Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-or-later
2 : /*
3 : * Generic address resolution entity
4 : *
5 : * Authors:
6 : * Pedro Roque <roque@di.fc.ul.pt>
7 : * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 : *
9 : * Fixes:
10 : * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 : * Harald Welte Add neighbour cache statistics like rtstat
12 : */
13 :
14 : #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 :
16 : #include <linux/slab.h>
17 : #include <linux/kmemleak.h>
18 : #include <linux/types.h>
19 : #include <linux/kernel.h>
20 : #include <linux/module.h>
21 : #include <linux/socket.h>
22 : #include <linux/netdevice.h>
23 : #include <linux/proc_fs.h>
24 : #ifdef CONFIG_SYSCTL
25 : #include <linux/sysctl.h>
26 : #endif
27 : #include <linux/times.h>
28 : #include <net/net_namespace.h>
29 : #include <net/neighbour.h>
30 : #include <net/arp.h>
31 : #include <net/dst.h>
32 : #include <net/sock.h>
33 : #include <net/netevent.h>
34 : #include <net/netlink.h>
35 : #include <linux/rtnetlink.h>
36 : #include <linux/random.h>
37 : #include <linux/string.h>
38 : #include <linux/log2.h>
39 : #include <linux/inetdevice.h>
40 : #include <net/addrconf.h>
41 :
42 : #include <trace/events/neigh.h>
43 :
44 : #define NEIGH_DEBUG 1
45 : #define neigh_dbg(level, fmt, ...) \
46 : do { \
47 : if (level <= NEIGH_DEBUG) \
48 : pr_debug(fmt, ##__VA_ARGS__); \
49 : } while (0)
50 :
51 : #define PNEIGH_HASHMASK 0xF
52 :
53 : static void neigh_timer_handler(struct timer_list *t);
54 : static void __neigh_notify(struct neighbour *n, int type, int flags,
55 : u32 pid);
56 : static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 : static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58 : struct net_device *dev);
59 :
60 : #ifdef CONFIG_PROC_FS
61 : static const struct seq_operations neigh_stat_seq_ops;
62 : #endif
63 :
64 : /*
65 : Neighbour hash table buckets are protected with rwlock tbl->lock.
66 :
67 : - All the scans/updates to hash buckets MUST be made under this lock.
68 : - NOTHING clever should be made under this lock: no callbacks
69 : to protocol backends, no attempts to send something to network.
70 : It will result in deadlocks, if backend/driver wants to use neighbour
71 : cache.
72 : - If the entry requires some non-trivial actions, increase
73 : its reference count and release table lock.
74 :
75 : Neighbour entries are protected:
76 : - with reference count.
77 : - with rwlock neigh->lock
78 :
79 : Reference count prevents destruction.
80 :
81 : neigh->lock mainly serializes ll address data and its validity state.
82 : However, the same lock is used to protect another entry fields:
83 : - timer
84 : - resolution queue
85 :
86 : Again, nothing clever shall be made under neigh->lock,
87 : the most complicated procedure, which we allow is dev->hard_header.
88 : It is supposed, that dev->hard_header is simplistic and does
89 : not make callbacks to neighbour tables.
90 : */
91 :
92 0 : static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 : {
94 0 : kfree_skb(skb);
95 0 : return -ENETDOWN;
96 : }
97 :
98 0 : static void neigh_cleanup_and_release(struct neighbour *neigh)
99 : {
100 0 : trace_neigh_cleanup_and_release(neigh, 0);
101 0 : __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102 0 : call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103 0 : neigh_release(neigh);
104 0 : }
105 :
106 : /*
107 : * It is random distribution in the interval (1/2)*base...(3/2)*base.
108 : * It corresponds to default IPv6 settings and is not overridable,
109 : * because it is really reasonable choice.
110 : */
111 :
112 3 : unsigned long neigh_rand_reach_time(unsigned long base)
113 : {
114 3 : return base ? (prandom_u32() % base) + (base >> 1) : 0;
115 : }
116 : EXPORT_SYMBOL(neigh_rand_reach_time);
117 :
118 0 : static void neigh_mark_dead(struct neighbour *n)
119 : {
120 0 : n->dead = 1;
121 0 : if (!list_empty(&n->gc_list)) {
122 0 : list_del_init(&n->gc_list);
123 0 : atomic_dec(&n->tbl->gc_entries);
124 : }
125 0 : }
126 :
127 0 : static void neigh_update_gc_list(struct neighbour *n)
128 : {
129 0 : bool on_gc_list, exempt_from_gc;
130 :
131 0 : write_lock_bh(&n->tbl->lock);
132 0 : write_lock(&n->lock);
133 :
134 : /* remove from the gc list if new state is permanent or if neighbor
135 : * is externally learned; otherwise entry should be on the gc list
136 : */
137 0 : exempt_from_gc = n->nud_state & NUD_PERMANENT ||
138 0 : n->flags & NTF_EXT_LEARNED;
139 0 : on_gc_list = !list_empty(&n->gc_list);
140 :
141 0 : if (exempt_from_gc && on_gc_list) {
142 0 : list_del_init(&n->gc_list);
143 0 : atomic_dec(&n->tbl->gc_entries);
144 0 : } else if (!exempt_from_gc && !on_gc_list) {
145 : /* add entries to the tail; cleaning removes from the front */
146 0 : list_add_tail(&n->gc_list, &n->tbl->gc_list);
147 0 : atomic_inc(&n->tbl->gc_entries);
148 : }
149 :
150 0 : write_unlock(&n->lock);
151 0 : write_unlock_bh(&n->tbl->lock);
152 0 : }
153 :
154 3 : static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
155 : int *notify)
156 : {
157 3 : bool rc = false;
158 3 : u8 ndm_flags;
159 :
160 3 : if (!(flags & NEIGH_UPDATE_F_ADMIN))
161 : return rc;
162 :
163 0 : ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
164 0 : if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
165 0 : if (ndm_flags & NTF_EXT_LEARNED)
166 0 : neigh->flags |= NTF_EXT_LEARNED;
167 : else
168 0 : neigh->flags &= ~NTF_EXT_LEARNED;
169 0 : rc = true;
170 0 : *notify = 1;
171 : }
172 :
173 : return rc;
174 : }
175 :
176 0 : static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
177 : struct neigh_table *tbl)
178 : {
179 0 : bool retval = false;
180 :
181 0 : write_lock(&n->lock);
182 0 : if (refcount_read(&n->refcnt) == 1) {
183 0 : struct neighbour *neigh;
184 :
185 0 : neigh = rcu_dereference_protected(n->next,
186 : lockdep_is_held(&tbl->lock));
187 0 : rcu_assign_pointer(*np, neigh);
188 0 : neigh_mark_dead(n);
189 0 : retval = true;
190 : }
191 0 : write_unlock(&n->lock);
192 0 : if (retval)
193 0 : neigh_cleanup_and_release(n);
194 0 : return retval;
195 : }
196 :
197 0 : bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
198 : {
199 0 : struct neigh_hash_table *nht;
200 0 : void *pkey = ndel->primary_key;
201 0 : u32 hash_val;
202 0 : struct neighbour *n;
203 0 : struct neighbour __rcu **np;
204 :
205 0 : nht = rcu_dereference_protected(tbl->nht,
206 : lockdep_is_held(&tbl->lock));
207 0 : hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
208 0 : hash_val = hash_val >> (32 - nht->hash_shift);
209 :
210 0 : np = &nht->hash_buckets[hash_val];
211 0 : while ((n = rcu_dereference_protected(*np,
212 : lockdep_is_held(&tbl->lock)))) {
213 0 : if (n == ndel)
214 0 : return neigh_del(n, np, tbl);
215 0 : np = &n->next;
216 : }
217 : return false;
218 : }
219 :
220 0 : static int neigh_forced_gc(struct neigh_table *tbl)
221 : {
222 0 : int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
223 0 : unsigned long tref = jiffies - 5 * HZ;
224 0 : struct neighbour *n, *tmp;
225 0 : int shrunk = 0;
226 :
227 0 : NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
228 :
229 0 : write_lock_bh(&tbl->lock);
230 :
231 0 : list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
232 0 : if (refcount_read(&n->refcnt) == 1) {
233 0 : bool remove = false;
234 :
235 0 : write_lock(&n->lock);
236 0 : if ((n->nud_state == NUD_FAILED) ||
237 0 : (tbl->is_multicast &&
238 0 : tbl->is_multicast(n->primary_key)) ||
239 0 : time_after(tref, n->updated))
240 : remove = true;
241 0 : write_unlock(&n->lock);
242 :
243 0 : if (remove && neigh_remove_one(n, tbl))
244 0 : shrunk++;
245 0 : if (shrunk >= max_clean)
246 : break;
247 : }
248 : }
249 :
250 0 : tbl->last_flush = jiffies;
251 :
252 0 : write_unlock_bh(&tbl->lock);
253 :
254 0 : return shrunk;
255 : }
256 :
257 7 : static void neigh_add_timer(struct neighbour *n, unsigned long when)
258 : {
259 7 : neigh_hold(n);
260 7 : if (unlikely(mod_timer(&n->timer, when))) {
261 0 : printk("NEIGH: BUG, double timer add, state is %x\n",
262 0 : n->nud_state);
263 0 : dump_stack();
264 : }
265 7 : }
266 :
267 7 : static int neigh_del_timer(struct neighbour *n)
268 : {
269 10 : if ((n->nud_state & NUD_IN_TIMER) &&
270 3 : del_timer(&n->timer)) {
271 3 : neigh_release(n);
272 3 : return 1;
273 : }
274 : return 0;
275 : }
276 :
277 0 : static void pneigh_queue_purge(struct sk_buff_head *list)
278 : {
279 0 : struct sk_buff *skb;
280 :
281 0 : while ((skb = skb_dequeue(list)) != NULL) {
282 0 : dev_put(skb->dev);
283 0 : kfree_skb(skb);
284 : }
285 0 : }
286 :
287 0 : static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
288 : bool skip_perm)
289 : {
290 0 : int i;
291 0 : struct neigh_hash_table *nht;
292 :
293 0 : nht = rcu_dereference_protected(tbl->nht,
294 : lockdep_is_held(&tbl->lock));
295 :
296 0 : for (i = 0; i < (1 << nht->hash_shift); i++) {
297 0 : struct neighbour *n;
298 0 : struct neighbour __rcu **np = &nht->hash_buckets[i];
299 :
300 0 : while ((n = rcu_dereference_protected(*np,
301 : lockdep_is_held(&tbl->lock))) != NULL) {
302 0 : if (dev && n->dev != dev) {
303 0 : np = &n->next;
304 0 : continue;
305 : }
306 0 : if (skip_perm && n->nud_state & NUD_PERMANENT) {
307 0 : np = &n->next;
308 0 : continue;
309 : }
310 0 : rcu_assign_pointer(*np,
311 : rcu_dereference_protected(n->next,
312 : lockdep_is_held(&tbl->lock)));
313 0 : write_lock(&n->lock);
314 0 : neigh_del_timer(n);
315 0 : neigh_mark_dead(n);
316 0 : if (refcount_read(&n->refcnt) != 1) {
317 : /* The most unpleasant situation.
318 : We must destroy neighbour entry,
319 : but someone still uses it.
320 :
321 : The destroy will be delayed until
322 : the last user releases us, but
323 : we must kill timers etc. and move
324 : it to safe state.
325 : */
326 0 : __skb_queue_purge(&n->arp_queue);
327 0 : n->arp_queue_len_bytes = 0;
328 0 : n->output = neigh_blackhole;
329 0 : if (n->nud_state & NUD_VALID)
330 0 : n->nud_state = NUD_NOARP;
331 : else
332 0 : n->nud_state = NUD_NONE;
333 0 : neigh_dbg(2, "neigh %p is stray\n", n);
334 : }
335 0 : write_unlock(&n->lock);
336 0 : neigh_cleanup_and_release(n);
337 : }
338 : }
339 0 : }
340 :
341 0 : void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
342 : {
343 0 : write_lock_bh(&tbl->lock);
344 0 : neigh_flush_dev(tbl, dev, false);
345 0 : write_unlock_bh(&tbl->lock);
346 0 : }
347 : EXPORT_SYMBOL(neigh_changeaddr);
348 :
349 0 : static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
350 : bool skip_perm)
351 : {
352 0 : write_lock_bh(&tbl->lock);
353 0 : neigh_flush_dev(tbl, dev, skip_perm);
354 0 : pneigh_ifdown_and_unlock(tbl, dev);
355 :
356 0 : del_timer_sync(&tbl->proxy_timer);
357 0 : pneigh_queue_purge(&tbl->proxy_queue);
358 0 : return 0;
359 : }
360 :
361 0 : int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
362 : {
363 0 : __neigh_ifdown(tbl, dev, true);
364 0 : return 0;
365 : }
366 : EXPORT_SYMBOL(neigh_carrier_down);
367 :
368 0 : int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
369 : {
370 0 : __neigh_ifdown(tbl, dev, false);
371 0 : return 0;
372 : }
373 : EXPORT_SYMBOL(neigh_ifdown);
374 :
375 2 : static struct neighbour *neigh_alloc(struct neigh_table *tbl,
376 : struct net_device *dev,
377 : bool exempt_from_gc)
378 : {
379 2 : struct neighbour *n = NULL;
380 2 : unsigned long now = jiffies;
381 2 : int entries;
382 :
383 2 : if (exempt_from_gc)
384 0 : goto do_alloc;
385 :
386 2 : entries = atomic_inc_return(&tbl->gc_entries) - 1;
387 2 : if (entries >= tbl->gc_thresh3 ||
388 2 : (entries >= tbl->gc_thresh2 &&
389 0 : time_after(now, tbl->last_flush + 5 * HZ))) {
390 0 : if (!neigh_forced_gc(tbl) &&
391 0 : entries >= tbl->gc_thresh3) {
392 0 : net_info_ratelimited("%s: neighbor table overflow!\n",
393 : tbl->id);
394 0 : NEIGH_CACHE_STAT_INC(tbl, table_fulls);
395 0 : goto out_entries;
396 : }
397 : }
398 :
399 2 : do_alloc:
400 2 : n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
401 2 : if (!n)
402 0 : goto out_entries;
403 :
404 2 : __skb_queue_head_init(&n->arp_queue);
405 2 : rwlock_init(&n->lock);
406 2 : seqlock_init(&n->ha_lock);
407 2 : n->updated = n->used = now;
408 2 : n->nud_state = NUD_NONE;
409 2 : n->output = neigh_blackhole;
410 2 : seqlock_init(&n->hh.hh_lock);
411 2 : n->parms = neigh_parms_clone(&tbl->parms);
412 2 : timer_setup(&n->timer, neigh_timer_handler, 0);
413 :
414 2 : NEIGH_CACHE_STAT_INC(tbl, allocs);
415 2 : n->tbl = tbl;
416 2 : refcount_set(&n->refcnt, 1);
417 2 : n->dead = 1;
418 2 : INIT_LIST_HEAD(&n->gc_list);
419 :
420 2 : atomic_inc(&tbl->entries);
421 2 : out:
422 2 : return n;
423 :
424 0 : out_entries:
425 0 : if (!exempt_from_gc)
426 0 : atomic_dec(&tbl->gc_entries);
427 0 : goto out;
428 : }
429 :
430 4 : static void neigh_get_hash_rnd(u32 *x)
431 : {
432 8 : *x = get_random_u32() | 1;
433 : }
434 :
435 1 : static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
436 : {
437 1 : size_t size = (1 << shift) * sizeof(struct neighbour *);
438 1 : struct neigh_hash_table *ret;
439 1 : struct neighbour __rcu **buckets;
440 1 : int i;
441 :
442 1 : ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
443 1 : if (!ret)
444 : return NULL;
445 1 : if (size <= PAGE_SIZE) {
446 1 : buckets = kzalloc(size, GFP_ATOMIC);
447 : } else {
448 0 : buckets = (struct neighbour __rcu **)
449 0 : __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
450 0 : get_order(size));
451 0 : kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
452 : }
453 1 : if (!buckets) {
454 0 : kfree(ret);
455 0 : return NULL;
456 : }
457 1 : ret->hash_buckets = buckets;
458 1 : ret->hash_shift = shift;
459 5 : for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
460 4 : neigh_get_hash_rnd(&ret->hash_rnd[i]);
461 : return ret;
462 : }
463 :
464 0 : static void neigh_hash_free_rcu(struct rcu_head *head)
465 : {
466 0 : struct neigh_hash_table *nht = container_of(head,
467 : struct neigh_hash_table,
468 : rcu);
469 0 : size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
470 0 : struct neighbour __rcu **buckets = nht->hash_buckets;
471 :
472 0 : if (size <= PAGE_SIZE) {
473 0 : kfree(buckets);
474 : } else {
475 0 : kmemleak_free(buckets);
476 0 : free_pages((unsigned long)buckets, get_order(size));
477 : }
478 0 : kfree(nht);
479 0 : }
480 :
481 0 : static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
482 : unsigned long new_shift)
483 : {
484 0 : unsigned int i, hash;
485 0 : struct neigh_hash_table *new_nht, *old_nht;
486 :
487 0 : NEIGH_CACHE_STAT_INC(tbl, hash_grows);
488 :
489 0 : old_nht = rcu_dereference_protected(tbl->nht,
490 : lockdep_is_held(&tbl->lock));
491 0 : new_nht = neigh_hash_alloc(new_shift);
492 0 : if (!new_nht)
493 : return old_nht;
494 :
495 0 : for (i = 0; i < (1 << old_nht->hash_shift); i++) {
496 0 : struct neighbour *n, *next;
497 :
498 0 : for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
499 : lockdep_is_held(&tbl->lock));
500 0 : n != NULL;
501 0 : n = next) {
502 0 : hash = tbl->hash(n->primary_key, n->dev,
503 0 : new_nht->hash_rnd);
504 :
505 0 : hash >>= (32 - new_nht->hash_shift);
506 0 : next = rcu_dereference_protected(n->next,
507 : lockdep_is_held(&tbl->lock));
508 :
509 0 : rcu_assign_pointer(n->next,
510 : rcu_dereference_protected(
511 : new_nht->hash_buckets[hash],
512 : lockdep_is_held(&tbl->lock)));
513 0 : rcu_assign_pointer(new_nht->hash_buckets[hash], n);
514 : }
515 : }
516 :
517 0 : rcu_assign_pointer(tbl->nht, new_nht);
518 0 : call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
519 0 : return new_nht;
520 : }
521 :
522 3 : struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
523 : struct net_device *dev)
524 : {
525 3 : struct neighbour *n;
526 :
527 3 : NEIGH_CACHE_STAT_INC(tbl, lookups);
528 :
529 3 : rcu_read_lock_bh();
530 3 : n = __neigh_lookup_noref(tbl, pkey, dev);
531 3 : if (n) {
532 3 : if (!refcount_inc_not_zero(&n->refcnt))
533 0 : n = NULL;
534 3 : NEIGH_CACHE_STAT_INC(tbl, hits);
535 : }
536 :
537 3 : rcu_read_unlock_bh();
538 3 : return n;
539 : }
540 : EXPORT_SYMBOL(neigh_lookup);
541 :
542 0 : struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
543 : const void *pkey)
544 : {
545 0 : struct neighbour *n;
546 0 : unsigned int key_len = tbl->key_len;
547 0 : u32 hash_val;
548 0 : struct neigh_hash_table *nht;
549 :
550 0 : NEIGH_CACHE_STAT_INC(tbl, lookups);
551 :
552 0 : rcu_read_lock_bh();
553 0 : nht = rcu_dereference_bh(tbl->nht);
554 0 : hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
555 :
556 0 : for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
557 0 : n != NULL;
558 0 : n = rcu_dereference_bh(n->next)) {
559 0 : if (!memcmp(n->primary_key, pkey, key_len) &&
560 0 : net_eq(dev_net(n->dev), net)) {
561 0 : if (!refcount_inc_not_zero(&n->refcnt))
562 0 : n = NULL;
563 0 : NEIGH_CACHE_STAT_INC(tbl, hits);
564 : break;
565 : }
566 : }
567 :
568 0 : rcu_read_unlock_bh();
569 0 : return n;
570 : }
571 : EXPORT_SYMBOL(neigh_lookup_nodev);
572 :
573 2 : static struct neighbour *___neigh_create(struct neigh_table *tbl,
574 : const void *pkey,
575 : struct net_device *dev,
576 : bool exempt_from_gc, bool want_ref)
577 : {
578 2 : struct neighbour *n1, *rc, *n = neigh_alloc(tbl, dev, exempt_from_gc);
579 2 : u32 hash_val;
580 2 : unsigned int key_len = tbl->key_len;
581 2 : int error;
582 2 : struct neigh_hash_table *nht;
583 :
584 2 : trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
585 :
586 2 : if (!n) {
587 0 : rc = ERR_PTR(-ENOBUFS);
588 0 : goto out;
589 : }
590 :
591 2 : memcpy(n->primary_key, pkey, key_len);
592 2 : n->dev = dev;
593 2 : dev_hold(dev);
594 :
595 : /* Protocol specific setup. */
596 2 : if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
597 0 : rc = ERR_PTR(error);
598 0 : goto out_neigh_release;
599 : }
600 :
601 2 : if (dev->netdev_ops->ndo_neigh_construct) {
602 0 : error = dev->netdev_ops->ndo_neigh_construct(dev, n);
603 0 : if (error < 0) {
604 0 : rc = ERR_PTR(error);
605 0 : goto out_neigh_release;
606 : }
607 : }
608 :
609 : /* Device specific setup. */
610 2 : if (n->parms->neigh_setup &&
611 0 : (error = n->parms->neigh_setup(n)) < 0) {
612 0 : rc = ERR_PTR(error);
613 0 : goto out_neigh_release;
614 : }
615 :
616 2 : n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
617 :
618 2 : write_lock_bh(&tbl->lock);
619 2 : nht = rcu_dereference_protected(tbl->nht,
620 : lockdep_is_held(&tbl->lock));
621 :
622 2 : if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
623 0 : nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
624 :
625 2 : hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
626 :
627 2 : if (n->parms->dead) {
628 0 : rc = ERR_PTR(-EINVAL);
629 0 : goto out_tbl_unlock;
630 : }
631 :
632 2 : for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
633 : lockdep_is_held(&tbl->lock));
634 2 : n1 != NULL;
635 0 : n1 = rcu_dereference_protected(n1->next,
636 : lockdep_is_held(&tbl->lock))) {
637 0 : if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
638 0 : if (want_ref)
639 0 : neigh_hold(n1);
640 0 : rc = n1;
641 0 : goto out_tbl_unlock;
642 : }
643 : }
644 :
645 2 : n->dead = 0;
646 2 : if (!exempt_from_gc)
647 2 : list_add_tail(&n->gc_list, &n->tbl->gc_list);
648 :
649 2 : if (want_ref)
650 0 : neigh_hold(n);
651 2 : rcu_assign_pointer(n->next,
652 : rcu_dereference_protected(nht->hash_buckets[hash_val],
653 : lockdep_is_held(&tbl->lock)));
654 2 : rcu_assign_pointer(nht->hash_buckets[hash_val], n);
655 2 : write_unlock_bh(&tbl->lock);
656 2 : neigh_dbg(2, "neigh %p is created\n", n);
657 2 : rc = n;
658 2 : out:
659 2 : return rc;
660 0 : out_tbl_unlock:
661 0 : write_unlock_bh(&tbl->lock);
662 0 : out_neigh_release:
663 0 : if (!exempt_from_gc)
664 0 : atomic_dec(&tbl->gc_entries);
665 0 : neigh_release(n);
666 0 : goto out;
667 : }
668 :
669 2 : struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
670 : struct net_device *dev, bool want_ref)
671 : {
672 2 : return ___neigh_create(tbl, pkey, dev, false, want_ref);
673 : }
674 : EXPORT_SYMBOL(__neigh_create);
675 :
676 0 : static u32 pneigh_hash(const void *pkey, unsigned int key_len)
677 : {
678 0 : u32 hash_val = *(u32 *)(pkey + key_len - 4);
679 0 : hash_val ^= (hash_val >> 16);
680 0 : hash_val ^= hash_val >> 8;
681 0 : hash_val ^= hash_val >> 4;
682 0 : hash_val &= PNEIGH_HASHMASK;
683 0 : return hash_val;
684 : }
685 :
686 0 : static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
687 : struct net *net,
688 : const void *pkey,
689 : unsigned int key_len,
690 : struct net_device *dev)
691 : {
692 0 : while (n) {
693 0 : if (!memcmp(n->key, pkey, key_len) &&
694 0 : net_eq(pneigh_net(n), net) &&
695 0 : (n->dev == dev || !n->dev))
696 0 : return n;
697 0 : n = n->next;
698 : }
699 : return NULL;
700 : }
701 :
702 0 : struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
703 : struct net *net, const void *pkey, struct net_device *dev)
704 : {
705 0 : unsigned int key_len = tbl->key_len;
706 0 : u32 hash_val = pneigh_hash(pkey, key_len);
707 :
708 0 : return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
709 : net, pkey, key_len, dev);
710 : }
711 : EXPORT_SYMBOL_GPL(__pneigh_lookup);
712 :
713 0 : struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
714 : struct net *net, const void *pkey,
715 : struct net_device *dev, int creat)
716 : {
717 0 : struct pneigh_entry *n;
718 0 : unsigned int key_len = tbl->key_len;
719 0 : u32 hash_val = pneigh_hash(pkey, key_len);
720 :
721 0 : read_lock_bh(&tbl->lock);
722 0 : n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
723 : net, pkey, key_len, dev);
724 0 : read_unlock_bh(&tbl->lock);
725 :
726 0 : if (n || !creat)
727 0 : goto out;
728 :
729 0 : ASSERT_RTNL();
730 :
731 0 : n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL);
732 0 : if (!n)
733 0 : goto out;
734 :
735 0 : n->protocol = 0;
736 0 : write_pnet(&n->net, net);
737 0 : memcpy(n->key, pkey, key_len);
738 0 : n->dev = dev;
739 0 : if (dev)
740 0 : dev_hold(dev);
741 :
742 0 : if (tbl->pconstructor && tbl->pconstructor(n)) {
743 0 : if (dev)
744 0 : dev_put(dev);
745 0 : kfree(n);
746 0 : n = NULL;
747 0 : goto out;
748 : }
749 :
750 0 : write_lock_bh(&tbl->lock);
751 0 : n->next = tbl->phash_buckets[hash_val];
752 0 : tbl->phash_buckets[hash_val] = n;
753 0 : write_unlock_bh(&tbl->lock);
754 0 : out:
755 0 : return n;
756 : }
757 : EXPORT_SYMBOL(pneigh_lookup);
758 :
759 :
760 0 : int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
761 : struct net_device *dev)
762 : {
763 0 : struct pneigh_entry *n, **np;
764 0 : unsigned int key_len = tbl->key_len;
765 0 : u32 hash_val = pneigh_hash(pkey, key_len);
766 :
767 0 : write_lock_bh(&tbl->lock);
768 0 : for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
769 0 : np = &n->next) {
770 0 : if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
771 0 : net_eq(pneigh_net(n), net)) {
772 0 : *np = n->next;
773 0 : write_unlock_bh(&tbl->lock);
774 0 : if (tbl->pdestructor)
775 0 : tbl->pdestructor(n);
776 0 : if (n->dev)
777 0 : dev_put(n->dev);
778 0 : kfree(n);
779 0 : return 0;
780 : }
781 : }
782 0 : write_unlock_bh(&tbl->lock);
783 0 : return -ENOENT;
784 : }
785 :
786 0 : static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
787 : struct net_device *dev)
788 : {
789 0 : struct pneigh_entry *n, **np, *freelist = NULL;
790 0 : u32 h;
791 :
792 0 : for (h = 0; h <= PNEIGH_HASHMASK; h++) {
793 0 : np = &tbl->phash_buckets[h];
794 0 : while ((n = *np) != NULL) {
795 0 : if (!dev || n->dev == dev) {
796 0 : *np = n->next;
797 0 : n->next = freelist;
798 0 : freelist = n;
799 0 : continue;
800 : }
801 0 : np = &n->next;
802 : }
803 : }
804 0 : write_unlock_bh(&tbl->lock);
805 0 : while ((n = freelist)) {
806 0 : freelist = n->next;
807 0 : n->next = NULL;
808 0 : if (tbl->pdestructor)
809 0 : tbl->pdestructor(n);
810 0 : if (n->dev)
811 0 : dev_put(n->dev);
812 0 : kfree(n);
813 : }
814 0 : return -ENOENT;
815 : }
816 :
817 : static void neigh_parms_destroy(struct neigh_parms *parms);
818 :
819 0 : static inline void neigh_parms_put(struct neigh_parms *parms)
820 : {
821 0 : if (refcount_dec_and_test(&parms->refcnt))
822 0 : neigh_parms_destroy(parms);
823 0 : }
824 :
825 : /*
826 : * neighbour must already be out of the table;
827 : *
828 : */
829 0 : void neigh_destroy(struct neighbour *neigh)
830 : {
831 0 : struct net_device *dev = neigh->dev;
832 :
833 0 : NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
834 :
835 0 : if (!neigh->dead) {
836 0 : pr_warn("Destroying alive neighbour %p\n", neigh);
837 0 : dump_stack();
838 0 : return;
839 : }
840 :
841 0 : if (neigh_del_timer(neigh))
842 0 : pr_warn("Impossible event\n");
843 :
844 0 : write_lock_bh(&neigh->lock);
845 0 : __skb_queue_purge(&neigh->arp_queue);
846 0 : write_unlock_bh(&neigh->lock);
847 0 : neigh->arp_queue_len_bytes = 0;
848 :
849 0 : if (dev->netdev_ops->ndo_neigh_destroy)
850 0 : dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
851 :
852 0 : dev_put(dev);
853 0 : neigh_parms_put(neigh->parms);
854 :
855 0 : neigh_dbg(2, "neigh %p is destroyed\n", neigh);
856 :
857 0 : atomic_dec(&neigh->tbl->entries);
858 0 : kfree_rcu(neigh, rcu);
859 : }
860 : EXPORT_SYMBOL(neigh_destroy);
861 :
862 : /* Neighbour state is suspicious;
863 : disable fast path.
864 :
865 : Called with write_locked neigh.
866 : */
867 3 : static void neigh_suspect(struct neighbour *neigh)
868 : {
869 3 : neigh_dbg(2, "neigh %p is suspected\n", neigh);
870 :
871 3 : neigh->output = neigh->ops->output;
872 0 : }
873 :
874 : /* Neighbour state is OK;
875 : enable fast path.
876 :
877 : Called with write_locked neigh.
878 : */
879 3 : static void neigh_connect(struct neighbour *neigh)
880 : {
881 3 : neigh_dbg(2, "neigh %p is connected\n", neigh);
882 :
883 3 : neigh->output = neigh->ops->connected_output;
884 3 : }
885 :
886 3 : static void neigh_periodic_work(struct work_struct *work)
887 : {
888 3 : struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
889 3 : struct neighbour *n;
890 3 : struct neighbour __rcu **np;
891 3 : unsigned int i;
892 3 : struct neigh_hash_table *nht;
893 :
894 3 : NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
895 :
896 3 : write_lock_bh(&tbl->lock);
897 3 : nht = rcu_dereference_protected(tbl->nht,
898 : lockdep_is_held(&tbl->lock));
899 :
900 : /*
901 : * periodically recompute ReachableTime from random function
902 : */
903 :
904 3 : if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
905 0 : struct neigh_parms *p;
906 0 : tbl->last_rand = jiffies;
907 0 : list_for_each_entry(p, &tbl->parms_list, list)
908 0 : p->reachable_time =
909 0 : neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
910 : }
911 :
912 3 : if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
913 3 : goto out;
914 :
915 0 : for (i = 0 ; i < (1 << nht->hash_shift); i++) {
916 0 : np = &nht->hash_buckets[i];
917 :
918 0 : while ((n = rcu_dereference_protected(*np,
919 : lockdep_is_held(&tbl->lock))) != NULL) {
920 0 : unsigned int state;
921 :
922 0 : write_lock(&n->lock);
923 :
924 0 : state = n->nud_state;
925 0 : if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
926 0 : (n->flags & NTF_EXT_LEARNED)) {
927 0 : write_unlock(&n->lock);
928 0 : goto next_elt;
929 : }
930 :
931 0 : if (time_before(n->used, n->confirmed))
932 0 : n->used = n->confirmed;
933 :
934 0 : if (refcount_read(&n->refcnt) == 1 &&
935 : (state == NUD_FAILED ||
936 0 : time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
937 0 : *np = n->next;
938 0 : neigh_mark_dead(n);
939 0 : write_unlock(&n->lock);
940 0 : neigh_cleanup_and_release(n);
941 0 : continue;
942 : }
943 0 : write_unlock(&n->lock);
944 :
945 0 : next_elt:
946 0 : np = &n->next;
947 : }
948 : /*
949 : * It's fine to release lock here, even if hash table
950 : * grows while we are preempted.
951 : */
952 0 : write_unlock_bh(&tbl->lock);
953 0 : cond_resched();
954 0 : write_lock_bh(&tbl->lock);
955 0 : nht = rcu_dereference_protected(tbl->nht,
956 : lockdep_is_held(&tbl->lock));
957 : }
958 0 : out:
959 : /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
960 : * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
961 : * BASE_REACHABLE_TIME.
962 : */
963 6 : queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
964 3 : NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
965 3 : write_unlock_bh(&tbl->lock);
966 3 : }
967 :
968 1 : static __inline__ int neigh_max_probes(struct neighbour *n)
969 : {
970 1 : struct neigh_parms *p = n->parms;
971 2 : return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
972 1 : (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
973 : NEIGH_VAR(p, MCAST_PROBES));
974 : }
975 :
976 0 : static void neigh_invalidate(struct neighbour *neigh)
977 : __releases(neigh->lock)
978 : __acquires(neigh->lock)
979 : {
980 0 : struct sk_buff *skb;
981 :
982 0 : NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
983 0 : neigh_dbg(2, "neigh %p is failed\n", neigh);
984 0 : neigh->updated = jiffies;
985 :
986 : /* It is very thin place. report_unreachable is very complicated
987 : routine. Particularly, it can hit the same neighbour entry!
988 :
989 : So that, we try to be accurate and avoid dead loop. --ANK
990 : */
991 0 : while (neigh->nud_state == NUD_FAILED &&
992 0 : (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
993 0 : write_unlock(&neigh->lock);
994 0 : neigh->ops->error_report(neigh, skb);
995 0 : write_lock(&neigh->lock);
996 : }
997 0 : __skb_queue_purge(&neigh->arp_queue);
998 0 : neigh->arp_queue_len_bytes = 0;
999 0 : }
1000 :
1001 3 : static void neigh_probe(struct neighbour *neigh)
1002 : __releases(neigh->lock)
1003 : {
1004 3 : struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1005 : /* keep skb alive even if arp_queue overflows */
1006 2 : if (skb)
1007 2 : skb = skb_clone(skb, GFP_ATOMIC);
1008 3 : write_unlock(&neigh->lock);
1009 3 : if (neigh->ops->solicit)
1010 3 : neigh->ops->solicit(neigh, skb);
1011 3 : atomic_inc(&neigh->probes);
1012 3 : consume_skb(skb);
1013 3 : }
1014 :
1015 : /* Called when a timer expires for a neighbour entry. */
1016 :
1017 5 : static void neigh_timer_handler(struct timer_list *t)
1018 : {
1019 5 : unsigned long now, next;
1020 5 : struct neighbour *neigh = from_timer(neigh, t, timer);
1021 5 : unsigned int state;
1022 5 : int notify = 0;
1023 :
1024 5 : write_lock(&neigh->lock);
1025 :
1026 5 : state = neigh->nud_state;
1027 5 : now = jiffies;
1028 5 : next = now + HZ;
1029 :
1030 5 : if (!(state & NUD_IN_TIMER))
1031 0 : goto out;
1032 :
1033 5 : if (state & NUD_REACHABLE) {
1034 4 : if (time_before_eq(now,
1035 : neigh->confirmed + neigh->parms->reachable_time)) {
1036 : neigh_dbg(2, "neigh %p is still alive\n", neigh);
1037 : next = neigh->confirmed + neigh->parms->reachable_time;
1038 3 : } else if (time_before_eq(now,
1039 : neigh->used +
1040 : NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1041 0 : neigh_dbg(2, "neigh %p is delayed\n", neigh);
1042 0 : neigh->nud_state = NUD_DELAY;
1043 0 : neigh->updated = jiffies;
1044 0 : neigh_suspect(neigh);
1045 0 : next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1046 : } else {
1047 3 : neigh_dbg(2, "neigh %p is suspected\n", neigh);
1048 3 : neigh->nud_state = NUD_STALE;
1049 3 : neigh->updated = jiffies;
1050 3 : neigh_suspect(neigh);
1051 3 : notify = 1;
1052 : }
1053 1 : } else if (state & NUD_DELAY) {
1054 1 : if (time_before_eq(now,
1055 : neigh->confirmed +
1056 : NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1057 0 : neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1058 0 : neigh->nud_state = NUD_REACHABLE;
1059 0 : neigh->updated = jiffies;
1060 0 : neigh_connect(neigh);
1061 0 : notify = 1;
1062 0 : next = neigh->confirmed + neigh->parms->reachable_time;
1063 : } else {
1064 1 : neigh_dbg(2, "neigh %p is probed\n", neigh);
1065 1 : neigh->nud_state = NUD_PROBE;
1066 1 : neigh->updated = jiffies;
1067 1 : atomic_set(&neigh->probes, 0);
1068 1 : notify = 1;
1069 1 : next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1070 : HZ/100);
1071 : }
1072 : } else {
1073 : /* NUD_PROBE|NUD_INCOMPLETE */
1074 0 : next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1075 : }
1076 :
1077 5 : if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1078 1 : atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1079 0 : neigh->nud_state = NUD_FAILED;
1080 0 : notify = 1;
1081 0 : neigh_invalidate(neigh);
1082 0 : goto out;
1083 : }
1084 :
1085 5 : if (neigh->nud_state & NUD_IN_TIMER) {
1086 2 : if (time_before(next, jiffies + HZ/100))
1087 0 : next = jiffies + HZ/100;
1088 2 : if (!mod_timer(&neigh->timer, next))
1089 2 : neigh_hold(neigh);
1090 : }
1091 5 : if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1092 1 : neigh_probe(neigh);
1093 : } else {
1094 4 : out:
1095 4 : write_unlock(&neigh->lock);
1096 : }
1097 :
1098 5 : if (notify)
1099 4 : neigh_update_notify(neigh, 0);
1100 :
1101 5 : trace_neigh_timer_handler(neigh, 0);
1102 :
1103 5 : neigh_release(neigh);
1104 5 : }
1105 :
1106 4 : int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
1107 : {
1108 4 : int rc;
1109 4 : bool immediate_probe = false;
1110 :
1111 4 : write_lock_bh(&neigh->lock);
1112 :
1113 4 : rc = 0;
1114 4 : if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1115 0 : goto out_unlock_bh;
1116 4 : if (neigh->dead)
1117 0 : goto out_dead;
1118 :
1119 4 : if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1120 2 : if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1121 2 : NEIGH_VAR(neigh->parms, APP_PROBES)) {
1122 2 : unsigned long next, now = jiffies;
1123 :
1124 2 : atomic_set(&neigh->probes,
1125 : NEIGH_VAR(neigh->parms, UCAST_PROBES));
1126 2 : neigh_del_timer(neigh);
1127 2 : neigh->nud_state = NUD_INCOMPLETE;
1128 2 : neigh->updated = now;
1129 2 : next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1130 : HZ/100);
1131 2 : neigh_add_timer(neigh, next);
1132 2 : immediate_probe = true;
1133 : } else {
1134 0 : neigh->nud_state = NUD_FAILED;
1135 0 : neigh->updated = jiffies;
1136 0 : write_unlock_bh(&neigh->lock);
1137 :
1138 0 : kfree_skb(skb);
1139 0 : return 1;
1140 : }
1141 2 : } else if (neigh->nud_state & NUD_STALE) {
1142 2 : neigh_dbg(2, "neigh %p is delayed\n", neigh);
1143 2 : neigh_del_timer(neigh);
1144 2 : neigh->nud_state = NUD_DELAY;
1145 2 : neigh->updated = jiffies;
1146 2 : neigh_add_timer(neigh, jiffies +
1147 2 : NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1148 : }
1149 :
1150 4 : if (neigh->nud_state == NUD_INCOMPLETE) {
1151 2 : if (skb) {
1152 2 : while (neigh->arp_queue_len_bytes + skb->truesize >
1153 2 : NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1154 0 : struct sk_buff *buff;
1155 :
1156 0 : buff = __skb_dequeue(&neigh->arp_queue);
1157 0 : if (!buff)
1158 : break;
1159 0 : neigh->arp_queue_len_bytes -= buff->truesize;
1160 0 : kfree_skb(buff);
1161 2 : NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1162 : }
1163 2 : skb_dst_force(skb);
1164 2 : __skb_queue_tail(&neigh->arp_queue, skb);
1165 2 : neigh->arp_queue_len_bytes += skb->truesize;
1166 : }
1167 : rc = 1;
1168 : }
1169 2 : out_unlock_bh:
1170 4 : if (immediate_probe)
1171 2 : neigh_probe(neigh);
1172 : else
1173 2 : write_unlock(&neigh->lock);
1174 4 : local_bh_enable();
1175 4 : trace_neigh_event_send_done(neigh, rc);
1176 4 : return rc;
1177 :
1178 0 : out_dead:
1179 0 : if (neigh->nud_state & NUD_STALE)
1180 0 : goto out_unlock_bh;
1181 0 : write_unlock_bh(&neigh->lock);
1182 0 : kfree_skb(skb);
1183 0 : trace_neigh_event_send_dead(neigh, 1);
1184 0 : return 1;
1185 : }
1186 : EXPORT_SYMBOL(__neigh_event_send);
1187 :
1188 2 : static void neigh_update_hhs(struct neighbour *neigh)
1189 : {
1190 2 : struct hh_cache *hh;
1191 2 : void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1192 : = NULL;
1193 :
1194 2 : if (neigh->dev->header_ops)
1195 2 : update = neigh->dev->header_ops->cache_update;
1196 :
1197 2 : if (update) {
1198 2 : hh = &neigh->hh;
1199 2 : if (READ_ONCE(hh->hh_len)) {
1200 0 : write_seqlock_bh(&hh->hh_lock);
1201 0 : update(hh, neigh->dev, neigh->ha);
1202 0 : write_sequnlock_bh(&hh->hh_lock);
1203 : }
1204 : }
1205 2 : }
1206 :
1207 :
1208 :
1209 : /* Generic update routine.
1210 : -- lladdr is new lladdr or NULL, if it is not supplied.
1211 : -- new is new state.
1212 : -- flags
1213 : NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1214 : if it is different.
1215 : NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1216 : lladdr instead of overriding it
1217 : if it is different.
1218 : NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1219 :
1220 : NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1221 : NTF_ROUTER flag.
1222 : NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1223 : a router.
1224 :
1225 : Caller MUST hold reference count on the entry.
1226 : */
1227 :
1228 3 : static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1229 : u8 new, u32 flags, u32 nlmsg_pid,
1230 : struct netlink_ext_ack *extack)
1231 : {
1232 3 : bool ext_learn_change = false;
1233 3 : u8 old;
1234 3 : int err;
1235 3 : int notify = 0;
1236 3 : struct net_device *dev;
1237 3 : int update_isrouter = 0;
1238 :
1239 3 : trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1240 :
1241 3 : write_lock_bh(&neigh->lock);
1242 :
1243 3 : dev = neigh->dev;
1244 3 : old = neigh->nud_state;
1245 3 : err = -EPERM;
1246 :
1247 3 : if (neigh->dead) {
1248 0 : NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1249 0 : new = old;
1250 0 : goto out;
1251 : }
1252 3 : if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1253 : (old & (NUD_NOARP | NUD_PERMANENT)))
1254 0 : goto out;
1255 :
1256 3 : ext_learn_change = neigh_update_ext_learned(neigh, flags, ¬ify);
1257 :
1258 3 : if (!(new & NUD_VALID)) {
1259 0 : neigh_del_timer(neigh);
1260 0 : if (old & NUD_CONNECTED)
1261 0 : neigh_suspect(neigh);
1262 0 : neigh->nud_state = new;
1263 0 : err = 0;
1264 0 : notify = old & NUD_VALID;
1265 0 : if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1266 : (new & NUD_FAILED)) {
1267 0 : neigh_invalidate(neigh);
1268 0 : notify = 1;
1269 : }
1270 0 : goto out;
1271 : }
1272 :
1273 : /* Compare new lladdr with cached one */
1274 3 : if (!dev->addr_len) {
1275 : /* First case: device needs no address. */
1276 0 : lladdr = neigh->ha;
1277 3 : } else if (lladdr) {
1278 : /* The second case: if something is already cached
1279 : and a new address is proposed:
1280 : - compare new & old
1281 : - if they are different, check override flag
1282 : */
1283 3 : if ((old & NUD_VALID) &&
1284 1 : !memcmp(lladdr, neigh->ha, dev->addr_len))
1285 1 : lladdr = neigh->ha;
1286 : } else {
1287 : /* No address is supplied; if we know something,
1288 : use it, otherwise discard the request.
1289 : */
1290 0 : err = -EINVAL;
1291 0 : if (!(old & NUD_VALID)) {
1292 0 : NL_SET_ERR_MSG(extack, "No link layer address given");
1293 0 : goto out;
1294 : }
1295 0 : lladdr = neigh->ha;
1296 : }
1297 :
1298 : /* Update confirmed timestamp for neighbour entry after we
1299 : * received ARP packet even if it doesn't change IP to MAC binding.
1300 : */
1301 3 : if (new & NUD_CONNECTED)
1302 3 : neigh->confirmed = jiffies;
1303 :
1304 : /* If entry was valid and address is not changed,
1305 : do not change entry state, if new one is STALE.
1306 : */
1307 3 : err = 0;
1308 3 : update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1309 3 : if (old & NUD_VALID) {
1310 1 : if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1311 0 : update_isrouter = 0;
1312 0 : if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1313 : (old & NUD_CONNECTED)) {
1314 : lladdr = neigh->ha;
1315 : new = NUD_STALE;
1316 : } else
1317 0 : goto out;
1318 : } else {
1319 1 : if (lladdr == neigh->ha && new == NUD_STALE &&
1320 1 : !(flags & NEIGH_UPDATE_F_ADMIN))
1321 0 : new = old;
1322 : }
1323 : }
1324 :
1325 : /* Update timestamp only once we know we will make a change to the
1326 : * neighbour entry. Otherwise we risk to move the locktime window with
1327 : * noop updates and ignore relevant ARP updates.
1328 : */
1329 3 : if (new != old || lladdr != neigh->ha)
1330 3 : neigh->updated = jiffies;
1331 :
1332 3 : if (new != old) {
1333 3 : neigh_del_timer(neigh);
1334 3 : if (new & NUD_PROBE)
1335 0 : atomic_set(&neigh->probes, 0);
1336 3 : if (new & NUD_IN_TIMER)
1337 3 : neigh_add_timer(neigh, (jiffies +
1338 : ((new & NUD_REACHABLE) ?
1339 3 : neigh->parms->reachable_time :
1340 : 0)));
1341 3 : neigh->nud_state = new;
1342 3 : notify = 1;
1343 : }
1344 :
1345 3 : if (lladdr != neigh->ha) {
1346 2 : write_seqlock(&neigh->ha_lock);
1347 2 : memcpy(&neigh->ha, lladdr, dev->addr_len);
1348 2 : write_sequnlock(&neigh->ha_lock);
1349 2 : neigh_update_hhs(neigh);
1350 2 : if (!(new & NUD_CONNECTED))
1351 0 : neigh->confirmed = jiffies -
1352 0 : (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1353 2 : notify = 1;
1354 : }
1355 3 : if (new == old)
1356 0 : goto out;
1357 3 : if (new & NUD_CONNECTED)
1358 3 : neigh_connect(neigh);
1359 : else
1360 0 : neigh_suspect(neigh);
1361 3 : if (!(old & NUD_VALID)) {
1362 : struct sk_buff *skb;
1363 :
1364 : /* Again: avoid dead loop if something went wrong */
1365 :
1366 4 : while (neigh->nud_state & NUD_VALID &&
1367 4 : (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1368 2 : struct dst_entry *dst = skb_dst(skb);
1369 2 : struct neighbour *n2, *n1 = neigh;
1370 2 : write_unlock_bh(&neigh->lock);
1371 :
1372 2 : rcu_read_lock();
1373 :
1374 : /* Why not just use 'neigh' as-is? The problem is that
1375 : * things such as shaper, eql, and sch_teql can end up
1376 : * using alternative, different, neigh objects to output
1377 : * the packet in the output path. So what we need to do
1378 : * here is re-lookup the top-level neigh in the path so
1379 : * we can reinject the packet there.
1380 : */
1381 2 : n2 = NULL;
1382 2 : if (dst) {
1383 2 : n2 = dst_neigh_lookup_skb(dst, skb);
1384 2 : if (n2)
1385 2 : n1 = n2;
1386 : }
1387 2 : n1->output(n1, skb);
1388 2 : if (n2)
1389 2 : neigh_release(n2);
1390 2 : rcu_read_unlock();
1391 :
1392 2 : write_lock_bh(&neigh->lock);
1393 : }
1394 2 : __skb_queue_purge(&neigh->arp_queue);
1395 2 : neigh->arp_queue_len_bytes = 0;
1396 : }
1397 1 : out:
1398 3 : if (update_isrouter)
1399 0 : neigh_update_is_router(neigh, flags, ¬ify);
1400 3 : write_unlock_bh(&neigh->lock);
1401 :
1402 3 : if (((new ^ old) & NUD_PERMANENT) || ext_learn_change)
1403 0 : neigh_update_gc_list(neigh);
1404 :
1405 3 : if (notify)
1406 3 : neigh_update_notify(neigh, nlmsg_pid);
1407 :
1408 3 : trace_neigh_update_done(neigh, err);
1409 :
1410 3 : return err;
1411 : }
1412 :
1413 3 : int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1414 : u32 flags, u32 nlmsg_pid)
1415 : {
1416 3 : return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1417 : }
1418 : EXPORT_SYMBOL(neigh_update);
1419 :
1420 : /* Update the neigh to listen temporarily for probe responses, even if it is
1421 : * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1422 : */
1423 0 : void __neigh_set_probe_once(struct neighbour *neigh)
1424 : {
1425 0 : if (neigh->dead)
1426 : return;
1427 0 : neigh->updated = jiffies;
1428 0 : if (!(neigh->nud_state & NUD_FAILED))
1429 : return;
1430 0 : neigh->nud_state = NUD_INCOMPLETE;
1431 0 : atomic_set(&neigh->probes, neigh_max_probes(neigh));
1432 0 : neigh_add_timer(neigh,
1433 0 : jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1434 : HZ/100));
1435 : }
1436 : EXPORT_SYMBOL(__neigh_set_probe_once);
1437 :
1438 0 : struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1439 : u8 *lladdr, void *saddr,
1440 : struct net_device *dev)
1441 : {
1442 0 : struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1443 0 : lladdr || !dev->addr_len);
1444 0 : if (neigh)
1445 0 : neigh_update(neigh, lladdr, NUD_STALE,
1446 : NEIGH_UPDATE_F_OVERRIDE, 0);
1447 0 : return neigh;
1448 : }
1449 : EXPORT_SYMBOL(neigh_event_ns);
1450 :
1451 : /* called with read_lock_bh(&n->lock); */
1452 2 : static void neigh_hh_init(struct neighbour *n)
1453 : {
1454 2 : struct net_device *dev = n->dev;
1455 2 : __be16 prot = n->tbl->protocol;
1456 2 : struct hh_cache *hh = &n->hh;
1457 :
1458 2 : write_lock_bh(&n->lock);
1459 :
1460 : /* Only one thread can come in here and initialize the
1461 : * hh_cache entry.
1462 : */
1463 2 : if (!hh->hh_len)
1464 2 : dev->header_ops->cache(n, hh, prot);
1465 :
1466 2 : write_unlock_bh(&n->lock);
1467 2 : }
1468 :
1469 : /* Slow and careful. */
1470 :
1471 8 : int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1472 : {
1473 8 : int rc = 0;
1474 :
1475 8 : if (!neigh_event_send(neigh, skb)) {
1476 6 : int err;
1477 6 : struct net_device *dev = neigh->dev;
1478 6 : unsigned int seq;
1479 :
1480 6 : if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1481 2 : neigh_hh_init(neigh);
1482 :
1483 6 : do {
1484 6 : __skb_pull(skb, skb_network_offset(skb));
1485 6 : seq = read_seqbegin(&neigh->ha_lock);
1486 12 : err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1487 6 : neigh->ha, NULL, skb->len);
1488 6 : } while (read_seqretry(&neigh->ha_lock, seq));
1489 :
1490 6 : if (err >= 0)
1491 6 : rc = dev_queue_xmit(skb);
1492 : else
1493 0 : goto out_kfree_skb;
1494 : }
1495 2 : out:
1496 8 : return rc;
1497 0 : out_kfree_skb:
1498 0 : rc = -EINVAL;
1499 0 : kfree_skb(skb);
1500 0 : goto out;
1501 : }
1502 : EXPORT_SYMBOL(neigh_resolve_output);
1503 :
1504 : /* As fast as possible without hh cache */
1505 :
1506 0 : int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1507 : {
1508 0 : struct net_device *dev = neigh->dev;
1509 0 : unsigned int seq;
1510 0 : int err;
1511 :
1512 0 : do {
1513 0 : __skb_pull(skb, skb_network_offset(skb));
1514 0 : seq = read_seqbegin(&neigh->ha_lock);
1515 0 : err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1516 0 : neigh->ha, NULL, skb->len);
1517 0 : } while (read_seqretry(&neigh->ha_lock, seq));
1518 :
1519 0 : if (err >= 0)
1520 0 : err = dev_queue_xmit(skb);
1521 : else {
1522 0 : err = -EINVAL;
1523 0 : kfree_skb(skb);
1524 : }
1525 0 : return err;
1526 : }
1527 : EXPORT_SYMBOL(neigh_connected_output);
1528 :
1529 0 : int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1530 : {
1531 0 : return dev_queue_xmit(skb);
1532 : }
1533 : EXPORT_SYMBOL(neigh_direct_output);
1534 :
1535 0 : static void neigh_proxy_process(struct timer_list *t)
1536 : {
1537 0 : struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1538 0 : long sched_next = 0;
1539 0 : unsigned long now = jiffies;
1540 0 : struct sk_buff *skb, *n;
1541 :
1542 0 : spin_lock(&tbl->proxy_queue.lock);
1543 :
1544 0 : skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1545 0 : long tdif = NEIGH_CB(skb)->sched_next - now;
1546 :
1547 0 : if (tdif <= 0) {
1548 0 : struct net_device *dev = skb->dev;
1549 :
1550 0 : __skb_unlink(skb, &tbl->proxy_queue);
1551 0 : if (tbl->proxy_redo && netif_running(dev)) {
1552 0 : rcu_read_lock();
1553 0 : tbl->proxy_redo(skb);
1554 0 : rcu_read_unlock();
1555 : } else {
1556 0 : kfree_skb(skb);
1557 : }
1558 :
1559 0 : dev_put(dev);
1560 0 : } else if (!sched_next || tdif < sched_next)
1561 0 : sched_next = tdif;
1562 : }
1563 0 : del_timer(&tbl->proxy_timer);
1564 0 : if (sched_next)
1565 0 : mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1566 0 : spin_unlock(&tbl->proxy_queue.lock);
1567 0 : }
1568 :
1569 0 : void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1570 : struct sk_buff *skb)
1571 : {
1572 0 : unsigned long sched_next = jiffies +
1573 0 : prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1574 :
1575 0 : if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1576 0 : kfree_skb(skb);
1577 0 : return;
1578 : }
1579 :
1580 0 : NEIGH_CB(skb)->sched_next = sched_next;
1581 0 : NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1582 :
1583 0 : spin_lock(&tbl->proxy_queue.lock);
1584 0 : if (del_timer(&tbl->proxy_timer)) {
1585 0 : if (time_before(tbl->proxy_timer.expires, sched_next))
1586 0 : sched_next = tbl->proxy_timer.expires;
1587 : }
1588 0 : skb_dst_drop(skb);
1589 0 : dev_hold(skb->dev);
1590 0 : __skb_queue_tail(&tbl->proxy_queue, skb);
1591 0 : mod_timer(&tbl->proxy_timer, sched_next);
1592 0 : spin_unlock(&tbl->proxy_queue.lock);
1593 : }
1594 : EXPORT_SYMBOL(pneigh_enqueue);
1595 :
1596 0 : static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1597 : struct net *net, int ifindex)
1598 : {
1599 0 : struct neigh_parms *p;
1600 :
1601 0 : list_for_each_entry(p, &tbl->parms_list, list) {
1602 0 : if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1603 0 : (!p->dev && !ifindex && net_eq(net, &init_net)))
1604 0 : return p;
1605 : }
1606 :
1607 : return NULL;
1608 : }
1609 :
1610 2 : struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1611 : struct neigh_table *tbl)
1612 : {
1613 2 : struct neigh_parms *p;
1614 2 : struct net *net = dev_net(dev);
1615 2 : const struct net_device_ops *ops = dev->netdev_ops;
1616 :
1617 2 : p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1618 2 : if (p) {
1619 2 : p->tbl = tbl;
1620 2 : refcount_set(&p->refcnt, 1);
1621 4 : p->reachable_time =
1622 2 : neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1623 2 : dev_hold(dev);
1624 2 : p->dev = dev;
1625 2 : write_pnet(&p->net, net);
1626 2 : p->sysctl_table = NULL;
1627 :
1628 2 : if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1629 0 : dev_put(dev);
1630 0 : kfree(p);
1631 0 : return NULL;
1632 : }
1633 :
1634 2 : write_lock_bh(&tbl->lock);
1635 2 : list_add(&p->list, &tbl->parms.list);
1636 2 : write_unlock_bh(&tbl->lock);
1637 :
1638 2 : neigh_parms_data_state_cleanall(p);
1639 : }
1640 : return p;
1641 : }
1642 : EXPORT_SYMBOL(neigh_parms_alloc);
1643 :
1644 0 : static void neigh_rcu_free_parms(struct rcu_head *head)
1645 : {
1646 0 : struct neigh_parms *parms =
1647 0 : container_of(head, struct neigh_parms, rcu_head);
1648 :
1649 0 : neigh_parms_put(parms);
1650 0 : }
1651 :
1652 0 : void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1653 : {
1654 0 : if (!parms || parms == &tbl->parms)
1655 : return;
1656 0 : write_lock_bh(&tbl->lock);
1657 0 : list_del(&parms->list);
1658 0 : parms->dead = 1;
1659 0 : write_unlock_bh(&tbl->lock);
1660 0 : if (parms->dev)
1661 0 : dev_put(parms->dev);
1662 0 : call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1663 : }
1664 : EXPORT_SYMBOL(neigh_parms_release);
1665 :
1666 0 : static void neigh_parms_destroy(struct neigh_parms *parms)
1667 : {
1668 0 : kfree(parms);
1669 0 : }
1670 :
1671 : static struct lock_class_key neigh_table_proxy_queue_class;
1672 :
1673 : static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1674 :
1675 1 : void neigh_table_init(int index, struct neigh_table *tbl)
1676 : {
1677 1 : unsigned long now = jiffies;
1678 1 : unsigned long phsize;
1679 :
1680 1 : INIT_LIST_HEAD(&tbl->parms_list);
1681 1 : INIT_LIST_HEAD(&tbl->gc_list);
1682 1 : list_add(&tbl->parms.list, &tbl->parms_list);
1683 1 : write_pnet(&tbl->parms.net, &init_net);
1684 1 : refcount_set(&tbl->parms.refcnt, 1);
1685 2 : tbl->parms.reachable_time =
1686 1 : neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1687 :
1688 1 : tbl->stats = alloc_percpu(struct neigh_statistics);
1689 1 : if (!tbl->stats)
1690 0 : panic("cannot create neighbour cache statistics");
1691 :
1692 : #ifdef CONFIG_PROC_FS
1693 1 : if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1694 : &neigh_stat_seq_ops, tbl))
1695 0 : panic("cannot create neighbour proc dir entry");
1696 : #endif
1697 :
1698 1 : RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1699 :
1700 1 : phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1701 1 : tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1702 :
1703 1 : if (!tbl->nht || !tbl->phash_buckets)
1704 0 : panic("cannot allocate neighbour cache hashes");
1705 :
1706 1 : if (!tbl->entry_size)
1707 1 : tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1708 : tbl->key_len, NEIGH_PRIV_ALIGN);
1709 : else
1710 0 : WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1711 :
1712 1 : rwlock_init(&tbl->lock);
1713 1 : INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1714 2 : queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1715 1 : tbl->parms.reachable_time);
1716 1 : timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1717 1 : skb_queue_head_init_class(&tbl->proxy_queue,
1718 : &neigh_table_proxy_queue_class);
1719 :
1720 1 : tbl->last_flush = now;
1721 1 : tbl->last_rand = now + tbl->parms.reachable_time * 20;
1722 :
1723 1 : neigh_tables[index] = tbl;
1724 1 : }
1725 : EXPORT_SYMBOL(neigh_table_init);
1726 :
1727 0 : int neigh_table_clear(int index, struct neigh_table *tbl)
1728 : {
1729 0 : neigh_tables[index] = NULL;
1730 : /* It is not clean... Fix it to unload IPv6 module safely */
1731 0 : cancel_delayed_work_sync(&tbl->gc_work);
1732 0 : del_timer_sync(&tbl->proxy_timer);
1733 0 : pneigh_queue_purge(&tbl->proxy_queue);
1734 0 : neigh_ifdown(tbl, NULL);
1735 0 : if (atomic_read(&tbl->entries))
1736 0 : pr_crit("neighbour leakage\n");
1737 :
1738 0 : call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1739 : neigh_hash_free_rcu);
1740 0 : tbl->nht = NULL;
1741 :
1742 0 : kfree(tbl->phash_buckets);
1743 0 : tbl->phash_buckets = NULL;
1744 :
1745 0 : remove_proc_entry(tbl->id, init_net.proc_net_stat);
1746 :
1747 0 : free_percpu(tbl->stats);
1748 0 : tbl->stats = NULL;
1749 :
1750 0 : return 0;
1751 : }
1752 : EXPORT_SYMBOL(neigh_table_clear);
1753 :
1754 0 : static struct neigh_table *neigh_find_table(int family)
1755 : {
1756 0 : struct neigh_table *tbl = NULL;
1757 :
1758 0 : switch (family) {
1759 0 : case AF_INET:
1760 0 : tbl = neigh_tables[NEIGH_ARP_TABLE];
1761 0 : break;
1762 0 : case AF_INET6:
1763 0 : tbl = neigh_tables[NEIGH_ND_TABLE];
1764 0 : break;
1765 0 : case AF_DECnet:
1766 0 : tbl = neigh_tables[NEIGH_DN_TABLE];
1767 0 : break;
1768 : }
1769 :
1770 0 : return tbl;
1771 : }
1772 :
1773 : const struct nla_policy nda_policy[NDA_MAX+1] = {
1774 : [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1775 : [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1776 : [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1777 : [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1778 : [NDA_PROBES] = { .type = NLA_U32 },
1779 : [NDA_VLAN] = { .type = NLA_U16 },
1780 : [NDA_PORT] = { .type = NLA_U16 },
1781 : [NDA_VNI] = { .type = NLA_U32 },
1782 : [NDA_IFINDEX] = { .type = NLA_U32 },
1783 : [NDA_MASTER] = { .type = NLA_U32 },
1784 : [NDA_PROTOCOL] = { .type = NLA_U8 },
1785 : [NDA_NH_ID] = { .type = NLA_U32 },
1786 : [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1787 : };
1788 :
1789 0 : static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1790 : struct netlink_ext_ack *extack)
1791 : {
1792 0 : struct net *net = sock_net(skb->sk);
1793 0 : struct ndmsg *ndm;
1794 0 : struct nlattr *dst_attr;
1795 0 : struct neigh_table *tbl;
1796 0 : struct neighbour *neigh;
1797 0 : struct net_device *dev = NULL;
1798 0 : int err = -EINVAL;
1799 :
1800 0 : ASSERT_RTNL();
1801 0 : if (nlmsg_len(nlh) < sizeof(*ndm))
1802 0 : goto out;
1803 :
1804 0 : dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1805 0 : if (!dst_attr) {
1806 0 : NL_SET_ERR_MSG(extack, "Network address not specified");
1807 0 : goto out;
1808 : }
1809 :
1810 0 : ndm = nlmsg_data(nlh);
1811 0 : if (ndm->ndm_ifindex) {
1812 0 : dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1813 0 : if (dev == NULL) {
1814 0 : err = -ENODEV;
1815 0 : goto out;
1816 : }
1817 : }
1818 :
1819 0 : tbl = neigh_find_table(ndm->ndm_family);
1820 0 : if (tbl == NULL)
1821 : return -EAFNOSUPPORT;
1822 :
1823 0 : if (nla_len(dst_attr) < (int)tbl->key_len) {
1824 0 : NL_SET_ERR_MSG(extack, "Invalid network address");
1825 0 : goto out;
1826 : }
1827 :
1828 0 : if (ndm->ndm_flags & NTF_PROXY) {
1829 0 : err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1830 0 : goto out;
1831 : }
1832 :
1833 0 : if (dev == NULL)
1834 0 : goto out;
1835 :
1836 0 : neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1837 0 : if (neigh == NULL) {
1838 0 : err = -ENOENT;
1839 0 : goto out;
1840 : }
1841 :
1842 0 : err = __neigh_update(neigh, NULL, NUD_FAILED,
1843 : NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1844 : NETLINK_CB(skb).portid, extack);
1845 0 : write_lock_bh(&tbl->lock);
1846 0 : neigh_release(neigh);
1847 0 : neigh_remove_one(neigh, tbl);
1848 0 : write_unlock_bh(&tbl->lock);
1849 :
1850 : out:
1851 : return err;
1852 : }
1853 :
1854 0 : static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1855 : struct netlink_ext_ack *extack)
1856 : {
1857 0 : int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1858 : NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1859 0 : struct net *net = sock_net(skb->sk);
1860 0 : struct ndmsg *ndm;
1861 0 : struct nlattr *tb[NDA_MAX+1];
1862 0 : struct neigh_table *tbl;
1863 0 : struct net_device *dev = NULL;
1864 0 : struct neighbour *neigh;
1865 0 : void *dst, *lladdr;
1866 0 : u8 protocol = 0;
1867 0 : int err;
1868 :
1869 0 : ASSERT_RTNL();
1870 0 : err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1871 : nda_policy, extack);
1872 0 : if (err < 0)
1873 0 : goto out;
1874 :
1875 0 : err = -EINVAL;
1876 0 : if (!tb[NDA_DST]) {
1877 0 : NL_SET_ERR_MSG(extack, "Network address not specified");
1878 0 : goto out;
1879 : }
1880 :
1881 0 : ndm = nlmsg_data(nlh);
1882 0 : if (ndm->ndm_ifindex) {
1883 0 : dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1884 0 : if (dev == NULL) {
1885 0 : err = -ENODEV;
1886 0 : goto out;
1887 : }
1888 :
1889 0 : if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1890 0 : NL_SET_ERR_MSG(extack, "Invalid link address");
1891 0 : goto out;
1892 : }
1893 : }
1894 :
1895 0 : tbl = neigh_find_table(ndm->ndm_family);
1896 0 : if (tbl == NULL)
1897 : return -EAFNOSUPPORT;
1898 :
1899 0 : if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1900 0 : NL_SET_ERR_MSG(extack, "Invalid network address");
1901 0 : goto out;
1902 : }
1903 :
1904 0 : dst = nla_data(tb[NDA_DST]);
1905 0 : lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1906 :
1907 0 : if (tb[NDA_PROTOCOL])
1908 0 : protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1909 :
1910 0 : if (ndm->ndm_flags & NTF_PROXY) {
1911 0 : struct pneigh_entry *pn;
1912 :
1913 0 : err = -ENOBUFS;
1914 0 : pn = pneigh_lookup(tbl, net, dst, dev, 1);
1915 0 : if (pn) {
1916 0 : pn->flags = ndm->ndm_flags;
1917 0 : if (protocol)
1918 0 : pn->protocol = protocol;
1919 : err = 0;
1920 : }
1921 0 : goto out;
1922 : }
1923 :
1924 0 : if (!dev) {
1925 0 : NL_SET_ERR_MSG(extack, "Device not specified");
1926 0 : goto out;
1927 : }
1928 :
1929 0 : if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
1930 0 : err = -EINVAL;
1931 0 : goto out;
1932 : }
1933 :
1934 0 : neigh = neigh_lookup(tbl, dst, dev);
1935 0 : if (neigh == NULL) {
1936 0 : bool exempt_from_gc;
1937 :
1938 0 : if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1939 0 : err = -ENOENT;
1940 0 : goto out;
1941 : }
1942 :
1943 0 : exempt_from_gc = ndm->ndm_state & NUD_PERMANENT ||
1944 0 : ndm->ndm_flags & NTF_EXT_LEARNED;
1945 0 : neigh = ___neigh_create(tbl, dst, dev, exempt_from_gc, true);
1946 0 : if (IS_ERR(neigh)) {
1947 0 : err = PTR_ERR(neigh);
1948 0 : goto out;
1949 : }
1950 : } else {
1951 0 : if (nlh->nlmsg_flags & NLM_F_EXCL) {
1952 0 : err = -EEXIST;
1953 0 : neigh_release(neigh);
1954 0 : goto out;
1955 : }
1956 :
1957 0 : if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1958 0 : flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
1959 : NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1960 : }
1961 :
1962 0 : if (protocol)
1963 0 : neigh->protocol = protocol;
1964 :
1965 0 : if (ndm->ndm_flags & NTF_EXT_LEARNED)
1966 0 : flags |= NEIGH_UPDATE_F_EXT_LEARNED;
1967 :
1968 0 : if (ndm->ndm_flags & NTF_ROUTER)
1969 0 : flags |= NEIGH_UPDATE_F_ISROUTER;
1970 :
1971 0 : if (ndm->ndm_flags & NTF_USE) {
1972 0 : neigh_event_send(neigh, NULL);
1973 0 : err = 0;
1974 : } else
1975 0 : err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
1976 : NETLINK_CB(skb).portid, extack);
1977 :
1978 0 : neigh_release(neigh);
1979 :
1980 : out:
1981 : return err;
1982 : }
1983 :
1984 0 : static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1985 : {
1986 0 : struct nlattr *nest;
1987 :
1988 0 : nest = nla_nest_start_noflag(skb, NDTA_PARMS);
1989 0 : if (nest == NULL)
1990 : return -ENOBUFS;
1991 :
1992 0 : if ((parms->dev &&
1993 0 : nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
1994 0 : nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
1995 0 : nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
1996 0 : NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
1997 : /* approximative value for deprecated QUEUE_LEN (in packets) */
1998 0 : nla_put_u32(skb, NDTPA_QUEUE_LEN,
1999 0 : NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2000 0 : nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2001 0 : nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2002 0 : nla_put_u32(skb, NDTPA_UCAST_PROBES,
2003 0 : NEIGH_VAR(parms, UCAST_PROBES)) ||
2004 0 : nla_put_u32(skb, NDTPA_MCAST_PROBES,
2005 0 : NEIGH_VAR(parms, MCAST_PROBES)) ||
2006 0 : nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2007 0 : NEIGH_VAR(parms, MCAST_REPROBES)) ||
2008 0 : nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2009 0 : NDTPA_PAD) ||
2010 0 : nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2011 0 : NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2012 0 : nla_put_msecs(skb, NDTPA_GC_STALETIME,
2013 0 : NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2014 0 : nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2015 0 : NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2016 0 : nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2017 0 : NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2018 0 : nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2019 0 : NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2020 0 : nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2021 0 : NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2022 0 : nla_put_msecs(skb, NDTPA_LOCKTIME,
2023 0 : NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2024 0 : goto nla_put_failure;
2025 0 : return nla_nest_end(skb, nest);
2026 :
2027 0 : nla_put_failure:
2028 0 : nla_nest_cancel(skb, nest);
2029 0 : return -EMSGSIZE;
2030 : }
2031 :
2032 0 : static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2033 : u32 pid, u32 seq, int type, int flags)
2034 : {
2035 0 : struct nlmsghdr *nlh;
2036 0 : struct ndtmsg *ndtmsg;
2037 :
2038 0 : nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2039 0 : if (nlh == NULL)
2040 : return -EMSGSIZE;
2041 :
2042 0 : ndtmsg = nlmsg_data(nlh);
2043 :
2044 0 : read_lock_bh(&tbl->lock);
2045 0 : ndtmsg->ndtm_family = tbl->family;
2046 0 : ndtmsg->ndtm_pad1 = 0;
2047 0 : ndtmsg->ndtm_pad2 = 0;
2048 :
2049 0 : if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2050 0 : nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2051 0 : nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2052 0 : nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2053 0 : nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2054 0 : goto nla_put_failure;
2055 : {
2056 0 : unsigned long now = jiffies;
2057 0 : long flush_delta = now - tbl->last_flush;
2058 0 : long rand_delta = now - tbl->last_rand;
2059 0 : struct neigh_hash_table *nht;
2060 0 : struct ndt_config ndc = {
2061 0 : .ndtc_key_len = tbl->key_len,
2062 0 : .ndtc_entry_size = tbl->entry_size,
2063 0 : .ndtc_entries = atomic_read(&tbl->entries),
2064 0 : .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2065 0 : .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2066 0 : .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2067 : };
2068 :
2069 0 : rcu_read_lock_bh();
2070 0 : nht = rcu_dereference_bh(tbl->nht);
2071 0 : ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2072 0 : ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2073 0 : rcu_read_unlock_bh();
2074 :
2075 0 : if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2076 0 : goto nla_put_failure;
2077 : }
2078 :
2079 : {
2080 0 : int cpu;
2081 0 : struct ndt_stats ndst;
2082 :
2083 0 : memset(&ndst, 0, sizeof(ndst));
2084 :
2085 0 : for_each_possible_cpu(cpu) {
2086 0 : struct neigh_statistics *st;
2087 :
2088 0 : st = per_cpu_ptr(tbl->stats, cpu);
2089 0 : ndst.ndts_allocs += st->allocs;
2090 0 : ndst.ndts_destroys += st->destroys;
2091 0 : ndst.ndts_hash_grows += st->hash_grows;
2092 0 : ndst.ndts_res_failed += st->res_failed;
2093 0 : ndst.ndts_lookups += st->lookups;
2094 0 : ndst.ndts_hits += st->hits;
2095 0 : ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2096 0 : ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2097 0 : ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2098 0 : ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2099 0 : ndst.ndts_table_fulls += st->table_fulls;
2100 : }
2101 :
2102 0 : if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2103 : NDTA_PAD))
2104 0 : goto nla_put_failure;
2105 : }
2106 :
2107 0 : BUG_ON(tbl->parms.dev);
2108 0 : if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2109 0 : goto nla_put_failure;
2110 :
2111 0 : read_unlock_bh(&tbl->lock);
2112 0 : nlmsg_end(skb, nlh);
2113 0 : return 0;
2114 :
2115 0 : nla_put_failure:
2116 0 : read_unlock_bh(&tbl->lock);
2117 0 : nlmsg_cancel(skb, nlh);
2118 0 : return -EMSGSIZE;
2119 : }
2120 :
2121 0 : static int neightbl_fill_param_info(struct sk_buff *skb,
2122 : struct neigh_table *tbl,
2123 : struct neigh_parms *parms,
2124 : u32 pid, u32 seq, int type,
2125 : unsigned int flags)
2126 : {
2127 0 : struct ndtmsg *ndtmsg;
2128 0 : struct nlmsghdr *nlh;
2129 :
2130 0 : nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2131 0 : if (nlh == NULL)
2132 : return -EMSGSIZE;
2133 :
2134 0 : ndtmsg = nlmsg_data(nlh);
2135 :
2136 0 : read_lock_bh(&tbl->lock);
2137 0 : ndtmsg->ndtm_family = tbl->family;
2138 0 : ndtmsg->ndtm_pad1 = 0;
2139 0 : ndtmsg->ndtm_pad2 = 0;
2140 :
2141 0 : if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2142 0 : neightbl_fill_parms(skb, parms) < 0)
2143 0 : goto errout;
2144 :
2145 0 : read_unlock_bh(&tbl->lock);
2146 0 : nlmsg_end(skb, nlh);
2147 0 : return 0;
2148 0 : errout:
2149 0 : read_unlock_bh(&tbl->lock);
2150 0 : nlmsg_cancel(skb, nlh);
2151 0 : return -EMSGSIZE;
2152 : }
2153 :
2154 : static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2155 : [NDTA_NAME] = { .type = NLA_STRING },
2156 : [NDTA_THRESH1] = { .type = NLA_U32 },
2157 : [NDTA_THRESH2] = { .type = NLA_U32 },
2158 : [NDTA_THRESH3] = { .type = NLA_U32 },
2159 : [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2160 : [NDTA_PARMS] = { .type = NLA_NESTED },
2161 : };
2162 :
2163 : static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2164 : [NDTPA_IFINDEX] = { .type = NLA_U32 },
2165 : [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2166 : [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2167 : [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2168 : [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2169 : [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2170 : [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2171 : [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2172 : [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2173 : [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2174 : [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2175 : [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2176 : [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2177 : [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2178 : };
2179 :
2180 0 : static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2181 : struct netlink_ext_ack *extack)
2182 : {
2183 0 : struct net *net = sock_net(skb->sk);
2184 0 : struct neigh_table *tbl;
2185 0 : struct ndtmsg *ndtmsg;
2186 0 : struct nlattr *tb[NDTA_MAX+1];
2187 0 : bool found = false;
2188 0 : int err, tidx;
2189 :
2190 0 : err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2191 : nl_neightbl_policy, extack);
2192 0 : if (err < 0)
2193 0 : goto errout;
2194 :
2195 0 : if (tb[NDTA_NAME] == NULL) {
2196 0 : err = -EINVAL;
2197 0 : goto errout;
2198 : }
2199 :
2200 0 : ndtmsg = nlmsg_data(nlh);
2201 :
2202 0 : for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2203 0 : tbl = neigh_tables[tidx];
2204 0 : if (!tbl)
2205 0 : continue;
2206 0 : if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2207 0 : continue;
2208 0 : if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2209 : found = true;
2210 : break;
2211 : }
2212 : }
2213 :
2214 0 : if (!found)
2215 : return -ENOENT;
2216 :
2217 : /*
2218 : * We acquire tbl->lock to be nice to the periodic timers and
2219 : * make sure they always see a consistent set of values.
2220 : */
2221 0 : write_lock_bh(&tbl->lock);
2222 :
2223 0 : if (tb[NDTA_PARMS]) {
2224 0 : struct nlattr *tbp[NDTPA_MAX+1];
2225 0 : struct neigh_parms *p;
2226 0 : int i, ifindex = 0;
2227 :
2228 0 : err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2229 : tb[NDTA_PARMS],
2230 : nl_ntbl_parm_policy, extack);
2231 0 : if (err < 0)
2232 0 : goto errout_tbl_lock;
2233 :
2234 0 : if (tbp[NDTPA_IFINDEX])
2235 0 : ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2236 :
2237 0 : p = lookup_neigh_parms(tbl, net, ifindex);
2238 0 : if (p == NULL) {
2239 0 : err = -ENOENT;
2240 0 : goto errout_tbl_lock;
2241 : }
2242 :
2243 0 : for (i = 1; i <= NDTPA_MAX; i++) {
2244 0 : if (tbp[i] == NULL)
2245 0 : continue;
2246 :
2247 0 : switch (i) {
2248 0 : case NDTPA_QUEUE_LEN:
2249 0 : NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2250 : nla_get_u32(tbp[i]) *
2251 : SKB_TRUESIZE(ETH_FRAME_LEN));
2252 : break;
2253 0 : case NDTPA_QUEUE_LENBYTES:
2254 0 : NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2255 : nla_get_u32(tbp[i]));
2256 : break;
2257 0 : case NDTPA_PROXY_QLEN:
2258 0 : NEIGH_VAR_SET(p, PROXY_QLEN,
2259 : nla_get_u32(tbp[i]));
2260 : break;
2261 0 : case NDTPA_APP_PROBES:
2262 0 : NEIGH_VAR_SET(p, APP_PROBES,
2263 : nla_get_u32(tbp[i]));
2264 : break;
2265 0 : case NDTPA_UCAST_PROBES:
2266 0 : NEIGH_VAR_SET(p, UCAST_PROBES,
2267 : nla_get_u32(tbp[i]));
2268 : break;
2269 0 : case NDTPA_MCAST_PROBES:
2270 0 : NEIGH_VAR_SET(p, MCAST_PROBES,
2271 : nla_get_u32(tbp[i]));
2272 : break;
2273 0 : case NDTPA_MCAST_REPROBES:
2274 0 : NEIGH_VAR_SET(p, MCAST_REPROBES,
2275 : nla_get_u32(tbp[i]));
2276 : break;
2277 0 : case NDTPA_BASE_REACHABLE_TIME:
2278 0 : NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2279 : nla_get_msecs(tbp[i]));
2280 : /* update reachable_time as well, otherwise, the change will
2281 : * only be effective after the next time neigh_periodic_work
2282 : * decides to recompute it (can be multiple minutes)
2283 : */
2284 0 : p->reachable_time =
2285 0 : neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2286 0 : break;
2287 0 : case NDTPA_GC_STALETIME:
2288 0 : NEIGH_VAR_SET(p, GC_STALETIME,
2289 : nla_get_msecs(tbp[i]));
2290 : break;
2291 0 : case NDTPA_DELAY_PROBE_TIME:
2292 0 : NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2293 : nla_get_msecs(tbp[i]));
2294 0 : call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2295 0 : break;
2296 0 : case NDTPA_RETRANS_TIME:
2297 0 : NEIGH_VAR_SET(p, RETRANS_TIME,
2298 : nla_get_msecs(tbp[i]));
2299 : break;
2300 0 : case NDTPA_ANYCAST_DELAY:
2301 0 : NEIGH_VAR_SET(p, ANYCAST_DELAY,
2302 : nla_get_msecs(tbp[i]));
2303 : break;
2304 0 : case NDTPA_PROXY_DELAY:
2305 0 : NEIGH_VAR_SET(p, PROXY_DELAY,
2306 : nla_get_msecs(tbp[i]));
2307 : break;
2308 0 : case NDTPA_LOCKTIME:
2309 0 : NEIGH_VAR_SET(p, LOCKTIME,
2310 : nla_get_msecs(tbp[i]));
2311 : break;
2312 : }
2313 0 : }
2314 : }
2315 :
2316 0 : err = -ENOENT;
2317 0 : if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2318 : tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2319 0 : !net_eq(net, &init_net))
2320 : goto errout_tbl_lock;
2321 :
2322 0 : if (tb[NDTA_THRESH1])
2323 0 : tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2324 :
2325 0 : if (tb[NDTA_THRESH2])
2326 0 : tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2327 :
2328 0 : if (tb[NDTA_THRESH3])
2329 0 : tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2330 :
2331 0 : if (tb[NDTA_GC_INTERVAL])
2332 0 : tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2333 :
2334 : err = 0;
2335 :
2336 0 : errout_tbl_lock:
2337 0 : write_unlock_bh(&tbl->lock);
2338 : errout:
2339 : return err;
2340 : }
2341 :
2342 0 : static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2343 : struct netlink_ext_ack *extack)
2344 : {
2345 0 : struct ndtmsg *ndtm;
2346 :
2347 0 : if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2348 0 : NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2349 0 : return -EINVAL;
2350 : }
2351 :
2352 0 : ndtm = nlmsg_data(nlh);
2353 0 : if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2354 0 : NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2355 0 : return -EINVAL;
2356 : }
2357 :
2358 0 : if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2359 0 : NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2360 0 : return -EINVAL;
2361 : }
2362 :
2363 : return 0;
2364 : }
2365 :
2366 0 : static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2367 : {
2368 0 : const struct nlmsghdr *nlh = cb->nlh;
2369 0 : struct net *net = sock_net(skb->sk);
2370 0 : int family, tidx, nidx = 0;
2371 0 : int tbl_skip = cb->args[0];
2372 0 : int neigh_skip = cb->args[1];
2373 0 : struct neigh_table *tbl;
2374 :
2375 0 : if (cb->strict_check) {
2376 0 : int err = neightbl_valid_dump_info(nlh, cb->extack);
2377 :
2378 0 : if (err < 0)
2379 : return err;
2380 : }
2381 :
2382 0 : family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2383 :
2384 0 : for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2385 0 : struct neigh_parms *p;
2386 :
2387 0 : tbl = neigh_tables[tidx];
2388 0 : if (!tbl)
2389 0 : continue;
2390 :
2391 0 : if (tidx < tbl_skip || (family && tbl->family != family))
2392 0 : continue;
2393 :
2394 0 : if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2395 : nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2396 : NLM_F_MULTI) < 0)
2397 : break;
2398 :
2399 0 : nidx = 0;
2400 0 : p = list_next_entry(&tbl->parms, list);
2401 0 : list_for_each_entry_from(p, &tbl->parms_list, list) {
2402 0 : if (!net_eq(neigh_parms_net(p), net))
2403 : continue;
2404 :
2405 0 : if (nidx < neigh_skip)
2406 0 : goto next;
2407 :
2408 0 : if (neightbl_fill_param_info(skb, tbl, p,
2409 0 : NETLINK_CB(cb->skb).portid,
2410 : nlh->nlmsg_seq,
2411 : RTM_NEWNEIGHTBL,
2412 : NLM_F_MULTI) < 0)
2413 0 : goto out;
2414 0 : next:
2415 0 : nidx++;
2416 : }
2417 :
2418 : neigh_skip = 0;
2419 : }
2420 0 : out:
2421 0 : cb->args[0] = tidx;
2422 0 : cb->args[1] = nidx;
2423 :
2424 0 : return skb->len;
2425 : }
2426 :
2427 7 : static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2428 : u32 pid, u32 seq, int type, unsigned int flags)
2429 : {
2430 7 : unsigned long now = jiffies;
2431 7 : struct nda_cacheinfo ci;
2432 7 : struct nlmsghdr *nlh;
2433 7 : struct ndmsg *ndm;
2434 :
2435 7 : nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2436 7 : if (nlh == NULL)
2437 : return -EMSGSIZE;
2438 :
2439 7 : ndm = nlmsg_data(nlh);
2440 7 : ndm->ndm_family = neigh->ops->family;
2441 7 : ndm->ndm_pad1 = 0;
2442 7 : ndm->ndm_pad2 = 0;
2443 7 : ndm->ndm_flags = neigh->flags;
2444 7 : ndm->ndm_type = neigh->type;
2445 7 : ndm->ndm_ifindex = neigh->dev->ifindex;
2446 :
2447 7 : if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2448 0 : goto nla_put_failure;
2449 :
2450 7 : read_lock_bh(&neigh->lock);
2451 7 : ndm->ndm_state = neigh->nud_state;
2452 7 : if (neigh->nud_state & NUD_VALID) {
2453 7 : char haddr[MAX_ADDR_LEN];
2454 :
2455 7 : neigh_ha_snapshot(haddr, neigh, neigh->dev);
2456 7 : if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2457 0 : read_unlock_bh(&neigh->lock);
2458 0 : goto nla_put_failure;
2459 : }
2460 : }
2461 :
2462 7 : ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2463 7 : ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2464 7 : ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2465 7 : ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2466 7 : read_unlock_bh(&neigh->lock);
2467 :
2468 14 : if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2469 7 : nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2470 0 : goto nla_put_failure;
2471 :
2472 7 : if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2473 0 : goto nla_put_failure;
2474 :
2475 7 : nlmsg_end(skb, nlh);
2476 7 : return 0;
2477 :
2478 0 : nla_put_failure:
2479 0 : nlmsg_cancel(skb, nlh);
2480 0 : return -EMSGSIZE;
2481 : }
2482 :
2483 0 : static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2484 : u32 pid, u32 seq, int type, unsigned int flags,
2485 : struct neigh_table *tbl)
2486 : {
2487 0 : struct nlmsghdr *nlh;
2488 0 : struct ndmsg *ndm;
2489 :
2490 0 : nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2491 0 : if (nlh == NULL)
2492 : return -EMSGSIZE;
2493 :
2494 0 : ndm = nlmsg_data(nlh);
2495 0 : ndm->ndm_family = tbl->family;
2496 0 : ndm->ndm_pad1 = 0;
2497 0 : ndm->ndm_pad2 = 0;
2498 0 : ndm->ndm_flags = pn->flags | NTF_PROXY;
2499 0 : ndm->ndm_type = RTN_UNICAST;
2500 0 : ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2501 0 : ndm->ndm_state = NUD_NONE;
2502 :
2503 0 : if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2504 0 : goto nla_put_failure;
2505 :
2506 0 : if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2507 0 : goto nla_put_failure;
2508 :
2509 0 : nlmsg_end(skb, nlh);
2510 0 : return 0;
2511 :
2512 0 : nla_put_failure:
2513 0 : nlmsg_cancel(skb, nlh);
2514 0 : return -EMSGSIZE;
2515 : }
2516 :
2517 7 : static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2518 : {
2519 7 : call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2520 7 : __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2521 7 : }
2522 :
2523 0 : static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2524 : {
2525 0 : struct net_device *master;
2526 :
2527 0 : if (!master_idx)
2528 : return false;
2529 :
2530 0 : master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2531 0 : if (!master || master->ifindex != master_idx)
2532 0 : return true;
2533 :
2534 : return false;
2535 : }
2536 :
2537 0 : static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2538 : {
2539 0 : if (filter_idx && (!dev || dev->ifindex != filter_idx))
2540 : return true;
2541 :
2542 : return false;
2543 : }
2544 :
2545 : struct neigh_dump_filter {
2546 : int master_idx;
2547 : int dev_idx;
2548 : };
2549 :
2550 0 : static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2551 : struct netlink_callback *cb,
2552 : struct neigh_dump_filter *filter)
2553 : {
2554 0 : struct net *net = sock_net(skb->sk);
2555 0 : struct neighbour *n;
2556 0 : int rc, h, s_h = cb->args[1];
2557 0 : int idx, s_idx = idx = cb->args[2];
2558 0 : struct neigh_hash_table *nht;
2559 0 : unsigned int flags = NLM_F_MULTI;
2560 :
2561 0 : if (filter->dev_idx || filter->master_idx)
2562 0 : flags |= NLM_F_DUMP_FILTERED;
2563 :
2564 0 : rcu_read_lock_bh();
2565 0 : nht = rcu_dereference_bh(tbl->nht);
2566 :
2567 0 : for (h = s_h; h < (1 << nht->hash_shift); h++) {
2568 0 : if (h > s_h)
2569 0 : s_idx = 0;
2570 0 : for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2571 0 : n != NULL;
2572 0 : n = rcu_dereference_bh(n->next)) {
2573 0 : if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2574 0 : goto next;
2575 0 : if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2576 0 : neigh_master_filtered(n->dev, filter->master_idx))
2577 0 : goto next;
2578 0 : if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2579 0 : cb->nlh->nlmsg_seq,
2580 : RTM_NEWNEIGH,
2581 : flags) < 0) {
2582 0 : rc = -1;
2583 0 : goto out;
2584 : }
2585 0 : next:
2586 0 : idx++;
2587 : }
2588 : }
2589 0 : rc = skb->len;
2590 0 : out:
2591 0 : rcu_read_unlock_bh();
2592 0 : cb->args[1] = h;
2593 0 : cb->args[2] = idx;
2594 0 : return rc;
2595 : }
2596 :
2597 0 : static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2598 : struct netlink_callback *cb,
2599 : struct neigh_dump_filter *filter)
2600 : {
2601 0 : struct pneigh_entry *n;
2602 0 : struct net *net = sock_net(skb->sk);
2603 0 : int rc, h, s_h = cb->args[3];
2604 0 : int idx, s_idx = idx = cb->args[4];
2605 0 : unsigned int flags = NLM_F_MULTI;
2606 :
2607 0 : if (filter->dev_idx || filter->master_idx)
2608 0 : flags |= NLM_F_DUMP_FILTERED;
2609 :
2610 0 : read_lock_bh(&tbl->lock);
2611 :
2612 0 : for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2613 0 : if (h > s_h)
2614 0 : s_idx = 0;
2615 0 : for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2616 0 : if (idx < s_idx || pneigh_net(n) != net)
2617 0 : goto next;
2618 0 : if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2619 0 : neigh_master_filtered(n->dev, filter->master_idx))
2620 0 : goto next;
2621 0 : if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2622 0 : cb->nlh->nlmsg_seq,
2623 : RTM_NEWNEIGH, flags, tbl) < 0) {
2624 0 : read_unlock_bh(&tbl->lock);
2625 0 : rc = -1;
2626 0 : goto out;
2627 : }
2628 0 : next:
2629 0 : idx++;
2630 : }
2631 : }
2632 :
2633 0 : read_unlock_bh(&tbl->lock);
2634 0 : rc = skb->len;
2635 0 : out:
2636 0 : cb->args[3] = h;
2637 0 : cb->args[4] = idx;
2638 0 : return rc;
2639 :
2640 : }
2641 :
2642 0 : static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2643 : bool strict_check,
2644 : struct neigh_dump_filter *filter,
2645 : struct netlink_ext_ack *extack)
2646 : {
2647 0 : struct nlattr *tb[NDA_MAX + 1];
2648 0 : int err, i;
2649 :
2650 0 : if (strict_check) {
2651 0 : struct ndmsg *ndm;
2652 :
2653 0 : if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2654 0 : NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2655 0 : return -EINVAL;
2656 : }
2657 :
2658 0 : ndm = nlmsg_data(nlh);
2659 0 : if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2660 0 : ndm->ndm_state || ndm->ndm_type) {
2661 0 : NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2662 0 : return -EINVAL;
2663 : }
2664 :
2665 0 : if (ndm->ndm_flags & ~NTF_PROXY) {
2666 0 : NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2667 0 : return -EINVAL;
2668 : }
2669 :
2670 0 : err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2671 : tb, NDA_MAX, nda_policy,
2672 : extack);
2673 : } else {
2674 0 : err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2675 : NDA_MAX, nda_policy, extack);
2676 : }
2677 0 : if (err < 0)
2678 : return err;
2679 :
2680 0 : for (i = 0; i <= NDA_MAX; ++i) {
2681 0 : if (!tb[i])
2682 0 : continue;
2683 :
2684 : /* all new attributes should require strict_check */
2685 0 : switch (i) {
2686 0 : case NDA_IFINDEX:
2687 0 : filter->dev_idx = nla_get_u32(tb[i]);
2688 0 : break;
2689 0 : case NDA_MASTER:
2690 0 : filter->master_idx = nla_get_u32(tb[i]);
2691 0 : break;
2692 0 : default:
2693 0 : if (strict_check) {
2694 0 : NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2695 0 : return -EINVAL;
2696 : }
2697 : }
2698 : }
2699 :
2700 : return 0;
2701 : }
2702 :
2703 0 : static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2704 : {
2705 0 : const struct nlmsghdr *nlh = cb->nlh;
2706 0 : struct neigh_dump_filter filter = {};
2707 0 : struct neigh_table *tbl;
2708 0 : int t, family, s_t;
2709 0 : int proxy = 0;
2710 0 : int err;
2711 :
2712 0 : family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2713 :
2714 : /* check for full ndmsg structure presence, family member is
2715 : * the same for both structures
2716 : */
2717 0 : if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2718 0 : ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2719 0 : proxy = 1;
2720 :
2721 0 : err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2722 0 : if (err < 0 && cb->strict_check)
2723 : return err;
2724 :
2725 0 : s_t = cb->args[0];
2726 :
2727 0 : for (t = 0; t < NEIGH_NR_TABLES; t++) {
2728 0 : tbl = neigh_tables[t];
2729 :
2730 0 : if (!tbl)
2731 0 : continue;
2732 0 : if (t < s_t || (family && tbl->family != family))
2733 0 : continue;
2734 0 : if (t > s_t)
2735 0 : memset(&cb->args[1], 0, sizeof(cb->args) -
2736 : sizeof(cb->args[0]));
2737 0 : if (proxy)
2738 0 : err = pneigh_dump_table(tbl, skb, cb, &filter);
2739 : else
2740 0 : err = neigh_dump_table(tbl, skb, cb, &filter);
2741 0 : if (err < 0)
2742 : break;
2743 : }
2744 :
2745 0 : cb->args[0] = t;
2746 0 : return skb->len;
2747 : }
2748 :
2749 0 : static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2750 : struct neigh_table **tbl,
2751 : void **dst, int *dev_idx, u8 *ndm_flags,
2752 : struct netlink_ext_ack *extack)
2753 : {
2754 0 : struct nlattr *tb[NDA_MAX + 1];
2755 0 : struct ndmsg *ndm;
2756 0 : int err, i;
2757 :
2758 0 : if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2759 0 : NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2760 0 : return -EINVAL;
2761 : }
2762 :
2763 0 : ndm = nlmsg_data(nlh);
2764 0 : if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2765 : ndm->ndm_type) {
2766 0 : NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2767 0 : return -EINVAL;
2768 : }
2769 :
2770 0 : if (ndm->ndm_flags & ~NTF_PROXY) {
2771 0 : NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2772 0 : return -EINVAL;
2773 : }
2774 :
2775 0 : err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2776 : NDA_MAX, nda_policy, extack);
2777 0 : if (err < 0)
2778 : return err;
2779 :
2780 0 : *ndm_flags = ndm->ndm_flags;
2781 0 : *dev_idx = ndm->ndm_ifindex;
2782 0 : *tbl = neigh_find_table(ndm->ndm_family);
2783 0 : if (*tbl == NULL) {
2784 0 : NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2785 0 : return -EAFNOSUPPORT;
2786 : }
2787 :
2788 0 : for (i = 0; i <= NDA_MAX; ++i) {
2789 0 : if (!tb[i])
2790 0 : continue;
2791 :
2792 0 : switch (i) {
2793 0 : case NDA_DST:
2794 0 : if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2795 0 : NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2796 0 : return -EINVAL;
2797 : }
2798 0 : *dst = nla_data(tb[i]);
2799 0 : break;
2800 0 : default:
2801 0 : NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2802 : return -EINVAL;
2803 : }
2804 : }
2805 :
2806 : return 0;
2807 : }
2808 :
2809 7 : static inline size_t neigh_nlmsg_size(void)
2810 : {
2811 7 : return NLMSG_ALIGN(sizeof(struct ndmsg))
2812 7 : + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2813 7 : + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2814 7 : + nla_total_size(sizeof(struct nda_cacheinfo))
2815 7 : + nla_total_size(4) /* NDA_PROBES */
2816 7 : + nla_total_size(1); /* NDA_PROTOCOL */
2817 : }
2818 :
2819 0 : static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2820 : u32 pid, u32 seq)
2821 : {
2822 0 : struct sk_buff *skb;
2823 0 : int err = 0;
2824 :
2825 0 : skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2826 0 : if (!skb)
2827 : return -ENOBUFS;
2828 :
2829 0 : err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2830 0 : if (err) {
2831 0 : kfree_skb(skb);
2832 0 : goto errout;
2833 : }
2834 :
2835 0 : err = rtnl_unicast(skb, net, pid);
2836 : errout:
2837 : return err;
2838 : }
2839 :
2840 0 : static inline size_t pneigh_nlmsg_size(void)
2841 : {
2842 0 : return NLMSG_ALIGN(sizeof(struct ndmsg))
2843 0 : + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2844 0 : + nla_total_size(1); /* NDA_PROTOCOL */
2845 : }
2846 :
2847 0 : static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2848 : u32 pid, u32 seq, struct neigh_table *tbl)
2849 : {
2850 0 : struct sk_buff *skb;
2851 0 : int err = 0;
2852 :
2853 0 : skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2854 0 : if (!skb)
2855 : return -ENOBUFS;
2856 :
2857 0 : err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2858 0 : if (err) {
2859 0 : kfree_skb(skb);
2860 0 : goto errout;
2861 : }
2862 :
2863 0 : err = rtnl_unicast(skb, net, pid);
2864 : errout:
2865 : return err;
2866 : }
2867 :
2868 0 : static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2869 : struct netlink_ext_ack *extack)
2870 : {
2871 0 : struct net *net = sock_net(in_skb->sk);
2872 0 : struct net_device *dev = NULL;
2873 0 : struct neigh_table *tbl = NULL;
2874 0 : struct neighbour *neigh;
2875 0 : void *dst = NULL;
2876 0 : u8 ndm_flags = 0;
2877 0 : int dev_idx = 0;
2878 0 : int err;
2879 :
2880 0 : err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2881 : extack);
2882 0 : if (err < 0)
2883 : return err;
2884 :
2885 0 : if (dev_idx) {
2886 0 : dev = __dev_get_by_index(net, dev_idx);
2887 0 : if (!dev) {
2888 0 : NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2889 0 : return -ENODEV;
2890 : }
2891 : }
2892 :
2893 0 : if (!dst) {
2894 0 : NL_SET_ERR_MSG(extack, "Network address not specified");
2895 0 : return -EINVAL;
2896 : }
2897 :
2898 0 : if (ndm_flags & NTF_PROXY) {
2899 0 : struct pneigh_entry *pn;
2900 :
2901 0 : pn = pneigh_lookup(tbl, net, dst, dev, 0);
2902 0 : if (!pn) {
2903 0 : NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
2904 0 : return -ENOENT;
2905 : }
2906 0 : return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
2907 : nlh->nlmsg_seq, tbl);
2908 : }
2909 :
2910 0 : if (!dev) {
2911 0 : NL_SET_ERR_MSG(extack, "No device specified");
2912 0 : return -EINVAL;
2913 : }
2914 :
2915 0 : neigh = neigh_lookup(tbl, dst, dev);
2916 0 : if (!neigh) {
2917 0 : NL_SET_ERR_MSG(extack, "Neighbour entry not found");
2918 0 : return -ENOENT;
2919 : }
2920 :
2921 0 : err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
2922 : nlh->nlmsg_seq);
2923 :
2924 0 : neigh_release(neigh);
2925 :
2926 0 : return err;
2927 : }
2928 :
2929 0 : void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2930 : {
2931 0 : int chain;
2932 0 : struct neigh_hash_table *nht;
2933 :
2934 0 : rcu_read_lock_bh();
2935 0 : nht = rcu_dereference_bh(tbl->nht);
2936 :
2937 0 : read_lock(&tbl->lock); /* avoid resizes */
2938 0 : for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2939 0 : struct neighbour *n;
2940 :
2941 0 : for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2942 0 : n != NULL;
2943 0 : n = rcu_dereference_bh(n->next))
2944 0 : cb(n, cookie);
2945 : }
2946 0 : read_unlock(&tbl->lock);
2947 0 : rcu_read_unlock_bh();
2948 0 : }
2949 : EXPORT_SYMBOL(neigh_for_each);
2950 :
2951 : /* The tbl->lock must be held as a writer and BH disabled. */
2952 0 : void __neigh_for_each_release(struct neigh_table *tbl,
2953 : int (*cb)(struct neighbour *))
2954 : {
2955 0 : int chain;
2956 0 : struct neigh_hash_table *nht;
2957 :
2958 0 : nht = rcu_dereference_protected(tbl->nht,
2959 : lockdep_is_held(&tbl->lock));
2960 0 : for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2961 0 : struct neighbour *n;
2962 0 : struct neighbour __rcu **np;
2963 :
2964 0 : np = &nht->hash_buckets[chain];
2965 0 : while ((n = rcu_dereference_protected(*np,
2966 : lockdep_is_held(&tbl->lock))) != NULL) {
2967 0 : int release;
2968 :
2969 0 : write_lock(&n->lock);
2970 0 : release = cb(n);
2971 0 : if (release) {
2972 0 : rcu_assign_pointer(*np,
2973 : rcu_dereference_protected(n->next,
2974 : lockdep_is_held(&tbl->lock)));
2975 0 : neigh_mark_dead(n);
2976 : } else
2977 0 : np = &n->next;
2978 0 : write_unlock(&n->lock);
2979 0 : if (release)
2980 0 : neigh_cleanup_and_release(n);
2981 : }
2982 : }
2983 0 : }
2984 : EXPORT_SYMBOL(__neigh_for_each_release);
2985 :
2986 0 : int neigh_xmit(int index, struct net_device *dev,
2987 : const void *addr, struct sk_buff *skb)
2988 : {
2989 0 : int err = -EAFNOSUPPORT;
2990 0 : if (likely(index < NEIGH_NR_TABLES)) {
2991 0 : struct neigh_table *tbl;
2992 0 : struct neighbour *neigh;
2993 :
2994 0 : tbl = neigh_tables[index];
2995 0 : if (!tbl)
2996 0 : goto out;
2997 0 : rcu_read_lock_bh();
2998 0 : if (index == NEIGH_ARP_TABLE) {
2999 0 : u32 key = *((u32 *)addr);
3000 :
3001 0 : neigh = __ipv4_neigh_lookup_noref(dev, key);
3002 : } else {
3003 0 : neigh = __neigh_lookup_noref(tbl, addr, dev);
3004 : }
3005 0 : if (!neigh)
3006 0 : neigh = __neigh_create(tbl, addr, dev, false);
3007 0 : err = PTR_ERR(neigh);
3008 0 : if (IS_ERR(neigh)) {
3009 0 : rcu_read_unlock_bh();
3010 0 : goto out_kfree_skb;
3011 : }
3012 0 : err = neigh->output(neigh, skb);
3013 0 : rcu_read_unlock_bh();
3014 : }
3015 0 : else if (index == NEIGH_LINK_TABLE) {
3016 0 : err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3017 : addr, NULL, skb->len);
3018 0 : if (err < 0)
3019 0 : goto out_kfree_skb;
3020 0 : err = dev_queue_xmit(skb);
3021 : }
3022 0 : out:
3023 0 : return err;
3024 0 : out_kfree_skb:
3025 0 : kfree_skb(skb);
3026 0 : goto out;
3027 : }
3028 : EXPORT_SYMBOL(neigh_xmit);
3029 :
3030 : #ifdef CONFIG_PROC_FS
3031 :
3032 0 : static struct neighbour *neigh_get_first(struct seq_file *seq)
3033 : {
3034 0 : struct neigh_seq_state *state = seq->private;
3035 0 : struct net *net = seq_file_net(seq);
3036 0 : struct neigh_hash_table *nht = state->nht;
3037 0 : struct neighbour *n = NULL;
3038 0 : int bucket;
3039 :
3040 0 : state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3041 0 : for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3042 0 : n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3043 :
3044 0 : while (n) {
3045 0 : if (!net_eq(dev_net(n->dev), net))
3046 : goto next;
3047 0 : if (state->neigh_sub_iter) {
3048 0 : loff_t fakep = 0;
3049 0 : void *v;
3050 :
3051 0 : v = state->neigh_sub_iter(state, n, &fakep);
3052 0 : if (!v)
3053 0 : goto next;
3054 : }
3055 0 : if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3056 : break;
3057 0 : if (n->nud_state & ~NUD_NOARP)
3058 : break;
3059 0 : next:
3060 0 : n = rcu_dereference_bh(n->next);
3061 : }
3062 :
3063 0 : if (n)
3064 : break;
3065 : }
3066 0 : state->bucket = bucket;
3067 :
3068 0 : return n;
3069 : }
3070 :
3071 0 : static struct neighbour *neigh_get_next(struct seq_file *seq,
3072 : struct neighbour *n,
3073 : loff_t *pos)
3074 : {
3075 0 : struct neigh_seq_state *state = seq->private;
3076 0 : struct net *net = seq_file_net(seq);
3077 0 : struct neigh_hash_table *nht = state->nht;
3078 :
3079 0 : if (state->neigh_sub_iter) {
3080 0 : void *v = state->neigh_sub_iter(state, n, pos);
3081 0 : if (v)
3082 : return n;
3083 : }
3084 0 : n = rcu_dereference_bh(n->next);
3085 :
3086 : while (1) {
3087 0 : while (n) {
3088 0 : if (!net_eq(dev_net(n->dev), net))
3089 : goto next;
3090 0 : if (state->neigh_sub_iter) {
3091 0 : void *v = state->neigh_sub_iter(state, n, pos);
3092 0 : if (v)
3093 0 : return n;
3094 0 : goto next;
3095 : }
3096 0 : if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3097 : break;
3098 :
3099 0 : if (n->nud_state & ~NUD_NOARP)
3100 : break;
3101 0 : next:
3102 0 : n = rcu_dereference_bh(n->next);
3103 : }
3104 :
3105 0 : if (n)
3106 : break;
3107 :
3108 0 : if (++state->bucket >= (1 << nht->hash_shift))
3109 : break;
3110 :
3111 0 : n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3112 : }
3113 :
3114 0 : if (n && pos)
3115 0 : --(*pos);
3116 : return n;
3117 : }
3118 :
3119 0 : static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3120 : {
3121 0 : struct neighbour *n = neigh_get_first(seq);
3122 :
3123 0 : if (n) {
3124 0 : --(*pos);
3125 0 : while (*pos) {
3126 0 : n = neigh_get_next(seq, n, pos);
3127 0 : if (!n)
3128 : break;
3129 : }
3130 : }
3131 0 : return *pos ? NULL : n;
3132 : }
3133 :
3134 0 : static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3135 : {
3136 0 : struct neigh_seq_state *state = seq->private;
3137 0 : struct net *net = seq_file_net(seq);
3138 0 : struct neigh_table *tbl = state->tbl;
3139 0 : struct pneigh_entry *pn = NULL;
3140 0 : int bucket = state->bucket;
3141 :
3142 0 : state->flags |= NEIGH_SEQ_IS_PNEIGH;
3143 0 : for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3144 0 : pn = tbl->phash_buckets[bucket];
3145 0 : while (pn && !net_eq(pneigh_net(pn), net))
3146 : pn = pn->next;
3147 0 : if (pn)
3148 : break;
3149 : }
3150 0 : state->bucket = bucket;
3151 :
3152 0 : return pn;
3153 : }
3154 :
3155 0 : static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3156 : struct pneigh_entry *pn,
3157 : loff_t *pos)
3158 : {
3159 0 : struct neigh_seq_state *state = seq->private;
3160 0 : struct net *net = seq_file_net(seq);
3161 0 : struct neigh_table *tbl = state->tbl;
3162 :
3163 0 : do {
3164 0 : pn = pn->next;
3165 0 : } while (pn && !net_eq(pneigh_net(pn), net));
3166 :
3167 0 : while (!pn) {
3168 0 : if (++state->bucket > PNEIGH_HASHMASK)
3169 : break;
3170 0 : pn = tbl->phash_buckets[state->bucket];
3171 0 : while (pn && !net_eq(pneigh_net(pn), net))
3172 : pn = pn->next;
3173 0 : if (pn)
3174 : break;
3175 : }
3176 :
3177 0 : if (pn && pos)
3178 0 : --(*pos);
3179 :
3180 0 : return pn;
3181 : }
3182 :
3183 0 : static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3184 : {
3185 0 : struct pneigh_entry *pn = pneigh_get_first(seq);
3186 :
3187 0 : if (pn) {
3188 0 : --(*pos);
3189 0 : while (*pos) {
3190 0 : pn = pneigh_get_next(seq, pn, pos);
3191 0 : if (!pn)
3192 : break;
3193 : }
3194 : }
3195 0 : return *pos ? NULL : pn;
3196 : }
3197 :
3198 0 : static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3199 : {
3200 0 : struct neigh_seq_state *state = seq->private;
3201 0 : void *rc;
3202 0 : loff_t idxpos = *pos;
3203 :
3204 0 : rc = neigh_get_idx(seq, &idxpos);
3205 0 : if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3206 0 : rc = pneigh_get_idx(seq, &idxpos);
3207 :
3208 0 : return rc;
3209 : }
3210 :
3211 0 : void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3212 : __acquires(tbl->lock)
3213 : __acquires(rcu_bh)
3214 : {
3215 0 : struct neigh_seq_state *state = seq->private;
3216 :
3217 0 : state->tbl = tbl;
3218 0 : state->bucket = 0;
3219 0 : state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3220 :
3221 0 : rcu_read_lock_bh();
3222 0 : state->nht = rcu_dereference_bh(tbl->nht);
3223 0 : read_lock(&tbl->lock);
3224 :
3225 0 : return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3226 : }
3227 : EXPORT_SYMBOL(neigh_seq_start);
3228 :
3229 0 : void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3230 : {
3231 0 : struct neigh_seq_state *state;
3232 0 : void *rc;
3233 :
3234 0 : if (v == SEQ_START_TOKEN) {
3235 0 : rc = neigh_get_first(seq);
3236 0 : goto out;
3237 : }
3238 :
3239 0 : state = seq->private;
3240 0 : if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3241 0 : rc = neigh_get_next(seq, v, NULL);
3242 0 : if (rc)
3243 0 : goto out;
3244 0 : if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3245 0 : rc = pneigh_get_first(seq);
3246 : } else {
3247 0 : BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3248 0 : rc = pneigh_get_next(seq, v, NULL);
3249 : }
3250 0 : out:
3251 0 : ++(*pos);
3252 0 : return rc;
3253 : }
3254 : EXPORT_SYMBOL(neigh_seq_next);
3255 :
3256 0 : void neigh_seq_stop(struct seq_file *seq, void *v)
3257 : __releases(tbl->lock)
3258 : __releases(rcu_bh)
3259 : {
3260 0 : struct neigh_seq_state *state = seq->private;
3261 0 : struct neigh_table *tbl = state->tbl;
3262 :
3263 0 : read_unlock(&tbl->lock);
3264 0 : rcu_read_unlock_bh();
3265 0 : }
3266 : EXPORT_SYMBOL(neigh_seq_stop);
3267 :
3268 : /* statistics via seq_file */
3269 :
3270 0 : static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3271 : {
3272 0 : struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3273 0 : int cpu;
3274 :
3275 0 : if (*pos == 0)
3276 : return SEQ_START_TOKEN;
3277 :
3278 0 : for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3279 0 : if (!cpu_possible(cpu))
3280 0 : continue;
3281 0 : *pos = cpu+1;
3282 0 : return per_cpu_ptr(tbl->stats, cpu);
3283 : }
3284 : return NULL;
3285 : }
3286 :
3287 0 : static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3288 : {
3289 0 : struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3290 0 : int cpu;
3291 :
3292 0 : for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3293 0 : if (!cpu_possible(cpu))
3294 0 : continue;
3295 0 : *pos = cpu+1;
3296 0 : return per_cpu_ptr(tbl->stats, cpu);
3297 : }
3298 0 : (*pos)++;
3299 0 : return NULL;
3300 : }
3301 :
3302 0 : static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3303 : {
3304 :
3305 0 : }
3306 :
3307 0 : static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3308 : {
3309 0 : struct neigh_table *tbl = PDE_DATA(file_inode(seq->file));
3310 0 : struct neigh_statistics *st = v;
3311 :
3312 0 : if (v == SEQ_START_TOKEN) {
3313 0 : seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3314 0 : return 0;
3315 : }
3316 :
3317 0 : seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3318 : "%08lx %08lx %08lx %08lx %08lx %08lx\n",
3319 0 : atomic_read(&tbl->entries),
3320 :
3321 : st->allocs,
3322 : st->destroys,
3323 : st->hash_grows,
3324 :
3325 : st->lookups,
3326 : st->hits,
3327 :
3328 : st->res_failed,
3329 :
3330 : st->rcv_probes_mcast,
3331 : st->rcv_probes_ucast,
3332 :
3333 : st->periodic_gc_runs,
3334 : st->forced_gc_runs,
3335 : st->unres_discards,
3336 : st->table_fulls
3337 : );
3338 :
3339 0 : return 0;
3340 : }
3341 :
3342 : static const struct seq_operations neigh_stat_seq_ops = {
3343 : .start = neigh_stat_seq_start,
3344 : .next = neigh_stat_seq_next,
3345 : .stop = neigh_stat_seq_stop,
3346 : .show = neigh_stat_seq_show,
3347 : };
3348 : #endif /* CONFIG_PROC_FS */
3349 :
3350 7 : static void __neigh_notify(struct neighbour *n, int type, int flags,
3351 : u32 pid)
3352 : {
3353 7 : struct net *net = dev_net(n->dev);
3354 7 : struct sk_buff *skb;
3355 7 : int err = -ENOBUFS;
3356 :
3357 7 : skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3358 7 : if (skb == NULL)
3359 0 : goto errout;
3360 :
3361 7 : err = neigh_fill_info(skb, n, pid, 0, type, flags);
3362 7 : if (err < 0) {
3363 : /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3364 0 : WARN_ON(err == -EMSGSIZE);
3365 0 : kfree_skb(skb);
3366 0 : goto errout;
3367 : }
3368 7 : rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3369 7 : return;
3370 0 : errout:
3371 0 : if (err < 0)
3372 0 : rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3373 : }
3374 :
3375 0 : void neigh_app_ns(struct neighbour *n)
3376 : {
3377 0 : __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3378 0 : }
3379 : EXPORT_SYMBOL(neigh_app_ns);
3380 :
3381 : #ifdef CONFIG_SYSCTL
3382 : static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3383 :
3384 0 : static int proc_unres_qlen(struct ctl_table *ctl, int write,
3385 : void *buffer, size_t *lenp, loff_t *ppos)
3386 : {
3387 0 : int size, ret;
3388 0 : struct ctl_table tmp = *ctl;
3389 :
3390 0 : tmp.extra1 = SYSCTL_ZERO;
3391 0 : tmp.extra2 = &unres_qlen_max;
3392 0 : tmp.data = &size;
3393 :
3394 0 : size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3395 0 : ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3396 :
3397 0 : if (write && !ret)
3398 0 : *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3399 0 : return ret;
3400 : }
3401 :
3402 0 : static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3403 : int family)
3404 : {
3405 0 : switch (family) {
3406 : case AF_INET:
3407 0 : return __in_dev_arp_parms_get_rcu(dev);
3408 : case AF_INET6:
3409 0 : return __in6_dev_nd_parms_get_rcu(dev);
3410 : }
3411 : return NULL;
3412 : }
3413 :
3414 0 : static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3415 : int index)
3416 : {
3417 0 : struct net_device *dev;
3418 0 : int family = neigh_parms_family(p);
3419 :
3420 0 : rcu_read_lock();
3421 0 : for_each_netdev_rcu(net, dev) {
3422 0 : struct neigh_parms *dst_p =
3423 0 : neigh_get_dev_parms_rcu(dev, family);
3424 :
3425 0 : if (dst_p && !test_bit(index, dst_p->data_state))
3426 0 : dst_p->data[index] = p->data[index];
3427 : }
3428 0 : rcu_read_unlock();
3429 0 : }
3430 :
3431 0 : static void neigh_proc_update(struct ctl_table *ctl, int write)
3432 : {
3433 0 : struct net_device *dev = ctl->extra1;
3434 0 : struct neigh_parms *p = ctl->extra2;
3435 0 : struct net *net = neigh_parms_net(p);
3436 0 : int index = (int *) ctl->data - p->data;
3437 :
3438 0 : if (!write)
3439 : return;
3440 :
3441 0 : set_bit(index, p->data_state);
3442 0 : if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3443 0 : call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3444 0 : if (!dev) /* NULL dev means this is default value */
3445 0 : neigh_copy_dflt_parms(net, p, index);
3446 : }
3447 :
3448 0 : static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3449 : void *buffer, size_t *lenp,
3450 : loff_t *ppos)
3451 : {
3452 0 : struct ctl_table tmp = *ctl;
3453 0 : int ret;
3454 :
3455 0 : tmp.extra1 = SYSCTL_ZERO;
3456 0 : tmp.extra2 = SYSCTL_INT_MAX;
3457 :
3458 0 : ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3459 0 : neigh_proc_update(ctl, write);
3460 0 : return ret;
3461 : }
3462 :
3463 0 : int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3464 : size_t *lenp, loff_t *ppos)
3465 : {
3466 0 : int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3467 :
3468 0 : neigh_proc_update(ctl, write);
3469 0 : return ret;
3470 : }
3471 : EXPORT_SYMBOL(neigh_proc_dointvec);
3472 :
3473 0 : int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3474 : size_t *lenp, loff_t *ppos)
3475 : {
3476 0 : int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3477 :
3478 0 : neigh_proc_update(ctl, write);
3479 0 : return ret;
3480 : }
3481 : EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3482 :
3483 0 : static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3484 : void *buffer, size_t *lenp,
3485 : loff_t *ppos)
3486 : {
3487 0 : int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3488 :
3489 0 : neigh_proc_update(ctl, write);
3490 0 : return ret;
3491 : }
3492 :
3493 0 : int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3494 : void *buffer, size_t *lenp, loff_t *ppos)
3495 : {
3496 0 : int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3497 :
3498 0 : neigh_proc_update(ctl, write);
3499 0 : return ret;
3500 : }
3501 : EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3502 :
3503 0 : static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3504 : void *buffer, size_t *lenp,
3505 : loff_t *ppos)
3506 : {
3507 0 : int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3508 :
3509 0 : neigh_proc_update(ctl, write);
3510 0 : return ret;
3511 : }
3512 :
3513 0 : static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3514 : void *buffer, size_t *lenp,
3515 : loff_t *ppos)
3516 : {
3517 0 : struct neigh_parms *p = ctl->extra2;
3518 0 : int ret;
3519 :
3520 0 : if (strcmp(ctl->procname, "base_reachable_time") == 0)
3521 0 : ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3522 0 : else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3523 0 : ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3524 : else
3525 : ret = -1;
3526 :
3527 0 : if (write && ret == 0) {
3528 : /* update reachable_time as well, otherwise, the change will
3529 : * only be effective after the next time neigh_periodic_work
3530 : * decides to recompute it
3531 : */
3532 0 : p->reachable_time =
3533 0 : neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3534 : }
3535 0 : return ret;
3536 : }
3537 :
3538 : #define NEIGH_PARMS_DATA_OFFSET(index) \
3539 : (&((struct neigh_parms *) 0)->data[index])
3540 :
3541 : #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3542 : [NEIGH_VAR_ ## attr] = { \
3543 : .procname = name, \
3544 : .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3545 : .maxlen = sizeof(int), \
3546 : .mode = mval, \
3547 : .proc_handler = proc, \
3548 : }
3549 :
3550 : #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3551 : NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3552 :
3553 : #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3554 : NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3555 :
3556 : #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3557 : NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3558 :
3559 : #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3560 : NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3561 :
3562 : #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3563 : NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3564 :
3565 : static struct neigh_sysctl_table {
3566 : struct ctl_table_header *sysctl_header;
3567 : struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3568 : } neigh_sysctl_template __read_mostly = {
3569 : .neigh_vars = {
3570 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3571 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3572 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3573 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3574 : NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3575 : NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3576 : NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3577 : NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3578 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3579 : NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3580 : NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3581 : NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3582 : NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3583 : NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3584 : NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3585 : NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3586 : [NEIGH_VAR_GC_INTERVAL] = {
3587 : .procname = "gc_interval",
3588 : .maxlen = sizeof(int),
3589 : .mode = 0644,
3590 : .proc_handler = proc_dointvec_jiffies,
3591 : },
3592 : [NEIGH_VAR_GC_THRESH1] = {
3593 : .procname = "gc_thresh1",
3594 : .maxlen = sizeof(int),
3595 : .mode = 0644,
3596 : .extra1 = SYSCTL_ZERO,
3597 : .extra2 = SYSCTL_INT_MAX,
3598 : .proc_handler = proc_dointvec_minmax,
3599 : },
3600 : [NEIGH_VAR_GC_THRESH2] = {
3601 : .procname = "gc_thresh2",
3602 : .maxlen = sizeof(int),
3603 : .mode = 0644,
3604 : .extra1 = SYSCTL_ZERO,
3605 : .extra2 = SYSCTL_INT_MAX,
3606 : .proc_handler = proc_dointvec_minmax,
3607 : },
3608 : [NEIGH_VAR_GC_THRESH3] = {
3609 : .procname = "gc_thresh3",
3610 : .maxlen = sizeof(int),
3611 : .mode = 0644,
3612 : .extra1 = SYSCTL_ZERO,
3613 : .extra2 = SYSCTL_INT_MAX,
3614 : .proc_handler = proc_dointvec_minmax,
3615 : },
3616 : {},
3617 : },
3618 : };
3619 :
3620 3 : int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3621 : proc_handler *handler)
3622 : {
3623 3 : int i;
3624 3 : struct neigh_sysctl_table *t;
3625 3 : const char *dev_name_source;
3626 3 : char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3627 3 : char *p_name;
3628 :
3629 3 : t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3630 3 : if (!t)
3631 0 : goto err;
3632 :
3633 51 : for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3634 48 : t->neigh_vars[i].data += (long) p;
3635 48 : t->neigh_vars[i].extra1 = dev;
3636 48 : t->neigh_vars[i].extra2 = p;
3637 : }
3638 :
3639 3 : if (dev) {
3640 2 : dev_name_source = dev->name;
3641 : /* Terminate the table early */
3642 2 : memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3643 : sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3644 : } else {
3645 1 : struct neigh_table *tbl = p->tbl;
3646 1 : dev_name_source = "default";
3647 1 : t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3648 1 : t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3649 1 : t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3650 1 : t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3651 : }
3652 :
3653 3 : if (handler) {
3654 : /* RetransTime */
3655 0 : t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3656 : /* ReachableTime */
3657 0 : t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3658 : /* RetransTime (in milliseconds)*/
3659 0 : t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3660 : /* ReachableTime (in milliseconds) */
3661 0 : t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3662 : } else {
3663 : /* Those handlers will update p->reachable_time after
3664 : * base_reachable_time(_ms) is set to ensure the new timer starts being
3665 : * applied after the next neighbour update instead of waiting for
3666 : * neigh_periodic_work to update its value (can be multiple minutes)
3667 : * So any handler that replaces them should do this as well
3668 : */
3669 : /* ReachableTime */
3670 3 : t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3671 : neigh_proc_base_reachable_time;
3672 : /* ReachableTime (in milliseconds) */
3673 3 : t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3674 : neigh_proc_base_reachable_time;
3675 : }
3676 :
3677 : /* Don't export sysctls to unprivileged users */
3678 3 : if (neigh_parms_net(p)->user_ns != &init_user_ns)
3679 0 : t->neigh_vars[0].procname = NULL;
3680 :
3681 3 : switch (neigh_parms_family(p)) {
3682 : case AF_INET:
3683 : p_name = "ipv4";
3684 : break;
3685 0 : case AF_INET6:
3686 0 : p_name = "ipv6";
3687 0 : break;
3688 0 : default:
3689 0 : BUG();
3690 : }
3691 :
3692 3 : snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3693 : p_name, dev_name_source);
3694 6 : t->sysctl_header =
3695 3 : register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3696 3 : if (!t->sysctl_header)
3697 0 : goto free;
3698 :
3699 3 : p->sysctl_table = t;
3700 3 : return 0;
3701 :
3702 0 : free:
3703 0 : kfree(t);
3704 : err:
3705 : return -ENOBUFS;
3706 : }
3707 : EXPORT_SYMBOL(neigh_sysctl_register);
3708 :
3709 0 : void neigh_sysctl_unregister(struct neigh_parms *p)
3710 : {
3711 0 : if (p->sysctl_table) {
3712 0 : struct neigh_sysctl_table *t = p->sysctl_table;
3713 0 : p->sysctl_table = NULL;
3714 0 : unregister_net_sysctl_table(t->sysctl_header);
3715 0 : kfree(t);
3716 : }
3717 0 : }
3718 : EXPORT_SYMBOL(neigh_sysctl_unregister);
3719 :
3720 : #endif /* CONFIG_SYSCTL */
3721 :
3722 1 : static int __init neigh_init(void)
3723 : {
3724 1 : rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3725 1 : rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3726 1 : rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3727 :
3728 1 : rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3729 : 0);
3730 1 : rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3731 :
3732 1 : return 0;
3733 : }
3734 :
3735 : subsys_initcall(neigh_init);
|
