1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define DEBUG
45 #define NEIGH_DEBUG 1
46 #define neigh_dbg(level, fmt, ...) \
47 do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50 } while (0)
51
52 #define PNEIGH_HASHMASK 0xF
53
54 static void neigh_timer_handler(struct timer_list *t);
55 static void __neigh_notify(struct neighbour *n, int type, int flags,
56 u32 pid);
57 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
58 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
59 struct net_device *dev);
60
61 #ifdef CONFIG_PROC_FS
62 static const struct seq_operations neigh_stat_seq_ops;
63 #endif
64
65 /*
66 Neighbour hash table buckets are protected with rwlock tbl->lock.
67
68 - All the scans/updates to hash buckets MUST be made under this lock.
69 - NOTHING clever should be made under this lock: no callbacks
70 to protocol backends, no attempts to send something to network.
71 It will result in deadlocks, if backend/driver wants to use neighbour
72 cache.
73 - If the entry requires some non-trivial actions, increase
74 its reference count and release table lock.
75
76 Neighbour entries are protected:
77 - with reference count.
78 - with rwlock neigh->lock
79
80 Reference count prevents destruction.
81
82 neigh->lock mainly serializes ll address data and its validity state.
83 However, the same lock is used to protect another entry fields:
84 - timer
85 - resolution queue
86
87 Again, nothing clever shall be made under neigh->lock,
88 the most complicated procedure, which we allow is dev->hard_header.
89 It is supposed, that dev->hard_header is simplistic and does
90 not make callbacks to neighbour tables.
91 */
92
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)93 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
94 {
95 kfree_skb(skb);
96 return -ENETDOWN;
97 }
98
neigh_cleanup_and_release(struct neighbour * neigh)99 static void neigh_cleanup_and_release(struct neighbour *neigh)
100 {
101 trace_neigh_cleanup_and_release(neigh, 0);
102 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
103 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
104 neigh_release(neigh);
105 }
106
107 /*
108 * It is random distribution in the interval (1/2)*base...(3/2)*base.
109 * It corresponds to default IPv6 settings and is not overridable,
110 * because it is really reasonable choice.
111 */
112
neigh_rand_reach_time(unsigned long base)113 unsigned long neigh_rand_reach_time(unsigned long base)
114 {
115 return base ? (prandom_u32() % base) + (base >> 1) : 0;
116 }
117 EXPORT_SYMBOL(neigh_rand_reach_time);
118
neigh_mark_dead(struct neighbour * n)119 static void neigh_mark_dead(struct neighbour *n)
120 {
121 n->dead = 1;
122 if (!list_empty(&n->gc_list)) {
123 list_del_init(&n->gc_list);
124 atomic_dec(&n->tbl->gc_entries);
125 }
126 }
127
neigh_update_gc_list(struct neighbour * n)128 static void neigh_update_gc_list(struct neighbour *n)
129 {
130 bool on_gc_list, exempt_from_gc;
131
132 write_lock_bh(&n->tbl->lock);
133 write_lock(&n->lock);
134
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153
154 out:
155 write_unlock(&n->lock);
156 write_unlock_bh(&n->tbl->lock);
157 }
158
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)159 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
160 int *notify)
161 {
162 bool rc = false;
163 u8 ndm_flags;
164
165 if (!(flags & NEIGH_UPDATE_F_ADMIN))
166 return rc;
167
168 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
169 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
170 if (ndm_flags & NTF_EXT_LEARNED)
171 neigh->flags |= NTF_EXT_LEARNED;
172 else
173 neigh->flags &= ~NTF_EXT_LEARNED;
174 rc = true;
175 *notify = 1;
176 }
177
178 return rc;
179 }
180
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)181 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
182 struct neigh_table *tbl)
183 {
184 bool retval = false;
185
186 write_lock(&n->lock);
187 if (refcount_read(&n->refcnt) == 1) {
188 struct neighbour *neigh;
189
190 neigh = rcu_dereference_protected(n->next,
191 lockdep_is_held(&tbl->lock));
192 rcu_assign_pointer(*np, neigh);
193 neigh_mark_dead(n);
194 retval = true;
195 }
196 write_unlock(&n->lock);
197 if (retval)
198 neigh_cleanup_and_release(n);
199 return retval;
200 }
201
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)202 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
203 {
204 struct neigh_hash_table *nht;
205 void *pkey = ndel->primary_key;
206 u32 hash_val;
207 struct neighbour *n;
208 struct neighbour __rcu **np;
209
210 nht = rcu_dereference_protected(tbl->nht,
211 lockdep_is_held(&tbl->lock));
212 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
213 hash_val = hash_val >> (32 - nht->hash_shift);
214
215 np = &nht->hash_buckets[hash_val];
216 while ((n = rcu_dereference_protected(*np,
217 lockdep_is_held(&tbl->lock)))) {
218 if (n == ndel)
219 return neigh_del(n, np, tbl);
220 np = &n->next;
221 }
222 return false;
223 }
224
neigh_forced_gc(struct neigh_table * tbl)225 static int neigh_forced_gc(struct neigh_table *tbl)
226 {
227 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
228 unsigned long tref = jiffies - 5 * HZ;
229 struct neighbour *n, *tmp;
230 int shrunk = 0;
231
232 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
233
234 write_lock_bh(&tbl->lock);
235
236 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
237 if (refcount_read(&n->refcnt) == 1) {
238 bool remove = false;
239
240 write_lock(&n->lock);
241 if ((n->nud_state == NUD_FAILED) ||
242 (n->nud_state == NUD_NOARP) ||
243 (tbl->is_multicast &&
244 tbl->is_multicast(n->primary_key)) ||
245 !time_in_range(n->updated, tref, jiffies))
246 remove = true;
247 write_unlock(&n->lock);
248
249 if (remove && neigh_remove_one(n, tbl))
250 shrunk++;
251 if (shrunk >= max_clean)
252 break;
253 }
254 }
255
256 tbl->last_flush = jiffies;
257
258 write_unlock_bh(&tbl->lock);
259
260 return shrunk;
261 }
262
neigh_add_timer(struct neighbour * n,unsigned long when)263 static void neigh_add_timer(struct neighbour *n, unsigned long when)
264 {
265 /* Use safe distance from the jiffies - LONG_MAX point while timer
266 * is running in DELAY/PROBE state but still show to user space
267 * large times in the past.
268 */
269 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
270
271 neigh_hold(n);
272 if (!time_in_range(n->confirmed, mint, jiffies))
273 n->confirmed = mint;
274 if (time_before(n->used, n->confirmed))
275 n->used = n->confirmed;
276 if (unlikely(mod_timer(&n->timer, when))) {
277 printk("NEIGH: BUG, double timer add, state is %x\n",
278 n->nud_state);
279 dump_stack();
280 }
281 }
282
neigh_del_timer(struct neighbour * n)283 static int neigh_del_timer(struct neighbour *n)
284 {
285 if ((n->nud_state & NUD_IN_TIMER) &&
286 del_timer(&n->timer)) {
287 neigh_release(n);
288 return 1;
289 }
290 return 0;
291 }
292
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)293 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
294 {
295 struct sk_buff_head tmp;
296 unsigned long flags;
297 struct sk_buff *skb;
298
299 skb_queue_head_init(&tmp);
300 spin_lock_irqsave(&list->lock, flags);
301 skb = skb_peek(list);
302 while (skb != NULL) {
303 struct sk_buff *skb_next = skb_peek_next(skb, list);
304 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
305 __skb_unlink(skb, list);
306 __skb_queue_tail(&tmp, skb);
307 }
308 skb = skb_next;
309 }
310 spin_unlock_irqrestore(&list->lock, flags);
311
312 while ((skb = __skb_dequeue(&tmp))) {
313 dev_put(skb->dev);
314 kfree_skb(skb);
315 }
316 }
317
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)318 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
319 bool skip_perm)
320 {
321 int i;
322 struct neigh_hash_table *nht;
323
324 nht = rcu_dereference_protected(tbl->nht,
325 lockdep_is_held(&tbl->lock));
326
327 for (i = 0; i < (1 << nht->hash_shift); i++) {
328 struct neighbour *n;
329 struct neighbour __rcu **np = &nht->hash_buckets[i];
330
331 while ((n = rcu_dereference_protected(*np,
332 lockdep_is_held(&tbl->lock))) != NULL) {
333 if (dev && n->dev != dev) {
334 np = &n->next;
335 continue;
336 }
337 if (skip_perm && n->nud_state & NUD_PERMANENT) {
338 np = &n->next;
339 continue;
340 }
341 rcu_assign_pointer(*np,
342 rcu_dereference_protected(n->next,
343 lockdep_is_held(&tbl->lock)));
344 write_lock(&n->lock);
345 neigh_del_timer(n);
346 neigh_mark_dead(n);
347 if (refcount_read(&n->refcnt) != 1) {
348 /* The most unpleasant situation.
349 We must destroy neighbour entry,
350 but someone still uses it.
351
352 The destroy will be delayed until
353 the last user releases us, but
354 we must kill timers etc. and move
355 it to safe state.
356 */
357 __skb_queue_purge(&n->arp_queue);
358 n->arp_queue_len_bytes = 0;
359 n->output = neigh_blackhole;
360 if (n->nud_state & NUD_VALID)
361 n->nud_state = NUD_NOARP;
362 else
363 n->nud_state = NUD_NONE;
364 neigh_dbg(2, "neigh %p is stray\n", n);
365 }
366 write_unlock(&n->lock);
367 neigh_cleanup_and_release(n);
368 }
369 }
370 }
371
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)372 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
373 {
374 write_lock_bh(&tbl->lock);
375 neigh_flush_dev(tbl, dev, false);
376 write_unlock_bh(&tbl->lock);
377 }
378 EXPORT_SYMBOL(neigh_changeaddr);
379
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)380 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
381 bool skip_perm)
382 {
383 write_lock_bh(&tbl->lock);
384 neigh_flush_dev(tbl, dev, skip_perm);
385 pneigh_ifdown_and_unlock(tbl, dev);
386 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
387 if (skb_queue_empty_lockless(&tbl->proxy_queue))
388 del_timer_sync(&tbl->proxy_timer);
389 return 0;
390 }
391
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)392 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
393 {
394 __neigh_ifdown(tbl, dev, true);
395 return 0;
396 }
397 EXPORT_SYMBOL(neigh_carrier_down);
398
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)399 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
400 {
401 __neigh_ifdown(tbl, dev, false);
402 return 0;
403 }
404 EXPORT_SYMBOL(neigh_ifdown);
405
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)406 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
407 struct net_device *dev,
408 u8 flags, bool exempt_from_gc)
409 {
410 struct neighbour *n = NULL;
411 unsigned long now = jiffies;
412 int entries;
413
414 if (exempt_from_gc)
415 goto do_alloc;
416
417 entries = atomic_inc_return(&tbl->gc_entries) - 1;
418 if (entries >= tbl->gc_thresh3 ||
419 (entries >= tbl->gc_thresh2 &&
420 time_after(now, tbl->last_flush + 5 * HZ))) {
421 if (!neigh_forced_gc(tbl) &&
422 entries >= tbl->gc_thresh3) {
423 net_info_ratelimited("%s: neighbor table overflow!\n",
424 tbl->id);
425 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
426 goto out_entries;
427 }
428 }
429
430 do_alloc:
431 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
432 if (!n)
433 goto out_entries;
434
435 __skb_queue_head_init(&n->arp_queue);
436 rwlock_init(&n->lock);
437 seqlock_init(&n->ha_lock);
438 n->updated = n->used = now;
439 n->nud_state = NUD_NONE;
440 n->output = neigh_blackhole;
441 n->flags = flags;
442 seqlock_init(&n->hh.hh_lock);
443 n->parms = neigh_parms_clone(&tbl->parms);
444 timer_setup(&n->timer, neigh_timer_handler, 0);
445
446 NEIGH_CACHE_STAT_INC(tbl, allocs);
447 n->tbl = tbl;
448 refcount_set(&n->refcnt, 1);
449 n->dead = 1;
450 INIT_LIST_HEAD(&n->gc_list);
451
452 atomic_inc(&tbl->entries);
453 out:
454 return n;
455
456 out_entries:
457 if (!exempt_from_gc)
458 atomic_dec(&tbl->gc_entries);
459 goto out;
460 }
461
neigh_get_hash_rnd(u32 * x)462 static void neigh_get_hash_rnd(u32 *x)
463 {
464 *x = get_random_u32() | 1;
465 }
466
neigh_hash_alloc(unsigned int shift)467 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
468 {
469 size_t size = (1 << shift) * sizeof(struct neighbour *);
470 struct neigh_hash_table *ret;
471 struct neighbour __rcu **buckets;
472 int i;
473
474 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
475 if (!ret)
476 return NULL;
477 if (size <= PAGE_SIZE) {
478 buckets = kzalloc(size, GFP_ATOMIC);
479 } else {
480 buckets = (struct neighbour __rcu **)
481 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
482 get_order(size));
483 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
484 }
485 if (!buckets) {
486 kfree(ret);
487 return NULL;
488 }
489 ret->hash_buckets = buckets;
490 ret->hash_shift = shift;
491 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
492 neigh_get_hash_rnd(&ret->hash_rnd[i]);
493 return ret;
494 }
495
neigh_hash_free_rcu(struct rcu_head * head)496 static void neigh_hash_free_rcu(struct rcu_head *head)
497 {
498 struct neigh_hash_table *nht = container_of(head,
499 struct neigh_hash_table,
500 rcu);
501 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
502 struct neighbour __rcu **buckets = nht->hash_buckets;
503
504 if (size <= PAGE_SIZE) {
505 kfree(buckets);
506 } else {
507 kmemleak_free(buckets);
508 free_pages((unsigned long)buckets, get_order(size));
509 }
510 kfree(nht);
511 }
512
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)513 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
514 unsigned long new_shift)
515 {
516 unsigned int i, hash;
517 struct neigh_hash_table *new_nht, *old_nht;
518
519 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
520
521 old_nht = rcu_dereference_protected(tbl->nht,
522 lockdep_is_held(&tbl->lock));
523 new_nht = neigh_hash_alloc(new_shift);
524 if (!new_nht)
525 return old_nht;
526
527 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
528 struct neighbour *n, *next;
529
530 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
531 lockdep_is_held(&tbl->lock));
532 n != NULL;
533 n = next) {
534 hash = tbl->hash(n->primary_key, n->dev,
535 new_nht->hash_rnd);
536
537 hash >>= (32 - new_nht->hash_shift);
538 next = rcu_dereference_protected(n->next,
539 lockdep_is_held(&tbl->lock));
540
541 rcu_assign_pointer(n->next,
542 rcu_dereference_protected(
543 new_nht->hash_buckets[hash],
544 lockdep_is_held(&tbl->lock)));
545 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
546 }
547 }
548
549 rcu_assign_pointer(tbl->nht, new_nht);
550 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
551 return new_nht;
552 }
553
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)554 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
555 struct net_device *dev)
556 {
557 struct neighbour *n;
558
559 NEIGH_CACHE_STAT_INC(tbl, lookups);
560
561 rcu_read_lock_bh();
562 n = __neigh_lookup_noref(tbl, pkey, dev);
563 if (n) {
564 if (!refcount_inc_not_zero(&n->refcnt))
565 n = NULL;
566 NEIGH_CACHE_STAT_INC(tbl, hits);
567 }
568
569 rcu_read_unlock_bh();
570 return n;
571 }
572 EXPORT_SYMBOL(neigh_lookup);
573
neigh_lookup_nodev(struct neigh_table * tbl,struct net * net,const void * pkey)574 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
575 const void *pkey)
576 {
577 struct neighbour *n;
578 unsigned int key_len = tbl->key_len;
579 u32 hash_val;
580 struct neigh_hash_table *nht;
581
582 NEIGH_CACHE_STAT_INC(tbl, lookups);
583
584 rcu_read_lock_bh();
585 nht = rcu_dereference_bh(tbl->nht);
586 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
587
588 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
589 n != NULL;
590 n = rcu_dereference_bh(n->next)) {
591 if (!memcmp(n->primary_key, pkey, key_len) &&
592 net_eq(dev_net(n->dev), net)) {
593 if (!refcount_inc_not_zero(&n->refcnt))
594 n = NULL;
595 NEIGH_CACHE_STAT_INC(tbl, hits);
596 break;
597 }
598 }
599
600 rcu_read_unlock_bh();
601 return n;
602 }
603 EXPORT_SYMBOL(neigh_lookup_nodev);
604
605 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)606 ___neigh_create(struct neigh_table *tbl, const void *pkey,
607 struct net_device *dev, u8 flags,
608 bool exempt_from_gc, bool want_ref)
609 {
610 u32 hash_val, key_len = tbl->key_len;
611 struct neighbour *n1, *rc, *n;
612 struct neigh_hash_table *nht;
613 int error;
614
615 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
616 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
617 if (!n) {
618 rc = ERR_PTR(-ENOBUFS);
619 goto out;
620 }
621
622 memcpy(n->primary_key, pkey, key_len);
623 n->dev = dev;
624 dev_hold(dev);
625
626 /* Protocol specific setup. */
627 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
628 rc = ERR_PTR(error);
629 goto out_neigh_release;
630 }
631
632 if (dev->netdev_ops->ndo_neigh_construct) {
633 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
634 if (error < 0) {
635 rc = ERR_PTR(error);
636 goto out_neigh_release;
637 }
638 }
639
640 /* Device specific setup. */
641 if (n->parms->neigh_setup &&
642 (error = n->parms->neigh_setup(n)) < 0) {
643 rc = ERR_PTR(error);
644 goto out_neigh_release;
645 }
646
647 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
648
649 write_lock_bh(&tbl->lock);
650 nht = rcu_dereference_protected(tbl->nht,
651 lockdep_is_held(&tbl->lock));
652
653 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
654 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
655
656 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
657
658 if (n->parms->dead) {
659 rc = ERR_PTR(-EINVAL);
660 goto out_tbl_unlock;
661 }
662
663 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
664 lockdep_is_held(&tbl->lock));
665 n1 != NULL;
666 n1 = rcu_dereference_protected(n1->next,
667 lockdep_is_held(&tbl->lock))) {
668 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
669 if (want_ref)
670 neigh_hold(n1);
671 rc = n1;
672 goto out_tbl_unlock;
673 }
674 }
675
676 n->dead = 0;
677 if (!exempt_from_gc)
678 list_add_tail(&n->gc_list, &n->tbl->gc_list);
679
680 if (want_ref)
681 neigh_hold(n);
682 rcu_assign_pointer(n->next,
683 rcu_dereference_protected(nht->hash_buckets[hash_val],
684 lockdep_is_held(&tbl->lock)));
685 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
686 write_unlock_bh(&tbl->lock);
687 neigh_dbg(2, "neigh %p is created\n", n);
688 rc = n;
689 out:
690 return rc;
691 out_tbl_unlock:
692 write_unlock_bh(&tbl->lock);
693 out_neigh_release:
694 if (!exempt_from_gc)
695 atomic_dec(&tbl->gc_entries);
696 neigh_release(n);
697 goto out;
698 }
699
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)700 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
701 struct net_device *dev, bool want_ref)
702 {
703 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
704 }
705 EXPORT_SYMBOL(__neigh_create);
706
pneigh_hash(const void * pkey,unsigned int key_len)707 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
708 {
709 u32 hash_val = *(u32 *)(pkey + key_len - 4);
710 hash_val ^= (hash_val >> 16);
711 hash_val ^= hash_val >> 8;
712 hash_val ^= hash_val >> 4;
713 hash_val &= PNEIGH_HASHMASK;
714 return hash_val;
715 }
716
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)717 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
718 struct net *net,
719 const void *pkey,
720 unsigned int key_len,
721 struct net_device *dev)
722 {
723 while (n) {
724 if (!memcmp(n->key, pkey, key_len) &&
725 net_eq(pneigh_net(n), net) &&
726 (n->dev == dev || !n->dev))
727 return n;
728 n = n->next;
729 }
730 return NULL;
731 }
732
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)733 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
734 struct net *net, const void *pkey, struct net_device *dev)
735 {
736 unsigned int key_len = tbl->key_len;
737 u32 hash_val = pneigh_hash(pkey, key_len);
738
739 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
740 net, pkey, key_len, dev);
741 }
742 EXPORT_SYMBOL_GPL(__pneigh_lookup);
743
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)744 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
745 struct net *net, const void *pkey,
746 struct net_device *dev, int creat)
747 {
748 struct pneigh_entry *n;
749 unsigned int key_len = tbl->key_len;
750 u32 hash_val = pneigh_hash(pkey, key_len);
751
752 read_lock_bh(&tbl->lock);
753 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
754 net, pkey, key_len, dev);
755 read_unlock_bh(&tbl->lock);
756
757 if (n || !creat)
758 goto out;
759
760 ASSERT_RTNL();
761
762 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
763 if (!n)
764 goto out;
765
766 write_pnet(&n->net, net);
767 memcpy(n->key, pkey, key_len);
768 n->dev = dev;
769 if (dev)
770 dev_hold(dev);
771
772 if (tbl->pconstructor && tbl->pconstructor(n)) {
773 if (dev)
774 dev_put(dev);
775 kfree(n);
776 n = NULL;
777 goto out;
778 }
779
780 write_lock_bh(&tbl->lock);
781 n->next = tbl->phash_buckets[hash_val];
782 tbl->phash_buckets[hash_val] = n;
783 write_unlock_bh(&tbl->lock);
784 out:
785 return n;
786 }
787 EXPORT_SYMBOL(pneigh_lookup);
788
789
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)790 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
791 struct net_device *dev)
792 {
793 struct pneigh_entry *n, **np;
794 unsigned int key_len = tbl->key_len;
795 u32 hash_val = pneigh_hash(pkey, key_len);
796
797 write_lock_bh(&tbl->lock);
798 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
799 np = &n->next) {
800 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
801 net_eq(pneigh_net(n), net)) {
802 *np = n->next;
803 write_unlock_bh(&tbl->lock);
804 if (tbl->pdestructor)
805 tbl->pdestructor(n);
806 if (n->dev)
807 dev_put(n->dev);
808 kfree(n);
809 return 0;
810 }
811 }
812 write_unlock_bh(&tbl->lock);
813 return -ENOENT;
814 }
815
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)816 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
817 struct net_device *dev)
818 {
819 struct pneigh_entry *n, **np, *freelist = NULL;
820 u32 h;
821
822 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
823 np = &tbl->phash_buckets[h];
824 while ((n = *np) != NULL) {
825 if (!dev || n->dev == dev) {
826 *np = n->next;
827 n->next = freelist;
828 freelist = n;
829 continue;
830 }
831 np = &n->next;
832 }
833 }
834 write_unlock_bh(&tbl->lock);
835 while ((n = freelist)) {
836 freelist = n->next;
837 n->next = NULL;
838 if (tbl->pdestructor)
839 tbl->pdestructor(n);
840 if (n->dev)
841 dev_put(n->dev);
842 kfree(n);
843 }
844 return -ENOENT;
845 }
846
847 static void neigh_parms_destroy(struct neigh_parms *parms);
848
neigh_parms_put(struct neigh_parms * parms)849 static inline void neigh_parms_put(struct neigh_parms *parms)
850 {
851 if (refcount_dec_and_test(&parms->refcnt))
852 neigh_parms_destroy(parms);
853 }
854
855 /*
856 * neighbour must already be out of the table;
857 *
858 */
neigh_destroy(struct neighbour * neigh)859 void neigh_destroy(struct neighbour *neigh)
860 {
861 struct net_device *dev = neigh->dev;
862
863 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
864
865 if (!neigh->dead) {
866 pr_warn("Destroying alive neighbour %p\n", neigh);
867 dump_stack();
868 return;
869 }
870
871 if (neigh_del_timer(neigh))
872 pr_warn("Impossible event\n");
873
874 write_lock_bh(&neigh->lock);
875 __skb_queue_purge(&neigh->arp_queue);
876 write_unlock_bh(&neigh->lock);
877 neigh->arp_queue_len_bytes = 0;
878
879 if (dev->netdev_ops->ndo_neigh_destroy)
880 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
881
882 dev_put(dev);
883 neigh_parms_put(neigh->parms);
884
885 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
886
887 atomic_dec(&neigh->tbl->entries);
888 kfree_rcu(neigh, rcu);
889 }
890 EXPORT_SYMBOL(neigh_destroy);
891
892 /* Neighbour state is suspicious;
893 disable fast path.
894
895 Called with write_locked neigh.
896 */
neigh_suspect(struct neighbour * neigh)897 static void neigh_suspect(struct neighbour *neigh)
898 {
899 neigh_dbg(2, "neigh %p is suspected\n", neigh);
900
901 neigh->output = neigh->ops->output;
902 }
903
904 /* Neighbour state is OK;
905 enable fast path.
906
907 Called with write_locked neigh.
908 */
neigh_connect(struct neighbour * neigh)909 static void neigh_connect(struct neighbour *neigh)
910 {
911 neigh_dbg(2, "neigh %p is connected\n", neigh);
912
913 neigh->output = neigh->ops->connected_output;
914 }
915
neigh_periodic_work(struct work_struct * work)916 static void neigh_periodic_work(struct work_struct *work)
917 {
918 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
919 struct neighbour *n;
920 struct neighbour __rcu **np;
921 unsigned int i;
922 struct neigh_hash_table *nht;
923
924 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
925
926 write_lock_bh(&tbl->lock);
927 nht = rcu_dereference_protected(tbl->nht,
928 lockdep_is_held(&tbl->lock));
929
930 /*
931 * periodically recompute ReachableTime from random function
932 */
933
934 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
935 struct neigh_parms *p;
936 tbl->last_rand = jiffies;
937 list_for_each_entry(p, &tbl->parms_list, list)
938 p->reachable_time =
939 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
940 }
941
942 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
943 goto out;
944
945 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
946 np = &nht->hash_buckets[i];
947
948 while ((n = rcu_dereference_protected(*np,
949 lockdep_is_held(&tbl->lock))) != NULL) {
950 unsigned int state;
951
952 write_lock(&n->lock);
953
954 state = n->nud_state;
955 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
956 (n->flags & NTF_EXT_LEARNED)) {
957 write_unlock(&n->lock);
958 goto next_elt;
959 }
960
961 if (time_before(n->used, n->confirmed) &&
962 time_is_before_eq_jiffies(n->confirmed))
963 n->used = n->confirmed;
964
965 if (refcount_read(&n->refcnt) == 1 &&
966 (state == NUD_FAILED ||
967 !time_in_range_open(jiffies, n->used,
968 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
969 rcu_assign_pointer(*np,
970 rcu_dereference_protected(n->next,
971 lockdep_is_held(&tbl->lock)));
972 neigh_mark_dead(n);
973 write_unlock(&n->lock);
974 neigh_cleanup_and_release(n);
975 continue;
976 }
977 write_unlock(&n->lock);
978
979 next_elt:
980 np = &n->next;
981 }
982 /*
983 * It's fine to release lock here, even if hash table
984 * grows while we are preempted.
985 */
986 write_unlock_bh(&tbl->lock);
987 cond_resched();
988 write_lock_bh(&tbl->lock);
989 nht = rcu_dereference_protected(tbl->nht,
990 lockdep_is_held(&tbl->lock));
991 }
992 out:
993 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
994 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
995 * BASE_REACHABLE_TIME.
996 */
997 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
998 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
999 write_unlock_bh(&tbl->lock);
1000 }
1001
neigh_max_probes(struct neighbour * n)1002 static __inline__ int neigh_max_probes(struct neighbour *n)
1003 {
1004 struct neigh_parms *p = n->parms;
1005 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1006 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1007 NEIGH_VAR(p, MCAST_PROBES));
1008 }
1009
neigh_invalidate(struct neighbour * neigh)1010 static void neigh_invalidate(struct neighbour *neigh)
1011 __releases(neigh->lock)
1012 __acquires(neigh->lock)
1013 {
1014 struct sk_buff *skb;
1015
1016 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1017 neigh_dbg(2, "neigh %p is failed\n", neigh);
1018 neigh->updated = jiffies;
1019
1020 /* It is very thin place. report_unreachable is very complicated
1021 routine. Particularly, it can hit the same neighbour entry!
1022
1023 So that, we try to be accurate and avoid dead loop. --ANK
1024 */
1025 while (neigh->nud_state == NUD_FAILED &&
1026 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1027 write_unlock(&neigh->lock);
1028 neigh->ops->error_report(neigh, skb);
1029 write_lock(&neigh->lock);
1030 }
1031 __skb_queue_purge(&neigh->arp_queue);
1032 neigh->arp_queue_len_bytes = 0;
1033 }
1034
neigh_probe(struct neighbour * neigh)1035 static void neigh_probe(struct neighbour *neigh)
1036 __releases(neigh->lock)
1037 {
1038 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1039 /* keep skb alive even if arp_queue overflows */
1040 if (skb)
1041 skb = skb_clone(skb, GFP_ATOMIC);
1042 write_unlock(&neigh->lock);
1043 if (neigh->ops->solicit)
1044 neigh->ops->solicit(neigh, skb);
1045 atomic_inc(&neigh->probes);
1046 consume_skb(skb);
1047 }
1048
1049 /* Called when a timer expires for a neighbour entry. */
1050
neigh_timer_handler(struct timer_list * t)1051 static void neigh_timer_handler(struct timer_list *t)
1052 {
1053 unsigned long now, next;
1054 struct neighbour *neigh = from_timer(neigh, t, timer);
1055 unsigned int state;
1056 int notify = 0;
1057
1058 write_lock(&neigh->lock);
1059
1060 state = neigh->nud_state;
1061 now = jiffies;
1062 next = now + HZ;
1063
1064 if (!(state & NUD_IN_TIMER))
1065 goto out;
1066
1067 if (state & NUD_REACHABLE) {
1068 if (time_before_eq(now,
1069 neigh->confirmed + neigh->parms->reachable_time)) {
1070 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1071 next = neigh->confirmed + neigh->parms->reachable_time;
1072 } else if (time_before_eq(now,
1073 neigh->used +
1074 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1075 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1076 neigh->nud_state = NUD_DELAY;
1077 neigh->updated = jiffies;
1078 neigh_suspect(neigh);
1079 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1080 } else {
1081 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1082 neigh->nud_state = NUD_STALE;
1083 neigh->updated = jiffies;
1084 neigh_suspect(neigh);
1085 notify = 1;
1086 }
1087 } else if (state & NUD_DELAY) {
1088 if (time_before_eq(now,
1089 neigh->confirmed +
1090 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1091 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1092 neigh->nud_state = NUD_REACHABLE;
1093 neigh->updated = jiffies;
1094 neigh_connect(neigh);
1095 notify = 1;
1096 next = neigh->confirmed + neigh->parms->reachable_time;
1097 } else {
1098 neigh_dbg(2, "neigh %p is probed\n", neigh);
1099 neigh->nud_state = NUD_PROBE;
1100 neigh->updated = jiffies;
1101 atomic_set(&neigh->probes, 0);
1102 notify = 1;
1103 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1104 HZ/100);
1105 }
1106 } else {
1107 /* NUD_PROBE|NUD_INCOMPLETE */
1108 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1109 }
1110
1111 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1112 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1113 neigh->nud_state = NUD_FAILED;
1114 notify = 1;
1115 neigh_invalidate(neigh);
1116 goto out;
1117 }
1118
1119 if (neigh->nud_state & NUD_IN_TIMER) {
1120 if (time_before(next, jiffies + HZ/100))
1121 next = jiffies + HZ/100;
1122 if (!mod_timer(&neigh->timer, next))
1123 neigh_hold(neigh);
1124 }
1125 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1126 neigh_probe(neigh);
1127 } else {
1128 out:
1129 write_unlock(&neigh->lock);
1130 }
1131
1132 if (notify)
1133 neigh_update_notify(neigh, 0);
1134
1135 trace_neigh_timer_handler(neigh, 0);
1136
1137 neigh_release(neigh);
1138 }
1139
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1140 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1141 {
1142 int rc;
1143 bool immediate_probe = false;
1144
1145 write_lock_bh(&neigh->lock);
1146
1147 rc = 0;
1148 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1149 goto out_unlock_bh;
1150 if (neigh->dead)
1151 goto out_dead;
1152
1153 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1154 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1155 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1156 unsigned long next, now = jiffies;
1157
1158 atomic_set(&neigh->probes,
1159 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1160 neigh_del_timer(neigh);
1161 neigh->nud_state = NUD_INCOMPLETE;
1162 neigh->updated = now;
1163 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1164 HZ/100);
1165 neigh_add_timer(neigh, next);
1166 immediate_probe = true;
1167 } else {
1168 neigh->nud_state = NUD_FAILED;
1169 neigh->updated = jiffies;
1170 write_unlock_bh(&neigh->lock);
1171
1172 kfree_skb(skb);
1173 return 1;
1174 }
1175 } else if (neigh->nud_state & NUD_STALE) {
1176 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1177 neigh_del_timer(neigh);
1178 neigh->nud_state = NUD_DELAY;
1179 neigh->updated = jiffies;
1180 neigh_add_timer(neigh, jiffies +
1181 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1182 }
1183
1184 if (neigh->nud_state == NUD_INCOMPLETE) {
1185 if (skb) {
1186 while (neigh->arp_queue_len_bytes + skb->truesize >
1187 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1188 struct sk_buff *buff;
1189
1190 buff = __skb_dequeue(&neigh->arp_queue);
1191 if (!buff)
1192 break;
1193 neigh->arp_queue_len_bytes -= buff->truesize;
1194 kfree_skb(buff);
1195 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1196 }
1197 skb_dst_force(skb);
1198 __skb_queue_tail(&neigh->arp_queue, skb);
1199 neigh->arp_queue_len_bytes += skb->truesize;
1200 }
1201 rc = 1;
1202 }
1203 out_unlock_bh:
1204 if (immediate_probe)
1205 neigh_probe(neigh);
1206 else
1207 write_unlock(&neigh->lock);
1208 local_bh_enable();
1209 trace_neigh_event_send_done(neigh, rc);
1210 return rc;
1211
1212 out_dead:
1213 if (neigh->nud_state & NUD_STALE)
1214 goto out_unlock_bh;
1215 write_unlock_bh(&neigh->lock);
1216 kfree_skb(skb);
1217 trace_neigh_event_send_dead(neigh, 1);
1218 return 1;
1219 }
1220 EXPORT_SYMBOL(__neigh_event_send);
1221
neigh_update_hhs(struct neighbour * neigh)1222 static void neigh_update_hhs(struct neighbour *neigh)
1223 {
1224 struct hh_cache *hh;
1225 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1226 = NULL;
1227
1228 if (neigh->dev->header_ops)
1229 update = neigh->dev->header_ops->cache_update;
1230
1231 if (update) {
1232 hh = &neigh->hh;
1233 if (READ_ONCE(hh->hh_len)) {
1234 write_seqlock_bh(&hh->hh_lock);
1235 update(hh, neigh->dev, neigh->ha);
1236 write_sequnlock_bh(&hh->hh_lock);
1237 }
1238 }
1239 }
1240
1241
1242
1243 /* Generic update routine.
1244 -- lladdr is new lladdr or NULL, if it is not supplied.
1245 -- new is new state.
1246 -- flags
1247 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1248 if it is different.
1249 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1250 lladdr instead of overriding it
1251 if it is different.
1252 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1253 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1254 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1255 NTF_ROUTER flag.
1256 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1257 a router.
1258
1259 Caller MUST hold reference count on the entry.
1260 */
1261
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1262 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1263 u8 new, u32 flags, u32 nlmsg_pid,
1264 struct netlink_ext_ack *extack)
1265 {
1266 bool ext_learn_change = false;
1267 u8 old;
1268 int err;
1269 int notify = 0;
1270 struct net_device *dev;
1271 int update_isrouter = 0;
1272
1273 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1274
1275 write_lock_bh(&neigh->lock);
1276
1277 dev = neigh->dev;
1278 old = neigh->nud_state;
1279 err = -EPERM;
1280
1281 if (neigh->dead) {
1282 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1283 new = old;
1284 goto out;
1285 }
1286 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1287 (old & (NUD_NOARP | NUD_PERMANENT)))
1288 goto out;
1289
1290 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1291 if (flags & NEIGH_UPDATE_F_USE) {
1292 new = old & ~NUD_PERMANENT;
1293 neigh->nud_state = new;
1294 err = 0;
1295 goto out;
1296 }
1297
1298 if (!(new & NUD_VALID)) {
1299 neigh_del_timer(neigh);
1300 if (old & NUD_CONNECTED)
1301 neigh_suspect(neigh);
1302 neigh->nud_state = new;
1303 err = 0;
1304 notify = old & NUD_VALID;
1305 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1306 (new & NUD_FAILED)) {
1307 neigh_invalidate(neigh);
1308 notify = 1;
1309 }
1310 goto out;
1311 }
1312
1313 /* Compare new lladdr with cached one */
1314 if (!dev->addr_len) {
1315 /* First case: device needs no address. */
1316 lladdr = neigh->ha;
1317 } else if (lladdr) {
1318 /* The second case: if something is already cached
1319 and a new address is proposed:
1320 - compare new & old
1321 - if they are different, check override flag
1322 */
1323 if ((old & NUD_VALID) &&
1324 !memcmp(lladdr, neigh->ha, dev->addr_len))
1325 lladdr = neigh->ha;
1326 } else {
1327 /* No address is supplied; if we know something,
1328 use it, otherwise discard the request.
1329 */
1330 err = -EINVAL;
1331 if (!(old & NUD_VALID)) {
1332 NL_SET_ERR_MSG(extack, "No link layer address given");
1333 goto out;
1334 }
1335 lladdr = neigh->ha;
1336 }
1337
1338 /* Update confirmed timestamp for neighbour entry after we
1339 * received ARP packet even if it doesn't change IP to MAC binding.
1340 */
1341 if (new & NUD_CONNECTED)
1342 neigh->confirmed = jiffies;
1343
1344 /* If entry was valid and address is not changed,
1345 do not change entry state, if new one is STALE.
1346 */
1347 err = 0;
1348 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1349 if (old & NUD_VALID) {
1350 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1351 update_isrouter = 0;
1352 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1353 (old & NUD_CONNECTED)) {
1354 lladdr = neigh->ha;
1355 new = NUD_STALE;
1356 } else
1357 goto out;
1358 } else {
1359 if (lladdr == neigh->ha && new == NUD_STALE &&
1360 !(flags & NEIGH_UPDATE_F_ADMIN))
1361 new = old;
1362 }
1363 }
1364
1365 /* Update timestamp only once we know we will make a change to the
1366 * neighbour entry. Otherwise we risk to move the locktime window with
1367 * noop updates and ignore relevant ARP updates.
1368 */
1369 if (new != old || lladdr != neigh->ha)
1370 neigh->updated = jiffies;
1371
1372 if (new != old) {
1373 neigh_del_timer(neigh);
1374 if (new & NUD_PROBE)
1375 atomic_set(&neigh->probes, 0);
1376 if (new & NUD_IN_TIMER)
1377 neigh_add_timer(neigh, (jiffies +
1378 ((new & NUD_REACHABLE) ?
1379 neigh->parms->reachable_time :
1380 0)));
1381 neigh->nud_state = new;
1382 notify = 1;
1383 }
1384
1385 if (lladdr != neigh->ha) {
1386 write_seqlock(&neigh->ha_lock);
1387 memcpy(&neigh->ha, lladdr, dev->addr_len);
1388 write_sequnlock(&neigh->ha_lock);
1389 neigh_update_hhs(neigh);
1390 if (!(new & NUD_CONNECTED))
1391 neigh->confirmed = jiffies -
1392 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1393 notify = 1;
1394 }
1395 if (new == old)
1396 goto out;
1397 if (new & NUD_CONNECTED)
1398 neigh_connect(neigh);
1399 else
1400 neigh_suspect(neigh);
1401 if (!(old & NUD_VALID)) {
1402 struct sk_buff *skb;
1403
1404 /* Again: avoid dead loop if something went wrong */
1405
1406 while (neigh->nud_state & NUD_VALID &&
1407 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1408 struct dst_entry *dst = skb_dst(skb);
1409 struct neighbour *n2, *n1 = neigh;
1410 write_unlock_bh(&neigh->lock);
1411
1412 rcu_read_lock();
1413
1414 /* Why not just use 'neigh' as-is? The problem is that
1415 * things such as shaper, eql, and sch_teql can end up
1416 * using alternative, different, neigh objects to output
1417 * the packet in the output path. So what we need to do
1418 * here is re-lookup the top-level neigh in the path so
1419 * we can reinject the packet there.
1420 */
1421 n2 = NULL;
1422 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1423 n2 = dst_neigh_lookup_skb(dst, skb);
1424 if (n2)
1425 n1 = n2;
1426 }
1427 n1->output(n1, skb);
1428 if (n2)
1429 neigh_release(n2);
1430 rcu_read_unlock();
1431
1432 write_lock_bh(&neigh->lock);
1433 }
1434 __skb_queue_purge(&neigh->arp_queue);
1435 neigh->arp_queue_len_bytes = 0;
1436 }
1437 out:
1438 if (update_isrouter)
1439 neigh_update_is_router(neigh, flags, ¬ify);
1440 write_unlock_bh(&neigh->lock);
1441
1442 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1443 neigh_update_gc_list(neigh);
1444
1445 if (notify)
1446 neigh_update_notify(neigh, nlmsg_pid);
1447
1448 trace_neigh_update_done(neigh, err);
1449
1450 return err;
1451 }
1452
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1453 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1454 u32 flags, u32 nlmsg_pid)
1455 {
1456 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1457 }
1458 EXPORT_SYMBOL(neigh_update);
1459
1460 /* Update the neigh to listen temporarily for probe responses, even if it is
1461 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1462 */
__neigh_set_probe_once(struct neighbour * neigh)1463 void __neigh_set_probe_once(struct neighbour *neigh)
1464 {
1465 if (neigh->dead)
1466 return;
1467 neigh->updated = jiffies;
1468 if (!(neigh->nud_state & NUD_FAILED))
1469 return;
1470 neigh->nud_state = NUD_INCOMPLETE;
1471 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1472 neigh_add_timer(neigh,
1473 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1474 HZ/100));
1475 }
1476 EXPORT_SYMBOL(__neigh_set_probe_once);
1477
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1478 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1479 u8 *lladdr, void *saddr,
1480 struct net_device *dev)
1481 {
1482 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1483 lladdr || !dev->addr_len);
1484 if (neigh)
1485 neigh_update(neigh, lladdr, NUD_STALE,
1486 NEIGH_UPDATE_F_OVERRIDE, 0);
1487 return neigh;
1488 }
1489 EXPORT_SYMBOL(neigh_event_ns);
1490
1491 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1492 static void neigh_hh_init(struct neighbour *n)
1493 {
1494 struct net_device *dev = n->dev;
1495 __be16 prot = n->tbl->protocol;
1496 struct hh_cache *hh = &n->hh;
1497
1498 write_lock_bh(&n->lock);
1499
1500 /* Only one thread can come in here and initialize the
1501 * hh_cache entry.
1502 */
1503 if (!hh->hh_len)
1504 dev->header_ops->cache(n, hh, prot);
1505
1506 write_unlock_bh(&n->lock);
1507 }
1508
1509 /* Slow and careful. */
1510
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1511 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1512 {
1513 int rc = 0;
1514
1515 if (!neigh_event_send(neigh, skb)) {
1516 int err;
1517 struct net_device *dev = neigh->dev;
1518 unsigned int seq;
1519
1520 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1521 neigh_hh_init(neigh);
1522
1523 do {
1524 __skb_pull(skb, skb_network_offset(skb));
1525 seq = read_seqbegin(&neigh->ha_lock);
1526 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1527 neigh->ha, NULL, skb->len);
1528 } while (read_seqretry(&neigh->ha_lock, seq));
1529
1530 if (err >= 0)
1531 rc = dev_queue_xmit(skb);
1532 else
1533 goto out_kfree_skb;
1534 }
1535 out:
1536 return rc;
1537 out_kfree_skb:
1538 rc = -EINVAL;
1539 kfree_skb(skb);
1540 goto out;
1541 }
1542 EXPORT_SYMBOL(neigh_resolve_output);
1543
1544 /* As fast as possible without hh cache */
1545
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1546 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1547 {
1548 struct net_device *dev = neigh->dev;
1549 unsigned int seq;
1550 int err;
1551
1552 do {
1553 __skb_pull(skb, skb_network_offset(skb));
1554 seq = read_seqbegin(&neigh->ha_lock);
1555 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1556 neigh->ha, NULL, skb->len);
1557 } while (read_seqretry(&neigh->ha_lock, seq));
1558
1559 if (err >= 0)
1560 err = dev_queue_xmit(skb);
1561 else {
1562 err = -EINVAL;
1563 kfree_skb(skb);
1564 }
1565 return err;
1566 }
1567 EXPORT_SYMBOL(neigh_connected_output);
1568
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1569 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1570 {
1571 return dev_queue_xmit(skb);
1572 }
1573 EXPORT_SYMBOL(neigh_direct_output);
1574
neigh_proxy_process(struct timer_list * t)1575 static void neigh_proxy_process(struct timer_list *t)
1576 {
1577 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1578 long sched_next = 0;
1579 unsigned long now = jiffies;
1580 struct sk_buff *skb, *n;
1581
1582 spin_lock(&tbl->proxy_queue.lock);
1583
1584 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1585 long tdif = NEIGH_CB(skb)->sched_next - now;
1586
1587 if (tdif <= 0) {
1588 struct net_device *dev = skb->dev;
1589
1590 __skb_unlink(skb, &tbl->proxy_queue);
1591 if (tbl->proxy_redo && netif_running(dev)) {
1592 rcu_read_lock();
1593 tbl->proxy_redo(skb);
1594 rcu_read_unlock();
1595 } else {
1596 kfree_skb(skb);
1597 }
1598
1599 dev_put(dev);
1600 } else if (!sched_next || tdif < sched_next)
1601 sched_next = tdif;
1602 }
1603 del_timer(&tbl->proxy_timer);
1604 if (sched_next)
1605 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1606 spin_unlock(&tbl->proxy_queue.lock);
1607 }
1608
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1609 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1610 struct sk_buff *skb)
1611 {
1612 unsigned long now = jiffies;
1613
1614 unsigned long sched_next = now + (prandom_u32() %
1615 NEIGH_VAR(p, PROXY_DELAY));
1616
1617 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1618 kfree_skb(skb);
1619 return;
1620 }
1621
1622 NEIGH_CB(skb)->sched_next = sched_next;
1623 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1624
1625 spin_lock(&tbl->proxy_queue.lock);
1626 if (del_timer(&tbl->proxy_timer)) {
1627 if (time_before(tbl->proxy_timer.expires, sched_next))
1628 sched_next = tbl->proxy_timer.expires;
1629 }
1630 skb_dst_drop(skb);
1631 dev_hold(skb->dev);
1632 __skb_queue_tail(&tbl->proxy_queue, skb);
1633 mod_timer(&tbl->proxy_timer, sched_next);
1634 spin_unlock(&tbl->proxy_queue.lock);
1635 }
1636 EXPORT_SYMBOL(pneigh_enqueue);
1637
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1638 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1639 struct net *net, int ifindex)
1640 {
1641 struct neigh_parms *p;
1642
1643 list_for_each_entry(p, &tbl->parms_list, list) {
1644 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1645 (!p->dev && !ifindex && net_eq(net, &init_net)))
1646 return p;
1647 }
1648
1649 return NULL;
1650 }
1651
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1652 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1653 struct neigh_table *tbl)
1654 {
1655 struct neigh_parms *p;
1656 struct net *net = dev_net(dev);
1657 const struct net_device_ops *ops = dev->netdev_ops;
1658
1659 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1660 if (p) {
1661 p->tbl = tbl;
1662 refcount_set(&p->refcnt, 1);
1663 p->reachable_time =
1664 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1665 dev_hold(dev);
1666 p->dev = dev;
1667 write_pnet(&p->net, net);
1668 p->sysctl_table = NULL;
1669
1670 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1671 dev_put(dev);
1672 kfree(p);
1673 return NULL;
1674 }
1675
1676 write_lock_bh(&tbl->lock);
1677 list_add(&p->list, &tbl->parms.list);
1678 write_unlock_bh(&tbl->lock);
1679
1680 neigh_parms_data_state_cleanall(p);
1681 }
1682 return p;
1683 }
1684 EXPORT_SYMBOL(neigh_parms_alloc);
1685
neigh_rcu_free_parms(struct rcu_head * head)1686 static void neigh_rcu_free_parms(struct rcu_head *head)
1687 {
1688 struct neigh_parms *parms =
1689 container_of(head, struct neigh_parms, rcu_head);
1690
1691 neigh_parms_put(parms);
1692 }
1693
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1694 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1695 {
1696 if (!parms || parms == &tbl->parms)
1697 return;
1698 write_lock_bh(&tbl->lock);
1699 list_del(&parms->list);
1700 parms->dead = 1;
1701 write_unlock_bh(&tbl->lock);
1702 if (parms->dev)
1703 dev_put(parms->dev);
1704 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1705 }
1706 EXPORT_SYMBOL(neigh_parms_release);
1707
neigh_parms_destroy(struct neigh_parms * parms)1708 static void neigh_parms_destroy(struct neigh_parms *parms)
1709 {
1710 kfree(parms);
1711 }
1712
1713 static struct lock_class_key neigh_table_proxy_queue_class;
1714
1715 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1716
neigh_table_init(int index,struct neigh_table * tbl)1717 void neigh_table_init(int index, struct neigh_table *tbl)
1718 {
1719 unsigned long now = jiffies;
1720 unsigned long phsize;
1721
1722 INIT_LIST_HEAD(&tbl->parms_list);
1723 INIT_LIST_HEAD(&tbl->gc_list);
1724 list_add(&tbl->parms.list, &tbl->parms_list);
1725 write_pnet(&tbl->parms.net, &init_net);
1726 refcount_set(&tbl->parms.refcnt, 1);
1727 tbl->parms.reachable_time =
1728 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1729
1730 tbl->stats = alloc_percpu(struct neigh_statistics);
1731 if (!tbl->stats)
1732 panic("cannot create neighbour cache statistics");
1733
1734 #ifdef CONFIG_PROC_FS
1735 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1736 &neigh_stat_seq_ops, tbl))
1737 panic("cannot create neighbour proc dir entry");
1738 #endif
1739
1740 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1741
1742 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1743 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1744
1745 if (!tbl->nht || !tbl->phash_buckets)
1746 panic("cannot allocate neighbour cache hashes");
1747
1748 if (!tbl->entry_size)
1749 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1750 tbl->key_len, NEIGH_PRIV_ALIGN);
1751 else
1752 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1753
1754 rwlock_init(&tbl->lock);
1755 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1756 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1757 tbl->parms.reachable_time);
1758 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1759 skb_queue_head_init_class(&tbl->proxy_queue,
1760 &neigh_table_proxy_queue_class);
1761
1762 tbl->last_flush = now;
1763 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1764
1765 neigh_tables[index] = tbl;
1766 }
1767 EXPORT_SYMBOL(neigh_table_init);
1768
neigh_table_clear(int index,struct neigh_table * tbl)1769 int neigh_table_clear(int index, struct neigh_table *tbl)
1770 {
1771 neigh_tables[index] = NULL;
1772 /* It is not clean... Fix it to unload IPv6 module safely */
1773 cancel_delayed_work_sync(&tbl->gc_work);
1774 del_timer_sync(&tbl->proxy_timer);
1775 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1776 neigh_ifdown(tbl, NULL);
1777 if (atomic_read(&tbl->entries))
1778 pr_crit("neighbour leakage\n");
1779
1780 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1781 neigh_hash_free_rcu);
1782 tbl->nht = NULL;
1783
1784 kfree(tbl->phash_buckets);
1785 tbl->phash_buckets = NULL;
1786
1787 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1788
1789 free_percpu(tbl->stats);
1790 tbl->stats = NULL;
1791
1792 return 0;
1793 }
1794 EXPORT_SYMBOL(neigh_table_clear);
1795
neigh_find_table(int family)1796 static struct neigh_table *neigh_find_table(int family)
1797 {
1798 struct neigh_table *tbl = NULL;
1799
1800 switch (family) {
1801 case AF_INET:
1802 tbl = neigh_tables[NEIGH_ARP_TABLE];
1803 break;
1804 case AF_INET6:
1805 tbl = neigh_tables[NEIGH_ND_TABLE];
1806 break;
1807 case AF_DECnet:
1808 tbl = neigh_tables[NEIGH_DN_TABLE];
1809 break;
1810 #ifdef CONFIG_NEWIP
1811 case AF_NINET: /* NIP */
1812 tbl = neigh_tables[NEIGH_NND_TABLE];
1813 break;
1814 #endif
1815 }
1816
1817 return tbl;
1818 }
1819
1820 const struct nla_policy nda_policy[NDA_MAX+1] = {
1821 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1822 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1823 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1824 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1825 [NDA_PROBES] = { .type = NLA_U32 },
1826 [NDA_VLAN] = { .type = NLA_U16 },
1827 [NDA_PORT] = { .type = NLA_U16 },
1828 [NDA_VNI] = { .type = NLA_U32 },
1829 [NDA_IFINDEX] = { .type = NLA_U32 },
1830 [NDA_MASTER] = { .type = NLA_U32 },
1831 [NDA_PROTOCOL] = { .type = NLA_U8 },
1832 [NDA_NH_ID] = { .type = NLA_U32 },
1833 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1834 };
1835
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1836 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1837 struct netlink_ext_ack *extack)
1838 {
1839 struct net *net = sock_net(skb->sk);
1840 struct ndmsg *ndm;
1841 struct nlattr *dst_attr;
1842 struct neigh_table *tbl;
1843 struct neighbour *neigh;
1844 struct net_device *dev = NULL;
1845 int err = -EINVAL;
1846
1847 ASSERT_RTNL();
1848 if (nlmsg_len(nlh) < sizeof(*ndm))
1849 goto out;
1850
1851 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1852 if (!dst_attr) {
1853 NL_SET_ERR_MSG(extack, "Network address not specified");
1854 goto out;
1855 }
1856
1857 ndm = nlmsg_data(nlh);
1858 if (ndm->ndm_ifindex) {
1859 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1860 if (dev == NULL) {
1861 err = -ENODEV;
1862 goto out;
1863 }
1864 }
1865
1866 tbl = neigh_find_table(ndm->ndm_family);
1867 if (tbl == NULL)
1868 return -EAFNOSUPPORT;
1869
1870 if (nla_len(dst_attr) < (int)tbl->key_len) {
1871 NL_SET_ERR_MSG(extack, "Invalid network address");
1872 goto out;
1873 }
1874
1875 if (ndm->ndm_flags & NTF_PROXY) {
1876 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1877 goto out;
1878 }
1879
1880 if (dev == NULL)
1881 goto out;
1882
1883 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1884 if (neigh == NULL) {
1885 err = -ENOENT;
1886 goto out;
1887 }
1888
1889 err = __neigh_update(neigh, NULL, NUD_FAILED,
1890 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1891 NETLINK_CB(skb).portid, extack);
1892 write_lock_bh(&tbl->lock);
1893 neigh_release(neigh);
1894 neigh_remove_one(neigh, tbl);
1895 write_unlock_bh(&tbl->lock);
1896
1897 out:
1898 return err;
1899 }
1900
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1901 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1902 struct netlink_ext_ack *extack)
1903 {
1904 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1905 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1906 struct net *net = sock_net(skb->sk);
1907 struct ndmsg *ndm;
1908 struct nlattr *tb[NDA_MAX+1];
1909 struct neigh_table *tbl;
1910 struct net_device *dev = NULL;
1911 struct neighbour *neigh;
1912 void *dst, *lladdr;
1913 u8 protocol = 0;
1914 int err;
1915
1916 ASSERT_RTNL();
1917 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1918 nda_policy, extack);
1919 if (err < 0)
1920 goto out;
1921
1922 err = -EINVAL;
1923 if (!tb[NDA_DST]) {
1924 NL_SET_ERR_MSG(extack, "Network address not specified");
1925 goto out;
1926 }
1927
1928 ndm = nlmsg_data(nlh);
1929 if (ndm->ndm_ifindex) {
1930 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1931 if (dev == NULL) {
1932 err = -ENODEV;
1933 goto out;
1934 }
1935
1936 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1937 NL_SET_ERR_MSG(extack, "Invalid link address");
1938 goto out;
1939 }
1940 }
1941
1942 tbl = neigh_find_table(ndm->ndm_family);
1943 if (tbl == NULL)
1944 return -EAFNOSUPPORT;
1945
1946 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1947 NL_SET_ERR_MSG(extack, "Invalid network address");
1948 goto out;
1949 }
1950
1951 dst = nla_data(tb[NDA_DST]);
1952 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1953
1954 if (tb[NDA_PROTOCOL])
1955 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1956
1957 if (ndm->ndm_flags & NTF_PROXY) {
1958 struct pneigh_entry *pn;
1959
1960 err = -ENOBUFS;
1961 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1962 if (pn) {
1963 pn->flags = ndm->ndm_flags;
1964 if (protocol)
1965 pn->protocol = protocol;
1966 err = 0;
1967 }
1968 goto out;
1969 }
1970
1971 if (!dev) {
1972 NL_SET_ERR_MSG(extack, "Device not specified");
1973 goto out;
1974 }
1975
1976 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1977 err = -EINVAL;
1978 goto out;
1979 }
1980
1981 neigh = neigh_lookup(tbl, dst, dev);
1982 if (neigh == NULL) {
1983 bool exempt_from_gc;
1984
1985 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1986 err = -ENOENT;
1987 goto out;
1988 }
1989
1990 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1991 ndm->ndm_flags & NTF_EXT_LEARNED;
1992 neigh = ___neigh_create(tbl, dst, dev,
1993 ndm->ndm_flags & NTF_EXT_LEARNED,
1994 exempt_from_gc, true);
1995 if (IS_ERR(neigh)) {
1996 err = PTR_ERR(neigh);
1997 goto out;
1998 }
1999 } else {
2000 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2001 err = -EEXIST;
2002 neigh_release(neigh);
2003 goto out;
2004 }
2005
2006 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2007 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2008 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2009 }
2010
2011 if (protocol)
2012 neigh->protocol = protocol;
2013 if (ndm->ndm_flags & NTF_EXT_LEARNED)
2014 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2015 if (ndm->ndm_flags & NTF_ROUTER)
2016 flags |= NEIGH_UPDATE_F_ISROUTER;
2017 if (ndm->ndm_flags & NTF_USE)
2018 flags |= NEIGH_UPDATE_F_USE;
2019
2020 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2021 NETLINK_CB(skb).portid, extack);
2022 if (!err && ndm->ndm_flags & NTF_USE) {
2023 neigh_event_send(neigh, NULL);
2024 err = 0;
2025 }
2026 neigh_release(neigh);
2027 out:
2028 return err;
2029 }
2030
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)2031 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2032 {
2033 struct nlattr *nest;
2034
2035 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2036 if (nest == NULL)
2037 return -ENOBUFS;
2038
2039 if ((parms->dev &&
2040 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2041 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2042 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2043 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2044 /* approximative value for deprecated QUEUE_LEN (in packets) */
2045 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2046 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2047 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2048 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2049 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2050 NEIGH_VAR(parms, UCAST_PROBES)) ||
2051 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2052 NEIGH_VAR(parms, MCAST_PROBES)) ||
2053 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2054 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2055 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2056 NDTPA_PAD) ||
2057 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2058 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2059 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2060 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2061 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2062 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2063 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2064 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2065 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2066 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2067 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2068 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2069 nla_put_msecs(skb, NDTPA_LOCKTIME,
2070 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2071 goto nla_put_failure;
2072 return nla_nest_end(skb, nest);
2073
2074 nla_put_failure:
2075 nla_nest_cancel(skb, nest);
2076 return -EMSGSIZE;
2077 }
2078
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2079 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2080 u32 pid, u32 seq, int type, int flags)
2081 {
2082 struct nlmsghdr *nlh;
2083 struct ndtmsg *ndtmsg;
2084
2085 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2086 if (nlh == NULL)
2087 return -EMSGSIZE;
2088
2089 ndtmsg = nlmsg_data(nlh);
2090
2091 read_lock_bh(&tbl->lock);
2092 ndtmsg->ndtm_family = tbl->family;
2093 ndtmsg->ndtm_pad1 = 0;
2094 ndtmsg->ndtm_pad2 = 0;
2095
2096 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2097 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2098 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2099 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2100 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2101 goto nla_put_failure;
2102 {
2103 unsigned long now = jiffies;
2104 long flush_delta = now - tbl->last_flush;
2105 long rand_delta = now - tbl->last_rand;
2106 struct neigh_hash_table *nht;
2107 struct ndt_config ndc = {
2108 .ndtc_key_len = tbl->key_len,
2109 .ndtc_entry_size = tbl->entry_size,
2110 .ndtc_entries = atomic_read(&tbl->entries),
2111 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2112 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2113 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2114 };
2115
2116 rcu_read_lock_bh();
2117 nht = rcu_dereference_bh(tbl->nht);
2118 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2119 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2120 rcu_read_unlock_bh();
2121
2122 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2123 goto nla_put_failure;
2124 }
2125
2126 {
2127 int cpu;
2128 struct ndt_stats ndst;
2129
2130 memset(&ndst, 0, sizeof(ndst));
2131
2132 for_each_possible_cpu(cpu) {
2133 struct neigh_statistics *st;
2134
2135 st = per_cpu_ptr(tbl->stats, cpu);
2136 ndst.ndts_allocs += st->allocs;
2137 ndst.ndts_destroys += st->destroys;
2138 ndst.ndts_hash_grows += st->hash_grows;
2139 ndst.ndts_res_failed += st->res_failed;
2140 ndst.ndts_lookups += st->lookups;
2141 ndst.ndts_hits += st->hits;
2142 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2143 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2144 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2145 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2146 ndst.ndts_table_fulls += st->table_fulls;
2147 }
2148
2149 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2150 NDTA_PAD))
2151 goto nla_put_failure;
2152 }
2153
2154 BUG_ON(tbl->parms.dev);
2155 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2156 goto nla_put_failure;
2157
2158 read_unlock_bh(&tbl->lock);
2159 nlmsg_end(skb, nlh);
2160 return 0;
2161
2162 nla_put_failure:
2163 read_unlock_bh(&tbl->lock);
2164 nlmsg_cancel(skb, nlh);
2165 return -EMSGSIZE;
2166 }
2167
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2168 static int neightbl_fill_param_info(struct sk_buff *skb,
2169 struct neigh_table *tbl,
2170 struct neigh_parms *parms,
2171 u32 pid, u32 seq, int type,
2172 unsigned int flags)
2173 {
2174 struct ndtmsg *ndtmsg;
2175 struct nlmsghdr *nlh;
2176
2177 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2178 if (nlh == NULL)
2179 return -EMSGSIZE;
2180
2181 ndtmsg = nlmsg_data(nlh);
2182
2183 read_lock_bh(&tbl->lock);
2184 ndtmsg->ndtm_family = tbl->family;
2185 ndtmsg->ndtm_pad1 = 0;
2186 ndtmsg->ndtm_pad2 = 0;
2187
2188 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2189 neightbl_fill_parms(skb, parms) < 0)
2190 goto errout;
2191
2192 read_unlock_bh(&tbl->lock);
2193 nlmsg_end(skb, nlh);
2194 return 0;
2195 errout:
2196 read_unlock_bh(&tbl->lock);
2197 nlmsg_cancel(skb, nlh);
2198 return -EMSGSIZE;
2199 }
2200
2201 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2202 [NDTA_NAME] = { .type = NLA_STRING },
2203 [NDTA_THRESH1] = { .type = NLA_U32 },
2204 [NDTA_THRESH2] = { .type = NLA_U32 },
2205 [NDTA_THRESH3] = { .type = NLA_U32 },
2206 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2207 [NDTA_PARMS] = { .type = NLA_NESTED },
2208 };
2209
2210 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2211 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2212 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2213 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2214 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2215 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2216 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2217 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2218 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2219 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2220 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2221 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2222 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2223 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2224 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2225 };
2226
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2227 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2228 struct netlink_ext_ack *extack)
2229 {
2230 struct net *net = sock_net(skb->sk);
2231 struct neigh_table *tbl;
2232 struct ndtmsg *ndtmsg;
2233 struct nlattr *tb[NDTA_MAX+1];
2234 bool found = false;
2235 int err, tidx;
2236
2237 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2238 nl_neightbl_policy, extack);
2239 if (err < 0)
2240 goto errout;
2241
2242 if (tb[NDTA_NAME] == NULL) {
2243 err = -EINVAL;
2244 goto errout;
2245 }
2246
2247 ndtmsg = nlmsg_data(nlh);
2248
2249 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2250 tbl = neigh_tables[tidx];
2251 if (!tbl)
2252 continue;
2253 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2254 continue;
2255 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2256 found = true;
2257 break;
2258 }
2259 }
2260
2261 if (!found)
2262 return -ENOENT;
2263
2264 /*
2265 * We acquire tbl->lock to be nice to the periodic timers and
2266 * make sure they always see a consistent set of values.
2267 */
2268 write_lock_bh(&tbl->lock);
2269
2270 if (tb[NDTA_PARMS]) {
2271 struct nlattr *tbp[NDTPA_MAX+1];
2272 struct neigh_parms *p;
2273 int i, ifindex = 0;
2274
2275 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2276 tb[NDTA_PARMS],
2277 nl_ntbl_parm_policy, extack);
2278 if (err < 0)
2279 goto errout_tbl_lock;
2280
2281 if (tbp[NDTPA_IFINDEX])
2282 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2283
2284 p = lookup_neigh_parms(tbl, net, ifindex);
2285 if (p == NULL) {
2286 err = -ENOENT;
2287 goto errout_tbl_lock;
2288 }
2289
2290 for (i = 1; i <= NDTPA_MAX; i++) {
2291 if (tbp[i] == NULL)
2292 continue;
2293
2294 switch (i) {
2295 case NDTPA_QUEUE_LEN:
2296 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2297 nla_get_u32(tbp[i]) *
2298 SKB_TRUESIZE(ETH_FRAME_LEN));
2299 break;
2300 case NDTPA_QUEUE_LENBYTES:
2301 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2302 nla_get_u32(tbp[i]));
2303 break;
2304 case NDTPA_PROXY_QLEN:
2305 NEIGH_VAR_SET(p, PROXY_QLEN,
2306 nla_get_u32(tbp[i]));
2307 break;
2308 case NDTPA_APP_PROBES:
2309 NEIGH_VAR_SET(p, APP_PROBES,
2310 nla_get_u32(tbp[i]));
2311 break;
2312 case NDTPA_UCAST_PROBES:
2313 NEIGH_VAR_SET(p, UCAST_PROBES,
2314 nla_get_u32(tbp[i]));
2315 break;
2316 case NDTPA_MCAST_PROBES:
2317 NEIGH_VAR_SET(p, MCAST_PROBES,
2318 nla_get_u32(tbp[i]));
2319 break;
2320 case NDTPA_MCAST_REPROBES:
2321 NEIGH_VAR_SET(p, MCAST_REPROBES,
2322 nla_get_u32(tbp[i]));
2323 break;
2324 case NDTPA_BASE_REACHABLE_TIME:
2325 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2326 nla_get_msecs(tbp[i]));
2327 /* update reachable_time as well, otherwise, the change will
2328 * only be effective after the next time neigh_periodic_work
2329 * decides to recompute it (can be multiple minutes)
2330 */
2331 p->reachable_time =
2332 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2333 break;
2334 case NDTPA_GC_STALETIME:
2335 NEIGH_VAR_SET(p, GC_STALETIME,
2336 nla_get_msecs(tbp[i]));
2337 break;
2338 case NDTPA_DELAY_PROBE_TIME:
2339 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2340 nla_get_msecs(tbp[i]));
2341 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2342 break;
2343 case NDTPA_RETRANS_TIME:
2344 NEIGH_VAR_SET(p, RETRANS_TIME,
2345 nla_get_msecs(tbp[i]));
2346 break;
2347 case NDTPA_ANYCAST_DELAY:
2348 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2349 nla_get_msecs(tbp[i]));
2350 break;
2351 case NDTPA_PROXY_DELAY:
2352 NEIGH_VAR_SET(p, PROXY_DELAY,
2353 nla_get_msecs(tbp[i]));
2354 break;
2355 case NDTPA_LOCKTIME:
2356 NEIGH_VAR_SET(p, LOCKTIME,
2357 nla_get_msecs(tbp[i]));
2358 break;
2359 }
2360 }
2361 }
2362
2363 err = -ENOENT;
2364 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2365 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2366 !net_eq(net, &init_net))
2367 goto errout_tbl_lock;
2368
2369 if (tb[NDTA_THRESH1])
2370 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2371
2372 if (tb[NDTA_THRESH2])
2373 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2374
2375 if (tb[NDTA_THRESH3])
2376 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2377
2378 if (tb[NDTA_GC_INTERVAL])
2379 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2380
2381 err = 0;
2382
2383 errout_tbl_lock:
2384 write_unlock_bh(&tbl->lock);
2385 errout:
2386 return err;
2387 }
2388
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2389 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2390 struct netlink_ext_ack *extack)
2391 {
2392 struct ndtmsg *ndtm;
2393
2394 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2395 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2396 return -EINVAL;
2397 }
2398
2399 ndtm = nlmsg_data(nlh);
2400 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2401 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2402 return -EINVAL;
2403 }
2404
2405 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2406 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2407 return -EINVAL;
2408 }
2409
2410 return 0;
2411 }
2412
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2413 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2414 {
2415 const struct nlmsghdr *nlh = cb->nlh;
2416 struct net *net = sock_net(skb->sk);
2417 int family, tidx, nidx = 0;
2418 int tbl_skip = cb->args[0];
2419 int neigh_skip = cb->args[1];
2420 struct neigh_table *tbl;
2421
2422 if (cb->strict_check) {
2423 int err = neightbl_valid_dump_info(nlh, cb->extack);
2424
2425 if (err < 0)
2426 return err;
2427 }
2428
2429 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2430
2431 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2432 struct neigh_parms *p;
2433
2434 tbl = neigh_tables[tidx];
2435 if (!tbl)
2436 continue;
2437
2438 if (tidx < tbl_skip || (family && tbl->family != family))
2439 continue;
2440
2441 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2442 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2443 NLM_F_MULTI) < 0)
2444 break;
2445
2446 nidx = 0;
2447 p = list_next_entry(&tbl->parms, list);
2448 list_for_each_entry_from(p, &tbl->parms_list, list) {
2449 if (!net_eq(neigh_parms_net(p), net))
2450 continue;
2451
2452 if (nidx < neigh_skip)
2453 goto next;
2454
2455 if (neightbl_fill_param_info(skb, tbl, p,
2456 NETLINK_CB(cb->skb).portid,
2457 nlh->nlmsg_seq,
2458 RTM_NEWNEIGHTBL,
2459 NLM_F_MULTI) < 0)
2460 goto out;
2461 next:
2462 nidx++;
2463 }
2464
2465 neigh_skip = 0;
2466 }
2467 out:
2468 cb->args[0] = tidx;
2469 cb->args[1] = nidx;
2470
2471 return skb->len;
2472 }
2473
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2474 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2475 u32 pid, u32 seq, int type, unsigned int flags)
2476 {
2477 unsigned long now = jiffies;
2478 struct nda_cacheinfo ci;
2479 struct nlmsghdr *nlh;
2480 struct ndmsg *ndm;
2481
2482 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2483 if (nlh == NULL)
2484 return -EMSGSIZE;
2485
2486 ndm = nlmsg_data(nlh);
2487 ndm->ndm_family = neigh->ops->family;
2488 ndm->ndm_pad1 = 0;
2489 ndm->ndm_pad2 = 0;
2490 ndm->ndm_flags = neigh->flags;
2491 ndm->ndm_type = neigh->type;
2492 ndm->ndm_ifindex = neigh->dev->ifindex;
2493
2494 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2495 goto nla_put_failure;
2496
2497 read_lock_bh(&neigh->lock);
2498 ndm->ndm_state = neigh->nud_state;
2499 if (neigh->nud_state & NUD_VALID) {
2500 char haddr[MAX_ADDR_LEN];
2501
2502 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2503 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2504 read_unlock_bh(&neigh->lock);
2505 goto nla_put_failure;
2506 }
2507 }
2508
2509 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2510 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2511 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2512 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2513 read_unlock_bh(&neigh->lock);
2514
2515 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2516 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2517 goto nla_put_failure;
2518
2519 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2520 goto nla_put_failure;
2521
2522 nlmsg_end(skb, nlh);
2523 return 0;
2524
2525 nla_put_failure:
2526 nlmsg_cancel(skb, nlh);
2527 return -EMSGSIZE;
2528 }
2529
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2530 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2531 u32 pid, u32 seq, int type, unsigned int flags,
2532 struct neigh_table *tbl)
2533 {
2534 struct nlmsghdr *nlh;
2535 struct ndmsg *ndm;
2536
2537 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2538 if (nlh == NULL)
2539 return -EMSGSIZE;
2540
2541 ndm = nlmsg_data(nlh);
2542 ndm->ndm_family = tbl->family;
2543 ndm->ndm_pad1 = 0;
2544 ndm->ndm_pad2 = 0;
2545 ndm->ndm_flags = pn->flags | NTF_PROXY;
2546 ndm->ndm_type = RTN_UNICAST;
2547 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2548 ndm->ndm_state = NUD_NONE;
2549
2550 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2551 goto nla_put_failure;
2552
2553 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2554 goto nla_put_failure;
2555
2556 nlmsg_end(skb, nlh);
2557 return 0;
2558
2559 nla_put_failure:
2560 nlmsg_cancel(skb, nlh);
2561 return -EMSGSIZE;
2562 }
2563
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2564 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2565 {
2566 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2567 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2568 }
2569
neigh_master_filtered(struct net_device * dev,int master_idx)2570 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2571 {
2572 struct net_device *master;
2573
2574 if (!master_idx)
2575 return false;
2576
2577 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2578 if (!master || master->ifindex != master_idx)
2579 return true;
2580
2581 return false;
2582 }
2583
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2584 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2585 {
2586 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2587 return true;
2588
2589 return false;
2590 }
2591
2592 struct neigh_dump_filter {
2593 int master_idx;
2594 int dev_idx;
2595 };
2596
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2597 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2598 struct netlink_callback *cb,
2599 struct neigh_dump_filter *filter)
2600 {
2601 struct net *net = sock_net(skb->sk);
2602 struct neighbour *n;
2603 int rc, h, s_h = cb->args[1];
2604 int idx, s_idx = idx = cb->args[2];
2605 struct neigh_hash_table *nht;
2606 unsigned int flags = NLM_F_MULTI;
2607
2608 if (filter->dev_idx || filter->master_idx)
2609 flags |= NLM_F_DUMP_FILTERED;
2610
2611 rcu_read_lock_bh();
2612 nht = rcu_dereference_bh(tbl->nht);
2613
2614 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2615 if (h > s_h)
2616 s_idx = 0;
2617 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2618 n != NULL;
2619 n = rcu_dereference_bh(n->next)) {
2620 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2621 goto next;
2622 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2623 neigh_master_filtered(n->dev, filter->master_idx))
2624 goto next;
2625 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2626 cb->nlh->nlmsg_seq,
2627 RTM_NEWNEIGH,
2628 flags) < 0) {
2629 rc = -1;
2630 goto out;
2631 }
2632 next:
2633 idx++;
2634 }
2635 }
2636 rc = skb->len;
2637 out:
2638 rcu_read_unlock_bh();
2639 cb->args[1] = h;
2640 cb->args[2] = idx;
2641 return rc;
2642 }
2643
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2644 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2645 struct netlink_callback *cb,
2646 struct neigh_dump_filter *filter)
2647 {
2648 struct pneigh_entry *n;
2649 struct net *net = sock_net(skb->sk);
2650 int rc, h, s_h = cb->args[3];
2651 int idx, s_idx = idx = cb->args[4];
2652 unsigned int flags = NLM_F_MULTI;
2653
2654 if (filter->dev_idx || filter->master_idx)
2655 flags |= NLM_F_DUMP_FILTERED;
2656
2657 read_lock_bh(&tbl->lock);
2658
2659 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2660 if (h > s_h)
2661 s_idx = 0;
2662 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2663 if (idx < s_idx || pneigh_net(n) != net)
2664 goto next;
2665 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2666 neigh_master_filtered(n->dev, filter->master_idx))
2667 goto next;
2668 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2669 cb->nlh->nlmsg_seq,
2670 RTM_NEWNEIGH, flags, tbl) < 0) {
2671 read_unlock_bh(&tbl->lock);
2672 rc = -1;
2673 goto out;
2674 }
2675 next:
2676 idx++;
2677 }
2678 }
2679
2680 read_unlock_bh(&tbl->lock);
2681 rc = skb->len;
2682 out:
2683 cb->args[3] = h;
2684 cb->args[4] = idx;
2685 return rc;
2686
2687 }
2688
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2689 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2690 bool strict_check,
2691 struct neigh_dump_filter *filter,
2692 struct netlink_ext_ack *extack)
2693 {
2694 struct nlattr *tb[NDA_MAX + 1];
2695 int err, i;
2696
2697 if (strict_check) {
2698 struct ndmsg *ndm;
2699
2700 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2701 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2702 return -EINVAL;
2703 }
2704
2705 ndm = nlmsg_data(nlh);
2706 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2707 ndm->ndm_state || ndm->ndm_type) {
2708 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2709 return -EINVAL;
2710 }
2711
2712 if (ndm->ndm_flags & ~NTF_PROXY) {
2713 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2714 return -EINVAL;
2715 }
2716
2717 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2718 tb, NDA_MAX, nda_policy,
2719 extack);
2720 } else {
2721 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2722 NDA_MAX, nda_policy, extack);
2723 }
2724 if (err < 0)
2725 return err;
2726
2727 for (i = 0; i <= NDA_MAX; ++i) {
2728 if (!tb[i])
2729 continue;
2730
2731 /* all new attributes should require strict_check */
2732 switch (i) {
2733 case NDA_IFINDEX:
2734 filter->dev_idx = nla_get_u32(tb[i]);
2735 break;
2736 case NDA_MASTER:
2737 filter->master_idx = nla_get_u32(tb[i]);
2738 break;
2739 default:
2740 if (strict_check) {
2741 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2742 return -EINVAL;
2743 }
2744 }
2745 }
2746
2747 return 0;
2748 }
2749
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2750 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2751 {
2752 const struct nlmsghdr *nlh = cb->nlh;
2753 struct neigh_dump_filter filter = {};
2754 struct neigh_table *tbl;
2755 int t, family, s_t;
2756 int proxy = 0;
2757 int err;
2758
2759 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2760
2761 /* check for full ndmsg structure presence, family member is
2762 * the same for both structures
2763 */
2764 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2765 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2766 proxy = 1;
2767
2768 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2769 if (err < 0 && cb->strict_check)
2770 return err;
2771
2772 s_t = cb->args[0];
2773
2774 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2775 tbl = neigh_tables[t];
2776
2777 if (!tbl)
2778 continue;
2779 if (t < s_t || (family && tbl->family != family))
2780 continue;
2781 if (t > s_t)
2782 memset(&cb->args[1], 0, sizeof(cb->args) -
2783 sizeof(cb->args[0]));
2784 if (proxy)
2785 err = pneigh_dump_table(tbl, skb, cb, &filter);
2786 else
2787 err = neigh_dump_table(tbl, skb, cb, &filter);
2788 if (err < 0)
2789 break;
2790 }
2791
2792 cb->args[0] = t;
2793 return skb->len;
2794 }
2795
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2796 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2797 struct neigh_table **tbl,
2798 void **dst, int *dev_idx, u8 *ndm_flags,
2799 struct netlink_ext_ack *extack)
2800 {
2801 struct nlattr *tb[NDA_MAX + 1];
2802 struct ndmsg *ndm;
2803 int err, i;
2804
2805 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2806 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2807 return -EINVAL;
2808 }
2809
2810 ndm = nlmsg_data(nlh);
2811 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2812 ndm->ndm_type) {
2813 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2814 return -EINVAL;
2815 }
2816
2817 if (ndm->ndm_flags & ~NTF_PROXY) {
2818 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2819 return -EINVAL;
2820 }
2821
2822 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2823 NDA_MAX, nda_policy, extack);
2824 if (err < 0)
2825 return err;
2826
2827 *ndm_flags = ndm->ndm_flags;
2828 *dev_idx = ndm->ndm_ifindex;
2829 *tbl = neigh_find_table(ndm->ndm_family);
2830 if (*tbl == NULL) {
2831 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2832 return -EAFNOSUPPORT;
2833 }
2834
2835 for (i = 0; i <= NDA_MAX; ++i) {
2836 if (!tb[i])
2837 continue;
2838
2839 switch (i) {
2840 case NDA_DST:
2841 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2842 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2843 return -EINVAL;
2844 }
2845 *dst = nla_data(tb[i]);
2846 break;
2847 default:
2848 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2849 return -EINVAL;
2850 }
2851 }
2852
2853 return 0;
2854 }
2855
neigh_nlmsg_size(void)2856 static inline size_t neigh_nlmsg_size(void)
2857 {
2858 return NLMSG_ALIGN(sizeof(struct ndmsg))
2859 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2860 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2861 + nla_total_size(sizeof(struct nda_cacheinfo))
2862 + nla_total_size(4) /* NDA_PROBES */
2863 + nla_total_size(1); /* NDA_PROTOCOL */
2864 }
2865
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2866 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2867 u32 pid, u32 seq)
2868 {
2869 struct sk_buff *skb;
2870 int err = 0;
2871
2872 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2873 if (!skb)
2874 return -ENOBUFS;
2875
2876 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2877 if (err) {
2878 kfree_skb(skb);
2879 goto errout;
2880 }
2881
2882 err = rtnl_unicast(skb, net, pid);
2883 errout:
2884 return err;
2885 }
2886
pneigh_nlmsg_size(void)2887 static inline size_t pneigh_nlmsg_size(void)
2888 {
2889 return NLMSG_ALIGN(sizeof(struct ndmsg))
2890 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2891 + nla_total_size(1); /* NDA_PROTOCOL */
2892 }
2893
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2894 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2895 u32 pid, u32 seq, struct neigh_table *tbl)
2896 {
2897 struct sk_buff *skb;
2898 int err = 0;
2899
2900 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2901 if (!skb)
2902 return -ENOBUFS;
2903
2904 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2905 if (err) {
2906 kfree_skb(skb);
2907 goto errout;
2908 }
2909
2910 err = rtnl_unicast(skb, net, pid);
2911 errout:
2912 return err;
2913 }
2914
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2915 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2916 struct netlink_ext_ack *extack)
2917 {
2918 struct net *net = sock_net(in_skb->sk);
2919 struct net_device *dev = NULL;
2920 struct neigh_table *tbl = NULL;
2921 struct neighbour *neigh;
2922 void *dst = NULL;
2923 u8 ndm_flags = 0;
2924 int dev_idx = 0;
2925 int err;
2926
2927 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2928 extack);
2929 if (err < 0)
2930 return err;
2931
2932 if (dev_idx) {
2933 dev = __dev_get_by_index(net, dev_idx);
2934 if (!dev) {
2935 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2936 return -ENODEV;
2937 }
2938 }
2939
2940 if (!dst) {
2941 NL_SET_ERR_MSG(extack, "Network address not specified");
2942 return -EINVAL;
2943 }
2944
2945 if (ndm_flags & NTF_PROXY) {
2946 struct pneigh_entry *pn;
2947
2948 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2949 if (!pn) {
2950 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2951 return -ENOENT;
2952 }
2953 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2954 nlh->nlmsg_seq, tbl);
2955 }
2956
2957 if (!dev) {
2958 NL_SET_ERR_MSG(extack, "No device specified");
2959 return -EINVAL;
2960 }
2961
2962 neigh = neigh_lookup(tbl, dst, dev);
2963 if (!neigh) {
2964 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2965 return -ENOENT;
2966 }
2967
2968 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2969 nlh->nlmsg_seq);
2970
2971 neigh_release(neigh);
2972
2973 return err;
2974 }
2975
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2976 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2977 {
2978 int chain;
2979 struct neigh_hash_table *nht;
2980
2981 rcu_read_lock_bh();
2982 nht = rcu_dereference_bh(tbl->nht);
2983
2984 read_lock(&tbl->lock); /* avoid resizes */
2985 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2986 struct neighbour *n;
2987
2988 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2989 n != NULL;
2990 n = rcu_dereference_bh(n->next))
2991 cb(n, cookie);
2992 }
2993 read_unlock(&tbl->lock);
2994 rcu_read_unlock_bh();
2995 }
2996 EXPORT_SYMBOL(neigh_for_each);
2997
2998 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2999 void __neigh_for_each_release(struct neigh_table *tbl,
3000 int (*cb)(struct neighbour *))
3001 {
3002 int chain;
3003 struct neigh_hash_table *nht;
3004
3005 nht = rcu_dereference_protected(tbl->nht,
3006 lockdep_is_held(&tbl->lock));
3007 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3008 struct neighbour *n;
3009 struct neighbour __rcu **np;
3010
3011 np = &nht->hash_buckets[chain];
3012 while ((n = rcu_dereference_protected(*np,
3013 lockdep_is_held(&tbl->lock))) != NULL) {
3014 int release;
3015
3016 write_lock(&n->lock);
3017 release = cb(n);
3018 if (release) {
3019 rcu_assign_pointer(*np,
3020 rcu_dereference_protected(n->next,
3021 lockdep_is_held(&tbl->lock)));
3022 neigh_mark_dead(n);
3023 } else
3024 np = &n->next;
3025 write_unlock(&n->lock);
3026 if (release)
3027 neigh_cleanup_and_release(n);
3028 }
3029 }
3030 }
3031 EXPORT_SYMBOL(__neigh_for_each_release);
3032
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)3033 int neigh_xmit(int index, struct net_device *dev,
3034 const void *addr, struct sk_buff *skb)
3035 {
3036 int err = -EAFNOSUPPORT;
3037 if (likely(index < NEIGH_NR_TABLES)) {
3038 struct neigh_table *tbl;
3039 struct neighbour *neigh;
3040
3041 tbl = neigh_tables[index];
3042 if (!tbl)
3043 goto out;
3044 rcu_read_lock_bh();
3045 if (index == NEIGH_ARP_TABLE) {
3046 u32 key = *((u32 *)addr);
3047
3048 neigh = __ipv4_neigh_lookup_noref(dev, key);
3049 } else {
3050 neigh = __neigh_lookup_noref(tbl, addr, dev);
3051 }
3052 if (!neigh)
3053 neigh = __neigh_create(tbl, addr, dev, false);
3054 err = PTR_ERR(neigh);
3055 if (IS_ERR(neigh)) {
3056 rcu_read_unlock_bh();
3057 goto out_kfree_skb;
3058 }
3059 err = neigh->output(neigh, skb);
3060 rcu_read_unlock_bh();
3061 }
3062 else if (index == NEIGH_LINK_TABLE) {
3063 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3064 addr, NULL, skb->len);
3065 if (err < 0)
3066 goto out_kfree_skb;
3067 err = dev_queue_xmit(skb);
3068 }
3069 out:
3070 return err;
3071 out_kfree_skb:
3072 kfree_skb(skb);
3073 goto out;
3074 }
3075 EXPORT_SYMBOL(neigh_xmit);
3076
3077 #ifdef CONFIG_PROC_FS
3078
neigh_get_first(struct seq_file * seq)3079 static struct neighbour *neigh_get_first(struct seq_file *seq)
3080 {
3081 struct neigh_seq_state *state = seq->private;
3082 struct net *net = seq_file_net(seq);
3083 struct neigh_hash_table *nht = state->nht;
3084 struct neighbour *n = NULL;
3085 int bucket;
3086
3087 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3088 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3089 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3090
3091 while (n) {
3092 if (!net_eq(dev_net(n->dev), net))
3093 goto next;
3094 if (state->neigh_sub_iter) {
3095 loff_t fakep = 0;
3096 void *v;
3097
3098 v = state->neigh_sub_iter(state, n, &fakep);
3099 if (!v)
3100 goto next;
3101 }
3102 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3103 break;
3104 if (n->nud_state & ~NUD_NOARP)
3105 break;
3106 next:
3107 n = rcu_dereference_bh(n->next);
3108 }
3109
3110 if (n)
3111 break;
3112 }
3113 state->bucket = bucket;
3114
3115 return n;
3116 }
3117
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3118 static struct neighbour *neigh_get_next(struct seq_file *seq,
3119 struct neighbour *n,
3120 loff_t *pos)
3121 {
3122 struct neigh_seq_state *state = seq->private;
3123 struct net *net = seq_file_net(seq);
3124 struct neigh_hash_table *nht = state->nht;
3125
3126 if (state->neigh_sub_iter) {
3127 void *v = state->neigh_sub_iter(state, n, pos);
3128 if (v)
3129 return n;
3130 }
3131 n = rcu_dereference_bh(n->next);
3132
3133 while (1) {
3134 while (n) {
3135 if (!net_eq(dev_net(n->dev), net))
3136 goto next;
3137 if (state->neigh_sub_iter) {
3138 void *v = state->neigh_sub_iter(state, n, pos);
3139 if (v)
3140 return n;
3141 goto next;
3142 }
3143 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3144 break;
3145
3146 if (n->nud_state & ~NUD_NOARP)
3147 break;
3148 next:
3149 n = rcu_dereference_bh(n->next);
3150 }
3151
3152 if (n)
3153 break;
3154
3155 if (++state->bucket >= (1 << nht->hash_shift))
3156 break;
3157
3158 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3159 }
3160
3161 if (n && pos)
3162 --(*pos);
3163 return n;
3164 }
3165
neigh_get_idx(struct seq_file * seq,loff_t * pos)3166 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3167 {
3168 struct neighbour *n = neigh_get_first(seq);
3169
3170 if (n) {
3171 --(*pos);
3172 while (*pos) {
3173 n = neigh_get_next(seq, n, pos);
3174 if (!n)
3175 break;
3176 }
3177 }
3178 return *pos ? NULL : n;
3179 }
3180
pneigh_get_first(struct seq_file * seq)3181 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3182 {
3183 struct neigh_seq_state *state = seq->private;
3184 struct net *net = seq_file_net(seq);
3185 struct neigh_table *tbl = state->tbl;
3186 struct pneigh_entry *pn = NULL;
3187 int bucket = state->bucket;
3188
3189 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3190 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3191 pn = tbl->phash_buckets[bucket];
3192 while (pn && !net_eq(pneigh_net(pn), net))
3193 pn = pn->next;
3194 if (pn)
3195 break;
3196 }
3197 state->bucket = bucket;
3198
3199 return pn;
3200 }
3201
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3202 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3203 struct pneigh_entry *pn,
3204 loff_t *pos)
3205 {
3206 struct neigh_seq_state *state = seq->private;
3207 struct net *net = seq_file_net(seq);
3208 struct neigh_table *tbl = state->tbl;
3209
3210 do {
3211 pn = pn->next;
3212 } while (pn && !net_eq(pneigh_net(pn), net));
3213
3214 while (!pn) {
3215 if (++state->bucket > PNEIGH_HASHMASK)
3216 break;
3217 pn = tbl->phash_buckets[state->bucket];
3218 while (pn && !net_eq(pneigh_net(pn), net))
3219 pn = pn->next;
3220 if (pn)
3221 break;
3222 }
3223
3224 if (pn && pos)
3225 --(*pos);
3226
3227 return pn;
3228 }
3229
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3230 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3231 {
3232 struct pneigh_entry *pn = pneigh_get_first(seq);
3233
3234 if (pn) {
3235 --(*pos);
3236 while (*pos) {
3237 pn = pneigh_get_next(seq, pn, pos);
3238 if (!pn)
3239 break;
3240 }
3241 }
3242 return *pos ? NULL : pn;
3243 }
3244
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3245 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3246 {
3247 struct neigh_seq_state *state = seq->private;
3248 void *rc;
3249 loff_t idxpos = *pos;
3250
3251 rc = neigh_get_idx(seq, &idxpos);
3252 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3253 rc = pneigh_get_idx(seq, &idxpos);
3254
3255 return rc;
3256 }
3257
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3258 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3259 __acquires(tbl->lock)
3260 __acquires(rcu_bh)
3261 {
3262 struct neigh_seq_state *state = seq->private;
3263
3264 state->tbl = tbl;
3265 state->bucket = 0;
3266 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3267
3268 rcu_read_lock_bh();
3269 state->nht = rcu_dereference_bh(tbl->nht);
3270 read_lock(&tbl->lock);
3271
3272 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3273 }
3274 EXPORT_SYMBOL(neigh_seq_start);
3275
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3276 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3277 {
3278 struct neigh_seq_state *state;
3279 void *rc;
3280
3281 if (v == SEQ_START_TOKEN) {
3282 rc = neigh_get_first(seq);
3283 goto out;
3284 }
3285
3286 state = seq->private;
3287 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3288 rc = neigh_get_next(seq, v, NULL);
3289 if (rc)
3290 goto out;
3291 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3292 rc = pneigh_get_first(seq);
3293 } else {
3294 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3295 rc = pneigh_get_next(seq, v, NULL);
3296 }
3297 out:
3298 ++(*pos);
3299 return rc;
3300 }
3301 EXPORT_SYMBOL(neigh_seq_next);
3302
neigh_seq_stop(struct seq_file * seq,void * v)3303 void neigh_seq_stop(struct seq_file *seq, void *v)
3304 __releases(tbl->lock)
3305 __releases(rcu_bh)
3306 {
3307 struct neigh_seq_state *state = seq->private;
3308 struct neigh_table *tbl = state->tbl;
3309
3310 read_unlock(&tbl->lock);
3311 rcu_read_unlock_bh();
3312 }
3313 EXPORT_SYMBOL(neigh_seq_stop);
3314
3315 /* statistics via seq_file */
3316
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3317 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3318 {
3319 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3320 int cpu;
3321
3322 if (*pos == 0)
3323 return SEQ_START_TOKEN;
3324
3325 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3326 if (!cpu_possible(cpu))
3327 continue;
3328 *pos = cpu+1;
3329 return per_cpu_ptr(tbl->stats, cpu);
3330 }
3331 return NULL;
3332 }
3333
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3334 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3335 {
3336 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3337 int cpu;
3338
3339 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3340 if (!cpu_possible(cpu))
3341 continue;
3342 *pos = cpu+1;
3343 return per_cpu_ptr(tbl->stats, cpu);
3344 }
3345 (*pos)++;
3346 return NULL;
3347 }
3348
neigh_stat_seq_stop(struct seq_file * seq,void * v)3349 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3350 {
3351
3352 }
3353
neigh_stat_seq_show(struct seq_file * seq,void * v)3354 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3355 {
3356 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3357 struct neigh_statistics *st = v;
3358
3359 if (v == SEQ_START_TOKEN) {
3360 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3361 return 0;
3362 }
3363
3364 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3365 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3366 atomic_read(&tbl->entries),
3367
3368 st->allocs,
3369 st->destroys,
3370 st->hash_grows,
3371
3372 st->lookups,
3373 st->hits,
3374
3375 st->res_failed,
3376
3377 st->rcv_probes_mcast,
3378 st->rcv_probes_ucast,
3379
3380 st->periodic_gc_runs,
3381 st->forced_gc_runs,
3382 st->unres_discards,
3383 st->table_fulls
3384 );
3385
3386 return 0;
3387 }
3388
3389 static const struct seq_operations neigh_stat_seq_ops = {
3390 .start = neigh_stat_seq_start,
3391 .next = neigh_stat_seq_next,
3392 .stop = neigh_stat_seq_stop,
3393 .show = neigh_stat_seq_show,
3394 };
3395 #endif /* CONFIG_PROC_FS */
3396
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3397 static void __neigh_notify(struct neighbour *n, int type, int flags,
3398 u32 pid)
3399 {
3400 struct net *net = dev_net(n->dev);
3401 struct sk_buff *skb;
3402 int err = -ENOBUFS;
3403
3404 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3405 if (skb == NULL)
3406 goto errout;
3407
3408 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3409 if (err < 0) {
3410 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3411 WARN_ON(err == -EMSGSIZE);
3412 kfree_skb(skb);
3413 goto errout;
3414 }
3415 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3416 return;
3417 errout:
3418 if (err < 0)
3419 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3420 }
3421
neigh_app_ns(struct neighbour * n)3422 void neigh_app_ns(struct neighbour *n)
3423 {
3424 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3425 }
3426 EXPORT_SYMBOL(neigh_app_ns);
3427
3428 #ifdef CONFIG_SYSCTL
3429 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3430
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3431 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3432 void *buffer, size_t *lenp, loff_t *ppos)
3433 {
3434 int size, ret;
3435 struct ctl_table tmp = *ctl;
3436
3437 tmp.extra1 = SYSCTL_ZERO;
3438 tmp.extra2 = &unres_qlen_max;
3439 tmp.data = &size;
3440
3441 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3442 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3443
3444 if (write && !ret)
3445 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3446 return ret;
3447 }
3448
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3449 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3450 int family)
3451 {
3452 switch (family) {
3453 case AF_INET:
3454 return __in_dev_arp_parms_get_rcu(dev);
3455 case AF_INET6:
3456 return __in6_dev_nd_parms_get_rcu(dev);
3457 }
3458 return NULL;
3459 }
3460
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3461 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3462 int index)
3463 {
3464 struct net_device *dev;
3465 int family = neigh_parms_family(p);
3466
3467 rcu_read_lock();
3468 for_each_netdev_rcu(net, dev) {
3469 struct neigh_parms *dst_p =
3470 neigh_get_dev_parms_rcu(dev, family);
3471
3472 if (dst_p && !test_bit(index, dst_p->data_state))
3473 dst_p->data[index] = p->data[index];
3474 }
3475 rcu_read_unlock();
3476 }
3477
neigh_proc_update(struct ctl_table * ctl,int write)3478 static void neigh_proc_update(struct ctl_table *ctl, int write)
3479 {
3480 struct net_device *dev = ctl->extra1;
3481 struct neigh_parms *p = ctl->extra2;
3482 struct net *net = neigh_parms_net(p);
3483 int index = (int *) ctl->data - p->data;
3484
3485 if (!write)
3486 return;
3487
3488 set_bit(index, p->data_state);
3489 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3490 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3491 if (!dev) /* NULL dev means this is default value */
3492 neigh_copy_dflt_parms(net, p, index);
3493 }
3494
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3495 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3496 void *buffer, size_t *lenp,
3497 loff_t *ppos)
3498 {
3499 struct ctl_table tmp = *ctl;
3500 int ret;
3501
3502 tmp.extra1 = SYSCTL_ZERO;
3503 tmp.extra2 = SYSCTL_INT_MAX;
3504
3505 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3506 neigh_proc_update(ctl, write);
3507 return ret;
3508 }
3509
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3510 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3511 size_t *lenp, loff_t *ppos)
3512 {
3513 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3514
3515 neigh_proc_update(ctl, write);
3516 return ret;
3517 }
3518 EXPORT_SYMBOL(neigh_proc_dointvec);
3519
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3520 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3521 size_t *lenp, loff_t *ppos)
3522 {
3523 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3524
3525 neigh_proc_update(ctl, write);
3526 return ret;
3527 }
3528 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3529
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3530 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3531 void *buffer, size_t *lenp,
3532 loff_t *ppos)
3533 {
3534 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3535
3536 neigh_proc_update(ctl, write);
3537 return ret;
3538 }
3539
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3540 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3541 void *buffer, size_t *lenp, loff_t *ppos)
3542 {
3543 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3544
3545 neigh_proc_update(ctl, write);
3546 return ret;
3547 }
3548 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3549
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3550 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3551 void *buffer, size_t *lenp,
3552 loff_t *ppos)
3553 {
3554 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3555
3556 neigh_proc_update(ctl, write);
3557 return ret;
3558 }
3559
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3560 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3561 void *buffer, size_t *lenp,
3562 loff_t *ppos)
3563 {
3564 struct neigh_parms *p = ctl->extra2;
3565 int ret;
3566
3567 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3568 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3569 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3570 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3571 else
3572 ret = -1;
3573
3574 if (write && ret == 0) {
3575 /* update reachable_time as well, otherwise, the change will
3576 * only be effective after the next time neigh_periodic_work
3577 * decides to recompute it
3578 */
3579 p->reachable_time =
3580 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3581 }
3582 return ret;
3583 }
3584
3585 #define NEIGH_PARMS_DATA_OFFSET(index) \
3586 (&((struct neigh_parms *) 0)->data[index])
3587
3588 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3589 [NEIGH_VAR_ ## attr] = { \
3590 .procname = name, \
3591 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3592 .maxlen = sizeof(int), \
3593 .mode = mval, \
3594 .proc_handler = proc, \
3595 }
3596
3597 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3598 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3599
3600 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3601 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3602
3603 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3604 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3605
3606 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3607 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3608
3609 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3610 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3611
3612 static struct neigh_sysctl_table {
3613 struct ctl_table_header *sysctl_header;
3614 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3615 } neigh_sysctl_template __read_mostly = {
3616 .neigh_vars = {
3617 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3618 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3619 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3620 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3621 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3622 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3623 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3624 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3625 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3626 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3627 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3628 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3629 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3630 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3631 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3632 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3633 [NEIGH_VAR_GC_INTERVAL] = {
3634 .procname = "gc_interval",
3635 .maxlen = sizeof(int),
3636 .mode = 0644,
3637 .proc_handler = proc_dointvec_jiffies,
3638 },
3639 [NEIGH_VAR_GC_THRESH1] = {
3640 .procname = "gc_thresh1",
3641 .maxlen = sizeof(int),
3642 .mode = 0644,
3643 .extra1 = SYSCTL_ZERO,
3644 .extra2 = SYSCTL_INT_MAX,
3645 .proc_handler = proc_dointvec_minmax,
3646 },
3647 [NEIGH_VAR_GC_THRESH2] = {
3648 .procname = "gc_thresh2",
3649 .maxlen = sizeof(int),
3650 .mode = 0644,
3651 .extra1 = SYSCTL_ZERO,
3652 .extra2 = SYSCTL_INT_MAX,
3653 .proc_handler = proc_dointvec_minmax,
3654 },
3655 [NEIGH_VAR_GC_THRESH3] = {
3656 .procname = "gc_thresh3",
3657 .maxlen = sizeof(int),
3658 .mode = 0644,
3659 .extra1 = SYSCTL_ZERO,
3660 .extra2 = SYSCTL_INT_MAX,
3661 .proc_handler = proc_dointvec_minmax,
3662 },
3663 {},
3664 },
3665 };
3666
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3667 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3668 proc_handler *handler)
3669 {
3670 int i;
3671 struct neigh_sysctl_table *t;
3672 const char *dev_name_source;
3673 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3674 char *p_name;
3675
3676 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3677 if (!t)
3678 goto err;
3679
3680 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3681 t->neigh_vars[i].data += (long) p;
3682 t->neigh_vars[i].extra1 = dev;
3683 t->neigh_vars[i].extra2 = p;
3684 }
3685
3686 if (dev) {
3687 dev_name_source = dev->name;
3688 /* Terminate the table early */
3689 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3690 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3691 } else {
3692 struct neigh_table *tbl = p->tbl;
3693 dev_name_source = "default";
3694 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3695 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3696 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3697 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3698 }
3699
3700 if (handler) {
3701 /* RetransTime */
3702 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3703 /* ReachableTime */
3704 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3705 /* RetransTime (in milliseconds)*/
3706 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3707 /* ReachableTime (in milliseconds) */
3708 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3709 } else {
3710 /* Those handlers will update p->reachable_time after
3711 * base_reachable_time(_ms) is set to ensure the new timer starts being
3712 * applied after the next neighbour update instead of waiting for
3713 * neigh_periodic_work to update its value (can be multiple minutes)
3714 * So any handler that replaces them should do this as well
3715 */
3716 /* ReachableTime */
3717 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3718 neigh_proc_base_reachable_time;
3719 /* ReachableTime (in milliseconds) */
3720 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3721 neigh_proc_base_reachable_time;
3722 }
3723
3724 /* Don't export sysctls to unprivileged users */
3725 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3726 t->neigh_vars[0].procname = NULL;
3727
3728 switch (neigh_parms_family(p)) {
3729 case AF_INET:
3730 p_name = "ipv4";
3731 break;
3732 case AF_INET6:
3733 p_name = "ipv6";
3734 break;
3735 default:
3736 BUG();
3737 }
3738
3739 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3740 p_name, dev_name_source);
3741 t->sysctl_header =
3742 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3743 if (!t->sysctl_header)
3744 goto free;
3745
3746 p->sysctl_table = t;
3747 return 0;
3748
3749 free:
3750 kfree(t);
3751 err:
3752 return -ENOBUFS;
3753 }
3754 EXPORT_SYMBOL(neigh_sysctl_register);
3755
neigh_sysctl_unregister(struct neigh_parms * p)3756 void neigh_sysctl_unregister(struct neigh_parms *p)
3757 {
3758 if (p->sysctl_table) {
3759 struct neigh_sysctl_table *t = p->sysctl_table;
3760 p->sysctl_table = NULL;
3761 unregister_net_sysctl_table(t->sysctl_header);
3762 kfree(t);
3763 }
3764 }
3765 EXPORT_SYMBOL(neigh_sysctl_unregister);
3766
3767 #endif /* CONFIG_SYSCTL */
3768
neigh_init(void)3769 static int __init neigh_init(void)
3770 {
3771 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3772 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3773 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3774
3775 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3776 0);
3777 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3778
3779 return 0;
3780 }
3781
3782 subsys_initcall(neigh_init);
3783