1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/sock.h> 32 #include <net/netevent.h> 33 #include <net/netlink.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/random.h> 36 #include <linux/string.h> 37 #include <linux/log2.h> 38 #include <linux/inetdevice.h> 39 #include <net/addrconf.h> 40 41 #include <trace/events/neigh.h> 42 43 #define NEIGH_DEBUG 1 44 #define neigh_dbg(level, fmt, ...) \ 45 do { \ 46 if (level <= NEIGH_DEBUG) \ 47 pr_debug(fmt, ##__VA_ARGS__); \ 48 } while (0) 49 50 #define PNEIGH_HASHMASK 0xF 51 52 static void neigh_timer_handler(struct timer_list *t); 53 static void __neigh_notify(struct neighbour *n, int type, int flags, 54 u32 pid); 55 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 56 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 57 struct net_device *dev, 58 bool skip_perm); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family) 65 { 66 int i; 67 68 switch (family) { 69 default: 70 DEBUG_NET_WARN_ON_ONCE(1); 71 fallthrough; /* to avoid panic by null-ptr-deref */ 72 case AF_INET: 73 i = NEIGH_ARP_TABLE; 74 break; 75 case AF_INET6: 76 i = NEIGH_ND_TABLE; 77 break; 78 } 79 80 return &dev->neighbours[i]; 81 } 82 83 /* 84 Neighbour hash table buckets are protected with rwlock tbl->lock. 85 86 - All the scans/updates to hash buckets MUST be made under this lock. 87 - NOTHING clever should be made under this lock: no callbacks 88 to protocol backends, no attempts to send something to network. 89 It will result in deadlocks, if backend/driver wants to use neighbour 90 cache. 91 - If the entry requires some non-trivial actions, increase 92 its reference count and release table lock. 93 94 Neighbour entries are protected: 95 - with reference count. 96 - with rwlock neigh->lock 97 98 Reference count prevents destruction. 99 100 neigh->lock mainly serializes ll address data and its validity state. 101 However, the same lock is used to protect another entry fields: 102 - timer 103 - resolution queue 104 105 Again, nothing clever shall be made under neigh->lock, 106 the most complicated procedure, which we allow is dev->hard_header. 107 It is supposed, that dev->hard_header is simplistic and does 108 not make callbacks to neighbour tables. 109 */ 110 111 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 112 { 113 kfree_skb(skb); 114 return -ENETDOWN; 115 } 116 117 static void neigh_cleanup_and_release(struct neighbour *neigh) 118 { 119 trace_neigh_cleanup_and_release(neigh, 0); 120 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 121 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 122 neigh_release(neigh); 123 } 124 125 /* 126 * It is random distribution in the interval (1/2)*base...(3/2)*base. 127 * It corresponds to default IPv6 settings and is not overridable, 128 * because it is really reasonable choice. 129 */ 130 131 unsigned long neigh_rand_reach_time(unsigned long base) 132 { 133 return base ? get_random_u32_below(base) + (base >> 1) : 0; 134 } 135 EXPORT_SYMBOL(neigh_rand_reach_time); 136 137 static void neigh_mark_dead(struct neighbour *n) 138 { 139 n->dead = 1; 140 if (!list_empty(&n->gc_list)) { 141 list_del_init(&n->gc_list); 142 atomic_dec(&n->tbl->gc_entries); 143 } 144 if (!list_empty(&n->managed_list)) 145 list_del_init(&n->managed_list); 146 } 147 148 static void neigh_update_gc_list(struct neighbour *n) 149 { 150 bool on_gc_list, exempt_from_gc; 151 152 write_lock_bh(&n->tbl->lock); 153 write_lock(&n->lock); 154 if (n->dead) 155 goto out; 156 157 /* remove from the gc list if new state is permanent or if neighbor is 158 * externally learned / validated; otherwise entry should be on the gc 159 * list 160 */ 161 exempt_from_gc = n->nud_state & NUD_PERMANENT || 162 n->flags & (NTF_EXT_LEARNED | NTF_EXT_VALIDATED); 163 on_gc_list = !list_empty(&n->gc_list); 164 165 if (exempt_from_gc && on_gc_list) { 166 list_del_init(&n->gc_list); 167 atomic_dec(&n->tbl->gc_entries); 168 } else if (!exempt_from_gc && !on_gc_list) { 169 /* add entries to the tail; cleaning removes from the front */ 170 list_add_tail(&n->gc_list, &n->tbl->gc_list); 171 atomic_inc(&n->tbl->gc_entries); 172 } 173 out: 174 write_unlock(&n->lock); 175 write_unlock_bh(&n->tbl->lock); 176 } 177 178 static void neigh_update_managed_list(struct neighbour *n) 179 { 180 bool on_managed_list, add_to_managed; 181 182 write_lock_bh(&n->tbl->lock); 183 write_lock(&n->lock); 184 if (n->dead) 185 goto out; 186 187 add_to_managed = n->flags & NTF_MANAGED; 188 on_managed_list = !list_empty(&n->managed_list); 189 190 if (!add_to_managed && on_managed_list) 191 list_del_init(&n->managed_list); 192 else if (add_to_managed && !on_managed_list) 193 list_add_tail(&n->managed_list, &n->tbl->managed_list); 194 out: 195 write_unlock(&n->lock); 196 write_unlock_bh(&n->tbl->lock); 197 } 198 199 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 200 bool *gc_update, bool *managed_update) 201 { 202 u32 ndm_flags, old_flags = neigh->flags; 203 204 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 205 return; 206 207 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 208 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 209 ndm_flags |= (flags & NEIGH_UPDATE_F_EXT_VALIDATED) ? NTF_EXT_VALIDATED : 0; 210 211 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 212 if (ndm_flags & NTF_EXT_LEARNED) 213 neigh->flags |= NTF_EXT_LEARNED; 214 else 215 neigh->flags &= ~NTF_EXT_LEARNED; 216 *notify = 1; 217 *gc_update = true; 218 } 219 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 220 if (ndm_flags & NTF_MANAGED) 221 neigh->flags |= NTF_MANAGED; 222 else 223 neigh->flags &= ~NTF_MANAGED; 224 *notify = 1; 225 *managed_update = true; 226 } 227 if ((old_flags ^ ndm_flags) & NTF_EXT_VALIDATED) { 228 if (ndm_flags & NTF_EXT_VALIDATED) 229 neigh->flags |= NTF_EXT_VALIDATED; 230 else 231 neigh->flags &= ~NTF_EXT_VALIDATED; 232 *notify = 1; 233 *gc_update = true; 234 } 235 } 236 237 bool neigh_remove_one(struct neighbour *n) 238 { 239 bool retval = false; 240 241 write_lock(&n->lock); 242 if (refcount_read(&n->refcnt) == 1) { 243 hlist_del_rcu(&n->hash); 244 hlist_del_rcu(&n->dev_list); 245 neigh_mark_dead(n); 246 retval = true; 247 } 248 write_unlock(&n->lock); 249 if (retval) 250 neigh_cleanup_and_release(n); 251 return retval; 252 } 253 254 static int neigh_forced_gc(struct neigh_table *tbl) 255 { 256 int max_clean = atomic_read(&tbl->gc_entries) - 257 READ_ONCE(tbl->gc_thresh2); 258 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 259 unsigned long tref = jiffies - 5 * HZ; 260 struct neighbour *n, *tmp; 261 int shrunk = 0; 262 int loop = 0; 263 264 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 265 266 write_lock_bh(&tbl->lock); 267 268 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 269 if (refcount_read(&n->refcnt) == 1) { 270 bool remove = false; 271 272 write_lock(&n->lock); 273 if ((n->nud_state == NUD_FAILED) || 274 (n->nud_state == NUD_NOARP) || 275 (tbl->is_multicast && 276 tbl->is_multicast(n->primary_key)) || 277 !time_in_range(n->updated, tref, jiffies)) 278 remove = true; 279 write_unlock(&n->lock); 280 281 if (remove && neigh_remove_one(n)) 282 shrunk++; 283 if (shrunk >= max_clean) 284 break; 285 if (++loop == 16) { 286 if (ktime_get_ns() > tmax) 287 goto unlock; 288 loop = 0; 289 } 290 } 291 } 292 293 WRITE_ONCE(tbl->last_flush, jiffies); 294 unlock: 295 write_unlock_bh(&tbl->lock); 296 297 return shrunk; 298 } 299 300 static void neigh_add_timer(struct neighbour *n, unsigned long when) 301 { 302 /* Use safe distance from the jiffies - LONG_MAX point while timer 303 * is running in DELAY/PROBE state but still show to user space 304 * large times in the past. 305 */ 306 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 307 308 neigh_hold(n); 309 if (!time_in_range(n->confirmed, mint, jiffies)) 310 n->confirmed = mint; 311 if (time_before(n->used, n->confirmed)) 312 n->used = n->confirmed; 313 if (unlikely(mod_timer(&n->timer, when))) { 314 printk("NEIGH: BUG, double timer add, state is %x\n", 315 n->nud_state); 316 dump_stack(); 317 } 318 } 319 320 static int neigh_del_timer(struct neighbour *n) 321 { 322 if ((n->nud_state & NUD_IN_TIMER) && 323 timer_delete(&n->timer)) { 324 neigh_release(n); 325 return 1; 326 } 327 return 0; 328 } 329 330 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 331 int family) 332 { 333 switch (family) { 334 case AF_INET: 335 return __in_dev_arp_parms_get_rcu(dev); 336 case AF_INET6: 337 return __in6_dev_nd_parms_get_rcu(dev); 338 } 339 return NULL; 340 } 341 342 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 343 { 344 struct neigh_parms *p; 345 346 rcu_read_lock(); 347 p = neigh_get_dev_parms_rcu(dev, family); 348 if (p) 349 p->qlen--; 350 rcu_read_unlock(); 351 } 352 353 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 354 int family) 355 { 356 struct sk_buff_head tmp; 357 unsigned long flags; 358 struct sk_buff *skb; 359 360 skb_queue_head_init(&tmp); 361 spin_lock_irqsave(&list->lock, flags); 362 skb = skb_peek(list); 363 while (skb != NULL) { 364 struct sk_buff *skb_next = skb_peek_next(skb, list); 365 struct net_device *dev = skb->dev; 366 367 if (net == NULL || net_eq(dev_net(dev), net)) { 368 neigh_parms_qlen_dec(dev, family); 369 __skb_unlink(skb, list); 370 __skb_queue_tail(&tmp, skb); 371 } 372 skb = skb_next; 373 } 374 spin_unlock_irqrestore(&list->lock, flags); 375 376 while ((skb = __skb_dequeue(&tmp))) { 377 dev_put(skb->dev); 378 kfree_skb(skb); 379 } 380 } 381 382 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 383 bool skip_perm) 384 { 385 struct hlist_head *dev_head; 386 struct hlist_node *tmp; 387 struct neighbour *n; 388 389 dev_head = neigh_get_dev_table(dev, tbl->family); 390 391 hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) { 392 if (skip_perm && 393 (n->nud_state & NUD_PERMANENT || 394 n->flags & NTF_EXT_VALIDATED)) 395 continue; 396 397 hlist_del_rcu(&n->hash); 398 hlist_del_rcu(&n->dev_list); 399 write_lock(&n->lock); 400 neigh_del_timer(n); 401 neigh_mark_dead(n); 402 if (refcount_read(&n->refcnt) != 1) { 403 /* The most unpleasant situation. 404 * We must destroy neighbour entry, 405 * but someone still uses it. 406 * 407 * The destroy will be delayed until 408 * the last user releases us, but 409 * we must kill timers etc. and move 410 * it to safe state. 411 */ 412 __skb_queue_purge(&n->arp_queue); 413 n->arp_queue_len_bytes = 0; 414 WRITE_ONCE(n->output, neigh_blackhole); 415 if (n->nud_state & NUD_VALID) 416 n->nud_state = NUD_NOARP; 417 else 418 n->nud_state = NUD_NONE; 419 neigh_dbg(2, "neigh %p is stray\n", n); 420 } 421 write_unlock(&n->lock); 422 neigh_cleanup_and_release(n); 423 } 424 } 425 426 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 427 { 428 write_lock_bh(&tbl->lock); 429 neigh_flush_dev(tbl, dev, false); 430 write_unlock_bh(&tbl->lock); 431 } 432 EXPORT_SYMBOL(neigh_changeaddr); 433 434 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 435 bool skip_perm) 436 { 437 write_lock_bh(&tbl->lock); 438 neigh_flush_dev(tbl, dev, skip_perm); 439 pneigh_ifdown_and_unlock(tbl, dev, skip_perm); 440 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 441 tbl->family); 442 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 443 timer_delete_sync(&tbl->proxy_timer); 444 return 0; 445 } 446 447 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 448 { 449 __neigh_ifdown(tbl, dev, true); 450 return 0; 451 } 452 EXPORT_SYMBOL(neigh_carrier_down); 453 454 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 455 { 456 __neigh_ifdown(tbl, dev, false); 457 return 0; 458 } 459 EXPORT_SYMBOL(neigh_ifdown); 460 461 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 462 struct net_device *dev, 463 u32 flags, bool exempt_from_gc) 464 { 465 struct neighbour *n = NULL; 466 unsigned long now = jiffies; 467 int entries, gc_thresh3; 468 469 if (exempt_from_gc) 470 goto do_alloc; 471 472 entries = atomic_inc_return(&tbl->gc_entries) - 1; 473 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 474 if (entries >= gc_thresh3 || 475 (entries >= READ_ONCE(tbl->gc_thresh2) && 476 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 477 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 478 net_info_ratelimited("%s: neighbor table overflow!\n", 479 tbl->id); 480 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 481 goto out_entries; 482 } 483 } 484 485 do_alloc: 486 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 487 if (!n) 488 goto out_entries; 489 490 __skb_queue_head_init(&n->arp_queue); 491 rwlock_init(&n->lock); 492 seqlock_init(&n->ha_lock); 493 n->updated = n->used = now; 494 n->nud_state = NUD_NONE; 495 n->output = neigh_blackhole; 496 n->flags = flags; 497 seqlock_init(&n->hh.hh_lock); 498 n->parms = neigh_parms_clone(&tbl->parms); 499 timer_setup(&n->timer, neigh_timer_handler, 0); 500 501 NEIGH_CACHE_STAT_INC(tbl, allocs); 502 n->tbl = tbl; 503 refcount_set(&n->refcnt, 1); 504 n->dead = 1; 505 INIT_LIST_HEAD(&n->gc_list); 506 INIT_LIST_HEAD(&n->managed_list); 507 508 atomic_inc(&tbl->entries); 509 out: 510 return n; 511 512 out_entries: 513 if (!exempt_from_gc) 514 atomic_dec(&tbl->gc_entries); 515 goto out; 516 } 517 518 static void neigh_get_hash_rnd(u32 *x) 519 { 520 *x = get_random_u32() | 1; 521 } 522 523 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 524 { 525 size_t size = (1 << shift) * sizeof(struct hlist_head); 526 struct hlist_head *hash_heads; 527 struct neigh_hash_table *ret; 528 int i; 529 530 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 531 if (!ret) 532 return NULL; 533 534 hash_heads = kzalloc(size, GFP_ATOMIC); 535 if (!hash_heads) { 536 kfree(ret); 537 return NULL; 538 } 539 ret->hash_heads = hash_heads; 540 ret->hash_shift = shift; 541 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 542 neigh_get_hash_rnd(&ret->hash_rnd[i]); 543 return ret; 544 } 545 546 static void neigh_hash_free_rcu(struct rcu_head *head) 547 { 548 struct neigh_hash_table *nht = container_of(head, 549 struct neigh_hash_table, 550 rcu); 551 552 kfree(nht->hash_heads); 553 kfree(nht); 554 } 555 556 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 557 unsigned long new_shift) 558 { 559 unsigned int i, hash; 560 struct neigh_hash_table *new_nht, *old_nht; 561 562 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 563 564 old_nht = rcu_dereference_protected(tbl->nht, 565 lockdep_is_held(&tbl->lock)); 566 new_nht = neigh_hash_alloc(new_shift); 567 if (!new_nht) 568 return old_nht; 569 570 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 571 struct hlist_node *tmp; 572 struct neighbour *n; 573 574 neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) { 575 hash = tbl->hash(n->primary_key, n->dev, 576 new_nht->hash_rnd); 577 578 hash >>= (32 - new_nht->hash_shift); 579 580 hlist_del_rcu(&n->hash); 581 hlist_add_head_rcu(&n->hash, &new_nht->hash_heads[hash]); 582 } 583 } 584 585 rcu_assign_pointer(tbl->nht, new_nht); 586 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 587 return new_nht; 588 } 589 590 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 591 struct net_device *dev) 592 { 593 struct neighbour *n; 594 595 NEIGH_CACHE_STAT_INC(tbl, lookups); 596 597 rcu_read_lock(); 598 n = __neigh_lookup_noref(tbl, pkey, dev); 599 if (n) { 600 if (!refcount_inc_not_zero(&n->refcnt)) 601 n = NULL; 602 NEIGH_CACHE_STAT_INC(tbl, hits); 603 } 604 605 rcu_read_unlock(); 606 return n; 607 } 608 EXPORT_SYMBOL(neigh_lookup); 609 610 static struct neighbour * 611 ___neigh_create(struct neigh_table *tbl, const void *pkey, 612 struct net_device *dev, u32 flags, 613 bool exempt_from_gc, bool want_ref) 614 { 615 u32 hash_val, key_len = tbl->key_len; 616 struct neighbour *n1, *rc, *n; 617 struct neigh_hash_table *nht; 618 int error; 619 620 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 621 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 622 if (!n) { 623 rc = ERR_PTR(-ENOBUFS); 624 goto out; 625 } 626 627 memcpy(n->primary_key, pkey, key_len); 628 n->dev = dev; 629 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 630 631 /* Protocol specific setup. */ 632 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 633 rc = ERR_PTR(error); 634 goto out_neigh_release; 635 } 636 637 if (dev->netdev_ops->ndo_neigh_construct) { 638 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 639 if (error < 0) { 640 rc = ERR_PTR(error); 641 goto out_neigh_release; 642 } 643 } 644 645 /* Device specific setup. */ 646 if (n->parms->neigh_setup && 647 (error = n->parms->neigh_setup(n)) < 0) { 648 rc = ERR_PTR(error); 649 goto out_neigh_release; 650 } 651 652 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 653 654 write_lock_bh(&tbl->lock); 655 nht = rcu_dereference_protected(tbl->nht, 656 lockdep_is_held(&tbl->lock)); 657 658 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 659 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 660 661 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 662 663 if (n->parms->dead) { 664 rc = ERR_PTR(-EINVAL); 665 goto out_tbl_unlock; 666 } 667 668 neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) { 669 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 670 if (want_ref) 671 neigh_hold(n1); 672 rc = n1; 673 goto out_tbl_unlock; 674 } 675 } 676 677 n->dead = 0; 678 if (!exempt_from_gc) 679 list_add_tail(&n->gc_list, &n->tbl->gc_list); 680 if (n->flags & NTF_MANAGED) 681 list_add_tail(&n->managed_list, &n->tbl->managed_list); 682 if (want_ref) 683 neigh_hold(n); 684 hlist_add_head_rcu(&n->hash, &nht->hash_heads[hash_val]); 685 686 hlist_add_head_rcu(&n->dev_list, 687 neigh_get_dev_table(dev, tbl->family)); 688 689 write_unlock_bh(&tbl->lock); 690 neigh_dbg(2, "neigh %p is created\n", n); 691 rc = n; 692 out: 693 return rc; 694 out_tbl_unlock: 695 write_unlock_bh(&tbl->lock); 696 out_neigh_release: 697 if (!exempt_from_gc) 698 atomic_dec(&tbl->gc_entries); 699 neigh_release(n); 700 goto out; 701 } 702 703 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 704 struct net_device *dev, bool want_ref) 705 { 706 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 707 708 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 709 } 710 EXPORT_SYMBOL(__neigh_create); 711 712 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 713 { 714 u32 hash_val = *(u32 *)(pkey + key_len - 4); 715 hash_val ^= (hash_val >> 16); 716 hash_val ^= hash_val >> 8; 717 hash_val ^= hash_val >> 4; 718 hash_val &= PNEIGH_HASHMASK; 719 return hash_val; 720 } 721 722 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 723 struct net *net, 724 const void *pkey, 725 unsigned int key_len, 726 struct net_device *dev) 727 { 728 while (n) { 729 if (!memcmp(n->key, pkey, key_len) && 730 net_eq(pneigh_net(n), net) && 731 (n->dev == dev || !n->dev)) 732 return n; 733 n = n->next; 734 } 735 return NULL; 736 } 737 738 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 739 struct net *net, const void *pkey, struct net_device *dev) 740 { 741 unsigned int key_len = tbl->key_len; 742 u32 hash_val = pneigh_hash(pkey, key_len); 743 744 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 745 net, pkey, key_len, dev); 746 } 747 EXPORT_SYMBOL_GPL(__pneigh_lookup); 748 749 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 750 struct net *net, const void *pkey, 751 struct net_device *dev, int creat) 752 { 753 struct pneigh_entry *n; 754 unsigned int key_len = tbl->key_len; 755 u32 hash_val = pneigh_hash(pkey, key_len); 756 757 read_lock_bh(&tbl->lock); 758 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 759 net, pkey, key_len, dev); 760 read_unlock_bh(&tbl->lock); 761 762 if (n || !creat) 763 goto out; 764 765 ASSERT_RTNL(); 766 767 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 768 if (!n) 769 goto out; 770 771 write_pnet(&n->net, net); 772 memcpy(n->key, pkey, key_len); 773 n->dev = dev; 774 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 775 776 if (tbl->pconstructor && tbl->pconstructor(n)) { 777 netdev_put(dev, &n->dev_tracker); 778 kfree(n); 779 n = NULL; 780 goto out; 781 } 782 783 write_lock_bh(&tbl->lock); 784 n->next = tbl->phash_buckets[hash_val]; 785 tbl->phash_buckets[hash_val] = n; 786 write_unlock_bh(&tbl->lock); 787 out: 788 return n; 789 } 790 EXPORT_SYMBOL(pneigh_lookup); 791 792 793 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 794 struct net_device *dev) 795 { 796 struct pneigh_entry *n, **np; 797 unsigned int key_len = tbl->key_len; 798 u32 hash_val = pneigh_hash(pkey, key_len); 799 800 write_lock_bh(&tbl->lock); 801 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 802 np = &n->next) { 803 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 804 net_eq(pneigh_net(n), net)) { 805 *np = n->next; 806 write_unlock_bh(&tbl->lock); 807 if (tbl->pdestructor) 808 tbl->pdestructor(n); 809 netdev_put(n->dev, &n->dev_tracker); 810 kfree(n); 811 return 0; 812 } 813 } 814 write_unlock_bh(&tbl->lock); 815 return -ENOENT; 816 } 817 818 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 819 struct net_device *dev, 820 bool skip_perm) 821 { 822 struct pneigh_entry *n, **np, *freelist = NULL; 823 u32 h; 824 825 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 826 np = &tbl->phash_buckets[h]; 827 while ((n = *np) != NULL) { 828 if (skip_perm && n->permanent) 829 goto skip; 830 if (!dev || n->dev == dev) { 831 *np = n->next; 832 n->next = freelist; 833 freelist = n; 834 continue; 835 } 836 skip: 837 np = &n->next; 838 } 839 } 840 write_unlock_bh(&tbl->lock); 841 while ((n = freelist)) { 842 freelist = n->next; 843 n->next = NULL; 844 if (tbl->pdestructor) 845 tbl->pdestructor(n); 846 netdev_put(n->dev, &n->dev_tracker); 847 kfree(n); 848 } 849 return -ENOENT; 850 } 851 852 static inline void neigh_parms_put(struct neigh_parms *parms) 853 { 854 if (refcount_dec_and_test(&parms->refcnt)) 855 kfree(parms); 856 } 857 858 /* 859 * neighbour must already be out of the table; 860 * 861 */ 862 void neigh_destroy(struct neighbour *neigh) 863 { 864 struct net_device *dev = neigh->dev; 865 866 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 867 868 if (!neigh->dead) { 869 pr_warn("Destroying alive neighbour %p\n", neigh); 870 dump_stack(); 871 return; 872 } 873 874 if (neigh_del_timer(neigh)) 875 pr_warn("Impossible event\n"); 876 877 write_lock_bh(&neigh->lock); 878 __skb_queue_purge(&neigh->arp_queue); 879 write_unlock_bh(&neigh->lock); 880 neigh->arp_queue_len_bytes = 0; 881 882 if (dev->netdev_ops->ndo_neigh_destroy) 883 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 884 885 netdev_put(dev, &neigh->dev_tracker); 886 neigh_parms_put(neigh->parms); 887 888 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 889 890 atomic_dec(&neigh->tbl->entries); 891 kfree_rcu(neigh, rcu); 892 } 893 EXPORT_SYMBOL(neigh_destroy); 894 895 /* Neighbour state is suspicious; 896 disable fast path. 897 898 Called with write_locked neigh. 899 */ 900 static void neigh_suspect(struct neighbour *neigh) 901 { 902 neigh_dbg(2, "neigh %p is suspected\n", neigh); 903 904 WRITE_ONCE(neigh->output, neigh->ops->output); 905 } 906 907 /* Neighbour state is OK; 908 enable fast path. 909 910 Called with write_locked neigh. 911 */ 912 static void neigh_connect(struct neighbour *neigh) 913 { 914 neigh_dbg(2, "neigh %p is connected\n", neigh); 915 916 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 917 } 918 919 static void neigh_periodic_work(struct work_struct *work) 920 { 921 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 922 struct neigh_hash_table *nht; 923 struct hlist_node *tmp; 924 struct neighbour *n; 925 unsigned int i; 926 927 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 928 929 write_lock_bh(&tbl->lock); 930 nht = rcu_dereference_protected(tbl->nht, 931 lockdep_is_held(&tbl->lock)); 932 933 /* 934 * periodically recompute ReachableTime from random function 935 */ 936 937 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 938 struct neigh_parms *p; 939 940 WRITE_ONCE(tbl->last_rand, jiffies); 941 list_for_each_entry(p, &tbl->parms_list, list) 942 p->reachable_time = 943 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 944 } 945 946 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 947 goto out; 948 949 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 950 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) { 951 unsigned int state; 952 953 write_lock(&n->lock); 954 955 state = n->nud_state; 956 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 957 (n->flags & 958 (NTF_EXT_LEARNED | NTF_EXT_VALIDATED))) { 959 write_unlock(&n->lock); 960 continue; 961 } 962 963 if (time_before(n->used, n->confirmed) && 964 time_is_before_eq_jiffies(n->confirmed)) 965 n->used = n->confirmed; 966 967 if (refcount_read(&n->refcnt) == 1 && 968 (state == NUD_FAILED || 969 !time_in_range_open(jiffies, n->used, 970 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 971 hlist_del_rcu(&n->hash); 972 hlist_del_rcu(&n->dev_list); 973 neigh_mark_dead(n); 974 write_unlock(&n->lock); 975 neigh_cleanup_and_release(n); 976 continue; 977 } 978 write_unlock(&n->lock); 979 } 980 /* 981 * It's fine to release lock here, even if hash table 982 * grows while we are preempted. 983 */ 984 write_unlock_bh(&tbl->lock); 985 cond_resched(); 986 write_lock_bh(&tbl->lock); 987 nht = rcu_dereference_protected(tbl->nht, 988 lockdep_is_held(&tbl->lock)); 989 } 990 out: 991 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 992 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 993 * BASE_REACHABLE_TIME. 994 */ 995 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 996 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 997 write_unlock_bh(&tbl->lock); 998 } 999 1000 static __inline__ int neigh_max_probes(struct neighbour *n) 1001 { 1002 struct neigh_parms *p = n->parms; 1003 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1004 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1005 NEIGH_VAR(p, MCAST_PROBES)); 1006 } 1007 1008 static void neigh_invalidate(struct neighbour *neigh) 1009 __releases(neigh->lock) 1010 __acquires(neigh->lock) 1011 { 1012 struct sk_buff *skb; 1013 1014 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1015 neigh_dbg(2, "neigh %p is failed\n", neigh); 1016 neigh->updated = jiffies; 1017 1018 /* It is very thin place. report_unreachable is very complicated 1019 routine. Particularly, it can hit the same neighbour entry! 1020 1021 So that, we try to be accurate and avoid dead loop. --ANK 1022 */ 1023 while (neigh->nud_state == NUD_FAILED && 1024 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1025 write_unlock(&neigh->lock); 1026 neigh->ops->error_report(neigh, skb); 1027 write_lock(&neigh->lock); 1028 } 1029 __skb_queue_purge(&neigh->arp_queue); 1030 neigh->arp_queue_len_bytes = 0; 1031 } 1032 1033 static void neigh_probe(struct neighbour *neigh) 1034 __releases(neigh->lock) 1035 { 1036 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1037 /* keep skb alive even if arp_queue overflows */ 1038 if (skb) 1039 skb = skb_clone(skb, GFP_ATOMIC); 1040 write_unlock(&neigh->lock); 1041 if (neigh->ops->solicit) 1042 neigh->ops->solicit(neigh, skb); 1043 atomic_inc(&neigh->probes); 1044 consume_skb(skb); 1045 } 1046 1047 /* Called when a timer expires for a neighbour entry. */ 1048 1049 static void neigh_timer_handler(struct timer_list *t) 1050 { 1051 unsigned long now, next; 1052 struct neighbour *neigh = timer_container_of(neigh, t, timer); 1053 unsigned int state; 1054 int notify = 0; 1055 1056 write_lock(&neigh->lock); 1057 1058 state = neigh->nud_state; 1059 now = jiffies; 1060 next = now + HZ; 1061 1062 if (!(state & NUD_IN_TIMER)) 1063 goto out; 1064 1065 if (state & NUD_REACHABLE) { 1066 if (time_before_eq(now, 1067 neigh->confirmed + neigh->parms->reachable_time)) { 1068 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1069 next = neigh->confirmed + neigh->parms->reachable_time; 1070 } else if (time_before_eq(now, 1071 neigh->used + 1072 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1073 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1074 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1075 neigh->updated = jiffies; 1076 neigh_suspect(neigh); 1077 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1078 } else { 1079 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1080 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1081 neigh->updated = jiffies; 1082 neigh_suspect(neigh); 1083 notify = 1; 1084 } 1085 } else if (state & NUD_DELAY) { 1086 if (time_before_eq(now, 1087 neigh->confirmed + 1088 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1089 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1090 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1091 neigh->updated = jiffies; 1092 neigh_connect(neigh); 1093 notify = 1; 1094 next = neigh->confirmed + neigh->parms->reachable_time; 1095 } else { 1096 neigh_dbg(2, "neigh %p is probed\n", neigh); 1097 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1098 neigh->updated = jiffies; 1099 atomic_set(&neigh->probes, 0); 1100 notify = 1; 1101 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1102 HZ/100); 1103 } 1104 } else { 1105 /* NUD_PROBE|NUD_INCOMPLETE */ 1106 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1107 } 1108 1109 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1110 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1111 if (neigh->nud_state == NUD_PROBE && 1112 neigh->flags & NTF_EXT_VALIDATED) { 1113 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1114 neigh->updated = jiffies; 1115 } else { 1116 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1117 neigh_invalidate(neigh); 1118 } 1119 notify = 1; 1120 goto out; 1121 } 1122 1123 if (neigh->nud_state & NUD_IN_TIMER) { 1124 if (time_before(next, jiffies + HZ/100)) 1125 next = jiffies + HZ/100; 1126 if (!mod_timer(&neigh->timer, next)) 1127 neigh_hold(neigh); 1128 } 1129 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1130 neigh_probe(neigh); 1131 } else { 1132 out: 1133 write_unlock(&neigh->lock); 1134 } 1135 1136 if (notify) 1137 neigh_update_notify(neigh, 0); 1138 1139 trace_neigh_timer_handler(neigh, 0); 1140 1141 neigh_release(neigh); 1142 } 1143 1144 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1145 const bool immediate_ok) 1146 { 1147 int rc; 1148 bool immediate_probe = false; 1149 1150 write_lock_bh(&neigh->lock); 1151 1152 rc = 0; 1153 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1154 goto out_unlock_bh; 1155 if (neigh->dead) 1156 goto out_dead; 1157 1158 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1159 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1160 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1161 unsigned long next, now = jiffies; 1162 1163 atomic_set(&neigh->probes, 1164 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1165 neigh_del_timer(neigh); 1166 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1167 neigh->updated = now; 1168 if (!immediate_ok) { 1169 next = now + 1; 1170 } else { 1171 immediate_probe = true; 1172 next = now + max(NEIGH_VAR(neigh->parms, 1173 RETRANS_TIME), 1174 HZ / 100); 1175 } 1176 neigh_add_timer(neigh, next); 1177 } else { 1178 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1179 neigh->updated = jiffies; 1180 write_unlock_bh(&neigh->lock); 1181 1182 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1183 return 1; 1184 } 1185 } else if (neigh->nud_state & NUD_STALE) { 1186 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1187 neigh_del_timer(neigh); 1188 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1189 neigh->updated = jiffies; 1190 neigh_add_timer(neigh, jiffies + 1191 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1192 } 1193 1194 if (neigh->nud_state == NUD_INCOMPLETE) { 1195 if (skb) { 1196 while (neigh->arp_queue_len_bytes + skb->truesize > 1197 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1198 struct sk_buff *buff; 1199 1200 buff = __skb_dequeue(&neigh->arp_queue); 1201 if (!buff) 1202 break; 1203 neigh->arp_queue_len_bytes -= buff->truesize; 1204 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1205 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1206 } 1207 skb_dst_force(skb); 1208 __skb_queue_tail(&neigh->arp_queue, skb); 1209 neigh->arp_queue_len_bytes += skb->truesize; 1210 } 1211 rc = 1; 1212 } 1213 out_unlock_bh: 1214 if (immediate_probe) 1215 neigh_probe(neigh); 1216 else 1217 write_unlock(&neigh->lock); 1218 local_bh_enable(); 1219 trace_neigh_event_send_done(neigh, rc); 1220 return rc; 1221 1222 out_dead: 1223 if (neigh->nud_state & NUD_STALE) 1224 goto out_unlock_bh; 1225 write_unlock_bh(&neigh->lock); 1226 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1227 trace_neigh_event_send_dead(neigh, 1); 1228 return 1; 1229 } 1230 EXPORT_SYMBOL(__neigh_event_send); 1231 1232 static void neigh_update_hhs(struct neighbour *neigh) 1233 { 1234 struct hh_cache *hh; 1235 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1236 = NULL; 1237 1238 if (neigh->dev->header_ops) 1239 update = neigh->dev->header_ops->cache_update; 1240 1241 if (update) { 1242 hh = &neigh->hh; 1243 if (READ_ONCE(hh->hh_len)) { 1244 write_seqlock_bh(&hh->hh_lock); 1245 update(hh, neigh->dev, neigh->ha); 1246 write_sequnlock_bh(&hh->hh_lock); 1247 } 1248 } 1249 } 1250 1251 /* Generic update routine. 1252 -- lladdr is new lladdr or NULL, if it is not supplied. 1253 -- new is new state. 1254 -- flags 1255 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1256 if it is different. 1257 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1258 lladdr instead of overriding it 1259 if it is different. 1260 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1261 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1262 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1263 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1264 NTF_ROUTER flag. 1265 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1266 a router. 1267 NEIGH_UPDATE_F_EXT_VALIDATED means that the entry will not be removed 1268 or invalidated. 1269 1270 Caller MUST hold reference count on the entry. 1271 */ 1272 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1273 u8 new, u32 flags, u32 nlmsg_pid, 1274 struct netlink_ext_ack *extack) 1275 { 1276 bool gc_update = false, managed_update = false; 1277 int update_isrouter = 0; 1278 struct net_device *dev; 1279 int err, notify = 0; 1280 u8 old; 1281 1282 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1283 1284 write_lock_bh(&neigh->lock); 1285 1286 dev = neigh->dev; 1287 old = neigh->nud_state; 1288 err = -EPERM; 1289 1290 if (neigh->dead) { 1291 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1292 new = old; 1293 goto out; 1294 } 1295 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1296 (old & (NUD_NOARP | NUD_PERMANENT))) 1297 goto out; 1298 1299 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1300 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1301 new = old & ~NUD_PERMANENT; 1302 WRITE_ONCE(neigh->nud_state, new); 1303 err = 0; 1304 goto out; 1305 } 1306 1307 if (!(new & NUD_VALID)) { 1308 neigh_del_timer(neigh); 1309 if (old & NUD_CONNECTED) 1310 neigh_suspect(neigh); 1311 WRITE_ONCE(neigh->nud_state, new); 1312 err = 0; 1313 notify = old & NUD_VALID; 1314 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1315 (new & NUD_FAILED)) { 1316 neigh_invalidate(neigh); 1317 notify = 1; 1318 } 1319 goto out; 1320 } 1321 1322 /* Compare new lladdr with cached one */ 1323 if (!dev->addr_len) { 1324 /* First case: device needs no address. */ 1325 lladdr = neigh->ha; 1326 } else if (lladdr) { 1327 /* The second case: if something is already cached 1328 and a new address is proposed: 1329 - compare new & old 1330 - if they are different, check override flag 1331 */ 1332 if ((old & NUD_VALID) && 1333 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1334 lladdr = neigh->ha; 1335 } else { 1336 /* No address is supplied; if we know something, 1337 use it, otherwise discard the request. 1338 */ 1339 err = -EINVAL; 1340 if (!(old & NUD_VALID)) { 1341 NL_SET_ERR_MSG(extack, "No link layer address given"); 1342 goto out; 1343 } 1344 lladdr = neigh->ha; 1345 } 1346 1347 /* Update confirmed timestamp for neighbour entry after we 1348 * received ARP packet even if it doesn't change IP to MAC binding. 1349 */ 1350 if (new & NUD_CONNECTED) 1351 neigh->confirmed = jiffies; 1352 1353 /* If entry was valid and address is not changed, 1354 do not change entry state, if new one is STALE. 1355 */ 1356 err = 0; 1357 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1358 if (old & NUD_VALID) { 1359 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1360 update_isrouter = 0; 1361 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1362 (old & NUD_CONNECTED)) { 1363 lladdr = neigh->ha; 1364 new = NUD_STALE; 1365 } else 1366 goto out; 1367 } else { 1368 if (lladdr == neigh->ha && new == NUD_STALE && 1369 !(flags & NEIGH_UPDATE_F_ADMIN)) 1370 new = old; 1371 } 1372 } 1373 1374 /* Update timestamp only once we know we will make a change to the 1375 * neighbour entry. Otherwise we risk to move the locktime window with 1376 * noop updates and ignore relevant ARP updates. 1377 */ 1378 if (new != old || lladdr != neigh->ha) 1379 neigh->updated = jiffies; 1380 1381 if (new != old) { 1382 neigh_del_timer(neigh); 1383 if (new & NUD_PROBE) 1384 atomic_set(&neigh->probes, 0); 1385 if (new & NUD_IN_TIMER) 1386 neigh_add_timer(neigh, (jiffies + 1387 ((new & NUD_REACHABLE) ? 1388 neigh->parms->reachable_time : 1389 0))); 1390 WRITE_ONCE(neigh->nud_state, new); 1391 notify = 1; 1392 } 1393 1394 if (lladdr != neigh->ha) { 1395 write_seqlock(&neigh->ha_lock); 1396 memcpy(&neigh->ha, lladdr, dev->addr_len); 1397 write_sequnlock(&neigh->ha_lock); 1398 neigh_update_hhs(neigh); 1399 if (!(new & NUD_CONNECTED)) 1400 neigh->confirmed = jiffies - 1401 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1402 notify = 1; 1403 } 1404 if (new == old) 1405 goto out; 1406 if (new & NUD_CONNECTED) 1407 neigh_connect(neigh); 1408 else 1409 neigh_suspect(neigh); 1410 if (!(old & NUD_VALID)) { 1411 struct sk_buff *skb; 1412 1413 /* Again: avoid dead loop if something went wrong */ 1414 1415 while (neigh->nud_state & NUD_VALID && 1416 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1417 struct dst_entry *dst = skb_dst(skb); 1418 struct neighbour *n2, *n1 = neigh; 1419 write_unlock_bh(&neigh->lock); 1420 1421 rcu_read_lock(); 1422 1423 /* Why not just use 'neigh' as-is? The problem is that 1424 * things such as shaper, eql, and sch_teql can end up 1425 * using alternative, different, neigh objects to output 1426 * the packet in the output path. So what we need to do 1427 * here is re-lookup the top-level neigh in the path so 1428 * we can reinject the packet there. 1429 */ 1430 n2 = NULL; 1431 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1432 n2 = dst_neigh_lookup_skb(dst, skb); 1433 if (n2) 1434 n1 = n2; 1435 } 1436 READ_ONCE(n1->output)(n1, skb); 1437 if (n2) 1438 neigh_release(n2); 1439 rcu_read_unlock(); 1440 1441 write_lock_bh(&neigh->lock); 1442 } 1443 __skb_queue_purge(&neigh->arp_queue); 1444 neigh->arp_queue_len_bytes = 0; 1445 } 1446 out: 1447 if (update_isrouter) 1448 neigh_update_is_router(neigh, flags, ¬ify); 1449 write_unlock_bh(&neigh->lock); 1450 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1451 neigh_update_gc_list(neigh); 1452 if (managed_update) 1453 neigh_update_managed_list(neigh); 1454 if (notify) 1455 neigh_update_notify(neigh, nlmsg_pid); 1456 trace_neigh_update_done(neigh, err); 1457 return err; 1458 } 1459 1460 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1461 u32 flags, u32 nlmsg_pid) 1462 { 1463 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1464 } 1465 EXPORT_SYMBOL(neigh_update); 1466 1467 /* Update the neigh to listen temporarily for probe responses, even if it is 1468 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1469 */ 1470 void __neigh_set_probe_once(struct neighbour *neigh) 1471 { 1472 if (neigh->dead) 1473 return; 1474 neigh->updated = jiffies; 1475 if (!(neigh->nud_state & NUD_FAILED)) 1476 return; 1477 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1478 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1479 neigh_add_timer(neigh, 1480 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1481 HZ/100)); 1482 } 1483 EXPORT_SYMBOL(__neigh_set_probe_once); 1484 1485 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1486 u8 *lladdr, void *saddr, 1487 struct net_device *dev) 1488 { 1489 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1490 lladdr || !dev->addr_len); 1491 if (neigh) 1492 neigh_update(neigh, lladdr, NUD_STALE, 1493 NEIGH_UPDATE_F_OVERRIDE, 0); 1494 return neigh; 1495 } 1496 EXPORT_SYMBOL(neigh_event_ns); 1497 1498 /* called with read_lock_bh(&n->lock); */ 1499 static void neigh_hh_init(struct neighbour *n) 1500 { 1501 struct net_device *dev = n->dev; 1502 __be16 prot = n->tbl->protocol; 1503 struct hh_cache *hh = &n->hh; 1504 1505 write_lock_bh(&n->lock); 1506 1507 /* Only one thread can come in here and initialize the 1508 * hh_cache entry. 1509 */ 1510 if (!hh->hh_len) 1511 dev->header_ops->cache(n, hh, prot); 1512 1513 write_unlock_bh(&n->lock); 1514 } 1515 1516 /* Slow and careful. */ 1517 1518 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1519 { 1520 int rc = 0; 1521 1522 if (!neigh_event_send(neigh, skb)) { 1523 int err; 1524 struct net_device *dev = neigh->dev; 1525 unsigned int seq; 1526 1527 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1528 neigh_hh_init(neigh); 1529 1530 do { 1531 __skb_pull(skb, skb_network_offset(skb)); 1532 seq = read_seqbegin(&neigh->ha_lock); 1533 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1534 neigh->ha, NULL, skb->len); 1535 } while (read_seqretry(&neigh->ha_lock, seq)); 1536 1537 if (err >= 0) 1538 rc = dev_queue_xmit(skb); 1539 else 1540 goto out_kfree_skb; 1541 } 1542 out: 1543 return rc; 1544 out_kfree_skb: 1545 rc = -EINVAL; 1546 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1547 goto out; 1548 } 1549 EXPORT_SYMBOL(neigh_resolve_output); 1550 1551 /* As fast as possible without hh cache */ 1552 1553 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1554 { 1555 struct net_device *dev = neigh->dev; 1556 unsigned int seq; 1557 int err; 1558 1559 do { 1560 __skb_pull(skb, skb_network_offset(skb)); 1561 seq = read_seqbegin(&neigh->ha_lock); 1562 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1563 neigh->ha, NULL, skb->len); 1564 } while (read_seqretry(&neigh->ha_lock, seq)); 1565 1566 if (err >= 0) 1567 err = dev_queue_xmit(skb); 1568 else { 1569 err = -EINVAL; 1570 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1571 } 1572 return err; 1573 } 1574 EXPORT_SYMBOL(neigh_connected_output); 1575 1576 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1577 { 1578 return dev_queue_xmit(skb); 1579 } 1580 EXPORT_SYMBOL(neigh_direct_output); 1581 1582 static void neigh_managed_work(struct work_struct *work) 1583 { 1584 struct neigh_table *tbl = container_of(work, struct neigh_table, 1585 managed_work.work); 1586 struct neighbour *neigh; 1587 1588 write_lock_bh(&tbl->lock); 1589 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1590 neigh_event_send_probe(neigh, NULL, false); 1591 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1592 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1593 write_unlock_bh(&tbl->lock); 1594 } 1595 1596 static void neigh_proxy_process(struct timer_list *t) 1597 { 1598 struct neigh_table *tbl = timer_container_of(tbl, t, proxy_timer); 1599 long sched_next = 0; 1600 unsigned long now = jiffies; 1601 struct sk_buff *skb, *n; 1602 1603 spin_lock(&tbl->proxy_queue.lock); 1604 1605 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1606 long tdif = NEIGH_CB(skb)->sched_next - now; 1607 1608 if (tdif <= 0) { 1609 struct net_device *dev = skb->dev; 1610 1611 neigh_parms_qlen_dec(dev, tbl->family); 1612 __skb_unlink(skb, &tbl->proxy_queue); 1613 1614 if (tbl->proxy_redo && netif_running(dev)) { 1615 rcu_read_lock(); 1616 tbl->proxy_redo(skb); 1617 rcu_read_unlock(); 1618 } else { 1619 kfree_skb(skb); 1620 } 1621 1622 dev_put(dev); 1623 } else if (!sched_next || tdif < sched_next) 1624 sched_next = tdif; 1625 } 1626 timer_delete(&tbl->proxy_timer); 1627 if (sched_next) 1628 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1629 spin_unlock(&tbl->proxy_queue.lock); 1630 } 1631 1632 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1633 { 1634 /* If proxy_delay is zero, do not call get_random_u32_below() 1635 * as it is undefined behavior. 1636 */ 1637 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1638 1639 return proxy_delay ? 1640 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1641 } 1642 1643 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1644 struct sk_buff *skb) 1645 { 1646 unsigned long sched_next = neigh_proxy_delay(p); 1647 1648 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1649 kfree_skb(skb); 1650 return; 1651 } 1652 1653 NEIGH_CB(skb)->sched_next = sched_next; 1654 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1655 1656 spin_lock(&tbl->proxy_queue.lock); 1657 if (timer_delete(&tbl->proxy_timer)) { 1658 if (time_before(tbl->proxy_timer.expires, sched_next)) 1659 sched_next = tbl->proxy_timer.expires; 1660 } 1661 skb_dst_drop(skb); 1662 dev_hold(skb->dev); 1663 __skb_queue_tail(&tbl->proxy_queue, skb); 1664 p->qlen++; 1665 mod_timer(&tbl->proxy_timer, sched_next); 1666 spin_unlock(&tbl->proxy_queue.lock); 1667 } 1668 EXPORT_SYMBOL(pneigh_enqueue); 1669 1670 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1671 struct net *net, int ifindex) 1672 { 1673 struct neigh_parms *p; 1674 1675 list_for_each_entry(p, &tbl->parms_list, list) { 1676 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1677 (!p->dev && !ifindex && net_eq(net, &init_net))) 1678 return p; 1679 } 1680 1681 return NULL; 1682 } 1683 1684 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1685 struct neigh_table *tbl) 1686 { 1687 struct neigh_parms *p; 1688 struct net *net = dev_net(dev); 1689 const struct net_device_ops *ops = dev->netdev_ops; 1690 1691 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1692 if (p) { 1693 p->tbl = tbl; 1694 refcount_set(&p->refcnt, 1); 1695 p->reachable_time = 1696 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1697 p->qlen = 0; 1698 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1699 p->dev = dev; 1700 write_pnet(&p->net, net); 1701 p->sysctl_table = NULL; 1702 1703 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1704 netdev_put(dev, &p->dev_tracker); 1705 kfree(p); 1706 return NULL; 1707 } 1708 1709 write_lock_bh(&tbl->lock); 1710 list_add(&p->list, &tbl->parms.list); 1711 write_unlock_bh(&tbl->lock); 1712 1713 neigh_parms_data_state_cleanall(p); 1714 } 1715 return p; 1716 } 1717 EXPORT_SYMBOL(neigh_parms_alloc); 1718 1719 static void neigh_rcu_free_parms(struct rcu_head *head) 1720 { 1721 struct neigh_parms *parms = 1722 container_of(head, struct neigh_parms, rcu_head); 1723 1724 neigh_parms_put(parms); 1725 } 1726 1727 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1728 { 1729 if (!parms || parms == &tbl->parms) 1730 return; 1731 write_lock_bh(&tbl->lock); 1732 list_del(&parms->list); 1733 parms->dead = 1; 1734 write_unlock_bh(&tbl->lock); 1735 netdev_put(parms->dev, &parms->dev_tracker); 1736 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1737 } 1738 EXPORT_SYMBOL(neigh_parms_release); 1739 1740 static struct lock_class_key neigh_table_proxy_queue_class; 1741 1742 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1743 1744 void neigh_table_init(int index, struct neigh_table *tbl) 1745 { 1746 unsigned long now = jiffies; 1747 unsigned long phsize; 1748 1749 INIT_LIST_HEAD(&tbl->parms_list); 1750 INIT_LIST_HEAD(&tbl->gc_list); 1751 INIT_LIST_HEAD(&tbl->managed_list); 1752 1753 list_add(&tbl->parms.list, &tbl->parms_list); 1754 write_pnet(&tbl->parms.net, &init_net); 1755 refcount_set(&tbl->parms.refcnt, 1); 1756 tbl->parms.reachable_time = 1757 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1758 tbl->parms.qlen = 0; 1759 1760 tbl->stats = alloc_percpu(struct neigh_statistics); 1761 if (!tbl->stats) 1762 panic("cannot create neighbour cache statistics"); 1763 1764 #ifdef CONFIG_PROC_FS 1765 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1766 &neigh_stat_seq_ops, tbl)) 1767 panic("cannot create neighbour proc dir entry"); 1768 #endif 1769 1770 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1771 1772 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1773 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1774 1775 if (!tbl->nht || !tbl->phash_buckets) 1776 panic("cannot allocate neighbour cache hashes"); 1777 1778 if (!tbl->entry_size) 1779 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1780 tbl->key_len, NEIGH_PRIV_ALIGN); 1781 else 1782 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1783 1784 rwlock_init(&tbl->lock); 1785 1786 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1787 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1788 tbl->parms.reachable_time); 1789 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1790 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1791 1792 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1793 skb_queue_head_init_class(&tbl->proxy_queue, 1794 &neigh_table_proxy_queue_class); 1795 1796 tbl->last_flush = now; 1797 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1798 1799 rcu_assign_pointer(neigh_tables[index], tbl); 1800 } 1801 EXPORT_SYMBOL(neigh_table_init); 1802 1803 /* 1804 * Only called from ndisc_cleanup(), which means this is dead code 1805 * because we no longer can unload IPv6 module. 1806 */ 1807 int neigh_table_clear(int index, struct neigh_table *tbl) 1808 { 1809 RCU_INIT_POINTER(neigh_tables[index], NULL); 1810 synchronize_rcu(); 1811 1812 /* It is not clean... Fix it to unload IPv6 module safely */ 1813 cancel_delayed_work_sync(&tbl->managed_work); 1814 cancel_delayed_work_sync(&tbl->gc_work); 1815 timer_delete_sync(&tbl->proxy_timer); 1816 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1817 neigh_ifdown(tbl, NULL); 1818 if (atomic_read(&tbl->entries)) 1819 pr_crit("neighbour leakage\n"); 1820 1821 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1822 neigh_hash_free_rcu); 1823 tbl->nht = NULL; 1824 1825 kfree(tbl->phash_buckets); 1826 tbl->phash_buckets = NULL; 1827 1828 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1829 1830 free_percpu(tbl->stats); 1831 tbl->stats = NULL; 1832 1833 return 0; 1834 } 1835 EXPORT_SYMBOL(neigh_table_clear); 1836 1837 static struct neigh_table *neigh_find_table(int family) 1838 { 1839 struct neigh_table *tbl = NULL; 1840 1841 switch (family) { 1842 case AF_INET: 1843 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1844 break; 1845 case AF_INET6: 1846 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1847 break; 1848 } 1849 1850 return tbl; 1851 } 1852 1853 const struct nla_policy nda_policy[NDA_MAX+1] = { 1854 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1855 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1856 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1857 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1858 [NDA_PROBES] = { .type = NLA_U32 }, 1859 [NDA_VLAN] = { .type = NLA_U16 }, 1860 [NDA_PORT] = { .type = NLA_U16 }, 1861 [NDA_VNI] = { .type = NLA_U32 }, 1862 [NDA_IFINDEX] = { .type = NLA_U32 }, 1863 [NDA_MASTER] = { .type = NLA_U32 }, 1864 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1865 [NDA_NH_ID] = { .type = NLA_U32 }, 1866 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1867 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1868 }; 1869 1870 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1871 struct netlink_ext_ack *extack) 1872 { 1873 struct net *net = sock_net(skb->sk); 1874 struct ndmsg *ndm; 1875 struct nlattr *dst_attr; 1876 struct neigh_table *tbl; 1877 struct neighbour *neigh; 1878 struct net_device *dev = NULL; 1879 int err = -EINVAL; 1880 1881 ASSERT_RTNL(); 1882 if (nlmsg_len(nlh) < sizeof(*ndm)) 1883 goto out; 1884 1885 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1886 if (!dst_attr) { 1887 NL_SET_ERR_MSG(extack, "Network address not specified"); 1888 goto out; 1889 } 1890 1891 ndm = nlmsg_data(nlh); 1892 if (ndm->ndm_ifindex) { 1893 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1894 if (dev == NULL) { 1895 err = -ENODEV; 1896 goto out; 1897 } 1898 } 1899 1900 tbl = neigh_find_table(ndm->ndm_family); 1901 if (tbl == NULL) 1902 return -EAFNOSUPPORT; 1903 1904 if (nla_len(dst_attr) < (int)tbl->key_len) { 1905 NL_SET_ERR_MSG(extack, "Invalid network address"); 1906 goto out; 1907 } 1908 1909 if (ndm->ndm_flags & NTF_PROXY) { 1910 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1911 goto out; 1912 } 1913 1914 if (dev == NULL) 1915 goto out; 1916 1917 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1918 if (neigh == NULL) { 1919 err = -ENOENT; 1920 goto out; 1921 } 1922 1923 err = __neigh_update(neigh, NULL, NUD_FAILED, 1924 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1925 NETLINK_CB(skb).portid, extack); 1926 write_lock_bh(&tbl->lock); 1927 neigh_release(neigh); 1928 neigh_remove_one(neigh); 1929 write_unlock_bh(&tbl->lock); 1930 1931 out: 1932 return err; 1933 } 1934 1935 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1936 struct netlink_ext_ack *extack) 1937 { 1938 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1940 struct net *net = sock_net(skb->sk); 1941 struct ndmsg *ndm; 1942 struct nlattr *tb[NDA_MAX+1]; 1943 struct neigh_table *tbl; 1944 struct net_device *dev = NULL; 1945 struct neighbour *neigh; 1946 void *dst, *lladdr; 1947 u8 protocol = 0; 1948 u32 ndm_flags; 1949 int err; 1950 1951 ASSERT_RTNL(); 1952 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1953 nda_policy, extack); 1954 if (err < 0) 1955 goto out; 1956 1957 err = -EINVAL; 1958 if (!tb[NDA_DST]) { 1959 NL_SET_ERR_MSG(extack, "Network address not specified"); 1960 goto out; 1961 } 1962 1963 ndm = nlmsg_data(nlh); 1964 ndm_flags = ndm->ndm_flags; 1965 if (tb[NDA_FLAGS_EXT]) { 1966 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1967 1968 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1969 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1970 hweight32(NTF_EXT_MASK))); 1971 ndm_flags |= (ext << NTF_EXT_SHIFT); 1972 } 1973 if (ndm->ndm_ifindex) { 1974 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1975 if (dev == NULL) { 1976 err = -ENODEV; 1977 goto out; 1978 } 1979 1980 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1981 NL_SET_ERR_MSG(extack, "Invalid link address"); 1982 goto out; 1983 } 1984 } 1985 1986 tbl = neigh_find_table(ndm->ndm_family); 1987 if (tbl == NULL) 1988 return -EAFNOSUPPORT; 1989 1990 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 1991 NL_SET_ERR_MSG(extack, "Invalid network address"); 1992 goto out; 1993 } 1994 1995 dst = nla_data(tb[NDA_DST]); 1996 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 1997 1998 if (tb[NDA_PROTOCOL]) 1999 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2000 if (ndm_flags & NTF_PROXY) { 2001 struct pneigh_entry *pn; 2002 2003 if (ndm_flags & (NTF_MANAGED | NTF_EXT_VALIDATED)) { 2004 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2005 goto out; 2006 } 2007 2008 err = -ENOBUFS; 2009 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2010 if (pn) { 2011 pn->flags = ndm_flags; 2012 pn->permanent = !!(ndm->ndm_state & NUD_PERMANENT); 2013 if (protocol) 2014 pn->protocol = protocol; 2015 err = 0; 2016 } 2017 goto out; 2018 } 2019 2020 if (!dev) { 2021 NL_SET_ERR_MSG(extack, "Device not specified"); 2022 goto out; 2023 } 2024 2025 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2026 err = -EINVAL; 2027 goto out; 2028 } 2029 2030 neigh = neigh_lookup(tbl, dst, dev); 2031 if (neigh == NULL) { 2032 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2033 bool exempt_from_gc = ndm_permanent || 2034 ndm_flags & (NTF_EXT_LEARNED | 2035 NTF_EXT_VALIDATED); 2036 2037 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2038 err = -ENOENT; 2039 goto out; 2040 } 2041 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2042 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2043 err = -EINVAL; 2044 goto out; 2045 } 2046 if (ndm_flags & NTF_EXT_VALIDATED) { 2047 u8 state = ndm->ndm_state; 2048 2049 /* NTF_USE and NTF_MANAGED will result in the neighbor 2050 * being created with an invalid state (NUD_NONE). 2051 */ 2052 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2053 state = NUD_NONE; 2054 2055 if (!(state & NUD_VALID)) { 2056 NL_SET_ERR_MSG(extack, 2057 "Cannot create externally validated neighbor with an invalid state"); 2058 err = -EINVAL; 2059 goto out; 2060 } 2061 } 2062 2063 neigh = ___neigh_create(tbl, dst, dev, 2064 ndm_flags & 2065 (NTF_EXT_LEARNED | NTF_MANAGED | 2066 NTF_EXT_VALIDATED), 2067 exempt_from_gc, true); 2068 if (IS_ERR(neigh)) { 2069 err = PTR_ERR(neigh); 2070 goto out; 2071 } 2072 } else { 2073 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2074 err = -EEXIST; 2075 neigh_release(neigh); 2076 goto out; 2077 } 2078 if (ndm_flags & NTF_EXT_VALIDATED) { 2079 u8 state = ndm->ndm_state; 2080 2081 /* NTF_USE and NTF_MANAGED do not update the existing 2082 * state other than clearing it if it was 2083 * NUD_PERMANENT. 2084 */ 2085 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2086 state = READ_ONCE(neigh->nud_state) & ~NUD_PERMANENT; 2087 2088 if (!(state & NUD_VALID)) { 2089 NL_SET_ERR_MSG(extack, 2090 "Cannot mark neighbor as externally validated with an invalid state"); 2091 err = -EINVAL; 2092 neigh_release(neigh); 2093 goto out; 2094 } 2095 } 2096 2097 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2098 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2099 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2100 } 2101 2102 if (protocol) 2103 neigh->protocol = protocol; 2104 if (ndm_flags & NTF_EXT_LEARNED) 2105 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2106 if (ndm_flags & NTF_ROUTER) 2107 flags |= NEIGH_UPDATE_F_ISROUTER; 2108 if (ndm_flags & NTF_MANAGED) 2109 flags |= NEIGH_UPDATE_F_MANAGED; 2110 if (ndm_flags & NTF_USE) 2111 flags |= NEIGH_UPDATE_F_USE; 2112 if (ndm_flags & NTF_EXT_VALIDATED) 2113 flags |= NEIGH_UPDATE_F_EXT_VALIDATED; 2114 2115 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2116 NETLINK_CB(skb).portid, extack); 2117 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) 2118 neigh_event_send(neigh, NULL); 2119 neigh_release(neigh); 2120 out: 2121 return err; 2122 } 2123 2124 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2125 { 2126 struct nlattr *nest; 2127 2128 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2129 if (nest == NULL) 2130 return -ENOBUFS; 2131 2132 if ((parms->dev && 2133 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2134 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2135 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2136 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2137 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2138 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2139 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2140 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2141 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2142 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2143 NEIGH_VAR(parms, UCAST_PROBES)) || 2144 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2145 NEIGH_VAR(parms, MCAST_PROBES)) || 2146 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2147 NEIGH_VAR(parms, MCAST_REPROBES)) || 2148 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2149 NDTPA_PAD) || 2150 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2151 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2152 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2153 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2154 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2155 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2156 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2157 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2158 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2159 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2160 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2161 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2162 nla_put_msecs(skb, NDTPA_LOCKTIME, 2163 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2164 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2165 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2166 goto nla_put_failure; 2167 return nla_nest_end(skb, nest); 2168 2169 nla_put_failure: 2170 nla_nest_cancel(skb, nest); 2171 return -EMSGSIZE; 2172 } 2173 2174 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2175 u32 pid, u32 seq, int type, int flags) 2176 { 2177 struct nlmsghdr *nlh; 2178 struct ndtmsg *ndtmsg; 2179 2180 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2181 if (nlh == NULL) 2182 return -EMSGSIZE; 2183 2184 ndtmsg = nlmsg_data(nlh); 2185 2186 read_lock_bh(&tbl->lock); 2187 ndtmsg->ndtm_family = tbl->family; 2188 ndtmsg->ndtm_pad1 = 0; 2189 ndtmsg->ndtm_pad2 = 0; 2190 2191 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2192 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2193 NDTA_PAD) || 2194 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2195 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2196 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2197 goto nla_put_failure; 2198 { 2199 unsigned long now = jiffies; 2200 long flush_delta = now - READ_ONCE(tbl->last_flush); 2201 long rand_delta = now - READ_ONCE(tbl->last_rand); 2202 struct neigh_hash_table *nht; 2203 struct ndt_config ndc = { 2204 .ndtc_key_len = tbl->key_len, 2205 .ndtc_entry_size = tbl->entry_size, 2206 .ndtc_entries = atomic_read(&tbl->entries), 2207 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2208 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2209 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2210 }; 2211 2212 rcu_read_lock(); 2213 nht = rcu_dereference(tbl->nht); 2214 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2215 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2216 rcu_read_unlock(); 2217 2218 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2219 goto nla_put_failure; 2220 } 2221 2222 { 2223 int cpu; 2224 struct ndt_stats ndst; 2225 2226 memset(&ndst, 0, sizeof(ndst)); 2227 2228 for_each_possible_cpu(cpu) { 2229 struct neigh_statistics *st; 2230 2231 st = per_cpu_ptr(tbl->stats, cpu); 2232 ndst.ndts_allocs += READ_ONCE(st->allocs); 2233 ndst.ndts_destroys += READ_ONCE(st->destroys); 2234 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2235 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2236 ndst.ndts_lookups += READ_ONCE(st->lookups); 2237 ndst.ndts_hits += READ_ONCE(st->hits); 2238 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2239 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2240 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2241 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2242 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2243 } 2244 2245 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2246 NDTA_PAD)) 2247 goto nla_put_failure; 2248 } 2249 2250 BUG_ON(tbl->parms.dev); 2251 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2252 goto nla_put_failure; 2253 2254 read_unlock_bh(&tbl->lock); 2255 nlmsg_end(skb, nlh); 2256 return 0; 2257 2258 nla_put_failure: 2259 read_unlock_bh(&tbl->lock); 2260 nlmsg_cancel(skb, nlh); 2261 return -EMSGSIZE; 2262 } 2263 2264 static int neightbl_fill_param_info(struct sk_buff *skb, 2265 struct neigh_table *tbl, 2266 struct neigh_parms *parms, 2267 u32 pid, u32 seq, int type, 2268 unsigned int flags) 2269 { 2270 struct ndtmsg *ndtmsg; 2271 struct nlmsghdr *nlh; 2272 2273 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2274 if (nlh == NULL) 2275 return -EMSGSIZE; 2276 2277 ndtmsg = nlmsg_data(nlh); 2278 2279 read_lock_bh(&tbl->lock); 2280 ndtmsg->ndtm_family = tbl->family; 2281 ndtmsg->ndtm_pad1 = 0; 2282 ndtmsg->ndtm_pad2 = 0; 2283 2284 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2285 neightbl_fill_parms(skb, parms) < 0) 2286 goto errout; 2287 2288 read_unlock_bh(&tbl->lock); 2289 nlmsg_end(skb, nlh); 2290 return 0; 2291 errout: 2292 read_unlock_bh(&tbl->lock); 2293 nlmsg_cancel(skb, nlh); 2294 return -EMSGSIZE; 2295 } 2296 2297 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2298 [NDTA_NAME] = { .type = NLA_STRING }, 2299 [NDTA_THRESH1] = { .type = NLA_U32 }, 2300 [NDTA_THRESH2] = { .type = NLA_U32 }, 2301 [NDTA_THRESH3] = { .type = NLA_U32 }, 2302 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2303 [NDTA_PARMS] = { .type = NLA_NESTED }, 2304 }; 2305 2306 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2307 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2308 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2309 [NDTPA_QUEUE_LENBYTES] = { .type = NLA_U32 }, 2310 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2311 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2312 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2313 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2314 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2315 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2316 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2317 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2318 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2319 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2320 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2321 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2322 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2323 }; 2324 2325 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2326 struct netlink_ext_ack *extack) 2327 { 2328 struct net *net = sock_net(skb->sk); 2329 struct neigh_table *tbl; 2330 struct ndtmsg *ndtmsg; 2331 struct nlattr *tb[NDTA_MAX+1]; 2332 bool found = false; 2333 int err, tidx; 2334 2335 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2336 nl_neightbl_policy, extack); 2337 if (err < 0) 2338 goto errout; 2339 2340 if (tb[NDTA_NAME] == NULL) { 2341 err = -EINVAL; 2342 goto errout; 2343 } 2344 2345 ndtmsg = nlmsg_data(nlh); 2346 2347 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2348 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2349 if (!tbl) 2350 continue; 2351 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2352 continue; 2353 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2354 found = true; 2355 break; 2356 } 2357 } 2358 2359 if (!found) 2360 return -ENOENT; 2361 2362 /* 2363 * We acquire tbl->lock to be nice to the periodic timers and 2364 * make sure they always see a consistent set of values. 2365 */ 2366 write_lock_bh(&tbl->lock); 2367 2368 if (tb[NDTA_PARMS]) { 2369 struct nlattr *tbp[NDTPA_MAX+1]; 2370 struct neigh_parms *p; 2371 int i, ifindex = 0; 2372 2373 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2374 tb[NDTA_PARMS], 2375 nl_ntbl_parm_policy, extack); 2376 if (err < 0) 2377 goto errout_tbl_lock; 2378 2379 if (tbp[NDTPA_IFINDEX]) 2380 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2381 2382 p = lookup_neigh_parms(tbl, net, ifindex); 2383 if (p == NULL) { 2384 err = -ENOENT; 2385 goto errout_tbl_lock; 2386 } 2387 2388 for (i = 1; i <= NDTPA_MAX; i++) { 2389 if (tbp[i] == NULL) 2390 continue; 2391 2392 switch (i) { 2393 case NDTPA_QUEUE_LEN: 2394 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2395 nla_get_u32(tbp[i]) * 2396 SKB_TRUESIZE(ETH_FRAME_LEN)); 2397 break; 2398 case NDTPA_QUEUE_LENBYTES: 2399 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2400 nla_get_u32(tbp[i])); 2401 break; 2402 case NDTPA_PROXY_QLEN: 2403 NEIGH_VAR_SET(p, PROXY_QLEN, 2404 nla_get_u32(tbp[i])); 2405 break; 2406 case NDTPA_APP_PROBES: 2407 NEIGH_VAR_SET(p, APP_PROBES, 2408 nla_get_u32(tbp[i])); 2409 break; 2410 case NDTPA_UCAST_PROBES: 2411 NEIGH_VAR_SET(p, UCAST_PROBES, 2412 nla_get_u32(tbp[i])); 2413 break; 2414 case NDTPA_MCAST_PROBES: 2415 NEIGH_VAR_SET(p, MCAST_PROBES, 2416 nla_get_u32(tbp[i])); 2417 break; 2418 case NDTPA_MCAST_REPROBES: 2419 NEIGH_VAR_SET(p, MCAST_REPROBES, 2420 nla_get_u32(tbp[i])); 2421 break; 2422 case NDTPA_BASE_REACHABLE_TIME: 2423 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2424 nla_get_msecs(tbp[i])); 2425 /* update reachable_time as well, otherwise, the change will 2426 * only be effective after the next time neigh_periodic_work 2427 * decides to recompute it (can be multiple minutes) 2428 */ 2429 p->reachable_time = 2430 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2431 break; 2432 case NDTPA_GC_STALETIME: 2433 NEIGH_VAR_SET(p, GC_STALETIME, 2434 nla_get_msecs(tbp[i])); 2435 break; 2436 case NDTPA_DELAY_PROBE_TIME: 2437 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2438 nla_get_msecs(tbp[i])); 2439 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2440 break; 2441 case NDTPA_INTERVAL_PROBE_TIME_MS: 2442 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2443 nla_get_msecs(tbp[i])); 2444 break; 2445 case NDTPA_RETRANS_TIME: 2446 NEIGH_VAR_SET(p, RETRANS_TIME, 2447 nla_get_msecs(tbp[i])); 2448 break; 2449 case NDTPA_ANYCAST_DELAY: 2450 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2451 nla_get_msecs(tbp[i])); 2452 break; 2453 case NDTPA_PROXY_DELAY: 2454 NEIGH_VAR_SET(p, PROXY_DELAY, 2455 nla_get_msecs(tbp[i])); 2456 break; 2457 case NDTPA_LOCKTIME: 2458 NEIGH_VAR_SET(p, LOCKTIME, 2459 nla_get_msecs(tbp[i])); 2460 break; 2461 } 2462 } 2463 } 2464 2465 err = -ENOENT; 2466 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2467 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2468 !net_eq(net, &init_net)) 2469 goto errout_tbl_lock; 2470 2471 if (tb[NDTA_THRESH1]) 2472 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2473 2474 if (tb[NDTA_THRESH2]) 2475 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2476 2477 if (tb[NDTA_THRESH3]) 2478 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2479 2480 if (tb[NDTA_GC_INTERVAL]) 2481 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2482 2483 err = 0; 2484 2485 errout_tbl_lock: 2486 write_unlock_bh(&tbl->lock); 2487 errout: 2488 return err; 2489 } 2490 2491 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2492 struct netlink_ext_ack *extack) 2493 { 2494 struct ndtmsg *ndtm; 2495 2496 ndtm = nlmsg_payload(nlh, sizeof(*ndtm)); 2497 if (!ndtm) { 2498 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2499 return -EINVAL; 2500 } 2501 2502 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2503 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2504 return -EINVAL; 2505 } 2506 2507 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2508 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2509 return -EINVAL; 2510 } 2511 2512 return 0; 2513 } 2514 2515 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2516 { 2517 const struct nlmsghdr *nlh = cb->nlh; 2518 struct net *net = sock_net(skb->sk); 2519 int family, tidx, nidx = 0; 2520 int tbl_skip = cb->args[0]; 2521 int neigh_skip = cb->args[1]; 2522 struct neigh_table *tbl; 2523 2524 if (cb->strict_check) { 2525 int err = neightbl_valid_dump_info(nlh, cb->extack); 2526 2527 if (err < 0) 2528 return err; 2529 } 2530 2531 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2532 2533 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2534 struct neigh_parms *p; 2535 2536 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2537 if (!tbl) 2538 continue; 2539 2540 if (tidx < tbl_skip || (family && tbl->family != family)) 2541 continue; 2542 2543 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2544 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2545 NLM_F_MULTI) < 0) 2546 break; 2547 2548 nidx = 0; 2549 p = list_next_entry(&tbl->parms, list); 2550 list_for_each_entry_from(p, &tbl->parms_list, list) { 2551 if (!net_eq(neigh_parms_net(p), net)) 2552 continue; 2553 2554 if (nidx < neigh_skip) 2555 goto next; 2556 2557 if (neightbl_fill_param_info(skb, tbl, p, 2558 NETLINK_CB(cb->skb).portid, 2559 nlh->nlmsg_seq, 2560 RTM_NEWNEIGHTBL, 2561 NLM_F_MULTI) < 0) 2562 goto out; 2563 next: 2564 nidx++; 2565 } 2566 2567 neigh_skip = 0; 2568 } 2569 out: 2570 cb->args[0] = tidx; 2571 cb->args[1] = nidx; 2572 2573 return skb->len; 2574 } 2575 2576 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2577 u32 pid, u32 seq, int type, unsigned int flags) 2578 { 2579 u32 neigh_flags, neigh_flags_ext; 2580 unsigned long now = jiffies; 2581 struct nda_cacheinfo ci; 2582 struct nlmsghdr *nlh; 2583 struct ndmsg *ndm; 2584 2585 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2586 if (nlh == NULL) 2587 return -EMSGSIZE; 2588 2589 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2590 neigh_flags = neigh->flags & NTF_OLD_MASK; 2591 2592 ndm = nlmsg_data(nlh); 2593 ndm->ndm_family = neigh->ops->family; 2594 ndm->ndm_pad1 = 0; 2595 ndm->ndm_pad2 = 0; 2596 ndm->ndm_flags = neigh_flags; 2597 ndm->ndm_type = neigh->type; 2598 ndm->ndm_ifindex = neigh->dev->ifindex; 2599 2600 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2601 goto nla_put_failure; 2602 2603 read_lock_bh(&neigh->lock); 2604 ndm->ndm_state = neigh->nud_state; 2605 if (neigh->nud_state & NUD_VALID) { 2606 char haddr[MAX_ADDR_LEN]; 2607 2608 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2609 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2610 read_unlock_bh(&neigh->lock); 2611 goto nla_put_failure; 2612 } 2613 } 2614 2615 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2616 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2617 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2618 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2619 read_unlock_bh(&neigh->lock); 2620 2621 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2622 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2623 goto nla_put_failure; 2624 2625 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2626 goto nla_put_failure; 2627 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2628 goto nla_put_failure; 2629 2630 nlmsg_end(skb, nlh); 2631 return 0; 2632 2633 nla_put_failure: 2634 nlmsg_cancel(skb, nlh); 2635 return -EMSGSIZE; 2636 } 2637 2638 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2639 u32 pid, u32 seq, int type, unsigned int flags, 2640 struct neigh_table *tbl) 2641 { 2642 u32 neigh_flags, neigh_flags_ext; 2643 struct nlmsghdr *nlh; 2644 struct ndmsg *ndm; 2645 2646 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2647 if (nlh == NULL) 2648 return -EMSGSIZE; 2649 2650 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2651 neigh_flags = pn->flags & NTF_OLD_MASK; 2652 2653 ndm = nlmsg_data(nlh); 2654 ndm->ndm_family = tbl->family; 2655 ndm->ndm_pad1 = 0; 2656 ndm->ndm_pad2 = 0; 2657 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2658 ndm->ndm_type = RTN_UNICAST; 2659 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2660 ndm->ndm_state = NUD_NONE; 2661 2662 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2663 goto nla_put_failure; 2664 2665 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2666 goto nla_put_failure; 2667 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2668 goto nla_put_failure; 2669 2670 nlmsg_end(skb, nlh); 2671 return 0; 2672 2673 nla_put_failure: 2674 nlmsg_cancel(skb, nlh); 2675 return -EMSGSIZE; 2676 } 2677 2678 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2679 { 2680 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2681 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2682 } 2683 2684 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2685 { 2686 struct net_device *master; 2687 2688 if (!master_idx) 2689 return false; 2690 2691 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2692 2693 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2694 * invalid value for ifindex to denote "no master". 2695 */ 2696 if (master_idx == -1) 2697 return !!master; 2698 2699 if (!master || master->ifindex != master_idx) 2700 return true; 2701 2702 return false; 2703 } 2704 2705 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2706 { 2707 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2708 return true; 2709 2710 return false; 2711 } 2712 2713 struct neigh_dump_filter { 2714 int master_idx; 2715 int dev_idx; 2716 }; 2717 2718 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2719 struct netlink_callback *cb, 2720 struct neigh_dump_filter *filter) 2721 { 2722 struct net *net = sock_net(skb->sk); 2723 struct neighbour *n; 2724 int err = 0, h, s_h = cb->args[1]; 2725 int idx, s_idx = idx = cb->args[2]; 2726 struct neigh_hash_table *nht; 2727 unsigned int flags = NLM_F_MULTI; 2728 2729 if (filter->dev_idx || filter->master_idx) 2730 flags |= NLM_F_DUMP_FILTERED; 2731 2732 nht = rcu_dereference(tbl->nht); 2733 2734 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2735 if (h > s_h) 2736 s_idx = 0; 2737 idx = 0; 2738 neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) { 2739 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2740 goto next; 2741 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2742 neigh_master_filtered(n->dev, filter->master_idx)) 2743 goto next; 2744 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2745 cb->nlh->nlmsg_seq, 2746 RTM_NEWNEIGH, flags); 2747 if (err < 0) 2748 goto out; 2749 next: 2750 idx++; 2751 } 2752 } 2753 out: 2754 cb->args[1] = h; 2755 cb->args[2] = idx; 2756 return err; 2757 } 2758 2759 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2760 struct netlink_callback *cb, 2761 struct neigh_dump_filter *filter) 2762 { 2763 struct pneigh_entry *n; 2764 struct net *net = sock_net(skb->sk); 2765 int err = 0, h, s_h = cb->args[3]; 2766 int idx, s_idx = idx = cb->args[4]; 2767 unsigned int flags = NLM_F_MULTI; 2768 2769 if (filter->dev_idx || filter->master_idx) 2770 flags |= NLM_F_DUMP_FILTERED; 2771 2772 read_lock_bh(&tbl->lock); 2773 2774 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2775 if (h > s_h) 2776 s_idx = 0; 2777 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2778 if (idx < s_idx || pneigh_net(n) != net) 2779 goto next; 2780 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2781 neigh_master_filtered(n->dev, filter->master_idx)) 2782 goto next; 2783 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2784 cb->nlh->nlmsg_seq, 2785 RTM_NEWNEIGH, flags, tbl); 2786 if (err < 0) { 2787 read_unlock_bh(&tbl->lock); 2788 goto out; 2789 } 2790 next: 2791 idx++; 2792 } 2793 } 2794 2795 read_unlock_bh(&tbl->lock); 2796 out: 2797 cb->args[3] = h; 2798 cb->args[4] = idx; 2799 return err; 2800 } 2801 2802 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2803 bool strict_check, 2804 struct neigh_dump_filter *filter, 2805 struct netlink_ext_ack *extack) 2806 { 2807 struct nlattr *tb[NDA_MAX + 1]; 2808 int err, i; 2809 2810 if (strict_check) { 2811 struct ndmsg *ndm; 2812 2813 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2814 if (!ndm) { 2815 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2816 return -EINVAL; 2817 } 2818 2819 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2820 ndm->ndm_state || ndm->ndm_type) { 2821 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2822 return -EINVAL; 2823 } 2824 2825 if (ndm->ndm_flags & ~NTF_PROXY) { 2826 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2827 return -EINVAL; 2828 } 2829 2830 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2831 tb, NDA_MAX, nda_policy, 2832 extack); 2833 } else { 2834 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2835 NDA_MAX, nda_policy, extack); 2836 } 2837 if (err < 0) 2838 return err; 2839 2840 for (i = 0; i <= NDA_MAX; ++i) { 2841 if (!tb[i]) 2842 continue; 2843 2844 /* all new attributes should require strict_check */ 2845 switch (i) { 2846 case NDA_IFINDEX: 2847 filter->dev_idx = nla_get_u32(tb[i]); 2848 break; 2849 case NDA_MASTER: 2850 filter->master_idx = nla_get_u32(tb[i]); 2851 break; 2852 default: 2853 if (strict_check) { 2854 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2855 return -EINVAL; 2856 } 2857 } 2858 } 2859 2860 return 0; 2861 } 2862 2863 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2864 { 2865 const struct nlmsghdr *nlh = cb->nlh; 2866 struct neigh_dump_filter filter = {}; 2867 struct neigh_table *tbl; 2868 int t, family, s_t; 2869 int proxy = 0; 2870 int err; 2871 2872 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2873 2874 /* check for full ndmsg structure presence, family member is 2875 * the same for both structures 2876 */ 2877 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2878 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2879 proxy = 1; 2880 2881 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2882 if (err < 0 && cb->strict_check) 2883 return err; 2884 err = 0; 2885 2886 s_t = cb->args[0]; 2887 2888 rcu_read_lock(); 2889 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2890 tbl = rcu_dereference(neigh_tables[t]); 2891 2892 if (!tbl) 2893 continue; 2894 if (t < s_t || (family && tbl->family != family)) 2895 continue; 2896 if (t > s_t) 2897 memset(&cb->args[1], 0, sizeof(cb->args) - 2898 sizeof(cb->args[0])); 2899 if (proxy) 2900 err = pneigh_dump_table(tbl, skb, cb, &filter); 2901 else 2902 err = neigh_dump_table(tbl, skb, cb, &filter); 2903 if (err < 0) 2904 break; 2905 } 2906 rcu_read_unlock(); 2907 2908 cb->args[0] = t; 2909 return err; 2910 } 2911 2912 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2913 struct neigh_table **tbl, 2914 void **dst, int *dev_idx, u8 *ndm_flags, 2915 struct netlink_ext_ack *extack) 2916 { 2917 struct nlattr *tb[NDA_MAX + 1]; 2918 struct ndmsg *ndm; 2919 int err, i; 2920 2921 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2922 if (!ndm) { 2923 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2924 return -EINVAL; 2925 } 2926 2927 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2928 ndm->ndm_type) { 2929 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2930 return -EINVAL; 2931 } 2932 2933 if (ndm->ndm_flags & ~NTF_PROXY) { 2934 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2935 return -EINVAL; 2936 } 2937 2938 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2939 NDA_MAX, nda_policy, extack); 2940 if (err < 0) 2941 return err; 2942 2943 *ndm_flags = ndm->ndm_flags; 2944 *dev_idx = ndm->ndm_ifindex; 2945 *tbl = neigh_find_table(ndm->ndm_family); 2946 if (*tbl == NULL) { 2947 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2948 return -EAFNOSUPPORT; 2949 } 2950 2951 for (i = 0; i <= NDA_MAX; ++i) { 2952 if (!tb[i]) 2953 continue; 2954 2955 switch (i) { 2956 case NDA_DST: 2957 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2958 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2959 return -EINVAL; 2960 } 2961 *dst = nla_data(tb[i]); 2962 break; 2963 default: 2964 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2965 return -EINVAL; 2966 } 2967 } 2968 2969 return 0; 2970 } 2971 2972 static inline size_t neigh_nlmsg_size(void) 2973 { 2974 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2975 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2976 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2977 + nla_total_size(sizeof(struct nda_cacheinfo)) 2978 + nla_total_size(4) /* NDA_PROBES */ 2979 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2980 + nla_total_size(1); /* NDA_PROTOCOL */ 2981 } 2982 2983 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2984 u32 pid, u32 seq) 2985 { 2986 struct sk_buff *skb; 2987 int err = 0; 2988 2989 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2990 if (!skb) 2991 return -ENOBUFS; 2992 2993 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2994 if (err) { 2995 kfree_skb(skb); 2996 goto errout; 2997 } 2998 2999 err = rtnl_unicast(skb, net, pid); 3000 errout: 3001 return err; 3002 } 3003 3004 static inline size_t pneigh_nlmsg_size(void) 3005 { 3006 return NLMSG_ALIGN(sizeof(struct ndmsg)) 3007 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 3008 + nla_total_size(4) /* NDA_FLAGS_EXT */ 3009 + nla_total_size(1); /* NDA_PROTOCOL */ 3010 } 3011 3012 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 3013 u32 pid, u32 seq, struct neigh_table *tbl) 3014 { 3015 struct sk_buff *skb; 3016 int err = 0; 3017 3018 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3019 if (!skb) 3020 return -ENOBUFS; 3021 3022 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3023 if (err) { 3024 kfree_skb(skb); 3025 goto errout; 3026 } 3027 3028 err = rtnl_unicast(skb, net, pid); 3029 errout: 3030 return err; 3031 } 3032 3033 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3034 struct netlink_ext_ack *extack) 3035 { 3036 struct net *net = sock_net(in_skb->sk); 3037 struct net_device *dev = NULL; 3038 struct neigh_table *tbl = NULL; 3039 struct neighbour *neigh; 3040 void *dst = NULL; 3041 u8 ndm_flags = 0; 3042 int dev_idx = 0; 3043 int err; 3044 3045 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3046 extack); 3047 if (err < 0) 3048 return err; 3049 3050 if (dev_idx) { 3051 dev = __dev_get_by_index(net, dev_idx); 3052 if (!dev) { 3053 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3054 return -ENODEV; 3055 } 3056 } 3057 3058 if (!dst) { 3059 NL_SET_ERR_MSG(extack, "Network address not specified"); 3060 return -EINVAL; 3061 } 3062 3063 if (ndm_flags & NTF_PROXY) { 3064 struct pneigh_entry *pn; 3065 3066 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3067 if (!pn) { 3068 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3069 return -ENOENT; 3070 } 3071 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3072 nlh->nlmsg_seq, tbl); 3073 } 3074 3075 if (!dev) { 3076 NL_SET_ERR_MSG(extack, "No device specified"); 3077 return -EINVAL; 3078 } 3079 3080 neigh = neigh_lookup(tbl, dst, dev); 3081 if (!neigh) { 3082 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3083 return -ENOENT; 3084 } 3085 3086 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3087 nlh->nlmsg_seq); 3088 3089 neigh_release(neigh); 3090 3091 return err; 3092 } 3093 3094 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3095 { 3096 int chain; 3097 struct neigh_hash_table *nht; 3098 3099 rcu_read_lock(); 3100 nht = rcu_dereference(tbl->nht); 3101 3102 read_lock_bh(&tbl->lock); /* avoid resizes */ 3103 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3104 struct neighbour *n; 3105 3106 neigh_for_each_in_bucket(n, &nht->hash_heads[chain]) 3107 cb(n, cookie); 3108 } 3109 read_unlock_bh(&tbl->lock); 3110 rcu_read_unlock(); 3111 } 3112 EXPORT_SYMBOL(neigh_for_each); 3113 3114 /* The tbl->lock must be held as a writer and BH disabled. */ 3115 void __neigh_for_each_release(struct neigh_table *tbl, 3116 int (*cb)(struct neighbour *)) 3117 { 3118 struct neigh_hash_table *nht; 3119 int chain; 3120 3121 nht = rcu_dereference_protected(tbl->nht, 3122 lockdep_is_held(&tbl->lock)); 3123 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3124 struct hlist_node *tmp; 3125 struct neighbour *n; 3126 3127 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) { 3128 int release; 3129 3130 write_lock(&n->lock); 3131 release = cb(n); 3132 if (release) { 3133 hlist_del_rcu(&n->hash); 3134 hlist_del_rcu(&n->dev_list); 3135 neigh_mark_dead(n); 3136 } 3137 write_unlock(&n->lock); 3138 if (release) 3139 neigh_cleanup_and_release(n); 3140 } 3141 } 3142 } 3143 EXPORT_SYMBOL(__neigh_for_each_release); 3144 3145 int neigh_xmit(int index, struct net_device *dev, 3146 const void *addr, struct sk_buff *skb) 3147 { 3148 int err = -EAFNOSUPPORT; 3149 3150 if (likely(index < NEIGH_NR_TABLES)) { 3151 struct neigh_table *tbl; 3152 struct neighbour *neigh; 3153 3154 rcu_read_lock(); 3155 tbl = rcu_dereference(neigh_tables[index]); 3156 if (!tbl) 3157 goto out_unlock; 3158 if (index == NEIGH_ARP_TABLE) { 3159 u32 key = *((u32 *)addr); 3160 3161 neigh = __ipv4_neigh_lookup_noref(dev, key); 3162 } else { 3163 neigh = __neigh_lookup_noref(tbl, addr, dev); 3164 } 3165 if (!neigh) 3166 neigh = __neigh_create(tbl, addr, dev, false); 3167 err = PTR_ERR(neigh); 3168 if (IS_ERR(neigh)) { 3169 rcu_read_unlock(); 3170 goto out_kfree_skb; 3171 } 3172 err = READ_ONCE(neigh->output)(neigh, skb); 3173 out_unlock: 3174 rcu_read_unlock(); 3175 } 3176 else if (index == NEIGH_LINK_TABLE) { 3177 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3178 addr, NULL, skb->len); 3179 if (err < 0) 3180 goto out_kfree_skb; 3181 err = dev_queue_xmit(skb); 3182 } 3183 out: 3184 return err; 3185 out_kfree_skb: 3186 kfree_skb(skb); 3187 goto out; 3188 } 3189 EXPORT_SYMBOL(neigh_xmit); 3190 3191 #ifdef CONFIG_PROC_FS 3192 3193 static struct neighbour *neigh_get_valid(struct seq_file *seq, 3194 struct neighbour *n, 3195 loff_t *pos) 3196 { 3197 struct neigh_seq_state *state = seq->private; 3198 struct net *net = seq_file_net(seq); 3199 3200 if (!net_eq(dev_net(n->dev), net)) 3201 return NULL; 3202 3203 if (state->neigh_sub_iter) { 3204 loff_t fakep = 0; 3205 void *v; 3206 3207 v = state->neigh_sub_iter(state, n, pos ? pos : &fakep); 3208 if (!v) 3209 return NULL; 3210 if (pos) 3211 return v; 3212 } 3213 3214 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3215 return n; 3216 3217 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3218 return n; 3219 3220 return NULL; 3221 } 3222 3223 static struct neighbour *neigh_get_first(struct seq_file *seq) 3224 { 3225 struct neigh_seq_state *state = seq->private; 3226 struct neigh_hash_table *nht = state->nht; 3227 struct neighbour *n, *tmp; 3228 3229 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3230 3231 while (++state->bucket < (1 << nht->hash_shift)) { 3232 neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) { 3233 tmp = neigh_get_valid(seq, n, NULL); 3234 if (tmp) 3235 return tmp; 3236 } 3237 } 3238 3239 return NULL; 3240 } 3241 3242 static struct neighbour *neigh_get_next(struct seq_file *seq, 3243 struct neighbour *n, 3244 loff_t *pos) 3245 { 3246 struct neigh_seq_state *state = seq->private; 3247 struct neighbour *tmp; 3248 3249 if (state->neigh_sub_iter) { 3250 void *v = state->neigh_sub_iter(state, n, pos); 3251 3252 if (v) 3253 return n; 3254 } 3255 3256 hlist_for_each_entry_continue(n, hash) { 3257 tmp = neigh_get_valid(seq, n, pos); 3258 if (tmp) { 3259 n = tmp; 3260 goto out; 3261 } 3262 } 3263 3264 n = neigh_get_first(seq); 3265 out: 3266 if (n && pos) 3267 --(*pos); 3268 3269 return n; 3270 } 3271 3272 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3273 { 3274 struct neighbour *n = neigh_get_first(seq); 3275 3276 if (n) { 3277 --(*pos); 3278 while (*pos) { 3279 n = neigh_get_next(seq, n, pos); 3280 if (!n) 3281 break; 3282 } 3283 } 3284 return *pos ? NULL : n; 3285 } 3286 3287 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3288 { 3289 struct neigh_seq_state *state = seq->private; 3290 struct net *net = seq_file_net(seq); 3291 struct neigh_table *tbl = state->tbl; 3292 struct pneigh_entry *pn = NULL; 3293 int bucket; 3294 3295 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3296 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3297 pn = tbl->phash_buckets[bucket]; 3298 while (pn && !net_eq(pneigh_net(pn), net)) 3299 pn = pn->next; 3300 if (pn) 3301 break; 3302 } 3303 state->bucket = bucket; 3304 3305 return pn; 3306 } 3307 3308 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3309 struct pneigh_entry *pn, 3310 loff_t *pos) 3311 { 3312 struct neigh_seq_state *state = seq->private; 3313 struct net *net = seq_file_net(seq); 3314 struct neigh_table *tbl = state->tbl; 3315 3316 do { 3317 pn = pn->next; 3318 } while (pn && !net_eq(pneigh_net(pn), net)); 3319 3320 while (!pn) { 3321 if (++state->bucket > PNEIGH_HASHMASK) 3322 break; 3323 pn = tbl->phash_buckets[state->bucket]; 3324 while (pn && !net_eq(pneigh_net(pn), net)) 3325 pn = pn->next; 3326 if (pn) 3327 break; 3328 } 3329 3330 if (pn && pos) 3331 --(*pos); 3332 3333 return pn; 3334 } 3335 3336 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3337 { 3338 struct pneigh_entry *pn = pneigh_get_first(seq); 3339 3340 if (pn) { 3341 --(*pos); 3342 while (*pos) { 3343 pn = pneigh_get_next(seq, pn, pos); 3344 if (!pn) 3345 break; 3346 } 3347 } 3348 return *pos ? NULL : pn; 3349 } 3350 3351 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3352 { 3353 struct neigh_seq_state *state = seq->private; 3354 void *rc; 3355 loff_t idxpos = *pos; 3356 3357 rc = neigh_get_idx(seq, &idxpos); 3358 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3359 rc = pneigh_get_idx(seq, &idxpos); 3360 3361 return rc; 3362 } 3363 3364 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3365 __acquires(tbl->lock) 3366 __acquires(rcu) 3367 { 3368 struct neigh_seq_state *state = seq->private; 3369 3370 state->tbl = tbl; 3371 state->bucket = -1; 3372 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3373 3374 rcu_read_lock(); 3375 state->nht = rcu_dereference(tbl->nht); 3376 read_lock_bh(&tbl->lock); 3377 3378 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3379 } 3380 EXPORT_SYMBOL(neigh_seq_start); 3381 3382 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3383 { 3384 struct neigh_seq_state *state; 3385 void *rc; 3386 3387 if (v == SEQ_START_TOKEN) { 3388 rc = neigh_get_first(seq); 3389 goto out; 3390 } 3391 3392 state = seq->private; 3393 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3394 rc = neigh_get_next(seq, v, NULL); 3395 if (rc) 3396 goto out; 3397 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3398 rc = pneigh_get_first(seq); 3399 } else { 3400 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3401 rc = pneigh_get_next(seq, v, NULL); 3402 } 3403 out: 3404 ++(*pos); 3405 return rc; 3406 } 3407 EXPORT_SYMBOL(neigh_seq_next); 3408 3409 void neigh_seq_stop(struct seq_file *seq, void *v) 3410 __releases(tbl->lock) 3411 __releases(rcu) 3412 { 3413 struct neigh_seq_state *state = seq->private; 3414 struct neigh_table *tbl = state->tbl; 3415 3416 read_unlock_bh(&tbl->lock); 3417 rcu_read_unlock(); 3418 } 3419 EXPORT_SYMBOL(neigh_seq_stop); 3420 3421 /* statistics via seq_file */ 3422 3423 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3424 { 3425 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3426 int cpu; 3427 3428 if (*pos == 0) 3429 return SEQ_START_TOKEN; 3430 3431 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3432 if (!cpu_possible(cpu)) 3433 continue; 3434 *pos = cpu+1; 3435 return per_cpu_ptr(tbl->stats, cpu); 3436 } 3437 return NULL; 3438 } 3439 3440 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3441 { 3442 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3443 int cpu; 3444 3445 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3446 if (!cpu_possible(cpu)) 3447 continue; 3448 *pos = cpu+1; 3449 return per_cpu_ptr(tbl->stats, cpu); 3450 } 3451 (*pos)++; 3452 return NULL; 3453 } 3454 3455 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3456 { 3457 3458 } 3459 3460 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3461 { 3462 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3463 struct neigh_statistics *st = v; 3464 3465 if (v == SEQ_START_TOKEN) { 3466 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3467 return 0; 3468 } 3469 3470 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3471 "%08lx %08lx %08lx " 3472 "%08lx %08lx %08lx\n", 3473 atomic_read(&tbl->entries), 3474 3475 st->allocs, 3476 st->destroys, 3477 st->hash_grows, 3478 3479 st->lookups, 3480 st->hits, 3481 3482 st->res_failed, 3483 3484 st->rcv_probes_mcast, 3485 st->rcv_probes_ucast, 3486 3487 st->periodic_gc_runs, 3488 st->forced_gc_runs, 3489 st->unres_discards, 3490 st->table_fulls 3491 ); 3492 3493 return 0; 3494 } 3495 3496 static const struct seq_operations neigh_stat_seq_ops = { 3497 .start = neigh_stat_seq_start, 3498 .next = neigh_stat_seq_next, 3499 .stop = neigh_stat_seq_stop, 3500 .show = neigh_stat_seq_show, 3501 }; 3502 #endif /* CONFIG_PROC_FS */ 3503 3504 static void __neigh_notify(struct neighbour *n, int type, int flags, 3505 u32 pid) 3506 { 3507 struct sk_buff *skb; 3508 int err = -ENOBUFS; 3509 struct net *net; 3510 3511 rcu_read_lock(); 3512 net = dev_net_rcu(n->dev); 3513 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3514 if (skb == NULL) 3515 goto errout; 3516 3517 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3518 if (err < 0) { 3519 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3520 WARN_ON(err == -EMSGSIZE); 3521 kfree_skb(skb); 3522 goto errout; 3523 } 3524 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3525 goto out; 3526 errout: 3527 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3528 out: 3529 rcu_read_unlock(); 3530 } 3531 3532 void neigh_app_ns(struct neighbour *n) 3533 { 3534 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3535 } 3536 EXPORT_SYMBOL(neigh_app_ns); 3537 3538 #ifdef CONFIG_SYSCTL 3539 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3540 3541 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3542 void *buffer, size_t *lenp, loff_t *ppos) 3543 { 3544 int size, ret; 3545 struct ctl_table tmp = *ctl; 3546 3547 tmp.extra1 = SYSCTL_ZERO; 3548 tmp.extra2 = &unres_qlen_max; 3549 tmp.data = &size; 3550 3551 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3552 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3553 3554 if (write && !ret) 3555 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3556 return ret; 3557 } 3558 3559 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3560 int index) 3561 { 3562 struct net_device *dev; 3563 int family = neigh_parms_family(p); 3564 3565 rcu_read_lock(); 3566 for_each_netdev_rcu(net, dev) { 3567 struct neigh_parms *dst_p = 3568 neigh_get_dev_parms_rcu(dev, family); 3569 3570 if (dst_p && !test_bit(index, dst_p->data_state)) 3571 dst_p->data[index] = p->data[index]; 3572 } 3573 rcu_read_unlock(); 3574 } 3575 3576 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3577 { 3578 struct net_device *dev = ctl->extra1; 3579 struct neigh_parms *p = ctl->extra2; 3580 struct net *net = neigh_parms_net(p); 3581 int index = (int *) ctl->data - p->data; 3582 3583 if (!write) 3584 return; 3585 3586 set_bit(index, p->data_state); 3587 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3588 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3589 if (!dev) /* NULL dev means this is default value */ 3590 neigh_copy_dflt_parms(net, p, index); 3591 } 3592 3593 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3594 void *buffer, size_t *lenp, 3595 loff_t *ppos) 3596 { 3597 struct ctl_table tmp = *ctl; 3598 int ret; 3599 3600 tmp.extra1 = SYSCTL_ZERO; 3601 tmp.extra2 = SYSCTL_INT_MAX; 3602 3603 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3604 neigh_proc_update(ctl, write); 3605 return ret; 3606 } 3607 3608 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3609 void *buffer, size_t *lenp, loff_t *ppos) 3610 { 3611 struct ctl_table tmp = *ctl; 3612 int ret; 3613 3614 int min = msecs_to_jiffies(1); 3615 3616 tmp.extra1 = &min; 3617 tmp.extra2 = NULL; 3618 3619 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3620 neigh_proc_update(ctl, write); 3621 return ret; 3622 } 3623 3624 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3625 size_t *lenp, loff_t *ppos) 3626 { 3627 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3628 3629 neigh_proc_update(ctl, write); 3630 return ret; 3631 } 3632 EXPORT_SYMBOL(neigh_proc_dointvec); 3633 3634 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3635 size_t *lenp, loff_t *ppos) 3636 { 3637 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3638 3639 neigh_proc_update(ctl, write); 3640 return ret; 3641 } 3642 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3643 3644 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3645 void *buffer, size_t *lenp, 3646 loff_t *ppos) 3647 { 3648 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3649 3650 neigh_proc_update(ctl, write); 3651 return ret; 3652 } 3653 3654 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3655 void *buffer, size_t *lenp, loff_t *ppos) 3656 { 3657 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3658 3659 neigh_proc_update(ctl, write); 3660 return ret; 3661 } 3662 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3663 3664 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3665 void *buffer, size_t *lenp, 3666 loff_t *ppos) 3667 { 3668 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3669 3670 neigh_proc_update(ctl, write); 3671 return ret; 3672 } 3673 3674 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3675 void *buffer, size_t *lenp, 3676 loff_t *ppos) 3677 { 3678 struct neigh_parms *p = ctl->extra2; 3679 int ret; 3680 3681 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3682 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3683 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3684 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3685 else 3686 ret = -1; 3687 3688 if (write && ret == 0) { 3689 /* update reachable_time as well, otherwise, the change will 3690 * only be effective after the next time neigh_periodic_work 3691 * decides to recompute it 3692 */ 3693 p->reachable_time = 3694 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3695 } 3696 return ret; 3697 } 3698 3699 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3700 (&((struct neigh_parms *) 0)->data[index]) 3701 3702 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3703 [NEIGH_VAR_ ## attr] = { \ 3704 .procname = name, \ 3705 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3706 .maxlen = sizeof(int), \ 3707 .mode = mval, \ 3708 .proc_handler = proc, \ 3709 } 3710 3711 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3712 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3713 3714 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3715 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3716 3717 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3718 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3719 3720 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3721 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3722 3723 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3724 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3725 3726 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3727 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3728 3729 static struct neigh_sysctl_table { 3730 struct ctl_table_header *sysctl_header; 3731 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3732 } neigh_sysctl_template __read_mostly = { 3733 .neigh_vars = { 3734 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3735 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3736 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3737 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3738 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3739 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3740 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3741 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3742 "interval_probe_time_ms"), 3743 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3744 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3745 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3746 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3747 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3748 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3749 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3750 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3751 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3752 [NEIGH_VAR_GC_INTERVAL] = { 3753 .procname = "gc_interval", 3754 .maxlen = sizeof(int), 3755 .mode = 0644, 3756 .proc_handler = proc_dointvec_jiffies, 3757 }, 3758 [NEIGH_VAR_GC_THRESH1] = { 3759 .procname = "gc_thresh1", 3760 .maxlen = sizeof(int), 3761 .mode = 0644, 3762 .extra1 = SYSCTL_ZERO, 3763 .extra2 = SYSCTL_INT_MAX, 3764 .proc_handler = proc_dointvec_minmax, 3765 }, 3766 [NEIGH_VAR_GC_THRESH2] = { 3767 .procname = "gc_thresh2", 3768 .maxlen = sizeof(int), 3769 .mode = 0644, 3770 .extra1 = SYSCTL_ZERO, 3771 .extra2 = SYSCTL_INT_MAX, 3772 .proc_handler = proc_dointvec_minmax, 3773 }, 3774 [NEIGH_VAR_GC_THRESH3] = { 3775 .procname = "gc_thresh3", 3776 .maxlen = sizeof(int), 3777 .mode = 0644, 3778 .extra1 = SYSCTL_ZERO, 3779 .extra2 = SYSCTL_INT_MAX, 3780 .proc_handler = proc_dointvec_minmax, 3781 }, 3782 }, 3783 }; 3784 3785 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3786 proc_handler *handler) 3787 { 3788 int i; 3789 struct neigh_sysctl_table *t; 3790 const char *dev_name_source; 3791 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3792 char *p_name; 3793 size_t neigh_vars_size; 3794 3795 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3796 if (!t) 3797 goto err; 3798 3799 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3800 t->neigh_vars[i].data += (long) p; 3801 t->neigh_vars[i].extra1 = dev; 3802 t->neigh_vars[i].extra2 = p; 3803 } 3804 3805 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3806 if (dev) { 3807 dev_name_source = dev->name; 3808 /* Terminate the table early */ 3809 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3810 } else { 3811 struct neigh_table *tbl = p->tbl; 3812 dev_name_source = "default"; 3813 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3814 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3815 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3816 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3817 } 3818 3819 if (handler) { 3820 /* RetransTime */ 3821 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3822 /* ReachableTime */ 3823 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3824 /* RetransTime (in milliseconds)*/ 3825 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3826 /* ReachableTime (in milliseconds) */ 3827 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3828 } else { 3829 /* Those handlers will update p->reachable_time after 3830 * base_reachable_time(_ms) is set to ensure the new timer starts being 3831 * applied after the next neighbour update instead of waiting for 3832 * neigh_periodic_work to update its value (can be multiple minutes) 3833 * So any handler that replaces them should do this as well 3834 */ 3835 /* ReachableTime */ 3836 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3837 neigh_proc_base_reachable_time; 3838 /* ReachableTime (in milliseconds) */ 3839 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3840 neigh_proc_base_reachable_time; 3841 } 3842 3843 switch (neigh_parms_family(p)) { 3844 case AF_INET: 3845 p_name = "ipv4"; 3846 break; 3847 case AF_INET6: 3848 p_name = "ipv6"; 3849 break; 3850 default: 3851 BUG(); 3852 } 3853 3854 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3855 p_name, dev_name_source); 3856 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3857 neigh_path, t->neigh_vars, 3858 neigh_vars_size); 3859 if (!t->sysctl_header) 3860 goto free; 3861 3862 p->sysctl_table = t; 3863 return 0; 3864 3865 free: 3866 kfree(t); 3867 err: 3868 return -ENOBUFS; 3869 } 3870 EXPORT_SYMBOL(neigh_sysctl_register); 3871 3872 void neigh_sysctl_unregister(struct neigh_parms *p) 3873 { 3874 if (p->sysctl_table) { 3875 struct neigh_sysctl_table *t = p->sysctl_table; 3876 p->sysctl_table = NULL; 3877 unregister_net_sysctl_table(t->sysctl_header); 3878 kfree(t); 3879 } 3880 } 3881 EXPORT_SYMBOL(neigh_sysctl_unregister); 3882 3883 #endif /* CONFIG_SYSCTL */ 3884 3885 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3886 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3887 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3888 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3889 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3890 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info}, 3891 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3892 }; 3893 3894 static int __init neigh_init(void) 3895 { 3896 rtnl_register_many(neigh_rtnl_msg_handlers); 3897 return 0; 3898 } 3899 3900 subsys_initcall(neigh_init); 3901