1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/ip.h> 32 #include <net/sock.h> 33 #include <net/netevent.h> 34 #include <net/netlink.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/random.h> 37 #include <linux/string.h> 38 #include <linux/log2.h> 39 #include <linux/inetdevice.h> 40 #include <net/addrconf.h> 41 42 #include <trace/events/neigh.h> 43 44 #define NEIGH_DEBUG 1 45 #define neigh_dbg(level, fmt, ...) \ 46 do { \ 47 if (level <= NEIGH_DEBUG) \ 48 pr_debug(fmt, ##__VA_ARGS__); \ 49 } while (0) 50 51 #define PNEIGH_HASHMASK 0xF 52 53 static void neigh_timer_handler(struct timer_list *t); 54 static void __neigh_notify(struct neighbour *n, int type, int flags, 55 u32 pid); 56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 57 static void pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 58 bool skip_perm); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family) 65 { 66 int i; 67 68 switch (family) { 69 default: 70 DEBUG_NET_WARN_ON_ONCE(1); 71 fallthrough; /* to avoid panic by null-ptr-deref */ 72 case AF_INET: 73 i = NEIGH_ARP_TABLE; 74 break; 75 case AF_INET6: 76 i = NEIGH_ND_TABLE; 77 break; 78 } 79 80 return &dev->neighbours[i]; 81 } 82 83 /* 84 Neighbour hash table buckets are protected with tbl->lock. 85 86 - All the scans/updates to hash buckets MUST be made under this lock. 87 - NOTHING clever should be made under this lock: no callbacks 88 to protocol backends, no attempts to send something to network. 89 It will result in deadlocks, if backend/driver wants to use neighbour 90 cache. 91 - If the entry requires some non-trivial actions, increase 92 its reference count and release table lock. 93 94 Neighbour entries are protected: 95 - with reference count. 96 - with rwlock neigh->lock 97 98 Reference count prevents destruction. 99 100 neigh->lock mainly serializes ll address data and its validity state. 101 However, the same lock is used to protect another entry fields: 102 - timer 103 - resolution queue 104 105 Again, nothing clever shall be made under neigh->lock, 106 the most complicated procedure, which we allow is dev->hard_header. 107 It is supposed, that dev->hard_header is simplistic and does 108 not make callbacks to neighbour tables. 109 */ 110 111 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 112 { 113 kfree_skb(skb); 114 return -ENETDOWN; 115 } 116 117 static void neigh_cleanup_and_release(struct neighbour *neigh) 118 { 119 trace_neigh_cleanup_and_release(neigh, 0); 120 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 121 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 122 neigh_release(neigh); 123 } 124 125 /* 126 * It is random distribution in the interval (1/2)*base...(3/2)*base. 127 * It corresponds to default IPv6 settings and is not overridable, 128 * because it is really reasonable choice. 129 */ 130 131 unsigned long neigh_rand_reach_time(unsigned long base) 132 { 133 return base ? get_random_u32_below(base) + (base >> 1) : 0; 134 } 135 EXPORT_SYMBOL(neigh_rand_reach_time); 136 137 static void neigh_mark_dead(struct neighbour *n) 138 { 139 n->dead = 1; 140 if (!list_empty(&n->gc_list)) { 141 list_del_init(&n->gc_list); 142 atomic_dec(&n->tbl->gc_entries); 143 } 144 if (!list_empty(&n->managed_list)) 145 list_del_init(&n->managed_list); 146 } 147 148 static void neigh_update_gc_list(struct neighbour *n) 149 { 150 bool on_gc_list, exempt_from_gc; 151 152 spin_lock_bh(&n->tbl->lock); 153 write_lock(&n->lock); 154 if (n->dead) 155 goto out; 156 157 /* remove from the gc list if new state is permanent or if neighbor is 158 * externally learned / validated; otherwise entry should be on the gc 159 * list 160 */ 161 exempt_from_gc = n->nud_state & NUD_PERMANENT || 162 n->flags & (NTF_EXT_LEARNED | NTF_EXT_VALIDATED); 163 on_gc_list = !list_empty(&n->gc_list); 164 165 if (exempt_from_gc && on_gc_list) { 166 list_del_init(&n->gc_list); 167 atomic_dec(&n->tbl->gc_entries); 168 } else if (!exempt_from_gc && !on_gc_list) { 169 /* add entries to the tail; cleaning removes from the front */ 170 list_add_tail(&n->gc_list, &n->tbl->gc_list); 171 atomic_inc(&n->tbl->gc_entries); 172 } 173 out: 174 write_unlock(&n->lock); 175 spin_unlock_bh(&n->tbl->lock); 176 } 177 178 static void neigh_update_managed_list(struct neighbour *n) 179 { 180 bool on_managed_list, add_to_managed; 181 182 spin_lock_bh(&n->tbl->lock); 183 write_lock(&n->lock); 184 if (n->dead) 185 goto out; 186 187 add_to_managed = n->flags & NTF_MANAGED; 188 on_managed_list = !list_empty(&n->managed_list); 189 190 if (!add_to_managed && on_managed_list) 191 list_del_init(&n->managed_list); 192 else if (add_to_managed && !on_managed_list) 193 list_add_tail(&n->managed_list, &n->tbl->managed_list); 194 out: 195 write_unlock(&n->lock); 196 spin_unlock_bh(&n->tbl->lock); 197 } 198 199 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 200 bool *gc_update, bool *managed_update) 201 { 202 u32 ndm_flags, old_flags = neigh->flags; 203 204 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 205 return; 206 207 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 208 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 209 ndm_flags |= (flags & NEIGH_UPDATE_F_EXT_VALIDATED) ? NTF_EXT_VALIDATED : 0; 210 211 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 212 if (ndm_flags & NTF_EXT_LEARNED) 213 neigh->flags |= NTF_EXT_LEARNED; 214 else 215 neigh->flags &= ~NTF_EXT_LEARNED; 216 *notify = 1; 217 *gc_update = true; 218 } 219 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 220 if (ndm_flags & NTF_MANAGED) 221 neigh->flags |= NTF_MANAGED; 222 else 223 neigh->flags &= ~NTF_MANAGED; 224 *notify = 1; 225 *managed_update = true; 226 } 227 if ((old_flags ^ ndm_flags) & NTF_EXT_VALIDATED) { 228 if (ndm_flags & NTF_EXT_VALIDATED) 229 neigh->flags |= NTF_EXT_VALIDATED; 230 else 231 neigh->flags &= ~NTF_EXT_VALIDATED; 232 *notify = 1; 233 *gc_update = true; 234 } 235 } 236 237 bool neigh_remove_one(struct neighbour *n) 238 { 239 bool retval = false; 240 241 write_lock(&n->lock); 242 if (refcount_read(&n->refcnt) == 1) { 243 hlist_del_rcu(&n->hash); 244 hlist_del_rcu(&n->dev_list); 245 neigh_mark_dead(n); 246 retval = true; 247 } 248 write_unlock(&n->lock); 249 if (retval) 250 neigh_cleanup_and_release(n); 251 return retval; 252 } 253 254 static int neigh_forced_gc(struct neigh_table *tbl) 255 { 256 int max_clean = atomic_read(&tbl->gc_entries) - 257 READ_ONCE(tbl->gc_thresh2); 258 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 259 unsigned long tref = jiffies - 5 * HZ; 260 struct neighbour *n, *tmp; 261 int shrunk = 0; 262 int loop = 0; 263 264 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 265 266 spin_lock_bh(&tbl->lock); 267 268 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 269 if (refcount_read(&n->refcnt) == 1) { 270 bool remove = false; 271 272 write_lock(&n->lock); 273 if ((n->nud_state == NUD_FAILED) || 274 (n->nud_state == NUD_NOARP) || 275 (tbl->is_multicast && 276 tbl->is_multicast(n->primary_key)) || 277 !time_in_range(n->updated, tref, jiffies)) 278 remove = true; 279 write_unlock(&n->lock); 280 281 if (remove && neigh_remove_one(n)) 282 shrunk++; 283 if (shrunk >= max_clean) 284 break; 285 if (++loop == 16) { 286 if (ktime_get_ns() > tmax) 287 goto unlock; 288 loop = 0; 289 } 290 } 291 } 292 293 WRITE_ONCE(tbl->last_flush, jiffies); 294 unlock: 295 spin_unlock_bh(&tbl->lock); 296 297 return shrunk; 298 } 299 300 static void neigh_add_timer(struct neighbour *n, unsigned long when) 301 { 302 /* Use safe distance from the jiffies - LONG_MAX point while timer 303 * is running in DELAY/PROBE state but still show to user space 304 * large times in the past. 305 */ 306 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 307 308 neigh_hold(n); 309 if (!time_in_range(n->confirmed, mint, jiffies)) 310 n->confirmed = mint; 311 if (time_before(n->used, n->confirmed)) 312 n->used = n->confirmed; 313 if (unlikely(mod_timer(&n->timer, when))) { 314 printk("NEIGH: BUG, double timer add, state is %x\n", 315 n->nud_state); 316 dump_stack(); 317 } 318 } 319 320 static int neigh_del_timer(struct neighbour *n) 321 { 322 if ((n->nud_state & NUD_IN_TIMER) && 323 timer_delete(&n->timer)) { 324 neigh_release(n); 325 return 1; 326 } 327 return 0; 328 } 329 330 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 331 int family) 332 { 333 switch (family) { 334 case AF_INET: 335 return __in_dev_arp_parms_get_rcu(dev); 336 case AF_INET6: 337 return __in6_dev_nd_parms_get_rcu(dev); 338 } 339 return NULL; 340 } 341 342 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 343 { 344 struct neigh_parms *p; 345 346 rcu_read_lock(); 347 p = neigh_get_dev_parms_rcu(dev, family); 348 if (p) 349 p->qlen--; 350 rcu_read_unlock(); 351 } 352 353 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 354 int family) 355 { 356 struct sk_buff_head tmp; 357 unsigned long flags; 358 struct sk_buff *skb; 359 360 skb_queue_head_init(&tmp); 361 spin_lock_irqsave(&list->lock, flags); 362 skb = skb_peek(list); 363 while (skb != NULL) { 364 struct sk_buff *skb_next = skb_peek_next(skb, list); 365 struct net_device *dev = skb->dev; 366 367 if (net == NULL || net_eq(dev_net(dev), net)) { 368 neigh_parms_qlen_dec(dev, family); 369 __skb_unlink(skb, list); 370 __skb_queue_tail(&tmp, skb); 371 } 372 skb = skb_next; 373 } 374 spin_unlock_irqrestore(&list->lock, flags); 375 376 while ((skb = __skb_dequeue(&tmp))) { 377 dev_put(skb->dev); 378 kfree_skb(skb); 379 } 380 } 381 382 static void neigh_flush_one(struct neighbour *n) 383 { 384 hlist_del_rcu(&n->hash); 385 hlist_del_rcu(&n->dev_list); 386 387 write_lock(&n->lock); 388 389 neigh_del_timer(n); 390 neigh_mark_dead(n); 391 392 if (refcount_read(&n->refcnt) != 1) { 393 /* The most unpleasant situation. 394 * We must destroy neighbour entry, 395 * but someone still uses it. 396 * 397 * The destroy will be delayed until 398 * the last user releases us, but 399 * we must kill timers etc. and move 400 * it to safe state. 401 */ 402 __skb_queue_purge(&n->arp_queue); 403 n->arp_queue_len_bytes = 0; 404 WRITE_ONCE(n->output, neigh_blackhole); 405 406 if (n->nud_state & NUD_VALID) 407 n->nud_state = NUD_NOARP; 408 else 409 n->nud_state = NUD_NONE; 410 411 neigh_dbg(2, "neigh %p is stray\n", n); 412 } 413 414 write_unlock(&n->lock); 415 416 neigh_cleanup_and_release(n); 417 } 418 419 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 420 bool skip_perm) 421 { 422 struct hlist_head *dev_head; 423 struct hlist_node *tmp; 424 struct neighbour *n; 425 426 dev_head = neigh_get_dev_table(dev, tbl->family); 427 428 hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) { 429 if (skip_perm && 430 (n->nud_state & NUD_PERMANENT || 431 n->flags & NTF_EXT_VALIDATED)) 432 continue; 433 434 neigh_flush_one(n); 435 } 436 } 437 438 static void neigh_flush_table(struct neigh_table *tbl) 439 { 440 struct neigh_hash_table *nht; 441 int i; 442 443 nht = rcu_dereference_protected(tbl->nht, 444 lockdep_is_held(&tbl->lock)); 445 446 for (i = 0; i < (1 << nht->hash_shift); i++) { 447 struct hlist_node *tmp; 448 struct neighbour *n; 449 450 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) 451 neigh_flush_one(n); 452 } 453 } 454 455 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 456 { 457 spin_lock_bh(&tbl->lock); 458 neigh_flush_dev(tbl, dev, false); 459 spin_unlock_bh(&tbl->lock); 460 } 461 EXPORT_SYMBOL(neigh_changeaddr); 462 463 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 464 bool skip_perm) 465 { 466 spin_lock_bh(&tbl->lock); 467 if (likely(dev)) { 468 neigh_flush_dev(tbl, dev, skip_perm); 469 } else { 470 DEBUG_NET_WARN_ON_ONCE(skip_perm); 471 neigh_flush_table(tbl); 472 } 473 spin_unlock_bh(&tbl->lock); 474 475 pneigh_ifdown(tbl, dev, skip_perm); 476 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 477 tbl->family); 478 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 479 timer_delete_sync(&tbl->proxy_timer); 480 return 0; 481 } 482 483 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 484 { 485 __neigh_ifdown(tbl, dev, true); 486 return 0; 487 } 488 EXPORT_SYMBOL(neigh_carrier_down); 489 490 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 491 { 492 __neigh_ifdown(tbl, dev, false); 493 return 0; 494 } 495 EXPORT_SYMBOL(neigh_ifdown); 496 497 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 498 struct net_device *dev, 499 u32 flags, bool exempt_from_gc) 500 { 501 struct neighbour *n = NULL; 502 unsigned long now = jiffies; 503 int entries, gc_thresh3; 504 505 if (exempt_from_gc) 506 goto do_alloc; 507 508 entries = atomic_inc_return(&tbl->gc_entries) - 1; 509 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 510 if (entries >= gc_thresh3 || 511 (entries >= READ_ONCE(tbl->gc_thresh2) && 512 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 513 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 514 net_info_ratelimited("%s: neighbor table overflow!\n", 515 tbl->id); 516 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 517 goto out_entries; 518 } 519 } 520 521 do_alloc: 522 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 523 if (!n) 524 goto out_entries; 525 526 __skb_queue_head_init(&n->arp_queue); 527 rwlock_init(&n->lock); 528 seqlock_init(&n->ha_lock); 529 n->updated = n->used = now; 530 n->nud_state = NUD_NONE; 531 n->output = neigh_blackhole; 532 n->flags = flags; 533 seqlock_init(&n->hh.hh_lock); 534 n->parms = neigh_parms_clone(&tbl->parms); 535 timer_setup(&n->timer, neigh_timer_handler, 0); 536 537 NEIGH_CACHE_STAT_INC(tbl, allocs); 538 n->tbl = tbl; 539 refcount_set(&n->refcnt, 1); 540 n->dead = 1; 541 INIT_LIST_HEAD(&n->gc_list); 542 INIT_LIST_HEAD(&n->managed_list); 543 544 atomic_inc(&tbl->entries); 545 out: 546 return n; 547 548 out_entries: 549 if (!exempt_from_gc) 550 atomic_dec(&tbl->gc_entries); 551 goto out; 552 } 553 554 static void neigh_get_hash_rnd(u32 *x) 555 { 556 *x = get_random_u32() | 1; 557 } 558 559 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 560 { 561 size_t size = (1 << shift) * sizeof(struct hlist_head); 562 struct hlist_head *hash_heads; 563 struct neigh_hash_table *ret; 564 int i; 565 566 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 567 if (!ret) 568 return NULL; 569 570 hash_heads = kzalloc(size, GFP_ATOMIC); 571 if (!hash_heads) { 572 kfree(ret); 573 return NULL; 574 } 575 ret->hash_heads = hash_heads; 576 ret->hash_shift = shift; 577 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 578 neigh_get_hash_rnd(&ret->hash_rnd[i]); 579 return ret; 580 } 581 582 static void neigh_hash_free_rcu(struct rcu_head *head) 583 { 584 struct neigh_hash_table *nht = container_of(head, 585 struct neigh_hash_table, 586 rcu); 587 588 kfree(nht->hash_heads); 589 kfree(nht); 590 } 591 592 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 593 unsigned long new_shift) 594 { 595 unsigned int i, hash; 596 struct neigh_hash_table *new_nht, *old_nht; 597 598 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 599 600 old_nht = rcu_dereference_protected(tbl->nht, 601 lockdep_is_held(&tbl->lock)); 602 new_nht = neigh_hash_alloc(new_shift); 603 if (!new_nht) 604 return old_nht; 605 606 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 607 struct hlist_node *tmp; 608 struct neighbour *n; 609 610 neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) { 611 hash = tbl->hash(n->primary_key, n->dev, 612 new_nht->hash_rnd); 613 614 hash >>= (32 - new_nht->hash_shift); 615 616 hlist_del_rcu(&n->hash); 617 hlist_add_head_rcu(&n->hash, &new_nht->hash_heads[hash]); 618 } 619 } 620 621 rcu_assign_pointer(tbl->nht, new_nht); 622 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 623 return new_nht; 624 } 625 626 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 627 struct net_device *dev) 628 { 629 struct neighbour *n; 630 631 NEIGH_CACHE_STAT_INC(tbl, lookups); 632 633 rcu_read_lock(); 634 n = __neigh_lookup_noref(tbl, pkey, dev); 635 if (n) { 636 if (!refcount_inc_not_zero(&n->refcnt)) 637 n = NULL; 638 NEIGH_CACHE_STAT_INC(tbl, hits); 639 } 640 641 rcu_read_unlock(); 642 return n; 643 } 644 EXPORT_SYMBOL(neigh_lookup); 645 646 static struct neighbour * 647 ___neigh_create(struct neigh_table *tbl, const void *pkey, 648 struct net_device *dev, u32 flags, 649 bool exempt_from_gc, bool want_ref) 650 { 651 u32 hash_val, key_len = tbl->key_len; 652 struct neighbour *n1, *rc, *n; 653 struct neigh_hash_table *nht; 654 int error; 655 656 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 657 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 658 if (!n) { 659 rc = ERR_PTR(-ENOBUFS); 660 goto out; 661 } 662 663 memcpy(n->primary_key, pkey, key_len); 664 n->dev = dev; 665 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 666 667 /* Protocol specific setup. */ 668 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 669 rc = ERR_PTR(error); 670 goto out_neigh_release; 671 } 672 673 if (dev->netdev_ops->ndo_neigh_construct) { 674 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 675 if (error < 0) { 676 rc = ERR_PTR(error); 677 goto out_neigh_release; 678 } 679 } 680 681 /* Device specific setup. */ 682 if (n->parms->neigh_setup && 683 (error = n->parms->neigh_setup(n)) < 0) { 684 rc = ERR_PTR(error); 685 goto out_neigh_release; 686 } 687 688 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 689 690 spin_lock_bh(&tbl->lock); 691 nht = rcu_dereference_protected(tbl->nht, 692 lockdep_is_held(&tbl->lock)); 693 694 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 695 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 696 697 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 698 699 if (n->parms->dead) { 700 rc = ERR_PTR(-EINVAL); 701 goto out_tbl_unlock; 702 } 703 704 neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) { 705 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 706 if (want_ref) 707 neigh_hold(n1); 708 rc = n1; 709 goto out_tbl_unlock; 710 } 711 } 712 713 n->dead = 0; 714 if (!exempt_from_gc) 715 list_add_tail(&n->gc_list, &n->tbl->gc_list); 716 if (n->flags & NTF_MANAGED) 717 list_add_tail(&n->managed_list, &n->tbl->managed_list); 718 if (want_ref) 719 neigh_hold(n); 720 hlist_add_head_rcu(&n->hash, &nht->hash_heads[hash_val]); 721 722 hlist_add_head_rcu(&n->dev_list, 723 neigh_get_dev_table(dev, tbl->family)); 724 725 spin_unlock_bh(&tbl->lock); 726 neigh_dbg(2, "neigh %p is created\n", n); 727 rc = n; 728 out: 729 return rc; 730 out_tbl_unlock: 731 spin_unlock_bh(&tbl->lock); 732 out_neigh_release: 733 if (!exempt_from_gc) 734 atomic_dec(&tbl->gc_entries); 735 neigh_release(n); 736 goto out; 737 } 738 739 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 740 struct net_device *dev, bool want_ref) 741 { 742 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 743 744 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 745 } 746 EXPORT_SYMBOL(__neigh_create); 747 748 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 749 { 750 u32 hash_val = *(u32 *)(pkey + key_len - 4); 751 hash_val ^= (hash_val >> 16); 752 hash_val ^= hash_val >> 8; 753 hash_val ^= hash_val >> 4; 754 hash_val &= PNEIGH_HASHMASK; 755 return hash_val; 756 } 757 758 struct pneigh_entry *pneigh_lookup(struct neigh_table *tbl, 759 struct net *net, const void *pkey, 760 struct net_device *dev) 761 { 762 struct pneigh_entry *n; 763 unsigned int key_len; 764 u32 hash_val; 765 766 key_len = tbl->key_len; 767 hash_val = pneigh_hash(pkey, key_len); 768 n = rcu_dereference_check(tbl->phash_buckets[hash_val], 769 lockdep_is_held(&tbl->phash_lock)); 770 771 while (n) { 772 if (!memcmp(n->key, pkey, key_len) && 773 net_eq(pneigh_net(n), net) && 774 (n->dev == dev || !n->dev)) 775 return n; 776 777 n = rcu_dereference_check(n->next, lockdep_is_held(&tbl->phash_lock)); 778 } 779 780 return NULL; 781 } 782 EXPORT_IPV6_MOD(pneigh_lookup); 783 784 int pneigh_create(struct neigh_table *tbl, struct net *net, 785 const void *pkey, struct net_device *dev, 786 u32 flags, u8 protocol, bool permanent) 787 { 788 struct pneigh_entry *n; 789 unsigned int key_len; 790 u32 hash_val; 791 int err = 0; 792 793 mutex_lock(&tbl->phash_lock); 794 795 n = pneigh_lookup(tbl, net, pkey, dev); 796 if (n) 797 goto update; 798 799 key_len = tbl->key_len; 800 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 801 if (!n) { 802 err = -ENOBUFS; 803 goto out; 804 } 805 806 write_pnet(&n->net, net); 807 memcpy(n->key, pkey, key_len); 808 n->dev = dev; 809 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 810 811 if (tbl->pconstructor && tbl->pconstructor(n)) { 812 netdev_put(dev, &n->dev_tracker); 813 kfree(n); 814 err = -ENOBUFS; 815 goto out; 816 } 817 818 hash_val = pneigh_hash(pkey, key_len); 819 n->next = tbl->phash_buckets[hash_val]; 820 rcu_assign_pointer(tbl->phash_buckets[hash_val], n); 821 update: 822 WRITE_ONCE(n->flags, flags); 823 n->permanent = permanent; 824 WRITE_ONCE(n->protocol, protocol); 825 out: 826 mutex_unlock(&tbl->phash_lock); 827 return err; 828 } 829 830 static void pneigh_destroy(struct rcu_head *rcu) 831 { 832 struct pneigh_entry *n = container_of(rcu, struct pneigh_entry, rcu); 833 834 netdev_put(n->dev, &n->dev_tracker); 835 kfree(n); 836 } 837 838 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 839 struct net_device *dev) 840 { 841 struct pneigh_entry *n, __rcu **np; 842 unsigned int key_len; 843 u32 hash_val; 844 845 key_len = tbl->key_len; 846 hash_val = pneigh_hash(pkey, key_len); 847 848 mutex_lock(&tbl->phash_lock); 849 850 for (np = &tbl->phash_buckets[hash_val]; 851 (n = rcu_dereference_protected(*np, 1)) != NULL; 852 np = &n->next) { 853 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 854 net_eq(pneigh_net(n), net)) { 855 rcu_assign_pointer(*np, n->next); 856 857 mutex_unlock(&tbl->phash_lock); 858 859 if (tbl->pdestructor) 860 tbl->pdestructor(n); 861 862 call_rcu(&n->rcu, pneigh_destroy); 863 return 0; 864 } 865 } 866 867 mutex_unlock(&tbl->phash_lock); 868 return -ENOENT; 869 } 870 871 static void pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 872 bool skip_perm) 873 { 874 struct pneigh_entry *n, __rcu **np; 875 LIST_HEAD(head); 876 u32 h; 877 878 mutex_lock(&tbl->phash_lock); 879 880 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 881 np = &tbl->phash_buckets[h]; 882 while ((n = rcu_dereference_protected(*np, 1)) != NULL) { 883 if (skip_perm && n->permanent) 884 goto skip; 885 if (!dev || n->dev == dev) { 886 rcu_assign_pointer(*np, n->next); 887 list_add(&n->free_node, &head); 888 continue; 889 } 890 skip: 891 np = &n->next; 892 } 893 } 894 895 mutex_unlock(&tbl->phash_lock); 896 897 while (!list_empty(&head)) { 898 n = list_first_entry(&head, typeof(*n), free_node); 899 list_del(&n->free_node); 900 901 if (tbl->pdestructor) 902 tbl->pdestructor(n); 903 904 call_rcu(&n->rcu, pneigh_destroy); 905 } 906 } 907 908 static inline void neigh_parms_put(struct neigh_parms *parms) 909 { 910 if (refcount_dec_and_test(&parms->refcnt)) 911 kfree(parms); 912 } 913 914 /* 915 * neighbour must already be out of the table; 916 * 917 */ 918 void neigh_destroy(struct neighbour *neigh) 919 { 920 struct net_device *dev = neigh->dev; 921 922 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 923 924 if (!neigh->dead) { 925 pr_warn("Destroying alive neighbour %p\n", neigh); 926 dump_stack(); 927 return; 928 } 929 930 if (neigh_del_timer(neigh)) 931 pr_warn("Impossible event\n"); 932 933 write_lock_bh(&neigh->lock); 934 __skb_queue_purge(&neigh->arp_queue); 935 write_unlock_bh(&neigh->lock); 936 neigh->arp_queue_len_bytes = 0; 937 938 if (dev->netdev_ops->ndo_neigh_destroy) 939 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 940 941 netdev_put(dev, &neigh->dev_tracker); 942 neigh_parms_put(neigh->parms); 943 944 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 945 946 atomic_dec(&neigh->tbl->entries); 947 kfree_rcu(neigh, rcu); 948 } 949 EXPORT_SYMBOL(neigh_destroy); 950 951 /* Neighbour state is suspicious; 952 disable fast path. 953 954 Called with write_locked neigh. 955 */ 956 static void neigh_suspect(struct neighbour *neigh) 957 { 958 neigh_dbg(2, "neigh %p is suspected\n", neigh); 959 960 WRITE_ONCE(neigh->output, neigh->ops->output); 961 } 962 963 /* Neighbour state is OK; 964 enable fast path. 965 966 Called with write_locked neigh. 967 */ 968 static void neigh_connect(struct neighbour *neigh) 969 { 970 neigh_dbg(2, "neigh %p is connected\n", neigh); 971 972 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 973 } 974 975 static void neigh_periodic_work(struct work_struct *work) 976 { 977 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 978 struct neigh_hash_table *nht; 979 struct hlist_node *tmp; 980 struct neighbour *n; 981 unsigned int i; 982 983 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 984 985 spin_lock_bh(&tbl->lock); 986 nht = rcu_dereference_protected(tbl->nht, 987 lockdep_is_held(&tbl->lock)); 988 989 /* 990 * periodically recompute ReachableTime from random function 991 */ 992 993 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 994 struct neigh_parms *p; 995 996 WRITE_ONCE(tbl->last_rand, jiffies); 997 list_for_each_entry(p, &tbl->parms_list, list) 998 neigh_set_reach_time(p); 999 } 1000 1001 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 1002 goto out; 1003 1004 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 1005 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) { 1006 unsigned int state; 1007 1008 write_lock(&n->lock); 1009 1010 state = n->nud_state; 1011 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 1012 (n->flags & 1013 (NTF_EXT_LEARNED | NTF_EXT_VALIDATED))) { 1014 write_unlock(&n->lock); 1015 continue; 1016 } 1017 1018 if (time_before(n->used, n->confirmed) && 1019 time_is_before_eq_jiffies(n->confirmed)) 1020 n->used = n->confirmed; 1021 1022 if (refcount_read(&n->refcnt) == 1 && 1023 (state == NUD_FAILED || 1024 !time_in_range_open(jiffies, n->used, 1025 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 1026 hlist_del_rcu(&n->hash); 1027 hlist_del_rcu(&n->dev_list); 1028 neigh_mark_dead(n); 1029 write_unlock(&n->lock); 1030 neigh_cleanup_and_release(n); 1031 continue; 1032 } 1033 write_unlock(&n->lock); 1034 } 1035 /* 1036 * It's fine to release lock here, even if hash table 1037 * grows while we are preempted. 1038 */ 1039 spin_unlock_bh(&tbl->lock); 1040 cond_resched(); 1041 spin_lock_bh(&tbl->lock); 1042 nht = rcu_dereference_protected(tbl->nht, 1043 lockdep_is_held(&tbl->lock)); 1044 } 1045 out: 1046 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1047 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1048 * BASE_REACHABLE_TIME. 1049 */ 1050 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1051 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1052 spin_unlock_bh(&tbl->lock); 1053 } 1054 1055 static __inline__ int neigh_max_probes(struct neighbour *n) 1056 { 1057 struct neigh_parms *p = n->parms; 1058 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1059 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1060 NEIGH_VAR(p, MCAST_PROBES)); 1061 } 1062 1063 static void neigh_invalidate(struct neighbour *neigh) 1064 __releases(neigh->lock) 1065 __acquires(neigh->lock) 1066 { 1067 struct sk_buff *skb; 1068 1069 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1070 neigh_dbg(2, "neigh %p is failed\n", neigh); 1071 neigh->updated = jiffies; 1072 1073 /* It is very thin place. report_unreachable is very complicated 1074 routine. Particularly, it can hit the same neighbour entry! 1075 1076 So that, we try to be accurate and avoid dead loop. --ANK 1077 */ 1078 while (neigh->nud_state == NUD_FAILED && 1079 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1080 write_unlock(&neigh->lock); 1081 neigh->ops->error_report(neigh, skb); 1082 write_lock(&neigh->lock); 1083 } 1084 __skb_queue_purge(&neigh->arp_queue); 1085 neigh->arp_queue_len_bytes = 0; 1086 } 1087 1088 static void neigh_probe(struct neighbour *neigh) 1089 __releases(neigh->lock) 1090 { 1091 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1092 /* keep skb alive even if arp_queue overflows */ 1093 if (skb) 1094 skb = skb_clone(skb, GFP_ATOMIC); 1095 write_unlock(&neigh->lock); 1096 if (neigh->ops->solicit) 1097 neigh->ops->solicit(neigh, skb); 1098 atomic_inc(&neigh->probes); 1099 consume_skb(skb); 1100 } 1101 1102 /* Called when a timer expires for a neighbour entry. */ 1103 1104 static void neigh_timer_handler(struct timer_list *t) 1105 { 1106 unsigned long now, next; 1107 struct neighbour *neigh = timer_container_of(neigh, t, timer); 1108 unsigned int state; 1109 int notify = 0; 1110 1111 write_lock(&neigh->lock); 1112 1113 state = neigh->nud_state; 1114 now = jiffies; 1115 next = now + HZ; 1116 1117 if (!(state & NUD_IN_TIMER)) 1118 goto out; 1119 1120 if (state & NUD_REACHABLE) { 1121 if (time_before_eq(now, 1122 neigh->confirmed + neigh->parms->reachable_time)) { 1123 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1124 next = neigh->confirmed + neigh->parms->reachable_time; 1125 } else if (time_before_eq(now, 1126 neigh->used + 1127 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1128 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1129 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1130 neigh->updated = jiffies; 1131 neigh_suspect(neigh); 1132 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1133 } else { 1134 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1135 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1136 neigh->updated = jiffies; 1137 neigh_suspect(neigh); 1138 notify = 1; 1139 } 1140 } else if (state & NUD_DELAY) { 1141 if (time_before_eq(now, 1142 neigh->confirmed + 1143 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1144 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1145 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1146 neigh->updated = jiffies; 1147 neigh_connect(neigh); 1148 notify = 1; 1149 next = neigh->confirmed + neigh->parms->reachable_time; 1150 } else { 1151 neigh_dbg(2, "neigh %p is probed\n", neigh); 1152 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1153 neigh->updated = jiffies; 1154 atomic_set(&neigh->probes, 0); 1155 notify = 1; 1156 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1157 HZ/100); 1158 } 1159 } else { 1160 /* NUD_PROBE|NUD_INCOMPLETE */ 1161 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1162 } 1163 1164 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1165 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1166 if (neigh->nud_state == NUD_PROBE && 1167 neigh->flags & NTF_EXT_VALIDATED) { 1168 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1169 neigh->updated = jiffies; 1170 } else { 1171 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1172 neigh_invalidate(neigh); 1173 } 1174 notify = 1; 1175 goto out; 1176 } 1177 1178 if (neigh->nud_state & NUD_IN_TIMER) { 1179 if (time_before(next, jiffies + HZ/100)) 1180 next = jiffies + HZ/100; 1181 if (!mod_timer(&neigh->timer, next)) 1182 neigh_hold(neigh); 1183 } 1184 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1185 neigh_probe(neigh); 1186 } else { 1187 out: 1188 write_unlock(&neigh->lock); 1189 } 1190 1191 if (notify) 1192 neigh_update_notify(neigh, 0); 1193 1194 trace_neigh_timer_handler(neigh, 0); 1195 1196 neigh_release(neigh); 1197 } 1198 1199 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1200 const bool immediate_ok) 1201 { 1202 int rc; 1203 bool immediate_probe = false; 1204 1205 write_lock_bh(&neigh->lock); 1206 1207 rc = 0; 1208 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1209 goto out_unlock_bh; 1210 if (neigh->dead) 1211 goto out_dead; 1212 1213 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1214 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1215 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1216 unsigned long next, now = jiffies; 1217 1218 atomic_set(&neigh->probes, 1219 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1220 neigh_del_timer(neigh); 1221 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1222 neigh->updated = now; 1223 if (!immediate_ok) { 1224 next = now + 1; 1225 } else { 1226 immediate_probe = true; 1227 next = now + max(NEIGH_VAR(neigh->parms, 1228 RETRANS_TIME), 1229 HZ / 100); 1230 } 1231 neigh_add_timer(neigh, next); 1232 } else { 1233 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1234 neigh->updated = jiffies; 1235 write_unlock_bh(&neigh->lock); 1236 1237 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1238 return 1; 1239 } 1240 } else if (neigh->nud_state & NUD_STALE) { 1241 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1242 neigh_del_timer(neigh); 1243 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1244 neigh->updated = jiffies; 1245 neigh_add_timer(neigh, jiffies + 1246 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1247 } 1248 1249 if (neigh->nud_state == NUD_INCOMPLETE) { 1250 if (skb) { 1251 while (neigh->arp_queue_len_bytes + skb->truesize > 1252 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1253 struct sk_buff *buff; 1254 1255 buff = __skb_dequeue(&neigh->arp_queue); 1256 if (!buff) 1257 break; 1258 neigh->arp_queue_len_bytes -= buff->truesize; 1259 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1260 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1261 } 1262 skb_dst_force(skb); 1263 __skb_queue_tail(&neigh->arp_queue, skb); 1264 neigh->arp_queue_len_bytes += skb->truesize; 1265 } 1266 rc = 1; 1267 } 1268 out_unlock_bh: 1269 if (immediate_probe) 1270 neigh_probe(neigh); 1271 else 1272 write_unlock(&neigh->lock); 1273 local_bh_enable(); 1274 trace_neigh_event_send_done(neigh, rc); 1275 return rc; 1276 1277 out_dead: 1278 if (neigh->nud_state & NUD_STALE) 1279 goto out_unlock_bh; 1280 write_unlock_bh(&neigh->lock); 1281 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1282 trace_neigh_event_send_dead(neigh, 1); 1283 return 1; 1284 } 1285 EXPORT_SYMBOL(__neigh_event_send); 1286 1287 static void neigh_update_hhs(struct neighbour *neigh) 1288 { 1289 struct hh_cache *hh; 1290 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1291 = NULL; 1292 1293 if (neigh->dev->header_ops) 1294 update = neigh->dev->header_ops->cache_update; 1295 1296 if (update) { 1297 hh = &neigh->hh; 1298 if (READ_ONCE(hh->hh_len)) { 1299 write_seqlock_bh(&hh->hh_lock); 1300 update(hh, neigh->dev, neigh->ha); 1301 write_sequnlock_bh(&hh->hh_lock); 1302 } 1303 } 1304 } 1305 1306 /* Generic update routine. 1307 -- lladdr is new lladdr or NULL, if it is not supplied. 1308 -- new is new state. 1309 -- flags 1310 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1311 if it is different. 1312 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1313 lladdr instead of overriding it 1314 if it is different. 1315 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1316 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1317 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1318 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1319 NTF_ROUTER flag. 1320 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1321 a router. 1322 NEIGH_UPDATE_F_EXT_VALIDATED means that the entry will not be removed 1323 or invalidated. 1324 1325 Caller MUST hold reference count on the entry. 1326 */ 1327 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1328 u8 new, u32 flags, u32 nlmsg_pid, 1329 struct netlink_ext_ack *extack) 1330 { 1331 bool gc_update = false, managed_update = false; 1332 int update_isrouter = 0; 1333 struct net_device *dev; 1334 int err, notify = 0; 1335 u8 old; 1336 1337 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1338 1339 write_lock_bh(&neigh->lock); 1340 1341 dev = neigh->dev; 1342 old = neigh->nud_state; 1343 err = -EPERM; 1344 1345 if (neigh->dead) { 1346 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1347 new = old; 1348 goto out; 1349 } 1350 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1351 (old & (NUD_NOARP | NUD_PERMANENT))) 1352 goto out; 1353 1354 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1355 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1356 new = old & ~NUD_PERMANENT; 1357 WRITE_ONCE(neigh->nud_state, new); 1358 err = 0; 1359 goto out; 1360 } 1361 1362 if (!(new & NUD_VALID)) { 1363 neigh_del_timer(neigh); 1364 if (old & NUD_CONNECTED) 1365 neigh_suspect(neigh); 1366 WRITE_ONCE(neigh->nud_state, new); 1367 err = 0; 1368 notify = old & NUD_VALID; 1369 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1370 (new & NUD_FAILED)) { 1371 neigh_invalidate(neigh); 1372 notify = 1; 1373 } 1374 goto out; 1375 } 1376 1377 /* Compare new lladdr with cached one */ 1378 if (!dev->addr_len) { 1379 /* First case: device needs no address. */ 1380 lladdr = neigh->ha; 1381 } else if (lladdr) { 1382 /* The second case: if something is already cached 1383 and a new address is proposed: 1384 - compare new & old 1385 - if they are different, check override flag 1386 */ 1387 if ((old & NUD_VALID) && 1388 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1389 lladdr = neigh->ha; 1390 } else { 1391 /* No address is supplied; if we know something, 1392 use it, otherwise discard the request. 1393 */ 1394 err = -EINVAL; 1395 if (!(old & NUD_VALID)) { 1396 NL_SET_ERR_MSG(extack, "No link layer address given"); 1397 goto out; 1398 } 1399 lladdr = neigh->ha; 1400 } 1401 1402 /* Update confirmed timestamp for neighbour entry after we 1403 * received ARP packet even if it doesn't change IP to MAC binding. 1404 */ 1405 if (new & NUD_CONNECTED) 1406 neigh->confirmed = jiffies; 1407 1408 /* If entry was valid and address is not changed, 1409 do not change entry state, if new one is STALE. 1410 */ 1411 err = 0; 1412 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1413 if (old & NUD_VALID) { 1414 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1415 update_isrouter = 0; 1416 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1417 (old & NUD_CONNECTED)) { 1418 lladdr = neigh->ha; 1419 new = NUD_STALE; 1420 } else 1421 goto out; 1422 } else { 1423 if (lladdr == neigh->ha && new == NUD_STALE && 1424 !(flags & NEIGH_UPDATE_F_ADMIN)) 1425 new = old; 1426 } 1427 } 1428 1429 /* Update timestamp only once we know we will make a change to the 1430 * neighbour entry. Otherwise we risk to move the locktime window with 1431 * noop updates and ignore relevant ARP updates. 1432 */ 1433 if (new != old || lladdr != neigh->ha) 1434 neigh->updated = jiffies; 1435 1436 if (new != old) { 1437 neigh_del_timer(neigh); 1438 if (new & NUD_PROBE) 1439 atomic_set(&neigh->probes, 0); 1440 if (new & NUD_IN_TIMER) 1441 neigh_add_timer(neigh, (jiffies + 1442 ((new & NUD_REACHABLE) ? 1443 neigh->parms->reachable_time : 1444 0))); 1445 WRITE_ONCE(neigh->nud_state, new); 1446 notify = 1; 1447 } 1448 1449 if (lladdr != neigh->ha) { 1450 write_seqlock(&neigh->ha_lock); 1451 memcpy(&neigh->ha, lladdr, dev->addr_len); 1452 write_sequnlock(&neigh->ha_lock); 1453 neigh_update_hhs(neigh); 1454 if (!(new & NUD_CONNECTED)) 1455 neigh->confirmed = jiffies - 1456 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1457 notify = 1; 1458 } 1459 if (new == old) 1460 goto out; 1461 if (new & NUD_CONNECTED) 1462 neigh_connect(neigh); 1463 else 1464 neigh_suspect(neigh); 1465 if (!(old & NUD_VALID)) { 1466 struct sk_buff *skb; 1467 1468 /* Again: avoid dead loop if something went wrong */ 1469 1470 while (neigh->nud_state & NUD_VALID && 1471 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1472 struct dst_entry *dst = skb_dst(skb); 1473 struct neighbour *n2, *n1 = neigh; 1474 write_unlock_bh(&neigh->lock); 1475 1476 rcu_read_lock(); 1477 1478 /* Why not just use 'neigh' as-is? The problem is that 1479 * things such as shaper, eql, and sch_teql can end up 1480 * using alternative, different, neigh objects to output 1481 * the packet in the output path. So what we need to do 1482 * here is re-lookup the top-level neigh in the path so 1483 * we can reinject the packet there. 1484 */ 1485 n2 = NULL; 1486 if (dst && 1487 READ_ONCE(dst->obsolete) != DST_OBSOLETE_DEAD) { 1488 n2 = dst_neigh_lookup_skb(dst, skb); 1489 if (n2) 1490 n1 = n2; 1491 } 1492 READ_ONCE(n1->output)(n1, skb); 1493 if (n2) 1494 neigh_release(n2); 1495 rcu_read_unlock(); 1496 1497 write_lock_bh(&neigh->lock); 1498 } 1499 __skb_queue_purge(&neigh->arp_queue); 1500 neigh->arp_queue_len_bytes = 0; 1501 } 1502 out: 1503 if (update_isrouter) 1504 neigh_update_is_router(neigh, flags, ¬ify); 1505 write_unlock_bh(&neigh->lock); 1506 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1507 neigh_update_gc_list(neigh); 1508 if (managed_update) 1509 neigh_update_managed_list(neigh); 1510 if (notify) 1511 neigh_update_notify(neigh, nlmsg_pid); 1512 trace_neigh_update_done(neigh, err); 1513 return err; 1514 } 1515 1516 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1517 u32 flags, u32 nlmsg_pid) 1518 { 1519 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1520 } 1521 EXPORT_SYMBOL(neigh_update); 1522 1523 /* Update the neigh to listen temporarily for probe responses, even if it is 1524 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1525 */ 1526 void __neigh_set_probe_once(struct neighbour *neigh) 1527 { 1528 if (neigh->dead) 1529 return; 1530 neigh->updated = jiffies; 1531 if (!(neigh->nud_state & NUD_FAILED)) 1532 return; 1533 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1534 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1535 neigh_add_timer(neigh, 1536 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1537 HZ/100)); 1538 } 1539 EXPORT_SYMBOL(__neigh_set_probe_once); 1540 1541 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1542 u8 *lladdr, void *saddr, 1543 struct net_device *dev) 1544 { 1545 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1546 lladdr || !dev->addr_len); 1547 if (neigh) 1548 neigh_update(neigh, lladdr, NUD_STALE, 1549 NEIGH_UPDATE_F_OVERRIDE, 0); 1550 return neigh; 1551 } 1552 EXPORT_SYMBOL(neigh_event_ns); 1553 1554 /* called with read_lock_bh(&n->lock); */ 1555 static void neigh_hh_init(struct neighbour *n) 1556 { 1557 struct net_device *dev = n->dev; 1558 __be16 prot = n->tbl->protocol; 1559 struct hh_cache *hh = &n->hh; 1560 1561 write_lock_bh(&n->lock); 1562 1563 /* Only one thread can come in here and initialize the 1564 * hh_cache entry. 1565 */ 1566 if (!hh->hh_len) 1567 dev->header_ops->cache(n, hh, prot); 1568 1569 write_unlock_bh(&n->lock); 1570 } 1571 1572 /* Slow and careful. */ 1573 1574 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1575 { 1576 int rc = 0; 1577 1578 if (!neigh_event_send(neigh, skb)) { 1579 int err; 1580 struct net_device *dev = neigh->dev; 1581 unsigned int seq; 1582 1583 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1584 neigh_hh_init(neigh); 1585 1586 do { 1587 __skb_pull(skb, skb_network_offset(skb)); 1588 seq = read_seqbegin(&neigh->ha_lock); 1589 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1590 neigh->ha, NULL, skb->len); 1591 } while (read_seqretry(&neigh->ha_lock, seq)); 1592 1593 if (err >= 0) 1594 rc = dev_queue_xmit(skb); 1595 else 1596 goto out_kfree_skb; 1597 } 1598 out: 1599 return rc; 1600 out_kfree_skb: 1601 rc = -EINVAL; 1602 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1603 goto out; 1604 } 1605 EXPORT_SYMBOL(neigh_resolve_output); 1606 1607 /* As fast as possible without hh cache */ 1608 1609 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1610 { 1611 struct net_device *dev = neigh->dev; 1612 unsigned int seq; 1613 int err; 1614 1615 do { 1616 __skb_pull(skb, skb_network_offset(skb)); 1617 seq = read_seqbegin(&neigh->ha_lock); 1618 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1619 neigh->ha, NULL, skb->len); 1620 } while (read_seqretry(&neigh->ha_lock, seq)); 1621 1622 if (err >= 0) 1623 err = dev_queue_xmit(skb); 1624 else { 1625 err = -EINVAL; 1626 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1627 } 1628 return err; 1629 } 1630 EXPORT_SYMBOL(neigh_connected_output); 1631 1632 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1633 { 1634 return dev_queue_xmit(skb); 1635 } 1636 EXPORT_SYMBOL(neigh_direct_output); 1637 1638 static void neigh_managed_work(struct work_struct *work) 1639 { 1640 struct neigh_table *tbl = container_of(work, struct neigh_table, 1641 managed_work.work); 1642 struct neighbour *neigh; 1643 1644 spin_lock_bh(&tbl->lock); 1645 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1646 neigh_event_send_probe(neigh, NULL, false); 1647 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1648 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1649 spin_unlock_bh(&tbl->lock); 1650 } 1651 1652 static void neigh_proxy_process(struct timer_list *t) 1653 { 1654 struct neigh_table *tbl = timer_container_of(tbl, t, proxy_timer); 1655 long sched_next = 0; 1656 unsigned long now = jiffies; 1657 struct sk_buff *skb, *n; 1658 1659 spin_lock(&tbl->proxy_queue.lock); 1660 1661 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1662 long tdif = NEIGH_CB(skb)->sched_next - now; 1663 1664 if (tdif <= 0) { 1665 struct net_device *dev = skb->dev; 1666 1667 neigh_parms_qlen_dec(dev, tbl->family); 1668 __skb_unlink(skb, &tbl->proxy_queue); 1669 1670 if (tbl->proxy_redo && netif_running(dev)) { 1671 rcu_read_lock(); 1672 tbl->proxy_redo(skb); 1673 rcu_read_unlock(); 1674 } else { 1675 kfree_skb(skb); 1676 } 1677 1678 dev_put(dev); 1679 } else if (!sched_next || tdif < sched_next) 1680 sched_next = tdif; 1681 } 1682 timer_delete(&tbl->proxy_timer); 1683 if (sched_next) 1684 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1685 spin_unlock(&tbl->proxy_queue.lock); 1686 } 1687 1688 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1689 { 1690 /* If proxy_delay is zero, do not call get_random_u32_below() 1691 * as it is undefined behavior. 1692 */ 1693 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1694 1695 return proxy_delay ? 1696 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1697 } 1698 1699 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1700 struct sk_buff *skb) 1701 { 1702 unsigned long sched_next = neigh_proxy_delay(p); 1703 1704 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1705 kfree_skb(skb); 1706 return; 1707 } 1708 1709 NEIGH_CB(skb)->sched_next = sched_next; 1710 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1711 1712 spin_lock(&tbl->proxy_queue.lock); 1713 if (timer_delete(&tbl->proxy_timer)) { 1714 if (time_before(tbl->proxy_timer.expires, sched_next)) 1715 sched_next = tbl->proxy_timer.expires; 1716 } 1717 skb_dst_drop(skb); 1718 dev_hold(skb->dev); 1719 __skb_queue_tail(&tbl->proxy_queue, skb); 1720 p->qlen++; 1721 mod_timer(&tbl->proxy_timer, sched_next); 1722 spin_unlock(&tbl->proxy_queue.lock); 1723 } 1724 EXPORT_SYMBOL(pneigh_enqueue); 1725 1726 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1727 struct net *net, int ifindex) 1728 { 1729 struct neigh_parms *p; 1730 1731 list_for_each_entry(p, &tbl->parms_list, list) { 1732 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1733 (!p->dev && !ifindex && net_eq(net, &init_net))) 1734 return p; 1735 } 1736 1737 return NULL; 1738 } 1739 1740 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1741 struct neigh_table *tbl) 1742 { 1743 struct neigh_parms *p; 1744 struct net *net = dev_net(dev); 1745 const struct net_device_ops *ops = dev->netdev_ops; 1746 1747 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1748 if (p) { 1749 p->tbl = tbl; 1750 refcount_set(&p->refcnt, 1); 1751 neigh_set_reach_time(p); 1752 p->qlen = 0; 1753 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1754 p->dev = dev; 1755 write_pnet(&p->net, net); 1756 p->sysctl_table = NULL; 1757 1758 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1759 netdev_put(dev, &p->dev_tracker); 1760 kfree(p); 1761 return NULL; 1762 } 1763 1764 spin_lock_bh(&tbl->lock); 1765 list_add_rcu(&p->list, &tbl->parms.list); 1766 spin_unlock_bh(&tbl->lock); 1767 1768 neigh_parms_data_state_cleanall(p); 1769 } 1770 return p; 1771 } 1772 EXPORT_SYMBOL(neigh_parms_alloc); 1773 1774 static void neigh_rcu_free_parms(struct rcu_head *head) 1775 { 1776 struct neigh_parms *parms = 1777 container_of(head, struct neigh_parms, rcu_head); 1778 1779 neigh_parms_put(parms); 1780 } 1781 1782 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1783 { 1784 if (!parms || parms == &tbl->parms) 1785 return; 1786 1787 spin_lock_bh(&tbl->lock); 1788 list_del_rcu(&parms->list); 1789 parms->dead = 1; 1790 spin_unlock_bh(&tbl->lock); 1791 1792 netdev_put(parms->dev, &parms->dev_tracker); 1793 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1794 } 1795 EXPORT_SYMBOL(neigh_parms_release); 1796 1797 static struct lock_class_key neigh_table_proxy_queue_class; 1798 1799 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1800 1801 void neigh_table_init(int index, struct neigh_table *tbl) 1802 { 1803 unsigned long now = jiffies; 1804 unsigned long phsize; 1805 1806 INIT_LIST_HEAD(&tbl->parms_list); 1807 INIT_LIST_HEAD(&tbl->gc_list); 1808 INIT_LIST_HEAD(&tbl->managed_list); 1809 1810 list_add(&tbl->parms.list, &tbl->parms_list); 1811 write_pnet(&tbl->parms.net, &init_net); 1812 refcount_set(&tbl->parms.refcnt, 1); 1813 neigh_set_reach_time(&tbl->parms); 1814 tbl->parms.qlen = 0; 1815 1816 tbl->stats = alloc_percpu(struct neigh_statistics); 1817 if (!tbl->stats) 1818 panic("cannot create neighbour cache statistics"); 1819 1820 #ifdef CONFIG_PROC_FS 1821 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1822 &neigh_stat_seq_ops, tbl)) 1823 panic("cannot create neighbour proc dir entry"); 1824 #endif 1825 1826 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1827 1828 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1829 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1830 1831 if (!tbl->nht || !tbl->phash_buckets) 1832 panic("cannot allocate neighbour cache hashes"); 1833 1834 if (!tbl->entry_size) 1835 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1836 tbl->key_len, NEIGH_PRIV_ALIGN); 1837 else 1838 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1839 1840 spin_lock_init(&tbl->lock); 1841 mutex_init(&tbl->phash_lock); 1842 1843 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1844 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1845 tbl->parms.reachable_time); 1846 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1847 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1848 1849 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1850 skb_queue_head_init_class(&tbl->proxy_queue, 1851 &neigh_table_proxy_queue_class); 1852 1853 tbl->last_flush = now; 1854 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1855 1856 rcu_assign_pointer(neigh_tables[index], tbl); 1857 } 1858 EXPORT_SYMBOL(neigh_table_init); 1859 1860 /* 1861 * Only called from ndisc_cleanup(), which means this is dead code 1862 * because we no longer can unload IPv6 module. 1863 */ 1864 int neigh_table_clear(int index, struct neigh_table *tbl) 1865 { 1866 RCU_INIT_POINTER(neigh_tables[index], NULL); 1867 synchronize_rcu(); 1868 1869 /* It is not clean... Fix it to unload IPv6 module safely */ 1870 cancel_delayed_work_sync(&tbl->managed_work); 1871 cancel_delayed_work_sync(&tbl->gc_work); 1872 timer_delete_sync(&tbl->proxy_timer); 1873 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1874 neigh_ifdown(tbl, NULL); 1875 if (atomic_read(&tbl->entries)) 1876 pr_crit("neighbour leakage\n"); 1877 1878 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1879 neigh_hash_free_rcu); 1880 tbl->nht = NULL; 1881 1882 kfree(tbl->phash_buckets); 1883 tbl->phash_buckets = NULL; 1884 1885 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1886 1887 free_percpu(tbl->stats); 1888 tbl->stats = NULL; 1889 1890 return 0; 1891 } 1892 EXPORT_SYMBOL(neigh_table_clear); 1893 1894 static struct neigh_table *neigh_find_table(int family) 1895 { 1896 struct neigh_table *tbl = NULL; 1897 1898 switch (family) { 1899 case AF_INET: 1900 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1901 break; 1902 case AF_INET6: 1903 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1904 break; 1905 } 1906 1907 return tbl; 1908 } 1909 1910 const struct nla_policy nda_policy[NDA_MAX+1] = { 1911 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1912 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1913 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1914 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1915 [NDA_PROBES] = { .type = NLA_U32 }, 1916 [NDA_VLAN] = { .type = NLA_U16 }, 1917 [NDA_PORT] = { .type = NLA_U16 }, 1918 [NDA_VNI] = { .type = NLA_U32 }, 1919 [NDA_IFINDEX] = { .type = NLA_U32 }, 1920 [NDA_MASTER] = { .type = NLA_U32 }, 1921 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1922 [NDA_NH_ID] = { .type = NLA_U32 }, 1923 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1924 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1925 }; 1926 1927 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1928 struct netlink_ext_ack *extack) 1929 { 1930 struct net *net = sock_net(skb->sk); 1931 struct ndmsg *ndm; 1932 struct nlattr *dst_attr; 1933 struct neigh_table *tbl; 1934 struct neighbour *neigh; 1935 struct net_device *dev = NULL; 1936 int err = -EINVAL; 1937 1938 ASSERT_RTNL(); 1939 if (nlmsg_len(nlh) < sizeof(*ndm)) 1940 goto out; 1941 1942 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1943 if (!dst_attr) { 1944 NL_SET_ERR_MSG(extack, "Network address not specified"); 1945 goto out; 1946 } 1947 1948 ndm = nlmsg_data(nlh); 1949 if (ndm->ndm_ifindex) { 1950 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1951 if (dev == NULL) { 1952 err = -ENODEV; 1953 goto out; 1954 } 1955 } 1956 1957 tbl = neigh_find_table(ndm->ndm_family); 1958 if (tbl == NULL) 1959 return -EAFNOSUPPORT; 1960 1961 if (nla_len(dst_attr) < (int)tbl->key_len) { 1962 NL_SET_ERR_MSG(extack, "Invalid network address"); 1963 goto out; 1964 } 1965 1966 if (ndm->ndm_flags & NTF_PROXY) { 1967 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1968 goto out; 1969 } 1970 1971 if (dev == NULL) 1972 goto out; 1973 1974 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1975 if (neigh == NULL) { 1976 err = -ENOENT; 1977 goto out; 1978 } 1979 1980 err = __neigh_update(neigh, NULL, NUD_FAILED, 1981 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1982 NETLINK_CB(skb).portid, extack); 1983 spin_lock_bh(&tbl->lock); 1984 neigh_release(neigh); 1985 neigh_remove_one(neigh); 1986 spin_unlock_bh(&tbl->lock); 1987 1988 out: 1989 return err; 1990 } 1991 1992 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1993 struct netlink_ext_ack *extack) 1994 { 1995 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1996 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1997 struct net *net = sock_net(skb->sk); 1998 struct ndmsg *ndm; 1999 struct nlattr *tb[NDA_MAX+1]; 2000 struct neigh_table *tbl; 2001 struct net_device *dev = NULL; 2002 struct neighbour *neigh; 2003 void *dst, *lladdr; 2004 u8 protocol = 0; 2005 u32 ndm_flags; 2006 int err; 2007 2008 ASSERT_RTNL(); 2009 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 2010 nda_policy, extack); 2011 if (err < 0) 2012 goto out; 2013 2014 err = -EINVAL; 2015 if (!tb[NDA_DST]) { 2016 NL_SET_ERR_MSG(extack, "Network address not specified"); 2017 goto out; 2018 } 2019 2020 ndm = nlmsg_data(nlh); 2021 ndm_flags = ndm->ndm_flags; 2022 if (tb[NDA_FLAGS_EXT]) { 2023 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 2024 2025 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 2026 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 2027 hweight32(NTF_EXT_MASK))); 2028 ndm_flags |= (ext << NTF_EXT_SHIFT); 2029 } 2030 if (ndm->ndm_ifindex) { 2031 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 2032 if (dev == NULL) { 2033 err = -ENODEV; 2034 goto out; 2035 } 2036 2037 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 2038 NL_SET_ERR_MSG(extack, "Invalid link address"); 2039 goto out; 2040 } 2041 } 2042 2043 tbl = neigh_find_table(ndm->ndm_family); 2044 if (tbl == NULL) 2045 return -EAFNOSUPPORT; 2046 2047 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 2048 NL_SET_ERR_MSG(extack, "Invalid network address"); 2049 goto out; 2050 } 2051 2052 dst = nla_data(tb[NDA_DST]); 2053 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2054 2055 if (tb[NDA_PROTOCOL]) 2056 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2057 if (ndm_flags & NTF_PROXY) { 2058 if (ndm_flags & (NTF_MANAGED | NTF_EXT_VALIDATED)) { 2059 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2060 goto out; 2061 } 2062 2063 err = pneigh_create(tbl, net, dst, dev, ndm_flags, protocol, 2064 !!(ndm->ndm_state & NUD_PERMANENT)); 2065 goto out; 2066 } 2067 2068 if (!dev) { 2069 NL_SET_ERR_MSG(extack, "Device not specified"); 2070 goto out; 2071 } 2072 2073 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2074 err = -EINVAL; 2075 goto out; 2076 } 2077 2078 neigh = neigh_lookup(tbl, dst, dev); 2079 if (neigh == NULL) { 2080 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2081 bool exempt_from_gc = ndm_permanent || 2082 ndm_flags & (NTF_EXT_LEARNED | 2083 NTF_EXT_VALIDATED); 2084 2085 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2086 err = -ENOENT; 2087 goto out; 2088 } 2089 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2090 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2091 err = -EINVAL; 2092 goto out; 2093 } 2094 if (ndm_flags & NTF_EXT_VALIDATED) { 2095 u8 state = ndm->ndm_state; 2096 2097 /* NTF_USE and NTF_MANAGED will result in the neighbor 2098 * being created with an invalid state (NUD_NONE). 2099 */ 2100 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2101 state = NUD_NONE; 2102 2103 if (!(state & NUD_VALID)) { 2104 NL_SET_ERR_MSG(extack, 2105 "Cannot create externally validated neighbor with an invalid state"); 2106 err = -EINVAL; 2107 goto out; 2108 } 2109 } 2110 2111 neigh = ___neigh_create(tbl, dst, dev, 2112 ndm_flags & 2113 (NTF_EXT_LEARNED | NTF_MANAGED | 2114 NTF_EXT_VALIDATED), 2115 exempt_from_gc, true); 2116 if (IS_ERR(neigh)) { 2117 err = PTR_ERR(neigh); 2118 goto out; 2119 } 2120 } else { 2121 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2122 err = -EEXIST; 2123 neigh_release(neigh); 2124 goto out; 2125 } 2126 if (ndm_flags & NTF_EXT_VALIDATED) { 2127 u8 state = ndm->ndm_state; 2128 2129 /* NTF_USE and NTF_MANAGED do not update the existing 2130 * state other than clearing it if it was 2131 * NUD_PERMANENT. 2132 */ 2133 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2134 state = READ_ONCE(neigh->nud_state) & ~NUD_PERMANENT; 2135 2136 if (!(state & NUD_VALID)) { 2137 NL_SET_ERR_MSG(extack, 2138 "Cannot mark neighbor as externally validated with an invalid state"); 2139 err = -EINVAL; 2140 neigh_release(neigh); 2141 goto out; 2142 } 2143 } 2144 2145 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2146 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2147 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2148 } 2149 2150 if (protocol) 2151 neigh->protocol = protocol; 2152 if (ndm_flags & NTF_EXT_LEARNED) 2153 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2154 if (ndm_flags & NTF_ROUTER) 2155 flags |= NEIGH_UPDATE_F_ISROUTER; 2156 if (ndm_flags & NTF_MANAGED) 2157 flags |= NEIGH_UPDATE_F_MANAGED; 2158 if (ndm_flags & NTF_USE) 2159 flags |= NEIGH_UPDATE_F_USE; 2160 if (ndm_flags & NTF_EXT_VALIDATED) 2161 flags |= NEIGH_UPDATE_F_EXT_VALIDATED; 2162 2163 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2164 NETLINK_CB(skb).portid, extack); 2165 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) 2166 neigh_event_send(neigh, NULL); 2167 neigh_release(neigh); 2168 out: 2169 return err; 2170 } 2171 2172 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2173 { 2174 struct nlattr *nest; 2175 2176 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2177 if (nest == NULL) 2178 return -ENOBUFS; 2179 2180 if ((parms->dev && 2181 nla_put_u32(skb, NDTPA_IFINDEX, READ_ONCE(parms->dev->ifindex))) || 2182 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2183 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2184 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2185 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2186 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2187 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2188 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2189 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2190 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2191 NEIGH_VAR(parms, UCAST_PROBES)) || 2192 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2193 NEIGH_VAR(parms, MCAST_PROBES)) || 2194 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2195 NEIGH_VAR(parms, MCAST_REPROBES)) || 2196 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, READ_ONCE(parms->reachable_time), 2197 NDTPA_PAD) || 2198 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2199 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2200 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2201 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2202 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2203 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2204 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2205 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2206 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2207 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2208 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2209 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2210 nla_put_msecs(skb, NDTPA_LOCKTIME, 2211 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2212 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2213 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2214 goto nla_put_failure; 2215 return nla_nest_end(skb, nest); 2216 2217 nla_put_failure: 2218 nla_nest_cancel(skb, nest); 2219 return -EMSGSIZE; 2220 } 2221 2222 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2223 u32 pid, u32 seq, int type, int flags) 2224 { 2225 struct nlmsghdr *nlh; 2226 struct ndtmsg *ndtmsg; 2227 2228 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2229 if (nlh == NULL) 2230 return -EMSGSIZE; 2231 2232 ndtmsg = nlmsg_data(nlh); 2233 ndtmsg->ndtm_family = tbl->family; 2234 ndtmsg->ndtm_pad1 = 0; 2235 ndtmsg->ndtm_pad2 = 0; 2236 2237 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2238 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2239 NDTA_PAD) || 2240 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2241 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2242 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2243 goto nla_put_failure; 2244 { 2245 unsigned long now = jiffies; 2246 long flush_delta = now - READ_ONCE(tbl->last_flush); 2247 long rand_delta = now - READ_ONCE(tbl->last_rand); 2248 struct neigh_hash_table *nht; 2249 struct ndt_config ndc = { 2250 .ndtc_key_len = tbl->key_len, 2251 .ndtc_entry_size = tbl->entry_size, 2252 .ndtc_entries = atomic_read(&tbl->entries), 2253 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2254 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2255 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2256 }; 2257 2258 nht = rcu_dereference(tbl->nht); 2259 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2260 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2261 2262 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2263 goto nla_put_failure; 2264 } 2265 2266 { 2267 int cpu; 2268 struct ndt_stats ndst; 2269 2270 memset(&ndst, 0, sizeof(ndst)); 2271 2272 for_each_possible_cpu(cpu) { 2273 struct neigh_statistics *st; 2274 2275 st = per_cpu_ptr(tbl->stats, cpu); 2276 ndst.ndts_allocs += READ_ONCE(st->allocs); 2277 ndst.ndts_destroys += READ_ONCE(st->destroys); 2278 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2279 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2280 ndst.ndts_lookups += READ_ONCE(st->lookups); 2281 ndst.ndts_hits += READ_ONCE(st->hits); 2282 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2283 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2284 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2285 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2286 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2287 } 2288 2289 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2290 NDTA_PAD)) 2291 goto nla_put_failure; 2292 } 2293 2294 BUG_ON(tbl->parms.dev); 2295 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2296 goto nla_put_failure; 2297 2298 nlmsg_end(skb, nlh); 2299 return 0; 2300 2301 nla_put_failure: 2302 nlmsg_cancel(skb, nlh); 2303 return -EMSGSIZE; 2304 } 2305 2306 static int neightbl_fill_param_info(struct sk_buff *skb, 2307 struct neigh_table *tbl, 2308 struct neigh_parms *parms, 2309 u32 pid, u32 seq, int type, 2310 unsigned int flags) 2311 { 2312 struct ndtmsg *ndtmsg; 2313 struct nlmsghdr *nlh; 2314 2315 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2316 if (nlh == NULL) 2317 return -EMSGSIZE; 2318 2319 ndtmsg = nlmsg_data(nlh); 2320 ndtmsg->ndtm_family = tbl->family; 2321 ndtmsg->ndtm_pad1 = 0; 2322 ndtmsg->ndtm_pad2 = 0; 2323 2324 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2325 neightbl_fill_parms(skb, parms) < 0) 2326 goto errout; 2327 2328 nlmsg_end(skb, nlh); 2329 return 0; 2330 errout: 2331 nlmsg_cancel(skb, nlh); 2332 return -EMSGSIZE; 2333 } 2334 2335 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2336 [NDTA_NAME] = { .type = NLA_STRING }, 2337 [NDTA_THRESH1] = { .type = NLA_U32 }, 2338 [NDTA_THRESH2] = { .type = NLA_U32 }, 2339 [NDTA_THRESH3] = { .type = NLA_U32 }, 2340 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2341 [NDTA_PARMS] = { .type = NLA_NESTED }, 2342 }; 2343 2344 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2345 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2346 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2347 [NDTPA_QUEUE_LENBYTES] = { .type = NLA_U32 }, 2348 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2349 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2350 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2351 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2352 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2353 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2354 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2355 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2356 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2357 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2358 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2359 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2360 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2361 }; 2362 2363 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2364 struct netlink_ext_ack *extack) 2365 { 2366 struct net *net = sock_net(skb->sk); 2367 struct nlattr *tb[NDTA_MAX + 1]; 2368 struct neigh_table *tbl; 2369 struct ndtmsg *ndtmsg; 2370 bool found = false; 2371 int err, tidx; 2372 2373 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2374 nl_neightbl_policy, extack); 2375 if (err < 0) 2376 goto errout; 2377 2378 if (tb[NDTA_NAME] == NULL) { 2379 err = -EINVAL; 2380 goto errout; 2381 } 2382 2383 ndtmsg = nlmsg_data(nlh); 2384 2385 rcu_read_lock(); 2386 2387 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2388 tbl = rcu_dereference(neigh_tables[tidx]); 2389 if (!tbl) 2390 continue; 2391 2392 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2393 continue; 2394 2395 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2396 found = true; 2397 break; 2398 } 2399 } 2400 2401 if (!found) { 2402 rcu_read_unlock(); 2403 err = -ENOENT; 2404 goto errout; 2405 } 2406 2407 /* 2408 * We acquire tbl->lock to be nice to the periodic timers and 2409 * make sure they always see a consistent set of values. 2410 */ 2411 spin_lock_bh(&tbl->lock); 2412 2413 if (tb[NDTA_PARMS]) { 2414 struct nlattr *tbp[NDTPA_MAX+1]; 2415 struct neigh_parms *p; 2416 int i, ifindex = 0; 2417 2418 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2419 tb[NDTA_PARMS], 2420 nl_ntbl_parm_policy, extack); 2421 if (err < 0) 2422 goto errout_tbl_lock; 2423 2424 if (tbp[NDTPA_IFINDEX]) 2425 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2426 2427 p = lookup_neigh_parms(tbl, net, ifindex); 2428 if (p == NULL) { 2429 err = -ENOENT; 2430 goto errout_tbl_lock; 2431 } 2432 2433 for (i = 1; i <= NDTPA_MAX; i++) { 2434 if (tbp[i] == NULL) 2435 continue; 2436 2437 switch (i) { 2438 case NDTPA_QUEUE_LEN: 2439 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2440 nla_get_u32(tbp[i]) * 2441 SKB_TRUESIZE(ETH_FRAME_LEN)); 2442 break; 2443 case NDTPA_QUEUE_LENBYTES: 2444 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2445 nla_get_u32(tbp[i])); 2446 break; 2447 case NDTPA_PROXY_QLEN: 2448 NEIGH_VAR_SET(p, PROXY_QLEN, 2449 nla_get_u32(tbp[i])); 2450 break; 2451 case NDTPA_APP_PROBES: 2452 NEIGH_VAR_SET(p, APP_PROBES, 2453 nla_get_u32(tbp[i])); 2454 break; 2455 case NDTPA_UCAST_PROBES: 2456 NEIGH_VAR_SET(p, UCAST_PROBES, 2457 nla_get_u32(tbp[i])); 2458 break; 2459 case NDTPA_MCAST_PROBES: 2460 NEIGH_VAR_SET(p, MCAST_PROBES, 2461 nla_get_u32(tbp[i])); 2462 break; 2463 case NDTPA_MCAST_REPROBES: 2464 NEIGH_VAR_SET(p, MCAST_REPROBES, 2465 nla_get_u32(tbp[i])); 2466 break; 2467 case NDTPA_BASE_REACHABLE_TIME: 2468 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2469 nla_get_msecs(tbp[i])); 2470 /* update reachable_time as well, otherwise, the change will 2471 * only be effective after the next time neigh_periodic_work 2472 * decides to recompute it (can be multiple minutes) 2473 */ 2474 neigh_set_reach_time(p); 2475 break; 2476 case NDTPA_GC_STALETIME: 2477 NEIGH_VAR_SET(p, GC_STALETIME, 2478 nla_get_msecs(tbp[i])); 2479 break; 2480 case NDTPA_DELAY_PROBE_TIME: 2481 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2482 nla_get_msecs(tbp[i])); 2483 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2484 break; 2485 case NDTPA_INTERVAL_PROBE_TIME_MS: 2486 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2487 nla_get_msecs(tbp[i])); 2488 break; 2489 case NDTPA_RETRANS_TIME: 2490 NEIGH_VAR_SET(p, RETRANS_TIME, 2491 nla_get_msecs(tbp[i])); 2492 break; 2493 case NDTPA_ANYCAST_DELAY: 2494 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2495 nla_get_msecs(tbp[i])); 2496 break; 2497 case NDTPA_PROXY_DELAY: 2498 NEIGH_VAR_SET(p, PROXY_DELAY, 2499 nla_get_msecs(tbp[i])); 2500 break; 2501 case NDTPA_LOCKTIME: 2502 NEIGH_VAR_SET(p, LOCKTIME, 2503 nla_get_msecs(tbp[i])); 2504 break; 2505 } 2506 } 2507 } 2508 2509 err = -ENOENT; 2510 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2511 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2512 !net_eq(net, &init_net)) 2513 goto errout_tbl_lock; 2514 2515 if (tb[NDTA_THRESH1]) 2516 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2517 2518 if (tb[NDTA_THRESH2]) 2519 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2520 2521 if (tb[NDTA_THRESH3]) 2522 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2523 2524 if (tb[NDTA_GC_INTERVAL]) 2525 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2526 2527 err = 0; 2528 2529 errout_tbl_lock: 2530 spin_unlock_bh(&tbl->lock); 2531 rcu_read_unlock(); 2532 errout: 2533 return err; 2534 } 2535 2536 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2537 struct netlink_ext_ack *extack) 2538 { 2539 struct ndtmsg *ndtm; 2540 2541 ndtm = nlmsg_payload(nlh, sizeof(*ndtm)); 2542 if (!ndtm) { 2543 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2544 return -EINVAL; 2545 } 2546 2547 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2548 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2549 return -EINVAL; 2550 } 2551 2552 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2553 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2554 return -EINVAL; 2555 } 2556 2557 return 0; 2558 } 2559 2560 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2561 { 2562 const struct nlmsghdr *nlh = cb->nlh; 2563 struct net *net = sock_net(skb->sk); 2564 int family, tidx, nidx = 0; 2565 int tbl_skip = cb->args[0]; 2566 int neigh_skip = cb->args[1]; 2567 struct neigh_table *tbl; 2568 2569 if (cb->strict_check) { 2570 int err = neightbl_valid_dump_info(nlh, cb->extack); 2571 2572 if (err < 0) 2573 return err; 2574 } 2575 2576 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2577 2578 rcu_read_lock(); 2579 2580 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2581 struct neigh_parms *p; 2582 2583 tbl = rcu_dereference(neigh_tables[tidx]); 2584 if (!tbl) 2585 continue; 2586 2587 if (tidx < tbl_skip || (family && tbl->family != family)) 2588 continue; 2589 2590 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2591 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2592 NLM_F_MULTI) < 0) 2593 break; 2594 2595 nidx = 0; 2596 p = list_next_entry(&tbl->parms, list); 2597 list_for_each_entry_from_rcu(p, &tbl->parms_list, list) { 2598 if (!net_eq(neigh_parms_net(p), net)) 2599 continue; 2600 2601 if (nidx < neigh_skip) 2602 goto next; 2603 2604 if (neightbl_fill_param_info(skb, tbl, p, 2605 NETLINK_CB(cb->skb).portid, 2606 nlh->nlmsg_seq, 2607 RTM_NEWNEIGHTBL, 2608 NLM_F_MULTI) < 0) 2609 goto out; 2610 next: 2611 nidx++; 2612 } 2613 2614 neigh_skip = 0; 2615 } 2616 out: 2617 rcu_read_unlock(); 2618 2619 cb->args[0] = tidx; 2620 cb->args[1] = nidx; 2621 2622 return skb->len; 2623 } 2624 2625 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2626 u32 pid, u32 seq, int type, unsigned int flags) 2627 { 2628 u32 neigh_flags, neigh_flags_ext; 2629 unsigned long now = jiffies; 2630 struct nda_cacheinfo ci; 2631 struct nlmsghdr *nlh; 2632 struct ndmsg *ndm; 2633 2634 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2635 if (nlh == NULL) 2636 return -EMSGSIZE; 2637 2638 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2639 neigh_flags = neigh->flags & NTF_OLD_MASK; 2640 2641 ndm = nlmsg_data(nlh); 2642 ndm->ndm_family = neigh->ops->family; 2643 ndm->ndm_pad1 = 0; 2644 ndm->ndm_pad2 = 0; 2645 ndm->ndm_flags = neigh_flags; 2646 ndm->ndm_type = neigh->type; 2647 ndm->ndm_ifindex = neigh->dev->ifindex; 2648 2649 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2650 goto nla_put_failure; 2651 2652 read_lock_bh(&neigh->lock); 2653 ndm->ndm_state = neigh->nud_state; 2654 if (neigh->nud_state & NUD_VALID) { 2655 char haddr[MAX_ADDR_LEN]; 2656 2657 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2658 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2659 read_unlock_bh(&neigh->lock); 2660 goto nla_put_failure; 2661 } 2662 } 2663 2664 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2665 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2666 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2667 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2668 read_unlock_bh(&neigh->lock); 2669 2670 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2671 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2672 goto nla_put_failure; 2673 2674 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2675 goto nla_put_failure; 2676 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2677 goto nla_put_failure; 2678 2679 nlmsg_end(skb, nlh); 2680 return 0; 2681 2682 nla_put_failure: 2683 nlmsg_cancel(skb, nlh); 2684 return -EMSGSIZE; 2685 } 2686 2687 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2688 u32 pid, u32 seq, int type, unsigned int flags, 2689 struct neigh_table *tbl) 2690 { 2691 u32 neigh_flags, neigh_flags_ext; 2692 struct nlmsghdr *nlh; 2693 struct ndmsg *ndm; 2694 u8 protocol; 2695 2696 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2697 if (nlh == NULL) 2698 return -EMSGSIZE; 2699 2700 neigh_flags = READ_ONCE(pn->flags); 2701 neigh_flags_ext = neigh_flags >> NTF_EXT_SHIFT; 2702 neigh_flags &= NTF_OLD_MASK; 2703 2704 ndm = nlmsg_data(nlh); 2705 ndm->ndm_family = tbl->family; 2706 ndm->ndm_pad1 = 0; 2707 ndm->ndm_pad2 = 0; 2708 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2709 ndm->ndm_type = RTN_UNICAST; 2710 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2711 ndm->ndm_state = NUD_NONE; 2712 2713 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2714 goto nla_put_failure; 2715 2716 protocol = READ_ONCE(pn->protocol); 2717 if (protocol && nla_put_u8(skb, NDA_PROTOCOL, protocol)) 2718 goto nla_put_failure; 2719 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2720 goto nla_put_failure; 2721 2722 nlmsg_end(skb, nlh); 2723 return 0; 2724 2725 nla_put_failure: 2726 nlmsg_cancel(skb, nlh); 2727 return -EMSGSIZE; 2728 } 2729 2730 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2731 { 2732 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2733 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2734 } 2735 2736 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2737 { 2738 struct net_device *master; 2739 2740 if (!master_idx) 2741 return false; 2742 2743 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2744 2745 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2746 * invalid value for ifindex to denote "no master". 2747 */ 2748 if (master_idx == -1) 2749 return !!master; 2750 2751 if (!master || master->ifindex != master_idx) 2752 return true; 2753 2754 return false; 2755 } 2756 2757 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2758 { 2759 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2760 return true; 2761 2762 return false; 2763 } 2764 2765 struct neigh_dump_filter { 2766 int master_idx; 2767 int dev_idx; 2768 }; 2769 2770 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2771 struct netlink_callback *cb, 2772 struct neigh_dump_filter *filter) 2773 { 2774 struct net *net = sock_net(skb->sk); 2775 struct neighbour *n; 2776 int err = 0, h, s_h = cb->args[1]; 2777 int idx, s_idx = idx = cb->args[2]; 2778 struct neigh_hash_table *nht; 2779 unsigned int flags = NLM_F_MULTI; 2780 2781 if (filter->dev_idx || filter->master_idx) 2782 flags |= NLM_F_DUMP_FILTERED; 2783 2784 nht = rcu_dereference(tbl->nht); 2785 2786 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2787 if (h > s_h) 2788 s_idx = 0; 2789 idx = 0; 2790 neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) { 2791 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2792 goto next; 2793 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2794 neigh_master_filtered(n->dev, filter->master_idx)) 2795 goto next; 2796 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2797 cb->nlh->nlmsg_seq, 2798 RTM_NEWNEIGH, flags); 2799 if (err < 0) 2800 goto out; 2801 next: 2802 idx++; 2803 } 2804 } 2805 out: 2806 cb->args[1] = h; 2807 cb->args[2] = idx; 2808 return err; 2809 } 2810 2811 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2812 struct netlink_callback *cb, 2813 struct neigh_dump_filter *filter) 2814 { 2815 struct pneigh_entry *n; 2816 struct net *net = sock_net(skb->sk); 2817 int err = 0, h, s_h = cb->args[3]; 2818 int idx, s_idx = idx = cb->args[4]; 2819 unsigned int flags = NLM_F_MULTI; 2820 2821 if (filter->dev_idx || filter->master_idx) 2822 flags |= NLM_F_DUMP_FILTERED; 2823 2824 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2825 if (h > s_h) 2826 s_idx = 0; 2827 for (n = rcu_dereference(tbl->phash_buckets[h]), idx = 0; 2828 n; 2829 n = rcu_dereference(n->next)) { 2830 if (idx < s_idx || pneigh_net(n) != net) 2831 goto next; 2832 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2833 neigh_master_filtered(n->dev, filter->master_idx)) 2834 goto next; 2835 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2836 cb->nlh->nlmsg_seq, 2837 RTM_NEWNEIGH, flags, tbl); 2838 if (err < 0) 2839 goto out; 2840 next: 2841 idx++; 2842 } 2843 } 2844 2845 out: 2846 cb->args[3] = h; 2847 cb->args[4] = idx; 2848 return err; 2849 } 2850 2851 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2852 bool strict_check, 2853 struct neigh_dump_filter *filter, 2854 struct netlink_ext_ack *extack) 2855 { 2856 struct nlattr *tb[NDA_MAX + 1]; 2857 int err, i; 2858 2859 if (strict_check) { 2860 struct ndmsg *ndm; 2861 2862 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2863 if (!ndm) { 2864 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2865 return -EINVAL; 2866 } 2867 2868 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2869 ndm->ndm_state || ndm->ndm_type) { 2870 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2871 return -EINVAL; 2872 } 2873 2874 if (ndm->ndm_flags & ~NTF_PROXY) { 2875 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2876 return -EINVAL; 2877 } 2878 2879 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2880 tb, NDA_MAX, nda_policy, 2881 extack); 2882 } else { 2883 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2884 NDA_MAX, nda_policy, extack); 2885 } 2886 if (err < 0) 2887 return err; 2888 2889 for (i = 0; i <= NDA_MAX; ++i) { 2890 if (!tb[i]) 2891 continue; 2892 2893 /* all new attributes should require strict_check */ 2894 switch (i) { 2895 case NDA_IFINDEX: 2896 filter->dev_idx = nla_get_u32(tb[i]); 2897 break; 2898 case NDA_MASTER: 2899 filter->master_idx = nla_get_u32(tb[i]); 2900 break; 2901 default: 2902 if (strict_check) { 2903 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2904 return -EINVAL; 2905 } 2906 } 2907 } 2908 2909 return 0; 2910 } 2911 2912 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2913 { 2914 const struct nlmsghdr *nlh = cb->nlh; 2915 struct neigh_dump_filter filter = {}; 2916 struct neigh_table *tbl; 2917 int t, family, s_t; 2918 int proxy = 0; 2919 int err; 2920 2921 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2922 2923 /* check for full ndmsg structure presence, family member is 2924 * the same for both structures 2925 */ 2926 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2927 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2928 proxy = 1; 2929 2930 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2931 if (err < 0 && cb->strict_check) 2932 return err; 2933 err = 0; 2934 2935 s_t = cb->args[0]; 2936 2937 rcu_read_lock(); 2938 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2939 tbl = rcu_dereference(neigh_tables[t]); 2940 2941 if (!tbl) 2942 continue; 2943 if (t < s_t || (family && tbl->family != family)) 2944 continue; 2945 if (t > s_t) 2946 memset(&cb->args[1], 0, sizeof(cb->args) - 2947 sizeof(cb->args[0])); 2948 if (proxy) 2949 err = pneigh_dump_table(tbl, skb, cb, &filter); 2950 else 2951 err = neigh_dump_table(tbl, skb, cb, &filter); 2952 if (err < 0) 2953 break; 2954 } 2955 rcu_read_unlock(); 2956 2957 cb->args[0] = t; 2958 return err; 2959 } 2960 2961 static struct ndmsg *neigh_valid_get_req(const struct nlmsghdr *nlh, 2962 struct nlattr **tb, 2963 struct netlink_ext_ack *extack) 2964 { 2965 struct ndmsg *ndm; 2966 int err, i; 2967 2968 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2969 if (!ndm) { 2970 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2971 return ERR_PTR(-EINVAL); 2972 } 2973 2974 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2975 ndm->ndm_type) { 2976 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2977 return ERR_PTR(-EINVAL); 2978 } 2979 2980 if (ndm->ndm_flags & ~NTF_PROXY) { 2981 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2982 return ERR_PTR(-EINVAL); 2983 } 2984 2985 if (!(ndm->ndm_flags & NTF_PROXY) && !ndm->ndm_ifindex) { 2986 NL_SET_ERR_MSG(extack, "No device specified"); 2987 return ERR_PTR(-EINVAL); 2988 } 2989 2990 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2991 NDA_MAX, nda_policy, extack); 2992 if (err < 0) 2993 return ERR_PTR(err); 2994 2995 for (i = 0; i <= NDA_MAX; ++i) { 2996 switch (i) { 2997 case NDA_DST: 2998 if (!tb[i]) { 2999 NL_SET_ERR_ATTR_MISS(extack, NULL, NDA_DST); 3000 return ERR_PTR(-EINVAL); 3001 } 3002 break; 3003 default: 3004 if (!tb[i]) 3005 continue; 3006 3007 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 3008 return ERR_PTR(-EINVAL); 3009 } 3010 } 3011 3012 return ndm; 3013 } 3014 3015 static inline size_t neigh_nlmsg_size(void) 3016 { 3017 return NLMSG_ALIGN(sizeof(struct ndmsg)) 3018 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 3019 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 3020 + nla_total_size(sizeof(struct nda_cacheinfo)) 3021 + nla_total_size(4) /* NDA_PROBES */ 3022 + nla_total_size(4) /* NDA_FLAGS_EXT */ 3023 + nla_total_size(1); /* NDA_PROTOCOL */ 3024 } 3025 3026 static inline size_t pneigh_nlmsg_size(void) 3027 { 3028 return NLMSG_ALIGN(sizeof(struct ndmsg)) 3029 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 3030 + nla_total_size(4) /* NDA_FLAGS_EXT */ 3031 + nla_total_size(1); /* NDA_PROTOCOL */ 3032 } 3033 3034 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3035 struct netlink_ext_ack *extack) 3036 { 3037 struct net *net = sock_net(in_skb->sk); 3038 u32 pid = NETLINK_CB(in_skb).portid; 3039 struct nlattr *tb[NDA_MAX + 1]; 3040 struct net_device *dev = NULL; 3041 u32 seq = nlh->nlmsg_seq; 3042 struct neigh_table *tbl; 3043 struct neighbour *neigh; 3044 struct sk_buff *skb; 3045 struct ndmsg *ndm; 3046 void *dst; 3047 int err; 3048 3049 ndm = neigh_valid_get_req(nlh, tb, extack); 3050 if (IS_ERR(ndm)) 3051 return PTR_ERR(ndm); 3052 3053 if (ndm->ndm_flags & NTF_PROXY) 3054 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 3055 else 3056 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3057 if (!skb) 3058 return -ENOBUFS; 3059 3060 rcu_read_lock(); 3061 3062 tbl = neigh_find_table(ndm->ndm_family); 3063 if (!tbl) { 3064 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 3065 err = -EAFNOSUPPORT; 3066 goto err_unlock; 3067 } 3068 3069 if (nla_len(tb[NDA_DST]) != (int)tbl->key_len) { 3070 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 3071 err = -EINVAL; 3072 goto err_unlock; 3073 } 3074 3075 dst = nla_data(tb[NDA_DST]); 3076 3077 if (ndm->ndm_ifindex) { 3078 dev = dev_get_by_index_rcu(net, ndm->ndm_ifindex); 3079 if (!dev) { 3080 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3081 err = -ENODEV; 3082 goto err_unlock; 3083 } 3084 } 3085 3086 if (ndm->ndm_flags & NTF_PROXY) { 3087 struct pneigh_entry *pn; 3088 3089 pn = pneigh_lookup(tbl, net, dst, dev); 3090 if (!pn) { 3091 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3092 err = -ENOENT; 3093 goto err_unlock; 3094 } 3095 3096 err = pneigh_fill_info(skb, pn, pid, seq, RTM_NEWNEIGH, 0, tbl); 3097 if (err) 3098 goto err_unlock; 3099 } else { 3100 neigh = neigh_lookup(tbl, dst, dev); 3101 if (!neigh) { 3102 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3103 err = -ENOENT; 3104 goto err_unlock; 3105 } 3106 3107 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 3108 neigh_release(neigh); 3109 if (err) 3110 goto err_unlock; 3111 } 3112 3113 rcu_read_unlock(); 3114 3115 return rtnl_unicast(skb, net, pid); 3116 err_unlock: 3117 rcu_read_unlock(); 3118 kfree_skb(skb); 3119 return err; 3120 } 3121 3122 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3123 { 3124 int chain; 3125 struct neigh_hash_table *nht; 3126 3127 rcu_read_lock(); 3128 nht = rcu_dereference(tbl->nht); 3129 3130 spin_lock_bh(&tbl->lock); /* avoid resizes */ 3131 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3132 struct neighbour *n; 3133 3134 neigh_for_each_in_bucket(n, &nht->hash_heads[chain]) 3135 cb(n, cookie); 3136 } 3137 spin_unlock_bh(&tbl->lock); 3138 rcu_read_unlock(); 3139 } 3140 EXPORT_SYMBOL(neigh_for_each); 3141 3142 /* The tbl->lock must be held as a writer and BH disabled. */ 3143 void __neigh_for_each_release(struct neigh_table *tbl, 3144 int (*cb)(struct neighbour *)) 3145 { 3146 struct neigh_hash_table *nht; 3147 int chain; 3148 3149 nht = rcu_dereference_protected(tbl->nht, 3150 lockdep_is_held(&tbl->lock)); 3151 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3152 struct hlist_node *tmp; 3153 struct neighbour *n; 3154 3155 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) { 3156 int release; 3157 3158 write_lock(&n->lock); 3159 release = cb(n); 3160 if (release) { 3161 hlist_del_rcu(&n->hash); 3162 hlist_del_rcu(&n->dev_list); 3163 neigh_mark_dead(n); 3164 } 3165 write_unlock(&n->lock); 3166 if (release) 3167 neigh_cleanup_and_release(n); 3168 } 3169 } 3170 } 3171 EXPORT_SYMBOL(__neigh_for_each_release); 3172 3173 int neigh_xmit(int index, struct net_device *dev, 3174 const void *addr, struct sk_buff *skb) 3175 { 3176 int err = -EAFNOSUPPORT; 3177 3178 if (likely(index < NEIGH_NR_TABLES)) { 3179 struct neigh_table *tbl; 3180 struct neighbour *neigh; 3181 3182 rcu_read_lock(); 3183 tbl = rcu_dereference(neigh_tables[index]); 3184 if (!tbl) 3185 goto out_unlock; 3186 if (index == NEIGH_ARP_TABLE) { 3187 u32 key = *((u32 *)addr); 3188 3189 neigh = __ipv4_neigh_lookup_noref(dev, key); 3190 } else { 3191 neigh = __neigh_lookup_noref(tbl, addr, dev); 3192 } 3193 if (!neigh) 3194 neigh = __neigh_create(tbl, addr, dev, false); 3195 err = PTR_ERR(neigh); 3196 if (IS_ERR(neigh)) { 3197 rcu_read_unlock(); 3198 goto out_kfree_skb; 3199 } 3200 err = READ_ONCE(neigh->output)(neigh, skb); 3201 out_unlock: 3202 rcu_read_unlock(); 3203 } 3204 else if (index == NEIGH_LINK_TABLE) { 3205 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3206 addr, NULL, skb->len); 3207 if (err < 0) 3208 goto out_kfree_skb; 3209 err = dev_queue_xmit(skb); 3210 } 3211 out: 3212 return err; 3213 out_kfree_skb: 3214 kfree_skb(skb); 3215 goto out; 3216 } 3217 EXPORT_SYMBOL(neigh_xmit); 3218 3219 #ifdef CONFIG_PROC_FS 3220 3221 static struct neighbour *neigh_get_valid(struct seq_file *seq, 3222 struct neighbour *n, 3223 loff_t *pos) 3224 { 3225 struct neigh_seq_state *state = seq->private; 3226 struct net *net = seq_file_net(seq); 3227 3228 if (!net_eq(dev_net(n->dev), net)) 3229 return NULL; 3230 3231 if (state->neigh_sub_iter) { 3232 loff_t fakep = 0; 3233 void *v; 3234 3235 v = state->neigh_sub_iter(state, n, pos ? pos : &fakep); 3236 if (!v) 3237 return NULL; 3238 if (pos) 3239 return v; 3240 } 3241 3242 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3243 return n; 3244 3245 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3246 return n; 3247 3248 return NULL; 3249 } 3250 3251 static struct neighbour *neigh_get_first(struct seq_file *seq) 3252 { 3253 struct neigh_seq_state *state = seq->private; 3254 struct neigh_hash_table *nht = state->nht; 3255 struct neighbour *n, *tmp; 3256 3257 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3258 3259 while (++state->bucket < (1 << nht->hash_shift)) { 3260 neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) { 3261 tmp = neigh_get_valid(seq, n, NULL); 3262 if (tmp) 3263 return tmp; 3264 } 3265 } 3266 3267 return NULL; 3268 } 3269 3270 static struct neighbour *neigh_get_next(struct seq_file *seq, 3271 struct neighbour *n, 3272 loff_t *pos) 3273 { 3274 struct neigh_seq_state *state = seq->private; 3275 struct neighbour *tmp; 3276 3277 if (state->neigh_sub_iter) { 3278 void *v = state->neigh_sub_iter(state, n, pos); 3279 3280 if (v) 3281 return n; 3282 } 3283 3284 hlist_for_each_entry_continue(n, hash) { 3285 tmp = neigh_get_valid(seq, n, pos); 3286 if (tmp) { 3287 n = tmp; 3288 goto out; 3289 } 3290 } 3291 3292 n = neigh_get_first(seq); 3293 out: 3294 if (n && pos) 3295 --(*pos); 3296 3297 return n; 3298 } 3299 3300 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3301 { 3302 struct neighbour *n = neigh_get_first(seq); 3303 3304 if (n) { 3305 --(*pos); 3306 while (*pos) { 3307 n = neigh_get_next(seq, n, pos); 3308 if (!n) 3309 break; 3310 } 3311 } 3312 return *pos ? NULL : n; 3313 } 3314 3315 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3316 { 3317 struct neigh_seq_state *state = seq->private; 3318 struct net *net = seq_file_net(seq); 3319 struct neigh_table *tbl = state->tbl; 3320 struct pneigh_entry *pn = NULL; 3321 int bucket; 3322 3323 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3324 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3325 pn = rcu_dereference(tbl->phash_buckets[bucket]); 3326 3327 while (pn && !net_eq(pneigh_net(pn), net)) 3328 pn = rcu_dereference(pn->next); 3329 if (pn) 3330 break; 3331 } 3332 state->bucket = bucket; 3333 3334 return pn; 3335 } 3336 3337 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3338 struct pneigh_entry *pn, 3339 loff_t *pos) 3340 { 3341 struct neigh_seq_state *state = seq->private; 3342 struct net *net = seq_file_net(seq); 3343 struct neigh_table *tbl = state->tbl; 3344 3345 do { 3346 pn = rcu_dereference(pn->next); 3347 } while (pn && !net_eq(pneigh_net(pn), net)); 3348 3349 while (!pn) { 3350 if (++state->bucket > PNEIGH_HASHMASK) 3351 break; 3352 3353 pn = rcu_dereference(tbl->phash_buckets[state->bucket]); 3354 3355 while (pn && !net_eq(pneigh_net(pn), net)) 3356 pn = rcu_dereference(pn->next); 3357 if (pn) 3358 break; 3359 } 3360 3361 if (pn && pos) 3362 --(*pos); 3363 3364 return pn; 3365 } 3366 3367 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3368 { 3369 struct pneigh_entry *pn = pneigh_get_first(seq); 3370 3371 if (pn) { 3372 --(*pos); 3373 while (*pos) { 3374 pn = pneigh_get_next(seq, pn, pos); 3375 if (!pn) 3376 break; 3377 } 3378 } 3379 return *pos ? NULL : pn; 3380 } 3381 3382 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3383 { 3384 struct neigh_seq_state *state = seq->private; 3385 void *rc; 3386 loff_t idxpos = *pos; 3387 3388 rc = neigh_get_idx(seq, &idxpos); 3389 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3390 rc = pneigh_get_idx(seq, &idxpos); 3391 3392 return rc; 3393 } 3394 3395 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3396 __acquires(tbl->lock) 3397 __acquires(rcu) 3398 { 3399 struct neigh_seq_state *state = seq->private; 3400 3401 state->tbl = tbl; 3402 state->bucket = -1; 3403 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3404 3405 rcu_read_lock(); 3406 state->nht = rcu_dereference(tbl->nht); 3407 spin_lock_bh(&tbl->lock); 3408 3409 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3410 } 3411 EXPORT_SYMBOL(neigh_seq_start); 3412 3413 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3414 { 3415 struct neigh_seq_state *state; 3416 void *rc; 3417 3418 if (v == SEQ_START_TOKEN) { 3419 rc = neigh_get_first(seq); 3420 goto out; 3421 } 3422 3423 state = seq->private; 3424 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3425 rc = neigh_get_next(seq, v, NULL); 3426 if (rc) 3427 goto out; 3428 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3429 rc = pneigh_get_first(seq); 3430 } else { 3431 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3432 rc = pneigh_get_next(seq, v, NULL); 3433 } 3434 out: 3435 ++(*pos); 3436 return rc; 3437 } 3438 EXPORT_SYMBOL(neigh_seq_next); 3439 3440 void neigh_seq_stop(struct seq_file *seq, void *v) 3441 __releases(tbl->lock) 3442 __releases(rcu) 3443 { 3444 struct neigh_seq_state *state = seq->private; 3445 struct neigh_table *tbl = state->tbl; 3446 3447 spin_unlock_bh(&tbl->lock); 3448 rcu_read_unlock(); 3449 } 3450 EXPORT_SYMBOL(neigh_seq_stop); 3451 3452 /* statistics via seq_file */ 3453 3454 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3455 { 3456 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3457 int cpu; 3458 3459 if (*pos == 0) 3460 return SEQ_START_TOKEN; 3461 3462 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3463 if (!cpu_possible(cpu)) 3464 continue; 3465 *pos = cpu+1; 3466 return per_cpu_ptr(tbl->stats, cpu); 3467 } 3468 return NULL; 3469 } 3470 3471 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3472 { 3473 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3474 int cpu; 3475 3476 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3477 if (!cpu_possible(cpu)) 3478 continue; 3479 *pos = cpu+1; 3480 return per_cpu_ptr(tbl->stats, cpu); 3481 } 3482 (*pos)++; 3483 return NULL; 3484 } 3485 3486 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3487 { 3488 3489 } 3490 3491 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3492 { 3493 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3494 struct neigh_statistics *st = v; 3495 3496 if (v == SEQ_START_TOKEN) { 3497 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3498 return 0; 3499 } 3500 3501 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3502 "%08lx %08lx %08lx " 3503 "%08lx %08lx %08lx\n", 3504 atomic_read(&tbl->entries), 3505 3506 st->allocs, 3507 st->destroys, 3508 st->hash_grows, 3509 3510 st->lookups, 3511 st->hits, 3512 3513 st->res_failed, 3514 3515 st->rcv_probes_mcast, 3516 st->rcv_probes_ucast, 3517 3518 st->periodic_gc_runs, 3519 st->forced_gc_runs, 3520 st->unres_discards, 3521 st->table_fulls 3522 ); 3523 3524 return 0; 3525 } 3526 3527 static const struct seq_operations neigh_stat_seq_ops = { 3528 .start = neigh_stat_seq_start, 3529 .next = neigh_stat_seq_next, 3530 .stop = neigh_stat_seq_stop, 3531 .show = neigh_stat_seq_show, 3532 }; 3533 #endif /* CONFIG_PROC_FS */ 3534 3535 static void __neigh_notify(struct neighbour *n, int type, int flags, 3536 u32 pid) 3537 { 3538 struct sk_buff *skb; 3539 int err = -ENOBUFS; 3540 struct net *net; 3541 3542 rcu_read_lock(); 3543 net = dev_net_rcu(n->dev); 3544 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3545 if (skb == NULL) 3546 goto errout; 3547 3548 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3549 if (err < 0) { 3550 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3551 WARN_ON(err == -EMSGSIZE); 3552 kfree_skb(skb); 3553 goto errout; 3554 } 3555 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3556 goto out; 3557 errout: 3558 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3559 out: 3560 rcu_read_unlock(); 3561 } 3562 3563 void neigh_app_ns(struct neighbour *n) 3564 { 3565 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3566 } 3567 EXPORT_SYMBOL(neigh_app_ns); 3568 3569 #ifdef CONFIG_SYSCTL 3570 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3571 3572 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3573 void *buffer, size_t *lenp, loff_t *ppos) 3574 { 3575 int size, ret; 3576 struct ctl_table tmp = *ctl; 3577 3578 tmp.extra1 = SYSCTL_ZERO; 3579 tmp.extra2 = &unres_qlen_max; 3580 tmp.data = &size; 3581 3582 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3583 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3584 3585 if (write && !ret) 3586 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3587 return ret; 3588 } 3589 3590 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3591 int index) 3592 { 3593 struct net_device *dev; 3594 int family = neigh_parms_family(p); 3595 3596 rcu_read_lock(); 3597 for_each_netdev_rcu(net, dev) { 3598 struct neigh_parms *dst_p = 3599 neigh_get_dev_parms_rcu(dev, family); 3600 3601 if (dst_p && !test_bit(index, dst_p->data_state)) 3602 dst_p->data[index] = p->data[index]; 3603 } 3604 rcu_read_unlock(); 3605 } 3606 3607 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3608 { 3609 struct net_device *dev = ctl->extra1; 3610 struct neigh_parms *p = ctl->extra2; 3611 struct net *net = neigh_parms_net(p); 3612 int index = (int *) ctl->data - p->data; 3613 3614 if (!write) 3615 return; 3616 3617 set_bit(index, p->data_state); 3618 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3619 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3620 if (!dev) /* NULL dev means this is default value */ 3621 neigh_copy_dflt_parms(net, p, index); 3622 } 3623 3624 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3625 void *buffer, size_t *lenp, 3626 loff_t *ppos) 3627 { 3628 struct ctl_table tmp = *ctl; 3629 int ret; 3630 3631 tmp.extra1 = SYSCTL_ZERO; 3632 tmp.extra2 = SYSCTL_INT_MAX; 3633 3634 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3635 neigh_proc_update(ctl, write); 3636 return ret; 3637 } 3638 3639 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3640 void *buffer, size_t *lenp, loff_t *ppos) 3641 { 3642 struct ctl_table tmp = *ctl; 3643 int ret; 3644 3645 int min = msecs_to_jiffies(1); 3646 3647 tmp.extra1 = &min; 3648 tmp.extra2 = NULL; 3649 3650 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3651 neigh_proc_update(ctl, write); 3652 return ret; 3653 } 3654 3655 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3656 size_t *lenp, loff_t *ppos) 3657 { 3658 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3659 3660 neigh_proc_update(ctl, write); 3661 return ret; 3662 } 3663 EXPORT_SYMBOL(neigh_proc_dointvec); 3664 3665 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3666 size_t *lenp, loff_t *ppos) 3667 { 3668 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3669 3670 neigh_proc_update(ctl, write); 3671 return ret; 3672 } 3673 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3674 3675 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3676 void *buffer, size_t *lenp, 3677 loff_t *ppos) 3678 { 3679 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3680 3681 neigh_proc_update(ctl, write); 3682 return ret; 3683 } 3684 3685 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3686 void *buffer, size_t *lenp, loff_t *ppos) 3687 { 3688 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3689 3690 neigh_proc_update(ctl, write); 3691 return ret; 3692 } 3693 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3694 3695 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3696 void *buffer, size_t *lenp, 3697 loff_t *ppos) 3698 { 3699 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3700 3701 neigh_proc_update(ctl, write); 3702 return ret; 3703 } 3704 3705 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3706 void *buffer, size_t *lenp, 3707 loff_t *ppos) 3708 { 3709 struct neigh_parms *p = ctl->extra2; 3710 int ret; 3711 3712 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3713 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3714 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3715 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3716 else 3717 ret = -1; 3718 3719 if (write && ret == 0) { 3720 /* update reachable_time as well, otherwise, the change will 3721 * only be effective after the next time neigh_periodic_work 3722 * decides to recompute it 3723 */ 3724 neigh_set_reach_time(p); 3725 } 3726 return ret; 3727 } 3728 3729 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3730 (&((struct neigh_parms *) 0)->data[index]) 3731 3732 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3733 [NEIGH_VAR_ ## attr] = { \ 3734 .procname = name, \ 3735 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3736 .maxlen = sizeof(int), \ 3737 .mode = mval, \ 3738 .proc_handler = proc, \ 3739 } 3740 3741 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3742 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3743 3744 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3745 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3746 3747 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3748 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3749 3750 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3751 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3752 3753 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3754 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3755 3756 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3757 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3758 3759 static struct neigh_sysctl_table { 3760 struct ctl_table_header *sysctl_header; 3761 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3762 } neigh_sysctl_template __read_mostly = { 3763 .neigh_vars = { 3764 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3765 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3766 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3767 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3768 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3769 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3770 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3771 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3772 "interval_probe_time_ms"), 3773 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3774 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3775 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3776 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3777 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3778 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3779 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3780 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3781 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3782 [NEIGH_VAR_GC_INTERVAL] = { 3783 .procname = "gc_interval", 3784 .maxlen = sizeof(int), 3785 .mode = 0644, 3786 .proc_handler = proc_dointvec_jiffies, 3787 }, 3788 [NEIGH_VAR_GC_THRESH1] = { 3789 .procname = "gc_thresh1", 3790 .maxlen = sizeof(int), 3791 .mode = 0644, 3792 .extra1 = SYSCTL_ZERO, 3793 .extra2 = SYSCTL_INT_MAX, 3794 .proc_handler = proc_dointvec_minmax, 3795 }, 3796 [NEIGH_VAR_GC_THRESH2] = { 3797 .procname = "gc_thresh2", 3798 .maxlen = sizeof(int), 3799 .mode = 0644, 3800 .extra1 = SYSCTL_ZERO, 3801 .extra2 = SYSCTL_INT_MAX, 3802 .proc_handler = proc_dointvec_minmax, 3803 }, 3804 [NEIGH_VAR_GC_THRESH3] = { 3805 .procname = "gc_thresh3", 3806 .maxlen = sizeof(int), 3807 .mode = 0644, 3808 .extra1 = SYSCTL_ZERO, 3809 .extra2 = SYSCTL_INT_MAX, 3810 .proc_handler = proc_dointvec_minmax, 3811 }, 3812 }, 3813 }; 3814 3815 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3816 proc_handler *handler) 3817 { 3818 int i; 3819 struct neigh_sysctl_table *t; 3820 const char *dev_name_source; 3821 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3822 char *p_name; 3823 size_t neigh_vars_size; 3824 3825 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3826 if (!t) 3827 goto err; 3828 3829 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3830 t->neigh_vars[i].data += (long) p; 3831 t->neigh_vars[i].extra1 = dev; 3832 t->neigh_vars[i].extra2 = p; 3833 } 3834 3835 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3836 if (dev) { 3837 dev_name_source = dev->name; 3838 /* Terminate the table early */ 3839 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3840 } else { 3841 struct neigh_table *tbl = p->tbl; 3842 dev_name_source = "default"; 3843 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3844 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3845 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3846 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3847 } 3848 3849 if (handler) { 3850 /* RetransTime */ 3851 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3852 /* ReachableTime */ 3853 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3854 /* RetransTime (in milliseconds)*/ 3855 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3856 /* ReachableTime (in milliseconds) */ 3857 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3858 } else { 3859 /* Those handlers will update p->reachable_time after 3860 * base_reachable_time(_ms) is set to ensure the new timer starts being 3861 * applied after the next neighbour update instead of waiting for 3862 * neigh_periodic_work to update its value (can be multiple minutes) 3863 * So any handler that replaces them should do this as well 3864 */ 3865 /* ReachableTime */ 3866 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3867 neigh_proc_base_reachable_time; 3868 /* ReachableTime (in milliseconds) */ 3869 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3870 neigh_proc_base_reachable_time; 3871 } 3872 3873 switch (neigh_parms_family(p)) { 3874 case AF_INET: 3875 p_name = "ipv4"; 3876 break; 3877 case AF_INET6: 3878 p_name = "ipv6"; 3879 break; 3880 default: 3881 BUG(); 3882 } 3883 3884 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3885 p_name, dev_name_source); 3886 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3887 neigh_path, t->neigh_vars, 3888 neigh_vars_size); 3889 if (!t->sysctl_header) 3890 goto free; 3891 3892 p->sysctl_table = t; 3893 return 0; 3894 3895 free: 3896 kfree(t); 3897 err: 3898 return -ENOBUFS; 3899 } 3900 EXPORT_SYMBOL(neigh_sysctl_register); 3901 3902 void neigh_sysctl_unregister(struct neigh_parms *p) 3903 { 3904 if (p->sysctl_table) { 3905 struct neigh_sysctl_table *t = p->sysctl_table; 3906 p->sysctl_table = NULL; 3907 unregister_net_sysctl_table(t->sysctl_header); 3908 kfree(t); 3909 } 3910 } 3911 EXPORT_SYMBOL(neigh_sysctl_unregister); 3912 3913 #endif /* CONFIG_SYSCTL */ 3914 3915 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3916 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3917 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3918 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3919 .flags = RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED}, 3920 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info, 3921 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3922 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set, 3923 .flags = RTNL_FLAG_DOIT_UNLOCKED}, 3924 }; 3925 3926 static int __init neigh_init(void) 3927 { 3928 rtnl_register_many(neigh_rtnl_msg_handlers); 3929 return 0; 3930 } 3931 3932 subsys_initcall(neigh_init); 3933