1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/sock.h> 32 #include <net/netevent.h> 33 #include <net/netlink.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/random.h> 36 #include <linux/string.h> 37 #include <linux/log2.h> 38 #include <linux/inetdevice.h> 39 #include <net/addrconf.h> 40 41 #include <trace/events/neigh.h> 42 43 #define NEIGH_DEBUG 1 44 #define neigh_dbg(level, fmt, ...) \ 45 do { \ 46 if (level <= NEIGH_DEBUG) \ 47 pr_debug(fmt, ##__VA_ARGS__); \ 48 } while (0) 49 50 #define PNEIGH_HASHMASK 0xF 51 52 static void neigh_timer_handler(struct timer_list *t); 53 static void __neigh_notify(struct neighbour *n, int type, int flags, 54 u32 pid); 55 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 56 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 57 struct net_device *dev); 58 59 #ifdef CONFIG_PROC_FS 60 static const struct seq_operations neigh_stat_seq_ops; 61 #endif 62 63 static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family) 64 { 65 int i; 66 67 switch (family) { 68 default: 69 DEBUG_NET_WARN_ON_ONCE(1); 70 fallthrough; /* to avoid panic by null-ptr-deref */ 71 case AF_INET: 72 i = NEIGH_ARP_TABLE; 73 break; 74 case AF_INET6: 75 i = NEIGH_ND_TABLE; 76 break; 77 } 78 79 return &dev->neighbours[i]; 80 } 81 82 /* 83 Neighbour hash table buckets are protected with rwlock tbl->lock. 84 85 - All the scans/updates to hash buckets MUST be made under this lock. 86 - NOTHING clever should be made under this lock: no callbacks 87 to protocol backends, no attempts to send something to network. 88 It will result in deadlocks, if backend/driver wants to use neighbour 89 cache. 90 - If the entry requires some non-trivial actions, increase 91 its reference count and release table lock. 92 93 Neighbour entries are protected: 94 - with reference count. 95 - with rwlock neigh->lock 96 97 Reference count prevents destruction. 98 99 neigh->lock mainly serializes ll address data and its validity state. 100 However, the same lock is used to protect another entry fields: 101 - timer 102 - resolution queue 103 104 Again, nothing clever shall be made under neigh->lock, 105 the most complicated procedure, which we allow is dev->hard_header. 106 It is supposed, that dev->hard_header is simplistic and does 107 not make callbacks to neighbour tables. 108 */ 109 110 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 111 { 112 kfree_skb(skb); 113 return -ENETDOWN; 114 } 115 116 static void neigh_cleanup_and_release(struct neighbour *neigh) 117 { 118 trace_neigh_cleanup_and_release(neigh, 0); 119 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 120 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 121 neigh_release(neigh); 122 } 123 124 /* 125 * It is random distribution in the interval (1/2)*base...(3/2)*base. 126 * It corresponds to default IPv6 settings and is not overridable, 127 * because it is really reasonable choice. 128 */ 129 130 unsigned long neigh_rand_reach_time(unsigned long base) 131 { 132 return base ? get_random_u32_below(base) + (base >> 1) : 0; 133 } 134 EXPORT_SYMBOL(neigh_rand_reach_time); 135 136 static void neigh_mark_dead(struct neighbour *n) 137 { 138 n->dead = 1; 139 if (!list_empty(&n->gc_list)) { 140 list_del_init(&n->gc_list); 141 atomic_dec(&n->tbl->gc_entries); 142 } 143 if (!list_empty(&n->managed_list)) 144 list_del_init(&n->managed_list); 145 } 146 147 static void neigh_update_gc_list(struct neighbour *n) 148 { 149 bool on_gc_list, exempt_from_gc; 150 151 write_lock_bh(&n->tbl->lock); 152 write_lock(&n->lock); 153 if (n->dead) 154 goto out; 155 156 /* remove from the gc list if new state is permanent or if neighbor 157 * is externally learned; otherwise entry should be on the gc list 158 */ 159 exempt_from_gc = n->nud_state & NUD_PERMANENT || 160 n->flags & NTF_EXT_LEARNED; 161 on_gc_list = !list_empty(&n->gc_list); 162 163 if (exempt_from_gc && on_gc_list) { 164 list_del_init(&n->gc_list); 165 atomic_dec(&n->tbl->gc_entries); 166 } else if (!exempt_from_gc && !on_gc_list) { 167 /* add entries to the tail; cleaning removes from the front */ 168 list_add_tail(&n->gc_list, &n->tbl->gc_list); 169 atomic_inc(&n->tbl->gc_entries); 170 } 171 out: 172 write_unlock(&n->lock); 173 write_unlock_bh(&n->tbl->lock); 174 } 175 176 static void neigh_update_managed_list(struct neighbour *n) 177 { 178 bool on_managed_list, add_to_managed; 179 180 write_lock_bh(&n->tbl->lock); 181 write_lock(&n->lock); 182 if (n->dead) 183 goto out; 184 185 add_to_managed = n->flags & NTF_MANAGED; 186 on_managed_list = !list_empty(&n->managed_list); 187 188 if (!add_to_managed && on_managed_list) 189 list_del_init(&n->managed_list); 190 else if (add_to_managed && !on_managed_list) 191 list_add_tail(&n->managed_list, &n->tbl->managed_list); 192 out: 193 write_unlock(&n->lock); 194 write_unlock_bh(&n->tbl->lock); 195 } 196 197 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 198 bool *gc_update, bool *managed_update) 199 { 200 u32 ndm_flags, old_flags = neigh->flags; 201 202 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 203 return; 204 205 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 206 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 207 208 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 209 if (ndm_flags & NTF_EXT_LEARNED) 210 neigh->flags |= NTF_EXT_LEARNED; 211 else 212 neigh->flags &= ~NTF_EXT_LEARNED; 213 *notify = 1; 214 *gc_update = true; 215 } 216 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 217 if (ndm_flags & NTF_MANAGED) 218 neigh->flags |= NTF_MANAGED; 219 else 220 neigh->flags &= ~NTF_MANAGED; 221 *notify = 1; 222 *managed_update = true; 223 } 224 } 225 226 bool neigh_remove_one(struct neighbour *n) 227 { 228 bool retval = false; 229 230 write_lock(&n->lock); 231 if (refcount_read(&n->refcnt) == 1) { 232 hlist_del_rcu(&n->hash); 233 hlist_del_rcu(&n->dev_list); 234 neigh_mark_dead(n); 235 retval = true; 236 } 237 write_unlock(&n->lock); 238 if (retval) 239 neigh_cleanup_and_release(n); 240 return retval; 241 } 242 243 static int neigh_forced_gc(struct neigh_table *tbl) 244 { 245 int max_clean = atomic_read(&tbl->gc_entries) - 246 READ_ONCE(tbl->gc_thresh2); 247 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 248 unsigned long tref = jiffies - 5 * HZ; 249 struct neighbour *n, *tmp; 250 int shrunk = 0; 251 int loop = 0; 252 253 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 254 255 write_lock_bh(&tbl->lock); 256 257 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 258 if (refcount_read(&n->refcnt) == 1) { 259 bool remove = false; 260 261 write_lock(&n->lock); 262 if ((n->nud_state == NUD_FAILED) || 263 (n->nud_state == NUD_NOARP) || 264 (tbl->is_multicast && 265 tbl->is_multicast(n->primary_key)) || 266 !time_in_range(n->updated, tref, jiffies)) 267 remove = true; 268 write_unlock(&n->lock); 269 270 if (remove && neigh_remove_one(n)) 271 shrunk++; 272 if (shrunk >= max_clean) 273 break; 274 if (++loop == 16) { 275 if (ktime_get_ns() > tmax) 276 goto unlock; 277 loop = 0; 278 } 279 } 280 } 281 282 WRITE_ONCE(tbl->last_flush, jiffies); 283 unlock: 284 write_unlock_bh(&tbl->lock); 285 286 return shrunk; 287 } 288 289 static void neigh_add_timer(struct neighbour *n, unsigned long when) 290 { 291 /* Use safe distance from the jiffies - LONG_MAX point while timer 292 * is running in DELAY/PROBE state but still show to user space 293 * large times in the past. 294 */ 295 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 296 297 neigh_hold(n); 298 if (!time_in_range(n->confirmed, mint, jiffies)) 299 n->confirmed = mint; 300 if (time_before(n->used, n->confirmed)) 301 n->used = n->confirmed; 302 if (unlikely(mod_timer(&n->timer, when))) { 303 printk("NEIGH: BUG, double timer add, state is %x\n", 304 n->nud_state); 305 dump_stack(); 306 } 307 } 308 309 static int neigh_del_timer(struct neighbour *n) 310 { 311 if ((n->nud_state & NUD_IN_TIMER) && 312 del_timer(&n->timer)) { 313 neigh_release(n); 314 return 1; 315 } 316 return 0; 317 } 318 319 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 320 int family) 321 { 322 switch (family) { 323 case AF_INET: 324 return __in_dev_arp_parms_get_rcu(dev); 325 case AF_INET6: 326 return __in6_dev_nd_parms_get_rcu(dev); 327 } 328 return NULL; 329 } 330 331 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 332 { 333 struct neigh_parms *p; 334 335 rcu_read_lock(); 336 p = neigh_get_dev_parms_rcu(dev, family); 337 if (p) 338 p->qlen--; 339 rcu_read_unlock(); 340 } 341 342 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 343 int family) 344 { 345 struct sk_buff_head tmp; 346 unsigned long flags; 347 struct sk_buff *skb; 348 349 skb_queue_head_init(&tmp); 350 spin_lock_irqsave(&list->lock, flags); 351 skb = skb_peek(list); 352 while (skb != NULL) { 353 struct sk_buff *skb_next = skb_peek_next(skb, list); 354 struct net_device *dev = skb->dev; 355 356 if (net == NULL || net_eq(dev_net(dev), net)) { 357 neigh_parms_qlen_dec(dev, family); 358 __skb_unlink(skb, list); 359 __skb_queue_tail(&tmp, skb); 360 } 361 skb = skb_next; 362 } 363 spin_unlock_irqrestore(&list->lock, flags); 364 365 while ((skb = __skb_dequeue(&tmp))) { 366 dev_put(skb->dev); 367 kfree_skb(skb); 368 } 369 } 370 371 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 372 bool skip_perm) 373 { 374 struct hlist_head *dev_head; 375 struct hlist_node *tmp; 376 struct neighbour *n; 377 378 dev_head = neigh_get_dev_table(dev, tbl->family); 379 380 hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) { 381 if (skip_perm && n->nud_state & NUD_PERMANENT) 382 continue; 383 384 hlist_del_rcu(&n->hash); 385 hlist_del_rcu(&n->dev_list); 386 write_lock(&n->lock); 387 neigh_del_timer(n); 388 neigh_mark_dead(n); 389 if (refcount_read(&n->refcnt) != 1) { 390 /* The most unpleasant situation. 391 * We must destroy neighbour entry, 392 * but someone still uses it. 393 * 394 * The destroy will be delayed until 395 * the last user releases us, but 396 * we must kill timers etc. and move 397 * it to safe state. 398 */ 399 __skb_queue_purge(&n->arp_queue); 400 n->arp_queue_len_bytes = 0; 401 WRITE_ONCE(n->output, neigh_blackhole); 402 if (n->nud_state & NUD_VALID) 403 n->nud_state = NUD_NOARP; 404 else 405 n->nud_state = NUD_NONE; 406 neigh_dbg(2, "neigh %p is stray\n", n); 407 } 408 write_unlock(&n->lock); 409 neigh_cleanup_and_release(n); 410 } 411 } 412 413 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 414 { 415 write_lock_bh(&tbl->lock); 416 neigh_flush_dev(tbl, dev, false); 417 write_unlock_bh(&tbl->lock); 418 } 419 EXPORT_SYMBOL(neigh_changeaddr); 420 421 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 422 bool skip_perm) 423 { 424 write_lock_bh(&tbl->lock); 425 neigh_flush_dev(tbl, dev, skip_perm); 426 pneigh_ifdown_and_unlock(tbl, dev); 427 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 428 tbl->family); 429 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 430 del_timer_sync(&tbl->proxy_timer); 431 return 0; 432 } 433 434 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 435 { 436 __neigh_ifdown(tbl, dev, true); 437 return 0; 438 } 439 EXPORT_SYMBOL(neigh_carrier_down); 440 441 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 442 { 443 __neigh_ifdown(tbl, dev, false); 444 return 0; 445 } 446 EXPORT_SYMBOL(neigh_ifdown); 447 448 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 449 struct net_device *dev, 450 u32 flags, bool exempt_from_gc) 451 { 452 struct neighbour *n = NULL; 453 unsigned long now = jiffies; 454 int entries, gc_thresh3; 455 456 if (exempt_from_gc) 457 goto do_alloc; 458 459 entries = atomic_inc_return(&tbl->gc_entries) - 1; 460 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 461 if (entries >= gc_thresh3 || 462 (entries >= READ_ONCE(tbl->gc_thresh2) && 463 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 464 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 465 net_info_ratelimited("%s: neighbor table overflow!\n", 466 tbl->id); 467 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 468 goto out_entries; 469 } 470 } 471 472 do_alloc: 473 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 474 if (!n) 475 goto out_entries; 476 477 __skb_queue_head_init(&n->arp_queue); 478 rwlock_init(&n->lock); 479 seqlock_init(&n->ha_lock); 480 n->updated = n->used = now; 481 n->nud_state = NUD_NONE; 482 n->output = neigh_blackhole; 483 n->flags = flags; 484 seqlock_init(&n->hh.hh_lock); 485 n->parms = neigh_parms_clone(&tbl->parms); 486 timer_setup(&n->timer, neigh_timer_handler, 0); 487 488 NEIGH_CACHE_STAT_INC(tbl, allocs); 489 n->tbl = tbl; 490 refcount_set(&n->refcnt, 1); 491 n->dead = 1; 492 INIT_LIST_HEAD(&n->gc_list); 493 INIT_LIST_HEAD(&n->managed_list); 494 495 atomic_inc(&tbl->entries); 496 out: 497 return n; 498 499 out_entries: 500 if (!exempt_from_gc) 501 atomic_dec(&tbl->gc_entries); 502 goto out; 503 } 504 505 static void neigh_get_hash_rnd(u32 *x) 506 { 507 *x = get_random_u32() | 1; 508 } 509 510 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 511 { 512 size_t size = (1 << shift) * sizeof(struct hlist_head); 513 struct hlist_head *hash_heads; 514 struct neigh_hash_table *ret; 515 int i; 516 517 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 518 if (!ret) 519 return NULL; 520 521 hash_heads = kvzalloc(size, GFP_ATOMIC); 522 if (!hash_heads) { 523 kfree(ret); 524 return NULL; 525 } 526 ret->hash_heads = hash_heads; 527 ret->hash_shift = shift; 528 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 529 neigh_get_hash_rnd(&ret->hash_rnd[i]); 530 return ret; 531 } 532 533 static void neigh_hash_free_rcu(struct rcu_head *head) 534 { 535 struct neigh_hash_table *nht = container_of(head, 536 struct neigh_hash_table, 537 rcu); 538 539 kvfree(nht->hash_heads); 540 kfree(nht); 541 } 542 543 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 544 unsigned long new_shift) 545 { 546 unsigned int i, hash; 547 struct neigh_hash_table *new_nht, *old_nht; 548 549 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 550 551 old_nht = rcu_dereference_protected(tbl->nht, 552 lockdep_is_held(&tbl->lock)); 553 new_nht = neigh_hash_alloc(new_shift); 554 if (!new_nht) 555 return old_nht; 556 557 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 558 struct hlist_node *tmp; 559 struct neighbour *n; 560 561 neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) { 562 hash = tbl->hash(n->primary_key, n->dev, 563 new_nht->hash_rnd); 564 565 hash >>= (32 - new_nht->hash_shift); 566 567 hlist_del_rcu(&n->hash); 568 hlist_add_head_rcu(&n->hash, &new_nht->hash_heads[hash]); 569 } 570 } 571 572 rcu_assign_pointer(tbl->nht, new_nht); 573 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 574 return new_nht; 575 } 576 577 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 578 struct net_device *dev) 579 { 580 struct neighbour *n; 581 582 NEIGH_CACHE_STAT_INC(tbl, lookups); 583 584 rcu_read_lock(); 585 n = __neigh_lookup_noref(tbl, pkey, dev); 586 if (n) { 587 if (!refcount_inc_not_zero(&n->refcnt)) 588 n = NULL; 589 NEIGH_CACHE_STAT_INC(tbl, hits); 590 } 591 592 rcu_read_unlock(); 593 return n; 594 } 595 EXPORT_SYMBOL(neigh_lookup); 596 597 static struct neighbour * 598 ___neigh_create(struct neigh_table *tbl, const void *pkey, 599 struct net_device *dev, u32 flags, 600 bool exempt_from_gc, bool want_ref) 601 { 602 u32 hash_val, key_len = tbl->key_len; 603 struct neighbour *n1, *rc, *n; 604 struct neigh_hash_table *nht; 605 int error; 606 607 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 608 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 609 if (!n) { 610 rc = ERR_PTR(-ENOBUFS); 611 goto out; 612 } 613 614 memcpy(n->primary_key, pkey, key_len); 615 n->dev = dev; 616 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 617 618 /* Protocol specific setup. */ 619 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 620 rc = ERR_PTR(error); 621 goto out_neigh_release; 622 } 623 624 if (dev->netdev_ops->ndo_neigh_construct) { 625 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 626 if (error < 0) { 627 rc = ERR_PTR(error); 628 goto out_neigh_release; 629 } 630 } 631 632 /* Device specific setup. */ 633 if (n->parms->neigh_setup && 634 (error = n->parms->neigh_setup(n)) < 0) { 635 rc = ERR_PTR(error); 636 goto out_neigh_release; 637 } 638 639 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 640 641 write_lock_bh(&tbl->lock); 642 nht = rcu_dereference_protected(tbl->nht, 643 lockdep_is_held(&tbl->lock)); 644 645 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 646 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 647 648 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 649 650 if (n->parms->dead) { 651 rc = ERR_PTR(-EINVAL); 652 goto out_tbl_unlock; 653 } 654 655 neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) { 656 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 657 if (want_ref) 658 neigh_hold(n1); 659 rc = n1; 660 goto out_tbl_unlock; 661 } 662 } 663 664 n->dead = 0; 665 if (!exempt_from_gc) 666 list_add_tail(&n->gc_list, &n->tbl->gc_list); 667 if (n->flags & NTF_MANAGED) 668 list_add_tail(&n->managed_list, &n->tbl->managed_list); 669 if (want_ref) 670 neigh_hold(n); 671 hlist_add_head_rcu(&n->hash, &nht->hash_heads[hash_val]); 672 673 hlist_add_head_rcu(&n->dev_list, 674 neigh_get_dev_table(dev, tbl->family)); 675 676 write_unlock_bh(&tbl->lock); 677 neigh_dbg(2, "neigh %p is created\n", n); 678 rc = n; 679 out: 680 return rc; 681 out_tbl_unlock: 682 write_unlock_bh(&tbl->lock); 683 out_neigh_release: 684 if (!exempt_from_gc) 685 atomic_dec(&tbl->gc_entries); 686 neigh_release(n); 687 goto out; 688 } 689 690 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 691 struct net_device *dev, bool want_ref) 692 { 693 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 694 695 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 696 } 697 EXPORT_SYMBOL(__neigh_create); 698 699 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 700 { 701 u32 hash_val = *(u32 *)(pkey + key_len - 4); 702 hash_val ^= (hash_val >> 16); 703 hash_val ^= hash_val >> 8; 704 hash_val ^= hash_val >> 4; 705 hash_val &= PNEIGH_HASHMASK; 706 return hash_val; 707 } 708 709 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 710 struct net *net, 711 const void *pkey, 712 unsigned int key_len, 713 struct net_device *dev) 714 { 715 while (n) { 716 if (!memcmp(n->key, pkey, key_len) && 717 net_eq(pneigh_net(n), net) && 718 (n->dev == dev || !n->dev)) 719 return n; 720 n = n->next; 721 } 722 return NULL; 723 } 724 725 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 726 struct net *net, const void *pkey, struct net_device *dev) 727 { 728 unsigned int key_len = tbl->key_len; 729 u32 hash_val = pneigh_hash(pkey, key_len); 730 731 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 732 net, pkey, key_len, dev); 733 } 734 EXPORT_SYMBOL_GPL(__pneigh_lookup); 735 736 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 737 struct net *net, const void *pkey, 738 struct net_device *dev, int creat) 739 { 740 struct pneigh_entry *n; 741 unsigned int key_len = tbl->key_len; 742 u32 hash_val = pneigh_hash(pkey, key_len); 743 744 read_lock_bh(&tbl->lock); 745 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 746 net, pkey, key_len, dev); 747 read_unlock_bh(&tbl->lock); 748 749 if (n || !creat) 750 goto out; 751 752 ASSERT_RTNL(); 753 754 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 755 if (!n) 756 goto out; 757 758 write_pnet(&n->net, net); 759 memcpy(n->key, pkey, key_len); 760 n->dev = dev; 761 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 762 763 if (tbl->pconstructor && tbl->pconstructor(n)) { 764 netdev_put(dev, &n->dev_tracker); 765 kfree(n); 766 n = NULL; 767 goto out; 768 } 769 770 write_lock_bh(&tbl->lock); 771 n->next = tbl->phash_buckets[hash_val]; 772 tbl->phash_buckets[hash_val] = n; 773 write_unlock_bh(&tbl->lock); 774 out: 775 return n; 776 } 777 EXPORT_SYMBOL(pneigh_lookup); 778 779 780 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 781 struct net_device *dev) 782 { 783 struct pneigh_entry *n, **np; 784 unsigned int key_len = tbl->key_len; 785 u32 hash_val = pneigh_hash(pkey, key_len); 786 787 write_lock_bh(&tbl->lock); 788 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 789 np = &n->next) { 790 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 791 net_eq(pneigh_net(n), net)) { 792 *np = n->next; 793 write_unlock_bh(&tbl->lock); 794 if (tbl->pdestructor) 795 tbl->pdestructor(n); 796 netdev_put(n->dev, &n->dev_tracker); 797 kfree(n); 798 return 0; 799 } 800 } 801 write_unlock_bh(&tbl->lock); 802 return -ENOENT; 803 } 804 805 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 806 struct net_device *dev) 807 { 808 struct pneigh_entry *n, **np, *freelist = NULL; 809 u32 h; 810 811 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 812 np = &tbl->phash_buckets[h]; 813 while ((n = *np) != NULL) { 814 if (!dev || n->dev == dev) { 815 *np = n->next; 816 n->next = freelist; 817 freelist = n; 818 continue; 819 } 820 np = &n->next; 821 } 822 } 823 write_unlock_bh(&tbl->lock); 824 while ((n = freelist)) { 825 freelist = n->next; 826 n->next = NULL; 827 if (tbl->pdestructor) 828 tbl->pdestructor(n); 829 netdev_put(n->dev, &n->dev_tracker); 830 kfree(n); 831 } 832 return -ENOENT; 833 } 834 835 static void neigh_parms_destroy(struct neigh_parms *parms); 836 837 static inline void neigh_parms_put(struct neigh_parms *parms) 838 { 839 if (refcount_dec_and_test(&parms->refcnt)) 840 neigh_parms_destroy(parms); 841 } 842 843 /* 844 * neighbour must already be out of the table; 845 * 846 */ 847 void neigh_destroy(struct neighbour *neigh) 848 { 849 struct net_device *dev = neigh->dev; 850 851 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 852 853 if (!neigh->dead) { 854 pr_warn("Destroying alive neighbour %p\n", neigh); 855 dump_stack(); 856 return; 857 } 858 859 if (neigh_del_timer(neigh)) 860 pr_warn("Impossible event\n"); 861 862 write_lock_bh(&neigh->lock); 863 __skb_queue_purge(&neigh->arp_queue); 864 write_unlock_bh(&neigh->lock); 865 neigh->arp_queue_len_bytes = 0; 866 867 if (dev->netdev_ops->ndo_neigh_destroy) 868 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 869 870 netdev_put(dev, &neigh->dev_tracker); 871 neigh_parms_put(neigh->parms); 872 873 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 874 875 atomic_dec(&neigh->tbl->entries); 876 kfree_rcu(neigh, rcu); 877 } 878 EXPORT_SYMBOL(neigh_destroy); 879 880 /* Neighbour state is suspicious; 881 disable fast path. 882 883 Called with write_locked neigh. 884 */ 885 static void neigh_suspect(struct neighbour *neigh) 886 { 887 neigh_dbg(2, "neigh %p is suspected\n", neigh); 888 889 WRITE_ONCE(neigh->output, neigh->ops->output); 890 } 891 892 /* Neighbour state is OK; 893 enable fast path. 894 895 Called with write_locked neigh. 896 */ 897 static void neigh_connect(struct neighbour *neigh) 898 { 899 neigh_dbg(2, "neigh %p is connected\n", neigh); 900 901 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 902 } 903 904 static void neigh_periodic_work(struct work_struct *work) 905 { 906 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 907 struct neigh_hash_table *nht; 908 struct hlist_node *tmp; 909 struct neighbour *n; 910 unsigned int i; 911 912 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 913 914 write_lock_bh(&tbl->lock); 915 nht = rcu_dereference_protected(tbl->nht, 916 lockdep_is_held(&tbl->lock)); 917 918 /* 919 * periodically recompute ReachableTime from random function 920 */ 921 922 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 923 struct neigh_parms *p; 924 925 WRITE_ONCE(tbl->last_rand, jiffies); 926 list_for_each_entry(p, &tbl->parms_list, list) 927 p->reachable_time = 928 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 929 } 930 931 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 932 goto out; 933 934 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 935 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) { 936 unsigned int state; 937 938 write_lock(&n->lock); 939 940 state = n->nud_state; 941 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 942 (n->flags & NTF_EXT_LEARNED)) { 943 write_unlock(&n->lock); 944 continue; 945 } 946 947 if (time_before(n->used, n->confirmed) && 948 time_is_before_eq_jiffies(n->confirmed)) 949 n->used = n->confirmed; 950 951 if (refcount_read(&n->refcnt) == 1 && 952 (state == NUD_FAILED || 953 !time_in_range_open(jiffies, n->used, 954 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 955 hlist_del_rcu(&n->hash); 956 hlist_del_rcu(&n->dev_list); 957 neigh_mark_dead(n); 958 write_unlock(&n->lock); 959 neigh_cleanup_and_release(n); 960 continue; 961 } 962 write_unlock(&n->lock); 963 } 964 /* 965 * It's fine to release lock here, even if hash table 966 * grows while we are preempted. 967 */ 968 write_unlock_bh(&tbl->lock); 969 cond_resched(); 970 write_lock_bh(&tbl->lock); 971 nht = rcu_dereference_protected(tbl->nht, 972 lockdep_is_held(&tbl->lock)); 973 } 974 out: 975 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 976 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 977 * BASE_REACHABLE_TIME. 978 */ 979 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 980 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 981 write_unlock_bh(&tbl->lock); 982 } 983 984 static __inline__ int neigh_max_probes(struct neighbour *n) 985 { 986 struct neigh_parms *p = n->parms; 987 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 988 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 989 NEIGH_VAR(p, MCAST_PROBES)); 990 } 991 992 static void neigh_invalidate(struct neighbour *neigh) 993 __releases(neigh->lock) 994 __acquires(neigh->lock) 995 { 996 struct sk_buff *skb; 997 998 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 999 neigh_dbg(2, "neigh %p is failed\n", neigh); 1000 neigh->updated = jiffies; 1001 1002 /* It is very thin place. report_unreachable is very complicated 1003 routine. Particularly, it can hit the same neighbour entry! 1004 1005 So that, we try to be accurate and avoid dead loop. --ANK 1006 */ 1007 while (neigh->nud_state == NUD_FAILED && 1008 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1009 write_unlock(&neigh->lock); 1010 neigh->ops->error_report(neigh, skb); 1011 write_lock(&neigh->lock); 1012 } 1013 __skb_queue_purge(&neigh->arp_queue); 1014 neigh->arp_queue_len_bytes = 0; 1015 } 1016 1017 static void neigh_probe(struct neighbour *neigh) 1018 __releases(neigh->lock) 1019 { 1020 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1021 /* keep skb alive even if arp_queue overflows */ 1022 if (skb) 1023 skb = skb_clone(skb, GFP_ATOMIC); 1024 write_unlock(&neigh->lock); 1025 if (neigh->ops->solicit) 1026 neigh->ops->solicit(neigh, skb); 1027 atomic_inc(&neigh->probes); 1028 consume_skb(skb); 1029 } 1030 1031 /* Called when a timer expires for a neighbour entry. */ 1032 1033 static void neigh_timer_handler(struct timer_list *t) 1034 { 1035 unsigned long now, next; 1036 struct neighbour *neigh = from_timer(neigh, t, timer); 1037 unsigned int state; 1038 int notify = 0; 1039 1040 write_lock(&neigh->lock); 1041 1042 state = neigh->nud_state; 1043 now = jiffies; 1044 next = now + HZ; 1045 1046 if (!(state & NUD_IN_TIMER)) 1047 goto out; 1048 1049 if (state & NUD_REACHABLE) { 1050 if (time_before_eq(now, 1051 neigh->confirmed + neigh->parms->reachable_time)) { 1052 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1053 next = neigh->confirmed + neigh->parms->reachable_time; 1054 } else if (time_before_eq(now, 1055 neigh->used + 1056 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1057 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1058 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1059 neigh->updated = jiffies; 1060 neigh_suspect(neigh); 1061 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1062 } else { 1063 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1064 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1065 neigh->updated = jiffies; 1066 neigh_suspect(neigh); 1067 notify = 1; 1068 } 1069 } else if (state & NUD_DELAY) { 1070 if (time_before_eq(now, 1071 neigh->confirmed + 1072 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1073 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1074 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1075 neigh->updated = jiffies; 1076 neigh_connect(neigh); 1077 notify = 1; 1078 next = neigh->confirmed + neigh->parms->reachable_time; 1079 } else { 1080 neigh_dbg(2, "neigh %p is probed\n", neigh); 1081 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1082 neigh->updated = jiffies; 1083 atomic_set(&neigh->probes, 0); 1084 notify = 1; 1085 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1086 HZ/100); 1087 } 1088 } else { 1089 /* NUD_PROBE|NUD_INCOMPLETE */ 1090 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1091 } 1092 1093 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1094 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1095 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1096 notify = 1; 1097 neigh_invalidate(neigh); 1098 goto out; 1099 } 1100 1101 if (neigh->nud_state & NUD_IN_TIMER) { 1102 if (time_before(next, jiffies + HZ/100)) 1103 next = jiffies + HZ/100; 1104 if (!mod_timer(&neigh->timer, next)) 1105 neigh_hold(neigh); 1106 } 1107 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1108 neigh_probe(neigh); 1109 } else { 1110 out: 1111 write_unlock(&neigh->lock); 1112 } 1113 1114 if (notify) 1115 neigh_update_notify(neigh, 0); 1116 1117 trace_neigh_timer_handler(neigh, 0); 1118 1119 neigh_release(neigh); 1120 } 1121 1122 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1123 const bool immediate_ok) 1124 { 1125 int rc; 1126 bool immediate_probe = false; 1127 1128 write_lock_bh(&neigh->lock); 1129 1130 rc = 0; 1131 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1132 goto out_unlock_bh; 1133 if (neigh->dead) 1134 goto out_dead; 1135 1136 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1137 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1138 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1139 unsigned long next, now = jiffies; 1140 1141 atomic_set(&neigh->probes, 1142 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1143 neigh_del_timer(neigh); 1144 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1145 neigh->updated = now; 1146 if (!immediate_ok) { 1147 next = now + 1; 1148 } else { 1149 immediate_probe = true; 1150 next = now + max(NEIGH_VAR(neigh->parms, 1151 RETRANS_TIME), 1152 HZ / 100); 1153 } 1154 neigh_add_timer(neigh, next); 1155 } else { 1156 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1157 neigh->updated = jiffies; 1158 write_unlock_bh(&neigh->lock); 1159 1160 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1161 return 1; 1162 } 1163 } else if (neigh->nud_state & NUD_STALE) { 1164 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1165 neigh_del_timer(neigh); 1166 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1167 neigh->updated = jiffies; 1168 neigh_add_timer(neigh, jiffies + 1169 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1170 } 1171 1172 if (neigh->nud_state == NUD_INCOMPLETE) { 1173 if (skb) { 1174 while (neigh->arp_queue_len_bytes + skb->truesize > 1175 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1176 struct sk_buff *buff; 1177 1178 buff = __skb_dequeue(&neigh->arp_queue); 1179 if (!buff) 1180 break; 1181 neigh->arp_queue_len_bytes -= buff->truesize; 1182 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1183 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1184 } 1185 skb_dst_force(skb); 1186 __skb_queue_tail(&neigh->arp_queue, skb); 1187 neigh->arp_queue_len_bytes += skb->truesize; 1188 } 1189 rc = 1; 1190 } 1191 out_unlock_bh: 1192 if (immediate_probe) 1193 neigh_probe(neigh); 1194 else 1195 write_unlock(&neigh->lock); 1196 local_bh_enable(); 1197 trace_neigh_event_send_done(neigh, rc); 1198 return rc; 1199 1200 out_dead: 1201 if (neigh->nud_state & NUD_STALE) 1202 goto out_unlock_bh; 1203 write_unlock_bh(&neigh->lock); 1204 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1205 trace_neigh_event_send_dead(neigh, 1); 1206 return 1; 1207 } 1208 EXPORT_SYMBOL(__neigh_event_send); 1209 1210 static void neigh_update_hhs(struct neighbour *neigh) 1211 { 1212 struct hh_cache *hh; 1213 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1214 = NULL; 1215 1216 if (neigh->dev->header_ops) 1217 update = neigh->dev->header_ops->cache_update; 1218 1219 if (update) { 1220 hh = &neigh->hh; 1221 if (READ_ONCE(hh->hh_len)) { 1222 write_seqlock_bh(&hh->hh_lock); 1223 update(hh, neigh->dev, neigh->ha); 1224 write_sequnlock_bh(&hh->hh_lock); 1225 } 1226 } 1227 } 1228 1229 /* Generic update routine. 1230 -- lladdr is new lladdr or NULL, if it is not supplied. 1231 -- new is new state. 1232 -- flags 1233 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1234 if it is different. 1235 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1236 lladdr instead of overriding it 1237 if it is different. 1238 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1239 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1240 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1241 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1242 NTF_ROUTER flag. 1243 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1244 a router. 1245 1246 Caller MUST hold reference count on the entry. 1247 */ 1248 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1249 u8 new, u32 flags, u32 nlmsg_pid, 1250 struct netlink_ext_ack *extack) 1251 { 1252 bool gc_update = false, managed_update = false; 1253 int update_isrouter = 0; 1254 struct net_device *dev; 1255 int err, notify = 0; 1256 u8 old; 1257 1258 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1259 1260 write_lock_bh(&neigh->lock); 1261 1262 dev = neigh->dev; 1263 old = neigh->nud_state; 1264 err = -EPERM; 1265 1266 if (neigh->dead) { 1267 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1268 new = old; 1269 goto out; 1270 } 1271 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1272 (old & (NUD_NOARP | NUD_PERMANENT))) 1273 goto out; 1274 1275 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1276 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1277 new = old & ~NUD_PERMANENT; 1278 WRITE_ONCE(neigh->nud_state, new); 1279 err = 0; 1280 goto out; 1281 } 1282 1283 if (!(new & NUD_VALID)) { 1284 neigh_del_timer(neigh); 1285 if (old & NUD_CONNECTED) 1286 neigh_suspect(neigh); 1287 WRITE_ONCE(neigh->nud_state, new); 1288 err = 0; 1289 notify = old & NUD_VALID; 1290 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1291 (new & NUD_FAILED)) { 1292 neigh_invalidate(neigh); 1293 notify = 1; 1294 } 1295 goto out; 1296 } 1297 1298 /* Compare new lladdr with cached one */ 1299 if (!dev->addr_len) { 1300 /* First case: device needs no address. */ 1301 lladdr = neigh->ha; 1302 } else if (lladdr) { 1303 /* The second case: if something is already cached 1304 and a new address is proposed: 1305 - compare new & old 1306 - if they are different, check override flag 1307 */ 1308 if ((old & NUD_VALID) && 1309 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1310 lladdr = neigh->ha; 1311 } else { 1312 /* No address is supplied; if we know something, 1313 use it, otherwise discard the request. 1314 */ 1315 err = -EINVAL; 1316 if (!(old & NUD_VALID)) { 1317 NL_SET_ERR_MSG(extack, "No link layer address given"); 1318 goto out; 1319 } 1320 lladdr = neigh->ha; 1321 } 1322 1323 /* Update confirmed timestamp for neighbour entry after we 1324 * received ARP packet even if it doesn't change IP to MAC binding. 1325 */ 1326 if (new & NUD_CONNECTED) 1327 neigh->confirmed = jiffies; 1328 1329 /* If entry was valid and address is not changed, 1330 do not change entry state, if new one is STALE. 1331 */ 1332 err = 0; 1333 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1334 if (old & NUD_VALID) { 1335 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1336 update_isrouter = 0; 1337 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1338 (old & NUD_CONNECTED)) { 1339 lladdr = neigh->ha; 1340 new = NUD_STALE; 1341 } else 1342 goto out; 1343 } else { 1344 if (lladdr == neigh->ha && new == NUD_STALE && 1345 !(flags & NEIGH_UPDATE_F_ADMIN)) 1346 new = old; 1347 } 1348 } 1349 1350 /* Update timestamp only once we know we will make a change to the 1351 * neighbour entry. Otherwise we risk to move the locktime window with 1352 * noop updates and ignore relevant ARP updates. 1353 */ 1354 if (new != old || lladdr != neigh->ha) 1355 neigh->updated = jiffies; 1356 1357 if (new != old) { 1358 neigh_del_timer(neigh); 1359 if (new & NUD_PROBE) 1360 atomic_set(&neigh->probes, 0); 1361 if (new & NUD_IN_TIMER) 1362 neigh_add_timer(neigh, (jiffies + 1363 ((new & NUD_REACHABLE) ? 1364 neigh->parms->reachable_time : 1365 0))); 1366 WRITE_ONCE(neigh->nud_state, new); 1367 notify = 1; 1368 } 1369 1370 if (lladdr != neigh->ha) { 1371 write_seqlock(&neigh->ha_lock); 1372 memcpy(&neigh->ha, lladdr, dev->addr_len); 1373 write_sequnlock(&neigh->ha_lock); 1374 neigh_update_hhs(neigh); 1375 if (!(new & NUD_CONNECTED)) 1376 neigh->confirmed = jiffies - 1377 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1378 notify = 1; 1379 } 1380 if (new == old) 1381 goto out; 1382 if (new & NUD_CONNECTED) 1383 neigh_connect(neigh); 1384 else 1385 neigh_suspect(neigh); 1386 if (!(old & NUD_VALID)) { 1387 struct sk_buff *skb; 1388 1389 /* Again: avoid dead loop if something went wrong */ 1390 1391 while (neigh->nud_state & NUD_VALID && 1392 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1393 struct dst_entry *dst = skb_dst(skb); 1394 struct neighbour *n2, *n1 = neigh; 1395 write_unlock_bh(&neigh->lock); 1396 1397 rcu_read_lock(); 1398 1399 /* Why not just use 'neigh' as-is? The problem is that 1400 * things such as shaper, eql, and sch_teql can end up 1401 * using alternative, different, neigh objects to output 1402 * the packet in the output path. So what we need to do 1403 * here is re-lookup the top-level neigh in the path so 1404 * we can reinject the packet there. 1405 */ 1406 n2 = NULL; 1407 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1408 n2 = dst_neigh_lookup_skb(dst, skb); 1409 if (n2) 1410 n1 = n2; 1411 } 1412 READ_ONCE(n1->output)(n1, skb); 1413 if (n2) 1414 neigh_release(n2); 1415 rcu_read_unlock(); 1416 1417 write_lock_bh(&neigh->lock); 1418 } 1419 __skb_queue_purge(&neigh->arp_queue); 1420 neigh->arp_queue_len_bytes = 0; 1421 } 1422 out: 1423 if (update_isrouter) 1424 neigh_update_is_router(neigh, flags, ¬ify); 1425 write_unlock_bh(&neigh->lock); 1426 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1427 neigh_update_gc_list(neigh); 1428 if (managed_update) 1429 neigh_update_managed_list(neigh); 1430 if (notify) 1431 neigh_update_notify(neigh, nlmsg_pid); 1432 trace_neigh_update_done(neigh, err); 1433 return err; 1434 } 1435 1436 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1437 u32 flags, u32 nlmsg_pid) 1438 { 1439 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1440 } 1441 EXPORT_SYMBOL(neigh_update); 1442 1443 /* Update the neigh to listen temporarily for probe responses, even if it is 1444 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1445 */ 1446 void __neigh_set_probe_once(struct neighbour *neigh) 1447 { 1448 if (neigh->dead) 1449 return; 1450 neigh->updated = jiffies; 1451 if (!(neigh->nud_state & NUD_FAILED)) 1452 return; 1453 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1454 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1455 neigh_add_timer(neigh, 1456 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1457 HZ/100)); 1458 } 1459 EXPORT_SYMBOL(__neigh_set_probe_once); 1460 1461 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1462 u8 *lladdr, void *saddr, 1463 struct net_device *dev) 1464 { 1465 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1466 lladdr || !dev->addr_len); 1467 if (neigh) 1468 neigh_update(neigh, lladdr, NUD_STALE, 1469 NEIGH_UPDATE_F_OVERRIDE, 0); 1470 return neigh; 1471 } 1472 EXPORT_SYMBOL(neigh_event_ns); 1473 1474 /* called with read_lock_bh(&n->lock); */ 1475 static void neigh_hh_init(struct neighbour *n) 1476 { 1477 struct net_device *dev = n->dev; 1478 __be16 prot = n->tbl->protocol; 1479 struct hh_cache *hh = &n->hh; 1480 1481 write_lock_bh(&n->lock); 1482 1483 /* Only one thread can come in here and initialize the 1484 * hh_cache entry. 1485 */ 1486 if (!hh->hh_len) 1487 dev->header_ops->cache(n, hh, prot); 1488 1489 write_unlock_bh(&n->lock); 1490 } 1491 1492 /* Slow and careful. */ 1493 1494 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1495 { 1496 int rc = 0; 1497 1498 if (!neigh_event_send(neigh, skb)) { 1499 int err; 1500 struct net_device *dev = neigh->dev; 1501 unsigned int seq; 1502 1503 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1504 neigh_hh_init(neigh); 1505 1506 do { 1507 __skb_pull(skb, skb_network_offset(skb)); 1508 seq = read_seqbegin(&neigh->ha_lock); 1509 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1510 neigh->ha, NULL, skb->len); 1511 } while (read_seqretry(&neigh->ha_lock, seq)); 1512 1513 if (err >= 0) 1514 rc = dev_queue_xmit(skb); 1515 else 1516 goto out_kfree_skb; 1517 } 1518 out: 1519 return rc; 1520 out_kfree_skb: 1521 rc = -EINVAL; 1522 kfree_skb(skb); 1523 goto out; 1524 } 1525 EXPORT_SYMBOL(neigh_resolve_output); 1526 1527 /* As fast as possible without hh cache */ 1528 1529 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1530 { 1531 struct net_device *dev = neigh->dev; 1532 unsigned int seq; 1533 int err; 1534 1535 do { 1536 __skb_pull(skb, skb_network_offset(skb)); 1537 seq = read_seqbegin(&neigh->ha_lock); 1538 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1539 neigh->ha, NULL, skb->len); 1540 } while (read_seqretry(&neigh->ha_lock, seq)); 1541 1542 if (err >= 0) 1543 err = dev_queue_xmit(skb); 1544 else { 1545 err = -EINVAL; 1546 kfree_skb(skb); 1547 } 1548 return err; 1549 } 1550 EXPORT_SYMBOL(neigh_connected_output); 1551 1552 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1553 { 1554 return dev_queue_xmit(skb); 1555 } 1556 EXPORT_SYMBOL(neigh_direct_output); 1557 1558 static void neigh_managed_work(struct work_struct *work) 1559 { 1560 struct neigh_table *tbl = container_of(work, struct neigh_table, 1561 managed_work.work); 1562 struct neighbour *neigh; 1563 1564 write_lock_bh(&tbl->lock); 1565 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1566 neigh_event_send_probe(neigh, NULL, false); 1567 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1568 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1569 write_unlock_bh(&tbl->lock); 1570 } 1571 1572 static void neigh_proxy_process(struct timer_list *t) 1573 { 1574 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1575 long sched_next = 0; 1576 unsigned long now = jiffies; 1577 struct sk_buff *skb, *n; 1578 1579 spin_lock(&tbl->proxy_queue.lock); 1580 1581 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1582 long tdif = NEIGH_CB(skb)->sched_next - now; 1583 1584 if (tdif <= 0) { 1585 struct net_device *dev = skb->dev; 1586 1587 neigh_parms_qlen_dec(dev, tbl->family); 1588 __skb_unlink(skb, &tbl->proxy_queue); 1589 1590 if (tbl->proxy_redo && netif_running(dev)) { 1591 rcu_read_lock(); 1592 tbl->proxy_redo(skb); 1593 rcu_read_unlock(); 1594 } else { 1595 kfree_skb(skb); 1596 } 1597 1598 dev_put(dev); 1599 } else if (!sched_next || tdif < sched_next) 1600 sched_next = tdif; 1601 } 1602 del_timer(&tbl->proxy_timer); 1603 if (sched_next) 1604 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1605 spin_unlock(&tbl->proxy_queue.lock); 1606 } 1607 1608 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1609 { 1610 /* If proxy_delay is zero, do not call get_random_u32_below() 1611 * as it is undefined behavior. 1612 */ 1613 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1614 1615 return proxy_delay ? 1616 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1617 } 1618 1619 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1620 struct sk_buff *skb) 1621 { 1622 unsigned long sched_next = neigh_proxy_delay(p); 1623 1624 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1625 kfree_skb(skb); 1626 return; 1627 } 1628 1629 NEIGH_CB(skb)->sched_next = sched_next; 1630 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1631 1632 spin_lock(&tbl->proxy_queue.lock); 1633 if (del_timer(&tbl->proxy_timer)) { 1634 if (time_before(tbl->proxy_timer.expires, sched_next)) 1635 sched_next = tbl->proxy_timer.expires; 1636 } 1637 skb_dst_drop(skb); 1638 dev_hold(skb->dev); 1639 __skb_queue_tail(&tbl->proxy_queue, skb); 1640 p->qlen++; 1641 mod_timer(&tbl->proxy_timer, sched_next); 1642 spin_unlock(&tbl->proxy_queue.lock); 1643 } 1644 EXPORT_SYMBOL(pneigh_enqueue); 1645 1646 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1647 struct net *net, int ifindex) 1648 { 1649 struct neigh_parms *p; 1650 1651 list_for_each_entry(p, &tbl->parms_list, list) { 1652 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1653 (!p->dev && !ifindex && net_eq(net, &init_net))) 1654 return p; 1655 } 1656 1657 return NULL; 1658 } 1659 1660 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1661 struct neigh_table *tbl) 1662 { 1663 struct neigh_parms *p; 1664 struct net *net = dev_net(dev); 1665 const struct net_device_ops *ops = dev->netdev_ops; 1666 1667 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1668 if (p) { 1669 p->tbl = tbl; 1670 refcount_set(&p->refcnt, 1); 1671 p->reachable_time = 1672 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1673 p->qlen = 0; 1674 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1675 p->dev = dev; 1676 write_pnet(&p->net, net); 1677 p->sysctl_table = NULL; 1678 1679 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1680 netdev_put(dev, &p->dev_tracker); 1681 kfree(p); 1682 return NULL; 1683 } 1684 1685 write_lock_bh(&tbl->lock); 1686 list_add(&p->list, &tbl->parms.list); 1687 write_unlock_bh(&tbl->lock); 1688 1689 neigh_parms_data_state_cleanall(p); 1690 } 1691 return p; 1692 } 1693 EXPORT_SYMBOL(neigh_parms_alloc); 1694 1695 static void neigh_rcu_free_parms(struct rcu_head *head) 1696 { 1697 struct neigh_parms *parms = 1698 container_of(head, struct neigh_parms, rcu_head); 1699 1700 neigh_parms_put(parms); 1701 } 1702 1703 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1704 { 1705 if (!parms || parms == &tbl->parms) 1706 return; 1707 write_lock_bh(&tbl->lock); 1708 list_del(&parms->list); 1709 parms->dead = 1; 1710 write_unlock_bh(&tbl->lock); 1711 netdev_put(parms->dev, &parms->dev_tracker); 1712 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1713 } 1714 EXPORT_SYMBOL(neigh_parms_release); 1715 1716 static void neigh_parms_destroy(struct neigh_parms *parms) 1717 { 1718 kfree(parms); 1719 } 1720 1721 static struct lock_class_key neigh_table_proxy_queue_class; 1722 1723 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1724 1725 void neigh_table_init(int index, struct neigh_table *tbl) 1726 { 1727 unsigned long now = jiffies; 1728 unsigned long phsize; 1729 1730 INIT_LIST_HEAD(&tbl->parms_list); 1731 INIT_LIST_HEAD(&tbl->gc_list); 1732 INIT_LIST_HEAD(&tbl->managed_list); 1733 1734 list_add(&tbl->parms.list, &tbl->parms_list); 1735 write_pnet(&tbl->parms.net, &init_net); 1736 refcount_set(&tbl->parms.refcnt, 1); 1737 tbl->parms.reachable_time = 1738 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1739 tbl->parms.qlen = 0; 1740 1741 tbl->stats = alloc_percpu(struct neigh_statistics); 1742 if (!tbl->stats) 1743 panic("cannot create neighbour cache statistics"); 1744 1745 #ifdef CONFIG_PROC_FS 1746 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1747 &neigh_stat_seq_ops, tbl)) 1748 panic("cannot create neighbour proc dir entry"); 1749 #endif 1750 1751 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1752 1753 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1754 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1755 1756 if (!tbl->nht || !tbl->phash_buckets) 1757 panic("cannot allocate neighbour cache hashes"); 1758 1759 if (!tbl->entry_size) 1760 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1761 tbl->key_len, NEIGH_PRIV_ALIGN); 1762 else 1763 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1764 1765 rwlock_init(&tbl->lock); 1766 1767 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1768 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1769 tbl->parms.reachable_time); 1770 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1771 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1772 1773 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1774 skb_queue_head_init_class(&tbl->proxy_queue, 1775 &neigh_table_proxy_queue_class); 1776 1777 tbl->last_flush = now; 1778 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1779 1780 rcu_assign_pointer(neigh_tables[index], tbl); 1781 } 1782 EXPORT_SYMBOL(neigh_table_init); 1783 1784 /* 1785 * Only called from ndisc_cleanup(), which means this is dead code 1786 * because we no longer can unload IPv6 module. 1787 */ 1788 int neigh_table_clear(int index, struct neigh_table *tbl) 1789 { 1790 RCU_INIT_POINTER(neigh_tables[index], NULL); 1791 synchronize_rcu(); 1792 1793 /* It is not clean... Fix it to unload IPv6 module safely */ 1794 cancel_delayed_work_sync(&tbl->managed_work); 1795 cancel_delayed_work_sync(&tbl->gc_work); 1796 del_timer_sync(&tbl->proxy_timer); 1797 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1798 neigh_ifdown(tbl, NULL); 1799 if (atomic_read(&tbl->entries)) 1800 pr_crit("neighbour leakage\n"); 1801 1802 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1803 neigh_hash_free_rcu); 1804 tbl->nht = NULL; 1805 1806 kfree(tbl->phash_buckets); 1807 tbl->phash_buckets = NULL; 1808 1809 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1810 1811 free_percpu(tbl->stats); 1812 tbl->stats = NULL; 1813 1814 return 0; 1815 } 1816 EXPORT_SYMBOL(neigh_table_clear); 1817 1818 static struct neigh_table *neigh_find_table(int family) 1819 { 1820 struct neigh_table *tbl = NULL; 1821 1822 switch (family) { 1823 case AF_INET: 1824 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1825 break; 1826 case AF_INET6: 1827 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1828 break; 1829 } 1830 1831 return tbl; 1832 } 1833 1834 const struct nla_policy nda_policy[NDA_MAX+1] = { 1835 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1836 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1837 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1838 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1839 [NDA_PROBES] = { .type = NLA_U32 }, 1840 [NDA_VLAN] = { .type = NLA_U16 }, 1841 [NDA_PORT] = { .type = NLA_U16 }, 1842 [NDA_VNI] = { .type = NLA_U32 }, 1843 [NDA_IFINDEX] = { .type = NLA_U32 }, 1844 [NDA_MASTER] = { .type = NLA_U32 }, 1845 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1846 [NDA_NH_ID] = { .type = NLA_U32 }, 1847 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1848 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1849 }; 1850 1851 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1852 struct netlink_ext_ack *extack) 1853 { 1854 struct net *net = sock_net(skb->sk); 1855 struct ndmsg *ndm; 1856 struct nlattr *dst_attr; 1857 struct neigh_table *tbl; 1858 struct neighbour *neigh; 1859 struct net_device *dev = NULL; 1860 int err = -EINVAL; 1861 1862 ASSERT_RTNL(); 1863 if (nlmsg_len(nlh) < sizeof(*ndm)) 1864 goto out; 1865 1866 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1867 if (!dst_attr) { 1868 NL_SET_ERR_MSG(extack, "Network address not specified"); 1869 goto out; 1870 } 1871 1872 ndm = nlmsg_data(nlh); 1873 if (ndm->ndm_ifindex) { 1874 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1875 if (dev == NULL) { 1876 err = -ENODEV; 1877 goto out; 1878 } 1879 } 1880 1881 tbl = neigh_find_table(ndm->ndm_family); 1882 if (tbl == NULL) 1883 return -EAFNOSUPPORT; 1884 1885 if (nla_len(dst_attr) < (int)tbl->key_len) { 1886 NL_SET_ERR_MSG(extack, "Invalid network address"); 1887 goto out; 1888 } 1889 1890 if (ndm->ndm_flags & NTF_PROXY) { 1891 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1892 goto out; 1893 } 1894 1895 if (dev == NULL) 1896 goto out; 1897 1898 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1899 if (neigh == NULL) { 1900 err = -ENOENT; 1901 goto out; 1902 } 1903 1904 err = __neigh_update(neigh, NULL, NUD_FAILED, 1905 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1906 NETLINK_CB(skb).portid, extack); 1907 write_lock_bh(&tbl->lock); 1908 neigh_release(neigh); 1909 neigh_remove_one(neigh); 1910 write_unlock_bh(&tbl->lock); 1911 1912 out: 1913 return err; 1914 } 1915 1916 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1917 struct netlink_ext_ack *extack) 1918 { 1919 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1920 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1921 struct net *net = sock_net(skb->sk); 1922 struct ndmsg *ndm; 1923 struct nlattr *tb[NDA_MAX+1]; 1924 struct neigh_table *tbl; 1925 struct net_device *dev = NULL; 1926 struct neighbour *neigh; 1927 void *dst, *lladdr; 1928 u8 protocol = 0; 1929 u32 ndm_flags; 1930 int err; 1931 1932 ASSERT_RTNL(); 1933 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1934 nda_policy, extack); 1935 if (err < 0) 1936 goto out; 1937 1938 err = -EINVAL; 1939 if (!tb[NDA_DST]) { 1940 NL_SET_ERR_MSG(extack, "Network address not specified"); 1941 goto out; 1942 } 1943 1944 ndm = nlmsg_data(nlh); 1945 ndm_flags = ndm->ndm_flags; 1946 if (tb[NDA_FLAGS_EXT]) { 1947 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1948 1949 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1950 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1951 hweight32(NTF_EXT_MASK))); 1952 ndm_flags |= (ext << NTF_EXT_SHIFT); 1953 } 1954 if (ndm->ndm_ifindex) { 1955 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1956 if (dev == NULL) { 1957 err = -ENODEV; 1958 goto out; 1959 } 1960 1961 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1962 NL_SET_ERR_MSG(extack, "Invalid link address"); 1963 goto out; 1964 } 1965 } 1966 1967 tbl = neigh_find_table(ndm->ndm_family); 1968 if (tbl == NULL) 1969 return -EAFNOSUPPORT; 1970 1971 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 1972 NL_SET_ERR_MSG(extack, "Invalid network address"); 1973 goto out; 1974 } 1975 1976 dst = nla_data(tb[NDA_DST]); 1977 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 1978 1979 if (tb[NDA_PROTOCOL]) 1980 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 1981 if (ndm_flags & NTF_PROXY) { 1982 struct pneigh_entry *pn; 1983 1984 if (ndm_flags & NTF_MANAGED) { 1985 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 1986 goto out; 1987 } 1988 1989 err = -ENOBUFS; 1990 pn = pneigh_lookup(tbl, net, dst, dev, 1); 1991 if (pn) { 1992 pn->flags = ndm_flags; 1993 if (protocol) 1994 pn->protocol = protocol; 1995 err = 0; 1996 } 1997 goto out; 1998 } 1999 2000 if (!dev) { 2001 NL_SET_ERR_MSG(extack, "Device not specified"); 2002 goto out; 2003 } 2004 2005 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2006 err = -EINVAL; 2007 goto out; 2008 } 2009 2010 neigh = neigh_lookup(tbl, dst, dev); 2011 if (neigh == NULL) { 2012 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2013 bool exempt_from_gc = ndm_permanent || 2014 ndm_flags & NTF_EXT_LEARNED; 2015 2016 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2017 err = -ENOENT; 2018 goto out; 2019 } 2020 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2021 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2022 err = -EINVAL; 2023 goto out; 2024 } 2025 2026 neigh = ___neigh_create(tbl, dst, dev, 2027 ndm_flags & 2028 (NTF_EXT_LEARNED | NTF_MANAGED), 2029 exempt_from_gc, true); 2030 if (IS_ERR(neigh)) { 2031 err = PTR_ERR(neigh); 2032 goto out; 2033 } 2034 } else { 2035 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2036 err = -EEXIST; 2037 neigh_release(neigh); 2038 goto out; 2039 } 2040 2041 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2042 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2043 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2044 } 2045 2046 if (protocol) 2047 neigh->protocol = protocol; 2048 if (ndm_flags & NTF_EXT_LEARNED) 2049 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2050 if (ndm_flags & NTF_ROUTER) 2051 flags |= NEIGH_UPDATE_F_ISROUTER; 2052 if (ndm_flags & NTF_MANAGED) 2053 flags |= NEIGH_UPDATE_F_MANAGED; 2054 if (ndm_flags & NTF_USE) 2055 flags |= NEIGH_UPDATE_F_USE; 2056 2057 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2058 NETLINK_CB(skb).portid, extack); 2059 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2060 neigh_event_send(neigh, NULL); 2061 err = 0; 2062 } 2063 neigh_release(neigh); 2064 out: 2065 return err; 2066 } 2067 2068 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2069 { 2070 struct nlattr *nest; 2071 2072 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2073 if (nest == NULL) 2074 return -ENOBUFS; 2075 2076 if ((parms->dev && 2077 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2078 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2079 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2080 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2081 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2082 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2083 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2084 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2085 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2086 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2087 NEIGH_VAR(parms, UCAST_PROBES)) || 2088 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2089 NEIGH_VAR(parms, MCAST_PROBES)) || 2090 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2091 NEIGH_VAR(parms, MCAST_REPROBES)) || 2092 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2093 NDTPA_PAD) || 2094 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2095 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2096 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2097 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2098 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2099 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2100 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2101 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2102 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2103 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2104 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2105 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2106 nla_put_msecs(skb, NDTPA_LOCKTIME, 2107 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2108 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2109 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2110 goto nla_put_failure; 2111 return nla_nest_end(skb, nest); 2112 2113 nla_put_failure: 2114 nla_nest_cancel(skb, nest); 2115 return -EMSGSIZE; 2116 } 2117 2118 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2119 u32 pid, u32 seq, int type, int flags) 2120 { 2121 struct nlmsghdr *nlh; 2122 struct ndtmsg *ndtmsg; 2123 2124 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2125 if (nlh == NULL) 2126 return -EMSGSIZE; 2127 2128 ndtmsg = nlmsg_data(nlh); 2129 2130 read_lock_bh(&tbl->lock); 2131 ndtmsg->ndtm_family = tbl->family; 2132 ndtmsg->ndtm_pad1 = 0; 2133 ndtmsg->ndtm_pad2 = 0; 2134 2135 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2136 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2137 NDTA_PAD) || 2138 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2139 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2140 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2141 goto nla_put_failure; 2142 { 2143 unsigned long now = jiffies; 2144 long flush_delta = now - READ_ONCE(tbl->last_flush); 2145 long rand_delta = now - READ_ONCE(tbl->last_rand); 2146 struct neigh_hash_table *nht; 2147 struct ndt_config ndc = { 2148 .ndtc_key_len = tbl->key_len, 2149 .ndtc_entry_size = tbl->entry_size, 2150 .ndtc_entries = atomic_read(&tbl->entries), 2151 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2152 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2153 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2154 }; 2155 2156 rcu_read_lock(); 2157 nht = rcu_dereference(tbl->nht); 2158 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2159 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2160 rcu_read_unlock(); 2161 2162 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2163 goto nla_put_failure; 2164 } 2165 2166 { 2167 int cpu; 2168 struct ndt_stats ndst; 2169 2170 memset(&ndst, 0, sizeof(ndst)); 2171 2172 for_each_possible_cpu(cpu) { 2173 struct neigh_statistics *st; 2174 2175 st = per_cpu_ptr(tbl->stats, cpu); 2176 ndst.ndts_allocs += READ_ONCE(st->allocs); 2177 ndst.ndts_destroys += READ_ONCE(st->destroys); 2178 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2179 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2180 ndst.ndts_lookups += READ_ONCE(st->lookups); 2181 ndst.ndts_hits += READ_ONCE(st->hits); 2182 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2183 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2184 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2185 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2186 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2187 } 2188 2189 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2190 NDTA_PAD)) 2191 goto nla_put_failure; 2192 } 2193 2194 BUG_ON(tbl->parms.dev); 2195 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2196 goto nla_put_failure; 2197 2198 read_unlock_bh(&tbl->lock); 2199 nlmsg_end(skb, nlh); 2200 return 0; 2201 2202 nla_put_failure: 2203 read_unlock_bh(&tbl->lock); 2204 nlmsg_cancel(skb, nlh); 2205 return -EMSGSIZE; 2206 } 2207 2208 static int neightbl_fill_param_info(struct sk_buff *skb, 2209 struct neigh_table *tbl, 2210 struct neigh_parms *parms, 2211 u32 pid, u32 seq, int type, 2212 unsigned int flags) 2213 { 2214 struct ndtmsg *ndtmsg; 2215 struct nlmsghdr *nlh; 2216 2217 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2218 if (nlh == NULL) 2219 return -EMSGSIZE; 2220 2221 ndtmsg = nlmsg_data(nlh); 2222 2223 read_lock_bh(&tbl->lock); 2224 ndtmsg->ndtm_family = tbl->family; 2225 ndtmsg->ndtm_pad1 = 0; 2226 ndtmsg->ndtm_pad2 = 0; 2227 2228 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2229 neightbl_fill_parms(skb, parms) < 0) 2230 goto errout; 2231 2232 read_unlock_bh(&tbl->lock); 2233 nlmsg_end(skb, nlh); 2234 return 0; 2235 errout: 2236 read_unlock_bh(&tbl->lock); 2237 nlmsg_cancel(skb, nlh); 2238 return -EMSGSIZE; 2239 } 2240 2241 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2242 [NDTA_NAME] = { .type = NLA_STRING }, 2243 [NDTA_THRESH1] = { .type = NLA_U32 }, 2244 [NDTA_THRESH2] = { .type = NLA_U32 }, 2245 [NDTA_THRESH3] = { .type = NLA_U32 }, 2246 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2247 [NDTA_PARMS] = { .type = NLA_NESTED }, 2248 }; 2249 2250 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2251 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2252 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2253 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2254 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2255 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2256 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2257 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2258 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2259 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2260 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2261 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2262 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2263 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2264 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2265 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2266 }; 2267 2268 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2269 struct netlink_ext_ack *extack) 2270 { 2271 struct net *net = sock_net(skb->sk); 2272 struct neigh_table *tbl; 2273 struct ndtmsg *ndtmsg; 2274 struct nlattr *tb[NDTA_MAX+1]; 2275 bool found = false; 2276 int err, tidx; 2277 2278 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2279 nl_neightbl_policy, extack); 2280 if (err < 0) 2281 goto errout; 2282 2283 if (tb[NDTA_NAME] == NULL) { 2284 err = -EINVAL; 2285 goto errout; 2286 } 2287 2288 ndtmsg = nlmsg_data(nlh); 2289 2290 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2291 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2292 if (!tbl) 2293 continue; 2294 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2295 continue; 2296 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2297 found = true; 2298 break; 2299 } 2300 } 2301 2302 if (!found) 2303 return -ENOENT; 2304 2305 /* 2306 * We acquire tbl->lock to be nice to the periodic timers and 2307 * make sure they always see a consistent set of values. 2308 */ 2309 write_lock_bh(&tbl->lock); 2310 2311 if (tb[NDTA_PARMS]) { 2312 struct nlattr *tbp[NDTPA_MAX+1]; 2313 struct neigh_parms *p; 2314 int i, ifindex = 0; 2315 2316 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2317 tb[NDTA_PARMS], 2318 nl_ntbl_parm_policy, extack); 2319 if (err < 0) 2320 goto errout_tbl_lock; 2321 2322 if (tbp[NDTPA_IFINDEX]) 2323 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2324 2325 p = lookup_neigh_parms(tbl, net, ifindex); 2326 if (p == NULL) { 2327 err = -ENOENT; 2328 goto errout_tbl_lock; 2329 } 2330 2331 for (i = 1; i <= NDTPA_MAX; i++) { 2332 if (tbp[i] == NULL) 2333 continue; 2334 2335 switch (i) { 2336 case NDTPA_QUEUE_LEN: 2337 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2338 nla_get_u32(tbp[i]) * 2339 SKB_TRUESIZE(ETH_FRAME_LEN)); 2340 break; 2341 case NDTPA_QUEUE_LENBYTES: 2342 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2343 nla_get_u32(tbp[i])); 2344 break; 2345 case NDTPA_PROXY_QLEN: 2346 NEIGH_VAR_SET(p, PROXY_QLEN, 2347 nla_get_u32(tbp[i])); 2348 break; 2349 case NDTPA_APP_PROBES: 2350 NEIGH_VAR_SET(p, APP_PROBES, 2351 nla_get_u32(tbp[i])); 2352 break; 2353 case NDTPA_UCAST_PROBES: 2354 NEIGH_VAR_SET(p, UCAST_PROBES, 2355 nla_get_u32(tbp[i])); 2356 break; 2357 case NDTPA_MCAST_PROBES: 2358 NEIGH_VAR_SET(p, MCAST_PROBES, 2359 nla_get_u32(tbp[i])); 2360 break; 2361 case NDTPA_MCAST_REPROBES: 2362 NEIGH_VAR_SET(p, MCAST_REPROBES, 2363 nla_get_u32(tbp[i])); 2364 break; 2365 case NDTPA_BASE_REACHABLE_TIME: 2366 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2367 nla_get_msecs(tbp[i])); 2368 /* update reachable_time as well, otherwise, the change will 2369 * only be effective after the next time neigh_periodic_work 2370 * decides to recompute it (can be multiple minutes) 2371 */ 2372 p->reachable_time = 2373 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2374 break; 2375 case NDTPA_GC_STALETIME: 2376 NEIGH_VAR_SET(p, GC_STALETIME, 2377 nla_get_msecs(tbp[i])); 2378 break; 2379 case NDTPA_DELAY_PROBE_TIME: 2380 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2381 nla_get_msecs(tbp[i])); 2382 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2383 break; 2384 case NDTPA_INTERVAL_PROBE_TIME_MS: 2385 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2386 nla_get_msecs(tbp[i])); 2387 break; 2388 case NDTPA_RETRANS_TIME: 2389 NEIGH_VAR_SET(p, RETRANS_TIME, 2390 nla_get_msecs(tbp[i])); 2391 break; 2392 case NDTPA_ANYCAST_DELAY: 2393 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2394 nla_get_msecs(tbp[i])); 2395 break; 2396 case NDTPA_PROXY_DELAY: 2397 NEIGH_VAR_SET(p, PROXY_DELAY, 2398 nla_get_msecs(tbp[i])); 2399 break; 2400 case NDTPA_LOCKTIME: 2401 NEIGH_VAR_SET(p, LOCKTIME, 2402 nla_get_msecs(tbp[i])); 2403 break; 2404 } 2405 } 2406 } 2407 2408 err = -ENOENT; 2409 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2410 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2411 !net_eq(net, &init_net)) 2412 goto errout_tbl_lock; 2413 2414 if (tb[NDTA_THRESH1]) 2415 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2416 2417 if (tb[NDTA_THRESH2]) 2418 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2419 2420 if (tb[NDTA_THRESH3]) 2421 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2422 2423 if (tb[NDTA_GC_INTERVAL]) 2424 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2425 2426 err = 0; 2427 2428 errout_tbl_lock: 2429 write_unlock_bh(&tbl->lock); 2430 errout: 2431 return err; 2432 } 2433 2434 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2435 struct netlink_ext_ack *extack) 2436 { 2437 struct ndtmsg *ndtm; 2438 2439 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2440 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2441 return -EINVAL; 2442 } 2443 2444 ndtm = nlmsg_data(nlh); 2445 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2446 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2447 return -EINVAL; 2448 } 2449 2450 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2451 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2452 return -EINVAL; 2453 } 2454 2455 return 0; 2456 } 2457 2458 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2459 { 2460 const struct nlmsghdr *nlh = cb->nlh; 2461 struct net *net = sock_net(skb->sk); 2462 int family, tidx, nidx = 0; 2463 int tbl_skip = cb->args[0]; 2464 int neigh_skip = cb->args[1]; 2465 struct neigh_table *tbl; 2466 2467 if (cb->strict_check) { 2468 int err = neightbl_valid_dump_info(nlh, cb->extack); 2469 2470 if (err < 0) 2471 return err; 2472 } 2473 2474 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2475 2476 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2477 struct neigh_parms *p; 2478 2479 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2480 if (!tbl) 2481 continue; 2482 2483 if (tidx < tbl_skip || (family && tbl->family != family)) 2484 continue; 2485 2486 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2487 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2488 NLM_F_MULTI) < 0) 2489 break; 2490 2491 nidx = 0; 2492 p = list_next_entry(&tbl->parms, list); 2493 list_for_each_entry_from(p, &tbl->parms_list, list) { 2494 if (!net_eq(neigh_parms_net(p), net)) 2495 continue; 2496 2497 if (nidx < neigh_skip) 2498 goto next; 2499 2500 if (neightbl_fill_param_info(skb, tbl, p, 2501 NETLINK_CB(cb->skb).portid, 2502 nlh->nlmsg_seq, 2503 RTM_NEWNEIGHTBL, 2504 NLM_F_MULTI) < 0) 2505 goto out; 2506 next: 2507 nidx++; 2508 } 2509 2510 neigh_skip = 0; 2511 } 2512 out: 2513 cb->args[0] = tidx; 2514 cb->args[1] = nidx; 2515 2516 return skb->len; 2517 } 2518 2519 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2520 u32 pid, u32 seq, int type, unsigned int flags) 2521 { 2522 u32 neigh_flags, neigh_flags_ext; 2523 unsigned long now = jiffies; 2524 struct nda_cacheinfo ci; 2525 struct nlmsghdr *nlh; 2526 struct ndmsg *ndm; 2527 2528 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2529 if (nlh == NULL) 2530 return -EMSGSIZE; 2531 2532 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2533 neigh_flags = neigh->flags & NTF_OLD_MASK; 2534 2535 ndm = nlmsg_data(nlh); 2536 ndm->ndm_family = neigh->ops->family; 2537 ndm->ndm_pad1 = 0; 2538 ndm->ndm_pad2 = 0; 2539 ndm->ndm_flags = neigh_flags; 2540 ndm->ndm_type = neigh->type; 2541 ndm->ndm_ifindex = neigh->dev->ifindex; 2542 2543 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2544 goto nla_put_failure; 2545 2546 read_lock_bh(&neigh->lock); 2547 ndm->ndm_state = neigh->nud_state; 2548 if (neigh->nud_state & NUD_VALID) { 2549 char haddr[MAX_ADDR_LEN]; 2550 2551 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2552 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2553 read_unlock_bh(&neigh->lock); 2554 goto nla_put_failure; 2555 } 2556 } 2557 2558 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2559 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2560 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2561 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2562 read_unlock_bh(&neigh->lock); 2563 2564 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2565 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2566 goto nla_put_failure; 2567 2568 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2569 goto nla_put_failure; 2570 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2571 goto nla_put_failure; 2572 2573 nlmsg_end(skb, nlh); 2574 return 0; 2575 2576 nla_put_failure: 2577 nlmsg_cancel(skb, nlh); 2578 return -EMSGSIZE; 2579 } 2580 2581 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2582 u32 pid, u32 seq, int type, unsigned int flags, 2583 struct neigh_table *tbl) 2584 { 2585 u32 neigh_flags, neigh_flags_ext; 2586 struct nlmsghdr *nlh; 2587 struct ndmsg *ndm; 2588 2589 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2590 if (nlh == NULL) 2591 return -EMSGSIZE; 2592 2593 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2594 neigh_flags = pn->flags & NTF_OLD_MASK; 2595 2596 ndm = nlmsg_data(nlh); 2597 ndm->ndm_family = tbl->family; 2598 ndm->ndm_pad1 = 0; 2599 ndm->ndm_pad2 = 0; 2600 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2601 ndm->ndm_type = RTN_UNICAST; 2602 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2603 ndm->ndm_state = NUD_NONE; 2604 2605 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2606 goto nla_put_failure; 2607 2608 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2609 goto nla_put_failure; 2610 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2611 goto nla_put_failure; 2612 2613 nlmsg_end(skb, nlh); 2614 return 0; 2615 2616 nla_put_failure: 2617 nlmsg_cancel(skb, nlh); 2618 return -EMSGSIZE; 2619 } 2620 2621 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2622 { 2623 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2624 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2625 } 2626 2627 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2628 { 2629 struct net_device *master; 2630 2631 if (!master_idx) 2632 return false; 2633 2634 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2635 2636 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2637 * invalid value for ifindex to denote "no master". 2638 */ 2639 if (master_idx == -1) 2640 return !!master; 2641 2642 if (!master || master->ifindex != master_idx) 2643 return true; 2644 2645 return false; 2646 } 2647 2648 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2649 { 2650 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2651 return true; 2652 2653 return false; 2654 } 2655 2656 struct neigh_dump_filter { 2657 int master_idx; 2658 int dev_idx; 2659 }; 2660 2661 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2662 struct netlink_callback *cb, 2663 struct neigh_dump_filter *filter) 2664 { 2665 struct net *net = sock_net(skb->sk); 2666 struct neighbour *n; 2667 int err = 0, h, s_h = cb->args[1]; 2668 int idx, s_idx = idx = cb->args[2]; 2669 struct neigh_hash_table *nht; 2670 unsigned int flags = NLM_F_MULTI; 2671 2672 if (filter->dev_idx || filter->master_idx) 2673 flags |= NLM_F_DUMP_FILTERED; 2674 2675 nht = rcu_dereference(tbl->nht); 2676 2677 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2678 if (h > s_h) 2679 s_idx = 0; 2680 idx = 0; 2681 neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) { 2682 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2683 goto next; 2684 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2685 neigh_master_filtered(n->dev, filter->master_idx)) 2686 goto next; 2687 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2688 cb->nlh->nlmsg_seq, 2689 RTM_NEWNEIGH, flags); 2690 if (err < 0) 2691 goto out; 2692 next: 2693 idx++; 2694 } 2695 } 2696 out: 2697 cb->args[1] = h; 2698 cb->args[2] = idx; 2699 return err; 2700 } 2701 2702 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2703 struct netlink_callback *cb, 2704 struct neigh_dump_filter *filter) 2705 { 2706 struct pneigh_entry *n; 2707 struct net *net = sock_net(skb->sk); 2708 int err = 0, h, s_h = cb->args[3]; 2709 int idx, s_idx = idx = cb->args[4]; 2710 unsigned int flags = NLM_F_MULTI; 2711 2712 if (filter->dev_idx || filter->master_idx) 2713 flags |= NLM_F_DUMP_FILTERED; 2714 2715 read_lock_bh(&tbl->lock); 2716 2717 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2718 if (h > s_h) 2719 s_idx = 0; 2720 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2721 if (idx < s_idx || pneigh_net(n) != net) 2722 goto next; 2723 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2724 neigh_master_filtered(n->dev, filter->master_idx)) 2725 goto next; 2726 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2727 cb->nlh->nlmsg_seq, 2728 RTM_NEWNEIGH, flags, tbl); 2729 if (err < 0) { 2730 read_unlock_bh(&tbl->lock); 2731 goto out; 2732 } 2733 next: 2734 idx++; 2735 } 2736 } 2737 2738 read_unlock_bh(&tbl->lock); 2739 out: 2740 cb->args[3] = h; 2741 cb->args[4] = idx; 2742 return err; 2743 } 2744 2745 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2746 bool strict_check, 2747 struct neigh_dump_filter *filter, 2748 struct netlink_ext_ack *extack) 2749 { 2750 struct nlattr *tb[NDA_MAX + 1]; 2751 int err, i; 2752 2753 if (strict_check) { 2754 struct ndmsg *ndm; 2755 2756 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2757 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2758 return -EINVAL; 2759 } 2760 2761 ndm = nlmsg_data(nlh); 2762 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2763 ndm->ndm_state || ndm->ndm_type) { 2764 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2765 return -EINVAL; 2766 } 2767 2768 if (ndm->ndm_flags & ~NTF_PROXY) { 2769 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2770 return -EINVAL; 2771 } 2772 2773 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2774 tb, NDA_MAX, nda_policy, 2775 extack); 2776 } else { 2777 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2778 NDA_MAX, nda_policy, extack); 2779 } 2780 if (err < 0) 2781 return err; 2782 2783 for (i = 0; i <= NDA_MAX; ++i) { 2784 if (!tb[i]) 2785 continue; 2786 2787 /* all new attributes should require strict_check */ 2788 switch (i) { 2789 case NDA_IFINDEX: 2790 filter->dev_idx = nla_get_u32(tb[i]); 2791 break; 2792 case NDA_MASTER: 2793 filter->master_idx = nla_get_u32(tb[i]); 2794 break; 2795 default: 2796 if (strict_check) { 2797 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2798 return -EINVAL; 2799 } 2800 } 2801 } 2802 2803 return 0; 2804 } 2805 2806 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2807 { 2808 const struct nlmsghdr *nlh = cb->nlh; 2809 struct neigh_dump_filter filter = {}; 2810 struct neigh_table *tbl; 2811 int t, family, s_t; 2812 int proxy = 0; 2813 int err; 2814 2815 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2816 2817 /* check for full ndmsg structure presence, family member is 2818 * the same for both structures 2819 */ 2820 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2821 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2822 proxy = 1; 2823 2824 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2825 if (err < 0 && cb->strict_check) 2826 return err; 2827 err = 0; 2828 2829 s_t = cb->args[0]; 2830 2831 rcu_read_lock(); 2832 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2833 tbl = rcu_dereference(neigh_tables[t]); 2834 2835 if (!tbl) 2836 continue; 2837 if (t < s_t || (family && tbl->family != family)) 2838 continue; 2839 if (t > s_t) 2840 memset(&cb->args[1], 0, sizeof(cb->args) - 2841 sizeof(cb->args[0])); 2842 if (proxy) 2843 err = pneigh_dump_table(tbl, skb, cb, &filter); 2844 else 2845 err = neigh_dump_table(tbl, skb, cb, &filter); 2846 if (err < 0) 2847 break; 2848 } 2849 rcu_read_unlock(); 2850 2851 cb->args[0] = t; 2852 return err; 2853 } 2854 2855 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2856 struct neigh_table **tbl, 2857 void **dst, int *dev_idx, u8 *ndm_flags, 2858 struct netlink_ext_ack *extack) 2859 { 2860 struct nlattr *tb[NDA_MAX + 1]; 2861 struct ndmsg *ndm; 2862 int err, i; 2863 2864 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2865 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2866 return -EINVAL; 2867 } 2868 2869 ndm = nlmsg_data(nlh); 2870 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2871 ndm->ndm_type) { 2872 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2873 return -EINVAL; 2874 } 2875 2876 if (ndm->ndm_flags & ~NTF_PROXY) { 2877 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2878 return -EINVAL; 2879 } 2880 2881 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2882 NDA_MAX, nda_policy, extack); 2883 if (err < 0) 2884 return err; 2885 2886 *ndm_flags = ndm->ndm_flags; 2887 *dev_idx = ndm->ndm_ifindex; 2888 *tbl = neigh_find_table(ndm->ndm_family); 2889 if (*tbl == NULL) { 2890 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2891 return -EAFNOSUPPORT; 2892 } 2893 2894 for (i = 0; i <= NDA_MAX; ++i) { 2895 if (!tb[i]) 2896 continue; 2897 2898 switch (i) { 2899 case NDA_DST: 2900 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2901 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2902 return -EINVAL; 2903 } 2904 *dst = nla_data(tb[i]); 2905 break; 2906 default: 2907 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2908 return -EINVAL; 2909 } 2910 } 2911 2912 return 0; 2913 } 2914 2915 static inline size_t neigh_nlmsg_size(void) 2916 { 2917 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2918 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2919 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2920 + nla_total_size(sizeof(struct nda_cacheinfo)) 2921 + nla_total_size(4) /* NDA_PROBES */ 2922 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2923 + nla_total_size(1); /* NDA_PROTOCOL */ 2924 } 2925 2926 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2927 u32 pid, u32 seq) 2928 { 2929 struct sk_buff *skb; 2930 int err = 0; 2931 2932 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2933 if (!skb) 2934 return -ENOBUFS; 2935 2936 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2937 if (err) { 2938 kfree_skb(skb); 2939 goto errout; 2940 } 2941 2942 err = rtnl_unicast(skb, net, pid); 2943 errout: 2944 return err; 2945 } 2946 2947 static inline size_t pneigh_nlmsg_size(void) 2948 { 2949 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2950 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2951 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2952 + nla_total_size(1); /* NDA_PROTOCOL */ 2953 } 2954 2955 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 2956 u32 pid, u32 seq, struct neigh_table *tbl) 2957 { 2958 struct sk_buff *skb; 2959 int err = 0; 2960 2961 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 2962 if (!skb) 2963 return -ENOBUFS; 2964 2965 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 2966 if (err) { 2967 kfree_skb(skb); 2968 goto errout; 2969 } 2970 2971 err = rtnl_unicast(skb, net, pid); 2972 errout: 2973 return err; 2974 } 2975 2976 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 2977 struct netlink_ext_ack *extack) 2978 { 2979 struct net *net = sock_net(in_skb->sk); 2980 struct net_device *dev = NULL; 2981 struct neigh_table *tbl = NULL; 2982 struct neighbour *neigh; 2983 void *dst = NULL; 2984 u8 ndm_flags = 0; 2985 int dev_idx = 0; 2986 int err; 2987 2988 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 2989 extack); 2990 if (err < 0) 2991 return err; 2992 2993 if (dev_idx) { 2994 dev = __dev_get_by_index(net, dev_idx); 2995 if (!dev) { 2996 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 2997 return -ENODEV; 2998 } 2999 } 3000 3001 if (!dst) { 3002 NL_SET_ERR_MSG(extack, "Network address not specified"); 3003 return -EINVAL; 3004 } 3005 3006 if (ndm_flags & NTF_PROXY) { 3007 struct pneigh_entry *pn; 3008 3009 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3010 if (!pn) { 3011 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3012 return -ENOENT; 3013 } 3014 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3015 nlh->nlmsg_seq, tbl); 3016 } 3017 3018 if (!dev) { 3019 NL_SET_ERR_MSG(extack, "No device specified"); 3020 return -EINVAL; 3021 } 3022 3023 neigh = neigh_lookup(tbl, dst, dev); 3024 if (!neigh) { 3025 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3026 return -ENOENT; 3027 } 3028 3029 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3030 nlh->nlmsg_seq); 3031 3032 neigh_release(neigh); 3033 3034 return err; 3035 } 3036 3037 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3038 { 3039 int chain; 3040 struct neigh_hash_table *nht; 3041 3042 rcu_read_lock(); 3043 nht = rcu_dereference(tbl->nht); 3044 3045 read_lock_bh(&tbl->lock); /* avoid resizes */ 3046 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3047 struct neighbour *n; 3048 3049 neigh_for_each_in_bucket(n, &nht->hash_heads[chain]) 3050 cb(n, cookie); 3051 } 3052 read_unlock_bh(&tbl->lock); 3053 rcu_read_unlock(); 3054 } 3055 EXPORT_SYMBOL(neigh_for_each); 3056 3057 /* The tbl->lock must be held as a writer and BH disabled. */ 3058 void __neigh_for_each_release(struct neigh_table *tbl, 3059 int (*cb)(struct neighbour *)) 3060 { 3061 struct neigh_hash_table *nht; 3062 int chain; 3063 3064 nht = rcu_dereference_protected(tbl->nht, 3065 lockdep_is_held(&tbl->lock)); 3066 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3067 struct hlist_node *tmp; 3068 struct neighbour *n; 3069 3070 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) { 3071 int release; 3072 3073 write_lock(&n->lock); 3074 release = cb(n); 3075 if (release) { 3076 hlist_del_rcu(&n->hash); 3077 hlist_del_rcu(&n->dev_list); 3078 neigh_mark_dead(n); 3079 } 3080 write_unlock(&n->lock); 3081 if (release) 3082 neigh_cleanup_and_release(n); 3083 } 3084 } 3085 } 3086 EXPORT_SYMBOL(__neigh_for_each_release); 3087 3088 int neigh_xmit(int index, struct net_device *dev, 3089 const void *addr, struct sk_buff *skb) 3090 { 3091 int err = -EAFNOSUPPORT; 3092 3093 if (likely(index < NEIGH_NR_TABLES)) { 3094 struct neigh_table *tbl; 3095 struct neighbour *neigh; 3096 3097 rcu_read_lock(); 3098 tbl = rcu_dereference(neigh_tables[index]); 3099 if (!tbl) 3100 goto out_unlock; 3101 if (index == NEIGH_ARP_TABLE) { 3102 u32 key = *((u32 *)addr); 3103 3104 neigh = __ipv4_neigh_lookup_noref(dev, key); 3105 } else { 3106 neigh = __neigh_lookup_noref(tbl, addr, dev); 3107 } 3108 if (!neigh) 3109 neigh = __neigh_create(tbl, addr, dev, false); 3110 err = PTR_ERR(neigh); 3111 if (IS_ERR(neigh)) { 3112 rcu_read_unlock(); 3113 goto out_kfree_skb; 3114 } 3115 err = READ_ONCE(neigh->output)(neigh, skb); 3116 out_unlock: 3117 rcu_read_unlock(); 3118 } 3119 else if (index == NEIGH_LINK_TABLE) { 3120 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3121 addr, NULL, skb->len); 3122 if (err < 0) 3123 goto out_kfree_skb; 3124 err = dev_queue_xmit(skb); 3125 } 3126 out: 3127 return err; 3128 out_kfree_skb: 3129 kfree_skb(skb); 3130 goto out; 3131 } 3132 EXPORT_SYMBOL(neigh_xmit); 3133 3134 #ifdef CONFIG_PROC_FS 3135 3136 static struct neighbour *neigh_get_valid(struct seq_file *seq, 3137 struct neighbour *n, 3138 loff_t *pos) 3139 { 3140 struct neigh_seq_state *state = seq->private; 3141 struct net *net = seq_file_net(seq); 3142 3143 if (!net_eq(dev_net(n->dev), net)) 3144 return NULL; 3145 3146 if (state->neigh_sub_iter) { 3147 loff_t fakep = 0; 3148 void *v; 3149 3150 v = state->neigh_sub_iter(state, n, pos ? pos : &fakep); 3151 if (!v) 3152 return NULL; 3153 if (pos) 3154 return v; 3155 } 3156 3157 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3158 return n; 3159 3160 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3161 return n; 3162 3163 return NULL; 3164 } 3165 3166 static struct neighbour *neigh_get_first(struct seq_file *seq) 3167 { 3168 struct neigh_seq_state *state = seq->private; 3169 struct neigh_hash_table *nht = state->nht; 3170 struct neighbour *n, *tmp; 3171 3172 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3173 3174 while (++state->bucket < (1 << nht->hash_shift)) { 3175 neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) { 3176 tmp = neigh_get_valid(seq, n, NULL); 3177 if (tmp) 3178 return tmp; 3179 } 3180 } 3181 3182 return NULL; 3183 } 3184 3185 static struct neighbour *neigh_get_next(struct seq_file *seq, 3186 struct neighbour *n, 3187 loff_t *pos) 3188 { 3189 struct neigh_seq_state *state = seq->private; 3190 struct neighbour *tmp; 3191 3192 if (state->neigh_sub_iter) { 3193 void *v = state->neigh_sub_iter(state, n, pos); 3194 3195 if (v) 3196 return n; 3197 } 3198 3199 hlist_for_each_entry_continue(n, hash) { 3200 tmp = neigh_get_valid(seq, n, pos); 3201 if (tmp) { 3202 n = tmp; 3203 goto out; 3204 } 3205 } 3206 3207 n = neigh_get_first(seq); 3208 out: 3209 if (n && pos) 3210 --(*pos); 3211 3212 return n; 3213 } 3214 3215 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3216 { 3217 struct neighbour *n = neigh_get_first(seq); 3218 3219 if (n) { 3220 --(*pos); 3221 while (*pos) { 3222 n = neigh_get_next(seq, n, pos); 3223 if (!n) 3224 break; 3225 } 3226 } 3227 return *pos ? NULL : n; 3228 } 3229 3230 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3231 { 3232 struct neigh_seq_state *state = seq->private; 3233 struct net *net = seq_file_net(seq); 3234 struct neigh_table *tbl = state->tbl; 3235 struct pneigh_entry *pn = NULL; 3236 int bucket; 3237 3238 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3239 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3240 pn = tbl->phash_buckets[bucket]; 3241 while (pn && !net_eq(pneigh_net(pn), net)) 3242 pn = pn->next; 3243 if (pn) 3244 break; 3245 } 3246 state->bucket = bucket; 3247 3248 return pn; 3249 } 3250 3251 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3252 struct pneigh_entry *pn, 3253 loff_t *pos) 3254 { 3255 struct neigh_seq_state *state = seq->private; 3256 struct net *net = seq_file_net(seq); 3257 struct neigh_table *tbl = state->tbl; 3258 3259 do { 3260 pn = pn->next; 3261 } while (pn && !net_eq(pneigh_net(pn), net)); 3262 3263 while (!pn) { 3264 if (++state->bucket > PNEIGH_HASHMASK) 3265 break; 3266 pn = tbl->phash_buckets[state->bucket]; 3267 while (pn && !net_eq(pneigh_net(pn), net)) 3268 pn = pn->next; 3269 if (pn) 3270 break; 3271 } 3272 3273 if (pn && pos) 3274 --(*pos); 3275 3276 return pn; 3277 } 3278 3279 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3280 { 3281 struct pneigh_entry *pn = pneigh_get_first(seq); 3282 3283 if (pn) { 3284 --(*pos); 3285 while (*pos) { 3286 pn = pneigh_get_next(seq, pn, pos); 3287 if (!pn) 3288 break; 3289 } 3290 } 3291 return *pos ? NULL : pn; 3292 } 3293 3294 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3295 { 3296 struct neigh_seq_state *state = seq->private; 3297 void *rc; 3298 loff_t idxpos = *pos; 3299 3300 rc = neigh_get_idx(seq, &idxpos); 3301 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3302 rc = pneigh_get_idx(seq, &idxpos); 3303 3304 return rc; 3305 } 3306 3307 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3308 __acquires(tbl->lock) 3309 __acquires(rcu) 3310 { 3311 struct neigh_seq_state *state = seq->private; 3312 3313 state->tbl = tbl; 3314 state->bucket = -1; 3315 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3316 3317 rcu_read_lock(); 3318 state->nht = rcu_dereference(tbl->nht); 3319 read_lock_bh(&tbl->lock); 3320 3321 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3322 } 3323 EXPORT_SYMBOL(neigh_seq_start); 3324 3325 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3326 { 3327 struct neigh_seq_state *state; 3328 void *rc; 3329 3330 if (v == SEQ_START_TOKEN) { 3331 rc = neigh_get_first(seq); 3332 goto out; 3333 } 3334 3335 state = seq->private; 3336 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3337 rc = neigh_get_next(seq, v, NULL); 3338 if (rc) 3339 goto out; 3340 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3341 rc = pneigh_get_first(seq); 3342 } else { 3343 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3344 rc = pneigh_get_next(seq, v, NULL); 3345 } 3346 out: 3347 ++(*pos); 3348 return rc; 3349 } 3350 EXPORT_SYMBOL(neigh_seq_next); 3351 3352 void neigh_seq_stop(struct seq_file *seq, void *v) 3353 __releases(tbl->lock) 3354 __releases(rcu) 3355 { 3356 struct neigh_seq_state *state = seq->private; 3357 struct neigh_table *tbl = state->tbl; 3358 3359 read_unlock_bh(&tbl->lock); 3360 rcu_read_unlock(); 3361 } 3362 EXPORT_SYMBOL(neigh_seq_stop); 3363 3364 /* statistics via seq_file */ 3365 3366 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3367 { 3368 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3369 int cpu; 3370 3371 if (*pos == 0) 3372 return SEQ_START_TOKEN; 3373 3374 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3375 if (!cpu_possible(cpu)) 3376 continue; 3377 *pos = cpu+1; 3378 return per_cpu_ptr(tbl->stats, cpu); 3379 } 3380 return NULL; 3381 } 3382 3383 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3384 { 3385 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3386 int cpu; 3387 3388 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3389 if (!cpu_possible(cpu)) 3390 continue; 3391 *pos = cpu+1; 3392 return per_cpu_ptr(tbl->stats, cpu); 3393 } 3394 (*pos)++; 3395 return NULL; 3396 } 3397 3398 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3399 { 3400 3401 } 3402 3403 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3404 { 3405 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3406 struct neigh_statistics *st = v; 3407 3408 if (v == SEQ_START_TOKEN) { 3409 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3410 return 0; 3411 } 3412 3413 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3414 "%08lx %08lx %08lx " 3415 "%08lx %08lx %08lx\n", 3416 atomic_read(&tbl->entries), 3417 3418 st->allocs, 3419 st->destroys, 3420 st->hash_grows, 3421 3422 st->lookups, 3423 st->hits, 3424 3425 st->res_failed, 3426 3427 st->rcv_probes_mcast, 3428 st->rcv_probes_ucast, 3429 3430 st->periodic_gc_runs, 3431 st->forced_gc_runs, 3432 st->unres_discards, 3433 st->table_fulls 3434 ); 3435 3436 return 0; 3437 } 3438 3439 static const struct seq_operations neigh_stat_seq_ops = { 3440 .start = neigh_stat_seq_start, 3441 .next = neigh_stat_seq_next, 3442 .stop = neigh_stat_seq_stop, 3443 .show = neigh_stat_seq_show, 3444 }; 3445 #endif /* CONFIG_PROC_FS */ 3446 3447 static void __neigh_notify(struct neighbour *n, int type, int flags, 3448 u32 pid) 3449 { 3450 struct net *net = dev_net(n->dev); 3451 struct sk_buff *skb; 3452 int err = -ENOBUFS; 3453 3454 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3455 if (skb == NULL) 3456 goto errout; 3457 3458 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3459 if (err < 0) { 3460 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3461 WARN_ON(err == -EMSGSIZE); 3462 kfree_skb(skb); 3463 goto errout; 3464 } 3465 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3466 return; 3467 errout: 3468 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3469 } 3470 3471 void neigh_app_ns(struct neighbour *n) 3472 { 3473 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3474 } 3475 EXPORT_SYMBOL(neigh_app_ns); 3476 3477 #ifdef CONFIG_SYSCTL 3478 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3479 3480 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3481 void *buffer, size_t *lenp, loff_t *ppos) 3482 { 3483 int size, ret; 3484 struct ctl_table tmp = *ctl; 3485 3486 tmp.extra1 = SYSCTL_ZERO; 3487 tmp.extra2 = &unres_qlen_max; 3488 tmp.data = &size; 3489 3490 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3491 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3492 3493 if (write && !ret) 3494 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3495 return ret; 3496 } 3497 3498 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3499 int index) 3500 { 3501 struct net_device *dev; 3502 int family = neigh_parms_family(p); 3503 3504 rcu_read_lock(); 3505 for_each_netdev_rcu(net, dev) { 3506 struct neigh_parms *dst_p = 3507 neigh_get_dev_parms_rcu(dev, family); 3508 3509 if (dst_p && !test_bit(index, dst_p->data_state)) 3510 dst_p->data[index] = p->data[index]; 3511 } 3512 rcu_read_unlock(); 3513 } 3514 3515 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3516 { 3517 struct net_device *dev = ctl->extra1; 3518 struct neigh_parms *p = ctl->extra2; 3519 struct net *net = neigh_parms_net(p); 3520 int index = (int *) ctl->data - p->data; 3521 3522 if (!write) 3523 return; 3524 3525 set_bit(index, p->data_state); 3526 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3527 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3528 if (!dev) /* NULL dev means this is default value */ 3529 neigh_copy_dflt_parms(net, p, index); 3530 } 3531 3532 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3533 void *buffer, size_t *lenp, 3534 loff_t *ppos) 3535 { 3536 struct ctl_table tmp = *ctl; 3537 int ret; 3538 3539 tmp.extra1 = SYSCTL_ZERO; 3540 tmp.extra2 = SYSCTL_INT_MAX; 3541 3542 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3543 neigh_proc_update(ctl, write); 3544 return ret; 3545 } 3546 3547 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3548 void *buffer, size_t *lenp, loff_t *ppos) 3549 { 3550 struct ctl_table tmp = *ctl; 3551 int ret; 3552 3553 int min = msecs_to_jiffies(1); 3554 3555 tmp.extra1 = &min; 3556 tmp.extra2 = NULL; 3557 3558 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3559 neigh_proc_update(ctl, write); 3560 return ret; 3561 } 3562 3563 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3564 size_t *lenp, loff_t *ppos) 3565 { 3566 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3567 3568 neigh_proc_update(ctl, write); 3569 return ret; 3570 } 3571 EXPORT_SYMBOL(neigh_proc_dointvec); 3572 3573 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3574 size_t *lenp, loff_t *ppos) 3575 { 3576 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3577 3578 neigh_proc_update(ctl, write); 3579 return ret; 3580 } 3581 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3582 3583 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3584 void *buffer, size_t *lenp, 3585 loff_t *ppos) 3586 { 3587 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3588 3589 neigh_proc_update(ctl, write); 3590 return ret; 3591 } 3592 3593 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3594 void *buffer, size_t *lenp, loff_t *ppos) 3595 { 3596 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3597 3598 neigh_proc_update(ctl, write); 3599 return ret; 3600 } 3601 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3602 3603 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3604 void *buffer, size_t *lenp, 3605 loff_t *ppos) 3606 { 3607 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3608 3609 neigh_proc_update(ctl, write); 3610 return ret; 3611 } 3612 3613 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3614 void *buffer, size_t *lenp, 3615 loff_t *ppos) 3616 { 3617 struct neigh_parms *p = ctl->extra2; 3618 int ret; 3619 3620 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3621 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3622 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3623 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3624 else 3625 ret = -1; 3626 3627 if (write && ret == 0) { 3628 /* update reachable_time as well, otherwise, the change will 3629 * only be effective after the next time neigh_periodic_work 3630 * decides to recompute it 3631 */ 3632 p->reachable_time = 3633 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3634 } 3635 return ret; 3636 } 3637 3638 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3639 (&((struct neigh_parms *) 0)->data[index]) 3640 3641 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3642 [NEIGH_VAR_ ## attr] = { \ 3643 .procname = name, \ 3644 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3645 .maxlen = sizeof(int), \ 3646 .mode = mval, \ 3647 .proc_handler = proc, \ 3648 } 3649 3650 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3651 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3652 3653 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3654 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3655 3656 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3657 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3658 3659 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3660 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3661 3662 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3663 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3664 3665 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3666 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3667 3668 static struct neigh_sysctl_table { 3669 struct ctl_table_header *sysctl_header; 3670 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3671 } neigh_sysctl_template __read_mostly = { 3672 .neigh_vars = { 3673 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3674 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3675 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3676 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3677 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3678 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3679 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3680 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3681 "interval_probe_time_ms"), 3682 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3683 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3684 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3685 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3686 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3687 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3688 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3689 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3690 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3691 [NEIGH_VAR_GC_INTERVAL] = { 3692 .procname = "gc_interval", 3693 .maxlen = sizeof(int), 3694 .mode = 0644, 3695 .proc_handler = proc_dointvec_jiffies, 3696 }, 3697 [NEIGH_VAR_GC_THRESH1] = { 3698 .procname = "gc_thresh1", 3699 .maxlen = sizeof(int), 3700 .mode = 0644, 3701 .extra1 = SYSCTL_ZERO, 3702 .extra2 = SYSCTL_INT_MAX, 3703 .proc_handler = proc_dointvec_minmax, 3704 }, 3705 [NEIGH_VAR_GC_THRESH2] = { 3706 .procname = "gc_thresh2", 3707 .maxlen = sizeof(int), 3708 .mode = 0644, 3709 .extra1 = SYSCTL_ZERO, 3710 .extra2 = SYSCTL_INT_MAX, 3711 .proc_handler = proc_dointvec_minmax, 3712 }, 3713 [NEIGH_VAR_GC_THRESH3] = { 3714 .procname = "gc_thresh3", 3715 .maxlen = sizeof(int), 3716 .mode = 0644, 3717 .extra1 = SYSCTL_ZERO, 3718 .extra2 = SYSCTL_INT_MAX, 3719 .proc_handler = proc_dointvec_minmax, 3720 }, 3721 }, 3722 }; 3723 3724 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3725 proc_handler *handler) 3726 { 3727 int i; 3728 struct neigh_sysctl_table *t; 3729 const char *dev_name_source; 3730 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3731 char *p_name; 3732 size_t neigh_vars_size; 3733 3734 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3735 if (!t) 3736 goto err; 3737 3738 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3739 t->neigh_vars[i].data += (long) p; 3740 t->neigh_vars[i].extra1 = dev; 3741 t->neigh_vars[i].extra2 = p; 3742 } 3743 3744 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3745 if (dev) { 3746 dev_name_source = dev->name; 3747 /* Terminate the table early */ 3748 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3749 } else { 3750 struct neigh_table *tbl = p->tbl; 3751 dev_name_source = "default"; 3752 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3753 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3754 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3755 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3756 } 3757 3758 if (handler) { 3759 /* RetransTime */ 3760 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3761 /* ReachableTime */ 3762 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3763 /* RetransTime (in milliseconds)*/ 3764 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3765 /* ReachableTime (in milliseconds) */ 3766 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3767 } else { 3768 /* Those handlers will update p->reachable_time after 3769 * base_reachable_time(_ms) is set to ensure the new timer starts being 3770 * applied after the next neighbour update instead of waiting for 3771 * neigh_periodic_work to update its value (can be multiple minutes) 3772 * So any handler that replaces them should do this as well 3773 */ 3774 /* ReachableTime */ 3775 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3776 neigh_proc_base_reachable_time; 3777 /* ReachableTime (in milliseconds) */ 3778 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3779 neigh_proc_base_reachable_time; 3780 } 3781 3782 switch (neigh_parms_family(p)) { 3783 case AF_INET: 3784 p_name = "ipv4"; 3785 break; 3786 case AF_INET6: 3787 p_name = "ipv6"; 3788 break; 3789 default: 3790 BUG(); 3791 } 3792 3793 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3794 p_name, dev_name_source); 3795 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3796 neigh_path, t->neigh_vars, 3797 neigh_vars_size); 3798 if (!t->sysctl_header) 3799 goto free; 3800 3801 p->sysctl_table = t; 3802 return 0; 3803 3804 free: 3805 kfree(t); 3806 err: 3807 return -ENOBUFS; 3808 } 3809 EXPORT_SYMBOL(neigh_sysctl_register); 3810 3811 void neigh_sysctl_unregister(struct neigh_parms *p) 3812 { 3813 if (p->sysctl_table) { 3814 struct neigh_sysctl_table *t = p->sysctl_table; 3815 p->sysctl_table = NULL; 3816 unregister_net_sysctl_table(t->sysctl_header); 3817 kfree(t); 3818 } 3819 } 3820 EXPORT_SYMBOL(neigh_sysctl_unregister); 3821 3822 #endif /* CONFIG_SYSCTL */ 3823 3824 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3825 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3826 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3827 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3828 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3829 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info}, 3830 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3831 }; 3832 3833 static int __init neigh_init(void) 3834 { 3835 rtnl_register_many(neigh_rtnl_msg_handlers); 3836 return 0; 3837 } 3838 3839 subsys_initcall(neigh_init); 3840