1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* linux/net/ipv4/arp.c 3 * 4 * Copyright (C) 1994 by Florian La Roche 5 * 6 * This module implements the Address Resolution Protocol ARP (RFC 826), 7 * which is used to convert IP addresses (or in the future maybe other 8 * high-level addresses) into a low-level hardware address (like an Ethernet 9 * address). 10 * 11 * Fixes: 12 * Alan Cox : Removed the Ethernet assumptions in 13 * Florian's code 14 * Alan Cox : Fixed some small errors in the ARP 15 * logic 16 * Alan Cox : Allow >4K in /proc 17 * Alan Cox : Make ARP add its own protocol entry 18 * Ross Martin : Rewrote arp_rcv() and arp_get_info() 19 * Stephen Henson : Add AX25 support to arp_get_info() 20 * Alan Cox : Drop data when a device is downed. 21 * Alan Cox : Use init_timer(). 22 * Alan Cox : Double lock fixes. 23 * Martin Seine : Move the arphdr structure 24 * to if_arp.h for compatibility. 25 * with BSD based programs. 26 * Andrew Tridgell : Added ARP netmask code and 27 * re-arranged proxy handling. 28 * Alan Cox : Changed to use notifiers. 29 * Niibe Yutaka : Reply for this device or proxies only. 30 * Alan Cox : Don't proxy across hardware types! 31 * Jonathan Naylor : Added support for NET/ROM. 32 * Mike Shaver : RFC1122 checks. 33 * Jonathan Naylor : Only lookup the hardware address for 34 * the correct hardware type. 35 * Germano Caronni : Assorted subtle races. 36 * Craig Schlenter : Don't modify permanent entry 37 * during arp_rcv. 38 * Russ Nelson : Tidied up a few bits. 39 * Alexey Kuznetsov: Major changes to caching and behaviour, 40 * eg intelligent arp probing and 41 * generation 42 * of host down events. 43 * Alan Cox : Missing unlock in device events. 44 * Eckes : ARP ioctl control errors. 45 * Alexey Kuznetsov: Arp free fix. 46 * Manuel Rodriguez: Gratuitous ARP. 47 * Jonathan Layes : Added arpd support through kerneld 48 * message queue (960314) 49 * Mike Shaver : /proc/sys/net/ipv4/arp_* support 50 * Mike McLagan : Routing by source 51 * Stuart Cheshire : Metricom and grat arp fixes 52 * *** FOR 2.1 clean this up *** 53 * Lawrence V. Stefani: (08/12/96) Added FDDI support. 54 * Alan Cox : Took the AP1000 nasty FDDI hack and 55 * folded into the mainstream FDDI code. 56 * Ack spit, Linus how did you allow that 57 * one in... 58 * Jes Sorensen : Make FDDI work again in 2.1.x and 59 * clean up the APFDDI & gen. FDDI bits. 60 * Alexey Kuznetsov: new arp state machine; 61 * now it is in net/core/neighbour.c. 62 * Krzysztof Halasa: Added Frame Relay ARP support. 63 * Arnaldo C. Melo : convert /proc/net/arp to seq_file 64 * Shmulik Hen: Split arp_send to arp_create and 65 * arp_xmit so intermediate drivers like 66 * bonding can change the skb before 67 * sending (e.g. insert 8021q tag). 68 * Harald Welte : convert to make use of jenkins hash 69 * Jesper D. Brouer: Proxy ARP PVLAN RFC 3069 support. 70 */ 71 72 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 73 74 #include <linux/module.h> 75 #include <linux/types.h> 76 #include <linux/string.h> 77 #include <linux/kernel.h> 78 #include <linux/capability.h> 79 #include <linux/socket.h> 80 #include <linux/sockios.h> 81 #include <linux/errno.h> 82 #include <linux/hex.h> 83 #include <linux/in.h> 84 #include <linux/mm.h> 85 #include <linux/inet.h> 86 #include <linux/inetdevice.h> 87 #include <linux/netdevice.h> 88 #include <linux/etherdevice.h> 89 #include <linux/fddidevice.h> 90 #include <linux/if_arp.h> 91 #include <linux/skbuff.h> 92 #include <linux/proc_fs.h> 93 #include <linux/seq_file.h> 94 #include <linux/stat.h> 95 #include <linux/init.h> 96 #include <linux/net.h> 97 #include <linux/rcupdate.h> 98 #include <linux/slab.h> 99 #ifdef CONFIG_SYSCTL 100 #include <linux/sysctl.h> 101 #endif 102 103 #include <net/net_namespace.h> 104 #include <net/ip.h> 105 #include <net/icmp.h> 106 #include <net/route.h> 107 #include <net/protocol.h> 108 #include <net/tcp.h> 109 #include <net/sock.h> 110 #include <net/arp.h> 111 #include <net/ax25.h> 112 #include <net/netrom.h> 113 #include <net/dst_metadata.h> 114 #include <net/ip_tunnels.h> 115 116 #include <linux/uaccess.h> 117 118 #include <linux/netfilter_arp.h> 119 120 /* 121 * Interface to generic neighbour cache. 122 */ 123 static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 *hash_rnd); 124 static bool arp_key_eq(const struct neighbour *n, const void *pkey); 125 static int arp_constructor(struct neighbour *neigh); 126 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb); 127 static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb); 128 static void parp_redo(struct sk_buff *skb); 129 static int arp_is_multicast(const void *pkey); 130 131 static const struct neigh_ops arp_generic_ops = { 132 .family = AF_INET, 133 .solicit = arp_solicit, 134 .error_report = arp_error_report, 135 .output = neigh_resolve_output, 136 .connected_output = neigh_connected_output, 137 }; 138 139 static const struct neigh_ops arp_hh_ops = { 140 .family = AF_INET, 141 .solicit = arp_solicit, 142 .error_report = arp_error_report, 143 .output = neigh_resolve_output, 144 .connected_output = neigh_resolve_output, 145 }; 146 147 static const struct neigh_ops arp_direct_ops = { 148 .family = AF_INET, 149 .output = neigh_direct_output, 150 .connected_output = neigh_direct_output, 151 }; 152 153 struct neigh_table arp_tbl = { 154 .family = AF_INET, 155 .key_len = 4, 156 .protocol = cpu_to_be16(ETH_P_IP), 157 .hash = arp_hash, 158 .key_eq = arp_key_eq, 159 .constructor = arp_constructor, 160 .proxy_redo = parp_redo, 161 .is_multicast = arp_is_multicast, 162 .id = "arp_cache", 163 .parms = { 164 .tbl = &arp_tbl, 165 .reachable_time = 30 * HZ, 166 .data = { 167 [NEIGH_VAR_MCAST_PROBES] = 3, 168 [NEIGH_VAR_UCAST_PROBES] = 3, 169 [NEIGH_VAR_RETRANS_TIME] = 1 * HZ, 170 [NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ, 171 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 172 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ, 173 [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 174 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_DEFAULT, 175 [NEIGH_VAR_PROXY_QLEN] = 64, 176 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 177 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 178 [NEIGH_VAR_LOCKTIME] = 1 * HZ, 179 }, 180 }, 181 .gc_interval = 30 * HZ, 182 .gc_thresh1 = 128, 183 .gc_thresh2 = 512, 184 .gc_thresh3 = 1024, 185 }; 186 EXPORT_SYMBOL(arp_tbl); 187 188 int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir) 189 { 190 switch (dev->type) { 191 case ARPHRD_ETHER: 192 case ARPHRD_FDDI: 193 case ARPHRD_IEEE802: 194 ip_eth_mc_map(addr, haddr); 195 return 0; 196 case ARPHRD_INFINIBAND: 197 ip_ib_mc_map(addr, dev->broadcast, haddr); 198 return 0; 199 case ARPHRD_IPGRE: 200 ip_ipgre_mc_map(addr, dev->broadcast, haddr); 201 return 0; 202 default: 203 if (dir) { 204 memcpy(haddr, dev->broadcast, dev->addr_len); 205 return 0; 206 } 207 } 208 return -EINVAL; 209 } 210 211 212 static u32 arp_hash(const void *pkey, 213 const struct net_device *dev, 214 __u32 *hash_rnd) 215 { 216 return arp_hashfn(pkey, dev, hash_rnd); 217 } 218 219 static bool arp_key_eq(const struct neighbour *neigh, const void *pkey) 220 { 221 return neigh_key_eq32(neigh, pkey); 222 } 223 224 static int arp_constructor(struct neighbour *neigh) 225 { 226 __be32 addr; 227 struct net_device *dev = neigh->dev; 228 struct in_device *in_dev; 229 struct neigh_parms *parms; 230 u32 inaddr_any = INADDR_ANY; 231 232 if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) 233 memcpy(neigh->primary_key, &inaddr_any, arp_tbl.key_len); 234 235 addr = *(__be32 *)neigh->primary_key; 236 rcu_read_lock(); 237 in_dev = __in_dev_get_rcu(dev); 238 if (!in_dev) { 239 rcu_read_unlock(); 240 return -EINVAL; 241 } 242 243 neigh->type = inet_addr_type_dev_table(dev_net(dev), dev, addr); 244 245 parms = in_dev->arp_parms; 246 __neigh_parms_put(neigh->parms); 247 neigh->parms = neigh_parms_clone(parms); 248 rcu_read_unlock(); 249 250 if (!dev->header_ops) { 251 neigh->nud_state = NUD_NOARP; 252 neigh->ops = &arp_direct_ops; 253 neigh->output = neigh_direct_output; 254 } else { 255 /* Good devices (checked by reading texts, but only Ethernet is 256 tested) 257 258 ARPHRD_ETHER: (ethernet, apfddi) 259 ARPHRD_FDDI: (fddi) 260 ARPHRD_IEEE802: (tr) 261 ARPHRD_METRICOM: (strip) 262 ARPHRD_ARCNET: 263 etc. etc. etc. 264 265 ARPHRD_IPDDP will also work, if author repairs it. 266 I did not it, because this driver does not work even 267 in old paradigm. 268 */ 269 270 if (neigh->type == RTN_MULTICAST) { 271 neigh->nud_state = NUD_NOARP; 272 arp_mc_map(addr, neigh->ha, dev, 1); 273 } else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) { 274 neigh->nud_state = NUD_NOARP; 275 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 276 } else if (neigh->type == RTN_BROADCAST || 277 (dev->flags & IFF_POINTOPOINT)) { 278 neigh->nud_state = NUD_NOARP; 279 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 280 } 281 282 if (dev->header_ops->cache) 283 neigh->ops = &arp_hh_ops; 284 else 285 neigh->ops = &arp_generic_ops; 286 287 if (neigh->nud_state & NUD_VALID) 288 neigh->output = neigh->ops->connected_output; 289 else 290 neigh->output = neigh->ops->output; 291 } 292 return 0; 293 } 294 295 static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb) 296 { 297 dst_link_failure(skb); 298 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 299 } 300 301 /* Create and send an arp packet. */ 302 static void arp_send_dst(int type, int ptype, __be32 dest_ip, 303 struct net_device *dev, __be32 src_ip, 304 const unsigned char *dest_hw, 305 const unsigned char *src_hw, 306 const unsigned char *target_hw, 307 struct dst_entry *dst) 308 { 309 struct sk_buff *skb; 310 311 /* arp on this interface. */ 312 if (dev->flags & IFF_NOARP) 313 return; 314 315 skb = arp_create(type, ptype, dest_ip, dev, src_ip, 316 dest_hw, src_hw, target_hw); 317 if (!skb) 318 return; 319 320 skb_dst_set(skb, dst_clone(dst)); 321 arp_xmit(skb); 322 } 323 324 void arp_send(int type, int ptype, __be32 dest_ip, 325 struct net_device *dev, __be32 src_ip, 326 const unsigned char *dest_hw, const unsigned char *src_hw, 327 const unsigned char *target_hw) 328 { 329 arp_send_dst(type, ptype, dest_ip, dev, src_ip, dest_hw, src_hw, 330 target_hw, NULL); 331 } 332 EXPORT_SYMBOL(arp_send); 333 334 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb) 335 { 336 __be32 saddr = 0; 337 u8 dst_ha[MAX_ADDR_LEN], *dst_hw = NULL; 338 struct net_device *dev = neigh->dev; 339 __be32 target = *(__be32 *)neigh->primary_key; 340 int probes = atomic_read(&neigh->probes); 341 struct in_device *in_dev; 342 struct dst_entry *dst = NULL; 343 344 rcu_read_lock(); 345 in_dev = __in_dev_get_rcu(dev); 346 if (!in_dev) { 347 rcu_read_unlock(); 348 return; 349 } 350 switch (IN_DEV_ARP_ANNOUNCE(in_dev)) { 351 default: 352 case 0: /* By default announce any local IP */ 353 if (skb && inet_addr_type_dev_table(dev_net(dev), dev, 354 ip_hdr(skb)->saddr) == RTN_LOCAL) 355 saddr = ip_hdr(skb)->saddr; 356 break; 357 case 1: /* Restrict announcements of saddr in same subnet */ 358 if (!skb) 359 break; 360 saddr = ip_hdr(skb)->saddr; 361 if (inet_addr_type_dev_table(dev_net(dev), dev, 362 saddr) == RTN_LOCAL) { 363 /* saddr should be known to target */ 364 if (inet_addr_onlink(in_dev, target, saddr)) 365 break; 366 } 367 saddr = 0; 368 break; 369 case 2: /* Avoid secondary IPs, get a primary/preferred one */ 370 break; 371 } 372 rcu_read_unlock(); 373 374 if (!saddr) 375 saddr = inet_select_addr(dev, target, RT_SCOPE_LINK); 376 377 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES); 378 if (probes < 0) { 379 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) 380 pr_debug("trying to ucast probe in NUD_INVALID\n"); 381 neigh_ha_snapshot(dst_ha, neigh, dev); 382 dst_hw = dst_ha; 383 } else { 384 probes -= NEIGH_VAR(neigh->parms, APP_PROBES); 385 if (probes < 0) { 386 neigh_app_ns(neigh); 387 return; 388 } 389 } 390 391 if (skb && !(dev->priv_flags & IFF_XMIT_DST_RELEASE)) 392 dst = skb_dst(skb); 393 arp_send_dst(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr, 394 dst_hw, dev->dev_addr, NULL, dst); 395 } 396 397 static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip) 398 { 399 struct net *net = dev_net(in_dev->dev); 400 int scope; 401 402 switch (IN_DEV_ARP_IGNORE(in_dev)) { 403 case 0: /* Reply, the tip is already validated */ 404 return 0; 405 case 1: /* Reply only if tip is configured on the incoming interface */ 406 sip = 0; 407 scope = RT_SCOPE_HOST; 408 break; 409 case 2: /* 410 * Reply only if tip is configured on the incoming interface 411 * and is in same subnet as sip 412 */ 413 scope = RT_SCOPE_HOST; 414 break; 415 case 3: /* Do not reply for scope host addresses */ 416 sip = 0; 417 scope = RT_SCOPE_LINK; 418 in_dev = NULL; 419 break; 420 case 4: /* Reserved */ 421 case 5: 422 case 6: 423 case 7: 424 return 0; 425 case 8: /* Do not reply */ 426 return 1; 427 default: 428 return 0; 429 } 430 return !inet_confirm_addr(net, in_dev, sip, tip, scope); 431 } 432 433 static int arp_accept(struct in_device *in_dev, __be32 sip) 434 { 435 struct net *net = dev_net(in_dev->dev); 436 int scope = RT_SCOPE_LINK; 437 438 switch (IN_DEV_ARP_ACCEPT(in_dev)) { 439 case 0: /* Don't create new entries from garp */ 440 return 0; 441 case 1: /* Create new entries from garp */ 442 return 1; 443 case 2: /* Create a neighbor in the arp table only if sip 444 * is in the same subnet as an address configured 445 * on the interface that received the garp message 446 */ 447 return !!inet_confirm_addr(net, in_dev, sip, 0, scope); 448 default: 449 return 0; 450 } 451 } 452 453 static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev) 454 { 455 struct rtable *rt; 456 int flag = 0; 457 /*unsigned long now; */ 458 struct net *net = dev_net(dev); 459 460 rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev), 461 RT_SCOPE_UNIVERSE); 462 if (IS_ERR(rt)) 463 return 1; 464 if (rt->dst.dev != dev) { 465 __NET_INC_STATS(net, LINUX_MIB_ARPFILTER); 466 flag = 1; 467 } 468 ip_rt_put(rt); 469 return flag; 470 } 471 472 /* 473 * Check if we can use proxy ARP for this path 474 */ 475 static inline int arp_fwd_proxy(struct in_device *in_dev, 476 struct net_device *dev, struct rtable *rt) 477 { 478 struct in_device *out_dev; 479 int imi, omi = -1; 480 481 if (rt->dst.dev == dev) 482 return 0; 483 484 if (!IN_DEV_PROXY_ARP(in_dev)) 485 return 0; 486 imi = IN_DEV_MEDIUM_ID(in_dev); 487 if (imi == 0) 488 return 1; 489 if (imi == -1) 490 return 0; 491 492 /* place to check for proxy_arp for routes */ 493 494 out_dev = __in_dev_get_rcu(rt->dst.dev); 495 if (out_dev) 496 omi = IN_DEV_MEDIUM_ID(out_dev); 497 498 return omi != imi && omi != -1; 499 } 500 501 /* 502 * Check for RFC3069 proxy arp private VLAN (allow to send back to same dev) 503 * 504 * RFC3069 supports proxy arp replies back to the same interface. This 505 * is done to support (ethernet) switch features, like RFC 3069, where 506 * the individual ports are not allowed to communicate with each 507 * other, BUT they are allowed to talk to the upstream router. As 508 * described in RFC 3069, it is possible to allow these hosts to 509 * communicate through the upstream router, by proxy_arp'ing. 510 * 511 * RFC 3069: "VLAN Aggregation for Efficient IP Address Allocation" 512 * 513 * This technology is known by different names: 514 * In RFC 3069 it is called VLAN Aggregation. 515 * Cisco and Allied Telesyn call it Private VLAN. 516 * Hewlett-Packard call it Source-Port filtering or port-isolation. 517 * Ericsson call it MAC-Forced Forwarding (RFC Draft). 518 * 519 */ 520 static inline int arp_fwd_pvlan(struct in_device *in_dev, 521 struct net_device *dev, struct rtable *rt, 522 __be32 sip, __be32 tip) 523 { 524 /* Private VLAN is only concerned about the same ethernet segment */ 525 if (rt->dst.dev != dev) 526 return 0; 527 528 /* Don't reply on self probes (often done by windowz boxes)*/ 529 if (sip == tip) 530 return 0; 531 532 if (IN_DEV_PROXY_ARP_PVLAN(in_dev)) 533 return 1; 534 else 535 return 0; 536 } 537 538 /* 539 * Interface to link layer: send routine and receive handler. 540 */ 541 542 /* 543 * Create an arp packet. If dest_hw is not set, we create a broadcast 544 * message. 545 */ 546 struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip, 547 struct net_device *dev, __be32 src_ip, 548 const unsigned char *dest_hw, 549 const unsigned char *src_hw, 550 const unsigned char *target_hw) 551 { 552 struct sk_buff *skb; 553 struct arphdr *arp; 554 unsigned char *arp_ptr; 555 int hlen = LL_RESERVED_SPACE(dev); 556 int tlen = dev->needed_tailroom; 557 558 /* 559 * Allocate a buffer 560 */ 561 562 skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC); 563 if (!skb) 564 return NULL; 565 566 skb_reserve(skb, hlen); 567 skb_reset_network_header(skb); 568 skb_put(skb, arp_hdr_len(dev)); 569 skb->dev = dev; 570 skb->protocol = htons(ETH_P_ARP); 571 if (!src_hw) 572 src_hw = dev->dev_addr; 573 if (!dest_hw) 574 dest_hw = dev->broadcast; 575 576 /* Fill the device header for the ARP frame. 577 * Note: skb->head can be changed. 578 */ 579 if (dev_hard_header(skb, dev, ptype, dest_hw, src_hw, skb->len) < 0) 580 goto out; 581 582 arp = arp_hdr(skb); 583 /* 584 * Fill out the arp protocol part. 585 * 586 * The arp hardware type should match the device type, except for FDDI, 587 * which (according to RFC 1390) should always equal 1 (Ethernet). 588 */ 589 /* 590 * Exceptions everywhere. AX.25 uses the AX.25 PID value not the 591 * DIX code for the protocol. Make these device structure fields. 592 */ 593 switch (dev->type) { 594 default: 595 arp->ar_hrd = htons(dev->type); 596 arp->ar_pro = htons(ETH_P_IP); 597 break; 598 599 #if IS_ENABLED(CONFIG_AX25) 600 case ARPHRD_AX25: 601 arp->ar_hrd = htons(ARPHRD_AX25); 602 arp->ar_pro = htons(AX25_P_IP); 603 break; 604 605 #if IS_ENABLED(CONFIG_NETROM) 606 case ARPHRD_NETROM: 607 arp->ar_hrd = htons(ARPHRD_NETROM); 608 arp->ar_pro = htons(AX25_P_IP); 609 break; 610 #endif 611 #endif 612 613 #if IS_ENABLED(CONFIG_FDDI) 614 case ARPHRD_FDDI: 615 arp->ar_hrd = htons(ARPHRD_ETHER); 616 arp->ar_pro = htons(ETH_P_IP); 617 break; 618 #endif 619 } 620 621 arp->ar_hln = dev->addr_len; 622 arp->ar_pln = 4; 623 arp->ar_op = htons(type); 624 625 arp_ptr = (unsigned char *)(arp + 1); 626 627 memcpy(arp_ptr, src_hw, dev->addr_len); 628 arp_ptr += dev->addr_len; 629 memcpy(arp_ptr, &src_ip, 4); 630 arp_ptr += 4; 631 632 switch (dev->type) { 633 #if IS_ENABLED(CONFIG_FIREWIRE_NET) 634 case ARPHRD_IEEE1394: 635 break; 636 #endif 637 default: 638 if (target_hw) 639 memcpy(arp_ptr, target_hw, dev->addr_len); 640 else 641 memset(arp_ptr, 0, dev->addr_len); 642 arp_ptr += dev->addr_len; 643 } 644 memcpy(arp_ptr, &dest_ip, 4); 645 646 return skb; 647 648 out: 649 kfree_skb(skb); 650 return NULL; 651 } 652 EXPORT_SYMBOL(arp_create); 653 654 static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 655 { 656 return dev_queue_xmit(skb); 657 } 658 659 /* 660 * Send an arp packet. 661 */ 662 void arp_xmit(struct sk_buff *skb) 663 { 664 rcu_read_lock(); 665 /* Send it off, maybe filter it using firewalling first. */ 666 NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, 667 dev_net_rcu(skb->dev), NULL, skb, NULL, skb->dev, 668 arp_xmit_finish); 669 rcu_read_unlock(); 670 } 671 EXPORT_SYMBOL(arp_xmit); 672 673 static bool arp_is_garp(struct net *net, struct net_device *dev, 674 int *addr_type, __be16 ar_op, 675 __be32 sip, __be32 tip, 676 unsigned char *sha, unsigned char *tha) 677 { 678 bool is_garp = tip == sip; 679 680 /* Gratuitous ARP _replies_ also require target hwaddr to be 681 * the same as source. 682 */ 683 if (is_garp && ar_op == htons(ARPOP_REPLY)) 684 is_garp = 685 /* IPv4 over IEEE 1394 doesn't provide target 686 * hardware address field in its ARP payload. 687 */ 688 tha && 689 !memcmp(tha, sha, dev->addr_len); 690 691 if (is_garp) { 692 *addr_type = inet_addr_type_dev_table(net, dev, sip); 693 if (*addr_type != RTN_UNICAST) 694 is_garp = false; 695 } 696 return is_garp; 697 } 698 699 /* 700 * Process an arp request. 701 */ 702 703 static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) 704 { 705 struct net_device *dev = skb->dev; 706 struct in_device *in_dev = __in_dev_get_rcu(dev); 707 struct arphdr *arp; 708 unsigned char *arp_ptr; 709 struct rtable *rt; 710 unsigned char *sha; 711 unsigned char *tha = NULL; 712 __be32 sip, tip; 713 u16 dev_type = dev->type; 714 int addr_type; 715 struct neighbour *n; 716 struct dst_entry *reply_dst = NULL; 717 bool is_garp = false; 718 719 /* arp_rcv below verifies the ARP header and verifies the device 720 * is ARP'able. 721 */ 722 723 if (!in_dev) 724 goto out_free_skb; 725 726 arp = arp_hdr(skb); 727 728 switch (dev_type) { 729 default: 730 if (arp->ar_pro != htons(ETH_P_IP) || 731 htons(dev_type) != arp->ar_hrd) 732 goto out_free_skb; 733 break; 734 case ARPHRD_ETHER: 735 case ARPHRD_FDDI: 736 case ARPHRD_IEEE802: 737 /* 738 * ETHERNET, and Fibre Channel (which are IEEE 802 739 * devices, according to RFC 2625) devices will accept ARP 740 * hardware types of either 1 (Ethernet) or 6 (IEEE 802.2). 741 * This is the case also of FDDI, where the RFC 1390 says that 742 * FDDI devices should accept ARP hardware of (1) Ethernet, 743 * however, to be more robust, we'll accept both 1 (Ethernet) 744 * or 6 (IEEE 802.2) 745 */ 746 if ((arp->ar_hrd != htons(ARPHRD_ETHER) && 747 arp->ar_hrd != htons(ARPHRD_IEEE802)) || 748 arp->ar_pro != htons(ETH_P_IP)) 749 goto out_free_skb; 750 break; 751 case ARPHRD_AX25: 752 if (arp->ar_pro != htons(AX25_P_IP) || 753 arp->ar_hrd != htons(ARPHRD_AX25)) 754 goto out_free_skb; 755 break; 756 case ARPHRD_NETROM: 757 if (arp->ar_pro != htons(AX25_P_IP) || 758 arp->ar_hrd != htons(ARPHRD_NETROM)) 759 goto out_free_skb; 760 break; 761 } 762 763 /* Understand only these message types */ 764 765 if (arp->ar_op != htons(ARPOP_REPLY) && 766 arp->ar_op != htons(ARPOP_REQUEST)) 767 goto out_free_skb; 768 769 /* 770 * Extract fields 771 */ 772 arp_ptr = (unsigned char *)(arp + 1); 773 sha = arp_ptr; 774 arp_ptr += dev->addr_len; 775 memcpy(&sip, arp_ptr, 4); 776 arp_ptr += 4; 777 switch (dev_type) { 778 #if IS_ENABLED(CONFIG_FIREWIRE_NET) 779 case ARPHRD_IEEE1394: 780 break; 781 #endif 782 default: 783 tha = arp_ptr; 784 arp_ptr += dev->addr_len; 785 } 786 memcpy(&tip, arp_ptr, 4); 787 /* 788 * Check for bad requests for 127.x.x.x and requests for multicast 789 * addresses. If this is one such, delete it. 790 */ 791 if (ipv4_is_multicast(tip) || 792 (!IN_DEV_ROUTE_LOCALNET(in_dev) && ipv4_is_loopback(tip))) 793 goto out_free_skb; 794 795 /* 796 * For some 802.11 wireless deployments (and possibly other networks), 797 * there will be an ARP proxy and gratuitous ARP frames are attacks 798 * and thus should not be accepted. 799 */ 800 if (sip == tip && IN_DEV_ORCONF(in_dev, DROP_GRATUITOUS_ARP)) 801 goto out_free_skb; 802 803 /* 804 * Special case: We must set Frame Relay source Q.922 address 805 */ 806 if (dev_type == ARPHRD_DLCI) 807 sha = dev->broadcast; 808 809 /* 810 * Process entry. The idea here is we want to send a reply if it is a 811 * request for us or if it is a request for someone else that we hold 812 * a proxy for. We want to add an entry to our cache if it is a reply 813 * to us or if it is a request for our address. 814 * (The assumption for this last is that if someone is requesting our 815 * address, they are probably intending to talk to us, so it saves time 816 * if we cache their address. Their address is also probably not in 817 * our cache, since ours is not in their cache.) 818 * 819 * Putting this another way, we only care about replies if they are to 820 * us, in which case we add them to the cache. For requests, we care 821 * about those for us and those for our proxies. We reply to both, 822 * and in the case of requests for us we add the requester to the arp 823 * cache. 824 */ 825 826 if (arp->ar_op == htons(ARPOP_REQUEST) && skb_metadata_dst(skb)) 827 reply_dst = (struct dst_entry *) 828 iptunnel_metadata_reply(skb_metadata_dst(skb), 829 GFP_ATOMIC); 830 831 /* Special case: IPv4 duplicate address detection packet (RFC2131) */ 832 if (sip == 0) { 833 if (arp->ar_op == htons(ARPOP_REQUEST) && 834 inet_addr_type_dev_table(net, dev, tip) == RTN_LOCAL && 835 !arp_ignore(in_dev, sip, tip)) 836 arp_send_dst(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, 837 sha, dev->dev_addr, sha, reply_dst); 838 goto out_consume_skb; 839 } 840 841 if (arp->ar_op == htons(ARPOP_REQUEST) && 842 ip_route_input_noref(skb, tip, sip, 0, dev) == 0) { 843 844 rt = skb_rtable(skb); 845 addr_type = rt->rt_type; 846 847 if (addr_type == RTN_LOCAL) { 848 int dont_send; 849 850 dont_send = arp_ignore(in_dev, sip, tip); 851 if (!dont_send && IN_DEV_ARPFILTER(in_dev)) 852 dont_send = arp_filter(sip, tip, dev); 853 if (!dont_send) { 854 n = neigh_event_ns(&arp_tbl, sha, &sip, dev); 855 if (n) { 856 arp_send_dst(ARPOP_REPLY, ETH_P_ARP, 857 sip, dev, tip, sha, 858 dev->dev_addr, sha, 859 reply_dst); 860 neigh_release(n); 861 } 862 } 863 goto out_consume_skb; 864 } else if (IN_DEV_FORWARD(in_dev)) { 865 if (addr_type == RTN_UNICAST && 866 (arp_fwd_proxy(in_dev, dev, rt) || 867 arp_fwd_pvlan(in_dev, dev, rt, sip, tip) || 868 (rt->dst.dev != dev && 869 pneigh_lookup(&arp_tbl, net, &tip, dev)))) { 870 n = neigh_event_ns(&arp_tbl, sha, &sip, dev); 871 if (n) 872 neigh_release(n); 873 874 if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED || 875 skb->pkt_type == PACKET_HOST || 876 NEIGH_VAR(in_dev->arp_parms, PROXY_DELAY) == 0) { 877 arp_send_dst(ARPOP_REPLY, ETH_P_ARP, 878 sip, dev, tip, sha, 879 dev->dev_addr, sha, 880 reply_dst); 881 } else { 882 pneigh_enqueue(&arp_tbl, 883 in_dev->arp_parms, skb); 884 goto out_free_dst; 885 } 886 goto out_consume_skb; 887 } 888 } 889 } 890 891 /* Update our ARP tables */ 892 893 n = __neigh_lookup(&arp_tbl, &sip, dev, 0); 894 895 addr_type = -1; 896 if (n || arp_accept(in_dev, sip)) { 897 is_garp = arp_is_garp(net, dev, &addr_type, arp->ar_op, 898 sip, tip, sha, tha); 899 } 900 901 if (arp_accept(in_dev, sip)) { 902 /* Unsolicited ARP is not accepted by default. 903 It is possible, that this option should be enabled for some 904 devices (strip is candidate) 905 */ 906 if (!n && 907 (is_garp || 908 (arp->ar_op == htons(ARPOP_REPLY) && 909 (addr_type == RTN_UNICAST || 910 (addr_type < 0 && 911 /* postpone calculation to as late as possible */ 912 inet_addr_type_dev_table(net, dev, sip) == 913 RTN_UNICAST))))) 914 n = __neigh_lookup(&arp_tbl, &sip, dev, 1); 915 } 916 917 if (n) { 918 int state = NUD_REACHABLE; 919 int override; 920 921 /* If several different ARP replies follows back-to-back, 922 use the FIRST one. It is possible, if several proxy 923 agents are active. Taking the first reply prevents 924 arp trashing and chooses the fastest router. 925 */ 926 override = time_after(jiffies, 927 n->updated + 928 NEIGH_VAR(n->parms, LOCKTIME)) || 929 is_garp; 930 931 /* Broadcast replies and request packets 932 do not assert neighbour reachability. 933 */ 934 if (arp->ar_op != htons(ARPOP_REPLY) || 935 skb->pkt_type != PACKET_HOST) 936 state = NUD_STALE; 937 neigh_update(n, sha, state, 938 override ? NEIGH_UPDATE_F_OVERRIDE : 0, 0); 939 neigh_release(n); 940 } 941 942 out_consume_skb: 943 consume_skb(skb); 944 945 out_free_dst: 946 dst_release(reply_dst); 947 return NET_RX_SUCCESS; 948 949 out_free_skb: 950 kfree_skb(skb); 951 return NET_RX_DROP; 952 } 953 954 static void parp_redo(struct sk_buff *skb) 955 { 956 arp_process(dev_net(skb->dev), NULL, skb); 957 } 958 959 static int arp_is_multicast(const void *pkey) 960 { 961 return ipv4_is_multicast(*((__be32 *)pkey)); 962 } 963 964 /* 965 * Receive an arp request from the device layer. 966 */ 967 968 static int arp_rcv(struct sk_buff *skb, struct net_device *dev, 969 struct packet_type *pt, struct net_device *orig_dev) 970 { 971 enum skb_drop_reason drop_reason; 972 const struct arphdr *arp; 973 974 /* do not tweak dropwatch on an ARP we will ignore */ 975 if (dev->flags & IFF_NOARP || 976 skb->pkt_type == PACKET_OTHERHOST || 977 skb->pkt_type == PACKET_LOOPBACK) 978 goto consumeskb; 979 980 skb = skb_share_check(skb, GFP_ATOMIC); 981 if (!skb) 982 goto out_of_mem; 983 984 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 985 drop_reason = pskb_may_pull_reason(skb, arp_hdr_len(dev)); 986 if (drop_reason != SKB_NOT_DROPPED_YET) 987 goto freeskb; 988 989 arp = arp_hdr(skb); 990 if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) { 991 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; 992 goto freeskb; 993 } 994 995 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 996 997 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, 998 dev_net(dev), NULL, skb, dev, NULL, 999 arp_process); 1000 1001 consumeskb: 1002 consume_skb(skb); 1003 return NET_RX_SUCCESS; 1004 freeskb: 1005 kfree_skb_reason(skb, drop_reason); 1006 out_of_mem: 1007 return NET_RX_DROP; 1008 } 1009 1010 /* 1011 * User level interface (ioctl) 1012 */ 1013 1014 static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r, 1015 bool getarp) 1016 { 1017 struct net_device *dev; 1018 1019 if (getarp) 1020 dev = dev_get_by_name_rcu(net, r->arp_dev); 1021 else 1022 dev = __dev_get_by_name(net, r->arp_dev); 1023 if (!dev) 1024 return ERR_PTR(-ENODEV); 1025 1026 /* Mmmm... It is wrong... ARPHRD_NETROM == 0 */ 1027 if (!r->arp_ha.sa_family) 1028 r->arp_ha.sa_family = dev->type; 1029 1030 if ((r->arp_flags & ATF_COM) && r->arp_ha.sa_family != dev->type) 1031 return ERR_PTR(-EINVAL); 1032 1033 return dev; 1034 } 1035 1036 static struct net_device *arp_req_dev(struct net *net, struct arpreq *r) 1037 { 1038 struct net_device *dev; 1039 struct rtable *rt; 1040 __be32 ip; 1041 1042 if (r->arp_dev[0]) 1043 return arp_req_dev_by_name(net, r, false); 1044 1045 if (r->arp_flags & ATF_PUBL) 1046 return NULL; 1047 1048 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 1049 1050 rt = ip_route_output(net, ip, 0, 0, 0, RT_SCOPE_LINK); 1051 if (IS_ERR(rt)) 1052 return ERR_CAST(rt); 1053 1054 dev = rt->dst.dev; 1055 ip_rt_put(rt); 1056 1057 if (!dev) 1058 return ERR_PTR(-EINVAL); 1059 1060 return dev; 1061 } 1062 1063 /* 1064 * Set (create) an ARP cache entry. 1065 */ 1066 1067 static int arp_req_set_proxy(struct net *net, struct net_device *dev, int on) 1068 { 1069 if (!dev) { 1070 IPV4_DEVCONF_ALL(net, PROXY_ARP) = on; 1071 return 0; 1072 } 1073 if (__in_dev_get_rtnl_net(dev)) { 1074 IN_DEV_CONF_SET(__in_dev_get_rtnl_net(dev), PROXY_ARP, on); 1075 return 0; 1076 } 1077 return -ENXIO; 1078 } 1079 1080 static int arp_req_set_public(struct net *net, struct arpreq *r, 1081 struct net_device *dev) 1082 { 1083 __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr; 1084 1085 if (!dev && (r->arp_flags & ATF_COM)) { 1086 dev = dev_getbyhwaddr(net, r->arp_ha.sa_family, 1087 r->arp_ha.sa_data); 1088 if (!dev) 1089 return -ENODEV; 1090 } 1091 if (mask) { 1092 __be32 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 1093 1094 return pneigh_create(&arp_tbl, net, &ip, dev, 0, 0, false); 1095 } 1096 1097 return arp_req_set_proxy(net, dev, 1); 1098 } 1099 1100 static int arp_req_set(struct net *net, struct arpreq *r) 1101 { 1102 struct neighbour *neigh; 1103 struct net_device *dev; 1104 __be32 ip; 1105 int err; 1106 1107 dev = arp_req_dev(net, r); 1108 if (IS_ERR(dev)) 1109 return PTR_ERR(dev); 1110 1111 if (r->arp_flags & ATF_PUBL) 1112 return arp_req_set_public(net, r, dev); 1113 1114 switch (dev->type) { 1115 #if IS_ENABLED(CONFIG_FDDI) 1116 case ARPHRD_FDDI: 1117 /* 1118 * According to RFC 1390, FDDI devices should accept ARP 1119 * hardware types of 1 (Ethernet). However, to be more 1120 * robust, we'll accept hardware types of either 1 (Ethernet) 1121 * or 6 (IEEE 802.2). 1122 */ 1123 if (r->arp_ha.sa_family != ARPHRD_FDDI && 1124 r->arp_ha.sa_family != ARPHRD_ETHER && 1125 r->arp_ha.sa_family != ARPHRD_IEEE802) 1126 return -EINVAL; 1127 break; 1128 #endif 1129 default: 1130 if (r->arp_ha.sa_family != dev->type) 1131 return -EINVAL; 1132 break; 1133 } 1134 1135 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 1136 1137 neigh = __neigh_lookup_errno(&arp_tbl, &ip, dev); 1138 err = PTR_ERR(neigh); 1139 if (!IS_ERR(neigh)) { 1140 unsigned int state = NUD_STALE; 1141 1142 if (r->arp_flags & ATF_PERM) { 1143 r->arp_flags |= ATF_COM; 1144 state = NUD_PERMANENT; 1145 } 1146 1147 err = neigh_update(neigh, (r->arp_flags & ATF_COM) ? 1148 r->arp_ha.sa_data : NULL, state, 1149 NEIGH_UPDATE_F_OVERRIDE | 1150 NEIGH_UPDATE_F_ADMIN, 0); 1151 neigh_release(neigh); 1152 } 1153 return err; 1154 } 1155 1156 static unsigned int arp_state_to_flags(struct neighbour *neigh) 1157 { 1158 if (neigh->nud_state&NUD_PERMANENT) 1159 return ATF_PERM | ATF_COM; 1160 else if (neigh->nud_state&NUD_VALID) 1161 return ATF_COM; 1162 else 1163 return 0; 1164 } 1165 1166 /* 1167 * Get an ARP cache entry. 1168 */ 1169 1170 static int arp_req_get(struct net *net, struct arpreq *r) 1171 { 1172 __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr; 1173 struct neighbour *neigh; 1174 struct net_device *dev; 1175 1176 if (!r->arp_dev[0]) 1177 return -ENODEV; 1178 1179 dev = arp_req_dev_by_name(net, r, true); 1180 if (IS_ERR(dev)) 1181 return PTR_ERR(dev); 1182 1183 neigh = neigh_lookup(&arp_tbl, &ip, dev); 1184 if (!neigh) 1185 return -ENXIO; 1186 1187 if (READ_ONCE(neigh->nud_state) & NUD_NOARP) { 1188 neigh_release(neigh); 1189 return -ENXIO; 1190 } 1191 1192 read_lock_bh(&neigh->lock); 1193 memcpy(r->arp_ha.sa_data, neigh->ha, 1194 min(dev->addr_len, sizeof(r->arp_ha.sa_data))); 1195 r->arp_flags = arp_state_to_flags(neigh); 1196 read_unlock_bh(&neigh->lock); 1197 1198 neigh_release(neigh); 1199 1200 r->arp_ha.sa_family = dev->type; 1201 netdev_copy_name(dev, r->arp_dev); 1202 1203 return 0; 1204 } 1205 1206 int arp_invalidate(struct net_device *dev, __be32 ip, bool force) 1207 { 1208 struct neighbour *neigh = neigh_lookup(&arp_tbl, &ip, dev); 1209 int err = -ENXIO; 1210 struct neigh_table *tbl = &arp_tbl; 1211 1212 if (neigh) { 1213 if ((READ_ONCE(neigh->nud_state) & NUD_VALID) && !force) { 1214 neigh_release(neigh); 1215 return 0; 1216 } 1217 1218 if (READ_ONCE(neigh->nud_state) & ~NUD_NOARP) 1219 err = neigh_update(neigh, NULL, NUD_FAILED, 1220 NEIGH_UPDATE_F_OVERRIDE| 1221 NEIGH_UPDATE_F_ADMIN, 0); 1222 spin_lock_bh(&tbl->lock); 1223 neigh_release(neigh); 1224 neigh_remove_one(neigh); 1225 spin_unlock_bh(&tbl->lock); 1226 } 1227 1228 return err; 1229 } 1230 1231 static int arp_req_delete_public(struct net *net, struct arpreq *r, 1232 struct net_device *dev) 1233 { 1234 __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr; 1235 1236 if (mask) { 1237 __be32 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 1238 1239 return pneigh_delete(&arp_tbl, net, &ip, dev); 1240 } 1241 1242 return arp_req_set_proxy(net, dev, 0); 1243 } 1244 1245 static int arp_req_delete(struct net *net, struct arpreq *r) 1246 { 1247 struct net_device *dev; 1248 __be32 ip; 1249 1250 dev = arp_req_dev(net, r); 1251 if (IS_ERR(dev)) 1252 return PTR_ERR(dev); 1253 1254 if (r->arp_flags & ATF_PUBL) 1255 return arp_req_delete_public(net, r, dev); 1256 1257 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 1258 1259 return arp_invalidate(dev, ip, true); 1260 } 1261 1262 /* 1263 * Handle an ARP layer I/O control request. 1264 */ 1265 1266 int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg) 1267 { 1268 struct arpreq r; 1269 __be32 *netmask; 1270 int err; 1271 1272 switch (cmd) { 1273 case SIOCDARP: 1274 case SIOCSARP: 1275 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1276 return -EPERM; 1277 fallthrough; 1278 case SIOCGARP: 1279 err = copy_from_user(&r, arg, sizeof(struct arpreq)); 1280 if (err) 1281 return -EFAULT; 1282 break; 1283 default: 1284 return -EINVAL; 1285 } 1286 1287 if (r.arp_pa.sa_family != AF_INET) 1288 return -EPFNOSUPPORT; 1289 1290 if (!(r.arp_flags & ATF_PUBL) && 1291 (r.arp_flags & (ATF_NETMASK | ATF_DONTPUB))) 1292 return -EINVAL; 1293 1294 netmask = &((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr; 1295 if (!(r.arp_flags & ATF_NETMASK)) 1296 *netmask = htonl(0xFFFFFFFFUL); 1297 else if (*netmask && *netmask != htonl(0xFFFFFFFFUL)) 1298 return -EINVAL; 1299 1300 switch (cmd) { 1301 case SIOCDARP: 1302 rtnl_net_lock(net); 1303 err = arp_req_delete(net, &r); 1304 rtnl_net_unlock(net); 1305 break; 1306 case SIOCSARP: 1307 rtnl_net_lock(net); 1308 err = arp_req_set(net, &r); 1309 rtnl_net_unlock(net); 1310 break; 1311 case SIOCGARP: 1312 rcu_read_lock(); 1313 err = arp_req_get(net, &r); 1314 rcu_read_unlock(); 1315 1316 if (!err && copy_to_user(arg, &r, sizeof(r))) 1317 err = -EFAULT; 1318 break; 1319 } 1320 1321 return err; 1322 } 1323 1324 static int arp_netdev_event(struct notifier_block *this, unsigned long event, 1325 void *ptr) 1326 { 1327 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1328 struct netdev_notifier_change_info *change_info; 1329 struct in_device *in_dev; 1330 bool evict_nocarrier; 1331 1332 switch (event) { 1333 case NETDEV_CHANGEADDR: 1334 neigh_changeaddr(&arp_tbl, dev); 1335 rt_cache_flush(dev_net(dev)); 1336 break; 1337 case NETDEV_CHANGE: 1338 change_info = ptr; 1339 if (change_info->flags_changed & IFF_NOARP) 1340 neigh_changeaddr(&arp_tbl, dev); 1341 1342 in_dev = __in_dev_get_rtnl(dev); 1343 if (!in_dev) 1344 evict_nocarrier = true; 1345 else 1346 evict_nocarrier = IN_DEV_ARP_EVICT_NOCARRIER(in_dev); 1347 1348 if (evict_nocarrier && !netif_carrier_ok(dev)) 1349 neigh_carrier_down(&arp_tbl, dev); 1350 break; 1351 default: 1352 break; 1353 } 1354 1355 return NOTIFY_DONE; 1356 } 1357 1358 static struct notifier_block arp_netdev_notifier = { 1359 .notifier_call = arp_netdev_event, 1360 }; 1361 1362 /* Note, that it is not on notifier chain. 1363 It is necessary, that this routine was called after route cache will be 1364 flushed. 1365 */ 1366 void arp_ifdown(struct net_device *dev) 1367 { 1368 neigh_ifdown(&arp_tbl, dev); 1369 } 1370 1371 1372 /* 1373 * Called once on startup. 1374 */ 1375 1376 static struct packet_type arp_packet_type __read_mostly = { 1377 .type = cpu_to_be16(ETH_P_ARP), 1378 .func = arp_rcv, 1379 }; 1380 1381 #ifdef CONFIG_PROC_FS 1382 #if IS_ENABLED(CONFIG_AX25) 1383 1384 /* 1385 * ax25 -> ASCII conversion 1386 */ 1387 static void ax2asc2(ax25_address *a, char *buf) 1388 { 1389 char c, *s; 1390 int n; 1391 1392 for (n = 0, s = buf; n < 6; n++) { 1393 c = (a->ax25_call[n] >> 1) & 0x7F; 1394 1395 if (c != ' ') 1396 *s++ = c; 1397 } 1398 1399 *s++ = '-'; 1400 n = (a->ax25_call[6] >> 1) & 0x0F; 1401 if (n > 9) { 1402 *s++ = '1'; 1403 n -= 10; 1404 } 1405 1406 *s++ = n + '0'; 1407 *s++ = '\0'; 1408 1409 if (*buf == '\0' || *buf == '-') { 1410 buf[0] = '*'; 1411 buf[1] = '\0'; 1412 } 1413 } 1414 #endif /* CONFIG_AX25 */ 1415 1416 #define HBUFFERLEN 30 1417 1418 static void arp_format_neigh_entry(struct seq_file *seq, 1419 struct neighbour *n) 1420 { 1421 char hbuffer[HBUFFERLEN]; 1422 int k, j; 1423 char tbuf[16]; 1424 struct net_device *dev = n->dev; 1425 int hatype = dev->type; 1426 1427 read_lock(&n->lock); 1428 /* Convert hardware address to XX:XX:XX:XX ... form. */ 1429 #if IS_ENABLED(CONFIG_AX25) 1430 if (hatype == ARPHRD_AX25 || hatype == ARPHRD_NETROM) 1431 ax2asc2((ax25_address *)n->ha, hbuffer); 1432 else { 1433 #endif 1434 for (k = 0, j = 0; k < HBUFFERLEN - 3 && j < dev->addr_len; j++) { 1435 hbuffer[k++] = hex_asc_hi(n->ha[j]); 1436 hbuffer[k++] = hex_asc_lo(n->ha[j]); 1437 hbuffer[k++] = ':'; 1438 } 1439 if (k != 0) 1440 --k; 1441 hbuffer[k] = 0; 1442 #if IS_ENABLED(CONFIG_AX25) 1443 } 1444 #endif 1445 sprintf(tbuf, "%pI4", n->primary_key); 1446 seq_printf(seq, "%-16s 0x%-10x0x%-10x%-17s * %s\n", 1447 tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); 1448 read_unlock(&n->lock); 1449 } 1450 1451 static void arp_format_pneigh_entry(struct seq_file *seq, 1452 struct pneigh_entry *n) 1453 { 1454 struct net_device *dev = n->dev; 1455 int hatype = dev ? dev->type : 0; 1456 char tbuf[16]; 1457 1458 sprintf(tbuf, "%pI4", n->key); 1459 seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", 1460 tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", 1461 dev ? dev->name : "*"); 1462 } 1463 1464 static int arp_seq_show(struct seq_file *seq, void *v) 1465 { 1466 if (v == SEQ_START_TOKEN) { 1467 seq_puts(seq, "IP address HW type Flags " 1468 "HW address Mask Device\n"); 1469 } else { 1470 struct neigh_seq_state *state = seq->private; 1471 1472 if (state->flags & NEIGH_SEQ_IS_PNEIGH) 1473 arp_format_pneigh_entry(seq, v); 1474 else 1475 arp_format_neigh_entry(seq, v); 1476 } 1477 1478 return 0; 1479 } 1480 1481 static void *arp_seq_start(struct seq_file *seq, loff_t *pos) 1482 { 1483 /* Don't want to confuse "arp -a" w/ magic entries, 1484 * so we tell the generic iterator to skip NUD_NOARP. 1485 */ 1486 return neigh_seq_start(seq, pos, &arp_tbl, NEIGH_SEQ_SKIP_NOARP); 1487 } 1488 1489 static const struct seq_operations arp_seq_ops = { 1490 .start = arp_seq_start, 1491 .next = neigh_seq_next, 1492 .stop = neigh_seq_stop, 1493 .show = arp_seq_show, 1494 }; 1495 #endif /* CONFIG_PROC_FS */ 1496 1497 static int __net_init arp_net_init(struct net *net) 1498 { 1499 if (!proc_create_net("arp", 0444, net->proc_net, &arp_seq_ops, 1500 sizeof(struct neigh_seq_state))) 1501 return -ENOMEM; 1502 return 0; 1503 } 1504 1505 static void __net_exit arp_net_exit(struct net *net) 1506 { 1507 remove_proc_entry("arp", net->proc_net); 1508 } 1509 1510 static struct pernet_operations arp_net_ops = { 1511 .init = arp_net_init, 1512 .exit = arp_net_exit, 1513 }; 1514 1515 void __init arp_init(void) 1516 { 1517 neigh_table_init(NEIGH_ARP_TABLE, &arp_tbl); 1518 1519 dev_add_pack(&arp_packet_type); 1520 register_pernet_subsys(&arp_net_ops); 1521 #ifdef CONFIG_SYSCTL 1522 neigh_sysctl_register(NULL, &arp_tbl.parms, NULL); 1523 #endif 1524 register_netdevice_notifier(&arp_netdev_notifier); 1525 } 1526