1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define DEBUG
45 #define NEIGH_DEBUG 1
46 #define neigh_dbg(level, fmt, ...) \
47 do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50 } while (0)
51
52 #define PNEIGH_HASHMASK 0xF
53
54 static void neigh_timer_handler(struct timer_list *t);
55 static void __neigh_notify(struct neighbour *n, int type, int flags,
56 u32 pid);
57 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
58 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
59 struct net_device *dev);
60
61 #ifdef CONFIG_PROC_FS
62 static const struct seq_operations neigh_stat_seq_ops;
63 #endif
64
65 /*
66 Neighbour hash table buckets are protected with rwlock tbl->lock.
67
68 - All the scans/updates to hash buckets MUST be made under this lock.
69 - NOTHING clever should be made under this lock: no callbacks
70 to protocol backends, no attempts to send something to network.
71 It will result in deadlocks, if backend/driver wants to use neighbour
72 cache.
73 - If the entry requires some non-trivial actions, increase
74 its reference count and release table lock.
75
76 Neighbour entries are protected:
77 - with reference count.
78 - with rwlock neigh->lock
79
80 Reference count prevents destruction.
81
82 neigh->lock mainly serializes ll address data and its validity state.
83 However, the same lock is used to protect another entry fields:
84 - timer
85 - resolution queue
86
87 Again, nothing clever shall be made under neigh->lock,
88 the most complicated procedure, which we allow is dev->hard_header.
89 It is supposed, that dev->hard_header is simplistic and does
90 not make callbacks to neighbour tables.
91 */
92
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)93 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
94 {
95 kfree_skb(skb);
96 return -ENETDOWN;
97 }
98
neigh_cleanup_and_release(struct neighbour * neigh)99 static void neigh_cleanup_and_release(struct neighbour *neigh)
100 {
101 trace_neigh_cleanup_and_release(neigh, 0);
102 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
103 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
104 neigh_release(neigh);
105 }
106
107 /*
108 * It is random distribution in the interval (1/2)*base...(3/2)*base.
109 * It corresponds to default IPv6 settings and is not overridable,
110 * because it is really reasonable choice.
111 */
112
neigh_rand_reach_time(unsigned long base)113 unsigned long neigh_rand_reach_time(unsigned long base)
114 {
115 return base ? (prandom_u32() % base) + (base >> 1) : 0;
116 }
117 EXPORT_SYMBOL(neigh_rand_reach_time);
118
neigh_mark_dead(struct neighbour * n)119 static void neigh_mark_dead(struct neighbour *n)
120 {
121 n->dead = 1;
122 if (!list_empty(&n->gc_list)) {
123 list_del_init(&n->gc_list);
124 atomic_dec(&n->tbl->gc_entries);
125 }
126 }
127
neigh_update_gc_list(struct neighbour * n)128 static void neigh_update_gc_list(struct neighbour *n)
129 {
130 bool on_gc_list, exempt_from_gc;
131
132 write_lock_bh(&n->tbl->lock);
133 write_lock(&n->lock);
134
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153
154 out:
155 write_unlock(&n->lock);
156 write_unlock_bh(&n->tbl->lock);
157 }
158
neigh_update_ext_learned(struct neighbour * neigh,u32 flags,int * notify)159 static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
160 int *notify)
161 {
162 bool rc = false;
163 u8 ndm_flags;
164
165 if (!(flags & NEIGH_UPDATE_F_ADMIN))
166 return rc;
167
168 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
169 if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
170 if (ndm_flags & NTF_EXT_LEARNED)
171 neigh->flags |= NTF_EXT_LEARNED;
172 else
173 neigh->flags &= ~NTF_EXT_LEARNED;
174 rc = true;
175 *notify = 1;
176 }
177
178 return rc;
179 }
180
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)181 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
182 struct neigh_table *tbl)
183 {
184 bool retval = false;
185
186 write_lock(&n->lock);
187 if (refcount_read(&n->refcnt) == 1) {
188 struct neighbour *neigh;
189
190 neigh = rcu_dereference_protected(n->next,
191 lockdep_is_held(&tbl->lock));
192 rcu_assign_pointer(*np, neigh);
193 neigh_mark_dead(n);
194 retval = true;
195 }
196 write_unlock(&n->lock);
197 if (retval)
198 neigh_cleanup_and_release(n);
199 return retval;
200 }
201
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)202 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
203 {
204 struct neigh_hash_table *nht;
205 void *pkey = ndel->primary_key;
206 u32 hash_val;
207 struct neighbour *n;
208 struct neighbour __rcu **np;
209
210 nht = rcu_dereference_protected(tbl->nht,
211 lockdep_is_held(&tbl->lock));
212 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
213 hash_val = hash_val >> (32 - nht->hash_shift);
214
215 np = &nht->hash_buckets[hash_val];
216 while ((n = rcu_dereference_protected(*np,
217 lockdep_is_held(&tbl->lock)))) {
218 if (n == ndel)
219 return neigh_del(n, np, tbl);
220 np = &n->next;
221 }
222 return false;
223 }
224
neigh_forced_gc(struct neigh_table * tbl)225 static int neigh_forced_gc(struct neigh_table *tbl)
226 {
227 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
228 unsigned long tref = jiffies - 5 * HZ;
229 struct neighbour *n, *tmp;
230 int shrunk = 0;
231
232 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
233
234 write_lock_bh(&tbl->lock);
235
236 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
237 if (refcount_read(&n->refcnt) == 1) {
238 bool remove = false;
239
240 write_lock(&n->lock);
241 if ((n->nud_state == NUD_FAILED) ||
242 (n->nud_state == NUD_NOARP) ||
243 (tbl->is_multicast &&
244 tbl->is_multicast(n->primary_key)) ||
245 time_after(tref, n->updated))
246 remove = true;
247 write_unlock(&n->lock);
248
249 if (remove && neigh_remove_one(n, tbl))
250 shrunk++;
251 if (shrunk >= max_clean)
252 break;
253 }
254 }
255
256 tbl->last_flush = jiffies;
257
258 write_unlock_bh(&tbl->lock);
259
260 return shrunk;
261 }
262
neigh_add_timer(struct neighbour * n,unsigned long when)263 static void neigh_add_timer(struct neighbour *n, unsigned long when)
264 {
265 neigh_hold(n);
266 if (unlikely(mod_timer(&n->timer, when))) {
267 printk("NEIGH: BUG, double timer add, state is %x\n",
268 n->nud_state);
269 dump_stack();
270 }
271 }
272
neigh_del_timer(struct neighbour * n)273 static int neigh_del_timer(struct neighbour *n)
274 {
275 if ((n->nud_state & NUD_IN_TIMER) &&
276 del_timer(&n->timer)) {
277 neigh_release(n);
278 return 1;
279 }
280 return 0;
281 }
282
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)283 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
284 {
285 struct sk_buff_head tmp;
286 unsigned long flags;
287 struct sk_buff *skb;
288
289 skb_queue_head_init(&tmp);
290 spin_lock_irqsave(&list->lock, flags);
291 skb = skb_peek(list);
292 while (skb != NULL) {
293 struct sk_buff *skb_next = skb_peek_next(skb, list);
294 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
295 __skb_unlink(skb, list);
296 __skb_queue_tail(&tmp, skb);
297 }
298 skb = skb_next;
299 }
300 spin_unlock_irqrestore(&list->lock, flags);
301
302 while ((skb = __skb_dequeue(&tmp))) {
303 dev_put(skb->dev);
304 kfree_skb(skb);
305 }
306 }
307
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)308 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
309 bool skip_perm)
310 {
311 int i;
312 struct neigh_hash_table *nht;
313
314 nht = rcu_dereference_protected(tbl->nht,
315 lockdep_is_held(&tbl->lock));
316
317 for (i = 0; i < (1 << nht->hash_shift); i++) {
318 struct neighbour *n;
319 struct neighbour __rcu **np = &nht->hash_buckets[i];
320
321 while ((n = rcu_dereference_protected(*np,
322 lockdep_is_held(&tbl->lock))) != NULL) {
323 if (dev && n->dev != dev) {
324 np = &n->next;
325 continue;
326 }
327 if (skip_perm && n->nud_state & NUD_PERMANENT) {
328 np = &n->next;
329 continue;
330 }
331 rcu_assign_pointer(*np,
332 rcu_dereference_protected(n->next,
333 lockdep_is_held(&tbl->lock)));
334 write_lock(&n->lock);
335 neigh_del_timer(n);
336 neigh_mark_dead(n);
337 if (refcount_read(&n->refcnt) != 1) {
338 /* The most unpleasant situation.
339 We must destroy neighbour entry,
340 but someone still uses it.
341
342 The destroy will be delayed until
343 the last user releases us, but
344 we must kill timers etc. and move
345 it to safe state.
346 */
347 __skb_queue_purge(&n->arp_queue);
348 n->arp_queue_len_bytes = 0;
349 n->output = neigh_blackhole;
350 if (n->nud_state & NUD_VALID)
351 n->nud_state = NUD_NOARP;
352 else
353 n->nud_state = NUD_NONE;
354 neigh_dbg(2, "neigh %p is stray\n", n);
355 }
356 write_unlock(&n->lock);
357 neigh_cleanup_and_release(n);
358 }
359 }
360 }
361
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)362 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
363 {
364 write_lock_bh(&tbl->lock);
365 neigh_flush_dev(tbl, dev, false);
366 write_unlock_bh(&tbl->lock);
367 }
368 EXPORT_SYMBOL(neigh_changeaddr);
369
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)370 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
371 bool skip_perm)
372 {
373 write_lock_bh(&tbl->lock);
374 neigh_flush_dev(tbl, dev, skip_perm);
375 pneigh_ifdown_and_unlock(tbl, dev);
376 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
377 if (skb_queue_empty_lockless(&tbl->proxy_queue))
378 del_timer_sync(&tbl->proxy_timer);
379 return 0;
380 }
381
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)382 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
383 {
384 __neigh_ifdown(tbl, dev, true);
385 return 0;
386 }
387 EXPORT_SYMBOL(neigh_carrier_down);
388
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)389 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
390 {
391 __neigh_ifdown(tbl, dev, false);
392 return 0;
393 }
394 EXPORT_SYMBOL(neigh_ifdown);
395
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u8 flags,bool exempt_from_gc)396 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
397 struct net_device *dev,
398 u8 flags, bool exempt_from_gc)
399 {
400 struct neighbour *n = NULL;
401 unsigned long now = jiffies;
402 int entries;
403
404 if (exempt_from_gc)
405 goto do_alloc;
406
407 entries = atomic_inc_return(&tbl->gc_entries) - 1;
408 if (entries >= tbl->gc_thresh3 ||
409 (entries >= tbl->gc_thresh2 &&
410 time_after(now, tbl->last_flush + 5 * HZ))) {
411 if (!neigh_forced_gc(tbl) &&
412 entries >= tbl->gc_thresh3) {
413 net_info_ratelimited("%s: neighbor table overflow!\n",
414 tbl->id);
415 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
416 goto out_entries;
417 }
418 }
419
420 do_alloc:
421 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
422 if (!n)
423 goto out_entries;
424
425 __skb_queue_head_init(&n->arp_queue);
426 rwlock_init(&n->lock);
427 seqlock_init(&n->ha_lock);
428 n->updated = n->used = now;
429 n->nud_state = NUD_NONE;
430 n->output = neigh_blackhole;
431 n->flags = flags;
432 seqlock_init(&n->hh.hh_lock);
433 n->parms = neigh_parms_clone(&tbl->parms);
434 timer_setup(&n->timer, neigh_timer_handler, 0);
435
436 NEIGH_CACHE_STAT_INC(tbl, allocs);
437 n->tbl = tbl;
438 refcount_set(&n->refcnt, 1);
439 n->dead = 1;
440 INIT_LIST_HEAD(&n->gc_list);
441
442 atomic_inc(&tbl->entries);
443 out:
444 return n;
445
446 out_entries:
447 if (!exempt_from_gc)
448 atomic_dec(&tbl->gc_entries);
449 goto out;
450 }
451
neigh_get_hash_rnd(u32 * x)452 static void neigh_get_hash_rnd(u32 *x)
453 {
454 *x = get_random_u32() | 1;
455 }
456
neigh_hash_alloc(unsigned int shift)457 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
458 {
459 size_t size = (1 << shift) * sizeof(struct neighbour *);
460 struct neigh_hash_table *ret;
461 struct neighbour __rcu **buckets;
462 int i;
463
464 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
465 if (!ret)
466 return NULL;
467 if (size <= PAGE_SIZE) {
468 buckets = kzalloc(size, GFP_ATOMIC);
469 } else {
470 buckets = (struct neighbour __rcu **)
471 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
472 get_order(size));
473 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
474 }
475 if (!buckets) {
476 kfree(ret);
477 return NULL;
478 }
479 ret->hash_buckets = buckets;
480 ret->hash_shift = shift;
481 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
482 neigh_get_hash_rnd(&ret->hash_rnd[i]);
483 return ret;
484 }
485
neigh_hash_free_rcu(struct rcu_head * head)486 static void neigh_hash_free_rcu(struct rcu_head *head)
487 {
488 struct neigh_hash_table *nht = container_of(head,
489 struct neigh_hash_table,
490 rcu);
491 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
492 struct neighbour __rcu **buckets = nht->hash_buckets;
493
494 if (size <= PAGE_SIZE) {
495 kfree(buckets);
496 } else {
497 kmemleak_free(buckets);
498 free_pages((unsigned long)buckets, get_order(size));
499 }
500 kfree(nht);
501 }
502
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)503 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
504 unsigned long new_shift)
505 {
506 unsigned int i, hash;
507 struct neigh_hash_table *new_nht, *old_nht;
508
509 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
510
511 old_nht = rcu_dereference_protected(tbl->nht,
512 lockdep_is_held(&tbl->lock));
513 new_nht = neigh_hash_alloc(new_shift);
514 if (!new_nht)
515 return old_nht;
516
517 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
518 struct neighbour *n, *next;
519
520 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
521 lockdep_is_held(&tbl->lock));
522 n != NULL;
523 n = next) {
524 hash = tbl->hash(n->primary_key, n->dev,
525 new_nht->hash_rnd);
526
527 hash >>= (32 - new_nht->hash_shift);
528 next = rcu_dereference_protected(n->next,
529 lockdep_is_held(&tbl->lock));
530
531 rcu_assign_pointer(n->next,
532 rcu_dereference_protected(
533 new_nht->hash_buckets[hash],
534 lockdep_is_held(&tbl->lock)));
535 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
536 }
537 }
538
539 rcu_assign_pointer(tbl->nht, new_nht);
540 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
541 return new_nht;
542 }
543
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)544 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
545 struct net_device *dev)
546 {
547 struct neighbour *n;
548
549 NEIGH_CACHE_STAT_INC(tbl, lookups);
550
551 rcu_read_lock_bh();
552 n = __neigh_lookup_noref(tbl, pkey, dev);
553 if (n) {
554 if (!refcount_inc_not_zero(&n->refcnt))
555 n = NULL;
556 NEIGH_CACHE_STAT_INC(tbl, hits);
557 }
558
559 rcu_read_unlock_bh();
560 return n;
561 }
562 EXPORT_SYMBOL(neigh_lookup);
563
neigh_lookup_nodev(struct neigh_table * tbl,struct net * net,const void * pkey)564 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
565 const void *pkey)
566 {
567 struct neighbour *n;
568 unsigned int key_len = tbl->key_len;
569 u32 hash_val;
570 struct neigh_hash_table *nht;
571
572 NEIGH_CACHE_STAT_INC(tbl, lookups);
573
574 rcu_read_lock_bh();
575 nht = rcu_dereference_bh(tbl->nht);
576 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
577
578 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
579 n != NULL;
580 n = rcu_dereference_bh(n->next)) {
581 if (!memcmp(n->primary_key, pkey, key_len) &&
582 net_eq(dev_net(n->dev), net)) {
583 if (!refcount_inc_not_zero(&n->refcnt))
584 n = NULL;
585 NEIGH_CACHE_STAT_INC(tbl, hits);
586 break;
587 }
588 }
589
590 rcu_read_unlock_bh();
591 return n;
592 }
593 EXPORT_SYMBOL(neigh_lookup_nodev);
594
595 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u8 flags,bool exempt_from_gc,bool want_ref)596 ___neigh_create(struct neigh_table *tbl, const void *pkey,
597 struct net_device *dev, u8 flags,
598 bool exempt_from_gc, bool want_ref)
599 {
600 u32 hash_val, key_len = tbl->key_len;
601 struct neighbour *n1, *rc, *n;
602 struct neigh_hash_table *nht;
603 int error;
604
605 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
606 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
607 if (!n) {
608 rc = ERR_PTR(-ENOBUFS);
609 goto out;
610 }
611
612 memcpy(n->primary_key, pkey, key_len);
613 n->dev = dev;
614 dev_hold(dev);
615
616 /* Protocol specific setup. */
617 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
618 rc = ERR_PTR(error);
619 goto out_neigh_release;
620 }
621
622 if (dev->netdev_ops->ndo_neigh_construct) {
623 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
624 if (error < 0) {
625 rc = ERR_PTR(error);
626 goto out_neigh_release;
627 }
628 }
629
630 /* Device specific setup. */
631 if (n->parms->neigh_setup &&
632 (error = n->parms->neigh_setup(n)) < 0) {
633 rc = ERR_PTR(error);
634 goto out_neigh_release;
635 }
636
637 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
638
639 write_lock_bh(&tbl->lock);
640 nht = rcu_dereference_protected(tbl->nht,
641 lockdep_is_held(&tbl->lock));
642
643 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
644 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
645
646 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
647
648 if (n->parms->dead) {
649 rc = ERR_PTR(-EINVAL);
650 goto out_tbl_unlock;
651 }
652
653 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
654 lockdep_is_held(&tbl->lock));
655 n1 != NULL;
656 n1 = rcu_dereference_protected(n1->next,
657 lockdep_is_held(&tbl->lock))) {
658 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
659 if (want_ref)
660 neigh_hold(n1);
661 rc = n1;
662 goto out_tbl_unlock;
663 }
664 }
665
666 n->dead = 0;
667 if (!exempt_from_gc)
668 list_add_tail(&n->gc_list, &n->tbl->gc_list);
669
670 if (want_ref)
671 neigh_hold(n);
672 rcu_assign_pointer(n->next,
673 rcu_dereference_protected(nht->hash_buckets[hash_val],
674 lockdep_is_held(&tbl->lock)));
675 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
676 write_unlock_bh(&tbl->lock);
677 neigh_dbg(2, "neigh %p is created\n", n);
678 rc = n;
679 out:
680 return rc;
681 out_tbl_unlock:
682 write_unlock_bh(&tbl->lock);
683 out_neigh_release:
684 if (!exempt_from_gc)
685 atomic_dec(&tbl->gc_entries);
686 neigh_release(n);
687 goto out;
688 }
689
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)690 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
691 struct net_device *dev, bool want_ref)
692 {
693 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
694 }
695 EXPORT_SYMBOL(__neigh_create);
696
pneigh_hash(const void * pkey,unsigned int key_len)697 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
698 {
699 u32 hash_val = *(u32 *)(pkey + key_len - 4);
700 hash_val ^= (hash_val >> 16);
701 hash_val ^= hash_val >> 8;
702 hash_val ^= hash_val >> 4;
703 hash_val &= PNEIGH_HASHMASK;
704 return hash_val;
705 }
706
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)707 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
708 struct net *net,
709 const void *pkey,
710 unsigned int key_len,
711 struct net_device *dev)
712 {
713 while (n) {
714 if (!memcmp(n->key, pkey, key_len) &&
715 net_eq(pneigh_net(n), net) &&
716 (n->dev == dev || !n->dev))
717 return n;
718 n = n->next;
719 }
720 return NULL;
721 }
722
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)723 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
724 struct net *net, const void *pkey, struct net_device *dev)
725 {
726 unsigned int key_len = tbl->key_len;
727 u32 hash_val = pneigh_hash(pkey, key_len);
728
729 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
730 net, pkey, key_len, dev);
731 }
732 EXPORT_SYMBOL_GPL(__pneigh_lookup);
733
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)734 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
735 struct net *net, const void *pkey,
736 struct net_device *dev, int creat)
737 {
738 struct pneigh_entry *n;
739 unsigned int key_len = tbl->key_len;
740 u32 hash_val = pneigh_hash(pkey, key_len);
741
742 read_lock_bh(&tbl->lock);
743 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
744 net, pkey, key_len, dev);
745 read_unlock_bh(&tbl->lock);
746
747 if (n || !creat)
748 goto out;
749
750 ASSERT_RTNL();
751
752 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
753 if (!n)
754 goto out;
755
756 write_pnet(&n->net, net);
757 memcpy(n->key, pkey, key_len);
758 n->dev = dev;
759 if (dev)
760 dev_hold(dev);
761
762 if (tbl->pconstructor && tbl->pconstructor(n)) {
763 if (dev)
764 dev_put(dev);
765 kfree(n);
766 n = NULL;
767 goto out;
768 }
769
770 write_lock_bh(&tbl->lock);
771 n->next = tbl->phash_buckets[hash_val];
772 tbl->phash_buckets[hash_val] = n;
773 write_unlock_bh(&tbl->lock);
774 out:
775 return n;
776 }
777 EXPORT_SYMBOL(pneigh_lookup);
778
779
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)780 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
781 struct net_device *dev)
782 {
783 struct pneigh_entry *n, **np;
784 unsigned int key_len = tbl->key_len;
785 u32 hash_val = pneigh_hash(pkey, key_len);
786
787 write_lock_bh(&tbl->lock);
788 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
789 np = &n->next) {
790 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
791 net_eq(pneigh_net(n), net)) {
792 *np = n->next;
793 write_unlock_bh(&tbl->lock);
794 if (tbl->pdestructor)
795 tbl->pdestructor(n);
796 if (n->dev)
797 dev_put(n->dev);
798 kfree(n);
799 return 0;
800 }
801 }
802 write_unlock_bh(&tbl->lock);
803 return -ENOENT;
804 }
805
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)806 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
807 struct net_device *dev)
808 {
809 struct pneigh_entry *n, **np, *freelist = NULL;
810 u32 h;
811
812 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
813 np = &tbl->phash_buckets[h];
814 while ((n = *np) != NULL) {
815 if (!dev || n->dev == dev) {
816 *np = n->next;
817 n->next = freelist;
818 freelist = n;
819 continue;
820 }
821 np = &n->next;
822 }
823 }
824 write_unlock_bh(&tbl->lock);
825 while ((n = freelist)) {
826 freelist = n->next;
827 n->next = NULL;
828 if (tbl->pdestructor)
829 tbl->pdestructor(n);
830 if (n->dev)
831 dev_put(n->dev);
832 kfree(n);
833 }
834 return -ENOENT;
835 }
836
837 static void neigh_parms_destroy(struct neigh_parms *parms);
838
neigh_parms_put(struct neigh_parms * parms)839 static inline void neigh_parms_put(struct neigh_parms *parms)
840 {
841 if (refcount_dec_and_test(&parms->refcnt))
842 neigh_parms_destroy(parms);
843 }
844
845 /*
846 * neighbour must already be out of the table;
847 *
848 */
neigh_destroy(struct neighbour * neigh)849 void neigh_destroy(struct neighbour *neigh)
850 {
851 struct net_device *dev = neigh->dev;
852
853 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
854
855 if (!neigh->dead) {
856 pr_warn("Destroying alive neighbour %p\n", neigh);
857 dump_stack();
858 return;
859 }
860
861 if (neigh_del_timer(neigh))
862 pr_warn("Impossible event\n");
863
864 write_lock_bh(&neigh->lock);
865 __skb_queue_purge(&neigh->arp_queue);
866 write_unlock_bh(&neigh->lock);
867 neigh->arp_queue_len_bytes = 0;
868
869 if (dev->netdev_ops->ndo_neigh_destroy)
870 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
871
872 dev_put(dev);
873 neigh_parms_put(neigh->parms);
874
875 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
876
877 atomic_dec(&neigh->tbl->entries);
878 kfree_rcu(neigh, rcu);
879 }
880 EXPORT_SYMBOL(neigh_destroy);
881
882 /* Neighbour state is suspicious;
883 disable fast path.
884
885 Called with write_locked neigh.
886 */
neigh_suspect(struct neighbour * neigh)887 static void neigh_suspect(struct neighbour *neigh)
888 {
889 neigh_dbg(2, "neigh %p is suspected\n", neigh);
890
891 neigh->output = neigh->ops->output;
892 }
893
894 /* Neighbour state is OK;
895 enable fast path.
896
897 Called with write_locked neigh.
898 */
neigh_connect(struct neighbour * neigh)899 static void neigh_connect(struct neighbour *neigh)
900 {
901 neigh_dbg(2, "neigh %p is connected\n", neigh);
902
903 neigh->output = neigh->ops->connected_output;
904 }
905
neigh_periodic_work(struct work_struct * work)906 static void neigh_periodic_work(struct work_struct *work)
907 {
908 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
909 struct neighbour *n;
910 struct neighbour __rcu **np;
911 unsigned int i;
912 struct neigh_hash_table *nht;
913
914 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
915
916 write_lock_bh(&tbl->lock);
917 nht = rcu_dereference_protected(tbl->nht,
918 lockdep_is_held(&tbl->lock));
919
920 /*
921 * periodically recompute ReachableTime from random function
922 */
923
924 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
925 struct neigh_parms *p;
926 tbl->last_rand = jiffies;
927 list_for_each_entry(p, &tbl->parms_list, list)
928 p->reachable_time =
929 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
930 }
931
932 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
933 goto out;
934
935 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
936 np = &nht->hash_buckets[i];
937
938 while ((n = rcu_dereference_protected(*np,
939 lockdep_is_held(&tbl->lock))) != NULL) {
940 unsigned int state;
941
942 write_lock(&n->lock);
943
944 state = n->nud_state;
945 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
946 (n->flags & NTF_EXT_LEARNED)) {
947 write_unlock(&n->lock);
948 goto next_elt;
949 }
950
951 if (time_before(n->used, n->confirmed))
952 n->used = n->confirmed;
953
954 if (refcount_read(&n->refcnt) == 1 &&
955 (state == NUD_FAILED ||
956 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
957 *np = n->next;
958 neigh_mark_dead(n);
959 write_unlock(&n->lock);
960 neigh_cleanup_and_release(n);
961 continue;
962 }
963 write_unlock(&n->lock);
964
965 next_elt:
966 np = &n->next;
967 }
968 /*
969 * It's fine to release lock here, even if hash table
970 * grows while we are preempted.
971 */
972 write_unlock_bh(&tbl->lock);
973 cond_resched();
974 write_lock_bh(&tbl->lock);
975 nht = rcu_dereference_protected(tbl->nht,
976 lockdep_is_held(&tbl->lock));
977 }
978 out:
979 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
980 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
981 * BASE_REACHABLE_TIME.
982 */
983 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
984 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
985 write_unlock_bh(&tbl->lock);
986 }
987
neigh_max_probes(struct neighbour * n)988 static __inline__ int neigh_max_probes(struct neighbour *n)
989 {
990 struct neigh_parms *p = n->parms;
991 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
992 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
993 NEIGH_VAR(p, MCAST_PROBES));
994 }
995
neigh_invalidate(struct neighbour * neigh)996 static void neigh_invalidate(struct neighbour *neigh)
997 __releases(neigh->lock)
998 __acquires(neigh->lock)
999 {
1000 struct sk_buff *skb;
1001
1002 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1003 neigh_dbg(2, "neigh %p is failed\n", neigh);
1004 neigh->updated = jiffies;
1005
1006 /* It is very thin place. report_unreachable is very complicated
1007 routine. Particularly, it can hit the same neighbour entry!
1008
1009 So that, we try to be accurate and avoid dead loop. --ANK
1010 */
1011 while (neigh->nud_state == NUD_FAILED &&
1012 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1013 write_unlock(&neigh->lock);
1014 neigh->ops->error_report(neigh, skb);
1015 write_lock(&neigh->lock);
1016 }
1017 __skb_queue_purge(&neigh->arp_queue);
1018 neigh->arp_queue_len_bytes = 0;
1019 }
1020
neigh_probe(struct neighbour * neigh)1021 static void neigh_probe(struct neighbour *neigh)
1022 __releases(neigh->lock)
1023 {
1024 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1025 /* keep skb alive even if arp_queue overflows */
1026 if (skb)
1027 skb = skb_clone(skb, GFP_ATOMIC);
1028 write_unlock(&neigh->lock);
1029 if (neigh->ops->solicit)
1030 neigh->ops->solicit(neigh, skb);
1031 atomic_inc(&neigh->probes);
1032 consume_skb(skb);
1033 }
1034
1035 /* Called when a timer expires for a neighbour entry. */
1036
neigh_timer_handler(struct timer_list * t)1037 static void neigh_timer_handler(struct timer_list *t)
1038 {
1039 unsigned long now, next;
1040 struct neighbour *neigh = from_timer(neigh, t, timer);
1041 unsigned int state;
1042 int notify = 0;
1043
1044 write_lock(&neigh->lock);
1045
1046 state = neigh->nud_state;
1047 now = jiffies;
1048 next = now + HZ;
1049
1050 if (!(state & NUD_IN_TIMER))
1051 goto out;
1052
1053 if (state & NUD_REACHABLE) {
1054 if (time_before_eq(now,
1055 neigh->confirmed + neigh->parms->reachable_time)) {
1056 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1057 next = neigh->confirmed + neigh->parms->reachable_time;
1058 } else if (time_before_eq(now,
1059 neigh->used +
1060 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1061 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1062 neigh->nud_state = NUD_DELAY;
1063 neigh->updated = jiffies;
1064 neigh_suspect(neigh);
1065 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1066 } else {
1067 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1068 neigh->nud_state = NUD_STALE;
1069 neigh->updated = jiffies;
1070 neigh_suspect(neigh);
1071 notify = 1;
1072 }
1073 } else if (state & NUD_DELAY) {
1074 if (time_before_eq(now,
1075 neigh->confirmed +
1076 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1077 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1078 neigh->nud_state = NUD_REACHABLE;
1079 neigh->updated = jiffies;
1080 neigh_connect(neigh);
1081 notify = 1;
1082 next = neigh->confirmed + neigh->parms->reachable_time;
1083 } else {
1084 neigh_dbg(2, "neigh %p is probed\n", neigh);
1085 neigh->nud_state = NUD_PROBE;
1086 neigh->updated = jiffies;
1087 atomic_set(&neigh->probes, 0);
1088 notify = 1;
1089 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1090 HZ/100);
1091 }
1092 } else {
1093 /* NUD_PROBE|NUD_INCOMPLETE */
1094 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1095 }
1096
1097 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1098 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1099 neigh->nud_state = NUD_FAILED;
1100 notify = 1;
1101 neigh_invalidate(neigh);
1102 goto out;
1103 }
1104
1105 if (neigh->nud_state & NUD_IN_TIMER) {
1106 if (time_before(next, jiffies + HZ/100))
1107 next = jiffies + HZ/100;
1108 if (!mod_timer(&neigh->timer, next))
1109 neigh_hold(neigh);
1110 }
1111 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1112 neigh_probe(neigh);
1113 } else {
1114 out:
1115 write_unlock(&neigh->lock);
1116 }
1117
1118 if (notify)
1119 neigh_update_notify(neigh, 0);
1120
1121 trace_neigh_timer_handler(neigh, 0);
1122
1123 neigh_release(neigh);
1124 }
1125
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb)1126 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1127 {
1128 int rc;
1129 bool immediate_probe = false;
1130
1131 write_lock_bh(&neigh->lock);
1132
1133 rc = 0;
1134 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1135 goto out_unlock_bh;
1136 if (neigh->dead)
1137 goto out_dead;
1138
1139 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1140 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1141 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1142 unsigned long next, now = jiffies;
1143
1144 atomic_set(&neigh->probes,
1145 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1146 neigh_del_timer(neigh);
1147 neigh->nud_state = NUD_INCOMPLETE;
1148 neigh->updated = now;
1149 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1150 HZ/100);
1151 neigh_add_timer(neigh, next);
1152 immediate_probe = true;
1153 } else {
1154 neigh->nud_state = NUD_FAILED;
1155 neigh->updated = jiffies;
1156 write_unlock_bh(&neigh->lock);
1157
1158 kfree_skb(skb);
1159 return 1;
1160 }
1161 } else if (neigh->nud_state & NUD_STALE) {
1162 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1163 neigh_del_timer(neigh);
1164 neigh->nud_state = NUD_DELAY;
1165 neigh->updated = jiffies;
1166 neigh_add_timer(neigh, jiffies +
1167 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1168 }
1169
1170 if (neigh->nud_state == NUD_INCOMPLETE) {
1171 if (skb) {
1172 while (neigh->arp_queue_len_bytes + skb->truesize >
1173 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1174 struct sk_buff *buff;
1175
1176 buff = __skb_dequeue(&neigh->arp_queue);
1177 if (!buff)
1178 break;
1179 neigh->arp_queue_len_bytes -= buff->truesize;
1180 kfree_skb(buff);
1181 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1182 }
1183 skb_dst_force(skb);
1184 __skb_queue_tail(&neigh->arp_queue, skb);
1185 neigh->arp_queue_len_bytes += skb->truesize;
1186 }
1187 rc = 1;
1188 }
1189 out_unlock_bh:
1190 if (immediate_probe)
1191 neigh_probe(neigh);
1192 else
1193 write_unlock(&neigh->lock);
1194 local_bh_enable();
1195 trace_neigh_event_send_done(neigh, rc);
1196 return rc;
1197
1198 out_dead:
1199 if (neigh->nud_state & NUD_STALE)
1200 goto out_unlock_bh;
1201 write_unlock_bh(&neigh->lock);
1202 kfree_skb(skb);
1203 trace_neigh_event_send_dead(neigh, 1);
1204 return 1;
1205 }
1206 EXPORT_SYMBOL(__neigh_event_send);
1207
neigh_update_hhs(struct neighbour * neigh)1208 static void neigh_update_hhs(struct neighbour *neigh)
1209 {
1210 struct hh_cache *hh;
1211 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1212 = NULL;
1213
1214 if (neigh->dev->header_ops)
1215 update = neigh->dev->header_ops->cache_update;
1216
1217 if (update) {
1218 hh = &neigh->hh;
1219 if (READ_ONCE(hh->hh_len)) {
1220 write_seqlock_bh(&hh->hh_lock);
1221 update(hh, neigh->dev, neigh->ha);
1222 write_sequnlock_bh(&hh->hh_lock);
1223 }
1224 }
1225 }
1226
1227
1228
1229 /* Generic update routine.
1230 -- lladdr is new lladdr or NULL, if it is not supplied.
1231 -- new is new state.
1232 -- flags
1233 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1234 if it is different.
1235 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1236 lladdr instead of overriding it
1237 if it is different.
1238 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1239 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1240 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1241 NTF_ROUTER flag.
1242 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1243 a router.
1244
1245 Caller MUST hold reference count on the entry.
1246 */
1247
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1248 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1249 u8 new, u32 flags, u32 nlmsg_pid,
1250 struct netlink_ext_ack *extack)
1251 {
1252 bool ext_learn_change = false;
1253 u8 old;
1254 int err;
1255 int notify = 0;
1256 struct net_device *dev;
1257 int update_isrouter = 0;
1258
1259 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1260
1261 write_lock_bh(&neigh->lock);
1262
1263 dev = neigh->dev;
1264 old = neigh->nud_state;
1265 err = -EPERM;
1266
1267 if (neigh->dead) {
1268 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1269 new = old;
1270 goto out;
1271 }
1272 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1273 (old & (NUD_NOARP | NUD_PERMANENT)))
1274 goto out;
1275
1276 ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1277 if (flags & NEIGH_UPDATE_F_USE) {
1278 new = old & ~NUD_PERMANENT;
1279 neigh->nud_state = new;
1280 err = 0;
1281 goto out;
1282 }
1283
1284 if (!(new & NUD_VALID)) {
1285 neigh_del_timer(neigh);
1286 if (old & NUD_CONNECTED)
1287 neigh_suspect(neigh);
1288 neigh->nud_state = new;
1289 err = 0;
1290 notify = old & NUD_VALID;
1291 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1292 (new & NUD_FAILED)) {
1293 neigh_invalidate(neigh);
1294 notify = 1;
1295 }
1296 goto out;
1297 }
1298
1299 /* Compare new lladdr with cached one */
1300 if (!dev->addr_len) {
1301 /* First case: device needs no address. */
1302 lladdr = neigh->ha;
1303 } else if (lladdr) {
1304 /* The second case: if something is already cached
1305 and a new address is proposed:
1306 - compare new & old
1307 - if they are different, check override flag
1308 */
1309 if ((old & NUD_VALID) &&
1310 !memcmp(lladdr, neigh->ha, dev->addr_len))
1311 lladdr = neigh->ha;
1312 } else {
1313 /* No address is supplied; if we know something,
1314 use it, otherwise discard the request.
1315 */
1316 err = -EINVAL;
1317 if (!(old & NUD_VALID)) {
1318 NL_SET_ERR_MSG(extack, "No link layer address given");
1319 goto out;
1320 }
1321 lladdr = neigh->ha;
1322 }
1323
1324 /* Update confirmed timestamp for neighbour entry after we
1325 * received ARP packet even if it doesn't change IP to MAC binding.
1326 */
1327 if (new & NUD_CONNECTED)
1328 neigh->confirmed = jiffies;
1329
1330 /* If entry was valid and address is not changed,
1331 do not change entry state, if new one is STALE.
1332 */
1333 err = 0;
1334 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1335 if (old & NUD_VALID) {
1336 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1337 update_isrouter = 0;
1338 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1339 (old & NUD_CONNECTED)) {
1340 lladdr = neigh->ha;
1341 new = NUD_STALE;
1342 } else
1343 goto out;
1344 } else {
1345 if (lladdr == neigh->ha && new == NUD_STALE &&
1346 !(flags & NEIGH_UPDATE_F_ADMIN))
1347 new = old;
1348 }
1349 }
1350
1351 /* Update timestamp only once we know we will make a change to the
1352 * neighbour entry. Otherwise we risk to move the locktime window with
1353 * noop updates and ignore relevant ARP updates.
1354 */
1355 if (new != old || lladdr != neigh->ha)
1356 neigh->updated = jiffies;
1357
1358 if (new != old) {
1359 neigh_del_timer(neigh);
1360 if (new & NUD_PROBE)
1361 atomic_set(&neigh->probes, 0);
1362 if (new & NUD_IN_TIMER)
1363 neigh_add_timer(neigh, (jiffies +
1364 ((new & NUD_REACHABLE) ?
1365 neigh->parms->reachable_time :
1366 0)));
1367 neigh->nud_state = new;
1368 notify = 1;
1369 }
1370
1371 if (lladdr != neigh->ha) {
1372 write_seqlock(&neigh->ha_lock);
1373 memcpy(&neigh->ha, lladdr, dev->addr_len);
1374 write_sequnlock(&neigh->ha_lock);
1375 neigh_update_hhs(neigh);
1376 if (!(new & NUD_CONNECTED))
1377 neigh->confirmed = jiffies -
1378 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1379 notify = 1;
1380 }
1381 if (new == old)
1382 goto out;
1383 if (new & NUD_CONNECTED)
1384 neigh_connect(neigh);
1385 else
1386 neigh_suspect(neigh);
1387 if (!(old & NUD_VALID)) {
1388 struct sk_buff *skb;
1389
1390 /* Again: avoid dead loop if something went wrong */
1391
1392 while (neigh->nud_state & NUD_VALID &&
1393 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1394 struct dst_entry *dst = skb_dst(skb);
1395 struct neighbour *n2, *n1 = neigh;
1396 write_unlock_bh(&neigh->lock);
1397
1398 rcu_read_lock();
1399
1400 /* Why not just use 'neigh' as-is? The problem is that
1401 * things such as shaper, eql, and sch_teql can end up
1402 * using alternative, different, neigh objects to output
1403 * the packet in the output path. So what we need to do
1404 * here is re-lookup the top-level neigh in the path so
1405 * we can reinject the packet there.
1406 */
1407 n2 = NULL;
1408 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1409 n2 = dst_neigh_lookup_skb(dst, skb);
1410 if (n2)
1411 n1 = n2;
1412 }
1413 n1->output(n1, skb);
1414 if (n2)
1415 neigh_release(n2);
1416 rcu_read_unlock();
1417
1418 write_lock_bh(&neigh->lock);
1419 }
1420 __skb_queue_purge(&neigh->arp_queue);
1421 neigh->arp_queue_len_bytes = 0;
1422 }
1423 out:
1424 if (update_isrouter)
1425 neigh_update_is_router(neigh, flags, ¬ify);
1426 write_unlock_bh(&neigh->lock);
1427
1428 if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1429 neigh_update_gc_list(neigh);
1430
1431 if (notify)
1432 neigh_update_notify(neigh, nlmsg_pid);
1433
1434 trace_neigh_update_done(neigh, err);
1435
1436 return err;
1437 }
1438
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1439 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1440 u32 flags, u32 nlmsg_pid)
1441 {
1442 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1443 }
1444 EXPORT_SYMBOL(neigh_update);
1445
1446 /* Update the neigh to listen temporarily for probe responses, even if it is
1447 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1448 */
__neigh_set_probe_once(struct neighbour * neigh)1449 void __neigh_set_probe_once(struct neighbour *neigh)
1450 {
1451 if (neigh->dead)
1452 return;
1453 neigh->updated = jiffies;
1454 if (!(neigh->nud_state & NUD_FAILED))
1455 return;
1456 neigh->nud_state = NUD_INCOMPLETE;
1457 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1458 neigh_add_timer(neigh,
1459 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1460 HZ/100));
1461 }
1462 EXPORT_SYMBOL(__neigh_set_probe_once);
1463
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1464 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1465 u8 *lladdr, void *saddr,
1466 struct net_device *dev)
1467 {
1468 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1469 lladdr || !dev->addr_len);
1470 if (neigh)
1471 neigh_update(neigh, lladdr, NUD_STALE,
1472 NEIGH_UPDATE_F_OVERRIDE, 0);
1473 return neigh;
1474 }
1475 EXPORT_SYMBOL(neigh_event_ns);
1476
1477 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1478 static void neigh_hh_init(struct neighbour *n)
1479 {
1480 struct net_device *dev = n->dev;
1481 __be16 prot = n->tbl->protocol;
1482 struct hh_cache *hh = &n->hh;
1483
1484 write_lock_bh(&n->lock);
1485
1486 /* Only one thread can come in here and initialize the
1487 * hh_cache entry.
1488 */
1489 if (!hh->hh_len)
1490 dev->header_ops->cache(n, hh, prot);
1491
1492 write_unlock_bh(&n->lock);
1493 }
1494
1495 /* Slow and careful. */
1496
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1497 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1498 {
1499 int rc = 0;
1500
1501 if (!neigh_event_send(neigh, skb)) {
1502 int err;
1503 struct net_device *dev = neigh->dev;
1504 unsigned int seq;
1505
1506 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1507 neigh_hh_init(neigh);
1508
1509 do {
1510 __skb_pull(skb, skb_network_offset(skb));
1511 seq = read_seqbegin(&neigh->ha_lock);
1512 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1513 neigh->ha, NULL, skb->len);
1514 } while (read_seqretry(&neigh->ha_lock, seq));
1515
1516 if (err >= 0)
1517 rc = dev_queue_xmit(skb);
1518 else
1519 goto out_kfree_skb;
1520 }
1521 out:
1522 return rc;
1523 out_kfree_skb:
1524 rc = -EINVAL;
1525 kfree_skb(skb);
1526 goto out;
1527 }
1528 EXPORT_SYMBOL(neigh_resolve_output);
1529
1530 /* As fast as possible without hh cache */
1531
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1532 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1533 {
1534 struct net_device *dev = neigh->dev;
1535 unsigned int seq;
1536 int err;
1537
1538 do {
1539 __skb_pull(skb, skb_network_offset(skb));
1540 seq = read_seqbegin(&neigh->ha_lock);
1541 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1542 neigh->ha, NULL, skb->len);
1543 } while (read_seqretry(&neigh->ha_lock, seq));
1544
1545 if (err >= 0)
1546 err = dev_queue_xmit(skb);
1547 else {
1548 err = -EINVAL;
1549 kfree_skb(skb);
1550 }
1551 return err;
1552 }
1553 EXPORT_SYMBOL(neigh_connected_output);
1554
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1555 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1556 {
1557 return dev_queue_xmit(skb);
1558 }
1559 EXPORT_SYMBOL(neigh_direct_output);
1560
neigh_proxy_process(struct timer_list * t)1561 static void neigh_proxy_process(struct timer_list *t)
1562 {
1563 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1564 long sched_next = 0;
1565 unsigned long now = jiffies;
1566 struct sk_buff *skb, *n;
1567
1568 spin_lock(&tbl->proxy_queue.lock);
1569
1570 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1571 long tdif = NEIGH_CB(skb)->sched_next - now;
1572
1573 if (tdif <= 0) {
1574 struct net_device *dev = skb->dev;
1575
1576 __skb_unlink(skb, &tbl->proxy_queue);
1577 if (tbl->proxy_redo && netif_running(dev)) {
1578 rcu_read_lock();
1579 tbl->proxy_redo(skb);
1580 rcu_read_unlock();
1581 } else {
1582 kfree_skb(skb);
1583 }
1584
1585 dev_put(dev);
1586 } else if (!sched_next || tdif < sched_next)
1587 sched_next = tdif;
1588 }
1589 del_timer(&tbl->proxy_timer);
1590 if (sched_next)
1591 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1592 spin_unlock(&tbl->proxy_queue.lock);
1593 }
1594
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1595 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1596 struct sk_buff *skb)
1597 {
1598 unsigned long now = jiffies;
1599
1600 unsigned long sched_next = now + (prandom_u32() %
1601 NEIGH_VAR(p, PROXY_DELAY));
1602
1603 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1604 kfree_skb(skb);
1605 return;
1606 }
1607
1608 NEIGH_CB(skb)->sched_next = sched_next;
1609 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1610
1611 spin_lock(&tbl->proxy_queue.lock);
1612 if (del_timer(&tbl->proxy_timer)) {
1613 if (time_before(tbl->proxy_timer.expires, sched_next))
1614 sched_next = tbl->proxy_timer.expires;
1615 }
1616 skb_dst_drop(skb);
1617 dev_hold(skb->dev);
1618 __skb_queue_tail(&tbl->proxy_queue, skb);
1619 mod_timer(&tbl->proxy_timer, sched_next);
1620 spin_unlock(&tbl->proxy_queue.lock);
1621 }
1622 EXPORT_SYMBOL(pneigh_enqueue);
1623
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1624 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1625 struct net *net, int ifindex)
1626 {
1627 struct neigh_parms *p;
1628
1629 list_for_each_entry(p, &tbl->parms_list, list) {
1630 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1631 (!p->dev && !ifindex && net_eq(net, &init_net)))
1632 return p;
1633 }
1634
1635 return NULL;
1636 }
1637
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1638 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1639 struct neigh_table *tbl)
1640 {
1641 struct neigh_parms *p;
1642 struct net *net = dev_net(dev);
1643 const struct net_device_ops *ops = dev->netdev_ops;
1644
1645 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1646 if (p) {
1647 p->tbl = tbl;
1648 refcount_set(&p->refcnt, 1);
1649 p->reachable_time =
1650 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1651 dev_hold(dev);
1652 p->dev = dev;
1653 write_pnet(&p->net, net);
1654 p->sysctl_table = NULL;
1655
1656 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1657 dev_put(dev);
1658 kfree(p);
1659 return NULL;
1660 }
1661
1662 write_lock_bh(&tbl->lock);
1663 list_add(&p->list, &tbl->parms.list);
1664 write_unlock_bh(&tbl->lock);
1665
1666 neigh_parms_data_state_cleanall(p);
1667 }
1668 return p;
1669 }
1670 EXPORT_SYMBOL(neigh_parms_alloc);
1671
neigh_rcu_free_parms(struct rcu_head * head)1672 static void neigh_rcu_free_parms(struct rcu_head *head)
1673 {
1674 struct neigh_parms *parms =
1675 container_of(head, struct neigh_parms, rcu_head);
1676
1677 neigh_parms_put(parms);
1678 }
1679
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1680 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1681 {
1682 if (!parms || parms == &tbl->parms)
1683 return;
1684 write_lock_bh(&tbl->lock);
1685 list_del(&parms->list);
1686 parms->dead = 1;
1687 write_unlock_bh(&tbl->lock);
1688 if (parms->dev)
1689 dev_put(parms->dev);
1690 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1691 }
1692 EXPORT_SYMBOL(neigh_parms_release);
1693
neigh_parms_destroy(struct neigh_parms * parms)1694 static void neigh_parms_destroy(struct neigh_parms *parms)
1695 {
1696 kfree(parms);
1697 }
1698
1699 static struct lock_class_key neigh_table_proxy_queue_class;
1700
1701 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1702
neigh_table_init(int index,struct neigh_table * tbl)1703 void neigh_table_init(int index, struct neigh_table *tbl)
1704 {
1705 unsigned long now = jiffies;
1706 unsigned long phsize;
1707
1708 INIT_LIST_HEAD(&tbl->parms_list);
1709 INIT_LIST_HEAD(&tbl->gc_list);
1710 list_add(&tbl->parms.list, &tbl->parms_list);
1711 write_pnet(&tbl->parms.net, &init_net);
1712 refcount_set(&tbl->parms.refcnt, 1);
1713 tbl->parms.reachable_time =
1714 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1715
1716 tbl->stats = alloc_percpu(struct neigh_statistics);
1717 if (!tbl->stats)
1718 panic("cannot create neighbour cache statistics");
1719
1720 #ifdef CONFIG_PROC_FS
1721 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1722 &neigh_stat_seq_ops, tbl))
1723 panic("cannot create neighbour proc dir entry");
1724 #endif
1725
1726 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1727
1728 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1729 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1730
1731 if (!tbl->nht || !tbl->phash_buckets)
1732 panic("cannot allocate neighbour cache hashes");
1733
1734 if (!tbl->entry_size)
1735 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1736 tbl->key_len, NEIGH_PRIV_ALIGN);
1737 else
1738 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1739
1740 rwlock_init(&tbl->lock);
1741 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1742 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1743 tbl->parms.reachable_time);
1744 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1745 skb_queue_head_init_class(&tbl->proxy_queue,
1746 &neigh_table_proxy_queue_class);
1747
1748 tbl->last_flush = now;
1749 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1750
1751 neigh_tables[index] = tbl;
1752 }
1753 EXPORT_SYMBOL(neigh_table_init);
1754
neigh_table_clear(int index,struct neigh_table * tbl)1755 int neigh_table_clear(int index, struct neigh_table *tbl)
1756 {
1757 neigh_tables[index] = NULL;
1758 /* It is not clean... Fix it to unload IPv6 module safely */
1759 cancel_delayed_work_sync(&tbl->gc_work);
1760 del_timer_sync(&tbl->proxy_timer);
1761 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1762 neigh_ifdown(tbl, NULL);
1763 if (atomic_read(&tbl->entries))
1764 pr_crit("neighbour leakage\n");
1765
1766 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1767 neigh_hash_free_rcu);
1768 tbl->nht = NULL;
1769
1770 kfree(tbl->phash_buckets);
1771 tbl->phash_buckets = NULL;
1772
1773 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1774
1775 free_percpu(tbl->stats);
1776 tbl->stats = NULL;
1777
1778 return 0;
1779 }
1780 EXPORT_SYMBOL(neigh_table_clear);
1781
neigh_find_table(int family)1782 static struct neigh_table *neigh_find_table(int family)
1783 {
1784 struct neigh_table *tbl = NULL;
1785
1786 switch (family) {
1787 case AF_INET:
1788 tbl = neigh_tables[NEIGH_ARP_TABLE];
1789 break;
1790 case AF_INET6:
1791 tbl = neigh_tables[NEIGH_ND_TABLE];
1792 break;
1793 case AF_DECnet:
1794 tbl = neigh_tables[NEIGH_DN_TABLE];
1795 break;
1796 }
1797
1798 return tbl;
1799 }
1800
1801 const struct nla_policy nda_policy[NDA_MAX+1] = {
1802 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1803 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1804 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1805 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1806 [NDA_PROBES] = { .type = NLA_U32 },
1807 [NDA_VLAN] = { .type = NLA_U16 },
1808 [NDA_PORT] = { .type = NLA_U16 },
1809 [NDA_VNI] = { .type = NLA_U32 },
1810 [NDA_IFINDEX] = { .type = NLA_U32 },
1811 [NDA_MASTER] = { .type = NLA_U32 },
1812 [NDA_PROTOCOL] = { .type = NLA_U8 },
1813 [NDA_NH_ID] = { .type = NLA_U32 },
1814 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1815 };
1816
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1817 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1818 struct netlink_ext_ack *extack)
1819 {
1820 struct net *net = sock_net(skb->sk);
1821 struct ndmsg *ndm;
1822 struct nlattr *dst_attr;
1823 struct neigh_table *tbl;
1824 struct neighbour *neigh;
1825 struct net_device *dev = NULL;
1826 int err = -EINVAL;
1827
1828 ASSERT_RTNL();
1829 if (nlmsg_len(nlh) < sizeof(*ndm))
1830 goto out;
1831
1832 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1833 if (!dst_attr) {
1834 NL_SET_ERR_MSG(extack, "Network address not specified");
1835 goto out;
1836 }
1837
1838 ndm = nlmsg_data(nlh);
1839 if (ndm->ndm_ifindex) {
1840 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1841 if (dev == NULL) {
1842 err = -ENODEV;
1843 goto out;
1844 }
1845 }
1846
1847 tbl = neigh_find_table(ndm->ndm_family);
1848 if (tbl == NULL)
1849 return -EAFNOSUPPORT;
1850
1851 if (nla_len(dst_attr) < (int)tbl->key_len) {
1852 NL_SET_ERR_MSG(extack, "Invalid network address");
1853 goto out;
1854 }
1855
1856 if (ndm->ndm_flags & NTF_PROXY) {
1857 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1858 goto out;
1859 }
1860
1861 if (dev == NULL)
1862 goto out;
1863
1864 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1865 if (neigh == NULL) {
1866 err = -ENOENT;
1867 goto out;
1868 }
1869
1870 err = __neigh_update(neigh, NULL, NUD_FAILED,
1871 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1872 NETLINK_CB(skb).portid, extack);
1873 write_lock_bh(&tbl->lock);
1874 neigh_release(neigh);
1875 neigh_remove_one(neigh, tbl);
1876 write_unlock_bh(&tbl->lock);
1877
1878 out:
1879 return err;
1880 }
1881
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1882 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1883 struct netlink_ext_ack *extack)
1884 {
1885 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1886 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1887 struct net *net = sock_net(skb->sk);
1888 struct ndmsg *ndm;
1889 struct nlattr *tb[NDA_MAX+1];
1890 struct neigh_table *tbl;
1891 struct net_device *dev = NULL;
1892 struct neighbour *neigh;
1893 void *dst, *lladdr;
1894 u8 protocol = 0;
1895 int err;
1896
1897 ASSERT_RTNL();
1898 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1899 nda_policy, extack);
1900 if (err < 0)
1901 goto out;
1902
1903 err = -EINVAL;
1904 if (!tb[NDA_DST]) {
1905 NL_SET_ERR_MSG(extack, "Network address not specified");
1906 goto out;
1907 }
1908
1909 ndm = nlmsg_data(nlh);
1910 if (ndm->ndm_ifindex) {
1911 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1912 if (dev == NULL) {
1913 err = -ENODEV;
1914 goto out;
1915 }
1916
1917 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1918 NL_SET_ERR_MSG(extack, "Invalid link address");
1919 goto out;
1920 }
1921 }
1922
1923 tbl = neigh_find_table(ndm->ndm_family);
1924 if (tbl == NULL)
1925 return -EAFNOSUPPORT;
1926
1927 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1928 NL_SET_ERR_MSG(extack, "Invalid network address");
1929 goto out;
1930 }
1931
1932 dst = nla_data(tb[NDA_DST]);
1933 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1934
1935 if (tb[NDA_PROTOCOL])
1936 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1937
1938 if (ndm->ndm_flags & NTF_PROXY) {
1939 struct pneigh_entry *pn;
1940
1941 err = -ENOBUFS;
1942 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1943 if (pn) {
1944 pn->flags = ndm->ndm_flags;
1945 if (protocol)
1946 pn->protocol = protocol;
1947 err = 0;
1948 }
1949 goto out;
1950 }
1951
1952 if (!dev) {
1953 NL_SET_ERR_MSG(extack, "Device not specified");
1954 goto out;
1955 }
1956
1957 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1958 err = -EINVAL;
1959 goto out;
1960 }
1961
1962 neigh = neigh_lookup(tbl, dst, dev);
1963 if (neigh == NULL) {
1964 bool exempt_from_gc;
1965
1966 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1967 err = -ENOENT;
1968 goto out;
1969 }
1970
1971 exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1972 ndm->ndm_flags & NTF_EXT_LEARNED;
1973 neigh = ___neigh_create(tbl, dst, dev,
1974 ndm->ndm_flags & NTF_EXT_LEARNED,
1975 exempt_from_gc, true);
1976 if (IS_ERR(neigh)) {
1977 err = PTR_ERR(neigh);
1978 goto out;
1979 }
1980 } else {
1981 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1982 err = -EEXIST;
1983 neigh_release(neigh);
1984 goto out;
1985 }
1986
1987 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1988 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1989 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1990 }
1991
1992 if (protocol)
1993 neigh->protocol = protocol;
1994 if (ndm->ndm_flags & NTF_EXT_LEARNED)
1995 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
1996 if (ndm->ndm_flags & NTF_ROUTER)
1997 flags |= NEIGH_UPDATE_F_ISROUTER;
1998 if (ndm->ndm_flags & NTF_USE)
1999 flags |= NEIGH_UPDATE_F_USE;
2000
2001 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2002 NETLINK_CB(skb).portid, extack);
2003 if (!err && ndm->ndm_flags & NTF_USE) {
2004 neigh_event_send(neigh, NULL);
2005 err = 0;
2006 }
2007 neigh_release(neigh);
2008 out:
2009 return err;
2010 }
2011
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)2012 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2013 {
2014 struct nlattr *nest;
2015
2016 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2017 if (nest == NULL)
2018 return -ENOBUFS;
2019
2020 if ((parms->dev &&
2021 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2022 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2023 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2024 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2025 /* approximative value for deprecated QUEUE_LEN (in packets) */
2026 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2027 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2028 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2029 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2030 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2031 NEIGH_VAR(parms, UCAST_PROBES)) ||
2032 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2033 NEIGH_VAR(parms, MCAST_PROBES)) ||
2034 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2035 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2036 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2037 NDTPA_PAD) ||
2038 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2039 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2040 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2041 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2042 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2043 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2044 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2045 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2046 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2047 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2048 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2049 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2050 nla_put_msecs(skb, NDTPA_LOCKTIME,
2051 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2052 goto nla_put_failure;
2053 return nla_nest_end(skb, nest);
2054
2055 nla_put_failure:
2056 nla_nest_cancel(skb, nest);
2057 return -EMSGSIZE;
2058 }
2059
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2060 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2061 u32 pid, u32 seq, int type, int flags)
2062 {
2063 struct nlmsghdr *nlh;
2064 struct ndtmsg *ndtmsg;
2065
2066 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2067 if (nlh == NULL)
2068 return -EMSGSIZE;
2069
2070 ndtmsg = nlmsg_data(nlh);
2071
2072 read_lock_bh(&tbl->lock);
2073 ndtmsg->ndtm_family = tbl->family;
2074 ndtmsg->ndtm_pad1 = 0;
2075 ndtmsg->ndtm_pad2 = 0;
2076
2077 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2078 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2079 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2080 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2081 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2082 goto nla_put_failure;
2083 {
2084 unsigned long now = jiffies;
2085 long flush_delta = now - tbl->last_flush;
2086 long rand_delta = now - tbl->last_rand;
2087 struct neigh_hash_table *nht;
2088 struct ndt_config ndc = {
2089 .ndtc_key_len = tbl->key_len,
2090 .ndtc_entry_size = tbl->entry_size,
2091 .ndtc_entries = atomic_read(&tbl->entries),
2092 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2093 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2094 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2095 };
2096
2097 rcu_read_lock_bh();
2098 nht = rcu_dereference_bh(tbl->nht);
2099 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2100 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2101 rcu_read_unlock_bh();
2102
2103 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2104 goto nla_put_failure;
2105 }
2106
2107 {
2108 int cpu;
2109 struct ndt_stats ndst;
2110
2111 memset(&ndst, 0, sizeof(ndst));
2112
2113 for_each_possible_cpu(cpu) {
2114 struct neigh_statistics *st;
2115
2116 st = per_cpu_ptr(tbl->stats, cpu);
2117 ndst.ndts_allocs += st->allocs;
2118 ndst.ndts_destroys += st->destroys;
2119 ndst.ndts_hash_grows += st->hash_grows;
2120 ndst.ndts_res_failed += st->res_failed;
2121 ndst.ndts_lookups += st->lookups;
2122 ndst.ndts_hits += st->hits;
2123 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2124 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2125 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2126 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2127 ndst.ndts_table_fulls += st->table_fulls;
2128 }
2129
2130 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2131 NDTA_PAD))
2132 goto nla_put_failure;
2133 }
2134
2135 BUG_ON(tbl->parms.dev);
2136 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2137 goto nla_put_failure;
2138
2139 read_unlock_bh(&tbl->lock);
2140 nlmsg_end(skb, nlh);
2141 return 0;
2142
2143 nla_put_failure:
2144 read_unlock_bh(&tbl->lock);
2145 nlmsg_cancel(skb, nlh);
2146 return -EMSGSIZE;
2147 }
2148
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2149 static int neightbl_fill_param_info(struct sk_buff *skb,
2150 struct neigh_table *tbl,
2151 struct neigh_parms *parms,
2152 u32 pid, u32 seq, int type,
2153 unsigned int flags)
2154 {
2155 struct ndtmsg *ndtmsg;
2156 struct nlmsghdr *nlh;
2157
2158 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2159 if (nlh == NULL)
2160 return -EMSGSIZE;
2161
2162 ndtmsg = nlmsg_data(nlh);
2163
2164 read_lock_bh(&tbl->lock);
2165 ndtmsg->ndtm_family = tbl->family;
2166 ndtmsg->ndtm_pad1 = 0;
2167 ndtmsg->ndtm_pad2 = 0;
2168
2169 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2170 neightbl_fill_parms(skb, parms) < 0)
2171 goto errout;
2172
2173 read_unlock_bh(&tbl->lock);
2174 nlmsg_end(skb, nlh);
2175 return 0;
2176 errout:
2177 read_unlock_bh(&tbl->lock);
2178 nlmsg_cancel(skb, nlh);
2179 return -EMSGSIZE;
2180 }
2181
2182 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2183 [NDTA_NAME] = { .type = NLA_STRING },
2184 [NDTA_THRESH1] = { .type = NLA_U32 },
2185 [NDTA_THRESH2] = { .type = NLA_U32 },
2186 [NDTA_THRESH3] = { .type = NLA_U32 },
2187 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2188 [NDTA_PARMS] = { .type = NLA_NESTED },
2189 };
2190
2191 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2192 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2193 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2194 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2195 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2196 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2197 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2198 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2199 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2200 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2201 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2202 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2203 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2204 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2205 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2206 };
2207
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2208 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2209 struct netlink_ext_ack *extack)
2210 {
2211 struct net *net = sock_net(skb->sk);
2212 struct neigh_table *tbl;
2213 struct ndtmsg *ndtmsg;
2214 struct nlattr *tb[NDTA_MAX+1];
2215 bool found = false;
2216 int err, tidx;
2217
2218 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2219 nl_neightbl_policy, extack);
2220 if (err < 0)
2221 goto errout;
2222
2223 if (tb[NDTA_NAME] == NULL) {
2224 err = -EINVAL;
2225 goto errout;
2226 }
2227
2228 ndtmsg = nlmsg_data(nlh);
2229
2230 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2231 tbl = neigh_tables[tidx];
2232 if (!tbl)
2233 continue;
2234 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2235 continue;
2236 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2237 found = true;
2238 break;
2239 }
2240 }
2241
2242 if (!found)
2243 return -ENOENT;
2244
2245 /*
2246 * We acquire tbl->lock to be nice to the periodic timers and
2247 * make sure they always see a consistent set of values.
2248 */
2249 write_lock_bh(&tbl->lock);
2250
2251 if (tb[NDTA_PARMS]) {
2252 struct nlattr *tbp[NDTPA_MAX+1];
2253 struct neigh_parms *p;
2254 int i, ifindex = 0;
2255
2256 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2257 tb[NDTA_PARMS],
2258 nl_ntbl_parm_policy, extack);
2259 if (err < 0)
2260 goto errout_tbl_lock;
2261
2262 if (tbp[NDTPA_IFINDEX])
2263 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2264
2265 p = lookup_neigh_parms(tbl, net, ifindex);
2266 if (p == NULL) {
2267 err = -ENOENT;
2268 goto errout_tbl_lock;
2269 }
2270
2271 for (i = 1; i <= NDTPA_MAX; i++) {
2272 if (tbp[i] == NULL)
2273 continue;
2274
2275 switch (i) {
2276 case NDTPA_QUEUE_LEN:
2277 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2278 nla_get_u32(tbp[i]) *
2279 SKB_TRUESIZE(ETH_FRAME_LEN));
2280 break;
2281 case NDTPA_QUEUE_LENBYTES:
2282 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2283 nla_get_u32(tbp[i]));
2284 break;
2285 case NDTPA_PROXY_QLEN:
2286 NEIGH_VAR_SET(p, PROXY_QLEN,
2287 nla_get_u32(tbp[i]));
2288 break;
2289 case NDTPA_APP_PROBES:
2290 NEIGH_VAR_SET(p, APP_PROBES,
2291 nla_get_u32(tbp[i]));
2292 break;
2293 case NDTPA_UCAST_PROBES:
2294 NEIGH_VAR_SET(p, UCAST_PROBES,
2295 nla_get_u32(tbp[i]));
2296 break;
2297 case NDTPA_MCAST_PROBES:
2298 NEIGH_VAR_SET(p, MCAST_PROBES,
2299 nla_get_u32(tbp[i]));
2300 break;
2301 case NDTPA_MCAST_REPROBES:
2302 NEIGH_VAR_SET(p, MCAST_REPROBES,
2303 nla_get_u32(tbp[i]));
2304 break;
2305 case NDTPA_BASE_REACHABLE_TIME:
2306 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2307 nla_get_msecs(tbp[i]));
2308 /* update reachable_time as well, otherwise, the change will
2309 * only be effective after the next time neigh_periodic_work
2310 * decides to recompute it (can be multiple minutes)
2311 */
2312 p->reachable_time =
2313 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2314 break;
2315 case NDTPA_GC_STALETIME:
2316 NEIGH_VAR_SET(p, GC_STALETIME,
2317 nla_get_msecs(tbp[i]));
2318 break;
2319 case NDTPA_DELAY_PROBE_TIME:
2320 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2321 nla_get_msecs(tbp[i]));
2322 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2323 break;
2324 case NDTPA_RETRANS_TIME:
2325 NEIGH_VAR_SET(p, RETRANS_TIME,
2326 nla_get_msecs(tbp[i]));
2327 break;
2328 case NDTPA_ANYCAST_DELAY:
2329 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2330 nla_get_msecs(tbp[i]));
2331 break;
2332 case NDTPA_PROXY_DELAY:
2333 NEIGH_VAR_SET(p, PROXY_DELAY,
2334 nla_get_msecs(tbp[i]));
2335 break;
2336 case NDTPA_LOCKTIME:
2337 NEIGH_VAR_SET(p, LOCKTIME,
2338 nla_get_msecs(tbp[i]));
2339 break;
2340 }
2341 }
2342 }
2343
2344 err = -ENOENT;
2345 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2346 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2347 !net_eq(net, &init_net))
2348 goto errout_tbl_lock;
2349
2350 if (tb[NDTA_THRESH1])
2351 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2352
2353 if (tb[NDTA_THRESH2])
2354 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2355
2356 if (tb[NDTA_THRESH3])
2357 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2358
2359 if (tb[NDTA_GC_INTERVAL])
2360 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2361
2362 err = 0;
2363
2364 errout_tbl_lock:
2365 write_unlock_bh(&tbl->lock);
2366 errout:
2367 return err;
2368 }
2369
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2370 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2371 struct netlink_ext_ack *extack)
2372 {
2373 struct ndtmsg *ndtm;
2374
2375 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2376 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2377 return -EINVAL;
2378 }
2379
2380 ndtm = nlmsg_data(nlh);
2381 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2382 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2383 return -EINVAL;
2384 }
2385
2386 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2387 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2388 return -EINVAL;
2389 }
2390
2391 return 0;
2392 }
2393
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2394 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2395 {
2396 const struct nlmsghdr *nlh = cb->nlh;
2397 struct net *net = sock_net(skb->sk);
2398 int family, tidx, nidx = 0;
2399 int tbl_skip = cb->args[0];
2400 int neigh_skip = cb->args[1];
2401 struct neigh_table *tbl;
2402
2403 if (cb->strict_check) {
2404 int err = neightbl_valid_dump_info(nlh, cb->extack);
2405
2406 if (err < 0)
2407 return err;
2408 }
2409
2410 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2411
2412 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2413 struct neigh_parms *p;
2414
2415 tbl = neigh_tables[tidx];
2416 if (!tbl)
2417 continue;
2418
2419 if (tidx < tbl_skip || (family && tbl->family != family))
2420 continue;
2421
2422 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2423 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2424 NLM_F_MULTI) < 0)
2425 break;
2426
2427 nidx = 0;
2428 p = list_next_entry(&tbl->parms, list);
2429 list_for_each_entry_from(p, &tbl->parms_list, list) {
2430 if (!net_eq(neigh_parms_net(p), net))
2431 continue;
2432
2433 if (nidx < neigh_skip)
2434 goto next;
2435
2436 if (neightbl_fill_param_info(skb, tbl, p,
2437 NETLINK_CB(cb->skb).portid,
2438 nlh->nlmsg_seq,
2439 RTM_NEWNEIGHTBL,
2440 NLM_F_MULTI) < 0)
2441 goto out;
2442 next:
2443 nidx++;
2444 }
2445
2446 neigh_skip = 0;
2447 }
2448 out:
2449 cb->args[0] = tidx;
2450 cb->args[1] = nidx;
2451
2452 return skb->len;
2453 }
2454
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2455 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2456 u32 pid, u32 seq, int type, unsigned int flags)
2457 {
2458 unsigned long now = jiffies;
2459 struct nda_cacheinfo ci;
2460 struct nlmsghdr *nlh;
2461 struct ndmsg *ndm;
2462
2463 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2464 if (nlh == NULL)
2465 return -EMSGSIZE;
2466
2467 ndm = nlmsg_data(nlh);
2468 ndm->ndm_family = neigh->ops->family;
2469 ndm->ndm_pad1 = 0;
2470 ndm->ndm_pad2 = 0;
2471 ndm->ndm_flags = neigh->flags;
2472 ndm->ndm_type = neigh->type;
2473 ndm->ndm_ifindex = neigh->dev->ifindex;
2474
2475 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2476 goto nla_put_failure;
2477
2478 read_lock_bh(&neigh->lock);
2479 ndm->ndm_state = neigh->nud_state;
2480 if (neigh->nud_state & NUD_VALID) {
2481 char haddr[MAX_ADDR_LEN];
2482
2483 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2484 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2485 read_unlock_bh(&neigh->lock);
2486 goto nla_put_failure;
2487 }
2488 }
2489
2490 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2491 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2492 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2493 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2494 read_unlock_bh(&neigh->lock);
2495
2496 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2497 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2498 goto nla_put_failure;
2499
2500 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2501 goto nla_put_failure;
2502
2503 nlmsg_end(skb, nlh);
2504 return 0;
2505
2506 nla_put_failure:
2507 nlmsg_cancel(skb, nlh);
2508 return -EMSGSIZE;
2509 }
2510
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2511 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2512 u32 pid, u32 seq, int type, unsigned int flags,
2513 struct neigh_table *tbl)
2514 {
2515 struct nlmsghdr *nlh;
2516 struct ndmsg *ndm;
2517
2518 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2519 if (nlh == NULL)
2520 return -EMSGSIZE;
2521
2522 ndm = nlmsg_data(nlh);
2523 ndm->ndm_family = tbl->family;
2524 ndm->ndm_pad1 = 0;
2525 ndm->ndm_pad2 = 0;
2526 ndm->ndm_flags = pn->flags | NTF_PROXY;
2527 ndm->ndm_type = RTN_UNICAST;
2528 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2529 ndm->ndm_state = NUD_NONE;
2530
2531 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2532 goto nla_put_failure;
2533
2534 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2535 goto nla_put_failure;
2536
2537 nlmsg_end(skb, nlh);
2538 return 0;
2539
2540 nla_put_failure:
2541 nlmsg_cancel(skb, nlh);
2542 return -EMSGSIZE;
2543 }
2544
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2545 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2546 {
2547 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2548 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2549 }
2550
neigh_master_filtered(struct net_device * dev,int master_idx)2551 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2552 {
2553 struct net_device *master;
2554
2555 if (!master_idx)
2556 return false;
2557
2558 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2559 if (!master || master->ifindex != master_idx)
2560 return true;
2561
2562 return false;
2563 }
2564
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2565 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2566 {
2567 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2568 return true;
2569
2570 return false;
2571 }
2572
2573 struct neigh_dump_filter {
2574 int master_idx;
2575 int dev_idx;
2576 };
2577
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2578 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2579 struct netlink_callback *cb,
2580 struct neigh_dump_filter *filter)
2581 {
2582 struct net *net = sock_net(skb->sk);
2583 struct neighbour *n;
2584 int rc, h, s_h = cb->args[1];
2585 int idx, s_idx = idx = cb->args[2];
2586 struct neigh_hash_table *nht;
2587 unsigned int flags = NLM_F_MULTI;
2588
2589 if (filter->dev_idx || filter->master_idx)
2590 flags |= NLM_F_DUMP_FILTERED;
2591
2592 rcu_read_lock_bh();
2593 nht = rcu_dereference_bh(tbl->nht);
2594
2595 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2596 if (h > s_h)
2597 s_idx = 0;
2598 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2599 n != NULL;
2600 n = rcu_dereference_bh(n->next)) {
2601 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2602 goto next;
2603 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2604 neigh_master_filtered(n->dev, filter->master_idx))
2605 goto next;
2606 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2607 cb->nlh->nlmsg_seq,
2608 RTM_NEWNEIGH,
2609 flags) < 0) {
2610 rc = -1;
2611 goto out;
2612 }
2613 next:
2614 idx++;
2615 }
2616 }
2617 rc = skb->len;
2618 out:
2619 rcu_read_unlock_bh();
2620 cb->args[1] = h;
2621 cb->args[2] = idx;
2622 return rc;
2623 }
2624
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2625 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2626 struct netlink_callback *cb,
2627 struct neigh_dump_filter *filter)
2628 {
2629 struct pneigh_entry *n;
2630 struct net *net = sock_net(skb->sk);
2631 int rc, h, s_h = cb->args[3];
2632 int idx, s_idx = idx = cb->args[4];
2633 unsigned int flags = NLM_F_MULTI;
2634
2635 if (filter->dev_idx || filter->master_idx)
2636 flags |= NLM_F_DUMP_FILTERED;
2637
2638 read_lock_bh(&tbl->lock);
2639
2640 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2641 if (h > s_h)
2642 s_idx = 0;
2643 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2644 if (idx < s_idx || pneigh_net(n) != net)
2645 goto next;
2646 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2647 neigh_master_filtered(n->dev, filter->master_idx))
2648 goto next;
2649 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2650 cb->nlh->nlmsg_seq,
2651 RTM_NEWNEIGH, flags, tbl) < 0) {
2652 read_unlock_bh(&tbl->lock);
2653 rc = -1;
2654 goto out;
2655 }
2656 next:
2657 idx++;
2658 }
2659 }
2660
2661 read_unlock_bh(&tbl->lock);
2662 rc = skb->len;
2663 out:
2664 cb->args[3] = h;
2665 cb->args[4] = idx;
2666 return rc;
2667
2668 }
2669
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2670 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2671 bool strict_check,
2672 struct neigh_dump_filter *filter,
2673 struct netlink_ext_ack *extack)
2674 {
2675 struct nlattr *tb[NDA_MAX + 1];
2676 int err, i;
2677
2678 if (strict_check) {
2679 struct ndmsg *ndm;
2680
2681 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2682 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2683 return -EINVAL;
2684 }
2685
2686 ndm = nlmsg_data(nlh);
2687 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2688 ndm->ndm_state || ndm->ndm_type) {
2689 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2690 return -EINVAL;
2691 }
2692
2693 if (ndm->ndm_flags & ~NTF_PROXY) {
2694 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2695 return -EINVAL;
2696 }
2697
2698 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2699 tb, NDA_MAX, nda_policy,
2700 extack);
2701 } else {
2702 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2703 NDA_MAX, nda_policy, extack);
2704 }
2705 if (err < 0)
2706 return err;
2707
2708 for (i = 0; i <= NDA_MAX; ++i) {
2709 if (!tb[i])
2710 continue;
2711
2712 /* all new attributes should require strict_check */
2713 switch (i) {
2714 case NDA_IFINDEX:
2715 filter->dev_idx = nla_get_u32(tb[i]);
2716 break;
2717 case NDA_MASTER:
2718 filter->master_idx = nla_get_u32(tb[i]);
2719 break;
2720 default:
2721 if (strict_check) {
2722 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2723 return -EINVAL;
2724 }
2725 }
2726 }
2727
2728 return 0;
2729 }
2730
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2731 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2732 {
2733 const struct nlmsghdr *nlh = cb->nlh;
2734 struct neigh_dump_filter filter = {};
2735 struct neigh_table *tbl;
2736 int t, family, s_t;
2737 int proxy = 0;
2738 int err;
2739
2740 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2741
2742 /* check for full ndmsg structure presence, family member is
2743 * the same for both structures
2744 */
2745 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2746 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2747 proxy = 1;
2748
2749 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2750 if (err < 0 && cb->strict_check)
2751 return err;
2752
2753 s_t = cb->args[0];
2754
2755 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2756 tbl = neigh_tables[t];
2757
2758 if (!tbl)
2759 continue;
2760 if (t < s_t || (family && tbl->family != family))
2761 continue;
2762 if (t > s_t)
2763 memset(&cb->args[1], 0, sizeof(cb->args) -
2764 sizeof(cb->args[0]));
2765 if (proxy)
2766 err = pneigh_dump_table(tbl, skb, cb, &filter);
2767 else
2768 err = neigh_dump_table(tbl, skb, cb, &filter);
2769 if (err < 0)
2770 break;
2771 }
2772
2773 cb->args[0] = t;
2774 return skb->len;
2775 }
2776
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2777 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2778 struct neigh_table **tbl,
2779 void **dst, int *dev_idx, u8 *ndm_flags,
2780 struct netlink_ext_ack *extack)
2781 {
2782 struct nlattr *tb[NDA_MAX + 1];
2783 struct ndmsg *ndm;
2784 int err, i;
2785
2786 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2787 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2788 return -EINVAL;
2789 }
2790
2791 ndm = nlmsg_data(nlh);
2792 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2793 ndm->ndm_type) {
2794 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2795 return -EINVAL;
2796 }
2797
2798 if (ndm->ndm_flags & ~NTF_PROXY) {
2799 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2800 return -EINVAL;
2801 }
2802
2803 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2804 NDA_MAX, nda_policy, extack);
2805 if (err < 0)
2806 return err;
2807
2808 *ndm_flags = ndm->ndm_flags;
2809 *dev_idx = ndm->ndm_ifindex;
2810 *tbl = neigh_find_table(ndm->ndm_family);
2811 if (*tbl == NULL) {
2812 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2813 return -EAFNOSUPPORT;
2814 }
2815
2816 for (i = 0; i <= NDA_MAX; ++i) {
2817 if (!tb[i])
2818 continue;
2819
2820 switch (i) {
2821 case NDA_DST:
2822 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2823 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2824 return -EINVAL;
2825 }
2826 *dst = nla_data(tb[i]);
2827 break;
2828 default:
2829 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2830 return -EINVAL;
2831 }
2832 }
2833
2834 return 0;
2835 }
2836
neigh_nlmsg_size(void)2837 static inline size_t neigh_nlmsg_size(void)
2838 {
2839 return NLMSG_ALIGN(sizeof(struct ndmsg))
2840 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2841 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2842 + nla_total_size(sizeof(struct nda_cacheinfo))
2843 + nla_total_size(4) /* NDA_PROBES */
2844 + nla_total_size(1); /* NDA_PROTOCOL */
2845 }
2846
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2847 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2848 u32 pid, u32 seq)
2849 {
2850 struct sk_buff *skb;
2851 int err = 0;
2852
2853 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2854 if (!skb)
2855 return -ENOBUFS;
2856
2857 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2858 if (err) {
2859 kfree_skb(skb);
2860 goto errout;
2861 }
2862
2863 err = rtnl_unicast(skb, net, pid);
2864 errout:
2865 return err;
2866 }
2867
pneigh_nlmsg_size(void)2868 static inline size_t pneigh_nlmsg_size(void)
2869 {
2870 return NLMSG_ALIGN(sizeof(struct ndmsg))
2871 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2872 + nla_total_size(1); /* NDA_PROTOCOL */
2873 }
2874
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2875 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2876 u32 pid, u32 seq, struct neigh_table *tbl)
2877 {
2878 struct sk_buff *skb;
2879 int err = 0;
2880
2881 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2882 if (!skb)
2883 return -ENOBUFS;
2884
2885 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2886 if (err) {
2887 kfree_skb(skb);
2888 goto errout;
2889 }
2890
2891 err = rtnl_unicast(skb, net, pid);
2892 errout:
2893 return err;
2894 }
2895
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2896 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2897 struct netlink_ext_ack *extack)
2898 {
2899 struct net *net = sock_net(in_skb->sk);
2900 struct net_device *dev = NULL;
2901 struct neigh_table *tbl = NULL;
2902 struct neighbour *neigh;
2903 void *dst = NULL;
2904 u8 ndm_flags = 0;
2905 int dev_idx = 0;
2906 int err;
2907
2908 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2909 extack);
2910 if (err < 0)
2911 return err;
2912
2913 if (dev_idx) {
2914 dev = __dev_get_by_index(net, dev_idx);
2915 if (!dev) {
2916 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2917 return -ENODEV;
2918 }
2919 }
2920
2921 if (!dst) {
2922 NL_SET_ERR_MSG(extack, "Network address not specified");
2923 return -EINVAL;
2924 }
2925
2926 if (ndm_flags & NTF_PROXY) {
2927 struct pneigh_entry *pn;
2928
2929 pn = pneigh_lookup(tbl, net, dst, dev, 0);
2930 if (!pn) {
2931 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2932 return -ENOENT;
2933 }
2934 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2935 nlh->nlmsg_seq, tbl);
2936 }
2937
2938 if (!dev) {
2939 NL_SET_ERR_MSG(extack, "No device specified");
2940 return -EINVAL;
2941 }
2942
2943 neigh = neigh_lookup(tbl, dst, dev);
2944 if (!neigh) {
2945 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2946 return -ENOENT;
2947 }
2948
2949 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2950 nlh->nlmsg_seq);
2951
2952 neigh_release(neigh);
2953
2954 return err;
2955 }
2956
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)2957 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2958 {
2959 int chain;
2960 struct neigh_hash_table *nht;
2961
2962 rcu_read_lock_bh();
2963 nht = rcu_dereference_bh(tbl->nht);
2964
2965 read_lock(&tbl->lock); /* avoid resizes */
2966 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2967 struct neighbour *n;
2968
2969 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2970 n != NULL;
2971 n = rcu_dereference_bh(n->next))
2972 cb(n, cookie);
2973 }
2974 read_unlock(&tbl->lock);
2975 rcu_read_unlock_bh();
2976 }
2977 EXPORT_SYMBOL(neigh_for_each);
2978
2979 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))2980 void __neigh_for_each_release(struct neigh_table *tbl,
2981 int (*cb)(struct neighbour *))
2982 {
2983 int chain;
2984 struct neigh_hash_table *nht;
2985
2986 nht = rcu_dereference_protected(tbl->nht,
2987 lockdep_is_held(&tbl->lock));
2988 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2989 struct neighbour *n;
2990 struct neighbour __rcu **np;
2991
2992 np = &nht->hash_buckets[chain];
2993 while ((n = rcu_dereference_protected(*np,
2994 lockdep_is_held(&tbl->lock))) != NULL) {
2995 int release;
2996
2997 write_lock(&n->lock);
2998 release = cb(n);
2999 if (release) {
3000 rcu_assign_pointer(*np,
3001 rcu_dereference_protected(n->next,
3002 lockdep_is_held(&tbl->lock)));
3003 neigh_mark_dead(n);
3004 } else
3005 np = &n->next;
3006 write_unlock(&n->lock);
3007 if (release)
3008 neigh_cleanup_and_release(n);
3009 }
3010 }
3011 }
3012 EXPORT_SYMBOL(__neigh_for_each_release);
3013
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)3014 int neigh_xmit(int index, struct net_device *dev,
3015 const void *addr, struct sk_buff *skb)
3016 {
3017 int err = -EAFNOSUPPORT;
3018 if (likely(index < NEIGH_NR_TABLES)) {
3019 struct neigh_table *tbl;
3020 struct neighbour *neigh;
3021
3022 tbl = neigh_tables[index];
3023 if (!tbl)
3024 goto out;
3025 rcu_read_lock_bh();
3026 if (index == NEIGH_ARP_TABLE) {
3027 u32 key = *((u32 *)addr);
3028
3029 neigh = __ipv4_neigh_lookup_noref(dev, key);
3030 } else {
3031 neigh = __neigh_lookup_noref(tbl, addr, dev);
3032 }
3033 if (!neigh)
3034 neigh = __neigh_create(tbl, addr, dev, false);
3035 err = PTR_ERR(neigh);
3036 if (IS_ERR(neigh)) {
3037 rcu_read_unlock_bh();
3038 goto out_kfree_skb;
3039 }
3040 err = neigh->output(neigh, skb);
3041 rcu_read_unlock_bh();
3042 }
3043 else if (index == NEIGH_LINK_TABLE) {
3044 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3045 addr, NULL, skb->len);
3046 if (err < 0)
3047 goto out_kfree_skb;
3048 err = dev_queue_xmit(skb);
3049 }
3050 out:
3051 return err;
3052 out_kfree_skb:
3053 kfree_skb(skb);
3054 goto out;
3055 }
3056 EXPORT_SYMBOL(neigh_xmit);
3057
3058 #ifdef CONFIG_PROC_FS
3059
neigh_get_first(struct seq_file * seq)3060 static struct neighbour *neigh_get_first(struct seq_file *seq)
3061 {
3062 struct neigh_seq_state *state = seq->private;
3063 struct net *net = seq_file_net(seq);
3064 struct neigh_hash_table *nht = state->nht;
3065 struct neighbour *n = NULL;
3066 int bucket;
3067
3068 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3069 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3070 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3071
3072 while (n) {
3073 if (!net_eq(dev_net(n->dev), net))
3074 goto next;
3075 if (state->neigh_sub_iter) {
3076 loff_t fakep = 0;
3077 void *v;
3078
3079 v = state->neigh_sub_iter(state, n, &fakep);
3080 if (!v)
3081 goto next;
3082 }
3083 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3084 break;
3085 if (n->nud_state & ~NUD_NOARP)
3086 break;
3087 next:
3088 n = rcu_dereference_bh(n->next);
3089 }
3090
3091 if (n)
3092 break;
3093 }
3094 state->bucket = bucket;
3095
3096 return n;
3097 }
3098
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3099 static struct neighbour *neigh_get_next(struct seq_file *seq,
3100 struct neighbour *n,
3101 loff_t *pos)
3102 {
3103 struct neigh_seq_state *state = seq->private;
3104 struct net *net = seq_file_net(seq);
3105 struct neigh_hash_table *nht = state->nht;
3106
3107 if (state->neigh_sub_iter) {
3108 void *v = state->neigh_sub_iter(state, n, pos);
3109 if (v)
3110 return n;
3111 }
3112 n = rcu_dereference_bh(n->next);
3113
3114 while (1) {
3115 while (n) {
3116 if (!net_eq(dev_net(n->dev), net))
3117 goto next;
3118 if (state->neigh_sub_iter) {
3119 void *v = state->neigh_sub_iter(state, n, pos);
3120 if (v)
3121 return n;
3122 goto next;
3123 }
3124 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3125 break;
3126
3127 if (n->nud_state & ~NUD_NOARP)
3128 break;
3129 next:
3130 n = rcu_dereference_bh(n->next);
3131 }
3132
3133 if (n)
3134 break;
3135
3136 if (++state->bucket >= (1 << nht->hash_shift))
3137 break;
3138
3139 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3140 }
3141
3142 if (n && pos)
3143 --(*pos);
3144 return n;
3145 }
3146
neigh_get_idx(struct seq_file * seq,loff_t * pos)3147 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3148 {
3149 struct neighbour *n = neigh_get_first(seq);
3150
3151 if (n) {
3152 --(*pos);
3153 while (*pos) {
3154 n = neigh_get_next(seq, n, pos);
3155 if (!n)
3156 break;
3157 }
3158 }
3159 return *pos ? NULL : n;
3160 }
3161
pneigh_get_first(struct seq_file * seq)3162 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3163 {
3164 struct neigh_seq_state *state = seq->private;
3165 struct net *net = seq_file_net(seq);
3166 struct neigh_table *tbl = state->tbl;
3167 struct pneigh_entry *pn = NULL;
3168 int bucket = state->bucket;
3169
3170 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3171 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3172 pn = tbl->phash_buckets[bucket];
3173 while (pn && !net_eq(pneigh_net(pn), net))
3174 pn = pn->next;
3175 if (pn)
3176 break;
3177 }
3178 state->bucket = bucket;
3179
3180 return pn;
3181 }
3182
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3183 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3184 struct pneigh_entry *pn,
3185 loff_t *pos)
3186 {
3187 struct neigh_seq_state *state = seq->private;
3188 struct net *net = seq_file_net(seq);
3189 struct neigh_table *tbl = state->tbl;
3190
3191 do {
3192 pn = pn->next;
3193 } while (pn && !net_eq(pneigh_net(pn), net));
3194
3195 while (!pn) {
3196 if (++state->bucket > PNEIGH_HASHMASK)
3197 break;
3198 pn = tbl->phash_buckets[state->bucket];
3199 while (pn && !net_eq(pneigh_net(pn), net))
3200 pn = pn->next;
3201 if (pn)
3202 break;
3203 }
3204
3205 if (pn && pos)
3206 --(*pos);
3207
3208 return pn;
3209 }
3210
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3211 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3212 {
3213 struct pneigh_entry *pn = pneigh_get_first(seq);
3214
3215 if (pn) {
3216 --(*pos);
3217 while (*pos) {
3218 pn = pneigh_get_next(seq, pn, pos);
3219 if (!pn)
3220 break;
3221 }
3222 }
3223 return *pos ? NULL : pn;
3224 }
3225
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3226 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3227 {
3228 struct neigh_seq_state *state = seq->private;
3229 void *rc;
3230 loff_t idxpos = *pos;
3231
3232 rc = neigh_get_idx(seq, &idxpos);
3233 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3234 rc = pneigh_get_idx(seq, &idxpos);
3235
3236 return rc;
3237 }
3238
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3239 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3240 __acquires(tbl->lock)
3241 __acquires(rcu_bh)
3242 {
3243 struct neigh_seq_state *state = seq->private;
3244
3245 state->tbl = tbl;
3246 state->bucket = 0;
3247 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3248
3249 rcu_read_lock_bh();
3250 state->nht = rcu_dereference_bh(tbl->nht);
3251 read_lock(&tbl->lock);
3252
3253 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3254 }
3255 EXPORT_SYMBOL(neigh_seq_start);
3256
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3257 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3258 {
3259 struct neigh_seq_state *state;
3260 void *rc;
3261
3262 if (v == SEQ_START_TOKEN) {
3263 rc = neigh_get_first(seq);
3264 goto out;
3265 }
3266
3267 state = seq->private;
3268 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3269 rc = neigh_get_next(seq, v, NULL);
3270 if (rc)
3271 goto out;
3272 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3273 rc = pneigh_get_first(seq);
3274 } else {
3275 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3276 rc = pneigh_get_next(seq, v, NULL);
3277 }
3278 out:
3279 ++(*pos);
3280 return rc;
3281 }
3282 EXPORT_SYMBOL(neigh_seq_next);
3283
neigh_seq_stop(struct seq_file * seq,void * v)3284 void neigh_seq_stop(struct seq_file *seq, void *v)
3285 __releases(tbl->lock)
3286 __releases(rcu_bh)
3287 {
3288 struct neigh_seq_state *state = seq->private;
3289 struct neigh_table *tbl = state->tbl;
3290
3291 read_unlock(&tbl->lock);
3292 rcu_read_unlock_bh();
3293 }
3294 EXPORT_SYMBOL(neigh_seq_stop);
3295
3296 /* statistics via seq_file */
3297
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3298 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3299 {
3300 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3301 int cpu;
3302
3303 if (*pos == 0)
3304 return SEQ_START_TOKEN;
3305
3306 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3307 if (!cpu_possible(cpu))
3308 continue;
3309 *pos = cpu+1;
3310 return per_cpu_ptr(tbl->stats, cpu);
3311 }
3312 return NULL;
3313 }
3314
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3315 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3316 {
3317 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3318 int cpu;
3319
3320 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3321 if (!cpu_possible(cpu))
3322 continue;
3323 *pos = cpu+1;
3324 return per_cpu_ptr(tbl->stats, cpu);
3325 }
3326 (*pos)++;
3327 return NULL;
3328 }
3329
neigh_stat_seq_stop(struct seq_file * seq,void * v)3330 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3331 {
3332
3333 }
3334
neigh_stat_seq_show(struct seq_file * seq,void * v)3335 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3336 {
3337 struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3338 struct neigh_statistics *st = v;
3339
3340 if (v == SEQ_START_TOKEN) {
3341 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3342 return 0;
3343 }
3344
3345 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3346 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3347 atomic_read(&tbl->entries),
3348
3349 st->allocs,
3350 st->destroys,
3351 st->hash_grows,
3352
3353 st->lookups,
3354 st->hits,
3355
3356 st->res_failed,
3357
3358 st->rcv_probes_mcast,
3359 st->rcv_probes_ucast,
3360
3361 st->periodic_gc_runs,
3362 st->forced_gc_runs,
3363 st->unres_discards,
3364 st->table_fulls
3365 );
3366
3367 return 0;
3368 }
3369
3370 static const struct seq_operations neigh_stat_seq_ops = {
3371 .start = neigh_stat_seq_start,
3372 .next = neigh_stat_seq_next,
3373 .stop = neigh_stat_seq_stop,
3374 .show = neigh_stat_seq_show,
3375 };
3376 #endif /* CONFIG_PROC_FS */
3377
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3378 static void __neigh_notify(struct neighbour *n, int type, int flags,
3379 u32 pid)
3380 {
3381 struct net *net = dev_net(n->dev);
3382 struct sk_buff *skb;
3383 int err = -ENOBUFS;
3384
3385 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3386 if (skb == NULL)
3387 goto errout;
3388
3389 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3390 if (err < 0) {
3391 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3392 WARN_ON(err == -EMSGSIZE);
3393 kfree_skb(skb);
3394 goto errout;
3395 }
3396 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3397 return;
3398 errout:
3399 if (err < 0)
3400 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3401 }
3402
neigh_app_ns(struct neighbour * n)3403 void neigh_app_ns(struct neighbour *n)
3404 {
3405 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3406 }
3407 EXPORT_SYMBOL(neigh_app_ns);
3408
3409 #ifdef CONFIG_SYSCTL
3410 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3411
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3412 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3413 void *buffer, size_t *lenp, loff_t *ppos)
3414 {
3415 int size, ret;
3416 struct ctl_table tmp = *ctl;
3417
3418 tmp.extra1 = SYSCTL_ZERO;
3419 tmp.extra2 = &unres_qlen_max;
3420 tmp.data = &size;
3421
3422 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3423 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3424
3425 if (write && !ret)
3426 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3427 return ret;
3428 }
3429
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3430 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3431 int family)
3432 {
3433 switch (family) {
3434 case AF_INET:
3435 return __in_dev_arp_parms_get_rcu(dev);
3436 case AF_INET6:
3437 return __in6_dev_nd_parms_get_rcu(dev);
3438 }
3439 return NULL;
3440 }
3441
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3442 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3443 int index)
3444 {
3445 struct net_device *dev;
3446 int family = neigh_parms_family(p);
3447
3448 rcu_read_lock();
3449 for_each_netdev_rcu(net, dev) {
3450 struct neigh_parms *dst_p =
3451 neigh_get_dev_parms_rcu(dev, family);
3452
3453 if (dst_p && !test_bit(index, dst_p->data_state))
3454 dst_p->data[index] = p->data[index];
3455 }
3456 rcu_read_unlock();
3457 }
3458
neigh_proc_update(struct ctl_table * ctl,int write)3459 static void neigh_proc_update(struct ctl_table *ctl, int write)
3460 {
3461 struct net_device *dev = ctl->extra1;
3462 struct neigh_parms *p = ctl->extra2;
3463 struct net *net = neigh_parms_net(p);
3464 int index = (int *) ctl->data - p->data;
3465
3466 if (!write)
3467 return;
3468
3469 set_bit(index, p->data_state);
3470 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3471 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3472 if (!dev) /* NULL dev means this is default value */
3473 neigh_copy_dflt_parms(net, p, index);
3474 }
3475
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3476 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3477 void *buffer, size_t *lenp,
3478 loff_t *ppos)
3479 {
3480 struct ctl_table tmp = *ctl;
3481 int ret;
3482
3483 tmp.extra1 = SYSCTL_ZERO;
3484 tmp.extra2 = SYSCTL_INT_MAX;
3485
3486 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3487 neigh_proc_update(ctl, write);
3488 return ret;
3489 }
3490
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3491 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3492 size_t *lenp, loff_t *ppos)
3493 {
3494 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3495
3496 neigh_proc_update(ctl, write);
3497 return ret;
3498 }
3499 EXPORT_SYMBOL(neigh_proc_dointvec);
3500
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3501 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3502 size_t *lenp, loff_t *ppos)
3503 {
3504 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3505
3506 neigh_proc_update(ctl, write);
3507 return ret;
3508 }
3509 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3510
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3511 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3512 void *buffer, size_t *lenp,
3513 loff_t *ppos)
3514 {
3515 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3516
3517 neigh_proc_update(ctl, write);
3518 return ret;
3519 }
3520
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3521 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3522 void *buffer, size_t *lenp, loff_t *ppos)
3523 {
3524 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3525
3526 neigh_proc_update(ctl, write);
3527 return ret;
3528 }
3529 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3530
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3531 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3532 void *buffer, size_t *lenp,
3533 loff_t *ppos)
3534 {
3535 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3536
3537 neigh_proc_update(ctl, write);
3538 return ret;
3539 }
3540
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3541 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3542 void *buffer, size_t *lenp,
3543 loff_t *ppos)
3544 {
3545 struct neigh_parms *p = ctl->extra2;
3546 int ret;
3547
3548 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3549 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3550 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3551 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3552 else
3553 ret = -1;
3554
3555 if (write && ret == 0) {
3556 /* update reachable_time as well, otherwise, the change will
3557 * only be effective after the next time neigh_periodic_work
3558 * decides to recompute it
3559 */
3560 p->reachable_time =
3561 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3562 }
3563 return ret;
3564 }
3565
3566 #define NEIGH_PARMS_DATA_OFFSET(index) \
3567 (&((struct neigh_parms *) 0)->data[index])
3568
3569 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3570 [NEIGH_VAR_ ## attr] = { \
3571 .procname = name, \
3572 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3573 .maxlen = sizeof(int), \
3574 .mode = mval, \
3575 .proc_handler = proc, \
3576 }
3577
3578 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3579 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3580
3581 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3582 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3583
3584 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3585 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3586
3587 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3588 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3589
3590 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3591 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3592
3593 static struct neigh_sysctl_table {
3594 struct ctl_table_header *sysctl_header;
3595 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3596 } neigh_sysctl_template __read_mostly = {
3597 .neigh_vars = {
3598 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3599 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3600 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3601 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3602 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3603 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3604 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3605 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3606 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3607 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3608 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3609 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3610 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3611 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3612 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3613 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3614 [NEIGH_VAR_GC_INTERVAL] = {
3615 .procname = "gc_interval",
3616 .maxlen = sizeof(int),
3617 .mode = 0644,
3618 .proc_handler = proc_dointvec_jiffies,
3619 },
3620 [NEIGH_VAR_GC_THRESH1] = {
3621 .procname = "gc_thresh1",
3622 .maxlen = sizeof(int),
3623 .mode = 0644,
3624 .extra1 = SYSCTL_ZERO,
3625 .extra2 = SYSCTL_INT_MAX,
3626 .proc_handler = proc_dointvec_minmax,
3627 },
3628 [NEIGH_VAR_GC_THRESH2] = {
3629 .procname = "gc_thresh2",
3630 .maxlen = sizeof(int),
3631 .mode = 0644,
3632 .extra1 = SYSCTL_ZERO,
3633 .extra2 = SYSCTL_INT_MAX,
3634 .proc_handler = proc_dointvec_minmax,
3635 },
3636 [NEIGH_VAR_GC_THRESH3] = {
3637 .procname = "gc_thresh3",
3638 .maxlen = sizeof(int),
3639 .mode = 0644,
3640 .extra1 = SYSCTL_ZERO,
3641 .extra2 = SYSCTL_INT_MAX,
3642 .proc_handler = proc_dointvec_minmax,
3643 },
3644 {},
3645 },
3646 };
3647
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3648 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3649 proc_handler *handler)
3650 {
3651 int i;
3652 struct neigh_sysctl_table *t;
3653 const char *dev_name_source;
3654 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3655 char *p_name;
3656
3657 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3658 if (!t)
3659 goto err;
3660
3661 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3662 t->neigh_vars[i].data += (long) p;
3663 t->neigh_vars[i].extra1 = dev;
3664 t->neigh_vars[i].extra2 = p;
3665 }
3666
3667 if (dev) {
3668 dev_name_source = dev->name;
3669 /* Terminate the table early */
3670 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3671 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3672 } else {
3673 struct neigh_table *tbl = p->tbl;
3674 dev_name_source = "default";
3675 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3676 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3677 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3678 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3679 }
3680
3681 if (handler) {
3682 /* RetransTime */
3683 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3684 /* ReachableTime */
3685 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3686 /* RetransTime (in milliseconds)*/
3687 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3688 /* ReachableTime (in milliseconds) */
3689 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3690 } else {
3691 /* Those handlers will update p->reachable_time after
3692 * base_reachable_time(_ms) is set to ensure the new timer starts being
3693 * applied after the next neighbour update instead of waiting for
3694 * neigh_periodic_work to update its value (can be multiple minutes)
3695 * So any handler that replaces them should do this as well
3696 */
3697 /* ReachableTime */
3698 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3699 neigh_proc_base_reachable_time;
3700 /* ReachableTime (in milliseconds) */
3701 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3702 neigh_proc_base_reachable_time;
3703 }
3704
3705 /* Don't export sysctls to unprivileged users */
3706 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3707 t->neigh_vars[0].procname = NULL;
3708
3709 switch (neigh_parms_family(p)) {
3710 case AF_INET:
3711 p_name = "ipv4";
3712 break;
3713 case AF_INET6:
3714 p_name = "ipv6";
3715 break;
3716 default:
3717 BUG();
3718 }
3719
3720 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3721 p_name, dev_name_source);
3722 t->sysctl_header =
3723 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3724 if (!t->sysctl_header)
3725 goto free;
3726
3727 p->sysctl_table = t;
3728 return 0;
3729
3730 free:
3731 kfree(t);
3732 err:
3733 return -ENOBUFS;
3734 }
3735 EXPORT_SYMBOL(neigh_sysctl_register);
3736
neigh_sysctl_unregister(struct neigh_parms * p)3737 void neigh_sysctl_unregister(struct neigh_parms *p)
3738 {
3739 if (p->sysctl_table) {
3740 struct neigh_sysctl_table *t = p->sysctl_table;
3741 p->sysctl_table = NULL;
3742 unregister_net_sysctl_table(t->sysctl_header);
3743 kfree(t);
3744 }
3745 }
3746 EXPORT_SYMBOL(neigh_sysctl_unregister);
3747
3748 #endif /* CONFIG_SYSCTL */
3749
neigh_init(void)3750 static int __init neigh_init(void)
3751 {
3752 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3753 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3754 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3755
3756 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3757 0);
3758 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3759
3760 return 0;
3761 }
3762
3763 subsys_initcall(neigh_init);
3764