1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define NEIGH_DEBUG 1
45 #define neigh_dbg(level, fmt, ...) \
46 do { \
47 if (level <= NEIGH_DEBUG) \
48 pr_debug(fmt, ##__VA_ARGS__); \
49 } while (0)
50
51 #define PNEIGH_HASHMASK 0xF
52
53 static void neigh_timer_handler(struct timer_list *t);
54 static void __neigh_notify(struct neighbour *n, int type, int flags,
55 u32 pid);
56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58 struct net_device *dev);
59
60 #ifdef CONFIG_PROC_FS
61 static const struct seq_operations neigh_stat_seq_ops;
62 #endif
63
64 /*
65 Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67 - All the scans/updates to hash buckets MUST be made under this lock.
68 - NOTHING clever should be made under this lock: no callbacks
69 to protocol backends, no attempts to send something to network.
70 It will result in deadlocks, if backend/driver wants to use neighbour
71 cache.
72 - If the entry requires some non-trivial actions, increase
73 its reference count and release table lock.
74
75 Neighbour entries are protected:
76 - with reference count.
77 - with rwlock neigh->lock
78
79 Reference count prevents destruction.
80
81 neigh->lock mainly serializes ll address data and its validity state.
82 However, the same lock is used to protect another entry fields:
83 - timer
84 - resolution queue
85
86 Again, nothing clever shall be made under neigh->lock,
87 the most complicated procedure, which we allow is dev->hard_header.
88 It is supposed, that dev->hard_header is simplistic and does
89 not make callbacks to neighbour tables.
90 */
91
neigh_blackhole(struct neighbour * neigh,struct sk_buff * skb)92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 {
94 kfree_skb(skb);
95 return -ENETDOWN;
96 }
97
neigh_cleanup_and_release(struct neighbour * neigh)98 static void neigh_cleanup_and_release(struct neighbour *neigh)
99 {
100 trace_neigh_cleanup_and_release(neigh, 0);
101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103 neigh_release(neigh);
104 }
105
106 /*
107 * It is random distribution in the interval (1/2)*base...(3/2)*base.
108 * It corresponds to default IPv6 settings and is not overridable,
109 * because it is really reasonable choice.
110 */
111
neigh_rand_reach_time(unsigned long base)112 unsigned long neigh_rand_reach_time(unsigned long base)
113 {
114 return base ? (prandom_u32() % base) + (base >> 1) : 0;
115 }
116 EXPORT_SYMBOL(neigh_rand_reach_time);
117
neigh_mark_dead(struct neighbour * n)118 static void neigh_mark_dead(struct neighbour *n)
119 {
120 n->dead = 1;
121 if (!list_empty(&n->gc_list)) {
122 list_del_init(&n->gc_list);
123 atomic_dec(&n->tbl->gc_entries);
124 }
125 if (!list_empty(&n->managed_list))
126 list_del_init(&n->managed_list);
127 }
128
neigh_update_gc_list(struct neighbour * n)129 static void neigh_update_gc_list(struct neighbour *n)
130 {
131 bool on_gc_list, exempt_from_gc;
132
133 write_lock_bh(&n->tbl->lock);
134 write_lock(&n->lock);
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153 out:
154 write_unlock(&n->lock);
155 write_unlock_bh(&n->tbl->lock);
156 }
157
neigh_update_managed_list(struct neighbour * n)158 static void neigh_update_managed_list(struct neighbour *n)
159 {
160 bool on_managed_list, add_to_managed;
161
162 write_lock_bh(&n->tbl->lock);
163 write_lock(&n->lock);
164 if (n->dead)
165 goto out;
166
167 add_to_managed = n->flags & NTF_MANAGED;
168 on_managed_list = !list_empty(&n->managed_list);
169
170 if (!add_to_managed && on_managed_list)
171 list_del_init(&n->managed_list);
172 else if (add_to_managed && !on_managed_list)
173 list_add_tail(&n->managed_list, &n->tbl->managed_list);
174 out:
175 write_unlock(&n->lock);
176 write_unlock_bh(&n->tbl->lock);
177 }
178
neigh_update_flags(struct neighbour * neigh,u32 flags,int * notify,bool * gc_update,bool * managed_update)179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180 bool *gc_update, bool *managed_update)
181 {
182 u32 ndm_flags, old_flags = neigh->flags;
183
184 if (!(flags & NEIGH_UPDATE_F_ADMIN))
185 return;
186
187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189
190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191 if (ndm_flags & NTF_EXT_LEARNED)
192 neigh->flags |= NTF_EXT_LEARNED;
193 else
194 neigh->flags &= ~NTF_EXT_LEARNED;
195 *notify = 1;
196 *gc_update = true;
197 }
198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199 if (ndm_flags & NTF_MANAGED)
200 neigh->flags |= NTF_MANAGED;
201 else
202 neigh->flags &= ~NTF_MANAGED;
203 *notify = 1;
204 *managed_update = true;
205 }
206 }
207
neigh_del(struct neighbour * n,struct neighbour __rcu ** np,struct neigh_table * tbl)208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209 struct neigh_table *tbl)
210 {
211 bool retval = false;
212
213 write_lock(&n->lock);
214 if (refcount_read(&n->refcnt) == 1) {
215 struct neighbour *neigh;
216
217 neigh = rcu_dereference_protected(n->next,
218 lockdep_is_held(&tbl->lock));
219 rcu_assign_pointer(*np, neigh);
220 neigh_mark_dead(n);
221 retval = true;
222 }
223 write_unlock(&n->lock);
224 if (retval)
225 neigh_cleanup_and_release(n);
226 return retval;
227 }
228
neigh_remove_one(struct neighbour * ndel,struct neigh_table * tbl)229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230 {
231 struct neigh_hash_table *nht;
232 void *pkey = ndel->primary_key;
233 u32 hash_val;
234 struct neighbour *n;
235 struct neighbour __rcu **np;
236
237 nht = rcu_dereference_protected(tbl->nht,
238 lockdep_is_held(&tbl->lock));
239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240 hash_val = hash_val >> (32 - nht->hash_shift);
241
242 np = &nht->hash_buckets[hash_val];
243 while ((n = rcu_dereference_protected(*np,
244 lockdep_is_held(&tbl->lock)))) {
245 if (n == ndel)
246 return neigh_del(n, np, tbl);
247 np = &n->next;
248 }
249 return false;
250 }
251
neigh_forced_gc(struct neigh_table * tbl)252 static int neigh_forced_gc(struct neigh_table *tbl)
253 {
254 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
255 unsigned long tref = jiffies - 5 * HZ;
256 struct neighbour *n, *tmp;
257 int shrunk = 0;
258
259 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
260
261 write_lock_bh(&tbl->lock);
262
263 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
264 if (refcount_read(&n->refcnt) == 1) {
265 bool remove = false;
266
267 write_lock(&n->lock);
268 if ((n->nud_state == NUD_FAILED) ||
269 (n->nud_state == NUD_NOARP) ||
270 (tbl->is_multicast &&
271 tbl->is_multicast(n->primary_key)) ||
272 time_after(tref, n->updated))
273 remove = true;
274 write_unlock(&n->lock);
275
276 if (remove && neigh_remove_one(n, tbl))
277 shrunk++;
278 if (shrunk >= max_clean)
279 break;
280 }
281 }
282
283 tbl->last_flush = jiffies;
284
285 write_unlock_bh(&tbl->lock);
286
287 return shrunk;
288 }
289
neigh_add_timer(struct neighbour * n,unsigned long when)290 static void neigh_add_timer(struct neighbour *n, unsigned long when)
291 {
292 neigh_hold(n);
293 if (unlikely(mod_timer(&n->timer, when))) {
294 printk("NEIGH: BUG, double timer add, state is %x\n",
295 n->nud_state);
296 dump_stack();
297 }
298 }
299
neigh_del_timer(struct neighbour * n)300 static int neigh_del_timer(struct neighbour *n)
301 {
302 if ((n->nud_state & NUD_IN_TIMER) &&
303 del_timer(&n->timer)) {
304 neigh_release(n);
305 return 1;
306 }
307 return 0;
308 }
309
pneigh_queue_purge(struct sk_buff_head * list,struct net * net)310 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
311 {
312 struct sk_buff_head tmp;
313 unsigned long flags;
314 struct sk_buff *skb;
315
316 skb_queue_head_init(&tmp);
317 spin_lock_irqsave(&list->lock, flags);
318 skb = skb_peek(list);
319 while (skb != NULL) {
320 struct sk_buff *skb_next = skb_peek_next(skb, list);
321 if (net == NULL || net_eq(dev_net(skb->dev), net)) {
322 __skb_unlink(skb, list);
323 __skb_queue_tail(&tmp, skb);
324 }
325 skb = skb_next;
326 }
327 spin_unlock_irqrestore(&list->lock, flags);
328
329 while ((skb = __skb_dequeue(&tmp))) {
330 dev_put(skb->dev);
331 kfree_skb(skb);
332 }
333 }
334
neigh_flush_dev(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)335 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
336 bool skip_perm)
337 {
338 int i;
339 struct neigh_hash_table *nht;
340
341 nht = rcu_dereference_protected(tbl->nht,
342 lockdep_is_held(&tbl->lock));
343
344 for (i = 0; i < (1 << nht->hash_shift); i++) {
345 struct neighbour *n;
346 struct neighbour __rcu **np = &nht->hash_buckets[i];
347
348 while ((n = rcu_dereference_protected(*np,
349 lockdep_is_held(&tbl->lock))) != NULL) {
350 if (dev && n->dev != dev) {
351 np = &n->next;
352 continue;
353 }
354 if (skip_perm && n->nud_state & NUD_PERMANENT) {
355 np = &n->next;
356 continue;
357 }
358 rcu_assign_pointer(*np,
359 rcu_dereference_protected(n->next,
360 lockdep_is_held(&tbl->lock)));
361 write_lock(&n->lock);
362 neigh_del_timer(n);
363 neigh_mark_dead(n);
364 if (refcount_read(&n->refcnt) != 1) {
365 /* The most unpleasant situation.
366 We must destroy neighbour entry,
367 but someone still uses it.
368
369 The destroy will be delayed until
370 the last user releases us, but
371 we must kill timers etc. and move
372 it to safe state.
373 */
374 __skb_queue_purge(&n->arp_queue);
375 n->arp_queue_len_bytes = 0;
376 n->output = neigh_blackhole;
377 if (n->nud_state & NUD_VALID)
378 n->nud_state = NUD_NOARP;
379 else
380 n->nud_state = NUD_NONE;
381 neigh_dbg(2, "neigh %p is stray\n", n);
382 }
383 write_unlock(&n->lock);
384 neigh_cleanup_and_release(n);
385 }
386 }
387 }
388
neigh_changeaddr(struct neigh_table * tbl,struct net_device * dev)389 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
390 {
391 write_lock_bh(&tbl->lock);
392 neigh_flush_dev(tbl, dev, false);
393 write_unlock_bh(&tbl->lock);
394 }
395 EXPORT_SYMBOL(neigh_changeaddr);
396
__neigh_ifdown(struct neigh_table * tbl,struct net_device * dev,bool skip_perm)397 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
398 bool skip_perm)
399 {
400 write_lock_bh(&tbl->lock);
401 neigh_flush_dev(tbl, dev, skip_perm);
402 pneigh_ifdown_and_unlock(tbl, dev);
403 pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev));
404 if (skb_queue_empty_lockless(&tbl->proxy_queue))
405 del_timer_sync(&tbl->proxy_timer);
406 return 0;
407 }
408
neigh_carrier_down(struct neigh_table * tbl,struct net_device * dev)409 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
410 {
411 __neigh_ifdown(tbl, dev, true);
412 return 0;
413 }
414 EXPORT_SYMBOL(neigh_carrier_down);
415
neigh_ifdown(struct neigh_table * tbl,struct net_device * dev)416 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
417 {
418 __neigh_ifdown(tbl, dev, false);
419 return 0;
420 }
421 EXPORT_SYMBOL(neigh_ifdown);
422
neigh_alloc(struct neigh_table * tbl,struct net_device * dev,u32 flags,bool exempt_from_gc)423 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
424 struct net_device *dev,
425 u32 flags, bool exempt_from_gc)
426 {
427 struct neighbour *n = NULL;
428 unsigned long now = jiffies;
429 int entries;
430
431 if (exempt_from_gc)
432 goto do_alloc;
433
434 entries = atomic_inc_return(&tbl->gc_entries) - 1;
435 if (entries >= tbl->gc_thresh3 ||
436 (entries >= tbl->gc_thresh2 &&
437 time_after(now, tbl->last_flush + 5 * HZ))) {
438 if (!neigh_forced_gc(tbl) &&
439 entries >= tbl->gc_thresh3) {
440 net_info_ratelimited("%s: neighbor table overflow!\n",
441 tbl->id);
442 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
443 goto out_entries;
444 }
445 }
446
447 do_alloc:
448 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
449 if (!n)
450 goto out_entries;
451
452 __skb_queue_head_init(&n->arp_queue);
453 rwlock_init(&n->lock);
454 seqlock_init(&n->ha_lock);
455 n->updated = n->used = now;
456 n->nud_state = NUD_NONE;
457 n->output = neigh_blackhole;
458 n->flags = flags;
459 seqlock_init(&n->hh.hh_lock);
460 n->parms = neigh_parms_clone(&tbl->parms);
461 timer_setup(&n->timer, neigh_timer_handler, 0);
462
463 NEIGH_CACHE_STAT_INC(tbl, allocs);
464 n->tbl = tbl;
465 refcount_set(&n->refcnt, 1);
466 n->dead = 1;
467 INIT_LIST_HEAD(&n->gc_list);
468 INIT_LIST_HEAD(&n->managed_list);
469
470 atomic_inc(&tbl->entries);
471 out:
472 return n;
473
474 out_entries:
475 if (!exempt_from_gc)
476 atomic_dec(&tbl->gc_entries);
477 goto out;
478 }
479
neigh_get_hash_rnd(u32 * x)480 static void neigh_get_hash_rnd(u32 *x)
481 {
482 *x = get_random_u32() | 1;
483 }
484
neigh_hash_alloc(unsigned int shift)485 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
486 {
487 size_t size = (1 << shift) * sizeof(struct neighbour *);
488 struct neigh_hash_table *ret;
489 struct neighbour __rcu **buckets;
490 int i;
491
492 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
493 if (!ret)
494 return NULL;
495 if (size <= PAGE_SIZE) {
496 buckets = kzalloc(size, GFP_ATOMIC);
497 } else {
498 buckets = (struct neighbour __rcu **)
499 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
500 get_order(size));
501 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
502 }
503 if (!buckets) {
504 kfree(ret);
505 return NULL;
506 }
507 ret->hash_buckets = buckets;
508 ret->hash_shift = shift;
509 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
510 neigh_get_hash_rnd(&ret->hash_rnd[i]);
511 return ret;
512 }
513
neigh_hash_free_rcu(struct rcu_head * head)514 static void neigh_hash_free_rcu(struct rcu_head *head)
515 {
516 struct neigh_hash_table *nht = container_of(head,
517 struct neigh_hash_table,
518 rcu);
519 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
520 struct neighbour __rcu **buckets = nht->hash_buckets;
521
522 if (size <= PAGE_SIZE) {
523 kfree(buckets);
524 } else {
525 kmemleak_free(buckets);
526 free_pages((unsigned long)buckets, get_order(size));
527 }
528 kfree(nht);
529 }
530
neigh_hash_grow(struct neigh_table * tbl,unsigned long new_shift)531 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
532 unsigned long new_shift)
533 {
534 unsigned int i, hash;
535 struct neigh_hash_table *new_nht, *old_nht;
536
537 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
538
539 old_nht = rcu_dereference_protected(tbl->nht,
540 lockdep_is_held(&tbl->lock));
541 new_nht = neigh_hash_alloc(new_shift);
542 if (!new_nht)
543 return old_nht;
544
545 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
546 struct neighbour *n, *next;
547
548 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
549 lockdep_is_held(&tbl->lock));
550 n != NULL;
551 n = next) {
552 hash = tbl->hash(n->primary_key, n->dev,
553 new_nht->hash_rnd);
554
555 hash >>= (32 - new_nht->hash_shift);
556 next = rcu_dereference_protected(n->next,
557 lockdep_is_held(&tbl->lock));
558
559 rcu_assign_pointer(n->next,
560 rcu_dereference_protected(
561 new_nht->hash_buckets[hash],
562 lockdep_is_held(&tbl->lock)));
563 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
564 }
565 }
566
567 rcu_assign_pointer(tbl->nht, new_nht);
568 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
569 return new_nht;
570 }
571
neigh_lookup(struct neigh_table * tbl,const void * pkey,struct net_device * dev)572 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
573 struct net_device *dev)
574 {
575 struct neighbour *n;
576
577 NEIGH_CACHE_STAT_INC(tbl, lookups);
578
579 rcu_read_lock_bh();
580 n = __neigh_lookup_noref(tbl, pkey, dev);
581 if (n) {
582 if (!refcount_inc_not_zero(&n->refcnt))
583 n = NULL;
584 NEIGH_CACHE_STAT_INC(tbl, hits);
585 }
586
587 rcu_read_unlock_bh();
588 return n;
589 }
590 EXPORT_SYMBOL(neigh_lookup);
591
neigh_lookup_nodev(struct neigh_table * tbl,struct net * net,const void * pkey)592 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
593 const void *pkey)
594 {
595 struct neighbour *n;
596 unsigned int key_len = tbl->key_len;
597 u32 hash_val;
598 struct neigh_hash_table *nht;
599
600 NEIGH_CACHE_STAT_INC(tbl, lookups);
601
602 rcu_read_lock_bh();
603 nht = rcu_dereference_bh(tbl->nht);
604 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
605
606 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
607 n != NULL;
608 n = rcu_dereference_bh(n->next)) {
609 if (!memcmp(n->primary_key, pkey, key_len) &&
610 net_eq(dev_net(n->dev), net)) {
611 if (!refcount_inc_not_zero(&n->refcnt))
612 n = NULL;
613 NEIGH_CACHE_STAT_INC(tbl, hits);
614 break;
615 }
616 }
617
618 rcu_read_unlock_bh();
619 return n;
620 }
621 EXPORT_SYMBOL(neigh_lookup_nodev);
622
623 static struct neighbour *
___neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,u32 flags,bool exempt_from_gc,bool want_ref)624 ___neigh_create(struct neigh_table *tbl, const void *pkey,
625 struct net_device *dev, u32 flags,
626 bool exempt_from_gc, bool want_ref)
627 {
628 u32 hash_val, key_len = tbl->key_len;
629 struct neighbour *n1, *rc, *n;
630 struct neigh_hash_table *nht;
631 int error;
632
633 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
634 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
635 if (!n) {
636 rc = ERR_PTR(-ENOBUFS);
637 goto out;
638 }
639
640 memcpy(n->primary_key, pkey, key_len);
641 n->dev = dev;
642 dev_hold_track(dev, &n->dev_tracker, GFP_ATOMIC);
643
644 /* Protocol specific setup. */
645 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
646 rc = ERR_PTR(error);
647 goto out_neigh_release;
648 }
649
650 if (dev->netdev_ops->ndo_neigh_construct) {
651 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
652 if (error < 0) {
653 rc = ERR_PTR(error);
654 goto out_neigh_release;
655 }
656 }
657
658 /* Device specific setup. */
659 if (n->parms->neigh_setup &&
660 (error = n->parms->neigh_setup(n)) < 0) {
661 rc = ERR_PTR(error);
662 goto out_neigh_release;
663 }
664
665 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
666
667 write_lock_bh(&tbl->lock);
668 nht = rcu_dereference_protected(tbl->nht,
669 lockdep_is_held(&tbl->lock));
670
671 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
672 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
673
674 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
675
676 if (n->parms->dead) {
677 rc = ERR_PTR(-EINVAL);
678 goto out_tbl_unlock;
679 }
680
681 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
682 lockdep_is_held(&tbl->lock));
683 n1 != NULL;
684 n1 = rcu_dereference_protected(n1->next,
685 lockdep_is_held(&tbl->lock))) {
686 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
687 if (want_ref)
688 neigh_hold(n1);
689 rc = n1;
690 goto out_tbl_unlock;
691 }
692 }
693
694 n->dead = 0;
695 if (!exempt_from_gc)
696 list_add_tail(&n->gc_list, &n->tbl->gc_list);
697 if (n->flags & NTF_MANAGED)
698 list_add_tail(&n->managed_list, &n->tbl->managed_list);
699 if (want_ref)
700 neigh_hold(n);
701 rcu_assign_pointer(n->next,
702 rcu_dereference_protected(nht->hash_buckets[hash_val],
703 lockdep_is_held(&tbl->lock)));
704 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
705 write_unlock_bh(&tbl->lock);
706 neigh_dbg(2, "neigh %p is created\n", n);
707 rc = n;
708 out:
709 return rc;
710 out_tbl_unlock:
711 write_unlock_bh(&tbl->lock);
712 out_neigh_release:
713 if (!exempt_from_gc)
714 atomic_dec(&tbl->gc_entries);
715 neigh_release(n);
716 goto out;
717 }
718
__neigh_create(struct neigh_table * tbl,const void * pkey,struct net_device * dev,bool want_ref)719 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
720 struct net_device *dev, bool want_ref)
721 {
722 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
723 }
724 EXPORT_SYMBOL(__neigh_create);
725
pneigh_hash(const void * pkey,unsigned int key_len)726 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
727 {
728 u32 hash_val = *(u32 *)(pkey + key_len - 4);
729 hash_val ^= (hash_val >> 16);
730 hash_val ^= hash_val >> 8;
731 hash_val ^= hash_val >> 4;
732 hash_val &= PNEIGH_HASHMASK;
733 return hash_val;
734 }
735
__pneigh_lookup_1(struct pneigh_entry * n,struct net * net,const void * pkey,unsigned int key_len,struct net_device * dev)736 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
737 struct net *net,
738 const void *pkey,
739 unsigned int key_len,
740 struct net_device *dev)
741 {
742 while (n) {
743 if (!memcmp(n->key, pkey, key_len) &&
744 net_eq(pneigh_net(n), net) &&
745 (n->dev == dev || !n->dev))
746 return n;
747 n = n->next;
748 }
749 return NULL;
750 }
751
__pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)752 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
753 struct net *net, const void *pkey, struct net_device *dev)
754 {
755 unsigned int key_len = tbl->key_len;
756 u32 hash_val = pneigh_hash(pkey, key_len);
757
758 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
759 net, pkey, key_len, dev);
760 }
761 EXPORT_SYMBOL_GPL(__pneigh_lookup);
762
pneigh_lookup(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev,int creat)763 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
764 struct net *net, const void *pkey,
765 struct net_device *dev, int creat)
766 {
767 struct pneigh_entry *n;
768 unsigned int key_len = tbl->key_len;
769 u32 hash_val = pneigh_hash(pkey, key_len);
770
771 read_lock_bh(&tbl->lock);
772 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
773 net, pkey, key_len, dev);
774 read_unlock_bh(&tbl->lock);
775
776 if (n || !creat)
777 goto out;
778
779 ASSERT_RTNL();
780
781 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
782 if (!n)
783 goto out;
784
785 write_pnet(&n->net, net);
786 memcpy(n->key, pkey, key_len);
787 n->dev = dev;
788 dev_hold_track(dev, &n->dev_tracker, GFP_KERNEL);
789
790 if (tbl->pconstructor && tbl->pconstructor(n)) {
791 dev_put_track(dev, &n->dev_tracker);
792 kfree(n);
793 n = NULL;
794 goto out;
795 }
796
797 write_lock_bh(&tbl->lock);
798 n->next = tbl->phash_buckets[hash_val];
799 tbl->phash_buckets[hash_val] = n;
800 write_unlock_bh(&tbl->lock);
801 out:
802 return n;
803 }
804 EXPORT_SYMBOL(pneigh_lookup);
805
806
pneigh_delete(struct neigh_table * tbl,struct net * net,const void * pkey,struct net_device * dev)807 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
808 struct net_device *dev)
809 {
810 struct pneigh_entry *n, **np;
811 unsigned int key_len = tbl->key_len;
812 u32 hash_val = pneigh_hash(pkey, key_len);
813
814 write_lock_bh(&tbl->lock);
815 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
816 np = &n->next) {
817 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
818 net_eq(pneigh_net(n), net)) {
819 *np = n->next;
820 write_unlock_bh(&tbl->lock);
821 if (tbl->pdestructor)
822 tbl->pdestructor(n);
823 dev_put_track(n->dev, &n->dev_tracker);
824 kfree(n);
825 return 0;
826 }
827 }
828 write_unlock_bh(&tbl->lock);
829 return -ENOENT;
830 }
831
pneigh_ifdown_and_unlock(struct neigh_table * tbl,struct net_device * dev)832 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
833 struct net_device *dev)
834 {
835 struct pneigh_entry *n, **np, *freelist = NULL;
836 u32 h;
837
838 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
839 np = &tbl->phash_buckets[h];
840 while ((n = *np) != NULL) {
841 if (!dev || n->dev == dev) {
842 *np = n->next;
843 n->next = freelist;
844 freelist = n;
845 continue;
846 }
847 np = &n->next;
848 }
849 }
850 write_unlock_bh(&tbl->lock);
851 while ((n = freelist)) {
852 freelist = n->next;
853 n->next = NULL;
854 if (tbl->pdestructor)
855 tbl->pdestructor(n);
856 dev_put_track(n->dev, &n->dev_tracker);
857 kfree(n);
858 }
859 return -ENOENT;
860 }
861
862 static void neigh_parms_destroy(struct neigh_parms *parms);
863
neigh_parms_put(struct neigh_parms * parms)864 static inline void neigh_parms_put(struct neigh_parms *parms)
865 {
866 if (refcount_dec_and_test(&parms->refcnt))
867 neigh_parms_destroy(parms);
868 }
869
870 /*
871 * neighbour must already be out of the table;
872 *
873 */
neigh_destroy(struct neighbour * neigh)874 void neigh_destroy(struct neighbour *neigh)
875 {
876 struct net_device *dev = neigh->dev;
877
878 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
879
880 if (!neigh->dead) {
881 pr_warn("Destroying alive neighbour %p\n", neigh);
882 dump_stack();
883 return;
884 }
885
886 if (neigh_del_timer(neigh))
887 pr_warn("Impossible event\n");
888
889 write_lock_bh(&neigh->lock);
890 __skb_queue_purge(&neigh->arp_queue);
891 write_unlock_bh(&neigh->lock);
892 neigh->arp_queue_len_bytes = 0;
893
894 if (dev->netdev_ops->ndo_neigh_destroy)
895 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
896
897 dev_put_track(dev, &neigh->dev_tracker);
898 neigh_parms_put(neigh->parms);
899
900 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
901
902 atomic_dec(&neigh->tbl->entries);
903 kfree_rcu(neigh, rcu);
904 }
905 EXPORT_SYMBOL(neigh_destroy);
906
907 /* Neighbour state is suspicious;
908 disable fast path.
909
910 Called with write_locked neigh.
911 */
neigh_suspect(struct neighbour * neigh)912 static void neigh_suspect(struct neighbour *neigh)
913 {
914 neigh_dbg(2, "neigh %p is suspected\n", neigh);
915
916 neigh->output = neigh->ops->output;
917 }
918
919 /* Neighbour state is OK;
920 enable fast path.
921
922 Called with write_locked neigh.
923 */
neigh_connect(struct neighbour * neigh)924 static void neigh_connect(struct neighbour *neigh)
925 {
926 neigh_dbg(2, "neigh %p is connected\n", neigh);
927
928 neigh->output = neigh->ops->connected_output;
929 }
930
neigh_periodic_work(struct work_struct * work)931 static void neigh_periodic_work(struct work_struct *work)
932 {
933 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
934 struct neighbour *n;
935 struct neighbour __rcu **np;
936 unsigned int i;
937 struct neigh_hash_table *nht;
938
939 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
940
941 write_lock_bh(&tbl->lock);
942 nht = rcu_dereference_protected(tbl->nht,
943 lockdep_is_held(&tbl->lock));
944
945 /*
946 * periodically recompute ReachableTime from random function
947 */
948
949 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
950 struct neigh_parms *p;
951 tbl->last_rand = jiffies;
952 list_for_each_entry(p, &tbl->parms_list, list)
953 p->reachable_time =
954 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
955 }
956
957 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
958 goto out;
959
960 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
961 np = &nht->hash_buckets[i];
962
963 while ((n = rcu_dereference_protected(*np,
964 lockdep_is_held(&tbl->lock))) != NULL) {
965 unsigned int state;
966
967 write_lock(&n->lock);
968
969 state = n->nud_state;
970 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
971 (n->flags & NTF_EXT_LEARNED)) {
972 write_unlock(&n->lock);
973 goto next_elt;
974 }
975
976 if (time_before(n->used, n->confirmed))
977 n->used = n->confirmed;
978
979 if (refcount_read(&n->refcnt) == 1 &&
980 (state == NUD_FAILED ||
981 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
982 *np = n->next;
983 neigh_mark_dead(n);
984 write_unlock(&n->lock);
985 neigh_cleanup_and_release(n);
986 continue;
987 }
988 write_unlock(&n->lock);
989
990 next_elt:
991 np = &n->next;
992 }
993 /*
994 * It's fine to release lock here, even if hash table
995 * grows while we are preempted.
996 */
997 write_unlock_bh(&tbl->lock);
998 cond_resched();
999 write_lock_bh(&tbl->lock);
1000 nht = rcu_dereference_protected(tbl->nht,
1001 lockdep_is_held(&tbl->lock));
1002 }
1003 out:
1004 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1005 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1006 * BASE_REACHABLE_TIME.
1007 */
1008 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1009 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1010 write_unlock_bh(&tbl->lock);
1011 }
1012
neigh_max_probes(struct neighbour * n)1013 static __inline__ int neigh_max_probes(struct neighbour *n)
1014 {
1015 struct neigh_parms *p = n->parms;
1016 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1017 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1018 NEIGH_VAR(p, MCAST_PROBES));
1019 }
1020
neigh_invalidate(struct neighbour * neigh)1021 static void neigh_invalidate(struct neighbour *neigh)
1022 __releases(neigh->lock)
1023 __acquires(neigh->lock)
1024 {
1025 struct sk_buff *skb;
1026
1027 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1028 neigh_dbg(2, "neigh %p is failed\n", neigh);
1029 neigh->updated = jiffies;
1030
1031 /* It is very thin place. report_unreachable is very complicated
1032 routine. Particularly, it can hit the same neighbour entry!
1033
1034 So that, we try to be accurate and avoid dead loop. --ANK
1035 */
1036 while (neigh->nud_state == NUD_FAILED &&
1037 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1038 write_unlock(&neigh->lock);
1039 neigh->ops->error_report(neigh, skb);
1040 write_lock(&neigh->lock);
1041 }
1042 __skb_queue_purge(&neigh->arp_queue);
1043 neigh->arp_queue_len_bytes = 0;
1044 }
1045
neigh_probe(struct neighbour * neigh)1046 static void neigh_probe(struct neighbour *neigh)
1047 __releases(neigh->lock)
1048 {
1049 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1050 /* keep skb alive even if arp_queue overflows */
1051 if (skb)
1052 skb = skb_clone(skb, GFP_ATOMIC);
1053 write_unlock(&neigh->lock);
1054 if (neigh->ops->solicit)
1055 neigh->ops->solicit(neigh, skb);
1056 atomic_inc(&neigh->probes);
1057 consume_skb(skb);
1058 }
1059
1060 /* Called when a timer expires for a neighbour entry. */
1061
neigh_timer_handler(struct timer_list * t)1062 static void neigh_timer_handler(struct timer_list *t)
1063 {
1064 unsigned long now, next;
1065 struct neighbour *neigh = from_timer(neigh, t, timer);
1066 unsigned int state;
1067 int notify = 0;
1068
1069 write_lock(&neigh->lock);
1070
1071 state = neigh->nud_state;
1072 now = jiffies;
1073 next = now + HZ;
1074
1075 if (!(state & NUD_IN_TIMER))
1076 goto out;
1077
1078 if (state & NUD_REACHABLE) {
1079 if (time_before_eq(now,
1080 neigh->confirmed + neigh->parms->reachable_time)) {
1081 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1082 next = neigh->confirmed + neigh->parms->reachable_time;
1083 } else if (time_before_eq(now,
1084 neigh->used +
1085 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1086 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1087 neigh->nud_state = NUD_DELAY;
1088 neigh->updated = jiffies;
1089 neigh_suspect(neigh);
1090 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1091 } else {
1092 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1093 neigh->nud_state = NUD_STALE;
1094 neigh->updated = jiffies;
1095 neigh_suspect(neigh);
1096 notify = 1;
1097 }
1098 } else if (state & NUD_DELAY) {
1099 if (time_before_eq(now,
1100 neigh->confirmed +
1101 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1102 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1103 neigh->nud_state = NUD_REACHABLE;
1104 neigh->updated = jiffies;
1105 neigh_connect(neigh);
1106 notify = 1;
1107 next = neigh->confirmed + neigh->parms->reachable_time;
1108 } else {
1109 neigh_dbg(2, "neigh %p is probed\n", neigh);
1110 neigh->nud_state = NUD_PROBE;
1111 neigh->updated = jiffies;
1112 atomic_set(&neigh->probes, 0);
1113 notify = 1;
1114 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1115 HZ/100);
1116 }
1117 } else {
1118 /* NUD_PROBE|NUD_INCOMPLETE */
1119 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1120 }
1121
1122 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1123 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1124 neigh->nud_state = NUD_FAILED;
1125 notify = 1;
1126 neigh_invalidate(neigh);
1127 goto out;
1128 }
1129
1130 if (neigh->nud_state & NUD_IN_TIMER) {
1131 if (time_before(next, jiffies + HZ/100))
1132 next = jiffies + HZ/100;
1133 if (!mod_timer(&neigh->timer, next))
1134 neigh_hold(neigh);
1135 }
1136 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1137 neigh_probe(neigh);
1138 } else {
1139 out:
1140 write_unlock(&neigh->lock);
1141 }
1142
1143 if (notify)
1144 neigh_update_notify(neigh, 0);
1145
1146 trace_neigh_timer_handler(neigh, 0);
1147
1148 neigh_release(neigh);
1149 }
1150
__neigh_event_send(struct neighbour * neigh,struct sk_buff * skb,const bool immediate_ok)1151 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1152 const bool immediate_ok)
1153 {
1154 int rc;
1155 bool immediate_probe = false;
1156
1157 write_lock_bh(&neigh->lock);
1158
1159 rc = 0;
1160 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1161 goto out_unlock_bh;
1162 if (neigh->dead)
1163 goto out_dead;
1164
1165 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1166 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1167 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1168 unsigned long next, now = jiffies;
1169
1170 atomic_set(&neigh->probes,
1171 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1172 neigh_del_timer(neigh);
1173 neigh->nud_state = NUD_INCOMPLETE;
1174 neigh->updated = now;
1175 if (!immediate_ok) {
1176 next = now + 1;
1177 } else {
1178 immediate_probe = true;
1179 next = now + max(NEIGH_VAR(neigh->parms,
1180 RETRANS_TIME),
1181 HZ / 100);
1182 }
1183 neigh_add_timer(neigh, next);
1184 } else {
1185 neigh->nud_state = NUD_FAILED;
1186 neigh->updated = jiffies;
1187 write_unlock_bh(&neigh->lock);
1188
1189 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
1190 return 1;
1191 }
1192 } else if (neigh->nud_state & NUD_STALE) {
1193 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1194 neigh_del_timer(neigh);
1195 neigh->nud_state = NUD_DELAY;
1196 neigh->updated = jiffies;
1197 neigh_add_timer(neigh, jiffies +
1198 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1199 }
1200
1201 if (neigh->nud_state == NUD_INCOMPLETE) {
1202 if (skb) {
1203 while (neigh->arp_queue_len_bytes + skb->truesize >
1204 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1205 struct sk_buff *buff;
1206
1207 buff = __skb_dequeue(&neigh->arp_queue);
1208 if (!buff)
1209 break;
1210 neigh->arp_queue_len_bytes -= buff->truesize;
1211 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL);
1212 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1213 }
1214 skb_dst_force(skb);
1215 __skb_queue_tail(&neigh->arp_queue, skb);
1216 neigh->arp_queue_len_bytes += skb->truesize;
1217 }
1218 rc = 1;
1219 }
1220 out_unlock_bh:
1221 if (immediate_probe)
1222 neigh_probe(neigh);
1223 else
1224 write_unlock(&neigh->lock);
1225 local_bh_enable();
1226 trace_neigh_event_send_done(neigh, rc);
1227 return rc;
1228
1229 out_dead:
1230 if (neigh->nud_state & NUD_STALE)
1231 goto out_unlock_bh;
1232 write_unlock_bh(&neigh->lock);
1233 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD);
1234 trace_neigh_event_send_dead(neigh, 1);
1235 return 1;
1236 }
1237 EXPORT_SYMBOL(__neigh_event_send);
1238
neigh_update_hhs(struct neighbour * neigh)1239 static void neigh_update_hhs(struct neighbour *neigh)
1240 {
1241 struct hh_cache *hh;
1242 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1243 = NULL;
1244
1245 if (neigh->dev->header_ops)
1246 update = neigh->dev->header_ops->cache_update;
1247
1248 if (update) {
1249 hh = &neigh->hh;
1250 if (READ_ONCE(hh->hh_len)) {
1251 write_seqlock_bh(&hh->hh_lock);
1252 update(hh, neigh->dev, neigh->ha);
1253 write_sequnlock_bh(&hh->hh_lock);
1254 }
1255 }
1256 }
1257
1258 /* Generic update routine.
1259 -- lladdr is new lladdr or NULL, if it is not supplied.
1260 -- new is new state.
1261 -- flags
1262 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1263 if it is different.
1264 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1265 lladdr instead of overriding it
1266 if it is different.
1267 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1268 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1269 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed.
1270 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1271 NTF_ROUTER flag.
1272 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1273 a router.
1274
1275 Caller MUST hold reference count on the entry.
1276 */
__neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid,struct netlink_ext_ack * extack)1277 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1278 u8 new, u32 flags, u32 nlmsg_pid,
1279 struct netlink_ext_ack *extack)
1280 {
1281 bool gc_update = false, managed_update = false;
1282 int update_isrouter = 0;
1283 struct net_device *dev;
1284 int err, notify = 0;
1285 u8 old;
1286
1287 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1288
1289 write_lock_bh(&neigh->lock);
1290
1291 dev = neigh->dev;
1292 old = neigh->nud_state;
1293 err = -EPERM;
1294
1295 if (neigh->dead) {
1296 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1297 new = old;
1298 goto out;
1299 }
1300 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1301 (old & (NUD_NOARP | NUD_PERMANENT)))
1302 goto out;
1303
1304 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update);
1305 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1306 new = old & ~NUD_PERMANENT;
1307 neigh->nud_state = new;
1308 err = 0;
1309 goto out;
1310 }
1311
1312 if (!(new & NUD_VALID)) {
1313 neigh_del_timer(neigh);
1314 if (old & NUD_CONNECTED)
1315 neigh_suspect(neigh);
1316 neigh->nud_state = new;
1317 err = 0;
1318 notify = old & NUD_VALID;
1319 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1320 (new & NUD_FAILED)) {
1321 neigh_invalidate(neigh);
1322 notify = 1;
1323 }
1324 goto out;
1325 }
1326
1327 /* Compare new lladdr with cached one */
1328 if (!dev->addr_len) {
1329 /* First case: device needs no address. */
1330 lladdr = neigh->ha;
1331 } else if (lladdr) {
1332 /* The second case: if something is already cached
1333 and a new address is proposed:
1334 - compare new & old
1335 - if they are different, check override flag
1336 */
1337 if ((old & NUD_VALID) &&
1338 !memcmp(lladdr, neigh->ha, dev->addr_len))
1339 lladdr = neigh->ha;
1340 } else {
1341 /* No address is supplied; if we know something,
1342 use it, otherwise discard the request.
1343 */
1344 err = -EINVAL;
1345 if (!(old & NUD_VALID)) {
1346 NL_SET_ERR_MSG(extack, "No link layer address given");
1347 goto out;
1348 }
1349 lladdr = neigh->ha;
1350 }
1351
1352 /* Update confirmed timestamp for neighbour entry after we
1353 * received ARP packet even if it doesn't change IP to MAC binding.
1354 */
1355 if (new & NUD_CONNECTED)
1356 neigh->confirmed = jiffies;
1357
1358 /* If entry was valid and address is not changed,
1359 do not change entry state, if new one is STALE.
1360 */
1361 err = 0;
1362 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1363 if (old & NUD_VALID) {
1364 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1365 update_isrouter = 0;
1366 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1367 (old & NUD_CONNECTED)) {
1368 lladdr = neigh->ha;
1369 new = NUD_STALE;
1370 } else
1371 goto out;
1372 } else {
1373 if (lladdr == neigh->ha && new == NUD_STALE &&
1374 !(flags & NEIGH_UPDATE_F_ADMIN))
1375 new = old;
1376 }
1377 }
1378
1379 /* Update timestamp only once we know we will make a change to the
1380 * neighbour entry. Otherwise we risk to move the locktime window with
1381 * noop updates and ignore relevant ARP updates.
1382 */
1383 if (new != old || lladdr != neigh->ha)
1384 neigh->updated = jiffies;
1385
1386 if (new != old) {
1387 neigh_del_timer(neigh);
1388 if (new & NUD_PROBE)
1389 atomic_set(&neigh->probes, 0);
1390 if (new & NUD_IN_TIMER)
1391 neigh_add_timer(neigh, (jiffies +
1392 ((new & NUD_REACHABLE) ?
1393 neigh->parms->reachable_time :
1394 0)));
1395 neigh->nud_state = new;
1396 notify = 1;
1397 }
1398
1399 if (lladdr != neigh->ha) {
1400 write_seqlock(&neigh->ha_lock);
1401 memcpy(&neigh->ha, lladdr, dev->addr_len);
1402 write_sequnlock(&neigh->ha_lock);
1403 neigh_update_hhs(neigh);
1404 if (!(new & NUD_CONNECTED))
1405 neigh->confirmed = jiffies -
1406 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1407 notify = 1;
1408 }
1409 if (new == old)
1410 goto out;
1411 if (new & NUD_CONNECTED)
1412 neigh_connect(neigh);
1413 else
1414 neigh_suspect(neigh);
1415 if (!(old & NUD_VALID)) {
1416 struct sk_buff *skb;
1417
1418 /* Again: avoid dead loop if something went wrong */
1419
1420 while (neigh->nud_state & NUD_VALID &&
1421 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1422 struct dst_entry *dst = skb_dst(skb);
1423 struct neighbour *n2, *n1 = neigh;
1424 write_unlock_bh(&neigh->lock);
1425
1426 rcu_read_lock();
1427
1428 /* Why not just use 'neigh' as-is? The problem is that
1429 * things such as shaper, eql, and sch_teql can end up
1430 * using alternative, different, neigh objects to output
1431 * the packet in the output path. So what we need to do
1432 * here is re-lookup the top-level neigh in the path so
1433 * we can reinject the packet there.
1434 */
1435 n2 = NULL;
1436 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1437 n2 = dst_neigh_lookup_skb(dst, skb);
1438 if (n2)
1439 n1 = n2;
1440 }
1441 n1->output(n1, skb);
1442 if (n2)
1443 neigh_release(n2);
1444 rcu_read_unlock();
1445
1446 write_lock_bh(&neigh->lock);
1447 }
1448 __skb_queue_purge(&neigh->arp_queue);
1449 neigh->arp_queue_len_bytes = 0;
1450 }
1451 out:
1452 if (update_isrouter)
1453 neigh_update_is_router(neigh, flags, ¬ify);
1454 write_unlock_bh(&neigh->lock);
1455 if (((new ^ old) & NUD_PERMANENT) || gc_update)
1456 neigh_update_gc_list(neigh);
1457 if (managed_update)
1458 neigh_update_managed_list(neigh);
1459 if (notify)
1460 neigh_update_notify(neigh, nlmsg_pid);
1461 trace_neigh_update_done(neigh, err);
1462 return err;
1463 }
1464
neigh_update(struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u32 nlmsg_pid)1465 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1466 u32 flags, u32 nlmsg_pid)
1467 {
1468 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1469 }
1470 EXPORT_SYMBOL(neigh_update);
1471
1472 /* Update the neigh to listen temporarily for probe responses, even if it is
1473 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1474 */
__neigh_set_probe_once(struct neighbour * neigh)1475 void __neigh_set_probe_once(struct neighbour *neigh)
1476 {
1477 if (neigh->dead)
1478 return;
1479 neigh->updated = jiffies;
1480 if (!(neigh->nud_state & NUD_FAILED))
1481 return;
1482 neigh->nud_state = NUD_INCOMPLETE;
1483 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1484 neigh_add_timer(neigh,
1485 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1486 HZ/100));
1487 }
1488 EXPORT_SYMBOL(__neigh_set_probe_once);
1489
neigh_event_ns(struct neigh_table * tbl,u8 * lladdr,void * saddr,struct net_device * dev)1490 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1491 u8 *lladdr, void *saddr,
1492 struct net_device *dev)
1493 {
1494 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1495 lladdr || !dev->addr_len);
1496 if (neigh)
1497 neigh_update(neigh, lladdr, NUD_STALE,
1498 NEIGH_UPDATE_F_OVERRIDE, 0);
1499 return neigh;
1500 }
1501 EXPORT_SYMBOL(neigh_event_ns);
1502
1503 /* called with read_lock_bh(&n->lock); */
neigh_hh_init(struct neighbour * n)1504 static void neigh_hh_init(struct neighbour *n)
1505 {
1506 struct net_device *dev = n->dev;
1507 __be16 prot = n->tbl->protocol;
1508 struct hh_cache *hh = &n->hh;
1509
1510 write_lock_bh(&n->lock);
1511
1512 /* Only one thread can come in here and initialize the
1513 * hh_cache entry.
1514 */
1515 if (!hh->hh_len)
1516 dev->header_ops->cache(n, hh, prot);
1517
1518 write_unlock_bh(&n->lock);
1519 }
1520
1521 /* Slow and careful. */
1522
neigh_resolve_output(struct neighbour * neigh,struct sk_buff * skb)1523 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1524 {
1525 int rc = 0;
1526
1527 if (!neigh_event_send(neigh, skb)) {
1528 int err;
1529 struct net_device *dev = neigh->dev;
1530 unsigned int seq;
1531
1532 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1533 neigh_hh_init(neigh);
1534
1535 do {
1536 __skb_pull(skb, skb_network_offset(skb));
1537 seq = read_seqbegin(&neigh->ha_lock);
1538 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1539 neigh->ha, NULL, skb->len);
1540 } while (read_seqretry(&neigh->ha_lock, seq));
1541
1542 if (err >= 0)
1543 rc = dev_queue_xmit(skb);
1544 else
1545 goto out_kfree_skb;
1546 }
1547 out:
1548 return rc;
1549 out_kfree_skb:
1550 rc = -EINVAL;
1551 kfree_skb(skb);
1552 goto out;
1553 }
1554 EXPORT_SYMBOL(neigh_resolve_output);
1555
1556 /* As fast as possible without hh cache */
1557
neigh_connected_output(struct neighbour * neigh,struct sk_buff * skb)1558 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1559 {
1560 struct net_device *dev = neigh->dev;
1561 unsigned int seq;
1562 int err;
1563
1564 do {
1565 __skb_pull(skb, skb_network_offset(skb));
1566 seq = read_seqbegin(&neigh->ha_lock);
1567 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1568 neigh->ha, NULL, skb->len);
1569 } while (read_seqretry(&neigh->ha_lock, seq));
1570
1571 if (err >= 0)
1572 err = dev_queue_xmit(skb);
1573 else {
1574 err = -EINVAL;
1575 kfree_skb(skb);
1576 }
1577 return err;
1578 }
1579 EXPORT_SYMBOL(neigh_connected_output);
1580
neigh_direct_output(struct neighbour * neigh,struct sk_buff * skb)1581 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1582 {
1583 return dev_queue_xmit(skb);
1584 }
1585 EXPORT_SYMBOL(neigh_direct_output);
1586
neigh_managed_work(struct work_struct * work)1587 static void neigh_managed_work(struct work_struct *work)
1588 {
1589 struct neigh_table *tbl = container_of(work, struct neigh_table,
1590 managed_work.work);
1591 struct neighbour *neigh;
1592
1593 write_lock_bh(&tbl->lock);
1594 list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1595 neigh_event_send_probe(neigh, NULL, false);
1596 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1597 max(NEIGH_VAR(&tbl->parms, DELAY_PROBE_TIME), HZ));
1598 write_unlock_bh(&tbl->lock);
1599 }
1600
neigh_proxy_process(struct timer_list * t)1601 static void neigh_proxy_process(struct timer_list *t)
1602 {
1603 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1604 long sched_next = 0;
1605 unsigned long now = jiffies;
1606 struct sk_buff *skb, *n;
1607
1608 spin_lock(&tbl->proxy_queue.lock);
1609
1610 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1611 long tdif = NEIGH_CB(skb)->sched_next - now;
1612
1613 if (tdif <= 0) {
1614 struct net_device *dev = skb->dev;
1615
1616 __skb_unlink(skb, &tbl->proxy_queue);
1617 if (tbl->proxy_redo && netif_running(dev)) {
1618 rcu_read_lock();
1619 tbl->proxy_redo(skb);
1620 rcu_read_unlock();
1621 } else {
1622 kfree_skb(skb);
1623 }
1624
1625 dev_put(dev);
1626 } else if (!sched_next || tdif < sched_next)
1627 sched_next = tdif;
1628 }
1629 del_timer(&tbl->proxy_timer);
1630 if (sched_next)
1631 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1632 spin_unlock(&tbl->proxy_queue.lock);
1633 }
1634
pneigh_enqueue(struct neigh_table * tbl,struct neigh_parms * p,struct sk_buff * skb)1635 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1636 struct sk_buff *skb)
1637 {
1638 unsigned long sched_next = jiffies +
1639 prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1640
1641 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1642 kfree_skb(skb);
1643 return;
1644 }
1645
1646 NEIGH_CB(skb)->sched_next = sched_next;
1647 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1648
1649 spin_lock(&tbl->proxy_queue.lock);
1650 if (del_timer(&tbl->proxy_timer)) {
1651 if (time_before(tbl->proxy_timer.expires, sched_next))
1652 sched_next = tbl->proxy_timer.expires;
1653 }
1654 skb_dst_drop(skb);
1655 dev_hold(skb->dev);
1656 __skb_queue_tail(&tbl->proxy_queue, skb);
1657 mod_timer(&tbl->proxy_timer, sched_next);
1658 spin_unlock(&tbl->proxy_queue.lock);
1659 }
1660 EXPORT_SYMBOL(pneigh_enqueue);
1661
lookup_neigh_parms(struct neigh_table * tbl,struct net * net,int ifindex)1662 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1663 struct net *net, int ifindex)
1664 {
1665 struct neigh_parms *p;
1666
1667 list_for_each_entry(p, &tbl->parms_list, list) {
1668 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1669 (!p->dev && !ifindex && net_eq(net, &init_net)))
1670 return p;
1671 }
1672
1673 return NULL;
1674 }
1675
neigh_parms_alloc(struct net_device * dev,struct neigh_table * tbl)1676 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1677 struct neigh_table *tbl)
1678 {
1679 struct neigh_parms *p;
1680 struct net *net = dev_net(dev);
1681 const struct net_device_ops *ops = dev->netdev_ops;
1682
1683 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1684 if (p) {
1685 p->tbl = tbl;
1686 refcount_set(&p->refcnt, 1);
1687 p->reachable_time =
1688 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1689 dev_hold_track(dev, &p->dev_tracker, GFP_KERNEL);
1690 p->dev = dev;
1691 write_pnet(&p->net, net);
1692 p->sysctl_table = NULL;
1693
1694 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1695 dev_put_track(dev, &p->dev_tracker);
1696 kfree(p);
1697 return NULL;
1698 }
1699
1700 write_lock_bh(&tbl->lock);
1701 list_add(&p->list, &tbl->parms.list);
1702 write_unlock_bh(&tbl->lock);
1703
1704 neigh_parms_data_state_cleanall(p);
1705 }
1706 return p;
1707 }
1708 EXPORT_SYMBOL(neigh_parms_alloc);
1709
neigh_rcu_free_parms(struct rcu_head * head)1710 static void neigh_rcu_free_parms(struct rcu_head *head)
1711 {
1712 struct neigh_parms *parms =
1713 container_of(head, struct neigh_parms, rcu_head);
1714
1715 neigh_parms_put(parms);
1716 }
1717
neigh_parms_release(struct neigh_table * tbl,struct neigh_parms * parms)1718 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1719 {
1720 if (!parms || parms == &tbl->parms)
1721 return;
1722 write_lock_bh(&tbl->lock);
1723 list_del(&parms->list);
1724 parms->dead = 1;
1725 write_unlock_bh(&tbl->lock);
1726 dev_put_track(parms->dev, &parms->dev_tracker);
1727 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1728 }
1729 EXPORT_SYMBOL(neigh_parms_release);
1730
neigh_parms_destroy(struct neigh_parms * parms)1731 static void neigh_parms_destroy(struct neigh_parms *parms)
1732 {
1733 kfree(parms);
1734 }
1735
1736 static struct lock_class_key neigh_table_proxy_queue_class;
1737
1738 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1739
neigh_table_init(int index,struct neigh_table * tbl)1740 void neigh_table_init(int index, struct neigh_table *tbl)
1741 {
1742 unsigned long now = jiffies;
1743 unsigned long phsize;
1744
1745 INIT_LIST_HEAD(&tbl->parms_list);
1746 INIT_LIST_HEAD(&tbl->gc_list);
1747 INIT_LIST_HEAD(&tbl->managed_list);
1748
1749 list_add(&tbl->parms.list, &tbl->parms_list);
1750 write_pnet(&tbl->parms.net, &init_net);
1751 refcount_set(&tbl->parms.refcnt, 1);
1752 tbl->parms.reachable_time =
1753 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1754
1755 tbl->stats = alloc_percpu(struct neigh_statistics);
1756 if (!tbl->stats)
1757 panic("cannot create neighbour cache statistics");
1758
1759 #ifdef CONFIG_PROC_FS
1760 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1761 &neigh_stat_seq_ops, tbl))
1762 panic("cannot create neighbour proc dir entry");
1763 #endif
1764
1765 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1766
1767 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1768 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1769
1770 if (!tbl->nht || !tbl->phash_buckets)
1771 panic("cannot allocate neighbour cache hashes");
1772
1773 if (!tbl->entry_size)
1774 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1775 tbl->key_len, NEIGH_PRIV_ALIGN);
1776 else
1777 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1778
1779 rwlock_init(&tbl->lock);
1780
1781 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1782 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1783 tbl->parms.reachable_time);
1784 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1785 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1786
1787 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1788 skb_queue_head_init_class(&tbl->proxy_queue,
1789 &neigh_table_proxy_queue_class);
1790
1791 tbl->last_flush = now;
1792 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1793
1794 neigh_tables[index] = tbl;
1795 }
1796 EXPORT_SYMBOL(neigh_table_init);
1797
neigh_table_clear(int index,struct neigh_table * tbl)1798 int neigh_table_clear(int index, struct neigh_table *tbl)
1799 {
1800 neigh_tables[index] = NULL;
1801 /* It is not clean... Fix it to unload IPv6 module safely */
1802 cancel_delayed_work_sync(&tbl->managed_work);
1803 cancel_delayed_work_sync(&tbl->gc_work);
1804 del_timer_sync(&tbl->proxy_timer);
1805 pneigh_queue_purge(&tbl->proxy_queue, NULL);
1806 neigh_ifdown(tbl, NULL);
1807 if (atomic_read(&tbl->entries))
1808 pr_crit("neighbour leakage\n");
1809
1810 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1811 neigh_hash_free_rcu);
1812 tbl->nht = NULL;
1813
1814 kfree(tbl->phash_buckets);
1815 tbl->phash_buckets = NULL;
1816
1817 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1818
1819 free_percpu(tbl->stats);
1820 tbl->stats = NULL;
1821
1822 return 0;
1823 }
1824 EXPORT_SYMBOL(neigh_table_clear);
1825
neigh_find_table(int family)1826 static struct neigh_table *neigh_find_table(int family)
1827 {
1828 struct neigh_table *tbl = NULL;
1829
1830 switch (family) {
1831 case AF_INET:
1832 tbl = neigh_tables[NEIGH_ARP_TABLE];
1833 break;
1834 case AF_INET6:
1835 tbl = neigh_tables[NEIGH_ND_TABLE];
1836 break;
1837 case AF_DECnet:
1838 tbl = neigh_tables[NEIGH_DN_TABLE];
1839 break;
1840 }
1841
1842 return tbl;
1843 }
1844
1845 const struct nla_policy nda_policy[NDA_MAX+1] = {
1846 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1847 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1848 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1849 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1850 [NDA_PROBES] = { .type = NLA_U32 },
1851 [NDA_VLAN] = { .type = NLA_U16 },
1852 [NDA_PORT] = { .type = NLA_U16 },
1853 [NDA_VNI] = { .type = NLA_U32 },
1854 [NDA_IFINDEX] = { .type = NLA_U32 },
1855 [NDA_MASTER] = { .type = NLA_U32 },
1856 [NDA_PROTOCOL] = { .type = NLA_U8 },
1857 [NDA_NH_ID] = { .type = NLA_U32 },
1858 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1859 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1860 };
1861
neigh_delete(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1862 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1863 struct netlink_ext_ack *extack)
1864 {
1865 struct net *net = sock_net(skb->sk);
1866 struct ndmsg *ndm;
1867 struct nlattr *dst_attr;
1868 struct neigh_table *tbl;
1869 struct neighbour *neigh;
1870 struct net_device *dev = NULL;
1871 int err = -EINVAL;
1872
1873 ASSERT_RTNL();
1874 if (nlmsg_len(nlh) < sizeof(*ndm))
1875 goto out;
1876
1877 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1878 if (!dst_attr) {
1879 NL_SET_ERR_MSG(extack, "Network address not specified");
1880 goto out;
1881 }
1882
1883 ndm = nlmsg_data(nlh);
1884 if (ndm->ndm_ifindex) {
1885 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1886 if (dev == NULL) {
1887 err = -ENODEV;
1888 goto out;
1889 }
1890 }
1891
1892 tbl = neigh_find_table(ndm->ndm_family);
1893 if (tbl == NULL)
1894 return -EAFNOSUPPORT;
1895
1896 if (nla_len(dst_attr) < (int)tbl->key_len) {
1897 NL_SET_ERR_MSG(extack, "Invalid network address");
1898 goto out;
1899 }
1900
1901 if (ndm->ndm_flags & NTF_PROXY) {
1902 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1903 goto out;
1904 }
1905
1906 if (dev == NULL)
1907 goto out;
1908
1909 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1910 if (neigh == NULL) {
1911 err = -ENOENT;
1912 goto out;
1913 }
1914
1915 err = __neigh_update(neigh, NULL, NUD_FAILED,
1916 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1917 NETLINK_CB(skb).portid, extack);
1918 write_lock_bh(&tbl->lock);
1919 neigh_release(neigh);
1920 neigh_remove_one(neigh, tbl);
1921 write_unlock_bh(&tbl->lock);
1922
1923 out:
1924 return err;
1925 }
1926
neigh_add(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)1927 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1928 struct netlink_ext_ack *extack)
1929 {
1930 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1931 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1932 struct net *net = sock_net(skb->sk);
1933 struct ndmsg *ndm;
1934 struct nlattr *tb[NDA_MAX+1];
1935 struct neigh_table *tbl;
1936 struct net_device *dev = NULL;
1937 struct neighbour *neigh;
1938 void *dst, *lladdr;
1939 u8 protocol = 0;
1940 u32 ndm_flags;
1941 int err;
1942
1943 ASSERT_RTNL();
1944 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1945 nda_policy, extack);
1946 if (err < 0)
1947 goto out;
1948
1949 err = -EINVAL;
1950 if (!tb[NDA_DST]) {
1951 NL_SET_ERR_MSG(extack, "Network address not specified");
1952 goto out;
1953 }
1954
1955 ndm = nlmsg_data(nlh);
1956 ndm_flags = ndm->ndm_flags;
1957 if (tb[NDA_FLAGS_EXT]) {
1958 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
1959
1960 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1961 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1962 hweight32(NTF_EXT_MASK)));
1963 ndm_flags |= (ext << NTF_EXT_SHIFT);
1964 }
1965 if (ndm->ndm_ifindex) {
1966 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1967 if (dev == NULL) {
1968 err = -ENODEV;
1969 goto out;
1970 }
1971
1972 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1973 NL_SET_ERR_MSG(extack, "Invalid link address");
1974 goto out;
1975 }
1976 }
1977
1978 tbl = neigh_find_table(ndm->ndm_family);
1979 if (tbl == NULL)
1980 return -EAFNOSUPPORT;
1981
1982 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1983 NL_SET_ERR_MSG(extack, "Invalid network address");
1984 goto out;
1985 }
1986
1987 dst = nla_data(tb[NDA_DST]);
1988 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1989
1990 if (tb[NDA_PROTOCOL])
1991 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1992 if (ndm_flags & NTF_PROXY) {
1993 struct pneigh_entry *pn;
1994
1995 if (ndm_flags & NTF_MANAGED) {
1996 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
1997 goto out;
1998 }
1999
2000 err = -ENOBUFS;
2001 pn = pneigh_lookup(tbl, net, dst, dev, 1);
2002 if (pn) {
2003 pn->flags = ndm_flags;
2004 if (protocol)
2005 pn->protocol = protocol;
2006 err = 0;
2007 }
2008 goto out;
2009 }
2010
2011 if (!dev) {
2012 NL_SET_ERR_MSG(extack, "Device not specified");
2013 goto out;
2014 }
2015
2016 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2017 err = -EINVAL;
2018 goto out;
2019 }
2020
2021 neigh = neigh_lookup(tbl, dst, dev);
2022 if (neigh == NULL) {
2023 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT;
2024 bool exempt_from_gc = ndm_permanent ||
2025 ndm_flags & NTF_EXT_LEARNED;
2026
2027 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2028 err = -ENOENT;
2029 goto out;
2030 }
2031 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2032 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2033 err = -EINVAL;
2034 goto out;
2035 }
2036
2037 neigh = ___neigh_create(tbl, dst, dev,
2038 ndm_flags &
2039 (NTF_EXT_LEARNED | NTF_MANAGED),
2040 exempt_from_gc, true);
2041 if (IS_ERR(neigh)) {
2042 err = PTR_ERR(neigh);
2043 goto out;
2044 }
2045 } else {
2046 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2047 err = -EEXIST;
2048 neigh_release(neigh);
2049 goto out;
2050 }
2051
2052 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2053 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2054 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2055 }
2056
2057 if (protocol)
2058 neigh->protocol = protocol;
2059 if (ndm_flags & NTF_EXT_LEARNED)
2060 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2061 if (ndm_flags & NTF_ROUTER)
2062 flags |= NEIGH_UPDATE_F_ISROUTER;
2063 if (ndm_flags & NTF_MANAGED)
2064 flags |= NEIGH_UPDATE_F_MANAGED;
2065 if (ndm_flags & NTF_USE)
2066 flags |= NEIGH_UPDATE_F_USE;
2067
2068 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2069 NETLINK_CB(skb).portid, extack);
2070 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2071 neigh_event_send(neigh, NULL);
2072 err = 0;
2073 }
2074 neigh_release(neigh);
2075 out:
2076 return err;
2077 }
2078
neightbl_fill_parms(struct sk_buff * skb,struct neigh_parms * parms)2079 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2080 {
2081 struct nlattr *nest;
2082
2083 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2084 if (nest == NULL)
2085 return -ENOBUFS;
2086
2087 if ((parms->dev &&
2088 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2089 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2090 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2091 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2092 /* approximative value for deprecated QUEUE_LEN (in packets) */
2093 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2094 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2095 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2096 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2097 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2098 NEIGH_VAR(parms, UCAST_PROBES)) ||
2099 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2100 NEIGH_VAR(parms, MCAST_PROBES)) ||
2101 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2102 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2103 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2104 NDTPA_PAD) ||
2105 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2106 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2107 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2108 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2109 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2110 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2111 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2112 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2113 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2114 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2115 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2116 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2117 nla_put_msecs(skb, NDTPA_LOCKTIME,
2118 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2119 goto nla_put_failure;
2120 return nla_nest_end(skb, nest);
2121
2122 nla_put_failure:
2123 nla_nest_cancel(skb, nest);
2124 return -EMSGSIZE;
2125 }
2126
neightbl_fill_info(struct sk_buff * skb,struct neigh_table * tbl,u32 pid,u32 seq,int type,int flags)2127 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2128 u32 pid, u32 seq, int type, int flags)
2129 {
2130 struct nlmsghdr *nlh;
2131 struct ndtmsg *ndtmsg;
2132
2133 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2134 if (nlh == NULL)
2135 return -EMSGSIZE;
2136
2137 ndtmsg = nlmsg_data(nlh);
2138
2139 read_lock_bh(&tbl->lock);
2140 ndtmsg->ndtm_family = tbl->family;
2141 ndtmsg->ndtm_pad1 = 0;
2142 ndtmsg->ndtm_pad2 = 0;
2143
2144 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2145 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2146 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2147 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2148 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2149 goto nla_put_failure;
2150 {
2151 unsigned long now = jiffies;
2152 long flush_delta = now - tbl->last_flush;
2153 long rand_delta = now - tbl->last_rand;
2154 struct neigh_hash_table *nht;
2155 struct ndt_config ndc = {
2156 .ndtc_key_len = tbl->key_len,
2157 .ndtc_entry_size = tbl->entry_size,
2158 .ndtc_entries = atomic_read(&tbl->entries),
2159 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2160 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2161 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2162 };
2163
2164 rcu_read_lock_bh();
2165 nht = rcu_dereference_bh(tbl->nht);
2166 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2167 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2168 rcu_read_unlock_bh();
2169
2170 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2171 goto nla_put_failure;
2172 }
2173
2174 {
2175 int cpu;
2176 struct ndt_stats ndst;
2177
2178 memset(&ndst, 0, sizeof(ndst));
2179
2180 for_each_possible_cpu(cpu) {
2181 struct neigh_statistics *st;
2182
2183 st = per_cpu_ptr(tbl->stats, cpu);
2184 ndst.ndts_allocs += st->allocs;
2185 ndst.ndts_destroys += st->destroys;
2186 ndst.ndts_hash_grows += st->hash_grows;
2187 ndst.ndts_res_failed += st->res_failed;
2188 ndst.ndts_lookups += st->lookups;
2189 ndst.ndts_hits += st->hits;
2190 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2191 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2192 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2193 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2194 ndst.ndts_table_fulls += st->table_fulls;
2195 }
2196
2197 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2198 NDTA_PAD))
2199 goto nla_put_failure;
2200 }
2201
2202 BUG_ON(tbl->parms.dev);
2203 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2204 goto nla_put_failure;
2205
2206 read_unlock_bh(&tbl->lock);
2207 nlmsg_end(skb, nlh);
2208 return 0;
2209
2210 nla_put_failure:
2211 read_unlock_bh(&tbl->lock);
2212 nlmsg_cancel(skb, nlh);
2213 return -EMSGSIZE;
2214 }
2215
neightbl_fill_param_info(struct sk_buff * skb,struct neigh_table * tbl,struct neigh_parms * parms,u32 pid,u32 seq,int type,unsigned int flags)2216 static int neightbl_fill_param_info(struct sk_buff *skb,
2217 struct neigh_table *tbl,
2218 struct neigh_parms *parms,
2219 u32 pid, u32 seq, int type,
2220 unsigned int flags)
2221 {
2222 struct ndtmsg *ndtmsg;
2223 struct nlmsghdr *nlh;
2224
2225 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2226 if (nlh == NULL)
2227 return -EMSGSIZE;
2228
2229 ndtmsg = nlmsg_data(nlh);
2230
2231 read_lock_bh(&tbl->lock);
2232 ndtmsg->ndtm_family = tbl->family;
2233 ndtmsg->ndtm_pad1 = 0;
2234 ndtmsg->ndtm_pad2 = 0;
2235
2236 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2237 neightbl_fill_parms(skb, parms) < 0)
2238 goto errout;
2239
2240 read_unlock_bh(&tbl->lock);
2241 nlmsg_end(skb, nlh);
2242 return 0;
2243 errout:
2244 read_unlock_bh(&tbl->lock);
2245 nlmsg_cancel(skb, nlh);
2246 return -EMSGSIZE;
2247 }
2248
2249 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2250 [NDTA_NAME] = { .type = NLA_STRING },
2251 [NDTA_THRESH1] = { .type = NLA_U32 },
2252 [NDTA_THRESH2] = { .type = NLA_U32 },
2253 [NDTA_THRESH3] = { .type = NLA_U32 },
2254 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2255 [NDTA_PARMS] = { .type = NLA_NESTED },
2256 };
2257
2258 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2259 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2260 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2261 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2262 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2263 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2264 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2265 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2266 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2267 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2268 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2269 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2270 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2271 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2272 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2273 };
2274
neightbl_set(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2275 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2276 struct netlink_ext_ack *extack)
2277 {
2278 struct net *net = sock_net(skb->sk);
2279 struct neigh_table *tbl;
2280 struct ndtmsg *ndtmsg;
2281 struct nlattr *tb[NDTA_MAX+1];
2282 bool found = false;
2283 int err, tidx;
2284
2285 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2286 nl_neightbl_policy, extack);
2287 if (err < 0)
2288 goto errout;
2289
2290 if (tb[NDTA_NAME] == NULL) {
2291 err = -EINVAL;
2292 goto errout;
2293 }
2294
2295 ndtmsg = nlmsg_data(nlh);
2296
2297 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2298 tbl = neigh_tables[tidx];
2299 if (!tbl)
2300 continue;
2301 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2302 continue;
2303 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2304 found = true;
2305 break;
2306 }
2307 }
2308
2309 if (!found)
2310 return -ENOENT;
2311
2312 /*
2313 * We acquire tbl->lock to be nice to the periodic timers and
2314 * make sure they always see a consistent set of values.
2315 */
2316 write_lock_bh(&tbl->lock);
2317
2318 if (tb[NDTA_PARMS]) {
2319 struct nlattr *tbp[NDTPA_MAX+1];
2320 struct neigh_parms *p;
2321 int i, ifindex = 0;
2322
2323 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2324 tb[NDTA_PARMS],
2325 nl_ntbl_parm_policy, extack);
2326 if (err < 0)
2327 goto errout_tbl_lock;
2328
2329 if (tbp[NDTPA_IFINDEX])
2330 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2331
2332 p = lookup_neigh_parms(tbl, net, ifindex);
2333 if (p == NULL) {
2334 err = -ENOENT;
2335 goto errout_tbl_lock;
2336 }
2337
2338 for (i = 1; i <= NDTPA_MAX; i++) {
2339 if (tbp[i] == NULL)
2340 continue;
2341
2342 switch (i) {
2343 case NDTPA_QUEUE_LEN:
2344 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2345 nla_get_u32(tbp[i]) *
2346 SKB_TRUESIZE(ETH_FRAME_LEN));
2347 break;
2348 case NDTPA_QUEUE_LENBYTES:
2349 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2350 nla_get_u32(tbp[i]));
2351 break;
2352 case NDTPA_PROXY_QLEN:
2353 NEIGH_VAR_SET(p, PROXY_QLEN,
2354 nla_get_u32(tbp[i]));
2355 break;
2356 case NDTPA_APP_PROBES:
2357 NEIGH_VAR_SET(p, APP_PROBES,
2358 nla_get_u32(tbp[i]));
2359 break;
2360 case NDTPA_UCAST_PROBES:
2361 NEIGH_VAR_SET(p, UCAST_PROBES,
2362 nla_get_u32(tbp[i]));
2363 break;
2364 case NDTPA_MCAST_PROBES:
2365 NEIGH_VAR_SET(p, MCAST_PROBES,
2366 nla_get_u32(tbp[i]));
2367 break;
2368 case NDTPA_MCAST_REPROBES:
2369 NEIGH_VAR_SET(p, MCAST_REPROBES,
2370 nla_get_u32(tbp[i]));
2371 break;
2372 case NDTPA_BASE_REACHABLE_TIME:
2373 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2374 nla_get_msecs(tbp[i]));
2375 /* update reachable_time as well, otherwise, the change will
2376 * only be effective after the next time neigh_periodic_work
2377 * decides to recompute it (can be multiple minutes)
2378 */
2379 p->reachable_time =
2380 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2381 break;
2382 case NDTPA_GC_STALETIME:
2383 NEIGH_VAR_SET(p, GC_STALETIME,
2384 nla_get_msecs(tbp[i]));
2385 break;
2386 case NDTPA_DELAY_PROBE_TIME:
2387 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2388 nla_get_msecs(tbp[i]));
2389 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2390 break;
2391 case NDTPA_RETRANS_TIME:
2392 NEIGH_VAR_SET(p, RETRANS_TIME,
2393 nla_get_msecs(tbp[i]));
2394 break;
2395 case NDTPA_ANYCAST_DELAY:
2396 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2397 nla_get_msecs(tbp[i]));
2398 break;
2399 case NDTPA_PROXY_DELAY:
2400 NEIGH_VAR_SET(p, PROXY_DELAY,
2401 nla_get_msecs(tbp[i]));
2402 break;
2403 case NDTPA_LOCKTIME:
2404 NEIGH_VAR_SET(p, LOCKTIME,
2405 nla_get_msecs(tbp[i]));
2406 break;
2407 }
2408 }
2409 }
2410
2411 err = -ENOENT;
2412 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2413 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2414 !net_eq(net, &init_net))
2415 goto errout_tbl_lock;
2416
2417 if (tb[NDTA_THRESH1])
2418 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2419
2420 if (tb[NDTA_THRESH2])
2421 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2422
2423 if (tb[NDTA_THRESH3])
2424 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2425
2426 if (tb[NDTA_GC_INTERVAL])
2427 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2428
2429 err = 0;
2430
2431 errout_tbl_lock:
2432 write_unlock_bh(&tbl->lock);
2433 errout:
2434 return err;
2435 }
2436
neightbl_valid_dump_info(const struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2437 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2438 struct netlink_ext_ack *extack)
2439 {
2440 struct ndtmsg *ndtm;
2441
2442 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2443 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2444 return -EINVAL;
2445 }
2446
2447 ndtm = nlmsg_data(nlh);
2448 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2449 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2450 return -EINVAL;
2451 }
2452
2453 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2454 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2455 return -EINVAL;
2456 }
2457
2458 return 0;
2459 }
2460
neightbl_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2461 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2462 {
2463 const struct nlmsghdr *nlh = cb->nlh;
2464 struct net *net = sock_net(skb->sk);
2465 int family, tidx, nidx = 0;
2466 int tbl_skip = cb->args[0];
2467 int neigh_skip = cb->args[1];
2468 struct neigh_table *tbl;
2469
2470 if (cb->strict_check) {
2471 int err = neightbl_valid_dump_info(nlh, cb->extack);
2472
2473 if (err < 0)
2474 return err;
2475 }
2476
2477 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2478
2479 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2480 struct neigh_parms *p;
2481
2482 tbl = neigh_tables[tidx];
2483 if (!tbl)
2484 continue;
2485
2486 if (tidx < tbl_skip || (family && tbl->family != family))
2487 continue;
2488
2489 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2490 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2491 NLM_F_MULTI) < 0)
2492 break;
2493
2494 nidx = 0;
2495 p = list_next_entry(&tbl->parms, list);
2496 list_for_each_entry_from(p, &tbl->parms_list, list) {
2497 if (!net_eq(neigh_parms_net(p), net))
2498 continue;
2499
2500 if (nidx < neigh_skip)
2501 goto next;
2502
2503 if (neightbl_fill_param_info(skb, tbl, p,
2504 NETLINK_CB(cb->skb).portid,
2505 nlh->nlmsg_seq,
2506 RTM_NEWNEIGHTBL,
2507 NLM_F_MULTI) < 0)
2508 goto out;
2509 next:
2510 nidx++;
2511 }
2512
2513 neigh_skip = 0;
2514 }
2515 out:
2516 cb->args[0] = tidx;
2517 cb->args[1] = nidx;
2518
2519 return skb->len;
2520 }
2521
neigh_fill_info(struct sk_buff * skb,struct neighbour * neigh,u32 pid,u32 seq,int type,unsigned int flags)2522 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2523 u32 pid, u32 seq, int type, unsigned int flags)
2524 {
2525 u32 neigh_flags, neigh_flags_ext;
2526 unsigned long now = jiffies;
2527 struct nda_cacheinfo ci;
2528 struct nlmsghdr *nlh;
2529 struct ndmsg *ndm;
2530
2531 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2532 if (nlh == NULL)
2533 return -EMSGSIZE;
2534
2535 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2536 neigh_flags = neigh->flags & NTF_OLD_MASK;
2537
2538 ndm = nlmsg_data(nlh);
2539 ndm->ndm_family = neigh->ops->family;
2540 ndm->ndm_pad1 = 0;
2541 ndm->ndm_pad2 = 0;
2542 ndm->ndm_flags = neigh_flags;
2543 ndm->ndm_type = neigh->type;
2544 ndm->ndm_ifindex = neigh->dev->ifindex;
2545
2546 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2547 goto nla_put_failure;
2548
2549 read_lock_bh(&neigh->lock);
2550 ndm->ndm_state = neigh->nud_state;
2551 if (neigh->nud_state & NUD_VALID) {
2552 char haddr[MAX_ADDR_LEN];
2553
2554 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2555 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2556 read_unlock_bh(&neigh->lock);
2557 goto nla_put_failure;
2558 }
2559 }
2560
2561 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2562 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2563 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2564 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2565 read_unlock_bh(&neigh->lock);
2566
2567 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2568 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2569 goto nla_put_failure;
2570
2571 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2572 goto nla_put_failure;
2573 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2574 goto nla_put_failure;
2575
2576 nlmsg_end(skb, nlh);
2577 return 0;
2578
2579 nla_put_failure:
2580 nlmsg_cancel(skb, nlh);
2581 return -EMSGSIZE;
2582 }
2583
pneigh_fill_info(struct sk_buff * skb,struct pneigh_entry * pn,u32 pid,u32 seq,int type,unsigned int flags,struct neigh_table * tbl)2584 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2585 u32 pid, u32 seq, int type, unsigned int flags,
2586 struct neigh_table *tbl)
2587 {
2588 u32 neigh_flags, neigh_flags_ext;
2589 struct nlmsghdr *nlh;
2590 struct ndmsg *ndm;
2591
2592 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2593 if (nlh == NULL)
2594 return -EMSGSIZE;
2595
2596 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2597 neigh_flags = pn->flags & NTF_OLD_MASK;
2598
2599 ndm = nlmsg_data(nlh);
2600 ndm->ndm_family = tbl->family;
2601 ndm->ndm_pad1 = 0;
2602 ndm->ndm_pad2 = 0;
2603 ndm->ndm_flags = neigh_flags | NTF_PROXY;
2604 ndm->ndm_type = RTN_UNICAST;
2605 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2606 ndm->ndm_state = NUD_NONE;
2607
2608 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2609 goto nla_put_failure;
2610
2611 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2612 goto nla_put_failure;
2613 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2614 goto nla_put_failure;
2615
2616 nlmsg_end(skb, nlh);
2617 return 0;
2618
2619 nla_put_failure:
2620 nlmsg_cancel(skb, nlh);
2621 return -EMSGSIZE;
2622 }
2623
neigh_update_notify(struct neighbour * neigh,u32 nlmsg_pid)2624 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2625 {
2626 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2627 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2628 }
2629
neigh_master_filtered(struct net_device * dev,int master_idx)2630 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2631 {
2632 struct net_device *master;
2633
2634 if (!master_idx)
2635 return false;
2636
2637 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2638
2639 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2640 * invalid value for ifindex to denote "no master".
2641 */
2642 if (master_idx == -1)
2643 return !!master;
2644
2645 if (!master || master->ifindex != master_idx)
2646 return true;
2647
2648 return false;
2649 }
2650
neigh_ifindex_filtered(struct net_device * dev,int filter_idx)2651 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2652 {
2653 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2654 return true;
2655
2656 return false;
2657 }
2658
2659 struct neigh_dump_filter {
2660 int master_idx;
2661 int dev_idx;
2662 };
2663
neigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2664 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2665 struct netlink_callback *cb,
2666 struct neigh_dump_filter *filter)
2667 {
2668 struct net *net = sock_net(skb->sk);
2669 struct neighbour *n;
2670 int rc, h, s_h = cb->args[1];
2671 int idx, s_idx = idx = cb->args[2];
2672 struct neigh_hash_table *nht;
2673 unsigned int flags = NLM_F_MULTI;
2674
2675 if (filter->dev_idx || filter->master_idx)
2676 flags |= NLM_F_DUMP_FILTERED;
2677
2678 rcu_read_lock_bh();
2679 nht = rcu_dereference_bh(tbl->nht);
2680
2681 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2682 if (h > s_h)
2683 s_idx = 0;
2684 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2685 n != NULL;
2686 n = rcu_dereference_bh(n->next)) {
2687 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2688 goto next;
2689 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2690 neigh_master_filtered(n->dev, filter->master_idx))
2691 goto next;
2692 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2693 cb->nlh->nlmsg_seq,
2694 RTM_NEWNEIGH,
2695 flags) < 0) {
2696 rc = -1;
2697 goto out;
2698 }
2699 next:
2700 idx++;
2701 }
2702 }
2703 rc = skb->len;
2704 out:
2705 rcu_read_unlock_bh();
2706 cb->args[1] = h;
2707 cb->args[2] = idx;
2708 return rc;
2709 }
2710
pneigh_dump_table(struct neigh_table * tbl,struct sk_buff * skb,struct netlink_callback * cb,struct neigh_dump_filter * filter)2711 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2712 struct netlink_callback *cb,
2713 struct neigh_dump_filter *filter)
2714 {
2715 struct pneigh_entry *n;
2716 struct net *net = sock_net(skb->sk);
2717 int rc, h, s_h = cb->args[3];
2718 int idx, s_idx = idx = cb->args[4];
2719 unsigned int flags = NLM_F_MULTI;
2720
2721 if (filter->dev_idx || filter->master_idx)
2722 flags |= NLM_F_DUMP_FILTERED;
2723
2724 read_lock_bh(&tbl->lock);
2725
2726 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2727 if (h > s_h)
2728 s_idx = 0;
2729 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2730 if (idx < s_idx || pneigh_net(n) != net)
2731 goto next;
2732 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2733 neigh_master_filtered(n->dev, filter->master_idx))
2734 goto next;
2735 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2736 cb->nlh->nlmsg_seq,
2737 RTM_NEWNEIGH, flags, tbl) < 0) {
2738 read_unlock_bh(&tbl->lock);
2739 rc = -1;
2740 goto out;
2741 }
2742 next:
2743 idx++;
2744 }
2745 }
2746
2747 read_unlock_bh(&tbl->lock);
2748 rc = skb->len;
2749 out:
2750 cb->args[3] = h;
2751 cb->args[4] = idx;
2752 return rc;
2753
2754 }
2755
neigh_valid_dump_req(const struct nlmsghdr * nlh,bool strict_check,struct neigh_dump_filter * filter,struct netlink_ext_ack * extack)2756 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2757 bool strict_check,
2758 struct neigh_dump_filter *filter,
2759 struct netlink_ext_ack *extack)
2760 {
2761 struct nlattr *tb[NDA_MAX + 1];
2762 int err, i;
2763
2764 if (strict_check) {
2765 struct ndmsg *ndm;
2766
2767 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2768 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2769 return -EINVAL;
2770 }
2771
2772 ndm = nlmsg_data(nlh);
2773 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2774 ndm->ndm_state || ndm->ndm_type) {
2775 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2776 return -EINVAL;
2777 }
2778
2779 if (ndm->ndm_flags & ~NTF_PROXY) {
2780 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2781 return -EINVAL;
2782 }
2783
2784 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2785 tb, NDA_MAX, nda_policy,
2786 extack);
2787 } else {
2788 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2789 NDA_MAX, nda_policy, extack);
2790 }
2791 if (err < 0)
2792 return err;
2793
2794 for (i = 0; i <= NDA_MAX; ++i) {
2795 if (!tb[i])
2796 continue;
2797
2798 /* all new attributes should require strict_check */
2799 switch (i) {
2800 case NDA_IFINDEX:
2801 filter->dev_idx = nla_get_u32(tb[i]);
2802 break;
2803 case NDA_MASTER:
2804 filter->master_idx = nla_get_u32(tb[i]);
2805 break;
2806 default:
2807 if (strict_check) {
2808 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2809 return -EINVAL;
2810 }
2811 }
2812 }
2813
2814 return 0;
2815 }
2816
neigh_dump_info(struct sk_buff * skb,struct netlink_callback * cb)2817 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2818 {
2819 const struct nlmsghdr *nlh = cb->nlh;
2820 struct neigh_dump_filter filter = {};
2821 struct neigh_table *tbl;
2822 int t, family, s_t;
2823 int proxy = 0;
2824 int err;
2825
2826 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2827
2828 /* check for full ndmsg structure presence, family member is
2829 * the same for both structures
2830 */
2831 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2832 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2833 proxy = 1;
2834
2835 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2836 if (err < 0 && cb->strict_check)
2837 return err;
2838
2839 s_t = cb->args[0];
2840
2841 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2842 tbl = neigh_tables[t];
2843
2844 if (!tbl)
2845 continue;
2846 if (t < s_t || (family && tbl->family != family))
2847 continue;
2848 if (t > s_t)
2849 memset(&cb->args[1], 0, sizeof(cb->args) -
2850 sizeof(cb->args[0]));
2851 if (proxy)
2852 err = pneigh_dump_table(tbl, skb, cb, &filter);
2853 else
2854 err = neigh_dump_table(tbl, skb, cb, &filter);
2855 if (err < 0)
2856 break;
2857 }
2858
2859 cb->args[0] = t;
2860 return skb->len;
2861 }
2862
neigh_valid_get_req(const struct nlmsghdr * nlh,struct neigh_table ** tbl,void ** dst,int * dev_idx,u8 * ndm_flags,struct netlink_ext_ack * extack)2863 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2864 struct neigh_table **tbl,
2865 void **dst, int *dev_idx, u8 *ndm_flags,
2866 struct netlink_ext_ack *extack)
2867 {
2868 struct nlattr *tb[NDA_MAX + 1];
2869 struct ndmsg *ndm;
2870 int err, i;
2871
2872 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2873 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2874 return -EINVAL;
2875 }
2876
2877 ndm = nlmsg_data(nlh);
2878 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2879 ndm->ndm_type) {
2880 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2881 return -EINVAL;
2882 }
2883
2884 if (ndm->ndm_flags & ~NTF_PROXY) {
2885 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2886 return -EINVAL;
2887 }
2888
2889 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2890 NDA_MAX, nda_policy, extack);
2891 if (err < 0)
2892 return err;
2893
2894 *ndm_flags = ndm->ndm_flags;
2895 *dev_idx = ndm->ndm_ifindex;
2896 *tbl = neigh_find_table(ndm->ndm_family);
2897 if (*tbl == NULL) {
2898 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2899 return -EAFNOSUPPORT;
2900 }
2901
2902 for (i = 0; i <= NDA_MAX; ++i) {
2903 if (!tb[i])
2904 continue;
2905
2906 switch (i) {
2907 case NDA_DST:
2908 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2909 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2910 return -EINVAL;
2911 }
2912 *dst = nla_data(tb[i]);
2913 break;
2914 default:
2915 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2916 return -EINVAL;
2917 }
2918 }
2919
2920 return 0;
2921 }
2922
neigh_nlmsg_size(void)2923 static inline size_t neigh_nlmsg_size(void)
2924 {
2925 return NLMSG_ALIGN(sizeof(struct ndmsg))
2926 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2927 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2928 + nla_total_size(sizeof(struct nda_cacheinfo))
2929 + nla_total_size(4) /* NDA_PROBES */
2930 + nla_total_size(4) /* NDA_FLAGS_EXT */
2931 + nla_total_size(1); /* NDA_PROTOCOL */
2932 }
2933
neigh_get_reply(struct net * net,struct neighbour * neigh,u32 pid,u32 seq)2934 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2935 u32 pid, u32 seq)
2936 {
2937 struct sk_buff *skb;
2938 int err = 0;
2939
2940 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2941 if (!skb)
2942 return -ENOBUFS;
2943
2944 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2945 if (err) {
2946 kfree_skb(skb);
2947 goto errout;
2948 }
2949
2950 err = rtnl_unicast(skb, net, pid);
2951 errout:
2952 return err;
2953 }
2954
pneigh_nlmsg_size(void)2955 static inline size_t pneigh_nlmsg_size(void)
2956 {
2957 return NLMSG_ALIGN(sizeof(struct ndmsg))
2958 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2959 + nla_total_size(4) /* NDA_FLAGS_EXT */
2960 + nla_total_size(1); /* NDA_PROTOCOL */
2961 }
2962
pneigh_get_reply(struct net * net,struct pneigh_entry * neigh,u32 pid,u32 seq,struct neigh_table * tbl)2963 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2964 u32 pid, u32 seq, struct neigh_table *tbl)
2965 {
2966 struct sk_buff *skb;
2967 int err = 0;
2968
2969 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2970 if (!skb)
2971 return -ENOBUFS;
2972
2973 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2974 if (err) {
2975 kfree_skb(skb);
2976 goto errout;
2977 }
2978
2979 err = rtnl_unicast(skb, net, pid);
2980 errout:
2981 return err;
2982 }
2983
neigh_get(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2984 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2985 struct netlink_ext_ack *extack)
2986 {
2987 struct net *net = sock_net(in_skb->sk);
2988 struct net_device *dev = NULL;
2989 struct neigh_table *tbl = NULL;
2990 struct neighbour *neigh;
2991 void *dst = NULL;
2992 u8 ndm_flags = 0;
2993 int dev_idx = 0;
2994 int err;
2995
2996 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2997 extack);
2998 if (err < 0)
2999 return err;
3000
3001 if (dev_idx) {
3002 dev = __dev_get_by_index(net, dev_idx);
3003 if (!dev) {
3004 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3005 return -ENODEV;
3006 }
3007 }
3008
3009 if (!dst) {
3010 NL_SET_ERR_MSG(extack, "Network address not specified");
3011 return -EINVAL;
3012 }
3013
3014 if (ndm_flags & NTF_PROXY) {
3015 struct pneigh_entry *pn;
3016
3017 pn = pneigh_lookup(tbl, net, dst, dev, 0);
3018 if (!pn) {
3019 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3020 return -ENOENT;
3021 }
3022 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3023 nlh->nlmsg_seq, tbl);
3024 }
3025
3026 if (!dev) {
3027 NL_SET_ERR_MSG(extack, "No device specified");
3028 return -EINVAL;
3029 }
3030
3031 neigh = neigh_lookup(tbl, dst, dev);
3032 if (!neigh) {
3033 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3034 return -ENOENT;
3035 }
3036
3037 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3038 nlh->nlmsg_seq);
3039
3040 neigh_release(neigh);
3041
3042 return err;
3043 }
3044
neigh_for_each(struct neigh_table * tbl,void (* cb)(struct neighbour *,void *),void * cookie)3045 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3046 {
3047 int chain;
3048 struct neigh_hash_table *nht;
3049
3050 rcu_read_lock_bh();
3051 nht = rcu_dereference_bh(tbl->nht);
3052
3053 read_lock(&tbl->lock); /* avoid resizes */
3054 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3055 struct neighbour *n;
3056
3057 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3058 n != NULL;
3059 n = rcu_dereference_bh(n->next))
3060 cb(n, cookie);
3061 }
3062 read_unlock(&tbl->lock);
3063 rcu_read_unlock_bh();
3064 }
3065 EXPORT_SYMBOL(neigh_for_each);
3066
3067 /* The tbl->lock must be held as a writer and BH disabled. */
__neigh_for_each_release(struct neigh_table * tbl,int (* cb)(struct neighbour *))3068 void __neigh_for_each_release(struct neigh_table *tbl,
3069 int (*cb)(struct neighbour *))
3070 {
3071 int chain;
3072 struct neigh_hash_table *nht;
3073
3074 nht = rcu_dereference_protected(tbl->nht,
3075 lockdep_is_held(&tbl->lock));
3076 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3077 struct neighbour *n;
3078 struct neighbour __rcu **np;
3079
3080 np = &nht->hash_buckets[chain];
3081 while ((n = rcu_dereference_protected(*np,
3082 lockdep_is_held(&tbl->lock))) != NULL) {
3083 int release;
3084
3085 write_lock(&n->lock);
3086 release = cb(n);
3087 if (release) {
3088 rcu_assign_pointer(*np,
3089 rcu_dereference_protected(n->next,
3090 lockdep_is_held(&tbl->lock)));
3091 neigh_mark_dead(n);
3092 } else
3093 np = &n->next;
3094 write_unlock(&n->lock);
3095 if (release)
3096 neigh_cleanup_and_release(n);
3097 }
3098 }
3099 }
3100 EXPORT_SYMBOL(__neigh_for_each_release);
3101
neigh_xmit(int index,struct net_device * dev,const void * addr,struct sk_buff * skb)3102 int neigh_xmit(int index, struct net_device *dev,
3103 const void *addr, struct sk_buff *skb)
3104 {
3105 int err = -EAFNOSUPPORT;
3106 if (likely(index < NEIGH_NR_TABLES)) {
3107 struct neigh_table *tbl;
3108 struct neighbour *neigh;
3109
3110 tbl = neigh_tables[index];
3111 if (!tbl)
3112 goto out;
3113 rcu_read_lock_bh();
3114 if (index == NEIGH_ARP_TABLE) {
3115 u32 key = *((u32 *)addr);
3116
3117 neigh = __ipv4_neigh_lookup_noref(dev, key);
3118 } else {
3119 neigh = __neigh_lookup_noref(tbl, addr, dev);
3120 }
3121 if (!neigh)
3122 neigh = __neigh_create(tbl, addr, dev, false);
3123 err = PTR_ERR(neigh);
3124 if (IS_ERR(neigh)) {
3125 rcu_read_unlock_bh();
3126 goto out_kfree_skb;
3127 }
3128 err = neigh->output(neigh, skb);
3129 rcu_read_unlock_bh();
3130 }
3131 else if (index == NEIGH_LINK_TABLE) {
3132 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3133 addr, NULL, skb->len);
3134 if (err < 0)
3135 goto out_kfree_skb;
3136 err = dev_queue_xmit(skb);
3137 }
3138 out:
3139 return err;
3140 out_kfree_skb:
3141 kfree_skb(skb);
3142 goto out;
3143 }
3144 EXPORT_SYMBOL(neigh_xmit);
3145
3146 #ifdef CONFIG_PROC_FS
3147
neigh_get_first(struct seq_file * seq)3148 static struct neighbour *neigh_get_first(struct seq_file *seq)
3149 {
3150 struct neigh_seq_state *state = seq->private;
3151 struct net *net = seq_file_net(seq);
3152 struct neigh_hash_table *nht = state->nht;
3153 struct neighbour *n = NULL;
3154 int bucket;
3155
3156 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3157 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3158 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3159
3160 while (n) {
3161 if (!net_eq(dev_net(n->dev), net))
3162 goto next;
3163 if (state->neigh_sub_iter) {
3164 loff_t fakep = 0;
3165 void *v;
3166
3167 v = state->neigh_sub_iter(state, n, &fakep);
3168 if (!v)
3169 goto next;
3170 }
3171 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3172 break;
3173 if (n->nud_state & ~NUD_NOARP)
3174 break;
3175 next:
3176 n = rcu_dereference_bh(n->next);
3177 }
3178
3179 if (n)
3180 break;
3181 }
3182 state->bucket = bucket;
3183
3184 return n;
3185 }
3186
neigh_get_next(struct seq_file * seq,struct neighbour * n,loff_t * pos)3187 static struct neighbour *neigh_get_next(struct seq_file *seq,
3188 struct neighbour *n,
3189 loff_t *pos)
3190 {
3191 struct neigh_seq_state *state = seq->private;
3192 struct net *net = seq_file_net(seq);
3193 struct neigh_hash_table *nht = state->nht;
3194
3195 if (state->neigh_sub_iter) {
3196 void *v = state->neigh_sub_iter(state, n, pos);
3197 if (v)
3198 return n;
3199 }
3200 n = rcu_dereference_bh(n->next);
3201
3202 while (1) {
3203 while (n) {
3204 if (!net_eq(dev_net(n->dev), net))
3205 goto next;
3206 if (state->neigh_sub_iter) {
3207 void *v = state->neigh_sub_iter(state, n, pos);
3208 if (v)
3209 return n;
3210 goto next;
3211 }
3212 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3213 break;
3214
3215 if (n->nud_state & ~NUD_NOARP)
3216 break;
3217 next:
3218 n = rcu_dereference_bh(n->next);
3219 }
3220
3221 if (n)
3222 break;
3223
3224 if (++state->bucket >= (1 << nht->hash_shift))
3225 break;
3226
3227 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3228 }
3229
3230 if (n && pos)
3231 --(*pos);
3232 return n;
3233 }
3234
neigh_get_idx(struct seq_file * seq,loff_t * pos)3235 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3236 {
3237 struct neighbour *n = neigh_get_first(seq);
3238
3239 if (n) {
3240 --(*pos);
3241 while (*pos) {
3242 n = neigh_get_next(seq, n, pos);
3243 if (!n)
3244 break;
3245 }
3246 }
3247 return *pos ? NULL : n;
3248 }
3249
pneigh_get_first(struct seq_file * seq)3250 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3251 {
3252 struct neigh_seq_state *state = seq->private;
3253 struct net *net = seq_file_net(seq);
3254 struct neigh_table *tbl = state->tbl;
3255 struct pneigh_entry *pn = NULL;
3256 int bucket;
3257
3258 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3259 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3260 pn = tbl->phash_buckets[bucket];
3261 while (pn && !net_eq(pneigh_net(pn), net))
3262 pn = pn->next;
3263 if (pn)
3264 break;
3265 }
3266 state->bucket = bucket;
3267
3268 return pn;
3269 }
3270
pneigh_get_next(struct seq_file * seq,struct pneigh_entry * pn,loff_t * pos)3271 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3272 struct pneigh_entry *pn,
3273 loff_t *pos)
3274 {
3275 struct neigh_seq_state *state = seq->private;
3276 struct net *net = seq_file_net(seq);
3277 struct neigh_table *tbl = state->tbl;
3278
3279 do {
3280 pn = pn->next;
3281 } while (pn && !net_eq(pneigh_net(pn), net));
3282
3283 while (!pn) {
3284 if (++state->bucket > PNEIGH_HASHMASK)
3285 break;
3286 pn = tbl->phash_buckets[state->bucket];
3287 while (pn && !net_eq(pneigh_net(pn), net))
3288 pn = pn->next;
3289 if (pn)
3290 break;
3291 }
3292
3293 if (pn && pos)
3294 --(*pos);
3295
3296 return pn;
3297 }
3298
pneigh_get_idx(struct seq_file * seq,loff_t * pos)3299 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3300 {
3301 struct pneigh_entry *pn = pneigh_get_first(seq);
3302
3303 if (pn) {
3304 --(*pos);
3305 while (*pos) {
3306 pn = pneigh_get_next(seq, pn, pos);
3307 if (!pn)
3308 break;
3309 }
3310 }
3311 return *pos ? NULL : pn;
3312 }
3313
neigh_get_idx_any(struct seq_file * seq,loff_t * pos)3314 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3315 {
3316 struct neigh_seq_state *state = seq->private;
3317 void *rc;
3318 loff_t idxpos = *pos;
3319
3320 rc = neigh_get_idx(seq, &idxpos);
3321 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3322 rc = pneigh_get_idx(seq, &idxpos);
3323
3324 return rc;
3325 }
3326
neigh_seq_start(struct seq_file * seq,loff_t * pos,struct neigh_table * tbl,unsigned int neigh_seq_flags)3327 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3328 __acquires(tbl->lock)
3329 __acquires(rcu_bh)
3330 {
3331 struct neigh_seq_state *state = seq->private;
3332
3333 state->tbl = tbl;
3334 state->bucket = 0;
3335 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3336
3337 rcu_read_lock_bh();
3338 state->nht = rcu_dereference_bh(tbl->nht);
3339 read_lock(&tbl->lock);
3340
3341 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3342 }
3343 EXPORT_SYMBOL(neigh_seq_start);
3344
neigh_seq_next(struct seq_file * seq,void * v,loff_t * pos)3345 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3346 {
3347 struct neigh_seq_state *state;
3348 void *rc;
3349
3350 if (v == SEQ_START_TOKEN) {
3351 rc = neigh_get_first(seq);
3352 goto out;
3353 }
3354
3355 state = seq->private;
3356 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3357 rc = neigh_get_next(seq, v, NULL);
3358 if (rc)
3359 goto out;
3360 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3361 rc = pneigh_get_first(seq);
3362 } else {
3363 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3364 rc = pneigh_get_next(seq, v, NULL);
3365 }
3366 out:
3367 ++(*pos);
3368 return rc;
3369 }
3370 EXPORT_SYMBOL(neigh_seq_next);
3371
neigh_seq_stop(struct seq_file * seq,void * v)3372 void neigh_seq_stop(struct seq_file *seq, void *v)
3373 __releases(tbl->lock)
3374 __releases(rcu_bh)
3375 {
3376 struct neigh_seq_state *state = seq->private;
3377 struct neigh_table *tbl = state->tbl;
3378
3379 read_unlock(&tbl->lock);
3380 rcu_read_unlock_bh();
3381 }
3382 EXPORT_SYMBOL(neigh_seq_stop);
3383
3384 /* statistics via seq_file */
3385
neigh_stat_seq_start(struct seq_file * seq,loff_t * pos)3386 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3387 {
3388 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3389 int cpu;
3390
3391 if (*pos == 0)
3392 return SEQ_START_TOKEN;
3393
3394 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3395 if (!cpu_possible(cpu))
3396 continue;
3397 *pos = cpu+1;
3398 return per_cpu_ptr(tbl->stats, cpu);
3399 }
3400 return NULL;
3401 }
3402
neigh_stat_seq_next(struct seq_file * seq,void * v,loff_t * pos)3403 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3404 {
3405 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3406 int cpu;
3407
3408 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3409 if (!cpu_possible(cpu))
3410 continue;
3411 *pos = cpu+1;
3412 return per_cpu_ptr(tbl->stats, cpu);
3413 }
3414 (*pos)++;
3415 return NULL;
3416 }
3417
neigh_stat_seq_stop(struct seq_file * seq,void * v)3418 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3419 {
3420
3421 }
3422
neigh_stat_seq_show(struct seq_file * seq,void * v)3423 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3424 {
3425 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3426 struct neigh_statistics *st = v;
3427
3428 if (v == SEQ_START_TOKEN) {
3429 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3430 return 0;
3431 }
3432
3433 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3434 "%08lx %08lx %08lx "
3435 "%08lx %08lx %08lx\n",
3436 atomic_read(&tbl->entries),
3437
3438 st->allocs,
3439 st->destroys,
3440 st->hash_grows,
3441
3442 st->lookups,
3443 st->hits,
3444
3445 st->res_failed,
3446
3447 st->rcv_probes_mcast,
3448 st->rcv_probes_ucast,
3449
3450 st->periodic_gc_runs,
3451 st->forced_gc_runs,
3452 st->unres_discards,
3453 st->table_fulls
3454 );
3455
3456 return 0;
3457 }
3458
3459 static const struct seq_operations neigh_stat_seq_ops = {
3460 .start = neigh_stat_seq_start,
3461 .next = neigh_stat_seq_next,
3462 .stop = neigh_stat_seq_stop,
3463 .show = neigh_stat_seq_show,
3464 };
3465 #endif /* CONFIG_PROC_FS */
3466
__neigh_notify(struct neighbour * n,int type,int flags,u32 pid)3467 static void __neigh_notify(struct neighbour *n, int type, int flags,
3468 u32 pid)
3469 {
3470 struct net *net = dev_net(n->dev);
3471 struct sk_buff *skb;
3472 int err = -ENOBUFS;
3473
3474 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3475 if (skb == NULL)
3476 goto errout;
3477
3478 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3479 if (err < 0) {
3480 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3481 WARN_ON(err == -EMSGSIZE);
3482 kfree_skb(skb);
3483 goto errout;
3484 }
3485 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3486 return;
3487 errout:
3488 if (err < 0)
3489 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3490 }
3491
neigh_app_ns(struct neighbour * n)3492 void neigh_app_ns(struct neighbour *n)
3493 {
3494 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3495 }
3496 EXPORT_SYMBOL(neigh_app_ns);
3497
3498 #ifdef CONFIG_SYSCTL
3499 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3500
proc_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3501 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3502 void *buffer, size_t *lenp, loff_t *ppos)
3503 {
3504 int size, ret;
3505 struct ctl_table tmp = *ctl;
3506
3507 tmp.extra1 = SYSCTL_ZERO;
3508 tmp.extra2 = &unres_qlen_max;
3509 tmp.data = &size;
3510
3511 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3512 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3513
3514 if (write && !ret)
3515 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3516 return ret;
3517 }
3518
neigh_get_dev_parms_rcu(struct net_device * dev,int family)3519 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3520 int family)
3521 {
3522 switch (family) {
3523 case AF_INET:
3524 return __in_dev_arp_parms_get_rcu(dev);
3525 case AF_INET6:
3526 return __in6_dev_nd_parms_get_rcu(dev);
3527 }
3528 return NULL;
3529 }
3530
neigh_copy_dflt_parms(struct net * net,struct neigh_parms * p,int index)3531 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3532 int index)
3533 {
3534 struct net_device *dev;
3535 int family = neigh_parms_family(p);
3536
3537 rcu_read_lock();
3538 for_each_netdev_rcu(net, dev) {
3539 struct neigh_parms *dst_p =
3540 neigh_get_dev_parms_rcu(dev, family);
3541
3542 if (dst_p && !test_bit(index, dst_p->data_state))
3543 dst_p->data[index] = p->data[index];
3544 }
3545 rcu_read_unlock();
3546 }
3547
neigh_proc_update(struct ctl_table * ctl,int write)3548 static void neigh_proc_update(struct ctl_table *ctl, int write)
3549 {
3550 struct net_device *dev = ctl->extra1;
3551 struct neigh_parms *p = ctl->extra2;
3552 struct net *net = neigh_parms_net(p);
3553 int index = (int *) ctl->data - p->data;
3554
3555 if (!write)
3556 return;
3557
3558 set_bit(index, p->data_state);
3559 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3560 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3561 if (!dev) /* NULL dev means this is default value */
3562 neigh_copy_dflt_parms(net, p, index);
3563 }
3564
neigh_proc_dointvec_zero_intmax(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3565 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3566 void *buffer, size_t *lenp,
3567 loff_t *ppos)
3568 {
3569 struct ctl_table tmp = *ctl;
3570 int ret;
3571
3572 tmp.extra1 = SYSCTL_ZERO;
3573 tmp.extra2 = SYSCTL_INT_MAX;
3574
3575 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3576 neigh_proc_update(ctl, write);
3577 return ret;
3578 }
3579
neigh_proc_dointvec(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3580 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3581 size_t *lenp, loff_t *ppos)
3582 {
3583 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3584
3585 neigh_proc_update(ctl, write);
3586 return ret;
3587 }
3588 EXPORT_SYMBOL(neigh_proc_dointvec);
3589
neigh_proc_dointvec_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3590 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3591 size_t *lenp, loff_t *ppos)
3592 {
3593 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3594
3595 neigh_proc_update(ctl, write);
3596 return ret;
3597 }
3598 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3599
neigh_proc_dointvec_userhz_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3600 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3601 void *buffer, size_t *lenp,
3602 loff_t *ppos)
3603 {
3604 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3605
3606 neigh_proc_update(ctl, write);
3607 return ret;
3608 }
3609
neigh_proc_dointvec_ms_jiffies(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3610 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3611 void *buffer, size_t *lenp, loff_t *ppos)
3612 {
3613 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3614
3615 neigh_proc_update(ctl, write);
3616 return ret;
3617 }
3618 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3619
neigh_proc_dointvec_unres_qlen(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3620 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3621 void *buffer, size_t *lenp,
3622 loff_t *ppos)
3623 {
3624 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3625
3626 neigh_proc_update(ctl, write);
3627 return ret;
3628 }
3629
neigh_proc_base_reachable_time(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)3630 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3631 void *buffer, size_t *lenp,
3632 loff_t *ppos)
3633 {
3634 struct neigh_parms *p = ctl->extra2;
3635 int ret;
3636
3637 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3638 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3639 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3640 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3641 else
3642 ret = -1;
3643
3644 if (write && ret == 0) {
3645 /* update reachable_time as well, otherwise, the change will
3646 * only be effective after the next time neigh_periodic_work
3647 * decides to recompute it
3648 */
3649 p->reachable_time =
3650 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3651 }
3652 return ret;
3653 }
3654
3655 #define NEIGH_PARMS_DATA_OFFSET(index) \
3656 (&((struct neigh_parms *) 0)->data[index])
3657
3658 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3659 [NEIGH_VAR_ ## attr] = { \
3660 .procname = name, \
3661 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3662 .maxlen = sizeof(int), \
3663 .mode = mval, \
3664 .proc_handler = proc, \
3665 }
3666
3667 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3668 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3669
3670 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3671 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3672
3673 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3674 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3675
3676 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3677 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3678
3679 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3680 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3681
3682 static struct neigh_sysctl_table {
3683 struct ctl_table_header *sysctl_header;
3684 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3685 } neigh_sysctl_template __read_mostly = {
3686 .neigh_vars = {
3687 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3688 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3689 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3690 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3691 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3692 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3693 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3694 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3695 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3696 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3697 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3698 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3699 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3700 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3701 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3702 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3703 [NEIGH_VAR_GC_INTERVAL] = {
3704 .procname = "gc_interval",
3705 .maxlen = sizeof(int),
3706 .mode = 0644,
3707 .proc_handler = proc_dointvec_jiffies,
3708 },
3709 [NEIGH_VAR_GC_THRESH1] = {
3710 .procname = "gc_thresh1",
3711 .maxlen = sizeof(int),
3712 .mode = 0644,
3713 .extra1 = SYSCTL_ZERO,
3714 .extra2 = SYSCTL_INT_MAX,
3715 .proc_handler = proc_dointvec_minmax,
3716 },
3717 [NEIGH_VAR_GC_THRESH2] = {
3718 .procname = "gc_thresh2",
3719 .maxlen = sizeof(int),
3720 .mode = 0644,
3721 .extra1 = SYSCTL_ZERO,
3722 .extra2 = SYSCTL_INT_MAX,
3723 .proc_handler = proc_dointvec_minmax,
3724 },
3725 [NEIGH_VAR_GC_THRESH3] = {
3726 .procname = "gc_thresh3",
3727 .maxlen = sizeof(int),
3728 .mode = 0644,
3729 .extra1 = SYSCTL_ZERO,
3730 .extra2 = SYSCTL_INT_MAX,
3731 .proc_handler = proc_dointvec_minmax,
3732 },
3733 {},
3734 },
3735 };
3736
neigh_sysctl_register(struct net_device * dev,struct neigh_parms * p,proc_handler * handler)3737 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3738 proc_handler *handler)
3739 {
3740 int i;
3741 struct neigh_sysctl_table *t;
3742 const char *dev_name_source;
3743 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3744 char *p_name;
3745
3746 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3747 if (!t)
3748 goto err;
3749
3750 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3751 t->neigh_vars[i].data += (long) p;
3752 t->neigh_vars[i].extra1 = dev;
3753 t->neigh_vars[i].extra2 = p;
3754 }
3755
3756 if (dev) {
3757 dev_name_source = dev->name;
3758 /* Terminate the table early */
3759 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3760 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3761 } else {
3762 struct neigh_table *tbl = p->tbl;
3763 dev_name_source = "default";
3764 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3765 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3766 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3767 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3768 }
3769
3770 if (handler) {
3771 /* RetransTime */
3772 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3773 /* ReachableTime */
3774 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3775 /* RetransTime (in milliseconds)*/
3776 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3777 /* ReachableTime (in milliseconds) */
3778 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3779 } else {
3780 /* Those handlers will update p->reachable_time after
3781 * base_reachable_time(_ms) is set to ensure the new timer starts being
3782 * applied after the next neighbour update instead of waiting for
3783 * neigh_periodic_work to update its value (can be multiple minutes)
3784 * So any handler that replaces them should do this as well
3785 */
3786 /* ReachableTime */
3787 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3788 neigh_proc_base_reachable_time;
3789 /* ReachableTime (in milliseconds) */
3790 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3791 neigh_proc_base_reachable_time;
3792 }
3793
3794 switch (neigh_parms_family(p)) {
3795 case AF_INET:
3796 p_name = "ipv4";
3797 break;
3798 case AF_INET6:
3799 p_name = "ipv6";
3800 break;
3801 default:
3802 BUG();
3803 }
3804
3805 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3806 p_name, dev_name_source);
3807 t->sysctl_header =
3808 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3809 if (!t->sysctl_header)
3810 goto free;
3811
3812 p->sysctl_table = t;
3813 return 0;
3814
3815 free:
3816 kfree(t);
3817 err:
3818 return -ENOBUFS;
3819 }
3820 EXPORT_SYMBOL(neigh_sysctl_register);
3821
neigh_sysctl_unregister(struct neigh_parms * p)3822 void neigh_sysctl_unregister(struct neigh_parms *p)
3823 {
3824 if (p->sysctl_table) {
3825 struct neigh_sysctl_table *t = p->sysctl_table;
3826 p->sysctl_table = NULL;
3827 unregister_net_sysctl_table(t->sysctl_header);
3828 kfree(t);
3829 }
3830 }
3831 EXPORT_SYMBOL(neigh_sysctl_unregister);
3832
3833 #endif /* CONFIG_SYSCTL */
3834
neigh_init(void)3835 static int __init neigh_init(void)
3836 {
3837 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3838 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3839 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3840
3841 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3842 0);
3843 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3844
3845 return 0;
3846 }
3847
3848 subsys_initcall(neigh_init);
3849