xref: /openbmc/linux/net/core/neighbour.c (revision a266ef69b890f099069cf51bb40572611c435a54)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Generic address resolution entity
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Alexey Kuznetsov	<kuznet@ms2.inr.ac.ru>
8  *
9  *	Fixes:
10  *	Vitaly E. Lavrov	releasing NULL neighbor in neigh_add.
11  *	Harald Welte		Add neighbour cache statistics like rtstat
12  */
13 
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41 
42 #include <trace/events/neigh.h>
43 
44 #define NEIGH_DEBUG 1
45 #define neigh_dbg(level, fmt, ...)		\
46 do {						\
47 	if (level <= NEIGH_DEBUG)		\
48 		pr_debug(fmt, ##__VA_ARGS__);	\
49 } while (0)
50 
51 #define PNEIGH_HASHMASK		0xF
52 
53 static void neigh_timer_handler(struct timer_list *t);
54 static void __neigh_notify(struct neighbour *n, int type, int flags,
55 			   u32 pid);
56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58 				    struct net_device *dev);
59 
60 #ifdef CONFIG_PROC_FS
61 static const struct seq_operations neigh_stat_seq_ops;
62 #endif
63 
64 /*
65    Neighbour hash table buckets are protected with rwlock tbl->lock.
66 
67    - All the scans/updates to hash buckets MUST be made under this lock.
68    - NOTHING clever should be made under this lock: no callbacks
69      to protocol backends, no attempts to send something to network.
70      It will result in deadlocks, if backend/driver wants to use neighbour
71      cache.
72    - If the entry requires some non-trivial actions, increase
73      its reference count and release table lock.
74 
75    Neighbour entries are protected:
76    - with reference count.
77    - with rwlock neigh->lock
78 
79    Reference count prevents destruction.
80 
81    neigh->lock mainly serializes ll address data and its validity state.
82    However, the same lock is used to protect another entry fields:
83     - timer
84     - resolution queue
85 
86    Again, nothing clever shall be made under neigh->lock,
87    the most complicated procedure, which we allow is dev->hard_header.
88    It is supposed, that dev->hard_header is simplistic and does
89    not make callbacks to neighbour tables.
90  */
91 
92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 {
94 	kfree_skb(skb);
95 	return -ENETDOWN;
96 }
97 
98 static void neigh_cleanup_and_release(struct neighbour *neigh)
99 {
100 	trace_neigh_cleanup_and_release(neigh, 0);
101 	__neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102 	call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103 	neigh_release(neigh);
104 }
105 
106 /*
107  * It is random distribution in the interval (1/2)*base...(3/2)*base.
108  * It corresponds to default IPv6 settings and is not overridable,
109  * because it is really reasonable choice.
110  */
111 
112 unsigned long neigh_rand_reach_time(unsigned long base)
113 {
114 	return base ? get_random_u32_below(base) + (base >> 1) : 0;
115 }
116 EXPORT_SYMBOL(neigh_rand_reach_time);
117 
118 static void neigh_mark_dead(struct neighbour *n)
119 {
120 	n->dead = 1;
121 	if (!list_empty(&n->gc_list)) {
122 		list_del_init(&n->gc_list);
123 		atomic_dec(&n->tbl->gc_entries);
124 	}
125 	if (!list_empty(&n->managed_list))
126 		list_del_init(&n->managed_list);
127 }
128 
129 static void neigh_update_gc_list(struct neighbour *n)
130 {
131 	bool on_gc_list, exempt_from_gc;
132 
133 	write_lock_bh(&n->tbl->lock);
134 	write_lock(&n->lock);
135 	if (n->dead)
136 		goto out;
137 
138 	/* remove from the gc list if new state is permanent or if neighbor
139 	 * is externally learned; otherwise entry should be on the gc list
140 	 */
141 	exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 			 n->flags & NTF_EXT_LEARNED;
143 	on_gc_list = !list_empty(&n->gc_list);
144 
145 	if (exempt_from_gc && on_gc_list) {
146 		list_del_init(&n->gc_list);
147 		atomic_dec(&n->tbl->gc_entries);
148 	} else if (!exempt_from_gc && !on_gc_list) {
149 		/* add entries to the tail; cleaning removes from the front */
150 		list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 		atomic_inc(&n->tbl->gc_entries);
152 	}
153 out:
154 	write_unlock(&n->lock);
155 	write_unlock_bh(&n->tbl->lock);
156 }
157 
158 static void neigh_update_managed_list(struct neighbour *n)
159 {
160 	bool on_managed_list, add_to_managed;
161 
162 	write_lock_bh(&n->tbl->lock);
163 	write_lock(&n->lock);
164 	if (n->dead)
165 		goto out;
166 
167 	add_to_managed = n->flags & NTF_MANAGED;
168 	on_managed_list = !list_empty(&n->managed_list);
169 
170 	if (!add_to_managed && on_managed_list)
171 		list_del_init(&n->managed_list);
172 	else if (add_to_managed && !on_managed_list)
173 		list_add_tail(&n->managed_list, &n->tbl->managed_list);
174 out:
175 	write_unlock(&n->lock);
176 	write_unlock_bh(&n->tbl->lock);
177 }
178 
179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180 			       bool *gc_update, bool *managed_update)
181 {
182 	u32 ndm_flags, old_flags = neigh->flags;
183 
184 	if (!(flags & NEIGH_UPDATE_F_ADMIN))
185 		return;
186 
187 	ndm_flags  = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188 	ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189 
190 	if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191 		if (ndm_flags & NTF_EXT_LEARNED)
192 			neigh->flags |= NTF_EXT_LEARNED;
193 		else
194 			neigh->flags &= ~NTF_EXT_LEARNED;
195 		*notify = 1;
196 		*gc_update = true;
197 	}
198 	if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199 		if (ndm_flags & NTF_MANAGED)
200 			neigh->flags |= NTF_MANAGED;
201 		else
202 			neigh->flags &= ~NTF_MANAGED;
203 		*notify = 1;
204 		*managed_update = true;
205 	}
206 }
207 
208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209 		      struct neigh_table *tbl)
210 {
211 	bool retval = false;
212 
213 	write_lock(&n->lock);
214 	if (refcount_read(&n->refcnt) == 1) {
215 		struct neighbour *neigh;
216 
217 		neigh = rcu_dereference_protected(n->next,
218 						  lockdep_is_held(&tbl->lock));
219 		rcu_assign_pointer(*np, neigh);
220 		neigh_mark_dead(n);
221 		retval = true;
222 	}
223 	write_unlock(&n->lock);
224 	if (retval)
225 		neigh_cleanup_and_release(n);
226 	return retval;
227 }
228 
229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230 {
231 	struct neigh_hash_table *nht;
232 	void *pkey = ndel->primary_key;
233 	u32 hash_val;
234 	struct neighbour *n;
235 	struct neighbour __rcu **np;
236 
237 	nht = rcu_dereference_protected(tbl->nht,
238 					lockdep_is_held(&tbl->lock));
239 	hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240 	hash_val = hash_val >> (32 - nht->hash_shift);
241 
242 	np = &nht->hash_buckets[hash_val];
243 	while ((n = rcu_dereference_protected(*np,
244 					      lockdep_is_held(&tbl->lock)))) {
245 		if (n == ndel)
246 			return neigh_del(n, np, tbl);
247 		np = &n->next;
248 	}
249 	return false;
250 }
251 
252 static int neigh_forced_gc(struct neigh_table *tbl)
253 {
254 	int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
255 	unsigned long tref = jiffies - 5 * HZ;
256 	struct neighbour *n, *tmp;
257 	int shrunk = 0;
258 
259 	NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
260 
261 	write_lock_bh(&tbl->lock);
262 
263 	list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
264 		if (refcount_read(&n->refcnt) == 1) {
265 			bool remove = false;
266 
267 			write_lock(&n->lock);
268 			if ((n->nud_state == NUD_FAILED) ||
269 			    (n->nud_state == NUD_NOARP) ||
270 			    (tbl->is_multicast &&
271 			     tbl->is_multicast(n->primary_key)) ||
272 			    time_after(tref, n->updated))
273 				remove = true;
274 			write_unlock(&n->lock);
275 
276 			if (remove && neigh_remove_one(n, tbl))
277 				shrunk++;
278 			if (shrunk >= max_clean)
279 				break;
280 		}
281 	}
282 
283 	tbl->last_flush = jiffies;
284 
285 	write_unlock_bh(&tbl->lock);
286 
287 	return shrunk;
288 }
289 
290 static void neigh_add_timer(struct neighbour *n, unsigned long when)
291 {
292 	neigh_hold(n);
293 	if (unlikely(mod_timer(&n->timer, when))) {
294 		printk("NEIGH: BUG, double timer add, state is %x\n",
295 		       n->nud_state);
296 		dump_stack();
297 	}
298 }
299 
300 static int neigh_del_timer(struct neighbour *n)
301 {
302 	if ((n->nud_state & NUD_IN_TIMER) &&
303 	    del_timer(&n->timer)) {
304 		neigh_release(n);
305 		return 1;
306 	}
307 	return 0;
308 }
309 
310 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
311 						   int family)
312 {
313 	switch (family) {
314 	case AF_INET:
315 		return __in_dev_arp_parms_get_rcu(dev);
316 	case AF_INET6:
317 		return __in6_dev_nd_parms_get_rcu(dev);
318 	}
319 	return NULL;
320 }
321 
322 static void neigh_parms_qlen_dec(struct net_device *dev, int family)
323 {
324 	struct neigh_parms *p;
325 
326 	rcu_read_lock();
327 	p = neigh_get_dev_parms_rcu(dev, family);
328 	if (p)
329 		p->qlen--;
330 	rcu_read_unlock();
331 }
332 
333 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
334 			       int family)
335 {
336 	struct sk_buff_head tmp;
337 	unsigned long flags;
338 	struct sk_buff *skb;
339 
340 	skb_queue_head_init(&tmp);
341 	spin_lock_irqsave(&list->lock, flags);
342 	skb = skb_peek(list);
343 	while (skb != NULL) {
344 		struct sk_buff *skb_next = skb_peek_next(skb, list);
345 		struct net_device *dev = skb->dev;
346 
347 		if (net == NULL || net_eq(dev_net(dev), net)) {
348 			neigh_parms_qlen_dec(dev, family);
349 			__skb_unlink(skb, list);
350 			__skb_queue_tail(&tmp, skb);
351 		}
352 		skb = skb_next;
353 	}
354 	spin_unlock_irqrestore(&list->lock, flags);
355 
356 	while ((skb = __skb_dequeue(&tmp))) {
357 		dev_put(skb->dev);
358 		kfree_skb(skb);
359 	}
360 }
361 
362 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
363 			    bool skip_perm)
364 {
365 	int i;
366 	struct neigh_hash_table *nht;
367 
368 	nht = rcu_dereference_protected(tbl->nht,
369 					lockdep_is_held(&tbl->lock));
370 
371 	for (i = 0; i < (1 << nht->hash_shift); i++) {
372 		struct neighbour *n;
373 		struct neighbour __rcu **np = &nht->hash_buckets[i];
374 
375 		while ((n = rcu_dereference_protected(*np,
376 					lockdep_is_held(&tbl->lock))) != NULL) {
377 			if (dev && n->dev != dev) {
378 				np = &n->next;
379 				continue;
380 			}
381 			if (skip_perm && n->nud_state & NUD_PERMANENT) {
382 				np = &n->next;
383 				continue;
384 			}
385 			rcu_assign_pointer(*np,
386 				   rcu_dereference_protected(n->next,
387 						lockdep_is_held(&tbl->lock)));
388 			write_lock(&n->lock);
389 			neigh_del_timer(n);
390 			neigh_mark_dead(n);
391 			if (refcount_read(&n->refcnt) != 1) {
392 				/* The most unpleasant situation.
393 				   We must destroy neighbour entry,
394 				   but someone still uses it.
395 
396 				   The destroy will be delayed until
397 				   the last user releases us, but
398 				   we must kill timers etc. and move
399 				   it to safe state.
400 				 */
401 				__skb_queue_purge(&n->arp_queue);
402 				n->arp_queue_len_bytes = 0;
403 				n->output = neigh_blackhole;
404 				if (n->nud_state & NUD_VALID)
405 					n->nud_state = NUD_NOARP;
406 				else
407 					n->nud_state = NUD_NONE;
408 				neigh_dbg(2, "neigh %p is stray\n", n);
409 			}
410 			write_unlock(&n->lock);
411 			neigh_cleanup_and_release(n);
412 		}
413 	}
414 }
415 
416 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
417 {
418 	write_lock_bh(&tbl->lock);
419 	neigh_flush_dev(tbl, dev, false);
420 	write_unlock_bh(&tbl->lock);
421 }
422 EXPORT_SYMBOL(neigh_changeaddr);
423 
424 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
425 			  bool skip_perm)
426 {
427 	write_lock_bh(&tbl->lock);
428 	neigh_flush_dev(tbl, dev, skip_perm);
429 	pneigh_ifdown_and_unlock(tbl, dev);
430 	pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL,
431 			   tbl->family);
432 	if (skb_queue_empty_lockless(&tbl->proxy_queue))
433 		del_timer_sync(&tbl->proxy_timer);
434 	return 0;
435 }
436 
437 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
438 {
439 	__neigh_ifdown(tbl, dev, true);
440 	return 0;
441 }
442 EXPORT_SYMBOL(neigh_carrier_down);
443 
444 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
445 {
446 	__neigh_ifdown(tbl, dev, false);
447 	return 0;
448 }
449 EXPORT_SYMBOL(neigh_ifdown);
450 
451 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
452 				     struct net_device *dev,
453 				     u32 flags, bool exempt_from_gc)
454 {
455 	struct neighbour *n = NULL;
456 	unsigned long now = jiffies;
457 	int entries;
458 
459 	if (exempt_from_gc)
460 		goto do_alloc;
461 
462 	entries = atomic_inc_return(&tbl->gc_entries) - 1;
463 	if (entries >= tbl->gc_thresh3 ||
464 	    (entries >= tbl->gc_thresh2 &&
465 	     time_after(now, tbl->last_flush + 5 * HZ))) {
466 		if (!neigh_forced_gc(tbl) &&
467 		    entries >= tbl->gc_thresh3) {
468 			net_info_ratelimited("%s: neighbor table overflow!\n",
469 					     tbl->id);
470 			NEIGH_CACHE_STAT_INC(tbl, table_fulls);
471 			goto out_entries;
472 		}
473 	}
474 
475 do_alloc:
476 	n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
477 	if (!n)
478 		goto out_entries;
479 
480 	__skb_queue_head_init(&n->arp_queue);
481 	rwlock_init(&n->lock);
482 	seqlock_init(&n->ha_lock);
483 	n->updated	  = n->used = now;
484 	n->nud_state	  = NUD_NONE;
485 	n->output	  = neigh_blackhole;
486 	n->flags	  = flags;
487 	seqlock_init(&n->hh.hh_lock);
488 	n->parms	  = neigh_parms_clone(&tbl->parms);
489 	timer_setup(&n->timer, neigh_timer_handler, 0);
490 
491 	NEIGH_CACHE_STAT_INC(tbl, allocs);
492 	n->tbl		  = tbl;
493 	refcount_set(&n->refcnt, 1);
494 	n->dead		  = 1;
495 	INIT_LIST_HEAD(&n->gc_list);
496 	INIT_LIST_HEAD(&n->managed_list);
497 
498 	atomic_inc(&tbl->entries);
499 out:
500 	return n;
501 
502 out_entries:
503 	if (!exempt_from_gc)
504 		atomic_dec(&tbl->gc_entries);
505 	goto out;
506 }
507 
508 static void neigh_get_hash_rnd(u32 *x)
509 {
510 	*x = get_random_u32() | 1;
511 }
512 
513 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
514 {
515 	size_t size = (1 << shift) * sizeof(struct neighbour *);
516 	struct neigh_hash_table *ret;
517 	struct neighbour __rcu **buckets;
518 	int i;
519 
520 	ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
521 	if (!ret)
522 		return NULL;
523 	if (size <= PAGE_SIZE) {
524 		buckets = kzalloc(size, GFP_ATOMIC);
525 	} else {
526 		buckets = (struct neighbour __rcu **)
527 			  __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
528 					   get_order(size));
529 		kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
530 	}
531 	if (!buckets) {
532 		kfree(ret);
533 		return NULL;
534 	}
535 	ret->hash_buckets = buckets;
536 	ret->hash_shift = shift;
537 	for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
538 		neigh_get_hash_rnd(&ret->hash_rnd[i]);
539 	return ret;
540 }
541 
542 static void neigh_hash_free_rcu(struct rcu_head *head)
543 {
544 	struct neigh_hash_table *nht = container_of(head,
545 						    struct neigh_hash_table,
546 						    rcu);
547 	size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
548 	struct neighbour __rcu **buckets = nht->hash_buckets;
549 
550 	if (size <= PAGE_SIZE) {
551 		kfree(buckets);
552 	} else {
553 		kmemleak_free(buckets);
554 		free_pages((unsigned long)buckets, get_order(size));
555 	}
556 	kfree(nht);
557 }
558 
559 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
560 						unsigned long new_shift)
561 {
562 	unsigned int i, hash;
563 	struct neigh_hash_table *new_nht, *old_nht;
564 
565 	NEIGH_CACHE_STAT_INC(tbl, hash_grows);
566 
567 	old_nht = rcu_dereference_protected(tbl->nht,
568 					    lockdep_is_held(&tbl->lock));
569 	new_nht = neigh_hash_alloc(new_shift);
570 	if (!new_nht)
571 		return old_nht;
572 
573 	for (i = 0; i < (1 << old_nht->hash_shift); i++) {
574 		struct neighbour *n, *next;
575 
576 		for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
577 						   lockdep_is_held(&tbl->lock));
578 		     n != NULL;
579 		     n = next) {
580 			hash = tbl->hash(n->primary_key, n->dev,
581 					 new_nht->hash_rnd);
582 
583 			hash >>= (32 - new_nht->hash_shift);
584 			next = rcu_dereference_protected(n->next,
585 						lockdep_is_held(&tbl->lock));
586 
587 			rcu_assign_pointer(n->next,
588 					   rcu_dereference_protected(
589 						new_nht->hash_buckets[hash],
590 						lockdep_is_held(&tbl->lock)));
591 			rcu_assign_pointer(new_nht->hash_buckets[hash], n);
592 		}
593 	}
594 
595 	rcu_assign_pointer(tbl->nht, new_nht);
596 	call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
597 	return new_nht;
598 }
599 
600 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
601 			       struct net_device *dev)
602 {
603 	struct neighbour *n;
604 
605 	NEIGH_CACHE_STAT_INC(tbl, lookups);
606 
607 	rcu_read_lock_bh();
608 	n = __neigh_lookup_noref(tbl, pkey, dev);
609 	if (n) {
610 		if (!refcount_inc_not_zero(&n->refcnt))
611 			n = NULL;
612 		NEIGH_CACHE_STAT_INC(tbl, hits);
613 	}
614 
615 	rcu_read_unlock_bh();
616 	return n;
617 }
618 EXPORT_SYMBOL(neigh_lookup);
619 
620 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
621 				     const void *pkey)
622 {
623 	struct neighbour *n;
624 	unsigned int key_len = tbl->key_len;
625 	u32 hash_val;
626 	struct neigh_hash_table *nht;
627 
628 	NEIGH_CACHE_STAT_INC(tbl, lookups);
629 
630 	rcu_read_lock_bh();
631 	nht = rcu_dereference_bh(tbl->nht);
632 	hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
633 
634 	for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
635 	     n != NULL;
636 	     n = rcu_dereference_bh(n->next)) {
637 		if (!memcmp(n->primary_key, pkey, key_len) &&
638 		    net_eq(dev_net(n->dev), net)) {
639 			if (!refcount_inc_not_zero(&n->refcnt))
640 				n = NULL;
641 			NEIGH_CACHE_STAT_INC(tbl, hits);
642 			break;
643 		}
644 	}
645 
646 	rcu_read_unlock_bh();
647 	return n;
648 }
649 EXPORT_SYMBOL(neigh_lookup_nodev);
650 
651 static struct neighbour *
652 ___neigh_create(struct neigh_table *tbl, const void *pkey,
653 		struct net_device *dev, u32 flags,
654 		bool exempt_from_gc, bool want_ref)
655 {
656 	u32 hash_val, key_len = tbl->key_len;
657 	struct neighbour *n1, *rc, *n;
658 	struct neigh_hash_table *nht;
659 	int error;
660 
661 	n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
662 	trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
663 	if (!n) {
664 		rc = ERR_PTR(-ENOBUFS);
665 		goto out;
666 	}
667 
668 	memcpy(n->primary_key, pkey, key_len);
669 	n->dev = dev;
670 	netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC);
671 
672 	/* Protocol specific setup. */
673 	if (tbl->constructor &&	(error = tbl->constructor(n)) < 0) {
674 		rc = ERR_PTR(error);
675 		goto out_neigh_release;
676 	}
677 
678 	if (dev->netdev_ops->ndo_neigh_construct) {
679 		error = dev->netdev_ops->ndo_neigh_construct(dev, n);
680 		if (error < 0) {
681 			rc = ERR_PTR(error);
682 			goto out_neigh_release;
683 		}
684 	}
685 
686 	/* Device specific setup. */
687 	if (n->parms->neigh_setup &&
688 	    (error = n->parms->neigh_setup(n)) < 0) {
689 		rc = ERR_PTR(error);
690 		goto out_neigh_release;
691 	}
692 
693 	n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
694 
695 	write_lock_bh(&tbl->lock);
696 	nht = rcu_dereference_protected(tbl->nht,
697 					lockdep_is_held(&tbl->lock));
698 
699 	if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
700 		nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
701 
702 	hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
703 
704 	if (n->parms->dead) {
705 		rc = ERR_PTR(-EINVAL);
706 		goto out_tbl_unlock;
707 	}
708 
709 	for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
710 					    lockdep_is_held(&tbl->lock));
711 	     n1 != NULL;
712 	     n1 = rcu_dereference_protected(n1->next,
713 			lockdep_is_held(&tbl->lock))) {
714 		if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
715 			if (want_ref)
716 				neigh_hold(n1);
717 			rc = n1;
718 			goto out_tbl_unlock;
719 		}
720 	}
721 
722 	n->dead = 0;
723 	if (!exempt_from_gc)
724 		list_add_tail(&n->gc_list, &n->tbl->gc_list);
725 	if (n->flags & NTF_MANAGED)
726 		list_add_tail(&n->managed_list, &n->tbl->managed_list);
727 	if (want_ref)
728 		neigh_hold(n);
729 	rcu_assign_pointer(n->next,
730 			   rcu_dereference_protected(nht->hash_buckets[hash_val],
731 						     lockdep_is_held(&tbl->lock)));
732 	rcu_assign_pointer(nht->hash_buckets[hash_val], n);
733 	write_unlock_bh(&tbl->lock);
734 	neigh_dbg(2, "neigh %p is created\n", n);
735 	rc = n;
736 out:
737 	return rc;
738 out_tbl_unlock:
739 	write_unlock_bh(&tbl->lock);
740 out_neigh_release:
741 	if (!exempt_from_gc)
742 		atomic_dec(&tbl->gc_entries);
743 	neigh_release(n);
744 	goto out;
745 }
746 
747 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
748 				 struct net_device *dev, bool want_ref)
749 {
750 	return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
751 }
752 EXPORT_SYMBOL(__neigh_create);
753 
754 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
755 {
756 	u32 hash_val = *(u32 *)(pkey + key_len - 4);
757 	hash_val ^= (hash_val >> 16);
758 	hash_val ^= hash_val >> 8;
759 	hash_val ^= hash_val >> 4;
760 	hash_val &= PNEIGH_HASHMASK;
761 	return hash_val;
762 }
763 
764 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
765 					      struct net *net,
766 					      const void *pkey,
767 					      unsigned int key_len,
768 					      struct net_device *dev)
769 {
770 	while (n) {
771 		if (!memcmp(n->key, pkey, key_len) &&
772 		    net_eq(pneigh_net(n), net) &&
773 		    (n->dev == dev || !n->dev))
774 			return n;
775 		n = n->next;
776 	}
777 	return NULL;
778 }
779 
780 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
781 		struct net *net, const void *pkey, struct net_device *dev)
782 {
783 	unsigned int key_len = tbl->key_len;
784 	u32 hash_val = pneigh_hash(pkey, key_len);
785 
786 	return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
787 				 net, pkey, key_len, dev);
788 }
789 EXPORT_SYMBOL_GPL(__pneigh_lookup);
790 
791 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
792 				    struct net *net, const void *pkey,
793 				    struct net_device *dev, int creat)
794 {
795 	struct pneigh_entry *n;
796 	unsigned int key_len = tbl->key_len;
797 	u32 hash_val = pneigh_hash(pkey, key_len);
798 
799 	read_lock_bh(&tbl->lock);
800 	n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
801 			      net, pkey, key_len, dev);
802 	read_unlock_bh(&tbl->lock);
803 
804 	if (n || !creat)
805 		goto out;
806 
807 	ASSERT_RTNL();
808 
809 	n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
810 	if (!n)
811 		goto out;
812 
813 	write_pnet(&n->net, net);
814 	memcpy(n->key, pkey, key_len);
815 	n->dev = dev;
816 	netdev_hold(dev, &n->dev_tracker, GFP_KERNEL);
817 
818 	if (tbl->pconstructor && tbl->pconstructor(n)) {
819 		netdev_put(dev, &n->dev_tracker);
820 		kfree(n);
821 		n = NULL;
822 		goto out;
823 	}
824 
825 	write_lock_bh(&tbl->lock);
826 	n->next = tbl->phash_buckets[hash_val];
827 	tbl->phash_buckets[hash_val] = n;
828 	write_unlock_bh(&tbl->lock);
829 out:
830 	return n;
831 }
832 EXPORT_SYMBOL(pneigh_lookup);
833 
834 
835 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
836 		  struct net_device *dev)
837 {
838 	struct pneigh_entry *n, **np;
839 	unsigned int key_len = tbl->key_len;
840 	u32 hash_val = pneigh_hash(pkey, key_len);
841 
842 	write_lock_bh(&tbl->lock);
843 	for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
844 	     np = &n->next) {
845 		if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
846 		    net_eq(pneigh_net(n), net)) {
847 			*np = n->next;
848 			write_unlock_bh(&tbl->lock);
849 			if (tbl->pdestructor)
850 				tbl->pdestructor(n);
851 			netdev_put(n->dev, &n->dev_tracker);
852 			kfree(n);
853 			return 0;
854 		}
855 	}
856 	write_unlock_bh(&tbl->lock);
857 	return -ENOENT;
858 }
859 
860 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
861 				    struct net_device *dev)
862 {
863 	struct pneigh_entry *n, **np, *freelist = NULL;
864 	u32 h;
865 
866 	for (h = 0; h <= PNEIGH_HASHMASK; h++) {
867 		np = &tbl->phash_buckets[h];
868 		while ((n = *np) != NULL) {
869 			if (!dev || n->dev == dev) {
870 				*np = n->next;
871 				n->next = freelist;
872 				freelist = n;
873 				continue;
874 			}
875 			np = &n->next;
876 		}
877 	}
878 	write_unlock_bh(&tbl->lock);
879 	while ((n = freelist)) {
880 		freelist = n->next;
881 		n->next = NULL;
882 		if (tbl->pdestructor)
883 			tbl->pdestructor(n);
884 		netdev_put(n->dev, &n->dev_tracker);
885 		kfree(n);
886 	}
887 	return -ENOENT;
888 }
889 
890 static void neigh_parms_destroy(struct neigh_parms *parms);
891 
892 static inline void neigh_parms_put(struct neigh_parms *parms)
893 {
894 	if (refcount_dec_and_test(&parms->refcnt))
895 		neigh_parms_destroy(parms);
896 }
897 
898 /*
899  *	neighbour must already be out of the table;
900  *
901  */
902 void neigh_destroy(struct neighbour *neigh)
903 {
904 	struct net_device *dev = neigh->dev;
905 
906 	NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
907 
908 	if (!neigh->dead) {
909 		pr_warn("Destroying alive neighbour %p\n", neigh);
910 		dump_stack();
911 		return;
912 	}
913 
914 	if (neigh_del_timer(neigh))
915 		pr_warn("Impossible event\n");
916 
917 	write_lock_bh(&neigh->lock);
918 	__skb_queue_purge(&neigh->arp_queue);
919 	write_unlock_bh(&neigh->lock);
920 	neigh->arp_queue_len_bytes = 0;
921 
922 	if (dev->netdev_ops->ndo_neigh_destroy)
923 		dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
924 
925 	netdev_put(dev, &neigh->dev_tracker);
926 	neigh_parms_put(neigh->parms);
927 
928 	neigh_dbg(2, "neigh %p is destroyed\n", neigh);
929 
930 	atomic_dec(&neigh->tbl->entries);
931 	kfree_rcu(neigh, rcu);
932 }
933 EXPORT_SYMBOL(neigh_destroy);
934 
935 /* Neighbour state is suspicious;
936    disable fast path.
937 
938    Called with write_locked neigh.
939  */
940 static void neigh_suspect(struct neighbour *neigh)
941 {
942 	neigh_dbg(2, "neigh %p is suspected\n", neigh);
943 
944 	neigh->output = neigh->ops->output;
945 }
946 
947 /* Neighbour state is OK;
948    enable fast path.
949 
950    Called with write_locked neigh.
951  */
952 static void neigh_connect(struct neighbour *neigh)
953 {
954 	neigh_dbg(2, "neigh %p is connected\n", neigh);
955 
956 	neigh->output = neigh->ops->connected_output;
957 }
958 
959 static void neigh_periodic_work(struct work_struct *work)
960 {
961 	struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
962 	struct neighbour *n;
963 	struct neighbour __rcu **np;
964 	unsigned int i;
965 	struct neigh_hash_table *nht;
966 
967 	NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
968 
969 	write_lock_bh(&tbl->lock);
970 	nht = rcu_dereference_protected(tbl->nht,
971 					lockdep_is_held(&tbl->lock));
972 
973 	/*
974 	 *	periodically recompute ReachableTime from random function
975 	 */
976 
977 	if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
978 		struct neigh_parms *p;
979 		tbl->last_rand = jiffies;
980 		list_for_each_entry(p, &tbl->parms_list, list)
981 			p->reachable_time =
982 				neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
983 	}
984 
985 	if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
986 		goto out;
987 
988 	for (i = 0 ; i < (1 << nht->hash_shift); i++) {
989 		np = &nht->hash_buckets[i];
990 
991 		while ((n = rcu_dereference_protected(*np,
992 				lockdep_is_held(&tbl->lock))) != NULL) {
993 			unsigned int state;
994 
995 			write_lock(&n->lock);
996 
997 			state = n->nud_state;
998 			if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
999 			    (n->flags & NTF_EXT_LEARNED)) {
1000 				write_unlock(&n->lock);
1001 				goto next_elt;
1002 			}
1003 
1004 			if (time_before(n->used, n->confirmed))
1005 				n->used = n->confirmed;
1006 
1007 			if (refcount_read(&n->refcnt) == 1 &&
1008 			    (state == NUD_FAILED ||
1009 			     time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
1010 				*np = n->next;
1011 				neigh_mark_dead(n);
1012 				write_unlock(&n->lock);
1013 				neigh_cleanup_and_release(n);
1014 				continue;
1015 			}
1016 			write_unlock(&n->lock);
1017 
1018 next_elt:
1019 			np = &n->next;
1020 		}
1021 		/*
1022 		 * It's fine to release lock here, even if hash table
1023 		 * grows while we are preempted.
1024 		 */
1025 		write_unlock_bh(&tbl->lock);
1026 		cond_resched();
1027 		write_lock_bh(&tbl->lock);
1028 		nht = rcu_dereference_protected(tbl->nht,
1029 						lockdep_is_held(&tbl->lock));
1030 	}
1031 out:
1032 	/* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1033 	 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1034 	 * BASE_REACHABLE_TIME.
1035 	 */
1036 	queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1037 			      NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1038 	write_unlock_bh(&tbl->lock);
1039 }
1040 
1041 static __inline__ int neigh_max_probes(struct neighbour *n)
1042 {
1043 	struct neigh_parms *p = n->parms;
1044 	return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1045 	       (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1046 	        NEIGH_VAR(p, MCAST_PROBES));
1047 }
1048 
1049 static void neigh_invalidate(struct neighbour *neigh)
1050 	__releases(neigh->lock)
1051 	__acquires(neigh->lock)
1052 {
1053 	struct sk_buff *skb;
1054 
1055 	NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1056 	neigh_dbg(2, "neigh %p is failed\n", neigh);
1057 	neigh->updated = jiffies;
1058 
1059 	/* It is very thin place. report_unreachable is very complicated
1060 	   routine. Particularly, it can hit the same neighbour entry!
1061 
1062 	   So that, we try to be accurate and avoid dead loop. --ANK
1063 	 */
1064 	while (neigh->nud_state == NUD_FAILED &&
1065 	       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1066 		write_unlock(&neigh->lock);
1067 		neigh->ops->error_report(neigh, skb);
1068 		write_lock(&neigh->lock);
1069 	}
1070 	__skb_queue_purge(&neigh->arp_queue);
1071 	neigh->arp_queue_len_bytes = 0;
1072 }
1073 
1074 static void neigh_probe(struct neighbour *neigh)
1075 	__releases(neigh->lock)
1076 {
1077 	struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1078 	/* keep skb alive even if arp_queue overflows */
1079 	if (skb)
1080 		skb = skb_clone(skb, GFP_ATOMIC);
1081 	write_unlock(&neigh->lock);
1082 	if (neigh->ops->solicit)
1083 		neigh->ops->solicit(neigh, skb);
1084 	atomic_inc(&neigh->probes);
1085 	consume_skb(skb);
1086 }
1087 
1088 /* Called when a timer expires for a neighbour entry. */
1089 
1090 static void neigh_timer_handler(struct timer_list *t)
1091 {
1092 	unsigned long now, next;
1093 	struct neighbour *neigh = from_timer(neigh, t, timer);
1094 	unsigned int state;
1095 	int notify = 0;
1096 
1097 	write_lock(&neigh->lock);
1098 
1099 	state = neigh->nud_state;
1100 	now = jiffies;
1101 	next = now + HZ;
1102 
1103 	if (!(state & NUD_IN_TIMER))
1104 		goto out;
1105 
1106 	if (state & NUD_REACHABLE) {
1107 		if (time_before_eq(now,
1108 				   neigh->confirmed + neigh->parms->reachable_time)) {
1109 			neigh_dbg(2, "neigh %p is still alive\n", neigh);
1110 			next = neigh->confirmed + neigh->parms->reachable_time;
1111 		} else if (time_before_eq(now,
1112 					  neigh->used +
1113 					  NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1114 			neigh_dbg(2, "neigh %p is delayed\n", neigh);
1115 			neigh->nud_state = NUD_DELAY;
1116 			neigh->updated = jiffies;
1117 			neigh_suspect(neigh);
1118 			next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1119 		} else {
1120 			neigh_dbg(2, "neigh %p is suspected\n", neigh);
1121 			neigh->nud_state = NUD_STALE;
1122 			neigh->updated = jiffies;
1123 			neigh_suspect(neigh);
1124 			notify = 1;
1125 		}
1126 	} else if (state & NUD_DELAY) {
1127 		if (time_before_eq(now,
1128 				   neigh->confirmed +
1129 				   NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1130 			neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1131 			neigh->nud_state = NUD_REACHABLE;
1132 			neigh->updated = jiffies;
1133 			neigh_connect(neigh);
1134 			notify = 1;
1135 			next = neigh->confirmed + neigh->parms->reachable_time;
1136 		} else {
1137 			neigh_dbg(2, "neigh %p is probed\n", neigh);
1138 			neigh->nud_state = NUD_PROBE;
1139 			neigh->updated = jiffies;
1140 			atomic_set(&neigh->probes, 0);
1141 			notify = 1;
1142 			next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1143 					 HZ/100);
1144 		}
1145 	} else {
1146 		/* NUD_PROBE|NUD_INCOMPLETE */
1147 		next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1148 	}
1149 
1150 	if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1151 	    atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1152 		neigh->nud_state = NUD_FAILED;
1153 		notify = 1;
1154 		neigh_invalidate(neigh);
1155 		goto out;
1156 	}
1157 
1158 	if (neigh->nud_state & NUD_IN_TIMER) {
1159 		if (time_before(next, jiffies + HZ/100))
1160 			next = jiffies + HZ/100;
1161 		if (!mod_timer(&neigh->timer, next))
1162 			neigh_hold(neigh);
1163 	}
1164 	if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1165 		neigh_probe(neigh);
1166 	} else {
1167 out:
1168 		write_unlock(&neigh->lock);
1169 	}
1170 
1171 	if (notify)
1172 		neigh_update_notify(neigh, 0);
1173 
1174 	trace_neigh_timer_handler(neigh, 0);
1175 
1176 	neigh_release(neigh);
1177 }
1178 
1179 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1180 		       const bool immediate_ok)
1181 {
1182 	int rc;
1183 	bool immediate_probe = false;
1184 
1185 	write_lock_bh(&neigh->lock);
1186 
1187 	rc = 0;
1188 	if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1189 		goto out_unlock_bh;
1190 	if (neigh->dead)
1191 		goto out_dead;
1192 
1193 	if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1194 		if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1195 		    NEIGH_VAR(neigh->parms, APP_PROBES)) {
1196 			unsigned long next, now = jiffies;
1197 
1198 			atomic_set(&neigh->probes,
1199 				   NEIGH_VAR(neigh->parms, UCAST_PROBES));
1200 			neigh_del_timer(neigh);
1201 			neigh->nud_state = NUD_INCOMPLETE;
1202 			neigh->updated = now;
1203 			if (!immediate_ok) {
1204 				next = now + 1;
1205 			} else {
1206 				immediate_probe = true;
1207 				next = now + max(NEIGH_VAR(neigh->parms,
1208 							   RETRANS_TIME),
1209 						 HZ / 100);
1210 			}
1211 			neigh_add_timer(neigh, next);
1212 		} else {
1213 			neigh->nud_state = NUD_FAILED;
1214 			neigh->updated = jiffies;
1215 			write_unlock_bh(&neigh->lock);
1216 
1217 			kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
1218 			return 1;
1219 		}
1220 	} else if (neigh->nud_state & NUD_STALE) {
1221 		neigh_dbg(2, "neigh %p is delayed\n", neigh);
1222 		neigh_del_timer(neigh);
1223 		neigh->nud_state = NUD_DELAY;
1224 		neigh->updated = jiffies;
1225 		neigh_add_timer(neigh, jiffies +
1226 				NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1227 	}
1228 
1229 	if (neigh->nud_state == NUD_INCOMPLETE) {
1230 		if (skb) {
1231 			while (neigh->arp_queue_len_bytes + skb->truesize >
1232 			       NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1233 				struct sk_buff *buff;
1234 
1235 				buff = __skb_dequeue(&neigh->arp_queue);
1236 				if (!buff)
1237 					break;
1238 				neigh->arp_queue_len_bytes -= buff->truesize;
1239 				kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL);
1240 				NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1241 			}
1242 			skb_dst_force(skb);
1243 			__skb_queue_tail(&neigh->arp_queue, skb);
1244 			neigh->arp_queue_len_bytes += skb->truesize;
1245 		}
1246 		rc = 1;
1247 	}
1248 out_unlock_bh:
1249 	if (immediate_probe)
1250 		neigh_probe(neigh);
1251 	else
1252 		write_unlock(&neigh->lock);
1253 	local_bh_enable();
1254 	trace_neigh_event_send_done(neigh, rc);
1255 	return rc;
1256 
1257 out_dead:
1258 	if (neigh->nud_state & NUD_STALE)
1259 		goto out_unlock_bh;
1260 	write_unlock_bh(&neigh->lock);
1261 	kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD);
1262 	trace_neigh_event_send_dead(neigh, 1);
1263 	return 1;
1264 }
1265 EXPORT_SYMBOL(__neigh_event_send);
1266 
1267 static void neigh_update_hhs(struct neighbour *neigh)
1268 {
1269 	struct hh_cache *hh;
1270 	void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1271 		= NULL;
1272 
1273 	if (neigh->dev->header_ops)
1274 		update = neigh->dev->header_ops->cache_update;
1275 
1276 	if (update) {
1277 		hh = &neigh->hh;
1278 		if (READ_ONCE(hh->hh_len)) {
1279 			write_seqlock_bh(&hh->hh_lock);
1280 			update(hh, neigh->dev, neigh->ha);
1281 			write_sequnlock_bh(&hh->hh_lock);
1282 		}
1283 	}
1284 }
1285 
1286 /* Generic update routine.
1287    -- lladdr is new lladdr or NULL, if it is not supplied.
1288    -- new    is new state.
1289    -- flags
1290 	NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1291 				if it is different.
1292 	NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1293 				lladdr instead of overriding it
1294 				if it is different.
1295 	NEIGH_UPDATE_F_ADMIN	means that the change is administrative.
1296 	NEIGH_UPDATE_F_USE	means that the entry is user triggered.
1297 	NEIGH_UPDATE_F_MANAGED	means that the entry will be auto-refreshed.
1298 	NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1299 				NTF_ROUTER flag.
1300 	NEIGH_UPDATE_F_ISROUTER	indicates if the neighbour is known as
1301 				a router.
1302 
1303    Caller MUST hold reference count on the entry.
1304  */
1305 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1306 			  u8 new, u32 flags, u32 nlmsg_pid,
1307 			  struct netlink_ext_ack *extack)
1308 {
1309 	bool gc_update = false, managed_update = false;
1310 	int update_isrouter = 0;
1311 	struct net_device *dev;
1312 	int err, notify = 0;
1313 	u8 old;
1314 
1315 	trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1316 
1317 	write_lock_bh(&neigh->lock);
1318 
1319 	dev    = neigh->dev;
1320 	old    = neigh->nud_state;
1321 	err    = -EPERM;
1322 
1323 	if (neigh->dead) {
1324 		NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1325 		new = old;
1326 		goto out;
1327 	}
1328 	if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1329 	    (old & (NUD_NOARP | NUD_PERMANENT)))
1330 		goto out;
1331 
1332 	neigh_update_flags(neigh, flags, &notify, &gc_update, &managed_update);
1333 	if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1334 		new = old & ~NUD_PERMANENT;
1335 		neigh->nud_state = new;
1336 		err = 0;
1337 		goto out;
1338 	}
1339 
1340 	if (!(new & NUD_VALID)) {
1341 		neigh_del_timer(neigh);
1342 		if (old & NUD_CONNECTED)
1343 			neigh_suspect(neigh);
1344 		neigh->nud_state = new;
1345 		err = 0;
1346 		notify = old & NUD_VALID;
1347 		if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1348 		    (new & NUD_FAILED)) {
1349 			neigh_invalidate(neigh);
1350 			notify = 1;
1351 		}
1352 		goto out;
1353 	}
1354 
1355 	/* Compare new lladdr with cached one */
1356 	if (!dev->addr_len) {
1357 		/* First case: device needs no address. */
1358 		lladdr = neigh->ha;
1359 	} else if (lladdr) {
1360 		/* The second case: if something is already cached
1361 		   and a new address is proposed:
1362 		   - compare new & old
1363 		   - if they are different, check override flag
1364 		 */
1365 		if ((old & NUD_VALID) &&
1366 		    !memcmp(lladdr, neigh->ha, dev->addr_len))
1367 			lladdr = neigh->ha;
1368 	} else {
1369 		/* No address is supplied; if we know something,
1370 		   use it, otherwise discard the request.
1371 		 */
1372 		err = -EINVAL;
1373 		if (!(old & NUD_VALID)) {
1374 			NL_SET_ERR_MSG(extack, "No link layer address given");
1375 			goto out;
1376 		}
1377 		lladdr = neigh->ha;
1378 	}
1379 
1380 	/* Update confirmed timestamp for neighbour entry after we
1381 	 * received ARP packet even if it doesn't change IP to MAC binding.
1382 	 */
1383 	if (new & NUD_CONNECTED)
1384 		neigh->confirmed = jiffies;
1385 
1386 	/* If entry was valid and address is not changed,
1387 	   do not change entry state, if new one is STALE.
1388 	 */
1389 	err = 0;
1390 	update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1391 	if (old & NUD_VALID) {
1392 		if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1393 			update_isrouter = 0;
1394 			if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1395 			    (old & NUD_CONNECTED)) {
1396 				lladdr = neigh->ha;
1397 				new = NUD_STALE;
1398 			} else
1399 				goto out;
1400 		} else {
1401 			if (lladdr == neigh->ha && new == NUD_STALE &&
1402 			    !(flags & NEIGH_UPDATE_F_ADMIN))
1403 				new = old;
1404 		}
1405 	}
1406 
1407 	/* Update timestamp only once we know we will make a change to the
1408 	 * neighbour entry. Otherwise we risk to move the locktime window with
1409 	 * noop updates and ignore relevant ARP updates.
1410 	 */
1411 	if (new != old || lladdr != neigh->ha)
1412 		neigh->updated = jiffies;
1413 
1414 	if (new != old) {
1415 		neigh_del_timer(neigh);
1416 		if (new & NUD_PROBE)
1417 			atomic_set(&neigh->probes, 0);
1418 		if (new & NUD_IN_TIMER)
1419 			neigh_add_timer(neigh, (jiffies +
1420 						((new & NUD_REACHABLE) ?
1421 						 neigh->parms->reachable_time :
1422 						 0)));
1423 		neigh->nud_state = new;
1424 		notify = 1;
1425 	}
1426 
1427 	if (lladdr != neigh->ha) {
1428 		write_seqlock(&neigh->ha_lock);
1429 		memcpy(&neigh->ha, lladdr, dev->addr_len);
1430 		write_sequnlock(&neigh->ha_lock);
1431 		neigh_update_hhs(neigh);
1432 		if (!(new & NUD_CONNECTED))
1433 			neigh->confirmed = jiffies -
1434 				      (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1435 		notify = 1;
1436 	}
1437 	if (new == old)
1438 		goto out;
1439 	if (new & NUD_CONNECTED)
1440 		neigh_connect(neigh);
1441 	else
1442 		neigh_suspect(neigh);
1443 	if (!(old & NUD_VALID)) {
1444 		struct sk_buff *skb;
1445 
1446 		/* Again: avoid dead loop if something went wrong */
1447 
1448 		while (neigh->nud_state & NUD_VALID &&
1449 		       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1450 			struct dst_entry *dst = skb_dst(skb);
1451 			struct neighbour *n2, *n1 = neigh;
1452 			write_unlock_bh(&neigh->lock);
1453 
1454 			rcu_read_lock();
1455 
1456 			/* Why not just use 'neigh' as-is?  The problem is that
1457 			 * things such as shaper, eql, and sch_teql can end up
1458 			 * using alternative, different, neigh objects to output
1459 			 * the packet in the output path.  So what we need to do
1460 			 * here is re-lookup the top-level neigh in the path so
1461 			 * we can reinject the packet there.
1462 			 */
1463 			n2 = NULL;
1464 			if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1465 				n2 = dst_neigh_lookup_skb(dst, skb);
1466 				if (n2)
1467 					n1 = n2;
1468 			}
1469 			n1->output(n1, skb);
1470 			if (n2)
1471 				neigh_release(n2);
1472 			rcu_read_unlock();
1473 
1474 			write_lock_bh(&neigh->lock);
1475 		}
1476 		__skb_queue_purge(&neigh->arp_queue);
1477 		neigh->arp_queue_len_bytes = 0;
1478 	}
1479 out:
1480 	if (update_isrouter)
1481 		neigh_update_is_router(neigh, flags, &notify);
1482 	write_unlock_bh(&neigh->lock);
1483 	if (((new ^ old) & NUD_PERMANENT) || gc_update)
1484 		neigh_update_gc_list(neigh);
1485 	if (managed_update)
1486 		neigh_update_managed_list(neigh);
1487 	if (notify)
1488 		neigh_update_notify(neigh, nlmsg_pid);
1489 	trace_neigh_update_done(neigh, err);
1490 	return err;
1491 }
1492 
1493 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1494 		 u32 flags, u32 nlmsg_pid)
1495 {
1496 	return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1497 }
1498 EXPORT_SYMBOL(neigh_update);
1499 
1500 /* Update the neigh to listen temporarily for probe responses, even if it is
1501  * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1502  */
1503 void __neigh_set_probe_once(struct neighbour *neigh)
1504 {
1505 	if (neigh->dead)
1506 		return;
1507 	neigh->updated = jiffies;
1508 	if (!(neigh->nud_state & NUD_FAILED))
1509 		return;
1510 	neigh->nud_state = NUD_INCOMPLETE;
1511 	atomic_set(&neigh->probes, neigh_max_probes(neigh));
1512 	neigh_add_timer(neigh,
1513 			jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1514 				      HZ/100));
1515 }
1516 EXPORT_SYMBOL(__neigh_set_probe_once);
1517 
1518 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1519 				 u8 *lladdr, void *saddr,
1520 				 struct net_device *dev)
1521 {
1522 	struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1523 						 lladdr || !dev->addr_len);
1524 	if (neigh)
1525 		neigh_update(neigh, lladdr, NUD_STALE,
1526 			     NEIGH_UPDATE_F_OVERRIDE, 0);
1527 	return neigh;
1528 }
1529 EXPORT_SYMBOL(neigh_event_ns);
1530 
1531 /* called with read_lock_bh(&n->lock); */
1532 static void neigh_hh_init(struct neighbour *n)
1533 {
1534 	struct net_device *dev = n->dev;
1535 	__be16 prot = n->tbl->protocol;
1536 	struct hh_cache	*hh = &n->hh;
1537 
1538 	write_lock_bh(&n->lock);
1539 
1540 	/* Only one thread can come in here and initialize the
1541 	 * hh_cache entry.
1542 	 */
1543 	if (!hh->hh_len)
1544 		dev->header_ops->cache(n, hh, prot);
1545 
1546 	write_unlock_bh(&n->lock);
1547 }
1548 
1549 /* Slow and careful. */
1550 
1551 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1552 {
1553 	int rc = 0;
1554 
1555 	if (!neigh_event_send(neigh, skb)) {
1556 		int err;
1557 		struct net_device *dev = neigh->dev;
1558 		unsigned int seq;
1559 
1560 		if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1561 			neigh_hh_init(neigh);
1562 
1563 		do {
1564 			__skb_pull(skb, skb_network_offset(skb));
1565 			seq = read_seqbegin(&neigh->ha_lock);
1566 			err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1567 					      neigh->ha, NULL, skb->len);
1568 		} while (read_seqretry(&neigh->ha_lock, seq));
1569 
1570 		if (err >= 0)
1571 			rc = dev_queue_xmit(skb);
1572 		else
1573 			goto out_kfree_skb;
1574 	}
1575 out:
1576 	return rc;
1577 out_kfree_skb:
1578 	rc = -EINVAL;
1579 	kfree_skb(skb);
1580 	goto out;
1581 }
1582 EXPORT_SYMBOL(neigh_resolve_output);
1583 
1584 /* As fast as possible without hh cache */
1585 
1586 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1587 {
1588 	struct net_device *dev = neigh->dev;
1589 	unsigned int seq;
1590 	int err;
1591 
1592 	do {
1593 		__skb_pull(skb, skb_network_offset(skb));
1594 		seq = read_seqbegin(&neigh->ha_lock);
1595 		err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1596 				      neigh->ha, NULL, skb->len);
1597 	} while (read_seqretry(&neigh->ha_lock, seq));
1598 
1599 	if (err >= 0)
1600 		err = dev_queue_xmit(skb);
1601 	else {
1602 		err = -EINVAL;
1603 		kfree_skb(skb);
1604 	}
1605 	return err;
1606 }
1607 EXPORT_SYMBOL(neigh_connected_output);
1608 
1609 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1610 {
1611 	return dev_queue_xmit(skb);
1612 }
1613 EXPORT_SYMBOL(neigh_direct_output);
1614 
1615 static void neigh_managed_work(struct work_struct *work)
1616 {
1617 	struct neigh_table *tbl = container_of(work, struct neigh_table,
1618 					       managed_work.work);
1619 	struct neighbour *neigh;
1620 
1621 	write_lock_bh(&tbl->lock);
1622 	list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1623 		neigh_event_send_probe(neigh, NULL, false);
1624 	queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1625 			   NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1626 	write_unlock_bh(&tbl->lock);
1627 }
1628 
1629 static void neigh_proxy_process(struct timer_list *t)
1630 {
1631 	struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1632 	long sched_next = 0;
1633 	unsigned long now = jiffies;
1634 	struct sk_buff *skb, *n;
1635 
1636 	spin_lock(&tbl->proxy_queue.lock);
1637 
1638 	skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1639 		long tdif = NEIGH_CB(skb)->sched_next - now;
1640 
1641 		if (tdif <= 0) {
1642 			struct net_device *dev = skb->dev;
1643 
1644 			neigh_parms_qlen_dec(dev, tbl->family);
1645 			__skb_unlink(skb, &tbl->proxy_queue);
1646 
1647 			if (tbl->proxy_redo && netif_running(dev)) {
1648 				rcu_read_lock();
1649 				tbl->proxy_redo(skb);
1650 				rcu_read_unlock();
1651 			} else {
1652 				kfree_skb(skb);
1653 			}
1654 
1655 			dev_put(dev);
1656 		} else if (!sched_next || tdif < sched_next)
1657 			sched_next = tdif;
1658 	}
1659 	del_timer(&tbl->proxy_timer);
1660 	if (sched_next)
1661 		mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1662 	spin_unlock(&tbl->proxy_queue.lock);
1663 }
1664 
1665 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1666 		    struct sk_buff *skb)
1667 {
1668 	unsigned long sched_next = jiffies +
1669 			get_random_u32_below(NEIGH_VAR(p, PROXY_DELAY));
1670 
1671 	if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1672 		kfree_skb(skb);
1673 		return;
1674 	}
1675 
1676 	NEIGH_CB(skb)->sched_next = sched_next;
1677 	NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1678 
1679 	spin_lock(&tbl->proxy_queue.lock);
1680 	if (del_timer(&tbl->proxy_timer)) {
1681 		if (time_before(tbl->proxy_timer.expires, sched_next))
1682 			sched_next = tbl->proxy_timer.expires;
1683 	}
1684 	skb_dst_drop(skb);
1685 	dev_hold(skb->dev);
1686 	__skb_queue_tail(&tbl->proxy_queue, skb);
1687 	p->qlen++;
1688 	mod_timer(&tbl->proxy_timer, sched_next);
1689 	spin_unlock(&tbl->proxy_queue.lock);
1690 }
1691 EXPORT_SYMBOL(pneigh_enqueue);
1692 
1693 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1694 						      struct net *net, int ifindex)
1695 {
1696 	struct neigh_parms *p;
1697 
1698 	list_for_each_entry(p, &tbl->parms_list, list) {
1699 		if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1700 		    (!p->dev && !ifindex && net_eq(net, &init_net)))
1701 			return p;
1702 	}
1703 
1704 	return NULL;
1705 }
1706 
1707 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1708 				      struct neigh_table *tbl)
1709 {
1710 	struct neigh_parms *p;
1711 	struct net *net = dev_net(dev);
1712 	const struct net_device_ops *ops = dev->netdev_ops;
1713 
1714 	p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1715 	if (p) {
1716 		p->tbl		  = tbl;
1717 		refcount_set(&p->refcnt, 1);
1718 		p->reachable_time =
1719 				neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1720 		p->qlen = 0;
1721 		netdev_hold(dev, &p->dev_tracker, GFP_KERNEL);
1722 		p->dev = dev;
1723 		write_pnet(&p->net, net);
1724 		p->sysctl_table = NULL;
1725 
1726 		if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1727 			netdev_put(dev, &p->dev_tracker);
1728 			kfree(p);
1729 			return NULL;
1730 		}
1731 
1732 		write_lock_bh(&tbl->lock);
1733 		list_add(&p->list, &tbl->parms.list);
1734 		write_unlock_bh(&tbl->lock);
1735 
1736 		neigh_parms_data_state_cleanall(p);
1737 	}
1738 	return p;
1739 }
1740 EXPORT_SYMBOL(neigh_parms_alloc);
1741 
1742 static void neigh_rcu_free_parms(struct rcu_head *head)
1743 {
1744 	struct neigh_parms *parms =
1745 		container_of(head, struct neigh_parms, rcu_head);
1746 
1747 	neigh_parms_put(parms);
1748 }
1749 
1750 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1751 {
1752 	if (!parms || parms == &tbl->parms)
1753 		return;
1754 	write_lock_bh(&tbl->lock);
1755 	list_del(&parms->list);
1756 	parms->dead = 1;
1757 	write_unlock_bh(&tbl->lock);
1758 	netdev_put(parms->dev, &parms->dev_tracker);
1759 	call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1760 }
1761 EXPORT_SYMBOL(neigh_parms_release);
1762 
1763 static void neigh_parms_destroy(struct neigh_parms *parms)
1764 {
1765 	kfree(parms);
1766 }
1767 
1768 static struct lock_class_key neigh_table_proxy_queue_class;
1769 
1770 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1771 
1772 void neigh_table_init(int index, struct neigh_table *tbl)
1773 {
1774 	unsigned long now = jiffies;
1775 	unsigned long phsize;
1776 
1777 	INIT_LIST_HEAD(&tbl->parms_list);
1778 	INIT_LIST_HEAD(&tbl->gc_list);
1779 	INIT_LIST_HEAD(&tbl->managed_list);
1780 
1781 	list_add(&tbl->parms.list, &tbl->parms_list);
1782 	write_pnet(&tbl->parms.net, &init_net);
1783 	refcount_set(&tbl->parms.refcnt, 1);
1784 	tbl->parms.reachable_time =
1785 			  neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1786 	tbl->parms.qlen = 0;
1787 
1788 	tbl->stats = alloc_percpu(struct neigh_statistics);
1789 	if (!tbl->stats)
1790 		panic("cannot create neighbour cache statistics");
1791 
1792 #ifdef CONFIG_PROC_FS
1793 	if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1794 			      &neigh_stat_seq_ops, tbl))
1795 		panic("cannot create neighbour proc dir entry");
1796 #endif
1797 
1798 	RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1799 
1800 	phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1801 	tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1802 
1803 	if (!tbl->nht || !tbl->phash_buckets)
1804 		panic("cannot allocate neighbour cache hashes");
1805 
1806 	if (!tbl->entry_size)
1807 		tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1808 					tbl->key_len, NEIGH_PRIV_ALIGN);
1809 	else
1810 		WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1811 
1812 	rwlock_init(&tbl->lock);
1813 
1814 	INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1815 	queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1816 			tbl->parms.reachable_time);
1817 	INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1818 	queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1819 
1820 	timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1821 	skb_queue_head_init_class(&tbl->proxy_queue,
1822 			&neigh_table_proxy_queue_class);
1823 
1824 	tbl->last_flush = now;
1825 	tbl->last_rand	= now + tbl->parms.reachable_time * 20;
1826 
1827 	neigh_tables[index] = tbl;
1828 }
1829 EXPORT_SYMBOL(neigh_table_init);
1830 
1831 int neigh_table_clear(int index, struct neigh_table *tbl)
1832 {
1833 	neigh_tables[index] = NULL;
1834 	/* It is not clean... Fix it to unload IPv6 module safely */
1835 	cancel_delayed_work_sync(&tbl->managed_work);
1836 	cancel_delayed_work_sync(&tbl->gc_work);
1837 	del_timer_sync(&tbl->proxy_timer);
1838 	pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family);
1839 	neigh_ifdown(tbl, NULL);
1840 	if (atomic_read(&tbl->entries))
1841 		pr_crit("neighbour leakage\n");
1842 
1843 	call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1844 		 neigh_hash_free_rcu);
1845 	tbl->nht = NULL;
1846 
1847 	kfree(tbl->phash_buckets);
1848 	tbl->phash_buckets = NULL;
1849 
1850 	remove_proc_entry(tbl->id, init_net.proc_net_stat);
1851 
1852 	free_percpu(tbl->stats);
1853 	tbl->stats = NULL;
1854 
1855 	return 0;
1856 }
1857 EXPORT_SYMBOL(neigh_table_clear);
1858 
1859 static struct neigh_table *neigh_find_table(int family)
1860 {
1861 	struct neigh_table *tbl = NULL;
1862 
1863 	switch (family) {
1864 	case AF_INET:
1865 		tbl = neigh_tables[NEIGH_ARP_TABLE];
1866 		break;
1867 	case AF_INET6:
1868 		tbl = neigh_tables[NEIGH_ND_TABLE];
1869 		break;
1870 	}
1871 
1872 	return tbl;
1873 }
1874 
1875 const struct nla_policy nda_policy[NDA_MAX+1] = {
1876 	[NDA_UNSPEC]		= { .strict_start_type = NDA_NH_ID },
1877 	[NDA_DST]		= { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1878 	[NDA_LLADDR]		= { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1879 	[NDA_CACHEINFO]		= { .len = sizeof(struct nda_cacheinfo) },
1880 	[NDA_PROBES]		= { .type = NLA_U32 },
1881 	[NDA_VLAN]		= { .type = NLA_U16 },
1882 	[NDA_PORT]		= { .type = NLA_U16 },
1883 	[NDA_VNI]		= { .type = NLA_U32 },
1884 	[NDA_IFINDEX]		= { .type = NLA_U32 },
1885 	[NDA_MASTER]		= { .type = NLA_U32 },
1886 	[NDA_PROTOCOL]		= { .type = NLA_U8 },
1887 	[NDA_NH_ID]		= { .type = NLA_U32 },
1888 	[NDA_FLAGS_EXT]		= NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1889 	[NDA_FDB_EXT_ATTRS]	= { .type = NLA_NESTED },
1890 };
1891 
1892 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1893 			struct netlink_ext_ack *extack)
1894 {
1895 	struct net *net = sock_net(skb->sk);
1896 	struct ndmsg *ndm;
1897 	struct nlattr *dst_attr;
1898 	struct neigh_table *tbl;
1899 	struct neighbour *neigh;
1900 	struct net_device *dev = NULL;
1901 	int err = -EINVAL;
1902 
1903 	ASSERT_RTNL();
1904 	if (nlmsg_len(nlh) < sizeof(*ndm))
1905 		goto out;
1906 
1907 	dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1908 	if (!dst_attr) {
1909 		NL_SET_ERR_MSG(extack, "Network address not specified");
1910 		goto out;
1911 	}
1912 
1913 	ndm = nlmsg_data(nlh);
1914 	if (ndm->ndm_ifindex) {
1915 		dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1916 		if (dev == NULL) {
1917 			err = -ENODEV;
1918 			goto out;
1919 		}
1920 	}
1921 
1922 	tbl = neigh_find_table(ndm->ndm_family);
1923 	if (tbl == NULL)
1924 		return -EAFNOSUPPORT;
1925 
1926 	if (nla_len(dst_attr) < (int)tbl->key_len) {
1927 		NL_SET_ERR_MSG(extack, "Invalid network address");
1928 		goto out;
1929 	}
1930 
1931 	if (ndm->ndm_flags & NTF_PROXY) {
1932 		err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1933 		goto out;
1934 	}
1935 
1936 	if (dev == NULL)
1937 		goto out;
1938 
1939 	neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1940 	if (neigh == NULL) {
1941 		err = -ENOENT;
1942 		goto out;
1943 	}
1944 
1945 	err = __neigh_update(neigh, NULL, NUD_FAILED,
1946 			     NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1947 			     NETLINK_CB(skb).portid, extack);
1948 	write_lock_bh(&tbl->lock);
1949 	neigh_release(neigh);
1950 	neigh_remove_one(neigh, tbl);
1951 	write_unlock_bh(&tbl->lock);
1952 
1953 out:
1954 	return err;
1955 }
1956 
1957 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1958 		     struct netlink_ext_ack *extack)
1959 {
1960 	int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1961 		    NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1962 	struct net *net = sock_net(skb->sk);
1963 	struct ndmsg *ndm;
1964 	struct nlattr *tb[NDA_MAX+1];
1965 	struct neigh_table *tbl;
1966 	struct net_device *dev = NULL;
1967 	struct neighbour *neigh;
1968 	void *dst, *lladdr;
1969 	u8 protocol = 0;
1970 	u32 ndm_flags;
1971 	int err;
1972 
1973 	ASSERT_RTNL();
1974 	err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1975 				     nda_policy, extack);
1976 	if (err < 0)
1977 		goto out;
1978 
1979 	err = -EINVAL;
1980 	if (!tb[NDA_DST]) {
1981 		NL_SET_ERR_MSG(extack, "Network address not specified");
1982 		goto out;
1983 	}
1984 
1985 	ndm = nlmsg_data(nlh);
1986 	ndm_flags = ndm->ndm_flags;
1987 	if (tb[NDA_FLAGS_EXT]) {
1988 		u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
1989 
1990 		BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1991 			     (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1992 			      hweight32(NTF_EXT_MASK)));
1993 		ndm_flags |= (ext << NTF_EXT_SHIFT);
1994 	}
1995 	if (ndm->ndm_ifindex) {
1996 		dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1997 		if (dev == NULL) {
1998 			err = -ENODEV;
1999 			goto out;
2000 		}
2001 
2002 		if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
2003 			NL_SET_ERR_MSG(extack, "Invalid link address");
2004 			goto out;
2005 		}
2006 	}
2007 
2008 	tbl = neigh_find_table(ndm->ndm_family);
2009 	if (tbl == NULL)
2010 		return -EAFNOSUPPORT;
2011 
2012 	if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
2013 		NL_SET_ERR_MSG(extack, "Invalid network address");
2014 		goto out;
2015 	}
2016 
2017 	dst = nla_data(tb[NDA_DST]);
2018 	lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
2019 
2020 	if (tb[NDA_PROTOCOL])
2021 		protocol = nla_get_u8(tb[NDA_PROTOCOL]);
2022 	if (ndm_flags & NTF_PROXY) {
2023 		struct pneigh_entry *pn;
2024 
2025 		if (ndm_flags & NTF_MANAGED) {
2026 			NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2027 			goto out;
2028 		}
2029 
2030 		err = -ENOBUFS;
2031 		pn = pneigh_lookup(tbl, net, dst, dev, 1);
2032 		if (pn) {
2033 			pn->flags = ndm_flags;
2034 			if (protocol)
2035 				pn->protocol = protocol;
2036 			err = 0;
2037 		}
2038 		goto out;
2039 	}
2040 
2041 	if (!dev) {
2042 		NL_SET_ERR_MSG(extack, "Device not specified");
2043 		goto out;
2044 	}
2045 
2046 	if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2047 		err = -EINVAL;
2048 		goto out;
2049 	}
2050 
2051 	neigh = neigh_lookup(tbl, dst, dev);
2052 	if (neigh == NULL) {
2053 		bool ndm_permanent  = ndm->ndm_state & NUD_PERMANENT;
2054 		bool exempt_from_gc = ndm_permanent ||
2055 				      ndm_flags & NTF_EXT_LEARNED;
2056 
2057 		if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2058 			err = -ENOENT;
2059 			goto out;
2060 		}
2061 		if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2062 			NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2063 			err = -EINVAL;
2064 			goto out;
2065 		}
2066 
2067 		neigh = ___neigh_create(tbl, dst, dev,
2068 					ndm_flags &
2069 					(NTF_EXT_LEARNED | NTF_MANAGED),
2070 					exempt_from_gc, true);
2071 		if (IS_ERR(neigh)) {
2072 			err = PTR_ERR(neigh);
2073 			goto out;
2074 		}
2075 	} else {
2076 		if (nlh->nlmsg_flags & NLM_F_EXCL) {
2077 			err = -EEXIST;
2078 			neigh_release(neigh);
2079 			goto out;
2080 		}
2081 
2082 		if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2083 			flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2084 				   NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2085 	}
2086 
2087 	if (protocol)
2088 		neigh->protocol = protocol;
2089 	if (ndm_flags & NTF_EXT_LEARNED)
2090 		flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2091 	if (ndm_flags & NTF_ROUTER)
2092 		flags |= NEIGH_UPDATE_F_ISROUTER;
2093 	if (ndm_flags & NTF_MANAGED)
2094 		flags |= NEIGH_UPDATE_F_MANAGED;
2095 	if (ndm_flags & NTF_USE)
2096 		flags |= NEIGH_UPDATE_F_USE;
2097 
2098 	err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2099 			     NETLINK_CB(skb).portid, extack);
2100 	if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2101 		neigh_event_send(neigh, NULL);
2102 		err = 0;
2103 	}
2104 	neigh_release(neigh);
2105 out:
2106 	return err;
2107 }
2108 
2109 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2110 {
2111 	struct nlattr *nest;
2112 
2113 	nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2114 	if (nest == NULL)
2115 		return -ENOBUFS;
2116 
2117 	if ((parms->dev &&
2118 	     nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2119 	    nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2120 	    nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2121 			NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2122 	    /* approximative value for deprecated QUEUE_LEN (in packets) */
2123 	    nla_put_u32(skb, NDTPA_QUEUE_LEN,
2124 			NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2125 	    nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2126 	    nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2127 	    nla_put_u32(skb, NDTPA_UCAST_PROBES,
2128 			NEIGH_VAR(parms, UCAST_PROBES)) ||
2129 	    nla_put_u32(skb, NDTPA_MCAST_PROBES,
2130 			NEIGH_VAR(parms, MCAST_PROBES)) ||
2131 	    nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2132 			NEIGH_VAR(parms, MCAST_REPROBES)) ||
2133 	    nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2134 			  NDTPA_PAD) ||
2135 	    nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2136 			  NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2137 	    nla_put_msecs(skb, NDTPA_GC_STALETIME,
2138 			  NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2139 	    nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2140 			  NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2141 	    nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2142 			  NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2143 	    nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2144 			  NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2145 	    nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2146 			  NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2147 	    nla_put_msecs(skb, NDTPA_LOCKTIME,
2148 			  NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) ||
2149 	    nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS,
2150 			  NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD))
2151 		goto nla_put_failure;
2152 	return nla_nest_end(skb, nest);
2153 
2154 nla_put_failure:
2155 	nla_nest_cancel(skb, nest);
2156 	return -EMSGSIZE;
2157 }
2158 
2159 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2160 			      u32 pid, u32 seq, int type, int flags)
2161 {
2162 	struct nlmsghdr *nlh;
2163 	struct ndtmsg *ndtmsg;
2164 
2165 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2166 	if (nlh == NULL)
2167 		return -EMSGSIZE;
2168 
2169 	ndtmsg = nlmsg_data(nlh);
2170 
2171 	read_lock_bh(&tbl->lock);
2172 	ndtmsg->ndtm_family = tbl->family;
2173 	ndtmsg->ndtm_pad1   = 0;
2174 	ndtmsg->ndtm_pad2   = 0;
2175 
2176 	if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2177 	    nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2178 	    nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2179 	    nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2180 	    nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2181 		goto nla_put_failure;
2182 	{
2183 		unsigned long now = jiffies;
2184 		long flush_delta = now - tbl->last_flush;
2185 		long rand_delta = now - tbl->last_rand;
2186 		struct neigh_hash_table *nht;
2187 		struct ndt_config ndc = {
2188 			.ndtc_key_len		= tbl->key_len,
2189 			.ndtc_entry_size	= tbl->entry_size,
2190 			.ndtc_entries		= atomic_read(&tbl->entries),
2191 			.ndtc_last_flush	= jiffies_to_msecs(flush_delta),
2192 			.ndtc_last_rand		= jiffies_to_msecs(rand_delta),
2193 			.ndtc_proxy_qlen	= tbl->proxy_queue.qlen,
2194 		};
2195 
2196 		rcu_read_lock_bh();
2197 		nht = rcu_dereference_bh(tbl->nht);
2198 		ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2199 		ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2200 		rcu_read_unlock_bh();
2201 
2202 		if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2203 			goto nla_put_failure;
2204 	}
2205 
2206 	{
2207 		int cpu;
2208 		struct ndt_stats ndst;
2209 
2210 		memset(&ndst, 0, sizeof(ndst));
2211 
2212 		for_each_possible_cpu(cpu) {
2213 			struct neigh_statistics	*st;
2214 
2215 			st = per_cpu_ptr(tbl->stats, cpu);
2216 			ndst.ndts_allocs		+= st->allocs;
2217 			ndst.ndts_destroys		+= st->destroys;
2218 			ndst.ndts_hash_grows		+= st->hash_grows;
2219 			ndst.ndts_res_failed		+= st->res_failed;
2220 			ndst.ndts_lookups		+= st->lookups;
2221 			ndst.ndts_hits			+= st->hits;
2222 			ndst.ndts_rcv_probes_mcast	+= st->rcv_probes_mcast;
2223 			ndst.ndts_rcv_probes_ucast	+= st->rcv_probes_ucast;
2224 			ndst.ndts_periodic_gc_runs	+= st->periodic_gc_runs;
2225 			ndst.ndts_forced_gc_runs	+= st->forced_gc_runs;
2226 			ndst.ndts_table_fulls		+= st->table_fulls;
2227 		}
2228 
2229 		if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2230 				  NDTA_PAD))
2231 			goto nla_put_failure;
2232 	}
2233 
2234 	BUG_ON(tbl->parms.dev);
2235 	if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2236 		goto nla_put_failure;
2237 
2238 	read_unlock_bh(&tbl->lock);
2239 	nlmsg_end(skb, nlh);
2240 	return 0;
2241 
2242 nla_put_failure:
2243 	read_unlock_bh(&tbl->lock);
2244 	nlmsg_cancel(skb, nlh);
2245 	return -EMSGSIZE;
2246 }
2247 
2248 static int neightbl_fill_param_info(struct sk_buff *skb,
2249 				    struct neigh_table *tbl,
2250 				    struct neigh_parms *parms,
2251 				    u32 pid, u32 seq, int type,
2252 				    unsigned int flags)
2253 {
2254 	struct ndtmsg *ndtmsg;
2255 	struct nlmsghdr *nlh;
2256 
2257 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2258 	if (nlh == NULL)
2259 		return -EMSGSIZE;
2260 
2261 	ndtmsg = nlmsg_data(nlh);
2262 
2263 	read_lock_bh(&tbl->lock);
2264 	ndtmsg->ndtm_family = tbl->family;
2265 	ndtmsg->ndtm_pad1   = 0;
2266 	ndtmsg->ndtm_pad2   = 0;
2267 
2268 	if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2269 	    neightbl_fill_parms(skb, parms) < 0)
2270 		goto errout;
2271 
2272 	read_unlock_bh(&tbl->lock);
2273 	nlmsg_end(skb, nlh);
2274 	return 0;
2275 errout:
2276 	read_unlock_bh(&tbl->lock);
2277 	nlmsg_cancel(skb, nlh);
2278 	return -EMSGSIZE;
2279 }
2280 
2281 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2282 	[NDTA_NAME]		= { .type = NLA_STRING },
2283 	[NDTA_THRESH1]		= { .type = NLA_U32 },
2284 	[NDTA_THRESH2]		= { .type = NLA_U32 },
2285 	[NDTA_THRESH3]		= { .type = NLA_U32 },
2286 	[NDTA_GC_INTERVAL]	= { .type = NLA_U64 },
2287 	[NDTA_PARMS]		= { .type = NLA_NESTED },
2288 };
2289 
2290 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2291 	[NDTPA_IFINDEX]			= { .type = NLA_U32 },
2292 	[NDTPA_QUEUE_LEN]		= { .type = NLA_U32 },
2293 	[NDTPA_PROXY_QLEN]		= { .type = NLA_U32 },
2294 	[NDTPA_APP_PROBES]		= { .type = NLA_U32 },
2295 	[NDTPA_UCAST_PROBES]		= { .type = NLA_U32 },
2296 	[NDTPA_MCAST_PROBES]		= { .type = NLA_U32 },
2297 	[NDTPA_MCAST_REPROBES]		= { .type = NLA_U32 },
2298 	[NDTPA_BASE_REACHABLE_TIME]	= { .type = NLA_U64 },
2299 	[NDTPA_GC_STALETIME]		= { .type = NLA_U64 },
2300 	[NDTPA_DELAY_PROBE_TIME]	= { .type = NLA_U64 },
2301 	[NDTPA_RETRANS_TIME]		= { .type = NLA_U64 },
2302 	[NDTPA_ANYCAST_DELAY]		= { .type = NLA_U64 },
2303 	[NDTPA_PROXY_DELAY]		= { .type = NLA_U64 },
2304 	[NDTPA_LOCKTIME]		= { .type = NLA_U64 },
2305 	[NDTPA_INTERVAL_PROBE_TIME_MS]	= { .type = NLA_U64, .min = 1 },
2306 };
2307 
2308 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2309 			struct netlink_ext_ack *extack)
2310 {
2311 	struct net *net = sock_net(skb->sk);
2312 	struct neigh_table *tbl;
2313 	struct ndtmsg *ndtmsg;
2314 	struct nlattr *tb[NDTA_MAX+1];
2315 	bool found = false;
2316 	int err, tidx;
2317 
2318 	err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2319 				     nl_neightbl_policy, extack);
2320 	if (err < 0)
2321 		goto errout;
2322 
2323 	if (tb[NDTA_NAME] == NULL) {
2324 		err = -EINVAL;
2325 		goto errout;
2326 	}
2327 
2328 	ndtmsg = nlmsg_data(nlh);
2329 
2330 	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2331 		tbl = neigh_tables[tidx];
2332 		if (!tbl)
2333 			continue;
2334 		if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2335 			continue;
2336 		if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2337 			found = true;
2338 			break;
2339 		}
2340 	}
2341 
2342 	if (!found)
2343 		return -ENOENT;
2344 
2345 	/*
2346 	 * We acquire tbl->lock to be nice to the periodic timers and
2347 	 * make sure they always see a consistent set of values.
2348 	 */
2349 	write_lock_bh(&tbl->lock);
2350 
2351 	if (tb[NDTA_PARMS]) {
2352 		struct nlattr *tbp[NDTPA_MAX+1];
2353 		struct neigh_parms *p;
2354 		int i, ifindex = 0;
2355 
2356 		err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2357 						  tb[NDTA_PARMS],
2358 						  nl_ntbl_parm_policy, extack);
2359 		if (err < 0)
2360 			goto errout_tbl_lock;
2361 
2362 		if (tbp[NDTPA_IFINDEX])
2363 			ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2364 
2365 		p = lookup_neigh_parms(tbl, net, ifindex);
2366 		if (p == NULL) {
2367 			err = -ENOENT;
2368 			goto errout_tbl_lock;
2369 		}
2370 
2371 		for (i = 1; i <= NDTPA_MAX; i++) {
2372 			if (tbp[i] == NULL)
2373 				continue;
2374 
2375 			switch (i) {
2376 			case NDTPA_QUEUE_LEN:
2377 				NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2378 					      nla_get_u32(tbp[i]) *
2379 					      SKB_TRUESIZE(ETH_FRAME_LEN));
2380 				break;
2381 			case NDTPA_QUEUE_LENBYTES:
2382 				NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2383 					      nla_get_u32(tbp[i]));
2384 				break;
2385 			case NDTPA_PROXY_QLEN:
2386 				NEIGH_VAR_SET(p, PROXY_QLEN,
2387 					      nla_get_u32(tbp[i]));
2388 				break;
2389 			case NDTPA_APP_PROBES:
2390 				NEIGH_VAR_SET(p, APP_PROBES,
2391 					      nla_get_u32(tbp[i]));
2392 				break;
2393 			case NDTPA_UCAST_PROBES:
2394 				NEIGH_VAR_SET(p, UCAST_PROBES,
2395 					      nla_get_u32(tbp[i]));
2396 				break;
2397 			case NDTPA_MCAST_PROBES:
2398 				NEIGH_VAR_SET(p, MCAST_PROBES,
2399 					      nla_get_u32(tbp[i]));
2400 				break;
2401 			case NDTPA_MCAST_REPROBES:
2402 				NEIGH_VAR_SET(p, MCAST_REPROBES,
2403 					      nla_get_u32(tbp[i]));
2404 				break;
2405 			case NDTPA_BASE_REACHABLE_TIME:
2406 				NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2407 					      nla_get_msecs(tbp[i]));
2408 				/* update reachable_time as well, otherwise, the change will
2409 				 * only be effective after the next time neigh_periodic_work
2410 				 * decides to recompute it (can be multiple minutes)
2411 				 */
2412 				p->reachable_time =
2413 					neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2414 				break;
2415 			case NDTPA_GC_STALETIME:
2416 				NEIGH_VAR_SET(p, GC_STALETIME,
2417 					      nla_get_msecs(tbp[i]));
2418 				break;
2419 			case NDTPA_DELAY_PROBE_TIME:
2420 				NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2421 					      nla_get_msecs(tbp[i]));
2422 				call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2423 				break;
2424 			case NDTPA_INTERVAL_PROBE_TIME_MS:
2425 				NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2426 					      nla_get_msecs(tbp[i]));
2427 				break;
2428 			case NDTPA_RETRANS_TIME:
2429 				NEIGH_VAR_SET(p, RETRANS_TIME,
2430 					      nla_get_msecs(tbp[i]));
2431 				break;
2432 			case NDTPA_ANYCAST_DELAY:
2433 				NEIGH_VAR_SET(p, ANYCAST_DELAY,
2434 					      nla_get_msecs(tbp[i]));
2435 				break;
2436 			case NDTPA_PROXY_DELAY:
2437 				NEIGH_VAR_SET(p, PROXY_DELAY,
2438 					      nla_get_msecs(tbp[i]));
2439 				break;
2440 			case NDTPA_LOCKTIME:
2441 				NEIGH_VAR_SET(p, LOCKTIME,
2442 					      nla_get_msecs(tbp[i]));
2443 				break;
2444 			}
2445 		}
2446 	}
2447 
2448 	err = -ENOENT;
2449 	if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2450 	     tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2451 	    !net_eq(net, &init_net))
2452 		goto errout_tbl_lock;
2453 
2454 	if (tb[NDTA_THRESH1])
2455 		tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2456 
2457 	if (tb[NDTA_THRESH2])
2458 		tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2459 
2460 	if (tb[NDTA_THRESH3])
2461 		tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2462 
2463 	if (tb[NDTA_GC_INTERVAL])
2464 		tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2465 
2466 	err = 0;
2467 
2468 errout_tbl_lock:
2469 	write_unlock_bh(&tbl->lock);
2470 errout:
2471 	return err;
2472 }
2473 
2474 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2475 				    struct netlink_ext_ack *extack)
2476 {
2477 	struct ndtmsg *ndtm;
2478 
2479 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2480 		NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2481 		return -EINVAL;
2482 	}
2483 
2484 	ndtm = nlmsg_data(nlh);
2485 	if (ndtm->ndtm_pad1  || ndtm->ndtm_pad2) {
2486 		NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2487 		return -EINVAL;
2488 	}
2489 
2490 	if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2491 		NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2492 		return -EINVAL;
2493 	}
2494 
2495 	return 0;
2496 }
2497 
2498 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2499 {
2500 	const struct nlmsghdr *nlh = cb->nlh;
2501 	struct net *net = sock_net(skb->sk);
2502 	int family, tidx, nidx = 0;
2503 	int tbl_skip = cb->args[0];
2504 	int neigh_skip = cb->args[1];
2505 	struct neigh_table *tbl;
2506 
2507 	if (cb->strict_check) {
2508 		int err = neightbl_valid_dump_info(nlh, cb->extack);
2509 
2510 		if (err < 0)
2511 			return err;
2512 	}
2513 
2514 	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2515 
2516 	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2517 		struct neigh_parms *p;
2518 
2519 		tbl = neigh_tables[tidx];
2520 		if (!tbl)
2521 			continue;
2522 
2523 		if (tidx < tbl_skip || (family && tbl->family != family))
2524 			continue;
2525 
2526 		if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2527 				       nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2528 				       NLM_F_MULTI) < 0)
2529 			break;
2530 
2531 		nidx = 0;
2532 		p = list_next_entry(&tbl->parms, list);
2533 		list_for_each_entry_from(p, &tbl->parms_list, list) {
2534 			if (!net_eq(neigh_parms_net(p), net))
2535 				continue;
2536 
2537 			if (nidx < neigh_skip)
2538 				goto next;
2539 
2540 			if (neightbl_fill_param_info(skb, tbl, p,
2541 						     NETLINK_CB(cb->skb).portid,
2542 						     nlh->nlmsg_seq,
2543 						     RTM_NEWNEIGHTBL,
2544 						     NLM_F_MULTI) < 0)
2545 				goto out;
2546 		next:
2547 			nidx++;
2548 		}
2549 
2550 		neigh_skip = 0;
2551 	}
2552 out:
2553 	cb->args[0] = tidx;
2554 	cb->args[1] = nidx;
2555 
2556 	return skb->len;
2557 }
2558 
2559 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2560 			   u32 pid, u32 seq, int type, unsigned int flags)
2561 {
2562 	u32 neigh_flags, neigh_flags_ext;
2563 	unsigned long now = jiffies;
2564 	struct nda_cacheinfo ci;
2565 	struct nlmsghdr *nlh;
2566 	struct ndmsg *ndm;
2567 
2568 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2569 	if (nlh == NULL)
2570 		return -EMSGSIZE;
2571 
2572 	neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2573 	neigh_flags     = neigh->flags & NTF_OLD_MASK;
2574 
2575 	ndm = nlmsg_data(nlh);
2576 	ndm->ndm_family	 = neigh->ops->family;
2577 	ndm->ndm_pad1    = 0;
2578 	ndm->ndm_pad2    = 0;
2579 	ndm->ndm_flags	 = neigh_flags;
2580 	ndm->ndm_type	 = neigh->type;
2581 	ndm->ndm_ifindex = neigh->dev->ifindex;
2582 
2583 	if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2584 		goto nla_put_failure;
2585 
2586 	read_lock_bh(&neigh->lock);
2587 	ndm->ndm_state	 = neigh->nud_state;
2588 	if (neigh->nud_state & NUD_VALID) {
2589 		char haddr[MAX_ADDR_LEN];
2590 
2591 		neigh_ha_snapshot(haddr, neigh, neigh->dev);
2592 		if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2593 			read_unlock_bh(&neigh->lock);
2594 			goto nla_put_failure;
2595 		}
2596 	}
2597 
2598 	ci.ndm_used	 = jiffies_to_clock_t(now - neigh->used);
2599 	ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2600 	ci.ndm_updated	 = jiffies_to_clock_t(now - neigh->updated);
2601 	ci.ndm_refcnt	 = refcount_read(&neigh->refcnt) - 1;
2602 	read_unlock_bh(&neigh->lock);
2603 
2604 	if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2605 	    nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2606 		goto nla_put_failure;
2607 
2608 	if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2609 		goto nla_put_failure;
2610 	if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2611 		goto nla_put_failure;
2612 
2613 	nlmsg_end(skb, nlh);
2614 	return 0;
2615 
2616 nla_put_failure:
2617 	nlmsg_cancel(skb, nlh);
2618 	return -EMSGSIZE;
2619 }
2620 
2621 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2622 			    u32 pid, u32 seq, int type, unsigned int flags,
2623 			    struct neigh_table *tbl)
2624 {
2625 	u32 neigh_flags, neigh_flags_ext;
2626 	struct nlmsghdr *nlh;
2627 	struct ndmsg *ndm;
2628 
2629 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2630 	if (nlh == NULL)
2631 		return -EMSGSIZE;
2632 
2633 	neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2634 	neigh_flags     = pn->flags & NTF_OLD_MASK;
2635 
2636 	ndm = nlmsg_data(nlh);
2637 	ndm->ndm_family	 = tbl->family;
2638 	ndm->ndm_pad1    = 0;
2639 	ndm->ndm_pad2    = 0;
2640 	ndm->ndm_flags	 = neigh_flags | NTF_PROXY;
2641 	ndm->ndm_type	 = RTN_UNICAST;
2642 	ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2643 	ndm->ndm_state	 = NUD_NONE;
2644 
2645 	if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2646 		goto nla_put_failure;
2647 
2648 	if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2649 		goto nla_put_failure;
2650 	if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2651 		goto nla_put_failure;
2652 
2653 	nlmsg_end(skb, nlh);
2654 	return 0;
2655 
2656 nla_put_failure:
2657 	nlmsg_cancel(skb, nlh);
2658 	return -EMSGSIZE;
2659 }
2660 
2661 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2662 {
2663 	call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2664 	__neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2665 }
2666 
2667 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2668 {
2669 	struct net_device *master;
2670 
2671 	if (!master_idx)
2672 		return false;
2673 
2674 	master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2675 
2676 	/* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2677 	 * invalid value for ifindex to denote "no master".
2678 	 */
2679 	if (master_idx == -1)
2680 		return !!master;
2681 
2682 	if (!master || master->ifindex != master_idx)
2683 		return true;
2684 
2685 	return false;
2686 }
2687 
2688 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2689 {
2690 	if (filter_idx && (!dev || dev->ifindex != filter_idx))
2691 		return true;
2692 
2693 	return false;
2694 }
2695 
2696 struct neigh_dump_filter {
2697 	int master_idx;
2698 	int dev_idx;
2699 };
2700 
2701 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2702 			    struct netlink_callback *cb,
2703 			    struct neigh_dump_filter *filter)
2704 {
2705 	struct net *net = sock_net(skb->sk);
2706 	struct neighbour *n;
2707 	int rc, h, s_h = cb->args[1];
2708 	int idx, s_idx = idx = cb->args[2];
2709 	struct neigh_hash_table *nht;
2710 	unsigned int flags = NLM_F_MULTI;
2711 
2712 	if (filter->dev_idx || filter->master_idx)
2713 		flags |= NLM_F_DUMP_FILTERED;
2714 
2715 	rcu_read_lock_bh();
2716 	nht = rcu_dereference_bh(tbl->nht);
2717 
2718 	for (h = s_h; h < (1 << nht->hash_shift); h++) {
2719 		if (h > s_h)
2720 			s_idx = 0;
2721 		for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2722 		     n != NULL;
2723 		     n = rcu_dereference_bh(n->next)) {
2724 			if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2725 				goto next;
2726 			if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2727 			    neigh_master_filtered(n->dev, filter->master_idx))
2728 				goto next;
2729 			if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2730 					    cb->nlh->nlmsg_seq,
2731 					    RTM_NEWNEIGH,
2732 					    flags) < 0) {
2733 				rc = -1;
2734 				goto out;
2735 			}
2736 next:
2737 			idx++;
2738 		}
2739 	}
2740 	rc = skb->len;
2741 out:
2742 	rcu_read_unlock_bh();
2743 	cb->args[1] = h;
2744 	cb->args[2] = idx;
2745 	return rc;
2746 }
2747 
2748 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2749 			     struct netlink_callback *cb,
2750 			     struct neigh_dump_filter *filter)
2751 {
2752 	struct pneigh_entry *n;
2753 	struct net *net = sock_net(skb->sk);
2754 	int rc, h, s_h = cb->args[3];
2755 	int idx, s_idx = idx = cb->args[4];
2756 	unsigned int flags = NLM_F_MULTI;
2757 
2758 	if (filter->dev_idx || filter->master_idx)
2759 		flags |= NLM_F_DUMP_FILTERED;
2760 
2761 	read_lock_bh(&tbl->lock);
2762 
2763 	for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2764 		if (h > s_h)
2765 			s_idx = 0;
2766 		for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2767 			if (idx < s_idx || pneigh_net(n) != net)
2768 				goto next;
2769 			if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2770 			    neigh_master_filtered(n->dev, filter->master_idx))
2771 				goto next;
2772 			if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2773 					    cb->nlh->nlmsg_seq,
2774 					    RTM_NEWNEIGH, flags, tbl) < 0) {
2775 				read_unlock_bh(&tbl->lock);
2776 				rc = -1;
2777 				goto out;
2778 			}
2779 		next:
2780 			idx++;
2781 		}
2782 	}
2783 
2784 	read_unlock_bh(&tbl->lock);
2785 	rc = skb->len;
2786 out:
2787 	cb->args[3] = h;
2788 	cb->args[4] = idx;
2789 	return rc;
2790 
2791 }
2792 
2793 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2794 				bool strict_check,
2795 				struct neigh_dump_filter *filter,
2796 				struct netlink_ext_ack *extack)
2797 {
2798 	struct nlattr *tb[NDA_MAX + 1];
2799 	int err, i;
2800 
2801 	if (strict_check) {
2802 		struct ndmsg *ndm;
2803 
2804 		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2805 			NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2806 			return -EINVAL;
2807 		}
2808 
2809 		ndm = nlmsg_data(nlh);
2810 		if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_ifindex ||
2811 		    ndm->ndm_state || ndm->ndm_type) {
2812 			NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2813 			return -EINVAL;
2814 		}
2815 
2816 		if (ndm->ndm_flags & ~NTF_PROXY) {
2817 			NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2818 			return -EINVAL;
2819 		}
2820 
2821 		err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2822 						    tb, NDA_MAX, nda_policy,
2823 						    extack);
2824 	} else {
2825 		err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2826 					     NDA_MAX, nda_policy, extack);
2827 	}
2828 	if (err < 0)
2829 		return err;
2830 
2831 	for (i = 0; i <= NDA_MAX; ++i) {
2832 		if (!tb[i])
2833 			continue;
2834 
2835 		/* all new attributes should require strict_check */
2836 		switch (i) {
2837 		case NDA_IFINDEX:
2838 			filter->dev_idx = nla_get_u32(tb[i]);
2839 			break;
2840 		case NDA_MASTER:
2841 			filter->master_idx = nla_get_u32(tb[i]);
2842 			break;
2843 		default:
2844 			if (strict_check) {
2845 				NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2846 				return -EINVAL;
2847 			}
2848 		}
2849 	}
2850 
2851 	return 0;
2852 }
2853 
2854 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2855 {
2856 	const struct nlmsghdr *nlh = cb->nlh;
2857 	struct neigh_dump_filter filter = {};
2858 	struct neigh_table *tbl;
2859 	int t, family, s_t;
2860 	int proxy = 0;
2861 	int err;
2862 
2863 	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2864 
2865 	/* check for full ndmsg structure presence, family member is
2866 	 * the same for both structures
2867 	 */
2868 	if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2869 	    ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2870 		proxy = 1;
2871 
2872 	err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2873 	if (err < 0 && cb->strict_check)
2874 		return err;
2875 
2876 	s_t = cb->args[0];
2877 
2878 	for (t = 0; t < NEIGH_NR_TABLES; t++) {
2879 		tbl = neigh_tables[t];
2880 
2881 		if (!tbl)
2882 			continue;
2883 		if (t < s_t || (family && tbl->family != family))
2884 			continue;
2885 		if (t > s_t)
2886 			memset(&cb->args[1], 0, sizeof(cb->args) -
2887 						sizeof(cb->args[0]));
2888 		if (proxy)
2889 			err = pneigh_dump_table(tbl, skb, cb, &filter);
2890 		else
2891 			err = neigh_dump_table(tbl, skb, cb, &filter);
2892 		if (err < 0)
2893 			break;
2894 	}
2895 
2896 	cb->args[0] = t;
2897 	return skb->len;
2898 }
2899 
2900 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2901 			       struct neigh_table **tbl,
2902 			       void **dst, int *dev_idx, u8 *ndm_flags,
2903 			       struct netlink_ext_ack *extack)
2904 {
2905 	struct nlattr *tb[NDA_MAX + 1];
2906 	struct ndmsg *ndm;
2907 	int err, i;
2908 
2909 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2910 		NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2911 		return -EINVAL;
2912 	}
2913 
2914 	ndm = nlmsg_data(nlh);
2915 	if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_state ||
2916 	    ndm->ndm_type) {
2917 		NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2918 		return -EINVAL;
2919 	}
2920 
2921 	if (ndm->ndm_flags & ~NTF_PROXY) {
2922 		NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2923 		return -EINVAL;
2924 	}
2925 
2926 	err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2927 					    NDA_MAX, nda_policy, extack);
2928 	if (err < 0)
2929 		return err;
2930 
2931 	*ndm_flags = ndm->ndm_flags;
2932 	*dev_idx = ndm->ndm_ifindex;
2933 	*tbl = neigh_find_table(ndm->ndm_family);
2934 	if (*tbl == NULL) {
2935 		NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2936 		return -EAFNOSUPPORT;
2937 	}
2938 
2939 	for (i = 0; i <= NDA_MAX; ++i) {
2940 		if (!tb[i])
2941 			continue;
2942 
2943 		switch (i) {
2944 		case NDA_DST:
2945 			if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2946 				NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2947 				return -EINVAL;
2948 			}
2949 			*dst = nla_data(tb[i]);
2950 			break;
2951 		default:
2952 			NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2953 			return -EINVAL;
2954 		}
2955 	}
2956 
2957 	return 0;
2958 }
2959 
2960 static inline size_t neigh_nlmsg_size(void)
2961 {
2962 	return NLMSG_ALIGN(sizeof(struct ndmsg))
2963 	       + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2964 	       + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2965 	       + nla_total_size(sizeof(struct nda_cacheinfo))
2966 	       + nla_total_size(4)  /* NDA_PROBES */
2967 	       + nla_total_size(4)  /* NDA_FLAGS_EXT */
2968 	       + nla_total_size(1); /* NDA_PROTOCOL */
2969 }
2970 
2971 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2972 			   u32 pid, u32 seq)
2973 {
2974 	struct sk_buff *skb;
2975 	int err = 0;
2976 
2977 	skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2978 	if (!skb)
2979 		return -ENOBUFS;
2980 
2981 	err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2982 	if (err) {
2983 		kfree_skb(skb);
2984 		goto errout;
2985 	}
2986 
2987 	err = rtnl_unicast(skb, net, pid);
2988 errout:
2989 	return err;
2990 }
2991 
2992 static inline size_t pneigh_nlmsg_size(void)
2993 {
2994 	return NLMSG_ALIGN(sizeof(struct ndmsg))
2995 	       + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2996 	       + nla_total_size(4)  /* NDA_FLAGS_EXT */
2997 	       + nla_total_size(1); /* NDA_PROTOCOL */
2998 }
2999 
3000 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
3001 			    u32 pid, u32 seq, struct neigh_table *tbl)
3002 {
3003 	struct sk_buff *skb;
3004 	int err = 0;
3005 
3006 	skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
3007 	if (!skb)
3008 		return -ENOBUFS;
3009 
3010 	err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
3011 	if (err) {
3012 		kfree_skb(skb);
3013 		goto errout;
3014 	}
3015 
3016 	err = rtnl_unicast(skb, net, pid);
3017 errout:
3018 	return err;
3019 }
3020 
3021 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3022 		     struct netlink_ext_ack *extack)
3023 {
3024 	struct net *net = sock_net(in_skb->sk);
3025 	struct net_device *dev = NULL;
3026 	struct neigh_table *tbl = NULL;
3027 	struct neighbour *neigh;
3028 	void *dst = NULL;
3029 	u8 ndm_flags = 0;
3030 	int dev_idx = 0;
3031 	int err;
3032 
3033 	err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
3034 				  extack);
3035 	if (err < 0)
3036 		return err;
3037 
3038 	if (dev_idx) {
3039 		dev = __dev_get_by_index(net, dev_idx);
3040 		if (!dev) {
3041 			NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3042 			return -ENODEV;
3043 		}
3044 	}
3045 
3046 	if (!dst) {
3047 		NL_SET_ERR_MSG(extack, "Network address not specified");
3048 		return -EINVAL;
3049 	}
3050 
3051 	if (ndm_flags & NTF_PROXY) {
3052 		struct pneigh_entry *pn;
3053 
3054 		pn = pneigh_lookup(tbl, net, dst, dev, 0);
3055 		if (!pn) {
3056 			NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3057 			return -ENOENT;
3058 		}
3059 		return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3060 					nlh->nlmsg_seq, tbl);
3061 	}
3062 
3063 	if (!dev) {
3064 		NL_SET_ERR_MSG(extack, "No device specified");
3065 		return -EINVAL;
3066 	}
3067 
3068 	neigh = neigh_lookup(tbl, dst, dev);
3069 	if (!neigh) {
3070 		NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3071 		return -ENOENT;
3072 	}
3073 
3074 	err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3075 			      nlh->nlmsg_seq);
3076 
3077 	neigh_release(neigh);
3078 
3079 	return err;
3080 }
3081 
3082 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3083 {
3084 	int chain;
3085 	struct neigh_hash_table *nht;
3086 
3087 	rcu_read_lock_bh();
3088 	nht = rcu_dereference_bh(tbl->nht);
3089 
3090 	read_lock(&tbl->lock); /* avoid resizes */
3091 	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3092 		struct neighbour *n;
3093 
3094 		for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3095 		     n != NULL;
3096 		     n = rcu_dereference_bh(n->next))
3097 			cb(n, cookie);
3098 	}
3099 	read_unlock(&tbl->lock);
3100 	rcu_read_unlock_bh();
3101 }
3102 EXPORT_SYMBOL(neigh_for_each);
3103 
3104 /* The tbl->lock must be held as a writer and BH disabled. */
3105 void __neigh_for_each_release(struct neigh_table *tbl,
3106 			      int (*cb)(struct neighbour *))
3107 {
3108 	int chain;
3109 	struct neigh_hash_table *nht;
3110 
3111 	nht = rcu_dereference_protected(tbl->nht,
3112 					lockdep_is_held(&tbl->lock));
3113 	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3114 		struct neighbour *n;
3115 		struct neighbour __rcu **np;
3116 
3117 		np = &nht->hash_buckets[chain];
3118 		while ((n = rcu_dereference_protected(*np,
3119 					lockdep_is_held(&tbl->lock))) != NULL) {
3120 			int release;
3121 
3122 			write_lock(&n->lock);
3123 			release = cb(n);
3124 			if (release) {
3125 				rcu_assign_pointer(*np,
3126 					rcu_dereference_protected(n->next,
3127 						lockdep_is_held(&tbl->lock)));
3128 				neigh_mark_dead(n);
3129 			} else
3130 				np = &n->next;
3131 			write_unlock(&n->lock);
3132 			if (release)
3133 				neigh_cleanup_and_release(n);
3134 		}
3135 	}
3136 }
3137 EXPORT_SYMBOL(__neigh_for_each_release);
3138 
3139 int neigh_xmit(int index, struct net_device *dev,
3140 	       const void *addr, struct sk_buff *skb)
3141 {
3142 	int err = -EAFNOSUPPORT;
3143 	if (likely(index < NEIGH_NR_TABLES)) {
3144 		struct neigh_table *tbl;
3145 		struct neighbour *neigh;
3146 
3147 		tbl = neigh_tables[index];
3148 		if (!tbl)
3149 			goto out;
3150 		rcu_read_lock_bh();
3151 		if (index == NEIGH_ARP_TABLE) {
3152 			u32 key = *((u32 *)addr);
3153 
3154 			neigh = __ipv4_neigh_lookup_noref(dev, key);
3155 		} else {
3156 			neigh = __neigh_lookup_noref(tbl, addr, dev);
3157 		}
3158 		if (!neigh)
3159 			neigh = __neigh_create(tbl, addr, dev, false);
3160 		err = PTR_ERR(neigh);
3161 		if (IS_ERR(neigh)) {
3162 			rcu_read_unlock_bh();
3163 			goto out_kfree_skb;
3164 		}
3165 		err = neigh->output(neigh, skb);
3166 		rcu_read_unlock_bh();
3167 	}
3168 	else if (index == NEIGH_LINK_TABLE) {
3169 		err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3170 				      addr, NULL, skb->len);
3171 		if (err < 0)
3172 			goto out_kfree_skb;
3173 		err = dev_queue_xmit(skb);
3174 	}
3175 out:
3176 	return err;
3177 out_kfree_skb:
3178 	kfree_skb(skb);
3179 	goto out;
3180 }
3181 EXPORT_SYMBOL(neigh_xmit);
3182 
3183 #ifdef CONFIG_PROC_FS
3184 
3185 static struct neighbour *neigh_get_first(struct seq_file *seq)
3186 {
3187 	struct neigh_seq_state *state = seq->private;
3188 	struct net *net = seq_file_net(seq);
3189 	struct neigh_hash_table *nht = state->nht;
3190 	struct neighbour *n = NULL;
3191 	int bucket;
3192 
3193 	state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3194 	for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3195 		n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3196 
3197 		while (n) {
3198 			if (!net_eq(dev_net(n->dev), net))
3199 				goto next;
3200 			if (state->neigh_sub_iter) {
3201 				loff_t fakep = 0;
3202 				void *v;
3203 
3204 				v = state->neigh_sub_iter(state, n, &fakep);
3205 				if (!v)
3206 					goto next;
3207 			}
3208 			if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3209 				break;
3210 			if (n->nud_state & ~NUD_NOARP)
3211 				break;
3212 next:
3213 			n = rcu_dereference_bh(n->next);
3214 		}
3215 
3216 		if (n)
3217 			break;
3218 	}
3219 	state->bucket = bucket;
3220 
3221 	return n;
3222 }
3223 
3224 static struct neighbour *neigh_get_next(struct seq_file *seq,
3225 					struct neighbour *n,
3226 					loff_t *pos)
3227 {
3228 	struct neigh_seq_state *state = seq->private;
3229 	struct net *net = seq_file_net(seq);
3230 	struct neigh_hash_table *nht = state->nht;
3231 
3232 	if (state->neigh_sub_iter) {
3233 		void *v = state->neigh_sub_iter(state, n, pos);
3234 		if (v)
3235 			return n;
3236 	}
3237 	n = rcu_dereference_bh(n->next);
3238 
3239 	while (1) {
3240 		while (n) {
3241 			if (!net_eq(dev_net(n->dev), net))
3242 				goto next;
3243 			if (state->neigh_sub_iter) {
3244 				void *v = state->neigh_sub_iter(state, n, pos);
3245 				if (v)
3246 					return n;
3247 				goto next;
3248 			}
3249 			if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3250 				break;
3251 
3252 			if (n->nud_state & ~NUD_NOARP)
3253 				break;
3254 next:
3255 			n = rcu_dereference_bh(n->next);
3256 		}
3257 
3258 		if (n)
3259 			break;
3260 
3261 		if (++state->bucket >= (1 << nht->hash_shift))
3262 			break;
3263 
3264 		n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3265 	}
3266 
3267 	if (n && pos)
3268 		--(*pos);
3269 	return n;
3270 }
3271 
3272 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3273 {
3274 	struct neighbour *n = neigh_get_first(seq);
3275 
3276 	if (n) {
3277 		--(*pos);
3278 		while (*pos) {
3279 			n = neigh_get_next(seq, n, pos);
3280 			if (!n)
3281 				break;
3282 		}
3283 	}
3284 	return *pos ? NULL : n;
3285 }
3286 
3287 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3288 {
3289 	struct neigh_seq_state *state = seq->private;
3290 	struct net *net = seq_file_net(seq);
3291 	struct neigh_table *tbl = state->tbl;
3292 	struct pneigh_entry *pn = NULL;
3293 	int bucket;
3294 
3295 	state->flags |= NEIGH_SEQ_IS_PNEIGH;
3296 	for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3297 		pn = tbl->phash_buckets[bucket];
3298 		while (pn && !net_eq(pneigh_net(pn), net))
3299 			pn = pn->next;
3300 		if (pn)
3301 			break;
3302 	}
3303 	state->bucket = bucket;
3304 
3305 	return pn;
3306 }
3307 
3308 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3309 					    struct pneigh_entry *pn,
3310 					    loff_t *pos)
3311 {
3312 	struct neigh_seq_state *state = seq->private;
3313 	struct net *net = seq_file_net(seq);
3314 	struct neigh_table *tbl = state->tbl;
3315 
3316 	do {
3317 		pn = pn->next;
3318 	} while (pn && !net_eq(pneigh_net(pn), net));
3319 
3320 	while (!pn) {
3321 		if (++state->bucket > PNEIGH_HASHMASK)
3322 			break;
3323 		pn = tbl->phash_buckets[state->bucket];
3324 		while (pn && !net_eq(pneigh_net(pn), net))
3325 			pn = pn->next;
3326 		if (pn)
3327 			break;
3328 	}
3329 
3330 	if (pn && pos)
3331 		--(*pos);
3332 
3333 	return pn;
3334 }
3335 
3336 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3337 {
3338 	struct pneigh_entry *pn = pneigh_get_first(seq);
3339 
3340 	if (pn) {
3341 		--(*pos);
3342 		while (*pos) {
3343 			pn = pneigh_get_next(seq, pn, pos);
3344 			if (!pn)
3345 				break;
3346 		}
3347 	}
3348 	return *pos ? NULL : pn;
3349 }
3350 
3351 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3352 {
3353 	struct neigh_seq_state *state = seq->private;
3354 	void *rc;
3355 	loff_t idxpos = *pos;
3356 
3357 	rc = neigh_get_idx(seq, &idxpos);
3358 	if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3359 		rc = pneigh_get_idx(seq, &idxpos);
3360 
3361 	return rc;
3362 }
3363 
3364 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3365 	__acquires(tbl->lock)
3366 	__acquires(rcu_bh)
3367 {
3368 	struct neigh_seq_state *state = seq->private;
3369 
3370 	state->tbl = tbl;
3371 	state->bucket = 0;
3372 	state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3373 
3374 	rcu_read_lock_bh();
3375 	state->nht = rcu_dereference_bh(tbl->nht);
3376 	read_lock(&tbl->lock);
3377 
3378 	return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3379 }
3380 EXPORT_SYMBOL(neigh_seq_start);
3381 
3382 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3383 {
3384 	struct neigh_seq_state *state;
3385 	void *rc;
3386 
3387 	if (v == SEQ_START_TOKEN) {
3388 		rc = neigh_get_first(seq);
3389 		goto out;
3390 	}
3391 
3392 	state = seq->private;
3393 	if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3394 		rc = neigh_get_next(seq, v, NULL);
3395 		if (rc)
3396 			goto out;
3397 		if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3398 			rc = pneigh_get_first(seq);
3399 	} else {
3400 		BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3401 		rc = pneigh_get_next(seq, v, NULL);
3402 	}
3403 out:
3404 	++(*pos);
3405 	return rc;
3406 }
3407 EXPORT_SYMBOL(neigh_seq_next);
3408 
3409 void neigh_seq_stop(struct seq_file *seq, void *v)
3410 	__releases(tbl->lock)
3411 	__releases(rcu_bh)
3412 {
3413 	struct neigh_seq_state *state = seq->private;
3414 	struct neigh_table *tbl = state->tbl;
3415 
3416 	read_unlock(&tbl->lock);
3417 	rcu_read_unlock_bh();
3418 }
3419 EXPORT_SYMBOL(neigh_seq_stop);
3420 
3421 /* statistics via seq_file */
3422 
3423 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3424 {
3425 	struct neigh_table *tbl = pde_data(file_inode(seq->file));
3426 	int cpu;
3427 
3428 	if (*pos == 0)
3429 		return SEQ_START_TOKEN;
3430 
3431 	for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3432 		if (!cpu_possible(cpu))
3433 			continue;
3434 		*pos = cpu+1;
3435 		return per_cpu_ptr(tbl->stats, cpu);
3436 	}
3437 	return NULL;
3438 }
3439 
3440 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3441 {
3442 	struct neigh_table *tbl = pde_data(file_inode(seq->file));
3443 	int cpu;
3444 
3445 	for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3446 		if (!cpu_possible(cpu))
3447 			continue;
3448 		*pos = cpu+1;
3449 		return per_cpu_ptr(tbl->stats, cpu);
3450 	}
3451 	(*pos)++;
3452 	return NULL;
3453 }
3454 
3455 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3456 {
3457 
3458 }
3459 
3460 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3461 {
3462 	struct neigh_table *tbl = pde_data(file_inode(seq->file));
3463 	struct neigh_statistics *st = v;
3464 
3465 	if (v == SEQ_START_TOKEN) {
3466 		seq_puts(seq, "entries  allocs   destroys hash_grows lookups  hits     res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3467 		return 0;
3468 	}
3469 
3470 	seq_printf(seq, "%08x %08lx %08lx %08lx   %08lx %08lx %08lx   "
3471 			"%08lx         %08lx         %08lx         "
3472 			"%08lx       %08lx            %08lx\n",
3473 		   atomic_read(&tbl->entries),
3474 
3475 		   st->allocs,
3476 		   st->destroys,
3477 		   st->hash_grows,
3478 
3479 		   st->lookups,
3480 		   st->hits,
3481 
3482 		   st->res_failed,
3483 
3484 		   st->rcv_probes_mcast,
3485 		   st->rcv_probes_ucast,
3486 
3487 		   st->periodic_gc_runs,
3488 		   st->forced_gc_runs,
3489 		   st->unres_discards,
3490 		   st->table_fulls
3491 		   );
3492 
3493 	return 0;
3494 }
3495 
3496 static const struct seq_operations neigh_stat_seq_ops = {
3497 	.start	= neigh_stat_seq_start,
3498 	.next	= neigh_stat_seq_next,
3499 	.stop	= neigh_stat_seq_stop,
3500 	.show	= neigh_stat_seq_show,
3501 };
3502 #endif /* CONFIG_PROC_FS */
3503 
3504 static void __neigh_notify(struct neighbour *n, int type, int flags,
3505 			   u32 pid)
3506 {
3507 	struct net *net = dev_net(n->dev);
3508 	struct sk_buff *skb;
3509 	int err = -ENOBUFS;
3510 
3511 	skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3512 	if (skb == NULL)
3513 		goto errout;
3514 
3515 	err = neigh_fill_info(skb, n, pid, 0, type, flags);
3516 	if (err < 0) {
3517 		/* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3518 		WARN_ON(err == -EMSGSIZE);
3519 		kfree_skb(skb);
3520 		goto errout;
3521 	}
3522 	rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3523 	return;
3524 errout:
3525 	if (err < 0)
3526 		rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3527 }
3528 
3529 void neigh_app_ns(struct neighbour *n)
3530 {
3531 	__neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3532 }
3533 EXPORT_SYMBOL(neigh_app_ns);
3534 
3535 #ifdef CONFIG_SYSCTL
3536 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3537 
3538 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3539 			   void *buffer, size_t *lenp, loff_t *ppos)
3540 {
3541 	int size, ret;
3542 	struct ctl_table tmp = *ctl;
3543 
3544 	tmp.extra1 = SYSCTL_ZERO;
3545 	tmp.extra2 = &unres_qlen_max;
3546 	tmp.data = &size;
3547 
3548 	size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3549 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3550 
3551 	if (write && !ret)
3552 		*(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3553 	return ret;
3554 }
3555 
3556 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3557 				  int index)
3558 {
3559 	struct net_device *dev;
3560 	int family = neigh_parms_family(p);
3561 
3562 	rcu_read_lock();
3563 	for_each_netdev_rcu(net, dev) {
3564 		struct neigh_parms *dst_p =
3565 				neigh_get_dev_parms_rcu(dev, family);
3566 
3567 		if (dst_p && !test_bit(index, dst_p->data_state))
3568 			dst_p->data[index] = p->data[index];
3569 	}
3570 	rcu_read_unlock();
3571 }
3572 
3573 static void neigh_proc_update(struct ctl_table *ctl, int write)
3574 {
3575 	struct net_device *dev = ctl->extra1;
3576 	struct neigh_parms *p = ctl->extra2;
3577 	struct net *net = neigh_parms_net(p);
3578 	int index = (int *) ctl->data - p->data;
3579 
3580 	if (!write)
3581 		return;
3582 
3583 	set_bit(index, p->data_state);
3584 	if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3585 		call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3586 	if (!dev) /* NULL dev means this is default value */
3587 		neigh_copy_dflt_parms(net, p, index);
3588 }
3589 
3590 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3591 					   void *buffer, size_t *lenp,
3592 					   loff_t *ppos)
3593 {
3594 	struct ctl_table tmp = *ctl;
3595 	int ret;
3596 
3597 	tmp.extra1 = SYSCTL_ZERO;
3598 	tmp.extra2 = SYSCTL_INT_MAX;
3599 
3600 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3601 	neigh_proc_update(ctl, write);
3602 	return ret;
3603 }
3604 
3605 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write,
3606 						   void *buffer, size_t *lenp, loff_t *ppos)
3607 {
3608 	struct ctl_table tmp = *ctl;
3609 	int ret;
3610 
3611 	int min = msecs_to_jiffies(1);
3612 
3613 	tmp.extra1 = &min;
3614 	tmp.extra2 = NULL;
3615 
3616 	ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos);
3617 	neigh_proc_update(ctl, write);
3618 	return ret;
3619 }
3620 
3621 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3622 			size_t *lenp, loff_t *ppos)
3623 {
3624 	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3625 
3626 	neigh_proc_update(ctl, write);
3627 	return ret;
3628 }
3629 EXPORT_SYMBOL(neigh_proc_dointvec);
3630 
3631 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3632 				size_t *lenp, loff_t *ppos)
3633 {
3634 	int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3635 
3636 	neigh_proc_update(ctl, write);
3637 	return ret;
3638 }
3639 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3640 
3641 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3642 					      void *buffer, size_t *lenp,
3643 					      loff_t *ppos)
3644 {
3645 	int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3646 
3647 	neigh_proc_update(ctl, write);
3648 	return ret;
3649 }
3650 
3651 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3652 				   void *buffer, size_t *lenp, loff_t *ppos)
3653 {
3654 	int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3655 
3656 	neigh_proc_update(ctl, write);
3657 	return ret;
3658 }
3659 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3660 
3661 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3662 					  void *buffer, size_t *lenp,
3663 					  loff_t *ppos)
3664 {
3665 	int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3666 
3667 	neigh_proc_update(ctl, write);
3668 	return ret;
3669 }
3670 
3671 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3672 					  void *buffer, size_t *lenp,
3673 					  loff_t *ppos)
3674 {
3675 	struct neigh_parms *p = ctl->extra2;
3676 	int ret;
3677 
3678 	if (strcmp(ctl->procname, "base_reachable_time") == 0)
3679 		ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3680 	else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3681 		ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3682 	else
3683 		ret = -1;
3684 
3685 	if (write && ret == 0) {
3686 		/* update reachable_time as well, otherwise, the change will
3687 		 * only be effective after the next time neigh_periodic_work
3688 		 * decides to recompute it
3689 		 */
3690 		p->reachable_time =
3691 			neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3692 	}
3693 	return ret;
3694 }
3695 
3696 #define NEIGH_PARMS_DATA_OFFSET(index)	\
3697 	(&((struct neigh_parms *) 0)->data[index])
3698 
3699 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3700 	[NEIGH_VAR_ ## attr] = { \
3701 		.procname	= name, \
3702 		.data		= NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3703 		.maxlen		= sizeof(int), \
3704 		.mode		= mval, \
3705 		.proc_handler	= proc, \
3706 	}
3707 
3708 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3709 	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3710 
3711 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3712 	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3713 
3714 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3715 	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3716 
3717 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3718 	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3719 
3720 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3721 	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3722 
3723 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3724 	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3725 
3726 static struct neigh_sysctl_table {
3727 	struct ctl_table_header *sysctl_header;
3728 	struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3729 } neigh_sysctl_template __read_mostly = {
3730 	.neigh_vars = {
3731 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3732 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3733 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3734 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3735 		NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3736 		NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3737 		NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3738 		NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3739 						       "interval_probe_time_ms"),
3740 		NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3741 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3742 		NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3743 		NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3744 		NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3745 		NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3746 		NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3747 		NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3748 		NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3749 		[NEIGH_VAR_GC_INTERVAL] = {
3750 			.procname	= "gc_interval",
3751 			.maxlen		= sizeof(int),
3752 			.mode		= 0644,
3753 			.proc_handler	= proc_dointvec_jiffies,
3754 		},
3755 		[NEIGH_VAR_GC_THRESH1] = {
3756 			.procname	= "gc_thresh1",
3757 			.maxlen		= sizeof(int),
3758 			.mode		= 0644,
3759 			.extra1		= SYSCTL_ZERO,
3760 			.extra2		= SYSCTL_INT_MAX,
3761 			.proc_handler	= proc_dointvec_minmax,
3762 		},
3763 		[NEIGH_VAR_GC_THRESH2] = {
3764 			.procname	= "gc_thresh2",
3765 			.maxlen		= sizeof(int),
3766 			.mode		= 0644,
3767 			.extra1		= SYSCTL_ZERO,
3768 			.extra2		= SYSCTL_INT_MAX,
3769 			.proc_handler	= proc_dointvec_minmax,
3770 		},
3771 		[NEIGH_VAR_GC_THRESH3] = {
3772 			.procname	= "gc_thresh3",
3773 			.maxlen		= sizeof(int),
3774 			.mode		= 0644,
3775 			.extra1		= SYSCTL_ZERO,
3776 			.extra2		= SYSCTL_INT_MAX,
3777 			.proc_handler	= proc_dointvec_minmax,
3778 		},
3779 		{},
3780 	},
3781 };
3782 
3783 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3784 			  proc_handler *handler)
3785 {
3786 	int i;
3787 	struct neigh_sysctl_table *t;
3788 	const char *dev_name_source;
3789 	char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3790 	char *p_name;
3791 
3792 	t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3793 	if (!t)
3794 		goto err;
3795 
3796 	for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3797 		t->neigh_vars[i].data += (long) p;
3798 		t->neigh_vars[i].extra1 = dev;
3799 		t->neigh_vars[i].extra2 = p;
3800 	}
3801 
3802 	if (dev) {
3803 		dev_name_source = dev->name;
3804 		/* Terminate the table early */
3805 		memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3806 		       sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3807 	} else {
3808 		struct neigh_table *tbl = p->tbl;
3809 		dev_name_source = "default";
3810 		t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3811 		t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3812 		t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3813 		t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3814 	}
3815 
3816 	if (handler) {
3817 		/* RetransTime */
3818 		t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3819 		/* ReachableTime */
3820 		t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3821 		/* RetransTime (in milliseconds)*/
3822 		t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3823 		/* ReachableTime (in milliseconds) */
3824 		t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3825 	} else {
3826 		/* Those handlers will update p->reachable_time after
3827 		 * base_reachable_time(_ms) is set to ensure the new timer starts being
3828 		 * applied after the next neighbour update instead of waiting for
3829 		 * neigh_periodic_work to update its value (can be multiple minutes)
3830 		 * So any handler that replaces them should do this as well
3831 		 */
3832 		/* ReachableTime */
3833 		t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3834 			neigh_proc_base_reachable_time;
3835 		/* ReachableTime (in milliseconds) */
3836 		t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3837 			neigh_proc_base_reachable_time;
3838 	}
3839 
3840 	switch (neigh_parms_family(p)) {
3841 	case AF_INET:
3842 	      p_name = "ipv4";
3843 	      break;
3844 	case AF_INET6:
3845 	      p_name = "ipv6";
3846 	      break;
3847 	default:
3848 	      BUG();
3849 	}
3850 
3851 	snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3852 		p_name, dev_name_source);
3853 	t->sysctl_header =
3854 		register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3855 	if (!t->sysctl_header)
3856 		goto free;
3857 
3858 	p->sysctl_table = t;
3859 	return 0;
3860 
3861 free:
3862 	kfree(t);
3863 err:
3864 	return -ENOBUFS;
3865 }
3866 EXPORT_SYMBOL(neigh_sysctl_register);
3867 
3868 void neigh_sysctl_unregister(struct neigh_parms *p)
3869 {
3870 	if (p->sysctl_table) {
3871 		struct neigh_sysctl_table *t = p->sysctl_table;
3872 		p->sysctl_table = NULL;
3873 		unregister_net_sysctl_table(t->sysctl_header);
3874 		kfree(t);
3875 	}
3876 }
3877 EXPORT_SYMBOL(neigh_sysctl_unregister);
3878 
3879 #endif	/* CONFIG_SYSCTL */
3880 
3881 static int __init neigh_init(void)
3882 {
3883 	rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3884 	rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3885 	rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3886 
3887 	rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3888 		      0);
3889 	rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3890 
3891 	return 0;
3892 }
3893 
3894 subsys_initcall(neigh_init);
3895