1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define NEIGH_DEBUG 1
45 #define neigh_dbg(level, fmt, ...) \
46 do { \
47 if (level <= NEIGH_DEBUG) \
48 pr_debug(fmt, ##__VA_ARGS__); \
49 } while (0)
50
51 #define PNEIGH_HASHMASK 0xF
52
53 static void neigh_timer_handler(struct timer_list *t);
54 static void __neigh_notify(struct neighbour *n, int type, int flags,
55 u32 pid);
56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58 struct net_device *dev);
59
60 #ifdef CONFIG_PROC_FS
61 static const struct seq_operations neigh_stat_seq_ops;
62 #endif
63
64 /*
65 Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67 - All the scans/updates to hash buckets MUST be made under this lock.
68 - NOTHING clever should be made under this lock: no callbacks
69 to protocol backends, no attempts to send something to network.
70 It will result in deadlocks, if backend/driver wants to use neighbour
71 cache.
72 - If the entry requires some non-trivial actions, increase
73 its reference count and release table lock.
74
75 Neighbour entries are protected:
76 - with reference count.
77 - with rwlock neigh->lock
78
79 Reference count prevents destruction.
80
81 neigh->lock mainly serializes ll address data and its validity state.
82 However, the same lock is used to protect another entry fields:
83 - timer
84 - resolution queue
85
86 Again, nothing clever shall be made under neigh->lock,
87 the most complicated procedure, which we allow is dev->hard_header.
88 It is supposed, that dev->hard_header is simplistic and does
89 not make callbacks to neighbour tables.
90 */
91
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 {
94 kfree_skb(skb);
95 return -ENETDOWN;
96 }
97
neigh_cleanup_and_release(struct neighbour * neigh)98 static void neigh_cleanup_and_release(struct neighbour *neigh)
99 {
100 trace_neigh_cleanup_and_release(neigh, 0);
101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103 neigh_release(neigh);
104 }
105
106 /*
107 * It is random distribution in the interval (1/2)*base...(3/2)*base.
108 * It corresponds to default IPv6 settings and is not overridable,
109 * because it is really reasonable choice.
110 */
111
neigh_rand_reach_time(unsigned long base)112 unsigned long neigh_rand_reach_time(unsigned long base)
113 {
114 return base ? (prandom_u32() % base) + (base >> 1) : 0;
115 }
116 EXPORT_SYMBOL(neigh_rand_reach_time);
117
neigh_mark_dead(struct neighbour * n)118 static void neigh_mark_dead(struct neighbour *n)
119 {
120 n->dead = 1;
121 if (!list_empty(&n->gc_list)) {
122 list_del_init(&n->gc_list);
123 atomic_dec(&n->tbl->gc_entries);
124 }
125 }
126
neigh_update_gc_list(struct neighbour * n)127 static void neigh_update_gc_list(struct neighbour *n)
128 {
129 bool on_gc_list, exempt_from_gc;
130
131 write_lock_bh(&n->tbl->lock);
132 write_lock(&n->lock);
133
134 if (n->dead)
135 goto out;
136
137 /* remove from the gc list if new state is permanent or if neighbor
138 * is externally learned; otherwise entry should be on the gc list
139 */
140 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
141 n->flags & NTF_EXT_LEARNED;
142 on_gc_list = !list_empty(&n->gc_list);
143
144 if (exempt_from_gc && on_gc_list) {
145 list_del_init(&n->gc_list);
146 atomic_dec(&n->tbl->gc_entries);
147 } else if (!exempt_from_gc && !on_gc_list) {
148 /* add entries to the tail; cleaning removes from the front */
149 list_add_tail(&n->gc_list, &n->tbl->gc_list);
150 atomic_inc(&n->tbl->gc_entries);
151 }
152
153 out:
154 write_unlock(&n->lock);
155 write_unlock_bh(&n->tbl->lock);
156 }
157
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)158 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
159 int *notify)
160 {
161 bool rc = false;
162 u8 ndm_flags;
163
164 if (!(flags & NEIGH_UPDATE_F_ADMIN))
165 return rc;
166
167 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
168 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
169 if (ndm_flags & NTF_EXT_LEARNED)
170 neigh->flags |= NTF_EXT_LEARNED;
171 else
172 neigh->flags &= ~NTF_EXT_LEARNED;
173 rc = true;
174 *notify = 1;
175 }
176
177 return rc;
178 }
179
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)180 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
181 struct neigh_table *tbl)
182 {
183 bool retval = false;
184
185 write_lock(&n->lock);
186 if (refcount_read(&n->refcnt) == 1) {
187 struct neighbour *neigh;
188
189 neigh = rcu_dereference_protected(n->next,
190 lockdep_is_held(&tbl->lock));
191 rcu_assign_pointer(*np, neigh);
192 neigh_mark_dead(n);
193 retval = true;
194 }
195 write_unlock(&n->lock);
196 if (retval)
197 neigh_cleanup_and_release(n);
198 return retval;
199 }
200
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)201 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
202 {
203 struct neigh_hash_table *nht;
204 void *pkey = ndel->primary_key;
205 u32 hash_val;
206 struct neighbour *n;
207 struct neighbour __rcu **np;
208
209 nht = rcu_dereference_protected(tbl->nht,
210 lockdep_is_held(&tbl->lock));
211 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
212 hash_val = hash_val >> (32 - nht->hash_shift);
213
214 np = &nht->hash_buckets[hash_val];
215 while ((n = rcu_dereference_protected(*np,
216 lockdep_is_held(&tbl->lock)))) {
217 if (n == ndel)
218 return neigh_del(n, np, tbl);
219 np = &n->next;
220 }
221 return false;
222 }
223
neigh_forced_gc(struct neigh_table * tbl)224 static int neigh_forced_gc(struct neigh_table *tbl)
225 {
226 int max_clean = atomic_read(&tbl->gc_entries) -
227 READ_ONCE(tbl->gc_thresh2);
228 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC;
229 unsigned long tref = jiffies - 5 * HZ;
230 struct neighbour *n, *tmp;
231 int shrunk = 0;
232 int loop = 0;
233
234 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
235
236 write_lock_bh(&tbl->lock);
237
238 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
239 if (refcount_read(&n->refcnt) == 1) {
240 bool remove = false;
241
242 write_lock(&n->lock);
243 if ((n->nud_state == NUD_FAILED) ||
244 (n->nud_state == NUD_NOARP) ||
245 (tbl->is_multicast &&
246 tbl->is_multicast(n->primary_key)) ||
247 !time_in_range(n->updated, tref, jiffies))
248 remove = true;
249 write_unlock(&n->lock);
250
251 if (remove && neigh_remove_one(n, tbl))
252 shrunk++;
253 if (shrunk >= max_clean)
254 break;
255 if (++loop == 16) {
256 if (ktime_get_ns() > tmax)
257 goto unlock;
258 loop = 0;
259 }
260 }
261 }
262
263 WRITE_ONCE(tbl->last_flush, jiffies);
264 unlock:
265 write_unlock_bh(&tbl->lock);
266
267 return shrunk;
268 }
269
neigh_add_timer(struct neighbour * n,unsigned long when)270 static void neigh_add_timer(struct neighbour *n, unsigned long when)
271 {
272 /* Use safe distance from the jiffies - LONG_MAX point while timer
273 * is running in DELAY/PROBE state but still show to user space
274 * large times in the past.
275 */
276 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
277
278 neigh_hold(n);
279 if (!time_in_range(n->confirmed, mint, jiffies))
280 n->confirmed = mint;
281 if (time_before(n->used, n->confirmed))
282 n->used = n->confirmed;
283 if (unlikely(mod_timer(&n->timer, when))) {
284 printk("NEIGH: BUG, double timer add, state is %x\n",
285 n->nud_state);
286 dump_stack();
287 }
288 }
289
neigh_del_timer(struct neighbour * n)290 static int neigh_del_timer(struct neighbour *n)
291 {
292 if ((n->nud_state & NUD_IN_TIMER) &&
293 del_timer(&n->timer)) {
294 neigh_release(n);
295 return 1;
296 }
297 return 0;
298 }
299
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)300 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
301 {
302 struct sk_buff_head tmp;
303 unsigned long flags;
304 struct sk_buff *skb;
305
306 skb_queue_head_init(&tmp);
307 spin_lock_irqsave(&list->lock, flags);
308 skb = skb_peek(list);
309 while (skb != NULL) {
310 struct sk_buff *skb_next = skb_peek_next(skb, list);
311 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
312 __skb_unlink(skb, list);
313 __skb_queue_tail(&tmp, skb);
314 }
315 skb = skb_next;
316 }
317 spin_unlock_irqrestore(&list->lock, flags);
318
319 while ((skb = __skb_dequeue(&tmp))) {
320 dev_put(skb->dev);
321 kfree_skb(skb);
322 }
323 }
324
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)325 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
326 bool skip_perm)
327 {
328 int i;
329 struct neigh_hash_table *nht;
330
331 nht = rcu_dereference_protected(tbl->nht,
332 lockdep_is_held(&tbl->lock));
333
334 for (i = 0; i < (1 << nht->hash_shift); i++) {
335 struct neighbour *n;
336 struct neighbour __rcu **np = &nht->hash_buckets[i];
337
338 while ((n = rcu_dereference_protected(*np,
339 lockdep_is_held(&tbl->lock))) != NULL) {
340 if (dev && n->dev != dev) {
341 np = &n->next;
342 continue;
343 }
344 if (skip_perm && n->nud_state & NUD_PERMANENT) {
345 np = &n->next;
346 continue;
347 }
348 rcu_assign_pointer(*np,
349 rcu_dereference_protected(n->next,
350 lockdep_is_held(&tbl->lock)));
351 write_lock(&n->lock);
352 neigh_del_timer(n);
353 neigh_mark_dead(n);
354 if (refcount_read(&n->refcnt) != 1) {
355 /* The most unpleasant situation.
356 We must destroy neighbour entry,
357 but someone still uses it.
358
359 The destroy will be delayed until
360 the last user releases us, but
361 we must kill timers etc. and move
362 it to safe state.
363 */
364 __skb_queue_purge(&n->arp_queue);
365 n->arp_queue_len_bytes = 0;
366 n->output = neigh_blackhole;
367 if (n->nud_state & NUD_VALID)
368 n->nud_state = NUD_NOARP;
369 else
370 n->nud_state = NUD_NONE;
371 neigh_dbg(2, "neigh %p is stray\n", n);
372 }
373 write_unlock(&n->lock);
374 neigh_cleanup_and_release(n);
375 }
376 }
377 }
378
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)379 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
380 {
381 write_lock_bh(&tbl->lock);
382 neigh_flush_dev(tbl, dev, false);
383 write_unlock_bh(&tbl->lock);
384 }
385 EXPORT_SYMBOL(neigh_changeaddr);
386
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)387 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
388 bool skip_perm)
389 {
390 write_lock_bh(&tbl->lock);
391 neigh_flush_dev(tbl, dev, skip_perm);
392 pneigh_ifdown_and_unlock(tbl, dev);
393 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
394 if (skb_queue_empty_lockless(&tbl->proxy_queue))
395 del_timer_sync(&tbl->proxy_timer);
396 return 0;
397 }
398
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)399 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
400 {
401 __neigh_ifdown(tbl, dev, true);
402 return 0;
403 }
404 EXPORT_SYMBOL(neigh_carrier_down);
405
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)406 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
407 {
408 __neigh_ifdown(tbl, dev, false);
409 return 0;
410 }
411 EXPORT_SYMBOL(neigh_ifdown);
412
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)413 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
414 struct net_device *dev,
415 u8 flags, bool exempt_from_gc)
416 {
417 struct neighbour *n = NULL;
418 unsigned long now = jiffies;
419 int entries, gc_thresh3;
420
421 if (exempt_from_gc)
422 goto do_alloc;
423
424 entries = atomic_inc_return(&tbl->gc_entries) - 1;
425 gc_thresh3 = READ_ONCE(tbl->gc_thresh3);
426 if (entries >= gc_thresh3 ||
427 (entries >= READ_ONCE(tbl->gc_thresh2) &&
428 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) {
429 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) {
430 net_info_ratelimited("%s: neighbor table overflow!\n",
431 tbl->id);
432 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
433 goto out_entries;
434 }
435 }
436
437 do_alloc:
438 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
439 if (!n)
440 goto out_entries;
441
442 __skb_queue_head_init(&n->arp_queue);
443 rwlock_init(&n->lock);
444 seqlock_init(&n->ha_lock);
445 n->updated = n->used = now;
446 n->nud_state = NUD_NONE;
447 n->output = neigh_blackhole;
448 n->flags = flags;
449 seqlock_init(&n->hh.hh_lock);
450 n->parms = neigh_parms_clone(&tbl->parms);
451 timer_setup(&n->timer, neigh_timer_handler, 0);
452
453 NEIGH_CACHE_STAT_INC(tbl, allocs);
454 n->tbl = tbl;
455 refcount_set(&n->refcnt, 1);
456 n->dead = 1;
457 INIT_LIST_HEAD(&n->gc_list);
458
459 atomic_inc(&tbl->entries);
460 out:
461 return n;
462
463 out_entries:
464 if (!exempt_from_gc)
465 atomic_dec(&tbl->gc_entries);
466 goto out;
467 }
468
neigh_get_hash_rnd(u32 * x)469 static void neigh_get_hash_rnd(u32 *x)
470 {
471 *x = get_random_u32() | 1;
472 }
473
neigh_hash_alloc(unsigned int shift)474 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
475 {
476 size_t size = (1 << shift) * sizeof(struct neighbour *);
477 struct neigh_hash_table *ret;
478 struct neighbour __rcu **buckets;
479 int i;
480
481 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
482 if (!ret)
483 return NULL;
484 if (size <= PAGE_SIZE) {
485 buckets = kzalloc(size, GFP_ATOMIC);
486 } else {
487 buckets = (struct neighbour __rcu **)
488 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
489 get_order(size));
490 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
491 }
492 if (!buckets) {
493 kfree(ret);
494 return NULL;
495 }
496 ret->hash_buckets = buckets;
497 ret->hash_shift = shift;
498 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
499 neigh_get_hash_rnd(&ret->hash_rnd[i]);
500 return ret;
501 }
502
neigh_hash_free_rcu(struct rcu_head * head)503 static void neigh_hash_free_rcu(struct rcu_head *head)
504 {
505 struct neigh_hash_table *nht = container_of(head,
506 struct neigh_hash_table,
507 rcu);
508 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
509 struct neighbour __rcu **buckets = nht->hash_buckets;
510
511 if (size <= PAGE_SIZE) {
512 kfree(buckets);
513 } else {
514 kmemleak_free(buckets);
515 free_pages((unsigned long)buckets, get_order(size));
516 }
517 kfree(nht);
518 }
519
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)520 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
521 unsigned long new_shift)
522 {
523 unsigned int i, hash;
524 struct neigh_hash_table *new_nht, *old_nht;
525
526 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
527
528 old_nht = rcu_dereference_protected(tbl->nht,
529 lockdep_is_held(&tbl->lock));
530 new_nht = neigh_hash_alloc(new_shift);
531 if (!new_nht)
532 return old_nht;
533
534 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
535 struct neighbour *n, *next;
536
537 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
538 lockdep_is_held(&tbl->lock));
539 n != NULL;
540 n = next) {
541 hash = tbl->hash(n->primary_key, n->dev,
542 new_nht->hash_rnd);
543
544 hash >>= (32 - new_nht->hash_shift);
545 next = rcu_dereference_protected(n->next,
546 lockdep_is_held(&tbl->lock));
547
548 rcu_assign_pointer(n->next,
549 rcu_dereference_protected(
550 new_nht->hash_buckets[hash],
551 lockdep_is_held(&tbl->lock)));
552 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
553 }
554 }
555
556 rcu_assign_pointer(tbl->nht, new_nht);
557 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
558 return new_nht;
559 }
560
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)561 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
562 struct net_device *dev)
563 {
564 struct neighbour *n;
565
566 NEIGH_CACHE_STAT_INC(tbl, lookups);
567
568 rcu_read_lock_bh();
569 n = __neigh_lookup_noref(tbl, pkey, dev);
570 if (n) {
571 if (!refcount_inc_not_zero(&n->refcnt))
572 n = NULL;
573 NEIGH_CACHE_STAT_INC(tbl, hits);
574 }
575
576 rcu_read_unlock_bh();
577 return n;
578 }
579 EXPORT_SYMBOL(neigh_lookup);
580
581 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)582 ___neigh_create(struct neigh_table *tbl, const void *pkey,
583 struct net_device *dev, u8 flags,
584 bool exempt_from_gc, bool want_ref)
585 {
586 u32 hash_val, key_len = tbl->key_len;
587 struct neighbour *n1, *rc, *n;
588 struct neigh_hash_table *nht;
589 int error;
590
591 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
592 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
593 if (!n) {
594 rc = ERR_PTR(-ENOBUFS);
595 goto out;
596 }
597
598 memcpy(n->primary_key, pkey, key_len);
599 n->dev = dev;
600 dev_hold(dev);
601
602 /* Protocol specific setup. */
603 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
604 rc = ERR_PTR(error);
605 goto out_neigh_release;
606 }
607
608 if (dev->netdev_ops->ndo_neigh_construct) {
609 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
610 if (error < 0) {
611 rc = ERR_PTR(error);
612 goto out_neigh_release;
613 }
614 }
615
616 /* Device specific setup. */
617 if (n->parms->neigh_setup &&
618 (error = n->parms->neigh_setup(n)) < 0) {
619 rc = ERR_PTR(error);
620 goto out_neigh_release;
621 }
622
623 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
624
625 write_lock_bh(&tbl->lock);
626 nht = rcu_dereference_protected(tbl->nht,
627 lockdep_is_held(&tbl->lock));
628
629 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
630 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
631
632 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
633
634 if (n->parms->dead) {
635 rc = ERR_PTR(-EINVAL);
636 goto out_tbl_unlock;
637 }
638
639 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
640 lockdep_is_held(&tbl->lock));
641 n1 != NULL;
642 n1 = rcu_dereference_protected(n1->next,
643 lockdep_is_held(&tbl->lock))) {
644 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
645 if (want_ref)
646 neigh_hold(n1);
647 rc = n1;
648 goto out_tbl_unlock;
649 }
650 }
651
652 n->dead = 0;
653 if (!exempt_from_gc)
654 list_add_tail(&n->gc_list, &n->tbl->gc_list);
655
656 if (want_ref)
657 neigh_hold(n);
658 rcu_assign_pointer(n->next,
659 rcu_dereference_protected(nht->hash_buckets[hash_val],
660 lockdep_is_held(&tbl->lock)));
661 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
662 write_unlock_bh(&tbl->lock);
663 neigh_dbg(2, "neigh %p is created\n", n);
664 rc = n;
665 out:
666 return rc;
667 out_tbl_unlock:
668 write_unlock_bh(&tbl->lock);
669 out_neigh_release:
670 if (!exempt_from_gc)
671 atomic_dec(&tbl->gc_entries);
672 neigh_release(n);
673 goto out;
674 }
675
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)676 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
677 struct net_device *dev, bool want_ref)
678 {
679 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
680 }
681 EXPORT_SYMBOL(__neigh_create);
682
pneigh_hash(const void * pkey,unsigned int key_len)683 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
684 {
685 u32 hash_val = *(u32 *)(pkey + key_len - 4);
686 hash_val ^= (hash_val >> 16);
687 hash_val ^= hash_val >> 8;
688 hash_val ^= hash_val >> 4;
689 hash_val &= PNEIGH_HASHMASK;
690 return hash_val;
691 }
692
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)693 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
694 struct net *net,
695 const void *pkey,
696 unsigned int key_len,
697 struct net_device *dev)
698 {
699 while (n) {
700 if (!memcmp(n->key, pkey, key_len) &&
701 net_eq(pneigh_net(n), net) &&
702 (n->dev == dev || !n->dev))
703 return n;
704 n = n->next;
705 }
706 return NULL;
707 }
708
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)709 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
710 struct net *net, const void *pkey, struct net_device *dev)
711 {
712 unsigned int key_len = tbl->key_len;
713 u32 hash_val = pneigh_hash(pkey, key_len);
714
715 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
716 net, pkey, key_len, dev);
717 }
718 EXPORT_SYMBOL_GPL(__pneigh_lookup);
719
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)720 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
721 struct net *net, const void *pkey,
722 struct net_device *dev, int creat)
723 {
724 struct pneigh_entry *n;
725 unsigned int key_len = tbl->key_len;
726 u32 hash_val = pneigh_hash(pkey, key_len);
727
728 read_lock_bh(&tbl->lock);
729 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
730 net, pkey, key_len, dev);
731 read_unlock_bh(&tbl->lock);
732
733 if (n || !creat)
734 goto out;
735
736 ASSERT_RTNL();
737
738 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
739 if (!n)
740 goto out;
741
742 write_pnet(&n->net, net);
743 memcpy(n->key, pkey, key_len);
744 n->dev = dev;
745 dev_hold(dev);
746
747 if (tbl->pconstructor && tbl->pconstructor(n)) {
748 dev_put(dev);
749 kfree(n);
750 n = NULL;
751 goto out;
752 }
753
754 write_lock_bh(&tbl->lock);
755 n->next = tbl->phash_buckets[hash_val];
756 tbl->phash_buckets[hash_val] = n;
757 write_unlock_bh(&tbl->lock);
758 out:
759 return n;
760 }
761 EXPORT_SYMBOL(pneigh_lookup);
762
763
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)764 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
765 struct net_device *dev)
766 {
767 struct pneigh_entry *n, **np;
768 unsigned int key_len = tbl->key_len;
769 u32 hash_val = pneigh_hash(pkey, key_len);
770
771 write_lock_bh(&tbl->lock);
772 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
773 np = &n->next) {
774 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
775 net_eq(pneigh_net(n), net)) {
776 *np = n->next;
777 write_unlock_bh(&tbl->lock);
778 if (tbl->pdestructor)
779 tbl->pdestructor(n);
780 dev_put(n->dev);
781 kfree(n);
782 return 0;
783 }
784 }
785 write_unlock_bh(&tbl->lock);
786 return -ENOENT;
787 }
788
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)789 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
790 struct net_device *dev)
791 {
792 struct pneigh_entry *n, **np, *freelist = NULL;
793 u32 h;
794
795 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
796 np = &tbl->phash_buckets[h];
797 while ((n = *np) != NULL) {
798 if (!dev || n->dev == dev) {
799 *np = n->next;
800 n->next = freelist;
801 freelist = n;
802 continue;
803 }
804 np = &n->next;
805 }
806 }
807 write_unlock_bh(&tbl->lock);
808 while ((n = freelist)) {
809 freelist = n->next;
810 n->next = NULL;
811 if (tbl->pdestructor)
812 tbl->pdestructor(n);
813 dev_put(n->dev);
814 kfree(n);
815 }
816 return -ENOENT;
817 }
818
819 static void neigh_parms_destroy(struct neigh_parms *parms);
820
neigh_parms_put(struct neigh_parms * parms)821 static inline void neigh_parms_put(struct neigh_parms *parms)
822 {
823 if (refcount_dec_and_test(&parms->refcnt))
824 neigh_parms_destroy(parms);
825 }
826
827 /*
828 * neighbour must already be out of the table;
829 *
830 */
neigh_destroy(struct neighbour * neigh)831 void neigh_destroy(struct neighbour *neigh)
832 {
833 struct net_device *dev = neigh->dev;
834
835 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
836
837 if (!neigh->dead) {
838 pr_warn("Destroying alive neighbour %p\n", neigh);
839 dump_stack();
840 return;
841 }
842
843 if (neigh_del_timer(neigh))
844 pr_warn("Impossible event\n");
845
846 write_lock_bh(&neigh->lock);
847 __skb_queue_purge(&neigh->arp_queue);
848 write_unlock_bh(&neigh->lock);
849 neigh->arp_queue_len_bytes = 0;
850
851 if (dev->netdev_ops->ndo_neigh_destroy)
852 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
853
854 dev_put(dev);
855 neigh_parms_put(neigh->parms);
856
857 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
858
859 atomic_dec(&neigh->tbl->entries);
860 kfree_rcu(neigh, rcu);
861 }
862 EXPORT_SYMBOL(neigh_destroy);
863
864 /* Neighbour state is suspicious;
865 disable fast path.
866
867 Called with write_locked neigh.
868 */
neigh_suspect(struct neighbour * neigh)869 static void neigh_suspect(struct neighbour *neigh)
870 {
871 neigh_dbg(2, "neigh %p is suspected\n", neigh);
872
873 neigh->output = neigh->ops->output;
874 }
875
876 /* Neighbour state is OK;
877 enable fast path.
878
879 Called with write_locked neigh.
880 */
neigh_connect(struct neighbour * neigh)881 static void neigh_connect(struct neighbour *neigh)
882 {
883 neigh_dbg(2, "neigh %p is connected\n", neigh);
884
885 neigh->output = neigh->ops->connected_output;
886 }
887
neigh_periodic_work(struct work_struct * work)888 static void neigh_periodic_work(struct work_struct *work)
889 {
890 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
891 struct neighbour *n;
892 struct neighbour __rcu **np;
893 unsigned int i;
894 struct neigh_hash_table *nht;
895
896 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
897
898 write_lock_bh(&tbl->lock);
899 nht = rcu_dereference_protected(tbl->nht,
900 lockdep_is_held(&tbl->lock));
901
902 /*
903 * periodically recompute ReachableTime from random function
904 */
905
906 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
907 struct neigh_parms *p;
908
909 WRITE_ONCE(tbl->last_rand, jiffies);
910 list_for_each_entry(p, &tbl->parms_list, list)
911 p->reachable_time =
912 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
913 }
914
915 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1))
916 goto out;
917
918 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
919 np = &nht->hash_buckets[i];
920
921 while ((n = rcu_dereference_protected(*np,
922 lockdep_is_held(&tbl->lock))) != NULL) {
923 unsigned int state;
924
925 write_lock(&n->lock);
926
927 state = n->nud_state;
928 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
929 (n->flags & NTF_EXT_LEARNED)) {
930 write_unlock(&n->lock);
931 goto next_elt;
932 }
933
934 if (time_before(n->used, n->confirmed) &&
935 time_is_before_eq_jiffies(n->confirmed))
936 n->used = n->confirmed;
937
938 if (refcount_read(&n->refcnt) == 1 &&
939 (state == NUD_FAILED ||
940 !time_in_range_open(jiffies, n->used,
941 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
942 rcu_assign_pointer(*np,
943 rcu_dereference_protected(n->next,
944 lockdep_is_held(&tbl->lock)));
945 neigh_mark_dead(n);
946 write_unlock(&n->lock);
947 neigh_cleanup_and_release(n);
948 continue;
949 }
950 write_unlock(&n->lock);
951
952 next_elt:
953 np = &n->next;
954 }
955 /*
956 * It's fine to release lock here, even if hash table
957 * grows while we are preempted.
958 */
959 write_unlock_bh(&tbl->lock);
960 cond_resched();
961 write_lock_bh(&tbl->lock);
962 nht = rcu_dereference_protected(tbl->nht,
963 lockdep_is_held(&tbl->lock));
964 }
965 out:
966 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
967 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
968 * BASE_REACHABLE_TIME.
969 */
970 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
971 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
972 write_unlock_bh(&tbl->lock);
973 }
974
neigh_max_probes(struct neighbour * n)975 static __inline__ int neigh_max_probes(struct neighbour *n)
976 {
977 struct neigh_parms *p = n->parms;
978 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
979 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
980 NEIGH_VAR(p, MCAST_PROBES));
981 }
982
neigh_invalidate(struct neighbour * neigh)983 static void neigh_invalidate(struct neighbour *neigh)
984 __releases(neigh->lock)
985 __acquires(neigh->lock)
986 {
987 struct sk_buff *skb;
988
989 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
990 neigh_dbg(2, "neigh %p is failed\n", neigh);
991 neigh->updated = jiffies;
992
993 /* It is very thin place. report_unreachable is very complicated
994 routine. Particularly, it can hit the same neighbour entry!
995
996 So that, we try to be accurate and avoid dead loop. --ANK
997 */
998 while (neigh->nud_state == NUD_FAILED &&
999 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1000 write_unlock(&neigh->lock);
1001 neigh->ops->error_report(neigh, skb);
1002 write_lock(&neigh->lock);
1003 }
1004 __skb_queue_purge(&neigh->arp_queue);
1005 neigh->arp_queue_len_bytes = 0;
1006 }
1007
neigh_probe(struct neighbour * neigh)1008 static void neigh_probe(struct neighbour *neigh)
1009 __releases(neigh->lock)
1010 {
1011 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1012 /* keep skb alive even if arp_queue overflows */
1013 if (skb)
1014 skb = skb_clone(skb, GFP_ATOMIC);
1015 write_unlock(&neigh->lock);
1016 if (neigh->ops->solicit)
1017 neigh->ops->solicit(neigh, skb);
1018 atomic_inc(&neigh->probes);
1019 consume_skb(skb);
1020 }
1021
1022 /* Called when a timer expires for a neighbour entry. */
1023
neigh_timer_handler(struct timer_list * t)1024 static void neigh_timer_handler(struct timer_list *t)
1025 {
1026 unsigned long now, next;
1027 struct neighbour *neigh = from_timer(neigh, t, timer);
1028 unsigned int state;
1029 int notify = 0;
1030
1031 write_lock(&neigh->lock);
1032
1033 state = neigh->nud_state;
1034 now = jiffies;
1035 next = now + HZ;
1036
1037 if (!(state & NUD_IN_TIMER))
1038 goto out;
1039
1040 if (state & NUD_REACHABLE) {
1041 if (time_before_eq(now,
1042 neigh->confirmed + neigh->parms->reachable_time)) {
1043 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1044 next = neigh->confirmed + neigh->parms->reachable_time;
1045 } else if (time_before_eq(now,
1046 neigh->used +
1047 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1048 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1049 neigh->nud_state = NUD_DELAY;
1050 neigh->updated = jiffies;
1051 neigh_suspect(neigh);
1052 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1053 } else {
1054 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1055 neigh->nud_state = NUD_STALE;
1056 neigh->updated = jiffies;
1057 neigh_suspect(neigh);
1058 notify = 1;
1059 }
1060 } else if (state & NUD_DELAY) {
1061 if (time_before_eq(now,
1062 neigh->confirmed +
1063 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1064 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1065 neigh->nud_state = NUD_REACHABLE;
1066 neigh->updated = jiffies;
1067 neigh_connect(neigh);
1068 notify = 1;
1069 next = neigh->confirmed + neigh->parms->reachable_time;
1070 } else {
1071 neigh_dbg(2, "neigh %p is probed\n", neigh);
1072 neigh->nud_state = NUD_PROBE;
1073 neigh->updated = jiffies;
1074 atomic_set(&neigh->probes, 0);
1075 notify = 1;
1076 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1077 HZ/100);
1078 }
1079 } else {
1080 /* NUD_PROBE|NUD_INCOMPLETE */
1081 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1082 }
1083
1084 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1085 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1086 neigh->nud_state = NUD_FAILED;
1087 notify = 1;
1088 neigh_invalidate(neigh);
1089 goto out;
1090 }
1091
1092 if (neigh->nud_state & NUD_IN_TIMER) {
1093 if (time_before(next, jiffies + HZ/100))
1094 next = jiffies + HZ/100;
1095 if (!mod_timer(&neigh->timer, next))
1096 neigh_hold(neigh);
1097 }
1098 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1099 neigh_probe(neigh);
1100 } else {
1101 out:
1102 write_unlock(&neigh->lock);
1103 }
1104
1105 if (notify)
1106 neigh_update_notify(neigh, 0);
1107
1108 trace_neigh_timer_handler(neigh, 0);
1109
1110 neigh_release(neigh);
1111 }
1112
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1113 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1114 {
1115 int rc;
1116 bool immediate_probe = false;
1117
1118 write_lock_bh(&neigh->lock);
1119
1120 rc = 0;
1121 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1122 goto out_unlock_bh;
1123 if (neigh->dead)
1124 goto out_dead;
1125
1126 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1127 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1128 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1129 unsigned long next, now = jiffies;
1130
1131 atomic_set(&neigh->probes,
1132 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1133 neigh_del_timer(neigh);
1134 neigh->nud_state = NUD_INCOMPLETE;
1135 neigh->updated = now;
1136 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1137 HZ/100);
1138 neigh_add_timer(neigh, next);
1139 immediate_probe = true;
1140 } else {
1141 neigh->nud_state = NUD_FAILED;
1142 neigh->updated = jiffies;
1143 write_unlock_bh(&neigh->lock);
1144
1145 kfree_skb(skb);
1146 return 1;
1147 }
1148 } else if (neigh->nud_state & NUD_STALE) {
1149 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1150 neigh_del_timer(neigh);
1151 neigh->nud_state = NUD_DELAY;
1152 neigh->updated = jiffies;
1153 neigh_add_timer(neigh, jiffies +
1154 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1155 }
1156
1157 if (neigh->nud_state == NUD_INCOMPLETE) {
1158 if (skb) {
1159 while (neigh->arp_queue_len_bytes + skb->truesize >
1160 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1161 struct sk_buff *buff;
1162
1163 buff = __skb_dequeue(&neigh->arp_queue);
1164 if (!buff)
1165 break;
1166 neigh->arp_queue_len_bytes -= buff->truesize;
1167 kfree_skb(buff);
1168 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1169 }
1170 skb_dst_force(skb);
1171 __skb_queue_tail(&neigh->arp_queue, skb);
1172 neigh->arp_queue_len_bytes += skb->truesize;
1173 }
1174 rc = 1;
1175 }
1176 out_unlock_bh:
1177 if (immediate_probe)
1178 neigh_probe(neigh);
1179 else
1180 write_unlock(&neigh->lock);
1181 local_bh_enable();
1182 trace_neigh_event_send_done(neigh, rc);
1183 return rc;
1184
1185 out_dead:
1186 if (neigh->nud_state & NUD_STALE)
1187 goto out_unlock_bh;
1188 write_unlock_bh(&neigh->lock);
1189 kfree_skb(skb);
1190 trace_neigh_event_send_dead(neigh, 1);
1191 return 1;
1192 }
1193 EXPORT_SYMBOL(__neigh_event_send);
1194
neigh_update_hhs(struct neighbour * neigh)1195 static void neigh_update_hhs(struct neighbour *neigh)
1196 {
1197 struct hh_cache *hh;
1198 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1199 = NULL;
1200
1201 if (neigh->dev->header_ops)
1202 update = neigh->dev->header_ops->cache_update;
1203
1204 if (update) {
1205 hh = &neigh->hh;
1206 if (READ_ONCE(hh->hh_len)) {
1207 write_seqlock_bh(&hh->hh_lock);
1208 update(hh, neigh->dev, neigh->ha);
1209 write_sequnlock_bh(&hh->hh_lock);
1210 }
1211 }
1212 }
1213
1214
1215
1216 /* Generic update routine.
1217 -- lladdr is new lladdr or NULL, if it is not supplied.
1218 -- new is new state.
1219 -- flags
1220 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1221 if it is different.
1222 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1223 lladdr instead of overriding it
1224 if it is different.
1225 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1226 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1227 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1228 NTF_ROUTER flag.
1229 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1230 a router.
1231
1232 Caller MUST hold reference count on the entry.
1233 */
1234
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1235 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1236 u8 new, u32 flags, u32 nlmsg_pid,
1237 struct netlink_ext_ack *extack)
1238 {
1239 bool ext_learn_change = false;
1240 u8 old;
1241 int err;
1242 int notify = 0;
1243 struct net_device *dev;
1244 int update_isrouter = 0;
1245
1246 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1247
1248 write_lock_bh(&neigh->lock);
1249
1250 dev = neigh->dev;
1251 old = neigh->nud_state;
1252 err = -EPERM;
1253
1254 if (neigh->dead) {
1255 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1256 new = old;
1257 goto out;
1258 }
1259 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1260 (old & (NUD_NOARP | NUD_PERMANENT)))
1261 goto out;
1262
1263 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1264 if (flags & NEIGH_UPDATE_F_USE) {
1265 new = old & ~NUD_PERMANENT;
1266 neigh->nud_state = new;
1267 err = 0;
1268 goto out;
1269 }
1270
1271 if (!(new & NUD_VALID)) {
1272 neigh_del_timer(neigh);
1273 if (old & NUD_CONNECTED)
1274 neigh_suspect(neigh);
1275 neigh->nud_state = new;
1276 err = 0;
1277 notify = old & NUD_VALID;
1278 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1279 (new & NUD_FAILED)) {
1280 neigh_invalidate(neigh);
1281 notify = 1;
1282 }
1283 goto out;
1284 }
1285
1286 /* Compare new lladdr with cached one */
1287 if (!dev->addr_len) {
1288 /* First case: device needs no address. */
1289 lladdr = neigh->ha;
1290 } else if (lladdr) {
1291 /* The second case: if something is already cached
1292 and a new address is proposed:
1293 - compare new & old
1294 - if they are different, check override flag
1295 */
1296 if ((old & NUD_VALID) &&
1297 !memcmp(lladdr, neigh->ha, dev->addr_len))
1298 lladdr = neigh->ha;
1299 } else {
1300 /* No address is supplied; if we know something,
1301 use it, otherwise discard the request.
1302 */
1303 err = -EINVAL;
1304 if (!(old & NUD_VALID)) {
1305 NL_SET_ERR_MSG(extack, "No link layer address given");
1306 goto out;
1307 }
1308 lladdr = neigh->ha;
1309 }
1310
1311 /* Update confirmed timestamp for neighbour entry after we
1312 * received ARP packet even if it doesn't change IP to MAC binding.
1313 */
1314 if (new & NUD_CONNECTED)
1315 neigh->confirmed = jiffies;
1316
1317 /* If entry was valid and address is not changed,
1318 do not change entry state, if new one is STALE.
1319 */
1320 err = 0;
1321 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1322 if (old & NUD_VALID) {
1323 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1324 update_isrouter = 0;
1325 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1326 (old & NUD_CONNECTED)) {
1327 lladdr = neigh->ha;
1328 new = NUD_STALE;
1329 } else
1330 goto out;
1331 } else {
1332 if (lladdr == neigh->ha && new == NUD_STALE &&
1333 !(flags & NEIGH_UPDATE_F_ADMIN))
1334 new = old;
1335 }
1336 }
1337
1338 /* Update timestamp only once we know we will make a change to the
1339 * neighbour entry. Otherwise we risk to move the locktime window with
1340 * noop updates and ignore relevant ARP updates.
1341 */
1342 if (new != old || lladdr != neigh->ha)
1343 neigh->updated = jiffies;
1344
1345 if (new != old) {
1346 neigh_del_timer(neigh);
1347 if (new & NUD_PROBE)
1348 atomic_set(&neigh->probes, 0);
1349 if (new & NUD_IN_TIMER)
1350 neigh_add_timer(neigh, (jiffies +
1351 ((new & NUD_REACHABLE) ?
1352 neigh->parms->reachable_time :
1353 0)));
1354 neigh->nud_state = new;
1355 notify = 1;
1356 }
1357
1358 if (lladdr != neigh->ha) {
1359 write_seqlock(&neigh->ha_lock);
1360 memcpy(&neigh->ha, lladdr, dev->addr_len);
1361 write_sequnlock(&neigh->ha_lock);
1362 neigh_update_hhs(neigh);
1363 if (!(new & NUD_CONNECTED))
1364 neigh->confirmed = jiffies -
1365 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1366 notify = 1;
1367 }
1368 if (new == old)
1369 goto out;
1370 if (new & NUD_CONNECTED)
1371 neigh_connect(neigh);
1372 else
1373 neigh_suspect(neigh);
1374 if (!(old & NUD_VALID)) {
1375 struct sk_buff *skb;
1376
1377 /* Again: avoid dead loop if something went wrong */
1378
1379 while (neigh->nud_state & NUD_VALID &&
1380 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1381 struct dst_entry *dst = skb_dst(skb);
1382 struct neighbour *n2, *n1 = neigh;
1383 write_unlock_bh(&neigh->lock);
1384
1385 rcu_read_lock();
1386
1387 /* Why not just use 'neigh' as-is? The problem is that
1388 * things such as shaper, eql, and sch_teql can end up
1389 * using alternative, different, neigh objects to output
1390 * the packet in the output path. So what we need to do
1391 * here is re-lookup the top-level neigh in the path so
1392 * we can reinject the packet there.
1393 */
1394 n2 = NULL;
1395 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1396 n2 = dst_neigh_lookup_skb(dst, skb);
1397 if (n2)
1398 n1 = n2;
1399 }
1400 n1->output(n1, skb);
1401 if (n2)
1402 neigh_release(n2);
1403 rcu_read_unlock();
1404
1405 write_lock_bh(&neigh->lock);
1406 }
1407 __skb_queue_purge(&neigh->arp_queue);
1408 neigh->arp_queue_len_bytes = 0;
1409 }
1410 out:
1411 if (update_isrouter)
1412 neigh_update_is_router(neigh, flags, ¬ify);
1413 write_unlock_bh(&neigh->lock);
1414
1415 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1416 neigh_update_gc_list(neigh);
1417
1418 if (notify)
1419 neigh_update_notify(neigh, nlmsg_pid);
1420
1421 trace_neigh_update_done(neigh, err);
1422
1423 return err;
1424 }
1425
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1426 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1427 u32 flags, u32 nlmsg_pid)
1428 {
1429 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1430 }
1431 EXPORT_SYMBOL(neigh_update);
1432
1433 /* Update the neigh to listen temporarily for probe responses, even if it is
1434 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1435 */
__neigh_set_probe_once(struct neighbour * neigh)1436 void __neigh_set_probe_once(struct neighbour *neigh)
1437 {
1438 if (neigh->dead)
1439 return;
1440 neigh->updated = jiffies;
1441 if (!(neigh->nud_state & NUD_FAILED))
1442 return;
1443 neigh->nud_state = NUD_INCOMPLETE;
1444 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1445 neigh_add_timer(neigh,
1446 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1447 HZ/100));
1448 }
1449 EXPORT_SYMBOL(__neigh_set_probe_once);
1450
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1451 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1452 u8 *lladdr, void *saddr,
1453 struct net_device *dev)
1454 {
1455 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1456 lladdr || !dev->addr_len);
1457 if (neigh)
1458 neigh_update(neigh, lladdr, NUD_STALE,
1459 NEIGH_UPDATE_F_OVERRIDE, 0);
1460 return neigh;
1461 }
1462 EXPORT_SYMBOL(neigh_event_ns);
1463
1464 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1465 static void neigh_hh_init(struct neighbour *n)
1466 {
1467 struct net_device *dev = n->dev;
1468 __be16 prot = n->tbl->protocol;
1469 struct hh_cache *hh = &n->hh;
1470
1471 write_lock_bh(&n->lock);
1472
1473 /* Only one thread can come in here and initialize the
1474 * hh_cache entry.
1475 */
1476 if (!hh->hh_len)
1477 dev->header_ops->cache(n, hh, prot);
1478
1479 write_unlock_bh(&n->lock);
1480 }
1481
1482 /* Slow and careful. */
1483
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1484 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1485 {
1486 int rc = 0;
1487
1488 if (!neigh_event_send(neigh, skb)) {
1489 int err;
1490 struct net_device *dev = neigh->dev;
1491 unsigned int seq;
1492
1493 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1494 neigh_hh_init(neigh);
1495
1496 do {
1497 __skb_pull(skb, skb_network_offset(skb));
1498 seq = read_seqbegin(&neigh->ha_lock);
1499 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1500 neigh->ha, NULL, skb->len);
1501 } while (read_seqretry(&neigh->ha_lock, seq));
1502
1503 if (err >= 0)
1504 rc = dev_queue_xmit(skb);
1505 else
1506 goto out_kfree_skb;
1507 }
1508 out:
1509 return rc;
1510 out_kfree_skb:
1511 rc = -EINVAL;
1512 kfree_skb(skb);
1513 goto out;
1514 }
1515 EXPORT_SYMBOL(neigh_resolve_output);
1516
1517 /* As fast as possible without hh cache */
1518
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1519 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1520 {
1521 struct net_device *dev = neigh->dev;
1522 unsigned int seq;
1523 int err;
1524
1525 do {
1526 __skb_pull(skb, skb_network_offset(skb));
1527 seq = read_seqbegin(&neigh->ha_lock);
1528 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1529 neigh->ha, NULL, skb->len);
1530 } while (read_seqretry(&neigh->ha_lock, seq));
1531
1532 if (err >= 0)
1533 err = dev_queue_xmit(skb);
1534 else {
1535 err = -EINVAL;
1536 kfree_skb(skb);
1537 }
1538 return err;
1539 }
1540 EXPORT_SYMBOL(neigh_connected_output);
1541
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1542 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1543 {
1544 return dev_queue_xmit(skb);
1545 }
1546 EXPORT_SYMBOL(neigh_direct_output);
1547
neigh_proxy_process(struct timer_list * t)1548 static void neigh_proxy_process(struct timer_list *t)
1549 {
1550 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1551 long sched_next = 0;
1552 unsigned long now = jiffies;
1553 struct sk_buff *skb, *n;
1554
1555 spin_lock(&tbl->proxy_queue.lock);
1556
1557 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1558 long tdif = NEIGH_CB(skb)->sched_next - now;
1559
1560 if (tdif <= 0) {
1561 struct net_device *dev = skb->dev;
1562
1563 __skb_unlink(skb, &tbl->proxy_queue);
1564 if (tbl->proxy_redo && netif_running(dev)) {
1565 rcu_read_lock();
1566 tbl->proxy_redo(skb);
1567 rcu_read_unlock();
1568 } else {
1569 kfree_skb(skb);
1570 }
1571
1572 dev_put(dev);
1573 } else if (!sched_next || tdif < sched_next)
1574 sched_next = tdif;
1575 }
1576 del_timer(&tbl->proxy_timer);
1577 if (sched_next)
1578 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1579 spin_unlock(&tbl->proxy_queue.lock);
1580 }
1581
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1582 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1583 struct sk_buff *skb)
1584 {
1585 unsigned long sched_next = jiffies +
1586 prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1587
1588 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1589 kfree_skb(skb);
1590 return;
1591 }
1592
1593 NEIGH_CB(skb)->sched_next = sched_next;
1594 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1595
1596 spin_lock(&tbl->proxy_queue.lock);
1597 if (del_timer(&tbl->proxy_timer)) {
1598 if (time_before(tbl->proxy_timer.expires, sched_next))
1599 sched_next = tbl->proxy_timer.expires;
1600 }
1601 skb_dst_drop(skb);
1602 dev_hold(skb->dev);
1603 __skb_queue_tail(&tbl->proxy_queue, skb);
1604 mod_timer(&tbl->proxy_timer, sched_next);
1605 spin_unlock(&tbl->proxy_queue.lock);
1606 }
1607 EXPORT_SYMBOL(pneigh_enqueue);
1608
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1609 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1610 struct net *net, int ifindex)
1611 {
1612 struct neigh_parms *p;
1613
1614 list_for_each_entry(p, &tbl->parms_list, list) {
1615 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1616 (!p->dev && !ifindex && net_eq(net, &init_net)))
1617 return p;
1618 }
1619
1620 return NULL;
1621 }
1622
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1623 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1624 struct neigh_table *tbl)
1625 {
1626 struct neigh_parms *p;
1627 struct net *net = dev_net(dev);
1628 const struct net_device_ops *ops = dev->netdev_ops;
1629
1630 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1631 if (p) {
1632 p->tbl = tbl;
1633 refcount_set(&p->refcnt, 1);
1634 p->reachable_time =
1635 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1636 dev_hold(dev);
1637 p->dev = dev;
1638 write_pnet(&p->net, net);
1639 p->sysctl_table = NULL;
1640
1641 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1642 dev_put(dev);
1643 kfree(p);
1644 return NULL;
1645 }
1646
1647 write_lock_bh(&tbl->lock);
1648 list_add(&p->list, &tbl->parms.list);
1649 write_unlock_bh(&tbl->lock);
1650
1651 neigh_parms_data_state_cleanall(p);
1652 }
1653 return p;
1654 }
1655 EXPORT_SYMBOL(neigh_parms_alloc);
1656
neigh_rcu_free_parms(struct rcu_head * head)1657 static void neigh_rcu_free_parms(struct rcu_head *head)
1658 {
1659 struct neigh_parms *parms =
1660 container_of(head, struct neigh_parms, rcu_head);
1661
1662 neigh_parms_put(parms);
1663 }
1664
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1665 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1666 {
1667 if (!parms || parms == &tbl->parms)
1668 return;
1669 write_lock_bh(&tbl->lock);
1670 list_del(&parms->list);
1671 parms->dead = 1;
1672 write_unlock_bh(&tbl->lock);
1673 dev_put(parms->dev);
1674 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1675 }
1676 EXPORT_SYMBOL(neigh_parms_release);
1677
neigh_parms_destroy(struct neigh_parms * parms)1678 static void neigh_parms_destroy(struct neigh_parms *parms)
1679 {
1680 kfree(parms);
1681 }
1682
1683 static struct lock_class_key neigh_table_proxy_queue_class;
1684
1685 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1686
neigh_table_init(int index,struct neigh_table * tbl)1687 void neigh_table_init(int index, struct neigh_table *tbl)
1688 {
1689 unsigned long now = jiffies;
1690 unsigned long phsize;
1691
1692 INIT_LIST_HEAD(&tbl->parms_list);
1693 INIT_LIST_HEAD(&tbl->gc_list);
1694 list_add(&tbl->parms.list, &tbl->parms_list);
1695 write_pnet(&tbl->parms.net, &init_net);
1696 refcount_set(&tbl->parms.refcnt, 1);
1697 tbl->parms.reachable_time =
1698 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1699
1700 tbl->stats = alloc_percpu(struct neigh_statistics);
1701 if (!tbl->stats)
1702 panic("cannot create neighbour cache statistics");
1703
1704 #ifdef CONFIG_PROC_FS
1705 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1706 &neigh_stat_seq_ops, tbl))
1707 panic("cannot create neighbour proc dir entry");
1708 #endif
1709
1710 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1711
1712 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1713 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1714
1715 if (!tbl->nht || !tbl->phash_buckets)
1716 panic("cannot allocate neighbour cache hashes");
1717
1718 if (!tbl->entry_size)
1719 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1720 tbl->key_len, NEIGH_PRIV_ALIGN);
1721 else
1722 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1723
1724 rwlock_init(&tbl->lock);
1725 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1726 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1727 tbl->parms.reachable_time);
1728 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1729 skb_queue_head_init_class(&tbl->proxy_queue,
1730 &neigh_table_proxy_queue_class);
1731
1732 tbl->last_flush = now;
1733 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1734
1735 neigh_tables[index] = tbl;
1736 }
1737 EXPORT_SYMBOL(neigh_table_init);
1738
neigh_table_clear(int index,struct neigh_table * tbl)1739 int neigh_table_clear(int index, struct neigh_table *tbl)
1740 {
1741 neigh_tables[index] = NULL;
1742 /* It is not clean... Fix it to unload IPv6 module safely */
1743 cancel_delayed_work_sync(&tbl->gc_work);
1744 del_timer_sync(&tbl->proxy_timer);
1745 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1746 neigh_ifdown(tbl, NULL);
1747 if (atomic_read(&tbl->entries))
1748 pr_crit("neighbour leakage\n");
1749
1750 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1751 neigh_hash_free_rcu);
1752 tbl->nht = NULL;
1753
1754 kfree(tbl->phash_buckets);
1755 tbl->phash_buckets = NULL;
1756
1757 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1758
1759 free_percpu(tbl->stats);
1760 tbl->stats = NULL;
1761
1762 return 0;
1763 }
1764 EXPORT_SYMBOL(neigh_table_clear);
1765
neigh_find_table(int family)1766 static struct neigh_table *neigh_find_table(int family)
1767 {
1768 struct neigh_table *tbl = NULL;
1769
1770 switch (family) {
1771 case AF_INET:
1772 tbl = neigh_tables[NEIGH_ARP_TABLE];
1773 break;
1774 case AF_INET6:
1775 tbl = neigh_tables[NEIGH_ND_TABLE];
1776 break;
1777 }
1778
1779 return tbl;
1780 }
1781
1782 const struct nla_policy nda_policy[NDA_MAX+1] = {
1783 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1784 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1785 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1786 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1787 [NDA_PROBES] = { .type = NLA_U32 },
1788 [NDA_VLAN] = { .type = NLA_U16 },
1789 [NDA_PORT] = { .type = NLA_U16 },
1790 [NDA_VNI] = { .type = NLA_U32 },
1791 [NDA_IFINDEX] = { .type = NLA_U32 },
1792 [NDA_MASTER] = { .type = NLA_U32 },
1793 [NDA_PROTOCOL] = { .type = NLA_U8 },
1794 [NDA_NH_ID] = { .type = NLA_U32 },
1795 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1796 };
1797
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1798 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1799 struct netlink_ext_ack *extack)
1800 {
1801 struct net *net = sock_net(skb->sk);
1802 struct ndmsg *ndm;
1803 struct nlattr *dst_attr;
1804 struct neigh_table *tbl;
1805 struct neighbour *neigh;
1806 struct net_device *dev = NULL;
1807 int err = -EINVAL;
1808
1809 ASSERT_RTNL();
1810 if (nlmsg_len(nlh) < sizeof(*ndm))
1811 goto out;
1812
1813 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1814 if (!dst_attr) {
1815 NL_SET_ERR_MSG(extack, "Network address not specified");
1816 goto out;
1817 }
1818
1819 ndm = nlmsg_data(nlh);
1820 if (ndm->ndm_ifindex) {
1821 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1822 if (dev == NULL) {
1823 err = -ENODEV;
1824 goto out;
1825 }
1826 }
1827
1828 tbl = neigh_find_table(ndm->ndm_family);
1829 if (tbl == NULL)
1830 return -EAFNOSUPPORT;
1831
1832 if (nla_len(dst_attr) < (int)tbl->key_len) {
1833 NL_SET_ERR_MSG(extack, "Invalid network address");
1834 goto out;
1835 }
1836
1837 if (ndm->ndm_flags & NTF_PROXY) {
1838 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1839 goto out;
1840 }
1841
1842 if (dev == NULL)
1843 goto out;
1844
1845 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1846 if (neigh == NULL) {
1847 err = -ENOENT;
1848 goto out;
1849 }
1850
1851 err = __neigh_update(neigh, NULL, NUD_FAILED,
1852 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1853 NETLINK_CB(skb).portid, extack);
1854 write_lock_bh(&tbl->lock);
1855 neigh_release(neigh);
1856 neigh_remove_one(neigh, tbl);
1857 write_unlock_bh(&tbl->lock);
1858
1859 out:
1860 return err;
1861 }
1862
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1863 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1864 struct netlink_ext_ack *extack)
1865 {
1866 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1867 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1868 struct net *net = sock_net(skb->sk);
1869 struct ndmsg *ndm;
1870 struct nlattr *tb[NDA_MAX+1];
1871 struct neigh_table *tbl;
1872 struct net_device *dev = NULL;
1873 struct neighbour *neigh;
1874 void *dst, *lladdr;
1875 u8 protocol = 0;
1876 int err;
1877
1878 ASSERT_RTNL();
1879 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1880 nda_policy, extack);
1881 if (err < 0)
1882 goto out;
1883
1884 err = -EINVAL;
1885 if (!tb[NDA_DST]) {
1886 NL_SET_ERR_MSG(extack, "Network address not specified");
1887 goto out;
1888 }
1889
1890 ndm = nlmsg_data(nlh);
1891 if (ndm->ndm_ifindex) {
1892 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1893 if (dev == NULL) {
1894 err = -ENODEV;
1895 goto out;
1896 }
1897
1898 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1899 NL_SET_ERR_MSG(extack, "Invalid link address");
1900 goto out;
1901 }
1902 }
1903
1904 tbl = neigh_find_table(ndm->ndm_family);
1905 if (tbl == NULL)
1906 return -EAFNOSUPPORT;
1907
1908 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1909 NL_SET_ERR_MSG(extack, "Invalid network address");
1910 goto out;
1911 }
1912
1913 dst = nla_data(tb[NDA_DST]);
1914 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1915
1916 if (tb[NDA_PROTOCOL])
1917 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1918
1919 if (ndm->ndm_flags & NTF_PROXY) {
1920 struct pneigh_entry *pn;
1921
1922 err = -ENOBUFS;
1923 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1924 if (pn) {
1925 pn->flags = ndm->ndm_flags;
1926 if (protocol)
1927 pn->protocol = protocol;
1928 err = 0;
1929 }
1930 goto out;
1931 }
1932
1933 if (!dev) {
1934 NL_SET_ERR_MSG(extack, "Device not specified");
1935 goto out;
1936 }
1937
1938 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1939 err = -EINVAL;
1940 goto out;
1941 }
1942
1943 neigh = neigh_lookup(tbl, dst, dev);
1944 if (neigh == NULL) {
1945 bool exempt_from_gc;
1946
1947 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1948 err = -ENOENT;
1949 goto out;
1950 }
1951
1952 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1953 ndm->ndm_flags & NTF_EXT_LEARNED;
1954 neigh = ___neigh_create(tbl, dst, dev,
1955 ndm->ndm_flags & NTF_EXT_LEARNED,
1956 exempt_from_gc, true);
1957 if (IS_ERR(neigh)) {
1958 err = PTR_ERR(neigh);
1959 goto out;
1960 }
1961 } else {
1962 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1963 err = -EEXIST;
1964 neigh_release(neigh);
1965 goto out;
1966 }
1967
1968 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1969 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1970 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1971 }
1972
1973 if (protocol)
1974 neigh->protocol = protocol;
1975 if (ndm->ndm_flags & NTF_EXT_LEARNED)
1976 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
1977 if (ndm->ndm_flags & NTF_ROUTER)
1978 flags |= NEIGH_UPDATE_F_ISROUTER;
1979 if (ndm->ndm_flags & NTF_USE)
1980 flags |= NEIGH_UPDATE_F_USE;
1981
1982 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
1983 NETLINK_CB(skb).portid, extack);
1984 if (!err && ndm->ndm_flags & NTF_USE) {
1985 neigh_event_send(neigh, NULL);
1986 err = 0;
1987 }
1988 neigh_release(neigh);
1989 out:
1990 return err;
1991 }
1992
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)1993 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1994 {
1995 struct nlattr *nest;
1996
1997 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
1998 if (nest == NULL)
1999 return -ENOBUFS;
2000
2001 if ((parms->dev &&
2002 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2003 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2004 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2005 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2006 /* approximative value for deprecated QUEUE_LEN (in packets) */
2007 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2008 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2009 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2010 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2011 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2012 NEIGH_VAR(parms, UCAST_PROBES)) ||
2013 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2014 NEIGH_VAR(parms, MCAST_PROBES)) ||
2015 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2016 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2017 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2018 NDTPA_PAD) ||
2019 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2020 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2021 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2022 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2023 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2024 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2025 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2026 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2027 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2028 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2029 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2030 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2031 nla_put_msecs(skb, NDTPA_LOCKTIME,
2032 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2033 goto nla_put_failure;
2034 return nla_nest_end(skb, nest);
2035
2036 nla_put_failure:
2037 nla_nest_cancel(skb, nest);
2038 return -EMSGSIZE;
2039 }
2040
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2041 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2042 u32 pid, u32 seq, int type, int flags)
2043 {
2044 struct nlmsghdr *nlh;
2045 struct ndtmsg *ndtmsg;
2046
2047 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2048 if (nlh == NULL)
2049 return -EMSGSIZE;
2050
2051 ndtmsg = nlmsg_data(nlh);
2052
2053 read_lock_bh(&tbl->lock);
2054 ndtmsg->ndtm_family = tbl->family;
2055 ndtmsg->ndtm_pad1 = 0;
2056 ndtmsg->ndtm_pad2 = 0;
2057
2058 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2059 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval),
2060 NDTA_PAD) ||
2061 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) ||
2062 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) ||
2063 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3)))
2064 goto nla_put_failure;
2065 {
2066 unsigned long now = jiffies;
2067 long flush_delta = now - READ_ONCE(tbl->last_flush);
2068 long rand_delta = now - READ_ONCE(tbl->last_rand);
2069 struct neigh_hash_table *nht;
2070 struct ndt_config ndc = {
2071 .ndtc_key_len = tbl->key_len,
2072 .ndtc_entry_size = tbl->entry_size,
2073 .ndtc_entries = atomic_read(&tbl->entries),
2074 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2075 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2076 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen),
2077 };
2078
2079 rcu_read_lock_bh();
2080 nht = rcu_dereference_bh(tbl->nht);
2081 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2082 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2083 rcu_read_unlock_bh();
2084
2085 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2086 goto nla_put_failure;
2087 }
2088
2089 {
2090 int cpu;
2091 struct ndt_stats ndst;
2092
2093 memset(&ndst, 0, sizeof(ndst));
2094
2095 for_each_possible_cpu(cpu) {
2096 struct neigh_statistics *st;
2097
2098 st = per_cpu_ptr(tbl->stats, cpu);
2099 ndst.ndts_allocs += READ_ONCE(st->allocs);
2100 ndst.ndts_destroys += READ_ONCE(st->destroys);
2101 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows);
2102 ndst.ndts_res_failed += READ_ONCE(st->res_failed);
2103 ndst.ndts_lookups += READ_ONCE(st->lookups);
2104 ndst.ndts_hits += READ_ONCE(st->hits);
2105 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast);
2106 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast);
2107 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs);
2108 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs);
2109 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls);
2110 }
2111
2112 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2113 NDTA_PAD))
2114 goto nla_put_failure;
2115 }
2116
2117 BUG_ON(tbl->parms.dev);
2118 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2119 goto nla_put_failure;
2120
2121 read_unlock_bh(&tbl->lock);
2122 nlmsg_end(skb, nlh);
2123 return 0;
2124
2125 nla_put_failure:
2126 read_unlock_bh(&tbl->lock);
2127 nlmsg_cancel(skb, nlh);
2128 return -EMSGSIZE;
2129 }
2130
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2131 static int neightbl_fill_param_info(struct sk_buff *skb,
2132 struct neigh_table *tbl,
2133 struct neigh_parms *parms,
2134 u32 pid, u32 seq, int type,
2135 unsigned int flags)
2136 {
2137 struct ndtmsg *ndtmsg;
2138 struct nlmsghdr *nlh;
2139
2140 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2141 if (nlh == NULL)
2142 return -EMSGSIZE;
2143
2144 ndtmsg = nlmsg_data(nlh);
2145
2146 read_lock_bh(&tbl->lock);
2147 ndtmsg->ndtm_family = tbl->family;
2148 ndtmsg->ndtm_pad1 = 0;
2149 ndtmsg->ndtm_pad2 = 0;
2150
2151 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2152 neightbl_fill_parms(skb, parms) < 0)
2153 goto errout;
2154
2155 read_unlock_bh(&tbl->lock);
2156 nlmsg_end(skb, nlh);
2157 return 0;
2158 errout:
2159 read_unlock_bh(&tbl->lock);
2160 nlmsg_cancel(skb, nlh);
2161 return -EMSGSIZE;
2162 }
2163
2164 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2165 [NDTA_NAME] = { .type = NLA_STRING },
2166 [NDTA_THRESH1] = { .type = NLA_U32 },
2167 [NDTA_THRESH2] = { .type = NLA_U32 },
2168 [NDTA_THRESH3] = { .type = NLA_U32 },
2169 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2170 [NDTA_PARMS] = { .type = NLA_NESTED },
2171 };
2172
2173 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2174 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2175 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2176 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2177 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2178 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2179 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2180 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2181 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2182 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2183 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2184 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2185 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2186 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2187 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2188 };
2189
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2190 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2191 struct netlink_ext_ack *extack)
2192 {
2193 struct net *net = sock_net(skb->sk);
2194 struct neigh_table *tbl;
2195 struct ndtmsg *ndtmsg;
2196 struct nlattr *tb[NDTA_MAX+1];
2197 bool found = false;
2198 int err, tidx;
2199
2200 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2201 nl_neightbl_policy, extack);
2202 if (err < 0)
2203 goto errout;
2204
2205 if (tb[NDTA_NAME] == NULL) {
2206 err = -EINVAL;
2207 goto errout;
2208 }
2209
2210 ndtmsg = nlmsg_data(nlh);
2211
2212 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2213 tbl = neigh_tables[tidx];
2214 if (!tbl)
2215 continue;
2216 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2217 continue;
2218 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2219 found = true;
2220 break;
2221 }
2222 }
2223
2224 if (!found)
2225 return -ENOENT;
2226
2227 /*
2228 * We acquire tbl->lock to be nice to the periodic timers and
2229 * make sure they always see a consistent set of values.
2230 */
2231 write_lock_bh(&tbl->lock);
2232
2233 if (tb[NDTA_PARMS]) {
2234 struct nlattr *tbp[NDTPA_MAX+1];
2235 struct neigh_parms *p;
2236 int i, ifindex = 0;
2237
2238 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2239 tb[NDTA_PARMS],
2240 nl_ntbl_parm_policy, extack);
2241 if (err < 0)
2242 goto errout_tbl_lock;
2243
2244 if (tbp[NDTPA_IFINDEX])
2245 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2246
2247 p = lookup_neigh_parms(tbl, net, ifindex);
2248 if (p == NULL) {
2249 err = -ENOENT;
2250 goto errout_tbl_lock;
2251 }
2252
2253 for (i = 1; i <= NDTPA_MAX; i++) {
2254 if (tbp[i] == NULL)
2255 continue;
2256
2257 switch (i) {
2258 case NDTPA_QUEUE_LEN:
2259 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2260 nla_get_u32(tbp[i]) *
2261 SKB_TRUESIZE(ETH_FRAME_LEN));
2262 break;
2263 case NDTPA_QUEUE_LENBYTES:
2264 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2265 nla_get_u32(tbp[i]));
2266 break;
2267 case NDTPA_PROXY_QLEN:
2268 NEIGH_VAR_SET(p, PROXY_QLEN,
2269 nla_get_u32(tbp[i]));
2270 break;
2271 case NDTPA_APP_PROBES:
2272 NEIGH_VAR_SET(p, APP_PROBES,
2273 nla_get_u32(tbp[i]));
2274 break;
2275 case NDTPA_UCAST_PROBES:
2276 NEIGH_VAR_SET(p, UCAST_PROBES,
2277 nla_get_u32(tbp[i]));
2278 break;
2279 case NDTPA_MCAST_PROBES:
2280 NEIGH_VAR_SET(p, MCAST_PROBES,
2281 nla_get_u32(tbp[i]));
2282 break;
2283 case NDTPA_MCAST_REPROBES:
2284 NEIGH_VAR_SET(p, MCAST_REPROBES,
2285 nla_get_u32(tbp[i]));
2286 break;
2287 case NDTPA_BASE_REACHABLE_TIME:
2288 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2289 nla_get_msecs(tbp[i]));
2290 /* update reachable_time as well, otherwise, the change will
2291 * only be effective after the next time neigh_periodic_work
2292 * decides to recompute it (can be multiple minutes)
2293 */
2294 p->reachable_time =
2295 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2296 break;
2297 case NDTPA_GC_STALETIME:
2298 NEIGH_VAR_SET(p, GC_STALETIME,
2299 nla_get_msecs(tbp[i]));
2300 break;
2301 case NDTPA_DELAY_PROBE_TIME:
2302 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2303 nla_get_msecs(tbp[i]));
2304 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2305 break;
2306 case NDTPA_RETRANS_TIME:
2307 NEIGH_VAR_SET(p, RETRANS_TIME,
2308 nla_get_msecs(tbp[i]));
2309 break;
2310 case NDTPA_ANYCAST_DELAY:
2311 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2312 nla_get_msecs(tbp[i]));
2313 break;
2314 case NDTPA_PROXY_DELAY:
2315 NEIGH_VAR_SET(p, PROXY_DELAY,
2316 nla_get_msecs(tbp[i]));
2317 break;
2318 case NDTPA_LOCKTIME:
2319 NEIGH_VAR_SET(p, LOCKTIME,
2320 nla_get_msecs(tbp[i]));
2321 break;
2322 }
2323 }
2324 }
2325
2326 err = -ENOENT;
2327 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2328 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2329 !net_eq(net, &init_net))
2330 goto errout_tbl_lock;
2331
2332 if (tb[NDTA_THRESH1])
2333 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1]));
2334
2335 if (tb[NDTA_THRESH2])
2336 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2]));
2337
2338 if (tb[NDTA_THRESH3])
2339 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3]));
2340
2341 if (tb[NDTA_GC_INTERVAL])
2342 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL]));
2343
2344 err = 0;
2345
2346 errout_tbl_lock:
2347 write_unlock_bh(&tbl->lock);
2348 errout:
2349 return err;
2350 }
2351
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2352 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2353 struct netlink_ext_ack *extack)
2354 {
2355 struct ndtmsg *ndtm;
2356
2357 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2358 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2359 return -EINVAL;
2360 }
2361
2362 ndtm = nlmsg_data(nlh);
2363 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2364 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2365 return -EINVAL;
2366 }
2367
2368 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2369 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2370 return -EINVAL;
2371 }
2372
2373 return 0;
2374 }
2375
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2376 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2377 {
2378 const struct nlmsghdr *nlh = cb->nlh;
2379 struct net *net = sock_net(skb->sk);
2380 int family, tidx, nidx = 0;
2381 int tbl_skip = cb->args[0];
2382 int neigh_skip = cb->args[1];
2383 struct neigh_table *tbl;
2384
2385 if (cb->strict_check) {
2386 int err = neightbl_valid_dump_info(nlh, cb->extack);
2387
2388 if (err < 0)
2389 return err;
2390 }
2391
2392 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2393
2394 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2395 struct neigh_parms *p;
2396
2397 tbl = neigh_tables[tidx];
2398 if (!tbl)
2399 continue;
2400
2401 if (tidx < tbl_skip || (family && tbl->family != family))
2402 continue;
2403
2404 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2405 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2406 NLM_F_MULTI) < 0)
2407 break;
2408
2409 nidx = 0;
2410 p = list_next_entry(&tbl->parms, list);
2411 list_for_each_entry_from(p, &tbl->parms_list, list) {
2412 if (!net_eq(neigh_parms_net(p), net))
2413 continue;
2414
2415 if (nidx < neigh_skip)
2416 goto next;
2417
2418 if (neightbl_fill_param_info(skb, tbl, p,
2419 NETLINK_CB(cb->skb).portid,
2420 nlh->nlmsg_seq,
2421 RTM_NEWNEIGHTBL,
2422 NLM_F_MULTI) < 0)
2423 goto out;
2424 next:
2425 nidx++;
2426 }
2427
2428 neigh_skip = 0;
2429 }
2430 out:
2431 cb->args[0] = tidx;
2432 cb->args[1] = nidx;
2433
2434 return skb->len;
2435 }
2436
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2437 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2438 u32 pid, u32 seq, int type, unsigned int flags)
2439 {
2440 unsigned long now = jiffies;
2441 struct nda_cacheinfo ci;
2442 struct nlmsghdr *nlh;
2443 struct ndmsg *ndm;
2444
2445 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2446 if (nlh == NULL)
2447 return -EMSGSIZE;
2448
2449 ndm = nlmsg_data(nlh);
2450 ndm->ndm_family = neigh->ops->family;
2451 ndm->ndm_pad1 = 0;
2452 ndm->ndm_pad2 = 0;
2453 ndm->ndm_flags = neigh->flags;
2454 ndm->ndm_type = neigh->type;
2455 ndm->ndm_ifindex = neigh->dev->ifindex;
2456
2457 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2458 goto nla_put_failure;
2459
2460 read_lock_bh(&neigh->lock);
2461 ndm->ndm_state = neigh->nud_state;
2462 if (neigh->nud_state & NUD_VALID) {
2463 char haddr[MAX_ADDR_LEN];
2464
2465 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2466 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2467 read_unlock_bh(&neigh->lock);
2468 goto nla_put_failure;
2469 }
2470 }
2471
2472 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2473 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2474 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2475 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2476 read_unlock_bh(&neigh->lock);
2477
2478 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2479 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2480 goto nla_put_failure;
2481
2482 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2483 goto nla_put_failure;
2484
2485 nlmsg_end(skb, nlh);
2486 return 0;
2487
2488 nla_put_failure:
2489 nlmsg_cancel(skb, nlh);
2490 return -EMSGSIZE;
2491 }
2492
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2493 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2494 u32 pid, u32 seq, int type, unsigned int flags,
2495 struct neigh_table *tbl)
2496 {
2497 struct nlmsghdr *nlh;
2498 struct ndmsg *ndm;
2499
2500 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2501 if (nlh == NULL)
2502 return -EMSGSIZE;
2503
2504 ndm = nlmsg_data(nlh);
2505 ndm->ndm_family = tbl->family;
2506 ndm->ndm_pad1 = 0;
2507 ndm->ndm_pad2 = 0;
2508 ndm->ndm_flags = pn->flags | NTF_PROXY;
2509 ndm->ndm_type = RTN_UNICAST;
2510 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2511 ndm->ndm_state = NUD_NONE;
2512
2513 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2514 goto nla_put_failure;
2515
2516 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2517 goto nla_put_failure;
2518
2519 nlmsg_end(skb, nlh);
2520 return 0;
2521
2522 nla_put_failure:
2523 nlmsg_cancel(skb, nlh);
2524 return -EMSGSIZE;
2525 }
2526
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2527 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2528 {
2529 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2530 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2531 }
2532
neigh_master_filtered(struct net_device * dev,int master_idx)2533 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2534 {
2535 struct net_device *master;
2536
2537 if (!master_idx)
2538 return false;
2539
2540 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2541
2542 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2543 * invalid value for ifindex to denote "no master".
2544 */
2545 if (master_idx == -1)
2546 return !!master;
2547
2548 if (!master || master->ifindex != master_idx)
2549 return true;
2550
2551 return false;
2552 }
2553
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2554 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2555 {
2556 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2557 return true;
2558
2559 return false;
2560 }
2561
2562 struct neigh_dump_filter {
2563 int master_idx;
2564 int dev_idx;
2565 };
2566
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2567 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2568 struct netlink_callback *cb,
2569 struct neigh_dump_filter *filter)
2570 {
2571 struct net *net = sock_net(skb->sk);
2572 struct neighbour *n;
2573 int rc, h, s_h = cb->args[1];
2574 int idx, s_idx = idx = cb->args[2];
2575 struct neigh_hash_table *nht;
2576 unsigned int flags = NLM_F_MULTI;
2577
2578 if (filter->dev_idx || filter->master_idx)
2579 flags |= NLM_F_DUMP_FILTERED;
2580
2581 rcu_read_lock_bh();
2582 nht = rcu_dereference_bh(tbl->nht);
2583
2584 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2585 if (h > s_h)
2586 s_idx = 0;
2587 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2588 n != NULL;
2589 n = rcu_dereference_bh(n->next)) {
2590 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2591 goto next;
2592 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2593 neigh_master_filtered(n->dev, filter->master_idx))
2594 goto next;
2595 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2596 cb->nlh->nlmsg_seq,
2597 RTM_NEWNEIGH,
2598 flags) < 0) {
2599 rc = -1;
2600 goto out;
2601 }
2602 next:
2603 idx++;
2604 }
2605 }
2606 rc = skb->len;
2607 out:
2608 rcu_read_unlock_bh();
2609 cb->args[1] = h;
2610 cb->args[2] = idx;
2611 return rc;
2612 }
2613
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2614 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2615 struct netlink_callback *cb,
2616 struct neigh_dump_filter *filter)
2617 {
2618 struct pneigh_entry *n;
2619 struct net *net = sock_net(skb->sk);
2620 int rc, h, s_h = cb->args[3];
2621 int idx, s_idx = idx = cb->args[4];
2622 unsigned int flags = NLM_F_MULTI;
2623
2624 if (filter->dev_idx || filter->master_idx)
2625 flags |= NLM_F_DUMP_FILTERED;
2626
2627 read_lock_bh(&tbl->lock);
2628
2629 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2630 if (h > s_h)
2631 s_idx = 0;
2632 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2633 if (idx < s_idx || pneigh_net(n) != net)
2634 goto next;
2635 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2636 neigh_master_filtered(n->dev, filter->master_idx))
2637 goto next;
2638 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2639 cb->nlh->nlmsg_seq,
2640 RTM_NEWNEIGH, flags, tbl) < 0) {
2641 read_unlock_bh(&tbl->lock);
2642 rc = -1;
2643 goto out;
2644 }
2645 next:
2646 idx++;
2647 }
2648 }
2649
2650 read_unlock_bh(&tbl->lock);
2651 rc = skb->len;
2652 out:
2653 cb->args[3] = h;
2654 cb->args[4] = idx;
2655 return rc;
2656
2657 }
2658
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2659 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2660 bool strict_check,
2661 struct neigh_dump_filter *filter,
2662 struct netlink_ext_ack *extack)
2663 {
2664 struct nlattr *tb[NDA_MAX + 1];
2665 int err, i;
2666
2667 if (strict_check) {
2668 struct ndmsg *ndm;
2669
2670 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2671 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2672 return -EINVAL;
2673 }
2674
2675 ndm = nlmsg_data(nlh);
2676 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2677 ndm->ndm_state || ndm->ndm_type) {
2678 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2679 return -EINVAL;
2680 }
2681
2682 if (ndm->ndm_flags & ~NTF_PROXY) {
2683 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2684 return -EINVAL;
2685 }
2686
2687 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2688 tb, NDA_MAX, nda_policy,
2689 extack);
2690 } else {
2691 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2692 NDA_MAX, nda_policy, extack);
2693 }
2694 if (err < 0)
2695 return err;
2696
2697 for (i = 0; i <= NDA_MAX; ++i) {
2698 if (!tb[i])
2699 continue;
2700
2701 /* all new attributes should require strict_check */
2702 switch (i) {
2703 case NDA_IFINDEX:
2704 filter->dev_idx = nla_get_u32(tb[i]);
2705 break;
2706 case NDA_MASTER:
2707 filter->master_idx = nla_get_u32(tb[i]);
2708 break;
2709 default:
2710 if (strict_check) {
2711 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2712 return -EINVAL;
2713 }
2714 }
2715 }
2716
2717 return 0;
2718 }
2719
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2720 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2721 {
2722 const struct nlmsghdr *nlh = cb->nlh;
2723 struct neigh_dump_filter filter = {};
2724 struct neigh_table *tbl;
2725 int t, family, s_t;
2726 int proxy = 0;
2727 int err;
2728
2729 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2730
2731 /* check for full ndmsg structure presence, family member is
2732 * the same for both structures
2733 */
2734 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2735 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2736 proxy = 1;
2737
2738 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2739 if (err < 0 && cb->strict_check)
2740 return err;
2741
2742 s_t = cb->args[0];
2743
2744 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2745 tbl = neigh_tables[t];
2746
2747 if (!tbl)
2748 continue;
2749 if (t < s_t || (family && tbl->family != family))
2750 continue;
2751 if (t > s_t)
2752 memset(&cb->args[1], 0, sizeof(cb->args) -
2753 sizeof(cb->args[0]));
2754 if (proxy)
2755 err = pneigh_dump_table(tbl, skb, cb, &filter);
2756 else
2757 err = neigh_dump_table(tbl, skb, cb, &filter);
2758 if (err < 0)
2759 break;
2760 }
2761
2762 cb->args[0] = t;
2763 return skb->len;
2764 }
2765
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2766 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2767 struct neigh_table **tbl,
2768 void **dst, int *dev_idx, u8 *ndm_flags,
2769 struct netlink_ext_ack *extack)
2770 {
2771 struct nlattr *tb[NDA_MAX + 1];
2772 struct ndmsg *ndm;
2773 int err, i;
2774
2775 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2776 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2777 return -EINVAL;
2778 }
2779
2780 ndm = nlmsg_data(nlh);
2781 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2782 ndm->ndm_type) {
2783 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2784 return -EINVAL;
2785 }
2786
2787 if (ndm->ndm_flags & ~NTF_PROXY) {
2788 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2789 return -EINVAL;
2790 }
2791
2792 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2793 NDA_MAX, nda_policy, extack);
2794 if (err < 0)
2795 return err;
2796
2797 *ndm_flags = ndm->ndm_flags;
2798 *dev_idx = ndm->ndm_ifindex;
2799 *tbl = neigh_find_table(ndm->ndm_family);
2800 if (*tbl == NULL) {
2801 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2802 return -EAFNOSUPPORT;
2803 }
2804
2805 for (i = 0; i <= NDA_MAX; ++i) {
2806 if (!tb[i])
2807 continue;
2808
2809 switch (i) {
2810 case NDA_DST:
2811 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2812 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2813 return -EINVAL;
2814 }
2815 *dst = nla_data(tb[i]);
2816 break;
2817 default:
2818 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2819 return -EINVAL;
2820 }
2821 }
2822
2823 return 0;
2824 }
2825
neigh_nlmsg_size(void)2826 static inline size_t neigh_nlmsg_size(void)
2827 {
2828 return NLMSG_ALIGN(sizeof(struct ndmsg))
2829 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2830 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2831 + nla_total_size(sizeof(struct nda_cacheinfo))
2832 + nla_total_size(4) /* NDA_PROBES */
2833 + nla_total_size(1); /* NDA_PROTOCOL */
2834 }
2835
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2836 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2837 u32 pid, u32 seq)
2838 {
2839 struct sk_buff *skb;
2840 int err = 0;
2841
2842 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2843 if (!skb)
2844 return -ENOBUFS;
2845
2846 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2847 if (err) {
2848 kfree_skb(skb);
2849 goto errout;
2850 }
2851
2852 err = rtnl_unicast(skb, net, pid);
2853 errout:
2854 return err;
2855 }
2856
pneigh_nlmsg_size(void)2857 static inline size_t pneigh_nlmsg_size(void)
2858 {
2859 return NLMSG_ALIGN(sizeof(struct ndmsg))
2860 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2861 + nla_total_size(1); /* NDA_PROTOCOL */
2862 }
2863
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2864 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2865 u32 pid, u32 seq, struct neigh_table *tbl)
2866 {
2867 struct sk_buff *skb;
2868 int err = 0;
2869
2870 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2871 if (!skb)
2872 return -ENOBUFS;
2873
2874 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2875 if (err) {
2876 kfree_skb(skb);
2877 goto errout;
2878 }
2879
2880 err = rtnl_unicast(skb, net, pid);
2881 errout:
2882 return err;
2883 }
2884
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2885 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2886 struct netlink_ext_ack *extack)
2887 {
2888 struct net *net = sock_net(in_skb->sk);
2889 struct net_device *dev = NULL;
2890 struct neigh_table *tbl = NULL;
2891 struct neighbour *neigh;
2892 void *dst = NULL;
2893 u8 ndm_flags = 0;
2894 int dev_idx = 0;
2895 int err;
2896
2897 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2898 extack);
2899 if (err < 0)
2900 return err;
2901
2902 if (dev_idx) {
2903 dev = __dev_get_by_index(net, dev_idx);
2904 if (!dev) {
2905 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2906 return -ENODEV;
2907 }
2908 }
2909
2910 if (!dst) {
2911 NL_SET_ERR_MSG(extack, "Network address not specified");
2912 return -EINVAL;
2913 }
2914
2915 if (ndm_flags & NTF_PROXY) {
2916 struct pneigh_entry *pn;
2917
2918 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2919 if (!pn) {
2920 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2921 return -ENOENT;
2922 }
2923 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2924 nlh->nlmsg_seq, tbl);
2925 }
2926
2927 if (!dev) {
2928 NL_SET_ERR_MSG(extack, "No device specified");
2929 return -EINVAL;
2930 }
2931
2932 neigh = neigh_lookup(tbl, dst, dev);
2933 if (!neigh) {
2934 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2935 return -ENOENT;
2936 }
2937
2938 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2939 nlh->nlmsg_seq);
2940
2941 neigh_release(neigh);
2942
2943 return err;
2944 }
2945
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2946 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2947 {
2948 int chain;
2949 struct neigh_hash_table *nht;
2950
2951 rcu_read_lock_bh();
2952 nht = rcu_dereference_bh(tbl->nht);
2953
2954 read_lock(&tbl->lock); /* avoid resizes */
2955 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2956 struct neighbour *n;
2957
2958 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2959 n != NULL;
2960 n = rcu_dereference_bh(n->next))
2961 cb(n, cookie);
2962 }
2963 read_unlock(&tbl->lock);
2964 rcu_read_unlock_bh();
2965 }
2966 EXPORT_SYMBOL(neigh_for_each);
2967
2968 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2969 void __neigh_for_each_release(struct neigh_table *tbl,
2970 int (*cb)(struct neighbour *))
2971 {
2972 int chain;
2973 struct neigh_hash_table *nht;
2974
2975 nht = rcu_dereference_protected(tbl->nht,
2976 lockdep_is_held(&tbl->lock));
2977 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2978 struct neighbour *n;
2979 struct neighbour __rcu **np;
2980
2981 np = &nht->hash_buckets[chain];
2982 while ((n = rcu_dereference_protected(*np,
2983 lockdep_is_held(&tbl->lock))) != NULL) {
2984 int release;
2985
2986 write_lock(&n->lock);
2987 release = cb(n);
2988 if (release) {
2989 rcu_assign_pointer(*np,
2990 rcu_dereference_protected(n->next,
2991 lockdep_is_held(&tbl->lock)));
2992 neigh_mark_dead(n);
2993 } else
2994 np = &n->next;
2995 write_unlock(&n->lock);
2996 if (release)
2997 neigh_cleanup_and_release(n);
2998 }
2999 }
3000 }
3001 EXPORT_SYMBOL(__neigh_for_each_release);
3002
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)3003 int neigh_xmit(int index, struct net_device *dev,
3004 const void *addr, struct sk_buff *skb)
3005 {
3006 int err = -EAFNOSUPPORT;
3007 if (likely(index < NEIGH_NR_TABLES)) {
3008 struct neigh_table *tbl;
3009 struct neighbour *neigh;
3010
3011 tbl = neigh_tables[index];
3012 if (!tbl)
3013 goto out;
3014 rcu_read_lock_bh();
3015 if (index == NEIGH_ARP_TABLE) {
3016 u32 key = *((u32 *)addr);
3017
3018 neigh = __ipv4_neigh_lookup_noref(dev, key);
3019 } else {
3020 neigh = __neigh_lookup_noref(tbl, addr, dev);
3021 }
3022 if (!neigh)
3023 neigh = __neigh_create(tbl, addr, dev, false);
3024 err = PTR_ERR(neigh);
3025 if (IS_ERR(neigh)) {
3026 rcu_read_unlock_bh();
3027 goto out_kfree_skb;
3028 }
3029 err = neigh->output(neigh, skb);
3030 rcu_read_unlock_bh();
3031 }
3032 else if (index == NEIGH_LINK_TABLE) {
3033 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3034 addr, NULL, skb->len);
3035 if (err < 0)
3036 goto out_kfree_skb;
3037 err = dev_queue_xmit(skb);
3038 }
3039 out:
3040 return err;
3041 out_kfree_skb:
3042 kfree_skb(skb);
3043 goto out;
3044 }
3045 EXPORT_SYMBOL(neigh_xmit);
3046
3047 #ifdef CONFIG_PROC_FS
3048
neigh_get_first(struct seq_file * seq)3049 static struct neighbour *neigh_get_first(struct seq_file *seq)
3050 {
3051 struct neigh_seq_state *state = seq->private;
3052 struct net *net = seq_file_net(seq);
3053 struct neigh_hash_table *nht = state->nht;
3054 struct neighbour *n = NULL;
3055 int bucket;
3056
3057 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3058 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3059 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3060
3061 while (n) {
3062 if (!net_eq(dev_net(n->dev), net))
3063 goto next;
3064 if (state->neigh_sub_iter) {
3065 loff_t fakep = 0;
3066 void *v;
3067
3068 v = state->neigh_sub_iter(state, n, &fakep);
3069 if (!v)
3070 goto next;
3071 }
3072 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3073 break;
3074 if (n->nud_state & ~NUD_NOARP)
3075 break;
3076 next:
3077 n = rcu_dereference_bh(n->next);
3078 }
3079
3080 if (n)
3081 break;
3082 }
3083 state->bucket = bucket;
3084
3085 return n;
3086 }
3087
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3088 static struct neighbour *neigh_get_next(struct seq_file *seq,
3089 struct neighbour *n,
3090 loff_t *pos)
3091 {
3092 struct neigh_seq_state *state = seq->private;
3093 struct net *net = seq_file_net(seq);
3094 struct neigh_hash_table *nht = state->nht;
3095
3096 if (state->neigh_sub_iter) {
3097 void *v = state->neigh_sub_iter(state, n, pos);
3098 if (v)
3099 return n;
3100 }
3101 n = rcu_dereference_bh(n->next);
3102
3103 while (1) {
3104 while (n) {
3105 if (!net_eq(dev_net(n->dev), net))
3106 goto next;
3107 if (state->neigh_sub_iter) {
3108 void *v = state->neigh_sub_iter(state, n, pos);
3109 if (v)
3110 return n;
3111 goto next;
3112 }
3113 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3114 break;
3115
3116 if (n->nud_state & ~NUD_NOARP)
3117 break;
3118 next:
3119 n = rcu_dereference_bh(n->next);
3120 }
3121
3122 if (n)
3123 break;
3124
3125 if (++state->bucket >= (1 << nht->hash_shift))
3126 break;
3127
3128 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3129 }
3130
3131 if (n && pos)
3132 --(*pos);
3133 return n;
3134 }
3135
neigh_get_idx(struct seq_file * seq,loff_t * pos)3136 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3137 {
3138 struct neighbour *n = neigh_get_first(seq);
3139
3140 if (n) {
3141 --(*pos);
3142 while (*pos) {
3143 n = neigh_get_next(seq, n, pos);
3144 if (!n)
3145 break;
3146 }
3147 }
3148 return *pos ? NULL : n;
3149 }
3150
pneigh_get_first(struct seq_file * seq)3151 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3152 {
3153 struct neigh_seq_state *state = seq->private;
3154 struct net *net = seq_file_net(seq);
3155 struct neigh_table *tbl = state->tbl;
3156 struct pneigh_entry *pn = NULL;
3157 int bucket;
3158
3159 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3160 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3161 pn = tbl->phash_buckets[bucket];
3162 while (pn && !net_eq(pneigh_net(pn), net))
3163 pn = pn->next;
3164 if (pn)
3165 break;
3166 }
3167 state->bucket = bucket;
3168
3169 return pn;
3170 }
3171
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3172 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3173 struct pneigh_entry *pn,
3174 loff_t *pos)
3175 {
3176 struct neigh_seq_state *state = seq->private;
3177 struct net *net = seq_file_net(seq);
3178 struct neigh_table *tbl = state->tbl;
3179
3180 do {
3181 pn = pn->next;
3182 } while (pn && !net_eq(pneigh_net(pn), net));
3183
3184 while (!pn) {
3185 if (++state->bucket > PNEIGH_HASHMASK)
3186 break;
3187 pn = tbl->phash_buckets[state->bucket];
3188 while (pn && !net_eq(pneigh_net(pn), net))
3189 pn = pn->next;
3190 if (pn)
3191 break;
3192 }
3193
3194 if (pn && pos)
3195 --(*pos);
3196
3197 return pn;
3198 }
3199
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3200 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3201 {
3202 struct pneigh_entry *pn = pneigh_get_first(seq);
3203
3204 if (pn) {
3205 --(*pos);
3206 while (*pos) {
3207 pn = pneigh_get_next(seq, pn, pos);
3208 if (!pn)
3209 break;
3210 }
3211 }
3212 return *pos ? NULL : pn;
3213 }
3214
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3215 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3216 {
3217 struct neigh_seq_state *state = seq->private;
3218 void *rc;
3219 loff_t idxpos = *pos;
3220
3221 rc = neigh_get_idx(seq, &idxpos);
3222 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3223 rc = pneigh_get_idx(seq, &idxpos);
3224
3225 return rc;
3226 }
3227
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3228 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3229 __acquires(tbl->lock)
3230 __acquires(rcu_bh)
3231 {
3232 struct neigh_seq_state *state = seq->private;
3233
3234 state->tbl = tbl;
3235 state->bucket = 0;
3236 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3237
3238 rcu_read_lock_bh();
3239 state->nht = rcu_dereference_bh(tbl->nht);
3240 read_lock(&tbl->lock);
3241
3242 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3243 }
3244 EXPORT_SYMBOL(neigh_seq_start);
3245
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3246 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3247 {
3248 struct neigh_seq_state *state;
3249 void *rc;
3250
3251 if (v == SEQ_START_TOKEN) {
3252 rc = neigh_get_first(seq);
3253 goto out;
3254 }
3255
3256 state = seq->private;
3257 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3258 rc = neigh_get_next(seq, v, NULL);
3259 if (rc)
3260 goto out;
3261 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3262 rc = pneigh_get_first(seq);
3263 } else {
3264 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3265 rc = pneigh_get_next(seq, v, NULL);
3266 }
3267 out:
3268 ++(*pos);
3269 return rc;
3270 }
3271 EXPORT_SYMBOL(neigh_seq_next);
3272
neigh_seq_stop(struct seq_file * seq,void * v)3273 void neigh_seq_stop(struct seq_file *seq, void *v)
3274 __releases(tbl->lock)
3275 __releases(rcu_bh)
3276 {
3277 struct neigh_seq_state *state = seq->private;
3278 struct neigh_table *tbl = state->tbl;
3279
3280 read_unlock(&tbl->lock);
3281 rcu_read_unlock_bh();
3282 }
3283 EXPORT_SYMBOL(neigh_seq_stop);
3284
3285 /* statistics via seq_file */
3286
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3287 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3288 {
3289 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3290 int cpu;
3291
3292 if (*pos == 0)
3293 return SEQ_START_TOKEN;
3294
3295 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3296 if (!cpu_possible(cpu))
3297 continue;
3298 *pos = cpu+1;
3299 return per_cpu_ptr(tbl->stats, cpu);
3300 }
3301 return NULL;
3302 }
3303
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3304 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3305 {
3306 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3307 int cpu;
3308
3309 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3310 if (!cpu_possible(cpu))
3311 continue;
3312 *pos = cpu+1;
3313 return per_cpu_ptr(tbl->stats, cpu);
3314 }
3315 (*pos)++;
3316 return NULL;
3317 }
3318
neigh_stat_seq_stop(struct seq_file * seq,void * v)3319 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3320 {
3321
3322 }
3323
neigh_stat_seq_show(struct seq_file * seq,void * v)3324 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3325 {
3326 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3327 struct neigh_statistics *st = v;
3328
3329 if (v == SEQ_START_TOKEN) {
3330 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3331 return 0;
3332 }
3333
3334 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3335 "%08lx %08lx %08lx "
3336 "%08lx %08lx %08lx\n",
3337 atomic_read(&tbl->entries),
3338
3339 st->allocs,
3340 st->destroys,
3341 st->hash_grows,
3342
3343 st->lookups,
3344 st->hits,
3345
3346 st->res_failed,
3347
3348 st->rcv_probes_mcast,
3349 st->rcv_probes_ucast,
3350
3351 st->periodic_gc_runs,
3352 st->forced_gc_runs,
3353 st->unres_discards,
3354 st->table_fulls
3355 );
3356
3357 return 0;
3358 }
3359
3360 static const struct seq_operations neigh_stat_seq_ops = {
3361 .start = neigh_stat_seq_start,
3362 .next = neigh_stat_seq_next,
3363 .stop = neigh_stat_seq_stop,
3364 .show = neigh_stat_seq_show,
3365 };
3366 #endif /* CONFIG_PROC_FS */
3367
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3368 static void __neigh_notify(struct neighbour *n, int type, int flags,
3369 u32 pid)
3370 {
3371 struct net *net = dev_net(n->dev);
3372 struct sk_buff *skb;
3373 int err = -ENOBUFS;
3374
3375 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3376 if (skb == NULL)
3377 goto errout;
3378
3379 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3380 if (err < 0) {
3381 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3382 WARN_ON(err == -EMSGSIZE);
3383 kfree_skb(skb);
3384 goto errout;
3385 }
3386 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3387 return;
3388 errout:
3389 if (err < 0)
3390 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3391 }
3392
neigh_app_ns(struct neighbour * n)3393 void neigh_app_ns(struct neighbour *n)
3394 {
3395 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3396 }
3397 EXPORT_SYMBOL(neigh_app_ns);
3398
3399 #ifdef CONFIG_SYSCTL
3400 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3401
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3402 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3403 void *buffer, size_t *lenp, loff_t *ppos)
3404 {
3405 int size, ret;
3406 struct ctl_table tmp = *ctl;
3407
3408 tmp.extra1 = SYSCTL_ZERO;
3409 tmp.extra2 = &unres_qlen_max;
3410 tmp.data = &size;
3411
3412 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3413 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3414
3415 if (write && !ret)
3416 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3417 return ret;
3418 }
3419
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3420 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3421 int family)
3422 {
3423 switch (family) {
3424 case AF_INET:
3425 return __in_dev_arp_parms_get_rcu(dev);
3426 case AF_INET6:
3427 return __in6_dev_nd_parms_get_rcu(dev);
3428 }
3429 return NULL;
3430 }
3431
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3432 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3433 int index)
3434 {
3435 struct net_device *dev;
3436 int family = neigh_parms_family(p);
3437
3438 rcu_read_lock();
3439 for_each_netdev_rcu(net, dev) {
3440 struct neigh_parms *dst_p =
3441 neigh_get_dev_parms_rcu(dev, family);
3442
3443 if (dst_p && !test_bit(index, dst_p->data_state))
3444 dst_p->data[index] = p->data[index];
3445 }
3446 rcu_read_unlock();
3447 }
3448
neigh_proc_update(struct ctl_table * ctl,int write)3449 static void neigh_proc_update(struct ctl_table *ctl, int write)
3450 {
3451 struct net_device *dev = ctl->extra1;
3452 struct neigh_parms *p = ctl->extra2;
3453 struct net *net = neigh_parms_net(p);
3454 int index = (int *) ctl->data - p->data;
3455
3456 if (!write)
3457 return;
3458
3459 set_bit(index, p->data_state);
3460 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3461 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3462 if (!dev) /* NULL dev means this is default value */
3463 neigh_copy_dflt_parms(net, p, index);
3464 }
3465
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3466 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3467 void *buffer, size_t *lenp,
3468 loff_t *ppos)
3469 {
3470 struct ctl_table tmp = *ctl;
3471 int ret;
3472
3473 tmp.extra1 = SYSCTL_ZERO;
3474 tmp.extra2 = SYSCTL_INT_MAX;
3475
3476 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3477 neigh_proc_update(ctl, write);
3478 return ret;
3479 }
3480
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3481 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3482 size_t *lenp, loff_t *ppos)
3483 {
3484 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3485
3486 neigh_proc_update(ctl, write);
3487 return ret;
3488 }
3489 EXPORT_SYMBOL(neigh_proc_dointvec);
3490
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3491 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3492 size_t *lenp, loff_t *ppos)
3493 {
3494 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3495
3496 neigh_proc_update(ctl, write);
3497 return ret;
3498 }
3499 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3500
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3501 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3502 void *buffer, size_t *lenp,
3503 loff_t *ppos)
3504 {
3505 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3506
3507 neigh_proc_update(ctl, write);
3508 return ret;
3509 }
3510
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3511 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3512 void *buffer, size_t *lenp, loff_t *ppos)
3513 {
3514 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3515
3516 neigh_proc_update(ctl, write);
3517 return ret;
3518 }
3519 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3520
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3521 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3522 void *buffer, size_t *lenp,
3523 loff_t *ppos)
3524 {
3525 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3526
3527 neigh_proc_update(ctl, write);
3528 return ret;
3529 }
3530
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3531 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3532 void *buffer, size_t *lenp,
3533 loff_t *ppos)
3534 {
3535 struct neigh_parms *p = ctl->extra2;
3536 int ret;
3537
3538 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3539 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3540 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3541 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3542 else
3543 ret = -1;
3544
3545 if (write && ret == 0) {
3546 /* update reachable_time as well, otherwise, the change will
3547 * only be effective after the next time neigh_periodic_work
3548 * decides to recompute it
3549 */
3550 p->reachable_time =
3551 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3552 }
3553 return ret;
3554 }
3555
3556 #define NEIGH_PARMS_DATA_OFFSET(index) \
3557 (&((struct neigh_parms *) 0)->data[index])
3558
3559 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3560 [NEIGH_VAR_ ## attr] = { \
3561 .procname = name, \
3562 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3563 .maxlen = sizeof(int), \
3564 .mode = mval, \
3565 .proc_handler = proc, \
3566 }
3567
3568 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3569 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3570
3571 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3572 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3573
3574 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3575 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3576
3577 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3578 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3579
3580 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3581 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3582
3583 static struct neigh_sysctl_table {
3584 struct ctl_table_header *sysctl_header;
3585 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3586 } neigh_sysctl_template __read_mostly = {
3587 .neigh_vars = {
3588 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3589 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3590 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3591 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3592 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3593 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3594 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3595 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3596 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3597 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3598 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3599 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3600 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3601 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3602 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3603 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3604 [NEIGH_VAR_GC_INTERVAL] = {
3605 .procname = "gc_interval",
3606 .maxlen = sizeof(int),
3607 .mode = 0644,
3608 .proc_handler = proc_dointvec_jiffies,
3609 },
3610 [NEIGH_VAR_GC_THRESH1] = {
3611 .procname = "gc_thresh1",
3612 .maxlen = sizeof(int),
3613 .mode = 0644,
3614 .extra1 = SYSCTL_ZERO,
3615 .extra2 = SYSCTL_INT_MAX,
3616 .proc_handler = proc_dointvec_minmax,
3617 },
3618 [NEIGH_VAR_GC_THRESH2] = {
3619 .procname = "gc_thresh2",
3620 .maxlen = sizeof(int),
3621 .mode = 0644,
3622 .extra1 = SYSCTL_ZERO,
3623 .extra2 = SYSCTL_INT_MAX,
3624 .proc_handler = proc_dointvec_minmax,
3625 },
3626 [NEIGH_VAR_GC_THRESH3] = {
3627 .procname = "gc_thresh3",
3628 .maxlen = sizeof(int),
3629 .mode = 0644,
3630 .extra1 = SYSCTL_ZERO,
3631 .extra2 = SYSCTL_INT_MAX,
3632 .proc_handler = proc_dointvec_minmax,
3633 },
3634 {},
3635 },
3636 };
3637
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3638 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3639 proc_handler *handler)
3640 {
3641 int i;
3642 struct neigh_sysctl_table *t;
3643 const char *dev_name_source;
3644 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3645 char *p_name;
3646
3647 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3648 if (!t)
3649 goto err;
3650
3651 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3652 t->neigh_vars[i].data += (long) p;
3653 t->neigh_vars[i].extra1 = dev;
3654 t->neigh_vars[i].extra2 = p;
3655 }
3656
3657 if (dev) {
3658 dev_name_source = dev->name;
3659 /* Terminate the table early */
3660 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3661 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3662 } else {
3663 struct neigh_table *tbl = p->tbl;
3664 dev_name_source = "default";
3665 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3666 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3667 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3668 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3669 }
3670
3671 if (handler) {
3672 /* RetransTime */
3673 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3674 /* ReachableTime */
3675 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3676 /* RetransTime (in milliseconds)*/
3677 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3678 /* ReachableTime (in milliseconds) */
3679 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3680 } else {
3681 /* Those handlers will update p->reachable_time after
3682 * base_reachable_time(_ms) is set to ensure the new timer starts being
3683 * applied after the next neighbour update instead of waiting for
3684 * neigh_periodic_work to update its value (can be multiple minutes)
3685 * So any handler that replaces them should do this as well
3686 */
3687 /* ReachableTime */
3688 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3689 neigh_proc_base_reachable_time;
3690 /* ReachableTime (in milliseconds) */
3691 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3692 neigh_proc_base_reachable_time;
3693 }
3694
3695 /* Don't export sysctls to unprivileged users */
3696 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3697 t->neigh_vars[0].procname = NULL;
3698
3699 switch (neigh_parms_family(p)) {
3700 case AF_INET:
3701 p_name = "ipv4";
3702 break;
3703 case AF_INET6:
3704 p_name = "ipv6";
3705 break;
3706 default:
3707 BUG();
3708 }
3709
3710 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3711 p_name, dev_name_source);
3712 t->sysctl_header =
3713 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3714 if (!t->sysctl_header)
3715 goto free;
3716
3717 p->sysctl_table = t;
3718 return 0;
3719
3720 free:
3721 kfree(t);
3722 err:
3723 return -ENOBUFS;
3724 }
3725 EXPORT_SYMBOL(neigh_sysctl_register);
3726
neigh_sysctl_unregister(struct neigh_parms * p)3727 void neigh_sysctl_unregister(struct neigh_parms *p)
3728 {
3729 if (p->sysctl_table) {
3730 struct neigh_sysctl_table *t = p->sysctl_table;
3731 p->sysctl_table = NULL;
3732 unregister_net_sysctl_table(t->sysctl_header);
3733 kfree(t);
3734 }
3735 }
3736 EXPORT_SYMBOL(neigh_sysctl_unregister);
3737
3738 #endif /* CONFIG_SYSCTL */
3739
neigh_init(void)3740 static int __init neigh_init(void)
3741 {
3742 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3743 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3744 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3745
3746 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3747 0);
3748 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3749
3750 return 0;
3751 }
3752
3753 subsys_initcall(neigh_init);
3754