1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define DEBUG
45 #define NEIGH_DEBUG 1
46 #define neigh_dbg(level, fmt, ...) \
47 do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50 } while (0)
51
52 #define PNEIGH_HASHMASK 0xF
53
54 static void neigh_timer_handler(struct timer_list *t);
55 static void __neigh_notify(struct neighbour *n, int type, int flags,
56 u32 pid);
57 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
58 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
59 struct net_device *dev);
60
61 #ifdef CONFIG_PROC_FS
62 static const struct seq_operations neigh_stat_seq_ops;
63 #endif
64
65 /*
66 Neighbour hash table buckets are protected with rwlock tbl->lock.
67
68 - All the scans/updates to hash buckets MUST be made under this lock.
69 - NOTHING clever should be made under this lock: no callbacks
70 to protocol backends, no attempts to send something to network.
71 It will result in deadlocks, if backend/driver wants to use neighbour
72 cache.
73 - If the entry requires some non-trivial actions, increase
74 its reference count and release table lock.
75
76 Neighbour entries are protected:
77 - with reference count.
78 - with rwlock neigh->lock
79
80 Reference count prevents destruction.
81
82 neigh->lock mainly serializes ll address data and its validity state.
83 However, the same lock is used to protect another entry fields:
84 - timer
85 - resolution queue
86
87 Again, nothing clever shall be made under neigh->lock,
88 the most complicated procedure, which we allow is dev->hard_header.
89 It is supposed, that dev->hard_header is simplistic and does
90 not make callbacks to neighbour tables.
91 */
92
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)93 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
94 {
95 kfree_skb(skb);
96 return -ENETDOWN;
97 }
98
neigh_cleanup_and_release(struct neighbour * neigh)99 static void neigh_cleanup_and_release(struct neighbour *neigh)
100 {
101 trace_neigh_cleanup_and_release(neigh, 0);
102 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
103 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
104 neigh_release(neigh);
105 }
106
107 /*
108 * It is random distribution in the interval (1/2)*base...(3/2)*base.
109 * It corresponds to default IPv6 settings and is not overridable,
110 * because it is really reasonable choice.
111 */
112
neigh_rand_reach_time(unsigned long base)113 unsigned long neigh_rand_reach_time(unsigned long base)
114 {
115 return base ? (prandom_u32() % base) + (base >> 1) : 0;
116 }
117 EXPORT_SYMBOL(neigh_rand_reach_time);
118
neigh_mark_dead(struct neighbour * n)119 static void neigh_mark_dead(struct neighbour *n)
120 {
121 n->dead = 1;
122 if (!list_empty(&n->gc_list)) {
123 list_del_init(&n->gc_list);
124 atomic_dec(&n->tbl->gc_entries);
125 }
126 }
127
neigh_update_gc_list(struct neighbour * n)128 static void neigh_update_gc_list(struct neighbour *n)
129 {
130 bool on_gc_list, exempt_from_gc;
131
132 write_lock_bh(&n->tbl->lock);
133 write_lock(&n->lock);
134
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153
154 out:
155 write_unlock(&n->lock);
156 write_unlock_bh(&n->tbl->lock);
157 }
158
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)159 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
160 int *notify)
161 {
162 bool rc = false;
163 u8 ndm_flags;
164
165 if (!(flags & NEIGH_UPDATE_F_ADMIN))
166 return rc;
167
168 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
169 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
170 if (ndm_flags & NTF_EXT_LEARNED)
171 neigh->flags |= NTF_EXT_LEARNED;
172 else
173 neigh->flags &= ~NTF_EXT_LEARNED;
174 rc = true;
175 *notify = 1;
176 }
177
178 return rc;
179 }
180
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)181 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
182 struct neigh_table *tbl)
183 {
184 bool retval = false;
185
186 write_lock(&n->lock);
187 if (refcount_read(&n->refcnt) == 1) {
188 struct neighbour *neigh;
189
190 neigh = rcu_dereference_protected(n->next,
191 lockdep_is_held(&tbl->lock));
192 rcu_assign_pointer(*np, neigh);
193 neigh_mark_dead(n);
194 retval = true;
195 }
196 write_unlock(&n->lock);
197 if (retval)
198 neigh_cleanup_and_release(n);
199 return retval;
200 }
201
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)202 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
203 {
204 struct neigh_hash_table *nht;
205 void *pkey = ndel->primary_key;
206 u32 hash_val;
207 struct neighbour *n;
208 struct neighbour __rcu **np;
209
210 nht = rcu_dereference_protected(tbl->nht,
211 lockdep_is_held(&tbl->lock));
212 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
213 hash_val = hash_val >> (32 - nht->hash_shift);
214
215 np = &nht->hash_buckets[hash_val];
216 while ((n = rcu_dereference_protected(*np,
217 lockdep_is_held(&tbl->lock)))) {
218 if (n == ndel)
219 return neigh_del(n, np, tbl);
220 np = &n->next;
221 }
222 return false;
223 }
224
neigh_forced_gc(struct neigh_table * tbl)225 static int neigh_forced_gc(struct neigh_table *tbl)
226 {
227 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
228 unsigned long tref = jiffies - 5 * HZ;
229 struct neighbour *n, *tmp;
230 int shrunk = 0;
231
232 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
233
234 write_lock_bh(&tbl->lock);
235
236 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
237 if (refcount_read(&n->refcnt) == 1) {
238 bool remove = false;
239
240 write_lock(&n->lock);
241 if ((n->nud_state == NUD_FAILED) ||
242 (n->nud_state == NUD_NOARP) ||
243 (tbl->is_multicast &&
244 tbl->is_multicast(n->primary_key)) ||
245 !time_in_range(n->updated, tref, jiffies))
246 remove = true;
247 write_unlock(&n->lock);
248
249 if (remove && neigh_remove_one(n, tbl))
250 shrunk++;
251 if (shrunk >= max_clean)
252 break;
253 }
254 }
255
256 tbl->last_flush = jiffies;
257
258 write_unlock_bh(&tbl->lock);
259
260 return shrunk;
261 }
262
neigh_add_timer(struct neighbour * n,unsigned long when)263 static void neigh_add_timer(struct neighbour *n, unsigned long when)
264 {
265 /* Use safe distance from the jiffies - LONG_MAX point while timer
266 * is running in DELAY/PROBE state but still show to user space
267 * large times in the past.
268 */
269 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
270
271 neigh_hold(n);
272 if (!time_in_range(n->confirmed, mint, jiffies))
273 n->confirmed = mint;
274 if (time_before(n->used, n->confirmed))
275 n->used = n->confirmed;
276 if (unlikely(mod_timer(&n->timer, when))) {
277 printk("NEIGH: BUG, double timer add, state is %x\n",
278 n->nud_state);
279 dump_stack();
280 }
281 }
282
neigh_del_timer(struct neighbour * n)283 static int neigh_del_timer(struct neighbour *n)
284 {
285 if ((n->nud_state & NUD_IN_TIMER) &&
286 del_timer(&n->timer)) {
287 neigh_release(n);
288 return 1;
289 }
290 return 0;
291 }
292
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)293 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
294 {
295 struct sk_buff_head tmp;
296 unsigned long flags;
297 struct sk_buff *skb;
298
299 skb_queue_head_init(&tmp);
300 spin_lock_irqsave(&list->lock, flags);
301 skb = skb_peek(list);
302 while (skb != NULL) {
303 struct sk_buff *skb_next = skb_peek_next(skb, list);
304 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
305 __skb_unlink(skb, list);
306 __skb_queue_tail(&tmp, skb);
307 }
308 skb = skb_next;
309 }
310 spin_unlock_irqrestore(&list->lock, flags);
311
312 while ((skb = __skb_dequeue(&tmp))) {
313 dev_put(skb->dev);
314 kfree_skb(skb);
315 }
316 }
317
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)318 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
319 bool skip_perm)
320 {
321 int i;
322 struct neigh_hash_table *nht;
323
324 nht = rcu_dereference_protected(tbl->nht,
325 lockdep_is_held(&tbl->lock));
326
327 for (i = 0; i < (1 << nht->hash_shift); i++) {
328 struct neighbour *n;
329 struct neighbour __rcu **np = &nht->hash_buckets[i];
330
331 while ((n = rcu_dereference_protected(*np,
332 lockdep_is_held(&tbl->lock))) != NULL) {
333 if (dev && n->dev != dev) {
334 np = &n->next;
335 continue;
336 }
337 if (skip_perm && n->nud_state & NUD_PERMANENT) {
338 np = &n->next;
339 continue;
340 }
341 rcu_assign_pointer(*np,
342 rcu_dereference_protected(n->next,
343 lockdep_is_held(&tbl->lock)));
344 write_lock(&n->lock);
345 neigh_del_timer(n);
346 neigh_mark_dead(n);
347 if (refcount_read(&n->refcnt) != 1) {
348 /* The most unpleasant situation.
349 We must destroy neighbour entry,
350 but someone still uses it.
351
352 The destroy will be delayed until
353 the last user releases us, but
354 we must kill timers etc. and move
355 it to safe state.
356 */
357 __skb_queue_purge(&n->arp_queue);
358 n->arp_queue_len_bytes = 0;
359 n->output = neigh_blackhole;
360 if (n->nud_state & NUD_VALID)
361 n->nud_state = NUD_NOARP;
362 else
363 n->nud_state = NUD_NONE;
364 neigh_dbg(2, "neigh %p is stray\n", n);
365 }
366 write_unlock(&n->lock);
367 neigh_cleanup_and_release(n);
368 }
369 }
370 }
371
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)372 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
373 {
374 write_lock_bh(&tbl->lock);
375 neigh_flush_dev(tbl, dev, false);
376 write_unlock_bh(&tbl->lock);
377 }
378 EXPORT_SYMBOL(neigh_changeaddr);
379
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)380 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
381 bool skip_perm)
382 {
383 write_lock_bh(&tbl->lock);
384 neigh_flush_dev(tbl, dev, skip_perm);
385 pneigh_ifdown_and_unlock(tbl, dev);
386 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
387 if (skb_queue_empty_lockless(&tbl->proxy_queue))
388 del_timer_sync(&tbl->proxy_timer);
389 return 0;
390 }
391
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)392 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
393 {
394 __neigh_ifdown(tbl, dev, true);
395 return 0;
396 }
397 EXPORT_SYMBOL(neigh_carrier_down);
398
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)399 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
400 {
401 __neigh_ifdown(tbl, dev, false);
402 return 0;
403 }
404 EXPORT_SYMBOL(neigh_ifdown);
405
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)406 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
407 struct net_device *dev,
408 u8 flags, bool exempt_from_gc)
409 {
410 struct neighbour *n = NULL;
411 unsigned long now = jiffies;
412 int entries;
413
414 if (exempt_from_gc)
415 goto do_alloc;
416
417 entries = atomic_inc_return(&tbl->gc_entries) - 1;
418 if (entries >= tbl->gc_thresh3 ||
419 (entries >= tbl->gc_thresh2 &&
420 time_after(now, tbl->last_flush + 5 * HZ))) {
421 if (!neigh_forced_gc(tbl) &&
422 entries >= tbl->gc_thresh3) {
423 net_info_ratelimited("%s: neighbor table overflow!\n",
424 tbl->id);
425 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
426 goto out_entries;
427 }
428 }
429
430 do_alloc:
431 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
432 if (!n)
433 goto out_entries;
434
435 __skb_queue_head_init(&n->arp_queue);
436 rwlock_init(&n->lock);
437 seqlock_init(&n->ha_lock);
438 n->updated = n->used = now;
439 n->nud_state = NUD_NONE;
440 n->output = neigh_blackhole;
441 n->flags = flags;
442 seqlock_init(&n->hh.hh_lock);
443 n->parms = neigh_parms_clone(&tbl->parms);
444 timer_setup(&n->timer, neigh_timer_handler, 0);
445
446 NEIGH_CACHE_STAT_INC(tbl, allocs);
447 n->tbl = tbl;
448 refcount_set(&n->refcnt, 1);
449 n->dead = 1;
450 INIT_LIST_HEAD(&n->gc_list);
451
452 atomic_inc(&tbl->entries);
453 out:
454 return n;
455
456 out_entries:
457 if (!exempt_from_gc)
458 atomic_dec(&tbl->gc_entries);
459 goto out;
460 }
461
neigh_get_hash_rnd(u32 * x)462 static void neigh_get_hash_rnd(u32 *x)
463 {
464 *x = get_random_u32() | 1;
465 }
466
neigh_hash_alloc(unsigned int shift)467 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
468 {
469 size_t size = (1 << shift) * sizeof(struct neighbour *);
470 struct neigh_hash_table *ret;
471 struct neighbour __rcu **buckets;
472 int i;
473
474 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
475 if (!ret)
476 return NULL;
477 if (size <= PAGE_SIZE) {
478 buckets = kzalloc(size, GFP_ATOMIC);
479 } else {
480 buckets = (struct neighbour __rcu **)
481 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
482 get_order(size));
483 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
484 }
485 if (!buckets) {
486 kfree(ret);
487 return NULL;
488 }
489 ret->hash_buckets = buckets;
490 ret->hash_shift = shift;
491 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
492 neigh_get_hash_rnd(&ret->hash_rnd[i]);
493 return ret;
494 }
495
neigh_hash_free_rcu(struct rcu_head * head)496 static void neigh_hash_free_rcu(struct rcu_head *head)
497 {
498 struct neigh_hash_table *nht = container_of(head,
499 struct neigh_hash_table,
500 rcu);
501 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
502 struct neighbour __rcu **buckets = nht->hash_buckets;
503
504 if (size <= PAGE_SIZE) {
505 kfree(buckets);
506 } else {
507 kmemleak_free(buckets);
508 free_pages((unsigned long)buckets, get_order(size));
509 }
510 kfree(nht);
511 }
512
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)513 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
514 unsigned long new_shift)
515 {
516 unsigned int i, hash;
517 struct neigh_hash_table *new_nht, *old_nht;
518
519 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
520
521 old_nht = rcu_dereference_protected(tbl->nht,
522 lockdep_is_held(&tbl->lock));
523 new_nht = neigh_hash_alloc(new_shift);
524 if (!new_nht)
525 return old_nht;
526
527 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
528 struct neighbour *n, *next;
529
530 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
531 lockdep_is_held(&tbl->lock));
532 n != NULL;
533 n = next) {
534 hash = tbl->hash(n->primary_key, n->dev,
535 new_nht->hash_rnd);
536
537 hash >>= (32 - new_nht->hash_shift);
538 next = rcu_dereference_protected(n->next,
539 lockdep_is_held(&tbl->lock));
540
541 rcu_assign_pointer(n->next,
542 rcu_dereference_protected(
543 new_nht->hash_buckets[hash],
544 lockdep_is_held(&tbl->lock)));
545 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
546 }
547 }
548
549 rcu_assign_pointer(tbl->nht, new_nht);
550 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
551 return new_nht;
552 }
553
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)554 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
555 struct net_device *dev)
556 {
557 struct neighbour *n;
558
559 NEIGH_CACHE_STAT_INC(tbl, lookups);
560
561 rcu_read_lock_bh();
562 n = __neigh_lookup_noref(tbl, pkey, dev);
563 if (n) {
564 if (!refcount_inc_not_zero(&n->refcnt))
565 n = NULL;
566 NEIGH_CACHE_STAT_INC(tbl, hits);
567 }
568
569 rcu_read_unlock_bh();
570 return n;
571 }
572 EXPORT_SYMBOL(neigh_lookup);
573
574 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)575 ___neigh_create(struct neigh_table *tbl, const void *pkey,
576 struct net_device *dev, u8 flags,
577 bool exempt_from_gc, bool want_ref)
578 {
579 u32 hash_val, key_len = tbl->key_len;
580 struct neighbour *n1, *rc, *n;
581 struct neigh_hash_table *nht;
582 int error;
583
584 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
585 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
586 if (!n) {
587 rc = ERR_PTR(-ENOBUFS);
588 goto out;
589 }
590
591 memcpy(n->primary_key, pkey, key_len);
592 n->dev = dev;
593 dev_hold(dev);
594
595 /* Protocol specific setup. */
596 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
597 rc = ERR_PTR(error);
598 goto out_neigh_release;
599 }
600
601 if (dev->netdev_ops->ndo_neigh_construct) {
602 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
603 if (error < 0) {
604 rc = ERR_PTR(error);
605 goto out_neigh_release;
606 }
607 }
608
609 /* Device specific setup. */
610 if (n->parms->neigh_setup &&
611 (error = n->parms->neigh_setup(n)) < 0) {
612 rc = ERR_PTR(error);
613 goto out_neigh_release;
614 }
615
616 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
617
618 write_lock_bh(&tbl->lock);
619 nht = rcu_dereference_protected(tbl->nht,
620 lockdep_is_held(&tbl->lock));
621
622 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
623 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
624
625 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
626
627 if (n->parms->dead) {
628 rc = ERR_PTR(-EINVAL);
629 goto out_tbl_unlock;
630 }
631
632 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
633 lockdep_is_held(&tbl->lock));
634 n1 != NULL;
635 n1 = rcu_dereference_protected(n1->next,
636 lockdep_is_held(&tbl->lock))) {
637 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
638 if (want_ref)
639 neigh_hold(n1);
640 rc = n1;
641 goto out_tbl_unlock;
642 }
643 }
644
645 n->dead = 0;
646 if (!exempt_from_gc)
647 list_add_tail(&n->gc_list, &n->tbl->gc_list);
648
649 if (want_ref)
650 neigh_hold(n);
651 rcu_assign_pointer(n->next,
652 rcu_dereference_protected(nht->hash_buckets[hash_val],
653 lockdep_is_held(&tbl->lock)));
654 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
655 write_unlock_bh(&tbl->lock);
656 neigh_dbg(2, "neigh %p is created\n", n);
657 rc = n;
658 out:
659 return rc;
660 out_tbl_unlock:
661 write_unlock_bh(&tbl->lock);
662 out_neigh_release:
663 if (!exempt_from_gc)
664 atomic_dec(&tbl->gc_entries);
665 neigh_release(n);
666 goto out;
667 }
668
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)669 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
670 struct net_device *dev, bool want_ref)
671 {
672 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
673 }
674 EXPORT_SYMBOL(__neigh_create);
675
pneigh_hash(const void * pkey,unsigned int key_len)676 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
677 {
678 u32 hash_val = *(u32 *)(pkey + key_len - 4);
679 hash_val ^= (hash_val >> 16);
680 hash_val ^= hash_val >> 8;
681 hash_val ^= hash_val >> 4;
682 hash_val &= PNEIGH_HASHMASK;
683 return hash_val;
684 }
685
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)686 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
687 struct net *net,
688 const void *pkey,
689 unsigned int key_len,
690 struct net_device *dev)
691 {
692 while (n) {
693 if (!memcmp(n->key, pkey, key_len) &&
694 net_eq(pneigh_net(n), net) &&
695 (n->dev == dev || !n->dev))
696 return n;
697 n = n->next;
698 }
699 return NULL;
700 }
701
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)702 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
703 struct net *net, const void *pkey, struct net_device *dev)
704 {
705 unsigned int key_len = tbl->key_len;
706 u32 hash_val = pneigh_hash(pkey, key_len);
707
708 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
709 net, pkey, key_len, dev);
710 }
711 EXPORT_SYMBOL_GPL(__pneigh_lookup);
712
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)713 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
714 struct net *net, const void *pkey,
715 struct net_device *dev, int creat)
716 {
717 struct pneigh_entry *n;
718 unsigned int key_len = tbl->key_len;
719 u32 hash_val = pneigh_hash(pkey, key_len);
720
721 read_lock_bh(&tbl->lock);
722 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
723 net, pkey, key_len, dev);
724 read_unlock_bh(&tbl->lock);
725
726 if (n || !creat)
727 goto out;
728
729 ASSERT_RTNL();
730
731 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
732 if (!n)
733 goto out;
734
735 write_pnet(&n->net, net);
736 memcpy(n->key, pkey, key_len);
737 n->dev = dev;
738 if (dev)
739 dev_hold(dev);
740
741 if (tbl->pconstructor && tbl->pconstructor(n)) {
742 if (dev)
743 dev_put(dev);
744 kfree(n);
745 n = NULL;
746 goto out;
747 }
748
749 write_lock_bh(&tbl->lock);
750 n->next = tbl->phash_buckets[hash_val];
751 tbl->phash_buckets[hash_val] = n;
752 write_unlock_bh(&tbl->lock);
753 out:
754 return n;
755 }
756 EXPORT_SYMBOL(pneigh_lookup);
757
758
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)759 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
760 struct net_device *dev)
761 {
762 struct pneigh_entry *n, **np;
763 unsigned int key_len = tbl->key_len;
764 u32 hash_val = pneigh_hash(pkey, key_len);
765
766 write_lock_bh(&tbl->lock);
767 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
768 np = &n->next) {
769 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
770 net_eq(pneigh_net(n), net)) {
771 *np = n->next;
772 write_unlock_bh(&tbl->lock);
773 if (tbl->pdestructor)
774 tbl->pdestructor(n);
775 if (n->dev)
776 dev_put(n->dev);
777 kfree(n);
778 return 0;
779 }
780 }
781 write_unlock_bh(&tbl->lock);
782 return -ENOENT;
783 }
784
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)785 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
786 struct net_device *dev)
787 {
788 struct pneigh_entry *n, **np, *freelist = NULL;
789 u32 h;
790
791 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
792 np = &tbl->phash_buckets[h];
793 while ((n = *np) != NULL) {
794 if (!dev || n->dev == dev) {
795 *np = n->next;
796 n->next = freelist;
797 freelist = n;
798 continue;
799 }
800 np = &n->next;
801 }
802 }
803 write_unlock_bh(&tbl->lock);
804 while ((n = freelist)) {
805 freelist = n->next;
806 n->next = NULL;
807 if (tbl->pdestructor)
808 tbl->pdestructor(n);
809 if (n->dev)
810 dev_put(n->dev);
811 kfree(n);
812 }
813 return -ENOENT;
814 }
815
816 static void neigh_parms_destroy(struct neigh_parms *parms);
817
neigh_parms_put(struct neigh_parms * parms)818 static inline void neigh_parms_put(struct neigh_parms *parms)
819 {
820 if (refcount_dec_and_test(&parms->refcnt))
821 neigh_parms_destroy(parms);
822 }
823
824 /*
825 * neighbour must already be out of the table;
826 *
827 */
neigh_destroy(struct neighbour * neigh)828 void neigh_destroy(struct neighbour *neigh)
829 {
830 struct net_device *dev = neigh->dev;
831
832 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
833
834 if (!neigh->dead) {
835 pr_warn("Destroying alive neighbour %p\n", neigh);
836 dump_stack();
837 return;
838 }
839
840 if (neigh_del_timer(neigh))
841 pr_warn("Impossible event\n");
842
843 write_lock_bh(&neigh->lock);
844 __skb_queue_purge(&neigh->arp_queue);
845 write_unlock_bh(&neigh->lock);
846 neigh->arp_queue_len_bytes = 0;
847
848 if (dev->netdev_ops->ndo_neigh_destroy)
849 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
850
851 dev_put(dev);
852 neigh_parms_put(neigh->parms);
853
854 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
855
856 atomic_dec(&neigh->tbl->entries);
857 kfree_rcu(neigh, rcu);
858 }
859 EXPORT_SYMBOL(neigh_destroy);
860
861 /* Neighbour state is suspicious;
862 disable fast path.
863
864 Called with write_locked neigh.
865 */
neigh_suspect(struct neighbour * neigh)866 static void neigh_suspect(struct neighbour *neigh)
867 {
868 neigh_dbg(2, "neigh %p is suspected\n", neigh);
869
870 neigh->output = neigh->ops->output;
871 }
872
873 /* Neighbour state is OK;
874 enable fast path.
875
876 Called with write_locked neigh.
877 */
neigh_connect(struct neighbour * neigh)878 static void neigh_connect(struct neighbour *neigh)
879 {
880 neigh_dbg(2, "neigh %p is connected\n", neigh);
881
882 neigh->output = neigh->ops->connected_output;
883 }
884
neigh_periodic_work(struct work_struct * work)885 static void neigh_periodic_work(struct work_struct *work)
886 {
887 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
888 struct neighbour *n;
889 struct neighbour __rcu **np;
890 unsigned int i;
891 struct neigh_hash_table *nht;
892
893 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
894
895 write_lock_bh(&tbl->lock);
896 nht = rcu_dereference_protected(tbl->nht,
897 lockdep_is_held(&tbl->lock));
898
899 /*
900 * periodically recompute ReachableTime from random function
901 */
902
903 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
904 struct neigh_parms *p;
905 tbl->last_rand = jiffies;
906 list_for_each_entry(p, &tbl->parms_list, list)
907 p->reachable_time =
908 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
909 }
910
911 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
912 goto out;
913
914 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
915 np = &nht->hash_buckets[i];
916
917 while ((n = rcu_dereference_protected(*np,
918 lockdep_is_held(&tbl->lock))) != NULL) {
919 unsigned int state;
920
921 write_lock(&n->lock);
922
923 state = n->nud_state;
924 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
925 (n->flags & NTF_EXT_LEARNED)) {
926 write_unlock(&n->lock);
927 goto next_elt;
928 }
929
930 if (time_before(n->used, n->confirmed) &&
931 time_is_before_eq_jiffies(n->confirmed))
932 n->used = n->confirmed;
933
934 if (refcount_read(&n->refcnt) == 1 &&
935 (state == NUD_FAILED ||
936 !time_in_range_open(jiffies, n->used,
937 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
938 rcu_assign_pointer(*np,
939 rcu_dereference_protected(n->next,
940 lockdep_is_held(&tbl->lock)));
941 neigh_mark_dead(n);
942 write_unlock(&n->lock);
943 neigh_cleanup_and_release(n);
944 continue;
945 }
946 write_unlock(&n->lock);
947
948 next_elt:
949 np = &n->next;
950 }
951 /*
952 * It's fine to release lock here, even if hash table
953 * grows while we are preempted.
954 */
955 write_unlock_bh(&tbl->lock);
956 cond_resched();
957 write_lock_bh(&tbl->lock);
958 nht = rcu_dereference_protected(tbl->nht,
959 lockdep_is_held(&tbl->lock));
960 }
961 out:
962 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
963 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
964 * BASE_REACHABLE_TIME.
965 */
966 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
967 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
968 write_unlock_bh(&tbl->lock);
969 }
970
neigh_max_probes(struct neighbour * n)971 static __inline__ int neigh_max_probes(struct neighbour *n)
972 {
973 struct neigh_parms *p = n->parms;
974 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
975 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
976 NEIGH_VAR(p, MCAST_PROBES));
977 }
978
neigh_invalidate(struct neighbour * neigh)979 static void neigh_invalidate(struct neighbour *neigh)
980 __releases(neigh->lock)
981 __acquires(neigh->lock)
982 {
983 struct sk_buff *skb;
984
985 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
986 neigh_dbg(2, "neigh %p is failed\n", neigh);
987 neigh->updated = jiffies;
988
989 /* It is very thin place. report_unreachable is very complicated
990 routine. Particularly, it can hit the same neighbour entry!
991
992 So that, we try to be accurate and avoid dead loop. --ANK
993 */
994 while (neigh->nud_state == NUD_FAILED &&
995 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
996 write_unlock(&neigh->lock);
997 neigh->ops->error_report(neigh, skb);
998 write_lock(&neigh->lock);
999 }
1000 __skb_queue_purge(&neigh->arp_queue);
1001 neigh->arp_queue_len_bytes = 0;
1002 }
1003
neigh_probe(struct neighbour * neigh)1004 static void neigh_probe(struct neighbour *neigh)
1005 __releases(neigh->lock)
1006 {
1007 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1008 /* keep skb alive even if arp_queue overflows */
1009 if (skb)
1010 skb = skb_clone(skb, GFP_ATOMIC);
1011 write_unlock(&neigh->lock);
1012 if (neigh->ops->solicit)
1013 neigh->ops->solicit(neigh, skb);
1014 atomic_inc(&neigh->probes);
1015 consume_skb(skb);
1016 }
1017
1018 /* Called when a timer expires for a neighbour entry. */
1019
neigh_timer_handler(struct timer_list * t)1020 static void neigh_timer_handler(struct timer_list *t)
1021 {
1022 unsigned long now, next;
1023 struct neighbour *neigh = from_timer(neigh, t, timer);
1024 unsigned int state;
1025 int notify = 0;
1026
1027 write_lock(&neigh->lock);
1028
1029 state = neigh->nud_state;
1030 now = jiffies;
1031 next = now + HZ;
1032
1033 if (!(state & NUD_IN_TIMER))
1034 goto out;
1035
1036 if (state & NUD_REACHABLE) {
1037 if (time_before_eq(now,
1038 neigh->confirmed + neigh->parms->reachable_time)) {
1039 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1040 next = neigh->confirmed + neigh->parms->reachable_time;
1041 } else if (time_before_eq(now,
1042 neigh->used +
1043 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1044 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1045 neigh->nud_state = NUD_DELAY;
1046 neigh->updated = jiffies;
1047 neigh_suspect(neigh);
1048 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1049 } else {
1050 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1051 neigh->nud_state = NUD_STALE;
1052 neigh->updated = jiffies;
1053 neigh_suspect(neigh);
1054 notify = 1;
1055 }
1056 } else if (state & NUD_DELAY) {
1057 if (time_before_eq(now,
1058 neigh->confirmed +
1059 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1060 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1061 neigh->nud_state = NUD_REACHABLE;
1062 neigh->updated = jiffies;
1063 neigh_connect(neigh);
1064 notify = 1;
1065 next = neigh->confirmed + neigh->parms->reachable_time;
1066 } else {
1067 neigh_dbg(2, "neigh %p is probed\n", neigh);
1068 neigh->nud_state = NUD_PROBE;
1069 neigh->updated = jiffies;
1070 atomic_set(&neigh->probes, 0);
1071 notify = 1;
1072 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1073 HZ/100);
1074 }
1075 } else {
1076 /* NUD_PROBE|NUD_INCOMPLETE */
1077 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1078 }
1079
1080 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1081 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1082 neigh->nud_state = NUD_FAILED;
1083 notify = 1;
1084 neigh_invalidate(neigh);
1085 goto out;
1086 }
1087
1088 if (neigh->nud_state & NUD_IN_TIMER) {
1089 if (time_before(next, jiffies + HZ/100))
1090 next = jiffies + HZ/100;
1091 if (!mod_timer(&neigh->timer, next))
1092 neigh_hold(neigh);
1093 }
1094 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1095 neigh_probe(neigh);
1096 } else {
1097 out:
1098 write_unlock(&neigh->lock);
1099 }
1100
1101 if (notify)
1102 neigh_update_notify(neigh, 0);
1103
1104 trace_neigh_timer_handler(neigh, 0);
1105
1106 neigh_release(neigh);
1107 }
1108
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1109 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1110 {
1111 int rc;
1112 bool immediate_probe = false;
1113
1114 write_lock_bh(&neigh->lock);
1115
1116 rc = 0;
1117 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1118 goto out_unlock_bh;
1119 if (neigh->dead)
1120 goto out_dead;
1121
1122 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1123 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1124 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1125 unsigned long next, now = jiffies;
1126
1127 atomic_set(&neigh->probes,
1128 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1129 neigh_del_timer(neigh);
1130 neigh->nud_state = NUD_INCOMPLETE;
1131 neigh->updated = now;
1132 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1133 HZ/100);
1134 neigh_add_timer(neigh, next);
1135 immediate_probe = true;
1136 } else {
1137 neigh->nud_state = NUD_FAILED;
1138 neigh->updated = jiffies;
1139 write_unlock_bh(&neigh->lock);
1140
1141 kfree_skb(skb);
1142 return 1;
1143 }
1144 } else if (neigh->nud_state & NUD_STALE) {
1145 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1146 neigh_del_timer(neigh);
1147 neigh->nud_state = NUD_DELAY;
1148 neigh->updated = jiffies;
1149 neigh_add_timer(neigh, jiffies +
1150 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1151 }
1152
1153 if (neigh->nud_state == NUD_INCOMPLETE) {
1154 if (skb) {
1155 while (neigh->arp_queue_len_bytes + skb->truesize >
1156 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1157 struct sk_buff *buff;
1158
1159 buff = __skb_dequeue(&neigh->arp_queue);
1160 if (!buff)
1161 break;
1162 neigh->arp_queue_len_bytes -= buff->truesize;
1163 kfree_skb(buff);
1164 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1165 }
1166 skb_dst_force(skb);
1167 __skb_queue_tail(&neigh->arp_queue, skb);
1168 neigh->arp_queue_len_bytes += skb->truesize;
1169 }
1170 rc = 1;
1171 }
1172 out_unlock_bh:
1173 if (immediate_probe)
1174 neigh_probe(neigh);
1175 else
1176 write_unlock(&neigh->lock);
1177 local_bh_enable();
1178 trace_neigh_event_send_done(neigh, rc);
1179 return rc;
1180
1181 out_dead:
1182 if (neigh->nud_state & NUD_STALE)
1183 goto out_unlock_bh;
1184 write_unlock_bh(&neigh->lock);
1185 kfree_skb(skb);
1186 trace_neigh_event_send_dead(neigh, 1);
1187 return 1;
1188 }
1189 EXPORT_SYMBOL(__neigh_event_send);
1190
neigh_update_hhs(struct neighbour * neigh)1191 static void neigh_update_hhs(struct neighbour *neigh)
1192 {
1193 struct hh_cache *hh;
1194 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1195 = NULL;
1196
1197 if (neigh->dev->header_ops)
1198 update = neigh->dev->header_ops->cache_update;
1199
1200 if (update) {
1201 hh = &neigh->hh;
1202 if (READ_ONCE(hh->hh_len)) {
1203 write_seqlock_bh(&hh->hh_lock);
1204 update(hh, neigh->dev, neigh->ha);
1205 write_sequnlock_bh(&hh->hh_lock);
1206 }
1207 }
1208 }
1209
1210
1211
1212 /* Generic update routine.
1213 -- lladdr is new lladdr or NULL, if it is not supplied.
1214 -- new is new state.
1215 -- flags
1216 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1217 if it is different.
1218 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1219 lladdr instead of overriding it
1220 if it is different.
1221 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1222 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1223 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1224 NTF_ROUTER flag.
1225 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1226 a router.
1227
1228 Caller MUST hold reference count on the entry.
1229 */
1230
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1231 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1232 u8 new, u32 flags, u32 nlmsg_pid,
1233 struct netlink_ext_ack *extack)
1234 {
1235 bool ext_learn_change = false;
1236 u8 old;
1237 int err;
1238 int notify = 0;
1239 struct net_device *dev;
1240 int update_isrouter = 0;
1241
1242 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1243
1244 write_lock_bh(&neigh->lock);
1245
1246 dev = neigh->dev;
1247 old = neigh->nud_state;
1248 err = -EPERM;
1249
1250 if (neigh->dead) {
1251 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1252 new = old;
1253 goto out;
1254 }
1255 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1256 (old & (NUD_NOARP | NUD_PERMANENT)))
1257 goto out;
1258
1259 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1260 if (flags & NEIGH_UPDATE_F_USE) {
1261 new = old & ~NUD_PERMANENT;
1262 neigh->nud_state = new;
1263 err = 0;
1264 goto out;
1265 }
1266
1267 if (!(new & NUD_VALID)) {
1268 neigh_del_timer(neigh);
1269 if (old & NUD_CONNECTED)
1270 neigh_suspect(neigh);
1271 neigh->nud_state = new;
1272 err = 0;
1273 notify = old & NUD_VALID;
1274 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1275 (new & NUD_FAILED)) {
1276 neigh_invalidate(neigh);
1277 notify = 1;
1278 }
1279 goto out;
1280 }
1281
1282 /* Compare new lladdr with cached one */
1283 if (!dev->addr_len) {
1284 /* First case: device needs no address. */
1285 lladdr = neigh->ha;
1286 } else if (lladdr) {
1287 /* The second case: if something is already cached
1288 and a new address is proposed:
1289 - compare new & old
1290 - if they are different, check override flag
1291 */
1292 if ((old & NUD_VALID) &&
1293 !memcmp(lladdr, neigh->ha, dev->addr_len))
1294 lladdr = neigh->ha;
1295 } else {
1296 /* No address is supplied; if we know something,
1297 use it, otherwise discard the request.
1298 */
1299 err = -EINVAL;
1300 if (!(old & NUD_VALID)) {
1301 NL_SET_ERR_MSG(extack, "No link layer address given");
1302 goto out;
1303 }
1304 lladdr = neigh->ha;
1305 }
1306
1307 /* Update confirmed timestamp for neighbour entry after we
1308 * received ARP packet even if it doesn't change IP to MAC binding.
1309 */
1310 if (new & NUD_CONNECTED)
1311 neigh->confirmed = jiffies;
1312
1313 /* If entry was valid and address is not changed,
1314 do not change entry state, if new one is STALE.
1315 */
1316 err = 0;
1317 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1318 if (old & NUD_VALID) {
1319 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1320 update_isrouter = 0;
1321 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1322 (old & NUD_CONNECTED)) {
1323 lladdr = neigh->ha;
1324 new = NUD_STALE;
1325 } else
1326 goto out;
1327 } else {
1328 if (lladdr == neigh->ha && new == NUD_STALE &&
1329 !(flags & NEIGH_UPDATE_F_ADMIN))
1330 new = old;
1331 }
1332 }
1333
1334 /* Update timestamp only once we know we will make a change to the
1335 * neighbour entry. Otherwise we risk to move the locktime window with
1336 * noop updates and ignore relevant ARP updates.
1337 */
1338 if (new != old || lladdr != neigh->ha)
1339 neigh->updated = jiffies;
1340
1341 if (new != old) {
1342 neigh_del_timer(neigh);
1343 if (new & NUD_PROBE)
1344 atomic_set(&neigh->probes, 0);
1345 if (new & NUD_IN_TIMER)
1346 neigh_add_timer(neigh, (jiffies +
1347 ((new & NUD_REACHABLE) ?
1348 neigh->parms->reachable_time :
1349 0)));
1350 neigh->nud_state = new;
1351 notify = 1;
1352 }
1353
1354 if (lladdr != neigh->ha) {
1355 write_seqlock(&neigh->ha_lock);
1356 memcpy(&neigh->ha, lladdr, dev->addr_len);
1357 write_sequnlock(&neigh->ha_lock);
1358 neigh_update_hhs(neigh);
1359 if (!(new & NUD_CONNECTED))
1360 neigh->confirmed = jiffies -
1361 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1362 notify = 1;
1363 }
1364 if (new == old)
1365 goto out;
1366 if (new & NUD_CONNECTED)
1367 neigh_connect(neigh);
1368 else
1369 neigh_suspect(neigh);
1370 if (!(old & NUD_VALID)) {
1371 struct sk_buff *skb;
1372
1373 /* Again: avoid dead loop if something went wrong */
1374
1375 while (neigh->nud_state & NUD_VALID &&
1376 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1377 struct dst_entry *dst = skb_dst(skb);
1378 struct neighbour *n2, *n1 = neigh;
1379 write_unlock_bh(&neigh->lock);
1380
1381 rcu_read_lock();
1382
1383 /* Why not just use 'neigh' as-is? The problem is that
1384 * things such as shaper, eql, and sch_teql can end up
1385 * using alternative, different, neigh objects to output
1386 * the packet in the output path. So what we need to do
1387 * here is re-lookup the top-level neigh in the path so
1388 * we can reinject the packet there.
1389 */
1390 n2 = NULL;
1391 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1392 n2 = dst_neigh_lookup_skb(dst, skb);
1393 if (n2)
1394 n1 = n2;
1395 }
1396 n1->output(n1, skb);
1397 if (n2)
1398 neigh_release(n2);
1399 rcu_read_unlock();
1400
1401 write_lock_bh(&neigh->lock);
1402 }
1403 __skb_queue_purge(&neigh->arp_queue);
1404 neigh->arp_queue_len_bytes = 0;
1405 }
1406 out:
1407 if (update_isrouter)
1408 neigh_update_is_router(neigh, flags, ¬ify);
1409 write_unlock_bh(&neigh->lock);
1410
1411 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1412 neigh_update_gc_list(neigh);
1413
1414 if (notify)
1415 neigh_update_notify(neigh, nlmsg_pid);
1416
1417 trace_neigh_update_done(neigh, err);
1418
1419 return err;
1420 }
1421
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1422 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1423 u32 flags, u32 nlmsg_pid)
1424 {
1425 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1426 }
1427 EXPORT_SYMBOL(neigh_update);
1428
1429 /* Update the neigh to listen temporarily for probe responses, even if it is
1430 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1431 */
__neigh_set_probe_once(struct neighbour * neigh)1432 void __neigh_set_probe_once(struct neighbour *neigh)
1433 {
1434 if (neigh->dead)
1435 return;
1436 neigh->updated = jiffies;
1437 if (!(neigh->nud_state & NUD_FAILED))
1438 return;
1439 neigh->nud_state = NUD_INCOMPLETE;
1440 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1441 neigh_add_timer(neigh,
1442 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1443 HZ/100));
1444 }
1445 EXPORT_SYMBOL(__neigh_set_probe_once);
1446
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1447 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1448 u8 *lladdr, void *saddr,
1449 struct net_device *dev)
1450 {
1451 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1452 lladdr || !dev->addr_len);
1453 if (neigh)
1454 neigh_update(neigh, lladdr, NUD_STALE,
1455 NEIGH_UPDATE_F_OVERRIDE, 0);
1456 return neigh;
1457 }
1458 EXPORT_SYMBOL(neigh_event_ns);
1459
1460 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1461 static void neigh_hh_init(struct neighbour *n)
1462 {
1463 struct net_device *dev = n->dev;
1464 __be16 prot = n->tbl->protocol;
1465 struct hh_cache *hh = &n->hh;
1466
1467 write_lock_bh(&n->lock);
1468
1469 /* Only one thread can come in here and initialize the
1470 * hh_cache entry.
1471 */
1472 if (!hh->hh_len)
1473 dev->header_ops->cache(n, hh, prot);
1474
1475 write_unlock_bh(&n->lock);
1476 }
1477
1478 /* Slow and careful. */
1479
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1480 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1481 {
1482 int rc = 0;
1483
1484 if (!neigh_event_send(neigh, skb)) {
1485 int err;
1486 struct net_device *dev = neigh->dev;
1487 unsigned int seq;
1488
1489 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1490 neigh_hh_init(neigh);
1491
1492 do {
1493 __skb_pull(skb, skb_network_offset(skb));
1494 seq = read_seqbegin(&neigh->ha_lock);
1495 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1496 neigh->ha, NULL, skb->len);
1497 } while (read_seqretry(&neigh->ha_lock, seq));
1498
1499 if (err >= 0)
1500 rc = dev_queue_xmit(skb);
1501 else
1502 goto out_kfree_skb;
1503 }
1504 out:
1505 return rc;
1506 out_kfree_skb:
1507 rc = -EINVAL;
1508 kfree_skb(skb);
1509 goto out;
1510 }
1511 EXPORT_SYMBOL(neigh_resolve_output);
1512
1513 /* As fast as possible without hh cache */
1514
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1515 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1516 {
1517 struct net_device *dev = neigh->dev;
1518 unsigned int seq;
1519 int err;
1520
1521 do {
1522 __skb_pull(skb, skb_network_offset(skb));
1523 seq = read_seqbegin(&neigh->ha_lock);
1524 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1525 neigh->ha, NULL, skb->len);
1526 } while (read_seqretry(&neigh->ha_lock, seq));
1527
1528 if (err >= 0)
1529 err = dev_queue_xmit(skb);
1530 else {
1531 err = -EINVAL;
1532 kfree_skb(skb);
1533 }
1534 return err;
1535 }
1536 EXPORT_SYMBOL(neigh_connected_output);
1537
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1538 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1539 {
1540 return dev_queue_xmit(skb);
1541 }
1542 EXPORT_SYMBOL(neigh_direct_output);
1543
neigh_proxy_process(struct timer_list * t)1544 static void neigh_proxy_process(struct timer_list *t)
1545 {
1546 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1547 long sched_next = 0;
1548 unsigned long now = jiffies;
1549 struct sk_buff *skb, *n;
1550
1551 spin_lock(&tbl->proxy_queue.lock);
1552
1553 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1554 long tdif = NEIGH_CB(skb)->sched_next - now;
1555
1556 if (tdif <= 0) {
1557 struct net_device *dev = skb->dev;
1558
1559 __skb_unlink(skb, &tbl->proxy_queue);
1560 if (tbl->proxy_redo && netif_running(dev)) {
1561 rcu_read_lock();
1562 tbl->proxy_redo(skb);
1563 rcu_read_unlock();
1564 } else {
1565 kfree_skb(skb);
1566 }
1567
1568 dev_put(dev);
1569 } else if (!sched_next || tdif < sched_next)
1570 sched_next = tdif;
1571 }
1572 del_timer(&tbl->proxy_timer);
1573 if (sched_next)
1574 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1575 spin_unlock(&tbl->proxy_queue.lock);
1576 }
1577
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1578 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1579 struct sk_buff *skb)
1580 {
1581 unsigned long now = jiffies;
1582
1583 unsigned long sched_next = now + (prandom_u32() %
1584 NEIGH_VAR(p, PROXY_DELAY));
1585
1586 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1587 kfree_skb(skb);
1588 return;
1589 }
1590
1591 NEIGH_CB(skb)->sched_next = sched_next;
1592 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1593
1594 spin_lock(&tbl->proxy_queue.lock);
1595 if (del_timer(&tbl->proxy_timer)) {
1596 if (time_before(tbl->proxy_timer.expires, sched_next))
1597 sched_next = tbl->proxy_timer.expires;
1598 }
1599 skb_dst_drop(skb);
1600 dev_hold(skb->dev);
1601 __skb_queue_tail(&tbl->proxy_queue, skb);
1602 mod_timer(&tbl->proxy_timer, sched_next);
1603 spin_unlock(&tbl->proxy_queue.lock);
1604 }
1605 EXPORT_SYMBOL(pneigh_enqueue);
1606
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1607 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1608 struct net *net, int ifindex)
1609 {
1610 struct neigh_parms *p;
1611
1612 list_for_each_entry(p, &tbl->parms_list, list) {
1613 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1614 (!p->dev && !ifindex && net_eq(net, &init_net)))
1615 return p;
1616 }
1617
1618 return NULL;
1619 }
1620
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1621 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1622 struct neigh_table *tbl)
1623 {
1624 struct neigh_parms *p;
1625 struct net *net = dev_net(dev);
1626 const struct net_device_ops *ops = dev->netdev_ops;
1627
1628 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1629 if (p) {
1630 p->tbl = tbl;
1631 refcount_set(&p->refcnt, 1);
1632 p->reachable_time =
1633 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1634 dev_hold(dev);
1635 p->dev = dev;
1636 write_pnet(&p->net, net);
1637 p->sysctl_table = NULL;
1638
1639 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1640 dev_put(dev);
1641 kfree(p);
1642 return NULL;
1643 }
1644
1645 write_lock_bh(&tbl->lock);
1646 list_add(&p->list, &tbl->parms.list);
1647 write_unlock_bh(&tbl->lock);
1648
1649 neigh_parms_data_state_cleanall(p);
1650 }
1651 return p;
1652 }
1653 EXPORT_SYMBOL(neigh_parms_alloc);
1654
neigh_rcu_free_parms(struct rcu_head * head)1655 static void neigh_rcu_free_parms(struct rcu_head *head)
1656 {
1657 struct neigh_parms *parms =
1658 container_of(head, struct neigh_parms, rcu_head);
1659
1660 neigh_parms_put(parms);
1661 }
1662
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1663 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1664 {
1665 if (!parms || parms == &tbl->parms)
1666 return;
1667 write_lock_bh(&tbl->lock);
1668 list_del(&parms->list);
1669 parms->dead = 1;
1670 write_unlock_bh(&tbl->lock);
1671 if (parms->dev)
1672 dev_put(parms->dev);
1673 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1674 }
1675 EXPORT_SYMBOL(neigh_parms_release);
1676
neigh_parms_destroy(struct neigh_parms * parms)1677 static void neigh_parms_destroy(struct neigh_parms *parms)
1678 {
1679 kfree(parms);
1680 }
1681
1682 static struct lock_class_key neigh_table_proxy_queue_class;
1683
1684 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1685
neigh_table_init(int index,struct neigh_table * tbl)1686 void neigh_table_init(int index, struct neigh_table *tbl)
1687 {
1688 unsigned long now = jiffies;
1689 unsigned long phsize;
1690
1691 INIT_LIST_HEAD(&tbl->parms_list);
1692 INIT_LIST_HEAD(&tbl->gc_list);
1693 list_add(&tbl->parms.list, &tbl->parms_list);
1694 write_pnet(&tbl->parms.net, &init_net);
1695 refcount_set(&tbl->parms.refcnt, 1);
1696 tbl->parms.reachable_time =
1697 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1698
1699 tbl->stats = alloc_percpu(struct neigh_statistics);
1700 if (!tbl->stats)
1701 panic("cannot create neighbour cache statistics");
1702
1703 #ifdef CONFIG_PROC_FS
1704 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1705 &neigh_stat_seq_ops, tbl))
1706 panic("cannot create neighbour proc dir entry");
1707 #endif
1708
1709 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1710
1711 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1712 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1713
1714 if (!tbl->nht || !tbl->phash_buckets)
1715 panic("cannot allocate neighbour cache hashes");
1716
1717 if (!tbl->entry_size)
1718 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1719 tbl->key_len, NEIGH_PRIV_ALIGN);
1720 else
1721 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1722
1723 rwlock_init(&tbl->lock);
1724 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1725 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1726 tbl->parms.reachable_time);
1727 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1728 skb_queue_head_init_class(&tbl->proxy_queue,
1729 &neigh_table_proxy_queue_class);
1730
1731 tbl->last_flush = now;
1732 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1733
1734 neigh_tables[index] = tbl;
1735 }
1736 EXPORT_SYMBOL(neigh_table_init);
1737
neigh_table_clear(int index,struct neigh_table * tbl)1738 int neigh_table_clear(int index, struct neigh_table *tbl)
1739 {
1740 neigh_tables[index] = NULL;
1741 /* It is not clean... Fix it to unload IPv6 module safely */
1742 cancel_delayed_work_sync(&tbl->gc_work);
1743 del_timer_sync(&tbl->proxy_timer);
1744 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1745 neigh_ifdown(tbl, NULL);
1746 if (atomic_read(&tbl->entries))
1747 pr_crit("neighbour leakage\n");
1748
1749 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1750 neigh_hash_free_rcu);
1751 tbl->nht = NULL;
1752
1753 kfree(tbl->phash_buckets);
1754 tbl->phash_buckets = NULL;
1755
1756 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1757
1758 free_percpu(tbl->stats);
1759 tbl->stats = NULL;
1760
1761 return 0;
1762 }
1763 EXPORT_SYMBOL(neigh_table_clear);
1764
neigh_find_table(int family)1765 static struct neigh_table *neigh_find_table(int family)
1766 {
1767 struct neigh_table *tbl = NULL;
1768
1769 switch (family) {
1770 case AF_INET:
1771 tbl = neigh_tables[NEIGH_ARP_TABLE];
1772 break;
1773 case AF_INET6:
1774 tbl = neigh_tables[NEIGH_ND_TABLE];
1775 break;
1776 #ifdef CONFIG_NEWIP
1777 case AF_NINET: /* NIP */
1778 tbl = neigh_tables[NEIGH_NND_TABLE];
1779 break;
1780 #endif
1781 }
1782
1783 return tbl;
1784 }
1785
1786 const struct nla_policy nda_policy[NDA_MAX+1] = {
1787 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1788 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1789 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1790 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1791 [NDA_PROBES] = { .type = NLA_U32 },
1792 [NDA_VLAN] = { .type = NLA_U16 },
1793 [NDA_PORT] = { .type = NLA_U16 },
1794 [NDA_VNI] = { .type = NLA_U32 },
1795 [NDA_IFINDEX] = { .type = NLA_U32 },
1796 [NDA_MASTER] = { .type = NLA_U32 },
1797 [NDA_PROTOCOL] = { .type = NLA_U8 },
1798 [NDA_NH_ID] = { .type = NLA_U32 },
1799 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1800 };
1801
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1802 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1803 struct netlink_ext_ack *extack)
1804 {
1805 struct net *net = sock_net(skb->sk);
1806 struct ndmsg *ndm;
1807 struct nlattr *dst_attr;
1808 struct neigh_table *tbl;
1809 struct neighbour *neigh;
1810 struct net_device *dev = NULL;
1811 int err = -EINVAL;
1812
1813 ASSERT_RTNL();
1814 if (nlmsg_len(nlh) < sizeof(*ndm))
1815 goto out;
1816
1817 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1818 if (!dst_attr) {
1819 NL_SET_ERR_MSG(extack, "Network address not specified");
1820 goto out;
1821 }
1822
1823 ndm = nlmsg_data(nlh);
1824 if (ndm->ndm_ifindex) {
1825 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1826 if (dev == NULL) {
1827 err = -ENODEV;
1828 goto out;
1829 }
1830 }
1831
1832 tbl = neigh_find_table(ndm->ndm_family);
1833 if (tbl == NULL)
1834 return -EAFNOSUPPORT;
1835
1836 if (nla_len(dst_attr) < (int)tbl->key_len) {
1837 NL_SET_ERR_MSG(extack, "Invalid network address");
1838 goto out;
1839 }
1840
1841 if (ndm->ndm_flags & NTF_PROXY) {
1842 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1843 goto out;
1844 }
1845
1846 if (dev == NULL)
1847 goto out;
1848
1849 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1850 if (neigh == NULL) {
1851 err = -ENOENT;
1852 goto out;
1853 }
1854
1855 err = __neigh_update(neigh, NULL, NUD_FAILED,
1856 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1857 NETLINK_CB(skb).portid, extack);
1858 write_lock_bh(&tbl->lock);
1859 neigh_release(neigh);
1860 neigh_remove_one(neigh, tbl);
1861 write_unlock_bh(&tbl->lock);
1862
1863 out:
1864 return err;
1865 }
1866
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1867 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1868 struct netlink_ext_ack *extack)
1869 {
1870 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1871 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1872 struct net *net = sock_net(skb->sk);
1873 struct ndmsg *ndm;
1874 struct nlattr *tb[NDA_MAX+1];
1875 struct neigh_table *tbl;
1876 struct net_device *dev = NULL;
1877 struct neighbour *neigh;
1878 void *dst, *lladdr;
1879 u8 protocol = 0;
1880 int err;
1881
1882 ASSERT_RTNL();
1883 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1884 nda_policy, extack);
1885 if (err < 0)
1886 goto out;
1887
1888 err = -EINVAL;
1889 if (!tb[NDA_DST]) {
1890 NL_SET_ERR_MSG(extack, "Network address not specified");
1891 goto out;
1892 }
1893
1894 ndm = nlmsg_data(nlh);
1895 if (ndm->ndm_ifindex) {
1896 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1897 if (dev == NULL) {
1898 err = -ENODEV;
1899 goto out;
1900 }
1901
1902 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1903 NL_SET_ERR_MSG(extack, "Invalid link address");
1904 goto out;
1905 }
1906 }
1907
1908 tbl = neigh_find_table(ndm->ndm_family);
1909 if (tbl == NULL)
1910 return -EAFNOSUPPORT;
1911
1912 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1913 NL_SET_ERR_MSG(extack, "Invalid network address");
1914 goto out;
1915 }
1916
1917 dst = nla_data(tb[NDA_DST]);
1918 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1919
1920 if (tb[NDA_PROTOCOL])
1921 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1922
1923 if (ndm->ndm_flags & NTF_PROXY) {
1924 struct pneigh_entry *pn;
1925
1926 err = -ENOBUFS;
1927 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1928 if (pn) {
1929 pn->flags = ndm->ndm_flags;
1930 if (protocol)
1931 pn->protocol = protocol;
1932 err = 0;
1933 }
1934 goto out;
1935 }
1936
1937 if (!dev) {
1938 NL_SET_ERR_MSG(extack, "Device not specified");
1939 goto out;
1940 }
1941
1942 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1943 err = -EINVAL;
1944 goto out;
1945 }
1946
1947 neigh = neigh_lookup(tbl, dst, dev);
1948 if (neigh == NULL) {
1949 bool exempt_from_gc;
1950
1951 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1952 err = -ENOENT;
1953 goto out;
1954 }
1955
1956 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1957 ndm->ndm_flags & NTF_EXT_LEARNED;
1958 neigh = ___neigh_create(tbl, dst, dev,
1959 ndm->ndm_flags & NTF_EXT_LEARNED,
1960 exempt_from_gc, true);
1961 if (IS_ERR(neigh)) {
1962 err = PTR_ERR(neigh);
1963 goto out;
1964 }
1965 } else {
1966 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1967 err = -EEXIST;
1968 neigh_release(neigh);
1969 goto out;
1970 }
1971
1972 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1973 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1974 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1975 }
1976
1977 if (protocol)
1978 neigh->protocol = protocol;
1979 if (ndm->ndm_flags & NTF_EXT_LEARNED)
1980 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
1981 if (ndm->ndm_flags & NTF_ROUTER)
1982 flags |= NEIGH_UPDATE_F_ISROUTER;
1983 if (ndm->ndm_flags & NTF_USE)
1984 flags |= NEIGH_UPDATE_F_USE;
1985
1986 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
1987 NETLINK_CB(skb).portid, extack);
1988 if (!err && ndm->ndm_flags & NTF_USE) {
1989 neigh_event_send(neigh, NULL);
1990 err = 0;
1991 }
1992 neigh_release(neigh);
1993 out:
1994 return err;
1995 }
1996
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)1997 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1998 {
1999 struct nlattr *nest;
2000
2001 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2002 if (nest == NULL)
2003 return -ENOBUFS;
2004
2005 if ((parms->dev &&
2006 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2007 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2008 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2009 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2010 /* approximative value for deprecated QUEUE_LEN (in packets) */
2011 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2012 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2013 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2014 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2015 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2016 NEIGH_VAR(parms, UCAST_PROBES)) ||
2017 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2018 NEIGH_VAR(parms, MCAST_PROBES)) ||
2019 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2020 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2021 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2022 NDTPA_PAD) ||
2023 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2024 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2025 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2026 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2027 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2028 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2029 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2030 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2031 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2032 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2033 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2034 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2035 nla_put_msecs(skb, NDTPA_LOCKTIME,
2036 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2037 goto nla_put_failure;
2038 return nla_nest_end(skb, nest);
2039
2040 nla_put_failure:
2041 nla_nest_cancel(skb, nest);
2042 return -EMSGSIZE;
2043 }
2044
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2045 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2046 u32 pid, u32 seq, int type, int flags)
2047 {
2048 struct nlmsghdr *nlh;
2049 struct ndtmsg *ndtmsg;
2050
2051 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2052 if (nlh == NULL)
2053 return -EMSGSIZE;
2054
2055 ndtmsg = nlmsg_data(nlh);
2056
2057 read_lock_bh(&tbl->lock);
2058 ndtmsg->ndtm_family = tbl->family;
2059 ndtmsg->ndtm_pad1 = 0;
2060 ndtmsg->ndtm_pad2 = 0;
2061
2062 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2063 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2064 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2065 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2066 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2067 goto nla_put_failure;
2068 {
2069 unsigned long now = jiffies;
2070 long flush_delta = now - tbl->last_flush;
2071 long rand_delta = now - tbl->last_rand;
2072 struct neigh_hash_table *nht;
2073 struct ndt_config ndc = {
2074 .ndtc_key_len = tbl->key_len,
2075 .ndtc_entry_size = tbl->entry_size,
2076 .ndtc_entries = atomic_read(&tbl->entries),
2077 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2078 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2079 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2080 };
2081
2082 rcu_read_lock_bh();
2083 nht = rcu_dereference_bh(tbl->nht);
2084 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2085 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2086 rcu_read_unlock_bh();
2087
2088 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2089 goto nla_put_failure;
2090 }
2091
2092 {
2093 int cpu;
2094 struct ndt_stats ndst;
2095
2096 memset(&ndst, 0, sizeof(ndst));
2097
2098 for_each_possible_cpu(cpu) {
2099 struct neigh_statistics *st;
2100
2101 st = per_cpu_ptr(tbl->stats, cpu);
2102 ndst.ndts_allocs += st->allocs;
2103 ndst.ndts_destroys += st->destroys;
2104 ndst.ndts_hash_grows += st->hash_grows;
2105 ndst.ndts_res_failed += st->res_failed;
2106 ndst.ndts_lookups += st->lookups;
2107 ndst.ndts_hits += st->hits;
2108 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2109 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2110 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2111 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2112 ndst.ndts_table_fulls += st->table_fulls;
2113 }
2114
2115 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2116 NDTA_PAD))
2117 goto nla_put_failure;
2118 }
2119
2120 BUG_ON(tbl->parms.dev);
2121 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2122 goto nla_put_failure;
2123
2124 read_unlock_bh(&tbl->lock);
2125 nlmsg_end(skb, nlh);
2126 return 0;
2127
2128 nla_put_failure:
2129 read_unlock_bh(&tbl->lock);
2130 nlmsg_cancel(skb, nlh);
2131 return -EMSGSIZE;
2132 }
2133
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2134 static int neightbl_fill_param_info(struct sk_buff *skb,
2135 struct neigh_table *tbl,
2136 struct neigh_parms *parms,
2137 u32 pid, u32 seq, int type,
2138 unsigned int flags)
2139 {
2140 struct ndtmsg *ndtmsg;
2141 struct nlmsghdr *nlh;
2142
2143 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2144 if (nlh == NULL)
2145 return -EMSGSIZE;
2146
2147 ndtmsg = nlmsg_data(nlh);
2148
2149 read_lock_bh(&tbl->lock);
2150 ndtmsg->ndtm_family = tbl->family;
2151 ndtmsg->ndtm_pad1 = 0;
2152 ndtmsg->ndtm_pad2 = 0;
2153
2154 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2155 neightbl_fill_parms(skb, parms) < 0)
2156 goto errout;
2157
2158 read_unlock_bh(&tbl->lock);
2159 nlmsg_end(skb, nlh);
2160 return 0;
2161 errout:
2162 read_unlock_bh(&tbl->lock);
2163 nlmsg_cancel(skb, nlh);
2164 return -EMSGSIZE;
2165 }
2166
2167 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2168 [NDTA_NAME] = { .type = NLA_STRING },
2169 [NDTA_THRESH1] = { .type = NLA_U32 },
2170 [NDTA_THRESH2] = { .type = NLA_U32 },
2171 [NDTA_THRESH3] = { .type = NLA_U32 },
2172 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2173 [NDTA_PARMS] = { .type = NLA_NESTED },
2174 };
2175
2176 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2177 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2178 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2179 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2180 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2181 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2182 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2183 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2184 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2185 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2186 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2187 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2188 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2189 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2190 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2191 };
2192
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2193 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2194 struct netlink_ext_ack *extack)
2195 {
2196 struct net *net = sock_net(skb->sk);
2197 struct neigh_table *tbl;
2198 struct ndtmsg *ndtmsg;
2199 struct nlattr *tb[NDTA_MAX+1];
2200 bool found = false;
2201 int err, tidx;
2202
2203 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2204 nl_neightbl_policy, extack);
2205 if (err < 0)
2206 goto errout;
2207
2208 if (tb[NDTA_NAME] == NULL) {
2209 err = -EINVAL;
2210 goto errout;
2211 }
2212
2213 ndtmsg = nlmsg_data(nlh);
2214
2215 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2216 tbl = neigh_tables[tidx];
2217 if (!tbl)
2218 continue;
2219 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2220 continue;
2221 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2222 found = true;
2223 break;
2224 }
2225 }
2226
2227 if (!found)
2228 return -ENOENT;
2229
2230 /*
2231 * We acquire tbl->lock to be nice to the periodic timers and
2232 * make sure they always see a consistent set of values.
2233 */
2234 write_lock_bh(&tbl->lock);
2235
2236 if (tb[NDTA_PARMS]) {
2237 struct nlattr *tbp[NDTPA_MAX+1];
2238 struct neigh_parms *p;
2239 int i, ifindex = 0;
2240
2241 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2242 tb[NDTA_PARMS],
2243 nl_ntbl_parm_policy, extack);
2244 if (err < 0)
2245 goto errout_tbl_lock;
2246
2247 if (tbp[NDTPA_IFINDEX])
2248 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2249
2250 p = lookup_neigh_parms(tbl, net, ifindex);
2251 if (p == NULL) {
2252 err = -ENOENT;
2253 goto errout_tbl_lock;
2254 }
2255
2256 for (i = 1; i <= NDTPA_MAX; i++) {
2257 if (tbp[i] == NULL)
2258 continue;
2259
2260 switch (i) {
2261 case NDTPA_QUEUE_LEN:
2262 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2263 nla_get_u32(tbp[i]) *
2264 SKB_TRUESIZE(ETH_FRAME_LEN));
2265 break;
2266 case NDTPA_QUEUE_LENBYTES:
2267 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2268 nla_get_u32(tbp[i]));
2269 break;
2270 case NDTPA_PROXY_QLEN:
2271 NEIGH_VAR_SET(p, PROXY_QLEN,
2272 nla_get_u32(tbp[i]));
2273 break;
2274 case NDTPA_APP_PROBES:
2275 NEIGH_VAR_SET(p, APP_PROBES,
2276 nla_get_u32(tbp[i]));
2277 break;
2278 case NDTPA_UCAST_PROBES:
2279 NEIGH_VAR_SET(p, UCAST_PROBES,
2280 nla_get_u32(tbp[i]));
2281 break;
2282 case NDTPA_MCAST_PROBES:
2283 NEIGH_VAR_SET(p, MCAST_PROBES,
2284 nla_get_u32(tbp[i]));
2285 break;
2286 case NDTPA_MCAST_REPROBES:
2287 NEIGH_VAR_SET(p, MCAST_REPROBES,
2288 nla_get_u32(tbp[i]));
2289 break;
2290 case NDTPA_BASE_REACHABLE_TIME:
2291 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2292 nla_get_msecs(tbp[i]));
2293 /* update reachable_time as well, otherwise, the change will
2294 * only be effective after the next time neigh_periodic_work
2295 * decides to recompute it (can be multiple minutes)
2296 */
2297 p->reachable_time =
2298 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2299 break;
2300 case NDTPA_GC_STALETIME:
2301 NEIGH_VAR_SET(p, GC_STALETIME,
2302 nla_get_msecs(tbp[i]));
2303 break;
2304 case NDTPA_DELAY_PROBE_TIME:
2305 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2306 nla_get_msecs(tbp[i]));
2307 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2308 break;
2309 case NDTPA_RETRANS_TIME:
2310 NEIGH_VAR_SET(p, RETRANS_TIME,
2311 nla_get_msecs(tbp[i]));
2312 break;
2313 case NDTPA_ANYCAST_DELAY:
2314 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2315 nla_get_msecs(tbp[i]));
2316 break;
2317 case NDTPA_PROXY_DELAY:
2318 NEIGH_VAR_SET(p, PROXY_DELAY,
2319 nla_get_msecs(tbp[i]));
2320 break;
2321 case NDTPA_LOCKTIME:
2322 NEIGH_VAR_SET(p, LOCKTIME,
2323 nla_get_msecs(tbp[i]));
2324 break;
2325 }
2326 }
2327 }
2328
2329 err = -ENOENT;
2330 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2331 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2332 !net_eq(net, &init_net))
2333 goto errout_tbl_lock;
2334
2335 if (tb[NDTA_THRESH1])
2336 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2337
2338 if (tb[NDTA_THRESH2])
2339 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2340
2341 if (tb[NDTA_THRESH3])
2342 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2343
2344 if (tb[NDTA_GC_INTERVAL])
2345 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2346
2347 err = 0;
2348
2349 errout_tbl_lock:
2350 write_unlock_bh(&tbl->lock);
2351 errout:
2352 return err;
2353 }
2354
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2355 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2356 struct netlink_ext_ack *extack)
2357 {
2358 struct ndtmsg *ndtm;
2359
2360 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2361 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2362 return -EINVAL;
2363 }
2364
2365 ndtm = nlmsg_data(nlh);
2366 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2367 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2368 return -EINVAL;
2369 }
2370
2371 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2372 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2373 return -EINVAL;
2374 }
2375
2376 return 0;
2377 }
2378
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2379 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2380 {
2381 const struct nlmsghdr *nlh = cb->nlh;
2382 struct net *net = sock_net(skb->sk);
2383 int family, tidx, nidx = 0;
2384 int tbl_skip = cb->args[0];
2385 int neigh_skip = cb->args[1];
2386 struct neigh_table *tbl;
2387
2388 if (cb->strict_check) {
2389 int err = neightbl_valid_dump_info(nlh, cb->extack);
2390
2391 if (err < 0)
2392 return err;
2393 }
2394
2395 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2396
2397 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2398 struct neigh_parms *p;
2399
2400 tbl = neigh_tables[tidx];
2401 if (!tbl)
2402 continue;
2403
2404 if (tidx < tbl_skip || (family && tbl->family != family))
2405 continue;
2406
2407 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2408 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2409 NLM_F_MULTI) < 0)
2410 break;
2411
2412 nidx = 0;
2413 p = list_next_entry(&tbl->parms, list);
2414 list_for_each_entry_from(p, &tbl->parms_list, list) {
2415 if (!net_eq(neigh_parms_net(p), net))
2416 continue;
2417
2418 if (nidx < neigh_skip)
2419 goto next;
2420
2421 if (neightbl_fill_param_info(skb, tbl, p,
2422 NETLINK_CB(cb->skb).portid,
2423 nlh->nlmsg_seq,
2424 RTM_NEWNEIGHTBL,
2425 NLM_F_MULTI) < 0)
2426 goto out;
2427 next:
2428 nidx++;
2429 }
2430
2431 neigh_skip = 0;
2432 }
2433 out:
2434 cb->args[0] = tidx;
2435 cb->args[1] = nidx;
2436
2437 return skb->len;
2438 }
2439
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2440 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2441 u32 pid, u32 seq, int type, unsigned int flags)
2442 {
2443 unsigned long now = jiffies;
2444 struct nda_cacheinfo ci;
2445 struct nlmsghdr *nlh;
2446 struct ndmsg *ndm;
2447
2448 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2449 if (nlh == NULL)
2450 return -EMSGSIZE;
2451
2452 ndm = nlmsg_data(nlh);
2453 ndm->ndm_family = neigh->ops->family;
2454 ndm->ndm_pad1 = 0;
2455 ndm->ndm_pad2 = 0;
2456 ndm->ndm_flags = neigh->flags;
2457 ndm->ndm_type = neigh->type;
2458 ndm->ndm_ifindex = neigh->dev->ifindex;
2459
2460 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2461 goto nla_put_failure;
2462
2463 read_lock_bh(&neigh->lock);
2464 ndm->ndm_state = neigh->nud_state;
2465 if (neigh->nud_state & NUD_VALID) {
2466 char haddr[MAX_ADDR_LEN];
2467
2468 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2469 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2470 read_unlock_bh(&neigh->lock);
2471 goto nla_put_failure;
2472 }
2473 }
2474
2475 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2476 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2477 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2478 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2479 read_unlock_bh(&neigh->lock);
2480
2481 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2482 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2483 goto nla_put_failure;
2484
2485 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2486 goto nla_put_failure;
2487
2488 nlmsg_end(skb, nlh);
2489 return 0;
2490
2491 nla_put_failure:
2492 nlmsg_cancel(skb, nlh);
2493 return -EMSGSIZE;
2494 }
2495
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2496 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2497 u32 pid, u32 seq, int type, unsigned int flags,
2498 struct neigh_table *tbl)
2499 {
2500 struct nlmsghdr *nlh;
2501 struct ndmsg *ndm;
2502
2503 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2504 if (nlh == NULL)
2505 return -EMSGSIZE;
2506
2507 ndm = nlmsg_data(nlh);
2508 ndm->ndm_family = tbl->family;
2509 ndm->ndm_pad1 = 0;
2510 ndm->ndm_pad2 = 0;
2511 ndm->ndm_flags = pn->flags | NTF_PROXY;
2512 ndm->ndm_type = RTN_UNICAST;
2513 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2514 ndm->ndm_state = NUD_NONE;
2515
2516 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2517 goto nla_put_failure;
2518
2519 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2520 goto nla_put_failure;
2521
2522 nlmsg_end(skb, nlh);
2523 return 0;
2524
2525 nla_put_failure:
2526 nlmsg_cancel(skb, nlh);
2527 return -EMSGSIZE;
2528 }
2529
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2530 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2531 {
2532 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2533 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2534 }
2535
neigh_master_filtered(struct net_device * dev,int master_idx)2536 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2537 {
2538 struct net_device *master;
2539
2540 if (!master_idx)
2541 return false;
2542
2543 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2544 if (!master || master->ifindex != master_idx)
2545 return true;
2546
2547 return false;
2548 }
2549
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2550 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2551 {
2552 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2553 return true;
2554
2555 return false;
2556 }
2557
2558 struct neigh_dump_filter {
2559 int master_idx;
2560 int dev_idx;
2561 };
2562
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2563 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2564 struct netlink_callback *cb,
2565 struct neigh_dump_filter *filter)
2566 {
2567 struct net *net = sock_net(skb->sk);
2568 struct neighbour *n;
2569 int rc, h, s_h = cb->args[1];
2570 int idx, s_idx = idx = cb->args[2];
2571 struct neigh_hash_table *nht;
2572 unsigned int flags = NLM_F_MULTI;
2573
2574 if (filter->dev_idx || filter->master_idx)
2575 flags |= NLM_F_DUMP_FILTERED;
2576
2577 rcu_read_lock_bh();
2578 nht = rcu_dereference_bh(tbl->nht);
2579
2580 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2581 if (h > s_h)
2582 s_idx = 0;
2583 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2584 n != NULL;
2585 n = rcu_dereference_bh(n->next)) {
2586 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2587 goto next;
2588 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2589 neigh_master_filtered(n->dev, filter->master_idx))
2590 goto next;
2591 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2592 cb->nlh->nlmsg_seq,
2593 RTM_NEWNEIGH,
2594 flags) < 0) {
2595 rc = -1;
2596 goto out;
2597 }
2598 next:
2599 idx++;
2600 }
2601 }
2602 rc = skb->len;
2603 out:
2604 rcu_read_unlock_bh();
2605 cb->args[1] = h;
2606 cb->args[2] = idx;
2607 return rc;
2608 }
2609
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2610 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2611 struct netlink_callback *cb,
2612 struct neigh_dump_filter *filter)
2613 {
2614 struct pneigh_entry *n;
2615 struct net *net = sock_net(skb->sk);
2616 int rc, h, s_h = cb->args[3];
2617 int idx, s_idx = idx = cb->args[4];
2618 unsigned int flags = NLM_F_MULTI;
2619
2620 if (filter->dev_idx || filter->master_idx)
2621 flags |= NLM_F_DUMP_FILTERED;
2622
2623 read_lock_bh(&tbl->lock);
2624
2625 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2626 if (h > s_h)
2627 s_idx = 0;
2628 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2629 if (idx < s_idx || pneigh_net(n) != net)
2630 goto next;
2631 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2632 neigh_master_filtered(n->dev, filter->master_idx))
2633 goto next;
2634 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2635 cb->nlh->nlmsg_seq,
2636 RTM_NEWNEIGH, flags, tbl) < 0) {
2637 read_unlock_bh(&tbl->lock);
2638 rc = -1;
2639 goto out;
2640 }
2641 next:
2642 idx++;
2643 }
2644 }
2645
2646 read_unlock_bh(&tbl->lock);
2647 rc = skb->len;
2648 out:
2649 cb->args[3] = h;
2650 cb->args[4] = idx;
2651 return rc;
2652
2653 }
2654
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2655 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2656 bool strict_check,
2657 struct neigh_dump_filter *filter,
2658 struct netlink_ext_ack *extack)
2659 {
2660 struct nlattr *tb[NDA_MAX + 1];
2661 int err, i;
2662
2663 if (strict_check) {
2664 struct ndmsg *ndm;
2665
2666 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2667 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2668 return -EINVAL;
2669 }
2670
2671 ndm = nlmsg_data(nlh);
2672 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2673 ndm->ndm_state || ndm->ndm_type) {
2674 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2675 return -EINVAL;
2676 }
2677
2678 if (ndm->ndm_flags & ~NTF_PROXY) {
2679 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2680 return -EINVAL;
2681 }
2682
2683 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2684 tb, NDA_MAX, nda_policy,
2685 extack);
2686 } else {
2687 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2688 NDA_MAX, nda_policy, extack);
2689 }
2690 if (err < 0)
2691 return err;
2692
2693 for (i = 0; i <= NDA_MAX; ++i) {
2694 if (!tb[i])
2695 continue;
2696
2697 /* all new attributes should require strict_check */
2698 switch (i) {
2699 case NDA_IFINDEX:
2700 filter->dev_idx = nla_get_u32(tb[i]);
2701 break;
2702 case NDA_MASTER:
2703 filter->master_idx = nla_get_u32(tb[i]);
2704 break;
2705 default:
2706 if (strict_check) {
2707 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2708 return -EINVAL;
2709 }
2710 }
2711 }
2712
2713 return 0;
2714 }
2715
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2716 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2717 {
2718 const struct nlmsghdr *nlh = cb->nlh;
2719 struct neigh_dump_filter filter = {};
2720 struct neigh_table *tbl;
2721 int t, family, s_t;
2722 int proxy = 0;
2723 int err;
2724
2725 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2726
2727 /* check for full ndmsg structure presence, family member is
2728 * the same for both structures
2729 */
2730 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2731 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2732 proxy = 1;
2733
2734 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2735 if (err < 0 && cb->strict_check)
2736 return err;
2737
2738 s_t = cb->args[0];
2739
2740 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2741 tbl = neigh_tables[t];
2742
2743 if (!tbl)
2744 continue;
2745 if (t < s_t || (family && tbl->family != family))
2746 continue;
2747 if (t > s_t)
2748 memset(&cb->args[1], 0, sizeof(cb->args) -
2749 sizeof(cb->args[0]));
2750 if (proxy)
2751 err = pneigh_dump_table(tbl, skb, cb, &filter);
2752 else
2753 err = neigh_dump_table(tbl, skb, cb, &filter);
2754 if (err < 0)
2755 break;
2756 }
2757
2758 cb->args[0] = t;
2759 return skb->len;
2760 }
2761
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2762 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2763 struct neigh_table **tbl,
2764 void **dst, int *dev_idx, u8 *ndm_flags,
2765 struct netlink_ext_ack *extack)
2766 {
2767 struct nlattr *tb[NDA_MAX + 1];
2768 struct ndmsg *ndm;
2769 int err, i;
2770
2771 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2772 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2773 return -EINVAL;
2774 }
2775
2776 ndm = nlmsg_data(nlh);
2777 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2778 ndm->ndm_type) {
2779 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2780 return -EINVAL;
2781 }
2782
2783 if (ndm->ndm_flags & ~NTF_PROXY) {
2784 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2785 return -EINVAL;
2786 }
2787
2788 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2789 NDA_MAX, nda_policy, extack);
2790 if (err < 0)
2791 return err;
2792
2793 *ndm_flags = ndm->ndm_flags;
2794 *dev_idx = ndm->ndm_ifindex;
2795 *tbl = neigh_find_table(ndm->ndm_family);
2796 if (*tbl == NULL) {
2797 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2798 return -EAFNOSUPPORT;
2799 }
2800
2801 for (i = 0; i <= NDA_MAX; ++i) {
2802 if (!tb[i])
2803 continue;
2804
2805 switch (i) {
2806 case NDA_DST:
2807 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2808 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2809 return -EINVAL;
2810 }
2811 *dst = nla_data(tb[i]);
2812 break;
2813 default:
2814 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2815 return -EINVAL;
2816 }
2817 }
2818
2819 return 0;
2820 }
2821
neigh_nlmsg_size(void)2822 static inline size_t neigh_nlmsg_size(void)
2823 {
2824 return NLMSG_ALIGN(sizeof(struct ndmsg))
2825 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2826 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2827 + nla_total_size(sizeof(struct nda_cacheinfo))
2828 + nla_total_size(4) /* NDA_PROBES */
2829 + nla_total_size(1); /* NDA_PROTOCOL */
2830 }
2831
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2832 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2833 u32 pid, u32 seq)
2834 {
2835 struct sk_buff *skb;
2836 int err = 0;
2837
2838 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2839 if (!skb)
2840 return -ENOBUFS;
2841
2842 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2843 if (err) {
2844 kfree_skb(skb);
2845 goto errout;
2846 }
2847
2848 err = rtnl_unicast(skb, net, pid);
2849 errout:
2850 return err;
2851 }
2852
pneigh_nlmsg_size(void)2853 static inline size_t pneigh_nlmsg_size(void)
2854 {
2855 return NLMSG_ALIGN(sizeof(struct ndmsg))
2856 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2857 + nla_total_size(1); /* NDA_PROTOCOL */
2858 }
2859
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2860 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2861 u32 pid, u32 seq, struct neigh_table *tbl)
2862 {
2863 struct sk_buff *skb;
2864 int err = 0;
2865
2866 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2867 if (!skb)
2868 return -ENOBUFS;
2869
2870 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2871 if (err) {
2872 kfree_skb(skb);
2873 goto errout;
2874 }
2875
2876 err = rtnl_unicast(skb, net, pid);
2877 errout:
2878 return err;
2879 }
2880
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2881 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2882 struct netlink_ext_ack *extack)
2883 {
2884 struct net *net = sock_net(in_skb->sk);
2885 struct net_device *dev = NULL;
2886 struct neigh_table *tbl = NULL;
2887 struct neighbour *neigh;
2888 void *dst = NULL;
2889 u8 ndm_flags = 0;
2890 int dev_idx = 0;
2891 int err;
2892
2893 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2894 extack);
2895 if (err < 0)
2896 return err;
2897
2898 if (dev_idx) {
2899 dev = __dev_get_by_index(net, dev_idx);
2900 if (!dev) {
2901 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2902 return -ENODEV;
2903 }
2904 }
2905
2906 if (!dst) {
2907 NL_SET_ERR_MSG(extack, "Network address not specified");
2908 return -EINVAL;
2909 }
2910
2911 if (ndm_flags & NTF_PROXY) {
2912 struct pneigh_entry *pn;
2913
2914 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2915 if (!pn) {
2916 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2917 return -ENOENT;
2918 }
2919 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2920 nlh->nlmsg_seq, tbl);
2921 }
2922
2923 if (!dev) {
2924 NL_SET_ERR_MSG(extack, "No device specified");
2925 return -EINVAL;
2926 }
2927
2928 neigh = neigh_lookup(tbl, dst, dev);
2929 if (!neigh) {
2930 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2931 return -ENOENT;
2932 }
2933
2934 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2935 nlh->nlmsg_seq);
2936
2937 neigh_release(neigh);
2938
2939 return err;
2940 }
2941
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2942 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2943 {
2944 int chain;
2945 struct neigh_hash_table *nht;
2946
2947 rcu_read_lock_bh();
2948 nht = rcu_dereference_bh(tbl->nht);
2949
2950 read_lock(&tbl->lock); /* avoid resizes */
2951 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2952 struct neighbour *n;
2953
2954 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2955 n != NULL;
2956 n = rcu_dereference_bh(n->next))
2957 cb(n, cookie);
2958 }
2959 read_unlock(&tbl->lock);
2960 rcu_read_unlock_bh();
2961 }
2962 EXPORT_SYMBOL(neigh_for_each);
2963
2964 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2965 void __neigh_for_each_release(struct neigh_table *tbl,
2966 int (*cb)(struct neighbour *))
2967 {
2968 int chain;
2969 struct neigh_hash_table *nht;
2970
2971 nht = rcu_dereference_protected(tbl->nht,
2972 lockdep_is_held(&tbl->lock));
2973 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2974 struct neighbour *n;
2975 struct neighbour __rcu **np;
2976
2977 np = &nht->hash_buckets[chain];
2978 while ((n = rcu_dereference_protected(*np,
2979 lockdep_is_held(&tbl->lock))) != NULL) {
2980 int release;
2981
2982 write_lock(&n->lock);
2983 release = cb(n);
2984 if (release) {
2985 rcu_assign_pointer(*np,
2986 rcu_dereference_protected(n->next,
2987 lockdep_is_held(&tbl->lock)));
2988 neigh_mark_dead(n);
2989 } else
2990 np = &n->next;
2991 write_unlock(&n->lock);
2992 if (release)
2993 neigh_cleanup_and_release(n);
2994 }
2995 }
2996 }
2997 EXPORT_SYMBOL(__neigh_for_each_release);
2998
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)2999 int neigh_xmit(int index, struct net_device *dev,
3000 const void *addr, struct sk_buff *skb)
3001 {
3002 int err = -EAFNOSUPPORT;
3003 if (likely(index < NEIGH_NR_TABLES)) {
3004 struct neigh_table *tbl;
3005 struct neighbour *neigh;
3006
3007 tbl = neigh_tables[index];
3008 if (!tbl)
3009 goto out;
3010 rcu_read_lock_bh();
3011 if (index == NEIGH_ARP_TABLE) {
3012 u32 key = *((u32 *)addr);
3013
3014 neigh = __ipv4_neigh_lookup_noref(dev, key);
3015 } else {
3016 neigh = __neigh_lookup_noref(tbl, addr, dev);
3017 }
3018 if (!neigh)
3019 neigh = __neigh_create(tbl, addr, dev, false);
3020 err = PTR_ERR(neigh);
3021 if (IS_ERR(neigh)) {
3022 rcu_read_unlock_bh();
3023 goto out_kfree_skb;
3024 }
3025 err = neigh->output(neigh, skb);
3026 rcu_read_unlock_bh();
3027 }
3028 else if (index == NEIGH_LINK_TABLE) {
3029 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3030 addr, NULL, skb->len);
3031 if (err < 0)
3032 goto out_kfree_skb;
3033 err = dev_queue_xmit(skb);
3034 }
3035 out:
3036 return err;
3037 out_kfree_skb:
3038 kfree_skb(skb);
3039 goto out;
3040 }
3041 EXPORT_SYMBOL(neigh_xmit);
3042
3043 #ifdef CONFIG_PROC_FS
3044
neigh_get_first(struct seq_file * seq)3045 static struct neighbour *neigh_get_first(struct seq_file *seq)
3046 {
3047 struct neigh_seq_state *state = seq->private;
3048 struct net *net = seq_file_net(seq);
3049 struct neigh_hash_table *nht = state->nht;
3050 struct neighbour *n = NULL;
3051 int bucket;
3052
3053 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3054 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3055 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3056
3057 while (n) {
3058 if (!net_eq(dev_net(n->dev), net))
3059 goto next;
3060 if (state->neigh_sub_iter) {
3061 loff_t fakep = 0;
3062 void *v;
3063
3064 v = state->neigh_sub_iter(state, n, &fakep);
3065 if (!v)
3066 goto next;
3067 }
3068 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3069 break;
3070 if (n->nud_state & ~NUD_NOARP)
3071 break;
3072 next:
3073 n = rcu_dereference_bh(n->next);
3074 }
3075
3076 if (n)
3077 break;
3078 }
3079 state->bucket = bucket;
3080
3081 return n;
3082 }
3083
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3084 static struct neighbour *neigh_get_next(struct seq_file *seq,
3085 struct neighbour *n,
3086 loff_t *pos)
3087 {
3088 struct neigh_seq_state *state = seq->private;
3089 struct net *net = seq_file_net(seq);
3090 struct neigh_hash_table *nht = state->nht;
3091
3092 if (state->neigh_sub_iter) {
3093 void *v = state->neigh_sub_iter(state, n, pos);
3094 if (v)
3095 return n;
3096 }
3097 n = rcu_dereference_bh(n->next);
3098
3099 while (1) {
3100 while (n) {
3101 if (!net_eq(dev_net(n->dev), net))
3102 goto next;
3103 if (state->neigh_sub_iter) {
3104 void *v = state->neigh_sub_iter(state, n, pos);
3105 if (v)
3106 return n;
3107 goto next;
3108 }
3109 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3110 break;
3111
3112 if (n->nud_state & ~NUD_NOARP)
3113 break;
3114 next:
3115 n = rcu_dereference_bh(n->next);
3116 }
3117
3118 if (n)
3119 break;
3120
3121 if (++state->bucket >= (1 << nht->hash_shift))
3122 break;
3123
3124 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3125 }
3126
3127 if (n && pos)
3128 --(*pos);
3129 return n;
3130 }
3131
neigh_get_idx(struct seq_file * seq,loff_t * pos)3132 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3133 {
3134 struct neighbour *n = neigh_get_first(seq);
3135
3136 if (n) {
3137 --(*pos);
3138 while (*pos) {
3139 n = neigh_get_next(seq, n, pos);
3140 if (!n)
3141 break;
3142 }
3143 }
3144 return *pos ? NULL : n;
3145 }
3146
pneigh_get_first(struct seq_file * seq)3147 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3148 {
3149 struct neigh_seq_state *state = seq->private;
3150 struct net *net = seq_file_net(seq);
3151 struct neigh_table *tbl = state->tbl;
3152 struct pneigh_entry *pn = NULL;
3153 int bucket = state->bucket;
3154
3155 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3156 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3157 pn = tbl->phash_buckets[bucket];
3158 while (pn && !net_eq(pneigh_net(pn), net))
3159 pn = pn->next;
3160 if (pn)
3161 break;
3162 }
3163 state->bucket = bucket;
3164
3165 return pn;
3166 }
3167
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3168 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3169 struct pneigh_entry *pn,
3170 loff_t *pos)
3171 {
3172 struct neigh_seq_state *state = seq->private;
3173 struct net *net = seq_file_net(seq);
3174 struct neigh_table *tbl = state->tbl;
3175
3176 do {
3177 pn = pn->next;
3178 } while (pn && !net_eq(pneigh_net(pn), net));
3179
3180 while (!pn) {
3181 if (++state->bucket > PNEIGH_HASHMASK)
3182 break;
3183 pn = tbl->phash_buckets[state->bucket];
3184 while (pn && !net_eq(pneigh_net(pn), net))
3185 pn = pn->next;
3186 if (pn)
3187 break;
3188 }
3189
3190 if (pn && pos)
3191 --(*pos);
3192
3193 return pn;
3194 }
3195
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3196 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3197 {
3198 struct pneigh_entry *pn = pneigh_get_first(seq);
3199
3200 if (pn) {
3201 --(*pos);
3202 while (*pos) {
3203 pn = pneigh_get_next(seq, pn, pos);
3204 if (!pn)
3205 break;
3206 }
3207 }
3208 return *pos ? NULL : pn;
3209 }
3210
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3211 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3212 {
3213 struct neigh_seq_state *state = seq->private;
3214 void *rc;
3215 loff_t idxpos = *pos;
3216
3217 rc = neigh_get_idx(seq, &idxpos);
3218 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3219 rc = pneigh_get_idx(seq, &idxpos);
3220
3221 return rc;
3222 }
3223
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3224 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3225 __acquires(tbl->lock)
3226 __acquires(rcu_bh)
3227 {
3228 struct neigh_seq_state *state = seq->private;
3229
3230 state->tbl = tbl;
3231 state->bucket = 0;
3232 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3233
3234 rcu_read_lock_bh();
3235 state->nht = rcu_dereference_bh(tbl->nht);
3236 read_lock(&tbl->lock);
3237
3238 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3239 }
3240 EXPORT_SYMBOL(neigh_seq_start);
3241
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3242 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3243 {
3244 struct neigh_seq_state *state;
3245 void *rc;
3246
3247 if (v == SEQ_START_TOKEN) {
3248 rc = neigh_get_first(seq);
3249 goto out;
3250 }
3251
3252 state = seq->private;
3253 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3254 rc = neigh_get_next(seq, v, NULL);
3255 if (rc)
3256 goto out;
3257 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3258 rc = pneigh_get_first(seq);
3259 } else {
3260 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3261 rc = pneigh_get_next(seq, v, NULL);
3262 }
3263 out:
3264 ++(*pos);
3265 return rc;
3266 }
3267 EXPORT_SYMBOL(neigh_seq_next);
3268
neigh_seq_stop(struct seq_file * seq,void * v)3269 void neigh_seq_stop(struct seq_file *seq, void *v)
3270 __releases(tbl->lock)
3271 __releases(rcu_bh)
3272 {
3273 struct neigh_seq_state *state = seq->private;
3274 struct neigh_table *tbl = state->tbl;
3275
3276 read_unlock(&tbl->lock);
3277 rcu_read_unlock_bh();
3278 }
3279 EXPORT_SYMBOL(neigh_seq_stop);
3280
3281 /* statistics via seq_file */
3282
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3283 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3284 {
3285 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3286 int cpu;
3287
3288 if (*pos == 0)
3289 return SEQ_START_TOKEN;
3290
3291 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3292 if (!cpu_possible(cpu))
3293 continue;
3294 *pos = cpu+1;
3295 return per_cpu_ptr(tbl->stats, cpu);
3296 }
3297 return NULL;
3298 }
3299
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3300 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3301 {
3302 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3303 int cpu;
3304
3305 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3306 if (!cpu_possible(cpu))
3307 continue;
3308 *pos = cpu+1;
3309 return per_cpu_ptr(tbl->stats, cpu);
3310 }
3311 (*pos)++;
3312 return NULL;
3313 }
3314
neigh_stat_seq_stop(struct seq_file * seq,void * v)3315 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3316 {
3317
3318 }
3319
neigh_stat_seq_show(struct seq_file * seq,void * v)3320 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3321 {
3322 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3323 struct neigh_statistics *st = v;
3324
3325 if (v == SEQ_START_TOKEN) {
3326 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3327 return 0;
3328 }
3329
3330 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3331 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3332 atomic_read(&tbl->entries),
3333
3334 st->allocs,
3335 st->destroys,
3336 st->hash_grows,
3337
3338 st->lookups,
3339 st->hits,
3340
3341 st->res_failed,
3342
3343 st->rcv_probes_mcast,
3344 st->rcv_probes_ucast,
3345
3346 st->periodic_gc_runs,
3347 st->forced_gc_runs,
3348 st->unres_discards,
3349 st->table_fulls
3350 );
3351
3352 return 0;
3353 }
3354
3355 static const struct seq_operations neigh_stat_seq_ops = {
3356 .start = neigh_stat_seq_start,
3357 .next = neigh_stat_seq_next,
3358 .stop = neigh_stat_seq_stop,
3359 .show = neigh_stat_seq_show,
3360 };
3361 #endif /* CONFIG_PROC_FS */
3362
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3363 static void __neigh_notify(struct neighbour *n, int type, int flags,
3364 u32 pid)
3365 {
3366 struct net *net = dev_net(n->dev);
3367 struct sk_buff *skb;
3368 int err = -ENOBUFS;
3369
3370 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3371 if (skb == NULL)
3372 goto errout;
3373
3374 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3375 if (err < 0) {
3376 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3377 WARN_ON(err == -EMSGSIZE);
3378 kfree_skb(skb);
3379 goto errout;
3380 }
3381 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3382 return;
3383 errout:
3384 if (err < 0)
3385 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3386 }
3387
neigh_app_ns(struct neighbour * n)3388 void neigh_app_ns(struct neighbour *n)
3389 {
3390 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3391 }
3392 EXPORT_SYMBOL(neigh_app_ns);
3393
3394 #ifdef CONFIG_SYSCTL
3395 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3396
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3397 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3398 void *buffer, size_t *lenp, loff_t *ppos)
3399 {
3400 int size, ret;
3401 struct ctl_table tmp = *ctl;
3402
3403 tmp.extra1 = SYSCTL_ZERO;
3404 tmp.extra2 = &unres_qlen_max;
3405 tmp.data = &size;
3406
3407 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3408 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3409
3410 if (write && !ret)
3411 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3412 return ret;
3413 }
3414
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3415 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3416 int family)
3417 {
3418 switch (family) {
3419 case AF_INET:
3420 return __in_dev_arp_parms_get_rcu(dev);
3421 case AF_INET6:
3422 return __in6_dev_nd_parms_get_rcu(dev);
3423 }
3424 return NULL;
3425 }
3426
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3427 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3428 int index)
3429 {
3430 struct net_device *dev;
3431 int family = neigh_parms_family(p);
3432
3433 rcu_read_lock();
3434 for_each_netdev_rcu(net, dev) {
3435 struct neigh_parms *dst_p =
3436 neigh_get_dev_parms_rcu(dev, family);
3437
3438 if (dst_p && !test_bit(index, dst_p->data_state))
3439 dst_p->data[index] = p->data[index];
3440 }
3441 rcu_read_unlock();
3442 }
3443
neigh_proc_update(struct ctl_table * ctl,int write)3444 static void neigh_proc_update(struct ctl_table *ctl, int write)
3445 {
3446 struct net_device *dev = ctl->extra1;
3447 struct neigh_parms *p = ctl->extra2;
3448 struct net *net = neigh_parms_net(p);
3449 int index = (int *) ctl->data - p->data;
3450
3451 if (!write)
3452 return;
3453
3454 set_bit(index, p->data_state);
3455 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3456 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3457 if (!dev) /* NULL dev means this is default value */
3458 neigh_copy_dflt_parms(net, p, index);
3459 }
3460
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3461 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3462 void *buffer, size_t *lenp,
3463 loff_t *ppos)
3464 {
3465 struct ctl_table tmp = *ctl;
3466 int ret;
3467
3468 tmp.extra1 = SYSCTL_ZERO;
3469 tmp.extra2 = SYSCTL_INT_MAX;
3470
3471 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3472 neigh_proc_update(ctl, write);
3473 return ret;
3474 }
3475
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3476 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3477 size_t *lenp, loff_t *ppos)
3478 {
3479 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3480
3481 neigh_proc_update(ctl, write);
3482 return ret;
3483 }
3484 EXPORT_SYMBOL(neigh_proc_dointvec);
3485
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3486 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3487 size_t *lenp, loff_t *ppos)
3488 {
3489 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3490
3491 neigh_proc_update(ctl, write);
3492 return ret;
3493 }
3494 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3495
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3496 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3497 void *buffer, size_t *lenp,
3498 loff_t *ppos)
3499 {
3500 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3501
3502 neigh_proc_update(ctl, write);
3503 return ret;
3504 }
3505
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3506 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3507 void *buffer, size_t *lenp, loff_t *ppos)
3508 {
3509 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3510
3511 neigh_proc_update(ctl, write);
3512 return ret;
3513 }
3514 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3515
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3516 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3517 void *buffer, size_t *lenp,
3518 loff_t *ppos)
3519 {
3520 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3521
3522 neigh_proc_update(ctl, write);
3523 return ret;
3524 }
3525
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3526 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3527 void *buffer, size_t *lenp,
3528 loff_t *ppos)
3529 {
3530 struct neigh_parms *p = ctl->extra2;
3531 int ret;
3532
3533 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3534 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3535 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3536 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3537 else
3538 ret = -1;
3539
3540 if (write && ret == 0) {
3541 /* update reachable_time as well, otherwise, the change will
3542 * only be effective after the next time neigh_periodic_work
3543 * decides to recompute it
3544 */
3545 p->reachable_time =
3546 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3547 }
3548 return ret;
3549 }
3550
3551 #define NEIGH_PARMS_DATA_OFFSET(index) \
3552 (&((struct neigh_parms *) 0)->data[index])
3553
3554 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3555 [NEIGH_VAR_ ## attr] = { \
3556 .procname = name, \
3557 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3558 .maxlen = sizeof(int), \
3559 .mode = mval, \
3560 .proc_handler = proc, \
3561 }
3562
3563 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3564 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3565
3566 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3567 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3568
3569 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3570 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3571
3572 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3573 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3574
3575 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3576 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3577
3578 static struct neigh_sysctl_table {
3579 struct ctl_table_header *sysctl_header;
3580 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3581 } neigh_sysctl_template __read_mostly = {
3582 .neigh_vars = {
3583 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3584 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3585 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3586 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3587 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3588 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3589 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3590 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3591 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3592 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3593 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3594 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3595 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3596 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3597 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3598 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3599 [NEIGH_VAR_GC_INTERVAL] = {
3600 .procname = "gc_interval",
3601 .maxlen = sizeof(int),
3602 .mode = 0644,
3603 .proc_handler = proc_dointvec_jiffies,
3604 },
3605 [NEIGH_VAR_GC_THRESH1] = {
3606 .procname = "gc_thresh1",
3607 .maxlen = sizeof(int),
3608 .mode = 0644,
3609 .extra1 = SYSCTL_ZERO,
3610 .extra2 = SYSCTL_INT_MAX,
3611 .proc_handler = proc_dointvec_minmax,
3612 },
3613 [NEIGH_VAR_GC_THRESH2] = {
3614 .procname = "gc_thresh2",
3615 .maxlen = sizeof(int),
3616 .mode = 0644,
3617 .extra1 = SYSCTL_ZERO,
3618 .extra2 = SYSCTL_INT_MAX,
3619 .proc_handler = proc_dointvec_minmax,
3620 },
3621 [NEIGH_VAR_GC_THRESH3] = {
3622 .procname = "gc_thresh3",
3623 .maxlen = sizeof(int),
3624 .mode = 0644,
3625 .extra1 = SYSCTL_ZERO,
3626 .extra2 = SYSCTL_INT_MAX,
3627 .proc_handler = proc_dointvec_minmax,
3628 },
3629 {},
3630 },
3631 };
3632
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3633 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3634 proc_handler *handler)
3635 {
3636 int i;
3637 struct neigh_sysctl_table *t;
3638 const char *dev_name_source;
3639 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3640 char *p_name;
3641
3642 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3643 if (!t)
3644 goto err;
3645
3646 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3647 t->neigh_vars[i].data += (long) p;
3648 t->neigh_vars[i].extra1 = dev;
3649 t->neigh_vars[i].extra2 = p;
3650 }
3651
3652 if (dev) {
3653 dev_name_source = dev->name;
3654 /* Terminate the table early */
3655 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3656 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3657 } else {
3658 struct neigh_table *tbl = p->tbl;
3659 dev_name_source = "default";
3660 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3661 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3662 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3663 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3664 }
3665
3666 if (handler) {
3667 /* RetransTime */
3668 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3669 /* ReachableTime */
3670 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3671 /* RetransTime (in milliseconds)*/
3672 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3673 /* ReachableTime (in milliseconds) */
3674 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3675 } else {
3676 /* Those handlers will update p->reachable_time after
3677 * base_reachable_time(_ms) is set to ensure the new timer starts being
3678 * applied after the next neighbour update instead of waiting for
3679 * neigh_periodic_work to update its value (can be multiple minutes)
3680 * So any handler that replaces them should do this as well
3681 */
3682 /* ReachableTime */
3683 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3684 neigh_proc_base_reachable_time;
3685 /* ReachableTime (in milliseconds) */
3686 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3687 neigh_proc_base_reachable_time;
3688 }
3689
3690 /* Don't export sysctls to unprivileged users */
3691 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3692 t->neigh_vars[0].procname = NULL;
3693
3694 switch (neigh_parms_family(p)) {
3695 case AF_INET:
3696 p_name = "ipv4";
3697 break;
3698 case AF_INET6:
3699 p_name = "ipv6";
3700 break;
3701 default:
3702 BUG();
3703 }
3704
3705 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3706 p_name, dev_name_source);
3707 t->sysctl_header =
3708 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3709 if (!t->sysctl_header)
3710 goto free;
3711
3712 p->sysctl_table = t;
3713 return 0;
3714
3715 free:
3716 kfree(t);
3717 err:
3718 return -ENOBUFS;
3719 }
3720 EXPORT_SYMBOL(neigh_sysctl_register);
3721
neigh_sysctl_unregister(struct neigh_parms * p)3722 void neigh_sysctl_unregister(struct neigh_parms *p)
3723 {
3724 if (p->sysctl_table) {
3725 struct neigh_sysctl_table *t = p->sysctl_table;
3726 p->sysctl_table = NULL;
3727 unregister_net_sysctl_table(t->sysctl_header);
3728 kfree(t);
3729 }
3730 }
3731 EXPORT_SYMBOL(neigh_sysctl_unregister);
3732
3733 #endif /* CONFIG_SYSCTL */
3734
neigh_init(void)3735 static int __init neigh_init(void)
3736 {
3737 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3738 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3739 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3740
3741 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3742 0);
3743 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3744
3745 return 0;
3746 }
3747
3748 subsys_initcall(neigh_init);
3749