1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16#include <linux/slab.h> 17#include <linux/kmemleak.h> 18#include <linux/types.h> 19#include <linux/kernel.h> 20#include <linux/module.h> 21#include <linux/socket.h> 22#include <linux/netdevice.h> 23#include <linux/proc_fs.h> 24#ifdef CONFIG_SYSCTL 25#include <linux/sysctl.h> 26#endif 27#include <linux/times.h> 28#include <net/net_namespace.h> 29#include <net/neighbour.h> 30#include <net/arp.h> 31#include <net/dst.h> 32#include <net/sock.h> 33#include <net/netevent.h> 34#include <net/netlink.h> 35#include <linux/rtnetlink.h> 36#include <linux/random.h> 37#include <linux/string.h> 38#include <linux/log2.h> 39#include <linux/inetdevice.h> 40#include <net/addrconf.h> 41 42#include <trace/events/neigh.h> 43 44#define NEIGH_DEBUG 1 45#define neigh_dbg(level, fmt, ...) \ 46do { \ 47 if (level <= NEIGH_DEBUG) \ 48 pr_debug(fmt, ##__VA_ARGS__); \ 49} while (0) 50 51#define PNEIGH_HASHMASK 0xF 52 53static void neigh_timer_handler(struct timer_list *t); 54static void __neigh_notify(struct neighbour *n, int type, int flags, 55 u32 pid); 56static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 57static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 58 struct net_device *dev); 59 60#ifdef CONFIG_PROC_FS 61static const struct seq_operations neigh_stat_seq_ops; 62#endif 63 64/* 65 Neighbour hash table buckets are protected with rwlock tbl->lock. 66 67 - All the scans/updates to hash buckets MUST be made under this lock. 68 - NOTHING clever should be made under this lock: no callbacks 69 to protocol backends, no attempts to send something to network. 70 It will result in deadlocks, if backend/driver wants to use neighbour 71 cache. 72 - If the entry requires some non-trivial actions, increase 73 its reference count and release table lock. 74 75 Neighbour entries are protected: 76 - with reference count. 77 - with rwlock neigh->lock 78 79 Reference count prevents destruction. 80 81 neigh->lock mainly serializes ll address data and its validity state. 82 However, the same lock is used to protect another entry fields: 83 - timer 84 - resolution queue 85 86 Again, nothing clever shall be made under neigh->lock, 87 the most complicated procedure, which we allow is dev->hard_header. 88 It is supposed, that dev->hard_header is simplistic and does 89 not make callbacks to neighbour tables. 90 */ 91 92static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 93{ 94 kfree_skb(skb); 95 return -ENETDOWN; 96} 97 98static void neigh_cleanup_and_release(struct neighbour *neigh) 99{ 100 trace_neigh_cleanup_and_release(neigh, 0); 101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 103 neigh_release(neigh); 104} 105 106/* 107 * It is random distribution in the interval (1/2)*base...(3/2)*base. 108 * It corresponds to default IPv6 settings and is not overridable, 109 * because it is really reasonable choice. 110 */ 111 112unsigned long neigh_rand_reach_time(unsigned long base) 113{ 114 return base ? get_random_u32_below(base) + (base >> 1) : 0; 115} 116EXPORT_SYMBOL(neigh_rand_reach_time); 117 118static void neigh_mark_dead(struct neighbour *n) 119{ 120 n->dead = 1; 121 if (!list_empty(&n->gc_list)) { 122 list_del_init(&n->gc_list); 123 atomic_dec(&n->tbl->gc_entries); 124 } 125 if (!list_empty(&n->managed_list)) 126 list_del_init(&n->managed_list); 127} 128 129static void neigh_update_gc_list(struct neighbour *n) 130{ 131 bool on_gc_list, exempt_from_gc; 132 133 write_lock_bh(&n->tbl->lock); 134 write_lock(&n->lock); 135 if (n->dead) 136 goto out; 137 138 /* remove from the gc list if new state is permanent or if neighbor 139 * is externally learned; otherwise entry should be on the gc list 140 */ 141 exempt_from_gc = n->nud_state & NUD_PERMANENT || 142 n->flags & NTF_EXT_LEARNED; 143 on_gc_list = !list_empty(&n->gc_list); 144 145 if (exempt_from_gc && on_gc_list) { 146 list_del_init(&n->gc_list); 147 atomic_dec(&n->tbl->gc_entries); 148 } else if (!exempt_from_gc && !on_gc_list) { 149 /* add entries to the tail; cleaning removes from the front */ 150 list_add_tail(&n->gc_list, &n->tbl->gc_list); 151 atomic_inc(&n->tbl->gc_entries); 152 } 153out: 154 write_unlock(&n->lock); 155 write_unlock_bh(&n->tbl->lock); 156} 157 158static void neigh_update_managed_list(struct neighbour *n) 159{ 160 bool on_managed_list, add_to_managed; 161 162 write_lock_bh(&n->tbl->lock); 163 write_lock(&n->lock); 164 if (n->dead) 165 goto out; 166 167 add_to_managed = n->flags & NTF_MANAGED; 168 on_managed_list = !list_empty(&n->managed_list); 169 170 if (!add_to_managed && on_managed_list) 171 list_del_init(&n->managed_list); 172 else if (add_to_managed && !on_managed_list) 173 list_add_tail(&n->managed_list, &n->tbl->managed_list); 174out: 175 write_unlock(&n->lock); 176 write_unlock_bh(&n->tbl->lock); 177} 178 179static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 180 bool *gc_update, bool *managed_update) 181{ 182 u32 ndm_flags, old_flags = neigh->flags; 183 184 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 185 return; 186 187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 189 190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 191 if (ndm_flags & NTF_EXT_LEARNED) 192 neigh->flags |= NTF_EXT_LEARNED; 193 else 194 neigh->flags &= ~NTF_EXT_LEARNED; 195 *notify = 1; 196 *gc_update = true; 197 } 198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 199 if (ndm_flags & NTF_MANAGED) 200 neigh->flags |= NTF_MANAGED; 201 else 202 neigh->flags &= ~NTF_MANAGED; 203 *notify = 1; 204 *managed_update = true; 205 } 206} 207 208static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np, 209 struct neigh_table *tbl) 210{ 211 bool retval = false; 212 213 write_lock(&n->lock); 214 if (refcount_read(&n->refcnt) == 1) { 215 struct neighbour *neigh; 216 217 neigh = rcu_dereference_protected(n->next, 218 lockdep_is_held(&tbl->lock)); 219 rcu_assign_pointer(*np, neigh); 220 neigh_mark_dead(n); 221 retval = true; 222 } 223 write_unlock(&n->lock); 224 if (retval) 225 neigh_cleanup_and_release(n); 226 return retval; 227} 228 229bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl) 230{ 231 struct neigh_hash_table *nht; 232 void *pkey = ndel->primary_key; 233 u32 hash_val; 234 struct neighbour *n; 235 struct neighbour __rcu **np; 236 237 nht = rcu_dereference_protected(tbl->nht, 238 lockdep_is_held(&tbl->lock)); 239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd); 240 hash_val = hash_val >> (32 - nht->hash_shift); 241 242 np = &nht->hash_buckets[hash_val]; 243 while ((n = rcu_dereference_protected(*np, 244 lockdep_is_held(&tbl->lock)))) { 245 if (n == ndel) 246 return neigh_del(n, np, tbl); 247 np = &n->next; 248 } 249 return false; 250} 251 252static int neigh_forced_gc(struct neigh_table *tbl) 253{ 254 int max_clean = atomic_read(&tbl->gc_entries) - 255 READ_ONCE(tbl->gc_thresh2); 256 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 257 unsigned long tref = jiffies - 5 * HZ; 258 struct neighbour *n, *tmp; 259 int shrunk = 0; 260 int loop = 0; 261 262 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 263 264 write_lock_bh(&tbl->lock); 265 266 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 267 if (refcount_read(&n->refcnt) == 1) { 268 bool remove = false; 269 270 write_lock(&n->lock); 271 if ((n->nud_state == NUD_FAILED) || 272 (n->nud_state == NUD_NOARP) || 273 (tbl->is_multicast && 274 tbl->is_multicast(n->primary_key)) || 275 !time_in_range(n->updated, tref, jiffies)) 276 remove = true; 277 write_unlock(&n->lock); 278 279 if (remove && neigh_remove_one(n, tbl)) 280 shrunk++; 281 if (shrunk >= max_clean) 282 break; 283 if (++loop == 16) { 284 if (ktime_get_ns() > tmax) 285 goto unlock; 286 loop = 0; 287 } 288 } 289 } 290 291 WRITE_ONCE(tbl->last_flush, jiffies); 292unlock: 293 write_unlock_bh(&tbl->lock); 294 295 return shrunk; 296} 297 298static void neigh_add_timer(struct neighbour *n, unsigned long when) 299{ 300 /* Use safe distance from the jiffies - LONG_MAX point while timer 301 * is running in DELAY/PROBE state but still show to user space 302 * large times in the past. 303 */ 304 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 305 306 neigh_hold(n); 307 if (!time_in_range(n->confirmed, mint, jiffies)) 308 n->confirmed = mint; 309 if (time_before(n->used, n->confirmed)) 310 n->used = n->confirmed; 311 if (unlikely(mod_timer(&n->timer, when))) { 312 printk("NEIGH: BUG, double timer add, state is %x\n", 313 n->nud_state); 314 dump_stack(); 315 } 316} 317 318static int neigh_del_timer(struct neighbour *n) 319{ 320 if ((n->nud_state & NUD_IN_TIMER) && 321 del_timer(&n->timer)) { 322 neigh_release(n); 323 return 1; 324 } 325 return 0; 326} 327 328static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 329 int family) 330{ 331 switch (family) { 332 case AF_INET: 333 return __in_dev_arp_parms_get_rcu(dev); 334 case AF_INET6: 335 return __in6_dev_nd_parms_get_rcu(dev); 336 } 337 return NULL; 338} 339 340static void neigh_parms_qlen_dec(struct net_device *dev, int family) 341{ 342 struct neigh_parms *p; 343 344 rcu_read_lock(); 345 p = neigh_get_dev_parms_rcu(dev, family); 346 if (p) 347 p->qlen--; 348 rcu_read_unlock(); 349} 350 351static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 352 int family) 353{ 354 struct sk_buff_head tmp; 355 unsigned long flags; 356 struct sk_buff *skb; 357 358 skb_queue_head_init(&tmp); 359 spin_lock_irqsave(&list->lock, flags); 360 skb = skb_peek(list); 361 while (skb != NULL) { 362 struct sk_buff *skb_next = skb_peek_next(skb, list); 363 struct net_device *dev = skb->dev; 364 365 if (net == NULL || net_eq(dev_net(dev), net)) { 366 neigh_parms_qlen_dec(dev, family); 367 __skb_unlink(skb, list); 368 __skb_queue_tail(&tmp, skb); 369 } 370 skb = skb_next; 371 } 372 spin_unlock_irqrestore(&list->lock, flags); 373 374 while ((skb = __skb_dequeue(&tmp))) { 375 dev_put(skb->dev); 376 kfree_skb(skb); 377 } 378} 379 380static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 381 bool skip_perm) 382{ 383 int i; 384 struct neigh_hash_table *nht; 385 386 nht = rcu_dereference_protected(tbl->nht, 387 lockdep_is_held(&tbl->lock)); 388 389 for (i = 0; i < (1 << nht->hash_shift); i++) { 390 struct neighbour *n; 391 struct neighbour __rcu **np = &nht->hash_buckets[i]; 392 393 while ((n = rcu_dereference_protected(*np, 394 lockdep_is_held(&tbl->lock))) != NULL) { 395 if (dev && n->dev != dev) { 396 np = &n->next; 397 continue; 398 } 399 if (skip_perm && n->nud_state & NUD_PERMANENT) { 400 np = &n->next; 401 continue; 402 } 403 rcu_assign_pointer(*np, 404 rcu_dereference_protected(n->next, 405 lockdep_is_held(&tbl->lock))); 406 write_lock(&n->lock); 407 neigh_del_timer(n); 408 neigh_mark_dead(n); 409 if (refcount_read(&n->refcnt) != 1) { 410 /* The most unpleasant situation. 411 We must destroy neighbour entry, 412 but someone still uses it. 413 414 The destroy will be delayed until 415 the last user releases us, but 416 we must kill timers etc. and move 417 it to safe state. 418 */ 419 __skb_queue_purge(&n->arp_queue); 420 n->arp_queue_len_bytes = 0; 421 WRITE_ONCE(n->output, neigh_blackhole); 422 if (n->nud_state & NUD_VALID) 423 n->nud_state = NUD_NOARP; 424 else 425 n->nud_state = NUD_NONE; 426 neigh_dbg(2, "neigh %p is stray\n", n); 427 } 428 write_unlock(&n->lock); 429 neigh_cleanup_and_release(n); 430 } 431 } 432} 433 434void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 435{ 436 write_lock_bh(&tbl->lock); 437 neigh_flush_dev(tbl, dev, false); 438 write_unlock_bh(&tbl->lock); 439} 440EXPORT_SYMBOL(neigh_changeaddr); 441 442static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 443 bool skip_perm) 444{ 445 write_lock_bh(&tbl->lock); 446 neigh_flush_dev(tbl, dev, skip_perm); 447 pneigh_ifdown_and_unlock(tbl, dev); 448 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 449 tbl->family); 450 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 451 del_timer_sync(&tbl->proxy_timer); 452 return 0; 453} 454 455int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 456{ 457 __neigh_ifdown(tbl, dev, true); 458 return 0; 459} 460EXPORT_SYMBOL(neigh_carrier_down); 461 462int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 463{ 464 __neigh_ifdown(tbl, dev, false); 465 return 0; 466} 467EXPORT_SYMBOL(neigh_ifdown); 468 469static struct neighbour *neigh_alloc(struct neigh_table *tbl, 470 struct net_device *dev, 471 u32 flags, bool exempt_from_gc) 472{ 473 struct neighbour *n = NULL; 474 unsigned long now = jiffies; 475 int entries, gc_thresh3; 476 477 if (exempt_from_gc) 478 goto do_alloc; 479 480 entries = atomic_inc_return(&tbl->gc_entries) - 1; 481 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 482 if (entries >= gc_thresh3 || 483 (entries >= READ_ONCE(tbl->gc_thresh2) && 484 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 485 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 486 net_info_ratelimited("%s: neighbor table overflow!\n", 487 tbl->id); 488 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 489 goto out_entries; 490 } 491 } 492 493do_alloc: 494 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 495 if (!n) 496 goto out_entries; 497 498 __skb_queue_head_init(&n->arp_queue); 499 rwlock_init(&n->lock); 500 seqlock_init(&n->ha_lock); 501 n->updated = n->used = now; 502 n->nud_state = NUD_NONE; 503 n->output = neigh_blackhole; 504 n->flags = flags; 505 seqlock_init(&n->hh.hh_lock); 506 n->parms = neigh_parms_clone(&tbl->parms); 507 timer_setup(&n->timer, neigh_timer_handler, 0); 508 509 NEIGH_CACHE_STAT_INC(tbl, allocs); 510 n->tbl = tbl; 511 refcount_set(&n->refcnt, 1); 512 n->dead = 1; 513 INIT_LIST_HEAD(&n->gc_list); 514 INIT_LIST_HEAD(&n->managed_list); 515 516 atomic_inc(&tbl->entries); 517out: 518 return n; 519 520out_entries: 521 if (!exempt_from_gc) 522 atomic_dec(&tbl->gc_entries); 523 goto out; 524} 525 526static void neigh_get_hash_rnd(u32 *x) 527{ 528 *x = get_random_u32() | 1; 529} 530 531static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 532{ 533 size_t size = (1 << shift) * sizeof(struct neighbour *); 534 struct neigh_hash_table *ret; 535 struct neighbour __rcu **buckets; 536 int i; 537 538 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 539 if (!ret) 540 return NULL; 541 if (size <= PAGE_SIZE) { 542 buckets = kzalloc(size, GFP_ATOMIC); 543 } else { 544 buckets = (struct neighbour __rcu **) 545 __get_free_pages(GFP_ATOMIC | __GFP_ZERO, 546 get_order(size)); 547 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC); 548 } 549 if (!buckets) { 550 kfree(ret); 551 return NULL; 552 } 553 ret->hash_buckets = buckets; 554 ret->hash_shift = shift; 555 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 556 neigh_get_hash_rnd(&ret->hash_rnd[i]); 557 return ret; 558} 559 560static void neigh_hash_free_rcu(struct rcu_head *head) 561{ 562 struct neigh_hash_table *nht = container_of(head, 563 struct neigh_hash_table, 564 rcu); 565 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *); 566 struct neighbour __rcu **buckets = nht->hash_buckets; 567 568 if (size <= PAGE_SIZE) { 569 kfree(buckets); 570 } else { 571 kmemleak_free(buckets); 572 free_pages((unsigned long)buckets, get_order(size)); 573 } 574 kfree(nht); 575} 576 577static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 578 unsigned long new_shift) 579{ 580 unsigned int i, hash; 581 struct neigh_hash_table *new_nht, *old_nht; 582 583 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 584 585 old_nht = rcu_dereference_protected(tbl->nht, 586 lockdep_is_held(&tbl->lock)); 587 new_nht = neigh_hash_alloc(new_shift); 588 if (!new_nht) 589 return old_nht; 590 591 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 592 struct neighbour *n, *next; 593 594 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 595 lockdep_is_held(&tbl->lock)); 596 n != NULL; 597 n = next) { 598 hash = tbl->hash(n->primary_key, n->dev, 599 new_nht->hash_rnd); 600 601 hash >>= (32 - new_nht->hash_shift); 602 next = rcu_dereference_protected(n->next, 603 lockdep_is_held(&tbl->lock)); 604 605 rcu_assign_pointer(n->next, 606 rcu_dereference_protected( 607 new_nht->hash_buckets[hash], 608 lockdep_is_held(&tbl->lock))); 609 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 610 } 611 } 612 613 rcu_assign_pointer(tbl->nht, new_nht); 614 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 615 return new_nht; 616} 617 618struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 619 struct net_device *dev) 620{ 621 struct neighbour *n; 622 623 NEIGH_CACHE_STAT_INC(tbl, lookups); 624 625 rcu_read_lock(); 626 n = __neigh_lookup_noref(tbl, pkey, dev); 627 if (n) { 628 if (!refcount_inc_not_zero(&n->refcnt)) 629 n = NULL; 630 NEIGH_CACHE_STAT_INC(tbl, hits); 631 } 632 633 rcu_read_unlock(); 634 return n; 635} 636EXPORT_SYMBOL(neigh_lookup); 637 638static struct neighbour * 639___neigh_create(struct neigh_table *tbl, const void *pkey, 640 struct net_device *dev, u32 flags, 641 bool exempt_from_gc, bool want_ref) 642{ 643 u32 hash_val, key_len = tbl->key_len; 644 struct neighbour *n1, *rc, *n; 645 struct neigh_hash_table *nht; 646 int error; 647 648 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 649 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 650 if (!n) { 651 rc = ERR_PTR(-ENOBUFS); 652 goto out; 653 } 654 655 memcpy(n->primary_key, pkey, key_len); 656 n->dev = dev; 657 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 658 659 /* Protocol specific setup. */ 660 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 661 rc = ERR_PTR(error); 662 goto out_neigh_release; 663 } 664 665 if (dev->netdev_ops->ndo_neigh_construct) { 666 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 667 if (error < 0) { 668 rc = ERR_PTR(error); 669 goto out_neigh_release; 670 } 671 } 672 673 /* Device specific setup. */ 674 if (n->parms->neigh_setup && 675 (error = n->parms->neigh_setup(n)) < 0) { 676 rc = ERR_PTR(error); 677 goto out_neigh_release; 678 } 679 680 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 681 682 write_lock_bh(&tbl->lock); 683 nht = rcu_dereference_protected(tbl->nht, 684 lockdep_is_held(&tbl->lock)); 685 686 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 687 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 688 689 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 690 691 if (n->parms->dead) { 692 rc = ERR_PTR(-EINVAL); 693 goto out_tbl_unlock; 694 } 695 696 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 697 lockdep_is_held(&tbl->lock)); 698 n1 != NULL; 699 n1 = rcu_dereference_protected(n1->next, 700 lockdep_is_held(&tbl->lock))) { 701 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 702 if (want_ref) 703 neigh_hold(n1); 704 rc = n1; 705 goto out_tbl_unlock; 706 } 707 } 708 709 n->dead = 0; 710 if (!exempt_from_gc) 711 list_add_tail(&n->gc_list, &n->tbl->gc_list); 712 if (n->flags & NTF_MANAGED) 713 list_add_tail(&n->managed_list, &n->tbl->managed_list); 714 if (want_ref) 715 neigh_hold(n); 716 rcu_assign_pointer(n->next, 717 rcu_dereference_protected(nht->hash_buckets[hash_val], 718 lockdep_is_held(&tbl->lock))); 719 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 720 write_unlock_bh(&tbl->lock); 721 neigh_dbg(2, "neigh %p is created\n", n); 722 rc = n; 723out: 724 return rc; 725out_tbl_unlock: 726 write_unlock_bh(&tbl->lock); 727out_neigh_release: 728 if (!exempt_from_gc) 729 atomic_dec(&tbl->gc_entries); 730 neigh_release(n); 731 goto out; 732} 733 734struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 735 struct net_device *dev, bool want_ref) 736{ 737 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref); 738} 739EXPORT_SYMBOL(__neigh_create); 740 741static u32 pneigh_hash(const void *pkey, unsigned int key_len) 742{ 743 u32 hash_val = *(u32 *)(pkey + key_len - 4); 744 hash_val ^= (hash_val >> 16); 745 hash_val ^= hash_val >> 8; 746 hash_val ^= hash_val >> 4; 747 hash_val &= PNEIGH_HASHMASK; 748 return hash_val; 749} 750 751static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 752 struct net *net, 753 const void *pkey, 754 unsigned int key_len, 755 struct net_device *dev) 756{ 757 while (n) { 758 if (!memcmp(n->key, pkey, key_len) && 759 net_eq(pneigh_net(n), net) && 760 (n->dev == dev || !n->dev)) 761 return n; 762 n = n->next; 763 } 764 return NULL; 765} 766 767struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 768 struct net *net, const void *pkey, struct net_device *dev) 769{ 770 unsigned int key_len = tbl->key_len; 771 u32 hash_val = pneigh_hash(pkey, key_len); 772 773 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 774 net, pkey, key_len, dev); 775} 776EXPORT_SYMBOL_GPL(__pneigh_lookup); 777 778struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 779 struct net *net, const void *pkey, 780 struct net_device *dev, int creat) 781{ 782 struct pneigh_entry *n; 783 unsigned int key_len = tbl->key_len; 784 u32 hash_val = pneigh_hash(pkey, key_len); 785 786 read_lock_bh(&tbl->lock); 787 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 788 net, pkey, key_len, dev); 789 read_unlock_bh(&tbl->lock); 790 791 if (n || !creat) 792 goto out; 793 794 ASSERT_RTNL(); 795 796 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 797 if (!n) 798 goto out; 799 800 write_pnet(&n->net, net); 801 memcpy(n->key, pkey, key_len); 802 n->dev = dev; 803 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 804 805 if (tbl->pconstructor && tbl->pconstructor(n)) { 806 netdev_put(dev, &n->dev_tracker); 807 kfree(n); 808 n = NULL; 809 goto out; 810 } 811 812 write_lock_bh(&tbl->lock); 813 n->next = tbl->phash_buckets[hash_val]; 814 tbl->phash_buckets[hash_val] = n; 815 write_unlock_bh(&tbl->lock); 816out: 817 return n; 818} 819EXPORT_SYMBOL(pneigh_lookup); 820 821 822int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 823 struct net_device *dev) 824{ 825 struct pneigh_entry *n, **np; 826 unsigned int key_len = tbl->key_len; 827 u32 hash_val = pneigh_hash(pkey, key_len); 828 829 write_lock_bh(&tbl->lock); 830 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 831 np = &n->next) { 832 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 833 net_eq(pneigh_net(n), net)) { 834 *np = n->next; 835 write_unlock_bh(&tbl->lock); 836 if (tbl->pdestructor) 837 tbl->pdestructor(n); 838 netdev_put(n->dev, &n->dev_tracker); 839 kfree(n); 840 return 0; 841 } 842 } 843 write_unlock_bh(&tbl->lock); 844 return -ENOENT; 845} 846 847static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 848 struct net_device *dev) 849{ 850 struct pneigh_entry *n, **np, *freelist = NULL; 851 u32 h; 852 853 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 854 np = &tbl->phash_buckets[h]; 855 while ((n = *np) != NULL) { 856 if (!dev || n->dev == dev) { 857 *np = n->next; 858 n->next = freelist; 859 freelist = n; 860 continue; 861 } 862 np = &n->next; 863 } 864 } 865 write_unlock_bh(&tbl->lock); 866 while ((n = freelist)) { 867 freelist = n->next; 868 n->next = NULL; 869 if (tbl->pdestructor) 870 tbl->pdestructor(n); 871 netdev_put(n->dev, &n->dev_tracker); 872 kfree(n); 873 } 874 return -ENOENT; 875} 876 877static void neigh_parms_destroy(struct neigh_parms *parms); 878 879static inline void neigh_parms_put(struct neigh_parms *parms) 880{ 881 if (refcount_dec_and_test(&parms->refcnt)) 882 neigh_parms_destroy(parms); 883} 884 885/* 886 * neighbour must already be out of the table; 887 * 888 */ 889void neigh_destroy(struct neighbour *neigh) 890{ 891 struct net_device *dev = neigh->dev; 892 893 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 894 895 if (!neigh->dead) { 896 pr_warn("Destroying alive neighbour %p\n", neigh); 897 dump_stack(); 898 return; 899 } 900 901 if (neigh_del_timer(neigh)) 902 pr_warn("Impossible event\n"); 903 904 write_lock_bh(&neigh->lock); 905 __skb_queue_purge(&neigh->arp_queue); 906 write_unlock_bh(&neigh->lock); 907 neigh->arp_queue_len_bytes = 0; 908 909 if (dev->netdev_ops->ndo_neigh_destroy) 910 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 911 912 netdev_put(dev, &neigh->dev_tracker); 913 neigh_parms_put(neigh->parms); 914 915 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 916 917 atomic_dec(&neigh->tbl->entries); 918 kfree_rcu(neigh, rcu); 919} 920EXPORT_SYMBOL(neigh_destroy); 921 922/* Neighbour state is suspicious; 923 disable fast path. 924 925 Called with write_locked neigh. 926 */ 927static void neigh_suspect(struct neighbour *neigh) 928{ 929 neigh_dbg(2, "neigh %p is suspected\n", neigh); 930 931 WRITE_ONCE(neigh->output, neigh->ops->output); 932} 933 934/* Neighbour state is OK; 935 enable fast path. 936 937 Called with write_locked neigh. 938 */ 939static void neigh_connect(struct neighbour *neigh) 940{ 941 neigh_dbg(2, "neigh %p is connected\n", neigh); 942 943 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 944} 945 946static void neigh_periodic_work(struct work_struct *work) 947{ 948 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 949 struct neighbour *n; 950 struct neighbour __rcu **np; 951 unsigned int i; 952 struct neigh_hash_table *nht; 953 954 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 955 956 write_lock_bh(&tbl->lock); 957 nht = rcu_dereference_protected(tbl->nht, 958 lockdep_is_held(&tbl->lock)); 959 960 /* 961 * periodically recompute ReachableTime from random function 962 */ 963 964 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 965 struct neigh_parms *p; 966 967 WRITE_ONCE(tbl->last_rand, jiffies); 968 list_for_each_entry(p, &tbl->parms_list, list) 969 p->reachable_time = 970 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 971 } 972 973 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 974 goto out; 975 976 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 977 np = &nht->hash_buckets[i]; 978 979 while ((n = rcu_dereference_protected(*np, 980 lockdep_is_held(&tbl->lock))) != NULL) { 981 unsigned int state; 982 983 write_lock(&n->lock); 984 985 state = n->nud_state; 986 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 987 (n->flags & NTF_EXT_LEARNED)) { 988 write_unlock(&n->lock); 989 goto next_elt; 990 } 991 992 if (time_before(n->used, n->confirmed) && 993 time_is_before_eq_jiffies(n->confirmed)) 994 n->used = n->confirmed; 995 996 if (refcount_read(&n->refcnt) == 1 && 997 (state == NUD_FAILED || 998 !time_in_range_open(jiffies, n->used, 999 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 1000 rcu_assign_pointer(*np, 1001 rcu_dereference_protected(n->next, 1002 lockdep_is_held(&tbl->lock))); 1003 neigh_mark_dead(n); 1004 write_unlock(&n->lock); 1005 neigh_cleanup_and_release(n); 1006 continue; 1007 } 1008 write_unlock(&n->lock); 1009 1010next_elt: 1011 np = &n->next; 1012 } 1013 /* 1014 * It's fine to release lock here, even if hash table 1015 * grows while we are preempted. 1016 */ 1017 write_unlock_bh(&tbl->lock); 1018 cond_resched(); 1019 write_lock_bh(&tbl->lock); 1020 nht = rcu_dereference_protected(tbl->nht, 1021 lockdep_is_held(&tbl->lock)); 1022 } 1023out: 1024 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1025 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1026 * BASE_REACHABLE_TIME. 1027 */ 1028 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1029 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1030 write_unlock_bh(&tbl->lock); 1031} 1032 1033static __inline__ int neigh_max_probes(struct neighbour *n) 1034{ 1035 struct neigh_parms *p = n->parms; 1036 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1037 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1038 NEIGH_VAR(p, MCAST_PROBES)); 1039} 1040 1041static void neigh_invalidate(struct neighbour *neigh) 1042 __releases(neigh->lock) 1043 __acquires(neigh->lock) 1044{ 1045 struct sk_buff *skb; 1046 1047 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1048 neigh_dbg(2, "neigh %p is failed\n", neigh); 1049 neigh->updated = jiffies; 1050 1051 /* It is very thin place. report_unreachable is very complicated 1052 routine. Particularly, it can hit the same neighbour entry! 1053 1054 So that, we try to be accurate and avoid dead loop. --ANK 1055 */ 1056 while (neigh->nud_state == NUD_FAILED && 1057 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1058 write_unlock(&neigh->lock); 1059 neigh->ops->error_report(neigh, skb); 1060 write_lock(&neigh->lock); 1061 } 1062 __skb_queue_purge(&neigh->arp_queue); 1063 neigh->arp_queue_len_bytes = 0; 1064} 1065 1066static void neigh_probe(struct neighbour *neigh) 1067 __releases(neigh->lock) 1068{ 1069 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1070 /* keep skb alive even if arp_queue overflows */ 1071 if (skb) 1072 skb = skb_clone(skb, GFP_ATOMIC); 1073 write_unlock(&neigh->lock); 1074 if (neigh->ops->solicit) 1075 neigh->ops->solicit(neigh, skb); 1076 atomic_inc(&neigh->probes); 1077 consume_skb(skb); 1078} 1079 1080/* Called when a timer expires for a neighbour entry. */ 1081 1082static void neigh_timer_handler(struct timer_list *t) 1083{ 1084 unsigned long now, next; 1085 struct neighbour *neigh = from_timer(neigh, t, timer); 1086 unsigned int state; 1087 int notify = 0; 1088 1089 write_lock(&neigh->lock); 1090 1091 state = neigh->nud_state; 1092 now = jiffies; 1093 next = now + HZ; 1094 1095 if (!(state & NUD_IN_TIMER)) 1096 goto out; 1097 1098 if (state & NUD_REACHABLE) { 1099 if (time_before_eq(now, 1100 neigh->confirmed + neigh->parms->reachable_time)) { 1101 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1102 next = neigh->confirmed + neigh->parms->reachable_time; 1103 } else if (time_before_eq(now, 1104 neigh->used + 1105 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1106 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1107 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1108 neigh->updated = jiffies; 1109 neigh_suspect(neigh); 1110 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1111 } else { 1112 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1113 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1114 neigh->updated = jiffies; 1115 neigh_suspect(neigh); 1116 notify = 1; 1117 } 1118 } else if (state & NUD_DELAY) { 1119 if (time_before_eq(now, 1120 neigh->confirmed + 1121 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1122 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1123 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1124 neigh->updated = jiffies; 1125 neigh_connect(neigh); 1126 notify = 1; 1127 next = neigh->confirmed + neigh->parms->reachable_time; 1128 } else { 1129 neigh_dbg(2, "neigh %p is probed\n", neigh); 1130 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1131 neigh->updated = jiffies; 1132 atomic_set(&neigh->probes, 0); 1133 notify = 1; 1134 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1135 HZ/100); 1136 } 1137 } else { 1138 /* NUD_PROBE|NUD_INCOMPLETE */ 1139 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1140 } 1141 1142 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1143 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1144 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1145 notify = 1; 1146 neigh_invalidate(neigh); 1147 goto out; 1148 } 1149 1150 if (neigh->nud_state & NUD_IN_TIMER) { 1151 if (time_before(next, jiffies + HZ/100)) 1152 next = jiffies + HZ/100; 1153 if (!mod_timer(&neigh->timer, next)) 1154 neigh_hold(neigh); 1155 } 1156 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1157 neigh_probe(neigh); 1158 } else { 1159out: 1160 write_unlock(&neigh->lock); 1161 } 1162 1163 if (notify) 1164 neigh_update_notify(neigh, 0); 1165 1166 trace_neigh_timer_handler(neigh, 0); 1167 1168 neigh_release(neigh); 1169} 1170 1171int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1172 const bool immediate_ok) 1173{ 1174 int rc; 1175 bool immediate_probe = false; 1176 1177 write_lock_bh(&neigh->lock); 1178 1179 rc = 0; 1180 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1181 goto out_unlock_bh; 1182 if (neigh->dead) 1183 goto out_dead; 1184 1185 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1186 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1187 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1188 unsigned long next, now = jiffies; 1189 1190 atomic_set(&neigh->probes, 1191 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1192 neigh_del_timer(neigh); 1193 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1194 neigh->updated = now; 1195 if (!immediate_ok) { 1196 next = now + 1; 1197 } else { 1198 immediate_probe = true; 1199 next = now + max(NEIGH_VAR(neigh->parms, 1200 RETRANS_TIME), 1201 HZ / 100); 1202 } 1203 neigh_add_timer(neigh, next); 1204 } else { 1205 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1206 neigh->updated = jiffies; 1207 write_unlock_bh(&neigh->lock); 1208 1209 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1210 return 1; 1211 } 1212 } else if (neigh->nud_state & NUD_STALE) { 1213 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1214 neigh_del_timer(neigh); 1215 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1216 neigh->updated = jiffies; 1217 neigh_add_timer(neigh, jiffies + 1218 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1219 } 1220 1221 if (neigh->nud_state == NUD_INCOMPLETE) { 1222 if (skb) { 1223 while (neigh->arp_queue_len_bytes + skb->truesize > 1224 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1225 struct sk_buff *buff; 1226 1227 buff = __skb_dequeue(&neigh->arp_queue); 1228 if (!buff) 1229 break; 1230 neigh->arp_queue_len_bytes -= buff->truesize; 1231 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1232 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1233 } 1234 skb_dst_force(skb); 1235 __skb_queue_tail(&neigh->arp_queue, skb); 1236 neigh->arp_queue_len_bytes += skb->truesize; 1237 } 1238 rc = 1; 1239 } 1240out_unlock_bh: 1241 if (immediate_probe) 1242 neigh_probe(neigh); 1243 else 1244 write_unlock(&neigh->lock); 1245 local_bh_enable(); 1246 trace_neigh_event_send_done(neigh, rc); 1247 return rc; 1248 1249out_dead: 1250 if (neigh->nud_state & NUD_STALE) 1251 goto out_unlock_bh; 1252 write_unlock_bh(&neigh->lock); 1253 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1254 trace_neigh_event_send_dead(neigh, 1); 1255 return 1; 1256} 1257EXPORT_SYMBOL(__neigh_event_send); 1258 1259static void neigh_update_hhs(struct neighbour *neigh) 1260{ 1261 struct hh_cache *hh; 1262 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1263 = NULL; 1264 1265 if (neigh->dev->header_ops) 1266 update = neigh->dev->header_ops->cache_update; 1267 1268 if (update) { 1269 hh = &neigh->hh; 1270 if (READ_ONCE(hh->hh_len)) { 1271 write_seqlock_bh(&hh->hh_lock); 1272 update(hh, neigh->dev, neigh->ha); 1273 write_sequnlock_bh(&hh->hh_lock); 1274 } 1275 } 1276} 1277 1278/* Generic update routine. 1279 -- lladdr is new lladdr or NULL, if it is not supplied. 1280 -- new is new state. 1281 -- flags 1282 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1283 if it is different. 1284 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1285 lladdr instead of overriding it 1286 if it is different. 1287 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1288 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1289 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1290 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1291 NTF_ROUTER flag. 1292 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1293 a router. 1294 1295 Caller MUST hold reference count on the entry. 1296 */ 1297static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1298 u8 new, u32 flags, u32 nlmsg_pid, 1299 struct netlink_ext_ack *extack) 1300{ 1301 bool gc_update = false, managed_update = false; 1302 int update_isrouter = 0; 1303 struct net_device *dev; 1304 int err, notify = 0; 1305 u8 old; 1306 1307 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1308 1309 write_lock_bh(&neigh->lock); 1310 1311 dev = neigh->dev; 1312 old = neigh->nud_state; 1313 err = -EPERM; 1314 1315 if (neigh->dead) { 1316 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1317 new = old; 1318 goto out; 1319 } 1320 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1321 (old & (NUD_NOARP | NUD_PERMANENT))) 1322 goto out; 1323 1324 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1325 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1326 new = old & ~NUD_PERMANENT; 1327 WRITE_ONCE(neigh->nud_state, new); 1328 err = 0; 1329 goto out; 1330 } 1331 1332 if (!(new & NUD_VALID)) { 1333 neigh_del_timer(neigh); 1334 if (old & NUD_CONNECTED) 1335 neigh_suspect(neigh); 1336 WRITE_ONCE(neigh->nud_state, new); 1337 err = 0; 1338 notify = old & NUD_VALID; 1339 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1340 (new & NUD_FAILED)) { 1341 neigh_invalidate(neigh); 1342 notify = 1; 1343 } 1344 goto out; 1345 } 1346 1347 /* Compare new lladdr with cached one */ 1348 if (!dev->addr_len) { 1349 /* First case: device needs no address. */ 1350 lladdr = neigh->ha; 1351 } else if (lladdr) { 1352 /* The second case: if something is already cached 1353 and a new address is proposed: 1354 - compare new & old 1355 - if they are different, check override flag 1356 */ 1357 if ((old & NUD_VALID) && 1358 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1359 lladdr = neigh->ha; 1360 } else { 1361 /* No address is supplied; if we know something, 1362 use it, otherwise discard the request. 1363 */ 1364 err = -EINVAL; 1365 if (!(old & NUD_VALID)) { 1366 NL_SET_ERR_MSG(extack, "No link layer address given"); 1367 goto out; 1368 } 1369 lladdr = neigh->ha; 1370 } 1371 1372 /* Update confirmed timestamp for neighbour entry after we 1373 * received ARP packet even if it doesn't change IP to MAC binding. 1374 */ 1375 if (new & NUD_CONNECTED) 1376 neigh->confirmed = jiffies; 1377 1378 /* If entry was valid and address is not changed, 1379 do not change entry state, if new one is STALE. 1380 */ 1381 err = 0; 1382 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1383 if (old & NUD_VALID) { 1384 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1385 update_isrouter = 0; 1386 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1387 (old & NUD_CONNECTED)) { 1388 lladdr = neigh->ha; 1389 new = NUD_STALE; 1390 } else 1391 goto out; 1392 } else { 1393 if (lladdr == neigh->ha && new == NUD_STALE && 1394 !(flags & NEIGH_UPDATE_F_ADMIN)) 1395 new = old; 1396 } 1397 } 1398 1399 /* Update timestamp only once we know we will make a change to the 1400 * neighbour entry. Otherwise we risk to move the locktime window with 1401 * noop updates and ignore relevant ARP updates. 1402 */ 1403 if (new != old || lladdr != neigh->ha) 1404 neigh->updated = jiffies; 1405 1406 if (new != old) { 1407 neigh_del_timer(neigh); 1408 if (new & NUD_PROBE) 1409 atomic_set(&neigh->probes, 0); 1410 if (new & NUD_IN_TIMER) 1411 neigh_add_timer(neigh, (jiffies + 1412 ((new & NUD_REACHABLE) ? 1413 neigh->parms->reachable_time : 1414 0))); 1415 WRITE_ONCE(neigh->nud_state, new); 1416 notify = 1; 1417 } 1418 1419 if (lladdr != neigh->ha) { 1420 write_seqlock(&neigh->ha_lock); 1421 memcpy(&neigh->ha, lladdr, dev->addr_len); 1422 write_sequnlock(&neigh->ha_lock); 1423 neigh_update_hhs(neigh); 1424 if (!(new & NUD_CONNECTED)) 1425 neigh->confirmed = jiffies - 1426 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1427 notify = 1; 1428 } 1429 if (new == old) 1430 goto out; 1431 if (new & NUD_CONNECTED) 1432 neigh_connect(neigh); 1433 else 1434 neigh_suspect(neigh); 1435 if (!(old & NUD_VALID)) { 1436 struct sk_buff *skb; 1437 1438 /* Again: avoid dead loop if something went wrong */ 1439 1440 while (neigh->nud_state & NUD_VALID && 1441 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1442 struct dst_entry *dst = skb_dst(skb); 1443 struct neighbour *n2, *n1 = neigh; 1444 write_unlock_bh(&neigh->lock); 1445 1446 rcu_read_lock(); 1447 1448 /* Why not just use 'neigh' as-is? The problem is that 1449 * things such as shaper, eql, and sch_teql can end up 1450 * using alternative, different, neigh objects to output 1451 * the packet in the output path. So what we need to do 1452 * here is re-lookup the top-level neigh in the path so 1453 * we can reinject the packet there. 1454 */ 1455 n2 = NULL; 1456 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1457 n2 = dst_neigh_lookup_skb(dst, skb); 1458 if (n2) 1459 n1 = n2; 1460 } 1461 READ_ONCE(n1->output)(n1, skb); 1462 if (n2) 1463 neigh_release(n2); 1464 rcu_read_unlock(); 1465 1466 write_lock_bh(&neigh->lock); 1467 } 1468 __skb_queue_purge(&neigh->arp_queue); 1469 neigh->arp_queue_len_bytes = 0; 1470 } 1471out: 1472 if (update_isrouter) 1473 neigh_update_is_router(neigh, flags, ¬ify); 1474 write_unlock_bh(&neigh->lock); 1475 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1476 neigh_update_gc_list(neigh); 1477 if (managed_update) 1478 neigh_update_managed_list(neigh); 1479 if (notify) 1480 neigh_update_notify(neigh, nlmsg_pid); 1481 trace_neigh_update_done(neigh, err); 1482 return err; 1483} 1484 1485int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1486 u32 flags, u32 nlmsg_pid) 1487{ 1488 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1489} 1490EXPORT_SYMBOL(neigh_update); 1491 1492/* Update the neigh to listen temporarily for probe responses, even if it is 1493 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1494 */ 1495void __neigh_set_probe_once(struct neighbour *neigh) 1496{ 1497 if (neigh->dead) 1498 return; 1499 neigh->updated = jiffies; 1500 if (!(neigh->nud_state & NUD_FAILED)) 1501 return; 1502 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1503 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1504 neigh_add_timer(neigh, 1505 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1506 HZ/100)); 1507} 1508EXPORT_SYMBOL(__neigh_set_probe_once); 1509 1510struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1511 u8 *lladdr, void *saddr, 1512 struct net_device *dev) 1513{ 1514 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1515 lladdr || !dev->addr_len); 1516 if (neigh) 1517 neigh_update(neigh, lladdr, NUD_STALE, 1518 NEIGH_UPDATE_F_OVERRIDE, 0); 1519 return neigh; 1520} 1521EXPORT_SYMBOL(neigh_event_ns); 1522 1523/* called with read_lock_bh(&n->lock); */ 1524static void neigh_hh_init(struct neighbour *n) 1525{ 1526 struct net_device *dev = n->dev; 1527 __be16 prot = n->tbl->protocol; 1528 struct hh_cache *hh = &n->hh; 1529 1530 write_lock_bh(&n->lock); 1531 1532 /* Only one thread can come in here and initialize the 1533 * hh_cache entry. 1534 */ 1535 if (!hh->hh_len) 1536 dev->header_ops->cache(n, hh, prot); 1537 1538 write_unlock_bh(&n->lock); 1539} 1540 1541/* Slow and careful. */ 1542 1543int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1544{ 1545 int rc = 0; 1546 1547 if (!neigh_event_send(neigh, skb)) { 1548 int err; 1549 struct net_device *dev = neigh->dev; 1550 unsigned int seq; 1551 1552 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1553 neigh_hh_init(neigh); 1554 1555 do { 1556 __skb_pull(skb, skb_network_offset(skb)); 1557 seq = read_seqbegin(&neigh->ha_lock); 1558 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1559 neigh->ha, NULL, skb->len); 1560 } while (read_seqretry(&neigh->ha_lock, seq)); 1561 1562 if (err >= 0) 1563 rc = dev_queue_xmit(skb); 1564 else 1565 goto out_kfree_skb; 1566 } 1567out: 1568 return rc; 1569out_kfree_skb: 1570 rc = -EINVAL; 1571 kfree_skb(skb); 1572 goto out; 1573} 1574EXPORT_SYMBOL(neigh_resolve_output); 1575 1576/* As fast as possible without hh cache */ 1577 1578int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1579{ 1580 struct net_device *dev = neigh->dev; 1581 unsigned int seq; 1582 int err; 1583 1584 do { 1585 __skb_pull(skb, skb_network_offset(skb)); 1586 seq = read_seqbegin(&neigh->ha_lock); 1587 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1588 neigh->ha, NULL, skb->len); 1589 } while (read_seqretry(&neigh->ha_lock, seq)); 1590 1591 if (err >= 0) 1592 err = dev_queue_xmit(skb); 1593 else { 1594 err = -EINVAL; 1595 kfree_skb(skb); 1596 } 1597 return err; 1598} 1599EXPORT_SYMBOL(neigh_connected_output); 1600 1601int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1602{ 1603 return dev_queue_xmit(skb); 1604} 1605EXPORT_SYMBOL(neigh_direct_output); 1606 1607static void neigh_managed_work(struct work_struct *work) 1608{ 1609 struct neigh_table *tbl = container_of(work, struct neigh_table, 1610 managed_work.work); 1611 struct neighbour *neigh; 1612 1613 write_lock_bh(&tbl->lock); 1614 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1615 neigh_event_send_probe(neigh, NULL, false); 1616 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1617 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1618 write_unlock_bh(&tbl->lock); 1619} 1620 1621static void neigh_proxy_process(struct timer_list *t) 1622{ 1623 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1624 long sched_next = 0; 1625 unsigned long now = jiffies; 1626 struct sk_buff *skb, *n; 1627 1628 spin_lock(&tbl->proxy_queue.lock); 1629 1630 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1631 long tdif = NEIGH_CB(skb)->sched_next - now; 1632 1633 if (tdif <= 0) { 1634 struct net_device *dev = skb->dev; 1635 1636 neigh_parms_qlen_dec(dev, tbl->family); 1637 __skb_unlink(skb, &tbl->proxy_queue); 1638 1639 if (tbl->proxy_redo && netif_running(dev)) { 1640 rcu_read_lock(); 1641 tbl->proxy_redo(skb); 1642 rcu_read_unlock(); 1643 } else { 1644 kfree_skb(skb); 1645 } 1646 1647 dev_put(dev); 1648 } else if (!sched_next || tdif < sched_next) 1649 sched_next = tdif; 1650 } 1651 del_timer(&tbl->proxy_timer); 1652 if (sched_next) 1653 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1654 spin_unlock(&tbl->proxy_queue.lock); 1655} 1656 1657static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1658{ 1659 /* If proxy_delay is zero, do not call get_random_u32_below() 1660 * as it is undefined behavior. 1661 */ 1662 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1663 1664 return proxy_delay ? 1665 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1666} 1667 1668void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1669 struct sk_buff *skb) 1670{ 1671 unsigned long sched_next = neigh_proxy_delay(p); 1672 1673 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1674 kfree_skb(skb); 1675 return; 1676 } 1677 1678 NEIGH_CB(skb)->sched_next = sched_next; 1679 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1680 1681 spin_lock(&tbl->proxy_queue.lock); 1682 if (del_timer(&tbl->proxy_timer)) { 1683 if (time_before(tbl->proxy_timer.expires, sched_next)) 1684 sched_next = tbl->proxy_timer.expires; 1685 } 1686 skb_dst_drop(skb); 1687 dev_hold(skb->dev); 1688 __skb_queue_tail(&tbl->proxy_queue, skb); 1689 p->qlen++; 1690 mod_timer(&tbl->proxy_timer, sched_next); 1691 spin_unlock(&tbl->proxy_queue.lock); 1692} 1693EXPORT_SYMBOL(pneigh_enqueue); 1694 1695static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1696 struct net *net, int ifindex) 1697{ 1698 struct neigh_parms *p; 1699 1700 list_for_each_entry(p, &tbl->parms_list, list) { 1701 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1702 (!p->dev && !ifindex && net_eq(net, &init_net))) 1703 return p; 1704 } 1705 1706 return NULL; 1707} 1708 1709struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1710 struct neigh_table *tbl) 1711{ 1712 struct neigh_parms *p; 1713 struct net *net = dev_net(dev); 1714 const struct net_device_ops *ops = dev->netdev_ops; 1715 1716 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1717 if (p) { 1718 p->tbl = tbl; 1719 refcount_set(&p->refcnt, 1); 1720 p->reachable_time = 1721 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1722 p->qlen = 0; 1723 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1724 p->dev = dev; 1725 write_pnet(&p->net, net); 1726 p->sysctl_table = NULL; 1727 1728 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1729 netdev_put(dev, &p->dev_tracker); 1730 kfree(p); 1731 return NULL; 1732 } 1733 1734 write_lock_bh(&tbl->lock); 1735 list_add(&p->list, &tbl->parms.list); 1736 write_unlock_bh(&tbl->lock); 1737 1738 neigh_parms_data_state_cleanall(p); 1739 } 1740 return p; 1741} 1742EXPORT_SYMBOL(neigh_parms_alloc); 1743 1744static void neigh_rcu_free_parms(struct rcu_head *head) 1745{ 1746 struct neigh_parms *parms = 1747 container_of(head, struct neigh_parms, rcu_head); 1748 1749 neigh_parms_put(parms); 1750} 1751 1752void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1753{ 1754 if (!parms || parms == &tbl->parms) 1755 return; 1756 write_lock_bh(&tbl->lock); 1757 list_del(&parms->list); 1758 parms->dead = 1; 1759 write_unlock_bh(&tbl->lock); 1760 netdev_put(parms->dev, &parms->dev_tracker); 1761 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1762} 1763EXPORT_SYMBOL(neigh_parms_release); 1764 1765static void neigh_parms_destroy(struct neigh_parms *parms) 1766{ 1767 kfree(parms); 1768} 1769 1770static struct lock_class_key neigh_table_proxy_queue_class; 1771 1772static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1773 1774void neigh_table_init(int index, struct neigh_table *tbl) 1775{ 1776 unsigned long now = jiffies; 1777 unsigned long phsize; 1778 1779 INIT_LIST_HEAD(&tbl->parms_list); 1780 INIT_LIST_HEAD(&tbl->gc_list); 1781 INIT_LIST_HEAD(&tbl->managed_list); 1782 1783 list_add(&tbl->parms.list, &tbl->parms_list); 1784 write_pnet(&tbl->parms.net, &init_net); 1785 refcount_set(&tbl->parms.refcnt, 1); 1786 tbl->parms.reachable_time = 1787 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1788 tbl->parms.qlen = 0; 1789 1790 tbl->stats = alloc_percpu(struct neigh_statistics); 1791 if (!tbl->stats) 1792 panic("cannot create neighbour cache statistics"); 1793 1794#ifdef CONFIG_PROC_FS 1795 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1796 &neigh_stat_seq_ops, tbl)) 1797 panic("cannot create neighbour proc dir entry"); 1798#endif 1799 1800 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1801 1802 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1803 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1804 1805 if (!tbl->nht || !tbl->phash_buckets) 1806 panic("cannot allocate neighbour cache hashes"); 1807 1808 if (!tbl->entry_size) 1809 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1810 tbl->key_len, NEIGH_PRIV_ALIGN); 1811 else 1812 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1813 1814 rwlock_init(&tbl->lock); 1815 1816 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1817 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1818 tbl->parms.reachable_time); 1819 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1820 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1821 1822 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1823 skb_queue_head_init_class(&tbl->proxy_queue, 1824 &neigh_table_proxy_queue_class); 1825 1826 tbl->last_flush = now; 1827 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1828 1829 neigh_tables[index] = tbl; 1830} 1831EXPORT_SYMBOL(neigh_table_init); 1832 1833int neigh_table_clear(int index, struct neigh_table *tbl) 1834{ 1835 neigh_tables[index] = NULL; 1836 /* It is not clean... Fix it to unload IPv6 module safely */ 1837 cancel_delayed_work_sync(&tbl->managed_work); 1838 cancel_delayed_work_sync(&tbl->gc_work); 1839 del_timer_sync(&tbl->proxy_timer); 1840 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1841 neigh_ifdown(tbl, NULL); 1842 if (atomic_read(&tbl->entries)) 1843 pr_crit("neighbour leakage\n"); 1844 1845 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1846 neigh_hash_free_rcu); 1847 tbl->nht = NULL; 1848 1849 kfree(tbl->phash_buckets); 1850 tbl->phash_buckets = NULL; 1851 1852 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1853 1854 free_percpu(tbl->stats); 1855 tbl->stats = NULL; 1856 1857 return 0; 1858} 1859EXPORT_SYMBOL(neigh_table_clear); 1860 1861static struct neigh_table *neigh_find_table(int family) 1862{ 1863 struct neigh_table *tbl = NULL; 1864 1865 switch (family) { 1866 case AF_INET: 1867 tbl = neigh_tables[NEIGH_ARP_TABLE]; 1868 break; 1869 case AF_INET6: 1870 tbl = neigh_tables[NEIGH_ND_TABLE]; 1871 break; 1872 } 1873 1874 return tbl; 1875} 1876 1877const struct nla_policy nda_policy[NDA_MAX+1] = { 1878 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1879 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1880 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1881 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1882 [NDA_PROBES] = { .type = NLA_U32 }, 1883 [NDA_VLAN] = { .type = NLA_U16 }, 1884 [NDA_PORT] = { .type = NLA_U16 }, 1885 [NDA_VNI] = { .type = NLA_U32 }, 1886 [NDA_IFINDEX] = { .type = NLA_U32 }, 1887 [NDA_MASTER] = { .type = NLA_U32 }, 1888 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1889 [NDA_NH_ID] = { .type = NLA_U32 }, 1890 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1891 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1892}; 1893 1894static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1895 struct netlink_ext_ack *extack) 1896{ 1897 struct net *net = sock_net(skb->sk); 1898 struct ndmsg *ndm; 1899 struct nlattr *dst_attr; 1900 struct neigh_table *tbl; 1901 struct neighbour *neigh; 1902 struct net_device *dev = NULL; 1903 int err = -EINVAL; 1904 1905 ASSERT_RTNL(); 1906 if (nlmsg_len(nlh) < sizeof(*ndm)) 1907 goto out; 1908 1909 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1910 if (!dst_attr) { 1911 NL_SET_ERR_MSG(extack, "Network address not specified"); 1912 goto out; 1913 } 1914 1915 ndm = nlmsg_data(nlh); 1916 if (ndm->ndm_ifindex) { 1917 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1918 if (dev == NULL) { 1919 err = -ENODEV; 1920 goto out; 1921 } 1922 } 1923 1924 tbl = neigh_find_table(ndm->ndm_family); 1925 if (tbl == NULL) 1926 return -EAFNOSUPPORT; 1927 1928 if (nla_len(dst_attr) < (int)tbl->key_len) { 1929 NL_SET_ERR_MSG(extack, "Invalid network address"); 1930 goto out; 1931 } 1932 1933 if (ndm->ndm_flags & NTF_PROXY) { 1934 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1935 goto out; 1936 } 1937 1938 if (dev == NULL) 1939 goto out; 1940 1941 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1942 if (neigh == NULL) { 1943 err = -ENOENT; 1944 goto out; 1945 } 1946 1947 err = __neigh_update(neigh, NULL, NUD_FAILED, 1948 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1949 NETLINK_CB(skb).portid, extack); 1950 write_lock_bh(&tbl->lock); 1951 neigh_release(neigh); 1952 neigh_remove_one(neigh, tbl); 1953 write_unlock_bh(&tbl->lock); 1954 1955out: 1956 return err; 1957} 1958 1959static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1960 struct netlink_ext_ack *extack) 1961{ 1962 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1963 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1964 struct net *net = sock_net(skb->sk); 1965 struct ndmsg *ndm; 1966 struct nlattr *tb[NDA_MAX+1]; 1967 struct neigh_table *tbl; 1968 struct net_device *dev = NULL; 1969 struct neighbour *neigh; 1970 void *dst, *lladdr; 1971 u8 protocol = 0; 1972 u32 ndm_flags; 1973 int err; 1974 1975 ASSERT_RTNL(); 1976 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1977 nda_policy, extack); 1978 if (err < 0) 1979 goto out; 1980 1981 err = -EINVAL; 1982 if (!tb[NDA_DST]) { 1983 NL_SET_ERR_MSG(extack, "Network address not specified"); 1984 goto out; 1985 } 1986 1987 ndm = nlmsg_data(nlh); 1988 ndm_flags = ndm->ndm_flags; 1989 if (tb[NDA_FLAGS_EXT]) { 1990 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1991 1992 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1993 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1994 hweight32(NTF_EXT_MASK))); 1995 ndm_flags |= (ext << NTF_EXT_SHIFT); 1996 } 1997 if (ndm->ndm_ifindex) { 1998 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1999 if (dev == NULL) { 2000 err = -ENODEV; 2001 goto out; 2002 } 2003 2004 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 2005 NL_SET_ERR_MSG(extack, "Invalid link address"); 2006 goto out; 2007 } 2008 } 2009 2010 tbl = neigh_find_table(ndm->ndm_family); 2011 if (tbl == NULL) 2012 return -EAFNOSUPPORT; 2013 2014 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 2015 NL_SET_ERR_MSG(extack, "Invalid network address"); 2016 goto out; 2017 } 2018 2019 dst = nla_data(tb[NDA_DST]); 2020 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2021 2022 if (tb[NDA_PROTOCOL]) 2023 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2024 if (ndm_flags & NTF_PROXY) { 2025 struct pneigh_entry *pn; 2026 2027 if (ndm_flags & NTF_MANAGED) { 2028 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2029 goto out; 2030 } 2031 2032 err = -ENOBUFS; 2033 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2034 if (pn) { 2035 pn->flags = ndm_flags; 2036 if (protocol) 2037 pn->protocol = protocol; 2038 err = 0; 2039 } 2040 goto out; 2041 } 2042 2043 if (!dev) { 2044 NL_SET_ERR_MSG(extack, "Device not specified"); 2045 goto out; 2046 } 2047 2048 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2049 err = -EINVAL; 2050 goto out; 2051 } 2052 2053 neigh = neigh_lookup(tbl, dst, dev); 2054 if (neigh == NULL) { 2055 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2056 bool exempt_from_gc = ndm_permanent || 2057 ndm_flags & NTF_EXT_LEARNED; 2058 2059 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2060 err = -ENOENT; 2061 goto out; 2062 } 2063 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2064 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2065 err = -EINVAL; 2066 goto out; 2067 } 2068 2069 neigh = ___neigh_create(tbl, dst, dev, 2070 ndm_flags & 2071 (NTF_EXT_LEARNED | NTF_MANAGED), 2072 exempt_from_gc, true); 2073 if (IS_ERR(neigh)) { 2074 err = PTR_ERR(neigh); 2075 goto out; 2076 } 2077 } else { 2078 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2079 err = -EEXIST; 2080 neigh_release(neigh); 2081 goto out; 2082 } 2083 2084 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2085 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2086 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2087 } 2088 2089 if (protocol) 2090 neigh->protocol = protocol; 2091 if (ndm_flags & NTF_EXT_LEARNED) 2092 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2093 if (ndm_flags & NTF_ROUTER) 2094 flags |= NEIGH_UPDATE_F_ISROUTER; 2095 if (ndm_flags & NTF_MANAGED) 2096 flags |= NEIGH_UPDATE_F_MANAGED; 2097 if (ndm_flags & NTF_USE) 2098 flags |= NEIGH_UPDATE_F_USE; 2099 2100 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2101 NETLINK_CB(skb).portid, extack); 2102 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2103 neigh_event_send(neigh, NULL); 2104 err = 0; 2105 } 2106 neigh_release(neigh); 2107out: 2108 return err; 2109} 2110 2111static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2112{ 2113 struct nlattr *nest; 2114 2115 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2116 if (nest == NULL) 2117 return -ENOBUFS; 2118 2119 if ((parms->dev && 2120 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2121 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2122 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2123 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2124 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2125 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2126 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2127 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2128 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2129 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2130 NEIGH_VAR(parms, UCAST_PROBES)) || 2131 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2132 NEIGH_VAR(parms, MCAST_PROBES)) || 2133 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2134 NEIGH_VAR(parms, MCAST_REPROBES)) || 2135 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2136 NDTPA_PAD) || 2137 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2138 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2139 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2140 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2141 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2142 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2143 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2144 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2145 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2146 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2147 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2148 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2149 nla_put_msecs(skb, NDTPA_LOCKTIME, 2150 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2151 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2152 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2153 goto nla_put_failure; 2154 return nla_nest_end(skb, nest); 2155 2156nla_put_failure: 2157 nla_nest_cancel(skb, nest); 2158 return -EMSGSIZE; 2159} 2160 2161static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2162 u32 pid, u32 seq, int type, int flags) 2163{ 2164 struct nlmsghdr *nlh; 2165 struct ndtmsg *ndtmsg; 2166 2167 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2168 if (nlh == NULL) 2169 return -EMSGSIZE; 2170 2171 ndtmsg = nlmsg_data(nlh); 2172 2173 read_lock_bh(&tbl->lock); 2174 ndtmsg->ndtm_family = tbl->family; 2175 ndtmsg->ndtm_pad1 = 0; 2176 ndtmsg->ndtm_pad2 = 0; 2177 2178 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2179 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2180 NDTA_PAD) || 2181 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2182 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2183 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2184 goto nla_put_failure; 2185 { 2186 unsigned long now = jiffies; 2187 long flush_delta = now - READ_ONCE(tbl->last_flush); 2188 long rand_delta = now - READ_ONCE(tbl->last_rand); 2189 struct neigh_hash_table *nht; 2190 struct ndt_config ndc = { 2191 .ndtc_key_len = tbl->key_len, 2192 .ndtc_entry_size = tbl->entry_size, 2193 .ndtc_entries = atomic_read(&tbl->entries), 2194 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2195 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2196 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2197 }; 2198 2199 rcu_read_lock(); 2200 nht = rcu_dereference(tbl->nht); 2201 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2202 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2203 rcu_read_unlock(); 2204 2205 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2206 goto nla_put_failure; 2207 } 2208 2209 { 2210 int cpu; 2211 struct ndt_stats ndst; 2212 2213 memset(&ndst, 0, sizeof(ndst)); 2214 2215 for_each_possible_cpu(cpu) { 2216 struct neigh_statistics *st; 2217 2218 st = per_cpu_ptr(tbl->stats, cpu); 2219 ndst.ndts_allocs += READ_ONCE(st->allocs); 2220 ndst.ndts_destroys += READ_ONCE(st->destroys); 2221 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2222 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2223 ndst.ndts_lookups += READ_ONCE(st->lookups); 2224 ndst.ndts_hits += READ_ONCE(st->hits); 2225 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2226 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2227 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2228 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2229 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2230 } 2231 2232 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2233 NDTA_PAD)) 2234 goto nla_put_failure; 2235 } 2236 2237 BUG_ON(tbl->parms.dev); 2238 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2239 goto nla_put_failure; 2240 2241 read_unlock_bh(&tbl->lock); 2242 nlmsg_end(skb, nlh); 2243 return 0; 2244 2245nla_put_failure: 2246 read_unlock_bh(&tbl->lock); 2247 nlmsg_cancel(skb, nlh); 2248 return -EMSGSIZE; 2249} 2250 2251static int neightbl_fill_param_info(struct sk_buff *skb, 2252 struct neigh_table *tbl, 2253 struct neigh_parms *parms, 2254 u32 pid, u32 seq, int type, 2255 unsigned int flags) 2256{ 2257 struct ndtmsg *ndtmsg; 2258 struct nlmsghdr *nlh; 2259 2260 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2261 if (nlh == NULL) 2262 return -EMSGSIZE; 2263 2264 ndtmsg = nlmsg_data(nlh); 2265 2266 read_lock_bh(&tbl->lock); 2267 ndtmsg->ndtm_family = tbl->family; 2268 ndtmsg->ndtm_pad1 = 0; 2269 ndtmsg->ndtm_pad2 = 0; 2270 2271 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2272 neightbl_fill_parms(skb, parms) < 0) 2273 goto errout; 2274 2275 read_unlock_bh(&tbl->lock); 2276 nlmsg_end(skb, nlh); 2277 return 0; 2278errout: 2279 read_unlock_bh(&tbl->lock); 2280 nlmsg_cancel(skb, nlh); 2281 return -EMSGSIZE; 2282} 2283 2284static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2285 [NDTA_NAME] = { .type = NLA_STRING }, 2286 [NDTA_THRESH1] = { .type = NLA_U32 }, 2287 [NDTA_THRESH2] = { .type = NLA_U32 }, 2288 [NDTA_THRESH3] = { .type = NLA_U32 }, 2289 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2290 [NDTA_PARMS] = { .type = NLA_NESTED }, 2291}; 2292 2293static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2294 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2295 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2296 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2297 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2298 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2299 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2300 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2301 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2302 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2303 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2304 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2305 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2306 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2307 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2308 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2309}; 2310 2311static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2312 struct netlink_ext_ack *extack) 2313{ 2314 struct net *net = sock_net(skb->sk); 2315 struct neigh_table *tbl; 2316 struct ndtmsg *ndtmsg; 2317 struct nlattr *tb[NDTA_MAX+1]; 2318 bool found = false; 2319 int err, tidx; 2320 2321 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2322 nl_neightbl_policy, extack); 2323 if (err < 0) 2324 goto errout; 2325 2326 if (tb[NDTA_NAME] == NULL) { 2327 err = -EINVAL; 2328 goto errout; 2329 } 2330 2331 ndtmsg = nlmsg_data(nlh); 2332 2333 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2334 tbl = neigh_tables[tidx]; 2335 if (!tbl) 2336 continue; 2337 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2338 continue; 2339 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2340 found = true; 2341 break; 2342 } 2343 } 2344 2345 if (!found) 2346 return -ENOENT; 2347 2348 /* 2349 * We acquire tbl->lock to be nice to the periodic timers and 2350 * make sure they always see a consistent set of values. 2351 */ 2352 write_lock_bh(&tbl->lock); 2353 2354 if (tb[NDTA_PARMS]) { 2355 struct nlattr *tbp[NDTPA_MAX+1]; 2356 struct neigh_parms *p; 2357 int i, ifindex = 0; 2358 2359 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2360 tb[NDTA_PARMS], 2361 nl_ntbl_parm_policy, extack); 2362 if (err < 0) 2363 goto errout_tbl_lock; 2364 2365 if (tbp[NDTPA_IFINDEX]) 2366 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2367 2368 p = lookup_neigh_parms(tbl, net, ifindex); 2369 if (p == NULL) { 2370 err = -ENOENT; 2371 goto errout_tbl_lock; 2372 } 2373 2374 for (i = 1; i <= NDTPA_MAX; i++) { 2375 if (tbp[i] == NULL) 2376 continue; 2377 2378 switch (i) { 2379 case NDTPA_QUEUE_LEN: 2380 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2381 nla_get_u32(tbp[i]) * 2382 SKB_TRUESIZE(ETH_FRAME_LEN)); 2383 break; 2384 case NDTPA_QUEUE_LENBYTES: 2385 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2386 nla_get_u32(tbp[i])); 2387 break; 2388 case NDTPA_PROXY_QLEN: 2389 NEIGH_VAR_SET(p, PROXY_QLEN, 2390 nla_get_u32(tbp[i])); 2391 break; 2392 case NDTPA_APP_PROBES: 2393 NEIGH_VAR_SET(p, APP_PROBES, 2394 nla_get_u32(tbp[i])); 2395 break; 2396 case NDTPA_UCAST_PROBES: 2397 NEIGH_VAR_SET(p, UCAST_PROBES, 2398 nla_get_u32(tbp[i])); 2399 break; 2400 case NDTPA_MCAST_PROBES: 2401 NEIGH_VAR_SET(p, MCAST_PROBES, 2402 nla_get_u32(tbp[i])); 2403 break; 2404 case NDTPA_MCAST_REPROBES: 2405 NEIGH_VAR_SET(p, MCAST_REPROBES, 2406 nla_get_u32(tbp[i])); 2407 break; 2408 case NDTPA_BASE_REACHABLE_TIME: 2409 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2410 nla_get_msecs(tbp[i])); 2411 /* update reachable_time as well, otherwise, the change will 2412 * only be effective after the next time neigh_periodic_work 2413 * decides to recompute it (can be multiple minutes) 2414 */ 2415 p->reachable_time = 2416 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2417 break; 2418 case NDTPA_GC_STALETIME: 2419 NEIGH_VAR_SET(p, GC_STALETIME, 2420 nla_get_msecs(tbp[i])); 2421 break; 2422 case NDTPA_DELAY_PROBE_TIME: 2423 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2424 nla_get_msecs(tbp[i])); 2425 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2426 break; 2427 case NDTPA_INTERVAL_PROBE_TIME_MS: 2428 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2429 nla_get_msecs(tbp[i])); 2430 break; 2431 case NDTPA_RETRANS_TIME: 2432 NEIGH_VAR_SET(p, RETRANS_TIME, 2433 nla_get_msecs(tbp[i])); 2434 break; 2435 case NDTPA_ANYCAST_DELAY: 2436 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2437 nla_get_msecs(tbp[i])); 2438 break; 2439 case NDTPA_PROXY_DELAY: 2440 NEIGH_VAR_SET(p, PROXY_DELAY, 2441 nla_get_msecs(tbp[i])); 2442 break; 2443 case NDTPA_LOCKTIME: 2444 NEIGH_VAR_SET(p, LOCKTIME, 2445 nla_get_msecs(tbp[i])); 2446 break; 2447 } 2448 } 2449 } 2450 2451 err = -ENOENT; 2452 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2453 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2454 !net_eq(net, &init_net)) 2455 goto errout_tbl_lock; 2456 2457 if (tb[NDTA_THRESH1]) 2458 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2459 2460 if (tb[NDTA_THRESH2]) 2461 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2462 2463 if (tb[NDTA_THRESH3]) 2464 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2465 2466 if (tb[NDTA_GC_INTERVAL]) 2467 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2468 2469 err = 0; 2470 2471errout_tbl_lock: 2472 write_unlock_bh(&tbl->lock); 2473errout: 2474 return err; 2475} 2476 2477static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2478 struct netlink_ext_ack *extack) 2479{ 2480 struct ndtmsg *ndtm; 2481 2482 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2483 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2484 return -EINVAL; 2485 } 2486 2487 ndtm = nlmsg_data(nlh); 2488 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2489 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2490 return -EINVAL; 2491 } 2492 2493 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2494 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2495 return -EINVAL; 2496 } 2497 2498 return 0; 2499} 2500 2501static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2502{ 2503 const struct nlmsghdr *nlh = cb->nlh; 2504 struct net *net = sock_net(skb->sk); 2505 int family, tidx, nidx = 0; 2506 int tbl_skip = cb->args[0]; 2507 int neigh_skip = cb->args[1]; 2508 struct neigh_table *tbl; 2509 2510 if (cb->strict_check) { 2511 int err = neightbl_valid_dump_info(nlh, cb->extack); 2512 2513 if (err < 0) 2514 return err; 2515 } 2516 2517 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2518 2519 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2520 struct neigh_parms *p; 2521 2522 tbl = neigh_tables[tidx]; 2523 if (!tbl) 2524 continue; 2525 2526 if (tidx < tbl_skip || (family && tbl->family != family)) 2527 continue; 2528 2529 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2530 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2531 NLM_F_MULTI) < 0) 2532 break; 2533 2534 nidx = 0; 2535 p = list_next_entry(&tbl->parms, list); 2536 list_for_each_entry_from(p, &tbl->parms_list, list) { 2537 if (!net_eq(neigh_parms_net(p), net)) 2538 continue; 2539 2540 if (nidx < neigh_skip) 2541 goto next; 2542 2543 if (neightbl_fill_param_info(skb, tbl, p, 2544 NETLINK_CB(cb->skb).portid, 2545 nlh->nlmsg_seq, 2546 RTM_NEWNEIGHTBL, 2547 NLM_F_MULTI) < 0) 2548 goto out; 2549 next: 2550 nidx++; 2551 } 2552 2553 neigh_skip = 0; 2554 } 2555out: 2556 cb->args[0] = tidx; 2557 cb->args[1] = nidx; 2558 2559 return skb->len; 2560} 2561 2562static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2563 u32 pid, u32 seq, int type, unsigned int flags) 2564{ 2565 u32 neigh_flags, neigh_flags_ext; 2566 unsigned long now = jiffies; 2567 struct nda_cacheinfo ci; 2568 struct nlmsghdr *nlh; 2569 struct ndmsg *ndm; 2570 2571 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2572 if (nlh == NULL) 2573 return -EMSGSIZE; 2574 2575 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2576 neigh_flags = neigh->flags & NTF_OLD_MASK; 2577 2578 ndm = nlmsg_data(nlh); 2579 ndm->ndm_family = neigh->ops->family; 2580 ndm->ndm_pad1 = 0; 2581 ndm->ndm_pad2 = 0; 2582 ndm->ndm_flags = neigh_flags; 2583 ndm->ndm_type = neigh->type; 2584 ndm->ndm_ifindex = neigh->dev->ifindex; 2585 2586 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2587 goto nla_put_failure; 2588 2589 read_lock_bh(&neigh->lock); 2590 ndm->ndm_state = neigh->nud_state; 2591 if (neigh->nud_state & NUD_VALID) { 2592 char haddr[MAX_ADDR_LEN]; 2593 2594 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2595 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2596 read_unlock_bh(&neigh->lock); 2597 goto nla_put_failure; 2598 } 2599 } 2600 2601 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2602 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2603 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2604 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2605 read_unlock_bh(&neigh->lock); 2606 2607 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2608 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2609 goto nla_put_failure; 2610 2611 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2612 goto nla_put_failure; 2613 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2614 goto nla_put_failure; 2615 2616 nlmsg_end(skb, nlh); 2617 return 0; 2618 2619nla_put_failure: 2620 nlmsg_cancel(skb, nlh); 2621 return -EMSGSIZE; 2622} 2623 2624static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2625 u32 pid, u32 seq, int type, unsigned int flags, 2626 struct neigh_table *tbl) 2627{ 2628 u32 neigh_flags, neigh_flags_ext; 2629 struct nlmsghdr *nlh; 2630 struct ndmsg *ndm; 2631 2632 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2633 if (nlh == NULL) 2634 return -EMSGSIZE; 2635 2636 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2637 neigh_flags = pn->flags & NTF_OLD_MASK; 2638 2639 ndm = nlmsg_data(nlh); 2640 ndm->ndm_family = tbl->family; 2641 ndm->ndm_pad1 = 0; 2642 ndm->ndm_pad2 = 0; 2643 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2644 ndm->ndm_type = RTN_UNICAST; 2645 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2646 ndm->ndm_state = NUD_NONE; 2647 2648 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2649 goto nla_put_failure; 2650 2651 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2652 goto nla_put_failure; 2653 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2654 goto nla_put_failure; 2655 2656 nlmsg_end(skb, nlh); 2657 return 0; 2658 2659nla_put_failure: 2660 nlmsg_cancel(skb, nlh); 2661 return -EMSGSIZE; 2662} 2663 2664static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2665{ 2666 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2667 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2668} 2669 2670static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2671{ 2672 struct net_device *master; 2673 2674 if (!master_idx) 2675 return false; 2676 2677 master = dev ? netdev_master_upper_dev_get(dev) : NULL; 2678 2679 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2680 * invalid value for ifindex to denote "no master". 2681 */ 2682 if (master_idx == -1) 2683 return !!master; 2684 2685 if (!master || master->ifindex != master_idx) 2686 return true; 2687 2688 return false; 2689} 2690 2691static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2692{ 2693 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2694 return true; 2695 2696 return false; 2697} 2698 2699struct neigh_dump_filter { 2700 int master_idx; 2701 int dev_idx; 2702}; 2703 2704static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2705 struct netlink_callback *cb, 2706 struct neigh_dump_filter *filter) 2707{ 2708 struct net *net = sock_net(skb->sk); 2709 struct neighbour *n; 2710 int rc, h, s_h = cb->args[1]; 2711 int idx, s_idx = idx = cb->args[2]; 2712 struct neigh_hash_table *nht; 2713 unsigned int flags = NLM_F_MULTI; 2714 2715 if (filter->dev_idx || filter->master_idx) 2716 flags |= NLM_F_DUMP_FILTERED; 2717 2718 rcu_read_lock(); 2719 nht = rcu_dereference(tbl->nht); 2720 2721 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2722 if (h > s_h) 2723 s_idx = 0; 2724 for (n = rcu_dereference(nht->hash_buckets[h]), idx = 0; 2725 n != NULL; 2726 n = rcu_dereference(n->next)) { 2727 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2728 goto next; 2729 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2730 neigh_master_filtered(n->dev, filter->master_idx)) 2731 goto next; 2732 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2733 cb->nlh->nlmsg_seq, 2734 RTM_NEWNEIGH, 2735 flags) < 0) { 2736 rc = -1; 2737 goto out; 2738 } 2739next: 2740 idx++; 2741 } 2742 } 2743 rc = skb->len; 2744out: 2745 rcu_read_unlock(); 2746 cb->args[1] = h; 2747 cb->args[2] = idx; 2748 return rc; 2749} 2750 2751static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2752 struct netlink_callback *cb, 2753 struct neigh_dump_filter *filter) 2754{ 2755 struct pneigh_entry *n; 2756 struct net *net = sock_net(skb->sk); 2757 int rc, h, s_h = cb->args[3]; 2758 int idx, s_idx = idx = cb->args[4]; 2759 unsigned int flags = NLM_F_MULTI; 2760 2761 if (filter->dev_idx || filter->master_idx) 2762 flags |= NLM_F_DUMP_FILTERED; 2763 2764 read_lock_bh(&tbl->lock); 2765 2766 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2767 if (h > s_h) 2768 s_idx = 0; 2769 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2770 if (idx < s_idx || pneigh_net(n) != net) 2771 goto next; 2772 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2773 neigh_master_filtered(n->dev, filter->master_idx)) 2774 goto next; 2775 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2776 cb->nlh->nlmsg_seq, 2777 RTM_NEWNEIGH, flags, tbl) < 0) { 2778 read_unlock_bh(&tbl->lock); 2779 rc = -1; 2780 goto out; 2781 } 2782 next: 2783 idx++; 2784 } 2785 } 2786 2787 read_unlock_bh(&tbl->lock); 2788 rc = skb->len; 2789out: 2790 cb->args[3] = h; 2791 cb->args[4] = idx; 2792 return rc; 2793 2794} 2795 2796static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2797 bool strict_check, 2798 struct neigh_dump_filter *filter, 2799 struct netlink_ext_ack *extack) 2800{ 2801 struct nlattr *tb[NDA_MAX + 1]; 2802 int err, i; 2803 2804 if (strict_check) { 2805 struct ndmsg *ndm; 2806 2807 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2808 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2809 return -EINVAL; 2810 } 2811 2812 ndm = nlmsg_data(nlh); 2813 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2814 ndm->ndm_state || ndm->ndm_type) { 2815 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2816 return -EINVAL; 2817 } 2818 2819 if (ndm->ndm_flags & ~NTF_PROXY) { 2820 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2821 return -EINVAL; 2822 } 2823 2824 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2825 tb, NDA_MAX, nda_policy, 2826 extack); 2827 } else { 2828 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2829 NDA_MAX, nda_policy, extack); 2830 } 2831 if (err < 0) 2832 return err; 2833 2834 for (i = 0; i <= NDA_MAX; ++i) { 2835 if (!tb[i]) 2836 continue; 2837 2838 /* all new attributes should require strict_check */ 2839 switch (i) { 2840 case NDA_IFINDEX: 2841 filter->dev_idx = nla_get_u32(tb[i]); 2842 break; 2843 case NDA_MASTER: 2844 filter->master_idx = nla_get_u32(tb[i]); 2845 break; 2846 default: 2847 if (strict_check) { 2848 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2849 return -EINVAL; 2850 } 2851 } 2852 } 2853 2854 return 0; 2855} 2856 2857static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2858{ 2859 const struct nlmsghdr *nlh = cb->nlh; 2860 struct neigh_dump_filter filter = {}; 2861 struct neigh_table *tbl; 2862 int t, family, s_t; 2863 int proxy = 0; 2864 int err; 2865 2866 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2867 2868 /* check for full ndmsg structure presence, family member is 2869 * the same for both structures 2870 */ 2871 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2872 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2873 proxy = 1; 2874 2875 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2876 if (err < 0 && cb->strict_check) 2877 return err; 2878 2879 s_t = cb->args[0]; 2880 2881 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2882 tbl = neigh_tables[t]; 2883 2884 if (!tbl) 2885 continue; 2886 if (t < s_t || (family && tbl->family != family)) 2887 continue; 2888 if (t > s_t) 2889 memset(&cb->args[1], 0, sizeof(cb->args) - 2890 sizeof(cb->args[0])); 2891 if (proxy) 2892 err = pneigh_dump_table(tbl, skb, cb, &filter); 2893 else 2894 err = neigh_dump_table(tbl, skb, cb, &filter); 2895 if (err < 0) 2896 break; 2897 } 2898 2899 cb->args[0] = t; 2900 return skb->len; 2901} 2902 2903static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2904 struct neigh_table **tbl, 2905 void **dst, int *dev_idx, u8 *ndm_flags, 2906 struct netlink_ext_ack *extack) 2907{ 2908 struct nlattr *tb[NDA_MAX + 1]; 2909 struct ndmsg *ndm; 2910 int err, i; 2911 2912 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2913 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2914 return -EINVAL; 2915 } 2916 2917 ndm = nlmsg_data(nlh); 2918 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2919 ndm->ndm_type) { 2920 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2921 return -EINVAL; 2922 } 2923 2924 if (ndm->ndm_flags & ~NTF_PROXY) { 2925 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2926 return -EINVAL; 2927 } 2928 2929 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2930 NDA_MAX, nda_policy, extack); 2931 if (err < 0) 2932 return err; 2933 2934 *ndm_flags = ndm->ndm_flags; 2935 *dev_idx = ndm->ndm_ifindex; 2936 *tbl = neigh_find_table(ndm->ndm_family); 2937 if (*tbl == NULL) { 2938 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2939 return -EAFNOSUPPORT; 2940 } 2941 2942 for (i = 0; i <= NDA_MAX; ++i) { 2943 if (!tb[i]) 2944 continue; 2945 2946 switch (i) { 2947 case NDA_DST: 2948 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2949 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2950 return -EINVAL; 2951 } 2952 *dst = nla_data(tb[i]); 2953 break; 2954 default: 2955 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2956 return -EINVAL; 2957 } 2958 } 2959 2960 return 0; 2961} 2962 2963static inline size_t neigh_nlmsg_size(void) 2964{ 2965 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2966 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2967 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2968 + nla_total_size(sizeof(struct nda_cacheinfo)) 2969 + nla_total_size(4) /* NDA_PROBES */ 2970 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2971 + nla_total_size(1); /* NDA_PROTOCOL */ 2972} 2973 2974static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2975 u32 pid, u32 seq) 2976{ 2977 struct sk_buff *skb; 2978 int err = 0; 2979 2980 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2981 if (!skb) 2982 return -ENOBUFS; 2983 2984 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2985 if (err) { 2986 kfree_skb(skb); 2987 goto errout; 2988 } 2989 2990 err = rtnl_unicast(skb, net, pid); 2991errout: 2992 return err; 2993} 2994 2995static inline size_t pneigh_nlmsg_size(void) 2996{ 2997 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2998 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2999 + nla_total_size(4) /* NDA_FLAGS_EXT */ 3000 + nla_total_size(1); /* NDA_PROTOCOL */ 3001} 3002 3003static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 3004 u32 pid, u32 seq, struct neigh_table *tbl) 3005{ 3006 struct sk_buff *skb; 3007 int err = 0; 3008 3009 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3010 if (!skb) 3011 return -ENOBUFS; 3012 3013 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3014 if (err) { 3015 kfree_skb(skb); 3016 goto errout; 3017 } 3018 3019 err = rtnl_unicast(skb, net, pid); 3020errout: 3021 return err; 3022} 3023 3024static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3025 struct netlink_ext_ack *extack) 3026{ 3027 struct net *net = sock_net(in_skb->sk); 3028 struct net_device *dev = NULL; 3029 struct neigh_table *tbl = NULL; 3030 struct neighbour *neigh; 3031 void *dst = NULL; 3032 u8 ndm_flags = 0; 3033 int dev_idx = 0; 3034 int err; 3035 3036 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3037 extack); 3038 if (err < 0) 3039 return err; 3040 3041 if (dev_idx) { 3042 dev = __dev_get_by_index(net, dev_idx); 3043 if (!dev) { 3044 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3045 return -ENODEV; 3046 } 3047 } 3048 3049 if (!dst) { 3050 NL_SET_ERR_MSG(extack, "Network address not specified"); 3051 return -EINVAL; 3052 } 3053 3054 if (ndm_flags & NTF_PROXY) { 3055 struct pneigh_entry *pn; 3056 3057 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3058 if (!pn) { 3059 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3060 return -ENOENT; 3061 } 3062 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3063 nlh->nlmsg_seq, tbl); 3064 } 3065 3066 if (!dev) { 3067 NL_SET_ERR_MSG(extack, "No device specified"); 3068 return -EINVAL; 3069 } 3070 3071 neigh = neigh_lookup(tbl, dst, dev); 3072 if (!neigh) { 3073 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3074 return -ENOENT; 3075 } 3076 3077 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3078 nlh->nlmsg_seq); 3079 3080 neigh_release(neigh); 3081 3082 return err; 3083} 3084 3085void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3086{ 3087 int chain; 3088 struct neigh_hash_table *nht; 3089 3090 rcu_read_lock(); 3091 nht = rcu_dereference(tbl->nht); 3092 3093 read_lock_bh(&tbl->lock); /* avoid resizes */ 3094 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3095 struct neighbour *n; 3096 3097 for (n = rcu_dereference(nht->hash_buckets[chain]); 3098 n != NULL; 3099 n = rcu_dereference(n->next)) 3100 cb(n, cookie); 3101 } 3102 read_unlock_bh(&tbl->lock); 3103 rcu_read_unlock(); 3104} 3105EXPORT_SYMBOL(neigh_for_each); 3106 3107/* The tbl->lock must be held as a writer and BH disabled. */ 3108void __neigh_for_each_release(struct neigh_table *tbl, 3109 int (*cb)(struct neighbour *)) 3110{ 3111 int chain; 3112 struct neigh_hash_table *nht; 3113 3114 nht = rcu_dereference_protected(tbl->nht, 3115 lockdep_is_held(&tbl->lock)); 3116 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3117 struct neighbour *n; 3118 struct neighbour __rcu **np; 3119 3120 np = &nht->hash_buckets[chain]; 3121 while ((n = rcu_dereference_protected(*np, 3122 lockdep_is_held(&tbl->lock))) != NULL) { 3123 int release; 3124 3125 write_lock(&n->lock); 3126 release = cb(n); 3127 if (release) { 3128 rcu_assign_pointer(*np, 3129 rcu_dereference_protected(n->next, 3130 lockdep_is_held(&tbl->lock))); 3131 neigh_mark_dead(n); 3132 } else 3133 np = &n->next; 3134 write_unlock(&n->lock); 3135 if (release) 3136 neigh_cleanup_and_release(n); 3137 } 3138 } 3139} 3140EXPORT_SYMBOL(__neigh_for_each_release); 3141 3142int neigh_xmit(int index, struct net_device *dev, 3143 const void *addr, struct sk_buff *skb) 3144{ 3145 int err = -EAFNOSUPPORT; 3146 if (likely(index < NEIGH_NR_TABLES)) { 3147 struct neigh_table *tbl; 3148 struct neighbour *neigh; 3149 3150 tbl = neigh_tables[index]; 3151 if (!tbl) 3152 goto out; 3153 rcu_read_lock(); 3154 if (index == NEIGH_ARP_TABLE) { 3155 u32 key = *((u32 *)addr); 3156 3157 neigh = __ipv4_neigh_lookup_noref(dev, key); 3158 } else { 3159 neigh = __neigh_lookup_noref(tbl, addr, dev); 3160 } 3161 if (!neigh) 3162 neigh = __neigh_create(tbl, addr, dev, false); 3163 err = PTR_ERR(neigh); 3164 if (IS_ERR(neigh)) { 3165 rcu_read_unlock(); 3166 goto out_kfree_skb; 3167 } 3168 err = READ_ONCE(neigh->output)(neigh, skb); 3169 rcu_read_unlock(); 3170 } 3171 else if (index == NEIGH_LINK_TABLE) { 3172 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3173 addr, NULL, skb->len); 3174 if (err < 0) 3175 goto out_kfree_skb; 3176 err = dev_queue_xmit(skb); 3177 } 3178out: 3179 return err; 3180out_kfree_skb: 3181 kfree_skb(skb); 3182 goto out; 3183} 3184EXPORT_SYMBOL(neigh_xmit); 3185 3186#ifdef CONFIG_PROC_FS 3187 3188static struct neighbour *neigh_get_first(struct seq_file *seq) 3189{ 3190 struct neigh_seq_state *state = seq->private; 3191 struct net *net = seq_file_net(seq); 3192 struct neigh_hash_table *nht = state->nht; 3193 struct neighbour *n = NULL; 3194 int bucket; 3195 3196 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3197 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 3198 n = rcu_dereference(nht->hash_buckets[bucket]); 3199 3200 while (n) { 3201 if (!net_eq(dev_net(n->dev), net)) 3202 goto next; 3203 if (state->neigh_sub_iter) { 3204 loff_t fakep = 0; 3205 void *v; 3206 3207 v = state->neigh_sub_iter(state, n, &fakep); 3208 if (!v) 3209 goto next; 3210 } 3211 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3212 break; 3213 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3214 break; 3215next: 3216 n = rcu_dereference(n->next); 3217 } 3218 3219 if (n) 3220 break; 3221 } 3222 state->bucket = bucket; 3223 3224 return n; 3225} 3226 3227static struct neighbour *neigh_get_next(struct seq_file *seq, 3228 struct neighbour *n, 3229 loff_t *pos) 3230{ 3231 struct neigh_seq_state *state = seq->private; 3232 struct net *net = seq_file_net(seq); 3233 struct neigh_hash_table *nht = state->nht; 3234 3235 if (state->neigh_sub_iter) { 3236 void *v = state->neigh_sub_iter(state, n, pos); 3237 if (v) 3238 return n; 3239 } 3240 n = rcu_dereference(n->next); 3241 3242 while (1) { 3243 while (n) { 3244 if (!net_eq(dev_net(n->dev), net)) 3245 goto next; 3246 if (state->neigh_sub_iter) { 3247 void *v = state->neigh_sub_iter(state, n, pos); 3248 if (v) 3249 return n; 3250 goto next; 3251 } 3252 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3253 break; 3254 3255 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3256 break; 3257next: 3258 n = rcu_dereference(n->next); 3259 } 3260 3261 if (n) 3262 break; 3263 3264 if (++state->bucket >= (1 << nht->hash_shift)) 3265 break; 3266 3267 n = rcu_dereference(nht->hash_buckets[state->bucket]); 3268 } 3269 3270 if (n && pos) 3271 --(*pos); 3272 return n; 3273} 3274 3275static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3276{ 3277 struct neighbour *n = neigh_get_first(seq); 3278 3279 if (n) { 3280 --(*pos); 3281 while (*pos) { 3282 n = neigh_get_next(seq, n, pos); 3283 if (!n) 3284 break; 3285 } 3286 } 3287 return *pos ? NULL : n; 3288} 3289 3290static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3291{ 3292 struct neigh_seq_state *state = seq->private; 3293 struct net *net = seq_file_net(seq); 3294 struct neigh_table *tbl = state->tbl; 3295 struct pneigh_entry *pn = NULL; 3296 int bucket; 3297 3298 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3299 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3300 pn = tbl->phash_buckets[bucket]; 3301 while (pn && !net_eq(pneigh_net(pn), net)) 3302 pn = pn->next; 3303 if (pn) 3304 break; 3305 } 3306 state->bucket = bucket; 3307 3308 return pn; 3309} 3310 3311static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3312 struct pneigh_entry *pn, 3313 loff_t *pos) 3314{ 3315 struct neigh_seq_state *state = seq->private; 3316 struct net *net = seq_file_net(seq); 3317 struct neigh_table *tbl = state->tbl; 3318 3319 do { 3320 pn = pn->next; 3321 } while (pn && !net_eq(pneigh_net(pn), net)); 3322 3323 while (!pn) { 3324 if (++state->bucket > PNEIGH_HASHMASK) 3325 break; 3326 pn = tbl->phash_buckets[state->bucket]; 3327 while (pn && !net_eq(pneigh_net(pn), net)) 3328 pn = pn->next; 3329 if (pn) 3330 break; 3331 } 3332 3333 if (pn && pos) 3334 --(*pos); 3335 3336 return pn; 3337} 3338 3339static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3340{ 3341 struct pneigh_entry *pn = pneigh_get_first(seq); 3342 3343 if (pn) { 3344 --(*pos); 3345 while (*pos) { 3346 pn = pneigh_get_next(seq, pn, pos); 3347 if (!pn) 3348 break; 3349 } 3350 } 3351 return *pos ? NULL : pn; 3352} 3353 3354static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3355{ 3356 struct neigh_seq_state *state = seq->private; 3357 void *rc; 3358 loff_t idxpos = *pos; 3359 3360 rc = neigh_get_idx(seq, &idxpos); 3361 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3362 rc = pneigh_get_idx(seq, &idxpos); 3363 3364 return rc; 3365} 3366 3367void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3368 __acquires(tbl->lock) 3369 __acquires(rcu) 3370{ 3371 struct neigh_seq_state *state = seq->private; 3372 3373 state->tbl = tbl; 3374 state->bucket = 0; 3375 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3376 3377 rcu_read_lock(); 3378 state->nht = rcu_dereference(tbl->nht); 3379 read_lock_bh(&tbl->lock); 3380 3381 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3382} 3383EXPORT_SYMBOL(neigh_seq_start); 3384 3385void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3386{ 3387 struct neigh_seq_state *state; 3388 void *rc; 3389 3390 if (v == SEQ_START_TOKEN) { 3391 rc = neigh_get_first(seq); 3392 goto out; 3393 } 3394 3395 state = seq->private; 3396 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3397 rc = neigh_get_next(seq, v, NULL); 3398 if (rc) 3399 goto out; 3400 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3401 rc = pneigh_get_first(seq); 3402 } else { 3403 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3404 rc = pneigh_get_next(seq, v, NULL); 3405 } 3406out: 3407 ++(*pos); 3408 return rc; 3409} 3410EXPORT_SYMBOL(neigh_seq_next); 3411 3412void neigh_seq_stop(struct seq_file *seq, void *v) 3413 __releases(tbl->lock) 3414 __releases(rcu) 3415{ 3416 struct neigh_seq_state *state = seq->private; 3417 struct neigh_table *tbl = state->tbl; 3418 3419 read_unlock_bh(&tbl->lock); 3420 rcu_read_unlock(); 3421} 3422EXPORT_SYMBOL(neigh_seq_stop); 3423 3424/* statistics via seq_file */ 3425 3426static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3427{ 3428 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3429 int cpu; 3430 3431 if (*pos == 0) 3432 return SEQ_START_TOKEN; 3433 3434 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3435 if (!cpu_possible(cpu)) 3436 continue; 3437 *pos = cpu+1; 3438 return per_cpu_ptr(tbl->stats, cpu); 3439 } 3440 return NULL; 3441} 3442 3443static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3444{ 3445 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3446 int cpu; 3447 3448 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3449 if (!cpu_possible(cpu)) 3450 continue; 3451 *pos = cpu+1; 3452 return per_cpu_ptr(tbl->stats, cpu); 3453 } 3454 (*pos)++; 3455 return NULL; 3456} 3457 3458static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3459{ 3460 3461} 3462 3463static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3464{ 3465 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3466 struct neigh_statistics *st = v; 3467 3468 if (v == SEQ_START_TOKEN) { 3469 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3470 return 0; 3471 } 3472 3473 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3474 "%08lx %08lx %08lx " 3475 "%08lx %08lx %08lx\n", 3476 atomic_read(&tbl->entries), 3477 3478 st->allocs, 3479 st->destroys, 3480 st->hash_grows, 3481 3482 st->lookups, 3483 st->hits, 3484 3485 st->res_failed, 3486 3487 st->rcv_probes_mcast, 3488 st->rcv_probes_ucast, 3489 3490 st->periodic_gc_runs, 3491 st->forced_gc_runs, 3492 st->unres_discards, 3493 st->table_fulls 3494 ); 3495 3496 return 0; 3497} 3498 3499static const struct seq_operations neigh_stat_seq_ops = { 3500 .start = neigh_stat_seq_start, 3501 .next = neigh_stat_seq_next, 3502 .stop = neigh_stat_seq_stop, 3503 .show = neigh_stat_seq_show, 3504}; 3505#endif /* CONFIG_PROC_FS */ 3506 3507static void __neigh_notify(struct neighbour *n, int type, int flags, 3508 u32 pid) 3509{ 3510 struct net *net = dev_net(n->dev); 3511 struct sk_buff *skb; 3512 int err = -ENOBUFS; 3513 3514 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3515 if (skb == NULL) 3516 goto errout; 3517 3518 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3519 if (err < 0) { 3520 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3521 WARN_ON(err == -EMSGSIZE); 3522 kfree_skb(skb); 3523 goto errout; 3524 } 3525 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3526 return; 3527errout: 3528 if (err < 0) 3529 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3530} 3531 3532void neigh_app_ns(struct neighbour *n) 3533{ 3534 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3535} 3536EXPORT_SYMBOL(neigh_app_ns); 3537 3538#ifdef CONFIG_SYSCTL 3539static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3540 3541static int proc_unres_qlen(struct ctl_table *ctl, int write, 3542 void *buffer, size_t *lenp, loff_t *ppos) 3543{ 3544 int size, ret; 3545 struct ctl_table tmp = *ctl; 3546 3547 tmp.extra1 = SYSCTL_ZERO; 3548 tmp.extra2 = &unres_qlen_max; 3549 tmp.data = &size; 3550 3551 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3552 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3553 3554 if (write && !ret) 3555 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3556 return ret; 3557} 3558 3559static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3560 int index) 3561{ 3562 struct net_device *dev; 3563 int family = neigh_parms_family(p); 3564 3565 rcu_read_lock(); 3566 for_each_netdev_rcu(net, dev) { 3567 struct neigh_parms *dst_p = 3568 neigh_get_dev_parms_rcu(dev, family); 3569 3570 if (dst_p && !test_bit(index, dst_p->data_state)) 3571 dst_p->data[index] = p->data[index]; 3572 } 3573 rcu_read_unlock(); 3574} 3575 3576static void neigh_proc_update(struct ctl_table *ctl, int write) 3577{ 3578 struct net_device *dev = ctl->extra1; 3579 struct neigh_parms *p = ctl->extra2; 3580 struct net *net = neigh_parms_net(p); 3581 int index = (int *) ctl->data - p->data; 3582 3583 if (!write) 3584 return; 3585 3586 set_bit(index, p->data_state); 3587 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3588 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3589 if (!dev) /* NULL dev means this is default value */ 3590 neigh_copy_dflt_parms(net, p, index); 3591} 3592 3593static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 3594 void *buffer, size_t *lenp, 3595 loff_t *ppos) 3596{ 3597 struct ctl_table tmp = *ctl; 3598 int ret; 3599 3600 tmp.extra1 = SYSCTL_ZERO; 3601 tmp.extra2 = SYSCTL_INT_MAX; 3602 3603 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3604 neigh_proc_update(ctl, write); 3605 return ret; 3606} 3607 3608static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write, 3609 void *buffer, size_t *lenp, loff_t *ppos) 3610{ 3611 struct ctl_table tmp = *ctl; 3612 int ret; 3613 3614 int min = msecs_to_jiffies(1); 3615 3616 tmp.extra1 = &min; 3617 tmp.extra2 = NULL; 3618 3619 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3620 neigh_proc_update(ctl, write); 3621 return ret; 3622} 3623 3624int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer, 3625 size_t *lenp, loff_t *ppos) 3626{ 3627 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3628 3629 neigh_proc_update(ctl, write); 3630 return ret; 3631} 3632EXPORT_SYMBOL(neigh_proc_dointvec); 3633 3634int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer, 3635 size_t *lenp, loff_t *ppos) 3636{ 3637 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3638 3639 neigh_proc_update(ctl, write); 3640 return ret; 3641} 3642EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3643 3644static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 3645 void *buffer, size_t *lenp, 3646 loff_t *ppos) 3647{ 3648 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3649 3650 neigh_proc_update(ctl, write); 3651 return ret; 3652} 3653 3654int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 3655 void *buffer, size_t *lenp, loff_t *ppos) 3656{ 3657 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3658 3659 neigh_proc_update(ctl, write); 3660 return ret; 3661} 3662EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3663 3664static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 3665 void *buffer, size_t *lenp, 3666 loff_t *ppos) 3667{ 3668 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3669 3670 neigh_proc_update(ctl, write); 3671 return ret; 3672} 3673 3674static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 3675 void *buffer, size_t *lenp, 3676 loff_t *ppos) 3677{ 3678 struct neigh_parms *p = ctl->extra2; 3679 int ret; 3680 3681 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3682 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3683 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3684 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3685 else 3686 ret = -1; 3687 3688 if (write && ret == 0) { 3689 /* update reachable_time as well, otherwise, the change will 3690 * only be effective after the next time neigh_periodic_work 3691 * decides to recompute it 3692 */ 3693 p->reachable_time = 3694 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3695 } 3696 return ret; 3697} 3698 3699#define NEIGH_PARMS_DATA_OFFSET(index) \ 3700 (&((struct neigh_parms *) 0)->data[index]) 3701 3702#define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3703 [NEIGH_VAR_ ## attr] = { \ 3704 .procname = name, \ 3705 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3706 .maxlen = sizeof(int), \ 3707 .mode = mval, \ 3708 .proc_handler = proc, \ 3709 } 3710 3711#define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3712 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3713 3714#define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3715 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3716 3717#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3718 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3719 3720#define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3721 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3722 3723#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3724 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3725 3726#define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3727 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3728 3729static struct neigh_sysctl_table { 3730 struct ctl_table_header *sysctl_header; 3731 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1]; 3732} neigh_sysctl_template __read_mostly = { 3733 .neigh_vars = { 3734 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3735 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3736 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3737 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3738 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3739 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3740 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3741 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3742 "interval_probe_time_ms"), 3743 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3744 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3745 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3746 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3747 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3748 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3749 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3750 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3751 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3752 [NEIGH_VAR_GC_INTERVAL] = { 3753 .procname = "gc_interval", 3754 .maxlen = sizeof(int), 3755 .mode = 0644, 3756 .proc_handler = proc_dointvec_jiffies, 3757 }, 3758 [NEIGH_VAR_GC_THRESH1] = { 3759 .procname = "gc_thresh1", 3760 .maxlen = sizeof(int), 3761 .mode = 0644, 3762 .extra1 = SYSCTL_ZERO, 3763 .extra2 = SYSCTL_INT_MAX, 3764 .proc_handler = proc_dointvec_minmax, 3765 }, 3766 [NEIGH_VAR_GC_THRESH2] = { 3767 .procname = "gc_thresh2", 3768 .maxlen = sizeof(int), 3769 .mode = 0644, 3770 .extra1 = SYSCTL_ZERO, 3771 .extra2 = SYSCTL_INT_MAX, 3772 .proc_handler = proc_dointvec_minmax, 3773 }, 3774 [NEIGH_VAR_GC_THRESH3] = { 3775 .procname = "gc_thresh3", 3776 .maxlen = sizeof(int), 3777 .mode = 0644, 3778 .extra1 = SYSCTL_ZERO, 3779 .extra2 = SYSCTL_INT_MAX, 3780 .proc_handler = proc_dointvec_minmax, 3781 }, 3782 {}, 3783 }, 3784}; 3785 3786int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3787 proc_handler *handler) 3788{ 3789 int i; 3790 struct neigh_sysctl_table *t; 3791 const char *dev_name_source; 3792 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3793 char *p_name; 3794 size_t neigh_vars_size; 3795 3796 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3797 if (!t) 3798 goto err; 3799 3800 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3801 t->neigh_vars[i].data += (long) p; 3802 t->neigh_vars[i].extra1 = dev; 3803 t->neigh_vars[i].extra2 = p; 3804 } 3805 3806 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3807 if (dev) { 3808 dev_name_source = dev->name; 3809 /* Terminate the table early */ 3810 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0, 3811 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL])); 3812 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3813 } else { 3814 struct neigh_table *tbl = p->tbl; 3815 dev_name_source = "default"; 3816 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3817 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3818 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3819 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3820 } 3821 3822 if (handler) { 3823 /* RetransTime */ 3824 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3825 /* ReachableTime */ 3826 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3827 /* RetransTime (in milliseconds)*/ 3828 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3829 /* ReachableTime (in milliseconds) */ 3830 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3831 } else { 3832 /* Those handlers will update p->reachable_time after 3833 * base_reachable_time(_ms) is set to ensure the new timer starts being 3834 * applied after the next neighbour update instead of waiting for 3835 * neigh_periodic_work to update its value (can be multiple minutes) 3836 * So any handler that replaces them should do this as well 3837 */ 3838 /* ReachableTime */ 3839 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3840 neigh_proc_base_reachable_time; 3841 /* ReachableTime (in milliseconds) */ 3842 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3843 neigh_proc_base_reachable_time; 3844 } 3845 3846 switch (neigh_parms_family(p)) { 3847 case AF_INET: 3848 p_name = "ipv4"; 3849 break; 3850 case AF_INET6: 3851 p_name = "ipv6"; 3852 break; 3853 default: 3854 BUG(); 3855 } 3856 3857 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3858 p_name, dev_name_source); 3859 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3860 neigh_path, t->neigh_vars, 3861 neigh_vars_size); 3862 if (!t->sysctl_header) 3863 goto free; 3864 3865 p->sysctl_table = t; 3866 return 0; 3867 3868free: 3869 kfree(t); 3870err: 3871 return -ENOBUFS; 3872} 3873EXPORT_SYMBOL(neigh_sysctl_register); 3874 3875void neigh_sysctl_unregister(struct neigh_parms *p) 3876{ 3877 if (p->sysctl_table) { 3878 struct neigh_sysctl_table *t = p->sysctl_table; 3879 p->sysctl_table = NULL; 3880 unregister_net_sysctl_table(t->sysctl_header); 3881 kfree(t); 3882 } 3883} 3884EXPORT_SYMBOL(neigh_sysctl_unregister); 3885 3886#endif /* CONFIG_SYSCTL */ 3887 3888static int __init neigh_init(void) 3889{ 3890 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0); 3891 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0); 3892 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0); 3893 3894 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info, 3895 0); 3896 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0); 3897 3898 return 0; 3899} 3900 3901subsys_initcall(neigh_init); 3902