1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/sock.h> 32 #include <net/netevent.h> 33 #include <net/netlink.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/random.h> 36 #include <linux/string.h> 37 #include <linux/log2.h> 38 #include <linux/inetdevice.h> 39 #include <net/addrconf.h> 40 41 #include <trace/events/neigh.h> 42 43 #define NEIGH_DEBUG 1 44 #define neigh_dbg(level, fmt, ...) \ 45 do { \ 46 if (level <= NEIGH_DEBUG) \ 47 pr_debug(fmt, ##__VA_ARGS__); \ 48 } while (0) 49 50 #define PNEIGH_HASHMASK 0xF 51 52 static void neigh_timer_handler(struct timer_list *t); 53 static void __neigh_notify(struct neighbour *n, int type, int flags, 54 u32 pid); 55 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 56 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 57 struct net_device *dev, 58 bool skip_perm); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family) 65 { 66 int i; 67 68 switch (family) { 69 default: 70 DEBUG_NET_WARN_ON_ONCE(1); 71 fallthrough; /* to avoid panic by null-ptr-deref */ 72 case AF_INET: 73 i = NEIGH_ARP_TABLE; 74 break; 75 case AF_INET6: 76 i = NEIGH_ND_TABLE; 77 break; 78 } 79 80 return &dev->neighbours[i]; 81 } 82 83 /* 84 Neighbour hash table buckets are protected with rwlock tbl->lock. 85 86 - All the scans/updates to hash buckets MUST be made under this lock. 87 - NOTHING clever should be made under this lock: no callbacks 88 to protocol backends, no attempts to send something to network. 89 It will result in deadlocks, if backend/driver wants to use neighbour 90 cache. 91 - If the entry requires some non-trivial actions, increase 92 its reference count and release table lock. 93 94 Neighbour entries are protected: 95 - with reference count. 96 - with rwlock neigh->lock 97 98 Reference count prevents destruction. 99 100 neigh->lock mainly serializes ll address data and its validity state. 101 However, the same lock is used to protect another entry fields: 102 - timer 103 - resolution queue 104 105 Again, nothing clever shall be made under neigh->lock, 106 the most complicated procedure, which we allow is dev->hard_header. 107 It is supposed, that dev->hard_header is simplistic and does 108 not make callbacks to neighbour tables. 109 */ 110 111 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 112 { 113 kfree_skb(skb); 114 return -ENETDOWN; 115 } 116 117 static void neigh_cleanup_and_release(struct neighbour *neigh) 118 { 119 trace_neigh_cleanup_and_release(neigh, 0); 120 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 121 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 122 neigh_release(neigh); 123 } 124 125 /* 126 * It is random distribution in the interval (1/2)*base...(3/2)*base. 127 * It corresponds to default IPv6 settings and is not overridable, 128 * because it is really reasonable choice. 129 */ 130 131 unsigned long neigh_rand_reach_time(unsigned long base) 132 { 133 return base ? get_random_u32_below(base) + (base >> 1) : 0; 134 } 135 EXPORT_SYMBOL(neigh_rand_reach_time); 136 137 static void neigh_mark_dead(struct neighbour *n) 138 { 139 n->dead = 1; 140 if (!list_empty(&n->gc_list)) { 141 list_del_init(&n->gc_list); 142 atomic_dec(&n->tbl->gc_entries); 143 } 144 if (!list_empty(&n->managed_list)) 145 list_del_init(&n->managed_list); 146 } 147 148 static void neigh_update_gc_list(struct neighbour *n) 149 { 150 bool on_gc_list, exempt_from_gc; 151 152 write_lock_bh(&n->tbl->lock); 153 write_lock(&n->lock); 154 if (n->dead) 155 goto out; 156 157 /* remove from the gc list if new state is permanent or if neighbor 158 * is externally learned; otherwise entry should be on the gc list 159 */ 160 exempt_from_gc = n->nud_state & NUD_PERMANENT || 161 n->flags & NTF_EXT_LEARNED; 162 on_gc_list = !list_empty(&n->gc_list); 163 164 if (exempt_from_gc && on_gc_list) { 165 list_del_init(&n->gc_list); 166 atomic_dec(&n->tbl->gc_entries); 167 } else if (!exempt_from_gc && !on_gc_list) { 168 /* add entries to the tail; cleaning removes from the front */ 169 list_add_tail(&n->gc_list, &n->tbl->gc_list); 170 atomic_inc(&n->tbl->gc_entries); 171 } 172 out: 173 write_unlock(&n->lock); 174 write_unlock_bh(&n->tbl->lock); 175 } 176 177 static void neigh_update_managed_list(struct neighbour *n) 178 { 179 bool on_managed_list, add_to_managed; 180 181 write_lock_bh(&n->tbl->lock); 182 write_lock(&n->lock); 183 if (n->dead) 184 goto out; 185 186 add_to_managed = n->flags & NTF_MANAGED; 187 on_managed_list = !list_empty(&n->managed_list); 188 189 if (!add_to_managed && on_managed_list) 190 list_del_init(&n->managed_list); 191 else if (add_to_managed && !on_managed_list) 192 list_add_tail(&n->managed_list, &n->tbl->managed_list); 193 out: 194 write_unlock(&n->lock); 195 write_unlock_bh(&n->tbl->lock); 196 } 197 198 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 199 bool *gc_update, bool *managed_update) 200 { 201 u32 ndm_flags, old_flags = neigh->flags; 202 203 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 204 return; 205 206 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 207 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 208 209 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 210 if (ndm_flags & NTF_EXT_LEARNED) 211 neigh->flags |= NTF_EXT_LEARNED; 212 else 213 neigh->flags &= ~NTF_EXT_LEARNED; 214 *notify = 1; 215 *gc_update = true; 216 } 217 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 218 if (ndm_flags & NTF_MANAGED) 219 neigh->flags |= NTF_MANAGED; 220 else 221 neigh->flags &= ~NTF_MANAGED; 222 *notify = 1; 223 *managed_update = true; 224 } 225 } 226 227 bool neigh_remove_one(struct neighbour *n) 228 { 229 bool retval = false; 230 231 write_lock(&n->lock); 232 if (refcount_read(&n->refcnt) == 1) { 233 hlist_del_rcu(&n->hash); 234 hlist_del_rcu(&n->dev_list); 235 neigh_mark_dead(n); 236 retval = true; 237 } 238 write_unlock(&n->lock); 239 if (retval) 240 neigh_cleanup_and_release(n); 241 return retval; 242 } 243 244 static int neigh_forced_gc(struct neigh_table *tbl) 245 { 246 int max_clean = atomic_read(&tbl->gc_entries) - 247 READ_ONCE(tbl->gc_thresh2); 248 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 249 unsigned long tref = jiffies - 5 * HZ; 250 struct neighbour *n, *tmp; 251 int shrunk = 0; 252 int loop = 0; 253 254 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 255 256 write_lock_bh(&tbl->lock); 257 258 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 259 if (refcount_read(&n->refcnt) == 1) { 260 bool remove = false; 261 262 write_lock(&n->lock); 263 if ((n->nud_state == NUD_FAILED) || 264 (n->nud_state == NUD_NOARP) || 265 (tbl->is_multicast && 266 tbl->is_multicast(n->primary_key)) || 267 !time_in_range(n->updated, tref, jiffies)) 268 remove = true; 269 write_unlock(&n->lock); 270 271 if (remove && neigh_remove_one(n)) 272 shrunk++; 273 if (shrunk >= max_clean) 274 break; 275 if (++loop == 16) { 276 if (ktime_get_ns() > tmax) 277 goto unlock; 278 loop = 0; 279 } 280 } 281 } 282 283 WRITE_ONCE(tbl->last_flush, jiffies); 284 unlock: 285 write_unlock_bh(&tbl->lock); 286 287 return shrunk; 288 } 289 290 static void neigh_add_timer(struct neighbour *n, unsigned long when) 291 { 292 /* Use safe distance from the jiffies - LONG_MAX point while timer 293 * is running in DELAY/PROBE state but still show to user space 294 * large times in the past. 295 */ 296 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 297 298 neigh_hold(n); 299 if (!time_in_range(n->confirmed, mint, jiffies)) 300 n->confirmed = mint; 301 if (time_before(n->used, n->confirmed)) 302 n->used = n->confirmed; 303 if (unlikely(mod_timer(&n->timer, when))) { 304 printk("NEIGH: BUG, double timer add, state is %x\n", 305 n->nud_state); 306 dump_stack(); 307 } 308 } 309 310 static int neigh_del_timer(struct neighbour *n) 311 { 312 if ((n->nud_state & NUD_IN_TIMER) && 313 timer_delete(&n->timer)) { 314 neigh_release(n); 315 return 1; 316 } 317 return 0; 318 } 319 320 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 321 int family) 322 { 323 switch (family) { 324 case AF_INET: 325 return __in_dev_arp_parms_get_rcu(dev); 326 case AF_INET6: 327 return __in6_dev_nd_parms_get_rcu(dev); 328 } 329 return NULL; 330 } 331 332 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 333 { 334 struct neigh_parms *p; 335 336 rcu_read_lock(); 337 p = neigh_get_dev_parms_rcu(dev, family); 338 if (p) 339 p->qlen--; 340 rcu_read_unlock(); 341 } 342 343 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 344 int family) 345 { 346 struct sk_buff_head tmp; 347 unsigned long flags; 348 struct sk_buff *skb; 349 350 skb_queue_head_init(&tmp); 351 spin_lock_irqsave(&list->lock, flags); 352 skb = skb_peek(list); 353 while (skb != NULL) { 354 struct sk_buff *skb_next = skb_peek_next(skb, list); 355 struct net_device *dev = skb->dev; 356 357 if (net == NULL || net_eq(dev_net(dev), net)) { 358 neigh_parms_qlen_dec(dev, family); 359 __skb_unlink(skb, list); 360 __skb_queue_tail(&tmp, skb); 361 } 362 skb = skb_next; 363 } 364 spin_unlock_irqrestore(&list->lock, flags); 365 366 while ((skb = __skb_dequeue(&tmp))) { 367 dev_put(skb->dev); 368 kfree_skb(skb); 369 } 370 } 371 372 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 373 bool skip_perm) 374 { 375 struct hlist_head *dev_head; 376 struct hlist_node *tmp; 377 struct neighbour *n; 378 379 dev_head = neigh_get_dev_table(dev, tbl->family); 380 381 hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) { 382 if (skip_perm && n->nud_state & NUD_PERMANENT) 383 continue; 384 385 hlist_del_rcu(&n->hash); 386 hlist_del_rcu(&n->dev_list); 387 write_lock(&n->lock); 388 neigh_del_timer(n); 389 neigh_mark_dead(n); 390 if (refcount_read(&n->refcnt) != 1) { 391 /* The most unpleasant situation. 392 * We must destroy neighbour entry, 393 * but someone still uses it. 394 * 395 * The destroy will be delayed until 396 * the last user releases us, but 397 * we must kill timers etc. and move 398 * it to safe state. 399 */ 400 __skb_queue_purge(&n->arp_queue); 401 n->arp_queue_len_bytes = 0; 402 WRITE_ONCE(n->output, neigh_blackhole); 403 if (n->nud_state & NUD_VALID) 404 n->nud_state = NUD_NOARP; 405 else 406 n->nud_state = NUD_NONE; 407 neigh_dbg(2, "neigh %p is stray\n", n); 408 } 409 write_unlock(&n->lock); 410 neigh_cleanup_and_release(n); 411 } 412 } 413 414 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 415 { 416 write_lock_bh(&tbl->lock); 417 neigh_flush_dev(tbl, dev, false); 418 write_unlock_bh(&tbl->lock); 419 } 420 EXPORT_SYMBOL(neigh_changeaddr); 421 422 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 423 bool skip_perm) 424 { 425 write_lock_bh(&tbl->lock); 426 neigh_flush_dev(tbl, dev, skip_perm); 427 pneigh_ifdown_and_unlock(tbl, dev, skip_perm); 428 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 429 tbl->family); 430 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 431 timer_delete_sync(&tbl->proxy_timer); 432 return 0; 433 } 434 435 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 436 { 437 __neigh_ifdown(tbl, dev, true); 438 return 0; 439 } 440 EXPORT_SYMBOL(neigh_carrier_down); 441 442 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 443 { 444 __neigh_ifdown(tbl, dev, false); 445 return 0; 446 } 447 EXPORT_SYMBOL(neigh_ifdown); 448 449 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 450 struct net_device *dev, 451 u32 flags, bool exempt_from_gc) 452 { 453 struct neighbour *n = NULL; 454 unsigned long now = jiffies; 455 int entries, gc_thresh3; 456 457 if (exempt_from_gc) 458 goto do_alloc; 459 460 entries = atomic_inc_return(&tbl->gc_entries) - 1; 461 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 462 if (entries >= gc_thresh3 || 463 (entries >= READ_ONCE(tbl->gc_thresh2) && 464 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 465 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 466 net_info_ratelimited("%s: neighbor table overflow!\n", 467 tbl->id); 468 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 469 goto out_entries; 470 } 471 } 472 473 do_alloc: 474 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 475 if (!n) 476 goto out_entries; 477 478 __skb_queue_head_init(&n->arp_queue); 479 rwlock_init(&n->lock); 480 seqlock_init(&n->ha_lock); 481 n->updated = n->used = now; 482 n->nud_state = NUD_NONE; 483 n->output = neigh_blackhole; 484 n->flags = flags; 485 seqlock_init(&n->hh.hh_lock); 486 n->parms = neigh_parms_clone(&tbl->parms); 487 timer_setup(&n->timer, neigh_timer_handler, 0); 488 489 NEIGH_CACHE_STAT_INC(tbl, allocs); 490 n->tbl = tbl; 491 refcount_set(&n->refcnt, 1); 492 n->dead = 1; 493 INIT_LIST_HEAD(&n->gc_list); 494 INIT_LIST_HEAD(&n->managed_list); 495 496 atomic_inc(&tbl->entries); 497 out: 498 return n; 499 500 out_entries: 501 if (!exempt_from_gc) 502 atomic_dec(&tbl->gc_entries); 503 goto out; 504 } 505 506 static void neigh_get_hash_rnd(u32 *x) 507 { 508 *x = get_random_u32() | 1; 509 } 510 511 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 512 { 513 size_t size = (1 << shift) * sizeof(struct hlist_head); 514 struct hlist_head *hash_heads; 515 struct neigh_hash_table *ret; 516 int i; 517 518 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 519 if (!ret) 520 return NULL; 521 522 hash_heads = kzalloc(size, GFP_ATOMIC); 523 if (!hash_heads) { 524 kfree(ret); 525 return NULL; 526 } 527 ret->hash_heads = hash_heads; 528 ret->hash_shift = shift; 529 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 530 neigh_get_hash_rnd(&ret->hash_rnd[i]); 531 return ret; 532 } 533 534 static void neigh_hash_free_rcu(struct rcu_head *head) 535 { 536 struct neigh_hash_table *nht = container_of(head, 537 struct neigh_hash_table, 538 rcu); 539 540 kfree(nht->hash_heads); 541 kfree(nht); 542 } 543 544 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 545 unsigned long new_shift) 546 { 547 unsigned int i, hash; 548 struct neigh_hash_table *new_nht, *old_nht; 549 550 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 551 552 old_nht = rcu_dereference_protected(tbl->nht, 553 lockdep_is_held(&tbl->lock)); 554 new_nht = neigh_hash_alloc(new_shift); 555 if (!new_nht) 556 return old_nht; 557 558 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 559 struct hlist_node *tmp; 560 struct neighbour *n; 561 562 neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) { 563 hash = tbl->hash(n->primary_key, n->dev, 564 new_nht->hash_rnd); 565 566 hash >>= (32 - new_nht->hash_shift); 567 568 hlist_del_rcu(&n->hash); 569 hlist_add_head_rcu(&n->hash, &new_nht->hash_heads[hash]); 570 } 571 } 572 573 rcu_assign_pointer(tbl->nht, new_nht); 574 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 575 return new_nht; 576 } 577 578 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 579 struct net_device *dev) 580 { 581 struct neighbour *n; 582 583 NEIGH_CACHE_STAT_INC(tbl, lookups); 584 585 rcu_read_lock(); 586 n = __neigh_lookup_noref(tbl, pkey, dev); 587 if (n) { 588 if (!refcount_inc_not_zero(&n->refcnt)) 589 n = NULL; 590 NEIGH_CACHE_STAT_INC(tbl, hits); 591 } 592 593 rcu_read_unlock(); 594 return n; 595 } 596 EXPORT_SYMBOL(neigh_lookup); 597 598 static struct neighbour * 599 ___neigh_create(struct neigh_table *tbl, const void *pkey, 600 struct net_device *dev, u32 flags, 601 bool exempt_from_gc, bool want_ref) 602 { 603 u32 hash_val, key_len = tbl->key_len; 604 struct neighbour *n1, *rc, *n; 605 struct neigh_hash_table *nht; 606 int error; 607 608 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 609 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 610 if (!n) { 611 rc = ERR_PTR(-ENOBUFS); 612 goto out; 613 } 614 615 memcpy(n->primary_key, pkey, key_len); 616 n->dev = dev; 617 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 618 619 /* Protocol specific setup. */ 620 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 621 rc = ERR_PTR(error); 622 goto out_neigh_release; 623 } 624 625 if (dev->netdev_ops->ndo_neigh_construct) { 626 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 627 if (error < 0) { 628 rc = ERR_PTR(error); 629 goto out_neigh_release; 630 } 631 } 632 633 /* Device specific setup. */ 634 if (n->parms->neigh_setup && 635 (error = n->parms->neigh_setup(n)) < 0) { 636 rc = ERR_PTR(error); 637 goto out_neigh_release; 638 } 639 640 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 641 642 write_lock_bh(&tbl->lock); 643 nht = rcu_dereference_protected(tbl->nht, 644 lockdep_is_held(&tbl->lock)); 645 646 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 647 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 648 649 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 650 651 if (n->parms->dead) { 652 rc = ERR_PTR(-EINVAL); 653 goto out_tbl_unlock; 654 } 655 656 neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) { 657 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 658 if (want_ref) 659 neigh_hold(n1); 660 rc = n1; 661 goto out_tbl_unlock; 662 } 663 } 664 665 n->dead = 0; 666 if (!exempt_from_gc) 667 list_add_tail(&n->gc_list, &n->tbl->gc_list); 668 if (n->flags & NTF_MANAGED) 669 list_add_tail(&n->managed_list, &n->tbl->managed_list); 670 if (want_ref) 671 neigh_hold(n); 672 hlist_add_head_rcu(&n->hash, &nht->hash_heads[hash_val]); 673 674 hlist_add_head_rcu(&n->dev_list, 675 neigh_get_dev_table(dev, tbl->family)); 676 677 write_unlock_bh(&tbl->lock); 678 neigh_dbg(2, "neigh %p is created\n", n); 679 rc = n; 680 out: 681 return rc; 682 out_tbl_unlock: 683 write_unlock_bh(&tbl->lock); 684 out_neigh_release: 685 if (!exempt_from_gc) 686 atomic_dec(&tbl->gc_entries); 687 neigh_release(n); 688 goto out; 689 } 690 691 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 692 struct net_device *dev, bool want_ref) 693 { 694 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 695 696 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 697 } 698 EXPORT_SYMBOL(__neigh_create); 699 700 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 701 { 702 u32 hash_val = *(u32 *)(pkey + key_len - 4); 703 hash_val ^= (hash_val >> 16); 704 hash_val ^= hash_val >> 8; 705 hash_val ^= hash_val >> 4; 706 hash_val &= PNEIGH_HASHMASK; 707 return hash_val; 708 } 709 710 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 711 struct net *net, 712 const void *pkey, 713 unsigned int key_len, 714 struct net_device *dev) 715 { 716 while (n) { 717 if (!memcmp(n->key, pkey, key_len) && 718 net_eq(pneigh_net(n), net) && 719 (n->dev == dev || !n->dev)) 720 return n; 721 n = n->next; 722 } 723 return NULL; 724 } 725 726 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 727 struct net *net, const void *pkey, struct net_device *dev) 728 { 729 unsigned int key_len = tbl->key_len; 730 u32 hash_val = pneigh_hash(pkey, key_len); 731 732 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 733 net, pkey, key_len, dev); 734 } 735 EXPORT_SYMBOL_GPL(__pneigh_lookup); 736 737 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 738 struct net *net, const void *pkey, 739 struct net_device *dev, int creat) 740 { 741 struct pneigh_entry *n; 742 unsigned int key_len = tbl->key_len; 743 u32 hash_val = pneigh_hash(pkey, key_len); 744 745 read_lock_bh(&tbl->lock); 746 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 747 net, pkey, key_len, dev); 748 read_unlock_bh(&tbl->lock); 749 750 if (n || !creat) 751 goto out; 752 753 ASSERT_RTNL(); 754 755 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 756 if (!n) 757 goto out; 758 759 write_pnet(&n->net, net); 760 memcpy(n->key, pkey, key_len); 761 n->dev = dev; 762 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 763 764 if (tbl->pconstructor && tbl->pconstructor(n)) { 765 netdev_put(dev, &n->dev_tracker); 766 kfree(n); 767 n = NULL; 768 goto out; 769 } 770 771 write_lock_bh(&tbl->lock); 772 n->next = tbl->phash_buckets[hash_val]; 773 tbl->phash_buckets[hash_val] = n; 774 write_unlock_bh(&tbl->lock); 775 out: 776 return n; 777 } 778 EXPORT_SYMBOL(pneigh_lookup); 779 780 781 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 782 struct net_device *dev) 783 { 784 struct pneigh_entry *n, **np; 785 unsigned int key_len = tbl->key_len; 786 u32 hash_val = pneigh_hash(pkey, key_len); 787 788 write_lock_bh(&tbl->lock); 789 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 790 np = &n->next) { 791 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 792 net_eq(pneigh_net(n), net)) { 793 *np = n->next; 794 write_unlock_bh(&tbl->lock); 795 if (tbl->pdestructor) 796 tbl->pdestructor(n); 797 netdev_put(n->dev, &n->dev_tracker); 798 kfree(n); 799 return 0; 800 } 801 } 802 write_unlock_bh(&tbl->lock); 803 return -ENOENT; 804 } 805 806 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 807 struct net_device *dev, 808 bool skip_perm) 809 { 810 struct pneigh_entry *n, **np, *freelist = NULL; 811 u32 h; 812 813 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 814 np = &tbl->phash_buckets[h]; 815 while ((n = *np) != NULL) { 816 if (skip_perm && n->permanent) 817 goto skip; 818 if (!dev || n->dev == dev) { 819 *np = n->next; 820 n->next = freelist; 821 freelist = n; 822 continue; 823 } 824 skip: 825 np = &n->next; 826 } 827 } 828 write_unlock_bh(&tbl->lock); 829 while ((n = freelist)) { 830 freelist = n->next; 831 n->next = NULL; 832 if (tbl->pdestructor) 833 tbl->pdestructor(n); 834 netdev_put(n->dev, &n->dev_tracker); 835 kfree(n); 836 } 837 return -ENOENT; 838 } 839 840 static inline void neigh_parms_put(struct neigh_parms *parms) 841 { 842 if (refcount_dec_and_test(&parms->refcnt)) 843 kfree(parms); 844 } 845 846 /* 847 * neighbour must already be out of the table; 848 * 849 */ 850 void neigh_destroy(struct neighbour *neigh) 851 { 852 struct net_device *dev = neigh->dev; 853 854 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 855 856 if (!neigh->dead) { 857 pr_warn("Destroying alive neighbour %p\n", neigh); 858 dump_stack(); 859 return; 860 } 861 862 if (neigh_del_timer(neigh)) 863 pr_warn("Impossible event\n"); 864 865 write_lock_bh(&neigh->lock); 866 __skb_queue_purge(&neigh->arp_queue); 867 write_unlock_bh(&neigh->lock); 868 neigh->arp_queue_len_bytes = 0; 869 870 if (dev->netdev_ops->ndo_neigh_destroy) 871 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 872 873 netdev_put(dev, &neigh->dev_tracker); 874 neigh_parms_put(neigh->parms); 875 876 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 877 878 atomic_dec(&neigh->tbl->entries); 879 kfree_rcu(neigh, rcu); 880 } 881 EXPORT_SYMBOL(neigh_destroy); 882 883 /* Neighbour state is suspicious; 884 disable fast path. 885 886 Called with write_locked neigh. 887 */ 888 static void neigh_suspect(struct neighbour *neigh) 889 { 890 neigh_dbg(2, "neigh %p is suspected\n", neigh); 891 892 WRITE_ONCE(neigh->output, neigh->ops->output); 893 } 894 895 /* Neighbour state is OK; 896 enable fast path. 897 898 Called with write_locked neigh. 899 */ 900 static void neigh_connect(struct neighbour *neigh) 901 { 902 neigh_dbg(2, "neigh %p is connected\n", neigh); 903 904 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 905 } 906 907 static void neigh_periodic_work(struct work_struct *work) 908 { 909 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 910 struct neigh_hash_table *nht; 911 struct hlist_node *tmp; 912 struct neighbour *n; 913 unsigned int i; 914 915 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 916 917 write_lock_bh(&tbl->lock); 918 nht = rcu_dereference_protected(tbl->nht, 919 lockdep_is_held(&tbl->lock)); 920 921 /* 922 * periodically recompute ReachableTime from random function 923 */ 924 925 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 926 struct neigh_parms *p; 927 928 WRITE_ONCE(tbl->last_rand, jiffies); 929 list_for_each_entry(p, &tbl->parms_list, list) 930 p->reachable_time = 931 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 932 } 933 934 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 935 goto out; 936 937 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 938 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) { 939 unsigned int state; 940 941 write_lock(&n->lock); 942 943 state = n->nud_state; 944 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 945 (n->flags & NTF_EXT_LEARNED)) { 946 write_unlock(&n->lock); 947 continue; 948 } 949 950 if (time_before(n->used, n->confirmed) && 951 time_is_before_eq_jiffies(n->confirmed)) 952 n->used = n->confirmed; 953 954 if (refcount_read(&n->refcnt) == 1 && 955 (state == NUD_FAILED || 956 !time_in_range_open(jiffies, n->used, 957 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 958 hlist_del_rcu(&n->hash); 959 hlist_del_rcu(&n->dev_list); 960 neigh_mark_dead(n); 961 write_unlock(&n->lock); 962 neigh_cleanup_and_release(n); 963 continue; 964 } 965 write_unlock(&n->lock); 966 } 967 /* 968 * It's fine to release lock here, even if hash table 969 * grows while we are preempted. 970 */ 971 write_unlock_bh(&tbl->lock); 972 cond_resched(); 973 write_lock_bh(&tbl->lock); 974 nht = rcu_dereference_protected(tbl->nht, 975 lockdep_is_held(&tbl->lock)); 976 } 977 out: 978 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 979 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 980 * BASE_REACHABLE_TIME. 981 */ 982 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 983 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 984 write_unlock_bh(&tbl->lock); 985 } 986 987 static __inline__ int neigh_max_probes(struct neighbour *n) 988 { 989 struct neigh_parms *p = n->parms; 990 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 991 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 992 NEIGH_VAR(p, MCAST_PROBES)); 993 } 994 995 static void neigh_invalidate(struct neighbour *neigh) 996 __releases(neigh->lock) 997 __acquires(neigh->lock) 998 { 999 struct sk_buff *skb; 1000 1001 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1002 neigh_dbg(2, "neigh %p is failed\n", neigh); 1003 neigh->updated = jiffies; 1004 1005 /* It is very thin place. report_unreachable is very complicated 1006 routine. Particularly, it can hit the same neighbour entry! 1007 1008 So that, we try to be accurate and avoid dead loop. --ANK 1009 */ 1010 while (neigh->nud_state == NUD_FAILED && 1011 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1012 write_unlock(&neigh->lock); 1013 neigh->ops->error_report(neigh, skb); 1014 write_lock(&neigh->lock); 1015 } 1016 __skb_queue_purge(&neigh->arp_queue); 1017 neigh->arp_queue_len_bytes = 0; 1018 } 1019 1020 static void neigh_probe(struct neighbour *neigh) 1021 __releases(neigh->lock) 1022 { 1023 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1024 /* keep skb alive even if arp_queue overflows */ 1025 if (skb) 1026 skb = skb_clone(skb, GFP_ATOMIC); 1027 write_unlock(&neigh->lock); 1028 if (neigh->ops->solicit) 1029 neigh->ops->solicit(neigh, skb); 1030 atomic_inc(&neigh->probes); 1031 consume_skb(skb); 1032 } 1033 1034 /* Called when a timer expires for a neighbour entry. */ 1035 1036 static void neigh_timer_handler(struct timer_list *t) 1037 { 1038 unsigned long now, next; 1039 struct neighbour *neigh = timer_container_of(neigh, t, timer); 1040 unsigned int state; 1041 int notify = 0; 1042 1043 write_lock(&neigh->lock); 1044 1045 state = neigh->nud_state; 1046 now = jiffies; 1047 next = now + HZ; 1048 1049 if (!(state & NUD_IN_TIMER)) 1050 goto out; 1051 1052 if (state & NUD_REACHABLE) { 1053 if (time_before_eq(now, 1054 neigh->confirmed + neigh->parms->reachable_time)) { 1055 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1056 next = neigh->confirmed + neigh->parms->reachable_time; 1057 } else if (time_before_eq(now, 1058 neigh->used + 1059 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1060 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1061 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1062 neigh->updated = jiffies; 1063 neigh_suspect(neigh); 1064 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1065 } else { 1066 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1067 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1068 neigh->updated = jiffies; 1069 neigh_suspect(neigh); 1070 notify = 1; 1071 } 1072 } else if (state & NUD_DELAY) { 1073 if (time_before_eq(now, 1074 neigh->confirmed + 1075 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1076 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1077 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1078 neigh->updated = jiffies; 1079 neigh_connect(neigh); 1080 notify = 1; 1081 next = neigh->confirmed + neigh->parms->reachable_time; 1082 } else { 1083 neigh_dbg(2, "neigh %p is probed\n", neigh); 1084 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1085 neigh->updated = jiffies; 1086 atomic_set(&neigh->probes, 0); 1087 notify = 1; 1088 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1089 HZ/100); 1090 } 1091 } else { 1092 /* NUD_PROBE|NUD_INCOMPLETE */ 1093 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1094 } 1095 1096 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1097 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1098 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1099 notify = 1; 1100 neigh_invalidate(neigh); 1101 goto out; 1102 } 1103 1104 if (neigh->nud_state & NUD_IN_TIMER) { 1105 if (time_before(next, jiffies + HZ/100)) 1106 next = jiffies + HZ/100; 1107 if (!mod_timer(&neigh->timer, next)) 1108 neigh_hold(neigh); 1109 } 1110 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1111 neigh_probe(neigh); 1112 } else { 1113 out: 1114 write_unlock(&neigh->lock); 1115 } 1116 1117 if (notify) 1118 neigh_update_notify(neigh, 0); 1119 1120 trace_neigh_timer_handler(neigh, 0); 1121 1122 neigh_release(neigh); 1123 } 1124 1125 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1126 const bool immediate_ok) 1127 { 1128 int rc; 1129 bool immediate_probe = false; 1130 1131 write_lock_bh(&neigh->lock); 1132 1133 rc = 0; 1134 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1135 goto out_unlock_bh; 1136 if (neigh->dead) 1137 goto out_dead; 1138 1139 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1140 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1141 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1142 unsigned long next, now = jiffies; 1143 1144 atomic_set(&neigh->probes, 1145 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1146 neigh_del_timer(neigh); 1147 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1148 neigh->updated = now; 1149 if (!immediate_ok) { 1150 next = now + 1; 1151 } else { 1152 immediate_probe = true; 1153 next = now + max(NEIGH_VAR(neigh->parms, 1154 RETRANS_TIME), 1155 HZ / 100); 1156 } 1157 neigh_add_timer(neigh, next); 1158 } else { 1159 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1160 neigh->updated = jiffies; 1161 write_unlock_bh(&neigh->lock); 1162 1163 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1164 return 1; 1165 } 1166 } else if (neigh->nud_state & NUD_STALE) { 1167 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1168 neigh_del_timer(neigh); 1169 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1170 neigh->updated = jiffies; 1171 neigh_add_timer(neigh, jiffies + 1172 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1173 } 1174 1175 if (neigh->nud_state == NUD_INCOMPLETE) { 1176 if (skb) { 1177 while (neigh->arp_queue_len_bytes + skb->truesize > 1178 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1179 struct sk_buff *buff; 1180 1181 buff = __skb_dequeue(&neigh->arp_queue); 1182 if (!buff) 1183 break; 1184 neigh->arp_queue_len_bytes -= buff->truesize; 1185 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1186 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1187 } 1188 skb_dst_force(skb); 1189 __skb_queue_tail(&neigh->arp_queue, skb); 1190 neigh->arp_queue_len_bytes += skb->truesize; 1191 } 1192 rc = 1; 1193 } 1194 out_unlock_bh: 1195 if (immediate_probe) 1196 neigh_probe(neigh); 1197 else 1198 write_unlock(&neigh->lock); 1199 local_bh_enable(); 1200 trace_neigh_event_send_done(neigh, rc); 1201 return rc; 1202 1203 out_dead: 1204 if (neigh->nud_state & NUD_STALE) 1205 goto out_unlock_bh; 1206 write_unlock_bh(&neigh->lock); 1207 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1208 trace_neigh_event_send_dead(neigh, 1); 1209 return 1; 1210 } 1211 EXPORT_SYMBOL(__neigh_event_send); 1212 1213 static void neigh_update_hhs(struct neighbour *neigh) 1214 { 1215 struct hh_cache *hh; 1216 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1217 = NULL; 1218 1219 if (neigh->dev->header_ops) 1220 update = neigh->dev->header_ops->cache_update; 1221 1222 if (update) { 1223 hh = &neigh->hh; 1224 if (READ_ONCE(hh->hh_len)) { 1225 write_seqlock_bh(&hh->hh_lock); 1226 update(hh, neigh->dev, neigh->ha); 1227 write_sequnlock_bh(&hh->hh_lock); 1228 } 1229 } 1230 } 1231 1232 /* Generic update routine. 1233 -- lladdr is new lladdr or NULL, if it is not supplied. 1234 -- new is new state. 1235 -- flags 1236 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1237 if it is different. 1238 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1239 lladdr instead of overriding it 1240 if it is different. 1241 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1242 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1243 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1244 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1245 NTF_ROUTER flag. 1246 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1247 a router. 1248 1249 Caller MUST hold reference count on the entry. 1250 */ 1251 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1252 u8 new, u32 flags, u32 nlmsg_pid, 1253 struct netlink_ext_ack *extack) 1254 { 1255 bool gc_update = false, managed_update = false; 1256 int update_isrouter = 0; 1257 struct net_device *dev; 1258 int err, notify = 0; 1259 u8 old; 1260 1261 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1262 1263 write_lock_bh(&neigh->lock); 1264 1265 dev = neigh->dev; 1266 old = neigh->nud_state; 1267 err = -EPERM; 1268 1269 if (neigh->dead) { 1270 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1271 new = old; 1272 goto out; 1273 } 1274 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1275 (old & (NUD_NOARP | NUD_PERMANENT))) 1276 goto out; 1277 1278 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1279 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1280 new = old & ~NUD_PERMANENT; 1281 WRITE_ONCE(neigh->nud_state, new); 1282 err = 0; 1283 goto out; 1284 } 1285 1286 if (!(new & NUD_VALID)) { 1287 neigh_del_timer(neigh); 1288 if (old & NUD_CONNECTED) 1289 neigh_suspect(neigh); 1290 WRITE_ONCE(neigh->nud_state, new); 1291 err = 0; 1292 notify = old & NUD_VALID; 1293 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1294 (new & NUD_FAILED)) { 1295 neigh_invalidate(neigh); 1296 notify = 1; 1297 } 1298 goto out; 1299 } 1300 1301 /* Compare new lladdr with cached one */ 1302 if (!dev->addr_len) { 1303 /* First case: device needs no address. */ 1304 lladdr = neigh->ha; 1305 } else if (lladdr) { 1306 /* The second case: if something is already cached 1307 and a new address is proposed: 1308 - compare new & old 1309 - if they are different, check override flag 1310 */ 1311 if ((old & NUD_VALID) && 1312 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1313 lladdr = neigh->ha; 1314 } else { 1315 /* No address is supplied; if we know something, 1316 use it, otherwise discard the request. 1317 */ 1318 err = -EINVAL; 1319 if (!(old & NUD_VALID)) { 1320 NL_SET_ERR_MSG(extack, "No link layer address given"); 1321 goto out; 1322 } 1323 lladdr = neigh->ha; 1324 } 1325 1326 /* Update confirmed timestamp for neighbour entry after we 1327 * received ARP packet even if it doesn't change IP to MAC binding. 1328 */ 1329 if (new & NUD_CONNECTED) 1330 neigh->confirmed = jiffies; 1331 1332 /* If entry was valid and address is not changed, 1333 do not change entry state, if new one is STALE. 1334 */ 1335 err = 0; 1336 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1337 if (old & NUD_VALID) { 1338 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1339 update_isrouter = 0; 1340 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1341 (old & NUD_CONNECTED)) { 1342 lladdr = neigh->ha; 1343 new = NUD_STALE; 1344 } else 1345 goto out; 1346 } else { 1347 if (lladdr == neigh->ha && new == NUD_STALE && 1348 !(flags & NEIGH_UPDATE_F_ADMIN)) 1349 new = old; 1350 } 1351 } 1352 1353 /* Update timestamp only once we know we will make a change to the 1354 * neighbour entry. Otherwise we risk to move the locktime window with 1355 * noop updates and ignore relevant ARP updates. 1356 */ 1357 if (new != old || lladdr != neigh->ha) 1358 neigh->updated = jiffies; 1359 1360 if (new != old) { 1361 neigh_del_timer(neigh); 1362 if (new & NUD_PROBE) 1363 atomic_set(&neigh->probes, 0); 1364 if (new & NUD_IN_TIMER) 1365 neigh_add_timer(neigh, (jiffies + 1366 ((new & NUD_REACHABLE) ? 1367 neigh->parms->reachable_time : 1368 0))); 1369 WRITE_ONCE(neigh->nud_state, new); 1370 notify = 1; 1371 } 1372 1373 if (lladdr != neigh->ha) { 1374 write_seqlock(&neigh->ha_lock); 1375 memcpy(&neigh->ha, lladdr, dev->addr_len); 1376 write_sequnlock(&neigh->ha_lock); 1377 neigh_update_hhs(neigh); 1378 if (!(new & NUD_CONNECTED)) 1379 neigh->confirmed = jiffies - 1380 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1381 notify = 1; 1382 } 1383 if (new == old) 1384 goto out; 1385 if (new & NUD_CONNECTED) 1386 neigh_connect(neigh); 1387 else 1388 neigh_suspect(neigh); 1389 if (!(old & NUD_VALID)) { 1390 struct sk_buff *skb; 1391 1392 /* Again: avoid dead loop if something went wrong */ 1393 1394 while (neigh->nud_state & NUD_VALID && 1395 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1396 struct dst_entry *dst = skb_dst(skb); 1397 struct neighbour *n2, *n1 = neigh; 1398 write_unlock_bh(&neigh->lock); 1399 1400 rcu_read_lock(); 1401 1402 /* Why not just use 'neigh' as-is? The problem is that 1403 * things such as shaper, eql, and sch_teql can end up 1404 * using alternative, different, neigh objects to output 1405 * the packet in the output path. So what we need to do 1406 * here is re-lookup the top-level neigh in the path so 1407 * we can reinject the packet there. 1408 */ 1409 n2 = NULL; 1410 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1411 n2 = dst_neigh_lookup_skb(dst, skb); 1412 if (n2) 1413 n1 = n2; 1414 } 1415 READ_ONCE(n1->output)(n1, skb); 1416 if (n2) 1417 neigh_release(n2); 1418 rcu_read_unlock(); 1419 1420 write_lock_bh(&neigh->lock); 1421 } 1422 __skb_queue_purge(&neigh->arp_queue); 1423 neigh->arp_queue_len_bytes = 0; 1424 } 1425 out: 1426 if (update_isrouter) 1427 neigh_update_is_router(neigh, flags, ¬ify); 1428 write_unlock_bh(&neigh->lock); 1429 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1430 neigh_update_gc_list(neigh); 1431 if (managed_update) 1432 neigh_update_managed_list(neigh); 1433 if (notify) 1434 neigh_update_notify(neigh, nlmsg_pid); 1435 trace_neigh_update_done(neigh, err); 1436 return err; 1437 } 1438 1439 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1440 u32 flags, u32 nlmsg_pid) 1441 { 1442 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1443 } 1444 EXPORT_SYMBOL(neigh_update); 1445 1446 /* Update the neigh to listen temporarily for probe responses, even if it is 1447 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1448 */ 1449 void __neigh_set_probe_once(struct neighbour *neigh) 1450 { 1451 if (neigh->dead) 1452 return; 1453 neigh->updated = jiffies; 1454 if (!(neigh->nud_state & NUD_FAILED)) 1455 return; 1456 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1457 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1458 neigh_add_timer(neigh, 1459 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1460 HZ/100)); 1461 } 1462 EXPORT_SYMBOL(__neigh_set_probe_once); 1463 1464 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1465 u8 *lladdr, void *saddr, 1466 struct net_device *dev) 1467 { 1468 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1469 lladdr || !dev->addr_len); 1470 if (neigh) 1471 neigh_update(neigh, lladdr, NUD_STALE, 1472 NEIGH_UPDATE_F_OVERRIDE, 0); 1473 return neigh; 1474 } 1475 EXPORT_SYMBOL(neigh_event_ns); 1476 1477 /* called with read_lock_bh(&n->lock); */ 1478 static void neigh_hh_init(struct neighbour *n) 1479 { 1480 struct net_device *dev = n->dev; 1481 __be16 prot = n->tbl->protocol; 1482 struct hh_cache *hh = &n->hh; 1483 1484 write_lock_bh(&n->lock); 1485 1486 /* Only one thread can come in here and initialize the 1487 * hh_cache entry. 1488 */ 1489 if (!hh->hh_len) 1490 dev->header_ops->cache(n, hh, prot); 1491 1492 write_unlock_bh(&n->lock); 1493 } 1494 1495 /* Slow and careful. */ 1496 1497 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1498 { 1499 int rc = 0; 1500 1501 if (!neigh_event_send(neigh, skb)) { 1502 int err; 1503 struct net_device *dev = neigh->dev; 1504 unsigned int seq; 1505 1506 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1507 neigh_hh_init(neigh); 1508 1509 do { 1510 __skb_pull(skb, skb_network_offset(skb)); 1511 seq = read_seqbegin(&neigh->ha_lock); 1512 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1513 neigh->ha, NULL, skb->len); 1514 } while (read_seqretry(&neigh->ha_lock, seq)); 1515 1516 if (err >= 0) 1517 rc = dev_queue_xmit(skb); 1518 else 1519 goto out_kfree_skb; 1520 } 1521 out: 1522 return rc; 1523 out_kfree_skb: 1524 rc = -EINVAL; 1525 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1526 goto out; 1527 } 1528 EXPORT_SYMBOL(neigh_resolve_output); 1529 1530 /* As fast as possible without hh cache */ 1531 1532 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1533 { 1534 struct net_device *dev = neigh->dev; 1535 unsigned int seq; 1536 int err; 1537 1538 do { 1539 __skb_pull(skb, skb_network_offset(skb)); 1540 seq = read_seqbegin(&neigh->ha_lock); 1541 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1542 neigh->ha, NULL, skb->len); 1543 } while (read_seqretry(&neigh->ha_lock, seq)); 1544 1545 if (err >= 0) 1546 err = dev_queue_xmit(skb); 1547 else { 1548 err = -EINVAL; 1549 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_HH_FILLFAIL); 1550 } 1551 return err; 1552 } 1553 EXPORT_SYMBOL(neigh_connected_output); 1554 1555 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1556 { 1557 return dev_queue_xmit(skb); 1558 } 1559 EXPORT_SYMBOL(neigh_direct_output); 1560 1561 static void neigh_managed_work(struct work_struct *work) 1562 { 1563 struct neigh_table *tbl = container_of(work, struct neigh_table, 1564 managed_work.work); 1565 struct neighbour *neigh; 1566 1567 write_lock_bh(&tbl->lock); 1568 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1569 neigh_event_send_probe(neigh, NULL, false); 1570 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1571 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1572 write_unlock_bh(&tbl->lock); 1573 } 1574 1575 static void neigh_proxy_process(struct timer_list *t) 1576 { 1577 struct neigh_table *tbl = timer_container_of(tbl, t, proxy_timer); 1578 long sched_next = 0; 1579 unsigned long now = jiffies; 1580 struct sk_buff *skb, *n; 1581 1582 spin_lock(&tbl->proxy_queue.lock); 1583 1584 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1585 long tdif = NEIGH_CB(skb)->sched_next - now; 1586 1587 if (tdif <= 0) { 1588 struct net_device *dev = skb->dev; 1589 1590 neigh_parms_qlen_dec(dev, tbl->family); 1591 __skb_unlink(skb, &tbl->proxy_queue); 1592 1593 if (tbl->proxy_redo && netif_running(dev)) { 1594 rcu_read_lock(); 1595 tbl->proxy_redo(skb); 1596 rcu_read_unlock(); 1597 } else { 1598 kfree_skb(skb); 1599 } 1600 1601 dev_put(dev); 1602 } else if (!sched_next || tdif < sched_next) 1603 sched_next = tdif; 1604 } 1605 timer_delete(&tbl->proxy_timer); 1606 if (sched_next) 1607 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1608 spin_unlock(&tbl->proxy_queue.lock); 1609 } 1610 1611 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1612 { 1613 /* If proxy_delay is zero, do not call get_random_u32_below() 1614 * as it is undefined behavior. 1615 */ 1616 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1617 1618 return proxy_delay ? 1619 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1620 } 1621 1622 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1623 struct sk_buff *skb) 1624 { 1625 unsigned long sched_next = neigh_proxy_delay(p); 1626 1627 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1628 kfree_skb(skb); 1629 return; 1630 } 1631 1632 NEIGH_CB(skb)->sched_next = sched_next; 1633 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1634 1635 spin_lock(&tbl->proxy_queue.lock); 1636 if (timer_delete(&tbl->proxy_timer)) { 1637 if (time_before(tbl->proxy_timer.expires, sched_next)) 1638 sched_next = tbl->proxy_timer.expires; 1639 } 1640 skb_dst_drop(skb); 1641 dev_hold(skb->dev); 1642 __skb_queue_tail(&tbl->proxy_queue, skb); 1643 p->qlen++; 1644 mod_timer(&tbl->proxy_timer, sched_next); 1645 spin_unlock(&tbl->proxy_queue.lock); 1646 } 1647 EXPORT_SYMBOL(pneigh_enqueue); 1648 1649 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1650 struct net *net, int ifindex) 1651 { 1652 struct neigh_parms *p; 1653 1654 list_for_each_entry(p, &tbl->parms_list, list) { 1655 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1656 (!p->dev && !ifindex && net_eq(net, &init_net))) 1657 return p; 1658 } 1659 1660 return NULL; 1661 } 1662 1663 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1664 struct neigh_table *tbl) 1665 { 1666 struct neigh_parms *p; 1667 struct net *net = dev_net(dev); 1668 const struct net_device_ops *ops = dev->netdev_ops; 1669 1670 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1671 if (p) { 1672 p->tbl = tbl; 1673 refcount_set(&p->refcnt, 1); 1674 p->reachable_time = 1675 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1676 p->qlen = 0; 1677 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1678 p->dev = dev; 1679 write_pnet(&p->net, net); 1680 p->sysctl_table = NULL; 1681 1682 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1683 netdev_put(dev, &p->dev_tracker); 1684 kfree(p); 1685 return NULL; 1686 } 1687 1688 write_lock_bh(&tbl->lock); 1689 list_add(&p->list, &tbl->parms.list); 1690 write_unlock_bh(&tbl->lock); 1691 1692 neigh_parms_data_state_cleanall(p); 1693 } 1694 return p; 1695 } 1696 EXPORT_SYMBOL(neigh_parms_alloc); 1697 1698 static void neigh_rcu_free_parms(struct rcu_head *head) 1699 { 1700 struct neigh_parms *parms = 1701 container_of(head, struct neigh_parms, rcu_head); 1702 1703 neigh_parms_put(parms); 1704 } 1705 1706 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1707 { 1708 if (!parms || parms == &tbl->parms) 1709 return; 1710 write_lock_bh(&tbl->lock); 1711 list_del(&parms->list); 1712 parms->dead = 1; 1713 write_unlock_bh(&tbl->lock); 1714 netdev_put(parms->dev, &parms->dev_tracker); 1715 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1716 } 1717 EXPORT_SYMBOL(neigh_parms_release); 1718 1719 static struct lock_class_key neigh_table_proxy_queue_class; 1720 1721 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1722 1723 void neigh_table_init(int index, struct neigh_table *tbl) 1724 { 1725 unsigned long now = jiffies; 1726 unsigned long phsize; 1727 1728 INIT_LIST_HEAD(&tbl->parms_list); 1729 INIT_LIST_HEAD(&tbl->gc_list); 1730 INIT_LIST_HEAD(&tbl->managed_list); 1731 1732 list_add(&tbl->parms.list, &tbl->parms_list); 1733 write_pnet(&tbl->parms.net, &init_net); 1734 refcount_set(&tbl->parms.refcnt, 1); 1735 tbl->parms.reachable_time = 1736 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1737 tbl->parms.qlen = 0; 1738 1739 tbl->stats = alloc_percpu(struct neigh_statistics); 1740 if (!tbl->stats) 1741 panic("cannot create neighbour cache statistics"); 1742 1743 #ifdef CONFIG_PROC_FS 1744 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1745 &neigh_stat_seq_ops, tbl)) 1746 panic("cannot create neighbour proc dir entry"); 1747 #endif 1748 1749 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1750 1751 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1752 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1753 1754 if (!tbl->nht || !tbl->phash_buckets) 1755 panic("cannot allocate neighbour cache hashes"); 1756 1757 if (!tbl->entry_size) 1758 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1759 tbl->key_len, NEIGH_PRIV_ALIGN); 1760 else 1761 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1762 1763 rwlock_init(&tbl->lock); 1764 1765 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1766 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1767 tbl->parms.reachable_time); 1768 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1769 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1770 1771 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1772 skb_queue_head_init_class(&tbl->proxy_queue, 1773 &neigh_table_proxy_queue_class); 1774 1775 tbl->last_flush = now; 1776 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1777 1778 rcu_assign_pointer(neigh_tables[index], tbl); 1779 } 1780 EXPORT_SYMBOL(neigh_table_init); 1781 1782 /* 1783 * Only called from ndisc_cleanup(), which means this is dead code 1784 * because we no longer can unload IPv6 module. 1785 */ 1786 int neigh_table_clear(int index, struct neigh_table *tbl) 1787 { 1788 RCU_INIT_POINTER(neigh_tables[index], NULL); 1789 synchronize_rcu(); 1790 1791 /* It is not clean... Fix it to unload IPv6 module safely */ 1792 cancel_delayed_work_sync(&tbl->managed_work); 1793 cancel_delayed_work_sync(&tbl->gc_work); 1794 timer_delete_sync(&tbl->proxy_timer); 1795 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1796 neigh_ifdown(tbl, NULL); 1797 if (atomic_read(&tbl->entries)) 1798 pr_crit("neighbour leakage\n"); 1799 1800 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1801 neigh_hash_free_rcu); 1802 tbl->nht = NULL; 1803 1804 kfree(tbl->phash_buckets); 1805 tbl->phash_buckets = NULL; 1806 1807 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1808 1809 free_percpu(tbl->stats); 1810 tbl->stats = NULL; 1811 1812 return 0; 1813 } 1814 EXPORT_SYMBOL(neigh_table_clear); 1815 1816 static struct neigh_table *neigh_find_table(int family) 1817 { 1818 struct neigh_table *tbl = NULL; 1819 1820 switch (family) { 1821 case AF_INET: 1822 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1823 break; 1824 case AF_INET6: 1825 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1826 break; 1827 } 1828 1829 return tbl; 1830 } 1831 1832 const struct nla_policy nda_policy[NDA_MAX+1] = { 1833 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1834 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1835 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1836 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1837 [NDA_PROBES] = { .type = NLA_U32 }, 1838 [NDA_VLAN] = { .type = NLA_U16 }, 1839 [NDA_PORT] = { .type = NLA_U16 }, 1840 [NDA_VNI] = { .type = NLA_U32 }, 1841 [NDA_IFINDEX] = { .type = NLA_U32 }, 1842 [NDA_MASTER] = { .type = NLA_U32 }, 1843 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1844 [NDA_NH_ID] = { .type = NLA_U32 }, 1845 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1846 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1847 }; 1848 1849 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1850 struct netlink_ext_ack *extack) 1851 { 1852 struct net *net = sock_net(skb->sk); 1853 struct ndmsg *ndm; 1854 struct nlattr *dst_attr; 1855 struct neigh_table *tbl; 1856 struct neighbour *neigh; 1857 struct net_device *dev = NULL; 1858 int err = -EINVAL; 1859 1860 ASSERT_RTNL(); 1861 if (nlmsg_len(nlh) < sizeof(*ndm)) 1862 goto out; 1863 1864 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1865 if (!dst_attr) { 1866 NL_SET_ERR_MSG(extack, "Network address not specified"); 1867 goto out; 1868 } 1869 1870 ndm = nlmsg_data(nlh); 1871 if (ndm->ndm_ifindex) { 1872 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1873 if (dev == NULL) { 1874 err = -ENODEV; 1875 goto out; 1876 } 1877 } 1878 1879 tbl = neigh_find_table(ndm->ndm_family); 1880 if (tbl == NULL) 1881 return -EAFNOSUPPORT; 1882 1883 if (nla_len(dst_attr) < (int)tbl->key_len) { 1884 NL_SET_ERR_MSG(extack, "Invalid network address"); 1885 goto out; 1886 } 1887 1888 if (ndm->ndm_flags & NTF_PROXY) { 1889 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1890 goto out; 1891 } 1892 1893 if (dev == NULL) 1894 goto out; 1895 1896 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1897 if (neigh == NULL) { 1898 err = -ENOENT; 1899 goto out; 1900 } 1901 1902 err = __neigh_update(neigh, NULL, NUD_FAILED, 1903 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1904 NETLINK_CB(skb).portid, extack); 1905 write_lock_bh(&tbl->lock); 1906 neigh_release(neigh); 1907 neigh_remove_one(neigh); 1908 write_unlock_bh(&tbl->lock); 1909 1910 out: 1911 return err; 1912 } 1913 1914 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1915 struct netlink_ext_ack *extack) 1916 { 1917 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1918 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1919 struct net *net = sock_net(skb->sk); 1920 struct ndmsg *ndm; 1921 struct nlattr *tb[NDA_MAX+1]; 1922 struct neigh_table *tbl; 1923 struct net_device *dev = NULL; 1924 struct neighbour *neigh; 1925 void *dst, *lladdr; 1926 u8 protocol = 0; 1927 u32 ndm_flags; 1928 int err; 1929 1930 ASSERT_RTNL(); 1931 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1932 nda_policy, extack); 1933 if (err < 0) 1934 goto out; 1935 1936 err = -EINVAL; 1937 if (!tb[NDA_DST]) { 1938 NL_SET_ERR_MSG(extack, "Network address not specified"); 1939 goto out; 1940 } 1941 1942 ndm = nlmsg_data(nlh); 1943 ndm_flags = ndm->ndm_flags; 1944 if (tb[NDA_FLAGS_EXT]) { 1945 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1946 1947 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1948 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1949 hweight32(NTF_EXT_MASK))); 1950 ndm_flags |= (ext << NTF_EXT_SHIFT); 1951 } 1952 if (ndm->ndm_ifindex) { 1953 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1954 if (dev == NULL) { 1955 err = -ENODEV; 1956 goto out; 1957 } 1958 1959 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1960 NL_SET_ERR_MSG(extack, "Invalid link address"); 1961 goto out; 1962 } 1963 } 1964 1965 tbl = neigh_find_table(ndm->ndm_family); 1966 if (tbl == NULL) 1967 return -EAFNOSUPPORT; 1968 1969 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 1970 NL_SET_ERR_MSG(extack, "Invalid network address"); 1971 goto out; 1972 } 1973 1974 dst = nla_data(tb[NDA_DST]); 1975 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 1976 1977 if (tb[NDA_PROTOCOL]) 1978 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 1979 if (ndm_flags & NTF_PROXY) { 1980 struct pneigh_entry *pn; 1981 1982 if (ndm_flags & NTF_MANAGED) { 1983 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 1984 goto out; 1985 } 1986 1987 err = -ENOBUFS; 1988 pn = pneigh_lookup(tbl, net, dst, dev, 1); 1989 if (pn) { 1990 pn->flags = ndm_flags; 1991 pn->permanent = !!(ndm->ndm_state & NUD_PERMANENT); 1992 if (protocol) 1993 pn->protocol = protocol; 1994 err = 0; 1995 } 1996 goto out; 1997 } 1998 1999 if (!dev) { 2000 NL_SET_ERR_MSG(extack, "Device not specified"); 2001 goto out; 2002 } 2003 2004 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2005 err = -EINVAL; 2006 goto out; 2007 } 2008 2009 neigh = neigh_lookup(tbl, dst, dev); 2010 if (neigh == NULL) { 2011 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2012 bool exempt_from_gc = ndm_permanent || 2013 ndm_flags & NTF_EXT_LEARNED; 2014 2015 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2016 err = -ENOENT; 2017 goto out; 2018 } 2019 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2020 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2021 err = -EINVAL; 2022 goto out; 2023 } 2024 2025 neigh = ___neigh_create(tbl, dst, dev, 2026 ndm_flags & 2027 (NTF_EXT_LEARNED | NTF_MANAGED), 2028 exempt_from_gc, true); 2029 if (IS_ERR(neigh)) { 2030 err = PTR_ERR(neigh); 2031 goto out; 2032 } 2033 } else { 2034 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2035 err = -EEXIST; 2036 neigh_release(neigh); 2037 goto out; 2038 } 2039 2040 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2041 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2042 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2043 } 2044 2045 if (protocol) 2046 neigh->protocol = protocol; 2047 if (ndm_flags & NTF_EXT_LEARNED) 2048 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2049 if (ndm_flags & NTF_ROUTER) 2050 flags |= NEIGH_UPDATE_F_ISROUTER; 2051 if (ndm_flags & NTF_MANAGED) 2052 flags |= NEIGH_UPDATE_F_MANAGED; 2053 if (ndm_flags & NTF_USE) 2054 flags |= NEIGH_UPDATE_F_USE; 2055 2056 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2057 NETLINK_CB(skb).portid, extack); 2058 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) 2059 neigh_event_send(neigh, NULL); 2060 neigh_release(neigh); 2061 out: 2062 return err; 2063 } 2064 2065 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2066 { 2067 struct nlattr *nest; 2068 2069 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2070 if (nest == NULL) 2071 return -ENOBUFS; 2072 2073 if ((parms->dev && 2074 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2075 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2076 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2077 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2078 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2079 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2080 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2081 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2082 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2083 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2084 NEIGH_VAR(parms, UCAST_PROBES)) || 2085 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2086 NEIGH_VAR(parms, MCAST_PROBES)) || 2087 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2088 NEIGH_VAR(parms, MCAST_REPROBES)) || 2089 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2090 NDTPA_PAD) || 2091 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2092 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2093 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2094 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2095 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2096 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2097 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2098 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2099 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2100 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2101 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2102 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2103 nla_put_msecs(skb, NDTPA_LOCKTIME, 2104 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2105 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2106 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2107 goto nla_put_failure; 2108 return nla_nest_end(skb, nest); 2109 2110 nla_put_failure: 2111 nla_nest_cancel(skb, nest); 2112 return -EMSGSIZE; 2113 } 2114 2115 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2116 u32 pid, u32 seq, int type, int flags) 2117 { 2118 struct nlmsghdr *nlh; 2119 struct ndtmsg *ndtmsg; 2120 2121 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2122 if (nlh == NULL) 2123 return -EMSGSIZE; 2124 2125 ndtmsg = nlmsg_data(nlh); 2126 2127 read_lock_bh(&tbl->lock); 2128 ndtmsg->ndtm_family = tbl->family; 2129 ndtmsg->ndtm_pad1 = 0; 2130 ndtmsg->ndtm_pad2 = 0; 2131 2132 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2133 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2134 NDTA_PAD) || 2135 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2136 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2137 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2138 goto nla_put_failure; 2139 { 2140 unsigned long now = jiffies; 2141 long flush_delta = now - READ_ONCE(tbl->last_flush); 2142 long rand_delta = now - READ_ONCE(tbl->last_rand); 2143 struct neigh_hash_table *nht; 2144 struct ndt_config ndc = { 2145 .ndtc_key_len = tbl->key_len, 2146 .ndtc_entry_size = tbl->entry_size, 2147 .ndtc_entries = atomic_read(&tbl->entries), 2148 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2149 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2150 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2151 }; 2152 2153 rcu_read_lock(); 2154 nht = rcu_dereference(tbl->nht); 2155 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2156 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2157 rcu_read_unlock(); 2158 2159 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2160 goto nla_put_failure; 2161 } 2162 2163 { 2164 int cpu; 2165 struct ndt_stats ndst; 2166 2167 memset(&ndst, 0, sizeof(ndst)); 2168 2169 for_each_possible_cpu(cpu) { 2170 struct neigh_statistics *st; 2171 2172 st = per_cpu_ptr(tbl->stats, cpu); 2173 ndst.ndts_allocs += READ_ONCE(st->allocs); 2174 ndst.ndts_destroys += READ_ONCE(st->destroys); 2175 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2176 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2177 ndst.ndts_lookups += READ_ONCE(st->lookups); 2178 ndst.ndts_hits += READ_ONCE(st->hits); 2179 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2180 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2181 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2182 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2183 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2184 } 2185 2186 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2187 NDTA_PAD)) 2188 goto nla_put_failure; 2189 } 2190 2191 BUG_ON(tbl->parms.dev); 2192 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2193 goto nla_put_failure; 2194 2195 read_unlock_bh(&tbl->lock); 2196 nlmsg_end(skb, nlh); 2197 return 0; 2198 2199 nla_put_failure: 2200 read_unlock_bh(&tbl->lock); 2201 nlmsg_cancel(skb, nlh); 2202 return -EMSGSIZE; 2203 } 2204 2205 static int neightbl_fill_param_info(struct sk_buff *skb, 2206 struct neigh_table *tbl, 2207 struct neigh_parms *parms, 2208 u32 pid, u32 seq, int type, 2209 unsigned int flags) 2210 { 2211 struct ndtmsg *ndtmsg; 2212 struct nlmsghdr *nlh; 2213 2214 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2215 if (nlh == NULL) 2216 return -EMSGSIZE; 2217 2218 ndtmsg = nlmsg_data(nlh); 2219 2220 read_lock_bh(&tbl->lock); 2221 ndtmsg->ndtm_family = tbl->family; 2222 ndtmsg->ndtm_pad1 = 0; 2223 ndtmsg->ndtm_pad2 = 0; 2224 2225 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2226 neightbl_fill_parms(skb, parms) < 0) 2227 goto errout; 2228 2229 read_unlock_bh(&tbl->lock); 2230 nlmsg_end(skb, nlh); 2231 return 0; 2232 errout: 2233 read_unlock_bh(&tbl->lock); 2234 nlmsg_cancel(skb, nlh); 2235 return -EMSGSIZE; 2236 } 2237 2238 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2239 [NDTA_NAME] = { .type = NLA_STRING }, 2240 [NDTA_THRESH1] = { .type = NLA_U32 }, 2241 [NDTA_THRESH2] = { .type = NLA_U32 }, 2242 [NDTA_THRESH3] = { .type = NLA_U32 }, 2243 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2244 [NDTA_PARMS] = { .type = NLA_NESTED }, 2245 }; 2246 2247 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2248 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2249 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2250 [NDTPA_QUEUE_LENBYTES] = { .type = NLA_U32 }, 2251 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2252 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2253 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2254 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2255 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2256 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2257 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2258 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2259 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2260 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2261 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2262 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2263 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2264 }; 2265 2266 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2267 struct netlink_ext_ack *extack) 2268 { 2269 struct net *net = sock_net(skb->sk); 2270 struct neigh_table *tbl; 2271 struct ndtmsg *ndtmsg; 2272 struct nlattr *tb[NDTA_MAX+1]; 2273 bool found = false; 2274 int err, tidx; 2275 2276 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2277 nl_neightbl_policy, extack); 2278 if (err < 0) 2279 goto errout; 2280 2281 if (tb[NDTA_NAME] == NULL) { 2282 err = -EINVAL; 2283 goto errout; 2284 } 2285 2286 ndtmsg = nlmsg_data(nlh); 2287 2288 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2289 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2290 if (!tbl) 2291 continue; 2292 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2293 continue; 2294 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2295 found = true; 2296 break; 2297 } 2298 } 2299 2300 if (!found) 2301 return -ENOENT; 2302 2303 /* 2304 * We acquire tbl->lock to be nice to the periodic timers and 2305 * make sure they always see a consistent set of values. 2306 */ 2307 write_lock_bh(&tbl->lock); 2308 2309 if (tb[NDTA_PARMS]) { 2310 struct nlattr *tbp[NDTPA_MAX+1]; 2311 struct neigh_parms *p; 2312 int i, ifindex = 0; 2313 2314 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2315 tb[NDTA_PARMS], 2316 nl_ntbl_parm_policy, extack); 2317 if (err < 0) 2318 goto errout_tbl_lock; 2319 2320 if (tbp[NDTPA_IFINDEX]) 2321 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2322 2323 p = lookup_neigh_parms(tbl, net, ifindex); 2324 if (p == NULL) { 2325 err = -ENOENT; 2326 goto errout_tbl_lock; 2327 } 2328 2329 for (i = 1; i <= NDTPA_MAX; i++) { 2330 if (tbp[i] == NULL) 2331 continue; 2332 2333 switch (i) { 2334 case NDTPA_QUEUE_LEN: 2335 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2336 nla_get_u32(tbp[i]) * 2337 SKB_TRUESIZE(ETH_FRAME_LEN)); 2338 break; 2339 case NDTPA_QUEUE_LENBYTES: 2340 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2341 nla_get_u32(tbp[i])); 2342 break; 2343 case NDTPA_PROXY_QLEN: 2344 NEIGH_VAR_SET(p, PROXY_QLEN, 2345 nla_get_u32(tbp[i])); 2346 break; 2347 case NDTPA_APP_PROBES: 2348 NEIGH_VAR_SET(p, APP_PROBES, 2349 nla_get_u32(tbp[i])); 2350 break; 2351 case NDTPA_UCAST_PROBES: 2352 NEIGH_VAR_SET(p, UCAST_PROBES, 2353 nla_get_u32(tbp[i])); 2354 break; 2355 case NDTPA_MCAST_PROBES: 2356 NEIGH_VAR_SET(p, MCAST_PROBES, 2357 nla_get_u32(tbp[i])); 2358 break; 2359 case NDTPA_MCAST_REPROBES: 2360 NEIGH_VAR_SET(p, MCAST_REPROBES, 2361 nla_get_u32(tbp[i])); 2362 break; 2363 case NDTPA_BASE_REACHABLE_TIME: 2364 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2365 nla_get_msecs(tbp[i])); 2366 /* update reachable_time as well, otherwise, the change will 2367 * only be effective after the next time neigh_periodic_work 2368 * decides to recompute it (can be multiple minutes) 2369 */ 2370 p->reachable_time = 2371 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2372 break; 2373 case NDTPA_GC_STALETIME: 2374 NEIGH_VAR_SET(p, GC_STALETIME, 2375 nla_get_msecs(tbp[i])); 2376 break; 2377 case NDTPA_DELAY_PROBE_TIME: 2378 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2379 nla_get_msecs(tbp[i])); 2380 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2381 break; 2382 case NDTPA_INTERVAL_PROBE_TIME_MS: 2383 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2384 nla_get_msecs(tbp[i])); 2385 break; 2386 case NDTPA_RETRANS_TIME: 2387 NEIGH_VAR_SET(p, RETRANS_TIME, 2388 nla_get_msecs(tbp[i])); 2389 break; 2390 case NDTPA_ANYCAST_DELAY: 2391 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2392 nla_get_msecs(tbp[i])); 2393 break; 2394 case NDTPA_PROXY_DELAY: 2395 NEIGH_VAR_SET(p, PROXY_DELAY, 2396 nla_get_msecs(tbp[i])); 2397 break; 2398 case NDTPA_LOCKTIME: 2399 NEIGH_VAR_SET(p, LOCKTIME, 2400 nla_get_msecs(tbp[i])); 2401 break; 2402 } 2403 } 2404 } 2405 2406 err = -ENOENT; 2407 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2408 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2409 !net_eq(net, &init_net)) 2410 goto errout_tbl_lock; 2411 2412 if (tb[NDTA_THRESH1]) 2413 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2414 2415 if (tb[NDTA_THRESH2]) 2416 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2417 2418 if (tb[NDTA_THRESH3]) 2419 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2420 2421 if (tb[NDTA_GC_INTERVAL]) 2422 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2423 2424 err = 0; 2425 2426 errout_tbl_lock: 2427 write_unlock_bh(&tbl->lock); 2428 errout: 2429 return err; 2430 } 2431 2432 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2433 struct netlink_ext_ack *extack) 2434 { 2435 struct ndtmsg *ndtm; 2436 2437 ndtm = nlmsg_payload(nlh, sizeof(*ndtm)); 2438 if (!ndtm) { 2439 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2440 return -EINVAL; 2441 } 2442 2443 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2444 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2445 return -EINVAL; 2446 } 2447 2448 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2449 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2450 return -EINVAL; 2451 } 2452 2453 return 0; 2454 } 2455 2456 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2457 { 2458 const struct nlmsghdr *nlh = cb->nlh; 2459 struct net *net = sock_net(skb->sk); 2460 int family, tidx, nidx = 0; 2461 int tbl_skip = cb->args[0]; 2462 int neigh_skip = cb->args[1]; 2463 struct neigh_table *tbl; 2464 2465 if (cb->strict_check) { 2466 int err = neightbl_valid_dump_info(nlh, cb->extack); 2467 2468 if (err < 0) 2469 return err; 2470 } 2471 2472 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2473 2474 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2475 struct neigh_parms *p; 2476 2477 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2478 if (!tbl) 2479 continue; 2480 2481 if (tidx < tbl_skip || (family && tbl->family != family)) 2482 continue; 2483 2484 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2485 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2486 NLM_F_MULTI) < 0) 2487 break; 2488 2489 nidx = 0; 2490 p = list_next_entry(&tbl->parms, list); 2491 list_for_each_entry_from(p, &tbl->parms_list, list) { 2492 if (!net_eq(neigh_parms_net(p), net)) 2493 continue; 2494 2495 if (nidx < neigh_skip) 2496 goto next; 2497 2498 if (neightbl_fill_param_info(skb, tbl, p, 2499 NETLINK_CB(cb->skb).portid, 2500 nlh->nlmsg_seq, 2501 RTM_NEWNEIGHTBL, 2502 NLM_F_MULTI) < 0) 2503 goto out; 2504 next: 2505 nidx++; 2506 } 2507 2508 neigh_skip = 0; 2509 } 2510 out: 2511 cb->args[0] = tidx; 2512 cb->args[1] = nidx; 2513 2514 return skb->len; 2515 } 2516 2517 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2518 u32 pid, u32 seq, int type, unsigned int flags) 2519 { 2520 u32 neigh_flags, neigh_flags_ext; 2521 unsigned long now = jiffies; 2522 struct nda_cacheinfo ci; 2523 struct nlmsghdr *nlh; 2524 struct ndmsg *ndm; 2525 2526 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2527 if (nlh == NULL) 2528 return -EMSGSIZE; 2529 2530 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2531 neigh_flags = neigh->flags & NTF_OLD_MASK; 2532 2533 ndm = nlmsg_data(nlh); 2534 ndm->ndm_family = neigh->ops->family; 2535 ndm->ndm_pad1 = 0; 2536 ndm->ndm_pad2 = 0; 2537 ndm->ndm_flags = neigh_flags; 2538 ndm->ndm_type = neigh->type; 2539 ndm->ndm_ifindex = neigh->dev->ifindex; 2540 2541 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2542 goto nla_put_failure; 2543 2544 read_lock_bh(&neigh->lock); 2545 ndm->ndm_state = neigh->nud_state; 2546 if (neigh->nud_state & NUD_VALID) { 2547 char haddr[MAX_ADDR_LEN]; 2548 2549 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2550 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2551 read_unlock_bh(&neigh->lock); 2552 goto nla_put_failure; 2553 } 2554 } 2555 2556 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2557 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2558 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2559 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2560 read_unlock_bh(&neigh->lock); 2561 2562 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2563 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2564 goto nla_put_failure; 2565 2566 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2567 goto nla_put_failure; 2568 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2569 goto nla_put_failure; 2570 2571 nlmsg_end(skb, nlh); 2572 return 0; 2573 2574 nla_put_failure: 2575 nlmsg_cancel(skb, nlh); 2576 return -EMSGSIZE; 2577 } 2578 2579 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2580 u32 pid, u32 seq, int type, unsigned int flags, 2581 struct neigh_table *tbl) 2582 { 2583 u32 neigh_flags, neigh_flags_ext; 2584 struct nlmsghdr *nlh; 2585 struct ndmsg *ndm; 2586 2587 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2588 if (nlh == NULL) 2589 return -EMSGSIZE; 2590 2591 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2592 neigh_flags = pn->flags & NTF_OLD_MASK; 2593 2594 ndm = nlmsg_data(nlh); 2595 ndm->ndm_family = tbl->family; 2596 ndm->ndm_pad1 = 0; 2597 ndm->ndm_pad2 = 0; 2598 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2599 ndm->ndm_type = RTN_UNICAST; 2600 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2601 ndm->ndm_state = NUD_NONE; 2602 2603 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2604 goto nla_put_failure; 2605 2606 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2607 goto nla_put_failure; 2608 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2609 goto nla_put_failure; 2610 2611 nlmsg_end(skb, nlh); 2612 return 0; 2613 2614 nla_put_failure: 2615 nlmsg_cancel(skb, nlh); 2616 return -EMSGSIZE; 2617 } 2618 2619 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2620 { 2621 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2622 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2623 } 2624 2625 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2626 { 2627 struct net_device *master; 2628 2629 if (!master_idx) 2630 return false; 2631 2632 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2633 2634 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2635 * invalid value for ifindex to denote "no master". 2636 */ 2637 if (master_idx == -1) 2638 return !!master; 2639 2640 if (!master || master->ifindex != master_idx) 2641 return true; 2642 2643 return false; 2644 } 2645 2646 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2647 { 2648 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2649 return true; 2650 2651 return false; 2652 } 2653 2654 struct neigh_dump_filter { 2655 int master_idx; 2656 int dev_idx; 2657 }; 2658 2659 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2660 struct netlink_callback *cb, 2661 struct neigh_dump_filter *filter) 2662 { 2663 struct net *net = sock_net(skb->sk); 2664 struct neighbour *n; 2665 int err = 0, h, s_h = cb->args[1]; 2666 int idx, s_idx = idx = cb->args[2]; 2667 struct neigh_hash_table *nht; 2668 unsigned int flags = NLM_F_MULTI; 2669 2670 if (filter->dev_idx || filter->master_idx) 2671 flags |= NLM_F_DUMP_FILTERED; 2672 2673 nht = rcu_dereference(tbl->nht); 2674 2675 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2676 if (h > s_h) 2677 s_idx = 0; 2678 idx = 0; 2679 neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) { 2680 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2681 goto next; 2682 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2683 neigh_master_filtered(n->dev, filter->master_idx)) 2684 goto next; 2685 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2686 cb->nlh->nlmsg_seq, 2687 RTM_NEWNEIGH, flags); 2688 if (err < 0) 2689 goto out; 2690 next: 2691 idx++; 2692 } 2693 } 2694 out: 2695 cb->args[1] = h; 2696 cb->args[2] = idx; 2697 return err; 2698 } 2699 2700 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2701 struct netlink_callback *cb, 2702 struct neigh_dump_filter *filter) 2703 { 2704 struct pneigh_entry *n; 2705 struct net *net = sock_net(skb->sk); 2706 int err = 0, h, s_h = cb->args[3]; 2707 int idx, s_idx = idx = cb->args[4]; 2708 unsigned int flags = NLM_F_MULTI; 2709 2710 if (filter->dev_idx || filter->master_idx) 2711 flags |= NLM_F_DUMP_FILTERED; 2712 2713 read_lock_bh(&tbl->lock); 2714 2715 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2716 if (h > s_h) 2717 s_idx = 0; 2718 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2719 if (idx < s_idx || pneigh_net(n) != net) 2720 goto next; 2721 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2722 neigh_master_filtered(n->dev, filter->master_idx)) 2723 goto next; 2724 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2725 cb->nlh->nlmsg_seq, 2726 RTM_NEWNEIGH, flags, tbl); 2727 if (err < 0) { 2728 read_unlock_bh(&tbl->lock); 2729 goto out; 2730 } 2731 next: 2732 idx++; 2733 } 2734 } 2735 2736 read_unlock_bh(&tbl->lock); 2737 out: 2738 cb->args[3] = h; 2739 cb->args[4] = idx; 2740 return err; 2741 } 2742 2743 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2744 bool strict_check, 2745 struct neigh_dump_filter *filter, 2746 struct netlink_ext_ack *extack) 2747 { 2748 struct nlattr *tb[NDA_MAX + 1]; 2749 int err, i; 2750 2751 if (strict_check) { 2752 struct ndmsg *ndm; 2753 2754 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2755 if (!ndm) { 2756 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2757 return -EINVAL; 2758 } 2759 2760 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2761 ndm->ndm_state || ndm->ndm_type) { 2762 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2763 return -EINVAL; 2764 } 2765 2766 if (ndm->ndm_flags & ~NTF_PROXY) { 2767 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2768 return -EINVAL; 2769 } 2770 2771 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2772 tb, NDA_MAX, nda_policy, 2773 extack); 2774 } else { 2775 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2776 NDA_MAX, nda_policy, extack); 2777 } 2778 if (err < 0) 2779 return err; 2780 2781 for (i = 0; i <= NDA_MAX; ++i) { 2782 if (!tb[i]) 2783 continue; 2784 2785 /* all new attributes should require strict_check */ 2786 switch (i) { 2787 case NDA_IFINDEX: 2788 filter->dev_idx = nla_get_u32(tb[i]); 2789 break; 2790 case NDA_MASTER: 2791 filter->master_idx = nla_get_u32(tb[i]); 2792 break; 2793 default: 2794 if (strict_check) { 2795 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2796 return -EINVAL; 2797 } 2798 } 2799 } 2800 2801 return 0; 2802 } 2803 2804 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2805 { 2806 const struct nlmsghdr *nlh = cb->nlh; 2807 struct neigh_dump_filter filter = {}; 2808 struct neigh_table *tbl; 2809 int t, family, s_t; 2810 int proxy = 0; 2811 int err; 2812 2813 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2814 2815 /* check for full ndmsg structure presence, family member is 2816 * the same for both structures 2817 */ 2818 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2819 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2820 proxy = 1; 2821 2822 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2823 if (err < 0 && cb->strict_check) 2824 return err; 2825 err = 0; 2826 2827 s_t = cb->args[0]; 2828 2829 rcu_read_lock(); 2830 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2831 tbl = rcu_dereference(neigh_tables[t]); 2832 2833 if (!tbl) 2834 continue; 2835 if (t < s_t || (family && tbl->family != family)) 2836 continue; 2837 if (t > s_t) 2838 memset(&cb->args[1], 0, sizeof(cb->args) - 2839 sizeof(cb->args[0])); 2840 if (proxy) 2841 err = pneigh_dump_table(tbl, skb, cb, &filter); 2842 else 2843 err = neigh_dump_table(tbl, skb, cb, &filter); 2844 if (err < 0) 2845 break; 2846 } 2847 rcu_read_unlock(); 2848 2849 cb->args[0] = t; 2850 return err; 2851 } 2852 2853 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2854 struct neigh_table **tbl, 2855 void **dst, int *dev_idx, u8 *ndm_flags, 2856 struct netlink_ext_ack *extack) 2857 { 2858 struct nlattr *tb[NDA_MAX + 1]; 2859 struct ndmsg *ndm; 2860 int err, i; 2861 2862 ndm = nlmsg_payload(nlh, sizeof(*ndm)); 2863 if (!ndm) { 2864 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2865 return -EINVAL; 2866 } 2867 2868 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2869 ndm->ndm_type) { 2870 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2871 return -EINVAL; 2872 } 2873 2874 if (ndm->ndm_flags & ~NTF_PROXY) { 2875 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2876 return -EINVAL; 2877 } 2878 2879 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2880 NDA_MAX, nda_policy, extack); 2881 if (err < 0) 2882 return err; 2883 2884 *ndm_flags = ndm->ndm_flags; 2885 *dev_idx = ndm->ndm_ifindex; 2886 *tbl = neigh_find_table(ndm->ndm_family); 2887 if (*tbl == NULL) { 2888 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2889 return -EAFNOSUPPORT; 2890 } 2891 2892 for (i = 0; i <= NDA_MAX; ++i) { 2893 if (!tb[i]) 2894 continue; 2895 2896 switch (i) { 2897 case NDA_DST: 2898 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2899 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2900 return -EINVAL; 2901 } 2902 *dst = nla_data(tb[i]); 2903 break; 2904 default: 2905 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2906 return -EINVAL; 2907 } 2908 } 2909 2910 return 0; 2911 } 2912 2913 static inline size_t neigh_nlmsg_size(void) 2914 { 2915 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2916 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2917 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2918 + nla_total_size(sizeof(struct nda_cacheinfo)) 2919 + nla_total_size(4) /* NDA_PROBES */ 2920 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2921 + nla_total_size(1); /* NDA_PROTOCOL */ 2922 } 2923 2924 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2925 u32 pid, u32 seq) 2926 { 2927 struct sk_buff *skb; 2928 int err = 0; 2929 2930 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2931 if (!skb) 2932 return -ENOBUFS; 2933 2934 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2935 if (err) { 2936 kfree_skb(skb); 2937 goto errout; 2938 } 2939 2940 err = rtnl_unicast(skb, net, pid); 2941 errout: 2942 return err; 2943 } 2944 2945 static inline size_t pneigh_nlmsg_size(void) 2946 { 2947 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2948 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2949 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2950 + nla_total_size(1); /* NDA_PROTOCOL */ 2951 } 2952 2953 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 2954 u32 pid, u32 seq, struct neigh_table *tbl) 2955 { 2956 struct sk_buff *skb; 2957 int err = 0; 2958 2959 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 2960 if (!skb) 2961 return -ENOBUFS; 2962 2963 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 2964 if (err) { 2965 kfree_skb(skb); 2966 goto errout; 2967 } 2968 2969 err = rtnl_unicast(skb, net, pid); 2970 errout: 2971 return err; 2972 } 2973 2974 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 2975 struct netlink_ext_ack *extack) 2976 { 2977 struct net *net = sock_net(in_skb->sk); 2978 struct net_device *dev = NULL; 2979 struct neigh_table *tbl = NULL; 2980 struct neighbour *neigh; 2981 void *dst = NULL; 2982 u8 ndm_flags = 0; 2983 int dev_idx = 0; 2984 int err; 2985 2986 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 2987 extack); 2988 if (err < 0) 2989 return err; 2990 2991 if (dev_idx) { 2992 dev = __dev_get_by_index(net, dev_idx); 2993 if (!dev) { 2994 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 2995 return -ENODEV; 2996 } 2997 } 2998 2999 if (!dst) { 3000 NL_SET_ERR_MSG(extack, "Network address not specified"); 3001 return -EINVAL; 3002 } 3003 3004 if (ndm_flags & NTF_PROXY) { 3005 struct pneigh_entry *pn; 3006 3007 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3008 if (!pn) { 3009 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3010 return -ENOENT; 3011 } 3012 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3013 nlh->nlmsg_seq, tbl); 3014 } 3015 3016 if (!dev) { 3017 NL_SET_ERR_MSG(extack, "No device specified"); 3018 return -EINVAL; 3019 } 3020 3021 neigh = neigh_lookup(tbl, dst, dev); 3022 if (!neigh) { 3023 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3024 return -ENOENT; 3025 } 3026 3027 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3028 nlh->nlmsg_seq); 3029 3030 neigh_release(neigh); 3031 3032 return err; 3033 } 3034 3035 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3036 { 3037 int chain; 3038 struct neigh_hash_table *nht; 3039 3040 rcu_read_lock(); 3041 nht = rcu_dereference(tbl->nht); 3042 3043 read_lock_bh(&tbl->lock); /* avoid resizes */ 3044 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3045 struct neighbour *n; 3046 3047 neigh_for_each_in_bucket(n, &nht->hash_heads[chain]) 3048 cb(n, cookie); 3049 } 3050 read_unlock_bh(&tbl->lock); 3051 rcu_read_unlock(); 3052 } 3053 EXPORT_SYMBOL(neigh_for_each); 3054 3055 /* The tbl->lock must be held as a writer and BH disabled. */ 3056 void __neigh_for_each_release(struct neigh_table *tbl, 3057 int (*cb)(struct neighbour *)) 3058 { 3059 struct neigh_hash_table *nht; 3060 int chain; 3061 3062 nht = rcu_dereference_protected(tbl->nht, 3063 lockdep_is_held(&tbl->lock)); 3064 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3065 struct hlist_node *tmp; 3066 struct neighbour *n; 3067 3068 neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) { 3069 int release; 3070 3071 write_lock(&n->lock); 3072 release = cb(n); 3073 if (release) { 3074 hlist_del_rcu(&n->hash); 3075 hlist_del_rcu(&n->dev_list); 3076 neigh_mark_dead(n); 3077 } 3078 write_unlock(&n->lock); 3079 if (release) 3080 neigh_cleanup_and_release(n); 3081 } 3082 } 3083 } 3084 EXPORT_SYMBOL(__neigh_for_each_release); 3085 3086 int neigh_xmit(int index, struct net_device *dev, 3087 const void *addr, struct sk_buff *skb) 3088 { 3089 int err = -EAFNOSUPPORT; 3090 3091 if (likely(index < NEIGH_NR_TABLES)) { 3092 struct neigh_table *tbl; 3093 struct neighbour *neigh; 3094 3095 rcu_read_lock(); 3096 tbl = rcu_dereference(neigh_tables[index]); 3097 if (!tbl) 3098 goto out_unlock; 3099 if (index == NEIGH_ARP_TABLE) { 3100 u32 key = *((u32 *)addr); 3101 3102 neigh = __ipv4_neigh_lookup_noref(dev, key); 3103 } else { 3104 neigh = __neigh_lookup_noref(tbl, addr, dev); 3105 } 3106 if (!neigh) 3107 neigh = __neigh_create(tbl, addr, dev, false); 3108 err = PTR_ERR(neigh); 3109 if (IS_ERR(neigh)) { 3110 rcu_read_unlock(); 3111 goto out_kfree_skb; 3112 } 3113 err = READ_ONCE(neigh->output)(neigh, skb); 3114 out_unlock: 3115 rcu_read_unlock(); 3116 } 3117 else if (index == NEIGH_LINK_TABLE) { 3118 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3119 addr, NULL, skb->len); 3120 if (err < 0) 3121 goto out_kfree_skb; 3122 err = dev_queue_xmit(skb); 3123 } 3124 out: 3125 return err; 3126 out_kfree_skb: 3127 kfree_skb(skb); 3128 goto out; 3129 } 3130 EXPORT_SYMBOL(neigh_xmit); 3131 3132 #ifdef CONFIG_PROC_FS 3133 3134 static struct neighbour *neigh_get_valid(struct seq_file *seq, 3135 struct neighbour *n, 3136 loff_t *pos) 3137 { 3138 struct neigh_seq_state *state = seq->private; 3139 struct net *net = seq_file_net(seq); 3140 3141 if (!net_eq(dev_net(n->dev), net)) 3142 return NULL; 3143 3144 if (state->neigh_sub_iter) { 3145 loff_t fakep = 0; 3146 void *v; 3147 3148 v = state->neigh_sub_iter(state, n, pos ? pos : &fakep); 3149 if (!v) 3150 return NULL; 3151 if (pos) 3152 return v; 3153 } 3154 3155 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3156 return n; 3157 3158 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3159 return n; 3160 3161 return NULL; 3162 } 3163 3164 static struct neighbour *neigh_get_first(struct seq_file *seq) 3165 { 3166 struct neigh_seq_state *state = seq->private; 3167 struct neigh_hash_table *nht = state->nht; 3168 struct neighbour *n, *tmp; 3169 3170 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3171 3172 while (++state->bucket < (1 << nht->hash_shift)) { 3173 neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) { 3174 tmp = neigh_get_valid(seq, n, NULL); 3175 if (tmp) 3176 return tmp; 3177 } 3178 } 3179 3180 return NULL; 3181 } 3182 3183 static struct neighbour *neigh_get_next(struct seq_file *seq, 3184 struct neighbour *n, 3185 loff_t *pos) 3186 { 3187 struct neigh_seq_state *state = seq->private; 3188 struct neighbour *tmp; 3189 3190 if (state->neigh_sub_iter) { 3191 void *v = state->neigh_sub_iter(state, n, pos); 3192 3193 if (v) 3194 return n; 3195 } 3196 3197 hlist_for_each_entry_continue(n, hash) { 3198 tmp = neigh_get_valid(seq, n, pos); 3199 if (tmp) { 3200 n = tmp; 3201 goto out; 3202 } 3203 } 3204 3205 n = neigh_get_first(seq); 3206 out: 3207 if (n && pos) 3208 --(*pos); 3209 3210 return n; 3211 } 3212 3213 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3214 { 3215 struct neighbour *n = neigh_get_first(seq); 3216 3217 if (n) { 3218 --(*pos); 3219 while (*pos) { 3220 n = neigh_get_next(seq, n, pos); 3221 if (!n) 3222 break; 3223 } 3224 } 3225 return *pos ? NULL : n; 3226 } 3227 3228 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3229 { 3230 struct neigh_seq_state *state = seq->private; 3231 struct net *net = seq_file_net(seq); 3232 struct neigh_table *tbl = state->tbl; 3233 struct pneigh_entry *pn = NULL; 3234 int bucket; 3235 3236 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3237 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3238 pn = tbl->phash_buckets[bucket]; 3239 while (pn && !net_eq(pneigh_net(pn), net)) 3240 pn = pn->next; 3241 if (pn) 3242 break; 3243 } 3244 state->bucket = bucket; 3245 3246 return pn; 3247 } 3248 3249 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3250 struct pneigh_entry *pn, 3251 loff_t *pos) 3252 { 3253 struct neigh_seq_state *state = seq->private; 3254 struct net *net = seq_file_net(seq); 3255 struct neigh_table *tbl = state->tbl; 3256 3257 do { 3258 pn = pn->next; 3259 } while (pn && !net_eq(pneigh_net(pn), net)); 3260 3261 while (!pn) { 3262 if (++state->bucket > PNEIGH_HASHMASK) 3263 break; 3264 pn = tbl->phash_buckets[state->bucket]; 3265 while (pn && !net_eq(pneigh_net(pn), net)) 3266 pn = pn->next; 3267 if (pn) 3268 break; 3269 } 3270 3271 if (pn && pos) 3272 --(*pos); 3273 3274 return pn; 3275 } 3276 3277 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3278 { 3279 struct pneigh_entry *pn = pneigh_get_first(seq); 3280 3281 if (pn) { 3282 --(*pos); 3283 while (*pos) { 3284 pn = pneigh_get_next(seq, pn, pos); 3285 if (!pn) 3286 break; 3287 } 3288 } 3289 return *pos ? NULL : pn; 3290 } 3291 3292 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3293 { 3294 struct neigh_seq_state *state = seq->private; 3295 void *rc; 3296 loff_t idxpos = *pos; 3297 3298 rc = neigh_get_idx(seq, &idxpos); 3299 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3300 rc = pneigh_get_idx(seq, &idxpos); 3301 3302 return rc; 3303 } 3304 3305 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3306 __acquires(tbl->lock) 3307 __acquires(rcu) 3308 { 3309 struct neigh_seq_state *state = seq->private; 3310 3311 state->tbl = tbl; 3312 state->bucket = -1; 3313 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3314 3315 rcu_read_lock(); 3316 state->nht = rcu_dereference(tbl->nht); 3317 read_lock_bh(&tbl->lock); 3318 3319 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3320 } 3321 EXPORT_SYMBOL(neigh_seq_start); 3322 3323 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3324 { 3325 struct neigh_seq_state *state; 3326 void *rc; 3327 3328 if (v == SEQ_START_TOKEN) { 3329 rc = neigh_get_first(seq); 3330 goto out; 3331 } 3332 3333 state = seq->private; 3334 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3335 rc = neigh_get_next(seq, v, NULL); 3336 if (rc) 3337 goto out; 3338 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3339 rc = pneigh_get_first(seq); 3340 } else { 3341 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3342 rc = pneigh_get_next(seq, v, NULL); 3343 } 3344 out: 3345 ++(*pos); 3346 return rc; 3347 } 3348 EXPORT_SYMBOL(neigh_seq_next); 3349 3350 void neigh_seq_stop(struct seq_file *seq, void *v) 3351 __releases(tbl->lock) 3352 __releases(rcu) 3353 { 3354 struct neigh_seq_state *state = seq->private; 3355 struct neigh_table *tbl = state->tbl; 3356 3357 read_unlock_bh(&tbl->lock); 3358 rcu_read_unlock(); 3359 } 3360 EXPORT_SYMBOL(neigh_seq_stop); 3361 3362 /* statistics via seq_file */ 3363 3364 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3365 { 3366 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3367 int cpu; 3368 3369 if (*pos == 0) 3370 return SEQ_START_TOKEN; 3371 3372 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3373 if (!cpu_possible(cpu)) 3374 continue; 3375 *pos = cpu+1; 3376 return per_cpu_ptr(tbl->stats, cpu); 3377 } 3378 return NULL; 3379 } 3380 3381 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3382 { 3383 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3384 int cpu; 3385 3386 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3387 if (!cpu_possible(cpu)) 3388 continue; 3389 *pos = cpu+1; 3390 return per_cpu_ptr(tbl->stats, cpu); 3391 } 3392 (*pos)++; 3393 return NULL; 3394 } 3395 3396 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3397 { 3398 3399 } 3400 3401 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3402 { 3403 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3404 struct neigh_statistics *st = v; 3405 3406 if (v == SEQ_START_TOKEN) { 3407 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3408 return 0; 3409 } 3410 3411 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3412 "%08lx %08lx %08lx " 3413 "%08lx %08lx %08lx\n", 3414 atomic_read(&tbl->entries), 3415 3416 st->allocs, 3417 st->destroys, 3418 st->hash_grows, 3419 3420 st->lookups, 3421 st->hits, 3422 3423 st->res_failed, 3424 3425 st->rcv_probes_mcast, 3426 st->rcv_probes_ucast, 3427 3428 st->periodic_gc_runs, 3429 st->forced_gc_runs, 3430 st->unres_discards, 3431 st->table_fulls 3432 ); 3433 3434 return 0; 3435 } 3436 3437 static const struct seq_operations neigh_stat_seq_ops = { 3438 .start = neigh_stat_seq_start, 3439 .next = neigh_stat_seq_next, 3440 .stop = neigh_stat_seq_stop, 3441 .show = neigh_stat_seq_show, 3442 }; 3443 #endif /* CONFIG_PROC_FS */ 3444 3445 static void __neigh_notify(struct neighbour *n, int type, int flags, 3446 u32 pid) 3447 { 3448 struct sk_buff *skb; 3449 int err = -ENOBUFS; 3450 struct net *net; 3451 3452 rcu_read_lock(); 3453 net = dev_net_rcu(n->dev); 3454 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3455 if (skb == NULL) 3456 goto errout; 3457 3458 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3459 if (err < 0) { 3460 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3461 WARN_ON(err == -EMSGSIZE); 3462 kfree_skb(skb); 3463 goto errout; 3464 } 3465 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3466 goto out; 3467 errout: 3468 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3469 out: 3470 rcu_read_unlock(); 3471 } 3472 3473 void neigh_app_ns(struct neighbour *n) 3474 { 3475 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3476 } 3477 EXPORT_SYMBOL(neigh_app_ns); 3478 3479 #ifdef CONFIG_SYSCTL 3480 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3481 3482 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3483 void *buffer, size_t *lenp, loff_t *ppos) 3484 { 3485 int size, ret; 3486 struct ctl_table tmp = *ctl; 3487 3488 tmp.extra1 = SYSCTL_ZERO; 3489 tmp.extra2 = &unres_qlen_max; 3490 tmp.data = &size; 3491 3492 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3493 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3494 3495 if (write && !ret) 3496 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3497 return ret; 3498 } 3499 3500 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3501 int index) 3502 { 3503 struct net_device *dev; 3504 int family = neigh_parms_family(p); 3505 3506 rcu_read_lock(); 3507 for_each_netdev_rcu(net, dev) { 3508 struct neigh_parms *dst_p = 3509 neigh_get_dev_parms_rcu(dev, family); 3510 3511 if (dst_p && !test_bit(index, dst_p->data_state)) 3512 dst_p->data[index] = p->data[index]; 3513 } 3514 rcu_read_unlock(); 3515 } 3516 3517 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3518 { 3519 struct net_device *dev = ctl->extra1; 3520 struct neigh_parms *p = ctl->extra2; 3521 struct net *net = neigh_parms_net(p); 3522 int index = (int *) ctl->data - p->data; 3523 3524 if (!write) 3525 return; 3526 3527 set_bit(index, p->data_state); 3528 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3529 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3530 if (!dev) /* NULL dev means this is default value */ 3531 neigh_copy_dflt_parms(net, p, index); 3532 } 3533 3534 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3535 void *buffer, size_t *lenp, 3536 loff_t *ppos) 3537 { 3538 struct ctl_table tmp = *ctl; 3539 int ret; 3540 3541 tmp.extra1 = SYSCTL_ZERO; 3542 tmp.extra2 = SYSCTL_INT_MAX; 3543 3544 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3545 neigh_proc_update(ctl, write); 3546 return ret; 3547 } 3548 3549 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3550 void *buffer, size_t *lenp, loff_t *ppos) 3551 { 3552 struct ctl_table tmp = *ctl; 3553 int ret; 3554 3555 int min = msecs_to_jiffies(1); 3556 3557 tmp.extra1 = &min; 3558 tmp.extra2 = NULL; 3559 3560 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3561 neigh_proc_update(ctl, write); 3562 return ret; 3563 } 3564 3565 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3566 size_t *lenp, loff_t *ppos) 3567 { 3568 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3569 3570 neigh_proc_update(ctl, write); 3571 return ret; 3572 } 3573 EXPORT_SYMBOL(neigh_proc_dointvec); 3574 3575 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3576 size_t *lenp, loff_t *ppos) 3577 { 3578 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3579 3580 neigh_proc_update(ctl, write); 3581 return ret; 3582 } 3583 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3584 3585 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3586 void *buffer, size_t *lenp, 3587 loff_t *ppos) 3588 { 3589 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3590 3591 neigh_proc_update(ctl, write); 3592 return ret; 3593 } 3594 3595 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3596 void *buffer, size_t *lenp, loff_t *ppos) 3597 { 3598 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3599 3600 neigh_proc_update(ctl, write); 3601 return ret; 3602 } 3603 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3604 3605 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3606 void *buffer, size_t *lenp, 3607 loff_t *ppos) 3608 { 3609 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3610 3611 neigh_proc_update(ctl, write); 3612 return ret; 3613 } 3614 3615 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3616 void *buffer, size_t *lenp, 3617 loff_t *ppos) 3618 { 3619 struct neigh_parms *p = ctl->extra2; 3620 int ret; 3621 3622 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3623 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3624 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3625 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3626 else 3627 ret = -1; 3628 3629 if (write && ret == 0) { 3630 /* update reachable_time as well, otherwise, the change will 3631 * only be effective after the next time neigh_periodic_work 3632 * decides to recompute it 3633 */ 3634 p->reachable_time = 3635 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3636 } 3637 return ret; 3638 } 3639 3640 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3641 (&((struct neigh_parms *) 0)->data[index]) 3642 3643 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3644 [NEIGH_VAR_ ## attr] = { \ 3645 .procname = name, \ 3646 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3647 .maxlen = sizeof(int), \ 3648 .mode = mval, \ 3649 .proc_handler = proc, \ 3650 } 3651 3652 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3653 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3654 3655 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3656 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3657 3658 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3659 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3660 3661 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3662 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3663 3664 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3665 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3666 3667 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3668 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3669 3670 static struct neigh_sysctl_table { 3671 struct ctl_table_header *sysctl_header; 3672 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3673 } neigh_sysctl_template __read_mostly = { 3674 .neigh_vars = { 3675 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3676 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3677 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3678 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3679 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3680 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3681 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3682 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3683 "interval_probe_time_ms"), 3684 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3685 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3686 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3687 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3688 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3689 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3690 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3691 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3692 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3693 [NEIGH_VAR_GC_INTERVAL] = { 3694 .procname = "gc_interval", 3695 .maxlen = sizeof(int), 3696 .mode = 0644, 3697 .proc_handler = proc_dointvec_jiffies, 3698 }, 3699 [NEIGH_VAR_GC_THRESH1] = { 3700 .procname = "gc_thresh1", 3701 .maxlen = sizeof(int), 3702 .mode = 0644, 3703 .extra1 = SYSCTL_ZERO, 3704 .extra2 = SYSCTL_INT_MAX, 3705 .proc_handler = proc_dointvec_minmax, 3706 }, 3707 [NEIGH_VAR_GC_THRESH2] = { 3708 .procname = "gc_thresh2", 3709 .maxlen = sizeof(int), 3710 .mode = 0644, 3711 .extra1 = SYSCTL_ZERO, 3712 .extra2 = SYSCTL_INT_MAX, 3713 .proc_handler = proc_dointvec_minmax, 3714 }, 3715 [NEIGH_VAR_GC_THRESH3] = { 3716 .procname = "gc_thresh3", 3717 .maxlen = sizeof(int), 3718 .mode = 0644, 3719 .extra1 = SYSCTL_ZERO, 3720 .extra2 = SYSCTL_INT_MAX, 3721 .proc_handler = proc_dointvec_minmax, 3722 }, 3723 }, 3724 }; 3725 3726 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3727 proc_handler *handler) 3728 { 3729 int i; 3730 struct neigh_sysctl_table *t; 3731 const char *dev_name_source; 3732 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3733 char *p_name; 3734 size_t neigh_vars_size; 3735 3736 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3737 if (!t) 3738 goto err; 3739 3740 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3741 t->neigh_vars[i].data += (long) p; 3742 t->neigh_vars[i].extra1 = dev; 3743 t->neigh_vars[i].extra2 = p; 3744 } 3745 3746 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3747 if (dev) { 3748 dev_name_source = dev->name; 3749 /* Terminate the table early */ 3750 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3751 } else { 3752 struct neigh_table *tbl = p->tbl; 3753 dev_name_source = "default"; 3754 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3755 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3756 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3757 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3758 } 3759 3760 if (handler) { 3761 /* RetransTime */ 3762 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3763 /* ReachableTime */ 3764 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3765 /* RetransTime (in milliseconds)*/ 3766 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3767 /* ReachableTime (in milliseconds) */ 3768 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3769 } else { 3770 /* Those handlers will update p->reachable_time after 3771 * base_reachable_time(_ms) is set to ensure the new timer starts being 3772 * applied after the next neighbour update instead of waiting for 3773 * neigh_periodic_work to update its value (can be multiple minutes) 3774 * So any handler that replaces them should do this as well 3775 */ 3776 /* ReachableTime */ 3777 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3778 neigh_proc_base_reachable_time; 3779 /* ReachableTime (in milliseconds) */ 3780 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3781 neigh_proc_base_reachable_time; 3782 } 3783 3784 switch (neigh_parms_family(p)) { 3785 case AF_INET: 3786 p_name = "ipv4"; 3787 break; 3788 case AF_INET6: 3789 p_name = "ipv6"; 3790 break; 3791 default: 3792 BUG(); 3793 } 3794 3795 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3796 p_name, dev_name_source); 3797 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3798 neigh_path, t->neigh_vars, 3799 neigh_vars_size); 3800 if (!t->sysctl_header) 3801 goto free; 3802 3803 p->sysctl_table = t; 3804 return 0; 3805 3806 free: 3807 kfree(t); 3808 err: 3809 return -ENOBUFS; 3810 } 3811 EXPORT_SYMBOL(neigh_sysctl_register); 3812 3813 void neigh_sysctl_unregister(struct neigh_parms *p) 3814 { 3815 if (p->sysctl_table) { 3816 struct neigh_sysctl_table *t = p->sysctl_table; 3817 p->sysctl_table = NULL; 3818 unregister_net_sysctl_table(t->sysctl_header); 3819 kfree(t); 3820 } 3821 } 3822 EXPORT_SYMBOL(neigh_sysctl_unregister); 3823 3824 #endif /* CONFIG_SYSCTL */ 3825 3826 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3827 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3828 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3829 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3830 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3831 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info}, 3832 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3833 }; 3834 3835 static int __init neigh_init(void) 3836 { 3837 rtnl_register_many(neigh_rtnl_msg_handlers); 3838 return 0; 3839 } 3840 3841 subsys_initcall(neigh_init); 3842