1 /* 2 * Generic address resolution entity 3 * 4 * Authors: 5 * Pedro Roque <roque@di.fc.ul.pt> 6 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 * 13 * Fixes: 14 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 15 * Harald Welte Add neighbour cache statistics like rtstat 16 */ 17 18 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 19 20 #include <linux/slab.h> 21 #include <linux/types.h> 22 #include <linux/kernel.h> 23 #include <linux/module.h> 24 #include <linux/socket.h> 25 #include <linux/netdevice.h> 26 #include <linux/proc_fs.h> 27 #ifdef CONFIG_SYSCTL 28 #include <linux/sysctl.h> 29 #endif 30 #include <linux/times.h> 31 #include <net/net_namespace.h> 32 #include <net/neighbour.h> 33 #include <net/dst.h> 34 #include <net/sock.h> 35 #include <net/netevent.h> 36 #include <net/netlink.h> 37 #include <linux/rtnetlink.h> 38 #include <linux/random.h> 39 #include <linux/string.h> 40 #include <linux/log2.h> 41 #include <linux/inetdevice.h> 42 #include <net/addrconf.h> 43 44 #define DEBUG 45 #define NEIGH_DEBUG 1 46 #define neigh_dbg(level, fmt, ...) \ 47 do { \ 48 if (level <= NEIGH_DEBUG) \ 49 pr_debug(fmt, ##__VA_ARGS__); \ 50 } while (0) 51 52 #define PNEIGH_HASHMASK 0xF 53 54 static void neigh_timer_handler(unsigned long arg); 55 static void __neigh_notify(struct neighbour *n, int type, int flags); 56 static void neigh_update_notify(struct neighbour *neigh); 57 static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev); 58 59 #ifdef CONFIG_PROC_FS 60 static const struct file_operations neigh_stat_seq_fops; 61 #endif 62 63 /* 64 Neighbour hash table buckets are protected with rwlock tbl->lock. 65 66 - All the scans/updates to hash buckets MUST be made under this lock. 67 - NOTHING clever should be made under this lock: no callbacks 68 to protocol backends, no attempts to send something to network. 69 It will result in deadlocks, if backend/driver wants to use neighbour 70 cache. 71 - If the entry requires some non-trivial actions, increase 72 its reference count and release table lock. 73 74 Neighbour entries are protected: 75 - with reference count. 76 - with rwlock neigh->lock 77 78 Reference count prevents destruction. 79 80 neigh->lock mainly serializes ll address data and its validity state. 81 However, the same lock is used to protect another entry fields: 82 - timer 83 - resolution queue 84 85 Again, nothing clever shall be made under neigh->lock, 86 the most complicated procedure, which we allow is dev->hard_header. 87 It is supposed, that dev->hard_header is simplistic and does 88 not make callbacks to neighbour tables. 89 */ 90 91 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 92 { 93 kfree_skb(skb); 94 return -ENETDOWN; 95 } 96 97 static void neigh_cleanup_and_release(struct neighbour *neigh) 98 { 99 if (neigh->parms->neigh_cleanup) 100 neigh->parms->neigh_cleanup(neigh); 101 102 __neigh_notify(neigh, RTM_DELNEIGH, 0); 103 neigh_release(neigh); 104 } 105 106 /* 107 * It is random distribution in the interval (1/2)*base...(3/2)*base. 108 * It corresponds to default IPv6 settings and is not overridable, 109 * because it is really reasonable choice. 110 */ 111 112 unsigned long neigh_rand_reach_time(unsigned long base) 113 { 114 return base ? (prandom_u32() % base) + (base >> 1) : 0; 115 } 116 EXPORT_SYMBOL(neigh_rand_reach_time); 117 118 119 static int neigh_forced_gc(struct neigh_table *tbl) 120 { 121 int shrunk = 0; 122 int i; 123 struct neigh_hash_table *nht; 124 125 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 126 127 write_lock_bh(&tbl->lock); 128 nht = rcu_dereference_protected(tbl->nht, 129 lockdep_is_held(&tbl->lock)); 130 for (i = 0; i < (1 << nht->hash_shift); i++) { 131 struct neighbour *n; 132 struct neighbour __rcu **np; 133 134 np = &nht->hash_buckets[i]; 135 while ((n = rcu_dereference_protected(*np, 136 lockdep_is_held(&tbl->lock))) != NULL) { 137 /* Neighbour record may be discarded if: 138 * - nobody refers to it. 139 * - it is not permanent 140 */ 141 write_lock(&n->lock); 142 if (atomic_read(&n->refcnt) == 1 && 143 !(n->nud_state & NUD_PERMANENT)) { 144 rcu_assign_pointer(*np, 145 rcu_dereference_protected(n->next, 146 lockdep_is_held(&tbl->lock))); 147 n->dead = 1; 148 shrunk = 1; 149 write_unlock(&n->lock); 150 neigh_cleanup_and_release(n); 151 continue; 152 } 153 write_unlock(&n->lock); 154 np = &n->next; 155 } 156 } 157 158 tbl->last_flush = jiffies; 159 160 write_unlock_bh(&tbl->lock); 161 162 return shrunk; 163 } 164 165 static void neigh_add_timer(struct neighbour *n, unsigned long when) 166 { 167 neigh_hold(n); 168 if (unlikely(mod_timer(&n->timer, when))) { 169 printk("NEIGH: BUG, double timer add, state is %x\n", 170 n->nud_state); 171 dump_stack(); 172 } 173 } 174 175 static int neigh_del_timer(struct neighbour *n) 176 { 177 if ((n->nud_state & NUD_IN_TIMER) && 178 del_timer(&n->timer)) { 179 neigh_release(n); 180 return 1; 181 } 182 return 0; 183 } 184 185 static void pneigh_queue_purge(struct sk_buff_head *list) 186 { 187 struct sk_buff *skb; 188 189 while ((skb = skb_dequeue(list)) != NULL) { 190 dev_put(skb->dev); 191 kfree_skb(skb); 192 } 193 } 194 195 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev) 196 { 197 int i; 198 struct neigh_hash_table *nht; 199 200 nht = rcu_dereference_protected(tbl->nht, 201 lockdep_is_held(&tbl->lock)); 202 203 for (i = 0; i < (1 << nht->hash_shift); i++) { 204 struct neighbour *n; 205 struct neighbour __rcu **np = &nht->hash_buckets[i]; 206 207 while ((n = rcu_dereference_protected(*np, 208 lockdep_is_held(&tbl->lock))) != NULL) { 209 if (dev && n->dev != dev) { 210 np = &n->next; 211 continue; 212 } 213 rcu_assign_pointer(*np, 214 rcu_dereference_protected(n->next, 215 lockdep_is_held(&tbl->lock))); 216 write_lock(&n->lock); 217 neigh_del_timer(n); 218 n->dead = 1; 219 220 if (atomic_read(&n->refcnt) != 1) { 221 /* The most unpleasant situation. 222 We must destroy neighbour entry, 223 but someone still uses it. 224 225 The destroy will be delayed until 226 the last user releases us, but 227 we must kill timers etc. and move 228 it to safe state. 229 */ 230 __skb_queue_purge(&n->arp_queue); 231 n->arp_queue_len_bytes = 0; 232 n->output = neigh_blackhole; 233 if (n->nud_state & NUD_VALID) 234 n->nud_state = NUD_NOARP; 235 else 236 n->nud_state = NUD_NONE; 237 neigh_dbg(2, "neigh %p is stray\n", n); 238 } 239 write_unlock(&n->lock); 240 neigh_cleanup_and_release(n); 241 } 242 } 243 } 244 245 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 246 { 247 write_lock_bh(&tbl->lock); 248 neigh_flush_dev(tbl, dev); 249 write_unlock_bh(&tbl->lock); 250 } 251 EXPORT_SYMBOL(neigh_changeaddr); 252 253 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 254 { 255 write_lock_bh(&tbl->lock); 256 neigh_flush_dev(tbl, dev); 257 pneigh_ifdown(tbl, dev); 258 write_unlock_bh(&tbl->lock); 259 260 del_timer_sync(&tbl->proxy_timer); 261 pneigh_queue_purge(&tbl->proxy_queue); 262 return 0; 263 } 264 EXPORT_SYMBOL(neigh_ifdown); 265 266 static struct neighbour *neigh_alloc(struct neigh_table *tbl, struct net_device *dev) 267 { 268 struct neighbour *n = NULL; 269 unsigned long now = jiffies; 270 int entries; 271 272 entries = atomic_inc_return(&tbl->entries) - 1; 273 if (entries >= tbl->gc_thresh3 || 274 (entries >= tbl->gc_thresh2 && 275 time_after(now, tbl->last_flush + 5 * HZ))) { 276 if (!neigh_forced_gc(tbl) && 277 entries >= tbl->gc_thresh3) 278 goto out_entries; 279 } 280 281 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 282 if (!n) 283 goto out_entries; 284 285 __skb_queue_head_init(&n->arp_queue); 286 rwlock_init(&n->lock); 287 seqlock_init(&n->ha_lock); 288 n->updated = n->used = now; 289 n->nud_state = NUD_NONE; 290 n->output = neigh_blackhole; 291 seqlock_init(&n->hh.hh_lock); 292 n->parms = neigh_parms_clone(&tbl->parms); 293 setup_timer(&n->timer, neigh_timer_handler, (unsigned long)n); 294 295 NEIGH_CACHE_STAT_INC(tbl, allocs); 296 n->tbl = tbl; 297 atomic_set(&n->refcnt, 1); 298 n->dead = 1; 299 out: 300 return n; 301 302 out_entries: 303 atomic_dec(&tbl->entries); 304 goto out; 305 } 306 307 static void neigh_get_hash_rnd(u32 *x) 308 { 309 get_random_bytes(x, sizeof(*x)); 310 *x |= 1; 311 } 312 313 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 314 { 315 size_t size = (1 << shift) * sizeof(struct neighbour *); 316 struct neigh_hash_table *ret; 317 struct neighbour __rcu **buckets; 318 int i; 319 320 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 321 if (!ret) 322 return NULL; 323 if (size <= PAGE_SIZE) 324 buckets = kzalloc(size, GFP_ATOMIC); 325 else 326 buckets = (struct neighbour __rcu **) 327 __get_free_pages(GFP_ATOMIC | __GFP_ZERO, 328 get_order(size)); 329 if (!buckets) { 330 kfree(ret); 331 return NULL; 332 } 333 ret->hash_buckets = buckets; 334 ret->hash_shift = shift; 335 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 336 neigh_get_hash_rnd(&ret->hash_rnd[i]); 337 return ret; 338 } 339 340 static void neigh_hash_free_rcu(struct rcu_head *head) 341 { 342 struct neigh_hash_table *nht = container_of(head, 343 struct neigh_hash_table, 344 rcu); 345 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *); 346 struct neighbour __rcu **buckets = nht->hash_buckets; 347 348 if (size <= PAGE_SIZE) 349 kfree(buckets); 350 else 351 free_pages((unsigned long)buckets, get_order(size)); 352 kfree(nht); 353 } 354 355 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 356 unsigned long new_shift) 357 { 358 unsigned int i, hash; 359 struct neigh_hash_table *new_nht, *old_nht; 360 361 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 362 363 old_nht = rcu_dereference_protected(tbl->nht, 364 lockdep_is_held(&tbl->lock)); 365 new_nht = neigh_hash_alloc(new_shift); 366 if (!new_nht) 367 return old_nht; 368 369 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 370 struct neighbour *n, *next; 371 372 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 373 lockdep_is_held(&tbl->lock)); 374 n != NULL; 375 n = next) { 376 hash = tbl->hash(n->primary_key, n->dev, 377 new_nht->hash_rnd); 378 379 hash >>= (32 - new_nht->hash_shift); 380 next = rcu_dereference_protected(n->next, 381 lockdep_is_held(&tbl->lock)); 382 383 rcu_assign_pointer(n->next, 384 rcu_dereference_protected( 385 new_nht->hash_buckets[hash], 386 lockdep_is_held(&tbl->lock))); 387 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 388 } 389 } 390 391 rcu_assign_pointer(tbl->nht, new_nht); 392 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 393 return new_nht; 394 } 395 396 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 397 struct net_device *dev) 398 { 399 struct neighbour *n; 400 int key_len = tbl->key_len; 401 u32 hash_val; 402 struct neigh_hash_table *nht; 403 404 NEIGH_CACHE_STAT_INC(tbl, lookups); 405 406 rcu_read_lock_bh(); 407 nht = rcu_dereference_bh(tbl->nht); 408 hash_val = tbl->hash(pkey, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 409 410 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); 411 n != NULL; 412 n = rcu_dereference_bh(n->next)) { 413 if (dev == n->dev && !memcmp(n->primary_key, pkey, key_len)) { 414 if (!atomic_inc_not_zero(&n->refcnt)) 415 n = NULL; 416 NEIGH_CACHE_STAT_INC(tbl, hits); 417 break; 418 } 419 } 420 421 rcu_read_unlock_bh(); 422 return n; 423 } 424 EXPORT_SYMBOL(neigh_lookup); 425 426 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net, 427 const void *pkey) 428 { 429 struct neighbour *n; 430 int key_len = tbl->key_len; 431 u32 hash_val; 432 struct neigh_hash_table *nht; 433 434 NEIGH_CACHE_STAT_INC(tbl, lookups); 435 436 rcu_read_lock_bh(); 437 nht = rcu_dereference_bh(tbl->nht); 438 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift); 439 440 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); 441 n != NULL; 442 n = rcu_dereference_bh(n->next)) { 443 if (!memcmp(n->primary_key, pkey, key_len) && 444 net_eq(dev_net(n->dev), net)) { 445 if (!atomic_inc_not_zero(&n->refcnt)) 446 n = NULL; 447 NEIGH_CACHE_STAT_INC(tbl, hits); 448 break; 449 } 450 } 451 452 rcu_read_unlock_bh(); 453 return n; 454 } 455 EXPORT_SYMBOL(neigh_lookup_nodev); 456 457 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 458 struct net_device *dev, bool want_ref) 459 { 460 u32 hash_val; 461 int key_len = tbl->key_len; 462 int error; 463 struct neighbour *n1, *rc, *n = neigh_alloc(tbl, dev); 464 struct neigh_hash_table *nht; 465 466 if (!n) { 467 rc = ERR_PTR(-ENOBUFS); 468 goto out; 469 } 470 471 memcpy(n->primary_key, pkey, key_len); 472 n->dev = dev; 473 dev_hold(dev); 474 475 /* Protocol specific setup. */ 476 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 477 rc = ERR_PTR(error); 478 goto out_neigh_release; 479 } 480 481 if (dev->netdev_ops->ndo_neigh_construct) { 482 error = dev->netdev_ops->ndo_neigh_construct(n); 483 if (error < 0) { 484 rc = ERR_PTR(error); 485 goto out_neigh_release; 486 } 487 } 488 489 /* Device specific setup. */ 490 if (n->parms->neigh_setup && 491 (error = n->parms->neigh_setup(n)) < 0) { 492 rc = ERR_PTR(error); 493 goto out_neigh_release; 494 } 495 496 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 497 498 write_lock_bh(&tbl->lock); 499 nht = rcu_dereference_protected(tbl->nht, 500 lockdep_is_held(&tbl->lock)); 501 502 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 503 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 504 505 hash_val = tbl->hash(pkey, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 506 507 if (n->parms->dead) { 508 rc = ERR_PTR(-EINVAL); 509 goto out_tbl_unlock; 510 } 511 512 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 513 lockdep_is_held(&tbl->lock)); 514 n1 != NULL; 515 n1 = rcu_dereference_protected(n1->next, 516 lockdep_is_held(&tbl->lock))) { 517 if (dev == n1->dev && !memcmp(n1->primary_key, pkey, key_len)) { 518 if (want_ref) 519 neigh_hold(n1); 520 rc = n1; 521 goto out_tbl_unlock; 522 } 523 } 524 525 n->dead = 0; 526 if (want_ref) 527 neigh_hold(n); 528 rcu_assign_pointer(n->next, 529 rcu_dereference_protected(nht->hash_buckets[hash_val], 530 lockdep_is_held(&tbl->lock))); 531 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 532 write_unlock_bh(&tbl->lock); 533 neigh_dbg(2, "neigh %p is created\n", n); 534 rc = n; 535 out: 536 return rc; 537 out_tbl_unlock: 538 write_unlock_bh(&tbl->lock); 539 out_neigh_release: 540 neigh_release(n); 541 goto out; 542 } 543 EXPORT_SYMBOL(__neigh_create); 544 545 static u32 pneigh_hash(const void *pkey, int key_len) 546 { 547 u32 hash_val = *(u32 *)(pkey + key_len - 4); 548 hash_val ^= (hash_val >> 16); 549 hash_val ^= hash_val >> 8; 550 hash_val ^= hash_val >> 4; 551 hash_val &= PNEIGH_HASHMASK; 552 return hash_val; 553 } 554 555 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 556 struct net *net, 557 const void *pkey, 558 int key_len, 559 struct net_device *dev) 560 { 561 while (n) { 562 if (!memcmp(n->key, pkey, key_len) && 563 net_eq(pneigh_net(n), net) && 564 (n->dev == dev || !n->dev)) 565 return n; 566 n = n->next; 567 } 568 return NULL; 569 } 570 571 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 572 struct net *net, const void *pkey, struct net_device *dev) 573 { 574 int key_len = tbl->key_len; 575 u32 hash_val = pneigh_hash(pkey, key_len); 576 577 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 578 net, pkey, key_len, dev); 579 } 580 EXPORT_SYMBOL_GPL(__pneigh_lookup); 581 582 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 583 struct net *net, const void *pkey, 584 struct net_device *dev, int creat) 585 { 586 struct pneigh_entry *n; 587 int key_len = tbl->key_len; 588 u32 hash_val = pneigh_hash(pkey, key_len); 589 590 read_lock_bh(&tbl->lock); 591 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 592 net, pkey, key_len, dev); 593 read_unlock_bh(&tbl->lock); 594 595 if (n || !creat) 596 goto out; 597 598 ASSERT_RTNL(); 599 600 n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL); 601 if (!n) 602 goto out; 603 604 write_pnet(&n->net, hold_net(net)); 605 memcpy(n->key, pkey, key_len); 606 n->dev = dev; 607 if (dev) 608 dev_hold(dev); 609 610 if (tbl->pconstructor && tbl->pconstructor(n)) { 611 if (dev) 612 dev_put(dev); 613 release_net(net); 614 kfree(n); 615 n = NULL; 616 goto out; 617 } 618 619 write_lock_bh(&tbl->lock); 620 n->next = tbl->phash_buckets[hash_val]; 621 tbl->phash_buckets[hash_val] = n; 622 write_unlock_bh(&tbl->lock); 623 out: 624 return n; 625 } 626 EXPORT_SYMBOL(pneigh_lookup); 627 628 629 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 630 struct net_device *dev) 631 { 632 struct pneigh_entry *n, **np; 633 int key_len = tbl->key_len; 634 u32 hash_val = pneigh_hash(pkey, key_len); 635 636 write_lock_bh(&tbl->lock); 637 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 638 np = &n->next) { 639 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 640 net_eq(pneigh_net(n), net)) { 641 *np = n->next; 642 write_unlock_bh(&tbl->lock); 643 if (tbl->pdestructor) 644 tbl->pdestructor(n); 645 if (n->dev) 646 dev_put(n->dev); 647 release_net(pneigh_net(n)); 648 kfree(n); 649 return 0; 650 } 651 } 652 write_unlock_bh(&tbl->lock); 653 return -ENOENT; 654 } 655 656 static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 657 { 658 struct pneigh_entry *n, **np; 659 u32 h; 660 661 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 662 np = &tbl->phash_buckets[h]; 663 while ((n = *np) != NULL) { 664 if (!dev || n->dev == dev) { 665 *np = n->next; 666 if (tbl->pdestructor) 667 tbl->pdestructor(n); 668 if (n->dev) 669 dev_put(n->dev); 670 release_net(pneigh_net(n)); 671 kfree(n); 672 continue; 673 } 674 np = &n->next; 675 } 676 } 677 return -ENOENT; 678 } 679 680 static void neigh_parms_destroy(struct neigh_parms *parms); 681 682 static inline void neigh_parms_put(struct neigh_parms *parms) 683 { 684 if (atomic_dec_and_test(&parms->refcnt)) 685 neigh_parms_destroy(parms); 686 } 687 688 /* 689 * neighbour must already be out of the table; 690 * 691 */ 692 void neigh_destroy(struct neighbour *neigh) 693 { 694 struct net_device *dev = neigh->dev; 695 696 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 697 698 if (!neigh->dead) { 699 pr_warn("Destroying alive neighbour %p\n", neigh); 700 dump_stack(); 701 return; 702 } 703 704 if (neigh_del_timer(neigh)) 705 pr_warn("Impossible event\n"); 706 707 write_lock_bh(&neigh->lock); 708 __skb_queue_purge(&neigh->arp_queue); 709 write_unlock_bh(&neigh->lock); 710 neigh->arp_queue_len_bytes = 0; 711 712 if (dev->netdev_ops->ndo_neigh_destroy) 713 dev->netdev_ops->ndo_neigh_destroy(neigh); 714 715 dev_put(dev); 716 neigh_parms_put(neigh->parms); 717 718 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 719 720 atomic_dec(&neigh->tbl->entries); 721 kfree_rcu(neigh, rcu); 722 } 723 EXPORT_SYMBOL(neigh_destroy); 724 725 /* Neighbour state is suspicious; 726 disable fast path. 727 728 Called with write_locked neigh. 729 */ 730 static void neigh_suspect(struct neighbour *neigh) 731 { 732 neigh_dbg(2, "neigh %p is suspected\n", neigh); 733 734 neigh->output = neigh->ops->output; 735 } 736 737 /* Neighbour state is OK; 738 enable fast path. 739 740 Called with write_locked neigh. 741 */ 742 static void neigh_connect(struct neighbour *neigh) 743 { 744 neigh_dbg(2, "neigh %p is connected\n", neigh); 745 746 neigh->output = neigh->ops->connected_output; 747 } 748 749 static void neigh_periodic_work(struct work_struct *work) 750 { 751 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 752 struct neighbour *n; 753 struct neighbour __rcu **np; 754 unsigned int i; 755 struct neigh_hash_table *nht; 756 757 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 758 759 write_lock_bh(&tbl->lock); 760 nht = rcu_dereference_protected(tbl->nht, 761 lockdep_is_held(&tbl->lock)); 762 763 /* 764 * periodically recompute ReachableTime from random function 765 */ 766 767 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 768 struct neigh_parms *p; 769 tbl->last_rand = jiffies; 770 list_for_each_entry(p, &tbl->parms_list, list) 771 p->reachable_time = 772 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 773 } 774 775 if (atomic_read(&tbl->entries) < tbl->gc_thresh1) 776 goto out; 777 778 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 779 np = &nht->hash_buckets[i]; 780 781 while ((n = rcu_dereference_protected(*np, 782 lockdep_is_held(&tbl->lock))) != NULL) { 783 unsigned int state; 784 785 write_lock(&n->lock); 786 787 state = n->nud_state; 788 if (state & (NUD_PERMANENT | NUD_IN_TIMER)) { 789 write_unlock(&n->lock); 790 goto next_elt; 791 } 792 793 if (time_before(n->used, n->confirmed)) 794 n->used = n->confirmed; 795 796 if (atomic_read(&n->refcnt) == 1 && 797 (state == NUD_FAILED || 798 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 799 *np = n->next; 800 n->dead = 1; 801 write_unlock(&n->lock); 802 neigh_cleanup_and_release(n); 803 continue; 804 } 805 write_unlock(&n->lock); 806 807 next_elt: 808 np = &n->next; 809 } 810 /* 811 * It's fine to release lock here, even if hash table 812 * grows while we are preempted. 813 */ 814 write_unlock_bh(&tbl->lock); 815 cond_resched(); 816 write_lock_bh(&tbl->lock); 817 nht = rcu_dereference_protected(tbl->nht, 818 lockdep_is_held(&tbl->lock)); 819 } 820 out: 821 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 822 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 823 * BASE_REACHABLE_TIME. 824 */ 825 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 826 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 827 write_unlock_bh(&tbl->lock); 828 } 829 830 static __inline__ int neigh_max_probes(struct neighbour *n) 831 { 832 struct neigh_parms *p = n->parms; 833 int max_probes = NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES); 834 if (!(n->nud_state & NUD_PROBE)) 835 max_probes += NEIGH_VAR(p, MCAST_PROBES); 836 return max_probes; 837 } 838 839 static void neigh_invalidate(struct neighbour *neigh) 840 __releases(neigh->lock) 841 __acquires(neigh->lock) 842 { 843 struct sk_buff *skb; 844 845 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 846 neigh_dbg(2, "neigh %p is failed\n", neigh); 847 neigh->updated = jiffies; 848 849 /* It is very thin place. report_unreachable is very complicated 850 routine. Particularly, it can hit the same neighbour entry! 851 852 So that, we try to be accurate and avoid dead loop. --ANK 853 */ 854 while (neigh->nud_state == NUD_FAILED && 855 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 856 write_unlock(&neigh->lock); 857 neigh->ops->error_report(neigh, skb); 858 write_lock(&neigh->lock); 859 } 860 __skb_queue_purge(&neigh->arp_queue); 861 neigh->arp_queue_len_bytes = 0; 862 } 863 864 static void neigh_probe(struct neighbour *neigh) 865 __releases(neigh->lock) 866 { 867 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 868 /* keep skb alive even if arp_queue overflows */ 869 if (skb) 870 skb = skb_copy(skb, GFP_ATOMIC); 871 write_unlock(&neigh->lock); 872 neigh->ops->solicit(neigh, skb); 873 atomic_inc(&neigh->probes); 874 kfree_skb(skb); 875 } 876 877 /* Called when a timer expires for a neighbour entry. */ 878 879 static void neigh_timer_handler(unsigned long arg) 880 { 881 unsigned long now, next; 882 struct neighbour *neigh = (struct neighbour *)arg; 883 unsigned int state; 884 int notify = 0; 885 886 write_lock(&neigh->lock); 887 888 state = neigh->nud_state; 889 now = jiffies; 890 next = now + HZ; 891 892 if (!(state & NUD_IN_TIMER)) 893 goto out; 894 895 if (state & NUD_REACHABLE) { 896 if (time_before_eq(now, 897 neigh->confirmed + neigh->parms->reachable_time)) { 898 neigh_dbg(2, "neigh %p is still alive\n", neigh); 899 next = neigh->confirmed + neigh->parms->reachable_time; 900 } else if (time_before_eq(now, 901 neigh->used + 902 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 903 neigh_dbg(2, "neigh %p is delayed\n", neigh); 904 neigh->nud_state = NUD_DELAY; 905 neigh->updated = jiffies; 906 neigh_suspect(neigh); 907 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 908 } else { 909 neigh_dbg(2, "neigh %p is suspected\n", neigh); 910 neigh->nud_state = NUD_STALE; 911 neigh->updated = jiffies; 912 neigh_suspect(neigh); 913 notify = 1; 914 } 915 } else if (state & NUD_DELAY) { 916 if (time_before_eq(now, 917 neigh->confirmed + 918 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 919 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 920 neigh->nud_state = NUD_REACHABLE; 921 neigh->updated = jiffies; 922 neigh_connect(neigh); 923 notify = 1; 924 next = neigh->confirmed + neigh->parms->reachable_time; 925 } else { 926 neigh_dbg(2, "neigh %p is probed\n", neigh); 927 neigh->nud_state = NUD_PROBE; 928 neigh->updated = jiffies; 929 atomic_set(&neigh->probes, 0); 930 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME); 931 } 932 } else { 933 /* NUD_PROBE|NUD_INCOMPLETE */ 934 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME); 935 } 936 937 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 938 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 939 neigh->nud_state = NUD_FAILED; 940 notify = 1; 941 neigh_invalidate(neigh); 942 goto out; 943 } 944 945 if (neigh->nud_state & NUD_IN_TIMER) { 946 if (time_before(next, jiffies + HZ/2)) 947 next = jiffies + HZ/2; 948 if (!mod_timer(&neigh->timer, next)) 949 neigh_hold(neigh); 950 } 951 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 952 neigh_probe(neigh); 953 } else { 954 out: 955 write_unlock(&neigh->lock); 956 } 957 958 if (notify) 959 neigh_update_notify(neigh); 960 961 neigh_release(neigh); 962 } 963 964 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb) 965 { 966 int rc; 967 bool immediate_probe = false; 968 969 write_lock_bh(&neigh->lock); 970 971 rc = 0; 972 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 973 goto out_unlock_bh; 974 975 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 976 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 977 NEIGH_VAR(neigh->parms, APP_PROBES)) { 978 unsigned long next, now = jiffies; 979 980 atomic_set(&neigh->probes, 981 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 982 neigh->nud_state = NUD_INCOMPLETE; 983 neigh->updated = now; 984 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 985 HZ/2); 986 neigh_add_timer(neigh, next); 987 immediate_probe = true; 988 } else { 989 neigh->nud_state = NUD_FAILED; 990 neigh->updated = jiffies; 991 write_unlock_bh(&neigh->lock); 992 993 kfree_skb(skb); 994 return 1; 995 } 996 } else if (neigh->nud_state & NUD_STALE) { 997 neigh_dbg(2, "neigh %p is delayed\n", neigh); 998 neigh->nud_state = NUD_DELAY; 999 neigh->updated = jiffies; 1000 neigh_add_timer(neigh, jiffies + 1001 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1002 } 1003 1004 if (neigh->nud_state == NUD_INCOMPLETE) { 1005 if (skb) { 1006 while (neigh->arp_queue_len_bytes + skb->truesize > 1007 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1008 struct sk_buff *buff; 1009 1010 buff = __skb_dequeue(&neigh->arp_queue); 1011 if (!buff) 1012 break; 1013 neigh->arp_queue_len_bytes -= buff->truesize; 1014 kfree_skb(buff); 1015 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1016 } 1017 skb_dst_force(skb); 1018 __skb_queue_tail(&neigh->arp_queue, skb); 1019 neigh->arp_queue_len_bytes += skb->truesize; 1020 } 1021 rc = 1; 1022 } 1023 out_unlock_bh: 1024 if (immediate_probe) 1025 neigh_probe(neigh); 1026 else 1027 write_unlock(&neigh->lock); 1028 local_bh_enable(); 1029 return rc; 1030 } 1031 EXPORT_SYMBOL(__neigh_event_send); 1032 1033 static void neigh_update_hhs(struct neighbour *neigh) 1034 { 1035 struct hh_cache *hh; 1036 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1037 = NULL; 1038 1039 if (neigh->dev->header_ops) 1040 update = neigh->dev->header_ops->cache_update; 1041 1042 if (update) { 1043 hh = &neigh->hh; 1044 if (hh->hh_len) { 1045 write_seqlock_bh(&hh->hh_lock); 1046 update(hh, neigh->dev, neigh->ha); 1047 write_sequnlock_bh(&hh->hh_lock); 1048 } 1049 } 1050 } 1051 1052 1053 1054 /* Generic update routine. 1055 -- lladdr is new lladdr or NULL, if it is not supplied. 1056 -- new is new state. 1057 -- flags 1058 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1059 if it is different. 1060 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1061 lladdr instead of overriding it 1062 if it is different. 1063 It also allows to retain current state 1064 if lladdr is unchanged. 1065 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1066 1067 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1068 NTF_ROUTER flag. 1069 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1070 a router. 1071 1072 Caller MUST hold reference count on the entry. 1073 */ 1074 1075 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1076 u32 flags) 1077 { 1078 u8 old; 1079 int err; 1080 int notify = 0; 1081 struct net_device *dev; 1082 int update_isrouter = 0; 1083 1084 write_lock_bh(&neigh->lock); 1085 1086 dev = neigh->dev; 1087 old = neigh->nud_state; 1088 err = -EPERM; 1089 1090 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1091 (old & (NUD_NOARP | NUD_PERMANENT))) 1092 goto out; 1093 1094 if (!(new & NUD_VALID)) { 1095 neigh_del_timer(neigh); 1096 if (old & NUD_CONNECTED) 1097 neigh_suspect(neigh); 1098 neigh->nud_state = new; 1099 err = 0; 1100 notify = old & NUD_VALID; 1101 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1102 (new & NUD_FAILED)) { 1103 neigh_invalidate(neigh); 1104 notify = 1; 1105 } 1106 goto out; 1107 } 1108 1109 /* Compare new lladdr with cached one */ 1110 if (!dev->addr_len) { 1111 /* First case: device needs no address. */ 1112 lladdr = neigh->ha; 1113 } else if (lladdr) { 1114 /* The second case: if something is already cached 1115 and a new address is proposed: 1116 - compare new & old 1117 - if they are different, check override flag 1118 */ 1119 if ((old & NUD_VALID) && 1120 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1121 lladdr = neigh->ha; 1122 } else { 1123 /* No address is supplied; if we know something, 1124 use it, otherwise discard the request. 1125 */ 1126 err = -EINVAL; 1127 if (!(old & NUD_VALID)) 1128 goto out; 1129 lladdr = neigh->ha; 1130 } 1131 1132 if (new & NUD_CONNECTED) 1133 neigh->confirmed = jiffies; 1134 neigh->updated = jiffies; 1135 1136 /* If entry was valid and address is not changed, 1137 do not change entry state, if new one is STALE. 1138 */ 1139 err = 0; 1140 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1141 if (old & NUD_VALID) { 1142 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1143 update_isrouter = 0; 1144 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1145 (old & NUD_CONNECTED)) { 1146 lladdr = neigh->ha; 1147 new = NUD_STALE; 1148 } else 1149 goto out; 1150 } else { 1151 if (lladdr == neigh->ha && new == NUD_STALE && 1152 ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) || 1153 (old & NUD_CONNECTED)) 1154 ) 1155 new = old; 1156 } 1157 } 1158 1159 if (new != old) { 1160 neigh_del_timer(neigh); 1161 if (new & NUD_IN_TIMER) 1162 neigh_add_timer(neigh, (jiffies + 1163 ((new & NUD_REACHABLE) ? 1164 neigh->parms->reachable_time : 1165 0))); 1166 neigh->nud_state = new; 1167 notify = 1; 1168 } 1169 1170 if (lladdr != neigh->ha) { 1171 write_seqlock(&neigh->ha_lock); 1172 memcpy(&neigh->ha, lladdr, dev->addr_len); 1173 write_sequnlock(&neigh->ha_lock); 1174 neigh_update_hhs(neigh); 1175 if (!(new & NUD_CONNECTED)) 1176 neigh->confirmed = jiffies - 1177 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1178 notify = 1; 1179 } 1180 if (new == old) 1181 goto out; 1182 if (new & NUD_CONNECTED) 1183 neigh_connect(neigh); 1184 else 1185 neigh_suspect(neigh); 1186 if (!(old & NUD_VALID)) { 1187 struct sk_buff *skb; 1188 1189 /* Again: avoid dead loop if something went wrong */ 1190 1191 while (neigh->nud_state & NUD_VALID && 1192 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1193 struct dst_entry *dst = skb_dst(skb); 1194 struct neighbour *n2, *n1 = neigh; 1195 write_unlock_bh(&neigh->lock); 1196 1197 rcu_read_lock(); 1198 1199 /* Why not just use 'neigh' as-is? The problem is that 1200 * things such as shaper, eql, and sch_teql can end up 1201 * using alternative, different, neigh objects to output 1202 * the packet in the output path. So what we need to do 1203 * here is re-lookup the top-level neigh in the path so 1204 * we can reinject the packet there. 1205 */ 1206 n2 = NULL; 1207 if (dst) { 1208 n2 = dst_neigh_lookup_skb(dst, skb); 1209 if (n2) 1210 n1 = n2; 1211 } 1212 n1->output(n1, skb); 1213 if (n2) 1214 neigh_release(n2); 1215 rcu_read_unlock(); 1216 1217 write_lock_bh(&neigh->lock); 1218 } 1219 __skb_queue_purge(&neigh->arp_queue); 1220 neigh->arp_queue_len_bytes = 0; 1221 } 1222 out: 1223 if (update_isrouter) { 1224 neigh->flags = (flags & NEIGH_UPDATE_F_ISROUTER) ? 1225 (neigh->flags | NTF_ROUTER) : 1226 (neigh->flags & ~NTF_ROUTER); 1227 } 1228 write_unlock_bh(&neigh->lock); 1229 1230 if (notify) 1231 neigh_update_notify(neigh); 1232 1233 return err; 1234 } 1235 EXPORT_SYMBOL(neigh_update); 1236 1237 /* Update the neigh to listen temporarily for probe responses, even if it is 1238 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1239 */ 1240 void __neigh_set_probe_once(struct neighbour *neigh) 1241 { 1242 neigh->updated = jiffies; 1243 if (!(neigh->nud_state & NUD_FAILED)) 1244 return; 1245 neigh->nud_state = NUD_INCOMPLETE; 1246 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1247 neigh_add_timer(neigh, 1248 jiffies + NEIGH_VAR(neigh->parms, RETRANS_TIME)); 1249 } 1250 EXPORT_SYMBOL(__neigh_set_probe_once); 1251 1252 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1253 u8 *lladdr, void *saddr, 1254 struct net_device *dev) 1255 { 1256 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1257 lladdr || !dev->addr_len); 1258 if (neigh) 1259 neigh_update(neigh, lladdr, NUD_STALE, 1260 NEIGH_UPDATE_F_OVERRIDE); 1261 return neigh; 1262 } 1263 EXPORT_SYMBOL(neigh_event_ns); 1264 1265 /* called with read_lock_bh(&n->lock); */ 1266 static void neigh_hh_init(struct neighbour *n, struct dst_entry *dst) 1267 { 1268 struct net_device *dev = dst->dev; 1269 __be16 prot = dst->ops->protocol; 1270 struct hh_cache *hh = &n->hh; 1271 1272 write_lock_bh(&n->lock); 1273 1274 /* Only one thread can come in here and initialize the 1275 * hh_cache entry. 1276 */ 1277 if (!hh->hh_len) 1278 dev->header_ops->cache(n, hh, prot); 1279 1280 write_unlock_bh(&n->lock); 1281 } 1282 1283 /* This function can be used in contexts, where only old dev_queue_xmit 1284 * worked, f.e. if you want to override normal output path (eql, shaper), 1285 * but resolution is not made yet. 1286 */ 1287 1288 int neigh_compat_output(struct neighbour *neigh, struct sk_buff *skb) 1289 { 1290 struct net_device *dev = skb->dev; 1291 1292 __skb_pull(skb, skb_network_offset(skb)); 1293 1294 if (dev_hard_header(skb, dev, ntohs(skb->protocol), NULL, NULL, 1295 skb->len) < 0 && 1296 dev_rebuild_header(skb)) 1297 return 0; 1298 1299 return dev_queue_xmit(skb); 1300 } 1301 EXPORT_SYMBOL(neigh_compat_output); 1302 1303 /* Slow and careful. */ 1304 1305 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1306 { 1307 struct dst_entry *dst = skb_dst(skb); 1308 int rc = 0; 1309 1310 if (!dst) 1311 goto discard; 1312 1313 if (!neigh_event_send(neigh, skb)) { 1314 int err; 1315 struct net_device *dev = neigh->dev; 1316 unsigned int seq; 1317 1318 if (dev->header_ops->cache && !neigh->hh.hh_len) 1319 neigh_hh_init(neigh, dst); 1320 1321 do { 1322 __skb_pull(skb, skb_network_offset(skb)); 1323 seq = read_seqbegin(&neigh->ha_lock); 1324 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1325 neigh->ha, NULL, skb->len); 1326 } while (read_seqretry(&neigh->ha_lock, seq)); 1327 1328 if (err >= 0) 1329 rc = dev_queue_xmit(skb); 1330 else 1331 goto out_kfree_skb; 1332 } 1333 out: 1334 return rc; 1335 discard: 1336 neigh_dbg(1, "%s: dst=%p neigh=%p\n", __func__, dst, neigh); 1337 out_kfree_skb: 1338 rc = -EINVAL; 1339 kfree_skb(skb); 1340 goto out; 1341 } 1342 EXPORT_SYMBOL(neigh_resolve_output); 1343 1344 /* As fast as possible without hh cache */ 1345 1346 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1347 { 1348 struct net_device *dev = neigh->dev; 1349 unsigned int seq; 1350 int err; 1351 1352 do { 1353 __skb_pull(skb, skb_network_offset(skb)); 1354 seq = read_seqbegin(&neigh->ha_lock); 1355 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1356 neigh->ha, NULL, skb->len); 1357 } while (read_seqretry(&neigh->ha_lock, seq)); 1358 1359 if (err >= 0) 1360 err = dev_queue_xmit(skb); 1361 else { 1362 err = -EINVAL; 1363 kfree_skb(skb); 1364 } 1365 return err; 1366 } 1367 EXPORT_SYMBOL(neigh_connected_output); 1368 1369 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1370 { 1371 return dev_queue_xmit(skb); 1372 } 1373 EXPORT_SYMBOL(neigh_direct_output); 1374 1375 static void neigh_proxy_process(unsigned long arg) 1376 { 1377 struct neigh_table *tbl = (struct neigh_table *)arg; 1378 long sched_next = 0; 1379 unsigned long now = jiffies; 1380 struct sk_buff *skb, *n; 1381 1382 spin_lock(&tbl->proxy_queue.lock); 1383 1384 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1385 long tdif = NEIGH_CB(skb)->sched_next - now; 1386 1387 if (tdif <= 0) { 1388 struct net_device *dev = skb->dev; 1389 1390 __skb_unlink(skb, &tbl->proxy_queue); 1391 if (tbl->proxy_redo && netif_running(dev)) { 1392 rcu_read_lock(); 1393 tbl->proxy_redo(skb); 1394 rcu_read_unlock(); 1395 } else { 1396 kfree_skb(skb); 1397 } 1398 1399 dev_put(dev); 1400 } else if (!sched_next || tdif < sched_next) 1401 sched_next = tdif; 1402 } 1403 del_timer(&tbl->proxy_timer); 1404 if (sched_next) 1405 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1406 spin_unlock(&tbl->proxy_queue.lock); 1407 } 1408 1409 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1410 struct sk_buff *skb) 1411 { 1412 unsigned long now = jiffies; 1413 1414 unsigned long sched_next = now + (prandom_u32() % 1415 NEIGH_VAR(p, PROXY_DELAY)); 1416 1417 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1418 kfree_skb(skb); 1419 return; 1420 } 1421 1422 NEIGH_CB(skb)->sched_next = sched_next; 1423 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1424 1425 spin_lock(&tbl->proxy_queue.lock); 1426 if (del_timer(&tbl->proxy_timer)) { 1427 if (time_before(tbl->proxy_timer.expires, sched_next)) 1428 sched_next = tbl->proxy_timer.expires; 1429 } 1430 skb_dst_drop(skb); 1431 dev_hold(skb->dev); 1432 __skb_queue_tail(&tbl->proxy_queue, skb); 1433 mod_timer(&tbl->proxy_timer, sched_next); 1434 spin_unlock(&tbl->proxy_queue.lock); 1435 } 1436 EXPORT_SYMBOL(pneigh_enqueue); 1437 1438 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1439 struct net *net, int ifindex) 1440 { 1441 struct neigh_parms *p; 1442 1443 list_for_each_entry(p, &tbl->parms_list, list) { 1444 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1445 (!p->dev && !ifindex && net_eq(net, &init_net))) 1446 return p; 1447 } 1448 1449 return NULL; 1450 } 1451 1452 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1453 struct neigh_table *tbl) 1454 { 1455 struct neigh_parms *p; 1456 struct net *net = dev_net(dev); 1457 const struct net_device_ops *ops = dev->netdev_ops; 1458 1459 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1460 if (p) { 1461 p->tbl = tbl; 1462 atomic_set(&p->refcnt, 1); 1463 p->reachable_time = 1464 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1465 dev_hold(dev); 1466 p->dev = dev; 1467 write_pnet(&p->net, hold_net(net)); 1468 p->sysctl_table = NULL; 1469 1470 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1471 release_net(net); 1472 dev_put(dev); 1473 kfree(p); 1474 return NULL; 1475 } 1476 1477 write_lock_bh(&tbl->lock); 1478 list_add(&p->list, &tbl->parms.list); 1479 write_unlock_bh(&tbl->lock); 1480 1481 neigh_parms_data_state_cleanall(p); 1482 } 1483 return p; 1484 } 1485 EXPORT_SYMBOL(neigh_parms_alloc); 1486 1487 static void neigh_rcu_free_parms(struct rcu_head *head) 1488 { 1489 struct neigh_parms *parms = 1490 container_of(head, struct neigh_parms, rcu_head); 1491 1492 neigh_parms_put(parms); 1493 } 1494 1495 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1496 { 1497 if (!parms || parms == &tbl->parms) 1498 return; 1499 write_lock_bh(&tbl->lock); 1500 list_del(&parms->list); 1501 parms->dead = 1; 1502 write_unlock_bh(&tbl->lock); 1503 if (parms->dev) 1504 dev_put(parms->dev); 1505 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1506 } 1507 EXPORT_SYMBOL(neigh_parms_release); 1508 1509 static void neigh_parms_destroy(struct neigh_parms *parms) 1510 { 1511 release_net(neigh_parms_net(parms)); 1512 kfree(parms); 1513 } 1514 1515 static struct lock_class_key neigh_table_proxy_queue_class; 1516 1517 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1518 1519 void neigh_table_init(int index, struct neigh_table *tbl) 1520 { 1521 unsigned long now = jiffies; 1522 unsigned long phsize; 1523 1524 INIT_LIST_HEAD(&tbl->parms_list); 1525 list_add(&tbl->parms.list, &tbl->parms_list); 1526 write_pnet(&tbl->parms.net, &init_net); 1527 atomic_set(&tbl->parms.refcnt, 1); 1528 tbl->parms.reachable_time = 1529 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1530 1531 tbl->stats = alloc_percpu(struct neigh_statistics); 1532 if (!tbl->stats) 1533 panic("cannot create neighbour cache statistics"); 1534 1535 #ifdef CONFIG_PROC_FS 1536 if (!proc_create_data(tbl->id, 0, init_net.proc_net_stat, 1537 &neigh_stat_seq_fops, tbl)) 1538 panic("cannot create neighbour proc dir entry"); 1539 #endif 1540 1541 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1542 1543 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1544 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1545 1546 if (!tbl->nht || !tbl->phash_buckets) 1547 panic("cannot allocate neighbour cache hashes"); 1548 1549 if (!tbl->entry_size) 1550 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1551 tbl->key_len, NEIGH_PRIV_ALIGN); 1552 else 1553 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1554 1555 rwlock_init(&tbl->lock); 1556 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1557 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1558 tbl->parms.reachable_time); 1559 setup_timer(&tbl->proxy_timer, neigh_proxy_process, (unsigned long)tbl); 1560 skb_queue_head_init_class(&tbl->proxy_queue, 1561 &neigh_table_proxy_queue_class); 1562 1563 tbl->last_flush = now; 1564 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1565 1566 neigh_tables[index] = tbl; 1567 } 1568 EXPORT_SYMBOL(neigh_table_init); 1569 1570 int neigh_table_clear(int index, struct neigh_table *tbl) 1571 { 1572 neigh_tables[index] = NULL; 1573 /* It is not clean... Fix it to unload IPv6 module safely */ 1574 cancel_delayed_work_sync(&tbl->gc_work); 1575 del_timer_sync(&tbl->proxy_timer); 1576 pneigh_queue_purge(&tbl->proxy_queue); 1577 neigh_ifdown(tbl, NULL); 1578 if (atomic_read(&tbl->entries)) 1579 pr_crit("neighbour leakage\n"); 1580 1581 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1582 neigh_hash_free_rcu); 1583 tbl->nht = NULL; 1584 1585 kfree(tbl->phash_buckets); 1586 tbl->phash_buckets = NULL; 1587 1588 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1589 1590 free_percpu(tbl->stats); 1591 tbl->stats = NULL; 1592 1593 return 0; 1594 } 1595 EXPORT_SYMBOL(neigh_table_clear); 1596 1597 static struct neigh_table *neigh_find_table(int family) 1598 { 1599 struct neigh_table *tbl = NULL; 1600 1601 switch (family) { 1602 case AF_INET: 1603 tbl = neigh_tables[NEIGH_ARP_TABLE]; 1604 break; 1605 case AF_INET6: 1606 tbl = neigh_tables[NEIGH_ND_TABLE]; 1607 break; 1608 case AF_DECnet: 1609 tbl = neigh_tables[NEIGH_DN_TABLE]; 1610 break; 1611 } 1612 1613 return tbl; 1614 } 1615 1616 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh) 1617 { 1618 struct net *net = sock_net(skb->sk); 1619 struct ndmsg *ndm; 1620 struct nlattr *dst_attr; 1621 struct neigh_table *tbl; 1622 struct neighbour *neigh; 1623 struct net_device *dev = NULL; 1624 int err = -EINVAL; 1625 1626 ASSERT_RTNL(); 1627 if (nlmsg_len(nlh) < sizeof(*ndm)) 1628 goto out; 1629 1630 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1631 if (dst_attr == NULL) 1632 goto out; 1633 1634 ndm = nlmsg_data(nlh); 1635 if (ndm->ndm_ifindex) { 1636 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1637 if (dev == NULL) { 1638 err = -ENODEV; 1639 goto out; 1640 } 1641 } 1642 1643 tbl = neigh_find_table(ndm->ndm_family); 1644 if (tbl == NULL) 1645 return -EAFNOSUPPORT; 1646 1647 if (nla_len(dst_attr) < tbl->key_len) 1648 goto out; 1649 1650 if (ndm->ndm_flags & NTF_PROXY) { 1651 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1652 goto out; 1653 } 1654 1655 if (dev == NULL) 1656 goto out; 1657 1658 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1659 if (neigh == NULL) { 1660 err = -ENOENT; 1661 goto out; 1662 } 1663 1664 err = neigh_update(neigh, NULL, NUD_FAILED, 1665 NEIGH_UPDATE_F_OVERRIDE | 1666 NEIGH_UPDATE_F_ADMIN); 1667 neigh_release(neigh); 1668 1669 out: 1670 return err; 1671 } 1672 1673 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh) 1674 { 1675 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE; 1676 struct net *net = sock_net(skb->sk); 1677 struct ndmsg *ndm; 1678 struct nlattr *tb[NDA_MAX+1]; 1679 struct neigh_table *tbl; 1680 struct net_device *dev = NULL; 1681 struct neighbour *neigh; 1682 void *dst, *lladdr; 1683 int err; 1684 1685 ASSERT_RTNL(); 1686 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL); 1687 if (err < 0) 1688 goto out; 1689 1690 err = -EINVAL; 1691 if (tb[NDA_DST] == NULL) 1692 goto out; 1693 1694 ndm = nlmsg_data(nlh); 1695 if (ndm->ndm_ifindex) { 1696 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1697 if (dev == NULL) { 1698 err = -ENODEV; 1699 goto out; 1700 } 1701 1702 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) 1703 goto out; 1704 } 1705 1706 tbl = neigh_find_table(ndm->ndm_family); 1707 if (tbl == NULL) 1708 return -EAFNOSUPPORT; 1709 1710 if (nla_len(tb[NDA_DST]) < tbl->key_len) 1711 goto out; 1712 dst = nla_data(tb[NDA_DST]); 1713 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 1714 1715 if (ndm->ndm_flags & NTF_PROXY) { 1716 struct pneigh_entry *pn; 1717 1718 err = -ENOBUFS; 1719 pn = pneigh_lookup(tbl, net, dst, dev, 1); 1720 if (pn) { 1721 pn->flags = ndm->ndm_flags; 1722 err = 0; 1723 } 1724 goto out; 1725 } 1726 1727 if (dev == NULL) 1728 goto out; 1729 1730 neigh = neigh_lookup(tbl, dst, dev); 1731 if (neigh == NULL) { 1732 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 1733 err = -ENOENT; 1734 goto out; 1735 } 1736 1737 neigh = __neigh_lookup_errno(tbl, dst, dev); 1738 if (IS_ERR(neigh)) { 1739 err = PTR_ERR(neigh); 1740 goto out; 1741 } 1742 } else { 1743 if (nlh->nlmsg_flags & NLM_F_EXCL) { 1744 err = -EEXIST; 1745 neigh_release(neigh); 1746 goto out; 1747 } 1748 1749 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 1750 flags &= ~NEIGH_UPDATE_F_OVERRIDE; 1751 } 1752 1753 if (ndm->ndm_flags & NTF_USE) { 1754 neigh_event_send(neigh, NULL); 1755 err = 0; 1756 } else 1757 err = neigh_update(neigh, lladdr, ndm->ndm_state, flags); 1758 neigh_release(neigh); 1759 1760 out: 1761 return err; 1762 } 1763 1764 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 1765 { 1766 struct nlattr *nest; 1767 1768 nest = nla_nest_start(skb, NDTA_PARMS); 1769 if (nest == NULL) 1770 return -ENOBUFS; 1771 1772 if ((parms->dev && 1773 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 1774 nla_put_u32(skb, NDTPA_REFCNT, atomic_read(&parms->refcnt)) || 1775 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 1776 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 1777 /* approximative value for deprecated QUEUE_LEN (in packets) */ 1778 nla_put_u32(skb, NDTPA_QUEUE_LEN, 1779 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 1780 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 1781 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 1782 nla_put_u32(skb, NDTPA_UCAST_PROBES, 1783 NEIGH_VAR(parms, UCAST_PROBES)) || 1784 nla_put_u32(skb, NDTPA_MCAST_PROBES, 1785 NEIGH_VAR(parms, MCAST_PROBES)) || 1786 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time) || 1787 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 1788 NEIGH_VAR(parms, BASE_REACHABLE_TIME)) || 1789 nla_put_msecs(skb, NDTPA_GC_STALETIME, 1790 NEIGH_VAR(parms, GC_STALETIME)) || 1791 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 1792 NEIGH_VAR(parms, DELAY_PROBE_TIME)) || 1793 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 1794 NEIGH_VAR(parms, RETRANS_TIME)) || 1795 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 1796 NEIGH_VAR(parms, ANYCAST_DELAY)) || 1797 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 1798 NEIGH_VAR(parms, PROXY_DELAY)) || 1799 nla_put_msecs(skb, NDTPA_LOCKTIME, 1800 NEIGH_VAR(parms, LOCKTIME))) 1801 goto nla_put_failure; 1802 return nla_nest_end(skb, nest); 1803 1804 nla_put_failure: 1805 nla_nest_cancel(skb, nest); 1806 return -EMSGSIZE; 1807 } 1808 1809 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 1810 u32 pid, u32 seq, int type, int flags) 1811 { 1812 struct nlmsghdr *nlh; 1813 struct ndtmsg *ndtmsg; 1814 1815 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 1816 if (nlh == NULL) 1817 return -EMSGSIZE; 1818 1819 ndtmsg = nlmsg_data(nlh); 1820 1821 read_lock_bh(&tbl->lock); 1822 ndtmsg->ndtm_family = tbl->family; 1823 ndtmsg->ndtm_pad1 = 0; 1824 ndtmsg->ndtm_pad2 = 0; 1825 1826 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 1827 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval) || 1828 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) || 1829 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) || 1830 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3)) 1831 goto nla_put_failure; 1832 { 1833 unsigned long now = jiffies; 1834 unsigned int flush_delta = now - tbl->last_flush; 1835 unsigned int rand_delta = now - tbl->last_rand; 1836 struct neigh_hash_table *nht; 1837 struct ndt_config ndc = { 1838 .ndtc_key_len = tbl->key_len, 1839 .ndtc_entry_size = tbl->entry_size, 1840 .ndtc_entries = atomic_read(&tbl->entries), 1841 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 1842 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 1843 .ndtc_proxy_qlen = tbl->proxy_queue.qlen, 1844 }; 1845 1846 rcu_read_lock_bh(); 1847 nht = rcu_dereference_bh(tbl->nht); 1848 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 1849 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 1850 rcu_read_unlock_bh(); 1851 1852 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 1853 goto nla_put_failure; 1854 } 1855 1856 { 1857 int cpu; 1858 struct ndt_stats ndst; 1859 1860 memset(&ndst, 0, sizeof(ndst)); 1861 1862 for_each_possible_cpu(cpu) { 1863 struct neigh_statistics *st; 1864 1865 st = per_cpu_ptr(tbl->stats, cpu); 1866 ndst.ndts_allocs += st->allocs; 1867 ndst.ndts_destroys += st->destroys; 1868 ndst.ndts_hash_grows += st->hash_grows; 1869 ndst.ndts_res_failed += st->res_failed; 1870 ndst.ndts_lookups += st->lookups; 1871 ndst.ndts_hits += st->hits; 1872 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast; 1873 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast; 1874 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs; 1875 ndst.ndts_forced_gc_runs += st->forced_gc_runs; 1876 } 1877 1878 if (nla_put(skb, NDTA_STATS, sizeof(ndst), &ndst)) 1879 goto nla_put_failure; 1880 } 1881 1882 BUG_ON(tbl->parms.dev); 1883 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 1884 goto nla_put_failure; 1885 1886 read_unlock_bh(&tbl->lock); 1887 return nlmsg_end(skb, nlh); 1888 1889 nla_put_failure: 1890 read_unlock_bh(&tbl->lock); 1891 nlmsg_cancel(skb, nlh); 1892 return -EMSGSIZE; 1893 } 1894 1895 static int neightbl_fill_param_info(struct sk_buff *skb, 1896 struct neigh_table *tbl, 1897 struct neigh_parms *parms, 1898 u32 pid, u32 seq, int type, 1899 unsigned int flags) 1900 { 1901 struct ndtmsg *ndtmsg; 1902 struct nlmsghdr *nlh; 1903 1904 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 1905 if (nlh == NULL) 1906 return -EMSGSIZE; 1907 1908 ndtmsg = nlmsg_data(nlh); 1909 1910 read_lock_bh(&tbl->lock); 1911 ndtmsg->ndtm_family = tbl->family; 1912 ndtmsg->ndtm_pad1 = 0; 1913 ndtmsg->ndtm_pad2 = 0; 1914 1915 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 1916 neightbl_fill_parms(skb, parms) < 0) 1917 goto errout; 1918 1919 read_unlock_bh(&tbl->lock); 1920 return nlmsg_end(skb, nlh); 1921 errout: 1922 read_unlock_bh(&tbl->lock); 1923 nlmsg_cancel(skb, nlh); 1924 return -EMSGSIZE; 1925 } 1926 1927 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 1928 [NDTA_NAME] = { .type = NLA_STRING }, 1929 [NDTA_THRESH1] = { .type = NLA_U32 }, 1930 [NDTA_THRESH2] = { .type = NLA_U32 }, 1931 [NDTA_THRESH3] = { .type = NLA_U32 }, 1932 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 1933 [NDTA_PARMS] = { .type = NLA_NESTED }, 1934 }; 1935 1936 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 1937 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 1938 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 1939 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 1940 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 1941 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 1942 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 1943 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 1944 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 1945 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 1946 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 1947 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 1948 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 1949 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 1950 }; 1951 1952 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh) 1953 { 1954 struct net *net = sock_net(skb->sk); 1955 struct neigh_table *tbl; 1956 struct ndtmsg *ndtmsg; 1957 struct nlattr *tb[NDTA_MAX+1]; 1958 bool found = false; 1959 int err, tidx; 1960 1961 err = nlmsg_parse(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 1962 nl_neightbl_policy); 1963 if (err < 0) 1964 goto errout; 1965 1966 if (tb[NDTA_NAME] == NULL) { 1967 err = -EINVAL; 1968 goto errout; 1969 } 1970 1971 ndtmsg = nlmsg_data(nlh); 1972 1973 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 1974 tbl = neigh_tables[tidx]; 1975 if (!tbl) 1976 continue; 1977 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 1978 continue; 1979 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 1980 found = true; 1981 break; 1982 } 1983 } 1984 1985 if (!found) 1986 return -ENOENT; 1987 1988 /* 1989 * We acquire tbl->lock to be nice to the periodic timers and 1990 * make sure they always see a consistent set of values. 1991 */ 1992 write_lock_bh(&tbl->lock); 1993 1994 if (tb[NDTA_PARMS]) { 1995 struct nlattr *tbp[NDTPA_MAX+1]; 1996 struct neigh_parms *p; 1997 int i, ifindex = 0; 1998 1999 err = nla_parse_nested(tbp, NDTPA_MAX, tb[NDTA_PARMS], 2000 nl_ntbl_parm_policy); 2001 if (err < 0) 2002 goto errout_tbl_lock; 2003 2004 if (tbp[NDTPA_IFINDEX]) 2005 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2006 2007 p = lookup_neigh_parms(tbl, net, ifindex); 2008 if (p == NULL) { 2009 err = -ENOENT; 2010 goto errout_tbl_lock; 2011 } 2012 2013 for (i = 1; i <= NDTPA_MAX; i++) { 2014 if (tbp[i] == NULL) 2015 continue; 2016 2017 switch (i) { 2018 case NDTPA_QUEUE_LEN: 2019 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2020 nla_get_u32(tbp[i]) * 2021 SKB_TRUESIZE(ETH_FRAME_LEN)); 2022 break; 2023 case NDTPA_QUEUE_LENBYTES: 2024 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2025 nla_get_u32(tbp[i])); 2026 break; 2027 case NDTPA_PROXY_QLEN: 2028 NEIGH_VAR_SET(p, PROXY_QLEN, 2029 nla_get_u32(tbp[i])); 2030 break; 2031 case NDTPA_APP_PROBES: 2032 NEIGH_VAR_SET(p, APP_PROBES, 2033 nla_get_u32(tbp[i])); 2034 break; 2035 case NDTPA_UCAST_PROBES: 2036 NEIGH_VAR_SET(p, UCAST_PROBES, 2037 nla_get_u32(tbp[i])); 2038 break; 2039 case NDTPA_MCAST_PROBES: 2040 NEIGH_VAR_SET(p, MCAST_PROBES, 2041 nla_get_u32(tbp[i])); 2042 break; 2043 case NDTPA_BASE_REACHABLE_TIME: 2044 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2045 nla_get_msecs(tbp[i])); 2046 /* update reachable_time as well, otherwise, the change will 2047 * only be effective after the next time neigh_periodic_work 2048 * decides to recompute it (can be multiple minutes) 2049 */ 2050 p->reachable_time = 2051 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2052 break; 2053 case NDTPA_GC_STALETIME: 2054 NEIGH_VAR_SET(p, GC_STALETIME, 2055 nla_get_msecs(tbp[i])); 2056 break; 2057 case NDTPA_DELAY_PROBE_TIME: 2058 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2059 nla_get_msecs(tbp[i])); 2060 break; 2061 case NDTPA_RETRANS_TIME: 2062 NEIGH_VAR_SET(p, RETRANS_TIME, 2063 nla_get_msecs(tbp[i])); 2064 break; 2065 case NDTPA_ANYCAST_DELAY: 2066 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2067 nla_get_msecs(tbp[i])); 2068 break; 2069 case NDTPA_PROXY_DELAY: 2070 NEIGH_VAR_SET(p, PROXY_DELAY, 2071 nla_get_msecs(tbp[i])); 2072 break; 2073 case NDTPA_LOCKTIME: 2074 NEIGH_VAR_SET(p, LOCKTIME, 2075 nla_get_msecs(tbp[i])); 2076 break; 2077 } 2078 } 2079 } 2080 2081 err = -ENOENT; 2082 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2083 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2084 !net_eq(net, &init_net)) 2085 goto errout_tbl_lock; 2086 2087 if (tb[NDTA_THRESH1]) 2088 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]); 2089 2090 if (tb[NDTA_THRESH2]) 2091 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]); 2092 2093 if (tb[NDTA_THRESH3]) 2094 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]); 2095 2096 if (tb[NDTA_GC_INTERVAL]) 2097 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]); 2098 2099 err = 0; 2100 2101 errout_tbl_lock: 2102 write_unlock_bh(&tbl->lock); 2103 errout: 2104 return err; 2105 } 2106 2107 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2108 { 2109 struct net *net = sock_net(skb->sk); 2110 int family, tidx, nidx = 0; 2111 int tbl_skip = cb->args[0]; 2112 int neigh_skip = cb->args[1]; 2113 struct neigh_table *tbl; 2114 2115 family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family; 2116 2117 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2118 struct neigh_parms *p; 2119 2120 tbl = neigh_tables[tidx]; 2121 if (!tbl) 2122 continue; 2123 2124 if (tidx < tbl_skip || (family && tbl->family != family)) 2125 continue; 2126 2127 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2128 cb->nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2129 NLM_F_MULTI) <= 0) 2130 break; 2131 2132 nidx = 0; 2133 p = list_next_entry(&tbl->parms, list); 2134 list_for_each_entry_from(p, &tbl->parms_list, list) { 2135 if (!net_eq(neigh_parms_net(p), net)) 2136 continue; 2137 2138 if (nidx < neigh_skip) 2139 goto next; 2140 2141 if (neightbl_fill_param_info(skb, tbl, p, 2142 NETLINK_CB(cb->skb).portid, 2143 cb->nlh->nlmsg_seq, 2144 RTM_NEWNEIGHTBL, 2145 NLM_F_MULTI) <= 0) 2146 goto out; 2147 next: 2148 nidx++; 2149 } 2150 2151 neigh_skip = 0; 2152 } 2153 out: 2154 cb->args[0] = tidx; 2155 cb->args[1] = nidx; 2156 2157 return skb->len; 2158 } 2159 2160 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2161 u32 pid, u32 seq, int type, unsigned int flags) 2162 { 2163 unsigned long now = jiffies; 2164 struct nda_cacheinfo ci; 2165 struct nlmsghdr *nlh; 2166 struct ndmsg *ndm; 2167 2168 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2169 if (nlh == NULL) 2170 return -EMSGSIZE; 2171 2172 ndm = nlmsg_data(nlh); 2173 ndm->ndm_family = neigh->ops->family; 2174 ndm->ndm_pad1 = 0; 2175 ndm->ndm_pad2 = 0; 2176 ndm->ndm_flags = neigh->flags; 2177 ndm->ndm_type = neigh->type; 2178 ndm->ndm_ifindex = neigh->dev->ifindex; 2179 2180 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2181 goto nla_put_failure; 2182 2183 read_lock_bh(&neigh->lock); 2184 ndm->ndm_state = neigh->nud_state; 2185 if (neigh->nud_state & NUD_VALID) { 2186 char haddr[MAX_ADDR_LEN]; 2187 2188 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2189 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2190 read_unlock_bh(&neigh->lock); 2191 goto nla_put_failure; 2192 } 2193 } 2194 2195 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2196 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2197 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2198 ci.ndm_refcnt = atomic_read(&neigh->refcnt) - 1; 2199 read_unlock_bh(&neigh->lock); 2200 2201 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2202 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2203 goto nla_put_failure; 2204 2205 return nlmsg_end(skb, nlh); 2206 2207 nla_put_failure: 2208 nlmsg_cancel(skb, nlh); 2209 return -EMSGSIZE; 2210 } 2211 2212 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2213 u32 pid, u32 seq, int type, unsigned int flags, 2214 struct neigh_table *tbl) 2215 { 2216 struct nlmsghdr *nlh; 2217 struct ndmsg *ndm; 2218 2219 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2220 if (nlh == NULL) 2221 return -EMSGSIZE; 2222 2223 ndm = nlmsg_data(nlh); 2224 ndm->ndm_family = tbl->family; 2225 ndm->ndm_pad1 = 0; 2226 ndm->ndm_pad2 = 0; 2227 ndm->ndm_flags = pn->flags | NTF_PROXY; 2228 ndm->ndm_type = RTN_UNICAST; 2229 ndm->ndm_ifindex = pn->dev->ifindex; 2230 ndm->ndm_state = NUD_NONE; 2231 2232 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2233 goto nla_put_failure; 2234 2235 return nlmsg_end(skb, nlh); 2236 2237 nla_put_failure: 2238 nlmsg_cancel(skb, nlh); 2239 return -EMSGSIZE; 2240 } 2241 2242 static void neigh_update_notify(struct neighbour *neigh) 2243 { 2244 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2245 __neigh_notify(neigh, RTM_NEWNEIGH, 0); 2246 } 2247 2248 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2249 struct netlink_callback *cb) 2250 { 2251 struct net *net = sock_net(skb->sk); 2252 struct neighbour *n; 2253 int rc, h, s_h = cb->args[1]; 2254 int idx, s_idx = idx = cb->args[2]; 2255 struct neigh_hash_table *nht; 2256 2257 rcu_read_lock_bh(); 2258 nht = rcu_dereference_bh(tbl->nht); 2259 2260 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2261 if (h > s_h) 2262 s_idx = 0; 2263 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0; 2264 n != NULL; 2265 n = rcu_dereference_bh(n->next)) { 2266 if (!net_eq(dev_net(n->dev), net)) 2267 continue; 2268 if (idx < s_idx) 2269 goto next; 2270 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2271 cb->nlh->nlmsg_seq, 2272 RTM_NEWNEIGH, 2273 NLM_F_MULTI) <= 0) { 2274 rc = -1; 2275 goto out; 2276 } 2277 next: 2278 idx++; 2279 } 2280 } 2281 rc = skb->len; 2282 out: 2283 rcu_read_unlock_bh(); 2284 cb->args[1] = h; 2285 cb->args[2] = idx; 2286 return rc; 2287 } 2288 2289 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2290 struct netlink_callback *cb) 2291 { 2292 struct pneigh_entry *n; 2293 struct net *net = sock_net(skb->sk); 2294 int rc, h, s_h = cb->args[3]; 2295 int idx, s_idx = idx = cb->args[4]; 2296 2297 read_lock_bh(&tbl->lock); 2298 2299 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2300 if (h > s_h) 2301 s_idx = 0; 2302 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2303 if (dev_net(n->dev) != net) 2304 continue; 2305 if (idx < s_idx) 2306 goto next; 2307 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2308 cb->nlh->nlmsg_seq, 2309 RTM_NEWNEIGH, 2310 NLM_F_MULTI, tbl) <= 0) { 2311 read_unlock_bh(&tbl->lock); 2312 rc = -1; 2313 goto out; 2314 } 2315 next: 2316 idx++; 2317 } 2318 } 2319 2320 read_unlock_bh(&tbl->lock); 2321 rc = skb->len; 2322 out: 2323 cb->args[3] = h; 2324 cb->args[4] = idx; 2325 return rc; 2326 2327 } 2328 2329 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2330 { 2331 struct neigh_table *tbl; 2332 int t, family, s_t; 2333 int proxy = 0; 2334 int err; 2335 2336 family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family; 2337 2338 /* check for full ndmsg structure presence, family member is 2339 * the same for both structures 2340 */ 2341 if (nlmsg_len(cb->nlh) >= sizeof(struct ndmsg) && 2342 ((struct ndmsg *) nlmsg_data(cb->nlh))->ndm_flags == NTF_PROXY) 2343 proxy = 1; 2344 2345 s_t = cb->args[0]; 2346 2347 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2348 tbl = neigh_tables[t]; 2349 2350 if (!tbl) 2351 continue; 2352 if (t < s_t || (family && tbl->family != family)) 2353 continue; 2354 if (t > s_t) 2355 memset(&cb->args[1], 0, sizeof(cb->args) - 2356 sizeof(cb->args[0])); 2357 if (proxy) 2358 err = pneigh_dump_table(tbl, skb, cb); 2359 else 2360 err = neigh_dump_table(tbl, skb, cb); 2361 if (err < 0) 2362 break; 2363 } 2364 2365 cb->args[0] = t; 2366 return skb->len; 2367 } 2368 2369 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 2370 { 2371 int chain; 2372 struct neigh_hash_table *nht; 2373 2374 rcu_read_lock_bh(); 2375 nht = rcu_dereference_bh(tbl->nht); 2376 2377 read_lock(&tbl->lock); /* avoid resizes */ 2378 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 2379 struct neighbour *n; 2380 2381 for (n = rcu_dereference_bh(nht->hash_buckets[chain]); 2382 n != NULL; 2383 n = rcu_dereference_bh(n->next)) 2384 cb(n, cookie); 2385 } 2386 read_unlock(&tbl->lock); 2387 rcu_read_unlock_bh(); 2388 } 2389 EXPORT_SYMBOL(neigh_for_each); 2390 2391 /* The tbl->lock must be held as a writer and BH disabled. */ 2392 void __neigh_for_each_release(struct neigh_table *tbl, 2393 int (*cb)(struct neighbour *)) 2394 { 2395 int chain; 2396 struct neigh_hash_table *nht; 2397 2398 nht = rcu_dereference_protected(tbl->nht, 2399 lockdep_is_held(&tbl->lock)); 2400 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 2401 struct neighbour *n; 2402 struct neighbour __rcu **np; 2403 2404 np = &nht->hash_buckets[chain]; 2405 while ((n = rcu_dereference_protected(*np, 2406 lockdep_is_held(&tbl->lock))) != NULL) { 2407 int release; 2408 2409 write_lock(&n->lock); 2410 release = cb(n); 2411 if (release) { 2412 rcu_assign_pointer(*np, 2413 rcu_dereference_protected(n->next, 2414 lockdep_is_held(&tbl->lock))); 2415 n->dead = 1; 2416 } else 2417 np = &n->next; 2418 write_unlock(&n->lock); 2419 if (release) 2420 neigh_cleanup_and_release(n); 2421 } 2422 } 2423 } 2424 EXPORT_SYMBOL(__neigh_for_each_release); 2425 2426 #ifdef CONFIG_PROC_FS 2427 2428 static struct neighbour *neigh_get_first(struct seq_file *seq) 2429 { 2430 struct neigh_seq_state *state = seq->private; 2431 struct net *net = seq_file_net(seq); 2432 struct neigh_hash_table *nht = state->nht; 2433 struct neighbour *n = NULL; 2434 int bucket = state->bucket; 2435 2436 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 2437 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 2438 n = rcu_dereference_bh(nht->hash_buckets[bucket]); 2439 2440 while (n) { 2441 if (!net_eq(dev_net(n->dev), net)) 2442 goto next; 2443 if (state->neigh_sub_iter) { 2444 loff_t fakep = 0; 2445 void *v; 2446 2447 v = state->neigh_sub_iter(state, n, &fakep); 2448 if (!v) 2449 goto next; 2450 } 2451 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 2452 break; 2453 if (n->nud_state & ~NUD_NOARP) 2454 break; 2455 next: 2456 n = rcu_dereference_bh(n->next); 2457 } 2458 2459 if (n) 2460 break; 2461 } 2462 state->bucket = bucket; 2463 2464 return n; 2465 } 2466 2467 static struct neighbour *neigh_get_next(struct seq_file *seq, 2468 struct neighbour *n, 2469 loff_t *pos) 2470 { 2471 struct neigh_seq_state *state = seq->private; 2472 struct net *net = seq_file_net(seq); 2473 struct neigh_hash_table *nht = state->nht; 2474 2475 if (state->neigh_sub_iter) { 2476 void *v = state->neigh_sub_iter(state, n, pos); 2477 if (v) 2478 return n; 2479 } 2480 n = rcu_dereference_bh(n->next); 2481 2482 while (1) { 2483 while (n) { 2484 if (!net_eq(dev_net(n->dev), net)) 2485 goto next; 2486 if (state->neigh_sub_iter) { 2487 void *v = state->neigh_sub_iter(state, n, pos); 2488 if (v) 2489 return n; 2490 goto next; 2491 } 2492 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 2493 break; 2494 2495 if (n->nud_state & ~NUD_NOARP) 2496 break; 2497 next: 2498 n = rcu_dereference_bh(n->next); 2499 } 2500 2501 if (n) 2502 break; 2503 2504 if (++state->bucket >= (1 << nht->hash_shift)) 2505 break; 2506 2507 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]); 2508 } 2509 2510 if (n && pos) 2511 --(*pos); 2512 return n; 2513 } 2514 2515 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 2516 { 2517 struct neighbour *n = neigh_get_first(seq); 2518 2519 if (n) { 2520 --(*pos); 2521 while (*pos) { 2522 n = neigh_get_next(seq, n, pos); 2523 if (!n) 2524 break; 2525 } 2526 } 2527 return *pos ? NULL : n; 2528 } 2529 2530 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 2531 { 2532 struct neigh_seq_state *state = seq->private; 2533 struct net *net = seq_file_net(seq); 2534 struct neigh_table *tbl = state->tbl; 2535 struct pneigh_entry *pn = NULL; 2536 int bucket = state->bucket; 2537 2538 state->flags |= NEIGH_SEQ_IS_PNEIGH; 2539 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 2540 pn = tbl->phash_buckets[bucket]; 2541 while (pn && !net_eq(pneigh_net(pn), net)) 2542 pn = pn->next; 2543 if (pn) 2544 break; 2545 } 2546 state->bucket = bucket; 2547 2548 return pn; 2549 } 2550 2551 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 2552 struct pneigh_entry *pn, 2553 loff_t *pos) 2554 { 2555 struct neigh_seq_state *state = seq->private; 2556 struct net *net = seq_file_net(seq); 2557 struct neigh_table *tbl = state->tbl; 2558 2559 do { 2560 pn = pn->next; 2561 } while (pn && !net_eq(pneigh_net(pn), net)); 2562 2563 while (!pn) { 2564 if (++state->bucket > PNEIGH_HASHMASK) 2565 break; 2566 pn = tbl->phash_buckets[state->bucket]; 2567 while (pn && !net_eq(pneigh_net(pn), net)) 2568 pn = pn->next; 2569 if (pn) 2570 break; 2571 } 2572 2573 if (pn && pos) 2574 --(*pos); 2575 2576 return pn; 2577 } 2578 2579 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 2580 { 2581 struct pneigh_entry *pn = pneigh_get_first(seq); 2582 2583 if (pn) { 2584 --(*pos); 2585 while (*pos) { 2586 pn = pneigh_get_next(seq, pn, pos); 2587 if (!pn) 2588 break; 2589 } 2590 } 2591 return *pos ? NULL : pn; 2592 } 2593 2594 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 2595 { 2596 struct neigh_seq_state *state = seq->private; 2597 void *rc; 2598 loff_t idxpos = *pos; 2599 2600 rc = neigh_get_idx(seq, &idxpos); 2601 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 2602 rc = pneigh_get_idx(seq, &idxpos); 2603 2604 return rc; 2605 } 2606 2607 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 2608 __acquires(rcu_bh) 2609 { 2610 struct neigh_seq_state *state = seq->private; 2611 2612 state->tbl = tbl; 2613 state->bucket = 0; 2614 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 2615 2616 rcu_read_lock_bh(); 2617 state->nht = rcu_dereference_bh(tbl->nht); 2618 2619 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 2620 } 2621 EXPORT_SYMBOL(neigh_seq_start); 2622 2623 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2624 { 2625 struct neigh_seq_state *state; 2626 void *rc; 2627 2628 if (v == SEQ_START_TOKEN) { 2629 rc = neigh_get_first(seq); 2630 goto out; 2631 } 2632 2633 state = seq->private; 2634 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 2635 rc = neigh_get_next(seq, v, NULL); 2636 if (rc) 2637 goto out; 2638 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 2639 rc = pneigh_get_first(seq); 2640 } else { 2641 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 2642 rc = pneigh_get_next(seq, v, NULL); 2643 } 2644 out: 2645 ++(*pos); 2646 return rc; 2647 } 2648 EXPORT_SYMBOL(neigh_seq_next); 2649 2650 void neigh_seq_stop(struct seq_file *seq, void *v) 2651 __releases(rcu_bh) 2652 { 2653 rcu_read_unlock_bh(); 2654 } 2655 EXPORT_SYMBOL(neigh_seq_stop); 2656 2657 /* statistics via seq_file */ 2658 2659 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 2660 { 2661 struct neigh_table *tbl = seq->private; 2662 int cpu; 2663 2664 if (*pos == 0) 2665 return SEQ_START_TOKEN; 2666 2667 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 2668 if (!cpu_possible(cpu)) 2669 continue; 2670 *pos = cpu+1; 2671 return per_cpu_ptr(tbl->stats, cpu); 2672 } 2673 return NULL; 2674 } 2675 2676 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2677 { 2678 struct neigh_table *tbl = seq->private; 2679 int cpu; 2680 2681 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 2682 if (!cpu_possible(cpu)) 2683 continue; 2684 *pos = cpu+1; 2685 return per_cpu_ptr(tbl->stats, cpu); 2686 } 2687 return NULL; 2688 } 2689 2690 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 2691 { 2692 2693 } 2694 2695 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 2696 { 2697 struct neigh_table *tbl = seq->private; 2698 struct neigh_statistics *st = v; 2699 2700 if (v == SEQ_START_TOKEN) { 2701 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards\n"); 2702 return 0; 2703 } 2704 2705 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 2706 "%08lx %08lx %08lx %08lx %08lx\n", 2707 atomic_read(&tbl->entries), 2708 2709 st->allocs, 2710 st->destroys, 2711 st->hash_grows, 2712 2713 st->lookups, 2714 st->hits, 2715 2716 st->res_failed, 2717 2718 st->rcv_probes_mcast, 2719 st->rcv_probes_ucast, 2720 2721 st->periodic_gc_runs, 2722 st->forced_gc_runs, 2723 st->unres_discards 2724 ); 2725 2726 return 0; 2727 } 2728 2729 static const struct seq_operations neigh_stat_seq_ops = { 2730 .start = neigh_stat_seq_start, 2731 .next = neigh_stat_seq_next, 2732 .stop = neigh_stat_seq_stop, 2733 .show = neigh_stat_seq_show, 2734 }; 2735 2736 static int neigh_stat_seq_open(struct inode *inode, struct file *file) 2737 { 2738 int ret = seq_open(file, &neigh_stat_seq_ops); 2739 2740 if (!ret) { 2741 struct seq_file *sf = file->private_data; 2742 sf->private = PDE_DATA(inode); 2743 } 2744 return ret; 2745 }; 2746 2747 static const struct file_operations neigh_stat_seq_fops = { 2748 .owner = THIS_MODULE, 2749 .open = neigh_stat_seq_open, 2750 .read = seq_read, 2751 .llseek = seq_lseek, 2752 .release = seq_release, 2753 }; 2754 2755 #endif /* CONFIG_PROC_FS */ 2756 2757 static inline size_t neigh_nlmsg_size(void) 2758 { 2759 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2760 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2761 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2762 + nla_total_size(sizeof(struct nda_cacheinfo)) 2763 + nla_total_size(4); /* NDA_PROBES */ 2764 } 2765 2766 static void __neigh_notify(struct neighbour *n, int type, int flags) 2767 { 2768 struct net *net = dev_net(n->dev); 2769 struct sk_buff *skb; 2770 int err = -ENOBUFS; 2771 2772 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 2773 if (skb == NULL) 2774 goto errout; 2775 2776 err = neigh_fill_info(skb, n, 0, 0, type, flags); 2777 if (err < 0) { 2778 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 2779 WARN_ON(err == -EMSGSIZE); 2780 kfree_skb(skb); 2781 goto errout; 2782 } 2783 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 2784 return; 2785 errout: 2786 if (err < 0) 2787 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 2788 } 2789 2790 void neigh_app_ns(struct neighbour *n) 2791 { 2792 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST); 2793 } 2794 EXPORT_SYMBOL(neigh_app_ns); 2795 2796 #ifdef CONFIG_SYSCTL 2797 static int zero; 2798 static int int_max = INT_MAX; 2799 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 2800 2801 static int proc_unres_qlen(struct ctl_table *ctl, int write, 2802 void __user *buffer, size_t *lenp, loff_t *ppos) 2803 { 2804 int size, ret; 2805 struct ctl_table tmp = *ctl; 2806 2807 tmp.extra1 = &zero; 2808 tmp.extra2 = &unres_qlen_max; 2809 tmp.data = &size; 2810 2811 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 2812 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 2813 2814 if (write && !ret) 2815 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 2816 return ret; 2817 } 2818 2819 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 2820 int family) 2821 { 2822 switch (family) { 2823 case AF_INET: 2824 return __in_dev_arp_parms_get_rcu(dev); 2825 case AF_INET6: 2826 return __in6_dev_nd_parms_get_rcu(dev); 2827 } 2828 return NULL; 2829 } 2830 2831 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 2832 int index) 2833 { 2834 struct net_device *dev; 2835 int family = neigh_parms_family(p); 2836 2837 rcu_read_lock(); 2838 for_each_netdev_rcu(net, dev) { 2839 struct neigh_parms *dst_p = 2840 neigh_get_dev_parms_rcu(dev, family); 2841 2842 if (dst_p && !test_bit(index, dst_p->data_state)) 2843 dst_p->data[index] = p->data[index]; 2844 } 2845 rcu_read_unlock(); 2846 } 2847 2848 static void neigh_proc_update(struct ctl_table *ctl, int write) 2849 { 2850 struct net_device *dev = ctl->extra1; 2851 struct neigh_parms *p = ctl->extra2; 2852 struct net *net = neigh_parms_net(p); 2853 int index = (int *) ctl->data - p->data; 2854 2855 if (!write) 2856 return; 2857 2858 set_bit(index, p->data_state); 2859 if (!dev) /* NULL dev means this is default value */ 2860 neigh_copy_dflt_parms(net, p, index); 2861 } 2862 2863 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 2864 void __user *buffer, 2865 size_t *lenp, loff_t *ppos) 2866 { 2867 struct ctl_table tmp = *ctl; 2868 int ret; 2869 2870 tmp.extra1 = &zero; 2871 tmp.extra2 = &int_max; 2872 2873 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 2874 neigh_proc_update(ctl, write); 2875 return ret; 2876 } 2877 2878 int neigh_proc_dointvec(struct ctl_table *ctl, int write, 2879 void __user *buffer, size_t *lenp, loff_t *ppos) 2880 { 2881 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2882 2883 neigh_proc_update(ctl, write); 2884 return ret; 2885 } 2886 EXPORT_SYMBOL(neigh_proc_dointvec); 2887 2888 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, 2889 void __user *buffer, 2890 size_t *lenp, loff_t *ppos) 2891 { 2892 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 2893 2894 neigh_proc_update(ctl, write); 2895 return ret; 2896 } 2897 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 2898 2899 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 2900 void __user *buffer, 2901 size_t *lenp, loff_t *ppos) 2902 { 2903 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 2904 2905 neigh_proc_update(ctl, write); 2906 return ret; 2907 } 2908 2909 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 2910 void __user *buffer, 2911 size_t *lenp, loff_t *ppos) 2912 { 2913 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 2914 2915 neigh_proc_update(ctl, write); 2916 return ret; 2917 } 2918 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 2919 2920 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 2921 void __user *buffer, 2922 size_t *lenp, loff_t *ppos) 2923 { 2924 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 2925 2926 neigh_proc_update(ctl, write); 2927 return ret; 2928 } 2929 2930 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 2931 void __user *buffer, 2932 size_t *lenp, loff_t *ppos) 2933 { 2934 struct neigh_parms *p = ctl->extra2; 2935 int ret; 2936 2937 if (strcmp(ctl->procname, "base_reachable_time") == 0) 2938 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 2939 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 2940 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 2941 else 2942 ret = -1; 2943 2944 if (write && ret == 0) { 2945 /* update reachable_time as well, otherwise, the change will 2946 * only be effective after the next time neigh_periodic_work 2947 * decides to recompute it 2948 */ 2949 p->reachable_time = 2950 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2951 } 2952 return ret; 2953 } 2954 2955 #define NEIGH_PARMS_DATA_OFFSET(index) \ 2956 (&((struct neigh_parms *) 0)->data[index]) 2957 2958 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 2959 [NEIGH_VAR_ ## attr] = { \ 2960 .procname = name, \ 2961 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 2962 .maxlen = sizeof(int), \ 2963 .mode = mval, \ 2964 .proc_handler = proc, \ 2965 } 2966 2967 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 2968 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 2969 2970 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 2971 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 2972 2973 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 2974 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 2975 2976 #define NEIGH_SYSCTL_MS_JIFFIES_ENTRY(attr, name) \ 2977 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 2978 2979 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 2980 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 2981 2982 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 2983 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 2984 2985 static struct neigh_sysctl_table { 2986 struct ctl_table_header *sysctl_header; 2987 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1]; 2988 } neigh_sysctl_template __read_mostly = { 2989 .neigh_vars = { 2990 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 2991 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 2992 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 2993 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 2994 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 2995 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 2996 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 2997 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 2998 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 2999 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3000 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3001 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3002 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3003 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3004 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3005 [NEIGH_VAR_GC_INTERVAL] = { 3006 .procname = "gc_interval", 3007 .maxlen = sizeof(int), 3008 .mode = 0644, 3009 .proc_handler = proc_dointvec_jiffies, 3010 }, 3011 [NEIGH_VAR_GC_THRESH1] = { 3012 .procname = "gc_thresh1", 3013 .maxlen = sizeof(int), 3014 .mode = 0644, 3015 .extra1 = &zero, 3016 .extra2 = &int_max, 3017 .proc_handler = proc_dointvec_minmax, 3018 }, 3019 [NEIGH_VAR_GC_THRESH2] = { 3020 .procname = "gc_thresh2", 3021 .maxlen = sizeof(int), 3022 .mode = 0644, 3023 .extra1 = &zero, 3024 .extra2 = &int_max, 3025 .proc_handler = proc_dointvec_minmax, 3026 }, 3027 [NEIGH_VAR_GC_THRESH3] = { 3028 .procname = "gc_thresh3", 3029 .maxlen = sizeof(int), 3030 .mode = 0644, 3031 .extra1 = &zero, 3032 .extra2 = &int_max, 3033 .proc_handler = proc_dointvec_minmax, 3034 }, 3035 {}, 3036 }, 3037 }; 3038 3039 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3040 proc_handler *handler) 3041 { 3042 int i; 3043 struct neigh_sysctl_table *t; 3044 const char *dev_name_source; 3045 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3046 char *p_name; 3047 3048 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL); 3049 if (!t) 3050 goto err; 3051 3052 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3053 t->neigh_vars[i].data += (long) p; 3054 t->neigh_vars[i].extra1 = dev; 3055 t->neigh_vars[i].extra2 = p; 3056 } 3057 3058 if (dev) { 3059 dev_name_source = dev->name; 3060 /* Terminate the table early */ 3061 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0, 3062 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL])); 3063 } else { 3064 struct neigh_table *tbl = p->tbl; 3065 dev_name_source = "default"; 3066 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3067 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3068 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3069 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3070 } 3071 3072 if (handler) { 3073 /* RetransTime */ 3074 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3075 /* ReachableTime */ 3076 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3077 /* RetransTime (in milliseconds)*/ 3078 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3079 /* ReachableTime (in milliseconds) */ 3080 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3081 } else { 3082 /* Those handlers will update p->reachable_time after 3083 * base_reachable_time(_ms) is set to ensure the new timer starts being 3084 * applied after the next neighbour update instead of waiting for 3085 * neigh_periodic_work to update its value (can be multiple minutes) 3086 * So any handler that replaces them should do this as well 3087 */ 3088 /* ReachableTime */ 3089 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3090 neigh_proc_base_reachable_time; 3091 /* ReachableTime (in milliseconds) */ 3092 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3093 neigh_proc_base_reachable_time; 3094 } 3095 3096 /* Don't export sysctls to unprivileged users */ 3097 if (neigh_parms_net(p)->user_ns != &init_user_ns) 3098 t->neigh_vars[0].procname = NULL; 3099 3100 switch (neigh_parms_family(p)) { 3101 case AF_INET: 3102 p_name = "ipv4"; 3103 break; 3104 case AF_INET6: 3105 p_name = "ipv6"; 3106 break; 3107 default: 3108 BUG(); 3109 } 3110 3111 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3112 p_name, dev_name_source); 3113 t->sysctl_header = 3114 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars); 3115 if (!t->sysctl_header) 3116 goto free; 3117 3118 p->sysctl_table = t; 3119 return 0; 3120 3121 free: 3122 kfree(t); 3123 err: 3124 return -ENOBUFS; 3125 } 3126 EXPORT_SYMBOL(neigh_sysctl_register); 3127 3128 void neigh_sysctl_unregister(struct neigh_parms *p) 3129 { 3130 if (p->sysctl_table) { 3131 struct neigh_sysctl_table *t = p->sysctl_table; 3132 p->sysctl_table = NULL; 3133 unregister_net_sysctl_table(t->sysctl_header); 3134 kfree(t); 3135 } 3136 } 3137 EXPORT_SYMBOL(neigh_sysctl_unregister); 3138 3139 #endif /* CONFIG_SYSCTL */ 3140 3141 static int __init neigh_init(void) 3142 { 3143 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, NULL); 3144 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, NULL); 3145 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, NULL, neigh_dump_info, NULL); 3146 3147 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info, 3148 NULL); 3149 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, NULL); 3150 3151 return 0; 3152 } 3153 3154 subsys_initcall(neigh_init); 3155 3156