (neigh->dead) {
1268 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1269 new = old;
1270 goto out;
1271 }
1272 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1273 (old & (NUD_NOARP | NUD_PERMANENT)))
1274 goto out;
1275
1276 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1277 if (flags & NEIGH_UPDATE_F_USE) {
1278 new = old & ~NUD_PERMANENT;
1279 neigh->nud_state = new;
1280 err = 0;
1281 goto out;
1282 }
1283
1284 if (!(new & NUD_VALID)) {
1285 neigh_del_timer(neigh);
1286 if (old & NUD_CONNECTED)
1287 neigh_suspect(neigh);
1288 neigh->nud_state = new;
1289 err = 0;
1290 notify = old & NUD_VALID;
1291 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1292 (new & NUD_FAILED)) {
1293 neigh_invalidate(neigh);
1294 notify = 1;
1295 }
1296 goto out;
1297 }
1298
1299 /* Compare new lladdr with cached one */
1300 if (!dev->addr_len) {
1301 /* First case: device needs no address. */
1302 lladdr = neigh->ha;
1303 } else if (lladdr) {
1304 /* The second case: if something is already cached
1305 and a new address is proposed:
1306 - compare new & old
1307 - if they are different, check override flag
1308 */
1309 if ((old & NUD_VALID) &&
1310 !memcmp(lladdr, neigh->ha, dev->addr_len))
1311 lladdr = neigh->ha;
1312 } else {
1313 /* No address is supplied; if we know something,
1314 use it, otherwise discard the request.
1315 */
1316 err = -EINVAL;
1317 if (!(old & NUD_VALID)) {
1318 NL_SET_ERR_MSG(extack, "No link layer address given");
1319 goto out;
1320 }
1321 lladdr = neigh->ha;
1322 }
1323
1324 /* Update confirmed timestamp for neighbour entry after we
1325 * received ARP packet even if it doesn't change IP to MAC binding.
1326 */
1327 if (new & NUD_CONNECTED)
1328 neigh->confirmed = jiffies;
1329
1330 /* If entry was valid and address is not changed,
1331 do not change entry state, if new one is STALE.
1332 */
1333 err = 0;
1334 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1335 if (old & NUD_VALID) {
1336 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1337 update_isrouter = 0;
1338 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1339 (old & NUD_CONNECTED)) {
1340 lladdr = neigh->ha;
1341 new = NUD_STALE;
1342 } else
1343 goto out;
1344 } else {
1345 if (lladdr == neigh->ha && new == NUD_STALE &&
1346 !(flags & NEIGH_UPDATE_F_ADMIN))
1347 new = old;
1348 }
1349 }
1350
1351 /* Update timestamp only once we know we will make a change to the
1352 * neighbour entry. Otherwise we risk to move the locktime window with
1353 * noop updates and ignore relevant ARP updates.
1354 */
1355 if (new != old || lladdr != neigh->ha)
1356 neigh->updated = jiffies;
1357
1358 if (new != old) {
1359 neigh_del_timer(neigh);
1360 if (new & NUD_PROBE)
1361 atomic_set(&neigh->probes, 0);
1362 if (new & NUD_IN_TIMER)
1363 neigh_add_timer(neigh, (jiffies +
1364 ((new & NUD_REACHABLE) ?
1365 neigh->parms->reachable_time :
1366 0)));
1367 neigh->nud_state = new;
1368 notify = 1;
1369 }
1370
1371 if (lladdr != neigh->ha) {
1372 write_seqlock(&neigh->ha_lock);
1373 memcpy(&neigh->ha, lladdr, dev->addr_len);
1374 write_sequnlock(&neigh->ha_lock);
1375 neigh_update_hhs(neigh);
1376 if (!(new & NUD_CONNECTED))
1377 neigh->confirmed = jiffies -
1378 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1379 notify = 1;
1380 }
1381 if (new == old)
1382 goto out;
1383 if (new & NUD_CONNECTED)
1384 neigh_connect(neigh);
1385 else
1386 neigh_suspect(neigh);
1387 if (!(old & NUD_VALID)) {
1388 struct sk_buff *skb;
1389
1390 /* Again: avoid dead loop if something went wrong */
1391
1392 while (neigh->nud_state & NUD_VALID &&
1393 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1394 struct dst_entry *dst = skb_dst(skb);
1395 struct neighbour *n2, *n1 = neigh;
1396 write_unlock_bh(&neigh->lock);
1397
1398 rcu_read_lock();
1399
1400 /* Why not just use 'neigh' as-is? The problem is that
1401 * things such as shaper, eql, and sch_teql can end up
1402 * using alternative, different, neigh objects to output
1403 * the packet in the output path. So what we need to do
1404 * here is re-lookup the top-level neigh in the path so
1405 * we can reinject the packet there.
1406 */
1407 n2 = NULL;
1408 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1409 n2 = dst_neigh_lookup_skb(dst, skb);
1410 if (n2)
1411 n1 = n2;
1412 }
1413 n1->output(n1, skb);
1414 if (n2)
1415 neigh_release(n2);
1416 rcu_read_unlock();
1417
1418 write_lock_bh(&neigh->lock);
1419 }
1420 __skb_queue_purge(&neigh->arp_queue);
1421 neigh->arp_queue_len_bytes = 0;
1422 }
1423 out:
1424 if (update_isrouter)
1425 neigh_update_is_router(neigh, flags, ¬ify);
1426 write_unlock_bh(&neigh->lock);
1427
1428 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1429 neigh_update_gc_list(neigh);
1430
1431 if (notify)
1432 neigh_update_notify(neigh, nlmsg_pid);
1433
1434 trace_neigh_update_done(neigh, err);
1435
1436 return err;
1437 }
1438
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1439 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1440 u32 flags, u32 nlmsg_pid)
1441 {
1442 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1443 }
1444 EXPORT_SYMBOL(neigh_update);
1445
1446 /* Update the neigh to listen temporarily for probe responses, even if it is
1447 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1448 */
__neigh_set_probe_once(struct neighbour * neigh)1449 void __neigh_set_probe_once(struct neighbour *neigh)
1450 {
1451 if (neigh->dead)
1452 return;
1453 neigh->updated = jiffies;
1454 if (!(neigh->nud_state & NUD_FAILED))
1455 return;
1456 neigh->nud_state = NUD_INCOMPLETE;
1457 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1458 neigh_add_timer(neigh,
1459 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1460 HZ/100));
1461 }
1462 EXPORT_SYMBOL(__neigh_set_probe_once);
1463
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1464 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1465 u8 *lladdr, void *saddr,
1466 struct net_device *dev)
1467 {
1468 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1469 lladdr || !dev->addr_len);
1470 if (neigh)
1471 neigh_update(neigh, lladdr, NUD_STALE,
1472 NEIGH_UPDATE_F_OVERRIDE, 0);
1473 return neigh;
1474 }
1475 EXPORT_SYMBOL(neigh_event_ns);
1476
1477 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1478 static void neigh_hh_init(struct neighbour *n)
1479 {
1480 struct net_device *dev = n->dev;
1481 __be16 prot = n->tbl->protocol;
1482 struct hh_cache *hh = &n->hh;
1483
1484 write_lock_bh(&n->lock);
1485
1486 /* Only one thread can come in here and initialize the
1487 * hh_cache entry.
1488 */
1489 if (!hh->hh_len)
1490 dev->header_ops->cache(n, hh, prot);
1491
1492 write_unlock_bh(&n->lock);
1493 }
1494
1495 /* Slow and careful. */
1496
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1497 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1498 {
1499 int rc = 0;
1500
1501 if (!neigh_event_send(neigh, skb)) {
1502 int err;
1503 struct net_device *dev = neigh->dev;
1504 unsigned int seq;
1505
1506 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1507 neigh_hh_init(neigh);
1508
1509 do {
1510 __skb_pull(skb, skb_network_offset(skb));
1511 seq = read_seqbegin(&neigh->ha_lock);
1512 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1513 neigh->ha, NULL, skb->len);
1514 } while (read_seqretry(&neigh->ha_lock, seq));
1515
1516 if (err >= 0)
1517 rc = dev_queue_xmit(skb);
1518 else
1519 goto out_kfree_skb;
1520 }
1521 out:
1522 return rc;
1523 out_kfree_skb:
1524 rc = -EINVAL;
1525 kfree_skb(skb);
1526 goto out;
1527 }
1528 EXPORT_SYMBOL(neigh_resolve_output);
1529
1530 /* As fast as possible without hh cache */
1531
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1532 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1533 {
1534 struct net_device *dev = neigh->dev;
1535 unsigned int seq;
1536 int err;
1537
1538 do {
1539 __skb_pull(skb, skb_network_offset(skb));
1540 seq = read_seqbegin(&neigh->ha_lock);
1541 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1542 neigh->ha, NULL, skb->len);
1543 } while (read_seqretry(&neigh->ha_lock, seq));
1544
1545 if (err >= 0)
1546 err = dev_queue_xmit(skb);
1547 else {
1548 err = -EINVAL;
1549 kfree_skb(skb);
1550 }
1551 return err;
1552 }
1553 EXPORT_SYMBOL(neigh_connected_output);
1554
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1555 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1556 {
1557 return dev_queue_xmit(skb);
1558 }
1559 EXPORT_SYMBOL(neigh_direct_output);
1560
neigh_proxy_process(struct timer_list * t)1561 static void neigh_proxy_process(struct timer_list *t)
1562 {
1563 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1564 long sched_next = 0;
1565 unsigned long now = jiffies;
1566 struct sk_buff *skb, *n;
1567
1568 spin_lock(&tbl->proxy_queue.lock);
1569
1570 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1571 long tdif = NEIGH_CB(skb)->sched_next - now;
1572
1573 if (tdif <= 0) {
1574 struct net_device *dev = skb->dev;
1575
1576 __skb_unlink(skb, &tbl->proxy_queue);
1577 if (tbl->proxy_redo && netif_running(dev)) {
1578 rcu_read_lock();
1579 tbl->proxy_redo(skb);
1580 rcu_read_unlock();
1581 } else {
1582 kfree_skb(skb);
1583 }
1584
1585 dev_put(dev);
1586 } else if (!sched_next || tdif < sched_next)
1587 sched_next = tdif;
1588 }
1589 del_timer(&tbl->proxy_timer);
1590 if (sched_next)
1591 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1592 spin_unlock(&tbl->proxy_queue.lock);
1593 }
1594
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1595 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1596 struct sk_buff *skb)
1597 {
1598 unsigned long now = jiffies;
1599
1600 unsigned long sched_next = now + (prandom_u32() %
1601 NEIGH_VAR(p, PROXY_DELAY));
1602
1603 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1604 kfree_skb(skb);
1605 return;
1606 }
1607
1608 NEIGH_CB(skb)->sched_next = sched_next;
1609 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1610
1611 spin_lock(&tbl->proxy_queue.lock);
1612 if (del_timer(&tbl->proxy_timer)) {
1613 if (time_before(tbl->proxy_timer.expires, sched_next))
1614 sched_next = tbl->proxy_timer.expires;
1615 }
1616 skb_dst_drop(skb);
1617 dev_hold(skb->dev);
1618 __skb_queue_tail(&tbl->proxy_queue, skb);
1619 mod_timer(&tbl->proxy_timer, sched_next);
1620 spin_unlock(&tbl->proxy_queue.lock);
1621 }
1622 EXPORT_SYMBOL(pneigh_enqueue);
1623
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1624 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1625 struct net *net, int ifindex)
1626 {
1627 struct neigh_parms *p;
1628
1629 list_for_each_entry(p, &tbl->parms_list, list) {
1630 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1631 (!p->dev && !ifindex && net_eq(net, &init_net)))
1632 return p;
1633 }
1634
1635 return NULL;
1636 }
1637
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1638 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1639 struct neigh_table *tbl)
1640 {
1641 struct neigh_parms *p;
1642 struct net *net = dev_net(dev);
1643 const struct net_device_ops *ops = dev->netdev_ops;
1644
1645 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1646 if (p) {
1647 p->tbl = tbl;
1648 refcount_set(&p->refcnt, 1);
1649 p->reachable_time =
1650 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1651 dev_hold(dev);
1652 p->dev = dev;
1653 write_pnet(&p->net, net);
1654 p->sysctl_table = NULL;
1655
1656 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1657 dev_put(dev);
1658 kfree(p);
1659 return NULL;
1660 }
1661
1662 write_lock_bh(&tbl->lock);
1663 list_add(&p->list, &tbl->parms.list);
1664 write_unlock_bh(&tbl->lock);
1665
1666 neigh_parms_data_state_cleanall(p);
1667 }
1668 return p;
1669 }
1670 EXPORT_SYMBOL(neigh_parms_alloc);
1671
neigh_rcu_free_parms(struct rcu_head * head)1672 static void neigh_rcu_free_parms(struct rcu_head *head)
1673 {
1674 struct neigh_parms *parms =
1675 container_of(head, struct neigh_parms, rcu_head);
1676
1677 neigh_parms_put(parms);
1678 }
1679
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1680 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1681 {
1682 if (!parms || parms == &tbl->parms)
1683 return;
1684 write_lock_bh(&tbl->lock);
1685 list_del(&parms->list);
1686 parms->dead = 1;
1687 write_unlock_bh(&tbl->lock);
1688 if (parms->dev)
1689 dev_put(parms->dev);
1690 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1691 }
1692 EXPORT_SYMBOL(neigh_parms_release);
1693
neigh_parms_destroy(struct neigh_parms * parms)1694 static void neigh_parms_destroy(struct neigh_parms *parms)
1695 {
1696 kfree(parms);
1697 }
1698
1699 static struct lock_class_key neigh_table_proxy_queue_class;
1700
1701 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1702
neigh_table_init(int index,struct neigh_table * tbl)1703 void neigh_table_init(int index, struct neigh_table *tbl)
1704 {
1705 unsigned long now = jiffies;
1706 unsigned long phsize;
1707
1708 INIT_LIST_HEAD(&tbl->parms_list);
1709 INIT_LIST_HEAD(&tbl->gc_list);
1710 list_add(&tbl->parms.list, &tbl->parms_list);
1711 write_pnet(&tbl->parms.net, &init_net);
1712 refcount_set(&tbl->parms.refcnt, 1);
1713 tbl->parms.reachable_time =
1714 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1715
1716 tbl->stats = alloc_percpu(struct neigh_statistics);
1717 if (!tbl->stats)
1718 panic("cannot create neighbour cache statistics");
1719
1720 #ifdef CONFIG_PROC_FS
1721 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1722 &neigh_stat_seq_ops, tbl))
1723 panic("cannot create neighbour proc dir entry");
1724 #endif
1725
1726 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1727
1728 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1729 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1730
1731 if (!tbl->nht || !tbl->phash_buckets)
1732 panic("cannot allocate neighbour cache hashes");
1733
1734 if (!tbl->entry_size)
1735 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1736 tbl->key_len, NEIGH_PRIV_ALIGN);
1737 else
1738 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1739
1740 rwlock_init(&tbl->lock);
1741 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1742 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1743 tbl->parms.reachable_time);
1744 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1745 skb_queue_head_init_class(&tbl->proxy_queue,
1746 &neigh_table_proxy_queue_class);
1747
1748 tbl->last_flush = now;
1749 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1750
1751 neigh_tables[index] = tbl;
1752 }
1753 EXPORT_SYMBOL(neigh_table_init);
1754
neigh_table_clear(int index,struct neigh_table * tbl)1755 int neigh_table_clear(int index, struct neigh_table *tbl)
1756 {
1757 neigh_tables[index] = NULL;
1758 /* It is not clean... Fix it to unload IPv6 module safely */
1759 cancel_delayed_work_sync(&tbl->gc_work);
1760 del_timer_sync(&tbl->proxy_timer);
1761 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1762 neigh_ifdown(tbl, NULL);
1763 if (atomic_read(&tbl->entries))
1764 pr_crit("neighbour leakage\n");
1765
1766 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1767 neigh_hash_free_rcu);
1768 tbl->nht = NULL;
1769
1770 kfree(tbl->phash_buckets);
1771 tbl->phash_buckets = NULL;
1772
1773 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1774
1775 free_percpu(tbl->stats);
1776 tbl->stats = NULL;
1777
1778 return 0;
1779 }
1780 EXPORT_SYMBOL(neigh_table_clear);
1781
neigh_find_table(int family)1782 static struct neigh_table *neigh_find_table(int family)
1783 {
1784 struct neigh_table *tbl = NULL;
1785
1786 switch (family) {
1787 case AF_INET:
1788 tbl = neigh_tables[NEIGH_ARP_TABLE];
1789 break;
1790 case AF_INET6:
1791 tbl = neigh_tables[NEIGH_ND_TABLE];
1792 break;
1793 case AF_DECnet:
1794 tbl = neigh_tables[NEIGH_DN_TABLE];
1795 break;
1796 #ifdef CONFIG_NEWIP
1797 case AF_NINET: /* NIP */
1798 tbl = neigh_tables[NEIGH_NND_TABLE];
1799 break;
1800 #endif
1801 }
1802
1803 return tbl;
1804 }
1805
1806 const struct nla_policy nda_policy[NDA_MAX+1] = {
1807 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1808 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1809 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1810 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1811 [NDA_PROBES] = { .type = NLA_U32 },
1812 [NDA_VLAN] = { .type = NLA_U16 },
1813 [NDA_PORT] = { .type = NLA_U16 },
1814 [NDA_VNI] = { .type = NLA_U32 },
1815 [NDA_IFINDEX] = { .type = NLA_U32 },
1816 [NDA_MASTER] = { .type = NLA_U32 },
1817 [NDA_PROTOCOL] = { .type = NLA_U8 },
1818 [NDA_NH_ID] = { .type = NLA_U32 },
1819 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1820 };
1821
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1822 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1823 struct netlink_ext_ack *extack)
1824 {
1825 struct net *net = sock_net(skb->sk);
1826 struct ndmsg *ndm;
1827 struct nlattr *dst_attr;
1828 struct neigh_table *tbl;
1829 struct neighbour *neigh;
1830 struct net_device *dev = NULL;
1831 int err = -EINVAL;
1832
1833 ASSERT_RTNL();
1834 if (nlmsg_len(nlh) < sizeof(*ndm))
1835 goto out;
1836
1837 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1838 if (!dst_attr) {
1839 NL_SET_ERR_MSG(extack, "Network address not specified");
1840 goto out;
1841 }
1842
1843 ndm = nlmsg_data(nlh);
1844 if (ndm->ndm_ifindex) {
1845 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1846 if (dev == NULL) {
1847 err = -ENODEV;
1848 goto out;
1849 }
1850 }
1851
1852 tbl = neigh_find_table(ndm->ndm_family);
1853 if (tbl == NULL)
1854 return -EAFNOSUPPORT;
1855
1856 if (nla_len(dst_attr) < (int)tbl->key_len) {
1857 NL_SET_ERR_MSG(extack, "Invalid network address");
1858 goto out;
1859 }
1860
1861 if (ndm->ndm_flags & NTF_PROXY) {
1862 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1863 goto out;
1864 }
1865
1866 if (dev == NULL)
1867 goto out;
1868
1869 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1870 if (neigh == NULL) {
1871 err = -ENOENT;
1872 goto out;
1873 }
1874
1875 err = __neigh_update(neigh, NULL, NUD_FAILED,
1876 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1877 NETLINK_CB(skb).portid, extack);
1878 write_lock_bh(&tbl->lock);
1879 neigh_release(neigh);
1880 neigh_remove_one(neigh, tbl);
1881 write_unlock_bh(&tbl->lock);
1882
1883 out:
1884 return err;
1885 }
1886
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1887 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1888 struct netlink_ext_ack *extack)
1889 {
1890 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1891 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1892 struct net *net = sock_net(skb->sk);
1893 struct ndmsg *ndm;
1894 struct nlattr *tb[NDA_MAX+1];
1895 struct neigh_table *tbl;
1896 struct net_device *dev = NULL;
1897 struct neighbour *neigh;
1898 void *dst, *lladdr;
1899 u8 protocol = 0;
1900 int err;
1901
1902 ASSERT_RTNL();
1903 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1904 nda_policy, extack);
1905 if (err < 0)
1906 goto out;
1907
1908 err = -EINVAL;
1909 if (!tb[NDA_DST]) {
1910 NL_SET_ERR_MSG(extack, "Network address not specified");
1911 goto out;
1912 }
1913
1914 ndm = nlmsg_data(nlh);
1915 if (ndm->ndm_ifindex) {
1916 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1917 if (dev == NULL) {
1918 err = -ENODEV;
1919 goto out;
1920 }
1921
1922 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1923 NL_SET_ERR_MSG(extack, "Invalid link address");
1924 goto out;
1925 }
1926 }
1927
1928 tbl = neigh_find_table(ndm->ndm_family);
1929 if (tbl == NULL)
1930 return -EAFNOSUPPORT;
1931
1932 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1933 NL_SET_ERR_MSG(extack, "Invalid network address");
1934 goto out;
1935 }
1936
1937 dst = nla_data(tb[NDA_DST]);
1938 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1939
1940 if (tb[NDA_PROTOCOL])
1941 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1942
1943 if (ndm->ndm_flags & NTF_PROXY) {
1944 struct pneigh_entry *pn;
1945
1946 err = -ENOBUFS;
1947 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1948 if (pn) {
1949 pn->flags = ndm->ndm_flags;
1950 if (protocol)
1951 pn->protocol = protocol;
1952 err = 0;
1953 }
1954 goto out;
1955 }
1956
1957 if (!dev) {
1958 NL_SET_ERR_MSG(extack, "Device not specified");
1959 goto out;
1960 }
1961
1962 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1963 err = -EINVAL;
1964 goto out;
1965 }
1966
1967 neigh = neigh_lookup(tbl, dst, dev);
1968 if (neigh == NULL) {
1969 bool exempt_from_gc;
1970
1971 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1972 err = -ENOENT;
1973 goto out;
1974 }
1975
1976 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1977 ndm->ndm_flags & NTF_EXT_LEARNED;
1978 neigh = ___neigh_create(tbl, dst, dev,
1979 ndm->ndm_flags & NTF_EXT_LEARNED,
1980 exempt_from_gc, true);
1981 if (IS_ERR(neigh)) {
1982 err = PTR_ERR(neigh);
1983 goto out;
1984 }
1985 } else {
1986 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1987 err = -EEXIST;
1988 neigh_release(neigh);
1989 goto out;
1990 }
1991
1992 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1993 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1994 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1995 }
1996
1997 if (protocol)
1998 neigh->protocol = protocol;
1999 if (ndm->ndm_flags & NTF_EXT_LEARNED)
2000 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2001 if (ndm->ndm_flags & NTF_ROUTER)
2002 flags |= NEIGH_UPDATE_F_ISROUTER;
2003 if (ndm->ndm_flags & NTF_USE)
2004 flags |= NEIGH_UPDATE_F_USE;
2005
2006 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2007 NETLINK_CB(skb).portid, extack);
2008 if (!err && ndm->ndm_flags & NTF_USE) {
2009 neigh_event_send(neigh, NULL);
2010 err = 0;
2011 }
2012 neigh_release(neigh);
2013 out:
2014 return err;
2015 }
2016
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)2017 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2018 {
2019 struct nlattr *nest;
2020
2021 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2022 if (nest == NULL)
2023 return -ENOBUFS;
2024
2025 if ((parms->dev &&
2026 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2027 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2028 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2029 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2030 /* approximative value for deprecated QUEUE_LEN (in packets) */
2031 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2032 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2033 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2034 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2035 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2036 NEIGH_VAR(parms, UCAST_PROBES)) ||
2037 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2038 NEIGH_VAR(parms, MCAST_PROBES)) ||
2039 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2040 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2041 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2042 NDTPA_PAD) ||
2043 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2044 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2045 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2046 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2047 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2048 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2049 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2050 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2051 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2052 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2053 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2054 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2055 nla_put_msecs(skb, NDTPA_LOCKTIME,
2056 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2057 goto nla_put_failure;
2058 return nla_nest_end(skb, nest);
2059
2060 nla_put_failure:
2061 nla_nest_cancel(skb, nest);
2062 return -EMSGSIZE;
2063 }
2064
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2065 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2066 u32 pid, u32 seq, int type, int flags)
2067 {
2068 struct nlmsghdr *nlh;
2069 struct ndtmsg *ndtmsg;
2070
2071 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2072 if (nlh == NULL)
2073 return -EMSGSIZE;
2074
2075 ndtmsg = nlmsg_data(nlh);
2076
2077 read_lock_bh(&tbl->lock);
2078 ndtmsg->ndtm_family = tbl->family;
2079 ndtmsg->ndtm_pad1 = 0;
2080 ndtmsg->ndtm_pad2 = 0;
2081
2082 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2083 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2084 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2085 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2086 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2087 goto nla_put_failure;
2088 {
2089 unsigned long now = jiffies;
2090 long flush_delta = now - tbl->last_flush;
2091 long rand_delta = now - tbl->last_rand;
2092 struct neigh_hash_table *nht;
2093 struct ndt_config ndc = {
2094 .ndtc_key_len = tbl->key_len,
2095 .ndtc_entry_size = tbl->entry_size,
2096 .ndtc_entries = atomic_read(&tbl->entries),
2097 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2098 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2099 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2100 };
2101
2102 rcu_read_lock_bh();
2103 nht = rcu_dereference_bh(tbl->nht);
2104 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2105 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2106 rcu_read_unlock_bh();
2107
2108 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2109 goto nla_put_failure;
2110 }
2111
2112 {
2113 int cpu;
2114 struct ndt_stats ndst;
2115
2116 memset(&ndst, 0, sizeof(ndst));
2117
2118 for_each_possible_cpu(cpu) {
2119 struct neigh_statistics *st;
2120
2121 st = per_cpu_ptr(tbl->stats, cpu);
2122 ndst.ndts_allocs += st->allocs;
2123 ndst.ndts_destroys += st->destroys;
2124 ndst.ndts_hash_grows += st->hash_grows;
2125 ndst.ndts_res_failed += st->res_failed;
2126 ndst.ndts_lookups += st->lookups;
2127 ndst.ndts_hits += st->hits;
2128 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2129 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2130 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2131 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2132 ndst.ndts_table_fulls += st->table_fulls;
2133 }
2134
2135 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2136 NDTA_PAD))
2137 goto nla_put_failure;
2138 }
2139
2140 BUG_ON(tbl->parms.dev);
2141 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2142 goto nla_put_failure;
2143
2144 read_unlock_bh(&tbl->lock);
2145 nlmsg_end(skb, nlh);
2146 return 0;
2147
2148 nla_put_failure:
2149 read_unlock_bh(&tbl->lock);
2150 nlmsg_cancel(skb, nlh);
2151 return -EMSGSIZE;
2152 }
2153
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2154 static int neightbl_fill_param_info(struct sk_buff *skb,
2155 struct neigh_table *tbl,
2156 struct neigh_parms *parms,
2157 u32 pid, u32 seq, int type,
2158 unsigned int flags)
2159 {
2160 struct ndtmsg *ndtmsg;
2161 struct nlmsghdr *nlh;
2162
2163 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2164 if (nlh == NULL)
2165 return -EMSGSIZE;
2166
2167 ndtmsg = nlmsg_data(nlh);
2168
2169 read_lock_bh(&tbl->lock);
2170 ndtmsg->ndtm_family = tbl->family;
2171 ndtmsg->ndtm_pad1 = 0;
2172 ndtmsg->ndtm_pad2 = 0;
2173
2174 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2175 neightbl_fill_parms(skb, parms) < 0)
2176 goto errout;
2177
2178 read_unlock_bh(&tbl->lock);
2179 nlmsg_end(skb, nlh);
2180 return 0;
2181 errout:
2182 read_unlock_bh(&tbl->lock);
2183 nlmsg_cancel(skb, nlh);
2184 return -EMSGSIZE;
2185 }
2186
2187 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2188 [NDTA_NAME] = { .type = NLA_STRING },
2189 [NDTA_THRESH1] = { .type = NLA_U32 },
2190 [NDTA_THRESH2] = { .type = NLA_U32 },
2191 [NDTA_THRESH3] = { .type = NLA_U32 },
2192 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2193 [NDTA_PARMS] = { .type = NLA_NESTED },
2194 };
2195
2196 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2197 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2198 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2199 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2200 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2201 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2202 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2203 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2204 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2205 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2206 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2207 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2208 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2209 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2210 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2211 };
2212
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2213 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2214 struct netlink_ext_ack *extack)
2215 {
2216 struct net *net = sock_net(skb->sk);
2217 struct neigh_table *tbl;
2218 struct ndtmsg *ndtmsg;
2219 struct nlattr *tb[NDTA_MAX+1];
2220 bool found = false;
2221 int err, tidx;
2222
2223 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2224 nl_neightbl_policy, extack);
2225 if (err < 0)
2226 goto errout;
2227
2228 if (tb[NDTA_NAME] == NULL) {
2229 err = -EINVAL;
2230 goto errout;
2231 }
2232
2233 ndtmsg = nlmsg_data(nlh);
2234
2235 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2236 tbl = neigh_tables[tidx];
2237 if (!tbl)
2238 continue;
2239 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2240 continue;
2241 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2242 found = true;
2243 break;
2244 }
2245 }
2246
2247 if (!found)
2248 return -ENOENT;
2249
2250 /*
2251 * We acquire tbl->lock to be nice to the periodic timers and
2252 * make sure they always see a consistent set of values.
2253 */
2254 write_lock_bh(&tbl->lock);
2255
2256 if (tb[NDTA_PARMS]) {
2257 struct nlattr *tbp[NDTPA_MAX+1];
2258 struct neigh_parms *p;
2259 int i, ifindex = 0;
2260
2261 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2262 tb[NDTA_PARMS],
2263 nl_ntbl_parm_policy, extack);
2264 if (err < 0)
2265 goto errout_tbl_lock;
2266
2267 if (tbp[NDTPA_IFINDEX])
2268 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2269
2270 p = lookup_neigh_parms(tbl, net, ifindex);
2271 if (p == NULL) {
2272 err = -ENOENT;
2273 goto errout_tbl_lock;
2274 }
2275
2276 for (i = 1; i <= NDTPA_MAX; i++) {
2277 if (tbp[i] == NULL)
2278 continue;
2279
2280 switch (i) {
2281 case NDTPA_QUEUE_LEN:
2282 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2283 nla_get_u32(tbp[i]) *
2284 SKB_TRUESIZE(ETH_FRAME_LEN));
2285 break;
2286 case NDTPA_QUEUE_LENBYTES:
2287 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2288 nla_get_u32(tbp[i]));
2289 break;
2290 case NDTPA_PROXY_QLEN:
2291 NEIGH_VAR_SET(p, PROXY_QLEN,
2292 nla_get_u32(tbp[i]));
2293 break;
2294 case NDTPA_APP_PROBES:
2295 NEIGH_VAR_SET(p, APP_PROBES,
2296 nla_get_u32(tbp[i]));
2297 break;
2298 case NDTPA_UCAST_PROBES:
2299 NEIGH_VAR_SET(p, UCAST_PROBES,
2300 nla_get_u32(tbp[i]));
2301 break;
2302 case NDTPA_MCAST_PROBES:
2303 NEIGH_VAR_SET(p, MCAST_PROBES,
2304 nla_get_u32(tbp[i]));
2305 break;
2306 case NDTPA_MCAST_REPROBES:
2307 NEIGH_VAR_SET(p, MCAST_REPROBES,
2308 nla_get_u32(tbp[i]));
2309 break;
2310 case NDTPA_BASE_REACHABLE_TIME:
2311 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2312 nla_get_msecs(tbp[i]));
2313 /* update reachable_time as well, otherwise, the change will
2314 * only be effective after the next time neigh_periodic_work
2315 * decides to recompute it (can be multiple minutes)
2316 */
2317 p->reachable_time =
2318 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2319 break;
2320 case NDTPA_GC_STALETIME:
2321 NEIGH_VAR_SET(p, GC_STALETIME,
2322 nla_get_msecs(tbp[i]));
2323 break;
2324 case NDTPA_DELAY_PROBE_TIME:
2325 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2326 nla_get_msecs(tbp[i]));
2327 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2328 break;
2329 case NDTPA_RETRANS_TIME:
2330 NEIGH_VAR_SET(p, RETRANS_TIME,
2331 nla_get_msecs(tbp[i]));
2332 break;
2333 case NDTPA_ANYCAST_DELAY:
2334 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2335 nla_get_msecs(tbp[i]));
2336 break;
2337 case NDTPA_PROXY_DELAY:
2338 NEIGH_VAR_SET(p, PROXY_DELAY,
2339 nla_get_msecs(tbp[i]));
2340 break;
2341 case NDTPA_LOCKTIME:
2342 NEIGH_VAR_SET(p, LOCKTIME,
2343 nla_get_msecs(tbp[i]));
2344 break;
2345 }
2346 }
2347 }
2348
2349 err = -ENOENT;
2350 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2351 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2352 !net_eq(net, &init_net))
2353 goto errout_tbl_lock;
2354
2355 if (tb[NDTA_THRESH1])
2356 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2357
2358 if (tb[NDTA_THRESH2])
2359 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2360
2361 if (tb[NDTA_THRESH3])
2362 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2363
2364 if (tb[NDTA_GC_INTERVAL])
2365 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2366
2367 err = 0;
2368
2369 errout_tbl_lock:
2370 write_unlock_bh(&tbl->lock);
2371 errout:
2372 return err;
2373 }
2374
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2375 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2376 struct netlink_ext_ack *extack)
2377 {
2378 struct ndtmsg *ndtm;
2379
2380 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2381 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2382 return -EINVAL;
2383 }
2384
2385 ndtm = nlmsg_data(nlh);
2386 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2387 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2388 return -EINVAL;
2389 }
2390
2391 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2392 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2393 return -EINVAL;
2394 }
2395
2396 return 0;
2397 }
2398
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2399 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2400 {
2401 const struct nlmsghdr *nlh = cb->nlh;
2402 struct net *net = sock_net(skb->sk);
2403 int family, tidx, nidx = 0;
2404 int tbl_skip = cb->args[0];
2405 int neigh_skip = cb->args[1];
2406 struct neigh_table *tbl;
2407
2408 if (cb->strict_check) {
2409 int err = neightbl_valid_dump_info(nlh, cb->extack);
2410
2411 if (err < 0)
2412 return err;
2413 }
2414
2415 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2416
2417 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2418 struct neigh_parms *p;
2419
2420 tbl = neigh_tables[tidx];
2421 if (!tbl)
2422 continue;
2423
2424 if (tidx < tbl_skip || (family && tbl->family != family))
2425 continue;
2426
2427 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2428 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2429 NLM_F_MULTI) < 0)
2430 break;
2431
2432 nidx = 0;
2433 p = list_next_entry(&tbl->parms, list);
2434 list_for_each_entry_from(p, &tbl->parms_list, list) {
2435 if (!net_eq(neigh_parms_net(p), net))
2436 continue;
2437
2438 if (nidx < neigh_skip)
2439 goto next;
2440
2441 if (neightbl_fill_param_info(skb, tbl, p,
2442 NETLINK_CB(cb->skb).portid,
2443 nlh->nlmsg_seq,
2444 RTM_NEWNEIGHTBL,
2445 NLM_F_MULTI) < 0)
2446 goto out;
2447 next:
2448 nidx++;
2449 }
2450
2451 neigh_skip = 0;
2452 }
2453 out:
2454 cb->args[0] = tidx;
2455 cb->args[1] = nidx;
2456
2457 return skb->len;
2458 }
2459
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2460 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2461 u32 pid, u32 seq, int type, unsigned int flags)
2462 {
2463 unsigned long now = jiffies;
2464 struct nda_cacheinfo ci;
2465 struct nlmsghdr *nlh;
2466 struct ndmsg *ndm;
2467
2468 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2469 if (nlh == NULL)
2470 return -EMSGSIZE;
2471
2472 ndm = nlmsg_data(nlh);
2473 ndm->ndm_family = neigh->ops->family;
2474 ndm->ndm_pad1 = 0;
2475 ndm->ndm_pad2 = 0;
2476 ndm->ndm_flags = neigh->flags;
2477 ndm->ndm_type = neigh->type;
2478 ndm->ndm_ifindex = neigh->dev->ifindex;
2479
2480 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2481 goto nla_put_failure;
2482
2483 read_lock_bh(&neigh->lock);
2484 ndm->ndm_state = neigh->nud_state;
2485 if (neigh->nud_state & NUD_VALID) {
2486 char haddr[MAX_ADDR_LEN];
2487
2488 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2489 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2490 read_unlock_bh(&neigh->lock);
2491 goto nla_put_failure;
2492 }
2493 }
2494
2495 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2496 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2497 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2498 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2499 read_unlock_bh(&neigh->lock);
2500
2501 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2502 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2503 goto nla_put_failure;
2504
2505 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2506 goto nla_put_failure;
2507
2508 nlmsg_end(skb, nlh);
2509 return 0;
2510
2511 nla_put_failure:
2512 nlmsg_cancel(skb, nlh);
2513 return -EMSGSIZE;
2514 }
2515
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2516 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2517 u32 pid, u32 seq, int type, unsigned int flags,
2518 struct neigh_table *tbl)
2519 {
2520 struct nlmsghdr *nlh;
2521 struct ndmsg *ndm;
2522
2523 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2524 if (nlh == NULL)
2525 return -EMSGSIZE;
2526
2527 ndm = nlmsg_data(nlh);
2528 ndm->ndm_family = tbl->family;
2529 ndm->ndm_pad1 = 0;
2530 ndm->ndm_pad2 = 0;
2531 ndm->ndm_flags = pn->flags | NTF_PROXY;
2532 ndm->ndm_type = RTN_UNICAST;
2533 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2534 ndm->ndm_state = NUD_NONE;
2535
2536 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2537 goto nla_put_failure;
2538
2539 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2540 goto nla_put_failure;
2541
2542 nlmsg_end(skb, nlh);
2543 return 0;
2544
2545 nla_put_failure:
2546 nlmsg_cancel(skb, nlh);
2547 return -EMSGSIZE;
2548 }
2549
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2550 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2551 {
2552 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2553 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2554 }
2555
neigh_master_filtered(struct net_device * dev,int master_idx)2556 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2557 {
2558 struct net_device *master;
2559
2560 if (!master_idx)
2561 return false;
2562
2563 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2564 if (!master || master->ifindex != master_idx)
2565 return true;
2566
2567 return false;
2568 }
2569
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2570 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2571 {
2572 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2573 return true;
2574
2575 return false;
2576 }
2577
2578 struct neigh_dump_filter {
2579 int master_idx;
2580 int dev_idx;
2581 };
2582
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2583 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2584 struct netlink_callback *cb,
2585 struct neigh_dump_filter *filter)
2586 {
2587 struct net *net = sock_net(skb->sk);
2588 struct neighbour *n;
2589 int rc, h, s_h = cb->args[1];
2590 int idx, s_idx = idx = cb->args[2];
2591 struct neigh_hash_table *nht;
2592 unsigned int flags = NLM_F_MULTI;
2593
2594 if (filter->dev_idx || filter->master_idx)
2595 flags |= NLM_F_DUMP_FILTERED;
2596
2597 rcu_read_lock_bh();
2598 nht = rcu_dereference_bh(tbl->nht);
2599
2600 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2601 if (h > s_h)
2602 s_idx = 0;
2603 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2604 n != NULL;
2605 n = rcu_dereference_bh(n->next)) {
2606 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2607 goto next;
2608 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2609 neigh_master_filtered(n->dev, filter->master_idx))
2610 goto next;
2611 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2612 cb->nlh->nlmsg_seq,
2613 RTM_NEWNEIGH,
2614 flags) < 0) {
2615 rc = -1;
2616 goto out;
2617 }
2618 next:
2619 idx++;
2620 }
2621 }
2622 rc = skb->len;
2623 out:
2624 rcu_read_unlock_bh();
2625 cb->args[1] = h;
2626 cb->args[2] = idx;
2627 return rc;
2628 }
2629
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2630 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2631 struct netlink_callback *cb,
2632 struct neigh_dump_filter *filter)
2633 {
2634 struct pneigh_entry *n;
2635 struct net *net = sock_net(skb->sk);
2636 int rc, h, s_h = cb->args[3];
2637 int idx, s_idx = idx = cb->args[4];
2638 unsigned int flags = NLM_F_MULTI;
2639
2640 if (filter->dev_idx || filter->master_idx)
2641 flags |= NLM_F_DUMP_FILTERED;
2642
2643 read_lock_bh(&tbl->lock);
2644
2645 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2646 if (h > s_h)
2647 s_idx = 0;
2648 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2649 if (idx < s_idx || pneigh_net(n) != net)
2650 goto next;
2651 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2652 neigh_master_filtered(n->dev, filter->master_idx))
2653 goto next;
2654 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2655 cb->nlh->nlmsg_seq,
2656 RTM_NEWNEIGH, flags, tbl) < 0) {
2657 read_unlock_bh(&tbl->lock);
2658 rc = -1;
2659 goto out;
2660 }
2661 next:
2662 idx++;
2663 }
2664 }
2665
2666 read_unlock_bh(&tbl->lock);
2667 rc = skb->len;
2668 out:
2669 cb->args[3] = h;
2670 cb->args[4] = idx;
2671 return rc;
2672
2673 }
2674
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2675 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2676 bool strict_check,
2677 struct neigh_dump_filter *filter,
2678 struct netlink_ext_ack *extack)
2679 {
2680 struct nlattr *tb[NDA_MAX + 1];
2681 int err, i;
2682
2683 if (strict_check) {
2684 struct ndmsg *ndm;
2685
2686 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2687 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2688 return -EINVAL;
2689 }
2690
2691 ndm = nlmsg_data(nlh);
2692 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2693 ndm->ndm_state || ndm->ndm_type) {
2694 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2695 return -EINVAL;
2696 }
2697
2698 if (ndm->ndm_flags & ~NTF_PROXY) {
2699 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2700 return -EINVAL;
2701 }
2702
2703 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2704 tb, NDA_MAX, nda_policy,
2705 extack);
2706 } else {
2707 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2708 NDA_MAX, nda_policy, extack);
2709 }
2710 if (err < 0)
2711 return err;
2712
2713 for (i = 0; i <= NDA_MAX; ++i) {
2714 if (!tb[i])
2715 continue;
2716
2717 /* all new attributes should require strict_check */
2718 switch (i) {
2719 case NDA_IFINDEX:
2720 filter->dev_idx = nla_get_u32(tb[i]);
2721 break;
2722 case NDA_MASTER:
2723 filter->master_idx = nla_get_u32(tb[i]);
2724 break;
2725 default:
2726 if (strict_check) {
2727 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2728 return -EINVAL;
2729 }
2730 }
2731 }
2732
2733 return 0;
2734 }
2735
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2736 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2737 {
2738 const struct nlmsghdr *nlh = cb->nlh;
2739 struct neigh_dump_filter filter = {};
2740 struct neigh_table *tbl;
2741 int t, family, s_t;
2742 int proxy = 0;
2743 int err;
2744
2745 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2746
2747 /* check for full ndmsg structure presence, family member is
2748 * the same for both structures
2749 */
2750 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2751 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2752 proxy = 1;
2753
2754 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2755 if (err < 0 && cb->strict_check)
2756 return err;
2757
2758 s_t = cb->args[0];
2759
2760 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2761 tbl = neigh_tables[t];
2762
2763 if (!tbl)
2764 continue;
2765 if (t < s_t || (family && tbl->family != family))
2766 continue;
2767 if (t > s_t)
2768 memset(&cb->args[1], 0, sizeof(cb->args) -
2769 sizeof(cb->args[0]));
2770 if (proxy)
2771 err = pneigh_dump_table(tbl, skb, cb, &filter);
2772 else
2773 err = neigh_dump_table(tbl, skb, cb, &filter);
2774 if (err < 0)
2775 break;
2776 }
2777
2778 cb->args[0] = t;
2779 return skb->len;
2780 }
2781
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2782 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2783 struct neigh_table **tbl,
2784 void **dst, int *dev_idx, u8 *ndm_flags,
2785 struct netlink_ext_ack *extack)
2786 {
2787 struct nlattr *tb[NDA_MAX + 1];
2788 struct ndmsg *ndm;
2789 int err, i;
2790
2791 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2792 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2793 return -EINVAL;
2794 }
2795
2796 ndm = nlmsg_data(nlh);
2797 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2798 ndm->ndm_type) {
2799 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2800 return -EINVAL;
2801 }
2802
2803 if (ndm->ndm_flags & ~NTF_PROXY) {
2804 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2805 return -EINVAL;
2806 }
2807
2808 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2809 NDA_MAX, nda_policy, extack);
2810 if (err < 0)
2811 return err;
2812
2813 *ndm_flags = ndm->ndm_flags;
2814 *dev_idx = ndm->ndm_ifindex;
2815 *tbl = neigh_find_table(ndm->ndm_family);
2816 if (*tbl == NULL) {
2817 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2818 return -EAFNOSUPPORT;
2819 }
2820
2821 for (i = 0; i <= NDA_MAX; ++i) {
2822 if (!tb[i])
2823 continue;
2824
2825 switch (i) {
2826 case NDA_DST:
2827 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2828 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2829 return -EINVAL;
2830 }
2831 *dst = nla_data(tb[i]);
2832 break;
2833 default:
2834 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2835 return -EINVAL;
2836 }
2837 }
2838
2839 return 0;
2840 }
2841
neigh_nlmsg_size(void)2842 static inline size_t neigh_nlmsg_size(void)
2843 {
2844 return NLMSG_ALIGN(sizeof(struct ndmsg))
2845 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2846 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2847 + nla_total_size(sizeof(struct nda_cacheinfo))
2848 + nla_total_size(4) /* NDA_PROBES */
2849 + nla_total_size(1); /* NDA_PROTOCOL */
2850 }
2851
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2852 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2853 u32 pid, u32 seq)
2854 {
2855 struct sk_buff *skb;
2856 int err = 0;
2857
2858 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2859 if (!skb)
2860 return -ENOBUFS;
2861
2862 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2863 if (err) {
2864 kfree_skb(skb);
2865 goto errout;
2866 }
2867
2868 err = rtnl_unicast(skb, net, pid);
2869 errout:
2870 return err;
2871 }
2872
pneigh_nlmsg_size(void)2873 static inline size_t pneigh_nlmsg_size(void)
2874 {
2875 return NLMSG_ALIGN(sizeof(struct ndmsg))
2876 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2877 + nla_total_size(1); /* NDA_PROTOCOL */
2878 }
2879
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2880 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2881 u32 pid, u32 seq, struct neigh_table *tbl)
2882 {
2883 struct sk_buff *skb;
2884 int err = 0;
2885
2886 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2887 if (!skb)
2888 return -ENOBUFS;
2889
2890 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2891 if (err) {
2892 kfree_skb(skb);
2893 goto errout;
2894 }
2895
2896 err = rtnl_unicast(skb, net, pid);
2897 errout:
2898 return err;
2899 }
2900
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2901 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2902 struct netlink_ext_ack *extack)
2903 {
2904 struct net *net = sock_net(in_skb->sk);
2905 struct net_device *dev = NULL;
2906 struct neigh_table *tbl = NULL;
2907 struct neighbour *neigh;
2908 void *dst = NULL;
2909 u8 ndm_flags = 0;
2910 int dev_idx = 0;
2911 int err;
2912
2913 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2914 extack);
2915 if (err < 0)
2916 return err;
2917
2918 if (dev_idx) {
2919 dev = __dev_get_by_index(net, dev_idx);
2920 if (!dev) {
2921 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2922 return -ENODEV;
2923 }
2924 }
2925
2926 if (!dst) {
2927 NL_SET_ERR_MSG(extack, "Network address not specified");
2928 return -EINVAL;
2929 }
2930
2931 if (ndm_flags & NTF_PROXY) {
2932 struct pneigh_entry *pn;
2933
2934 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2935 if (!pn) {
2936 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2937 return -ENOENT;
2938 }
2939 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2940 nlh->nlmsg_seq, tbl);
2941 }
2942
2943 if (!dev) {
2944 NL_SET_ERR_MSG(extack, "No device specified");
2945 return -EINVAL;
2946 }
2947
2948 neigh = neigh_lookup(tbl, dst, dev);
2949 if (!neigh) {
2950 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2951 return -ENOENT;
2952 }
2953
2954 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2955 nlh->nlmsg_seq);
2956
2957 neigh_release(neigh);
2958
2959 return err;
2960 }
2961
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2962 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2963 {
2964 int chain;
2965 struct neigh_hash_table *nht;
2966
2967 rcu_read_lock_bh();
2968 nht = rcu_dereference_bh(tbl->nht);
2969
2970 read_lock(&tbl->lock); /* avoid resizes */
2971 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2972 struct neighbour *n;
2973
2974 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2975 n != NULL;
2976 n = rcu_dereference_bh(n->next))
2977 cb(n, cookie);
2978 }
2979 read_unlock(&tbl->lock);
2980 rcu_read_unlock_bh();
2981 }
2982 EXPORT_SYMBOL(neigh_for_each);
2983
2984 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2985 void __neigh_for_each_release(struct neigh_table *tbl,
2986 int (*cb)(struct neighbour *))
2987 {
2988 int chain;
2989 struct neigh_hash_table *nht;
2990
2991 nht = rcu_dereference_protected(tbl->nht,
2992 lockdep_is_held(&tbl->lock));
2993 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2994 struct neighbour *n;
2995 struct neighbour __rcu **np;
2996
2997 np = &nht->hash_buckets[chain];
2998 while ((n = rcu_dereference_protected(*np,
2999 lockdep_is_held(&tbl->lock))) != NULL) {
3000 int release;
3001
3002 write_lock(&n->lock);
3003 release = cb(n);
3004 if (release) {
3005 rcu_assign_pointer(*np,
3006 rcu_dereference_protected(n->next,
3007 lockdep_is_held(&tbl->lock)));
3008 neigh_mark_dead(n);
3009 } else
3010 np = &n->next;
3011 write_unlock(&n->lock);
3012 if (release)
3013 neigh_cleanup_and_release(n);
3014 }
3015 }
3016 }
3017 EXPORT_SYMBOL(__neigh_for_each_release);
3018
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)3019 int neigh_xmit(int index, struct net_device *dev,
3020 const void *addr, struct sk_buff *skb)
3021 {
3022 int err = -EAFNOSUPPORT;
3023 if (likely(index < NEIGH_NR_TABLES)) {
3024 struct neigh_table *tbl;
3025 struct neighbour *neigh;
3026
3027 tbl = neigh_tables[index];
3028 if (!tbl)
3029 goto out;
3030 rcu_read_lock_bh();
3031 if (index == NEIGH_ARP_TABLE) {
3032 u32 key = *((u32 *)addr);
3033
3034 neigh = __ipv4_neigh_lookup_noref(dev, key);
3035 } else {
3036 neigh = __neigh_lookup_noref(tbl, addr, dev);
3037 }
3038 if (!neigh)
3039 neigh = __neigh_create(tbl, addr, dev, false);
3040 err = PTR_ERR(neigh);
3041 if (IS_ERR(neigh)) {
3042 rcu_read_unlock_bh();
3043 goto out_kfree_skb;
3044 }
3045 err = neigh->output(neigh, skb);
3046 rcu_read_unlock_bh();
3047 }
3048 else if (index == NEIGH_LINK_TABLE) {
3049 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3050 addr, NULL, skb->len);
3051 if (err < 0)
3052 goto out_kfree_skb;
3053 err = dev_queue_xmit(skb);
3054 }
3055 out:
3056 return err;
3057 out_kfree_skb:
3058 kfree_skb(skb);
3059 goto out;
3060 }
3061 EXPORT_SYMBOL(neigh_xmit);
3062
3063 #ifdef CONFIG_PROC_FS
3064
neigh_get_first(struct seq_file * seq)3065 static struct neighbour *neigh_get_first(struct seq_file *seq)
3066 {
3067 struct neigh_seq_state *state = seq->private;
3068 struct net *net = seq_file_net(seq);
3069 struct neigh_hash_table *nht = state->nht;
3070 struct neighbour *n = NULL;
3071 int bucket;
3072
3073 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3074 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3075 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3076
3077 while (n) {
3078 if (!net_eq(dev_net(n->dev), net))
3079 goto next;
3080 if (state->neigh_sub_iter) {
3081 loff_t fakep = 0;
3082 void *v;
3083
3084 v = state->neigh_sub_iter(state, n, &fakep);
3085 if (!v)
3086 goto next;
3087 }
3088 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3089 break;
3090 if (n->nud_state & ~NUD_NOARP)
3091 break;
3092 next:
3093 n = rcu_dereference_bh(n->next);
3094 }
3095
3096 if (n)
3097 break;
3098 }
3099 state->bucket = bucket;
3100
3101 return n;
3102 }
3103
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3104 static struct neighbour *neigh_get_next(struct seq_file *seq,
3105 struct neighbour *n,
3106 loff_t *pos)
3107 {
3108 struct neigh_seq_state *state = seq->private;
3109 struct net *net = seq_file_net(seq);
3110 struct neigh_hash_table *nht = state->nht;
3111
3112 if (state->neigh_sub_iter) {
3113 void *v = state->neigh_sub_iter(state, n, pos);
3114 if (v)
3115 return n;
3116 }
3117 n = rcu_dereference_bh(n->next);
3118
3119 while (1) {
3120 while (n) {
3121 if (!net_eq(dev_net(n->dev), net))
3122 goto next;
3123 if (state->neigh_sub_iter) {
3124 void *v = state->neigh_sub_iter(state, n, pos);
3125 if (v)
3126 return n;
3127 goto next;
3128 }
3129 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3130 break;
3131
3132 if (n->nud_state & ~NUD_NOARP)
3133 break;
3134 next:
3135 n = rcu_dereference_bh(n->next);
3136 }
3137
3138 if (n)
3139 break;
3140
3141 if (++state->bucket >= (1 << nht->hash_shift))
3142 break;
3143
3144 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3145 }
3146
3147 if (n && pos)
3148 --(*pos);
3149 return n;
3150 }
3151
neigh_get_idx(struct seq_file * seq,loff_t * pos)3152 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3153 {
3154 struct neighbour *n = neigh_get_first(seq);
3155
3156 if (n) {
3157 --(*pos);
3158 while (*pos) {
3159 n = neigh_get_next(seq, n, pos);
3160 if (!n)
3161 break;
3162 }
3163 }
3164 return *pos ? NULL : n;
3165 }
3166
pneigh_get_first(struct seq_file * seq)3167 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3168 {
3169 struct neigh_seq_state *state = seq->private;
3170 struct net *net = seq_file_net(seq);
3171 struct neigh_table *tbl = state->tbl;
3172 struct pneigh_entry *pn = NULL;
3173 int bucket = state->bucket;
3174
3175 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3176 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3177 pn = tbl->phash_buckets[bucket];
3178 while (pn && !net_eq(pneigh_net(pn), net))
3179 pn = pn->next;
3180 if (pn)
3181 break;
3182 }
3183 state->bucket = bucket;
3184
3185 return pn;
3186 }
3187
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3188 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3189 struct pneigh_entry *pn,
3190 loff_t *pos)
3191 {
3192 struct neigh_seq_state *state = seq->private;
3193 struct net *net = seq_file_net(seq);
3194 struct neigh_table *tbl = state->tbl;
3195
3196 do {
3197 pn = pn->next;
3198 } while (pn && !net_eq(pneigh_net(pn), net));
3199
3200 while (!pn) {
3201 if (++state->bucket > PNEIGH_HASHMASK)
3202 break;
3203 pn = tbl->phash_buckets[state->bucket];
3204 while (pn && !net_eq(pneigh_net(pn), net))
3205 pn = pn->next;
3206 if (pn)
3207 break;
3208 }
3209
3210 if (pn && pos)
3211 --(*pos);
3212
3213 return pn;
3214 }
3215
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3216 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3217 {
3218 struct pneigh_entry *pn = pneigh_get_first(seq);
3219
3220 if (pn) {
3221 --(*pos);
3222 while (*pos) {
3223 pn = pneigh_get_next(seq, pn, pos);
3224 if (!pn)
3225 break;
3226 }
3227 }
3228 return *pos ? NULL : pn;
3229 }
3230
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3231 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3232 {
3233 struct neigh_seq_state *state = seq->private;
3234 void *rc;
3235 loff_t idxpos = *pos;
3236
3237 rc = neigh_get_idx(seq, &idxpos);
3238 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3239 rc = pneigh_get_idx(seq, &idxpos);
3240
3241 return rc;
3242 }
3243
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3244 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3245 __acquires(tbl->lock)
3246 __acquires(rcu_bh)
3247 {
3248 struct neigh_seq_state *state = seq->private;
3249
3250 state->tbl = tbl;
3251 state->bucket = 0;
3252 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3253
3254 rcu_read_lock_bh();
3255 state->nht = rcu_dereference_bh(tbl->nht);
3256 read_lock(&tbl->lock);
3257
3258 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3259 }
3260 EXPORT_SYMBOL(neigh_seq_start);
3261
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3262 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3263 {
3264 struct neigh_seq_state *state;
3265 void *rc;
3266
3267 if (v == SEQ_START_TOKEN) {
3268 rc = neigh_get_first(seq);
3269 goto out;
3270 }
3271
3272 state = seq->private;
3273 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3274 rc = neigh_get_next(seq, v, NULL);
3275 if (rc)
3276 goto out;
3277 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3278 rc = pneigh_get_first(seq);
3279 } else {
3280 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3281 rc = pneigh_get_next(seq, v, NULL);
3282 }
3283 out:
3284 ++(*pos);
3285 return rc;
3286 }
3287 EXPORT_SYMBOL(neigh_seq_next);
3288
neigh_seq_stop(struct seq_file * seq,void * v)3289 void neigh_seq_stop(struct seq_file *seq, void *v)
3290 __releases(tbl->lock)
3291 __releases(rcu_bh)
3292 {
3293 struct neigh_seq_state *state = seq->private;
3294 struct neigh_table *tbl = state->tbl;
3295
3296 read_unlock(&tbl->lock);
3297 rcu_read_unlock_bh();
3298 }
3299 EXPORT_SYMBOL(neigh_seq_stop);
3300
3301 /* statistics via seq_file */
3302
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3303 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3304 {
3305 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3306 int cpu;
3307
3308 if (*pos == 0)
3309 return SEQ_START_TOKEN;
3310
3311 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3312 if (!cpu_possible(cpu))
3313 continue;
3314 *pos = cpu+1;
3315 return per_cpu_ptr(tbl->stats, cpu);
3316 }
3317 return NULL;
3318 }
3319
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3320 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3321 {
3322 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3323 int cpu;
3324
3325 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3326 if (!cpu_possible(cpu))
3327 continue;
3328 *pos = cpu+1;
3329 return per_cpu_ptr(tbl->stats, cpu);
3330 }
3331 (*pos)++;
3332 return NULL;
3333 }
3334
neigh_stat_seq_stop(struct seq_file * seq,void * v)3335 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3336 {
3337
3338 }
3339
neigh_stat_seq_show(struct seq_file * seq,void * v)3340 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3341 {
3342 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3343 struct neigh_statistics *st = v;
3344
3345 if (v == SEQ_START_TOKEN) {
3346 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3347 return 0;
3348 }
3349
3350 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3351 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3352 atomic_read(&tbl->entries),
3353
3354 st->allocs,
3355 st->destroys,
3356 st->hash_grows,
3357
3358 st->lookups,
3359 st->hits,
3360
3361 st->res_failed,
3362
3363 st->rcv_probes_mcast,
3364 st->rcv_probes_ucast,
3365
3366 st->periodic_gc_runs,
3367 st->forced_gc_runs,
3368 st->unres_discards,
3369 st->table_fulls
3370 );
3371
3372 return 0;
3373 }
3374
3375 static const struct seq_operations neigh_stat_seq_ops = {
3376 .start = neigh_stat_seq_start,
3377 .next = neigh_stat_seq_next,
3378 .stop = neigh_stat_seq_stop,
3379 .show = neigh_stat_seq_show,
3380 };
3381 #endif /* CONFIG_PROC_FS */
3382
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3383 static void __neigh_notify(struct neighbour *n, int type, int flags,
3384 u32 pid)
3385 {
3386 struct net *net = dev_net(n->dev);
3387 struct sk_buff *skb;
3388 int err = -ENOBUFS;
3389
3390 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3391 if (skb == NULL)
3392 goto errout;
3393
3394 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3395 if (err < 0) {
3396 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3397 WARN_ON(err == -EMSGSIZE);
3398 kfree_skb(skb);
3399 goto errout;
3400 }
3401 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3402 return;
3403 errout:
3404 if (err < 0)
3405 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3406 }
3407
neigh_app_ns(struct neighbour * n)3408 void neigh_app_ns(struct neighbour *n)
3409 {
3410 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3411 }
3412 EXPORT_SYMBOL(neigh_app_ns);
3413
3414 #ifdef CONFIG_SYSCTL
3415 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3416
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3417 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3418 void *buffer, size_t *lenp, loff_t *ppos)
3419 {
3420 int size, ret;
3421 struct ctl_table tmp = *ctl;
3422
3423 tmp.extra1 = SYSCTL_ZERO;
3424 tmp.extra2 = &unres_qlen_max;
3425 tmp.data = &size;
3426
3427 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3428 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3429
3430 if (write && !ret)
3431 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3432 return ret;
3433 }
3434
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3435 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3436 int family)
3437 {
3438 switch (family) {
3439 case AF_INET:
3440 return __in_dev_arp_parms_get_rcu(dev);
3441 case AF_INET6:
3442 return __in6_dev_nd_parms_get_rcu(dev);
3443 }
3444 return NULL;
3445 }
3446
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3447 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3448 int index)
3449 {
3450 struct net_device *dev;
3451 int family = neigh_parms_family(p);
3452
3453 rcu_read_lock();
3454 for_each_netdev_rcu(net, dev) {
3455 struct neigh_parms *dst_p =
3456 neigh_get_dev_parms_rcu(dev, family);
3457
3458 if (dst_p && !test_bit(index, dst_p->data_state))
3459 dst_p->data[index] = p->data[index];
3460 }
3461 rcu_read_unlock();
3462 }
3463
neigh_proc_update(struct ctl_table * ctl,int write)3464 static void neigh_proc_update(struct ctl_table *ctl, int write)
3465 {
3466 struct net_device *dev = ctl->extra1;
3467 struct neigh_parms *p = ctl->extra2;
3468 struct net *net = neigh_parms_net(p);
3469 int index = (int *) ctl->data - p->data;
3470
3471 if (!write)
3472 return;
3473
3474 set_bit(index, p->data_state);
3475 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3476 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3477 if (!dev) /* NULL dev means this is default value */
3478 neigh_copy_dflt_parms(net, p, index);
3479 }
3480
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3481 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3482 void *buffer, size_t *lenp,
3483 loff_t *ppos)
3484 {
3485 struct ctl_table tmp = *ctl;
3486 int ret;
3487
3488 tmp.extra1 = SYSCTL_ZERO;
3489 tmp.extra2 = SYSCTL_INT_MAX;
3490
3491 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3492 neigh_proc_update(ctl, write);
3493 return ret;
3494 }
3495
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3496 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3497 size_t *lenp, loff_t *ppos)
3498 {
3499 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3500
3501 neigh_proc_update(ctl, write);
3502 return ret;
3503 }
3504 EXPORT_SYMBOL(neigh_proc_dointvec);
3505
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3506 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3507 size_t *lenp, loff_t *ppos)
3508 {
3509 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3510
3511 neigh_proc_update(ctl, write);
3512 return ret;
3513 }
3514 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3515
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3516 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3517 void *buffer, size_t *lenp,
3518 loff_t *ppos)
3519 {
3520 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3521
3522 neigh_proc_update(ctl, write);
3523 return ret;
3524 }
3525
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3526 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3527 void *buffer, size_t *lenp, loff_t *ppos)
3528 {
3529 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3530
3531 neigh_proc_update(ctl, write);
3532 return ret;
3533 }
3534 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3535
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3536 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3537 void *buffer, size_t *lenp,
3538 loff_t *ppos)
3539 {
3540 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3541
3542 neigh_proc_update(ctl, write);
3543 return ret;
3544 }
3545
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3546 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3547 void *buffer, size_t *lenp,
3548 loff_t *ppos)
3549 {
3550 struct neigh_parms *p = ctl->extra2;
3551 int ret;
3552
3553 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3554 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3555 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3556 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3557 else
3558 ret = -1;
3559
3560 if (write && ret == 0) {
3561 /* update reachable_time as well, otherwise, the change will
3562 * only be effective after the next time neigh_periodic_work
3563 * decides to recompute it
3564 */
3565 p->reachable_time =
3566 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3567 }
3568 return ret;
3569 }
3570
3571 #define NEIGH_PARMS_DATA_OFFSET(index) \
3572 (&((struct neigh_parms *) 0)->data[index])
3573
3574 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3575 [NEIGH_VAR_ ## attr] = { \
3576 .procname = name, \
3577 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3578 .maxlen = sizeof(int), \
3579 .mode = mval, \
3580 .proc_handler = proc, \
3581 }
3582
3583 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3584 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3585
3586 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3587 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3588
3589 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3590 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3591
3592 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3593 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3594
3595 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3596 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3597
3598 static struct neigh_sysctl_table {
3599 struct ctl_table_header *sysctl_header;
3600 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3601 } neigh_sysctl_template __read_mostly = {
3602 .neigh_vars = {
3603 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3604 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3605 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3606 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3607 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3608 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3609 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3610 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3611 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3612 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3613 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3614 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3615 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3616 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3617 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3618 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3619 [NEIGH_VAR_GC_INTERVAL] = {
3620 .procname = "gc_interval",
3621 .maxlen = sizeof(int),
3622 .mode = 0644,
3623 .proc_handler = proc_dointvec_jiffies,
3624 },
3625 [NEIGH_VAR_GC_THRESH1] = {
3626 .procname = "gc_thresh1",
3627 .maxlen = sizeof(int),
3628 .mode = 0644,
3629 .extra1 = SYSCTL_ZERO,
3630 .extra2 = SYSCTL_INT_MAX,
3631 .proc_handler = proc_dointvec_minmax,
3632 },
3633 [NEIGH_VAR_GC_THRESH2] = {
3634 .procname = "gc_thresh2",
3635 .maxlen = sizeof(int),
3636 .mode = 0644,
3637 .extra1 = SYSCTL_ZERO,
3638 .extra2 = SYSCTL_INT_MAX,
3639 .proc_handler = proc_dointvec_minmax,
3640 },
3641 [NEIGH_VAR_GC_THRESH3] = {
3642 .procname = "gc_thresh3",
3643 .maxlen = sizeof(int),
3644 .mode = 0644,
3645 .extra1 = SYSCTL_ZERO,
3646 .extra2 = SYSCTL_INT_MAX,
3647 .proc_handler = proc_dointvec_minmax,
3648 },
3649 {},
3650 },
3651 };
3652
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3653 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3654 proc_handler *handler)
3655 {
3656 int i;
3657 struct neigh_sysctl_table *t;
3658 const char *dev_name_source;
3659 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3660 char *p_name;
3661
3662 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3663 if (!t)
3664 goto err;
3665
3666 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3667 t->neigh_vars[i].data += (long) p;
3668 t->neigh_vars[i].extra1 = dev;
3669 t->neigh_vars[i].extra2 = p;
3670 }
3671
3672 if (dev) {
3673 dev_name_source = dev->name;
3674 /* Terminate the table early */
3675 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3676 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3677 } else {
3678 struct neigh_table *tbl = p->tbl;
3679 dev_name_source = "default";
3680 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3681 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3682 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3683 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3684 }
3685
3686 if (handler) {
3687 /* RetransTime */
3688 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3689 /* ReachableTime */
3690 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3691 /* RetransTime (in milliseconds)*/
3692 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3693 /* ReachableTime (in milliseconds) */
3694 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3695 } else {
3696 /* Those handlers will update p->reachable_time after
3697 * base_reachable_time(_ms) is set to ensure the new timer starts being
3698 * applied after the next neighbour update instead of waiting for
3699 * neigh_periodic_work to update its value (can be multiple minutes)
3700 * So any handler that replaces them should do this as well
3701 */
3702 /* ReachableTime */
3703 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3704 neigh_proc_base_reachable_time;
3705 /* ReachableTime (in milliseconds) */
3706 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3707 neigh_proc_base_reachable_time;
3708 }
3709
3710 /* Don't export sysctls to unprivileged users */
3711 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3712 t->neigh_vars[0].procname = NULL;
3713
3714 switch (neigh_parms_family(p)) {
3715 case AF_INET:
3716 p_name = "ipv4";
3717 break;
3718 case AF_INET6:
3719 p_name = "ipv6";
3720 break;
3721 default:
3722 BUG();
3723 }
3724
3725 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3726 p_name, dev_name_source);
3727 t->sysctl_header =
3728 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3729 if (!t->sysctl_header)
3730 goto free;
3731
3732 p->sysctl_table = t;
3733 return 0;
3734
3735 free:
3736 kfree(t);
3737 err:
3738 return -ENOBUFS;
3739 }
3740 EXPORT_SYMBOL(neigh_sysctl_register);
3741
neigh_sysctl_unregister(struct neigh_parms * p)3742 void neigh_sysctl_unregister(struct neigh_parms *p)
3743 {
3744 if (p->sysctl_table) {
3745 struct neigh_sysctl_table *t = p->sysctl_table;
3746 p->sysctl_table = NULL;
3747 unregister_net_sysctl_table(t->sysctl_header);
3748 kfree(t);
3749 }
3750 }
3751 EXPORT_SYMBOL(neigh_sysctl_unregister);
3752
3753 #endif /* CONFIG_SYSCTL */
3754
neigh_init(void)3755 static int __init neigh_init(void)
3756 {
3757 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3758 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3759 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3760
3761 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3762 0);
3763 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3764
3765 return 0;
3766 }
3767
3768 subsys_initcall(neigh_init);
3769