1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/kmemleak.h> 18 #include <linux/types.h> 19 #include <linux/kernel.h> 20 #include <linux/module.h> 21 #include <linux/socket.h> 22 #include <linux/netdevice.h> 23 #include <linux/proc_fs.h> 24 #ifdef CONFIG_SYSCTL 25 #include <linux/sysctl.h> 26 #endif 27 #include <linux/times.h> 28 #include <net/net_namespace.h> 29 #include <net/neighbour.h> 30 #include <net/arp.h> 31 #include <net/dst.h> 32 #include <net/sock.h> 33 #include <net/netevent.h> 34 #include <net/netlink.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/random.h> 37 #include <linux/string.h> 38 #include <linux/log2.h> 39 #include <linux/inetdevice.h> 40 #include <net/addrconf.h> 41 42 #include <trace/events/neigh.h> 43 44 #define NEIGH_DEBUG 1 45 #define neigh_dbg(level, fmt, ...) \ 46 do { \ 47 if (level <= NEIGH_DEBUG) \ 48 pr_debug(fmt, ##__VA_ARGS__); \ 49 } while (0) 50 51 #define PNEIGH_HASHMASK 0xF 52 53 static void neigh_timer_handler(struct timer_list *t); 54 static void __neigh_notify(struct neighbour *n, int type, int flags, 55 u32 pid); 56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 58 struct net_device *dev); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 /* 65 Neighbour hash table buckets are protected with rwlock tbl->lock. 66 67 - All the scans/updates to hash buckets MUST be made under this lock. 68 - NOTHING clever should be made under this lock: no callbacks 69 to protocol backends, no attempts to send something to network. 70 It will result in deadlocks, if backend/driver wants to use neighbour 71 cache. 72 - If the entry requires some non-trivial actions, increase 73 its reference count and release table lock. 74 75 Neighbour entries are protected: 76 - with reference count. 77 - with rwlock neigh->lock 78 79 Reference count prevents destruction. 80 81 neigh->lock mainly serializes ll address data and its validity state. 82 However, the same lock is used to protect another entry fields: 83 - timer 84 - resolution queue 85 86 Again, nothing clever shall be made under neigh->lock, 87 the most complicated procedure, which we allow is dev->hard_header. 88 It is supposed, that dev->hard_header is simplistic and does 89 not make callbacks to neighbour tables. 90 */ 91 92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 93 { 94 kfree_skb(skb); 95 return -ENETDOWN; 96 } 97 98 static void neigh_cleanup_and_release(struct neighbour *neigh) 99 { 100 trace_neigh_cleanup_and_release(neigh, 0); 101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 103 neigh_release(neigh); 104 } 105 106 /* 107 * It is random distribution in the interval (1/2)*base...(3/2)*base. 108 * It corresponds to default IPv6 settings and is not overridable, 109 * because it is really reasonable choice. 110 */ 111 112 unsigned long neigh_rand_reach_time(unsigned long base) 113 { 114 return base ? get_random_u32_below(base) + (base >> 1) : 0; 115 } 116 EXPORT_SYMBOL(neigh_rand_reach_time); 117 118 static void neigh_mark_dead(struct neighbour *n) 119 { 120 n->dead = 1; 121 if (!list_empty(&n->gc_list)) { 122 list_del_init(&n->gc_list); 123 atomic_dec(&n->tbl->gc_entries); 124 } 125 if (!list_empty(&n->managed_list)) 126 list_del_init(&n->managed_list); 127 } 128 129 static void neigh_update_gc_list(struct neighbour *n) 130 { 131 bool on_gc_list, exempt_from_gc; 132 133 write_lock_bh(&n->tbl->lock); 134 write_lock(&n->lock); 135 if (n->dead) 136 goto out; 137 138 /* remove from the gc list if new state is permanent or if neighbor 139 * is externally learned; otherwise entry should be on the gc list 140 */ 141 exempt_from_gc = n->nud_state & NUD_PERMANENT || 142 n->flags & NTF_EXT_LEARNED; 143 on_gc_list = !list_empty(&n->gc_list); 144 145 if (exempt_from_gc && on_gc_list) { 146 list_del_init(&n->gc_list); 147 atomic_dec(&n->tbl->gc_entries); 148 } else if (!exempt_from_gc && !on_gc_list) { 149 /* add entries to the tail; cleaning removes from the front */ 150 list_add_tail(&n->gc_list, &n->tbl->gc_list); 151 atomic_inc(&n->tbl->gc_entries); 152 } 153 out: 154 write_unlock(&n->lock); 155 write_unlock_bh(&n->tbl->lock); 156 } 157 158 static void neigh_update_managed_list(struct neighbour *n) 159 { 160 bool on_managed_list, add_to_managed; 161 162 write_lock_bh(&n->tbl->lock); 163 write_lock(&n->lock); 164 if (n->dead) 165 goto out; 166 167 add_to_managed = n->flags & NTF_MANAGED; 168 on_managed_list = !list_empty(&n->managed_list); 169 170 if (!add_to_managed && on_managed_list) 171 list_del_init(&n->managed_list); 172 else if (add_to_managed && !on_managed_list) 173 list_add_tail(&n->managed_list, &n->tbl->managed_list); 174 out: 175 write_unlock(&n->lock); 176 write_unlock_bh(&n->tbl->lock); 177 } 178 179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 180 bool *gc_update, bool *managed_update) 181 { 182 u32 ndm_flags, old_flags = neigh->flags; 183 184 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 185 return; 186 187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 189 190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 191 if (ndm_flags & NTF_EXT_LEARNED) 192 neigh->flags |= NTF_EXT_LEARNED; 193 else 194 neigh->flags &= ~NTF_EXT_LEARNED; 195 *notify = 1; 196 *gc_update = true; 197 } 198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 199 if (ndm_flags & NTF_MANAGED) 200 neigh->flags |= NTF_MANAGED; 201 else 202 neigh->flags &= ~NTF_MANAGED; 203 *notify = 1; 204 *managed_update = true; 205 } 206 } 207 208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np, 209 struct neigh_table *tbl) 210 { 211 bool retval = false; 212 213 write_lock(&n->lock); 214 if (refcount_read(&n->refcnt) == 1) { 215 struct neighbour *neigh; 216 217 neigh = rcu_dereference_protected(n->next, 218 lockdep_is_held(&tbl->lock)); 219 rcu_assign_pointer(*np, neigh); 220 neigh_mark_dead(n); 221 retval = true; 222 } 223 write_unlock(&n->lock); 224 if (retval) 225 neigh_cleanup_and_release(n); 226 return retval; 227 } 228 229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl) 230 { 231 struct neigh_hash_table *nht; 232 void *pkey = ndel->primary_key; 233 u32 hash_val; 234 struct neighbour *n; 235 struct neighbour __rcu **np; 236 237 nht = rcu_dereference_protected(tbl->nht, 238 lockdep_is_held(&tbl->lock)); 239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd); 240 hash_val = hash_val >> (32 - nht->hash_shift); 241 242 np = &nht->hash_buckets[hash_val]; 243 while ((n = rcu_dereference_protected(*np, 244 lockdep_is_held(&tbl->lock)))) { 245 if (n == ndel) 246 return neigh_del(n, np, tbl); 247 np = &n->next; 248 } 249 return false; 250 } 251 252 static int neigh_forced_gc(struct neigh_table *tbl) 253 { 254 int max_clean = atomic_read(&tbl->gc_entries) - 255 READ_ONCE(tbl->gc_thresh2); 256 unsigned long tref = jiffies - 5 * HZ; 257 struct neighbour *n, *tmp; 258 int shrunk = 0; 259 260 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 261 262 write_lock_bh(&tbl->lock); 263 264 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 265 if (refcount_read(&n->refcnt) == 1) { 266 bool remove = false; 267 268 write_lock(&n->lock); 269 if ((n->nud_state == NUD_FAILED) || 270 (n->nud_state == NUD_NOARP) || 271 (tbl->is_multicast && 272 tbl->is_multicast(n->primary_key)) || 273 !time_in_range(n->updated, tref, jiffies)) 274 remove = true; 275 write_unlock(&n->lock); 276 277 if (remove && neigh_remove_one(n, tbl)) 278 shrunk++; 279 if (shrunk >= max_clean) 280 break; 281 } 282 } 283 284 WRITE_ONCE(tbl->last_flush, jiffies); 285 286 write_unlock_bh(&tbl->lock); 287 288 return shrunk; 289 } 290 291 static void neigh_add_timer(struct neighbour *n, unsigned long when) 292 { 293 /* Use safe distance from the jiffies - LONG_MAX point while timer 294 * is running in DELAY/PROBE state but still show to user space 295 * large times in the past. 296 */ 297 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 298 299 neigh_hold(n); 300 if (!time_in_range(n->confirmed, mint, jiffies)) 301 n->confirmed = mint; 302 if (time_before(n->used, n->confirmed)) 303 n->used = n->confirmed; 304 if (unlikely(mod_timer(&n->timer, when))) { 305 printk("NEIGH: BUG, double timer add, state is %x\n", 306 n->nud_state); 307 dump_stack(); 308 } 309 } 310 311 static int neigh_del_timer(struct neighbour *n) 312 { 313 if ((n->nud_state & NUD_IN_TIMER) && 314 del_timer(&n->timer)) { 315 neigh_release(n); 316 return 1; 317 } 318 return 0; 319 } 320 321 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 322 int family) 323 { 324 switch (family) { 325 case AF_INET: 326 return __in_dev_arp_parms_get_rcu(dev); 327 case AF_INET6: 328 return __in6_dev_nd_parms_get_rcu(dev); 329 } 330 return NULL; 331 } 332 333 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 334 { 335 struct neigh_parms *p; 336 337 rcu_read_lock(); 338 p = neigh_get_dev_parms_rcu(dev, family); 339 if (p) 340 p->qlen--; 341 rcu_read_unlock(); 342 } 343 344 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 345 int family) 346 { 347 struct sk_buff_head tmp; 348 unsigned long flags; 349 struct sk_buff *skb; 350 351 skb_queue_head_init(&tmp); 352 spin_lock_irqsave(&list->lock, flags); 353 skb = skb_peek(list); 354 while (skb != NULL) { 355 struct sk_buff *skb_next = skb_peek_next(skb, list); 356 struct net_device *dev = skb->dev; 357 358 if (net == NULL || net_eq(dev_net(dev), net)) { 359 neigh_parms_qlen_dec(dev, family); 360 __skb_unlink(skb, list); 361 __skb_queue_tail(&tmp, skb); 362 } 363 skb = skb_next; 364 } 365 spin_unlock_irqrestore(&list->lock, flags); 366 367 while ((skb = __skb_dequeue(&tmp))) { 368 dev_put(skb->dev); 369 kfree_skb(skb); 370 } 371 } 372 373 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 374 bool skip_perm) 375 { 376 int i; 377 struct neigh_hash_table *nht; 378 379 nht = rcu_dereference_protected(tbl->nht, 380 lockdep_is_held(&tbl->lock)); 381 382 for (i = 0; i < (1 << nht->hash_shift); i++) { 383 struct neighbour *n; 384 struct neighbour __rcu **np = &nht->hash_buckets[i]; 385 386 while ((n = rcu_dereference_protected(*np, 387 lockdep_is_held(&tbl->lock))) != NULL) { 388 if (dev && n->dev != dev) { 389 np = &n->next; 390 continue; 391 } 392 if (skip_perm && n->nud_state & NUD_PERMANENT) { 393 np = &n->next; 394 continue; 395 } 396 rcu_assign_pointer(*np, 397 rcu_dereference_protected(n->next, 398 lockdep_is_held(&tbl->lock))); 399 write_lock(&n->lock); 400 neigh_del_timer(n); 401 neigh_mark_dead(n); 402 if (refcount_read(&n->refcnt) != 1) { 403 /* The most unpleasant situation. 404 We must destroy neighbour entry, 405 but someone still uses it. 406 407 The destroy will be delayed until 408 the last user releases us, but 409 we must kill timers etc. and move 410 it to safe state. 411 */ 412 __skb_queue_purge(&n->arp_queue); 413 n->arp_queue_len_bytes = 0; 414 WRITE_ONCE(n->output, neigh_blackhole); 415 if (n->nud_state & NUD_VALID) 416 n->nud_state = NUD_NOARP; 417 else 418 n->nud_state = NUD_NONE; 419 neigh_dbg(2, "neigh %p is stray\n", n); 420 } 421 write_unlock(&n->lock); 422 neigh_cleanup_and_release(n); 423 } 424 } 425 } 426 427 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 428 { 429 write_lock_bh(&tbl->lock); 430 neigh_flush_dev(tbl, dev, false); 431 write_unlock_bh(&tbl->lock); 432 } 433 EXPORT_SYMBOL(neigh_changeaddr); 434 435 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 436 bool skip_perm) 437 { 438 write_lock_bh(&tbl->lock); 439 neigh_flush_dev(tbl, dev, skip_perm); 440 pneigh_ifdown_and_unlock(tbl, dev); 441 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 442 tbl->family); 443 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 444 del_timer_sync(&tbl->proxy_timer); 445 return 0; 446 } 447 448 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 449 { 450 __neigh_ifdown(tbl, dev, true); 451 return 0; 452 } 453 EXPORT_SYMBOL(neigh_carrier_down); 454 455 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 456 { 457 __neigh_ifdown(tbl, dev, false); 458 return 0; 459 } 460 EXPORT_SYMBOL(neigh_ifdown); 461 462 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 463 struct net_device *dev, 464 u32 flags, bool exempt_from_gc) 465 { 466 struct neighbour *n = NULL; 467 unsigned long now = jiffies; 468 int entries, gc_thresh3; 469 470 if (exempt_from_gc) 471 goto do_alloc; 472 473 entries = atomic_inc_return(&tbl->gc_entries) - 1; 474 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 475 if (entries >= gc_thresh3 || 476 (entries >= READ_ONCE(tbl->gc_thresh2) && 477 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 478 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 479 net_info_ratelimited("%s: neighbor table overflow!\n", 480 tbl->id); 481 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 482 goto out_entries; 483 } 484 } 485 486 do_alloc: 487 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 488 if (!n) 489 goto out_entries; 490 491 __skb_queue_head_init(&n->arp_queue); 492 rwlock_init(&n->lock); 493 seqlock_init(&n->ha_lock); 494 n->updated = n->used = now; 495 n->nud_state = NUD_NONE; 496 n->output = neigh_blackhole; 497 n->flags = flags; 498 seqlock_init(&n->hh.hh_lock); 499 n->parms = neigh_parms_clone(&tbl->parms); 500 timer_setup(&n->timer, neigh_timer_handler, 0); 501 502 NEIGH_CACHE_STAT_INC(tbl, allocs); 503 n->tbl = tbl; 504 refcount_set(&n->refcnt, 1); 505 n->dead = 1; 506 INIT_LIST_HEAD(&n->gc_list); 507 INIT_LIST_HEAD(&n->managed_list); 508 509 atomic_inc(&tbl->entries); 510 out: 511 return n; 512 513 out_entries: 514 if (!exempt_from_gc) 515 atomic_dec(&tbl->gc_entries); 516 goto out; 517 } 518 519 static void neigh_get_hash_rnd(u32 *x) 520 { 521 *x = get_random_u32() | 1; 522 } 523 524 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 525 { 526 size_t size = (1 << shift) * sizeof(struct neighbour *); 527 struct neigh_hash_table *ret; 528 struct neighbour __rcu **buckets; 529 int i; 530 531 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 532 if (!ret) 533 return NULL; 534 if (size <= PAGE_SIZE) { 535 buckets = kzalloc(size, GFP_ATOMIC); 536 } else { 537 buckets = (struct neighbour __rcu **) 538 __get_free_pages(GFP_ATOMIC | __GFP_ZERO, 539 get_order(size)); 540 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC); 541 } 542 if (!buckets) { 543 kfree(ret); 544 return NULL; 545 } 546 ret->hash_buckets = buckets; 547 ret->hash_shift = shift; 548 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 549 neigh_get_hash_rnd(&ret->hash_rnd[i]); 550 return ret; 551 } 552 553 static void neigh_hash_free_rcu(struct rcu_head *head) 554 { 555 struct neigh_hash_table *nht = container_of(head, 556 struct neigh_hash_table, 557 rcu); 558 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *); 559 struct neighbour __rcu **buckets = nht->hash_buckets; 560 561 if (size <= PAGE_SIZE) { 562 kfree(buckets); 563 } else { 564 kmemleak_free(buckets); 565 free_pages((unsigned long)buckets, get_order(size)); 566 } 567 kfree(nht); 568 } 569 570 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 571 unsigned long new_shift) 572 { 573 unsigned int i, hash; 574 struct neigh_hash_table *new_nht, *old_nht; 575 576 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 577 578 old_nht = rcu_dereference_protected(tbl->nht, 579 lockdep_is_held(&tbl->lock)); 580 new_nht = neigh_hash_alloc(new_shift); 581 if (!new_nht) 582 return old_nht; 583 584 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 585 struct neighbour *n, *next; 586 587 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 588 lockdep_is_held(&tbl->lock)); 589 n != NULL; 590 n = next) { 591 hash = tbl->hash(n->primary_key, n->dev, 592 new_nht->hash_rnd); 593 594 hash >>= (32 - new_nht->hash_shift); 595 next = rcu_dereference_protected(n->next, 596 lockdep_is_held(&tbl->lock)); 597 598 rcu_assign_pointer(n->next, 599 rcu_dereference_protected( 600 new_nht->hash_buckets[hash], 601 lockdep_is_held(&tbl->lock))); 602 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 603 } 604 } 605 606 rcu_assign_pointer(tbl->nht, new_nht); 607 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 608 return new_nht; 609 } 610 611 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 612 struct net_device *dev) 613 { 614 struct neighbour *n; 615 616 NEIGH_CACHE_STAT_INC(tbl, lookups); 617 618 rcu_read_lock(); 619 n = __neigh_lookup_noref(tbl, pkey, dev); 620 if (n) { 621 if (!refcount_inc_not_zero(&n->refcnt)) 622 n = NULL; 623 NEIGH_CACHE_STAT_INC(tbl, hits); 624 } 625 626 rcu_read_unlock(); 627 return n; 628 } 629 EXPORT_SYMBOL(neigh_lookup); 630 631 static struct neighbour * 632 ___neigh_create(struct neigh_table *tbl, const void *pkey, 633 struct net_device *dev, u32 flags, 634 bool exempt_from_gc, bool want_ref) 635 { 636 u32 hash_val, key_len = tbl->key_len; 637 struct neighbour *n1, *rc, *n; 638 struct neigh_hash_table *nht; 639 int error; 640 641 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 642 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 643 if (!n) { 644 rc = ERR_PTR(-ENOBUFS); 645 goto out; 646 } 647 648 memcpy(n->primary_key, pkey, key_len); 649 n->dev = dev; 650 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 651 652 /* Protocol specific setup. */ 653 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 654 rc = ERR_PTR(error); 655 goto out_neigh_release; 656 } 657 658 if (dev->netdev_ops->ndo_neigh_construct) { 659 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 660 if (error < 0) { 661 rc = ERR_PTR(error); 662 goto out_neigh_release; 663 } 664 } 665 666 /* Device specific setup. */ 667 if (n->parms->neigh_setup && 668 (error = n->parms->neigh_setup(n)) < 0) { 669 rc = ERR_PTR(error); 670 goto out_neigh_release; 671 } 672 673 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 674 675 write_lock_bh(&tbl->lock); 676 nht = rcu_dereference_protected(tbl->nht, 677 lockdep_is_held(&tbl->lock)); 678 679 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 680 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 681 682 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 683 684 if (n->parms->dead) { 685 rc = ERR_PTR(-EINVAL); 686 goto out_tbl_unlock; 687 } 688 689 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 690 lockdep_is_held(&tbl->lock)); 691 n1 != NULL; 692 n1 = rcu_dereference_protected(n1->next, 693 lockdep_is_held(&tbl->lock))) { 694 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 695 if (want_ref) 696 neigh_hold(n1); 697 rc = n1; 698 goto out_tbl_unlock; 699 } 700 } 701 702 n->dead = 0; 703 if (!exempt_from_gc) 704 list_add_tail(&n->gc_list, &n->tbl->gc_list); 705 if (n->flags & NTF_MANAGED) 706 list_add_tail(&n->managed_list, &n->tbl->managed_list); 707 if (want_ref) 708 neigh_hold(n); 709 rcu_assign_pointer(n->next, 710 rcu_dereference_protected(nht->hash_buckets[hash_val], 711 lockdep_is_held(&tbl->lock))); 712 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 713 write_unlock_bh(&tbl->lock); 714 neigh_dbg(2, "neigh %p is created\n", n); 715 rc = n; 716 out: 717 return rc; 718 out_tbl_unlock: 719 write_unlock_bh(&tbl->lock); 720 out_neigh_release: 721 if (!exempt_from_gc) 722 atomic_dec(&tbl->gc_entries); 723 neigh_release(n); 724 goto out; 725 } 726 727 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 728 struct net_device *dev, bool want_ref) 729 { 730 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref); 731 } 732 EXPORT_SYMBOL(__neigh_create); 733 734 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 735 { 736 u32 hash_val = *(u32 *)(pkey + key_len - 4); 737 hash_val ^= (hash_val >> 16); 738 hash_val ^= hash_val >> 8; 739 hash_val ^= hash_val >> 4; 740 hash_val &= PNEIGH_HASHMASK; 741 return hash_val; 742 } 743 744 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 745 struct net *net, 746 const void *pkey, 747 unsigned int key_len, 748 struct net_device *dev) 749 { 750 while (n) { 751 if (!memcmp(n->key, pkey, key_len) && 752 net_eq(pneigh_net(n), net) && 753 (n->dev == dev || !n->dev)) 754 return n; 755 n = n->next; 756 } 757 return NULL; 758 } 759 760 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 761 struct net *net, const void *pkey, struct net_device *dev) 762 { 763 unsigned int key_len = tbl->key_len; 764 u32 hash_val = pneigh_hash(pkey, key_len); 765 766 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 767 net, pkey, key_len, dev); 768 } 769 EXPORT_SYMBOL_GPL(__pneigh_lookup); 770 771 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 772 struct net *net, const void *pkey, 773 struct net_device *dev, int creat) 774 { 775 struct pneigh_entry *n; 776 unsigned int key_len = tbl->key_len; 777 u32 hash_val = pneigh_hash(pkey, key_len); 778 779 read_lock_bh(&tbl->lock); 780 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 781 net, pkey, key_len, dev); 782 read_unlock_bh(&tbl->lock); 783 784 if (n || !creat) 785 goto out; 786 787 ASSERT_RTNL(); 788 789 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 790 if (!n) 791 goto out; 792 793 write_pnet(&n->net, net); 794 memcpy(n->key, pkey, key_len); 795 n->dev = dev; 796 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 797 798 if (tbl->pconstructor && tbl->pconstructor(n)) { 799 netdev_put(dev, &n->dev_tracker); 800 kfree(n); 801 n = NULL; 802 goto out; 803 } 804 805 write_lock_bh(&tbl->lock); 806 n->next = tbl->phash_buckets[hash_val]; 807 tbl->phash_buckets[hash_val] = n; 808 write_unlock_bh(&tbl->lock); 809 out: 810 return n; 811 } 812 EXPORT_SYMBOL(pneigh_lookup); 813 814 815 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 816 struct net_device *dev) 817 { 818 struct pneigh_entry *n, **np; 819 unsigned int key_len = tbl->key_len; 820 u32 hash_val = pneigh_hash(pkey, key_len); 821 822 write_lock_bh(&tbl->lock); 823 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 824 np = &n->next) { 825 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 826 net_eq(pneigh_net(n), net)) { 827 *np = n->next; 828 write_unlock_bh(&tbl->lock); 829 if (tbl->pdestructor) 830 tbl->pdestructor(n); 831 netdev_put(n->dev, &n->dev_tracker); 832 kfree(n); 833 return 0; 834 } 835 } 836 write_unlock_bh(&tbl->lock); 837 return -ENOENT; 838 } 839 840 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 841 struct net_device *dev) 842 { 843 struct pneigh_entry *n, **np, *freelist = NULL; 844 u32 h; 845 846 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 847 np = &tbl->phash_buckets[h]; 848 while ((n = *np) != NULL) { 849 if (!dev || n->dev == dev) { 850 *np = n->next; 851 n->next = freelist; 852 freelist = n; 853 continue; 854 } 855 np = &n->next; 856 } 857 } 858 write_unlock_bh(&tbl->lock); 859 while ((n = freelist)) { 860 freelist = n->next; 861 n->next = NULL; 862 if (tbl->pdestructor) 863 tbl->pdestructor(n); 864 netdev_put(n->dev, &n->dev_tracker); 865 kfree(n); 866 } 867 return -ENOENT; 868 } 869 870 static void neigh_parms_destroy(struct neigh_parms *parms); 871 872 static inline void neigh_parms_put(struct neigh_parms *parms) 873 { 874 if (refcount_dec_and_test(&parms->refcnt)) 875 neigh_parms_destroy(parms); 876 } 877 878 /* 879 * neighbour must already be out of the table; 880 * 881 */ 882 void neigh_destroy(struct neighbour *neigh) 883 { 884 struct net_device *dev = neigh->dev; 885 886 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 887 888 if (!neigh->dead) { 889 pr_warn("Destroying alive neighbour %p\n", neigh); 890 dump_stack(); 891 return; 892 } 893 894 if (neigh_del_timer(neigh)) 895 pr_warn("Impossible event\n"); 896 897 write_lock_bh(&neigh->lock); 898 __skb_queue_purge(&neigh->arp_queue); 899 write_unlock_bh(&neigh->lock); 900 neigh->arp_queue_len_bytes = 0; 901 902 if (dev->netdev_ops->ndo_neigh_destroy) 903 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 904 905 netdev_put(dev, &neigh->dev_tracker); 906 neigh_parms_put(neigh->parms); 907 908 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 909 910 atomic_dec(&neigh->tbl->entries); 911 kfree_rcu(neigh, rcu); 912 } 913 EXPORT_SYMBOL(neigh_destroy); 914 915 /* Neighbour state is suspicious; 916 disable fast path. 917 918 Called with write_locked neigh. 919 */ 920 static void neigh_suspect(struct neighbour *neigh) 921 { 922 neigh_dbg(2, "neigh %p is suspected\n", neigh); 923 924 WRITE_ONCE(neigh->output, neigh->ops->output); 925 } 926 927 /* Neighbour state is OK; 928 enable fast path. 929 930 Called with write_locked neigh. 931 */ 932 static void neigh_connect(struct neighbour *neigh) 933 { 934 neigh_dbg(2, "neigh %p is connected\n", neigh); 935 936 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 937 } 938 939 static void neigh_periodic_work(struct work_struct *work) 940 { 941 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 942 struct neighbour *n; 943 struct neighbour __rcu **np; 944 unsigned int i; 945 struct neigh_hash_table *nht; 946 947 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 948 949 write_lock_bh(&tbl->lock); 950 nht = rcu_dereference_protected(tbl->nht, 951 lockdep_is_held(&tbl->lock)); 952 953 /* 954 * periodically recompute ReachableTime from random function 955 */ 956 957 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 958 struct neigh_parms *p; 959 960 WRITE_ONCE(tbl->last_rand, jiffies); 961 list_for_each_entry(p, &tbl->parms_list, list) 962 p->reachable_time = 963 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 964 } 965 966 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 967 goto out; 968 969 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 970 np = &nht->hash_buckets[i]; 971 972 while ((n = rcu_dereference_protected(*np, 973 lockdep_is_held(&tbl->lock))) != NULL) { 974 unsigned int state; 975 976 write_lock(&n->lock); 977 978 state = n->nud_state; 979 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 980 (n->flags & NTF_EXT_LEARNED)) { 981 write_unlock(&n->lock); 982 goto next_elt; 983 } 984 985 if (time_before(n->used, n->confirmed) && 986 time_is_before_eq_jiffies(n->confirmed)) 987 n->used = n->confirmed; 988 989 if (refcount_read(&n->refcnt) == 1 && 990 (state == NUD_FAILED || 991 !time_in_range_open(jiffies, n->used, 992 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 993 rcu_assign_pointer(*np, 994 rcu_dereference_protected(n->next, 995 lockdep_is_held(&tbl->lock))); 996 neigh_mark_dead(n); 997 write_unlock(&n->lock); 998 neigh_cleanup_and_release(n); 999 continue; 1000 } 1001 write_unlock(&n->lock); 1002 1003 next_elt: 1004 np = &n->next; 1005 } 1006 /* 1007 * It's fine to release lock here, even if hash table 1008 * grows while we are preempted. 1009 */ 1010 write_unlock_bh(&tbl->lock); 1011 cond_resched(); 1012 write_lock_bh(&tbl->lock); 1013 nht = rcu_dereference_protected(tbl->nht, 1014 lockdep_is_held(&tbl->lock)); 1015 } 1016 out: 1017 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1018 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1019 * BASE_REACHABLE_TIME. 1020 */ 1021 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1022 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1023 write_unlock_bh(&tbl->lock); 1024 } 1025 1026 static __inline__ int neigh_max_probes(struct neighbour *n) 1027 { 1028 struct neigh_parms *p = n->parms; 1029 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1030 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1031 NEIGH_VAR(p, MCAST_PROBES)); 1032 } 1033 1034 static void neigh_invalidate(struct neighbour *neigh) 1035 __releases(neigh->lock) 1036 __acquires(neigh->lock) 1037 { 1038 struct sk_buff *skb; 1039 1040 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1041 neigh_dbg(2, "neigh %p is failed\n", neigh); 1042 neigh->updated = jiffies; 1043 1044 /* It is very thin place. report_unreachable is very complicated 1045 routine. Particularly, it can hit the same neighbour entry! 1046 1047 So that, we try to be accurate and avoid dead loop. --ANK 1048 */ 1049 while (neigh->nud_state == NUD_FAILED && 1050 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1051 write_unlock(&neigh->lock); 1052 neigh->ops->error_report(neigh, skb); 1053 write_lock(&neigh->lock); 1054 } 1055 __skb_queue_purge(&neigh->arp_queue); 1056 neigh->arp_queue_len_bytes = 0; 1057 } 1058 1059 static void neigh_probe(struct neighbour *neigh) 1060 __releases(neigh->lock) 1061 { 1062 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1063 /* keep skb alive even if arp_queue overflows */ 1064 if (skb) 1065 skb = skb_clone(skb, GFP_ATOMIC); 1066 write_unlock(&neigh->lock); 1067 if (neigh->ops->solicit) 1068 neigh->ops->solicit(neigh, skb); 1069 atomic_inc(&neigh->probes); 1070 consume_skb(skb); 1071 } 1072 1073 /* Called when a timer expires for a neighbour entry. */ 1074 1075 static void neigh_timer_handler(struct timer_list *t) 1076 { 1077 unsigned long now, next; 1078 struct neighbour *neigh = from_timer(neigh, t, timer); 1079 unsigned int state; 1080 int notify = 0; 1081 1082 write_lock(&neigh->lock); 1083 1084 state = neigh->nud_state; 1085 now = jiffies; 1086 next = now + HZ; 1087 1088 if (!(state & NUD_IN_TIMER)) 1089 goto out; 1090 1091 if (state & NUD_REACHABLE) { 1092 if (time_before_eq(now, 1093 neigh->confirmed + neigh->parms->reachable_time)) { 1094 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1095 next = neigh->confirmed + neigh->parms->reachable_time; 1096 } else if (time_before_eq(now, 1097 neigh->used + 1098 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1099 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1100 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1101 neigh->updated = jiffies; 1102 neigh_suspect(neigh); 1103 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1104 } else { 1105 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1106 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1107 neigh->updated = jiffies; 1108 neigh_suspect(neigh); 1109 notify = 1; 1110 } 1111 } else if (state & NUD_DELAY) { 1112 if (time_before_eq(now, 1113 neigh->confirmed + 1114 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1115 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1116 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1117 neigh->updated = jiffies; 1118 neigh_connect(neigh); 1119 notify = 1; 1120 next = neigh->confirmed + neigh->parms->reachable_time; 1121 } else { 1122 neigh_dbg(2, "neigh %p is probed\n", neigh); 1123 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1124 neigh->updated = jiffies; 1125 atomic_set(&neigh->probes, 0); 1126 notify = 1; 1127 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1128 HZ/100); 1129 } 1130 } else { 1131 /* NUD_PROBE|NUD_INCOMPLETE */ 1132 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1133 } 1134 1135 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1136 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1137 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1138 notify = 1; 1139 neigh_invalidate(neigh); 1140 goto out; 1141 } 1142 1143 if (neigh->nud_state & NUD_IN_TIMER) { 1144 if (time_before(next, jiffies + HZ/100)) 1145 next = jiffies + HZ/100; 1146 if (!mod_timer(&neigh->timer, next)) 1147 neigh_hold(neigh); 1148 } 1149 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1150 neigh_probe(neigh); 1151 } else { 1152 out: 1153 write_unlock(&neigh->lock); 1154 } 1155 1156 if (notify) 1157 neigh_update_notify(neigh, 0); 1158 1159 trace_neigh_timer_handler(neigh, 0); 1160 1161 neigh_release(neigh); 1162 } 1163 1164 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1165 const bool immediate_ok) 1166 { 1167 int rc; 1168 bool immediate_probe = false; 1169 1170 write_lock_bh(&neigh->lock); 1171 1172 rc = 0; 1173 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1174 goto out_unlock_bh; 1175 if (neigh->dead) 1176 goto out_dead; 1177 1178 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1179 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1180 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1181 unsigned long next, now = jiffies; 1182 1183 atomic_set(&neigh->probes, 1184 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1185 neigh_del_timer(neigh); 1186 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1187 neigh->updated = now; 1188 if (!immediate_ok) { 1189 next = now + 1; 1190 } else { 1191 immediate_probe = true; 1192 next = now + max(NEIGH_VAR(neigh->parms, 1193 RETRANS_TIME), 1194 HZ / 100); 1195 } 1196 neigh_add_timer(neigh, next); 1197 } else { 1198 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1199 neigh->updated = jiffies; 1200 write_unlock_bh(&neigh->lock); 1201 1202 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1203 return 1; 1204 } 1205 } else if (neigh->nud_state & NUD_STALE) { 1206 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1207 neigh_del_timer(neigh); 1208 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1209 neigh->updated = jiffies; 1210 neigh_add_timer(neigh, jiffies + 1211 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1212 } 1213 1214 if (neigh->nud_state == NUD_INCOMPLETE) { 1215 if (skb) { 1216 while (neigh->arp_queue_len_bytes + skb->truesize > 1217 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1218 struct sk_buff *buff; 1219 1220 buff = __skb_dequeue(&neigh->arp_queue); 1221 if (!buff) 1222 break; 1223 neigh->arp_queue_len_bytes -= buff->truesize; 1224 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1225 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1226 } 1227 skb_dst_force(skb); 1228 __skb_queue_tail(&neigh->arp_queue, skb); 1229 neigh->arp_queue_len_bytes += skb->truesize; 1230 } 1231 rc = 1; 1232 } 1233 out_unlock_bh: 1234 if (immediate_probe) 1235 neigh_probe(neigh); 1236 else 1237 write_unlock(&neigh->lock); 1238 local_bh_enable(); 1239 trace_neigh_event_send_done(neigh, rc); 1240 return rc; 1241 1242 out_dead: 1243 if (neigh->nud_state & NUD_STALE) 1244 goto out_unlock_bh; 1245 write_unlock_bh(&neigh->lock); 1246 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1247 trace_neigh_event_send_dead(neigh, 1); 1248 return 1; 1249 } 1250 EXPORT_SYMBOL(__neigh_event_send); 1251 1252 static void neigh_update_hhs(struct neighbour *neigh) 1253 { 1254 struct hh_cache *hh; 1255 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1256 = NULL; 1257 1258 if (neigh->dev->header_ops) 1259 update = neigh->dev->header_ops->cache_update; 1260 1261 if (update) { 1262 hh = &neigh->hh; 1263 if (READ_ONCE(hh->hh_len)) { 1264 write_seqlock_bh(&hh->hh_lock); 1265 update(hh, neigh->dev, neigh->ha); 1266 write_sequnlock_bh(&hh->hh_lock); 1267 } 1268 } 1269 } 1270 1271 /* Generic update routine. 1272 -- lladdr is new lladdr or NULL, if it is not supplied. 1273 -- new is new state. 1274 -- flags 1275 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1276 if it is different. 1277 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1278 lladdr instead of overriding it 1279 if it is different. 1280 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1281 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1282 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1283 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1284 NTF_ROUTER flag. 1285 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1286 a router. 1287 1288 Caller MUST hold reference count on the entry. 1289 */ 1290 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1291 u8 new, u32 flags, u32 nlmsg_pid, 1292 struct netlink_ext_ack *extack) 1293 { 1294 bool gc_update = false, managed_update = false; 1295 int update_isrouter = 0; 1296 struct net_device *dev; 1297 int err, notify = 0; 1298 u8 old; 1299 1300 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1301 1302 write_lock_bh(&neigh->lock); 1303 1304 dev = neigh->dev; 1305 old = neigh->nud_state; 1306 err = -EPERM; 1307 1308 if (neigh->dead) { 1309 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1310 new = old; 1311 goto out; 1312 } 1313 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1314 (old & (NUD_NOARP | NUD_PERMANENT))) 1315 goto out; 1316 1317 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1318 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1319 new = old & ~NUD_PERMANENT; 1320 WRITE_ONCE(neigh->nud_state, new); 1321 err = 0; 1322 goto out; 1323 } 1324 1325 if (!(new & NUD_VALID)) { 1326 neigh_del_timer(neigh); 1327 if (old & NUD_CONNECTED) 1328 neigh_suspect(neigh); 1329 WRITE_ONCE(neigh->nud_state, new); 1330 err = 0; 1331 notify = old & NUD_VALID; 1332 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1333 (new & NUD_FAILED)) { 1334 neigh_invalidate(neigh); 1335 notify = 1; 1336 } 1337 goto out; 1338 } 1339 1340 /* Compare new lladdr with cached one */ 1341 if (!dev->addr_len) { 1342 /* First case: device needs no address. */ 1343 lladdr = neigh->ha; 1344 } else if (lladdr) { 1345 /* The second case: if something is already cached 1346 and a new address is proposed: 1347 - compare new & old 1348 - if they are different, check override flag 1349 */ 1350 if ((old & NUD_VALID) && 1351 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1352 lladdr = neigh->ha; 1353 } else { 1354 /* No address is supplied; if we know something, 1355 use it, otherwise discard the request. 1356 */ 1357 err = -EINVAL; 1358 if (!(old & NUD_VALID)) { 1359 NL_SET_ERR_MSG(extack, "No link layer address given"); 1360 goto out; 1361 } 1362 lladdr = neigh->ha; 1363 } 1364 1365 /* Update confirmed timestamp for neighbour entry after we 1366 * received ARP packet even if it doesn't change IP to MAC binding. 1367 */ 1368 if (new & NUD_CONNECTED) 1369 neigh->confirmed = jiffies; 1370 1371 /* If entry was valid and address is not changed, 1372 do not change entry state, if new one is STALE. 1373 */ 1374 err = 0; 1375 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1376 if (old & NUD_VALID) { 1377 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1378 update_isrouter = 0; 1379 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1380 (old & NUD_CONNECTED)) { 1381 lladdr = neigh->ha; 1382 new = NUD_STALE; 1383 } else 1384 goto out; 1385 } else { 1386 if (lladdr == neigh->ha && new == NUD_STALE && 1387 !(flags & NEIGH_UPDATE_F_ADMIN)) 1388 new = old; 1389 } 1390 } 1391 1392 /* Update timestamp only once we know we will make a change to the 1393 * neighbour entry. Otherwise we risk to move the locktime window with 1394 * noop updates and ignore relevant ARP updates. 1395 */ 1396 if (new != old || lladdr != neigh->ha) 1397 neigh->updated = jiffies; 1398 1399 if (new != old) { 1400 neigh_del_timer(neigh); 1401 if (new & NUD_PROBE) 1402 atomic_set(&neigh->probes, 0); 1403 if (new & NUD_IN_TIMER) 1404 neigh_add_timer(neigh, (jiffies + 1405 ((new & NUD_REACHABLE) ? 1406 neigh->parms->reachable_time : 1407 0))); 1408 WRITE_ONCE(neigh->nud_state, new); 1409 notify = 1; 1410 } 1411 1412 if (lladdr != neigh->ha) { 1413 write_seqlock(&neigh->ha_lock); 1414 memcpy(&neigh->ha, lladdr, dev->addr_len); 1415 write_sequnlock(&neigh->ha_lock); 1416 neigh_update_hhs(neigh); 1417 if (!(new & NUD_CONNECTED)) 1418 neigh->confirmed = jiffies - 1419 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1420 notify = 1; 1421 } 1422 if (new == old) 1423 goto out; 1424 if (new & NUD_CONNECTED) 1425 neigh_connect(neigh); 1426 else 1427 neigh_suspect(neigh); 1428 if (!(old & NUD_VALID)) { 1429 struct sk_buff *skb; 1430 1431 /* Again: avoid dead loop if something went wrong */ 1432 1433 while (neigh->nud_state & NUD_VALID && 1434 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1435 struct dst_entry *dst = skb_dst(skb); 1436 struct neighbour *n2, *n1 = neigh; 1437 write_unlock_bh(&neigh->lock); 1438 1439 rcu_read_lock(); 1440 1441 /* Why not just use 'neigh' as-is? The problem is that 1442 * things such as shaper, eql, and sch_teql can end up 1443 * using alternative, different, neigh objects to output 1444 * the packet in the output path. So what we need to do 1445 * here is re-lookup the top-level neigh in the path so 1446 * we can reinject the packet there. 1447 */ 1448 n2 = NULL; 1449 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1450 n2 = dst_neigh_lookup_skb(dst, skb); 1451 if (n2) 1452 n1 = n2; 1453 } 1454 READ_ONCE(n1->output)(n1, skb); 1455 if (n2) 1456 neigh_release(n2); 1457 rcu_read_unlock(); 1458 1459 write_lock_bh(&neigh->lock); 1460 } 1461 __skb_queue_purge(&neigh->arp_queue); 1462 neigh->arp_queue_len_bytes = 0; 1463 } 1464 out: 1465 if (update_isrouter) 1466 neigh_update_is_router(neigh, flags, ¬ify); 1467 write_unlock_bh(&neigh->lock); 1468 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1469 neigh_update_gc_list(neigh); 1470 if (managed_update) 1471 neigh_update_managed_list(neigh); 1472 if (notify) 1473 neigh_update_notify(neigh, nlmsg_pid); 1474 trace_neigh_update_done(neigh, err); 1475 return err; 1476 } 1477 1478 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1479 u32 flags, u32 nlmsg_pid) 1480 { 1481 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1482 } 1483 EXPORT_SYMBOL(neigh_update); 1484 1485 /* Update the neigh to listen temporarily for probe responses, even if it is 1486 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1487 */ 1488 void __neigh_set_probe_once(struct neighbour *neigh) 1489 { 1490 if (neigh->dead) 1491 return; 1492 neigh->updated = jiffies; 1493 if (!(neigh->nud_state & NUD_FAILED)) 1494 return; 1495 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1496 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1497 neigh_add_timer(neigh, 1498 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1499 HZ/100)); 1500 } 1501 EXPORT_SYMBOL(__neigh_set_probe_once); 1502 1503 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1504 u8 *lladdr, void *saddr, 1505 struct net_device *dev) 1506 { 1507 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1508 lladdr || !dev->addr_len); 1509 if (neigh) 1510 neigh_update(neigh, lladdr, NUD_STALE, 1511 NEIGH_UPDATE_F_OVERRIDE, 0); 1512 return neigh; 1513 } 1514 EXPORT_SYMBOL(neigh_event_ns); 1515 1516 /* called with read_lock_bh(&n->lock); */ 1517 static void neigh_hh_init(struct neighbour *n) 1518 { 1519 struct net_device *dev = n->dev; 1520 __be16 prot = n->tbl->protocol; 1521 struct hh_cache *hh = &n->hh; 1522 1523 write_lock_bh(&n->lock); 1524 1525 /* Only one thread can come in here and initialize the 1526 * hh_cache entry. 1527 */ 1528 if (!hh->hh_len) 1529 dev->header_ops->cache(n, hh, prot); 1530 1531 write_unlock_bh(&n->lock); 1532 } 1533 1534 /* Slow and careful. */ 1535 1536 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1537 { 1538 int rc = 0; 1539 1540 if (!neigh_event_send(neigh, skb)) { 1541 int err; 1542 struct net_device *dev = neigh->dev; 1543 unsigned int seq; 1544 1545 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1546 neigh_hh_init(neigh); 1547 1548 do { 1549 __skb_pull(skb, skb_network_offset(skb)); 1550 seq = read_seqbegin(&neigh->ha_lock); 1551 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1552 neigh->ha, NULL, skb->len); 1553 } while (read_seqretry(&neigh->ha_lock, seq)); 1554 1555 if (err >= 0) 1556 rc = dev_queue_xmit(skb); 1557 else 1558 goto out_kfree_skb; 1559 } 1560 out: 1561 return rc; 1562 out_kfree_skb: 1563 rc = -EINVAL; 1564 kfree_skb(skb); 1565 goto out; 1566 } 1567 EXPORT_SYMBOL(neigh_resolve_output); 1568 1569 /* As fast as possible without hh cache */ 1570 1571 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1572 { 1573 struct net_device *dev = neigh->dev; 1574 unsigned int seq; 1575 int err; 1576 1577 do { 1578 __skb_pull(skb, skb_network_offset(skb)); 1579 seq = read_seqbegin(&neigh->ha_lock); 1580 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1581 neigh->ha, NULL, skb->len); 1582 } while (read_seqretry(&neigh->ha_lock, seq)); 1583 1584 if (err >= 0) 1585 err = dev_queue_xmit(skb); 1586 else { 1587 err = -EINVAL; 1588 kfree_skb(skb); 1589 } 1590 return err; 1591 } 1592 EXPORT_SYMBOL(neigh_connected_output); 1593 1594 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1595 { 1596 return dev_queue_xmit(skb); 1597 } 1598 EXPORT_SYMBOL(neigh_direct_output); 1599 1600 static void neigh_managed_work(struct work_struct *work) 1601 { 1602 struct neigh_table *tbl = container_of(work, struct neigh_table, 1603 managed_work.work); 1604 struct neighbour *neigh; 1605 1606 write_lock_bh(&tbl->lock); 1607 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1608 neigh_event_send_probe(neigh, NULL, false); 1609 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1610 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1611 write_unlock_bh(&tbl->lock); 1612 } 1613 1614 static void neigh_proxy_process(struct timer_list *t) 1615 { 1616 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1617 long sched_next = 0; 1618 unsigned long now = jiffies; 1619 struct sk_buff *skb, *n; 1620 1621 spin_lock(&tbl->proxy_queue.lock); 1622 1623 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1624 long tdif = NEIGH_CB(skb)->sched_next - now; 1625 1626 if (tdif <= 0) { 1627 struct net_device *dev = skb->dev; 1628 1629 neigh_parms_qlen_dec(dev, tbl->family); 1630 __skb_unlink(skb, &tbl->proxy_queue); 1631 1632 if (tbl->proxy_redo && netif_running(dev)) { 1633 rcu_read_lock(); 1634 tbl->proxy_redo(skb); 1635 rcu_read_unlock(); 1636 } else { 1637 kfree_skb(skb); 1638 } 1639 1640 dev_put(dev); 1641 } else if (!sched_next || tdif < sched_next) 1642 sched_next = tdif; 1643 } 1644 del_timer(&tbl->proxy_timer); 1645 if (sched_next) 1646 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1647 spin_unlock(&tbl->proxy_queue.lock); 1648 } 1649 1650 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1651 { 1652 /* If proxy_delay is zero, do not call get_random_u32_below() 1653 * as it is undefined behavior. 1654 */ 1655 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1656 1657 return proxy_delay ? 1658 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1659 } 1660 1661 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1662 struct sk_buff *skb) 1663 { 1664 unsigned long sched_next = neigh_proxy_delay(p); 1665 1666 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1667 kfree_skb(skb); 1668 return; 1669 } 1670 1671 NEIGH_CB(skb)->sched_next = sched_next; 1672 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1673 1674 spin_lock(&tbl->proxy_queue.lock); 1675 if (del_timer(&tbl->proxy_timer)) { 1676 if (time_before(tbl->proxy_timer.expires, sched_next)) 1677 sched_next = tbl->proxy_timer.expires; 1678 } 1679 skb_dst_drop(skb); 1680 dev_hold(skb->dev); 1681 __skb_queue_tail(&tbl->proxy_queue, skb); 1682 p->qlen++; 1683 mod_timer(&tbl->proxy_timer, sched_next); 1684 spin_unlock(&tbl->proxy_queue.lock); 1685 } 1686 EXPORT_SYMBOL(pneigh_enqueue); 1687 1688 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1689 struct net *net, int ifindex) 1690 { 1691 struct neigh_parms *p; 1692 1693 list_for_each_entry(p, &tbl->parms_list, list) { 1694 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1695 (!p->dev && !ifindex && net_eq(net, &init_net))) 1696 return p; 1697 } 1698 1699 return NULL; 1700 } 1701 1702 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1703 struct neigh_table *tbl) 1704 { 1705 struct neigh_parms *p; 1706 struct net *net = dev_net(dev); 1707 const struct net_device_ops *ops = dev->netdev_ops; 1708 1709 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1710 if (p) { 1711 p->tbl = tbl; 1712 refcount_set(&p->refcnt, 1); 1713 p->reachable_time = 1714 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1715 p->qlen = 0; 1716 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1717 p->dev = dev; 1718 write_pnet(&p->net, net); 1719 p->sysctl_table = NULL; 1720 1721 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1722 netdev_put(dev, &p->dev_tracker); 1723 kfree(p); 1724 return NULL; 1725 } 1726 1727 write_lock_bh(&tbl->lock); 1728 list_add(&p->list, &tbl->parms.list); 1729 write_unlock_bh(&tbl->lock); 1730 1731 neigh_parms_data_state_cleanall(p); 1732 } 1733 return p; 1734 } 1735 EXPORT_SYMBOL(neigh_parms_alloc); 1736 1737 static void neigh_rcu_free_parms(struct rcu_head *head) 1738 { 1739 struct neigh_parms *parms = 1740 container_of(head, struct neigh_parms, rcu_head); 1741 1742 neigh_parms_put(parms); 1743 } 1744 1745 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1746 { 1747 if (!parms || parms == &tbl->parms) 1748 return; 1749 write_lock_bh(&tbl->lock); 1750 list_del(&parms->list); 1751 parms->dead = 1; 1752 write_unlock_bh(&tbl->lock); 1753 netdev_put(parms->dev, &parms->dev_tracker); 1754 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1755 } 1756 EXPORT_SYMBOL(neigh_parms_release); 1757 1758 static void neigh_parms_destroy(struct neigh_parms *parms) 1759 { 1760 kfree(parms); 1761 } 1762 1763 static struct lock_class_key neigh_table_proxy_queue_class; 1764 1765 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1766 1767 void neigh_table_init(int index, struct neigh_table *tbl) 1768 { 1769 unsigned long now = jiffies; 1770 unsigned long phsize; 1771 1772 INIT_LIST_HEAD(&tbl->parms_list); 1773 INIT_LIST_HEAD(&tbl->gc_list); 1774 INIT_LIST_HEAD(&tbl->managed_list); 1775 1776 list_add(&tbl->parms.list, &tbl->parms_list); 1777 write_pnet(&tbl->parms.net, &init_net); 1778 refcount_set(&tbl->parms.refcnt, 1); 1779 tbl->parms.reachable_time = 1780 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1781 tbl->parms.qlen = 0; 1782 1783 tbl->stats = alloc_percpu(struct neigh_statistics); 1784 if (!tbl->stats) 1785 panic("cannot create neighbour cache statistics"); 1786 1787 #ifdef CONFIG_PROC_FS 1788 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1789 &neigh_stat_seq_ops, tbl)) 1790 panic("cannot create neighbour proc dir entry"); 1791 #endif 1792 1793 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1794 1795 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1796 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1797 1798 if (!tbl->nht || !tbl->phash_buckets) 1799 panic("cannot allocate neighbour cache hashes"); 1800 1801 if (!tbl->entry_size) 1802 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1803 tbl->key_len, NEIGH_PRIV_ALIGN); 1804 else 1805 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1806 1807 rwlock_init(&tbl->lock); 1808 1809 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1810 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1811 tbl->parms.reachable_time); 1812 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1813 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1814 1815 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1816 skb_queue_head_init_class(&tbl->proxy_queue, 1817 &neigh_table_proxy_queue_class); 1818 1819 tbl->last_flush = now; 1820 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1821 1822 neigh_tables[index] = tbl; 1823 } 1824 EXPORT_SYMBOL(neigh_table_init); 1825 1826 int neigh_table_clear(int index, struct neigh_table *tbl) 1827 { 1828 neigh_tables[index] = NULL; 1829 /* It is not clean... Fix it to unload IPv6 module safely */ 1830 cancel_delayed_work_sync(&tbl->managed_work); 1831 cancel_delayed_work_sync(&tbl->gc_work); 1832 del_timer_sync(&tbl->proxy_timer); 1833 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1834 neigh_ifdown(tbl, NULL); 1835 if (atomic_read(&tbl->entries)) 1836 pr_crit("neighbour leakage\n"); 1837 1838 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1839 neigh_hash_free_rcu); 1840 tbl->nht = NULL; 1841 1842 kfree(tbl->phash_buckets); 1843 tbl->phash_buckets = NULL; 1844 1845 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1846 1847 free_percpu(tbl->stats); 1848 tbl->stats = NULL; 1849 1850 return 0; 1851 } 1852 EXPORT_SYMBOL(neigh_table_clear); 1853 1854 static struct neigh_table *neigh_find_table(int family) 1855 { 1856 struct neigh_table *tbl = NULL; 1857 1858 switch (family) { 1859 case AF_INET: 1860 tbl = neigh_tables[NEIGH_ARP_TABLE]; 1861 break; 1862 case AF_INET6: 1863 tbl = neigh_tables[NEIGH_ND_TABLE]; 1864 break; 1865 } 1866 1867 return tbl; 1868 } 1869 1870 const struct nla_policy nda_policy[NDA_MAX+1] = { 1871 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1872 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1873 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1874 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1875 [NDA_PROBES] = { .type = NLA_U32 }, 1876 [NDA_VLAN] = { .type = NLA_U16 }, 1877 [NDA_PORT] = { .type = NLA_U16 }, 1878 [NDA_VNI] = { .type = NLA_U32 }, 1879 [NDA_IFINDEX] = { .type = NLA_U32 }, 1880 [NDA_MASTER] = { .type = NLA_U32 }, 1881 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1882 [NDA_NH_ID] = { .type = NLA_U32 }, 1883 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1884 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1885 }; 1886 1887 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1888 struct netlink_ext_ack *extack) 1889 { 1890 struct net *net = sock_net(skb->sk); 1891 struct ndmsg *ndm; 1892 struct nlattr *dst_attr; 1893 struct neigh_table *tbl; 1894 struct neighbour *neigh; 1895 struct net_device *dev = NULL; 1896 int err = -EINVAL; 1897 1898 ASSERT_RTNL(); 1899 if (nlmsg_len(nlh) < sizeof(*ndm)) 1900 goto out; 1901 1902 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1903 if (!dst_attr) { 1904 NL_SET_ERR_MSG(extack, "Network address not specified"); 1905 goto out; 1906 } 1907 1908 ndm = nlmsg_data(nlh); 1909 if (ndm->ndm_ifindex) { 1910 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1911 if (dev == NULL) { 1912 err = -ENODEV; 1913 goto out; 1914 } 1915 } 1916 1917 tbl = neigh_find_table(ndm->ndm_family); 1918 if (tbl == NULL) 1919 return -EAFNOSUPPORT; 1920 1921 if (nla_len(dst_attr) < (int)tbl->key_len) { 1922 NL_SET_ERR_MSG(extack, "Invalid network address"); 1923 goto out; 1924 } 1925 1926 if (ndm->ndm_flags & NTF_PROXY) { 1927 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1928 goto out; 1929 } 1930 1931 if (dev == NULL) 1932 goto out; 1933 1934 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1935 if (neigh == NULL) { 1936 err = -ENOENT; 1937 goto out; 1938 } 1939 1940 err = __neigh_update(neigh, NULL, NUD_FAILED, 1941 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1942 NETLINK_CB(skb).portid, extack); 1943 write_lock_bh(&tbl->lock); 1944 neigh_release(neigh); 1945 neigh_remove_one(neigh, tbl); 1946 write_unlock_bh(&tbl->lock); 1947 1948 out: 1949 return err; 1950 } 1951 1952 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1953 struct netlink_ext_ack *extack) 1954 { 1955 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1956 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1957 struct net *net = sock_net(skb->sk); 1958 struct ndmsg *ndm; 1959 struct nlattr *tb[NDA_MAX+1]; 1960 struct neigh_table *tbl; 1961 struct net_device *dev = NULL; 1962 struct neighbour *neigh; 1963 void *dst, *lladdr; 1964 u8 protocol = 0; 1965 u32 ndm_flags; 1966 int err; 1967 1968 ASSERT_RTNL(); 1969 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1970 nda_policy, extack); 1971 if (err < 0) 1972 goto out; 1973 1974 err = -EINVAL; 1975 if (!tb[NDA_DST]) { 1976 NL_SET_ERR_MSG(extack, "Network address not specified"); 1977 goto out; 1978 } 1979 1980 ndm = nlmsg_data(nlh); 1981 ndm_flags = ndm->ndm_flags; 1982 if (tb[NDA_FLAGS_EXT]) { 1983 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1984 1985 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1986 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1987 hweight32(NTF_EXT_MASK))); 1988 ndm_flags |= (ext << NTF_EXT_SHIFT); 1989 } 1990 if (ndm->ndm_ifindex) { 1991 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1992 if (dev == NULL) { 1993 err = -ENODEV; 1994 goto out; 1995 } 1996 1997 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1998 NL_SET_ERR_MSG(extack, "Invalid link address"); 1999 goto out; 2000 } 2001 } 2002 2003 tbl = neigh_find_table(ndm->ndm_family); 2004 if (tbl == NULL) 2005 return -EAFNOSUPPORT; 2006 2007 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 2008 NL_SET_ERR_MSG(extack, "Invalid network address"); 2009 goto out; 2010 } 2011 2012 dst = nla_data(tb[NDA_DST]); 2013 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2014 2015 if (tb[NDA_PROTOCOL]) 2016 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2017 if (ndm_flags & NTF_PROXY) { 2018 struct pneigh_entry *pn; 2019 2020 if (ndm_flags & NTF_MANAGED) { 2021 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2022 goto out; 2023 } 2024 2025 err = -ENOBUFS; 2026 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2027 if (pn) { 2028 pn->flags = ndm_flags; 2029 if (protocol) 2030 pn->protocol = protocol; 2031 err = 0; 2032 } 2033 goto out; 2034 } 2035 2036 if (!dev) { 2037 NL_SET_ERR_MSG(extack, "Device not specified"); 2038 goto out; 2039 } 2040 2041 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2042 err = -EINVAL; 2043 goto out; 2044 } 2045 2046 neigh = neigh_lookup(tbl, dst, dev); 2047 if (neigh == NULL) { 2048 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2049 bool exempt_from_gc = ndm_permanent || 2050 ndm_flags & NTF_EXT_LEARNED; 2051 2052 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2053 err = -ENOENT; 2054 goto out; 2055 } 2056 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2057 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2058 err = -EINVAL; 2059 goto out; 2060 } 2061 2062 neigh = ___neigh_create(tbl, dst, dev, 2063 ndm_flags & 2064 (NTF_EXT_LEARNED | NTF_MANAGED), 2065 exempt_from_gc, true); 2066 if (IS_ERR(neigh)) { 2067 err = PTR_ERR(neigh); 2068 goto out; 2069 } 2070 } else { 2071 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2072 err = -EEXIST; 2073 neigh_release(neigh); 2074 goto out; 2075 } 2076 2077 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2078 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2080 } 2081 2082 if (protocol) 2083 neigh->protocol = protocol; 2084 if (ndm_flags & NTF_EXT_LEARNED) 2085 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2086 if (ndm_flags & NTF_ROUTER) 2087 flags |= NEIGH_UPDATE_F_ISROUTER; 2088 if (ndm_flags & NTF_MANAGED) 2089 flags |= NEIGH_UPDATE_F_MANAGED; 2090 if (ndm_flags & NTF_USE) 2091 flags |= NEIGH_UPDATE_F_USE; 2092 2093 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2094 NETLINK_CB(skb).portid, extack); 2095 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2096 neigh_event_send(neigh, NULL); 2097 err = 0; 2098 } 2099 neigh_release(neigh); 2100 out: 2101 return err; 2102 } 2103 2104 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2105 { 2106 struct nlattr *nest; 2107 2108 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2109 if (nest == NULL) 2110 return -ENOBUFS; 2111 2112 if ((parms->dev && 2113 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2114 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2115 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2116 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2117 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2118 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2119 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2120 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2121 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2122 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2123 NEIGH_VAR(parms, UCAST_PROBES)) || 2124 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2125 NEIGH_VAR(parms, MCAST_PROBES)) || 2126 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2127 NEIGH_VAR(parms, MCAST_REPROBES)) || 2128 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2129 NDTPA_PAD) || 2130 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2131 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2132 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2133 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2134 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2135 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2136 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2137 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2138 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2139 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2140 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2141 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2142 nla_put_msecs(skb, NDTPA_LOCKTIME, 2143 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2144 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2145 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2146 goto nla_put_failure; 2147 return nla_nest_end(skb, nest); 2148 2149 nla_put_failure: 2150 nla_nest_cancel(skb, nest); 2151 return -EMSGSIZE; 2152 } 2153 2154 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2155 u32 pid, u32 seq, int type, int flags) 2156 { 2157 struct nlmsghdr *nlh; 2158 struct ndtmsg *ndtmsg; 2159 2160 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2161 if (nlh == NULL) 2162 return -EMSGSIZE; 2163 2164 ndtmsg = nlmsg_data(nlh); 2165 2166 read_lock_bh(&tbl->lock); 2167 ndtmsg->ndtm_family = tbl->family; 2168 ndtmsg->ndtm_pad1 = 0; 2169 ndtmsg->ndtm_pad2 = 0; 2170 2171 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2172 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2173 NDTA_PAD) || 2174 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2175 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2176 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2177 goto nla_put_failure; 2178 { 2179 unsigned long now = jiffies; 2180 long flush_delta = now - READ_ONCE(tbl->last_flush); 2181 long rand_delta = now - READ_ONCE(tbl->last_rand); 2182 struct neigh_hash_table *nht; 2183 struct ndt_config ndc = { 2184 .ndtc_key_len = tbl->key_len, 2185 .ndtc_entry_size = tbl->entry_size, 2186 .ndtc_entries = atomic_read(&tbl->entries), 2187 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2188 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2189 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2190 }; 2191 2192 rcu_read_lock(); 2193 nht = rcu_dereference(tbl->nht); 2194 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2195 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2196 rcu_read_unlock(); 2197 2198 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2199 goto nla_put_failure; 2200 } 2201 2202 { 2203 int cpu; 2204 struct ndt_stats ndst; 2205 2206 memset(&ndst, 0, sizeof(ndst)); 2207 2208 for_each_possible_cpu(cpu) { 2209 struct neigh_statistics *st; 2210 2211 st = per_cpu_ptr(tbl->stats, cpu); 2212 ndst.ndts_allocs += READ_ONCE(st->allocs); 2213 ndst.ndts_destroys += READ_ONCE(st->destroys); 2214 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2215 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2216 ndst.ndts_lookups += READ_ONCE(st->lookups); 2217 ndst.ndts_hits += READ_ONCE(st->hits); 2218 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2219 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2220 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2221 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2222 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2223 } 2224 2225 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2226 NDTA_PAD)) 2227 goto nla_put_failure; 2228 } 2229 2230 BUG_ON(tbl->parms.dev); 2231 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2232 goto nla_put_failure; 2233 2234 read_unlock_bh(&tbl->lock); 2235 nlmsg_end(skb, nlh); 2236 return 0; 2237 2238 nla_put_failure: 2239 read_unlock_bh(&tbl->lock); 2240 nlmsg_cancel(skb, nlh); 2241 return -EMSGSIZE; 2242 } 2243 2244 static int neightbl_fill_param_info(struct sk_buff *skb, 2245 struct neigh_table *tbl, 2246 struct neigh_parms *parms, 2247 u32 pid, u32 seq, int type, 2248 unsigned int flags) 2249 { 2250 struct ndtmsg *ndtmsg; 2251 struct nlmsghdr *nlh; 2252 2253 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2254 if (nlh == NULL) 2255 return -EMSGSIZE; 2256 2257 ndtmsg = nlmsg_data(nlh); 2258 2259 read_lock_bh(&tbl->lock); 2260 ndtmsg->ndtm_family = tbl->family; 2261 ndtmsg->ndtm_pad1 = 0; 2262 ndtmsg->ndtm_pad2 = 0; 2263 2264 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2265 neightbl_fill_parms(skb, parms) < 0) 2266 goto errout; 2267 2268 read_unlock_bh(&tbl->lock); 2269 nlmsg_end(skb, nlh); 2270 return 0; 2271 errout: 2272 read_unlock_bh(&tbl->lock); 2273 nlmsg_cancel(skb, nlh); 2274 return -EMSGSIZE; 2275 } 2276 2277 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2278 [NDTA_NAME] = { .type = NLA_STRING }, 2279 [NDTA_THRESH1] = { .type = NLA_U32 }, 2280 [NDTA_THRESH2] = { .type = NLA_U32 }, 2281 [NDTA_THRESH3] = { .type = NLA_U32 }, 2282 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2283 [NDTA_PARMS] = { .type = NLA_NESTED }, 2284 }; 2285 2286 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2287 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2288 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2289 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2290 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2291 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2292 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2293 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2294 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2295 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2296 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2297 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2298 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2299 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2300 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2301 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2302 }; 2303 2304 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2305 struct netlink_ext_ack *extack) 2306 { 2307 struct net *net = sock_net(skb->sk); 2308 struct neigh_table *tbl; 2309 struct ndtmsg *ndtmsg; 2310 struct nlattr *tb[NDTA_MAX+1]; 2311 bool found = false; 2312 int err, tidx; 2313 2314 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2315 nl_neightbl_policy, extack); 2316 if (err < 0) 2317 goto errout; 2318 2319 if (tb[NDTA_NAME] == NULL) { 2320 err = -EINVAL; 2321 goto errout; 2322 } 2323 2324 ndtmsg = nlmsg_data(nlh); 2325 2326 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2327 tbl = neigh_tables[tidx]; 2328 if (!tbl) 2329 continue; 2330 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2331 continue; 2332 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2333 found = true; 2334 break; 2335 } 2336 } 2337 2338 if (!found) 2339 return -ENOENT; 2340 2341 /* 2342 * We acquire tbl->lock to be nice to the periodic timers and 2343 * make sure they always see a consistent set of values. 2344 */ 2345 write_lock_bh(&tbl->lock); 2346 2347 if (tb[NDTA_PARMS]) { 2348 struct nlattr *tbp[NDTPA_MAX+1]; 2349 struct neigh_parms *p; 2350 int i, ifindex = 0; 2351 2352 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2353 tb[NDTA_PARMS], 2354 nl_ntbl_parm_policy, extack); 2355 if (err < 0) 2356 goto errout_tbl_lock; 2357 2358 if (tbp[NDTPA_IFINDEX]) 2359 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2360 2361 p = lookup_neigh_parms(tbl, net, ifindex); 2362 if (p == NULL) { 2363 err = -ENOENT; 2364 goto errout_tbl_lock; 2365 } 2366 2367 for (i = 1; i <= NDTPA_MAX; i++) { 2368 if (tbp[i] == NULL) 2369 continue; 2370 2371 switch (i) { 2372 case NDTPA_QUEUE_LEN: 2373 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2374 nla_get_u32(tbp[i]) * 2375 SKB_TRUESIZE(ETH_FRAME_LEN)); 2376 break; 2377 case NDTPA_QUEUE_LENBYTES: 2378 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2379 nla_get_u32(tbp[i])); 2380 break; 2381 case NDTPA_PROXY_QLEN: 2382 NEIGH_VAR_SET(p, PROXY_QLEN, 2383 nla_get_u32(tbp[i])); 2384 break; 2385 case NDTPA_APP_PROBES: 2386 NEIGH_VAR_SET(p, APP_PROBES, 2387 nla_get_u32(tbp[i])); 2388 break; 2389 case NDTPA_UCAST_PROBES: 2390 NEIGH_VAR_SET(p, UCAST_PROBES, 2391 nla_get_u32(tbp[i])); 2392 break; 2393 case NDTPA_MCAST_PROBES: 2394 NEIGH_VAR_SET(p, MCAST_PROBES, 2395 nla_get_u32(tbp[i])); 2396 break; 2397 case NDTPA_MCAST_REPROBES: 2398 NEIGH_VAR_SET(p, MCAST_REPROBES, 2399 nla_get_u32(tbp[i])); 2400 break; 2401 case NDTPA_BASE_REACHABLE_TIME: 2402 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2403 nla_get_msecs(tbp[i])); 2404 /* update reachable_time as well, otherwise, the change will 2405 * only be effective after the next time neigh_periodic_work 2406 * decides to recompute it (can be multiple minutes) 2407 */ 2408 p->reachable_time = 2409 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2410 break; 2411 case NDTPA_GC_STALETIME: 2412 NEIGH_VAR_SET(p, GC_STALETIME, 2413 nla_get_msecs(tbp[i])); 2414 break; 2415 case NDTPA_DELAY_PROBE_TIME: 2416 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2417 nla_get_msecs(tbp[i])); 2418 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2419 break; 2420 case NDTPA_INTERVAL_PROBE_TIME_MS: 2421 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2422 nla_get_msecs(tbp[i])); 2423 break; 2424 case NDTPA_RETRANS_TIME: 2425 NEIGH_VAR_SET(p, RETRANS_TIME, 2426 nla_get_msecs(tbp[i])); 2427 break; 2428 case NDTPA_ANYCAST_DELAY: 2429 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2430 nla_get_msecs(tbp[i])); 2431 break; 2432 case NDTPA_PROXY_DELAY: 2433 NEIGH_VAR_SET(p, PROXY_DELAY, 2434 nla_get_msecs(tbp[i])); 2435 break; 2436 case NDTPA_LOCKTIME: 2437 NEIGH_VAR_SET(p, LOCKTIME, 2438 nla_get_msecs(tbp[i])); 2439 break; 2440 } 2441 } 2442 } 2443 2444 err = -ENOENT; 2445 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2446 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2447 !net_eq(net, &init_net)) 2448 goto errout_tbl_lock; 2449 2450 if (tb[NDTA_THRESH1]) 2451 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2452 2453 if (tb[NDTA_THRESH2]) 2454 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2455 2456 if (tb[NDTA_THRESH3]) 2457 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2458 2459 if (tb[NDTA_GC_INTERVAL]) 2460 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2461 2462 err = 0; 2463 2464 errout_tbl_lock: 2465 write_unlock_bh(&tbl->lock); 2466 errout: 2467 return err; 2468 } 2469 2470 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2471 struct netlink_ext_ack *extack) 2472 { 2473 struct ndtmsg *ndtm; 2474 2475 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2476 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2477 return -EINVAL; 2478 } 2479 2480 ndtm = nlmsg_data(nlh); 2481 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2482 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2483 return -EINVAL; 2484 } 2485 2486 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2487 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2488 return -EINVAL; 2489 } 2490 2491 return 0; 2492 } 2493 2494 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2495 { 2496 const struct nlmsghdr *nlh = cb->nlh; 2497 struct net *net = sock_net(skb->sk); 2498 int family, tidx, nidx = 0; 2499 int tbl_skip = cb->args[0]; 2500 int neigh_skip = cb->args[1]; 2501 struct neigh_table *tbl; 2502 2503 if (cb->strict_check) { 2504 int err = neightbl_valid_dump_info(nlh, cb->extack); 2505 2506 if (err < 0) 2507 return err; 2508 } 2509 2510 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2511 2512 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2513 struct neigh_parms *p; 2514 2515 tbl = neigh_tables[tidx]; 2516 if (!tbl) 2517 continue; 2518 2519 if (tidx < tbl_skip || (family && tbl->family != family)) 2520 continue; 2521 2522 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2523 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2524 NLM_F_MULTI) < 0) 2525 break; 2526 2527 nidx = 0; 2528 p = list_next_entry(&tbl->parms, list); 2529 list_for_each_entry_from(p, &tbl->parms_list, list) { 2530 if (!net_eq(neigh_parms_net(p), net)) 2531 continue; 2532 2533 if (nidx < neigh_skip) 2534 goto next; 2535 2536 if (neightbl_fill_param_info(skb, tbl, p, 2537 NETLINK_CB(cb->skb).portid, 2538 nlh->nlmsg_seq, 2539 RTM_NEWNEIGHTBL, 2540 NLM_F_MULTI) < 0) 2541 goto out; 2542 next: 2543 nidx++; 2544 } 2545 2546 neigh_skip = 0; 2547 } 2548 out: 2549 cb->args[0] = tidx; 2550 cb->args[1] = nidx; 2551 2552 return skb->len; 2553 } 2554 2555 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2556 u32 pid, u32 seq, int type, unsigned int flags) 2557 { 2558 u32 neigh_flags, neigh_flags_ext; 2559 unsigned long now = jiffies; 2560 struct nda_cacheinfo ci; 2561 struct nlmsghdr *nlh; 2562 struct ndmsg *ndm; 2563 2564 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2565 if (nlh == NULL) 2566 return -EMSGSIZE; 2567 2568 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2569 neigh_flags = neigh->flags & NTF_OLD_MASK; 2570 2571 ndm = nlmsg_data(nlh); 2572 ndm->ndm_family = neigh->ops->family; 2573 ndm->ndm_pad1 = 0; 2574 ndm->ndm_pad2 = 0; 2575 ndm->ndm_flags = neigh_flags; 2576 ndm->ndm_type = neigh->type; 2577 ndm->ndm_ifindex = neigh->dev->ifindex; 2578 2579 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2580 goto nla_put_failure; 2581 2582 read_lock_bh(&neigh->lock); 2583 ndm->ndm_state = neigh->nud_state; 2584 if (neigh->nud_state & NUD_VALID) { 2585 char haddr[MAX_ADDR_LEN]; 2586 2587 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2588 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2589 read_unlock_bh(&neigh->lock); 2590 goto nla_put_failure; 2591 } 2592 } 2593 2594 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2595 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2596 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2597 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2598 read_unlock_bh(&neigh->lock); 2599 2600 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2601 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2602 goto nla_put_failure; 2603 2604 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2605 goto nla_put_failure; 2606 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2607 goto nla_put_failure; 2608 2609 nlmsg_end(skb, nlh); 2610 return 0; 2611 2612 nla_put_failure: 2613 nlmsg_cancel(skb, nlh); 2614 return -EMSGSIZE; 2615 } 2616 2617 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2618 u32 pid, u32 seq, int type, unsigned int flags, 2619 struct neigh_table *tbl) 2620 { 2621 u32 neigh_flags, neigh_flags_ext; 2622 struct nlmsghdr *nlh; 2623 struct ndmsg *ndm; 2624 2625 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2626 if (nlh == NULL) 2627 return -EMSGSIZE; 2628 2629 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2630 neigh_flags = pn->flags & NTF_OLD_MASK; 2631 2632 ndm = nlmsg_data(nlh); 2633 ndm->ndm_family = tbl->family; 2634 ndm->ndm_pad1 = 0; 2635 ndm->ndm_pad2 = 0; 2636 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2637 ndm->ndm_type = RTN_UNICAST; 2638 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2639 ndm->ndm_state = NUD_NONE; 2640 2641 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2642 goto nla_put_failure; 2643 2644 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2645 goto nla_put_failure; 2646 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2647 goto nla_put_failure; 2648 2649 nlmsg_end(skb, nlh); 2650 return 0; 2651 2652 nla_put_failure: 2653 nlmsg_cancel(skb, nlh); 2654 return -EMSGSIZE; 2655 } 2656 2657 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2658 { 2659 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2660 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2661 } 2662 2663 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2664 { 2665 struct net_device *master; 2666 2667 if (!master_idx) 2668 return false; 2669 2670 master = dev ? netdev_master_upper_dev_get(dev) : NULL; 2671 2672 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2673 * invalid value for ifindex to denote "no master". 2674 */ 2675 if (master_idx == -1) 2676 return !!master; 2677 2678 if (!master || master->ifindex != master_idx) 2679 return true; 2680 2681 return false; 2682 } 2683 2684 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2685 { 2686 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2687 return true; 2688 2689 return false; 2690 } 2691 2692 struct neigh_dump_filter { 2693 int master_idx; 2694 int dev_idx; 2695 }; 2696 2697 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2698 struct netlink_callback *cb, 2699 struct neigh_dump_filter *filter) 2700 { 2701 struct net *net = sock_net(skb->sk); 2702 struct neighbour *n; 2703 int rc, h, s_h = cb->args[1]; 2704 int idx, s_idx = idx = cb->args[2]; 2705 struct neigh_hash_table *nht; 2706 unsigned int flags = NLM_F_MULTI; 2707 2708 if (filter->dev_idx || filter->master_idx) 2709 flags |= NLM_F_DUMP_FILTERED; 2710 2711 rcu_read_lock(); 2712 nht = rcu_dereference(tbl->nht); 2713 2714 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2715 if (h > s_h) 2716 s_idx = 0; 2717 for (n = rcu_dereference(nht->hash_buckets[h]), idx = 0; 2718 n != NULL; 2719 n = rcu_dereference(n->next)) { 2720 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2721 goto next; 2722 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2723 neigh_master_filtered(n->dev, filter->master_idx)) 2724 goto next; 2725 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2726 cb->nlh->nlmsg_seq, 2727 RTM_NEWNEIGH, 2728 flags) < 0) { 2729 rc = -1; 2730 goto out; 2731 } 2732 next: 2733 idx++; 2734 } 2735 } 2736 rc = skb->len; 2737 out: 2738 rcu_read_unlock(); 2739 cb->args[1] = h; 2740 cb->args[2] = idx; 2741 return rc; 2742 } 2743 2744 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2745 struct netlink_callback *cb, 2746 struct neigh_dump_filter *filter) 2747 { 2748 struct pneigh_entry *n; 2749 struct net *net = sock_net(skb->sk); 2750 int rc, h, s_h = cb->args[3]; 2751 int idx, s_idx = idx = cb->args[4]; 2752 unsigned int flags = NLM_F_MULTI; 2753 2754 if (filter->dev_idx || filter->master_idx) 2755 flags |= NLM_F_DUMP_FILTERED; 2756 2757 read_lock_bh(&tbl->lock); 2758 2759 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2760 if (h > s_h) 2761 s_idx = 0; 2762 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2763 if (idx < s_idx || pneigh_net(n) != net) 2764 goto next; 2765 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2766 neigh_master_filtered(n->dev, filter->master_idx)) 2767 goto next; 2768 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2769 cb->nlh->nlmsg_seq, 2770 RTM_NEWNEIGH, flags, tbl) < 0) { 2771 read_unlock_bh(&tbl->lock); 2772 rc = -1; 2773 goto out; 2774 } 2775 next: 2776 idx++; 2777 } 2778 } 2779 2780 read_unlock_bh(&tbl->lock); 2781 rc = skb->len; 2782 out: 2783 cb->args[3] = h; 2784 cb->args[4] = idx; 2785 return rc; 2786 2787 } 2788 2789 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2790 bool strict_check, 2791 struct neigh_dump_filter *filter, 2792 struct netlink_ext_ack *extack) 2793 { 2794 struct nlattr *tb[NDA_MAX + 1]; 2795 int err, i; 2796 2797 if (strict_check) { 2798 struct ndmsg *ndm; 2799 2800 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2801 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2802 return -EINVAL; 2803 } 2804 2805 ndm = nlmsg_data(nlh); 2806 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2807 ndm->ndm_state || ndm->ndm_type) { 2808 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2809 return -EINVAL; 2810 } 2811 2812 if (ndm->ndm_flags & ~NTF_PROXY) { 2813 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2814 return -EINVAL; 2815 } 2816 2817 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2818 tb, NDA_MAX, nda_policy, 2819 extack); 2820 } else { 2821 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2822 NDA_MAX, nda_policy, extack); 2823 } 2824 if (err < 0) 2825 return err; 2826 2827 for (i = 0; i <= NDA_MAX; ++i) { 2828 if (!tb[i]) 2829 continue; 2830 2831 /* all new attributes should require strict_check */ 2832 switch (i) { 2833 case NDA_IFINDEX: 2834 filter->dev_idx = nla_get_u32(tb[i]); 2835 break; 2836 case NDA_MASTER: 2837 filter->master_idx = nla_get_u32(tb[i]); 2838 break; 2839 default: 2840 if (strict_check) { 2841 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2842 return -EINVAL; 2843 } 2844 } 2845 } 2846 2847 return 0; 2848 } 2849 2850 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2851 { 2852 const struct nlmsghdr *nlh = cb->nlh; 2853 struct neigh_dump_filter filter = {}; 2854 struct neigh_table *tbl; 2855 int t, family, s_t; 2856 int proxy = 0; 2857 int err; 2858 2859 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2860 2861 /* check for full ndmsg structure presence, family member is 2862 * the same for both structures 2863 */ 2864 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2865 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2866 proxy = 1; 2867 2868 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2869 if (err < 0 && cb->strict_check) 2870 return err; 2871 2872 s_t = cb->args[0]; 2873 2874 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2875 tbl = neigh_tables[t]; 2876 2877 if (!tbl) 2878 continue; 2879 if (t < s_t || (family && tbl->family != family)) 2880 continue; 2881 if (t > s_t) 2882 memset(&cb->args[1], 0, sizeof(cb->args) - 2883 sizeof(cb->args[0])); 2884 if (proxy) 2885 err = pneigh_dump_table(tbl, skb, cb, &filter); 2886 else 2887 err = neigh_dump_table(tbl, skb, cb, &filter); 2888 if (err < 0) 2889 break; 2890 } 2891 2892 cb->args[0] = t; 2893 return skb->len; 2894 } 2895 2896 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2897 struct neigh_table **tbl, 2898 void **dst, int *dev_idx, u8 *ndm_flags, 2899 struct netlink_ext_ack *extack) 2900 { 2901 struct nlattr *tb[NDA_MAX + 1]; 2902 struct ndmsg *ndm; 2903 int err, i; 2904 2905 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2906 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2907 return -EINVAL; 2908 } 2909 2910 ndm = nlmsg_data(nlh); 2911 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2912 ndm->ndm_type) { 2913 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2914 return -EINVAL; 2915 } 2916 2917 if (ndm->ndm_flags & ~NTF_PROXY) { 2918 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2919 return -EINVAL; 2920 } 2921 2922 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2923 NDA_MAX, nda_policy, extack); 2924 if (err < 0) 2925 return err; 2926 2927 *ndm_flags = ndm->ndm_flags; 2928 *dev_idx = ndm->ndm_ifindex; 2929 *tbl = neigh_find_table(ndm->ndm_family); 2930 if (*tbl == NULL) { 2931 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2932 return -EAFNOSUPPORT; 2933 } 2934 2935 for (i = 0; i <= NDA_MAX; ++i) { 2936 if (!tb[i]) 2937 continue; 2938 2939 switch (i) { 2940 case NDA_DST: 2941 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2942 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2943 return -EINVAL; 2944 } 2945 *dst = nla_data(tb[i]); 2946 break; 2947 default: 2948 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2949 return -EINVAL; 2950 } 2951 } 2952 2953 return 0; 2954 } 2955 2956 static inline size_t neigh_nlmsg_size(void) 2957 { 2958 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2959 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2960 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2961 + nla_total_size(sizeof(struct nda_cacheinfo)) 2962 + nla_total_size(4) /* NDA_PROBES */ 2963 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2964 + nla_total_size(1); /* NDA_PROTOCOL */ 2965 } 2966 2967 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2968 u32 pid, u32 seq) 2969 { 2970 struct sk_buff *skb; 2971 int err = 0; 2972 2973 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2974 if (!skb) 2975 return -ENOBUFS; 2976 2977 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2978 if (err) { 2979 kfree_skb(skb); 2980 goto errout; 2981 } 2982 2983 err = rtnl_unicast(skb, net, pid); 2984 errout: 2985 return err; 2986 } 2987 2988 static inline size_t pneigh_nlmsg_size(void) 2989 { 2990 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2991 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2992 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2993 + nla_total_size(1); /* NDA_PROTOCOL */ 2994 } 2995 2996 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 2997 u32 pid, u32 seq, struct neigh_table *tbl) 2998 { 2999 struct sk_buff *skb; 3000 int err = 0; 3001 3002 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3003 if (!skb) 3004 return -ENOBUFS; 3005 3006 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3007 if (err) { 3008 kfree_skb(skb); 3009 goto errout; 3010 } 3011 3012 err = rtnl_unicast(skb, net, pid); 3013 errout: 3014 return err; 3015 } 3016 3017 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3018 struct netlink_ext_ack *extack) 3019 { 3020 struct net *net = sock_net(in_skb->sk); 3021 struct net_device *dev = NULL; 3022 struct neigh_table *tbl = NULL; 3023 struct neighbour *neigh; 3024 void *dst = NULL; 3025 u8 ndm_flags = 0; 3026 int dev_idx = 0; 3027 int err; 3028 3029 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3030 extack); 3031 if (err < 0) 3032 return err; 3033 3034 if (dev_idx) { 3035 dev = __dev_get_by_index(net, dev_idx); 3036 if (!dev) { 3037 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3038 return -ENODEV; 3039 } 3040 } 3041 3042 if (!dst) { 3043 NL_SET_ERR_MSG(extack, "Network address not specified"); 3044 return -EINVAL; 3045 } 3046 3047 if (ndm_flags & NTF_PROXY) { 3048 struct pneigh_entry *pn; 3049 3050 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3051 if (!pn) { 3052 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3053 return -ENOENT; 3054 } 3055 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3056 nlh->nlmsg_seq, tbl); 3057 } 3058 3059 if (!dev) { 3060 NL_SET_ERR_MSG(extack, "No device specified"); 3061 return -EINVAL; 3062 } 3063 3064 neigh = neigh_lookup(tbl, dst, dev); 3065 if (!neigh) { 3066 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3067 return -ENOENT; 3068 } 3069 3070 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3071 nlh->nlmsg_seq); 3072 3073 neigh_release(neigh); 3074 3075 return err; 3076 } 3077 3078 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3079 { 3080 int chain; 3081 struct neigh_hash_table *nht; 3082 3083 rcu_read_lock(); 3084 nht = rcu_dereference(tbl->nht); 3085 3086 read_lock_bh(&tbl->lock); /* avoid resizes */ 3087 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3088 struct neighbour *n; 3089 3090 for (n = rcu_dereference(nht->hash_buckets[chain]); 3091 n != NULL; 3092 n = rcu_dereference(n->next)) 3093 cb(n, cookie); 3094 } 3095 read_unlock_bh(&tbl->lock); 3096 rcu_read_unlock(); 3097 } 3098 EXPORT_SYMBOL(neigh_for_each); 3099 3100 /* The tbl->lock must be held as a writer and BH disabled. */ 3101 void __neigh_for_each_release(struct neigh_table *tbl, 3102 int (*cb)(struct neighbour *)) 3103 { 3104 int chain; 3105 struct neigh_hash_table *nht; 3106 3107 nht = rcu_dereference_protected(tbl->nht, 3108 lockdep_is_held(&tbl->lock)); 3109 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3110 struct neighbour *n; 3111 struct neighbour __rcu **np; 3112 3113 np = &nht->hash_buckets[chain]; 3114 while ((n = rcu_dereference_protected(*np, 3115 lockdep_is_held(&tbl->lock))) != NULL) { 3116 int release; 3117 3118 write_lock(&n->lock); 3119 release = cb(n); 3120 if (release) { 3121 rcu_assign_pointer(*np, 3122 rcu_dereference_protected(n->next, 3123 lockdep_is_held(&tbl->lock))); 3124 neigh_mark_dead(n); 3125 } else 3126 np = &n->next; 3127 write_unlock(&n->lock); 3128 if (release) 3129 neigh_cleanup_and_release(n); 3130 } 3131 } 3132 } 3133 EXPORT_SYMBOL(__neigh_for_each_release); 3134 3135 int neigh_xmit(int index, struct net_device *dev, 3136 const void *addr, struct sk_buff *skb) 3137 { 3138 int err = -EAFNOSUPPORT; 3139 if (likely(index < NEIGH_NR_TABLES)) { 3140 struct neigh_table *tbl; 3141 struct neighbour *neigh; 3142 3143 tbl = neigh_tables[index]; 3144 if (!tbl) 3145 goto out; 3146 rcu_read_lock(); 3147 if (index == NEIGH_ARP_TABLE) { 3148 u32 key = *((u32 *)addr); 3149 3150 neigh = __ipv4_neigh_lookup_noref(dev, key); 3151 } else { 3152 neigh = __neigh_lookup_noref(tbl, addr, dev); 3153 } 3154 if (!neigh) 3155 neigh = __neigh_create(tbl, addr, dev, false); 3156 err = PTR_ERR(neigh); 3157 if (IS_ERR(neigh)) { 3158 rcu_read_unlock(); 3159 goto out_kfree_skb; 3160 } 3161 err = READ_ONCE(neigh->output)(neigh, skb); 3162 rcu_read_unlock(); 3163 } 3164 else if (index == NEIGH_LINK_TABLE) { 3165 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3166 addr, NULL, skb->len); 3167 if (err < 0) 3168 goto out_kfree_skb; 3169 err = dev_queue_xmit(skb); 3170 } 3171 out: 3172 return err; 3173 out_kfree_skb: 3174 kfree_skb(skb); 3175 goto out; 3176 } 3177 EXPORT_SYMBOL(neigh_xmit); 3178 3179 #ifdef CONFIG_PROC_FS 3180 3181 static struct neighbour *neigh_get_first(struct seq_file *seq) 3182 { 3183 struct neigh_seq_state *state = seq->private; 3184 struct net *net = seq_file_net(seq); 3185 struct neigh_hash_table *nht = state->nht; 3186 struct neighbour *n = NULL; 3187 int bucket; 3188 3189 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3190 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 3191 n = rcu_dereference(nht->hash_buckets[bucket]); 3192 3193 while (n) { 3194 if (!net_eq(dev_net(n->dev), net)) 3195 goto next; 3196 if (state->neigh_sub_iter) { 3197 loff_t fakep = 0; 3198 void *v; 3199 3200 v = state->neigh_sub_iter(state, n, &fakep); 3201 if (!v) 3202 goto next; 3203 } 3204 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3205 break; 3206 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3207 break; 3208 next: 3209 n = rcu_dereference(n->next); 3210 } 3211 3212 if (n) 3213 break; 3214 } 3215 state->bucket = bucket; 3216 3217 return n; 3218 } 3219 3220 static struct neighbour *neigh_get_next(struct seq_file *seq, 3221 struct neighbour *n, 3222 loff_t *pos) 3223 { 3224 struct neigh_seq_state *state = seq->private; 3225 struct net *net = seq_file_net(seq); 3226 struct neigh_hash_table *nht = state->nht; 3227 3228 if (state->neigh_sub_iter) { 3229 void *v = state->neigh_sub_iter(state, n, pos); 3230 if (v) 3231 return n; 3232 } 3233 n = rcu_dereference(n->next); 3234 3235 while (1) { 3236 while (n) { 3237 if (!net_eq(dev_net(n->dev), net)) 3238 goto next; 3239 if (state->neigh_sub_iter) { 3240 void *v = state->neigh_sub_iter(state, n, pos); 3241 if (v) 3242 return n; 3243 goto next; 3244 } 3245 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3246 break; 3247 3248 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3249 break; 3250 next: 3251 n = rcu_dereference(n->next); 3252 } 3253 3254 if (n) 3255 break; 3256 3257 if (++state->bucket >= (1 << nht->hash_shift)) 3258 break; 3259 3260 n = rcu_dereference(nht->hash_buckets[state->bucket]); 3261 } 3262 3263 if (n && pos) 3264 --(*pos); 3265 return n; 3266 } 3267 3268 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3269 { 3270 struct neighbour *n = neigh_get_first(seq); 3271 3272 if (n) { 3273 --(*pos); 3274 while (*pos) { 3275 n = neigh_get_next(seq, n, pos); 3276 if (!n) 3277 break; 3278 } 3279 } 3280 return *pos ? NULL : n; 3281 } 3282 3283 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3284 { 3285 struct neigh_seq_state *state = seq->private; 3286 struct net *net = seq_file_net(seq); 3287 struct neigh_table *tbl = state->tbl; 3288 struct pneigh_entry *pn = NULL; 3289 int bucket; 3290 3291 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3292 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3293 pn = tbl->phash_buckets[bucket]; 3294 while (pn && !net_eq(pneigh_net(pn), net)) 3295 pn = pn->next; 3296 if (pn) 3297 break; 3298 } 3299 state->bucket = bucket; 3300 3301 return pn; 3302 } 3303 3304 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3305 struct pneigh_entry *pn, 3306 loff_t *pos) 3307 { 3308 struct neigh_seq_state *state = seq->private; 3309 struct net *net = seq_file_net(seq); 3310 struct neigh_table *tbl = state->tbl; 3311 3312 do { 3313 pn = pn->next; 3314 } while (pn && !net_eq(pneigh_net(pn), net)); 3315 3316 while (!pn) { 3317 if (++state->bucket > PNEIGH_HASHMASK) 3318 break; 3319 pn = tbl->phash_buckets[state->bucket]; 3320 while (pn && !net_eq(pneigh_net(pn), net)) 3321 pn = pn->next; 3322 if (pn) 3323 break; 3324 } 3325 3326 if (pn && pos) 3327 --(*pos); 3328 3329 return pn; 3330 } 3331 3332 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3333 { 3334 struct pneigh_entry *pn = pneigh_get_first(seq); 3335 3336 if (pn) { 3337 --(*pos); 3338 while (*pos) { 3339 pn = pneigh_get_next(seq, pn, pos); 3340 if (!pn) 3341 break; 3342 } 3343 } 3344 return *pos ? NULL : pn; 3345 } 3346 3347 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3348 { 3349 struct neigh_seq_state *state = seq->private; 3350 void *rc; 3351 loff_t idxpos = *pos; 3352 3353 rc = neigh_get_idx(seq, &idxpos); 3354 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3355 rc = pneigh_get_idx(seq, &idxpos); 3356 3357 return rc; 3358 } 3359 3360 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3361 __acquires(tbl->lock) 3362 __acquires(rcu) 3363 { 3364 struct neigh_seq_state *state = seq->private; 3365 3366 state->tbl = tbl; 3367 state->bucket = 0; 3368 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3369 3370 rcu_read_lock(); 3371 state->nht = rcu_dereference(tbl->nht); 3372 read_lock_bh(&tbl->lock); 3373 3374 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3375 } 3376 EXPORT_SYMBOL(neigh_seq_start); 3377 3378 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3379 { 3380 struct neigh_seq_state *state; 3381 void *rc; 3382 3383 if (v == SEQ_START_TOKEN) { 3384 rc = neigh_get_first(seq); 3385 goto out; 3386 } 3387 3388 state = seq->private; 3389 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3390 rc = neigh_get_next(seq, v, NULL); 3391 if (rc) 3392 goto out; 3393 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3394 rc = pneigh_get_first(seq); 3395 } else { 3396 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3397 rc = pneigh_get_next(seq, v, NULL); 3398 } 3399 out: 3400 ++(*pos); 3401 return rc; 3402 } 3403 EXPORT_SYMBOL(neigh_seq_next); 3404 3405 void neigh_seq_stop(struct seq_file *seq, void *v) 3406 __releases(tbl->lock) 3407 __releases(rcu) 3408 { 3409 struct neigh_seq_state *state = seq->private; 3410 struct neigh_table *tbl = state->tbl; 3411 3412 read_unlock_bh(&tbl->lock); 3413 rcu_read_unlock(); 3414 } 3415 EXPORT_SYMBOL(neigh_seq_stop); 3416 3417 /* statistics via seq_file */ 3418 3419 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3420 { 3421 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3422 int cpu; 3423 3424 if (*pos == 0) 3425 return SEQ_START_TOKEN; 3426 3427 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3428 if (!cpu_possible(cpu)) 3429 continue; 3430 *pos = cpu+1; 3431 return per_cpu_ptr(tbl->stats, cpu); 3432 } 3433 return NULL; 3434 } 3435 3436 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3437 { 3438 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3439 int cpu; 3440 3441 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3442 if (!cpu_possible(cpu)) 3443 continue; 3444 *pos = cpu+1; 3445 return per_cpu_ptr(tbl->stats, cpu); 3446 } 3447 (*pos)++; 3448 return NULL; 3449 } 3450 3451 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3452 { 3453 3454 } 3455 3456 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3457 { 3458 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3459 struct neigh_statistics *st = v; 3460 3461 if (v == SEQ_START_TOKEN) { 3462 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3463 return 0; 3464 } 3465 3466 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3467 "%08lx %08lx %08lx " 3468 "%08lx %08lx %08lx\n", 3469 atomic_read(&tbl->entries), 3470 3471 st->allocs, 3472 st->destroys, 3473 st->hash_grows, 3474 3475 st->lookups, 3476 st->hits, 3477 3478 st->res_failed, 3479 3480 st->rcv_probes_mcast, 3481 st->rcv_probes_ucast, 3482 3483 st->periodic_gc_runs, 3484 st->forced_gc_runs, 3485 st->unres_discards, 3486 st->table_fulls 3487 ); 3488 3489 return 0; 3490 } 3491 3492 static const struct seq_operations neigh_stat_seq_ops = { 3493 .start = neigh_stat_seq_start, 3494 .next = neigh_stat_seq_next, 3495 .stop = neigh_stat_seq_stop, 3496 .show = neigh_stat_seq_show, 3497 }; 3498 #endif /* CONFIG_PROC_FS */ 3499 3500 static void __neigh_notify(struct neighbour *n, int type, int flags, 3501 u32 pid) 3502 { 3503 struct net *net = dev_net(n->dev); 3504 struct sk_buff *skb; 3505 int err = -ENOBUFS; 3506 3507 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3508 if (skb == NULL) 3509 goto errout; 3510 3511 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3512 if (err < 0) { 3513 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3514 WARN_ON(err == -EMSGSIZE); 3515 kfree_skb(skb); 3516 goto errout; 3517 } 3518 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3519 return; 3520 errout: 3521 if (err < 0) 3522 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3523 } 3524 3525 void neigh_app_ns(struct neighbour *n) 3526 { 3527 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3528 } 3529 EXPORT_SYMBOL(neigh_app_ns); 3530 3531 #ifdef CONFIG_SYSCTL 3532 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3533 3534 static int proc_unres_qlen(struct ctl_table *ctl, int write, 3535 void *buffer, size_t *lenp, loff_t *ppos) 3536 { 3537 int size, ret; 3538 struct ctl_table tmp = *ctl; 3539 3540 tmp.extra1 = SYSCTL_ZERO; 3541 tmp.extra2 = &unres_qlen_max; 3542 tmp.data = &size; 3543 3544 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3545 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3546 3547 if (write && !ret) 3548 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3549 return ret; 3550 } 3551 3552 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3553 int index) 3554 { 3555 struct net_device *dev; 3556 int family = neigh_parms_family(p); 3557 3558 rcu_read_lock(); 3559 for_each_netdev_rcu(net, dev) { 3560 struct neigh_parms *dst_p = 3561 neigh_get_dev_parms_rcu(dev, family); 3562 3563 if (dst_p && !test_bit(index, dst_p->data_state)) 3564 dst_p->data[index] = p->data[index]; 3565 } 3566 rcu_read_unlock(); 3567 } 3568 3569 static void neigh_proc_update(struct ctl_table *ctl, int write) 3570 { 3571 struct net_device *dev = ctl->extra1; 3572 struct neigh_parms *p = ctl->extra2; 3573 struct net *net = neigh_parms_net(p); 3574 int index = (int *) ctl->data - p->data; 3575 3576 if (!write) 3577 return; 3578 3579 set_bit(index, p->data_state); 3580 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3581 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3582 if (!dev) /* NULL dev means this is default value */ 3583 neigh_copy_dflt_parms(net, p, index); 3584 } 3585 3586 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 3587 void *buffer, size_t *lenp, 3588 loff_t *ppos) 3589 { 3590 struct ctl_table tmp = *ctl; 3591 int ret; 3592 3593 tmp.extra1 = SYSCTL_ZERO; 3594 tmp.extra2 = SYSCTL_INT_MAX; 3595 3596 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3597 neigh_proc_update(ctl, write); 3598 return ret; 3599 } 3600 3601 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write, 3602 void *buffer, size_t *lenp, loff_t *ppos) 3603 { 3604 struct ctl_table tmp = *ctl; 3605 int ret; 3606 3607 int min = msecs_to_jiffies(1); 3608 3609 tmp.extra1 = &min; 3610 tmp.extra2 = NULL; 3611 3612 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3613 neigh_proc_update(ctl, write); 3614 return ret; 3615 } 3616 3617 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer, 3618 size_t *lenp, loff_t *ppos) 3619 { 3620 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3621 3622 neigh_proc_update(ctl, write); 3623 return ret; 3624 } 3625 EXPORT_SYMBOL(neigh_proc_dointvec); 3626 3627 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer, 3628 size_t *lenp, loff_t *ppos) 3629 { 3630 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3631 3632 neigh_proc_update(ctl, write); 3633 return ret; 3634 } 3635 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3636 3637 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 3638 void *buffer, size_t *lenp, 3639 loff_t *ppos) 3640 { 3641 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3642 3643 neigh_proc_update(ctl, write); 3644 return ret; 3645 } 3646 3647 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 3648 void *buffer, size_t *lenp, loff_t *ppos) 3649 { 3650 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3651 3652 neigh_proc_update(ctl, write); 3653 return ret; 3654 } 3655 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3656 3657 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 3658 void *buffer, size_t *lenp, 3659 loff_t *ppos) 3660 { 3661 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3662 3663 neigh_proc_update(ctl, write); 3664 return ret; 3665 } 3666 3667 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 3668 void *buffer, size_t *lenp, 3669 loff_t *ppos) 3670 { 3671 struct neigh_parms *p = ctl->extra2; 3672 int ret; 3673 3674 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3675 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3676 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3677 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3678 else 3679 ret = -1; 3680 3681 if (write && ret == 0) { 3682 /* update reachable_time as well, otherwise, the change will 3683 * only be effective after the next time neigh_periodic_work 3684 * decides to recompute it 3685 */ 3686 p->reachable_time = 3687 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3688 } 3689 return ret; 3690 } 3691 3692 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3693 (&((struct neigh_parms *) 0)->data[index]) 3694 3695 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3696 [NEIGH_VAR_ ## attr] = { \ 3697 .procname = name, \ 3698 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3699 .maxlen = sizeof(int), \ 3700 .mode = mval, \ 3701 .proc_handler = proc, \ 3702 } 3703 3704 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3705 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3706 3707 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3708 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3709 3710 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3711 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3712 3713 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3714 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3715 3716 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3717 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3718 3719 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3720 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3721 3722 static struct neigh_sysctl_table { 3723 struct ctl_table_header *sysctl_header; 3724 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1]; 3725 } neigh_sysctl_template __read_mostly = { 3726 .neigh_vars = { 3727 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3728 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3729 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3730 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3731 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3732 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3733 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3734 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3735 "interval_probe_time_ms"), 3736 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3737 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3738 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3739 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3740 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3741 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3742 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3743 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3744 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3745 [NEIGH_VAR_GC_INTERVAL] = { 3746 .procname = "gc_interval", 3747 .maxlen = sizeof(int), 3748 .mode = 0644, 3749 .proc_handler = proc_dointvec_jiffies, 3750 }, 3751 [NEIGH_VAR_GC_THRESH1] = { 3752 .procname = "gc_thresh1", 3753 .maxlen = sizeof(int), 3754 .mode = 0644, 3755 .extra1 = SYSCTL_ZERO, 3756 .extra2 = SYSCTL_INT_MAX, 3757 .proc_handler = proc_dointvec_minmax, 3758 }, 3759 [NEIGH_VAR_GC_THRESH2] = { 3760 .procname = "gc_thresh2", 3761 .maxlen = sizeof(int), 3762 .mode = 0644, 3763 .extra1 = SYSCTL_ZERO, 3764 .extra2 = SYSCTL_INT_MAX, 3765 .proc_handler = proc_dointvec_minmax, 3766 }, 3767 [NEIGH_VAR_GC_THRESH3] = { 3768 .procname = "gc_thresh3", 3769 .maxlen = sizeof(int), 3770 .mode = 0644, 3771 .extra1 = SYSCTL_ZERO, 3772 .extra2 = SYSCTL_INT_MAX, 3773 .proc_handler = proc_dointvec_minmax, 3774 }, 3775 {}, 3776 }, 3777 }; 3778 3779 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3780 proc_handler *handler) 3781 { 3782 int i; 3783 struct neigh_sysctl_table *t; 3784 const char *dev_name_source; 3785 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3786 char *p_name; 3787 size_t neigh_vars_size; 3788 3789 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3790 if (!t) 3791 goto err; 3792 3793 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3794 t->neigh_vars[i].data += (long) p; 3795 t->neigh_vars[i].extra1 = dev; 3796 t->neigh_vars[i].extra2 = p; 3797 } 3798 3799 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3800 if (dev) { 3801 dev_name_source = dev->name; 3802 /* Terminate the table early */ 3803 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0, 3804 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL])); 3805 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3806 } else { 3807 struct neigh_table *tbl = p->tbl; 3808 dev_name_source = "default"; 3809 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3810 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3811 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3812 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3813 } 3814 3815 if (handler) { 3816 /* RetransTime */ 3817 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3818 /* ReachableTime */ 3819 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3820 /* RetransTime (in milliseconds)*/ 3821 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3822 /* ReachableTime (in milliseconds) */ 3823 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3824 } else { 3825 /* Those handlers will update p->reachable_time after 3826 * base_reachable_time(_ms) is set to ensure the new timer starts being 3827 * applied after the next neighbour update instead of waiting for 3828 * neigh_periodic_work to update its value (can be multiple minutes) 3829 * So any handler that replaces them should do this as well 3830 */ 3831 /* ReachableTime */ 3832 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3833 neigh_proc_base_reachable_time; 3834 /* ReachableTime (in milliseconds) */ 3835 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3836 neigh_proc_base_reachable_time; 3837 } 3838 3839 switch (neigh_parms_family(p)) { 3840 case AF_INET: 3841 p_name = "ipv4"; 3842 break; 3843 case AF_INET6: 3844 p_name = "ipv6"; 3845 break; 3846 default: 3847 BUG(); 3848 } 3849 3850 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3851 p_name, dev_name_source); 3852 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3853 neigh_path, t->neigh_vars, 3854 neigh_vars_size); 3855 if (!t->sysctl_header) 3856 goto free; 3857 3858 p->sysctl_table = t; 3859 return 0; 3860 3861 free: 3862 kfree(t); 3863 err: 3864 return -ENOBUFS; 3865 } 3866 EXPORT_SYMBOL(neigh_sysctl_register); 3867 3868 void neigh_sysctl_unregister(struct neigh_parms *p) 3869 { 3870 if (p->sysctl_table) { 3871 struct neigh_sysctl_table *t = p->sysctl_table; 3872 p->sysctl_table = NULL; 3873 unregister_net_sysctl_table(t->sysctl_header); 3874 kfree(t); 3875 } 3876 } 3877 EXPORT_SYMBOL(neigh_sysctl_unregister); 3878 3879 #endif /* CONFIG_SYSCTL */ 3880 3881 static int __init neigh_init(void) 3882 { 3883 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0); 3884 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0); 3885 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0); 3886 3887 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info, 3888 0); 3889 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0); 3890 3891 return 0; 3892 } 3893 3894 subsys_initcall(neigh_init); 3895