xref: /openbmc/linux/net/ipv4/arp.c (revision 1b39e7607144337d752f36c2068ed79447462f99)
1  // SPDX-License-Identifier: GPL-2.0-or-later
2  /* linux/net/ipv4/arp.c
3   *
4   * Copyright (C) 1994 by Florian  La Roche
5   *
6   * This module implements the Address Resolution Protocol ARP (RFC 826),
7   * which is used to convert IP addresses (or in the future maybe other
8   * high-level addresses) into a low-level hardware address (like an Ethernet
9   * address).
10   *
11   * Fixes:
12   *		Alan Cox	:	Removed the Ethernet assumptions in
13   *					Florian's code
14   *		Alan Cox	:	Fixed some small errors in the ARP
15   *					logic
16   *		Alan Cox	:	Allow >4K in /proc
17   *		Alan Cox	:	Make ARP add its own protocol entry
18   *		Ross Martin     :       Rewrote arp_rcv() and arp_get_info()
19   *		Stephen Henson	:	Add AX25 support to arp_get_info()
20   *		Alan Cox	:	Drop data when a device is downed.
21   *		Alan Cox	:	Use init_timer().
22   *		Alan Cox	:	Double lock fixes.
23   *		Martin Seine	:	Move the arphdr structure
24   *					to if_arp.h for compatibility.
25   *					with BSD based programs.
26   *		Andrew Tridgell :       Added ARP netmask code and
27   *					re-arranged proxy handling.
28   *		Alan Cox	:	Changed to use notifiers.
29   *		Niibe Yutaka	:	Reply for this device or proxies only.
30   *		Alan Cox	:	Don't proxy across hardware types!
31   *		Jonathan Naylor :	Added support for NET/ROM.
32   *		Mike Shaver     :       RFC1122 checks.
33   *		Jonathan Naylor :	Only lookup the hardware address for
34   *					the correct hardware type.
35   *		Germano Caronni	:	Assorted subtle races.
36   *		Craig Schlenter :	Don't modify permanent entry
37   *					during arp_rcv.
38   *		Russ Nelson	:	Tidied up a few bits.
39   *		Alexey Kuznetsov:	Major changes to caching and behaviour,
40   *					eg intelligent arp probing and
41   *					generation
42   *					of host down events.
43   *		Alan Cox	:	Missing unlock in device events.
44   *		Eckes		:	ARP ioctl control errors.
45   *		Alexey Kuznetsov:	Arp free fix.
46   *		Manuel Rodriguez:	Gratuitous ARP.
47   *              Jonathan Layes  :       Added arpd support through kerneld
48   *                                      message queue (960314)
49   *		Mike Shaver	:	/proc/sys/net/ipv4/arp_* support
50   *		Mike McLagan    :	Routing by source
51   *		Stuart Cheshire	:	Metricom and grat arp fixes
52   *					*** FOR 2.1 clean this up ***
53   *		Lawrence V. Stefani: (08/12/96) Added FDDI support.
54   *		Alan Cox	:	Took the AP1000 nasty FDDI hack and
55   *					folded into the mainstream FDDI code.
56   *					Ack spit, Linus how did you allow that
57   *					one in...
58   *		Jes Sorensen	:	Make FDDI work again in 2.1.x and
59   *					clean up the APFDDI & gen. FDDI bits.
60   *		Alexey Kuznetsov:	new arp state machine;
61   *					now it is in net/core/neighbour.c.
62   *		Krzysztof Halasa:	Added Frame Relay ARP support.
63   *		Arnaldo C. Melo :	convert /proc/net/arp to seq_file
64   *		Shmulik Hen:		Split arp_send to arp_create and
65   *					arp_xmit so intermediate drivers like
66   *					bonding can change the skb before
67   *					sending (e.g. insert 8021q tag).
68   *		Harald Welte	:	convert to make use of jenkins hash
69   *		Jesper D. Brouer:       Proxy ARP PVLAN RFC 3069 support.
70   */
71  
72  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
73  
74  #include <linux/module.h>
75  #include <linux/types.h>
76  #include <linux/string.h>
77  #include <linux/kernel.h>
78  #include <linux/capability.h>
79  #include <linux/socket.h>
80  #include <linux/sockios.h>
81  #include <linux/errno.h>
82  #include <linux/in.h>
83  #include <linux/mm.h>
84  #include <linux/inet.h>
85  #include <linux/inetdevice.h>
86  #include <linux/netdevice.h>
87  #include <linux/etherdevice.h>
88  #include <linux/fddidevice.h>
89  #include <linux/if_arp.h>
90  #include <linux/skbuff.h>
91  #include <linux/proc_fs.h>
92  #include <linux/seq_file.h>
93  #include <linux/stat.h>
94  #include <linux/init.h>
95  #include <linux/net.h>
96  #include <linux/rcupdate.h>
97  #include <linux/slab.h>
98  #ifdef CONFIG_SYSCTL
99  #include <linux/sysctl.h>
100  #endif
101  
102  #include <net/net_namespace.h>
103  #include <net/ip.h>
104  #include <net/icmp.h>
105  #include <net/route.h>
106  #include <net/protocol.h>
107  #include <net/tcp.h>
108  #include <net/sock.h>
109  #include <net/arp.h>
110  #include <net/ax25.h>
111  #include <net/netrom.h>
112  #include <net/dst_metadata.h>
113  #include <net/ip_tunnels.h>
114  
115  #include <linux/uaccess.h>
116  
117  #include <linux/netfilter_arp.h>
118  
119  /*
120   *	Interface to generic neighbour cache.
121   */
122  static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 *hash_rnd);
123  static bool arp_key_eq(const struct neighbour *n, const void *pkey);
124  static int arp_constructor(struct neighbour *neigh);
125  static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb);
126  static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb);
127  static void parp_redo(struct sk_buff *skb);
128  static int arp_is_multicast(const void *pkey);
129  
130  static const struct neigh_ops arp_generic_ops = {
131  	.family =		AF_INET,
132  	.solicit =		arp_solicit,
133  	.error_report =		arp_error_report,
134  	.output =		neigh_resolve_output,
135  	.connected_output =	neigh_connected_output,
136  };
137  
138  static const struct neigh_ops arp_hh_ops = {
139  	.family =		AF_INET,
140  	.solicit =		arp_solicit,
141  	.error_report =		arp_error_report,
142  	.output =		neigh_resolve_output,
143  	.connected_output =	neigh_resolve_output,
144  };
145  
146  static const struct neigh_ops arp_direct_ops = {
147  	.family =		AF_INET,
148  	.output =		neigh_direct_output,
149  	.connected_output =	neigh_direct_output,
150  };
151  
152  struct neigh_table arp_tbl = {
153  	.family		= AF_INET,
154  	.key_len	= 4,
155  	.protocol	= cpu_to_be16(ETH_P_IP),
156  	.hash		= arp_hash,
157  	.key_eq		= arp_key_eq,
158  	.constructor	= arp_constructor,
159  	.proxy_redo	= parp_redo,
160  	.is_multicast	= arp_is_multicast,
161  	.id		= "arp_cache",
162  	.parms		= {
163  		.tbl			= &arp_tbl,
164  		.reachable_time		= 30 * HZ,
165  		.data	= {
166  			[NEIGH_VAR_MCAST_PROBES] = 3,
167  			[NEIGH_VAR_UCAST_PROBES] = 3,
168  			[NEIGH_VAR_RETRANS_TIME] = 1 * HZ,
169  			[NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ,
170  			[NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
171  			[NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
172  			[NEIGH_VAR_GC_STALETIME] = 60 * HZ,
173  			[NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
174  			[NEIGH_VAR_PROXY_QLEN] = 64,
175  			[NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
176  			[NEIGH_VAR_PROXY_DELAY]	= (8 * HZ) / 10,
177  			[NEIGH_VAR_LOCKTIME] = 1 * HZ,
178  		},
179  	},
180  	.gc_interval	= 30 * HZ,
181  	.gc_thresh1	= 128,
182  	.gc_thresh2	= 512,
183  	.gc_thresh3	= 1024,
184  };
185  EXPORT_SYMBOL(arp_tbl);
186  
187  int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
188  {
189  	switch (dev->type) {
190  	case ARPHRD_ETHER:
191  	case ARPHRD_FDDI:
192  	case ARPHRD_IEEE802:
193  		ip_eth_mc_map(addr, haddr);
194  		return 0;
195  	case ARPHRD_INFINIBAND:
196  		ip_ib_mc_map(addr, dev->broadcast, haddr);
197  		return 0;
198  	case ARPHRD_IPGRE:
199  		ip_ipgre_mc_map(addr, dev->broadcast, haddr);
200  		return 0;
201  	default:
202  		if (dir) {
203  			memcpy(haddr, dev->broadcast, dev->addr_len);
204  			return 0;
205  		}
206  	}
207  	return -EINVAL;
208  }
209  
210  
211  static u32 arp_hash(const void *pkey,
212  		    const struct net_device *dev,
213  		    __u32 *hash_rnd)
214  {
215  	return arp_hashfn(pkey, dev, hash_rnd);
216  }
217  
218  static bool arp_key_eq(const struct neighbour *neigh, const void *pkey)
219  {
220  	return neigh_key_eq32(neigh, pkey);
221  }
222  
223  static int arp_constructor(struct neighbour *neigh)
224  {
225  	__be32 addr;
226  	struct net_device *dev = neigh->dev;
227  	struct in_device *in_dev;
228  	struct neigh_parms *parms;
229  	u32 inaddr_any = INADDR_ANY;
230  
231  	if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))
232  		memcpy(neigh->primary_key, &inaddr_any, arp_tbl.key_len);
233  
234  	addr = *(__be32 *)neigh->primary_key;
235  	rcu_read_lock();
236  	in_dev = __in_dev_get_rcu(dev);
237  	if (!in_dev) {
238  		rcu_read_unlock();
239  		return -EINVAL;
240  	}
241  
242  	neigh->type = inet_addr_type_dev_table(dev_net(dev), dev, addr);
243  
244  	parms = in_dev->arp_parms;
245  	__neigh_parms_put(neigh->parms);
246  	neigh->parms = neigh_parms_clone(parms);
247  	rcu_read_unlock();
248  
249  	if (!dev->header_ops) {
250  		neigh->nud_state = NUD_NOARP;
251  		neigh->ops = &arp_direct_ops;
252  		neigh->output = neigh_direct_output;
253  	} else {
254  		/* Good devices (checked by reading texts, but only Ethernet is
255  		   tested)
256  
257  		   ARPHRD_ETHER: (ethernet, apfddi)
258  		   ARPHRD_FDDI: (fddi)
259  		   ARPHRD_IEEE802: (tr)
260  		   ARPHRD_METRICOM: (strip)
261  		   ARPHRD_ARCNET:
262  		   etc. etc. etc.
263  
264  		   ARPHRD_IPDDP will also work, if author repairs it.
265  		   I did not it, because this driver does not work even
266  		   in old paradigm.
267  		 */
268  
269  		if (neigh->type == RTN_MULTICAST) {
270  			neigh->nud_state = NUD_NOARP;
271  			arp_mc_map(addr, neigh->ha, dev, 1);
272  		} else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) {
273  			neigh->nud_state = NUD_NOARP;
274  			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
275  		} else if (neigh->type == RTN_BROADCAST ||
276  			   (dev->flags & IFF_POINTOPOINT)) {
277  			neigh->nud_state = NUD_NOARP;
278  			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
279  		}
280  
281  		if (dev->header_ops->cache)
282  			neigh->ops = &arp_hh_ops;
283  		else
284  			neigh->ops = &arp_generic_ops;
285  
286  		if (neigh->nud_state & NUD_VALID)
287  			neigh->output = neigh->ops->connected_output;
288  		else
289  			neigh->output = neigh->ops->output;
290  	}
291  	return 0;
292  }
293  
294  static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb)
295  {
296  	dst_link_failure(skb);
297  	kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
298  }
299  
300  /* Create and send an arp packet. */
301  static void arp_send_dst(int type, int ptype, __be32 dest_ip,
302  			 struct net_device *dev, __be32 src_ip,
303  			 const unsigned char *dest_hw,
304  			 const unsigned char *src_hw,
305  			 const unsigned char *target_hw,
306  			 struct dst_entry *dst)
307  {
308  	struct sk_buff *skb;
309  
310  	/* arp on this interface. */
311  	if (dev->flags & IFF_NOARP)
312  		return;
313  
314  	skb = arp_create(type, ptype, dest_ip, dev, src_ip,
315  			 dest_hw, src_hw, target_hw);
316  	if (!skb)
317  		return;
318  
319  	skb_dst_set(skb, dst_clone(dst));
320  	arp_xmit(skb);
321  }
322  
323  void arp_send(int type, int ptype, __be32 dest_ip,
324  	      struct net_device *dev, __be32 src_ip,
325  	      const unsigned char *dest_hw, const unsigned char *src_hw,
326  	      const unsigned char *target_hw)
327  {
328  	arp_send_dst(type, ptype, dest_ip, dev, src_ip, dest_hw, src_hw,
329  		     target_hw, NULL);
330  }
331  EXPORT_SYMBOL(arp_send);
332  
333  static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
334  {
335  	__be32 saddr = 0;
336  	u8 dst_ha[MAX_ADDR_LEN], *dst_hw = NULL;
337  	struct net_device *dev = neigh->dev;
338  	__be32 target = *(__be32 *)neigh->primary_key;
339  	int probes = atomic_read(&neigh->probes);
340  	struct in_device *in_dev;
341  	struct dst_entry *dst = NULL;
342  
343  	rcu_read_lock();
344  	in_dev = __in_dev_get_rcu(dev);
345  	if (!in_dev) {
346  		rcu_read_unlock();
347  		return;
348  	}
349  	switch (IN_DEV_ARP_ANNOUNCE(in_dev)) {
350  	default:
351  	case 0:		/* By default announce any local IP */
352  		if (skb && inet_addr_type_dev_table(dev_net(dev), dev,
353  					  ip_hdr(skb)->saddr) == RTN_LOCAL)
354  			saddr = ip_hdr(skb)->saddr;
355  		break;
356  	case 1:		/* Restrict announcements of saddr in same subnet */
357  		if (!skb)
358  			break;
359  		saddr = ip_hdr(skb)->saddr;
360  		if (inet_addr_type_dev_table(dev_net(dev), dev,
361  					     saddr) == RTN_LOCAL) {
362  			/* saddr should be known to target */
363  			if (inet_addr_onlink(in_dev, target, saddr))
364  				break;
365  		}
366  		saddr = 0;
367  		break;
368  	case 2:		/* Avoid secondary IPs, get a primary/preferred one */
369  		break;
370  	}
371  	rcu_read_unlock();
372  
373  	if (!saddr)
374  		saddr = inet_select_addr(dev, target, RT_SCOPE_LINK);
375  
376  	probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
377  	if (probes < 0) {
378  		if (!(READ_ONCE(neigh->nud_state) & NUD_VALID))
379  			pr_debug("trying to ucast probe in NUD_INVALID\n");
380  		neigh_ha_snapshot(dst_ha, neigh, dev);
381  		dst_hw = dst_ha;
382  	} else {
383  		probes -= NEIGH_VAR(neigh->parms, APP_PROBES);
384  		if (probes < 0) {
385  			neigh_app_ns(neigh);
386  			return;
387  		}
388  	}
389  
390  	if (skb && !(dev->priv_flags & IFF_XMIT_DST_RELEASE))
391  		dst = skb_dst(skb);
392  	arp_send_dst(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr,
393  		     dst_hw, dev->dev_addr, NULL, dst);
394  }
395  
396  static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip)
397  {
398  	struct net *net = dev_net(in_dev->dev);
399  	int scope;
400  
401  	switch (IN_DEV_ARP_IGNORE(in_dev)) {
402  	case 0:	/* Reply, the tip is already validated */
403  		return 0;
404  	case 1:	/* Reply only if tip is configured on the incoming interface */
405  		sip = 0;
406  		scope = RT_SCOPE_HOST;
407  		break;
408  	case 2:	/*
409  		 * Reply only if tip is configured on the incoming interface
410  		 * and is in same subnet as sip
411  		 */
412  		scope = RT_SCOPE_HOST;
413  		break;
414  	case 3:	/* Do not reply for scope host addresses */
415  		sip = 0;
416  		scope = RT_SCOPE_LINK;
417  		in_dev = NULL;
418  		break;
419  	case 4:	/* Reserved */
420  	case 5:
421  	case 6:
422  	case 7:
423  		return 0;
424  	case 8:	/* Do not reply */
425  		return 1;
426  	default:
427  		return 0;
428  	}
429  	return !inet_confirm_addr(net, in_dev, sip, tip, scope);
430  }
431  
432  static int arp_accept(struct in_device *in_dev, __be32 sip)
433  {
434  	struct net *net = dev_net(in_dev->dev);
435  	int scope = RT_SCOPE_LINK;
436  
437  	switch (IN_DEV_ARP_ACCEPT(in_dev)) {
438  	case 0: /* Don't create new entries from garp */
439  		return 0;
440  	case 1: /* Create new entries from garp */
441  		return 1;
442  	case 2: /* Create a neighbor in the arp table only if sip
443  		 * is in the same subnet as an address configured
444  		 * on the interface that received the garp message
445  		 */
446  		return !!inet_confirm_addr(net, in_dev, sip, 0, scope);
447  	default:
448  		return 0;
449  	}
450  }
451  
452  static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
453  {
454  	struct rtable *rt;
455  	int flag = 0;
456  	/*unsigned long now; */
457  	struct net *net = dev_net(dev);
458  
459  	rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev));
460  	if (IS_ERR(rt))
461  		return 1;
462  	if (rt->dst.dev != dev) {
463  		__NET_INC_STATS(net, LINUX_MIB_ARPFILTER);
464  		flag = 1;
465  	}
466  	ip_rt_put(rt);
467  	return flag;
468  }
469  
470  /*
471   * Check if we can use proxy ARP for this path
472   */
473  static inline int arp_fwd_proxy(struct in_device *in_dev,
474  				struct net_device *dev,	struct rtable *rt)
475  {
476  	struct in_device *out_dev;
477  	int imi, omi = -1;
478  
479  	if (rt->dst.dev == dev)
480  		return 0;
481  
482  	if (!IN_DEV_PROXY_ARP(in_dev))
483  		return 0;
484  	imi = IN_DEV_MEDIUM_ID(in_dev);
485  	if (imi == 0)
486  		return 1;
487  	if (imi == -1)
488  		return 0;
489  
490  	/* place to check for proxy_arp for routes */
491  
492  	out_dev = __in_dev_get_rcu(rt->dst.dev);
493  	if (out_dev)
494  		omi = IN_DEV_MEDIUM_ID(out_dev);
495  
496  	return omi != imi && omi != -1;
497  }
498  
499  /*
500   * Check for RFC3069 proxy arp private VLAN (allow to send back to same dev)
501   *
502   * RFC3069 supports proxy arp replies back to the same interface.  This
503   * is done to support (ethernet) switch features, like RFC 3069, where
504   * the individual ports are not allowed to communicate with each
505   * other, BUT they are allowed to talk to the upstream router.  As
506   * described in RFC 3069, it is possible to allow these hosts to
507   * communicate through the upstream router, by proxy_arp'ing.
508   *
509   * RFC 3069: "VLAN Aggregation for Efficient IP Address Allocation"
510   *
511   *  This technology is known by different names:
512   *    In RFC 3069 it is called VLAN Aggregation.
513   *    Cisco and Allied Telesyn call it Private VLAN.
514   *    Hewlett-Packard call it Source-Port filtering or port-isolation.
515   *    Ericsson call it MAC-Forced Forwarding (RFC Draft).
516   *
517   */
518  static inline int arp_fwd_pvlan(struct in_device *in_dev,
519  				struct net_device *dev,	struct rtable *rt,
520  				__be32 sip, __be32 tip)
521  {
522  	/* Private VLAN is only concerned about the same ethernet segment */
523  	if (rt->dst.dev != dev)
524  		return 0;
525  
526  	/* Don't reply on self probes (often done by windowz boxes)*/
527  	if (sip == tip)
528  		return 0;
529  
530  	if (IN_DEV_PROXY_ARP_PVLAN(in_dev))
531  		return 1;
532  	else
533  		return 0;
534  }
535  
536  /*
537   *	Interface to link layer: send routine and receive handler.
538   */
539  
540  /*
541   *	Create an arp packet. If dest_hw is not set, we create a broadcast
542   *	message.
543   */
544  struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
545  			   struct net_device *dev, __be32 src_ip,
546  			   const unsigned char *dest_hw,
547  			   const unsigned char *src_hw,
548  			   const unsigned char *target_hw)
549  {
550  	struct sk_buff *skb;
551  	struct arphdr *arp;
552  	unsigned char *arp_ptr;
553  	int hlen = LL_RESERVED_SPACE(dev);
554  	int tlen = dev->needed_tailroom;
555  
556  	/*
557  	 *	Allocate a buffer
558  	 */
559  
560  	skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC);
561  	if (!skb)
562  		return NULL;
563  
564  	skb_reserve(skb, hlen);
565  	skb_reset_network_header(skb);
566  	arp = skb_put(skb, arp_hdr_len(dev));
567  	skb->dev = dev;
568  	skb->protocol = htons(ETH_P_ARP);
569  	if (!src_hw)
570  		src_hw = dev->dev_addr;
571  	if (!dest_hw)
572  		dest_hw = dev->broadcast;
573  
574  	/*
575  	 *	Fill the device header for the ARP frame
576  	 */
577  	if (dev_hard_header(skb, dev, ptype, dest_hw, src_hw, skb->len) < 0)
578  		goto out;
579  
580  	/*
581  	 * Fill out the arp protocol part.
582  	 *
583  	 * The arp hardware type should match the device type, except for FDDI,
584  	 * which (according to RFC 1390) should always equal 1 (Ethernet).
585  	 */
586  	/*
587  	 *	Exceptions everywhere. AX.25 uses the AX.25 PID value not the
588  	 *	DIX code for the protocol. Make these device structure fields.
589  	 */
590  	switch (dev->type) {
591  	default:
592  		arp->ar_hrd = htons(dev->type);
593  		arp->ar_pro = htons(ETH_P_IP);
594  		break;
595  
596  #if IS_ENABLED(CONFIG_AX25)
597  	case ARPHRD_AX25:
598  		arp->ar_hrd = htons(ARPHRD_AX25);
599  		arp->ar_pro = htons(AX25_P_IP);
600  		break;
601  
602  #if IS_ENABLED(CONFIG_NETROM)
603  	case ARPHRD_NETROM:
604  		arp->ar_hrd = htons(ARPHRD_NETROM);
605  		arp->ar_pro = htons(AX25_P_IP);
606  		break;
607  #endif
608  #endif
609  
610  #if IS_ENABLED(CONFIG_FDDI)
611  	case ARPHRD_FDDI:
612  		arp->ar_hrd = htons(ARPHRD_ETHER);
613  		arp->ar_pro = htons(ETH_P_IP);
614  		break;
615  #endif
616  	}
617  
618  	arp->ar_hln = dev->addr_len;
619  	arp->ar_pln = 4;
620  	arp->ar_op = htons(type);
621  
622  	arp_ptr = (unsigned char *)(arp + 1);
623  
624  	memcpy(arp_ptr, src_hw, dev->addr_len);
625  	arp_ptr += dev->addr_len;
626  	memcpy(arp_ptr, &src_ip, 4);
627  	arp_ptr += 4;
628  
629  	switch (dev->type) {
630  #if IS_ENABLED(CONFIG_FIREWIRE_NET)
631  	case ARPHRD_IEEE1394:
632  		break;
633  #endif
634  	default:
635  		if (target_hw)
636  			memcpy(arp_ptr, target_hw, dev->addr_len);
637  		else
638  			memset(arp_ptr, 0, dev->addr_len);
639  		arp_ptr += dev->addr_len;
640  	}
641  	memcpy(arp_ptr, &dest_ip, 4);
642  
643  	return skb;
644  
645  out:
646  	kfree_skb(skb);
647  	return NULL;
648  }
649  EXPORT_SYMBOL(arp_create);
650  
651  static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
652  {
653  	return dev_queue_xmit(skb);
654  }
655  
656  /*
657   *	Send an arp packet.
658   */
659  void arp_xmit(struct sk_buff *skb)
660  {
661  	/* Send it off, maybe filter it using firewalling first.  */
662  	NF_HOOK(NFPROTO_ARP, NF_ARP_OUT,
663  		dev_net(skb->dev), NULL, skb, NULL, skb->dev,
664  		arp_xmit_finish);
665  }
666  EXPORT_SYMBOL(arp_xmit);
667  
668  static bool arp_is_garp(struct net *net, struct net_device *dev,
669  			int *addr_type, __be16 ar_op,
670  			__be32 sip, __be32 tip,
671  			unsigned char *sha, unsigned char *tha)
672  {
673  	bool is_garp = tip == sip;
674  
675  	/* Gratuitous ARP _replies_ also require target hwaddr to be
676  	 * the same as source.
677  	 */
678  	if (is_garp && ar_op == htons(ARPOP_REPLY))
679  		is_garp =
680  			/* IPv4 over IEEE 1394 doesn't provide target
681  			 * hardware address field in its ARP payload.
682  			 */
683  			tha &&
684  			!memcmp(tha, sha, dev->addr_len);
685  
686  	if (is_garp) {
687  		*addr_type = inet_addr_type_dev_table(net, dev, sip);
688  		if (*addr_type != RTN_UNICAST)
689  			is_garp = false;
690  	}
691  	return is_garp;
692  }
693  
694  /*
695   *	Process an arp request.
696   */
697  
698  static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb)
699  {
700  	struct net_device *dev = skb->dev;
701  	struct in_device *in_dev = __in_dev_get_rcu(dev);
702  	struct arphdr *arp;
703  	unsigned char *arp_ptr;
704  	struct rtable *rt;
705  	unsigned char *sha;
706  	unsigned char *tha = NULL;
707  	__be32 sip, tip;
708  	u16 dev_type = dev->type;
709  	int addr_type;
710  	struct neighbour *n;
711  	struct dst_entry *reply_dst = NULL;
712  	bool is_garp = false;
713  
714  	/* arp_rcv below verifies the ARP header and verifies the device
715  	 * is ARP'able.
716  	 */
717  
718  	if (!in_dev)
719  		goto out_free_skb;
720  
721  	arp = arp_hdr(skb);
722  
723  	switch (dev_type) {
724  	default:
725  		if (arp->ar_pro != htons(ETH_P_IP) ||
726  		    htons(dev_type) != arp->ar_hrd)
727  			goto out_free_skb;
728  		break;
729  	case ARPHRD_ETHER:
730  	case ARPHRD_FDDI:
731  	case ARPHRD_IEEE802:
732  		/*
733  		 * ETHERNET, and Fibre Channel (which are IEEE 802
734  		 * devices, according to RFC 2625) devices will accept ARP
735  		 * hardware types of either 1 (Ethernet) or 6 (IEEE 802.2).
736  		 * This is the case also of FDDI, where the RFC 1390 says that
737  		 * FDDI devices should accept ARP hardware of (1) Ethernet,
738  		 * however, to be more robust, we'll accept both 1 (Ethernet)
739  		 * or 6 (IEEE 802.2)
740  		 */
741  		if ((arp->ar_hrd != htons(ARPHRD_ETHER) &&
742  		     arp->ar_hrd != htons(ARPHRD_IEEE802)) ||
743  		    arp->ar_pro != htons(ETH_P_IP))
744  			goto out_free_skb;
745  		break;
746  	case ARPHRD_AX25:
747  		if (arp->ar_pro != htons(AX25_P_IP) ||
748  		    arp->ar_hrd != htons(ARPHRD_AX25))
749  			goto out_free_skb;
750  		break;
751  	case ARPHRD_NETROM:
752  		if (arp->ar_pro != htons(AX25_P_IP) ||
753  		    arp->ar_hrd != htons(ARPHRD_NETROM))
754  			goto out_free_skb;
755  		break;
756  	}
757  
758  	/* Understand only these message types */
759  
760  	if (arp->ar_op != htons(ARPOP_REPLY) &&
761  	    arp->ar_op != htons(ARPOP_REQUEST))
762  		goto out_free_skb;
763  
764  /*
765   *	Extract fields
766   */
767  	arp_ptr = (unsigned char *)(arp + 1);
768  	sha	= arp_ptr;
769  	arp_ptr += dev->addr_len;
770  	memcpy(&sip, arp_ptr, 4);
771  	arp_ptr += 4;
772  	switch (dev_type) {
773  #if IS_ENABLED(CONFIG_FIREWIRE_NET)
774  	case ARPHRD_IEEE1394:
775  		break;
776  #endif
777  	default:
778  		tha = arp_ptr;
779  		arp_ptr += dev->addr_len;
780  	}
781  	memcpy(&tip, arp_ptr, 4);
782  /*
783   *	Check for bad requests for 127.x.x.x and requests for multicast
784   *	addresses.  If this is one such, delete it.
785   */
786  	if (ipv4_is_multicast(tip) ||
787  	    (!IN_DEV_ROUTE_LOCALNET(in_dev) && ipv4_is_loopback(tip)))
788  		goto out_free_skb;
789  
790   /*
791    *	For some 802.11 wireless deployments (and possibly other networks),
792    *	there will be an ARP proxy and gratuitous ARP frames are attacks
793    *	and thus should not be accepted.
794    */
795  	if (sip == tip && IN_DEV_ORCONF(in_dev, DROP_GRATUITOUS_ARP))
796  		goto out_free_skb;
797  
798  /*
799   *     Special case: We must set Frame Relay source Q.922 address
800   */
801  	if (dev_type == ARPHRD_DLCI)
802  		sha = dev->broadcast;
803  
804  /*
805   *  Process entry.  The idea here is we want to send a reply if it is a
806   *  request for us or if it is a request for someone else that we hold
807   *  a proxy for.  We want to add an entry to our cache if it is a reply
808   *  to us or if it is a request for our address.
809   *  (The assumption for this last is that if someone is requesting our
810   *  address, they are probably intending to talk to us, so it saves time
811   *  if we cache their address.  Their address is also probably not in
812   *  our cache, since ours is not in their cache.)
813   *
814   *  Putting this another way, we only care about replies if they are to
815   *  us, in which case we add them to the cache.  For requests, we care
816   *  about those for us and those for our proxies.  We reply to both,
817   *  and in the case of requests for us we add the requester to the arp
818   *  cache.
819   */
820  
821  	if (arp->ar_op == htons(ARPOP_REQUEST) && skb_metadata_dst(skb))
822  		reply_dst = (struct dst_entry *)
823  			    iptunnel_metadata_reply(skb_metadata_dst(skb),
824  						    GFP_ATOMIC);
825  
826  	/* Special case: IPv4 duplicate address detection packet (RFC2131) */
827  	if (sip == 0) {
828  		if (arp->ar_op == htons(ARPOP_REQUEST) &&
829  		    inet_addr_type_dev_table(net, dev, tip) == RTN_LOCAL &&
830  		    !arp_ignore(in_dev, sip, tip))
831  			arp_send_dst(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip,
832  				     sha, dev->dev_addr, sha, reply_dst);
833  		goto out_consume_skb;
834  	}
835  
836  	if (arp->ar_op == htons(ARPOP_REQUEST) &&
837  	    ip_route_input_noref(skb, tip, sip, 0, dev) == 0) {
838  
839  		rt = skb_rtable(skb);
840  		addr_type = rt->rt_type;
841  
842  		if (addr_type == RTN_LOCAL) {
843  			int dont_send;
844  
845  			dont_send = arp_ignore(in_dev, sip, tip);
846  			if (!dont_send && IN_DEV_ARPFILTER(in_dev))
847  				dont_send = arp_filter(sip, tip, dev);
848  			if (!dont_send) {
849  				n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
850  				if (n) {
851  					arp_send_dst(ARPOP_REPLY, ETH_P_ARP,
852  						     sip, dev, tip, sha,
853  						     dev->dev_addr, sha,
854  						     reply_dst);
855  					neigh_release(n);
856  				}
857  			}
858  			goto out_consume_skb;
859  		} else if (IN_DEV_FORWARD(in_dev)) {
860  			if (addr_type == RTN_UNICAST  &&
861  			    (arp_fwd_proxy(in_dev, dev, rt) ||
862  			     arp_fwd_pvlan(in_dev, dev, rt, sip, tip) ||
863  			     (rt->dst.dev != dev &&
864  			      pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) {
865  				n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
866  				if (n)
867  					neigh_release(n);
868  
869  				if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
870  				    skb->pkt_type == PACKET_HOST ||
871  				    NEIGH_VAR(in_dev->arp_parms, PROXY_DELAY) == 0) {
872  					arp_send_dst(ARPOP_REPLY, ETH_P_ARP,
873  						     sip, dev, tip, sha,
874  						     dev->dev_addr, sha,
875  						     reply_dst);
876  				} else {
877  					pneigh_enqueue(&arp_tbl,
878  						       in_dev->arp_parms, skb);
879  					goto out_free_dst;
880  				}
881  				goto out_consume_skb;
882  			}
883  		}
884  	}
885  
886  	/* Update our ARP tables */
887  
888  	n = __neigh_lookup(&arp_tbl, &sip, dev, 0);
889  
890  	addr_type = -1;
891  	if (n || arp_accept(in_dev, sip)) {
892  		is_garp = arp_is_garp(net, dev, &addr_type, arp->ar_op,
893  				      sip, tip, sha, tha);
894  	}
895  
896  	if (arp_accept(in_dev, sip)) {
897  		/* Unsolicited ARP is not accepted by default.
898  		   It is possible, that this option should be enabled for some
899  		   devices (strip is candidate)
900  		 */
901  		if (!n &&
902  		    (is_garp ||
903  		     (arp->ar_op == htons(ARPOP_REPLY) &&
904  		      (addr_type == RTN_UNICAST ||
905  		       (addr_type < 0 &&
906  			/* postpone calculation to as late as possible */
907  			inet_addr_type_dev_table(net, dev, sip) ==
908  				RTN_UNICAST)))))
909  			n = __neigh_lookup(&arp_tbl, &sip, dev, 1);
910  	}
911  
912  	if (n) {
913  		int state = NUD_REACHABLE;
914  		int override;
915  
916  		/* If several different ARP replies follows back-to-back,
917  		   use the FIRST one. It is possible, if several proxy
918  		   agents are active. Taking the first reply prevents
919  		   arp trashing and chooses the fastest router.
920  		 */
921  		override = time_after(jiffies,
922  				      n->updated +
923  				      NEIGH_VAR(n->parms, LOCKTIME)) ||
924  			   is_garp;
925  
926  		/* Broadcast replies and request packets
927  		   do not assert neighbour reachability.
928  		 */
929  		if (arp->ar_op != htons(ARPOP_REPLY) ||
930  		    skb->pkt_type != PACKET_HOST)
931  			state = NUD_STALE;
932  		neigh_update(n, sha, state,
933  			     override ? NEIGH_UPDATE_F_OVERRIDE : 0, 0);
934  		neigh_release(n);
935  	}
936  
937  out_consume_skb:
938  	consume_skb(skb);
939  
940  out_free_dst:
941  	dst_release(reply_dst);
942  	return NET_RX_SUCCESS;
943  
944  out_free_skb:
945  	kfree_skb(skb);
946  	return NET_RX_DROP;
947  }
948  
949  static void parp_redo(struct sk_buff *skb)
950  {
951  	arp_process(dev_net(skb->dev), NULL, skb);
952  }
953  
954  static int arp_is_multicast(const void *pkey)
955  {
956  	return ipv4_is_multicast(*((__be32 *)pkey));
957  }
958  
959  /*
960   *	Receive an arp request from the device layer.
961   */
962  
963  static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
964  		   struct packet_type *pt, struct net_device *orig_dev)
965  {
966  	const struct arphdr *arp;
967  
968  	/* do not tweak dropwatch on an ARP we will ignore */
969  	if (dev->flags & IFF_NOARP ||
970  	    skb->pkt_type == PACKET_OTHERHOST ||
971  	    skb->pkt_type == PACKET_LOOPBACK)
972  		goto consumeskb;
973  
974  	skb = skb_share_check(skb, GFP_ATOMIC);
975  	if (!skb)
976  		goto out_of_mem;
977  
978  	/* ARP header, plus 2 device addresses, plus 2 IP addresses.  */
979  	if (!pskb_may_pull(skb, arp_hdr_len(dev)))
980  		goto freeskb;
981  
982  	arp = arp_hdr(skb);
983  	if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4)
984  		goto freeskb;
985  
986  	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
987  
988  	return NF_HOOK(NFPROTO_ARP, NF_ARP_IN,
989  		       dev_net(dev), NULL, skb, dev, NULL,
990  		       arp_process);
991  
992  consumeskb:
993  	consume_skb(skb);
994  	return NET_RX_SUCCESS;
995  freeskb:
996  	kfree_skb(skb);
997  out_of_mem:
998  	return NET_RX_DROP;
999  }
1000  
1001  /*
1002   *	User level interface (ioctl)
1003   */
1004  
1005  /*
1006   *	Set (create) an ARP cache entry.
1007   */
1008  
1009  static int arp_req_set_proxy(struct net *net, struct net_device *dev, int on)
1010  {
1011  	if (!dev) {
1012  		IPV4_DEVCONF_ALL(net, PROXY_ARP) = on;
1013  		return 0;
1014  	}
1015  	if (__in_dev_get_rtnl(dev)) {
1016  		IN_DEV_CONF_SET(__in_dev_get_rtnl(dev), PROXY_ARP, on);
1017  		return 0;
1018  	}
1019  	return -ENXIO;
1020  }
1021  
1022  static int arp_req_set_public(struct net *net, struct arpreq *r,
1023  		struct net_device *dev)
1024  {
1025  	__be32 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1026  	__be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr;
1027  
1028  	if (mask && mask != htonl(0xFFFFFFFF))
1029  		return -EINVAL;
1030  	if (!dev && (r->arp_flags & ATF_COM)) {
1031  		dev = dev_getbyhwaddr_rcu(net, r->arp_ha.sa_family,
1032  				      r->arp_ha.sa_data);
1033  		if (!dev)
1034  			return -ENODEV;
1035  	}
1036  	if (mask) {
1037  		if (!pneigh_lookup(&arp_tbl, net, &ip, dev, 1))
1038  			return -ENOBUFS;
1039  		return 0;
1040  	}
1041  
1042  	return arp_req_set_proxy(net, dev, 1);
1043  }
1044  
1045  static int arp_req_set(struct net *net, struct arpreq *r,
1046  		       struct net_device *dev)
1047  {
1048  	__be32 ip;
1049  	struct neighbour *neigh;
1050  	int err;
1051  
1052  	if (r->arp_flags & ATF_PUBL)
1053  		return arp_req_set_public(net, r, dev);
1054  
1055  	ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1056  	if (r->arp_flags & ATF_PERM)
1057  		r->arp_flags |= ATF_COM;
1058  	if (!dev) {
1059  		struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0);
1060  
1061  		if (IS_ERR(rt))
1062  			return PTR_ERR(rt);
1063  		dev = rt->dst.dev;
1064  		ip_rt_put(rt);
1065  		if (!dev)
1066  			return -EINVAL;
1067  	}
1068  	switch (dev->type) {
1069  #if IS_ENABLED(CONFIG_FDDI)
1070  	case ARPHRD_FDDI:
1071  		/*
1072  		 * According to RFC 1390, FDDI devices should accept ARP
1073  		 * hardware types of 1 (Ethernet).  However, to be more
1074  		 * robust, we'll accept hardware types of either 1 (Ethernet)
1075  		 * or 6 (IEEE 802.2).
1076  		 */
1077  		if (r->arp_ha.sa_family != ARPHRD_FDDI &&
1078  		    r->arp_ha.sa_family != ARPHRD_ETHER &&
1079  		    r->arp_ha.sa_family != ARPHRD_IEEE802)
1080  			return -EINVAL;
1081  		break;
1082  #endif
1083  	default:
1084  		if (r->arp_ha.sa_family != dev->type)
1085  			return -EINVAL;
1086  		break;
1087  	}
1088  
1089  	neigh = __neigh_lookup_errno(&arp_tbl, &ip, dev);
1090  	err = PTR_ERR(neigh);
1091  	if (!IS_ERR(neigh)) {
1092  		unsigned int state = NUD_STALE;
1093  		if (r->arp_flags & ATF_PERM)
1094  			state = NUD_PERMANENT;
1095  		err = neigh_update(neigh, (r->arp_flags & ATF_COM) ?
1096  				   r->arp_ha.sa_data : NULL, state,
1097  				   NEIGH_UPDATE_F_OVERRIDE |
1098  				   NEIGH_UPDATE_F_ADMIN, 0);
1099  		neigh_release(neigh);
1100  	}
1101  	return err;
1102  }
1103  
1104  static unsigned int arp_state_to_flags(struct neighbour *neigh)
1105  {
1106  	if (neigh->nud_state&NUD_PERMANENT)
1107  		return ATF_PERM | ATF_COM;
1108  	else if (neigh->nud_state&NUD_VALID)
1109  		return ATF_COM;
1110  	else
1111  		return 0;
1112  }
1113  
1114  /*
1115   *	Get an ARP cache entry.
1116   */
1117  
1118  static int arp_req_get(struct arpreq *r, struct net_device *dev)
1119  {
1120  	__be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr;
1121  	struct neighbour *neigh;
1122  	int err = -ENXIO;
1123  
1124  	neigh = neigh_lookup(&arp_tbl, &ip, dev);
1125  	if (neigh) {
1126  		if (!(READ_ONCE(neigh->nud_state) & NUD_NOARP)) {
1127  			read_lock_bh(&neigh->lock);
1128  			memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len);
1129  			r->arp_flags = arp_state_to_flags(neigh);
1130  			read_unlock_bh(&neigh->lock);
1131  			r->arp_ha.sa_family = dev->type;
1132  			strscpy(r->arp_dev, dev->name, sizeof(r->arp_dev));
1133  			err = 0;
1134  		}
1135  		neigh_release(neigh);
1136  	}
1137  	return err;
1138  }
1139  
1140  int arp_invalidate(struct net_device *dev, __be32 ip, bool force)
1141  {
1142  	struct neighbour *neigh = neigh_lookup(&arp_tbl, &ip, dev);
1143  	int err = -ENXIO;
1144  	struct neigh_table *tbl = &arp_tbl;
1145  
1146  	if (neigh) {
1147  		if ((READ_ONCE(neigh->nud_state) & NUD_VALID) && !force) {
1148  			neigh_release(neigh);
1149  			return 0;
1150  		}
1151  
1152  		if (READ_ONCE(neigh->nud_state) & ~NUD_NOARP)
1153  			err = neigh_update(neigh, NULL, NUD_FAILED,
1154  					   NEIGH_UPDATE_F_OVERRIDE|
1155  					   NEIGH_UPDATE_F_ADMIN, 0);
1156  		write_lock_bh(&tbl->lock);
1157  		neigh_release(neigh);
1158  		neigh_remove_one(neigh, tbl);
1159  		write_unlock_bh(&tbl->lock);
1160  	}
1161  
1162  	return err;
1163  }
1164  
1165  static int arp_req_delete_public(struct net *net, struct arpreq *r,
1166  		struct net_device *dev)
1167  {
1168  	__be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr;
1169  	__be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr;
1170  
1171  	if (mask == htonl(0xFFFFFFFF))
1172  		return pneigh_delete(&arp_tbl, net, &ip, dev);
1173  
1174  	if (mask)
1175  		return -EINVAL;
1176  
1177  	return arp_req_set_proxy(net, dev, 0);
1178  }
1179  
1180  static int arp_req_delete(struct net *net, struct arpreq *r,
1181  			  struct net_device *dev)
1182  {
1183  	__be32 ip;
1184  
1185  	if (r->arp_flags & ATF_PUBL)
1186  		return arp_req_delete_public(net, r, dev);
1187  
1188  	ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1189  	if (!dev) {
1190  		struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0);
1191  		if (IS_ERR(rt))
1192  			return PTR_ERR(rt);
1193  		dev = rt->dst.dev;
1194  		ip_rt_put(rt);
1195  		if (!dev)
1196  			return -EINVAL;
1197  	}
1198  	return arp_invalidate(dev, ip, true);
1199  }
1200  
1201  /*
1202   *	Handle an ARP layer I/O control request.
1203   */
1204  
1205  int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1206  {
1207  	int err;
1208  	struct arpreq r;
1209  	struct net_device *dev = NULL;
1210  
1211  	switch (cmd) {
1212  	case SIOCDARP:
1213  	case SIOCSARP:
1214  		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1215  			return -EPERM;
1216  		fallthrough;
1217  	case SIOCGARP:
1218  		err = copy_from_user(&r, arg, sizeof(struct arpreq));
1219  		if (err)
1220  			return -EFAULT;
1221  		break;
1222  	default:
1223  		return -EINVAL;
1224  	}
1225  
1226  	if (r.arp_pa.sa_family != AF_INET)
1227  		return -EPFNOSUPPORT;
1228  
1229  	if (!(r.arp_flags & ATF_PUBL) &&
1230  	    (r.arp_flags & (ATF_NETMASK | ATF_DONTPUB)))
1231  		return -EINVAL;
1232  	if (!(r.arp_flags & ATF_NETMASK))
1233  		((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr =
1234  							   htonl(0xFFFFFFFFUL);
1235  	rtnl_lock();
1236  	if (r.arp_dev[0]) {
1237  		err = -ENODEV;
1238  		dev = __dev_get_by_name(net, r.arp_dev);
1239  		if (!dev)
1240  			goto out;
1241  
1242  		/* Mmmm... It is wrong... ARPHRD_NETROM==0 */
1243  		if (!r.arp_ha.sa_family)
1244  			r.arp_ha.sa_family = dev->type;
1245  		err = -EINVAL;
1246  		if ((r.arp_flags & ATF_COM) && r.arp_ha.sa_family != dev->type)
1247  			goto out;
1248  	} else if (cmd == SIOCGARP) {
1249  		err = -ENODEV;
1250  		goto out;
1251  	}
1252  
1253  	switch (cmd) {
1254  	case SIOCDARP:
1255  		err = arp_req_delete(net, &r, dev);
1256  		break;
1257  	case SIOCSARP:
1258  		err = arp_req_set(net, &r, dev);
1259  		break;
1260  	case SIOCGARP:
1261  		err = arp_req_get(&r, dev);
1262  		break;
1263  	}
1264  out:
1265  	rtnl_unlock();
1266  	if (cmd == SIOCGARP && !err && copy_to_user(arg, &r, sizeof(r)))
1267  		err = -EFAULT;
1268  	return err;
1269  }
1270  
1271  static int arp_netdev_event(struct notifier_block *this, unsigned long event,
1272  			    void *ptr)
1273  {
1274  	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1275  	struct netdev_notifier_change_info *change_info;
1276  	struct in_device *in_dev;
1277  	bool evict_nocarrier;
1278  
1279  	switch (event) {
1280  	case NETDEV_CHANGEADDR:
1281  		neigh_changeaddr(&arp_tbl, dev);
1282  		rt_cache_flush(dev_net(dev));
1283  		break;
1284  	case NETDEV_CHANGE:
1285  		change_info = ptr;
1286  		if (change_info->flags_changed & IFF_NOARP)
1287  			neigh_changeaddr(&arp_tbl, dev);
1288  
1289  		in_dev = __in_dev_get_rtnl(dev);
1290  		if (!in_dev)
1291  			evict_nocarrier = true;
1292  		else
1293  			evict_nocarrier = IN_DEV_ARP_EVICT_NOCARRIER(in_dev);
1294  
1295  		if (evict_nocarrier && !netif_carrier_ok(dev))
1296  			neigh_carrier_down(&arp_tbl, dev);
1297  		break;
1298  	default:
1299  		break;
1300  	}
1301  
1302  	return NOTIFY_DONE;
1303  }
1304  
1305  static struct notifier_block arp_netdev_notifier = {
1306  	.notifier_call = arp_netdev_event,
1307  };
1308  
1309  /* Note, that it is not on notifier chain.
1310     It is necessary, that this routine was called after route cache will be
1311     flushed.
1312   */
1313  void arp_ifdown(struct net_device *dev)
1314  {
1315  	neigh_ifdown(&arp_tbl, dev);
1316  }
1317  
1318  
1319  /*
1320   *	Called once on startup.
1321   */
1322  
1323  static struct packet_type arp_packet_type __read_mostly = {
1324  	.type =	cpu_to_be16(ETH_P_ARP),
1325  	.func =	arp_rcv,
1326  };
1327  
1328  #ifdef CONFIG_PROC_FS
1329  #if IS_ENABLED(CONFIG_AX25)
1330  
1331  /*
1332   *	ax25 -> ASCII conversion
1333   */
1334  static void ax2asc2(ax25_address *a, char *buf)
1335  {
1336  	char c, *s;
1337  	int n;
1338  
1339  	for (n = 0, s = buf; n < 6; n++) {
1340  		c = (a->ax25_call[n] >> 1) & 0x7F;
1341  
1342  		if (c != ' ')
1343  			*s++ = c;
1344  	}
1345  
1346  	*s++ = '-';
1347  	n = (a->ax25_call[6] >> 1) & 0x0F;
1348  	if (n > 9) {
1349  		*s++ = '1';
1350  		n -= 10;
1351  	}
1352  
1353  	*s++ = n + '0';
1354  	*s++ = '\0';
1355  
1356  	if (*buf == '\0' || *buf == '-') {
1357  		buf[0] = '*';
1358  		buf[1] = '\0';
1359  	}
1360  }
1361  #endif /* CONFIG_AX25 */
1362  
1363  #define HBUFFERLEN 30
1364  
1365  static void arp_format_neigh_entry(struct seq_file *seq,
1366  				   struct neighbour *n)
1367  {
1368  	char hbuffer[HBUFFERLEN];
1369  	int k, j;
1370  	char tbuf[16];
1371  	struct net_device *dev = n->dev;
1372  	int hatype = dev->type;
1373  
1374  	read_lock(&n->lock);
1375  	/* Convert hardware address to XX:XX:XX:XX ... form. */
1376  #if IS_ENABLED(CONFIG_AX25)
1377  	if (hatype == ARPHRD_AX25 || hatype == ARPHRD_NETROM)
1378  		ax2asc2((ax25_address *)n->ha, hbuffer);
1379  	else {
1380  #endif
1381  	for (k = 0, j = 0; k < HBUFFERLEN - 3 && j < dev->addr_len; j++) {
1382  		hbuffer[k++] = hex_asc_hi(n->ha[j]);
1383  		hbuffer[k++] = hex_asc_lo(n->ha[j]);
1384  		hbuffer[k++] = ':';
1385  	}
1386  	if (k != 0)
1387  		--k;
1388  	hbuffer[k] = 0;
1389  #if IS_ENABLED(CONFIG_AX25)
1390  	}
1391  #endif
1392  	sprintf(tbuf, "%pI4", n->primary_key);
1393  	seq_printf(seq, "%-16s 0x%-10x0x%-10x%-17s     *        %s\n",
1394  		   tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1395  	read_unlock(&n->lock);
1396  }
1397  
1398  static void arp_format_pneigh_entry(struct seq_file *seq,
1399  				    struct pneigh_entry *n)
1400  {
1401  	struct net_device *dev = n->dev;
1402  	int hatype = dev ? dev->type : 0;
1403  	char tbuf[16];
1404  
1405  	sprintf(tbuf, "%pI4", n->key);
1406  	seq_printf(seq, "%-16s 0x%-10x0x%-10x%s     *        %s\n",
1407  		   tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1408  		   dev ? dev->name : "*");
1409  }
1410  
1411  static int arp_seq_show(struct seq_file *seq, void *v)
1412  {
1413  	if (v == SEQ_START_TOKEN) {
1414  		seq_puts(seq, "IP address       HW type     Flags       "
1415  			      "HW address            Mask     Device\n");
1416  	} else {
1417  		struct neigh_seq_state *state = seq->private;
1418  
1419  		if (state->flags & NEIGH_SEQ_IS_PNEIGH)
1420  			arp_format_pneigh_entry(seq, v);
1421  		else
1422  			arp_format_neigh_entry(seq, v);
1423  	}
1424  
1425  	return 0;
1426  }
1427  
1428  static void *arp_seq_start(struct seq_file *seq, loff_t *pos)
1429  {
1430  	/* Don't want to confuse "arp -a" w/ magic entries,
1431  	 * so we tell the generic iterator to skip NUD_NOARP.
1432  	 */
1433  	return neigh_seq_start(seq, pos, &arp_tbl, NEIGH_SEQ_SKIP_NOARP);
1434  }
1435  
1436  static const struct seq_operations arp_seq_ops = {
1437  	.start	= arp_seq_start,
1438  	.next	= neigh_seq_next,
1439  	.stop	= neigh_seq_stop,
1440  	.show	= arp_seq_show,
1441  };
1442  #endif /* CONFIG_PROC_FS */
1443  
1444  static int __net_init arp_net_init(struct net *net)
1445  {
1446  	if (!proc_create_net("arp", 0444, net->proc_net, &arp_seq_ops,
1447  			sizeof(struct neigh_seq_state)))
1448  		return -ENOMEM;
1449  	return 0;
1450  }
1451  
1452  static void __net_exit arp_net_exit(struct net *net)
1453  {
1454  	remove_proc_entry("arp", net->proc_net);
1455  }
1456  
1457  static struct pernet_operations arp_net_ops = {
1458  	.init = arp_net_init,
1459  	.exit = arp_net_exit,
1460  };
1461  
1462  void __init arp_init(void)
1463  {
1464  	neigh_table_init(NEIGH_ARP_TABLE, &arp_tbl);
1465  
1466  	dev_add_pack(&arp_packet_type);
1467  	register_pernet_subsys(&arp_net_ops);
1468  #ifdef CONFIG_SYSCTL
1469  	neigh_sysctl_register(NULL, &arp_tbl.parms, NULL);
1470  #endif
1471  	register_netdevice_notifier(&arp_netdev_notifier);
1472  }
1473