1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/sock.h> 32 #include <net/netevent.h> 33 #include <net/netlink.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/random.h> 36 #include <linux/string.h> 37 #include <linux/log2.h> 38 #include <linux/inetdevice.h> 39 #include <net/addrconf.h> 40 41 #include <trace/events/neigh.h> 42 43 #define NEIGH_DEBUG 1 44 #define neigh_dbg(level, fmt, ...) \ 45 do { \ 46 if (level <= NEIGH_DEBUG) \ 47 pr_debug(fmt, ##__VA_ARGS__); \ 48 } while (0) 49 50 #define PNEIGH_HASHMASK 0xF 51 52 static void neigh_timer_handler(struct timer_list *t); 53 static void __neigh_notify(struct neighbour *n, int type, int flags, 54 u32 pid); 55 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 56 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 57 struct net_device *dev, 58 bool skip_perm); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family) 65 { 66 int i; 67 68 switch (family) { 69 default: 70 DEBUG_NET_WARN_ON_ONCE(1); 71 fallthrough; /* to avoid panic by null-ptr-deref */ 72 case AF_INET: 73 i = NEIGH_ARP_TABLE; 74 break; 75 case AF_INET6: 76 i = NEIGH_ND_TABLE; 77 break; 78 } 79 80 return &dev->neighbours[i]; 81 } 82 83 /* 84 Neighbour hash table buckets are protected with rwlock tbl->lock. 85 86 - All the scans/updates to hash buckets MUST be made under this lock. 87 - NOTHING clever should be made under this lock: no callbacks 88 to protocol backends, no attempts to send something to network. 89 It will result in deadlocks, if backend/driver wants to use neighbour 90 cache. 91 - If the entry requires some non-trivial actions, increase 92 its reference count and release table lock. 93 94 Neighbour entries are protected: 95 - with reference count. 96 - with rwlock neigh->lock 97 98 Reference count prevents destruction. 99 100 neigh->lock mainly serializes ll address data and its validity state. 101 However, the same lock is used to protect another entry fields: 102 - timer 103 - resolution queue 104 105 Again, nothing clever shall be made under neigh->lock, 106 the most complicated procedure, which we allow is dev->hard_header. 107 It is supposed, that dev->hard_header is simplistic and does 108 not make callbacks to neighbour tables. 109 */ 110 111 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 112 { 113 kfree_skb(skb); 114 return -ENETDOWN; 115 } 116 117 static void neigh_cleanup_and_release(struct neighbour *neigh) 118 { 119 trace_neigh_cleanup_and_release(neigh, 0); 120 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 121 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 122 neigh_release(neigh); 123 } 124 125 /* 126 * It is random distribution in the interval (1/2)*base...(3/2)*base. 127 * It corresponds to default IPv6 settings and is not overridable, 128 * because it is really reasonable choice. 129 */ 130 131 unsigned long neigh_rand_reach_time(unsigned long base) 132 { 133 return base ? get_random_u32_below(base) + (base >> 1) : 0; 134 } 135 EXPORT_SYMBOL(neigh_rand_reach_time); 136 137 static void neigh_mark_dead(struct neighbour *n) 138 { 139 n->dead = 1; 140 if (!list_empty(&n->gc_list)) { 141 list_del_init(&n->gc_list); 142 atomic_dec(&n->tbl->gc_entries); 143 } 144 if (!list_empty(&n->managed_list)) 145 list_del_init(&n->managed_list); 146 } 147 148 static void neigh_update_gc_list(struct neighbour *n) 149 { 150 bool on_gc_list, exempt_from_gc; 151 152 write_lock_bh(&n->tbl->lock); 153 write_lock(&n->lock); 154 if (n->dead) 155 goto out; 156 157 /* remove from the gc list if new state is permanent or if neighbor is 158 * externally learned / validated; otherwise entry should be on the gc 159 * list 160 */ 161 exempt_from_gc = n->nud_state & NUD_PERMANENT || 162 n->flags & (NTF_EXT_LEARNED | NTF_EXT_VALIDATED); 163 on_gc_list = !list_empty(&n->gc_list); 164 165 if (exempt_from_gc && on_gc_list) { 166 list_del_init(&n->gc_list); 167 atomic_dec(&n->tbl->gc_entries); 168 } else if (!exempt_from_gc && !on_gc_list) { 169 /* add entries to the tail; cleaning removes from the front */ 170 list_add_tail(&n->gc_list, &n->tbl->gc_list); 171 atomic_inc(&n->tbl->gc_entries); 172 } 173 out: 174 write_unlock(&n->lock); 175 write_unlock_bh(&n->tbl->lock); 176 } 177 178 static void neigh_update_managed_list(struct neighbour *n) 179 { 180 bool on_managed_list, add_to_managed; 181 182 write_lock_bh(&n->tbl->lock); 183 write_lock(&n->lock); 184 if (n->dead) 185 goto out; 186 187 add_to_managed = n->flags & NTF_MANAGED; 188 on_managed_list = !list_empty(&n->managed_list); 189 190 if (!add_to_managed && on_managed_list) 191 list_del_init(&n->managed_list); 192 else if (add_to_managed && !on_managed_list) 193 list_add_tail(&n->managed_list, &n->tbl->managed_list); 194 out: 195 write_unlock(&n->lock); 196 write_unlock_bh(&n->tbl->lock); 197 } 198 199 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 200 bool *gc_update, bool *managed_update) 201 { 202 u32 ndm_flags, old_flags = neigh->flags; 203 204 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 205 return; 206 207 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 208 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 209 ndm_flags |= (flags & NEIGH_UPDATE_F_EXT_VALIDATED) ? NTF_EXT_VALIDATED : 0; 210 211 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 212 if (ndm_flags & NTF_EXT_LEARNED) 213 neigh->flags |= NTF_EXT_LEARNED; 214 else 215 neigh->flags &= ~NTF_EXT_LEARNED; 216 *notify = 1; 217 *gc_update = true; 218 } 219 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 220 if (ndm_flags & NTF_MANAGED) 221 neigh->flags |= NTF_MANAGED; 222 else 223 neigh->flags &= ~NTF_MANAGED; 224 *notify = 1; 225 *managed_update = true; 226 } 227 if ((old_flags ^ ndm_flags) & NTF_EXT_VALIDATED) { 228 if (ndm_flags & NTF_EXT_VALIDATED) 229 neigh->flags |= NTF_EXT_VALIDATED; 230 else 231 neigh->flags &= ~NTF_EXT_VALIDATED; 232 *notify = 1; 233 *gc_update = true; 234 } 235 } 236 237 bool neigh_remove_one(struct neighbour *n) 238 { 239 bool retval = false; 240 241 write_lock(&n->lock); 242 if (refcount_read(&n->refcnt) == 1) { 243 hlist_del_rcu(&n->hash); 244 hlist_del_rcu(&n->dev_list); 245 neigh_mark_dead(n); 246 retval = true; 247 } 248 write_unlock(&n->lock); 249 if (retval) 250 neigh_cleanup_and_release(n); 251 return retval; 252 } 253 254 static int neigh_forced_gc(struct neigh_table *tbl) 255 { 256 int max_clean = atomic_read(&tbl->gc_entries) - 257 READ_ONCE(tbl->gc_thresh2); 258 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 259 unsigned long tref = jiffies - 5 * HZ; 260 struct neighbour *n, *tmp; 261 int shrunk = 0; 262 int loop = 0; 263 264 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 265 266 write_lock_bh(&tbl->lock); 267 268 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 269 if (refcount_read(&n->refcnt) == 1) { 270 bool remove = false; 271 272 write_lock(&n->lock); 273 if ((n->nud_state == NUD_FAILED) || 274 (n->nud_state == NUD_NOARP) || 275 (tbl->is_multicast && 276 tbl->is_multicast(n->primary_key)) || 277 !time_in_range(n->updated, tref, jiffies)) 278 remove = true; 279 write_unlock(&n->lock); 280 281 if (remove && neigh_remove_one(n)) 282 shrunk++; 283 if (shrunk >= max_clean) 284 break; 285 if (++loop == 16) { 286 if (ktime_get_ns() > tmax) 287 goto unlock; 288 loop = 0; 289 } 290 } 291 } 292 293 WRITE_ONCE(tbl->last_flush, jiffies); 294 unlock: 295 write_unlock_bh(&tbl->lock); 296 297 return shrunk; 298 } 299 300 static void neigh_add_timer(struct neighbour *n, unsigned long when) 301 { 302 /* Use safe distance from the jiffies - LONG_MAX point while timer 303 * is running in DELAY/PROBE state but still show to user space 304 * large times in the past. 305 */ 306 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 307 308 neigh_hold(n); 309 if (!time_in_range(n->confirmed, mint, jiffies)) 310 n->confirmed = mint; 311 if (time_before(n->used, n->confirmed)) 312 n->used = n->confirmed; 313 if (unlikely(mod_timer(&n->timer, when))) { 314 printk("NEIGH: BUG, double timer add, state is %x\n", 315 n->nud_state); 316 dump_stack(); 317 } 318 } 319 320 static int neigh_del_timer(struct neighbour *n) 321 { 322 if ((n->nud_state & NUD_IN_TIMER) && 323 timer_delete(&n->timer)) { 324 neigh_release(n); 325 return 1; 326 } 327 return 0; 328 } 329 330 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 331 int family) 332 { 333 switch (family) { 334 case AF_INET: 335 return __in_dev_arp_parms_get_rcu(dev); 336 case AF_INET6: 337 return __in6_dev_nd_parms_get_rcu(dev); 338 } 339 return NULL; 340 } 341 342 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 343 { 344 struct neigh_parms *p; 345 346 rcu_read_lock(); 347 p = neigh_get_dev_parms_rcu(dev, family); 348 if (p) 349 p->qlen--; 350 rcu_read_unlock(); 351 } 352 353 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 354 int family) 355 { 356 struct sk_buff_head tmp; 357 unsigned long flags; 358 struct sk_buff *skb; 359 360 skb_queue_head_init(&tmp); 361 spin_lock_irqsave(&list->lock, flags); 362 skb = skb_peek(list); 363 while (skb != NULL) { 364 struct sk_buff *skb_next = skb_peek_next(skb, list); 365 struct net_device *dev = skb->dev; 366 367 if (net == NULL || net_eq(dev_net(dev), net)) { 368 neigh_parms_qlen_dec(dev, family); 369 __skb_unlink(skb, list); 370 __skb_queue_tail(&tmp, skb); 371 } 372 skb = skb_next; 373 } 374 spin_unlock_irqrestore(&list->lock, flags); 375 376 while ((skb = __skb_dequeue(&tmp))) { 377 dev_put(skb->dev); 378 kfree_skb(skb); 379 } 380 } 381 382 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 383 bool skip_perm) 384 { 385 struct hlist_head *dev_head; 386 struct hlist_node *tmp; 387 struct neighbour *n; 388 389 dev_head = neigh_get_dev_table(dev, tbl->family); 390 391 hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) { 392 if (skip_perm && 393 (n->nud_state & NUD_PERMANENT || 394 n->flags & NTF_EXT_VALIDATED)) 395 continue; 396 397 hlist_del_rcu(&n->hash); 398 hlist_del_rcu(&n->dev_list); 399 write_lock(&n->lock); 400 neigh_del_timer(n); 401 neigh_mark_dead(n); 402 if (refcount_read(&n->refcnt) != 1) { 403 /* The most unpleasant situation. 404 * We must destroy neighbour entry, 405 * but someone still uses it. 406 * 407 * The destroy will be delayed until 408 * the last user releases us, but 409 * we must kill timers etc. and move 410 * it to safe state. 411 */ 412 __skb_queue_purge(&n->arp_queue); 413 n->arp_queue_len_bytes = 0; 414 WRITE_ONCE(n->output, neigh_blackhole); 415 if (n->nud_state & NUD_VALID) 416 n->nud_state = NUD_NOARP; 417 else 418 n->nud_state = NUD_NONE; 419 neigh_dbg(2, "neigh %p is stray\n", n); 420 } 421 write_unlock(&n->lock); 422 neigh_cleanup_and_release(n); 423 } 424 } 425 426 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 427 { 428 write_lock_bh(&tbl->lock); 429 neigh_flush_dev(tbl, dev, false); 430 write_unlock_bh(&tbl->lock); 431 } 432 EXPORT_SYMBOL(neigh_changeaddr); 433 434 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 435 bool skip_perm) 436 { 437 write_lock_bh(&tbl->lock); 438 neigh_flush_dev(tbl, dev, skip_perm); 439 pneigh_ifdown_and_unlock(tbl, dev, skip_perm); 440 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 441 tbl->family); 442 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 443 timer_delete_sync(&tbl->proxy_timer); 444 return 0; 445 } 446 447 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 448 { 449 __neigh_ifdown(tbl, dev, true); 450 return 0; 451 } 452 EXPORT_SYMBOL(neigh_carrier_down); 453 454 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 455 { 456 __neigh_ifdown(tbl, dev, false); 457 return 0; 458 } 459 EXPORT_SYMBOL(neigh_ifdown); 460 461 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 462 struct net_device *dev, 463 u32 flags, bool exempt_from_gc) 464 { 465 struct neighbour *n = NULL; 466 unsigned long now = jiffies; 467 int entries, gc_thresh3; 468 469 if (exempt_from_gc) 470 goto do_alloc; 471 472 entries = atomic_inc_return(&tbl->gc_entries) - 1; 473 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 474 if (entries >= gc_thresh3 || 475 (entries >= READ_ONCE(tbl->gc_thresh2) && 476 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 477 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 478 net_info_ratelimited("%s: neighbor table overflow!\n", 479 tbl->id); 480 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 481 goto out_entries; 482 } 483 } 484 485 do_alloc: 486 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 487 if (!n) 488 goto out_entries; 489 490 __skb_queue_head_init(&n->arp_queue); 491 rwlock_init(&n->lock); 492 seqlock_init(&n->ha_lock); 493 n->updated = n->used = now; 494 n->nud_state = NUD_NONE; 495 n->output = neigh_blackhole; 496 n->flags = flags; 497 seqlock_init(&n->hh.hh_lock); 498 n->parms = neigh_parms_clone(&tbl->parms); 499 timer_setup(&n->timer, neigh_timer_handler, 0); 500 501 NEIGH_CACHE_STAT_INC(tbl, allocs); 502 n->tbl = tbl; 503 refcount_set(&n->refcnt, 1); 504 n->dead = 1; 505 INIT_LIST_HEAD(&n->gc_list); 506 INIT_LIST_HEAD(&n->managed_list); 507 508 atomic_inc(&tbl->entries); 509 out: 510 return n; 511 512 out_entries: 513 if (!exempt_from_gc) 514 atomic_dec(&tbl->gc_entries); 515 goto out; 516 } 517 518 static void neigh_get_hash_rnd(u32 *x) 519 { 520 *x = get_random_u32() | 1; 521 } 522 523 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 524 { 525 size_t size = (1 << shift) * sizeof(struct hlist_head); 526 struct hlist_head *hash_heads; 527 struct neigh_hash_table *ret; 528 int i; 529 530 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 531 if (!ret) 532 return NULL; 533 534 hash_heads = kzalloc(size, GFP_ATOMIC); 535 if (!hash_heads) { 536 kfree(ret); 537 return NULL; 538 } 539 ret->hash_heads = hash_heads; 540 ret->hash_shift = shift; 541 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 542 neigh_get_hash_rnd(&ret->hash_rnd[i]); 543 return ret; 544 } 545 546 static void neigh_hash_free_rcu(struct rcu_head *head) 547 { 548 struct neigh_hash_table *nht = container_of(head, 549 struct neigh_hash_table, 550 rcu); 551 552 kfree(nht->hash_heads); 553 kfree(nht); 554 } 555 556 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 557 unsigned long new_shift) 558 { 559 unsigned int i, hash; 560 struct neigh_hash_table *new_nht, *old_nht; 561 562 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 563 564 old_nht = rcu_dereference_protected(tbl->nht, 565 lockdep_is_held(&tbl->lock)); 566 new_nht = neigh_hash_alloc(new_shift); 567 if (!new_nht) 568 return old_nht; 569 570 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 571 struct hlist_node *tmp; 572 struct neighbour *n; 573 574 neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) { 575 hash = tbl->hash(n->primary_key, n->dev, 576 new_nht->hash_rnd); 577 578 hash >>= (32 - new_nht->hash_shift); 579 580 hlist_del_rcu(&n->hash); 581 hlist_add_head_rcu(&n->hash, &new_nht->hash_heads[hash]); 582 } 583 } 584 585 rcu_assign_pointer(tbl->nht, new_nht); 586 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 587 return new_nht; 588 } 589 590 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 591 struct net_device *dev) 592 { 593 struct neighbour *n; 594 595 NEIGH_CACHE_STAT_INC(tbl, lookups); 596 597 rcu_read_lock(); 598 n = __neigh_lookup_noref(tbl, pkey, dev); 599 if (n) { 600 if (!refcount_inc_not_zero(&n->refcnt)) 601 n = NULL; 602 NEIGH_CACHE_STAT_INC(tbl, hits); 603 } 604 605 rcu_read_unlock(); 606 return n; 607 } 608 EXPORT_SYMBOL(neigh_lookup); 609 610 static struct neighbour * 611 ___neigh_create(struct neigh_table *tbl, const void *pkey, 612 struct net_device *dev, u32 flags, 613 bool exempt_from_gc, bool want_ref) 614 { 615 u32 hash_val, key_len = tbl->key_len; 616 struct neighbour *n1, *rc, *n; 617 struct neigh_hash_table *nht; 618 int error; 619 620 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 621 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 622 if (!n) { 623 rc = ERR_PTR(-ENOBUFS); 624 goto out; 625 } 626 627 memcpy(n->primary_key, pkey, key_len); 628 n->dev = dev; 629 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 630 631 /* Protocol specific setup. */ 632 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 633 rc = ERR_PTR(error); 634 goto out_neigh_release; 635 } 636 637 if (dev->netdev_ops->ndo_neigh_construct) { 638 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 639 if (error < 0) { 640 rc = ERR_PTR(error); 641 goto out_neigh_release; 642 } 643 } 644 645 /* Device specific setup. */ 646 if (n->parms->neigh_setup && 647 (error = n->parms->neigh_setup(n)) < 0) { 648 rc = ERR_PTR(error); 649 goto out_neigh_release; 650 } 651 652 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 653 654 write_lock_bh(&tbl->lock); 655 nht = rcu_dereference_protected(tbl->nht, 656 lockdep_is_held(&tbl->lock)); 657 658 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 659 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 660 661 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 662 663 if (n->parms->dead) { 664 rc = ERR_PTR(-EINVAL); 665 goto out_tbl_unlock; 666 } 667 668 neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) { 669 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 670 if (want_ref) 671 neigh_hold(n1); 672 rc = n1; 673 goto out_tbl_unlock; 674 } 675 } 676 677 n->dead = 0; 678 if (!exempt_from_gc) 679 list_add_tail(&n->gc_list, &n->tbl->gc_list); 680 if (n->flags & NTF_MANAGED) 681 list_add_tail(&n->managed_list, &n->tbl->managed_list); 682 if (want_ref) 683 neigh_hold(n); 684 hlist_add_head_rcu(&n->hash, &nht->hash_heads[hash_val]); 685 686 hlist_add_head_rcu(&n->dev_list, 687 neigh_get_dev_table(dev, tbl->family)); 688 689 write_unlock_bh(&tbl->lock); 690 neigh_dbg(2, "neigh %p is created\n", n); 691 rc = n; 692 out: 693 return rc; 694 out_tbl_unlock: 695 write_unlock_bh(&tbl->lock); 696 out_neigh_release: 697 if (!exempt_from_gc) 698 atomic_dec(&tbl->gc_entries); 699 neigh_release(n); 700 goto out; 701 } 702 703 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 704 struct net_device *dev, bool want_ref) 705 { 706 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 707 708 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 709 } 710 EXPORT_SYMBOL(__neigh_create); 711 712 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 713 { 714 u32 hash_val = *(u32 *)(pkey + key_len - 4); 715 hash_val ^= (hash_val >> 16); 716 hash_val ^= hash_val >> 8; 717 hash_val ^= hash_val >> 4; 718 hash_val &= PNEIGH_HASHMASK; 719 return hash_val; 720 } 721 722 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 723 struct net *net, 724 const void *pkey, 725 unsigned int key_len, 726 struct net_device *dev) 727 { 728 while (n) { 729 if (!memcmp(n->key, pkey, key_len) && 730 net_eq(pneigh_net(n), net) && 731 (n->dev == dev || !n->dev)) 732 return n; 733 n = n->next; 734 } 735 return NULL; 736 } 737 738 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 739 struct net *net, const void *pkey, struct net_device *dev) 740 { 741 unsigned int key_len = tbl->key_len; 742 u32 hash_val = pneigh_hash(pkey, key_len); 743 744 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 745 net, pkey, key_len, dev); 746 } 747 EXPORT_SYMBOL_GPL(__pneigh_lookup); 748 749 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 750 struct net *net, const void *pkey, 751 struct net_device *dev, int creat) 752 { 753 struct pneigh_entry *n; 754 unsigned int key_len = tbl->key_len; 755 u32 hash_val = pneigh_hash(pkey, key_len); 756 757 read_lock_bh(&tbl->lock); 758 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 759 net, pkey, key_len, dev); 760 read_unlock_bh(&tbl->lock); 761 762 if (n || !creat) 763 goto out; 764 765 ASSERT_RTNL(); 766 767 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 768 if (!n) 769 goto out; 770 771 write_pnet(&n->net, net); 772 memcpy(n->key, pkey, key_len); 773 n->dev = dev; 774 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 775 776 if (tbl->pconstructor && tbl->pconstructor(n)) { 777 netdev_put(dev, &n->dev_tracker); 778 kfree(n); 779 n = NULL; 780 goto out; 781 } 782 783 write_lock_bh(&tbl->lock); 784 n->next = tbl->phash_buckets[hash_val]; 785 tbl->phash_buckets[hash_val] = n; 786 write_unlock_bh(&tbl->lock); 787 out: 788 return n; 789 } 790 EXPORT_SYMBOL(pneigh_lookup); 791 792 793 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 794 struct net_device *dev) 795 { 796 struct pneigh_entry *n, **np; 797 unsigned int key_len = tbl->key_len; 798 u32 hash_val = pneigh_hash(pkey, key_len); 799 800 write_lock_bh(&tbl->lock); 801 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 802 np = &n->next) { 803 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 804 net_eq(pneigh_net(n), net)) { 805 *np = n->next; 806 write_unlock_bh(&tbl->lock); 807 if (tbl->pdestructor) 808 tbl->pdestructor(n); 809 netdev_put(n->dev, &n->dev_tracker); 810 kfree(n); 811 return 0; 812 } 813 } 814 write_unlock_bh(&tbl->lock); 815 return -ENOENT; 816 } 817 818 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 819 struct net_device *dev, 820 bool skip_perm) 821 { 822 struct pneigh_entry *n, **np, *freelist = NULL; 823 u32 h; 824 825 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 826 np = &tbl->phash_buckets[h]; 827 while ((n = *np) != NULL) { 828 if (skip_perm && n->permanent) 829 goto skip; 830 if (!dev || n->dev == dev) { 831 *np = n->next; 832 n->next = freelist; 833 freelist = n; 834 continue; 835 } 836 skip: 837 np = &n->next; 838 } 839 } 840 write_unlock_bh(&tbl->lock); 841 while ((n = freelist)) { 842 freelist = n->next; 843 n->next = NULL; 844 if (tbl->pdestructor) 845 tbl->pdestructor(n); 846 netdev_put(n->dev, &n->dev_tracker); 847 kfree(n); 848 } 849 return -ENOENT; 850 } 851 852 static inline void neigh_parms_put(struct neigh_parms *parms) 853 { 854 if (refcount_dec_and_test(&parms->refcnt)) 855 kfree(parms); 856 } 857 858 /* 859 * neighbour must already be out of the table; 860 * 861 */ 862 void neigh_destroy(struct neighbour *neigh) 863 { 864 struct net_device *dev = neigh->dev; 865 866 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 867 868 if (!neigh->dead) { 869 pr_warn("Destroying alive neighbour %p\n", neigh); 870 dump_stack(); 871 return; 872 } 873 874 if (neigh_del_timer(neigh)) 875 pr_warn("Impossible event\n"); 876 877 write_lock_bh(&neigh->lock); 878 __skb_queue_purge(&neigh->arp_queue); 879 write_unlock_bh(&neigh->lock); 880 neigh->arp_queue_len_bytes = 0; 881 882 if (dev->netdev_ops->ndo_neigh_destroy) 883 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 884 885 netdev_put(dev, &neigh->dev_tracker); 886 neigh_parms_put(neigh->parms); 887 888 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 889 890 atomic_dec(&neigh->tbl->entries); 891 kfree_rcu(neigh, rcu); 892 } 893 EXPORT_SYMBOL(neigh_destroy); 894 895 /* Neighbour state is suspicious; 896 disable fast path. 897 898 Called with write_locked neigh. 899 */ 900 static void neigh_suspect(struct neighbour *neigh) 901 { 902 neigh_dbg(2, "neigh %p is suspected\n", neigh); 903 904 WRITE_ONCE(neigh->output, neigh->ops->output); 905 } 906 907 /* Neighbour state is OK; 908 enable fast path. 909 910 Called with write_locked neigh. 911 */ 912 static void neigh_connect(struct neighbour *neigh) 913 { 914 neigh_dbg(2, "neigh %p is connected\n", neigh); 915 916 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 917 } 918 919 static void neigh_periodic_work(struct work_struct *work) 920 { 921 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 922 struct neigh_hash_table *nht; 923 struct hlist_node *tmp; 924 struct neighbour *n; 925 unsigned int i; 926 927 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 928 929 write_lock_bh(&tbl->lock); 930 nht = rcu_dereference_protected(tbl->nht, 931 lockdep_is_held(&tbl->lock)); 932 933 /* 934 * periodically recompute ReachableTime from random function 935 */ 936 937 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 938 struct neigh_parms *p; 939 940 WRITE_ONCE(tbl->last_rand, jiffies); 941 list_for_each_entry(p, &tbl->parms_list, list) 942 p->reachable_time = 943 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 944 } 945 946 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 947 goto out; 948 949 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 950 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) { 951 unsigned int state; 952 953 write_lock(&n->lock); 954 955 state = n->nud_state; 956 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 957 (n->flags & 958 (NTF_EXT_LEARNED | NTF_EXT_VALIDATED))) { 959 write_unlock(&n->lock); 960 continue; 961 } 962 963 if (time_before(n->used, n->confirmed) && 964 time_is_before_eq_jiffies(n->confirmed)) 965 n->used = n->confirmed; 966 967 if (refcount_read(&n->refcnt) == 1 && 968 (state == NUD_FAILED || 969 !time_in_range_open(jiffies, n->used, 970 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 971 hlist_del_rcu(&n->hash); 972 hlist_del_rcu(&n->dev_list); 973 neigh_mark_dead(n); 974 write_unlock(&n->lock); 975 neigh_cleanup_and_release(n); 976 continue; 977 } 978 write_unlock(&n->lock); 979 } 980 /* 981 * It's fine to release lock here, even if hash table 982 * grows while we are preempted. 983 */ 984 write_unlock_bh(&tbl->lock); 985 cond_resched(); 986 write_lock_bh(&tbl->lock); 987 nht = rcu_dereference_protected(tbl->nht, 988 lockdep_is_held(&tbl->lock)); 989 } 990 out: 991 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 992 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 993 * BASE_REACHABLE_TIME. 994 */ 995 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 996 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 997 write_unlock_bh(&tbl->lock); 998 } 999 1000 static __inline__ int neigh_max_probes(struct neighbour *n) 1001 { 1002 struct neigh_parms *p = n->parms; 1003 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1004 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1005 NEIGH_VAR(p, MCAST_PROBES)); 1006 } 1007 1008 static void neigh_invalidate(struct neighbour *neigh) 1009 __releases(neigh->lock) 1010 __acquires(neigh->lock) 1011 { 1012 struct sk_buff *skb; 1013 1014 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1015 neigh_dbg(2, "neigh %p is failed\n", neigh); 1016 neigh->updated = jiffies; 1017 1018 /* It is very thin place. report_unreachable is very complicated 1019 routine. Particularly, it can hit the same neighbour entry! 1020 1021 So that, we try to be accurate and avoid dead loop. --ANK 1022 */ 1023 while (neigh->nud_state == NUD_FAILED && 1024 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1025 write_unlock(&neigh->lock); 1026 neigh->ops->error_report(neigh, skb); 1027 write_lock(&neigh->lock); 1028 } 1029 __skb_queue_purge(&neigh->arp_queue); 1030 neigh->arp_queue_len_bytes = 0; 1031 } 1032 1033 static void neigh_probe(struct neighbour *neigh) 1034 __releases(neigh->lock) 1035 { 1036 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1037 /* keep skb alive even if arp_queue overflows */ 1038 if (skb) 1039 skb = skb_clone(skb, GFP_ATOMIC); 1040 write_unlock(&neigh->lock); 1041 if (neigh->ops->solicit) 1042 neigh->ops->solicit(neigh, skb); 1043 atomic_inc(&neigh->probes); 1044 consume_skb(skb); 1045 } 1046 1047 /* Called when a timer expires for a neighbour entry. */ 1048 1049 static void neigh_timer_handler(struct timer_list *t) 1050 { 1051 unsigned long now, next; 1052 struct neighbour *neigh = timer_container_of(neigh, t, timer); 1053 unsigned int state; 1054 int notify = 0; 1055 1056 write_lock(&neigh->lock); 1057 1058 state = neigh->nud_state; 1059 now = jiffies; 1060 next = now + HZ; 1061 1062 if (!(state & NUD_IN_TIMER)) 1063 goto out; 1064 1065 if (state & NUD_REACHABLE) { 1066 if (time_before_eq(now, 1067 neigh->confirmed + neigh->parms->reachable_time)) { 1068 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1069 next = neigh->confirmed + neigh->parms->reachable_time; 1070 } else if (time_before_eq(now, 1071 neigh->used + 1072 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1073 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1074 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1075 neigh->updated = jiffies; 1076 neigh_suspect(neigh); 1077 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1078 } else { 1079 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1080 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1081 neigh->updated = jiffies; 1082 neigh_suspect(neigh); 1083 notify = 1; 1084 } 1085 } else if (state & NUD_DELAY) { 1086 if (time_before_eq(now, 1087 neigh->confirmed + 1088 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1089 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1090 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1091 neigh->updated = jiffies; 1092 neigh_connect(neigh); 1093 notify = 1; 1094 next = neigh->confirmed + neigh->parms->reachable_time; 1095 } else { 1096 neigh_dbg(2, "neigh %p is probed\n", neigh); 1097 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1098 neigh->updated = jiffies; 1099 atomic_set(&neigh->probes, 0); 1100 notify = 1; 1101 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1102 HZ/100); 1103 } 1104 } else { 1105 /* NUD_PROBE|NUD_INCOMPLETE */ 1106 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1107 } 1108 1109 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1110 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1111 if (neigh->nud_state == NUD_PROBE && 1112 neigh->flags & NTF_EXT_VALIDATED) { 1113 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1114 neigh->updated = jiffies; 1115 } else { 1116 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1117 neigh_invalidate(neigh); 1118 } 1119 notify = 1; 1120 goto out; 1121 } 1122 1123 if (neigh->nud_state & NUD_IN_TIMER) { 1124 if (time_before(next, jiffies + HZ/100)) 1125 next = jiffies + HZ/100; 1126 if (!mod_timer(&neigh->timer, next)) 1127 neigh_hold(neigh); 1128 } 1129 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1130 neigh_probe(neigh); 1131 } else { 1132 out: 1133 write_unlock(&neigh->lock); 1134 } 1135 1136 if (notify) 1137 neigh_update_notify(neigh, 0); 1138 1139 trace_neigh_timer_handler(neigh, 0); 1140 1141 neigh_release(neigh); 1142 } 1143 1144 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1145 const bool immediate_ok) 1146 { 1147 int rc; 1148 bool immediate_probe = false; 1149 1150 write_lock_bh(&neigh->lock); 1151 1152 rc = 0; 1153 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1154 goto out_unlock_bh; 1155 if (neigh->dead) 1156 goto out_dead; 1157 1158 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1159 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1160 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1161 unsigned long next, now = jiffies; 1162 1163 atomic_set(&neigh->probes, 1164 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1165 neigh_del_timer(neigh); 1166 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1167 neigh->updated = now; 1168 if (!immediate_ok) { 1169 next = now + 1; 1170 } else { 1171 immediate_probe = true; 1172 next = now + max(NEIGH_VAR(neigh->parms, 1173 RETRANS_TIME), 1174 HZ / 100); 1175 } 1176 neigh_add_timer(neigh, next); 1177 } else { 1178 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1179 neigh->updated = jiffies; 1180 write_unlock_bh(&neigh->lock); 1181 1182 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1183 return 1; 1184 } 1185 } else if (neigh->nud_state & NUD_STALE) { 1186 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1187 neigh_del_timer(neigh); 1188 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1189 neigh->updated = jiffies; 1190 neigh_add_timer(neigh, jiffies + 1191 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1192 } 1193 1194 if (neigh->nud_state == NUD_INCOMPLETE) { 1195 if (skb) { 1196 while (neigh->arp_queue_len_bytes + skb->truesize > 1197 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1198 struct sk_buff *buff; 1199 1200 buff = __skb_dequeue(&neigh->arp_queue); 1201 if (!buff) 1202 break; 1203 neigh->arp_queue_len_bytes -= buff->truesize; 1204 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1205 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1206 } 1207 skb_dst_force(skb); 1208 __skb_queue_tail(&neigh->arp_queue, skb); 1209 neigh->arp_queue_len_bytes += skb->truesize; 1210 } 1211 rc = 1; 1212 } 1213 out_unlock_bh: 1214 if (immediate_probe) 1215 neigh_probe(neigh); 1216 else 1217 write_unlock(&neigh->lock); 1218 local_bh_enable(); 1219 trace_neigh_event_send_done(neigh, rc); 1220 return rc; 1221 1222 out_dead: 1223 if (neigh->nud_state & NUD_STALE) 1224 goto out_unlock_bh; 1225 write_unlock_bh(&neigh->lock); 1226 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1227 trace_neigh_event_send_dead(neigh, 1); 1228 return 1; 1229 } 1230 EXPORT_SYMBOL(__neigh_event_send); 1231 1232 static void neigh_update_hhs(struct neighbour *neigh) 1233 { 1234 struct hh_cache *hh; 1235 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1236 = NULL; 1237 1238 if (neigh->dev->header_ops) 1239 update = neigh->dev->header_ops->cache_update; 1240 1241 if (update) { 1242 hh = &neigh->hh; 1243 if (READ_ONCE(hh->hh_len)) { 1244 write_seqlock_bh(&hh->hh_lock); 1245 update(hh, neigh->dev, neigh->ha); 1246 write_sequnlock_bh(&hh->hh_lock); 1247 } 1248 } 1249 } 1250 1251 /* Generic update routine. 1252 -- lladdr is new lladdr or NULL, if it is not supplied. 1253 -- new is new state. 1254 -- flags 1255 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1256 if it is different. 1257 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1258 lladdr instead of overriding it 1259 if it is different. 1260 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1261 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1262 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1263 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1264 NTF_ROUTER flag. 1265 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1266 a router. 1267 NEIGH_UPDATE_F_EXT_VALIDATED means that the entry will not be removed 1268 or invalidated. 1269 1270 Caller MUST hold reference count on the entry. 1271 */ 1272 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1273 u8 new, u32 flags, u32 nlmsg_pid, 1274 struct netlink_ext_ack *extack) 1275 { 1276 bool gc_update = false, managed_update = false; 1277 int update_isrouter = 0; 1278 struct net_device *dev; 1279 int err, notify = 0; 1280 u8 old; 1281 1282 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1283 1284 write_lock_bh(&neigh->lock); 1285 1286 dev = neigh->dev; 1287 old = neigh->nud_state; 1288 err = -EPERM; 1289 1290 if (neigh->dead) { 1291 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1292 new = old; 1293 goto out; 1294 } 1295 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1296 (old & (NUD_NOARP | NUD_PERMANENT))) 1297 goto out; 1298 1299 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1300 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1301 new = old & ~NUD_PERMANENT; 1302 WRITE_ONCE(neigh->nud_state, new); 1303 err = 0; 1304 goto out; 1305 } 1306 1307 if (!(new & NUD_VALID)) { 1308 neigh_del_timer(neigh); 1309 if (old & NUD_CONNECTED) 1310 neigh_suspect(neigh); 1311 WRITE_ONCE(neigh->nud_state, new); 1312 err = 0; 1313 notify = old & NUD_VALID; 1314 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1315 (new & NUD_FAILED)) { 1316 neigh_invalidate(neigh); 1317 notify = 1; 1318 } 1319 goto out; 1320 } 1321 1322 /* Compare new lladdr with cached one */ 1323 if (!dev->addr_len) { 1324 /* First case: device needs no address. */ 1325 lladdr = neigh->ha; 1326 } else if (lladdr) { 1327 /* The second case: if something is already cached 1328 and a new address is proposed: 1329 - compare new & old 1330 - if they are different, check override flag 1331 */ 1332 if ((old & NUD_VALID) && 1333 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1334 lladdr = neigh->ha; 1335 } else { 1336 /* No address is supplied; if we know something, 1337 use it, otherwise discard the request. 1338 */ 1339 err = -EINVAL; 1340 if (!(old & NUD_VALID)) { 1341 NL_SET_ERR_MSG(extack, "No link layer address given"); 1342 goto out; 1343 } 1344 lladdr = neigh->ha; 1345 } 1346 1347 /* Update confirmed timestamp for neighbour entry after we 1348 * received ARP packet even if it doesn't change IP to MAC binding. 1349 */ 1350 if (new & NUD_CONNECTED) 1351 neigh->confirmed = jiffies; 1352 1353 /* If entry was valid and address is not changed, 1354 do not change entry state, if new one is STALE. 1355 */ 1356 err = 0; 1357 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1358 if (old & NUD_VALID) { 1359 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1360 update_isrouter = 0; 1361 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1362 (old & NUD_CONNECTED)) { 1363 lladdr = neigh->ha; 1364 new = NUD_STALE; 1365 } else 1366 goto out; 1367 } else { 1368 if (lladdr == neigh->ha && new == NUD_STALE && 1369 !(flags & NEIGH_UPDATE_F_ADMIN)) 1370 new = old; 1371 } 1372 } 1373 1374 /* Update timestamp only once we know we will make a change to the 1375 * neighbour entry. Otherwise we risk to move the locktime window with 1376 * noop updates and ignore relevant ARP updates. 1377 */ 1378 if (new != old || lladdr != neigh->ha) 1379 neigh->updated = jiffies; 1380 1381 if (new != old) { 1382 neigh_del_timer(neigh); 1383 if (new & NUD_PROBE) 1384 atomic_set(&neigh->probes, 0); 1385 if (new & NUD_IN_TIMER) 1386 neigh_add_timer(neigh, (jiffies + 1387 ((new & NUD_REACHABLE) ? 1388 neigh->parms->reachable_time : 1389 0))); 1390 WRITE_ONCE(neigh->nud_state, new); 1391 notify = 1; 1392 } 1393 1394 if (lladdr != neigh->ha) { 1395 write_seqlock(&neigh->ha_lock); 1396 memcpy(&neigh->ha, lladdr, dev->addr_len); 1397 write_sequnlock(&neigh->ha_lock); 1398 neigh_update_hhs(neigh); 1399 if (!(new & NUD_CONNECTED)) 1400 neigh->confirmed = jiffies - 1401 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1402 notify = 1; 1403 } 1404 if (new == old) 1405 goto out; 1406 if (new & NUD_CONNECTED) 1407 neigh_connect(neigh); 1408 else 1409 neigh_suspect(neigh); 1410 if (!(old & NUD_VALID)) { 1411 struct sk_buff *skb; 1412 1413 /* Again: avoid dead loop if something went wrong */ 1414 1415 while (neigh->nud_state & NUD_VALID && 1416 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1417 struct dst_entry *dst = skb_dst(skb); 1418 struct neighbour *n2, *n1 = neigh; 1419 write_unlock_bh(&neigh->lock); 1420 1421 rcu_read_lock(); 1422 1423 /* Why not just use 'neigh' as-is? The problem is that 1424 * things such as shaper, eql, and sch_teql can end up 1425 * using alternative, different, neigh objects to output 1426 * the packet in the output path. So what we need to do 1427 * here is re-lookup the top-level neigh in the path so 1428 * we can reinject the packet there. 1429 */ 1430 n2 = NULL; 1431 if (dst && 1432 READ_ONCE(dst->obsolete) != DST_OBSOLETE_DEAD) { 1433 n2 = dst_neigh_lookup_skb(dst, skb); 1434 if (n2) 1435 n1 = n2; 1436 } 1437 READ_ONCE(n1->output)(n1, skb); 1438 if (n2) 1439 neigh_release(n2); 1440 rcu_read_unlock(); 1441 1442 write_lock_bh(&neigh->lock); 1443 } 1444 __skb_queue_purge(&neigh->arp_queue); 1445 neigh->arp_queue_len_bytes = 0; 1446 } 1447 out: 1448 if (update_isrouter) 1449 neigh_update_is_router(neigh, flags, ¬ify); 1450 write_unlock_bh(&neigh->lock); 1451 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1452 neigh_update_gc_list(neigh); 1453 if (managed_update) 1454 neigh_update_managed_list(neigh); 1455 if (notify) 1456 neigh_update_notify(neigh, nlmsg_pid); 1457 trace_neigh_update_done(neigh, err); 1458 return err; 1459 } 1460 1461 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1462 u32 flags, u32 nlmsg_pid) 1463 { 1464 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1465 } 1466 EXPORT_SYMBOL(neigh_update); 1467 1468 /* Update the neigh to listen temporarily for probe responses, even if it is 1469 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1470 */ 1471 void __neigh_set_probe_once(struct neighbour *neigh) 1472 { 1473 if (neigh->dead) 1474 return; 1475 neigh->updated = jiffies; 1476 if (!(neigh->nud_state & NUD_FAILED)) 1477 return; 1478 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1479 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1480 neigh_add_timer(neigh, 1481 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1482 HZ/100)); 1483 } 1484 EXPORT_SYMBOL(__neigh_set_probe_once); 1485 1486 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1487 u8 *lladdr, void *saddr, 1488 struct net_device *dev) 1489 { 1490 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1491 lladdr || !dev->addr_len); 1492 if (neigh) 1493 neigh_update(neigh, lladdr, NUD_STALE, 1494 NEIGH_UPDATE_F_OVERRIDE, 0); 1495 return neigh; 1496 } 1497 EXPORT_SYMBOL(neigh_event_ns); 1498 1499 /* called with read_lock_bh(&n->lock); */ 1500 static void neigh_hh_init(struct neighbour *n) 1501 { 1502 struct net_device *dev = n->dev; 1503 __be16 prot = n->tbl->protocol; 1504 struct hh_cache *hh = &n->hh; 1505 1506 write_lock_bh(&n->lock); 1507 1508 /* Only one thread can come in here and initialize the 1509 * hh_cache entry. 1510 */ 1511 if (!hh->hh_len) 1512 dev->header_ops->cache(n, hh, prot); 1513 1514 write_unlock_bh(&n->lock); 1515 } 1516 1517 /* Slow and careful. */ 1518 1519 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1520 { 1521 int rc = 0; 1522 1523 if (!neigh_event_send(neigh, skb)) { 1524 int err; 1525 struct net_device *dev = neigh->dev; 1526 unsigned int seq; 1527 1528 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1529 neigh_hh_init(neigh); 1530 1531 do { 1532 __skb_pull(skb, skb_network_offset(skb)); 1533 seq = read_seqbegin(&neigh->ha_lock); 1534 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1535 neigh->ha, NULL, skb->len); 1536 } while (read_seqretry(&neigh->ha_lock, seq)); 1537 1538 if (err >= 0) 1539 rc = dev_queue_xmit(skb); 1540 else 1541 goto out_kfree_skb; 1542 } 1543 out: 1544 return rc; 1545 out_kfree_skb: 1546 rc = -EINVAL; 1547 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1548 goto out; 1549 } 1550 EXPORT_SYMBOL(neigh_resolve_output); 1551 1552 /* As fast as possible without hh cache */ 1553 1554 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1555 { 1556 struct net_device *dev = neigh->dev; 1557 unsigned int seq; 1558 int err; 1559 1560 do { 1561 __skb_pull(skb, skb_network_offset(skb)); 1562 seq = read_seqbegin(&neigh->ha_lock); 1563 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1564 neigh->ha, NULL, skb->len); 1565 } while (read_seqretry(&neigh->ha_lock, seq)); 1566 1567 if (err >= 0) 1568 err = dev_queue_xmit(skb); 1569 else { 1570 err = -EINVAL; 1571 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1572 } 1573 return err; 1574 } 1575 EXPORT_SYMBOL(neigh_connected_output); 1576 1577 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1578 { 1579 return dev_queue_xmit(skb); 1580 } 1581 EXPORT_SYMBOL(neigh_direct_output); 1582 1583 static void neigh_managed_work(struct work_struct *work) 1584 { 1585 struct neigh_table *tbl = container_of(work, struct neigh_table, 1586 managed_work.work); 1587 struct neighbour *neigh; 1588 1589 write_lock_bh(&tbl->lock); 1590 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1591 neigh_event_send_probe(neigh, NULL, false); 1592 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1593 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1594 write_unlock_bh(&tbl->lock); 1595 } 1596 1597 static void neigh_proxy_process(struct timer_list *t) 1598 { 1599 struct neigh_table *tbl = timer_container_of(tbl, t, proxy_timer); 1600 long sched_next = 0; 1601 unsigned long now = jiffies; 1602 struct sk_buff *skb, *n; 1603 1604 spin_lock(&tbl->proxy_queue.lock); 1605 1606 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1607 long tdif = NEIGH_CB(skb)->sched_next - now; 1608 1609 if (tdif <= 0) { 1610 struct net_device *dev = skb->dev; 1611 1612 neigh_parms_qlen_dec(dev, tbl->family); 1613 __skb_unlink(skb, &tbl->proxy_queue); 1614 1615 if (tbl->proxy_redo && netif_running(dev)) { 1616 rcu_read_lock(); 1617 tbl->proxy_redo(skb); 1618 rcu_read_unlock(); 1619 } else { 1620 kfree_skb(skb); 1621 } 1622 1623 dev_put(dev); 1624 } else if (!sched_next || tdif < sched_next) 1625 sched_next = tdif; 1626 } 1627 timer_delete(&tbl->proxy_timer); 1628 if (sched_next) 1629 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1630 spin_unlock(&tbl->proxy_queue.lock); 1631 } 1632 1633 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1634 { 1635 /* If proxy_delay is zero, do not call get_random_u32_below() 1636 * as it is undefined behavior. 1637 */ 1638 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1639 1640 return proxy_delay ? 1641 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1642 } 1643 1644 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1645 struct sk_buff *skb) 1646 { 1647 unsigned long sched_next = neigh_proxy_delay(p); 1648 1649 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1650 kfree_skb(skb); 1651 return; 1652 } 1653 1654 NEIGH_CB(skb)->sched_next = sched_next; 1655 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1656 1657 spin_lock(&tbl->proxy_queue.lock); 1658 if (timer_delete(&tbl->proxy_timer)) { 1659 if (time_before(tbl->proxy_timer.expires, sched_next)) 1660 sched_next = tbl->proxy_timer.expires; 1661 } 1662 skb_dst_drop(skb); 1663 dev_hold(skb->dev); 1664 __skb_queue_tail(&tbl->proxy_queue, skb); 1665 p->qlen++; 1666 mod_timer(&tbl->proxy_timer, sched_next); 1667 spin_unlock(&tbl->proxy_queue.lock); 1668 } 1669 EXPORT_SYMBOL(pneigh_enqueue); 1670 1671 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1672 struct net *net, int ifindex) 1673 { 1674 struct neigh_parms *p; 1675 1676 list_for_each_entry(p, &tbl->parms_list, list) { 1677 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1678 (!p->dev && !ifindex && net_eq(net, &init_net))) 1679 return p; 1680 } 1681 1682 return NULL; 1683 } 1684 1685 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1686 struct neigh_table *tbl) 1687 { 1688 struct neigh_parms *p; 1689 struct net *net = dev_net(dev); 1690 const struct net_device_ops *ops = dev->netdev_ops; 1691 1692 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1693 if (p) { 1694 p->tbl = tbl; 1695 refcount_set(&p->refcnt, 1); 1696 p->reachable_time = 1697 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1698 p->qlen = 0; 1699 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1700 p->dev = dev; 1701 write_pnet(&p->net, net); 1702 p->sysctl_table = NULL; 1703 1704 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1705 netdev_put(dev, &p->dev_tracker); 1706 kfree(p); 1707 return NULL; 1708 } 1709 1710 write_lock_bh(&tbl->lock); 1711 list_add(&p->list, &tbl->parms.list); 1712 write_unlock_bh(&tbl->lock); 1713 1714 neigh_parms_data_state_cleanall(p); 1715 } 1716 return p; 1717 } 1718 EXPORT_SYMBOL(neigh_parms_alloc); 1719 1720 static void neigh_rcu_free_parms(struct rcu_head *head) 1721 { 1722 struct neigh_parms *parms = 1723 container_of(head, struct neigh_parms, rcu_head); 1724 1725 neigh_parms_put(parms); 1726 } 1727 1728 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1729 { 1730 if (!parms || parms == &tbl->parms) 1731 return; 1732 write_lock_bh(&tbl->lock); 1733 list_del(&parms->list); 1734 parms->dead = 1; 1735 write_unlock_bh(&tbl->lock); 1736 netdev_put(parms->dev, &parms->dev_tracker); 1737 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1738 } 1739 EXPORT_SYMBOL(neigh_parms_release); 1740 1741 static struct lock_class_key neigh_table_proxy_queue_class; 1742 1743 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1744 1745 void neigh_table_init(int index, struct neigh_table *tbl) 1746 { 1747 unsigned long now = jiffies; 1748 unsigned long phsize; 1749 1750 INIT_LIST_HEAD(&tbl->parms_list); 1751 INIT_LIST_HEAD(&tbl->gc_list); 1752 INIT_LIST_HEAD(&tbl->managed_list); 1753 1754 list_add(&tbl->parms.list, &tbl->parms_list); 1755 write_pnet(&tbl->parms.net, &init_net); 1756 refcount_set(&tbl->parms.refcnt, 1); 1757 tbl->parms.reachable_time = 1758 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1759 tbl->parms.qlen = 0; 1760 1761 tbl->stats = alloc_percpu(struct neigh_statistics); 1762 if (!tbl->stats) 1763 panic("cannot create neighbour cache statistics"); 1764 1765 #ifdef CONFIG_PROC_FS 1766 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1767 &neigh_stat_seq_ops, tbl)) 1768 panic("cannot create neighbour proc dir entry"); 1769 #endif 1770 1771 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1772 1773 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1774 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1775 1776 if (!tbl->nht || !tbl->phash_buckets) 1777 panic("cannot allocate neighbour cache hashes"); 1778 1779 if (!tbl->entry_size) 1780 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1781 tbl->key_len, NEIGH_PRIV_ALIGN); 1782 else 1783 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1784 1785 rwlock_init(&tbl->lock); 1786 1787 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1788 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1789 tbl->parms.reachable_time); 1790 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1791 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1792 1793 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1794 skb_queue_head_init_class(&tbl->proxy_queue, 1795 &neigh_table_proxy_queue_class); 1796 1797 tbl->last_flush = now; 1798 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1799 1800 rcu_assign_pointer(neigh_tables[index], tbl); 1801 } 1802 EXPORT_SYMBOL(neigh_table_init); 1803 1804 /* 1805 * Only called from ndisc_cleanup(), which means this is dead code 1806 * because we no longer can unload IPv6 module. 1807 */ 1808 int neigh_table_clear(int index, struct neigh_table *tbl) 1809 { 1810 RCU_INIT_POINTER(neigh_tables[index], NULL); 1811 synchronize_rcu(); 1812 1813 /* It is not clean... Fix it to unload IPv6 module safely */ 1814 cancel_delayed_work_sync(&tbl->managed_work); 1815 cancel_delayed_work_sync(&tbl->gc_work); 1816 timer_delete_sync(&tbl->proxy_timer); 1817 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1818 neigh_ifdown(tbl, NULL); 1819 if (atomic_read(&tbl->entries)) 1820 pr_crit("neighbour leakage\n"); 1821 1822 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1823 neigh_hash_free_rcu); 1824 tbl->nht = NULL; 1825 1826 kfree(tbl->phash_buckets); 1827 tbl->phash_buckets = NULL; 1828 1829 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1830 1831 free_percpu(tbl->stats); 1832 tbl->stats = NULL; 1833 1834 return 0; 1835 } 1836 EXPORT_SYMBOL(neigh_table_clear); 1837 1838 static struct neigh_table *neigh_find_table(int family) 1839 { 1840 struct neigh_table *tbl = NULL; 1841 1842 switch (family) { 1843 case AF_INET: 1844 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1845 break; 1846 case AF_INET6: 1847 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1848 break; 1849 } 1850 1851 return tbl; 1852 } 1853 1854 const struct nla_policy nda_policy[NDA_MAX+1] = { 1855 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1856 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1857 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1858 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1859 [NDA_PROBES] = { .type = NLA_U32 }, 1860 [NDA_VLAN] = { .type = NLA_U16 }, 1861 [NDA_PORT] = { .type = NLA_U16 }, 1862 [NDA_VNI] = { .type = NLA_U32 }, 1863 [NDA_IFINDEX] = { .type = NLA_U32 }, 1864 [NDA_MASTER] = { .type = NLA_U32 }, 1865 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1866 [NDA_NH_ID] = { .type = NLA_U32 }, 1867 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1868 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1869 }; 1870 1871 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1872 struct netlink_ext_ack *extack) 1873 { 1874 struct net *net = sock_net(skb->sk); 1875 struct ndmsg *ndm; 1876 struct nlattr *dst_attr; 1877 struct neigh_table *tbl; 1878 struct neighbour *neigh; 1879 struct net_device *dev = NULL; 1880 int err = -EINVAL; 1881 1882 ASSERT_RTNL(); 1883 if (nlmsg_len(nlh) < sizeof(*ndm)) 1884 goto out; 1885 1886 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1887 if (!dst_attr) { 1888 NL_SET_ERR_MSG(extack, "Network address not specified"); 1889 goto out; 1890 } 1891 1892 ndm = nlmsg_data(nlh); 1893 if (ndm->ndm_ifindex) { 1894 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1895 if (dev == NULL) { 1896 err = -ENODEV; 1897 goto out; 1898 } 1899 } 1900 1901 tbl = neigh_find_table(ndm->ndm_family); 1902 if (tbl == NULL) 1903 return -EAFNOSUPPORT; 1904 1905 if (nla_len(dst_attr) < (int)tbl->key_len) { 1906 NL_SET_ERR_MSG(extack, "Invalid network address"); 1907 goto out; 1908 } 1909 1910 if (ndm->ndm_flags & NTF_PROXY) { 1911 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1912 goto out; 1913 } 1914 1915 if (dev == NULL) 1916 goto out; 1917 1918 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1919 if (neigh == NULL) { 1920 err = -ENOENT; 1921 goto out; 1922 } 1923 1924 err = __neigh_update(neigh, NULL, NUD_FAILED, 1925 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1926 NETLINK_CB(skb).portid, extack); 1927 write_lock_bh(&tbl->lock); 1928 neigh_release(neigh); 1929 neigh_remove_one(neigh); 1930 write_unlock_bh(&tbl->lock); 1931 1932 out: 1933 return err; 1934 } 1935 1936 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1937 struct netlink_ext_ack *extack) 1938 { 1939 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1940 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1941 struct net *net = sock_net(skb->sk); 1942 struct ndmsg *ndm; 1943 struct nlattr *tb[NDA_MAX+1]; 1944 struct neigh_table *tbl; 1945 struct net_device *dev = NULL; 1946 struct neighbour *neigh; 1947 void *dst, *lladdr; 1948 u8 protocol = 0; 1949 u32 ndm_flags; 1950 int err; 1951 1952 ASSERT_RTNL(); 1953 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1954 nda_policy, extack); 1955 if (err < 0) 1956 goto out; 1957 1958 err = -EINVAL; 1959 if (!tb[NDA_DST]) { 1960 NL_SET_ERR_MSG(extack, "Network address not specified"); 1961 goto out; 1962 } 1963 1964 ndm = nlmsg_data(nlh); 1965 ndm_flags = ndm->ndm_flags; 1966 if (tb[NDA_FLAGS_EXT]) { 1967 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1968 1969 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1970 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1971 hweight32(NTF_EXT_MASK))); 1972 ndm_flags |= (ext << NTF_EXT_SHIFT); 1973 } 1974 if (ndm->ndm_ifindex) { 1975 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1976 if (dev == NULL) { 1977 err = -ENODEV; 1978 goto out; 1979 } 1980 1981 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1982 NL_SET_ERR_MSG(extack, "Invalid link address"); 1983 goto out; 1984 } 1985 } 1986 1987 tbl = neigh_find_table(ndm->ndm_family); 1988 if (tbl == NULL) 1989 return -EAFNOSUPPORT; 1990 1991 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 1992 NL_SET_ERR_MSG(extack, "Invalid network address"); 1993 goto out; 1994 } 1995 1996 dst = nla_data(tb[NDA_DST]); 1997 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 1998 1999 if (tb[NDA_PROTOCOL]) 2000 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2001 if (ndm_flags & NTF_PROXY) { 2002 struct pneigh_entry *pn; 2003 2004 if (ndm_flags & (NTF_MANAGED | NTF_EXT_VALIDATED)) { 2005 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2006 goto out; 2007 } 2008 2009 err = -ENOBUFS; 2010 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2011 if (pn) { 2012 pn->flags = ndm_flags; 2013 pn->permanent = !!(ndm->ndm_state & NUD_PERMANENT); 2014 if (protocol) 2015 pn->protocol = protocol; 2016 err = 0; 2017 } 2018 goto out; 2019 } 2020 2021 if (!dev) { 2022 NL_SET_ERR_MSG(extack, "Device not specified"); 2023 goto out; 2024 } 2025 2026 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2027 err = -EINVAL; 2028 goto out; 2029 } 2030 2031 neigh = neigh_lookup(tbl, dst, dev); 2032 if (neigh == NULL) { 2033 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2034 bool exempt_from_gc = ndm_permanent || 2035 ndm_flags & (NTF_EXT_LEARNED | 2036 NTF_EXT_VALIDATED); 2037 2038 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2039 err = -ENOENT; 2040 goto out; 2041 } 2042 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2043 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2044 err = -EINVAL; 2045 goto out; 2046 } 2047 if (ndm_flags & NTF_EXT_VALIDATED) { 2048 u8 state = ndm->ndm_state; 2049 2050 /* NTF_USE and NTF_MANAGED will result in the neighbor 2051 * being created with an invalid state (NUD_NONE). 2052 */ 2053 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2054 state = NUD_NONE; 2055 2056 if (!(state & NUD_VALID)) { 2057 NL_SET_ERR_MSG(extack, 2058 "Cannot create externally validated neighbor with an invalid state"); 2059 err = -EINVAL; 2060 goto out; 2061 } 2062 } 2063 2064 neigh = ___neigh_create(tbl, dst, dev, 2065 ndm_flags & 2066 (NTF_EXT_LEARNED | NTF_MANAGED | 2067 NTF_EXT_VALIDATED), 2068 exempt_from_gc, true); 2069 if (IS_ERR(neigh)) { 2070 err = PTR_ERR(neigh); 2071 goto out; 2072 } 2073 } else { 2074 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2075 err = -EEXIST; 2076 neigh_release(neigh); 2077 goto out; 2078 } 2079 if (ndm_flags & NTF_EXT_VALIDATED) { 2080 u8 state = ndm->ndm_state; 2081 2082 /* NTF_USE and NTF_MANAGED do not update the existing 2083 * state other than clearing it if it was 2084 * NUD_PERMANENT. 2085 */ 2086 if (ndm_flags & (NTF_USE | NTF_MANAGED)) 2087 state = READ_ONCE(neigh->nud_state) & ~NUD_PERMANENT; 2088 2089 if (!(state & NUD_VALID)) { 2090 NL_SET_ERR_MSG(extack, 2091 "Cannot mark neighbor as externally validated with an invalid state"); 2092 err = -EINVAL; 2093 neigh_release(neigh); 2094 goto out; 2095 } 2096 } 2097 2098 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2099 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2100 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2101 } 2102 2103 if (protocol) 2104 neigh->protocol = protocol; 2105 if (ndm_flags & NTF_EXT_LEARNED) 2106 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2107 if (ndm_flags & NTF_ROUTER) 2108 flags |= NEIGH_UPDATE_F_ISROUTER; 2109 if (ndm_flags & NTF_MANAGED) 2110 flags |= NEIGH_UPDATE_F_MANAGED; 2111 if (ndm_flags & NTF_USE) 2112 flags |= NEIGH_UPDATE_F_USE; 2113 if (ndm_flags & NTF_EXT_VALIDATED) 2114 flags |= NEIGH_UPDATE_F_EXT_VALIDATED; 2115 2116 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2117 NETLINK_CB(skb).portid, extack); 2118 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) 2119 neigh_event_send(neigh, NULL); 2120 neigh_release(neigh); 2121 out: 2122 return err; 2123 } 2124 2125 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2126 { 2127 struct nlattr *nest; 2128 2129 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2130 if (nest == NULL) 2131 return -ENOBUFS; 2132 2133 if ((parms->dev && 2134 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2135 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2136 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2137 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2138 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2139 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2140 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2141 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2142 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2143 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2144 NEIGH_VAR(parms, UCAST_PROBES)) || 2145 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2146 NEIGH_VAR(parms, MCAST_PROBES)) || 2147 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2148 NEIGH_VAR(parms, MCAST_REPROBES)) || 2149 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2150 NDTPA_PAD) || 2151 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2152 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2153 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2154 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2155 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2156 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2157 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2158 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2159 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2160 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2161 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2162 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2163 nla_put_msecs(skb, NDTPA_LOCKTIME, 2164 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2165 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2166 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2167 goto nla_put_failure; 2168 return nla_nest_end(skb, nest); 2169 2170 nla_put_failure: 2171 nla_nest_cancel(skb, nest); 2172 return -EMSGSIZE; 2173 } 2174 2175 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2176 u32 pid, u32 seq, int type, int flags) 2177 { 2178 struct nlmsghdr *nlh; 2179 struct ndtmsg *ndtmsg; 2180 2181 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2182 if (nlh == NULL) 2183 return -EMSGSIZE; 2184 2185 ndtmsg = nlmsg_data(nlh); 2186 2187 read_lock_bh(&tbl->lock); 2188 ndtmsg->ndtm_family = tbl->family; 2189 ndtmsg->ndtm_pad1 = 0; 2190 ndtmsg->ndtm_pad2 = 0; 2191 2192 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2193 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2194 NDTA_PAD) || 2195 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2196 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2197 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2198 goto nla_put_failure; 2199 { 2200 unsigned long now = jiffies; 2201 long flush_delta = now - READ_ONCE(tbl->last_flush); 2202 long rand_delta = now - READ_ONCE(tbl->last_rand); 2203 struct neigh_hash_table *nht; 2204 struct ndt_config ndc = { 2205 .ndtc_key_len = tbl->key_len, 2206 .ndtc_entry_size = tbl->entry_size, 2207 .ndtc_entries = atomic_read(&tbl->entries), 2208 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2209 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2210 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2211 }; 2212 2213 rcu_read_lock(); 2214 nht = rcu_dereference(tbl->nht); 2215 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2216 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2217 rcu_read_unlock(); 2218 2219 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2220 goto nla_put_failure; 2221 } 2222 2223 { 2224 int cpu; 2225 struct ndt_stats ndst; 2226 2227 memset(&ndst, 0, sizeof(ndst)); 2228 2229 for_each_possible_cpu(cpu) { 2230 struct neigh_statistics *st; 2231 2232 st = per_cpu_ptr(tbl->stats, cpu); 2233 ndst.ndts_allocs += READ_ONCE(st->allocs); 2234 ndst.ndts_destroys += READ_ONCE(st->destroys); 2235 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2236 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2237 ndst.ndts_lookups += READ_ONCE(st->lookups); 2238 ndst.ndts_hits += READ_ONCE(st->hits); 2239 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2240 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2241 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2242 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2243 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2244 } 2245 2246 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2247 NDTA_PAD)) 2248 goto nla_put_failure; 2249 } 2250 2251 BUG_ON(tbl->parms.dev); 2252 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2253 goto nla_put_failure; 2254 2255 read_unlock_bh(&tbl->lock); 2256 nlmsg_end(skb, nlh); 2257 return 0; 2258 2259 nla_put_failure: 2260 read_unlock_bh(&tbl->lock); 2261 nlmsg_cancel(skb, nlh); 2262 return -EMSGSIZE; 2263 } 2264 2265 static int neightbl_fill_param_info(struct sk_buff *skb, 2266 struct neigh_table *tbl, 2267 struct neigh_parms *parms, 2268 u32 pid, u32 seq, int type, 2269 unsigned int flags) 2270 { 2271 struct ndtmsg *ndtmsg; 2272 struct nlmsghdr *nlh; 2273 2274 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2275 if (nlh == NULL) 2276 return -EMSGSIZE; 2277 2278 ndtmsg = nlmsg_data(nlh); 2279 2280 read_lock_bh(&tbl->lock); 2281 ndtmsg->ndtm_family = tbl->family; 2282 ndtmsg->ndtm_pad1 = 0; 2283 ndtmsg->ndtm_pad2 = 0; 2284 2285 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2286 neightbl_fill_parms(skb, parms) < 0) 2287 goto errout; 2288 2289 read_unlock_bh(&tbl->lock); 2290 nlmsg_end(skb, nlh); 2291 return 0; 2292 errout: 2293 read_unlock_bh(&tbl->lock); 2294 nlmsg_cancel(skb, nlh); 2295 return -EMSGSIZE; 2296 } 2297 2298 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2299 [NDTA_NAME] = { .type = NLA_STRING }, 2300 [NDTA_THRESH1] = { .type = NLA_U32 }, 2301 [NDTA_THRESH2] = { .type = NLA_U32 }, 2302 [NDTA_THRESH3] = { .type = NLA_U32 }, 2303 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2304 [NDTA_PARMS] = { .type = NLA_NESTED }, 2305 }; 2306 2307 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2308 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2309 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2310 [NDTPA_QUEUE_LENBYTES] = { .type = NLA_U32 }, 2311 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2312 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2313 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2314 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2315 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2316 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2317 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2318 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2319 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2320 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2321 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2322 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2323 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2324 }; 2325 2326 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2327 struct netlink_ext_ack *extack) 2328 { 2329 struct net *net = sock_net(skb->sk); 2330 struct neigh_table *tbl; 2331 struct ndtmsg *ndtmsg; 2332 struct nlattr *tb[NDTA_MAX+1]; 2333 bool found = false; 2334 int err, tidx; 2335 2336 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2337 nl_neightbl_policy, extack); 2338 if (err < 0) 2339 goto errout; 2340 2341 if (tb[NDTA_NAME] == NULL) { 2342 err = -EINVAL; 2343 goto errout; 2344 } 2345 2346 ndtmsg = nlmsg_data(nlh); 2347 2348 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2349 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2350 if (!tbl) 2351 continue; 2352 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2353 continue; 2354 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2355 found = true; 2356 break; 2357 } 2358 } 2359 2360 if (!found) 2361 return -ENOENT; 2362 2363 /* 2364 * We acquire tbl->lock to be nice to the periodic timers and 2365 * make sure they always see a consistent set of values. 2366 */ 2367 write_lock_bh(&tbl->lock); 2368 2369 if (tb[NDTA_PARMS]) { 2370 struct nlattr *tbp[NDTPA_MAX+1]; 2371 struct neigh_parms *p; 2372 int i, ifindex = 0; 2373 2374 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2375 tb[NDTA_PARMS], 2376 nl_ntbl_parm_policy, extack); 2377 if (err < 0) 2378 goto errout_tbl_lock; 2379 2380 if (tbp[NDTPA_IFINDEX]) 2381 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2382 2383 p = lookup_neigh_parms(tbl, net, ifindex); 2384 if (p == NULL) { 2385 err = -ENOENT; 2386 goto errout_tbl_lock; 2387 } 2388 2389 for (i = 1; i <= NDTPA_MAX; i++) { 2390 if (tbp[i] == NULL) 2391 continue; 2392 2393 switch (i) { 2394 case NDTPA_QUEUE_LEN: 2395 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2396 nla_get_u32(tbp[i]) * 2397 SKB_TRUESIZE(ETH_FRAME_LEN)); 2398 break; 2399 case NDTPA_QUEUE_LENBYTES: 2400 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2401 nla_get_u32(tbp[i])); 2402 break; 2403 case NDTPA_PROXY_QLEN: 2404 NEIGH_VAR_SET(p, PROXY_QLEN, 2405 nla_get_u32(tbp[i])); 2406 break; 2407 case NDTPA_APP_PROBES: 2408 NEIGH_VAR_SET(p, APP_PROBES, 2409 nla_get_u32(tbp[i])); 2410 break; 2411 case NDTPA_UCAST_PROBES: 2412 NEIGH_VAR_SET(p, UCAST_PROBES, 2413 nla_get_u32(tbp[i])); 2414 break; 2415 case NDTPA_MCAST_PROBES: 2416 NEIGH_VAR_SET(p, MCAST_PROBES, 2417 nla_get_u32(tbp[i])); 2418 break; 2419 case NDTPA_MCAST_REPROBES: 2420 NEIGH_VAR_SET(p, MCAST_REPROBES, 2421 nla_get_u32(tbp[i])); 2422 break; 2423 case NDTPA_BASE_REACHABLE_TIME: 2424 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2425 nla_get_msecs(tbp[i])); 2426 /* update reachable_time as well, otherwise, the change will 2427 * only be effective after the next time neigh_periodic_work 2428 * decides to recompute it (can be multiple minutes) 2429 */ 2430 p->reachable_time = 2431 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2432 break; 2433 case NDTPA_GC_STALETIME: 2434 NEIGH_VAR_SET(p, GC_STALETIME, 2435 nla_get_msecs(tbp[i])); 2436 break; 2437 case NDTPA_DELAY_PROBE_TIME: 2438 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2439 nla_get_msecs(tbp[i])); 2440 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2441 break; 2442 case NDTPA_INTERVAL_PROBE_TIME_MS: 2443 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2444 nla_get_msecs(tbp[i])); 2445 break; 2446 case NDTPA_RETRANS_TIME: 2447 NEIGH_VAR_SET(p, RETRANS_TIME, 2448 nla_get_msecs(tbp[i])); 2449 break; 2450 case NDTPA_ANYCAST_DELAY: 2451 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2452 nla_get_msecs(tbp[i])); 2453 break; 2454 case NDTPA_PROXY_DELAY: 2455 NEIGH_VAR_SET(p, PROXY_DELAY, 2456 nla_get_msecs(tbp[i])); 2457 break; 2458 case NDTPA_LOCKTIME: 2459 NEIGH_VAR_SET(p, LOCKTIME, 2460 nla_get_msecs(tbp[i])); 2461 break; 2462 } 2463 } 2464 } 2465 2466 err = -ENOENT; 2467 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2468 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2469 !net_eq(net, &init_net)) 2470 goto errout_tbl_lock; 2471 2472 if (tb[NDTA_THRESH1]) 2473 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2474 2475 if (tb[NDTA_THRESH2]) 2476 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2477 2478 if (tb[NDTA_THRESH3]) 2479 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2480 2481 if (tb[NDTA_GC_INTERVAL]) 2482 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2483 2484 err = 0; 2485 2486 errout_tbl_lock: 2487 write_unlock_bh(&tbl->lock); 2488 errout: 2489 return err; 2490 } 2491 2492 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2493 struct netlink_ext_ack *extack) 2494 { 2495 struct ndtmsg *ndtm; 2496 2497 ndtm = nlmsg_payload(nlh, sizeof(*ndtm)); 2498 if (!ndtm) { 2499 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2500 return -EINVAL; 2501 } 2502 2503 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2504 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2505 return -EINVAL; 2506 } 2507 2508 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2509 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2510 return -EINVAL; 2511 } 2512 2513 return 0; 2514 } 2515 2516 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2517 { 2518 const struct nlmsghdr *nlh = cb->nlh; 2519 struct net *net = sock_net(skb->sk); 2520 int family, tidx, nidx = 0; 2521 int tbl_skip = cb->args[0]; 2522 int neigh_skip = cb->args[1]; 2523 struct neigh_table *tbl; 2524 2525 if (cb->strict_check) { 2526 int err = neightbl_valid_dump_info(nlh, cb->extack); 2527 2528 if (err < 0) 2529 return err; 2530 } 2531 2532 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2533 2534 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2535 struct neigh_parms *p; 2536 2537 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2538 if (!tbl) 2539 continue; 2540 2541 if (tidx < tbl_skip || (family && tbl->family != family)) 2542 continue; 2543 2544 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2545 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2546 NLM_F_MULTI) < 0) 2547 break; 2548 2549 nidx = 0; 2550 p = list_next_entry(&tbl->parms, list); 2551 list_for_each_entry_from(p, &tbl->parms_list, list) { 2552 if (!net_eq(neigh_parms_net(p), net)) 2553 continue; 2554 2555 if (nidx < neigh_skip) 2556 goto next; 2557 2558 if (neightbl_fill_param_info(skb, tbl, p, 2559 NETLINK_CB(cb->skb).portid, 2560 nlh->nlmsg_seq, 2561 RTM_NEWNEIGHTBL, 2562 NLM_F_MULTI) < 0) 2563 goto out; 2564 next: 2565 nidx++; 2566 } 2567 2568 neigh_skip = 0; 2569 } 2570 out: 2571 cb->args[0] = tidx; 2572 cb->args[1] = nidx; 2573 2574 return skb->len; 2575 } 2576 2577 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2578 u32 pid, u32 seq, int type, unsigned int flags) 2579 { 2580 u32 neigh_flags, neigh_flags_ext; 2581 unsigned long now = jiffies; 2582 struct nda_cacheinfo ci; 2583 struct nlmsghdr *nlh; 2584 struct ndmsg *ndm; 2585 2586 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2587 if (nlh == NULL) 2588 return -EMSGSIZE; 2589 2590 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2591 neigh_flags = neigh->flags & NTF_OLD_MASK; 2592 2593 ndm = nlmsg_data(nlh); 2594 ndm->ndm_family = neigh->ops->family; 2595 ndm->ndm_pad1 = 0; 2596 ndm->ndm_pad2 = 0; 2597 ndm->ndm_flags = neigh_flags; 2598 ndm->ndm_type = neigh->type; 2599 ndm->ndm_ifindex = neigh->dev->ifindex; 2600 2601 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2602 goto nla_put_failure; 2603 2604 read_lock_bh(&neigh->lock); 2605 ndm->ndm_state = neigh->nud_state; 2606 if (neigh->nud_state & NUD_VALID) { 2607 char haddr[MAX_ADDR_LEN]; 2608 2609 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2610 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2611 read_unlock_bh(&neigh->lock); 2612 goto nla_put_failure; 2613 } 2614 } 2615 2616 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2617 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2618 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2619 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2620 read_unlock_bh(&neigh->lock); 2621 2622 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2623 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2624 goto nla_put_failure; 2625 2626 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2627 goto nla_put_failure; 2628 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2629 goto nla_put_failure; 2630 2631 nlmsg_end(skb, nlh); 2632 return 0; 2633 2634 nla_put_failure: 2635 nlmsg_cancel(skb, nlh); 2636 return -EMSGSIZE; 2637 } 2638 2639 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2640 u32 pid, u32 seq, int type, unsigned int flags, 2641 struct neigh_table *tbl) 2642 { 2643 u32 neigh_flags, neigh_flags_ext; 2644 struct nlmsghdr *nlh; 2645 struct ndmsg *ndm; 2646 2647 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2648 if (nlh == NULL) 2649 return -EMSGSIZE; 2650 2651 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2652 neigh_flags = pn->flags & NTF_OLD_MASK; 2653 2654 ndm = nlmsg_data(nlh); 2655 ndm->ndm_family = tbl->family; 2656 ndm->ndm_pad1 = 0; 2657 ndm->ndm_pad2 = 0; 2658 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2659 ndm->ndm_type = RTN_UNICAST; 2660 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2661 ndm->ndm_state = NUD_NONE; 2662 2663 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2664 goto nla_put_failure; 2665 2666 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2667 goto nla_put_failure; 2668 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2669 goto nla_put_failure; 2670 2671 nlmsg_end(skb, nlh); 2672 return 0; 2673 2674 nla_put_failure: 2675 nlmsg_cancel(skb, nlh); 2676 return -EMSGSIZE; 2677 } 2678 2679 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2680 { 2681 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2682 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2683 } 2684 2685 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2686 { 2687 struct net_device *master; 2688 2689 if (!master_idx) 2690 return false; 2691 2692 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2693 2694 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2695 * invalid value for ifindex to denote "no master". 2696 */ 2697 if (master_idx == -1) 2698 return !!master; 2699 2700 if (!master || master->ifindex != master_idx) 2701 return true; 2702 2703 return false; 2704 } 2705 2706 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2707 { 2708 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2709 return true; 2710 2711 return false; 2712 } 2713 2714 struct neigh_dump_filter { 2715 int master_idx; 2716 int dev_idx; 2717 }; 2718 2719 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2720 struct netlink_callback *cb, 2721 struct neigh_dump_filter *filter) 2722 { 2723 struct net *net = sock_net(skb->sk); 2724 struct neighbour *n; 2725 int err = 0, h, s_h = cb->args[1]; 2726 int idx, s_idx = idx = cb->args[2]; 2727 struct neigh_hash_table *nht; 2728 unsigned int flags = NLM_F_MULTI; 2729 2730 if (filter->dev_idx || filter->master_idx) 2731 flags |= NLM_F_DUMP_FILTERED; 2732 2733 nht = rcu_dereference(tbl->nht); 2734 2735 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2736 if (h > s_h) 2737 s_idx = 0; 2738 idx = 0; 2739 neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) { 2740 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2741 goto next; 2742 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2743 neigh_master_filtered(n->dev, filter->master_idx)) 2744 goto next; 2745 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2746 cb->nlh->nlmsg_seq, 2747 RTM_NEWNEIGH, flags); 2748 if (err < 0) 2749 goto out; 2750 next: 2751 idx++; 2752 } 2753 } 2754 out: 2755 cb->args[1] = h; 2756 cb->args[2] = idx; 2757 return err; 2758 } 2759 2760 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2761 struct netlink_callback *cb, 2762 struct neigh_dump_filter *filter) 2763 { 2764 struct pneigh_entry *n; 2765 struct net *net = sock_net(skb->sk); 2766 int err = 0, h, s_h = cb->args[3]; 2767 int idx, s_idx = idx = cb->args[4]; 2768 unsigned int flags = NLM_F_MULTI; 2769 2770 if (filter->dev_idx || filter->master_idx) 2771 flags |= NLM_F_DUMP_FILTERED; 2772 2773 read_lock_bh(&tbl->lock); 2774 2775 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2776 if (h > s_h) 2777 s_idx = 0; 2778 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2779 if (idx < s_idx || pneigh_net(n) != net) 2780 goto next; 2781 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2782 neigh_master_filtered(n->dev, filter->master_idx)) 2783 goto next; 2784 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2785 cb->nlh->nlmsg_seq, 2786 RTM_NEWNEIGH, flags, tbl); 2787 if (err < 0) { 2788 read_unlock_bh(&tbl->lock); 2789 goto out; 2790 } 2791 next: 2792 idx++; 2793 } 2794 } 2795 2796 read_unlock_bh(&tbl->lock); 2797 out: 2798 cb->args[3] = h; 2799 cb->args[4] = idx; 2800 return err; 2801 } 2802 2803 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2804 bool strict_check, 2805 struct neigh_dump_filter *filter, 2806 struct netlink_ext_ack *extack) 2807 { 2808 struct nlattr *tb[NDA_MAX + 1]; 2809 int err, i; 2810 2811 if (strict_check) { 2812 struct ndmsg *ndm; 2813 2814 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2815 if (!ndm) { 2816 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2817 return -EINVAL; 2818 } 2819 2820 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2821 ndm->ndm_state || ndm->ndm_type) { 2822 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2823 return -EINVAL; 2824 } 2825 2826 if (ndm->ndm_flags & ~NTF_PROXY) { 2827 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2828 return -EINVAL; 2829 } 2830 2831 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2832 tb, NDA_MAX, nda_policy, 2833 extack); 2834 } else { 2835 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2836 NDA_MAX, nda_policy, extack); 2837 } 2838 if (err < 0) 2839 return err; 2840 2841 for (i = 0; i <= NDA_MAX; ++i) { 2842 if (!tb[i]) 2843 continue; 2844 2845 /* all new attributes should require strict_check */ 2846 switch (i) { 2847 case NDA_IFINDEX: 2848 filter->dev_idx = nla_get_u32(tb[i]); 2849 break; 2850 case NDA_MASTER: 2851 filter->master_idx = nla_get_u32(tb[i]); 2852 break; 2853 default: 2854 if (strict_check) { 2855 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2856 return -EINVAL; 2857 } 2858 } 2859 } 2860 2861 return 0; 2862 } 2863 2864 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2865 { 2866 const struct nlmsghdr *nlh = cb->nlh; 2867 struct neigh_dump_filter filter = {}; 2868 struct neigh_table *tbl; 2869 int t, family, s_t; 2870 int proxy = 0; 2871 int err; 2872 2873 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2874 2875 /* check for full ndmsg structure presence, family member is 2876 * the same for both structures 2877 */ 2878 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2879 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2880 proxy = 1; 2881 2882 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2883 if (err < 0 && cb->strict_check) 2884 return err; 2885 err = 0; 2886 2887 s_t = cb->args[0]; 2888 2889 rcu_read_lock(); 2890 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2891 tbl = rcu_dereference(neigh_tables[t]); 2892 2893 if (!tbl) 2894 continue; 2895 if (t < s_t || (family && tbl->family != family)) 2896 continue; 2897 if (t > s_t) 2898 memset(&cb->args[1], 0, sizeof(cb->args) - 2899 sizeof(cb->args[0])); 2900 if (proxy) 2901 err = pneigh_dump_table(tbl, skb, cb, &filter); 2902 else 2903 err = neigh_dump_table(tbl, skb, cb, &filter); 2904 if (err < 0) 2905 break; 2906 } 2907 rcu_read_unlock(); 2908 2909 cb->args[0] = t; 2910 return err; 2911 } 2912 2913 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2914 struct neigh_table **tbl, 2915 void **dst, int *dev_idx, u8 *ndm_flags, 2916 struct netlink_ext_ack *extack) 2917 { 2918 struct nlattr *tb[NDA_MAX + 1]; 2919 struct ndmsg *ndm; 2920 int err, i; 2921 2922 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2923 if (!ndm) { 2924 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2925 return -EINVAL; 2926 } 2927 2928 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2929 ndm->ndm_type) { 2930 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2931 return -EINVAL; 2932 } 2933 2934 if (ndm->ndm_flags & ~NTF_PROXY) { 2935 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2936 return -EINVAL; 2937 } 2938 2939 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2940 NDA_MAX, nda_policy, extack); 2941 if (err < 0) 2942 return err; 2943 2944 *ndm_flags = ndm->ndm_flags; 2945 *dev_idx = ndm->ndm_ifindex; 2946 *tbl = neigh_find_table(ndm->ndm_family); 2947 if (*tbl == NULL) { 2948 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2949 return -EAFNOSUPPORT; 2950 } 2951 2952 for (i = 0; i <= NDA_MAX; ++i) { 2953 if (!tb[i]) 2954 continue; 2955 2956 switch (i) { 2957 case NDA_DST: 2958 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2959 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2960 return -EINVAL; 2961 } 2962 *dst = nla_data(tb[i]); 2963 break; 2964 default: 2965 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2966 return -EINVAL; 2967 } 2968 } 2969 2970 return 0; 2971 } 2972 2973 static inline size_t neigh_nlmsg_size(void) 2974 { 2975 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2976 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2977 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2978 + nla_total_size(sizeof(struct nda_cacheinfo)) 2979 + nla_total_size(4) /* NDA_PROBES */ 2980 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2981 + nla_total_size(1); /* NDA_PROTOCOL */ 2982 } 2983 2984 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2985 u32 pid, u32 seq) 2986 { 2987 struct sk_buff *skb; 2988 int err = 0; 2989 2990 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2991 if (!skb) 2992 return -ENOBUFS; 2993 2994 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2995 if (err) { 2996 kfree_skb(skb); 2997 goto errout; 2998 } 2999 3000 err = rtnl_unicast(skb, net, pid); 3001 errout: 3002 return err; 3003 } 3004 3005 static inline size_t pneigh_nlmsg_size(void) 3006 { 3007 return NLMSG_ALIGN(sizeof(struct ndmsg)) 3008 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 3009 + nla_total_size(4) /* NDA_FLAGS_EXT */ 3010 + nla_total_size(1); /* NDA_PROTOCOL */ 3011 } 3012 3013 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 3014 u32 pid, u32 seq, struct neigh_table *tbl) 3015 { 3016 struct sk_buff *skb; 3017 int err = 0; 3018 3019 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3020 if (!skb) 3021 return -ENOBUFS; 3022 3023 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3024 if (err) { 3025 kfree_skb(skb); 3026 goto errout; 3027 } 3028 3029 err = rtnl_unicast(skb, net, pid); 3030 errout: 3031 return err; 3032 } 3033 3034 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3035 struct netlink_ext_ack *extack) 3036 { 3037 struct net *net = sock_net(in_skb->sk); 3038 struct net_device *dev = NULL; 3039 struct neigh_table *tbl = NULL; 3040 struct neighbour *neigh; 3041 void *dst = NULL; 3042 u8 ndm_flags = 0; 3043 int dev_idx = 0; 3044 int err; 3045 3046 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3047 extack); 3048 if (err < 0) 3049 return err; 3050 3051 if (dev_idx) { 3052 dev = __dev_get_by_index(net, dev_idx); 3053 if (!dev) { 3054 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3055 return -ENODEV; 3056 } 3057 } 3058 3059 if (!dst) { 3060 NL_SET_ERR_MSG(extack, "Network address not specified"); 3061 return -EINVAL; 3062 } 3063 3064 if (ndm_flags & NTF_PROXY) { 3065 struct pneigh_entry *pn; 3066 3067 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3068 if (!pn) { 3069 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3070 return -ENOENT; 3071 } 3072 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3073 nlh->nlmsg_seq, tbl); 3074 } 3075 3076 if (!dev) { 3077 NL_SET_ERR_MSG(extack, "No device specified"); 3078 return -EINVAL; 3079 } 3080 3081 neigh = neigh_lookup(tbl, dst, dev); 3082 if (!neigh) { 3083 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3084 return -ENOENT; 3085 } 3086 3087 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3088 nlh->nlmsg_seq); 3089 3090 neigh_release(neigh); 3091 3092 return err; 3093 } 3094 3095 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3096 { 3097 int chain; 3098 struct neigh_hash_table *nht; 3099 3100 rcu_read_lock(); 3101 nht = rcu_dereference(tbl->nht); 3102 3103 read_lock_bh(&tbl->lock); /* avoid resizes */ 3104 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3105 struct neighbour *n; 3106 3107 neigh_for_each_in_bucket(n, &nht->hash_heads[chain]) 3108 cb(n, cookie); 3109 } 3110 read_unlock_bh(&tbl->lock); 3111 rcu_read_unlock(); 3112 } 3113 EXPORT_SYMBOL(neigh_for_each); 3114 3115 /* The tbl->lock must be held as a writer and BH disabled. */ 3116 void __neigh_for_each_release(struct neigh_table *tbl, 3117 int (*cb)(struct neighbour *)) 3118 { 3119 struct neigh_hash_table *nht; 3120 int chain; 3121 3122 nht = rcu_dereference_protected(tbl->nht, 3123 lockdep_is_held(&tbl->lock)); 3124 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3125 struct hlist_node *tmp; 3126 struct neighbour *n; 3127 3128 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) { 3129 int release; 3130 3131 write_lock(&n->lock); 3132 release = cb(n); 3133 if (release) { 3134 hlist_del_rcu(&n->hash); 3135 hlist_del_rcu(&n->dev_list); 3136 neigh_mark_dead(n); 3137 } 3138 write_unlock(&n->lock); 3139 if (release) 3140 neigh_cleanup_and_release(n); 3141 } 3142 } 3143 } 3144 EXPORT_SYMBOL(__neigh_for_each_release); 3145 3146 int neigh_xmit(int index, struct net_device *dev, 3147 const void *addr, struct sk_buff *skb) 3148 { 3149 int err = -EAFNOSUPPORT; 3150 3151 if (likely(index < NEIGH_NR_TABLES)) { 3152 struct neigh_table *tbl; 3153 struct neighbour *neigh; 3154 3155 rcu_read_lock(); 3156 tbl = rcu_dereference(neigh_tables[index]); 3157 if (!tbl) 3158 goto out_unlock; 3159 if (index == NEIGH_ARP_TABLE) { 3160 u32 key = *((u32 *)addr); 3161 3162 neigh = __ipv4_neigh_lookup_noref(dev, key); 3163 } else { 3164 neigh = __neigh_lookup_noref(tbl, addr, dev); 3165 } 3166 if (!neigh) 3167 neigh = __neigh_create(tbl, addr, dev, false); 3168 err = PTR_ERR(neigh); 3169 if (IS_ERR(neigh)) { 3170 rcu_read_unlock(); 3171 goto out_kfree_skb; 3172 } 3173 err = READ_ONCE(neigh->output)(neigh, skb); 3174 out_unlock: 3175 rcu_read_unlock(); 3176 } 3177 else if (index == NEIGH_LINK_TABLE) { 3178 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3179 addr, NULL, skb->len); 3180 if (err < 0) 3181 goto out_kfree_skb; 3182 err = dev_queue_xmit(skb); 3183 } 3184 out: 3185 return err; 3186 out_kfree_skb: 3187 kfree_skb(skb); 3188 goto out; 3189 } 3190 EXPORT_SYMBOL(neigh_xmit); 3191 3192 #ifdef CONFIG_PROC_FS 3193 3194 static struct neighbour *neigh_get_valid(struct seq_file *seq, 3195 struct neighbour *n, 3196 loff_t *pos) 3197 { 3198 struct neigh_seq_state *state = seq->private; 3199 struct net *net = seq_file_net(seq); 3200 3201 if (!net_eq(dev_net(n->dev), net)) 3202 return NULL; 3203 3204 if (state->neigh_sub_iter) { 3205 loff_t fakep = 0; 3206 void *v; 3207 3208 v = state->neigh_sub_iter(state, n, pos ? pos : &fakep); 3209 if (!v) 3210 return NULL; 3211 if (pos) 3212 return v; 3213 } 3214 3215 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3216 return n; 3217 3218 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3219 return n; 3220 3221 return NULL; 3222 } 3223 3224 static struct neighbour *neigh_get_first(struct seq_file *seq) 3225 { 3226 struct neigh_seq_state *state = seq->private; 3227 struct neigh_hash_table *nht = state->nht; 3228 struct neighbour *n, *tmp; 3229 3230 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3231 3232 while (++state->bucket < (1 << nht->hash_shift)) { 3233 neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) { 3234 tmp = neigh_get_valid(seq, n, NULL); 3235 if (tmp) 3236 return tmp; 3237 } 3238 } 3239 3240 return NULL; 3241 } 3242 3243 static struct neighbour *neigh_get_next(struct seq_file *seq, 3244 struct neighbour *n, 3245 loff_t *pos) 3246 { 3247 struct neigh_seq_state *state = seq->private; 3248 struct neighbour *tmp; 3249 3250 if (state->neigh_sub_iter) { 3251 void *v = state->neigh_sub_iter(state, n, pos); 3252 3253 if (v) 3254 return n; 3255 } 3256 3257 hlist_for_each_entry_continue(n, hash) { 3258 tmp = neigh_get_valid(seq, n, pos); 3259 if (tmp) { 3260 n = tmp; 3261 goto out; 3262 } 3263 } 3264 3265 n = neigh_get_first(seq); 3266 out: 3267 if (n && pos) 3268 --(*pos); 3269 3270 return n; 3271 } 3272 3273 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3274 { 3275 struct neighbour *n = neigh_get_first(seq); 3276 3277 if (n) { 3278 --(*pos); 3279 while (*pos) { 3280 n = neigh_get_next(seq, n, pos); 3281 if (!n) 3282 break; 3283 } 3284 } 3285 return *pos ? NULL : n; 3286 } 3287 3288 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3289 { 3290 struct neigh_seq_state *state = seq->private; 3291 struct net *net = seq_file_net(seq); 3292 struct neigh_table *tbl = state->tbl; 3293 struct pneigh_entry *pn = NULL; 3294 int bucket; 3295 3296 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3297 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3298 pn = tbl->phash_buckets[bucket]; 3299 while (pn && !net_eq(pneigh_net(pn), net)) 3300 pn = pn->next; 3301 if (pn) 3302 break; 3303 } 3304 state->bucket = bucket; 3305 3306 return pn; 3307 } 3308 3309 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3310 struct pneigh_entry *pn, 3311 loff_t *pos) 3312 { 3313 struct neigh_seq_state *state = seq->private; 3314 struct net *net = seq_file_net(seq); 3315 struct neigh_table *tbl = state->tbl; 3316 3317 do { 3318 pn = pn->next; 3319 } while (pn && !net_eq(pneigh_net(pn), net)); 3320 3321 while (!pn) { 3322 if (++state->bucket > PNEIGH_HASHMASK) 3323 break; 3324 pn = tbl->phash_buckets[state->bucket]; 3325 while (pn && !net_eq(pneigh_net(pn), net)) 3326 pn = pn->next; 3327 if (pn) 3328 break; 3329 } 3330 3331 if (pn && pos) 3332 --(*pos); 3333 3334 return pn; 3335 } 3336 3337 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3338 { 3339 struct pneigh_entry *pn = pneigh_get_first(seq); 3340 3341 if (pn) { 3342 --(*pos); 3343 while (*pos) { 3344 pn = pneigh_get_next(seq, pn, pos); 3345 if (!pn) 3346 break; 3347 } 3348 } 3349 return *pos ? NULL : pn; 3350 } 3351 3352 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3353 { 3354 struct neigh_seq_state *state = seq->private; 3355 void *rc; 3356 loff_t idxpos = *pos; 3357 3358 rc = neigh_get_idx(seq, &idxpos); 3359 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3360 rc = pneigh_get_idx(seq, &idxpos); 3361 3362 return rc; 3363 } 3364 3365 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3366 __acquires(tbl->lock) 3367 __acquires(rcu) 3368 { 3369 struct neigh_seq_state *state = seq->private; 3370 3371 state->tbl = tbl; 3372 state->bucket = -1; 3373 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3374 3375 rcu_read_lock(); 3376 state->nht = rcu_dereference(tbl->nht); 3377 read_lock_bh(&tbl->lock); 3378 3379 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3380 } 3381 EXPORT_SYMBOL(neigh_seq_start); 3382 3383 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3384 { 3385 struct neigh_seq_state *state; 3386 void *rc; 3387 3388 if (v == SEQ_START_TOKEN) { 3389 rc = neigh_get_first(seq); 3390 goto out; 3391 } 3392 3393 state = seq->private; 3394 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3395 rc = neigh_get_next(seq, v, NULL); 3396 if (rc) 3397 goto out; 3398 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3399 rc = pneigh_get_first(seq); 3400 } else { 3401 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3402 rc = pneigh_get_next(seq, v, NULL); 3403 } 3404 out: 3405 ++(*pos); 3406 return rc; 3407 } 3408 EXPORT_SYMBOL(neigh_seq_next); 3409 3410 void neigh_seq_stop(struct seq_file *seq, void *v) 3411 __releases(tbl->lock) 3412 __releases(rcu) 3413 { 3414 struct neigh_seq_state *state = seq->private; 3415 struct neigh_table *tbl = state->tbl; 3416 3417 read_unlock_bh(&tbl->lock); 3418 rcu_read_unlock(); 3419 } 3420 EXPORT_SYMBOL(neigh_seq_stop); 3421 3422 /* statistics via seq_file */ 3423 3424 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3425 { 3426 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3427 int cpu; 3428 3429 if (*pos == 0) 3430 return SEQ_START_TOKEN; 3431 3432 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3433 if (!cpu_possible(cpu)) 3434 continue; 3435 *pos = cpu+1; 3436 return per_cpu_ptr(tbl->stats, cpu); 3437 } 3438 return NULL; 3439 } 3440 3441 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3442 { 3443 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3444 int cpu; 3445 3446 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3447 if (!cpu_possible(cpu)) 3448 continue; 3449 *pos = cpu+1; 3450 return per_cpu_ptr(tbl->stats, cpu); 3451 } 3452 (*pos)++; 3453 return NULL; 3454 } 3455 3456 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3457 { 3458 3459 } 3460 3461 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3462 { 3463 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3464 struct neigh_statistics *st = v; 3465 3466 if (v == SEQ_START_TOKEN) { 3467 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3468 return 0; 3469 } 3470 3471 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3472 "%08lx %08lx %08lx " 3473 "%08lx %08lx %08lx\n", 3474 atomic_read(&tbl->entries), 3475 3476 st->allocs, 3477 st->destroys, 3478 st->hash_grows, 3479 3480 st->lookups, 3481 st->hits, 3482 3483 st->res_failed, 3484 3485 st->rcv_probes_mcast, 3486 st->rcv_probes_ucast, 3487 3488 st->periodic_gc_runs, 3489 st->forced_gc_runs, 3490 st->unres_discards, 3491 st->table_fulls 3492 ); 3493 3494 return 0; 3495 } 3496 3497 static const struct seq_operations neigh_stat_seq_ops = { 3498 .start = neigh_stat_seq_start, 3499 .next = neigh_stat_seq_next, 3500 .stop = neigh_stat_seq_stop, 3501 .show = neigh_stat_seq_show, 3502 }; 3503 #endif /* CONFIG_PROC_FS */ 3504 3505 static void __neigh_notify(struct neighbour *n, int type, int flags, 3506 u32 pid) 3507 { 3508 struct sk_buff *skb; 3509 int err = -ENOBUFS; 3510 struct net *net; 3511 3512 rcu_read_lock(); 3513 net = dev_net_rcu(n->dev); 3514 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3515 if (skb == NULL) 3516 goto errout; 3517 3518 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3519 if (err < 0) { 3520 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3521 WARN_ON(err == -EMSGSIZE); 3522 kfree_skb(skb); 3523 goto errout; 3524 } 3525 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3526 goto out; 3527 errout: 3528 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3529 out: 3530 rcu_read_unlock(); 3531 } 3532 3533 void neigh_app_ns(struct neighbour *n) 3534 { 3535 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3536 } 3537 EXPORT_SYMBOL(neigh_app_ns); 3538 3539 #ifdef CONFIG_SYSCTL 3540 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3541 3542 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3543 void *buffer, size_t *lenp, loff_t *ppos) 3544 { 3545 int size, ret; 3546 struct ctl_table tmp = *ctl; 3547 3548 tmp.extra1 = SYSCTL_ZERO; 3549 tmp.extra2 = &unres_qlen_max; 3550 tmp.data = &size; 3551 3552 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3553 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3554 3555 if (write && !ret) 3556 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3557 return ret; 3558 } 3559 3560 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3561 int index) 3562 { 3563 struct net_device *dev; 3564 int family = neigh_parms_family(p); 3565 3566 rcu_read_lock(); 3567 for_each_netdev_rcu(net, dev) { 3568 struct neigh_parms *dst_p = 3569 neigh_get_dev_parms_rcu(dev, family); 3570 3571 if (dst_p && !test_bit(index, dst_p->data_state)) 3572 dst_p->data[index] = p->data[index]; 3573 } 3574 rcu_read_unlock(); 3575 } 3576 3577 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3578 { 3579 struct net_device *dev = ctl->extra1; 3580 struct neigh_parms *p = ctl->extra2; 3581 struct net *net = neigh_parms_net(p); 3582 int index = (int *) ctl->data - p->data; 3583 3584 if (!write) 3585 return; 3586 3587 set_bit(index, p->data_state); 3588 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3589 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3590 if (!dev) /* NULL dev means this is default value */ 3591 neigh_copy_dflt_parms(net, p, index); 3592 } 3593 3594 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3595 void *buffer, size_t *lenp, 3596 loff_t *ppos) 3597 { 3598 struct ctl_table tmp = *ctl; 3599 int ret; 3600 3601 tmp.extra1 = SYSCTL_ZERO; 3602 tmp.extra2 = SYSCTL_INT_MAX; 3603 3604 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3605 neigh_proc_update(ctl, write); 3606 return ret; 3607 } 3608 3609 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3610 void *buffer, size_t *lenp, loff_t *ppos) 3611 { 3612 struct ctl_table tmp = *ctl; 3613 int ret; 3614 3615 int min = msecs_to_jiffies(1); 3616 3617 tmp.extra1 = &min; 3618 tmp.extra2 = NULL; 3619 3620 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3621 neigh_proc_update(ctl, write); 3622 return ret; 3623 } 3624 3625 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3626 size_t *lenp, loff_t *ppos) 3627 { 3628 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3629 3630 neigh_proc_update(ctl, write); 3631 return ret; 3632 } 3633 EXPORT_SYMBOL(neigh_proc_dointvec); 3634 3635 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3636 size_t *lenp, loff_t *ppos) 3637 { 3638 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3639 3640 neigh_proc_update(ctl, write); 3641 return ret; 3642 } 3643 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3644 3645 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3646 void *buffer, size_t *lenp, 3647 loff_t *ppos) 3648 { 3649 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3650 3651 neigh_proc_update(ctl, write); 3652 return ret; 3653 } 3654 3655 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3656 void *buffer, size_t *lenp, loff_t *ppos) 3657 { 3658 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3659 3660 neigh_proc_update(ctl, write); 3661 return ret; 3662 } 3663 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3664 3665 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3666 void *buffer, size_t *lenp, 3667 loff_t *ppos) 3668 { 3669 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3670 3671 neigh_proc_update(ctl, write); 3672 return ret; 3673 } 3674 3675 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3676 void *buffer, size_t *lenp, 3677 loff_t *ppos) 3678 { 3679 struct neigh_parms *p = ctl->extra2; 3680 int ret; 3681 3682 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3683 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3684 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3685 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3686 else 3687 ret = -1; 3688 3689 if (write && ret == 0) { 3690 /* update reachable_time as well, otherwise, the change will 3691 * only be effective after the next time neigh_periodic_work 3692 * decides to recompute it 3693 */ 3694 p->reachable_time = 3695 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3696 } 3697 return ret; 3698 } 3699 3700 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3701 (&((struct neigh_parms *) 0)->data[index]) 3702 3703 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3704 [NEIGH_VAR_ ## attr] = { \ 3705 .procname = name, \ 3706 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3707 .maxlen = sizeof(int), \ 3708 .mode = mval, \ 3709 .proc_handler = proc, \ 3710 } 3711 3712 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3713 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3714 3715 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3716 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3717 3718 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3719 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3720 3721 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3722 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3723 3724 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3725 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3726 3727 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3728 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3729 3730 static struct neigh_sysctl_table { 3731 struct ctl_table_header *sysctl_header; 3732 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3733 } neigh_sysctl_template __read_mostly = { 3734 .neigh_vars = { 3735 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3736 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3737 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3738 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3739 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3740 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3741 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3742 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3743 "interval_probe_time_ms"), 3744 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3745 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3746 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3747 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3748 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3749 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3750 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3751 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3752 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3753 [NEIGH_VAR_GC_INTERVAL] = { 3754 .procname = "gc_interval", 3755 .maxlen = sizeof(int), 3756 .mode = 0644, 3757 .proc_handler = proc_dointvec_jiffies, 3758 }, 3759 [NEIGH_VAR_GC_THRESH1] = { 3760 .procname = "gc_thresh1", 3761 .maxlen = sizeof(int), 3762 .mode = 0644, 3763 .extra1 = SYSCTL_ZERO, 3764 .extra2 = SYSCTL_INT_MAX, 3765 .proc_handler = proc_dointvec_minmax, 3766 }, 3767 [NEIGH_VAR_GC_THRESH2] = { 3768 .procname = "gc_thresh2", 3769 .maxlen = sizeof(int), 3770 .mode = 0644, 3771 .extra1 = SYSCTL_ZERO, 3772 .extra2 = SYSCTL_INT_MAX, 3773 .proc_handler = proc_dointvec_minmax, 3774 }, 3775 [NEIGH_VAR_GC_THRESH3] = { 3776 .procname = "gc_thresh3", 3777 .maxlen = sizeof(int), 3778 .mode = 0644, 3779 .extra1 = SYSCTL_ZERO, 3780 .extra2 = SYSCTL_INT_MAX, 3781 .proc_handler = proc_dointvec_minmax, 3782 }, 3783 }, 3784 }; 3785 3786 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3787 proc_handler *handler) 3788 { 3789 int i; 3790 struct neigh_sysctl_table *t; 3791 const char *dev_name_source; 3792 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3793 char *p_name; 3794 size_t neigh_vars_size; 3795 3796 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3797 if (!t) 3798 goto err; 3799 3800 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3801 t->neigh_vars[i].data += (long) p; 3802 t->neigh_vars[i].extra1 = dev; 3803 t->neigh_vars[i].extra2 = p; 3804 } 3805 3806 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3807 if (dev) { 3808 dev_name_source = dev->name; 3809 /* Terminate the table early */ 3810 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3811 } else { 3812 struct neigh_table *tbl = p->tbl; 3813 dev_name_source = "default"; 3814 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3815 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3816 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3817 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3818 } 3819 3820 if (handler) { 3821 /* RetransTime */ 3822 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3823 /* ReachableTime */ 3824 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3825 /* RetransTime (in milliseconds)*/ 3826 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3827 /* ReachableTime (in milliseconds) */ 3828 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3829 } else { 3830 /* Those handlers will update p->reachable_time after 3831 * base_reachable_time(_ms) is set to ensure the new timer starts being 3832 * applied after the next neighbour update instead of waiting for 3833 * neigh_periodic_work to update its value (can be multiple minutes) 3834 * So any handler that replaces them should do this as well 3835 */ 3836 /* ReachableTime */ 3837 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3838 neigh_proc_base_reachable_time; 3839 /* ReachableTime (in milliseconds) */ 3840 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3841 neigh_proc_base_reachable_time; 3842 } 3843 3844 switch (neigh_parms_family(p)) { 3845 case AF_INET: 3846 p_name = "ipv4"; 3847 break; 3848 case AF_INET6: 3849 p_name = "ipv6"; 3850 break; 3851 default: 3852 BUG(); 3853 } 3854 3855 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3856 p_name, dev_name_source); 3857 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3858 neigh_path, t->neigh_vars, 3859 neigh_vars_size); 3860 if (!t->sysctl_header) 3861 goto free; 3862 3863 p->sysctl_table = t; 3864 return 0; 3865 3866 free: 3867 kfree(t); 3868 err: 3869 return -ENOBUFS; 3870 } 3871 EXPORT_SYMBOL(neigh_sysctl_register); 3872 3873 void neigh_sysctl_unregister(struct neigh_parms *p) 3874 { 3875 if (p->sysctl_table) { 3876 struct neigh_sysctl_table *t = p->sysctl_table; 3877 p->sysctl_table = NULL; 3878 unregister_net_sysctl_table(t->sysctl_header); 3879 kfree(t); 3880 } 3881 } 3882 EXPORT_SYMBOL(neigh_sysctl_unregister); 3883 3884 #endif /* CONFIG_SYSCTL */ 3885 3886 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3887 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3888 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3889 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3890 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3891 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info}, 3892 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3893 }; 3894 3895 static int __init neigh_init(void) 3896 { 3897 rtnl_register_many(neigh_rtnl_msg_handlers); 3898 return 0; 3899 } 3900 3901 subsys_initcall(neigh_init); 3902