1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/kmemleak.h> 18 #include <linux/types.h> 19 #include <linux/kernel.h> 20 #include <linux/module.h> 21 #include <linux/socket.h> 22 #include <linux/netdevice.h> 23 #include <linux/proc_fs.h> 24 #ifdef CONFIG_SYSCTL 25 #include <linux/sysctl.h> 26 #endif 27 #include <linux/times.h> 28 #include <net/net_namespace.h> 29 #include <net/neighbour.h> 30 #include <net/arp.h> 31 #include <net/dst.h> 32 #include <net/sock.h> 33 #include <net/netevent.h> 34 #include <net/netlink.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/random.h> 37 #include <linux/string.h> 38 #include <linux/log2.h> 39 #include <linux/inetdevice.h> 40 #include <net/addrconf.h> 41 42 #include <trace/events/neigh.h> 43 44 #define NEIGH_DEBUG 1 45 #define neigh_dbg(level, fmt, ...) \ 46 do { \ 47 if (level <= NEIGH_DEBUG) \ 48 pr_debug(fmt, ##__VA_ARGS__); \ 49 } while (0) 50 51 #define PNEIGH_HASHMASK 0xF 52 53 static void neigh_timer_handler(struct timer_list *t); 54 static void __neigh_notify(struct neighbour *n, int type, int flags, 55 u32 pid); 56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 58 struct net_device *dev); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 /* 65 Neighbour hash table buckets are protected with rwlock tbl->lock. 66 67 - All the scans/updates to hash buckets MUST be made under this lock. 68 - NOTHING clever should be made under this lock: no callbacks 69 to protocol backends, no attempts to send something to network. 70 It will result in deadlocks, if backend/driver wants to use neighbour 71 cache. 72 - If the entry requires some non-trivial actions, increase 73 its reference count and release table lock. 74 75 Neighbour entries are protected: 76 - with reference count. 77 - with rwlock neigh->lock 78 79 Reference count prevents destruction. 80 81 neigh->lock mainly serializes ll address data and its validity state. 82 However, the same lock is used to protect another entry fields: 83 - timer 84 - resolution queue 85 86 Again, nothing clever shall be made under neigh->lock, 87 the most complicated procedure, which we allow is dev->hard_header. 88 It is supposed, that dev->hard_header is simplistic and does 89 not make callbacks to neighbour tables. 90 */ 91 92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 93 { 94 kfree_skb(skb); 95 return -ENETDOWN; 96 } 97 98 static void neigh_cleanup_and_release(struct neighbour *neigh) 99 { 100 trace_neigh_cleanup_and_release(neigh, 0); 101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 103 neigh_release(neigh); 104 } 105 106 /* 107 * It is random distribution in the interval (1/2)*base...(3/2)*base. 108 * It corresponds to default IPv6 settings and is not overridable, 109 * because it is really reasonable choice. 110 */ 111 112 unsigned long neigh_rand_reach_time(unsigned long base) 113 { 114 return base ? (prandom_u32() % base) + (base >> 1) : 0; 115 } 116 EXPORT_SYMBOL(neigh_rand_reach_time); 117 118 static void neigh_mark_dead(struct neighbour *n) 119 { 120 n->dead = 1; 121 if (!list_empty(&n->gc_list)) { 122 list_del_init(&n->gc_list); 123 atomic_dec(&n->tbl->gc_entries); 124 } 125 if (!list_empty(&n->managed_list)) 126 list_del_init(&n->managed_list); 127 } 128 129 static void neigh_update_gc_list(struct neighbour *n) 130 { 131 bool on_gc_list, exempt_from_gc; 132 133 write_lock_bh(&n->tbl->lock); 134 write_lock(&n->lock); 135 if (n->dead) 136 goto out; 137 138 /* remove from the gc list if new state is permanent or if neighbor 139 * is externally learned; otherwise entry should be on the gc list 140 */ 141 exempt_from_gc = n->nud_state & NUD_PERMANENT || 142 n->flags & NTF_EXT_LEARNED; 143 on_gc_list = !list_empty(&n->gc_list); 144 145 if (exempt_from_gc && on_gc_list) { 146 list_del_init(&n->gc_list); 147 atomic_dec(&n->tbl->gc_entries); 148 } else if (!exempt_from_gc && !on_gc_list) { 149 /* add entries to the tail; cleaning removes from the front */ 150 list_add_tail(&n->gc_list, &n->tbl->gc_list); 151 atomic_inc(&n->tbl->gc_entries); 152 } 153 out: 154 write_unlock(&n->lock); 155 write_unlock_bh(&n->tbl->lock); 156 } 157 158 static void neigh_update_managed_list(struct neighbour *n) 159 { 160 bool on_managed_list, add_to_managed; 161 162 write_lock_bh(&n->tbl->lock); 163 write_lock(&n->lock); 164 if (n->dead) 165 goto out; 166 167 add_to_managed = n->flags & NTF_MANAGED; 168 on_managed_list = !list_empty(&n->managed_list); 169 170 if (!add_to_managed && on_managed_list) 171 list_del_init(&n->managed_list); 172 else if (add_to_managed && !on_managed_list) 173 list_add_tail(&n->managed_list, &n->tbl->managed_list); 174 out: 175 write_unlock(&n->lock); 176 write_unlock_bh(&n->tbl->lock); 177 } 178 179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 180 bool *gc_update, bool *managed_update) 181 { 182 u32 ndm_flags, old_flags = neigh->flags; 183 184 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 185 return; 186 187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 189 190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 191 if (ndm_flags & NTF_EXT_LEARNED) 192 neigh->flags |= NTF_EXT_LEARNED; 193 else 194 neigh->flags &= ~NTF_EXT_LEARNED; 195 *notify = 1; 196 *gc_update = true; 197 } 198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 199 if (ndm_flags & NTF_MANAGED) 200 neigh->flags |= NTF_MANAGED; 201 else 202 neigh->flags &= ~NTF_MANAGED; 203 *notify = 1; 204 *managed_update = true; 205 } 206 } 207 208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np, 209 struct neigh_table *tbl) 210 { 211 bool retval = false; 212 213 write_lock(&n->lock); 214 if (refcount_read(&n->refcnt) == 1) { 215 struct neighbour *neigh; 216 217 neigh = rcu_dereference_protected(n->next, 218 lockdep_is_held(&tbl->lock)); 219 rcu_assign_pointer(*np, neigh); 220 neigh_mark_dead(n); 221 retval = true; 222 } 223 write_unlock(&n->lock); 224 if (retval) 225 neigh_cleanup_and_release(n); 226 return retval; 227 } 228 229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl) 230 { 231 struct neigh_hash_table *nht; 232 void *pkey = ndel->primary_key; 233 u32 hash_val; 234 struct neighbour *n; 235 struct neighbour __rcu **np; 236 237 nht = rcu_dereference_protected(tbl->nht, 238 lockdep_is_held(&tbl->lock)); 239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd); 240 hash_val = hash_val >> (32 - nht->hash_shift); 241 242 np = &nht->hash_buckets[hash_val]; 243 while ((n = rcu_dereference_protected(*np, 244 lockdep_is_held(&tbl->lock)))) { 245 if (n == ndel) 246 return neigh_del(n, np, tbl); 247 np = &n->next; 248 } 249 return false; 250 } 251 252 static int neigh_forced_gc(struct neigh_table *tbl) 253 { 254 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2; 255 unsigned long tref = jiffies - 5 * HZ; 256 struct neighbour *n, *tmp; 257 int shrunk = 0; 258 259 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 260 261 write_lock_bh(&tbl->lock); 262 263 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 264 if (refcount_read(&n->refcnt) == 1) { 265 bool remove = false; 266 267 write_lock(&n->lock); 268 if ((n->nud_state == NUD_FAILED) || 269 (n->nud_state == NUD_NOARP) || 270 (tbl->is_multicast && 271 tbl->is_multicast(n->primary_key)) || 272 time_after(tref, n->updated)) 273 remove = true; 274 write_unlock(&n->lock); 275 276 if (remove && neigh_remove_one(n, tbl)) 277 shrunk++; 278 if (shrunk >= max_clean) 279 break; 280 } 281 } 282 283 tbl->last_flush = jiffies; 284 285 write_unlock_bh(&tbl->lock); 286 287 return shrunk; 288 } 289 290 static void neigh_add_timer(struct neighbour *n, unsigned long when) 291 { 292 neigh_hold(n); 293 if (unlikely(mod_timer(&n->timer, when))) { 294 printk("NEIGH: BUG, double timer add, state is %x\n", 295 n->nud_state); 296 dump_stack(); 297 } 298 } 299 300 static int neigh_del_timer(struct neighbour *n) 301 { 302 if ((n->nud_state & NUD_IN_TIMER) && 303 del_timer(&n->timer)) { 304 neigh_release(n); 305 return 1; 306 } 307 return 0; 308 } 309 310 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net) 311 { 312 unsigned long flags; 313 struct sk_buff *skb; 314 315 spin_lock_irqsave(&list->lock, flags); 316 skb = skb_peek(list); 317 while (skb != NULL) { 318 struct sk_buff *skb_next = skb_peek_next(skb, list); 319 struct net_device *dev = skb->dev; 320 if (net == NULL || net_eq(dev_net(dev), net)) { 321 struct in_device *in_dev; 322 323 rcu_read_lock(); 324 in_dev = __in_dev_get_rcu(dev); 325 if (in_dev) 326 in_dev->arp_parms->qlen--; 327 rcu_read_unlock(); 328 __skb_unlink(skb, list); 329 330 dev_put(dev); 331 kfree_skb(skb); 332 } 333 skb = skb_next; 334 } 335 spin_unlock_irqrestore(&list->lock, flags); 336 } 337 338 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 339 bool skip_perm) 340 { 341 int i; 342 struct neigh_hash_table *nht; 343 344 nht = rcu_dereference_protected(tbl->nht, 345 lockdep_is_held(&tbl->lock)); 346 347 for (i = 0; i < (1 << nht->hash_shift); i++) { 348 struct neighbour *n; 349 struct neighbour __rcu **np = &nht->hash_buckets[i]; 350 351 while ((n = rcu_dereference_protected(*np, 352 lockdep_is_held(&tbl->lock))) != NULL) { 353 if (dev && n->dev != dev) { 354 np = &n->next; 355 continue; 356 } 357 if (skip_perm && n->nud_state & NUD_PERMANENT) { 358 np = &n->next; 359 continue; 360 } 361 rcu_assign_pointer(*np, 362 rcu_dereference_protected(n->next, 363 lockdep_is_held(&tbl->lock))); 364 write_lock(&n->lock); 365 neigh_del_timer(n); 366 neigh_mark_dead(n); 367 if (refcount_read(&n->refcnt) != 1) { 368 /* The most unpleasant situation. 369 We must destroy neighbour entry, 370 but someone still uses it. 371 372 The destroy will be delayed until 373 the last user releases us, but 374 we must kill timers etc. and move 375 it to safe state. 376 */ 377 __skb_queue_purge(&n->arp_queue); 378 n->arp_queue_len_bytes = 0; 379 n->output = neigh_blackhole; 380 if (n->nud_state & NUD_VALID) 381 n->nud_state = NUD_NOARP; 382 else 383 n->nud_state = NUD_NONE; 384 neigh_dbg(2, "neigh %p is stray\n", n); 385 } 386 write_unlock(&n->lock); 387 neigh_cleanup_and_release(n); 388 } 389 } 390 } 391 392 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 393 { 394 write_lock_bh(&tbl->lock); 395 neigh_flush_dev(tbl, dev, false); 396 write_unlock_bh(&tbl->lock); 397 } 398 EXPORT_SYMBOL(neigh_changeaddr); 399 400 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 401 bool skip_perm) 402 { 403 write_lock_bh(&tbl->lock); 404 neigh_flush_dev(tbl, dev, skip_perm); 405 pneigh_ifdown_and_unlock(tbl, dev); 406 pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev)); 407 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 408 del_timer_sync(&tbl->proxy_timer); 409 return 0; 410 } 411 412 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 413 { 414 __neigh_ifdown(tbl, dev, true); 415 return 0; 416 } 417 EXPORT_SYMBOL(neigh_carrier_down); 418 419 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 420 { 421 __neigh_ifdown(tbl, dev, false); 422 return 0; 423 } 424 EXPORT_SYMBOL(neigh_ifdown); 425 426 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 427 struct net_device *dev, 428 u32 flags, bool exempt_from_gc) 429 { 430 struct neighbour *n = NULL; 431 unsigned long now = jiffies; 432 int entries; 433 434 if (exempt_from_gc) 435 goto do_alloc; 436 437 entries = atomic_inc_return(&tbl->gc_entries) - 1; 438 if (entries >= tbl->gc_thresh3 || 439 (entries >= tbl->gc_thresh2 && 440 time_after(now, tbl->last_flush + 5 * HZ))) { 441 if (!neigh_forced_gc(tbl) && 442 entries >= tbl->gc_thresh3) { 443 net_info_ratelimited("%s: neighbor table overflow!\n", 444 tbl->id); 445 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 446 goto out_entries; 447 } 448 } 449 450 do_alloc: 451 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 452 if (!n) 453 goto out_entries; 454 455 __skb_queue_head_init(&n->arp_queue); 456 rwlock_init(&n->lock); 457 seqlock_init(&n->ha_lock); 458 n->updated = n->used = now; 459 n->nud_state = NUD_NONE; 460 n->output = neigh_blackhole; 461 n->flags = flags; 462 seqlock_init(&n->hh.hh_lock); 463 n->parms = neigh_parms_clone(&tbl->parms); 464 timer_setup(&n->timer, neigh_timer_handler, 0); 465 466 NEIGH_CACHE_STAT_INC(tbl, allocs); 467 n->tbl = tbl; 468 refcount_set(&n->refcnt, 1); 469 n->dead = 1; 470 INIT_LIST_HEAD(&n->gc_list); 471 INIT_LIST_HEAD(&n->managed_list); 472 473 atomic_inc(&tbl->entries); 474 out: 475 return n; 476 477 out_entries: 478 if (!exempt_from_gc) 479 atomic_dec(&tbl->gc_entries); 480 goto out; 481 } 482 483 static void neigh_get_hash_rnd(u32 *x) 484 { 485 *x = get_random_u32() | 1; 486 } 487 488 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 489 { 490 size_t size = (1 << shift) * sizeof(struct neighbour *); 491 struct neigh_hash_table *ret; 492 struct neighbour __rcu **buckets; 493 int i; 494 495 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 496 if (!ret) 497 return NULL; 498 if (size <= PAGE_SIZE) { 499 buckets = kzalloc(size, GFP_ATOMIC); 500 } else { 501 buckets = (struct neighbour __rcu **) 502 __get_free_pages(GFP_ATOMIC | __GFP_ZERO, 503 get_order(size)); 504 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC); 505 } 506 if (!buckets) { 507 kfree(ret); 508 return NULL; 509 } 510 ret->hash_buckets = buckets; 511 ret->hash_shift = shift; 512 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 513 neigh_get_hash_rnd(&ret->hash_rnd[i]); 514 return ret; 515 } 516 517 static void neigh_hash_free_rcu(struct rcu_head *head) 518 { 519 struct neigh_hash_table *nht = container_of(head, 520 struct neigh_hash_table, 521 rcu); 522 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *); 523 struct neighbour __rcu **buckets = nht->hash_buckets; 524 525 if (size <= PAGE_SIZE) { 526 kfree(buckets); 527 } else { 528 kmemleak_free(buckets); 529 free_pages((unsigned long)buckets, get_order(size)); 530 } 531 kfree(nht); 532 } 533 534 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 535 unsigned long new_shift) 536 { 537 unsigned int i, hash; 538 struct neigh_hash_table *new_nht, *old_nht; 539 540 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 541 542 old_nht = rcu_dereference_protected(tbl->nht, 543 lockdep_is_held(&tbl->lock)); 544 new_nht = neigh_hash_alloc(new_shift); 545 if (!new_nht) 546 return old_nht; 547 548 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 549 struct neighbour *n, *next; 550 551 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 552 lockdep_is_held(&tbl->lock)); 553 n != NULL; 554 n = next) { 555 hash = tbl->hash(n->primary_key, n->dev, 556 new_nht->hash_rnd); 557 558 hash >>= (32 - new_nht->hash_shift); 559 next = rcu_dereference_protected(n->next, 560 lockdep_is_held(&tbl->lock)); 561 562 rcu_assign_pointer(n->next, 563 rcu_dereference_protected( 564 new_nht->hash_buckets[hash], 565 lockdep_is_held(&tbl->lock))); 566 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 567 } 568 } 569 570 rcu_assign_pointer(tbl->nht, new_nht); 571 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 572 return new_nht; 573 } 574 575 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 576 struct net_device *dev) 577 { 578 struct neighbour *n; 579 580 NEIGH_CACHE_STAT_INC(tbl, lookups); 581 582 rcu_read_lock_bh(); 583 n = __neigh_lookup_noref(tbl, pkey, dev); 584 if (n) { 585 if (!refcount_inc_not_zero(&n->refcnt)) 586 n = NULL; 587 NEIGH_CACHE_STAT_INC(tbl, hits); 588 } 589 590 rcu_read_unlock_bh(); 591 return n; 592 } 593 EXPORT_SYMBOL(neigh_lookup); 594 595 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net, 596 const void *pkey) 597 { 598 struct neighbour *n; 599 unsigned int key_len = tbl->key_len; 600 u32 hash_val; 601 struct neigh_hash_table *nht; 602 603 NEIGH_CACHE_STAT_INC(tbl, lookups); 604 605 rcu_read_lock_bh(); 606 nht = rcu_dereference_bh(tbl->nht); 607 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift); 608 609 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); 610 n != NULL; 611 n = rcu_dereference_bh(n->next)) { 612 if (!memcmp(n->primary_key, pkey, key_len) && 613 net_eq(dev_net(n->dev), net)) { 614 if (!refcount_inc_not_zero(&n->refcnt)) 615 n = NULL; 616 NEIGH_CACHE_STAT_INC(tbl, hits); 617 break; 618 } 619 } 620 621 rcu_read_unlock_bh(); 622 return n; 623 } 624 EXPORT_SYMBOL(neigh_lookup_nodev); 625 626 static struct neighbour * 627 ___neigh_create(struct neigh_table *tbl, const void *pkey, 628 struct net_device *dev, u32 flags, 629 bool exempt_from_gc, bool want_ref) 630 { 631 u32 hash_val, key_len = tbl->key_len; 632 struct neighbour *n1, *rc, *n; 633 struct neigh_hash_table *nht; 634 int error; 635 636 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 637 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 638 if (!n) { 639 rc = ERR_PTR(-ENOBUFS); 640 goto out; 641 } 642 643 memcpy(n->primary_key, pkey, key_len); 644 n->dev = dev; 645 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 646 647 /* Protocol specific setup. */ 648 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 649 rc = ERR_PTR(error); 650 goto out_neigh_release; 651 } 652 653 if (dev->netdev_ops->ndo_neigh_construct) { 654 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 655 if (error < 0) { 656 rc = ERR_PTR(error); 657 goto out_neigh_release; 658 } 659 } 660 661 /* Device specific setup. */ 662 if (n->parms->neigh_setup && 663 (error = n->parms->neigh_setup(n)) < 0) { 664 rc = ERR_PTR(error); 665 goto out_neigh_release; 666 } 667 668 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 669 670 write_lock_bh(&tbl->lock); 671 nht = rcu_dereference_protected(tbl->nht, 672 lockdep_is_held(&tbl->lock)); 673 674 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 675 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 676 677 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 678 679 if (n->parms->dead) { 680 rc = ERR_PTR(-EINVAL); 681 goto out_tbl_unlock; 682 } 683 684 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 685 lockdep_is_held(&tbl->lock)); 686 n1 != NULL; 687 n1 = rcu_dereference_protected(n1->next, 688 lockdep_is_held(&tbl->lock))) { 689 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 690 if (want_ref) 691 neigh_hold(n1); 692 rc = n1; 693 goto out_tbl_unlock; 694 } 695 } 696 697 n->dead = 0; 698 if (!exempt_from_gc) 699 list_add_tail(&n->gc_list, &n->tbl->gc_list); 700 if (n->flags & NTF_MANAGED) 701 list_add_tail(&n->managed_list, &n->tbl->managed_list); 702 if (want_ref) 703 neigh_hold(n); 704 rcu_assign_pointer(n->next, 705 rcu_dereference_protected(nht->hash_buckets[hash_val], 706 lockdep_is_held(&tbl->lock))); 707 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 708 write_unlock_bh(&tbl->lock); 709 neigh_dbg(2, "neigh %p is created\n", n); 710 rc = n; 711 out: 712 return rc; 713 out_tbl_unlock: 714 write_unlock_bh(&tbl->lock); 715 out_neigh_release: 716 if (!exempt_from_gc) 717 atomic_dec(&tbl->gc_entries); 718 neigh_release(n); 719 goto out; 720 } 721 722 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 723 struct net_device *dev, bool want_ref) 724 { 725 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref); 726 } 727 EXPORT_SYMBOL(__neigh_create); 728 729 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 730 { 731 u32 hash_val = *(u32 *)(pkey + key_len - 4); 732 hash_val ^= (hash_val >> 16); 733 hash_val ^= hash_val >> 8; 734 hash_val ^= hash_val >> 4; 735 hash_val &= PNEIGH_HASHMASK; 736 return hash_val; 737 } 738 739 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 740 struct net *net, 741 const void *pkey, 742 unsigned int key_len, 743 struct net_device *dev) 744 { 745 while (n) { 746 if (!memcmp(n->key, pkey, key_len) && 747 net_eq(pneigh_net(n), net) && 748 (n->dev == dev || !n->dev)) 749 return n; 750 n = n->next; 751 } 752 return NULL; 753 } 754 755 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 756 struct net *net, const void *pkey, struct net_device *dev) 757 { 758 unsigned int key_len = tbl->key_len; 759 u32 hash_val = pneigh_hash(pkey, key_len); 760 761 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 762 net, pkey, key_len, dev); 763 } 764 EXPORT_SYMBOL_GPL(__pneigh_lookup); 765 766 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 767 struct net *net, const void *pkey, 768 struct net_device *dev, int creat) 769 { 770 struct pneigh_entry *n; 771 unsigned int key_len = tbl->key_len; 772 u32 hash_val = pneigh_hash(pkey, key_len); 773 774 read_lock_bh(&tbl->lock); 775 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 776 net, pkey, key_len, dev); 777 read_unlock_bh(&tbl->lock); 778 779 if (n || !creat) 780 goto out; 781 782 ASSERT_RTNL(); 783 784 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 785 if (!n) 786 goto out; 787 788 write_pnet(&n->net, net); 789 memcpy(n->key, pkey, key_len); 790 n->dev = dev; 791 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 792 793 if (tbl->pconstructor && tbl->pconstructor(n)) { 794 netdev_put(dev, &n->dev_tracker); 795 kfree(n); 796 n = NULL; 797 goto out; 798 } 799 800 write_lock_bh(&tbl->lock); 801 n->next = tbl->phash_buckets[hash_val]; 802 tbl->phash_buckets[hash_val] = n; 803 write_unlock_bh(&tbl->lock); 804 out: 805 return n; 806 } 807 EXPORT_SYMBOL(pneigh_lookup); 808 809 810 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 811 struct net_device *dev) 812 { 813 struct pneigh_entry *n, **np; 814 unsigned int key_len = tbl->key_len; 815 u32 hash_val = pneigh_hash(pkey, key_len); 816 817 write_lock_bh(&tbl->lock); 818 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 819 np = &n->next) { 820 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 821 net_eq(pneigh_net(n), net)) { 822 *np = n->next; 823 write_unlock_bh(&tbl->lock); 824 if (tbl->pdestructor) 825 tbl->pdestructor(n); 826 netdev_put(n->dev, &n->dev_tracker); 827 kfree(n); 828 return 0; 829 } 830 } 831 write_unlock_bh(&tbl->lock); 832 return -ENOENT; 833 } 834 835 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 836 struct net_device *dev) 837 { 838 struct pneigh_entry *n, **np, *freelist = NULL; 839 u32 h; 840 841 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 842 np = &tbl->phash_buckets[h]; 843 while ((n = *np) != NULL) { 844 if (!dev || n->dev == dev) { 845 *np = n->next; 846 n->next = freelist; 847 freelist = n; 848 continue; 849 } 850 np = &n->next; 851 } 852 } 853 write_unlock_bh(&tbl->lock); 854 while ((n = freelist)) { 855 freelist = n->next; 856 n->next = NULL; 857 if (tbl->pdestructor) 858 tbl->pdestructor(n); 859 netdev_put(n->dev, &n->dev_tracker); 860 kfree(n); 861 } 862 return -ENOENT; 863 } 864 865 static void neigh_parms_destroy(struct neigh_parms *parms); 866 867 static inline void neigh_parms_put(struct neigh_parms *parms) 868 { 869 if (refcount_dec_and_test(&parms->refcnt)) 870 neigh_parms_destroy(parms); 871 } 872 873 /* 874 * neighbour must already be out of the table; 875 * 876 */ 877 void neigh_destroy(struct neighbour *neigh) 878 { 879 struct net_device *dev = neigh->dev; 880 881 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 882 883 if (!neigh->dead) { 884 pr_warn("Destroying alive neighbour %p\n", neigh); 885 dump_stack(); 886 return; 887 } 888 889 if (neigh_del_timer(neigh)) 890 pr_warn("Impossible event\n"); 891 892 write_lock_bh(&neigh->lock); 893 __skb_queue_purge(&neigh->arp_queue); 894 write_unlock_bh(&neigh->lock); 895 neigh->arp_queue_len_bytes = 0; 896 897 if (dev->netdev_ops->ndo_neigh_destroy) 898 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 899 900 netdev_put(dev, &neigh->dev_tracker); 901 neigh_parms_put(neigh->parms); 902 903 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 904 905 atomic_dec(&neigh->tbl->entries); 906 kfree_rcu(neigh, rcu); 907 } 908 EXPORT_SYMBOL(neigh_destroy); 909 910 /* Neighbour state is suspicious; 911 disable fast path. 912 913 Called with write_locked neigh. 914 */ 915 static void neigh_suspect(struct neighbour *neigh) 916 { 917 neigh_dbg(2, "neigh %p is suspected\n", neigh); 918 919 neigh->output = neigh->ops->output; 920 } 921 922 /* Neighbour state is OK; 923 enable fast path. 924 925 Called with write_locked neigh. 926 */ 927 static void neigh_connect(struct neighbour *neigh) 928 { 929 neigh_dbg(2, "neigh %p is connected\n", neigh); 930 931 neigh->output = neigh->ops->connected_output; 932 } 933 934 static void neigh_periodic_work(struct work_struct *work) 935 { 936 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 937 struct neighbour *n; 938 struct neighbour __rcu **np; 939 unsigned int i; 940 struct neigh_hash_table *nht; 941 942 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 943 944 write_lock_bh(&tbl->lock); 945 nht = rcu_dereference_protected(tbl->nht, 946 lockdep_is_held(&tbl->lock)); 947 948 /* 949 * periodically recompute ReachableTime from random function 950 */ 951 952 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 953 struct neigh_parms *p; 954 tbl->last_rand = jiffies; 955 list_for_each_entry(p, &tbl->parms_list, list) 956 p->reachable_time = 957 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 958 } 959 960 if (atomic_read(&tbl->entries) < tbl->gc_thresh1) 961 goto out; 962 963 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 964 np = &nht->hash_buckets[i]; 965 966 while ((n = rcu_dereference_protected(*np, 967 lockdep_is_held(&tbl->lock))) != NULL) { 968 unsigned int state; 969 970 write_lock(&n->lock); 971 972 state = n->nud_state; 973 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 974 (n->flags & NTF_EXT_LEARNED)) { 975 write_unlock(&n->lock); 976 goto next_elt; 977 } 978 979 if (time_before(n->used, n->confirmed)) 980 n->used = n->confirmed; 981 982 if (refcount_read(&n->refcnt) == 1 && 983 (state == NUD_FAILED || 984 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 985 *np = n->next; 986 neigh_mark_dead(n); 987 write_unlock(&n->lock); 988 neigh_cleanup_and_release(n); 989 continue; 990 } 991 write_unlock(&n->lock); 992 993 next_elt: 994 np = &n->next; 995 } 996 /* 997 * It's fine to release lock here, even if hash table 998 * grows while we are preempted. 999 */ 1000 write_unlock_bh(&tbl->lock); 1001 cond_resched(); 1002 write_lock_bh(&tbl->lock); 1003 nht = rcu_dereference_protected(tbl->nht, 1004 lockdep_is_held(&tbl->lock)); 1005 } 1006 out: 1007 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1008 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1009 * BASE_REACHABLE_TIME. 1010 */ 1011 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1012 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1013 write_unlock_bh(&tbl->lock); 1014 } 1015 1016 static __inline__ int neigh_max_probes(struct neighbour *n) 1017 { 1018 struct neigh_parms *p = n->parms; 1019 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1020 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1021 NEIGH_VAR(p, MCAST_PROBES)); 1022 } 1023 1024 static void neigh_invalidate(struct neighbour *neigh) 1025 __releases(neigh->lock) 1026 __acquires(neigh->lock) 1027 { 1028 struct sk_buff *skb; 1029 1030 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1031 neigh_dbg(2, "neigh %p is failed\n", neigh); 1032 neigh->updated = jiffies; 1033 1034 /* It is very thin place. report_unreachable is very complicated 1035 routine. Particularly, it can hit the same neighbour entry! 1036 1037 So that, we try to be accurate and avoid dead loop. --ANK 1038 */ 1039 while (neigh->nud_state == NUD_FAILED && 1040 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1041 write_unlock(&neigh->lock); 1042 neigh->ops->error_report(neigh, skb); 1043 write_lock(&neigh->lock); 1044 } 1045 __skb_queue_purge(&neigh->arp_queue); 1046 neigh->arp_queue_len_bytes = 0; 1047 } 1048 1049 static void neigh_probe(struct neighbour *neigh) 1050 __releases(neigh->lock) 1051 { 1052 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1053 /* keep skb alive even if arp_queue overflows */ 1054 if (skb) 1055 skb = skb_clone(skb, GFP_ATOMIC); 1056 write_unlock(&neigh->lock); 1057 if (neigh->ops->solicit) 1058 neigh->ops->solicit(neigh, skb); 1059 atomic_inc(&neigh->probes); 1060 consume_skb(skb); 1061 } 1062 1063 /* Called when a timer expires for a neighbour entry. */ 1064 1065 static void neigh_timer_handler(struct timer_list *t) 1066 { 1067 unsigned long now, next; 1068 struct neighbour *neigh = from_timer(neigh, t, timer); 1069 unsigned int state; 1070 int notify = 0; 1071 1072 write_lock(&neigh->lock); 1073 1074 state = neigh->nud_state; 1075 now = jiffies; 1076 next = now + HZ; 1077 1078 if (!(state & NUD_IN_TIMER)) 1079 goto out; 1080 1081 if (state & NUD_REACHABLE) { 1082 if (time_before_eq(now, 1083 neigh->confirmed + neigh->parms->reachable_time)) { 1084 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1085 next = neigh->confirmed + neigh->parms->reachable_time; 1086 } else if (time_before_eq(now, 1087 neigh->used + 1088 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1089 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1090 neigh->nud_state = NUD_DELAY; 1091 neigh->updated = jiffies; 1092 neigh_suspect(neigh); 1093 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1094 } else { 1095 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1096 neigh->nud_state = NUD_STALE; 1097 neigh->updated = jiffies; 1098 neigh_suspect(neigh); 1099 notify = 1; 1100 } 1101 } else if (state & NUD_DELAY) { 1102 if (time_before_eq(now, 1103 neigh->confirmed + 1104 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1105 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1106 neigh->nud_state = NUD_REACHABLE; 1107 neigh->updated = jiffies; 1108 neigh_connect(neigh); 1109 notify = 1; 1110 next = neigh->confirmed + neigh->parms->reachable_time; 1111 } else { 1112 neigh_dbg(2, "neigh %p is probed\n", neigh); 1113 neigh->nud_state = NUD_PROBE; 1114 neigh->updated = jiffies; 1115 atomic_set(&neigh->probes, 0); 1116 notify = 1; 1117 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1118 HZ/100); 1119 } 1120 } else { 1121 /* NUD_PROBE|NUD_INCOMPLETE */ 1122 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1123 } 1124 1125 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1126 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1127 neigh->nud_state = NUD_FAILED; 1128 notify = 1; 1129 neigh_invalidate(neigh); 1130 goto out; 1131 } 1132 1133 if (neigh->nud_state & NUD_IN_TIMER) { 1134 if (time_before(next, jiffies + HZ/100)) 1135 next = jiffies + HZ/100; 1136 if (!mod_timer(&neigh->timer, next)) 1137 neigh_hold(neigh); 1138 } 1139 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1140 neigh_probe(neigh); 1141 } else { 1142 out: 1143 write_unlock(&neigh->lock); 1144 } 1145 1146 if (notify) 1147 neigh_update_notify(neigh, 0); 1148 1149 trace_neigh_timer_handler(neigh, 0); 1150 1151 neigh_release(neigh); 1152 } 1153 1154 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1155 const bool immediate_ok) 1156 { 1157 int rc; 1158 bool immediate_probe = false; 1159 1160 write_lock_bh(&neigh->lock); 1161 1162 rc = 0; 1163 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1164 goto out_unlock_bh; 1165 if (neigh->dead) 1166 goto out_dead; 1167 1168 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1169 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1170 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1171 unsigned long next, now = jiffies; 1172 1173 atomic_set(&neigh->probes, 1174 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1175 neigh_del_timer(neigh); 1176 neigh->nud_state = NUD_INCOMPLETE; 1177 neigh->updated = now; 1178 if (!immediate_ok) { 1179 next = now + 1; 1180 } else { 1181 immediate_probe = true; 1182 next = now + max(NEIGH_VAR(neigh->parms, 1183 RETRANS_TIME), 1184 HZ / 100); 1185 } 1186 neigh_add_timer(neigh, next); 1187 } else { 1188 neigh->nud_state = NUD_FAILED; 1189 neigh->updated = jiffies; 1190 write_unlock_bh(&neigh->lock); 1191 1192 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1193 return 1; 1194 } 1195 } else if (neigh->nud_state & NUD_STALE) { 1196 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1197 neigh_del_timer(neigh); 1198 neigh->nud_state = NUD_DELAY; 1199 neigh->updated = jiffies; 1200 neigh_add_timer(neigh, jiffies + 1201 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1202 } 1203 1204 if (neigh->nud_state == NUD_INCOMPLETE) { 1205 if (skb) { 1206 while (neigh->arp_queue_len_bytes + skb->truesize > 1207 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1208 struct sk_buff *buff; 1209 1210 buff = __skb_dequeue(&neigh->arp_queue); 1211 if (!buff) 1212 break; 1213 neigh->arp_queue_len_bytes -= buff->truesize; 1214 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1215 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1216 } 1217 skb_dst_force(skb); 1218 __skb_queue_tail(&neigh->arp_queue, skb); 1219 neigh->arp_queue_len_bytes += skb->truesize; 1220 } 1221 rc = 1; 1222 } 1223 out_unlock_bh: 1224 if (immediate_probe) 1225 neigh_probe(neigh); 1226 else 1227 write_unlock(&neigh->lock); 1228 local_bh_enable(); 1229 trace_neigh_event_send_done(neigh, rc); 1230 return rc; 1231 1232 out_dead: 1233 if (neigh->nud_state & NUD_STALE) 1234 goto out_unlock_bh; 1235 write_unlock_bh(&neigh->lock); 1236 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1237 trace_neigh_event_send_dead(neigh, 1); 1238 return 1; 1239 } 1240 EXPORT_SYMBOL(__neigh_event_send); 1241 1242 static void neigh_update_hhs(struct neighbour *neigh) 1243 { 1244 struct hh_cache *hh; 1245 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1246 = NULL; 1247 1248 if (neigh->dev->header_ops) 1249 update = neigh->dev->header_ops->cache_update; 1250 1251 if (update) { 1252 hh = &neigh->hh; 1253 if (READ_ONCE(hh->hh_len)) { 1254 write_seqlock_bh(&hh->hh_lock); 1255 update(hh, neigh->dev, neigh->ha); 1256 write_sequnlock_bh(&hh->hh_lock); 1257 } 1258 } 1259 } 1260 1261 /* Generic update routine. 1262 -- lladdr is new lladdr or NULL, if it is not supplied. 1263 -- new is new state. 1264 -- flags 1265 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1266 if it is different. 1267 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1268 lladdr instead of overriding it 1269 if it is different. 1270 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1271 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1272 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1273 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1274 NTF_ROUTER flag. 1275 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1276 a router. 1277 1278 Caller MUST hold reference count on the entry. 1279 */ 1280 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1281 u8 new, u32 flags, u32 nlmsg_pid, 1282 struct netlink_ext_ack *extack) 1283 { 1284 bool gc_update = false, managed_update = false; 1285 int update_isrouter = 0; 1286 struct net_device *dev; 1287 int err, notify = 0; 1288 u8 old; 1289 1290 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1291 1292 write_lock_bh(&neigh->lock); 1293 1294 dev = neigh->dev; 1295 old = neigh->nud_state; 1296 err = -EPERM; 1297 1298 if (neigh->dead) { 1299 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1300 new = old; 1301 goto out; 1302 } 1303 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1304 (old & (NUD_NOARP | NUD_PERMANENT))) 1305 goto out; 1306 1307 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1308 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1309 new = old & ~NUD_PERMANENT; 1310 neigh->nud_state = new; 1311 err = 0; 1312 goto out; 1313 } 1314 1315 if (!(new & NUD_VALID)) { 1316 neigh_del_timer(neigh); 1317 if (old & NUD_CONNECTED) 1318 neigh_suspect(neigh); 1319 neigh->nud_state = new; 1320 err = 0; 1321 notify = old & NUD_VALID; 1322 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1323 (new & NUD_FAILED)) { 1324 neigh_invalidate(neigh); 1325 notify = 1; 1326 } 1327 goto out; 1328 } 1329 1330 /* Compare new lladdr with cached one */ 1331 if (!dev->addr_len) { 1332 /* First case: device needs no address. */ 1333 lladdr = neigh->ha; 1334 } else if (lladdr) { 1335 /* The second case: if something is already cached 1336 and a new address is proposed: 1337 - compare new & old 1338 - if they are different, check override flag 1339 */ 1340 if ((old & NUD_VALID) && 1341 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1342 lladdr = neigh->ha; 1343 } else { 1344 /* No address is supplied; if we know something, 1345 use it, otherwise discard the request. 1346 */ 1347 err = -EINVAL; 1348 if (!(old & NUD_VALID)) { 1349 NL_SET_ERR_MSG(extack, "No link layer address given"); 1350 goto out; 1351 } 1352 lladdr = neigh->ha; 1353 } 1354 1355 /* Update confirmed timestamp for neighbour entry after we 1356 * received ARP packet even if it doesn't change IP to MAC binding. 1357 */ 1358 if (new & NUD_CONNECTED) 1359 neigh->confirmed = jiffies; 1360 1361 /* If entry was valid and address is not changed, 1362 do not change entry state, if new one is STALE. 1363 */ 1364 err = 0; 1365 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1366 if (old & NUD_VALID) { 1367 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1368 update_isrouter = 0; 1369 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1370 (old & NUD_CONNECTED)) { 1371 lladdr = neigh->ha; 1372 new = NUD_STALE; 1373 } else 1374 goto out; 1375 } else { 1376 if (lladdr == neigh->ha && new == NUD_STALE && 1377 !(flags & NEIGH_UPDATE_F_ADMIN)) 1378 new = old; 1379 } 1380 } 1381 1382 /* Update timestamp only once we know we will make a change to the 1383 * neighbour entry. Otherwise we risk to move the locktime window with 1384 * noop updates and ignore relevant ARP updates. 1385 */ 1386 if (new != old || lladdr != neigh->ha) 1387 neigh->updated = jiffies; 1388 1389 if (new != old) { 1390 neigh_del_timer(neigh); 1391 if (new & NUD_PROBE) 1392 atomic_set(&neigh->probes, 0); 1393 if (new & NUD_IN_TIMER) 1394 neigh_add_timer(neigh, (jiffies + 1395 ((new & NUD_REACHABLE) ? 1396 neigh->parms->reachable_time : 1397 0))); 1398 neigh->nud_state = new; 1399 notify = 1; 1400 } 1401 1402 if (lladdr != neigh->ha) { 1403 write_seqlock(&neigh->ha_lock); 1404 memcpy(&neigh->ha, lladdr, dev->addr_len); 1405 write_sequnlock(&neigh->ha_lock); 1406 neigh_update_hhs(neigh); 1407 if (!(new & NUD_CONNECTED)) 1408 neigh->confirmed = jiffies - 1409 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1410 notify = 1; 1411 } 1412 if (new == old) 1413 goto out; 1414 if (new & NUD_CONNECTED) 1415 neigh_connect(neigh); 1416 else 1417 neigh_suspect(neigh); 1418 if (!(old & NUD_VALID)) { 1419 struct sk_buff *skb; 1420 1421 /* Again: avoid dead loop if something went wrong */ 1422 1423 while (neigh->nud_state & NUD_VALID && 1424 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1425 struct dst_entry *dst = skb_dst(skb); 1426 struct neighbour *n2, *n1 = neigh; 1427 write_unlock_bh(&neigh->lock); 1428 1429 rcu_read_lock(); 1430 1431 /* Why not just use 'neigh' as-is? The problem is that 1432 * things such as shaper, eql, and sch_teql can end up 1433 * using alternative, different, neigh objects to output 1434 * the packet in the output path. So what we need to do 1435 * here is re-lookup the top-level neigh in the path so 1436 * we can reinject the packet there. 1437 */ 1438 n2 = NULL; 1439 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1440 n2 = dst_neigh_lookup_skb(dst, skb); 1441 if (n2) 1442 n1 = n2; 1443 } 1444 n1->output(n1, skb); 1445 if (n2) 1446 neigh_release(n2); 1447 rcu_read_unlock(); 1448 1449 write_lock_bh(&neigh->lock); 1450 } 1451 __skb_queue_purge(&neigh->arp_queue); 1452 neigh->arp_queue_len_bytes = 0; 1453 } 1454 out: 1455 if (update_isrouter) 1456 neigh_update_is_router(neigh, flags, ¬ify); 1457 write_unlock_bh(&neigh->lock); 1458 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1459 neigh_update_gc_list(neigh); 1460 if (managed_update) 1461 neigh_update_managed_list(neigh); 1462 if (notify) 1463 neigh_update_notify(neigh, nlmsg_pid); 1464 trace_neigh_update_done(neigh, err); 1465 return err; 1466 } 1467 1468 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1469 u32 flags, u32 nlmsg_pid) 1470 { 1471 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1472 } 1473 EXPORT_SYMBOL(neigh_update); 1474 1475 /* Update the neigh to listen temporarily for probe responses, even if it is 1476 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1477 */ 1478 void __neigh_set_probe_once(struct neighbour *neigh) 1479 { 1480 if (neigh->dead) 1481 return; 1482 neigh->updated = jiffies; 1483 if (!(neigh->nud_state & NUD_FAILED)) 1484 return; 1485 neigh->nud_state = NUD_INCOMPLETE; 1486 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1487 neigh_add_timer(neigh, 1488 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1489 HZ/100)); 1490 } 1491 EXPORT_SYMBOL(__neigh_set_probe_once); 1492 1493 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1494 u8 *lladdr, void *saddr, 1495 struct net_device *dev) 1496 { 1497 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1498 lladdr || !dev->addr_len); 1499 if (neigh) 1500 neigh_update(neigh, lladdr, NUD_STALE, 1501 NEIGH_UPDATE_F_OVERRIDE, 0); 1502 return neigh; 1503 } 1504 EXPORT_SYMBOL(neigh_event_ns); 1505 1506 /* called with read_lock_bh(&n->lock); */ 1507 static void neigh_hh_init(struct neighbour *n) 1508 { 1509 struct net_device *dev = n->dev; 1510 __be16 prot = n->tbl->protocol; 1511 struct hh_cache *hh = &n->hh; 1512 1513 write_lock_bh(&n->lock); 1514 1515 /* Only one thread can come in here and initialize the 1516 * hh_cache entry. 1517 */ 1518 if (!hh->hh_len) 1519 dev->header_ops->cache(n, hh, prot); 1520 1521 write_unlock_bh(&n->lock); 1522 } 1523 1524 /* Slow and careful. */ 1525 1526 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1527 { 1528 int rc = 0; 1529 1530 if (!neigh_event_send(neigh, skb)) { 1531 int err; 1532 struct net_device *dev = neigh->dev; 1533 unsigned int seq; 1534 1535 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1536 neigh_hh_init(neigh); 1537 1538 do { 1539 __skb_pull(skb, skb_network_offset(skb)); 1540 seq = read_seqbegin(&neigh->ha_lock); 1541 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1542 neigh->ha, NULL, skb->len); 1543 } while (read_seqretry(&neigh->ha_lock, seq)); 1544 1545 if (err >= 0) 1546 rc = dev_queue_xmit(skb); 1547 else 1548 goto out_kfree_skb; 1549 } 1550 out: 1551 return rc; 1552 out_kfree_skb: 1553 rc = -EINVAL; 1554 kfree_skb(skb); 1555 goto out; 1556 } 1557 EXPORT_SYMBOL(neigh_resolve_output); 1558 1559 /* As fast as possible without hh cache */ 1560 1561 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1562 { 1563 struct net_device *dev = neigh->dev; 1564 unsigned int seq; 1565 int err; 1566 1567 do { 1568 __skb_pull(skb, skb_network_offset(skb)); 1569 seq = read_seqbegin(&neigh->ha_lock); 1570 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1571 neigh->ha, NULL, skb->len); 1572 } while (read_seqretry(&neigh->ha_lock, seq)); 1573 1574 if (err >= 0) 1575 err = dev_queue_xmit(skb); 1576 else { 1577 err = -EINVAL; 1578 kfree_skb(skb); 1579 } 1580 return err; 1581 } 1582 EXPORT_SYMBOL(neigh_connected_output); 1583 1584 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1585 { 1586 return dev_queue_xmit(skb); 1587 } 1588 EXPORT_SYMBOL(neigh_direct_output); 1589 1590 static void neigh_managed_work(struct work_struct *work) 1591 { 1592 struct neigh_table *tbl = container_of(work, struct neigh_table, 1593 managed_work.work); 1594 struct neighbour *neigh; 1595 1596 write_lock_bh(&tbl->lock); 1597 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1598 neigh_event_send_probe(neigh, NULL, false); 1599 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1600 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1601 write_unlock_bh(&tbl->lock); 1602 } 1603 1604 static void neigh_proxy_process(struct timer_list *t) 1605 { 1606 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1607 long sched_next = 0; 1608 unsigned long now = jiffies; 1609 struct sk_buff *skb, *n; 1610 1611 spin_lock(&tbl->proxy_queue.lock); 1612 1613 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1614 long tdif = NEIGH_CB(skb)->sched_next - now; 1615 1616 if (tdif <= 0) { 1617 struct net_device *dev = skb->dev; 1618 struct in_device *in_dev; 1619 1620 rcu_read_lock(); 1621 in_dev = __in_dev_get_rcu(dev); 1622 if (in_dev) 1623 in_dev->arp_parms->qlen--; 1624 rcu_read_unlock(); 1625 __skb_unlink(skb, &tbl->proxy_queue); 1626 1627 if (tbl->proxy_redo && netif_running(dev)) { 1628 rcu_read_lock(); 1629 tbl->proxy_redo(skb); 1630 rcu_read_unlock(); 1631 } else { 1632 kfree_skb(skb); 1633 } 1634 1635 dev_put(dev); 1636 } else if (!sched_next || tdif < sched_next) 1637 sched_next = tdif; 1638 } 1639 del_timer(&tbl->proxy_timer); 1640 if (sched_next) 1641 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1642 spin_unlock(&tbl->proxy_queue.lock); 1643 } 1644 1645 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1646 struct sk_buff *skb) 1647 { 1648 unsigned long sched_next = jiffies + 1649 prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY)); 1650 1651 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1652 kfree_skb(skb); 1653 return; 1654 } 1655 1656 NEIGH_CB(skb)->sched_next = sched_next; 1657 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1658 1659 spin_lock(&tbl->proxy_queue.lock); 1660 if (del_timer(&tbl->proxy_timer)) { 1661 if (time_before(tbl->proxy_timer.expires, sched_next)) 1662 sched_next = tbl->proxy_timer.expires; 1663 } 1664 skb_dst_drop(skb); 1665 dev_hold(skb->dev); 1666 __skb_queue_tail(&tbl->proxy_queue, skb); 1667 p->qlen++; 1668 mod_timer(&tbl->proxy_timer, sched_next); 1669 spin_unlock(&tbl->proxy_queue.lock); 1670 } 1671 EXPORT_SYMBOL(pneigh_enqueue); 1672 1673 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1674 struct net *net, int ifindex) 1675 { 1676 struct neigh_parms *p; 1677 1678 list_for_each_entry(p, &tbl->parms_list, list) { 1679 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1680 (!p->dev && !ifindex && net_eq(net, &init_net))) 1681 return p; 1682 } 1683 1684 return NULL; 1685 } 1686 1687 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1688 struct neigh_table *tbl) 1689 { 1690 struct neigh_parms *p; 1691 struct net *net = dev_net(dev); 1692 const struct net_device_ops *ops = dev->netdev_ops; 1693 1694 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1695 if (p) { 1696 p->tbl = tbl; 1697 refcount_set(&p->refcnt, 1); 1698 p->reachable_time = 1699 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1700 p->qlen = 0; 1701 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1702 p->dev = dev; 1703 write_pnet(&p->net, net); 1704 p->sysctl_table = NULL; 1705 1706 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1707 netdev_put(dev, &p->dev_tracker); 1708 kfree(p); 1709 return NULL; 1710 } 1711 1712 write_lock_bh(&tbl->lock); 1713 list_add(&p->list, &tbl->parms.list); 1714 write_unlock_bh(&tbl->lock); 1715 1716 neigh_parms_data_state_cleanall(p); 1717 } 1718 return p; 1719 } 1720 EXPORT_SYMBOL(neigh_parms_alloc); 1721 1722 static void neigh_rcu_free_parms(struct rcu_head *head) 1723 { 1724 struct neigh_parms *parms = 1725 container_of(head, struct neigh_parms, rcu_head); 1726 1727 neigh_parms_put(parms); 1728 } 1729 1730 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1731 { 1732 if (!parms || parms == &tbl->parms) 1733 return; 1734 write_lock_bh(&tbl->lock); 1735 list_del(&parms->list); 1736 parms->dead = 1; 1737 write_unlock_bh(&tbl->lock); 1738 netdev_put(parms->dev, &parms->dev_tracker); 1739 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1740 } 1741 EXPORT_SYMBOL(neigh_parms_release); 1742 1743 static void neigh_parms_destroy(struct neigh_parms *parms) 1744 { 1745 kfree(parms); 1746 } 1747 1748 static struct lock_class_key neigh_table_proxy_queue_class; 1749 1750 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1751 1752 void neigh_table_init(int index, struct neigh_table *tbl) 1753 { 1754 unsigned long now = jiffies; 1755 unsigned long phsize; 1756 1757 INIT_LIST_HEAD(&tbl->parms_list); 1758 INIT_LIST_HEAD(&tbl->gc_list); 1759 INIT_LIST_HEAD(&tbl->managed_list); 1760 1761 list_add(&tbl->parms.list, &tbl->parms_list); 1762 write_pnet(&tbl->parms.net, &init_net); 1763 refcount_set(&tbl->parms.refcnt, 1); 1764 tbl->parms.reachable_time = 1765 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1766 tbl->parms.qlen = 0; 1767 1768 tbl->stats = alloc_percpu(struct neigh_statistics); 1769 if (!tbl->stats) 1770 panic("cannot create neighbour cache statistics"); 1771 1772 #ifdef CONFIG_PROC_FS 1773 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1774 &neigh_stat_seq_ops, tbl)) 1775 panic("cannot create neighbour proc dir entry"); 1776 #endif 1777 1778 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1779 1780 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1781 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1782 1783 if (!tbl->nht || !tbl->phash_buckets) 1784 panic("cannot allocate neighbour cache hashes"); 1785 1786 if (!tbl->entry_size) 1787 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1788 tbl->key_len, NEIGH_PRIV_ALIGN); 1789 else 1790 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1791 1792 rwlock_init(&tbl->lock); 1793 1794 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1795 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1796 tbl->parms.reachable_time); 1797 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1798 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1799 1800 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1801 skb_queue_head_init_class(&tbl->proxy_queue, 1802 &neigh_table_proxy_queue_class); 1803 1804 tbl->last_flush = now; 1805 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1806 1807 neigh_tables[index] = tbl; 1808 } 1809 EXPORT_SYMBOL(neigh_table_init); 1810 1811 int neigh_table_clear(int index, struct neigh_table *tbl) 1812 { 1813 neigh_tables[index] = NULL; 1814 /* It is not clean... Fix it to unload IPv6 module safely */ 1815 cancel_delayed_work_sync(&tbl->managed_work); 1816 cancel_delayed_work_sync(&tbl->gc_work); 1817 del_timer_sync(&tbl->proxy_timer); 1818 pneigh_queue_purge(&tbl->proxy_queue, NULL); 1819 neigh_ifdown(tbl, NULL); 1820 if (atomic_read(&tbl->entries)) 1821 pr_crit("neighbour leakage\n"); 1822 1823 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1824 neigh_hash_free_rcu); 1825 tbl->nht = NULL; 1826 1827 kfree(tbl->phash_buckets); 1828 tbl->phash_buckets = NULL; 1829 1830 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1831 1832 free_percpu(tbl->stats); 1833 tbl->stats = NULL; 1834 1835 return 0; 1836 } 1837 EXPORT_SYMBOL(neigh_table_clear); 1838 1839 static struct neigh_table *neigh_find_table(int family) 1840 { 1841 struct neigh_table *tbl = NULL; 1842 1843 switch (family) { 1844 case AF_INET: 1845 tbl = neigh_tables[NEIGH_ARP_TABLE]; 1846 break; 1847 case AF_INET6: 1848 tbl = neigh_tables[NEIGH_ND_TABLE]; 1849 break; 1850 case AF_DECnet: 1851 tbl = neigh_tables[NEIGH_DN_TABLE]; 1852 break; 1853 } 1854 1855 return tbl; 1856 } 1857 1858 const struct nla_policy nda_policy[NDA_MAX+1] = { 1859 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1860 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1861 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1862 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1863 [NDA_PROBES] = { .type = NLA_U32 }, 1864 [NDA_VLAN] = { .type = NLA_U16 }, 1865 [NDA_PORT] = { .type = NLA_U16 }, 1866 [NDA_VNI] = { .type = NLA_U32 }, 1867 [NDA_IFINDEX] = { .type = NLA_U32 }, 1868 [NDA_MASTER] = { .type = NLA_U32 }, 1869 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1870 [NDA_NH_ID] = { .type = NLA_U32 }, 1871 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1872 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1873 }; 1874 1875 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1876 struct netlink_ext_ack *extack) 1877 { 1878 struct net *net = sock_net(skb->sk); 1879 struct ndmsg *ndm; 1880 struct nlattr *dst_attr; 1881 struct neigh_table *tbl; 1882 struct neighbour *neigh; 1883 struct net_device *dev = NULL; 1884 int err = -EINVAL; 1885 1886 ASSERT_RTNL(); 1887 if (nlmsg_len(nlh) < sizeof(*ndm)) 1888 goto out; 1889 1890 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1891 if (!dst_attr) { 1892 NL_SET_ERR_MSG(extack, "Network address not specified"); 1893 goto out; 1894 } 1895 1896 ndm = nlmsg_data(nlh); 1897 if (ndm->ndm_ifindex) { 1898 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1899 if (dev == NULL) { 1900 err = -ENODEV; 1901 goto out; 1902 } 1903 } 1904 1905 tbl = neigh_find_table(ndm->ndm_family); 1906 if (tbl == NULL) 1907 return -EAFNOSUPPORT; 1908 1909 if (nla_len(dst_attr) < (int)tbl->key_len) { 1910 NL_SET_ERR_MSG(extack, "Invalid network address"); 1911 goto out; 1912 } 1913 1914 if (ndm->ndm_flags & NTF_PROXY) { 1915 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1916 goto out; 1917 } 1918 1919 if (dev == NULL) 1920 goto out; 1921 1922 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1923 if (neigh == NULL) { 1924 err = -ENOENT; 1925 goto out; 1926 } 1927 1928 err = __neigh_update(neigh, NULL, NUD_FAILED, 1929 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1930 NETLINK_CB(skb).portid, extack); 1931 write_lock_bh(&tbl->lock); 1932 neigh_release(neigh); 1933 neigh_remove_one(neigh, tbl); 1934 write_unlock_bh(&tbl->lock); 1935 1936 out: 1937 return err; 1938 } 1939 1940 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1941 struct netlink_ext_ack *extack) 1942 { 1943 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1944 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1945 struct net *net = sock_net(skb->sk); 1946 struct ndmsg *ndm; 1947 struct nlattr *tb[NDA_MAX+1]; 1948 struct neigh_table *tbl; 1949 struct net_device *dev = NULL; 1950 struct neighbour *neigh; 1951 void *dst, *lladdr; 1952 u8 protocol = 0; 1953 u32 ndm_flags; 1954 int err; 1955 1956 ASSERT_RTNL(); 1957 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1958 nda_policy, extack); 1959 if (err < 0) 1960 goto out; 1961 1962 err = -EINVAL; 1963 if (!tb[NDA_DST]) { 1964 NL_SET_ERR_MSG(extack, "Network address not specified"); 1965 goto out; 1966 } 1967 1968 ndm = nlmsg_data(nlh); 1969 ndm_flags = ndm->ndm_flags; 1970 if (tb[NDA_FLAGS_EXT]) { 1971 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1972 1973 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1974 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1975 hweight32(NTF_EXT_MASK))); 1976 ndm_flags |= (ext << NTF_EXT_SHIFT); 1977 } 1978 if (ndm->ndm_ifindex) { 1979 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1980 if (dev == NULL) { 1981 err = -ENODEV; 1982 goto out; 1983 } 1984 1985 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1986 NL_SET_ERR_MSG(extack, "Invalid link address"); 1987 goto out; 1988 } 1989 } 1990 1991 tbl = neigh_find_table(ndm->ndm_family); 1992 if (tbl == NULL) 1993 return -EAFNOSUPPORT; 1994 1995 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 1996 NL_SET_ERR_MSG(extack, "Invalid network address"); 1997 goto out; 1998 } 1999 2000 dst = nla_data(tb[NDA_DST]); 2001 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2002 2003 if (tb[NDA_PROTOCOL]) 2004 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2005 if (ndm_flags & NTF_PROXY) { 2006 struct pneigh_entry *pn; 2007 2008 if (ndm_flags & NTF_MANAGED) { 2009 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2010 goto out; 2011 } 2012 2013 err = -ENOBUFS; 2014 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2015 if (pn) { 2016 pn->flags = ndm_flags; 2017 if (protocol) 2018 pn->protocol = protocol; 2019 err = 0; 2020 } 2021 goto out; 2022 } 2023 2024 if (!dev) { 2025 NL_SET_ERR_MSG(extack, "Device not specified"); 2026 goto out; 2027 } 2028 2029 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2030 err = -EINVAL; 2031 goto out; 2032 } 2033 2034 neigh = neigh_lookup(tbl, dst, dev); 2035 if (neigh == NULL) { 2036 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2037 bool exempt_from_gc = ndm_permanent || 2038 ndm_flags & NTF_EXT_LEARNED; 2039 2040 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2041 err = -ENOENT; 2042 goto out; 2043 } 2044 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2045 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2046 err = -EINVAL; 2047 goto out; 2048 } 2049 2050 neigh = ___neigh_create(tbl, dst, dev, 2051 ndm_flags & 2052 (NTF_EXT_LEARNED | NTF_MANAGED), 2053 exempt_from_gc, true); 2054 if (IS_ERR(neigh)) { 2055 err = PTR_ERR(neigh); 2056 goto out; 2057 } 2058 } else { 2059 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2060 err = -EEXIST; 2061 neigh_release(neigh); 2062 goto out; 2063 } 2064 2065 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2066 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2067 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2068 } 2069 2070 if (protocol) 2071 neigh->protocol = protocol; 2072 if (ndm_flags & NTF_EXT_LEARNED) 2073 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2074 if (ndm_flags & NTF_ROUTER) 2075 flags |= NEIGH_UPDATE_F_ISROUTER; 2076 if (ndm_flags & NTF_MANAGED) 2077 flags |= NEIGH_UPDATE_F_MANAGED; 2078 if (ndm_flags & NTF_USE) 2079 flags |= NEIGH_UPDATE_F_USE; 2080 2081 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2082 NETLINK_CB(skb).portid, extack); 2083 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2084 neigh_event_send(neigh, NULL); 2085 err = 0; 2086 } 2087 neigh_release(neigh); 2088 out: 2089 return err; 2090 } 2091 2092 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2093 { 2094 struct nlattr *nest; 2095 2096 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2097 if (nest == NULL) 2098 return -ENOBUFS; 2099 2100 if ((parms->dev && 2101 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2102 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2103 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2104 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2105 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2106 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2107 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2108 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2109 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2110 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2111 NEIGH_VAR(parms, UCAST_PROBES)) || 2112 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2113 NEIGH_VAR(parms, MCAST_PROBES)) || 2114 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2115 NEIGH_VAR(parms, MCAST_REPROBES)) || 2116 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2117 NDTPA_PAD) || 2118 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2119 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2120 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2121 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2122 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2123 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2124 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2125 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2126 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2127 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2128 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2129 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2130 nla_put_msecs(skb, NDTPA_LOCKTIME, 2131 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2132 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2133 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2134 goto nla_put_failure; 2135 return nla_nest_end(skb, nest); 2136 2137 nla_put_failure: 2138 nla_nest_cancel(skb, nest); 2139 return -EMSGSIZE; 2140 } 2141 2142 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2143 u32 pid, u32 seq, int type, int flags) 2144 { 2145 struct nlmsghdr *nlh; 2146 struct ndtmsg *ndtmsg; 2147 2148 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2149 if (nlh == NULL) 2150 return -EMSGSIZE; 2151 2152 ndtmsg = nlmsg_data(nlh); 2153 2154 read_lock_bh(&tbl->lock); 2155 ndtmsg->ndtm_family = tbl->family; 2156 ndtmsg->ndtm_pad1 = 0; 2157 ndtmsg->ndtm_pad2 = 0; 2158 2159 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2160 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) || 2161 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) || 2162 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) || 2163 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3)) 2164 goto nla_put_failure; 2165 { 2166 unsigned long now = jiffies; 2167 long flush_delta = now - tbl->last_flush; 2168 long rand_delta = now - tbl->last_rand; 2169 struct neigh_hash_table *nht; 2170 struct ndt_config ndc = { 2171 .ndtc_key_len = tbl->key_len, 2172 .ndtc_entry_size = tbl->entry_size, 2173 .ndtc_entries = atomic_read(&tbl->entries), 2174 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2175 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2176 .ndtc_proxy_qlen = tbl->proxy_queue.qlen, 2177 }; 2178 2179 rcu_read_lock_bh(); 2180 nht = rcu_dereference_bh(tbl->nht); 2181 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2182 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2183 rcu_read_unlock_bh(); 2184 2185 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2186 goto nla_put_failure; 2187 } 2188 2189 { 2190 int cpu; 2191 struct ndt_stats ndst; 2192 2193 memset(&ndst, 0, sizeof(ndst)); 2194 2195 for_each_possible_cpu(cpu) { 2196 struct neigh_statistics *st; 2197 2198 st = per_cpu_ptr(tbl->stats, cpu); 2199 ndst.ndts_allocs += st->allocs; 2200 ndst.ndts_destroys += st->destroys; 2201 ndst.ndts_hash_grows += st->hash_grows; 2202 ndst.ndts_res_failed += st->res_failed; 2203 ndst.ndts_lookups += st->lookups; 2204 ndst.ndts_hits += st->hits; 2205 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast; 2206 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast; 2207 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs; 2208 ndst.ndts_forced_gc_runs += st->forced_gc_runs; 2209 ndst.ndts_table_fulls += st->table_fulls; 2210 } 2211 2212 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2213 NDTA_PAD)) 2214 goto nla_put_failure; 2215 } 2216 2217 BUG_ON(tbl->parms.dev); 2218 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2219 goto nla_put_failure; 2220 2221 read_unlock_bh(&tbl->lock); 2222 nlmsg_end(skb, nlh); 2223 return 0; 2224 2225 nla_put_failure: 2226 read_unlock_bh(&tbl->lock); 2227 nlmsg_cancel(skb, nlh); 2228 return -EMSGSIZE; 2229 } 2230 2231 static int neightbl_fill_param_info(struct sk_buff *skb, 2232 struct neigh_table *tbl, 2233 struct neigh_parms *parms, 2234 u32 pid, u32 seq, int type, 2235 unsigned int flags) 2236 { 2237 struct ndtmsg *ndtmsg; 2238 struct nlmsghdr *nlh; 2239 2240 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2241 if (nlh == NULL) 2242 return -EMSGSIZE; 2243 2244 ndtmsg = nlmsg_data(nlh); 2245 2246 read_lock_bh(&tbl->lock); 2247 ndtmsg->ndtm_family = tbl->family; 2248 ndtmsg->ndtm_pad1 = 0; 2249 ndtmsg->ndtm_pad2 = 0; 2250 2251 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2252 neightbl_fill_parms(skb, parms) < 0) 2253 goto errout; 2254 2255 read_unlock_bh(&tbl->lock); 2256 nlmsg_end(skb, nlh); 2257 return 0; 2258 errout: 2259 read_unlock_bh(&tbl->lock); 2260 nlmsg_cancel(skb, nlh); 2261 return -EMSGSIZE; 2262 } 2263 2264 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2265 [NDTA_NAME] = { .type = NLA_STRING }, 2266 [NDTA_THRESH1] = { .type = NLA_U32 }, 2267 [NDTA_THRESH2] = { .type = NLA_U32 }, 2268 [NDTA_THRESH3] = { .type = NLA_U32 }, 2269 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2270 [NDTA_PARMS] = { .type = NLA_NESTED }, 2271 }; 2272 2273 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2274 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2275 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2276 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2277 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2278 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2279 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2280 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2281 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2282 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2283 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2284 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2285 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2286 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2287 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2288 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2289 }; 2290 2291 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2292 struct netlink_ext_ack *extack) 2293 { 2294 struct net *net = sock_net(skb->sk); 2295 struct neigh_table *tbl; 2296 struct ndtmsg *ndtmsg; 2297 struct nlattr *tb[NDTA_MAX+1]; 2298 bool found = false; 2299 int err, tidx; 2300 2301 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2302 nl_neightbl_policy, extack); 2303 if (err < 0) 2304 goto errout; 2305 2306 if (tb[NDTA_NAME] == NULL) { 2307 err = -EINVAL; 2308 goto errout; 2309 } 2310 2311 ndtmsg = nlmsg_data(nlh); 2312 2313 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2314 tbl = neigh_tables[tidx]; 2315 if (!tbl) 2316 continue; 2317 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2318 continue; 2319 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2320 found = true; 2321 break; 2322 } 2323 } 2324 2325 if (!found) 2326 return -ENOENT; 2327 2328 /* 2329 * We acquire tbl->lock to be nice to the periodic timers and 2330 * make sure they always see a consistent set of values. 2331 */ 2332 write_lock_bh(&tbl->lock); 2333 2334 if (tb[NDTA_PARMS]) { 2335 struct nlattr *tbp[NDTPA_MAX+1]; 2336 struct neigh_parms *p; 2337 int i, ifindex = 0; 2338 2339 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2340 tb[NDTA_PARMS], 2341 nl_ntbl_parm_policy, extack); 2342 if (err < 0) 2343 goto errout_tbl_lock; 2344 2345 if (tbp[NDTPA_IFINDEX]) 2346 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2347 2348 p = lookup_neigh_parms(tbl, net, ifindex); 2349 if (p == NULL) { 2350 err = -ENOENT; 2351 goto errout_tbl_lock; 2352 } 2353 2354 for (i = 1; i <= NDTPA_MAX; i++) { 2355 if (tbp[i] == NULL) 2356 continue; 2357 2358 switch (i) { 2359 case NDTPA_QUEUE_LEN: 2360 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2361 nla_get_u32(tbp[i]) * 2362 SKB_TRUESIZE(ETH_FRAME_LEN)); 2363 break; 2364 case NDTPA_QUEUE_LENBYTES: 2365 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2366 nla_get_u32(tbp[i])); 2367 break; 2368 case NDTPA_PROXY_QLEN: 2369 NEIGH_VAR_SET(p, PROXY_QLEN, 2370 nla_get_u32(tbp[i])); 2371 break; 2372 case NDTPA_APP_PROBES: 2373 NEIGH_VAR_SET(p, APP_PROBES, 2374 nla_get_u32(tbp[i])); 2375 break; 2376 case NDTPA_UCAST_PROBES: 2377 NEIGH_VAR_SET(p, UCAST_PROBES, 2378 nla_get_u32(tbp[i])); 2379 break; 2380 case NDTPA_MCAST_PROBES: 2381 NEIGH_VAR_SET(p, MCAST_PROBES, 2382 nla_get_u32(tbp[i])); 2383 break; 2384 case NDTPA_MCAST_REPROBES: 2385 NEIGH_VAR_SET(p, MCAST_REPROBES, 2386 nla_get_u32(tbp[i])); 2387 break; 2388 case NDTPA_BASE_REACHABLE_TIME: 2389 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2390 nla_get_msecs(tbp[i])); 2391 /* update reachable_time as well, otherwise, the change will 2392 * only be effective after the next time neigh_periodic_work 2393 * decides to recompute it (can be multiple minutes) 2394 */ 2395 p->reachable_time = 2396 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2397 break; 2398 case NDTPA_GC_STALETIME: 2399 NEIGH_VAR_SET(p, GC_STALETIME, 2400 nla_get_msecs(tbp[i])); 2401 break; 2402 case NDTPA_DELAY_PROBE_TIME: 2403 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2404 nla_get_msecs(tbp[i])); 2405 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2406 break; 2407 case NDTPA_INTERVAL_PROBE_TIME_MS: 2408 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2409 nla_get_msecs(tbp[i])); 2410 break; 2411 case NDTPA_RETRANS_TIME: 2412 NEIGH_VAR_SET(p, RETRANS_TIME, 2413 nla_get_msecs(tbp[i])); 2414 break; 2415 case NDTPA_ANYCAST_DELAY: 2416 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2417 nla_get_msecs(tbp[i])); 2418 break; 2419 case NDTPA_PROXY_DELAY: 2420 NEIGH_VAR_SET(p, PROXY_DELAY, 2421 nla_get_msecs(tbp[i])); 2422 break; 2423 case NDTPA_LOCKTIME: 2424 NEIGH_VAR_SET(p, LOCKTIME, 2425 nla_get_msecs(tbp[i])); 2426 break; 2427 } 2428 } 2429 } 2430 2431 err = -ENOENT; 2432 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2433 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2434 !net_eq(net, &init_net)) 2435 goto errout_tbl_lock; 2436 2437 if (tb[NDTA_THRESH1]) 2438 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]); 2439 2440 if (tb[NDTA_THRESH2]) 2441 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]); 2442 2443 if (tb[NDTA_THRESH3]) 2444 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]); 2445 2446 if (tb[NDTA_GC_INTERVAL]) 2447 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]); 2448 2449 err = 0; 2450 2451 errout_tbl_lock: 2452 write_unlock_bh(&tbl->lock); 2453 errout: 2454 return err; 2455 } 2456 2457 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2458 struct netlink_ext_ack *extack) 2459 { 2460 struct ndtmsg *ndtm; 2461 2462 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2463 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2464 return -EINVAL; 2465 } 2466 2467 ndtm = nlmsg_data(nlh); 2468 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2469 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2470 return -EINVAL; 2471 } 2472 2473 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2474 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2475 return -EINVAL; 2476 } 2477 2478 return 0; 2479 } 2480 2481 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2482 { 2483 const struct nlmsghdr *nlh = cb->nlh; 2484 struct net *net = sock_net(skb->sk); 2485 int family, tidx, nidx = 0; 2486 int tbl_skip = cb->args[0]; 2487 int neigh_skip = cb->args[1]; 2488 struct neigh_table *tbl; 2489 2490 if (cb->strict_check) { 2491 int err = neightbl_valid_dump_info(nlh, cb->extack); 2492 2493 if (err < 0) 2494 return err; 2495 } 2496 2497 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2498 2499 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2500 struct neigh_parms *p; 2501 2502 tbl = neigh_tables[tidx]; 2503 if (!tbl) 2504 continue; 2505 2506 if (tidx < tbl_skip || (family && tbl->family != family)) 2507 continue; 2508 2509 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2510 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2511 NLM_F_MULTI) < 0) 2512 break; 2513 2514 nidx = 0; 2515 p = list_next_entry(&tbl->parms, list); 2516 list_for_each_entry_from(p, &tbl->parms_list, list) { 2517 if (!net_eq(neigh_parms_net(p), net)) 2518 continue; 2519 2520 if (nidx < neigh_skip) 2521 goto next; 2522 2523 if (neightbl_fill_param_info(skb, tbl, p, 2524 NETLINK_CB(cb->skb).portid, 2525 nlh->nlmsg_seq, 2526 RTM_NEWNEIGHTBL, 2527 NLM_F_MULTI) < 0) 2528 goto out; 2529 next: 2530 nidx++; 2531 } 2532 2533 neigh_skip = 0; 2534 } 2535 out: 2536 cb->args[0] = tidx; 2537 cb->args[1] = nidx; 2538 2539 return skb->len; 2540 } 2541 2542 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2543 u32 pid, u32 seq, int type, unsigned int flags) 2544 { 2545 u32 neigh_flags, neigh_flags_ext; 2546 unsigned long now = jiffies; 2547 struct nda_cacheinfo ci; 2548 struct nlmsghdr *nlh; 2549 struct ndmsg *ndm; 2550 2551 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2552 if (nlh == NULL) 2553 return -EMSGSIZE; 2554 2555 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2556 neigh_flags = neigh->flags & NTF_OLD_MASK; 2557 2558 ndm = nlmsg_data(nlh); 2559 ndm->ndm_family = neigh->ops->family; 2560 ndm->ndm_pad1 = 0; 2561 ndm->ndm_pad2 = 0; 2562 ndm->ndm_flags = neigh_flags; 2563 ndm->ndm_type = neigh->type; 2564 ndm->ndm_ifindex = neigh->dev->ifindex; 2565 2566 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2567 goto nla_put_failure; 2568 2569 read_lock_bh(&neigh->lock); 2570 ndm->ndm_state = neigh->nud_state; 2571 if (neigh->nud_state & NUD_VALID) { 2572 char haddr[MAX_ADDR_LEN]; 2573 2574 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2575 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2576 read_unlock_bh(&neigh->lock); 2577 goto nla_put_failure; 2578 } 2579 } 2580 2581 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2582 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2583 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2584 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2585 read_unlock_bh(&neigh->lock); 2586 2587 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2588 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2589 goto nla_put_failure; 2590 2591 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2592 goto nla_put_failure; 2593 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2594 goto nla_put_failure; 2595 2596 nlmsg_end(skb, nlh); 2597 return 0; 2598 2599 nla_put_failure: 2600 nlmsg_cancel(skb, nlh); 2601 return -EMSGSIZE; 2602 } 2603 2604 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2605 u32 pid, u32 seq, int type, unsigned int flags, 2606 struct neigh_table *tbl) 2607 { 2608 u32 neigh_flags, neigh_flags_ext; 2609 struct nlmsghdr *nlh; 2610 struct ndmsg *ndm; 2611 2612 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2613 if (nlh == NULL) 2614 return -EMSGSIZE; 2615 2616 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2617 neigh_flags = pn->flags & NTF_OLD_MASK; 2618 2619 ndm = nlmsg_data(nlh); 2620 ndm->ndm_family = tbl->family; 2621 ndm->ndm_pad1 = 0; 2622 ndm->ndm_pad2 = 0; 2623 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2624 ndm->ndm_type = RTN_UNICAST; 2625 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2626 ndm->ndm_state = NUD_NONE; 2627 2628 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2629 goto nla_put_failure; 2630 2631 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2632 goto nla_put_failure; 2633 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2634 goto nla_put_failure; 2635 2636 nlmsg_end(skb, nlh); 2637 return 0; 2638 2639 nla_put_failure: 2640 nlmsg_cancel(skb, nlh); 2641 return -EMSGSIZE; 2642 } 2643 2644 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2645 { 2646 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2647 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2648 } 2649 2650 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2651 { 2652 struct net_device *master; 2653 2654 if (!master_idx) 2655 return false; 2656 2657 master = dev ? netdev_master_upper_dev_get(dev) : NULL; 2658 2659 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2660 * invalid value for ifindex to denote "no master". 2661 */ 2662 if (master_idx == -1) 2663 return !!master; 2664 2665 if (!master || master->ifindex != master_idx) 2666 return true; 2667 2668 return false; 2669 } 2670 2671 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2672 { 2673 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2674 return true; 2675 2676 return false; 2677 } 2678 2679 struct neigh_dump_filter { 2680 int master_idx; 2681 int dev_idx; 2682 }; 2683 2684 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2685 struct netlink_callback *cb, 2686 struct neigh_dump_filter *filter) 2687 { 2688 struct net *net = sock_net(skb->sk); 2689 struct neighbour *n; 2690 int rc, h, s_h = cb->args[1]; 2691 int idx, s_idx = idx = cb->args[2]; 2692 struct neigh_hash_table *nht; 2693 unsigned int flags = NLM_F_MULTI; 2694 2695 if (filter->dev_idx || filter->master_idx) 2696 flags |= NLM_F_DUMP_FILTERED; 2697 2698 rcu_read_lock_bh(); 2699 nht = rcu_dereference_bh(tbl->nht); 2700 2701 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2702 if (h > s_h) 2703 s_idx = 0; 2704 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0; 2705 n != NULL; 2706 n = rcu_dereference_bh(n->next)) { 2707 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2708 goto next; 2709 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2710 neigh_master_filtered(n->dev, filter->master_idx)) 2711 goto next; 2712 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2713 cb->nlh->nlmsg_seq, 2714 RTM_NEWNEIGH, 2715 flags) < 0) { 2716 rc = -1; 2717 goto out; 2718 } 2719 next: 2720 idx++; 2721 } 2722 } 2723 rc = skb->len; 2724 out: 2725 rcu_read_unlock_bh(); 2726 cb->args[1] = h; 2727 cb->args[2] = idx; 2728 return rc; 2729 } 2730 2731 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2732 struct netlink_callback *cb, 2733 struct neigh_dump_filter *filter) 2734 { 2735 struct pneigh_entry *n; 2736 struct net *net = sock_net(skb->sk); 2737 int rc, h, s_h = cb->args[3]; 2738 int idx, s_idx = idx = cb->args[4]; 2739 unsigned int flags = NLM_F_MULTI; 2740 2741 if (filter->dev_idx || filter->master_idx) 2742 flags |= NLM_F_DUMP_FILTERED; 2743 2744 read_lock_bh(&tbl->lock); 2745 2746 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2747 if (h > s_h) 2748 s_idx = 0; 2749 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2750 if (idx < s_idx || pneigh_net(n) != net) 2751 goto next; 2752 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2753 neigh_master_filtered(n->dev, filter->master_idx)) 2754 goto next; 2755 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2756 cb->nlh->nlmsg_seq, 2757 RTM_NEWNEIGH, flags, tbl) < 0) { 2758 read_unlock_bh(&tbl->lock); 2759 rc = -1; 2760 goto out; 2761 } 2762 next: 2763 idx++; 2764 } 2765 } 2766 2767 read_unlock_bh(&tbl->lock); 2768 rc = skb->len; 2769 out: 2770 cb->args[3] = h; 2771 cb->args[4] = idx; 2772 return rc; 2773 2774 } 2775 2776 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2777 bool strict_check, 2778 struct neigh_dump_filter *filter, 2779 struct netlink_ext_ack *extack) 2780 { 2781 struct nlattr *tb[NDA_MAX + 1]; 2782 int err, i; 2783 2784 if (strict_check) { 2785 struct ndmsg *ndm; 2786 2787 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2788 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2789 return -EINVAL; 2790 } 2791 2792 ndm = nlmsg_data(nlh); 2793 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2794 ndm->ndm_state || ndm->ndm_type) { 2795 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2796 return -EINVAL; 2797 } 2798 2799 if (ndm->ndm_flags & ~NTF_PROXY) { 2800 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2801 return -EINVAL; 2802 } 2803 2804 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2805 tb, NDA_MAX, nda_policy, 2806 extack); 2807 } else { 2808 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2809 NDA_MAX, nda_policy, extack); 2810 } 2811 if (err < 0) 2812 return err; 2813 2814 for (i = 0; i <= NDA_MAX; ++i) { 2815 if (!tb[i]) 2816 continue; 2817 2818 /* all new attributes should require strict_check */ 2819 switch (i) { 2820 case NDA_IFINDEX: 2821 filter->dev_idx = nla_get_u32(tb[i]); 2822 break; 2823 case NDA_MASTER: 2824 filter->master_idx = nla_get_u32(tb[i]); 2825 break; 2826 default: 2827 if (strict_check) { 2828 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2829 return -EINVAL; 2830 } 2831 } 2832 } 2833 2834 return 0; 2835 } 2836 2837 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2838 { 2839 const struct nlmsghdr *nlh = cb->nlh; 2840 struct neigh_dump_filter filter = {}; 2841 struct neigh_table *tbl; 2842 int t, family, s_t; 2843 int proxy = 0; 2844 int err; 2845 2846 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2847 2848 /* check for full ndmsg structure presence, family member is 2849 * the same for both structures 2850 */ 2851 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2852 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2853 proxy = 1; 2854 2855 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2856 if (err < 0 && cb->strict_check) 2857 return err; 2858 2859 s_t = cb->args[0]; 2860 2861 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2862 tbl = neigh_tables[t]; 2863 2864 if (!tbl) 2865 continue; 2866 if (t < s_t || (family && tbl->family != family)) 2867 continue; 2868 if (t > s_t) 2869 memset(&cb->args[1], 0, sizeof(cb->args) - 2870 sizeof(cb->args[0])); 2871 if (proxy) 2872 err = pneigh_dump_table(tbl, skb, cb, &filter); 2873 else 2874 err = neigh_dump_table(tbl, skb, cb, &filter); 2875 if (err < 0) 2876 break; 2877 } 2878 2879 cb->args[0] = t; 2880 return skb->len; 2881 } 2882 2883 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2884 struct neigh_table **tbl, 2885 void **dst, int *dev_idx, u8 *ndm_flags, 2886 struct netlink_ext_ack *extack) 2887 { 2888 struct nlattr *tb[NDA_MAX + 1]; 2889 struct ndmsg *ndm; 2890 int err, i; 2891 2892 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2893 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2894 return -EINVAL; 2895 } 2896 2897 ndm = nlmsg_data(nlh); 2898 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2899 ndm->ndm_type) { 2900 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2901 return -EINVAL; 2902 } 2903 2904 if (ndm->ndm_flags & ~NTF_PROXY) { 2905 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2906 return -EINVAL; 2907 } 2908 2909 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2910 NDA_MAX, nda_policy, extack); 2911 if (err < 0) 2912 return err; 2913 2914 *ndm_flags = ndm->ndm_flags; 2915 *dev_idx = ndm->ndm_ifindex; 2916 *tbl = neigh_find_table(ndm->ndm_family); 2917 if (*tbl == NULL) { 2918 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2919 return -EAFNOSUPPORT; 2920 } 2921 2922 for (i = 0; i <= NDA_MAX; ++i) { 2923 if (!tb[i]) 2924 continue; 2925 2926 switch (i) { 2927 case NDA_DST: 2928 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2929 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2930 return -EINVAL; 2931 } 2932 *dst = nla_data(tb[i]); 2933 break; 2934 default: 2935 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2936 return -EINVAL; 2937 } 2938 } 2939 2940 return 0; 2941 } 2942 2943 static inline size_t neigh_nlmsg_size(void) 2944 { 2945 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2946 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2947 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2948 + nla_total_size(sizeof(struct nda_cacheinfo)) 2949 + nla_total_size(4) /* NDA_PROBES */ 2950 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2951 + nla_total_size(1); /* NDA_PROTOCOL */ 2952 } 2953 2954 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2955 u32 pid, u32 seq) 2956 { 2957 struct sk_buff *skb; 2958 int err = 0; 2959 2960 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2961 if (!skb) 2962 return -ENOBUFS; 2963 2964 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2965 if (err) { 2966 kfree_skb(skb); 2967 goto errout; 2968 } 2969 2970 err = rtnl_unicast(skb, net, pid); 2971 errout: 2972 return err; 2973 } 2974 2975 static inline size_t pneigh_nlmsg_size(void) 2976 { 2977 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2978 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2979 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2980 + nla_total_size(1); /* NDA_PROTOCOL */ 2981 } 2982 2983 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 2984 u32 pid, u32 seq, struct neigh_table *tbl) 2985 { 2986 struct sk_buff *skb; 2987 int err = 0; 2988 2989 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 2990 if (!skb) 2991 return -ENOBUFS; 2992 2993 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 2994 if (err) { 2995 kfree_skb(skb); 2996 goto errout; 2997 } 2998 2999 err = rtnl_unicast(skb, net, pid); 3000 errout: 3001 return err; 3002 } 3003 3004 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3005 struct netlink_ext_ack *extack) 3006 { 3007 struct net *net = sock_net(in_skb->sk); 3008 struct net_device *dev = NULL; 3009 struct neigh_table *tbl = NULL; 3010 struct neighbour *neigh; 3011 void *dst = NULL; 3012 u8 ndm_flags = 0; 3013 int dev_idx = 0; 3014 int err; 3015 3016 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3017 extack); 3018 if (err < 0) 3019 return err; 3020 3021 if (dev_idx) { 3022 dev = __dev_get_by_index(net, dev_idx); 3023 if (!dev) { 3024 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3025 return -ENODEV; 3026 } 3027 } 3028 3029 if (!dst) { 3030 NL_SET_ERR_MSG(extack, "Network address not specified"); 3031 return -EINVAL; 3032 } 3033 3034 if (ndm_flags & NTF_PROXY) { 3035 struct pneigh_entry *pn; 3036 3037 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3038 if (!pn) { 3039 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3040 return -ENOENT; 3041 } 3042 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3043 nlh->nlmsg_seq, tbl); 3044 } 3045 3046 if (!dev) { 3047 NL_SET_ERR_MSG(extack, "No device specified"); 3048 return -EINVAL; 3049 } 3050 3051 neigh = neigh_lookup(tbl, dst, dev); 3052 if (!neigh) { 3053 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3054 return -ENOENT; 3055 } 3056 3057 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3058 nlh->nlmsg_seq); 3059 3060 neigh_release(neigh); 3061 3062 return err; 3063 } 3064 3065 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3066 { 3067 int chain; 3068 struct neigh_hash_table *nht; 3069 3070 rcu_read_lock_bh(); 3071 nht = rcu_dereference_bh(tbl->nht); 3072 3073 read_lock(&tbl->lock); /* avoid resizes */ 3074 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3075 struct neighbour *n; 3076 3077 for (n = rcu_dereference_bh(nht->hash_buckets[chain]); 3078 n != NULL; 3079 n = rcu_dereference_bh(n->next)) 3080 cb(n, cookie); 3081 } 3082 read_unlock(&tbl->lock); 3083 rcu_read_unlock_bh(); 3084 } 3085 EXPORT_SYMBOL(neigh_for_each); 3086 3087 /* The tbl->lock must be held as a writer and BH disabled. */ 3088 void __neigh_for_each_release(struct neigh_table *tbl, 3089 int (*cb)(struct neighbour *)) 3090 { 3091 int chain; 3092 struct neigh_hash_table *nht; 3093 3094 nht = rcu_dereference_protected(tbl->nht, 3095 lockdep_is_held(&tbl->lock)); 3096 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3097 struct neighbour *n; 3098 struct neighbour __rcu **np; 3099 3100 np = &nht->hash_buckets[chain]; 3101 while ((n = rcu_dereference_protected(*np, 3102 lockdep_is_held(&tbl->lock))) != NULL) { 3103 int release; 3104 3105 write_lock(&n->lock); 3106 release = cb(n); 3107 if (release) { 3108 rcu_assign_pointer(*np, 3109 rcu_dereference_protected(n->next, 3110 lockdep_is_held(&tbl->lock))); 3111 neigh_mark_dead(n); 3112 } else 3113 np = &n->next; 3114 write_unlock(&n->lock); 3115 if (release) 3116 neigh_cleanup_and_release(n); 3117 } 3118 } 3119 } 3120 EXPORT_SYMBOL(__neigh_for_each_release); 3121 3122 int neigh_xmit(int index, struct net_device *dev, 3123 const void *addr, struct sk_buff *skb) 3124 { 3125 int err = -EAFNOSUPPORT; 3126 if (likely(index < NEIGH_NR_TABLES)) { 3127 struct neigh_table *tbl; 3128 struct neighbour *neigh; 3129 3130 tbl = neigh_tables[index]; 3131 if (!tbl) 3132 goto out; 3133 rcu_read_lock_bh(); 3134 if (index == NEIGH_ARP_TABLE) { 3135 u32 key = *((u32 *)addr); 3136 3137 neigh = __ipv4_neigh_lookup_noref(dev, key); 3138 } else { 3139 neigh = __neigh_lookup_noref(tbl, addr, dev); 3140 } 3141 if (!neigh) 3142 neigh = __neigh_create(tbl, addr, dev, false); 3143 err = PTR_ERR(neigh); 3144 if (IS_ERR(neigh)) { 3145 rcu_read_unlock_bh(); 3146 goto out_kfree_skb; 3147 } 3148 err = neigh->output(neigh, skb); 3149 rcu_read_unlock_bh(); 3150 } 3151 else if (index == NEIGH_LINK_TABLE) { 3152 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3153 addr, NULL, skb->len); 3154 if (err < 0) 3155 goto out_kfree_skb; 3156 err = dev_queue_xmit(skb); 3157 } 3158 out: 3159 return err; 3160 out_kfree_skb: 3161 kfree_skb(skb); 3162 goto out; 3163 } 3164 EXPORT_SYMBOL(neigh_xmit); 3165 3166 #ifdef CONFIG_PROC_FS 3167 3168 static struct neighbour *neigh_get_first(struct seq_file *seq) 3169 { 3170 struct neigh_seq_state *state = seq->private; 3171 struct net *net = seq_file_net(seq); 3172 struct neigh_hash_table *nht = state->nht; 3173 struct neighbour *n = NULL; 3174 int bucket; 3175 3176 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3177 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 3178 n = rcu_dereference_bh(nht->hash_buckets[bucket]); 3179 3180 while (n) { 3181 if (!net_eq(dev_net(n->dev), net)) 3182 goto next; 3183 if (state->neigh_sub_iter) { 3184 loff_t fakep = 0; 3185 void *v; 3186 3187 v = state->neigh_sub_iter(state, n, &fakep); 3188 if (!v) 3189 goto next; 3190 } 3191 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3192 break; 3193 if (n->nud_state & ~NUD_NOARP) 3194 break; 3195 next: 3196 n = rcu_dereference_bh(n->next); 3197 } 3198 3199 if (n) 3200 break; 3201 } 3202 state->bucket = bucket; 3203 3204 return n; 3205 } 3206 3207 static struct neighbour *neigh_get_next(struct seq_file *seq, 3208 struct neighbour *n, 3209 loff_t *pos) 3210 { 3211 struct neigh_seq_state *state = seq->private; 3212 struct net *net = seq_file_net(seq); 3213 struct neigh_hash_table *nht = state->nht; 3214 3215 if (state->neigh_sub_iter) { 3216 void *v = state->neigh_sub_iter(state, n, pos); 3217 if (v) 3218 return n; 3219 } 3220 n = rcu_dereference_bh(n->next); 3221 3222 while (1) { 3223 while (n) { 3224 if (!net_eq(dev_net(n->dev), net)) 3225 goto next; 3226 if (state->neigh_sub_iter) { 3227 void *v = state->neigh_sub_iter(state, n, pos); 3228 if (v) 3229 return n; 3230 goto next; 3231 } 3232 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3233 break; 3234 3235 if (n->nud_state & ~NUD_NOARP) 3236 break; 3237 next: 3238 n = rcu_dereference_bh(n->next); 3239 } 3240 3241 if (n) 3242 break; 3243 3244 if (++state->bucket >= (1 << nht->hash_shift)) 3245 break; 3246 3247 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]); 3248 } 3249 3250 if (n && pos) 3251 --(*pos); 3252 return n; 3253 } 3254 3255 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3256 { 3257 struct neighbour *n = neigh_get_first(seq); 3258 3259 if (n) { 3260 --(*pos); 3261 while (*pos) { 3262 n = neigh_get_next(seq, n, pos); 3263 if (!n) 3264 break; 3265 } 3266 } 3267 return *pos ? NULL : n; 3268 } 3269 3270 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3271 { 3272 struct neigh_seq_state *state = seq->private; 3273 struct net *net = seq_file_net(seq); 3274 struct neigh_table *tbl = state->tbl; 3275 struct pneigh_entry *pn = NULL; 3276 int bucket; 3277 3278 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3279 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3280 pn = tbl->phash_buckets[bucket]; 3281 while (pn && !net_eq(pneigh_net(pn), net)) 3282 pn = pn->next; 3283 if (pn) 3284 break; 3285 } 3286 state->bucket = bucket; 3287 3288 return pn; 3289 } 3290 3291 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3292 struct pneigh_entry *pn, 3293 loff_t *pos) 3294 { 3295 struct neigh_seq_state *state = seq->private; 3296 struct net *net = seq_file_net(seq); 3297 struct neigh_table *tbl = state->tbl; 3298 3299 do { 3300 pn = pn->next; 3301 } while (pn && !net_eq(pneigh_net(pn), net)); 3302 3303 while (!pn) { 3304 if (++state->bucket > PNEIGH_HASHMASK) 3305 break; 3306 pn = tbl->phash_buckets[state->bucket]; 3307 while (pn && !net_eq(pneigh_net(pn), net)) 3308 pn = pn->next; 3309 if (pn) 3310 break; 3311 } 3312 3313 if (pn && pos) 3314 --(*pos); 3315 3316 return pn; 3317 } 3318 3319 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3320 { 3321 struct pneigh_entry *pn = pneigh_get_first(seq); 3322 3323 if (pn) { 3324 --(*pos); 3325 while (*pos) { 3326 pn = pneigh_get_next(seq, pn, pos); 3327 if (!pn) 3328 break; 3329 } 3330 } 3331 return *pos ? NULL : pn; 3332 } 3333 3334 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3335 { 3336 struct neigh_seq_state *state = seq->private; 3337 void *rc; 3338 loff_t idxpos = *pos; 3339 3340 rc = neigh_get_idx(seq, &idxpos); 3341 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3342 rc = pneigh_get_idx(seq, &idxpos); 3343 3344 return rc; 3345 } 3346 3347 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3348 __acquires(tbl->lock) 3349 __acquires(rcu_bh) 3350 { 3351 struct neigh_seq_state *state = seq->private; 3352 3353 state->tbl = tbl; 3354 state->bucket = 0; 3355 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3356 3357 rcu_read_lock_bh(); 3358 state->nht = rcu_dereference_bh(tbl->nht); 3359 read_lock(&tbl->lock); 3360 3361 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3362 } 3363 EXPORT_SYMBOL(neigh_seq_start); 3364 3365 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3366 { 3367 struct neigh_seq_state *state; 3368 void *rc; 3369 3370 if (v == SEQ_START_TOKEN) { 3371 rc = neigh_get_first(seq); 3372 goto out; 3373 } 3374 3375 state = seq->private; 3376 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3377 rc = neigh_get_next(seq, v, NULL); 3378 if (rc) 3379 goto out; 3380 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3381 rc = pneigh_get_first(seq); 3382 } else { 3383 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3384 rc = pneigh_get_next(seq, v, NULL); 3385 } 3386 out: 3387 ++(*pos); 3388 return rc; 3389 } 3390 EXPORT_SYMBOL(neigh_seq_next); 3391 3392 void neigh_seq_stop(struct seq_file *seq, void *v) 3393 __releases(tbl->lock) 3394 __releases(rcu_bh) 3395 { 3396 struct neigh_seq_state *state = seq->private; 3397 struct neigh_table *tbl = state->tbl; 3398 3399 read_unlock(&tbl->lock); 3400 rcu_read_unlock_bh(); 3401 } 3402 EXPORT_SYMBOL(neigh_seq_stop); 3403 3404 /* statistics via seq_file */ 3405 3406 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3407 { 3408 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3409 int cpu; 3410 3411 if (*pos == 0) 3412 return SEQ_START_TOKEN; 3413 3414 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3415 if (!cpu_possible(cpu)) 3416 continue; 3417 *pos = cpu+1; 3418 return per_cpu_ptr(tbl->stats, cpu); 3419 } 3420 return NULL; 3421 } 3422 3423 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3424 { 3425 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3426 int cpu; 3427 3428 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3429 if (!cpu_possible(cpu)) 3430 continue; 3431 *pos = cpu+1; 3432 return per_cpu_ptr(tbl->stats, cpu); 3433 } 3434 (*pos)++; 3435 return NULL; 3436 } 3437 3438 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3439 { 3440 3441 } 3442 3443 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3444 { 3445 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3446 struct neigh_statistics *st = v; 3447 3448 if (v == SEQ_START_TOKEN) { 3449 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3450 return 0; 3451 } 3452 3453 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3454 "%08lx %08lx %08lx " 3455 "%08lx %08lx %08lx\n", 3456 atomic_read(&tbl->entries), 3457 3458 st->allocs, 3459 st->destroys, 3460 st->hash_grows, 3461 3462 st->lookups, 3463 st->hits, 3464 3465 st->res_failed, 3466 3467 st->rcv_probes_mcast, 3468 st->rcv_probes_ucast, 3469 3470 st->periodic_gc_runs, 3471 st->forced_gc_runs, 3472 st->unres_discards, 3473 st->table_fulls 3474 ); 3475 3476 return 0; 3477 } 3478 3479 static const struct seq_operations neigh_stat_seq_ops = { 3480 .start = neigh_stat_seq_start, 3481 .next = neigh_stat_seq_next, 3482 .stop = neigh_stat_seq_stop, 3483 .show = neigh_stat_seq_show, 3484 }; 3485 #endif /* CONFIG_PROC_FS */ 3486 3487 static void __neigh_notify(struct neighbour *n, int type, int flags, 3488 u32 pid) 3489 { 3490 struct net *net = dev_net(n->dev); 3491 struct sk_buff *skb; 3492 int err = -ENOBUFS; 3493 3494 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3495 if (skb == NULL) 3496 goto errout; 3497 3498 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3499 if (err < 0) { 3500 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3501 WARN_ON(err == -EMSGSIZE); 3502 kfree_skb(skb); 3503 goto errout; 3504 } 3505 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3506 return; 3507 errout: 3508 if (err < 0) 3509 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3510 } 3511 3512 void neigh_app_ns(struct neighbour *n) 3513 { 3514 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3515 } 3516 EXPORT_SYMBOL(neigh_app_ns); 3517 3518 #ifdef CONFIG_SYSCTL 3519 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3520 3521 static int proc_unres_qlen(struct ctl_table *ctl, int write, 3522 void *buffer, size_t *lenp, loff_t *ppos) 3523 { 3524 int size, ret; 3525 struct ctl_table tmp = *ctl; 3526 3527 tmp.extra1 = SYSCTL_ZERO; 3528 tmp.extra2 = &unres_qlen_max; 3529 tmp.data = &size; 3530 3531 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3532 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3533 3534 if (write && !ret) 3535 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3536 return ret; 3537 } 3538 3539 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 3540 int family) 3541 { 3542 switch (family) { 3543 case AF_INET: 3544 return __in_dev_arp_parms_get_rcu(dev); 3545 case AF_INET6: 3546 return __in6_dev_nd_parms_get_rcu(dev); 3547 } 3548 return NULL; 3549 } 3550 3551 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3552 int index) 3553 { 3554 struct net_device *dev; 3555 int family = neigh_parms_family(p); 3556 3557 rcu_read_lock(); 3558 for_each_netdev_rcu(net, dev) { 3559 struct neigh_parms *dst_p = 3560 neigh_get_dev_parms_rcu(dev, family); 3561 3562 if (dst_p && !test_bit(index, dst_p->data_state)) 3563 dst_p->data[index] = p->data[index]; 3564 } 3565 rcu_read_unlock(); 3566 } 3567 3568 static void neigh_proc_update(struct ctl_table *ctl, int write) 3569 { 3570 struct net_device *dev = ctl->extra1; 3571 struct neigh_parms *p = ctl->extra2; 3572 struct net *net = neigh_parms_net(p); 3573 int index = (int *) ctl->data - p->data; 3574 3575 if (!write) 3576 return; 3577 3578 set_bit(index, p->data_state); 3579 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3580 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3581 if (!dev) /* NULL dev means this is default value */ 3582 neigh_copy_dflt_parms(net, p, index); 3583 } 3584 3585 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 3586 void *buffer, size_t *lenp, 3587 loff_t *ppos) 3588 { 3589 struct ctl_table tmp = *ctl; 3590 int ret; 3591 3592 tmp.extra1 = SYSCTL_ZERO; 3593 tmp.extra2 = SYSCTL_INT_MAX; 3594 3595 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3596 neigh_proc_update(ctl, write); 3597 return ret; 3598 } 3599 3600 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write, 3601 void *buffer, size_t *lenp, loff_t *ppos) 3602 { 3603 struct ctl_table tmp = *ctl; 3604 int ret; 3605 3606 int min = msecs_to_jiffies(1); 3607 3608 tmp.extra1 = &min; 3609 tmp.extra2 = NULL; 3610 3611 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3612 neigh_proc_update(ctl, write); 3613 return ret; 3614 } 3615 3616 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer, 3617 size_t *lenp, loff_t *ppos) 3618 { 3619 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3620 3621 neigh_proc_update(ctl, write); 3622 return ret; 3623 } 3624 EXPORT_SYMBOL(neigh_proc_dointvec); 3625 3626 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer, 3627 size_t *lenp, loff_t *ppos) 3628 { 3629 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3630 3631 neigh_proc_update(ctl, write); 3632 return ret; 3633 } 3634 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3635 3636 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 3637 void *buffer, size_t *lenp, 3638 loff_t *ppos) 3639 { 3640 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3641 3642 neigh_proc_update(ctl, write); 3643 return ret; 3644 } 3645 3646 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 3647 void *buffer, size_t *lenp, loff_t *ppos) 3648 { 3649 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3650 3651 neigh_proc_update(ctl, write); 3652 return ret; 3653 } 3654 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3655 3656 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 3657 void *buffer, size_t *lenp, 3658 loff_t *ppos) 3659 { 3660 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3661 3662 neigh_proc_update(ctl, write); 3663 return ret; 3664 } 3665 3666 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 3667 void *buffer, size_t *lenp, 3668 loff_t *ppos) 3669 { 3670 struct neigh_parms *p = ctl->extra2; 3671 int ret; 3672 3673 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3674 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3675 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3676 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3677 else 3678 ret = -1; 3679 3680 if (write && ret == 0) { 3681 /* update reachable_time as well, otherwise, the change will 3682 * only be effective after the next time neigh_periodic_work 3683 * decides to recompute it 3684 */ 3685 p->reachable_time = 3686 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3687 } 3688 return ret; 3689 } 3690 3691 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3692 (&((struct neigh_parms *) 0)->data[index]) 3693 3694 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3695 [NEIGH_VAR_ ## attr] = { \ 3696 .procname = name, \ 3697 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3698 .maxlen = sizeof(int), \ 3699 .mode = mval, \ 3700 .proc_handler = proc, \ 3701 } 3702 3703 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3704 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3705 3706 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3707 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3708 3709 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3710 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3711 3712 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3713 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3714 3715 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3716 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3717 3718 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3719 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3720 3721 static struct neigh_sysctl_table { 3722 struct ctl_table_header *sysctl_header; 3723 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1]; 3724 } neigh_sysctl_template __read_mostly = { 3725 .neigh_vars = { 3726 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3727 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3728 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3729 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3730 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3731 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3732 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3733 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3734 "interval_probe_time_ms"), 3735 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3736 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3737 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3738 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3739 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3740 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3741 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3742 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3743 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3744 [NEIGH_VAR_GC_INTERVAL] = { 3745 .procname = "gc_interval", 3746 .maxlen = sizeof(int), 3747 .mode = 0644, 3748 .proc_handler = proc_dointvec_jiffies, 3749 }, 3750 [NEIGH_VAR_GC_THRESH1] = { 3751 .procname = "gc_thresh1", 3752 .maxlen = sizeof(int), 3753 .mode = 0644, 3754 .extra1 = SYSCTL_ZERO, 3755 .extra2 = SYSCTL_INT_MAX, 3756 .proc_handler = proc_dointvec_minmax, 3757 }, 3758 [NEIGH_VAR_GC_THRESH2] = { 3759 .procname = "gc_thresh2", 3760 .maxlen = sizeof(int), 3761 .mode = 0644, 3762 .extra1 = SYSCTL_ZERO, 3763 .extra2 = SYSCTL_INT_MAX, 3764 .proc_handler = proc_dointvec_minmax, 3765 }, 3766 [NEIGH_VAR_GC_THRESH3] = { 3767 .procname = "gc_thresh3", 3768 .maxlen = sizeof(int), 3769 .mode = 0644, 3770 .extra1 = SYSCTL_ZERO, 3771 .extra2 = SYSCTL_INT_MAX, 3772 .proc_handler = proc_dointvec_minmax, 3773 }, 3774 {}, 3775 }, 3776 }; 3777 3778 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3779 proc_handler *handler) 3780 { 3781 int i; 3782 struct neigh_sysctl_table *t; 3783 const char *dev_name_source; 3784 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3785 char *p_name; 3786 3787 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3788 if (!t) 3789 goto err; 3790 3791 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3792 t->neigh_vars[i].data += (long) p; 3793 t->neigh_vars[i].extra1 = dev; 3794 t->neigh_vars[i].extra2 = p; 3795 } 3796 3797 if (dev) { 3798 dev_name_source = dev->name; 3799 /* Terminate the table early */ 3800 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0, 3801 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL])); 3802 } else { 3803 struct neigh_table *tbl = p->tbl; 3804 dev_name_source = "default"; 3805 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3806 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3807 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3808 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3809 } 3810 3811 if (handler) { 3812 /* RetransTime */ 3813 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3814 /* ReachableTime */ 3815 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3816 /* RetransTime (in milliseconds)*/ 3817 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3818 /* ReachableTime (in milliseconds) */ 3819 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3820 } else { 3821 /* Those handlers will update p->reachable_time after 3822 * base_reachable_time(_ms) is set to ensure the new timer starts being 3823 * applied after the next neighbour update instead of waiting for 3824 * neigh_periodic_work to update its value (can be multiple minutes) 3825 * So any handler that replaces them should do this as well 3826 */ 3827 /* ReachableTime */ 3828 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3829 neigh_proc_base_reachable_time; 3830 /* ReachableTime (in milliseconds) */ 3831 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3832 neigh_proc_base_reachable_time; 3833 } 3834 3835 switch (neigh_parms_family(p)) { 3836 case AF_INET: 3837 p_name = "ipv4"; 3838 break; 3839 case AF_INET6: 3840 p_name = "ipv6"; 3841 break; 3842 default: 3843 BUG(); 3844 } 3845 3846 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3847 p_name, dev_name_source); 3848 t->sysctl_header = 3849 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars); 3850 if (!t->sysctl_header) 3851 goto free; 3852 3853 p->sysctl_table = t; 3854 return 0; 3855 3856 free: 3857 kfree(t); 3858 err: 3859 return -ENOBUFS; 3860 } 3861 EXPORT_SYMBOL(neigh_sysctl_register); 3862 3863 void neigh_sysctl_unregister(struct neigh_parms *p) 3864 { 3865 if (p->sysctl_table) { 3866 struct neigh_sysctl_table *t = p->sysctl_table; 3867 p->sysctl_table = NULL; 3868 unregister_net_sysctl_table(t->sysctl_header); 3869 kfree(t); 3870 } 3871 } 3872 EXPORT_SYMBOL(neigh_sysctl_unregister); 3873 3874 #endif /* CONFIG_SYSCTL */ 3875 3876 static int __init neigh_init(void) 3877 { 3878 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0); 3879 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0); 3880 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0); 3881 3882 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info, 3883 0); 3884 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0); 3885 3886 return 0; 3887 } 3888 3889 subsys_initcall(neigh_init); 3890