1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define DEBUG
45 #define NEIGH_DEBUG 1
46 #define neigh_dbg(level, fmt, ...) \
47 do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50 } while (0)
51
52 #define PNEIGH_HASHMASK 0xF
53
54 static void neigh_timer_handler(struct timer_list *t);
55 static void __neigh_notify(struct neighbour *n, int type, int flags,
56 u32 pid);
57 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
58 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
59 struct net_device *dev);
60
61 #ifdef CONFIG_PROC_FS
62 static const struct seq_operations neigh_stat_seq_ops;
63 #endif
64
65 /*
66 Neighbour hash table buckets are protected with rwlock tbl->lock.
67
68 - All the scans/updates to hash buckets MUST be made under this lock.
69 - NOTHING clever should be made under this lock: no callbacks
70 to protocol backends, no attempts to send something to network.
71 It will result in deadlocks, if backend/driver wants to use neighbour
72 cache.
73 - If the entry requires some non-trivial actions, increase
74 its reference count and release table lock.
75
76 Neighbour entries are protected:
77 - with reference count.
78 - with rwlock neigh->lock
79
80 Reference count prevents destruction.
81
82 neigh->lock mainly serializes ll address data and its validity state.
83 However, the same lock is used to protect another entry fields:
84 - timer
85 - resolution queue
86
87 Again, nothing clever shall be made under neigh->lock,
88 the most complicated procedure, which we allow is dev->hard_header.
89 It is supposed, that dev->hard_header is simplistic and does
90 not make callbacks to neighbour tables.
91 */
92
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)93 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
94 {
95 kfree_skb(skb);
96 return -ENETDOWN;
97 }
98
neigh_cleanup_and_release(struct neighbour * neigh)99 static void neigh_cleanup_and_release(struct neighbour *neigh)
100 {
101 trace_neigh_cleanup_and_release(neigh, 0);
102 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
103 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
104 neigh_release(neigh);
105 }
106
107 /*
108 * It is random distribution in the interval (1/2)*base...(3/2)*base.
109 * It corresponds to default IPv6 settings and is not overridable,
110 * because it is really reasonable choice.
111 */
112
neigh_rand_reach_time(unsigned long base)113 unsigned long neigh_rand_reach_time(unsigned long base)
114 {
115 return base ? (prandom_u32() % base) + (base >> 1) : 0;
116 }
117 EXPORT_SYMBOL(neigh_rand_reach_time);
118
neigh_mark_dead(struct neighbour * n)119 static void neigh_mark_dead(struct neighbour *n)
120 {
121 n->dead = 1;
122 if (!list_empty(&n->gc_list)) {
123 list_del_init(&n->gc_list);
124 atomic_dec(&n->tbl->gc_entries);
125 }
126 }
127
neigh_update_gc_list(struct neighbour * n)128 static void neigh_update_gc_list(struct neighbour *n)
129 {
130 bool on_gc_list, exempt_from_gc;
131
132 write_lock_bh(&n->tbl->lock);
133 write_lock(&n->lock);
134
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153
154 out:
155 write_unlock(&n->lock);
156 write_unlock_bh(&n->tbl->lock);
157 }
158
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)159 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
160 int *notify)
161 {
162 bool rc = false;
163 u8 ndm_flags;
164
165 if (!(flags & NEIGH_UPDATE_F_ADMIN))
166 return rc;
167
168 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
169 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
170 if (ndm_flags & NTF_EXT_LEARNED)
171 neigh->flags |= NTF_EXT_LEARNED;
172 else
173 neigh->flags &= ~NTF_EXT_LEARNED;
174 rc = true;
175 *notify = 1;
176 }
177
178 return rc;
179 }
180
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)181 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
182 struct neigh_table *tbl)
183 {
184 bool retval = false;
185
186 write_lock(&n->lock);
187 if (refcount_read(&n->refcnt) == 1) {
188 struct neighbour *neigh;
189
190 neigh = rcu_dereference_protected(n->next,
191 lockdep_is_held(&tbl->lock));
192 rcu_assign_pointer(*np, neigh);
193 neigh_mark_dead(n);
194 retval = true;
195 }
196 write_unlock(&n->lock);
197 if (retval)
198 neigh_cleanup_and_release(n);
199 return retval;
200 }
201
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)202 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
203 {
204 struct neigh_hash_table *nht;
205 void *pkey = ndel->primary_key;
206 u32 hash_val;
207 struct neighbour *n;
208 struct neighbour __rcu **np;
209
210 nht = rcu_dereference_protected(tbl->nht,
211 lockdep_is_held(&tbl->lock));
212 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
213 hash_val = hash_val >> (32 - nht->hash_shift);
214
215 np = &nht->hash_buckets[hash_val];
216 while ((n = rcu_dereference_protected(*np,
217 lockdep_is_held(&tbl->lock)))) {
218 if (n == ndel)
219 return neigh_del(n, np, tbl);
220 np = &n->next;
221 }
222 return false;
223 }
224
neigh_forced_gc(struct neigh_table * tbl)225 static int neigh_forced_gc(struct neigh_table *tbl)
226 {
227 int max_clean = atomic_read(&tbl->gc_entries) -
228 READ_ONCE(tbl->gc_thresh2);
229 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC;
230 unsigned long tref = jiffies - 5 * HZ;
231 struct neighbour *n, *tmp;
232 int shrunk = 0;
233 int loop = 0;
234
235 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
236
237 write_lock_bh(&tbl->lock);
238
239 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
240 if (refcount_read(&n->refcnt) == 1) {
241 bool remove = false;
242
243 write_lock(&n->lock);
244 if ((n->nud_state == NUD_FAILED) ||
245 (n->nud_state == NUD_NOARP) ||
246 !time_in_range(n->updated, tref, jiffies))
247 remove = true;
248 write_unlock(&n->lock);
249
250 if (remove && neigh_remove_one(n, tbl))
251 shrunk++;
252 if (shrunk >= max_clean)
253 break;
254 if (++loop == 16) {
255 if (ktime_get_ns() > tmax)
256 goto unlock;
257 loop = 0;
258 }
259 }
260 }
261
262 WRITE_ONCE(tbl->last_flush, jiffies);
263 unlock:
264 write_unlock_bh(&tbl->lock);
265
266 return shrunk;
267 }
268
neigh_add_timer(struct neighbour * n,unsigned long when)269 static void neigh_add_timer(struct neighbour *n, unsigned long when)
270 {
271 /* Use safe distance from the jiffies - LONG_MAX point while timer
272 * is running in DELAY/PROBE state but still show to user space
273 * large times in the past.
274 */
275 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
276
277 neigh_hold(n);
278 if (!time_in_range(n->confirmed, mint, jiffies))
279 n->confirmed = mint;
280 if (time_before(n->used, n->confirmed))
281 n->used = n->confirmed;
282 if (unlikely(mod_timer(&n->timer, when))) {
283 printk("NEIGH: BUG, double timer add, state is %x\n",
284 n->nud_state);
285 dump_stack();
286 }
287 }
288
neigh_del_timer(struct neighbour * n)289 static int neigh_del_timer(struct neighbour *n)
290 {
291 if ((n->nud_state & NUD_IN_TIMER) &&
292 del_timer(&n->timer)) {
293 neigh_release(n);
294 return 1;
295 }
296 return 0;
297 }
298
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)299 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
300 {
301 struct sk_buff_head tmp;
302 unsigned long flags;
303 struct sk_buff *skb;
304
305 skb_queue_head_init(&tmp);
306 spin_lock_irqsave(&list->lock, flags);
307 skb = skb_peek(list);
308 while (skb != NULL) {
309 struct sk_buff *skb_next = skb_peek_next(skb, list);
310 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
311 __skb_unlink(skb, list);
312 __skb_queue_tail(&tmp, skb);
313 }
314 skb = skb_next;
315 }
316 spin_unlock_irqrestore(&list->lock, flags);
317
318 while ((skb = __skb_dequeue(&tmp))) {
319 dev_put(skb->dev);
320 kfree_skb(skb);
321 }
322 }
323
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)324 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
325 bool skip_perm)
326 {
327 int i;
328 struct neigh_hash_table *nht;
329
330 nht = rcu_dereference_protected(tbl->nht,
331 lockdep_is_held(&tbl->lock));
332
333 for (i = 0; i < (1 << nht->hash_shift); i++) {
334 struct neighbour *n;
335 struct neighbour __rcu **np = &nht->hash_buckets[i];
336
337 while ((n = rcu_dereference_protected(*np,
338 lockdep_is_held(&tbl->lock))) != NULL) {
339 if (dev && n->dev != dev) {
340 np = &n->next;
341 continue;
342 }
343 if (skip_perm && n->nud_state & NUD_PERMANENT) {
344 np = &n->next;
345 continue;
346 }
347 rcu_assign_pointer(*np,
348 rcu_dereference_protected(n->next,
349 lockdep_is_held(&tbl->lock)));
350 write_lock(&n->lock);
351 neigh_del_timer(n);
352 neigh_mark_dead(n);
353 if (refcount_read(&n->refcnt) != 1) {
354 /* The most unpleasant situation.
355 We must destroy neighbour entry,
356 but someone still uses it.
357
358 The destroy will be delayed until
359 the last user releases us, but
360 we must kill timers etc. and move
361 it to safe state.
362 */
363 __skb_queue_purge(&n->arp_queue);
364 n->arp_queue_len_bytes = 0;
365 n->output = neigh_blackhole;
366 if (n->nud_state & NUD_VALID)
367 n->nud_state = NUD_NOARP;
368 else
369 n->nud_state = NUD_NONE;
370 neigh_dbg(2, "neigh %p is stray\n", n);
371 }
372 write_unlock(&n->lock);
373 neigh_cleanup_and_release(n);
374 }
375 }
376 }
377
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)378 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
379 {
380 write_lock_bh(&tbl->lock);
381 neigh_flush_dev(tbl, dev, false);
382 write_unlock_bh(&tbl->lock);
383 }
384 EXPORT_SYMBOL(neigh_changeaddr);
385
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)386 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
387 bool skip_perm)
388 {
389 write_lock_bh(&tbl->lock);
390 neigh_flush_dev(tbl, dev, skip_perm);
391 pneigh_ifdown_and_unlock(tbl, dev);
392 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
393 if (skb_queue_empty_lockless(&tbl->proxy_queue))
394 del_timer_sync(&tbl->proxy_timer);
395 return 0;
396 }
397
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)398 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
399 {
400 __neigh_ifdown(tbl, dev, true);
401 return 0;
402 }
403 EXPORT_SYMBOL(neigh_carrier_down);
404
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)405 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
406 {
407 __neigh_ifdown(tbl, dev, false);
408 return 0;
409 }
410 EXPORT_SYMBOL(neigh_ifdown);
411
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)412 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
413 struct net_device *dev,
414 u8 flags, bool exempt_from_gc)
415 {
416 struct neighbour *n = NULL;
417 unsigned long now = jiffies;
418 int entries, gc_thresh3;
419
420 if (exempt_from_gc)
421 goto do_alloc;
422
423 entries = atomic_inc_return(&tbl->gc_entries) - 1;
424 gc_thresh3 = READ_ONCE(tbl->gc_thresh3);
425 if (entries >= gc_thresh3 ||
426 (entries >= READ_ONCE(tbl->gc_thresh2) &&
427 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) {
428 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) {
429 net_info_ratelimited("%s: neighbor table overflow!\n",
430 tbl->id);
431 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
432 goto out_entries;
433 }
434 }
435
436 do_alloc:
437 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
438 if (!n)
439 goto out_entries;
440
441 __skb_queue_head_init(&n->arp_queue);
442 rwlock_init(&n->lock);
443 seqlock_init(&n->ha_lock);
444 n->updated = n->used = now;
445 n->nud_state = NUD_NONE;
446 n->output = neigh_blackhole;
447 n->flags = flags;
448 seqlock_init(&n->hh.hh_lock);
449 n->parms = neigh_parms_clone(&tbl->parms);
450 timer_setup(&n->timer, neigh_timer_handler, 0);
451
452 NEIGH_CACHE_STAT_INC(tbl, allocs);
453 n->tbl = tbl;
454 refcount_set(&n->refcnt, 1);
455 n->dead = 1;
456 INIT_LIST_HEAD(&n->gc_list);
457
458 atomic_inc(&tbl->entries);
459 out:
460 return n;
461
462 out_entries:
463 if (!exempt_from_gc)
464 atomic_dec(&tbl->gc_entries);
465 goto out;
466 }
467
neigh_get_hash_rnd(u32 * x)468 static void neigh_get_hash_rnd(u32 *x)
469 {
470 *x = get_random_u32() | 1;
471 }
472
neigh_hash_alloc(unsigned int shift)473 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
474 {
475 size_t size = (1 << shift) * sizeof(struct neighbour *);
476 struct neigh_hash_table *ret;
477 struct neighbour __rcu **buckets;
478 int i;
479
480 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
481 if (!ret)
482 return NULL;
483 if (size <= PAGE_SIZE) {
484 buckets = kzalloc(size, GFP_ATOMIC);
485 } else {
486 buckets = (struct neighbour __rcu **)
487 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
488 get_order(size));
489 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
490 }
491 if (!buckets) {
492 kfree(ret);
493 return NULL;
494 }
495 ret->hash_buckets = buckets;
496 ret->hash_shift = shift;
497 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
498 neigh_get_hash_rnd(&ret->hash_rnd[i]);
499 return ret;
500 }
501
neigh_hash_free_rcu(struct rcu_head * head)502 static void neigh_hash_free_rcu(struct rcu_head *head)
503 {
504 struct neigh_hash_table *nht = container_of(head,
505 struct neigh_hash_table,
506 rcu);
507 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
508 struct neighbour __rcu **buckets = nht->hash_buckets;
509
510 if (size <= PAGE_SIZE) {
511 kfree(buckets);
512 } else {
513 kmemleak_free(buckets);
514 free_pages((unsigned long)buckets, get_order(size));
515 }
516 kfree(nht);
517 }
518
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)519 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
520 unsigned long new_shift)
521 {
522 unsigned int i, hash;
523 struct neigh_hash_table *new_nht, *old_nht;
524
525 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
526
527 old_nht = rcu_dereference_protected(tbl->nht,
528 lockdep_is_held(&tbl->lock));
529 new_nht = neigh_hash_alloc(new_shift);
530 if (!new_nht)
531 return old_nht;
532
533 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
534 struct neighbour *n, *next;
535
536 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
537 lockdep_is_held(&tbl->lock));
538 n != NULL;
539 n = next) {
540 hash = tbl->hash(n->primary_key, n->dev,
541 new_nht->hash_rnd);
542
543 hash >>= (32 - new_nht->hash_shift);
544 next = rcu_dereference_protected(n->next,
545 lockdep_is_held(&tbl->lock));
546
547 rcu_assign_pointer(n->next,
548 rcu_dereference_protected(
549 new_nht->hash_buckets[hash],
550 lockdep_is_held(&tbl->lock)));
551 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
552 }
553 }
554
555 rcu_assign_pointer(tbl->nht, new_nht);
556 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
557 return new_nht;
558 }
559
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)560 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
561 struct net_device *dev)
562 {
563 struct neighbour *n;
564
565 NEIGH_CACHE_STAT_INC(tbl, lookups);
566
567 rcu_read_lock_bh();
568 n = __neigh_lookup_noref(tbl, pkey, dev);
569 if (n) {
570 if (!refcount_inc_not_zero(&n->refcnt))
571 n = NULL;
572 NEIGH_CACHE_STAT_INC(tbl, hits);
573 }
574
575 rcu_read_unlock_bh();
576 return n;
577 }
578 EXPORT_SYMBOL(neigh_lookup);
579
580 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)581 ___neigh_create(struct neigh_table *tbl, const void *pkey,
582 struct net_device *dev, u8 flags,
583 bool exempt_from_gc, bool want_ref)
584 {
585 u32 hash_val, key_len = tbl->key_len;
586 struct neighbour *n1, *rc, *n;
587 struct neigh_hash_table *nht;
588 int error;
589
590 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
591 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
592 if (!n) {
593 rc = ERR_PTR(-ENOBUFS);
594 goto out;
595 }
596
597 memcpy(n->primary_key, pkey, key_len);
598 n->dev = dev;
599 dev_hold(dev);
600
601 /* Protocol specific setup. */
602 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
603 rc = ERR_PTR(error);
604 goto out_neigh_release;
605 }
606
607 if (dev->netdev_ops->ndo_neigh_construct) {
608 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
609 if (error < 0) {
610 rc = ERR_PTR(error);
611 goto out_neigh_release;
612 }
613 }
614
615 /* Device specific setup. */
616 if (n->parms->neigh_setup &&
617 (error = n->parms->neigh_setup(n)) < 0) {
618 rc = ERR_PTR(error);
619 goto out_neigh_release;
620 }
621
622 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
623
624 write_lock_bh(&tbl->lock);
625 nht = rcu_dereference_protected(tbl->nht,
626 lockdep_is_held(&tbl->lock));
627
628 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
629 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
630
631 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
632
633 if (n->parms->dead) {
634 rc = ERR_PTR(-EINVAL);
635 goto out_tbl_unlock;
636 }
637
638 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
639 lockdep_is_held(&tbl->lock));
640 n1 != NULL;
641 n1 = rcu_dereference_protected(n1->next,
642 lockdep_is_held(&tbl->lock))) {
643 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
644 if (want_ref)
645 neigh_hold(n1);
646 rc = n1;
647 goto out_tbl_unlock;
648 }
649 }
650
651 n->dead = 0;
652 if (!exempt_from_gc)
653 list_add_tail(&n->gc_list, &n->tbl->gc_list);
654
655 if (want_ref)
656 neigh_hold(n);
657 rcu_assign_pointer(n->next,
658 rcu_dereference_protected(nht->hash_buckets[hash_val],
659 lockdep_is_held(&tbl->lock)));
660 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
661 write_unlock_bh(&tbl->lock);
662 neigh_dbg(2, "neigh %p is created\n", n);
663 rc = n;
664 out:
665 return rc;
666 out_tbl_unlock:
667 write_unlock_bh(&tbl->lock);
668 out_neigh_release:
669 if (!exempt_from_gc)
670 atomic_dec(&tbl->gc_entries);
671 neigh_release(n);
672 goto out;
673 }
674
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)675 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
676 struct net_device *dev, bool want_ref)
677 {
678 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
679 }
680 EXPORT_SYMBOL(__neigh_create);
681
pneigh_hash(const void * pkey,unsigned int key_len)682 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
683 {
684 u32 hash_val = *(u32 *)(pkey + key_len - 4);
685 hash_val ^= (hash_val >> 16);
686 hash_val ^= hash_val >> 8;
687 hash_val ^= hash_val >> 4;
688 hash_val &= PNEIGH_HASHMASK;
689 return hash_val;
690 }
691
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)692 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
693 struct net *net,
694 const void *pkey,
695 unsigned int key_len,
696 struct net_device *dev)
697 {
698 while (n) {
699 if (!memcmp(n->key, pkey, key_len) &&
700 net_eq(pneigh_net(n), net) &&
701 (n->dev == dev || !n->dev))
702 return n;
703 n = n->next;
704 }
705 return NULL;
706 }
707
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)708 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
709 struct net *net, const void *pkey, struct net_device *dev)
710 {
711 unsigned int key_len = tbl->key_len;
712 u32 hash_val = pneigh_hash(pkey, key_len);
713
714 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
715 net, pkey, key_len, dev);
716 }
717 EXPORT_SYMBOL_GPL(__pneigh_lookup);
718
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)719 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
720 struct net *net, const void *pkey,
721 struct net_device *dev, int creat)
722 {
723 struct pneigh_entry *n;
724 unsigned int key_len = tbl->key_len;
725 u32 hash_val = pneigh_hash(pkey, key_len);
726
727 read_lock_bh(&tbl->lock);
728 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
729 net, pkey, key_len, dev);
730 read_unlock_bh(&tbl->lock);
731
732 if (n || !creat)
733 goto out;
734
735 ASSERT_RTNL();
736
737 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
738 if (!n)
739 goto out;
740
741 write_pnet(&n->net, net);
742 memcpy(n->key, pkey, key_len);
743 n->dev = dev;
744 if (dev)
745 dev_hold(dev);
746
747 if (tbl->pconstructor && tbl->pconstructor(n)) {
748 if (dev)
749 dev_put(dev);
750 kfree(n);
751 n = NULL;
752 goto out;
753 }
754
755 write_lock_bh(&tbl->lock);
756 n->next = tbl->phash_buckets[hash_val];
757 tbl->phash_buckets[hash_val] = n;
758 write_unlock_bh(&tbl->lock);
759 out:
760 return n;
761 }
762 EXPORT_SYMBOL(pneigh_lookup);
763
764
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)765 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
766 struct net_device *dev)
767 {
768 struct pneigh_entry *n, **np;
769 unsigned int key_len = tbl->key_len;
770 u32 hash_val = pneigh_hash(pkey, key_len);
771
772 write_lock_bh(&tbl->lock);
773 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
774 np = &n->next) {
775 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
776 net_eq(pneigh_net(n), net)) {
777 *np = n->next;
778 write_unlock_bh(&tbl->lock);
779 if (tbl->pdestructor)
780 tbl->pdestructor(n);
781 if (n->dev)
782 dev_put(n->dev);
783 kfree(n);
784 return 0;
785 }
786 }
787 write_unlock_bh(&tbl->lock);
788 return -ENOENT;
789 }
790
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)791 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
792 struct net_device *dev)
793 {
794 struct pneigh_entry *n, **np, *freelist = NULL;
795 u32 h;
796
797 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
798 np = &tbl->phash_buckets[h];
799 while ((n = *np) != NULL) {
800 if (!dev || n->dev == dev) {
801 *np = n->next;
802 n->next = freelist;
803 freelist = n;
804 continue;
805 }
806 np = &n->next;
807 }
808 }
809 write_unlock_bh(&tbl->lock);
810 while ((n = freelist)) {
811 freelist = n->next;
812 n->next = NULL;
813 if (tbl->pdestructor)
814 tbl->pdestructor(n);
815 if (n->dev)
816 dev_put(n->dev);
817 kfree(n);
818 }
819 return -ENOENT;
820 }
821
822 static void neigh_parms_destroy(struct neigh_parms *parms);
823
neigh_parms_put(struct neigh_parms * parms)824 static inline void neigh_parms_put(struct neigh_parms *parms)
825 {
826 if (refcount_dec_and_test(&parms->refcnt))
827 neigh_parms_destroy(parms);
828 }
829
830 /*
831 * neighbour must already be out of the table;
832 *
833 */
neigh_destroy(struct neighbour * neigh)834 void neigh_destroy(struct neighbour *neigh)
835 {
836 struct net_device *dev = neigh->dev;
837
838 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
839
840 if (!neigh->dead) {
841 pr_warn("Destroying alive neighbour %p\n", neigh);
842 dump_stack();
843 return;
844 }
845
846 if (neigh_del_timer(neigh))
847 pr_warn("Impossible event\n");
848
849 write_lock_bh(&neigh->lock);
850 __skb_queue_purge(&neigh->arp_queue);
851 write_unlock_bh(&neigh->lock);
852 neigh->arp_queue_len_bytes = 0;
853
854 if (dev->netdev_ops->ndo_neigh_destroy)
855 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
856
857 dev_put(dev);
858 neigh_parms_put(neigh->parms);
859
860 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
861
862 atomic_dec(&neigh->tbl->entries);
863 kfree_rcu(neigh, rcu);
864 }
865 EXPORT_SYMBOL(neigh_destroy);
866
867 /* Neighbour state is suspicious;
868 disable fast path.
869
870 Called with write_locked neigh.
871 */
neigh_suspect(struct neighbour * neigh)872 static void neigh_suspect(struct neighbour *neigh)
873 {
874 neigh_dbg(2, "neigh %p is suspected\n", neigh);
875
876 neigh->output = neigh->ops->output;
877 }
878
879 /* Neighbour state is OK;
880 enable fast path.
881
882 Called with write_locked neigh.
883 */
neigh_connect(struct neighbour * neigh)884 static void neigh_connect(struct neighbour *neigh)
885 {
886 neigh_dbg(2, "neigh %p is connected\n", neigh);
887
888 neigh->output = neigh->ops->connected_output;
889 }
890
neigh_periodic_work(struct work_struct * work)891 static void neigh_periodic_work(struct work_struct *work)
892 {
893 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
894 struct neighbour *n;
895 struct neighbour __rcu **np;
896 unsigned int i;
897 struct neigh_hash_table *nht;
898
899 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
900
901 write_lock_bh(&tbl->lock);
902 nht = rcu_dereference_protected(tbl->nht,
903 lockdep_is_held(&tbl->lock));
904
905 /*
906 * periodically recompute ReachableTime from random function
907 */
908
909 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
910 struct neigh_parms *p;
911
912 WRITE_ONCE(tbl->last_rand, jiffies);
913 list_for_each_entry(p, &tbl->parms_list, list)
914 p->reachable_time =
915 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
916 }
917
918 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1))
919 goto out;
920
921 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
922 np = &nht->hash_buckets[i];
923
924 while ((n = rcu_dereference_protected(*np,
925 lockdep_is_held(&tbl->lock))) != NULL) {
926 unsigned int state;
927
928 write_lock(&n->lock);
929
930 state = n->nud_state;
931 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
932 (n->flags & NTF_EXT_LEARNED)) {
933 write_unlock(&n->lock);
934 goto next_elt;
935 }
936
937 if (time_before(n->used, n->confirmed) &&
938 time_is_before_eq_jiffies(n->confirmed))
939 n->used = n->confirmed;
940
941 if (refcount_read(&n->refcnt) == 1 &&
942 (state == NUD_FAILED ||
943 !time_in_range_open(jiffies, n->used,
944 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
945 rcu_assign_pointer(*np,
946 rcu_dereference_protected(n->next,
947 lockdep_is_held(&tbl->lock)));
948 neigh_mark_dead(n);
949 write_unlock(&n->lock);
950 neigh_cleanup_and_release(n);
951 continue;
952 }
953 write_unlock(&n->lock);
954
955 next_elt:
956 np = &n->next;
957 }
958 /*
959 * It's fine to release lock here, even if hash table
960 * grows while we are preempted.
961 */
962 write_unlock_bh(&tbl->lock);
963 cond_resched();
964 write_lock_bh(&tbl->lock);
965 nht = rcu_dereference_protected(tbl->nht,
966 lockdep_is_held(&tbl->lock));
967 }
968 out:
969 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
970 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
971 * BASE_REACHABLE_TIME.
972 */
973 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
974 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
975 write_unlock_bh(&tbl->lock);
976 }
977
neigh_max_probes(struct neighbour * n)978 static __inline__ int neigh_max_probes(struct neighbour *n)
979 {
980 struct neigh_parms *p = n->parms;
981 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
982 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
983 NEIGH_VAR(p, MCAST_PROBES));
984 }
985
neigh_invalidate(struct neighbour * neigh)986 static void neigh_invalidate(struct neighbour *neigh)
987 __releases(neigh->lock)
988 __acquires(neigh->lock)
989 {
990 struct sk_buff *skb;
991
992 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
993 neigh_dbg(2, "neigh %p is failed\n", neigh);
994 neigh->updated = jiffies;
995
996 /* It is very thin place. report_unreachable is very complicated
997 routine. Particularly, it can hit the same neighbour entry!
998
999 So that, we try to be accurate and avoid dead loop. --ANK
1000 */
1001 while (neigh->nud_state == NUD_FAILED &&
1002 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1003 write_unlock(&neigh->lock);
1004 neigh->ops->error_report(neigh, skb);
1005 write_lock(&neigh->lock);
1006 }
1007 __skb_queue_purge(&neigh->arp_queue);
1008 neigh->arp_queue_len_bytes = 0;
1009 }
1010
neigh_probe(struct neighbour * neigh)1011 static void neigh_probe(struct neighbour *neigh)
1012 __releases(neigh->lock)
1013 {
1014 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1015 /* keep skb alive even if arp_queue overflows */
1016 if (skb)
1017 skb = skb_clone(skb, GFP_ATOMIC);
1018 write_unlock(&neigh->lock);
1019 if (neigh->ops->solicit)
1020 neigh->ops->solicit(neigh, skb);
1021 atomic_inc(&neigh->probes);
1022 consume_skb(skb);
1023 }
1024
1025 /* Called when a timer expires for a neighbour entry. */
1026
neigh_timer_handler(struct timer_list * t)1027 static void neigh_timer_handler(struct timer_list *t)
1028 {
1029 unsigned long now, next;
1030 struct neighbour *neigh = from_timer(neigh, t, timer);
1031 unsigned int state;
1032 int notify = 0;
1033
1034 write_lock(&neigh->lock);
1035
1036 state = neigh->nud_state;
1037 now = jiffies;
1038 next = now + HZ;
1039
1040 if (!(state & NUD_IN_TIMER))
1041 goto out;
1042
1043 if (state & NUD_REACHABLE) {
1044 if (time_before_eq(now,
1045 neigh->confirmed + neigh->parms->reachable_time)) {
1046 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1047 next = neigh->confirmed + neigh->parms->reachable_time;
1048 } else if (time_before_eq(now,
1049 neigh->used +
1050 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1051 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1052 neigh->nud_state = NUD_DELAY;
1053 neigh->updated = jiffies;
1054 neigh_suspect(neigh);
1055 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1056 } else {
1057 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1058 neigh->nud_state = NUD_STALE;
1059 neigh->updated = jiffies;
1060 neigh_suspect(neigh);
1061 notify = 1;
1062 }
1063 } else if (state & NUD_DELAY) {
1064 if (time_before_eq(now,
1065 neigh->confirmed +
1066 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1067 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1068 neigh->nud_state = NUD_REACHABLE;
1069 neigh->updated = jiffies;
1070 neigh_connect(neigh);
1071 notify = 1;
1072 next = neigh->confirmed + neigh->parms->reachable_time;
1073 } else {
1074 neigh_dbg(2, "neigh %p is probed\n", neigh);
1075 neigh->nud_state = NUD_PROBE;
1076 neigh->updated = jiffies;
1077 atomic_set(&neigh->probes, 0);
1078 notify = 1;
1079 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
1080 }
1081 } else {
1082 /* NUD_PROBE|NUD_INCOMPLETE */
1083 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
1084 }
1085
1086 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1087 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1088 neigh->nud_state = NUD_FAILED;
1089 notify = 1;
1090 neigh_invalidate(neigh);
1091 goto out;
1092 }
1093
1094 if (neigh->nud_state & NUD_IN_TIMER) {
1095 if (time_before(next, jiffies + HZ/2))
1096 next = jiffies + HZ/2;
1097 if (!mod_timer(&neigh->timer, next))
1098 neigh_hold(neigh);
1099 }
1100 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1101 neigh_probe(neigh);
1102 } else {
1103 out:
1104 write_unlock(&neigh->lock);
1105 }
1106
1107 if (notify)
1108 neigh_update_notify(neigh, 0);
1109
1110 trace_neigh_timer_handler(neigh, 0);
1111
1112 neigh_release(neigh);
1113 }
1114
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1115 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1116 {
1117 int rc;
1118 bool immediate_probe = false;
1119
1120 write_lock_bh(&neigh->lock);
1121
1122 rc = 0;
1123 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1124 goto out_unlock_bh;
1125 if (neigh->dead)
1126 goto out_dead;
1127
1128 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1129 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1130 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1131 unsigned long next, now = jiffies;
1132
1133 atomic_set(&neigh->probes,
1134 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1135 neigh_del_timer(neigh);
1136 neigh->nud_state = NUD_INCOMPLETE;
1137 neigh->updated = now;
1138 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1139 HZ/2);
1140 neigh_add_timer(neigh, next);
1141 immediate_probe = true;
1142 } else {
1143 neigh->nud_state = NUD_FAILED;
1144 neigh->updated = jiffies;
1145 write_unlock_bh(&neigh->lock);
1146
1147 kfree_skb(skb);
1148 return 1;
1149 }
1150 } else if (neigh->nud_state & NUD_STALE) {
1151 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1152 neigh_del_timer(neigh);
1153 neigh->nud_state = NUD_DELAY;
1154 neigh->updated = jiffies;
1155 neigh_add_timer(neigh, jiffies +
1156 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1157 }
1158
1159 if (neigh->nud_state == NUD_INCOMPLETE) {
1160 if (skb) {
1161 while (neigh->arp_queue_len_bytes + skb->truesize >
1162 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1163 struct sk_buff *buff;
1164
1165 buff = __skb_dequeue(&neigh->arp_queue);
1166 if (!buff)
1167 break;
1168 neigh->arp_queue_len_bytes -= buff->truesize;
1169 kfree_skb(buff);
1170 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1171 }
1172 skb_dst_force(skb);
1173 __skb_queue_tail(&neigh->arp_queue, skb);
1174 neigh->arp_queue_len_bytes += skb->truesize;
1175 }
1176 rc = 1;
1177 }
1178 out_unlock_bh:
1179 if (immediate_probe)
1180 neigh_probe(neigh);
1181 else
1182 write_unlock(&neigh->lock);
1183 local_bh_enable();
1184 trace_neigh_event_send_done(neigh, rc);
1185 return rc;
1186
1187 out_dead:
1188 if (neigh->nud_state & NUD_STALE)
1189 goto out_unlock_bh;
1190 write_unlock_bh(&neigh->lock);
1191 kfree_skb(skb);
1192 trace_neigh_event_send_dead(neigh, 1);
1193 return 1;
1194 }
1195 EXPORT_SYMBOL(__neigh_event_send);
1196
neigh_update_hhs(struct neighbour * neigh)1197 static void neigh_update_hhs(struct neighbour *neigh)
1198 {
1199 struct hh_cache *hh;
1200 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1201 = NULL;
1202
1203 if (neigh->dev->header_ops)
1204 update = neigh->dev->header_ops->cache_update;
1205
1206 if (update) {
1207 hh = &neigh->hh;
1208 if (READ_ONCE(hh->hh_len)) {
1209 write_seqlock_bh(&hh->hh_lock);
1210 update(hh, neigh->dev, neigh->ha);
1211 write_sequnlock_bh(&hh->hh_lock);
1212 }
1213 }
1214 }
1215
1216
1217
1218 /* Generic update routine.
1219 -- lladdr is new lladdr or NULL, if it is not supplied.
1220 -- new is new state.
1221 -- flags
1222 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1223 if it is different.
1224 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1225 lladdr instead of overriding it
1226 if it is different.
1227 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1228 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1229 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1230 NTF_ROUTER flag.
1231 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1232 a router.
1233
1234 Caller MUST hold reference count on the entry.
1235 */
1236
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1237 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1238 u8 new, u32 flags, u32 nlmsg_pid,
1239 struct netlink_ext_ack *extack)
1240 {
1241 bool ext_learn_change = false;
1242 u8 old;
1243 int err;
1244 int notify = 0;
1245 struct net_device *dev;
1246 int update_isrouter = 0;
1247
1248 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1249
1250 write_lock_bh(&neigh->lock);
1251
1252 dev = neigh->dev;
1253 old = neigh->nud_state;
1254 err = -EPERM;
1255
1256 if (neigh->dead) {
1257 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1258 new = old;
1259 goto out;
1260 }
1261 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1262 (old & (NUD_NOARP | NUD_PERMANENT)))
1263 goto out;
1264
1265 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1266 if (flags & NEIGH_UPDATE_F_USE) {
1267 new = old & ~NUD_PERMANENT;
1268 neigh->nud_state = new;
1269 err = 0;
1270 goto out;
1271 }
1272
1273 if (!(new & NUD_VALID)) {
1274 neigh_del_timer(neigh);
1275 if (old & NUD_CONNECTED)
1276 neigh_suspect(neigh);
1277 neigh->nud_state = new;
1278 err = 0;
1279 notify = old & NUD_VALID;
1280 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1281 (new & NUD_FAILED)) {
1282 neigh_invalidate(neigh);
1283 notify = 1;
1284 }
1285 goto out;
1286 }
1287
1288 /* Compare new lladdr with cached one */
1289 if (!dev->addr_len) {
1290 /* First case: device needs no address. */
1291 lladdr = neigh->ha;
1292 } else if (lladdr) {
1293 /* The second case: if something is already cached
1294 and a new address is proposed:
1295 - compare new & old
1296 - if they are different, check override flag
1297 */
1298 if ((old & NUD_VALID) &&
1299 !memcmp(lladdr, neigh->ha, dev->addr_len))
1300 lladdr = neigh->ha;
1301 } else {
1302 /* No address is supplied; if we know something,
1303 use it, otherwise discard the request.
1304 */
1305 err = -EINVAL;
1306 if (!(old & NUD_VALID)) {
1307 NL_SET_ERR_MSG(extack, "No link layer address given");
1308 goto out;
1309 }
1310 lladdr = neigh->ha;
1311 }
1312
1313 /* Update confirmed timestamp for neighbour entry after we
1314 * received ARP packet even if it doesn't change IP to MAC binding.
1315 */
1316 if (new & NUD_CONNECTED)
1317 neigh->confirmed = jiffies;
1318
1319 /* If entry was valid and address is not changed,
1320 do not change entry state, if new one is STALE.
1321 */
1322 err = 0;
1323 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1324 if (old & NUD_VALID) {
1325 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1326 update_isrouter = 0;
1327 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1328 (old & NUD_CONNECTED)) {
1329 lladdr = neigh->ha;
1330 new = NUD_STALE;
1331 } else
1332 goto out;
1333 } else {
1334 if (lladdr == neigh->ha && new == NUD_STALE &&
1335 !(flags & NEIGH_UPDATE_F_ADMIN))
1336 new = old;
1337 }
1338 }
1339
1340 /* Update timestamp only once we know we will make a change to the
1341 * neighbour entry. Otherwise we risk to move the locktime window with
1342 * noop updates and ignore relevant ARP updates.
1343 */
1344 if (new != old || lladdr != neigh->ha)
1345 neigh->updated = jiffies;
1346
1347 if (new != old) {
1348 neigh_del_timer(neigh);
1349 if (new & NUD_PROBE)
1350 atomic_set(&neigh->probes, 0);
1351 if (new & NUD_IN_TIMER)
1352 neigh_add_timer(neigh, (jiffies +
1353 ((new & NUD_REACHABLE) ?
1354 neigh->parms->reachable_time :
1355 0)));
1356 neigh->nud_state = new;
1357 notify = 1;
1358 }
1359
1360 if (lladdr != neigh->ha) {
1361 write_seqlock(&neigh->ha_lock);
1362 memcpy(&neigh->ha, lladdr, dev->addr_len);
1363 write_sequnlock(&neigh->ha_lock);
1364 neigh_update_hhs(neigh);
1365 if (!(new & NUD_CONNECTED))
1366 neigh->confirmed = jiffies -
1367 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1368 notify = 1;
1369 }
1370 if (new == old)
1371 goto out;
1372 if (new & NUD_CONNECTED)
1373 neigh_connect(neigh);
1374 else
1375 neigh_suspect(neigh);
1376 if (!(old & NUD_VALID)) {
1377 struct sk_buff *skb;
1378
1379 /* Again: avoid dead loop if something went wrong */
1380
1381 while (neigh->nud_state & NUD_VALID &&
1382 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1383 struct dst_entry *dst = skb_dst(skb);
1384 struct neighbour *n2, *n1 = neigh;
1385 write_unlock_bh(&neigh->lock);
1386
1387 rcu_read_lock();
1388
1389 /* Why not just use 'neigh' as-is? The problem is that
1390 * things such as shaper, eql, and sch_teql can end up
1391 * using alternative, different, neigh objects to output
1392 * the packet in the output path. So what we need to do
1393 * here is re-lookup the top-level neigh in the path so
1394 * we can reinject the packet there.
1395 */
1396 n2 = NULL;
1397 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1398 n2 = dst_neigh_lookup_skb(dst, skb);
1399 if (n2)
1400 n1 = n2;
1401 }
1402 n1->output(n1, skb);
1403 if (n2)
1404 neigh_release(n2);
1405 rcu_read_unlock();
1406
1407 write_lock_bh(&neigh->lock);
1408 }
1409 __skb_queue_purge(&neigh->arp_queue);
1410 neigh->arp_queue_len_bytes = 0;
1411 }
1412 out:
1413 if (update_isrouter)
1414 neigh_update_is_router(neigh, flags, ¬ify);
1415 write_unlock_bh(&neigh->lock);
1416
1417 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1418 neigh_update_gc_list(neigh);
1419
1420 if (notify)
1421 neigh_update_notify(neigh, nlmsg_pid);
1422
1423 trace_neigh_update_done(neigh, err);
1424
1425 return err;
1426 }
1427
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1428 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1429 u32 flags, u32 nlmsg_pid)
1430 {
1431 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1432 }
1433 EXPORT_SYMBOL(neigh_update);
1434
1435 /* Update the neigh to listen temporarily for probe responses, even if it is
1436 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1437 */
__neigh_set_probe_once(struct neighbour * neigh)1438 void __neigh_set_probe_once(struct neighbour *neigh)
1439 {
1440 if (neigh->dead)
1441 return;
1442 neigh->updated = jiffies;
1443 if (!(neigh->nud_state & NUD_FAILED))
1444 return;
1445 neigh->nud_state = NUD_INCOMPLETE;
1446 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1447 neigh_add_timer(neigh,
1448 jiffies + NEIGH_VAR(neigh->parms, RETRANS_TIME));
1449 }
1450 EXPORT_SYMBOL(__neigh_set_probe_once);
1451
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1452 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1453 u8 *lladdr, void *saddr,
1454 struct net_device *dev)
1455 {
1456 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1457 lladdr || !dev->addr_len);
1458 if (neigh)
1459 neigh_update(neigh, lladdr, NUD_STALE,
1460 NEIGH_UPDATE_F_OVERRIDE, 0);
1461 return neigh;
1462 }
1463 EXPORT_SYMBOL(neigh_event_ns);
1464
1465 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1466 static void neigh_hh_init(struct neighbour *n)
1467 {
1468 struct net_device *dev = n->dev;
1469 __be16 prot = n->tbl->protocol;
1470 struct hh_cache *hh = &n->hh;
1471
1472 write_lock_bh(&n->lock);
1473
1474 /* Only one thread can come in here and initialize the
1475 * hh_cache entry.
1476 */
1477 if (!hh->hh_len)
1478 dev->header_ops->cache(n, hh, prot);
1479
1480 write_unlock_bh(&n->lock);
1481 }
1482
1483 /* Slow and careful. */
1484
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1485 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1486 {
1487 int rc = 0;
1488
1489 if (!neigh_event_send(neigh, skb)) {
1490 int err;
1491 struct net_device *dev = neigh->dev;
1492 unsigned int seq;
1493
1494 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1495 neigh_hh_init(neigh);
1496
1497 do {
1498 __skb_pull(skb, skb_network_offset(skb));
1499 seq = read_seqbegin(&neigh->ha_lock);
1500 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1501 neigh->ha, NULL, skb->len);
1502 } while (read_seqretry(&neigh->ha_lock, seq));
1503
1504 if (err >= 0)
1505 rc = dev_queue_xmit(skb);
1506 else
1507 goto out_kfree_skb;
1508 }
1509 out:
1510 return rc;
1511 out_kfree_skb:
1512 rc = -EINVAL;
1513 kfree_skb(skb);
1514 goto out;
1515 }
1516 EXPORT_SYMBOL(neigh_resolve_output);
1517
1518 /* As fast as possible without hh cache */
1519
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1520 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1521 {
1522 struct net_device *dev = neigh->dev;
1523 unsigned int seq;
1524 int err;
1525
1526 do {
1527 __skb_pull(skb, skb_network_offset(skb));
1528 seq = read_seqbegin(&neigh->ha_lock);
1529 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1530 neigh->ha, NULL, skb->len);
1531 } while (read_seqretry(&neigh->ha_lock, seq));
1532
1533 if (err >= 0)
1534 err = dev_queue_xmit(skb);
1535 else {
1536 err = -EINVAL;
1537 kfree_skb(skb);
1538 }
1539 return err;
1540 }
1541 EXPORT_SYMBOL(neigh_connected_output);
1542
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1543 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1544 {
1545 return dev_queue_xmit(skb);
1546 }
1547 EXPORT_SYMBOL(neigh_direct_output);
1548
neigh_proxy_process(struct timer_list * t)1549 static void neigh_proxy_process(struct timer_list *t)
1550 {
1551 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1552 long sched_next = 0;
1553 unsigned long now = jiffies;
1554 struct sk_buff *skb, *n;
1555
1556 spin_lock(&tbl->proxy_queue.lock);
1557
1558 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1559 long tdif = NEIGH_CB(skb)->sched_next - now;
1560
1561 if (tdif <= 0) {
1562 struct net_device *dev = skb->dev;
1563
1564 __skb_unlink(skb, &tbl->proxy_queue);
1565 if (tbl->proxy_redo && netif_running(dev)) {
1566 rcu_read_lock();
1567 tbl->proxy_redo(skb);
1568 rcu_read_unlock();
1569 } else {
1570 kfree_skb(skb);
1571 }
1572
1573 dev_put(dev);
1574 } else if (!sched_next || tdif < sched_next)
1575 sched_next = tdif;
1576 }
1577 del_timer(&tbl->proxy_timer);
1578 if (sched_next)
1579 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1580 spin_unlock(&tbl->proxy_queue.lock);
1581 }
1582
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1583 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1584 struct sk_buff *skb)
1585 {
1586 unsigned long now = jiffies;
1587
1588 unsigned long sched_next = now + (prandom_u32() %
1589 NEIGH_VAR(p, PROXY_DELAY));
1590
1591 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1592 kfree_skb(skb);
1593 return;
1594 }
1595
1596 NEIGH_CB(skb)->sched_next = sched_next;
1597 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1598
1599 spin_lock(&tbl->proxy_queue.lock);
1600 if (del_timer(&tbl->proxy_timer)) {
1601 if (time_before(tbl->proxy_timer.expires, sched_next))
1602 sched_next = tbl->proxy_timer.expires;
1603 }
1604 skb_dst_drop(skb);
1605 dev_hold(skb->dev);
1606 __skb_queue_tail(&tbl->proxy_queue, skb);
1607 mod_timer(&tbl->proxy_timer, sched_next);
1608 spin_unlock(&tbl->proxy_queue.lock);
1609 }
1610 EXPORT_SYMBOL(pneigh_enqueue);
1611
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1612 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1613 struct net *net, int ifindex)
1614 {
1615 struct neigh_parms *p;
1616
1617 list_for_each_entry(p, &tbl->parms_list, list) {
1618 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1619 (!p->dev && !ifindex && net_eq(net, &init_net)))
1620 return p;
1621 }
1622
1623 return NULL;
1624 }
1625
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1626 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1627 struct neigh_table *tbl)
1628 {
1629 struct neigh_parms *p;
1630 struct net *net = dev_net(dev);
1631 const struct net_device_ops *ops = dev->netdev_ops;
1632
1633 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1634 if (p) {
1635 p->tbl = tbl;
1636 refcount_set(&p->refcnt, 1);
1637 p->reachable_time =
1638 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1639 dev_hold(dev);
1640 p->dev = dev;
1641 write_pnet(&p->net, net);
1642 p->sysctl_table = NULL;
1643
1644 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1645 dev_put(dev);
1646 kfree(p);
1647 return NULL;
1648 }
1649
1650 write_lock_bh(&tbl->lock);
1651 list_add(&p->list, &tbl->parms.list);
1652 write_unlock_bh(&tbl->lock);
1653
1654 neigh_parms_data_state_cleanall(p);
1655 }
1656 return p;
1657 }
1658 EXPORT_SYMBOL(neigh_parms_alloc);
1659
neigh_rcu_free_parms(struct rcu_head * head)1660 static void neigh_rcu_free_parms(struct rcu_head *head)
1661 {
1662 struct neigh_parms *parms =
1663 container_of(head, struct neigh_parms, rcu_head);
1664
1665 neigh_parms_put(parms);
1666 }
1667
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1668 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1669 {
1670 if (!parms || parms == &tbl->parms)
1671 return;
1672 write_lock_bh(&tbl->lock);
1673 list_del(&parms->list);
1674 parms->dead = 1;
1675 write_unlock_bh(&tbl->lock);
1676 if (parms->dev)
1677 dev_put(parms->dev);
1678 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1679 }
1680 EXPORT_SYMBOL(neigh_parms_release);
1681
neigh_parms_destroy(struct neigh_parms * parms)1682 static void neigh_parms_destroy(struct neigh_parms *parms)
1683 {
1684 kfree(parms);
1685 }
1686
1687 static struct lock_class_key neigh_table_proxy_queue_class;
1688
1689 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1690
neigh_table_init(int index,struct neigh_table * tbl)1691 void neigh_table_init(int index, struct neigh_table *tbl)
1692 {
1693 unsigned long now = jiffies;
1694 unsigned long phsize;
1695
1696 INIT_LIST_HEAD(&tbl->parms_list);
1697 INIT_LIST_HEAD(&tbl->gc_list);
1698 list_add(&tbl->parms.list, &tbl->parms_list);
1699 write_pnet(&tbl->parms.net, &init_net);
1700 refcount_set(&tbl->parms.refcnt, 1);
1701 tbl->parms.reachable_time =
1702 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1703
1704 tbl->stats = alloc_percpu(struct neigh_statistics);
1705 if (!tbl->stats)
1706 panic("cannot create neighbour cache statistics");
1707
1708 #ifdef CONFIG_PROC_FS
1709 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1710 &neigh_stat_seq_ops, tbl))
1711 panic("cannot create neighbour proc dir entry");
1712 #endif
1713
1714 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1715
1716 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1717 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1718
1719 if (!tbl->nht || !tbl->phash_buckets)
1720 panic("cannot allocate neighbour cache hashes");
1721
1722 if (!tbl->entry_size)
1723 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1724 tbl->key_len, NEIGH_PRIV_ALIGN);
1725 else
1726 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1727
1728 rwlock_init(&tbl->lock);
1729 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1730 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1731 tbl->parms.reachable_time);
1732 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1733 skb_queue_head_init_class(&tbl->proxy_queue,
1734 &neigh_table_proxy_queue_class);
1735
1736 tbl->last_flush = now;
1737 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1738
1739 neigh_tables[index] = tbl;
1740 }
1741 EXPORT_SYMBOL(neigh_table_init);
1742
neigh_table_clear(int index,struct neigh_table * tbl)1743 int neigh_table_clear(int index, struct neigh_table *tbl)
1744 {
1745 neigh_tables[index] = NULL;
1746 /* It is not clean... Fix it to unload IPv6 module safely */
1747 cancel_delayed_work_sync(&tbl->gc_work);
1748 del_timer_sync(&tbl->proxy_timer);
1749 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1750 neigh_ifdown(tbl, NULL);
1751 if (atomic_read(&tbl->entries))
1752 pr_crit("neighbour leakage\n");
1753
1754 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1755 neigh_hash_free_rcu);
1756 tbl->nht = NULL;
1757
1758 kfree(tbl->phash_buckets);
1759 tbl->phash_buckets = NULL;
1760
1761 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1762
1763 free_percpu(tbl->stats);
1764 tbl->stats = NULL;
1765
1766 return 0;
1767 }
1768 EXPORT_SYMBOL(neigh_table_clear);
1769
neigh_find_table(int family)1770 static struct neigh_table *neigh_find_table(int family)
1771 {
1772 struct neigh_table *tbl = NULL;
1773
1774 switch (family) {
1775 case AF_INET:
1776 tbl = neigh_tables[NEIGH_ARP_TABLE];
1777 break;
1778 case AF_INET6:
1779 tbl = neigh_tables[NEIGH_ND_TABLE];
1780 break;
1781 }
1782
1783 return tbl;
1784 }
1785
1786 const struct nla_policy nda_policy[NDA_MAX+1] = {
1787 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1788 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1789 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1790 [NDA_PROBES] = { .type = NLA_U32 },
1791 [NDA_VLAN] = { .type = NLA_U16 },
1792 [NDA_PORT] = { .type = NLA_U16 },
1793 [NDA_VNI] = { .type = NLA_U32 },
1794 [NDA_IFINDEX] = { .type = NLA_U32 },
1795 [NDA_MASTER] = { .type = NLA_U32 },
1796 [NDA_PROTOCOL] = { .type = NLA_U8 },
1797 };
1798
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1799 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1800 struct netlink_ext_ack *extack)
1801 {
1802 struct net *net = sock_net(skb->sk);
1803 struct ndmsg *ndm;
1804 struct nlattr *dst_attr;
1805 struct neigh_table *tbl;
1806 struct neighbour *neigh;
1807 struct net_device *dev = NULL;
1808 int err = -EINVAL;
1809
1810 ASSERT_RTNL();
1811 if (nlmsg_len(nlh) < sizeof(*ndm))
1812 goto out;
1813
1814 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1815 if (!dst_attr) {
1816 NL_SET_ERR_MSG(extack, "Network address not specified");
1817 goto out;
1818 }
1819
1820 ndm = nlmsg_data(nlh);
1821 if (ndm->ndm_ifindex) {
1822 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1823 if (dev == NULL) {
1824 err = -ENODEV;
1825 goto out;
1826 }
1827 }
1828
1829 tbl = neigh_find_table(ndm->ndm_family);
1830 if (tbl == NULL)
1831 return -EAFNOSUPPORT;
1832
1833 if (nla_len(dst_attr) < (int)tbl->key_len) {
1834 NL_SET_ERR_MSG(extack, "Invalid network address");
1835 goto out;
1836 }
1837
1838 if (ndm->ndm_flags & NTF_PROXY) {
1839 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1840 goto out;
1841 }
1842
1843 if (dev == NULL)
1844 goto out;
1845
1846 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1847 if (neigh == NULL) {
1848 err = -ENOENT;
1849 goto out;
1850 }
1851
1852 err = __neigh_update(neigh, NULL, NUD_FAILED,
1853 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1854 NETLINK_CB(skb).portid, extack);
1855 write_lock_bh(&tbl->lock);
1856 neigh_release(neigh);
1857 neigh_remove_one(neigh, tbl);
1858 write_unlock_bh(&tbl->lock);
1859
1860 out:
1861 return err;
1862 }
1863
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1864 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1865 struct netlink_ext_ack *extack)
1866 {
1867 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1868 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1869 struct net *net = sock_net(skb->sk);
1870 struct ndmsg *ndm;
1871 struct nlattr *tb[NDA_MAX+1];
1872 struct neigh_table *tbl;
1873 struct net_device *dev = NULL;
1874 struct neighbour *neigh;
1875 void *dst, *lladdr;
1876 u8 protocol = 0;
1877 int err;
1878
1879 ASSERT_RTNL();
1880 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1881 nda_policy, extack);
1882 if (err < 0)
1883 goto out;
1884
1885 err = -EINVAL;
1886 if (!tb[NDA_DST]) {
1887 NL_SET_ERR_MSG(extack, "Network address not specified");
1888 goto out;
1889 }
1890
1891 ndm = nlmsg_data(nlh);
1892 if (ndm->ndm_ifindex) {
1893 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1894 if (dev == NULL) {
1895 err = -ENODEV;
1896 goto out;
1897 }
1898
1899 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1900 NL_SET_ERR_MSG(extack, "Invalid link address");
1901 goto out;
1902 }
1903 }
1904
1905 tbl = neigh_find_table(ndm->ndm_family);
1906 if (tbl == NULL)
1907 return -EAFNOSUPPORT;
1908
1909 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1910 NL_SET_ERR_MSG(extack, "Invalid network address");
1911 goto out;
1912 }
1913
1914 dst = nla_data(tb[NDA_DST]);
1915 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1916
1917 if (tb[NDA_PROTOCOL])
1918 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1919
1920 if (ndm->ndm_flags & NTF_PROXY) {
1921 struct pneigh_entry *pn;
1922
1923 err = -ENOBUFS;
1924 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1925 if (pn) {
1926 pn->flags = ndm->ndm_flags;
1927 if (protocol)
1928 pn->protocol = protocol;
1929 err = 0;
1930 }
1931 goto out;
1932 }
1933
1934 if (!dev) {
1935 NL_SET_ERR_MSG(extack, "Device not specified");
1936 goto out;
1937 }
1938
1939 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1940 err = -EINVAL;
1941 goto out;
1942 }
1943
1944 neigh = neigh_lookup(tbl, dst, dev);
1945 if (neigh == NULL) {
1946 bool exempt_from_gc;
1947
1948 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1949 err = -ENOENT;
1950 goto out;
1951 }
1952
1953 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1954 ndm->ndm_flags & NTF_EXT_LEARNED;
1955 neigh = ___neigh_create(tbl, dst, dev,
1956 ndm->ndm_flags & NTF_EXT_LEARNED,
1957 exempt_from_gc, true);
1958 if (IS_ERR(neigh)) {
1959 err = PTR_ERR(neigh);
1960 goto out;
1961 }
1962 } else {
1963 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1964 err = -EEXIST;
1965 neigh_release(neigh);
1966 goto out;
1967 }
1968
1969 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1970 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1971 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1972 }
1973
1974 if (protocol)
1975 neigh->protocol = protocol;
1976 if (ndm->ndm_flags & NTF_EXT_LEARNED)
1977 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
1978 if (ndm->ndm_flags & NTF_ROUTER)
1979 flags |= NEIGH_UPDATE_F_ISROUTER;
1980 if (ndm->ndm_flags & NTF_USE)
1981 flags |= NEIGH_UPDATE_F_USE;
1982
1983 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
1984 NETLINK_CB(skb).portid, extack);
1985 if (!err && ndm->ndm_flags & NTF_USE) {
1986 neigh_event_send(neigh, NULL);
1987 err = 0;
1988 }
1989 neigh_release(neigh);
1990 out:
1991 return err;
1992 }
1993
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)1994 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1995 {
1996 struct nlattr *nest;
1997
1998 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
1999 if (nest == NULL)
2000 return -ENOBUFS;
2001
2002 if ((parms->dev &&
2003 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2004 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2005 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2006 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2007 /* approximative value for deprecated QUEUE_LEN (in packets) */
2008 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2009 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2010 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2011 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2012 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2013 NEIGH_VAR(parms, UCAST_PROBES)) ||
2014 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2015 NEIGH_VAR(parms, MCAST_PROBES)) ||
2016 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2017 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2018 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2019 NDTPA_PAD) ||
2020 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2021 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2022 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2023 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2024 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2025 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2026 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2027 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2028 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2029 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2030 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2031 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2032 nla_put_msecs(skb, NDTPA_LOCKTIME,
2033 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2034 goto nla_put_failure;
2035 return nla_nest_end(skb, nest);
2036
2037 nla_put_failure:
2038 nla_nest_cancel(skb, nest);
2039 return -EMSGSIZE;
2040 }
2041
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2042 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2043 u32 pid, u32 seq, int type, int flags)
2044 {
2045 struct nlmsghdr *nlh;
2046 struct ndtmsg *ndtmsg;
2047
2048 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2049 if (nlh == NULL)
2050 return -EMSGSIZE;
2051
2052 ndtmsg = nlmsg_data(nlh);
2053
2054 read_lock_bh(&tbl->lock);
2055 ndtmsg->ndtm_family = tbl->family;
2056 ndtmsg->ndtm_pad1 = 0;
2057 ndtmsg->ndtm_pad2 = 0;
2058
2059 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2060 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval),
2061 NDTA_PAD) ||
2062 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) ||
2063 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) ||
2064 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3)))
2065 goto nla_put_failure;
2066 {
2067 unsigned long now = jiffies;
2068 long flush_delta = now - READ_ONCE(tbl->last_flush);
2069 long rand_delta = now - READ_ONCE(tbl->last_rand);
2070 struct neigh_hash_table *nht;
2071 struct ndt_config ndc = {
2072 .ndtc_key_len = tbl->key_len,
2073 .ndtc_entry_size = tbl->entry_size,
2074 .ndtc_entries = atomic_read(&tbl->entries),
2075 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2076 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2077 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen),
2078 };
2079
2080 rcu_read_lock_bh();
2081 nht = rcu_dereference_bh(tbl->nht);
2082 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2083 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2084 rcu_read_unlock_bh();
2085
2086 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2087 goto nla_put_failure;
2088 }
2089
2090 {
2091 int cpu;
2092 struct ndt_stats ndst;
2093
2094 memset(&ndst, 0, sizeof(ndst));
2095
2096 for_each_possible_cpu(cpu) {
2097 struct neigh_statistics *st;
2098
2099 st = per_cpu_ptr(tbl->stats, cpu);
2100 ndst.ndts_allocs += READ_ONCE(st->allocs);
2101 ndst.ndts_destroys += READ_ONCE(st->destroys);
2102 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows);
2103 ndst.ndts_res_failed += READ_ONCE(st->res_failed);
2104 ndst.ndts_lookups += READ_ONCE(st->lookups);
2105 ndst.ndts_hits += READ_ONCE(st->hits);
2106 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast);
2107 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast);
2108 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs);
2109 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs);
2110 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls);
2111 }
2112
2113 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2114 NDTA_PAD))
2115 goto nla_put_failure;
2116 }
2117
2118 BUG_ON(tbl->parms.dev);
2119 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2120 goto nla_put_failure;
2121
2122 read_unlock_bh(&tbl->lock);
2123 nlmsg_end(skb, nlh);
2124 return 0;
2125
2126 nla_put_failure:
2127 read_unlock_bh(&tbl->lock);
2128 nlmsg_cancel(skb, nlh);
2129 return -EMSGSIZE;
2130 }
2131
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2132 static int neightbl_fill_param_info(struct sk_buff *skb,
2133 struct neigh_table *tbl,
2134 struct neigh_parms *parms,
2135 u32 pid, u32 seq, int type,
2136 unsigned int flags)
2137 {
2138 struct ndtmsg *ndtmsg;
2139 struct nlmsghdr *nlh;
2140
2141 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2142 if (nlh == NULL)
2143 return -EMSGSIZE;
2144
2145 ndtmsg = nlmsg_data(nlh);
2146
2147 read_lock_bh(&tbl->lock);
2148 ndtmsg->ndtm_family = tbl->family;
2149 ndtmsg->ndtm_pad1 = 0;
2150 ndtmsg->ndtm_pad2 = 0;
2151
2152 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2153 neightbl_fill_parms(skb, parms) < 0)
2154 goto errout;
2155
2156 read_unlock_bh(&tbl->lock);
2157 nlmsg_end(skb, nlh);
2158 return 0;
2159 errout:
2160 read_unlock_bh(&tbl->lock);
2161 nlmsg_cancel(skb, nlh);
2162 return -EMSGSIZE;
2163 }
2164
2165 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2166 [NDTA_NAME] = { .type = NLA_STRING },
2167 [NDTA_THRESH1] = { .type = NLA_U32 },
2168 [NDTA_THRESH2] = { .type = NLA_U32 },
2169 [NDTA_THRESH3] = { .type = NLA_U32 },
2170 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2171 [NDTA_PARMS] = { .type = NLA_NESTED },
2172 };
2173
2174 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2175 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2176 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2177 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2178 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2179 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2180 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2181 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2182 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2183 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2184 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2185 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2186 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2187 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2188 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2189 };
2190
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2191 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2192 struct netlink_ext_ack *extack)
2193 {
2194 struct net *net = sock_net(skb->sk);
2195 struct neigh_table *tbl;
2196 struct ndtmsg *ndtmsg;
2197 struct nlattr *tb[NDTA_MAX+1];
2198 bool found = false;
2199 int err, tidx;
2200
2201 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2202 nl_neightbl_policy, extack);
2203 if (err < 0)
2204 goto errout;
2205
2206 if (tb[NDTA_NAME] == NULL) {
2207 err = -EINVAL;
2208 goto errout;
2209 }
2210
2211 ndtmsg = nlmsg_data(nlh);
2212
2213 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2214 tbl = neigh_tables[tidx];
2215 if (!tbl)
2216 continue;
2217 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2218 continue;
2219 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2220 found = true;
2221 break;
2222 }
2223 }
2224
2225 if (!found)
2226 return -ENOENT;
2227
2228 /*
2229 * We acquire tbl->lock to be nice to the periodic timers and
2230 * make sure they always see a consistent set of values.
2231 */
2232 write_lock_bh(&tbl->lock);
2233
2234 if (tb[NDTA_PARMS]) {
2235 struct nlattr *tbp[NDTPA_MAX+1];
2236 struct neigh_parms *p;
2237 int i, ifindex = 0;
2238
2239 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2240 tb[NDTA_PARMS],
2241 nl_ntbl_parm_policy, extack);
2242 if (err < 0)
2243 goto errout_tbl_lock;
2244
2245 if (tbp[NDTPA_IFINDEX])
2246 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2247
2248 p = lookup_neigh_parms(tbl, net, ifindex);
2249 if (p == NULL) {
2250 err = -ENOENT;
2251 goto errout_tbl_lock;
2252 }
2253
2254 for (i = 1; i <= NDTPA_MAX; i++) {
2255 if (tbp[i] == NULL)
2256 continue;
2257
2258 switch (i) {
2259 case NDTPA_QUEUE_LEN:
2260 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2261 nla_get_u32(tbp[i]) *
2262 SKB_TRUESIZE(ETH_FRAME_LEN));
2263 break;
2264 case NDTPA_QUEUE_LENBYTES:
2265 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2266 nla_get_u32(tbp[i]));
2267 break;
2268 case NDTPA_PROXY_QLEN:
2269 NEIGH_VAR_SET(p, PROXY_QLEN,
2270 nla_get_u32(tbp[i]));
2271 break;
2272 case NDTPA_APP_PROBES:
2273 NEIGH_VAR_SET(p, APP_PROBES,
2274 nla_get_u32(tbp[i]));
2275 break;
2276 case NDTPA_UCAST_PROBES:
2277 NEIGH_VAR_SET(p, UCAST_PROBES,
2278 nla_get_u32(tbp[i]));
2279 break;
2280 case NDTPA_MCAST_PROBES:
2281 NEIGH_VAR_SET(p, MCAST_PROBES,
2282 nla_get_u32(tbp[i]));
2283 break;
2284 case NDTPA_MCAST_REPROBES:
2285 NEIGH_VAR_SET(p, MCAST_REPROBES,
2286 nla_get_u32(tbp[i]));
2287 break;
2288 case NDTPA_BASE_REACHABLE_TIME:
2289 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2290 nla_get_msecs(tbp[i]));
2291 /* update reachable_time as well, otherwise, the change will
2292 * only be effective after the next time neigh_periodic_work
2293 * decides to recompute it (can be multiple minutes)
2294 */
2295 p->reachable_time =
2296 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2297 break;
2298 case NDTPA_GC_STALETIME:
2299 NEIGH_VAR_SET(p, GC_STALETIME,
2300 nla_get_msecs(tbp[i]));
2301 break;
2302 case NDTPA_DELAY_PROBE_TIME:
2303 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2304 nla_get_msecs(tbp[i]));
2305 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2306 break;
2307 case NDTPA_RETRANS_TIME:
2308 NEIGH_VAR_SET(p, RETRANS_TIME,
2309 nla_get_msecs(tbp[i]));
2310 break;
2311 case NDTPA_ANYCAST_DELAY:
2312 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2313 nla_get_msecs(tbp[i]));
2314 break;
2315 case NDTPA_PROXY_DELAY:
2316 NEIGH_VAR_SET(p, PROXY_DELAY,
2317 nla_get_msecs(tbp[i]));
2318 break;
2319 case NDTPA_LOCKTIME:
2320 NEIGH_VAR_SET(p, LOCKTIME,
2321 nla_get_msecs(tbp[i]));
2322 break;
2323 }
2324 }
2325 }
2326
2327 err = -ENOENT;
2328 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2329 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2330 !net_eq(net, &init_net))
2331 goto errout_tbl_lock;
2332
2333 if (tb[NDTA_THRESH1])
2334 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1]));
2335
2336 if (tb[NDTA_THRESH2])
2337 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2]));
2338
2339 if (tb[NDTA_THRESH3])
2340 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3]));
2341
2342 if (tb[NDTA_GC_INTERVAL])
2343 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL]));
2344
2345 err = 0;
2346
2347 errout_tbl_lock:
2348 write_unlock_bh(&tbl->lock);
2349 errout:
2350 return err;
2351 }
2352
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2353 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2354 struct netlink_ext_ack *extack)
2355 {
2356 struct ndtmsg *ndtm;
2357
2358 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2359 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2360 return -EINVAL;
2361 }
2362
2363 ndtm = nlmsg_data(nlh);
2364 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2365 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2366 return -EINVAL;
2367 }
2368
2369 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2370 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2371 return -EINVAL;
2372 }
2373
2374 return 0;
2375 }
2376
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2377 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2378 {
2379 const struct nlmsghdr *nlh = cb->nlh;
2380 struct net *net = sock_net(skb->sk);
2381 int family, tidx, nidx = 0;
2382 int tbl_skip = cb->args[0];
2383 int neigh_skip = cb->args[1];
2384 struct neigh_table *tbl;
2385
2386 if (cb->strict_check) {
2387 int err = neightbl_valid_dump_info(nlh, cb->extack);
2388
2389 if (err < 0)
2390 return err;
2391 }
2392
2393 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2394
2395 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2396 struct neigh_parms *p;
2397
2398 tbl = neigh_tables[tidx];
2399 if (!tbl)
2400 continue;
2401
2402 if (tidx < tbl_skip || (family && tbl->family != family))
2403 continue;
2404
2405 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2406 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2407 NLM_F_MULTI) < 0)
2408 break;
2409
2410 nidx = 0;
2411 p = list_next_entry(&tbl->parms, list);
2412 list_for_each_entry_from(p, &tbl->parms_list, list) {
2413 if (!net_eq(neigh_parms_net(p), net))
2414 continue;
2415
2416 if (nidx < neigh_skip)
2417 goto next;
2418
2419 if (neightbl_fill_param_info(skb, tbl, p,
2420 NETLINK_CB(cb->skb).portid,
2421 nlh->nlmsg_seq,
2422 RTM_NEWNEIGHTBL,
2423 NLM_F_MULTI) < 0)
2424 goto out;
2425 next:
2426 nidx++;
2427 }
2428
2429 neigh_skip = 0;
2430 }
2431 out:
2432 cb->args[0] = tidx;
2433 cb->args[1] = nidx;
2434
2435 return skb->len;
2436 }
2437
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2438 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2439 u32 pid, u32 seq, int type, unsigned int flags)
2440 {
2441 unsigned long now = jiffies;
2442 struct nda_cacheinfo ci;
2443 struct nlmsghdr *nlh;
2444 struct ndmsg *ndm;
2445
2446 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2447 if (nlh == NULL)
2448 return -EMSGSIZE;
2449
2450 ndm = nlmsg_data(nlh);
2451 ndm->ndm_family = neigh->ops->family;
2452 ndm->ndm_pad1 = 0;
2453 ndm->ndm_pad2 = 0;
2454 ndm->ndm_flags = neigh->flags;
2455 ndm->ndm_type = neigh->type;
2456 ndm->ndm_ifindex = neigh->dev->ifindex;
2457
2458 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2459 goto nla_put_failure;
2460
2461 read_lock_bh(&neigh->lock);
2462 ndm->ndm_state = neigh->nud_state;
2463 if (neigh->nud_state & NUD_VALID) {
2464 char haddr[MAX_ADDR_LEN];
2465
2466 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2467 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2468 read_unlock_bh(&neigh->lock);
2469 goto nla_put_failure;
2470 }
2471 }
2472
2473 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2474 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2475 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2476 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2477 read_unlock_bh(&neigh->lock);
2478
2479 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2480 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2481 goto nla_put_failure;
2482
2483 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2484 goto nla_put_failure;
2485
2486 nlmsg_end(skb, nlh);
2487 return 0;
2488
2489 nla_put_failure:
2490 nlmsg_cancel(skb, nlh);
2491 return -EMSGSIZE;
2492 }
2493
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2494 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2495 u32 pid, u32 seq, int type, unsigned int flags,
2496 struct neigh_table *tbl)
2497 {
2498 struct nlmsghdr *nlh;
2499 struct ndmsg *ndm;
2500
2501 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2502 if (nlh == NULL)
2503 return -EMSGSIZE;
2504
2505 ndm = nlmsg_data(nlh);
2506 ndm->ndm_family = tbl->family;
2507 ndm->ndm_pad1 = 0;
2508 ndm->ndm_pad2 = 0;
2509 ndm->ndm_flags = pn->flags | NTF_PROXY;
2510 ndm->ndm_type = RTN_UNICAST;
2511 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2512 ndm->ndm_state = NUD_NONE;
2513
2514 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2515 goto nla_put_failure;
2516
2517 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2518 goto nla_put_failure;
2519
2520 nlmsg_end(skb, nlh);
2521 return 0;
2522
2523 nla_put_failure:
2524 nlmsg_cancel(skb, nlh);
2525 return -EMSGSIZE;
2526 }
2527
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2528 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2529 {
2530 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2531 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2532 }
2533
neigh_master_filtered(struct net_device * dev,int master_idx)2534 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2535 {
2536 struct net_device *master;
2537
2538 if (!master_idx)
2539 return false;
2540
2541 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2542 if (!master || master->ifindex != master_idx)
2543 return true;
2544
2545 return false;
2546 }
2547
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2548 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2549 {
2550 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2551 return true;
2552
2553 return false;
2554 }
2555
2556 struct neigh_dump_filter {
2557 int master_idx;
2558 int dev_idx;
2559 };
2560
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2561 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2562 struct netlink_callback *cb,
2563 struct neigh_dump_filter *filter)
2564 {
2565 struct net *net = sock_net(skb->sk);
2566 struct neighbour *n;
2567 int rc, h, s_h = cb->args[1];
2568 int idx, s_idx = idx = cb->args[2];
2569 struct neigh_hash_table *nht;
2570 unsigned int flags = NLM_F_MULTI;
2571
2572 if (filter->dev_idx || filter->master_idx)
2573 flags |= NLM_F_DUMP_FILTERED;
2574
2575 rcu_read_lock_bh();
2576 nht = rcu_dereference_bh(tbl->nht);
2577
2578 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2579 if (h > s_h)
2580 s_idx = 0;
2581 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2582 n != NULL;
2583 n = rcu_dereference_bh(n->next)) {
2584 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2585 goto next;
2586 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2587 neigh_master_filtered(n->dev, filter->master_idx))
2588 goto next;
2589 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2590 cb->nlh->nlmsg_seq,
2591 RTM_NEWNEIGH,
2592 flags) < 0) {
2593 rc = -1;
2594 goto out;
2595 }
2596 next:
2597 idx++;
2598 }
2599 }
2600 rc = skb->len;
2601 out:
2602 rcu_read_unlock_bh();
2603 cb->args[1] = h;
2604 cb->args[2] = idx;
2605 return rc;
2606 }
2607
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2608 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2609 struct netlink_callback *cb,
2610 struct neigh_dump_filter *filter)
2611 {
2612 struct pneigh_entry *n;
2613 struct net *net = sock_net(skb->sk);
2614 int rc, h, s_h = cb->args[3];
2615 int idx, s_idx = idx = cb->args[4];
2616 unsigned int flags = NLM_F_MULTI;
2617
2618 if (filter->dev_idx || filter->master_idx)
2619 flags |= NLM_F_DUMP_FILTERED;
2620
2621 read_lock_bh(&tbl->lock);
2622
2623 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2624 if (h > s_h)
2625 s_idx = 0;
2626 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2627 if (idx < s_idx || pneigh_net(n) != net)
2628 goto next;
2629 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2630 neigh_master_filtered(n->dev, filter->master_idx))
2631 goto next;
2632 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2633 cb->nlh->nlmsg_seq,
2634 RTM_NEWNEIGH, flags, tbl) < 0) {
2635 read_unlock_bh(&tbl->lock);
2636 rc = -1;
2637 goto out;
2638 }
2639 next:
2640 idx++;
2641 }
2642 }
2643
2644 read_unlock_bh(&tbl->lock);
2645 rc = skb->len;
2646 out:
2647 cb->args[3] = h;
2648 cb->args[4] = idx;
2649 return rc;
2650
2651 }
2652
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2653 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2654 bool strict_check,
2655 struct neigh_dump_filter *filter,
2656 struct netlink_ext_ack *extack)
2657 {
2658 struct nlattr *tb[NDA_MAX + 1];
2659 int err, i;
2660
2661 if (strict_check) {
2662 struct ndmsg *ndm;
2663
2664 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2665 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2666 return -EINVAL;
2667 }
2668
2669 ndm = nlmsg_data(nlh);
2670 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2671 ndm->ndm_state || ndm->ndm_type) {
2672 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2673 return -EINVAL;
2674 }
2675
2676 if (ndm->ndm_flags & ~NTF_PROXY) {
2677 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2678 return -EINVAL;
2679 }
2680
2681 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2682 tb, NDA_MAX, nda_policy,
2683 extack);
2684 } else {
2685 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2686 NDA_MAX, nda_policy, extack);
2687 }
2688 if (err < 0)
2689 return err;
2690
2691 for (i = 0; i <= NDA_MAX; ++i) {
2692 if (!tb[i])
2693 continue;
2694
2695 /* all new attributes should require strict_check */
2696 switch (i) {
2697 case NDA_IFINDEX:
2698 filter->dev_idx = nla_get_u32(tb[i]);
2699 break;
2700 case NDA_MASTER:
2701 filter->master_idx = nla_get_u32(tb[i]);
2702 break;
2703 default:
2704 if (strict_check) {
2705 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2706 return -EINVAL;
2707 }
2708 }
2709 }
2710
2711 return 0;
2712 }
2713
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2714 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2715 {
2716 const struct nlmsghdr *nlh = cb->nlh;
2717 struct neigh_dump_filter filter = {};
2718 struct neigh_table *tbl;
2719 int t, family, s_t;
2720 int proxy = 0;
2721 int err;
2722
2723 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2724
2725 /* check for full ndmsg structure presence, family member is
2726 * the same for both structures
2727 */
2728 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2729 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2730 proxy = 1;
2731
2732 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2733 if (err < 0 && cb->strict_check)
2734 return err;
2735
2736 s_t = cb->args[0];
2737
2738 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2739 tbl = neigh_tables[t];
2740
2741 if (!tbl)
2742 continue;
2743 if (t < s_t || (family && tbl->family != family))
2744 continue;
2745 if (t > s_t)
2746 memset(&cb->args[1], 0, sizeof(cb->args) -
2747 sizeof(cb->args[0]));
2748 if (proxy)
2749 err = pneigh_dump_table(tbl, skb, cb, &filter);
2750 else
2751 err = neigh_dump_table(tbl, skb, cb, &filter);
2752 if (err < 0)
2753 break;
2754 }
2755
2756 cb->args[0] = t;
2757 return skb->len;
2758 }
2759
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2760 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2761 struct neigh_table **tbl,
2762 void **dst, int *dev_idx, u8 *ndm_flags,
2763 struct netlink_ext_ack *extack)
2764 {
2765 struct nlattr *tb[NDA_MAX + 1];
2766 struct ndmsg *ndm;
2767 int err, i;
2768
2769 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2770 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2771 return -EINVAL;
2772 }
2773
2774 ndm = nlmsg_data(nlh);
2775 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2776 ndm->ndm_type) {
2777 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2778 return -EINVAL;
2779 }
2780
2781 if (ndm->ndm_flags & ~NTF_PROXY) {
2782 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2783 return -EINVAL;
2784 }
2785
2786 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2787 NDA_MAX, nda_policy, extack);
2788 if (err < 0)
2789 return err;
2790
2791 *ndm_flags = ndm->ndm_flags;
2792 *dev_idx = ndm->ndm_ifindex;
2793 *tbl = neigh_find_table(ndm->ndm_family);
2794 if (*tbl == NULL) {
2795 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2796 return -EAFNOSUPPORT;
2797 }
2798
2799 for (i = 0; i <= NDA_MAX; ++i) {
2800 if (!tb[i])
2801 continue;
2802
2803 switch (i) {
2804 case NDA_DST:
2805 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2806 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2807 return -EINVAL;
2808 }
2809 *dst = nla_data(tb[i]);
2810 break;
2811 default:
2812 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2813 return -EINVAL;
2814 }
2815 }
2816
2817 return 0;
2818 }
2819
neigh_nlmsg_size(void)2820 static inline size_t neigh_nlmsg_size(void)
2821 {
2822 return NLMSG_ALIGN(sizeof(struct ndmsg))
2823 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2824 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2825 + nla_total_size(sizeof(struct nda_cacheinfo))
2826 + nla_total_size(4) /* NDA_PROBES */
2827 + nla_total_size(1); /* NDA_PROTOCOL */
2828 }
2829
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2830 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2831 u32 pid, u32 seq)
2832 {
2833 struct sk_buff *skb;
2834 int err = 0;
2835
2836 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2837 if (!skb)
2838 return -ENOBUFS;
2839
2840 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2841 if (err) {
2842 kfree_skb(skb);
2843 goto errout;
2844 }
2845
2846 err = rtnl_unicast(skb, net, pid);
2847 errout:
2848 return err;
2849 }
2850
pneigh_nlmsg_size(void)2851 static inline size_t pneigh_nlmsg_size(void)
2852 {
2853 return NLMSG_ALIGN(sizeof(struct ndmsg))
2854 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2855 + nla_total_size(1); /* NDA_PROTOCOL */
2856 }
2857
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2858 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2859 u32 pid, u32 seq, struct neigh_table *tbl)
2860 {
2861 struct sk_buff *skb;
2862 int err = 0;
2863
2864 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2865 if (!skb)
2866 return -ENOBUFS;
2867
2868 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2869 if (err) {
2870 kfree_skb(skb);
2871 goto errout;
2872 }
2873
2874 err = rtnl_unicast(skb, net, pid);
2875 errout:
2876 return err;
2877 }
2878
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2879 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2880 struct netlink_ext_ack *extack)
2881 {
2882 struct net *net = sock_net(in_skb->sk);
2883 struct net_device *dev = NULL;
2884 struct neigh_table *tbl = NULL;
2885 struct neighbour *neigh;
2886 void *dst = NULL;
2887 u8 ndm_flags = 0;
2888 int dev_idx = 0;
2889 int err;
2890
2891 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2892 extack);
2893 if (err < 0)
2894 return err;
2895
2896 if (dev_idx) {
2897 dev = __dev_get_by_index(net, dev_idx);
2898 if (!dev) {
2899 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2900 return -ENODEV;
2901 }
2902 }
2903
2904 if (!dst) {
2905 NL_SET_ERR_MSG(extack, "Network address not specified");
2906 return -EINVAL;
2907 }
2908
2909 if (ndm_flags & NTF_PROXY) {
2910 struct pneigh_entry *pn;
2911
2912 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2913 if (!pn) {
2914 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2915 return -ENOENT;
2916 }
2917 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2918 nlh->nlmsg_seq, tbl);
2919 }
2920
2921 if (!dev) {
2922 NL_SET_ERR_MSG(extack, "No device specified");
2923 return -EINVAL;
2924 }
2925
2926 neigh = neigh_lookup(tbl, dst, dev);
2927 if (!neigh) {
2928 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2929 return -ENOENT;
2930 }
2931
2932 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2933 nlh->nlmsg_seq);
2934
2935 neigh_release(neigh);
2936
2937 return err;
2938 }
2939
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2940 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2941 {
2942 int chain;
2943 struct neigh_hash_table *nht;
2944
2945 rcu_read_lock_bh();
2946 nht = rcu_dereference_bh(tbl->nht);
2947
2948 read_lock(&tbl->lock); /* avoid resizes */
2949 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2950 struct neighbour *n;
2951
2952 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2953 n != NULL;
2954 n = rcu_dereference_bh(n->next))
2955 cb(n, cookie);
2956 }
2957 read_unlock(&tbl->lock);
2958 rcu_read_unlock_bh();
2959 }
2960 EXPORT_SYMBOL(neigh_for_each);
2961
2962 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2963 void __neigh_for_each_release(struct neigh_table *tbl,
2964 int (*cb)(struct neighbour *))
2965 {
2966 int chain;
2967 struct neigh_hash_table *nht;
2968
2969 nht = rcu_dereference_protected(tbl->nht,
2970 lockdep_is_held(&tbl->lock));
2971 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2972 struct neighbour *n;
2973 struct neighbour __rcu **np;
2974
2975 np = &nht->hash_buckets[chain];
2976 while ((n = rcu_dereference_protected(*np,
2977 lockdep_is_held(&tbl->lock))) != NULL) {
2978 int release;
2979
2980 write_lock(&n->lock);
2981 release = cb(n);
2982 if (release) {
2983 rcu_assign_pointer(*np,
2984 rcu_dereference_protected(n->next,
2985 lockdep_is_held(&tbl->lock)));
2986 neigh_mark_dead(n);
2987 } else
2988 np = &n->next;
2989 write_unlock(&n->lock);
2990 if (release)
2991 neigh_cleanup_and_release(n);
2992 }
2993 }
2994 }
2995 EXPORT_SYMBOL(__neigh_for_each_release);
2996
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)2997 int neigh_xmit(int index, struct net_device *dev,
2998 const void *addr, struct sk_buff *skb)
2999 {
3000 int err = -EAFNOSUPPORT;
3001 if (likely(index < NEIGH_NR_TABLES)) {
3002 struct neigh_table *tbl;
3003 struct neighbour *neigh;
3004
3005 tbl = neigh_tables[index];
3006 if (!tbl)
3007 goto out;
3008 rcu_read_lock_bh();
3009 if (index == NEIGH_ARP_TABLE) {
3010 u32 key = *((u32 *)addr);
3011
3012 neigh = __ipv4_neigh_lookup_noref(dev, key);
3013 } else {
3014 neigh = __neigh_lookup_noref(tbl, addr, dev);
3015 }
3016 if (!neigh)
3017 neigh = __neigh_create(tbl, addr, dev, false);
3018 err = PTR_ERR(neigh);
3019 if (IS_ERR(neigh)) {
3020 rcu_read_unlock_bh();
3021 goto out_kfree_skb;
3022 }
3023 err = neigh->output(neigh, skb);
3024 rcu_read_unlock_bh();
3025 }
3026 else if (index == NEIGH_LINK_TABLE) {
3027 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3028 addr, NULL, skb->len);
3029 if (err < 0)
3030 goto out_kfree_skb;
3031 err = dev_queue_xmit(skb);
3032 }
3033 out:
3034 return err;
3035 out_kfree_skb:
3036 kfree_skb(skb);
3037 goto out;
3038 }
3039 EXPORT_SYMBOL(neigh_xmit);
3040
3041 #ifdef CONFIG_PROC_FS
3042
neigh_get_first(struct seq_file * seq)3043 static struct neighbour *neigh_get_first(struct seq_file *seq)
3044 {
3045 struct neigh_seq_state *state = seq->private;
3046 struct net *net = seq_file_net(seq);
3047 struct neigh_hash_table *nht = state->nht;
3048 struct neighbour *n = NULL;
3049 int bucket;
3050
3051 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3052 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3053 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3054
3055 while (n) {
3056 if (!net_eq(dev_net(n->dev), net))
3057 goto next;
3058 if (state->neigh_sub_iter) {
3059 loff_t fakep = 0;
3060 void *v;
3061
3062 v = state->neigh_sub_iter(state, n, &fakep);
3063 if (!v)
3064 goto next;
3065 }
3066 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3067 break;
3068 if (n->nud_state & ~NUD_NOARP)
3069 break;
3070 next:
3071 n = rcu_dereference_bh(n->next);
3072 }
3073
3074 if (n)
3075 break;
3076 }
3077 state->bucket = bucket;
3078
3079 return n;
3080 }
3081
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3082 static struct neighbour *neigh_get_next(struct seq_file *seq,
3083 struct neighbour *n,
3084 loff_t *pos)
3085 {
3086 struct neigh_seq_state *state = seq->private;
3087 struct net *net = seq_file_net(seq);
3088 struct neigh_hash_table *nht = state->nht;
3089
3090 if (state->neigh_sub_iter) {
3091 void *v = state->neigh_sub_iter(state, n, pos);
3092 if (v)
3093 return n;
3094 }
3095 n = rcu_dereference_bh(n->next);
3096
3097 while (1) {
3098 while (n) {
3099 if (!net_eq(dev_net(n->dev), net))
3100 goto next;
3101 if (state->neigh_sub_iter) {
3102 void *v = state->neigh_sub_iter(state, n, pos);
3103 if (v)
3104 return n;
3105 goto next;
3106 }
3107 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3108 break;
3109
3110 if (n->nud_state & ~NUD_NOARP)
3111 break;
3112 next:
3113 n = rcu_dereference_bh(n->next);
3114 }
3115
3116 if (n)
3117 break;
3118
3119 if (++state->bucket >= (1 << nht->hash_shift))
3120 break;
3121
3122 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3123 }
3124
3125 if (n && pos)
3126 --(*pos);
3127 return n;
3128 }
3129
neigh_get_idx(struct seq_file * seq,loff_t * pos)3130 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3131 {
3132 struct neighbour *n = neigh_get_first(seq);
3133
3134 if (n) {
3135 --(*pos);
3136 while (*pos) {
3137 n = neigh_get_next(seq, n, pos);
3138 if (!n)
3139 break;
3140 }
3141 }
3142 return *pos ? NULL : n;
3143 }
3144
pneigh_get_first(struct seq_file * seq)3145 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3146 {
3147 struct neigh_seq_state *state = seq->private;
3148 struct net *net = seq_file_net(seq);
3149 struct neigh_table *tbl = state->tbl;
3150 struct pneigh_entry *pn = NULL;
3151 int bucket = state->bucket;
3152
3153 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3154 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3155 pn = tbl->phash_buckets[bucket];
3156 while (pn && !net_eq(pneigh_net(pn), net))
3157 pn = pn->next;
3158 if (pn)
3159 break;
3160 }
3161 state->bucket = bucket;
3162
3163 return pn;
3164 }
3165
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3166 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3167 struct pneigh_entry *pn,
3168 loff_t *pos)
3169 {
3170 struct neigh_seq_state *state = seq->private;
3171 struct net *net = seq_file_net(seq);
3172 struct neigh_table *tbl = state->tbl;
3173
3174 do {
3175 pn = pn->next;
3176 } while (pn && !net_eq(pneigh_net(pn), net));
3177
3178 while (!pn) {
3179 if (++state->bucket > PNEIGH_HASHMASK)
3180 break;
3181 pn = tbl->phash_buckets[state->bucket];
3182 while (pn && !net_eq(pneigh_net(pn), net))
3183 pn = pn->next;
3184 if (pn)
3185 break;
3186 }
3187
3188 if (pn && pos)
3189 --(*pos);
3190
3191 return pn;
3192 }
3193
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3194 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3195 {
3196 struct pneigh_entry *pn = pneigh_get_first(seq);
3197
3198 if (pn) {
3199 --(*pos);
3200 while (*pos) {
3201 pn = pneigh_get_next(seq, pn, pos);
3202 if (!pn)
3203 break;
3204 }
3205 }
3206 return *pos ? NULL : pn;
3207 }
3208
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3209 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3210 {
3211 struct neigh_seq_state *state = seq->private;
3212 void *rc;
3213 loff_t idxpos = *pos;
3214
3215 rc = neigh_get_idx(seq, &idxpos);
3216 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3217 rc = pneigh_get_idx(seq, &idxpos);
3218
3219 return rc;
3220 }
3221
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3222 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3223 __acquires(tbl->lock)
3224 __acquires(rcu_bh)
3225 {
3226 struct neigh_seq_state *state = seq->private;
3227
3228 state->tbl = tbl;
3229 state->bucket = 0;
3230 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3231
3232 rcu_read_lock_bh();
3233 state->nht = rcu_dereference_bh(tbl->nht);
3234 read_lock(&tbl->lock);
3235
3236 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3237 }
3238 EXPORT_SYMBOL(neigh_seq_start);
3239
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3240 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3241 {
3242 struct neigh_seq_state *state;
3243 void *rc;
3244
3245 if (v == SEQ_START_TOKEN) {
3246 rc = neigh_get_first(seq);
3247 goto out;
3248 }
3249
3250 state = seq->private;
3251 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3252 rc = neigh_get_next(seq, v, NULL);
3253 if (rc)
3254 goto out;
3255 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3256 rc = pneigh_get_first(seq);
3257 } else {
3258 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3259 rc = pneigh_get_next(seq, v, NULL);
3260 }
3261 out:
3262 ++(*pos);
3263 return rc;
3264 }
3265 EXPORT_SYMBOL(neigh_seq_next);
3266
neigh_seq_stop(struct seq_file * seq,void * v)3267 void neigh_seq_stop(struct seq_file *seq, void *v)
3268 __releases(tbl->lock)
3269 __releases(rcu_bh)
3270 {
3271 struct neigh_seq_state *state = seq->private;
3272 struct neigh_table *tbl = state->tbl;
3273
3274 read_unlock(&tbl->lock);
3275 rcu_read_unlock_bh();
3276 }
3277 EXPORT_SYMBOL(neigh_seq_stop);
3278
3279 /* statistics via seq_file */
3280
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3281 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3282 {
3283 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3284 int cpu;
3285
3286 if (*pos == 0)
3287 return SEQ_START_TOKEN;
3288
3289 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3290 if (!cpu_possible(cpu))
3291 continue;
3292 *pos = cpu+1;
3293 return per_cpu_ptr(tbl->stats, cpu);
3294 }
3295 return NULL;
3296 }
3297
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3298 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3299 {
3300 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3301 int cpu;
3302
3303 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3304 if (!cpu_possible(cpu))
3305 continue;
3306 *pos = cpu+1;
3307 return per_cpu_ptr(tbl->stats, cpu);
3308 }
3309 (*pos)++;
3310 return NULL;
3311 }
3312
neigh_stat_seq_stop(struct seq_file * seq,void * v)3313 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3314 {
3315
3316 }
3317
neigh_stat_seq_show(struct seq_file * seq,void * v)3318 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3319 {
3320 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3321 struct neigh_statistics *st = v;
3322
3323 if (v == SEQ_START_TOKEN) {
3324 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3325 return 0;
3326 }
3327
3328 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3329 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3330 atomic_read(&tbl->entries),
3331
3332 st->allocs,
3333 st->destroys,
3334 st->hash_grows,
3335
3336 st->lookups,
3337 st->hits,
3338
3339 st->res_failed,
3340
3341 st->rcv_probes_mcast,
3342 st->rcv_probes_ucast,
3343
3344 st->periodic_gc_runs,
3345 st->forced_gc_runs,
3346 st->unres_discards,
3347 st->table_fulls
3348 );
3349
3350 return 0;
3351 }
3352
3353 static const struct seq_operations neigh_stat_seq_ops = {
3354 .start = neigh_stat_seq_start,
3355 .next = neigh_stat_seq_next,
3356 .stop = neigh_stat_seq_stop,
3357 .show = neigh_stat_seq_show,
3358 };
3359 #endif /* CONFIG_PROC_FS */
3360
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3361 static void __neigh_notify(struct neighbour *n, int type, int flags,
3362 u32 pid)
3363 {
3364 struct net *net = dev_net(n->dev);
3365 struct sk_buff *skb;
3366 int err = -ENOBUFS;
3367
3368 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3369 if (skb == NULL)
3370 goto errout;
3371
3372 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3373 if (err < 0) {
3374 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3375 WARN_ON(err == -EMSGSIZE);
3376 kfree_skb(skb);
3377 goto errout;
3378 }
3379 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3380 return;
3381 errout:
3382 if (err < 0)
3383 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3384 }
3385
neigh_app_ns(struct neighbour * n)3386 void neigh_app_ns(struct neighbour *n)
3387 {
3388 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3389 }
3390 EXPORT_SYMBOL(neigh_app_ns);
3391
3392 #ifdef CONFIG_SYSCTL
3393 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3394
proc_unres_qlen(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3395 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3396 void __user *buffer, size_t *lenp, loff_t *ppos)
3397 {
3398 int size, ret;
3399 struct ctl_table tmp = *ctl;
3400
3401 tmp.extra1 = SYSCTL_ZERO;
3402 tmp.extra2 = &unres_qlen_max;
3403 tmp.data = &size;
3404
3405 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3406 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3407
3408 if (write && !ret)
3409 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3410 return ret;
3411 }
3412
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3413 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3414 int family)
3415 {
3416 switch (family) {
3417 case AF_INET:
3418 return __in_dev_arp_parms_get_rcu(dev);
3419 case AF_INET6:
3420 return __in6_dev_nd_parms_get_rcu(dev);
3421 }
3422 return NULL;
3423 }
3424
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3425 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3426 int index)
3427 {
3428 struct net_device *dev;
3429 int family = neigh_parms_family(p);
3430
3431 rcu_read_lock();
3432 for_each_netdev_rcu(net, dev) {
3433 struct neigh_parms *dst_p =
3434 neigh_get_dev_parms_rcu(dev, family);
3435
3436 if (dst_p && !test_bit(index, dst_p->data_state))
3437 dst_p->data[index] = p->data[index];
3438 }
3439 rcu_read_unlock();
3440 }
3441
neigh_proc_update(struct ctl_table * ctl,int write)3442 static void neigh_proc_update(struct ctl_table *ctl, int write)
3443 {
3444 struct net_device *dev = ctl->extra1;
3445 struct neigh_parms *p = ctl->extra2;
3446 struct net *net = neigh_parms_net(p);
3447 int index = (int *) ctl->data - p->data;
3448
3449 if (!write)
3450 return;
3451
3452 set_bit(index, p->data_state);
3453 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3454 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3455 if (!dev) /* NULL dev means this is default value */
3456 neigh_copy_dflt_parms(net, p, index);
3457 }
3458
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3459 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3460 void __user *buffer,
3461 size_t *lenp, loff_t *ppos)
3462 {
3463 struct ctl_table tmp = *ctl;
3464 int ret;
3465
3466 tmp.extra1 = SYSCTL_ZERO;
3467 tmp.extra2 = SYSCTL_INT_MAX;
3468
3469 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3470 neigh_proc_update(ctl, write);
3471 return ret;
3472 }
3473
neigh_proc_dointvec(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3474 int neigh_proc_dointvec(struct ctl_table *ctl, int write,
3475 void __user *buffer, size_t *lenp, loff_t *ppos)
3476 {
3477 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3478
3479 neigh_proc_update(ctl, write);
3480 return ret;
3481 }
3482 EXPORT_SYMBOL(neigh_proc_dointvec);
3483
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3484 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
3485 void __user *buffer,
3486 size_t *lenp, loff_t *ppos)
3487 {
3488 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3489
3490 neigh_proc_update(ctl, write);
3491 return ret;
3492 }
3493 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3494
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3495 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3496 void __user *buffer,
3497 size_t *lenp, loff_t *ppos)
3498 {
3499 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3500
3501 neigh_proc_update(ctl, write);
3502 return ret;
3503 }
3504
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3505 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3506 void __user *buffer,
3507 size_t *lenp, loff_t *ppos)
3508 {
3509 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3510
3511 neigh_proc_update(ctl, write);
3512 return ret;
3513 }
3514 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3515
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3516 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3517 void __user *buffer,
3518 size_t *lenp, loff_t *ppos)
3519 {
3520 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3521
3522 neigh_proc_update(ctl, write);
3523 return ret;
3524 }
3525
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)3526 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3527 void __user *buffer,
3528 size_t *lenp, loff_t *ppos)
3529 {
3530 struct neigh_parms *p = ctl->extra2;
3531 int ret;
3532
3533 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3534 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3535 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3536 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3537 else
3538 ret = -1;
3539
3540 if (write && ret == 0) {
3541 /* update reachable_time as well, otherwise, the change will
3542 * only be effective after the next time neigh_periodic_work
3543 * decides to recompute it
3544 */
3545 p->reachable_time =
3546 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3547 }
3548 return ret;
3549 }
3550
3551 #define NEIGH_PARMS_DATA_OFFSET(index) \
3552 (&((struct neigh_parms *) 0)->data[index])
3553
3554 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3555 [NEIGH_VAR_ ## attr] = { \
3556 .procname = name, \
3557 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3558 .maxlen = sizeof(int), \
3559 .mode = mval, \
3560 .proc_handler = proc, \
3561 }
3562
3563 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3564 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3565
3566 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3567 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3568
3569 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3570 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3571
3572 #define NEIGH_SYSCTL_MS_JIFFIES_ENTRY(attr, name) \
3573 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3574
3575 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3576 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3577
3578 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3579 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3580
3581 static struct neigh_sysctl_table {
3582 struct ctl_table_header *sysctl_header;
3583 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3584 } neigh_sysctl_template __read_mostly = {
3585 .neigh_vars = {
3586 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3587 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3588 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3589 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3590 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3591 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3592 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3593 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3594 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3595 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3596 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3597 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3598 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3599 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3600 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3601 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3602 [NEIGH_VAR_GC_INTERVAL] = {
3603 .procname = "gc_interval",
3604 .maxlen = sizeof(int),
3605 .mode = 0644,
3606 .proc_handler = proc_dointvec_jiffies,
3607 },
3608 [NEIGH_VAR_GC_THRESH1] = {
3609 .procname = "gc_thresh1",
3610 .maxlen = sizeof(int),
3611 .mode = 0644,
3612 .extra1 = SYSCTL_ZERO,
3613 .extra2 = SYSCTL_INT_MAX,
3614 .proc_handler = proc_dointvec_minmax,
3615 },
3616 [NEIGH_VAR_GC_THRESH2] = {
3617 .procname = "gc_thresh2",
3618 .maxlen = sizeof(int),
3619 .mode = 0644,
3620 .extra1 = SYSCTL_ZERO,
3621 .extra2 = SYSCTL_INT_MAX,
3622 .proc_handler = proc_dointvec_minmax,
3623 },
3624 [NEIGH_VAR_GC_THRESH3] = {
3625 .procname = "gc_thresh3",
3626 .maxlen = sizeof(int),
3627 .mode = 0644,
3628 .extra1 = SYSCTL_ZERO,
3629 .extra2 = SYSCTL_INT_MAX,
3630 .proc_handler = proc_dointvec_minmax,
3631 },
3632 {},
3633 },
3634 };
3635
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3636 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3637 proc_handler *handler)
3638 {
3639 int i;
3640 struct neigh_sysctl_table *t;
3641 const char *dev_name_source;
3642 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3643 char *p_name;
3644
3645 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3646 if (!t)
3647 goto err;
3648
3649 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3650 t->neigh_vars[i].data += (long) p;
3651 t->neigh_vars[i].extra1 = dev;
3652 t->neigh_vars[i].extra2 = p;
3653 }
3654
3655 if (dev) {
3656 dev_name_source = dev->name;
3657 /* Terminate the table early */
3658 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3659 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3660 } else {
3661 struct neigh_table *tbl = p->tbl;
3662 dev_name_source = "default";
3663 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3664 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3665 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3666 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3667 }
3668
3669 if (handler) {
3670 /* RetransTime */
3671 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3672 /* ReachableTime */
3673 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3674 /* RetransTime (in milliseconds)*/
3675 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3676 /* ReachableTime (in milliseconds) */
3677 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3678 } else {
3679 /* Those handlers will update p->reachable_time after
3680 * base_reachable_time(_ms) is set to ensure the new timer starts being
3681 * applied after the next neighbour update instead of waiting for
3682 * neigh_periodic_work to update its value (can be multiple minutes)
3683 * So any handler that replaces them should do this as well
3684 */
3685 /* ReachableTime */
3686 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3687 neigh_proc_base_reachable_time;
3688 /* ReachableTime (in milliseconds) */
3689 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3690 neigh_proc_base_reachable_time;
3691 }
3692
3693 /* Don't export sysctls to unprivileged users */
3694 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3695 t->neigh_vars[0].procname = NULL;
3696
3697 switch (neigh_parms_family(p)) {
3698 case AF_INET:
3699 p_name = "ipv4";
3700 break;
3701 case AF_INET6:
3702 p_name = "ipv6";
3703 break;
3704 default:
3705 BUG();
3706 }
3707
3708 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3709 p_name, dev_name_source);
3710 t->sysctl_header =
3711 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3712 if (!t->sysctl_header)
3713 goto free;
3714
3715 p->sysctl_table = t;
3716 return 0;
3717
3718 free:
3719 kfree(t);
3720 err:
3721 return -ENOBUFS;
3722 }
3723 EXPORT_SYMBOL(neigh_sysctl_register);
3724
neigh_sysctl_unregister(struct neigh_parms * p)3725 void neigh_sysctl_unregister(struct neigh_parms *p)
3726 {
3727 if (p->sysctl_table) {
3728 struct neigh_sysctl_table *t = p->sysctl_table;
3729 p->sysctl_table = NULL;
3730 unregister_net_sysctl_table(t->sysctl_header);
3731 kfree(t);
3732 }
3733 }
3734 EXPORT_SYMBOL(neigh_sysctl_unregister);
3735
3736 #endif /* CONFIG_SYSCTL */
3737
neigh_init(void)3738 static int __init neigh_init(void)
3739 {
3740 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3741 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3742 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3743
3744 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3745 0);
3746 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3747
3748 return 0;
3749 }
3750
3751 subsys_initcall(neigh_init);
3752