1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/types.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/socket.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #ifdef CONFIG_SYSCTL 24 #include <linux/sysctl.h> 25 #endif 26 #include <linux/times.h> 27 #include <net/net_namespace.h> 28 #include <net/neighbour.h> 29 #include <net/arp.h> 30 #include <net/dst.h> 31 #include <net/sock.h> 32 #include <net/netevent.h> 33 #include <net/netlink.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/random.h> 36 #include <linux/string.h> 37 #include <linux/log2.h> 38 #include <linux/inetdevice.h> 39 #include <net/addrconf.h> 40 41 #include <trace/events/neigh.h> 42 43 #define NEIGH_DEBUG 1 44 #define neigh_dbg(level, fmt, ...) \ 45 do { \ 46 if (level <= NEIGH_DEBUG) \ 47 pr_debug(fmt, ##__VA_ARGS__); \ 48 } while (0) 49 50 #define PNEIGH_HASHMASK 0xF 51 52 static void neigh_timer_handler(struct timer_list *t); 53 static void __neigh_notify(struct neighbour *n, int type, int flags, 54 u32 pid); 55 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 56 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 57 struct net_device *dev); 58 59 #ifdef CONFIG_PROC_FS 60 static const struct seq_operations neigh_stat_seq_ops; 61 #endif 62 63 /* 64 Neighbour hash table buckets are protected with rwlock tbl->lock. 65 66 - All the scans/updates to hash buckets MUST be made under this lock. 67 - NOTHING clever should be made under this lock: no callbacks 68 to protocol backends, no attempts to send something to network. 69 It will result in deadlocks, if backend/driver wants to use neighbour 70 cache. 71 - If the entry requires some non-trivial actions, increase 72 its reference count and release table lock. 73 74 Neighbour entries are protected: 75 - with reference count. 76 - with rwlock neigh->lock 77 78 Reference count prevents destruction. 79 80 neigh->lock mainly serializes ll address data and its validity state. 81 However, the same lock is used to protect another entry fields: 82 - timer 83 - resolution queue 84 85 Again, nothing clever shall be made under neigh->lock, 86 the most complicated procedure, which we allow is dev->hard_header. 87 It is supposed, that dev->hard_header is simplistic and does 88 not make callbacks to neighbour tables. 89 */ 90 91 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 92 { 93 kfree_skb(skb); 94 return -ENETDOWN; 95 } 96 97 static void neigh_cleanup_and_release(struct neighbour *neigh) 98 { 99 trace_neigh_cleanup_and_release(neigh, 0); 100 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 101 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 102 neigh_release(neigh); 103 } 104 105 /* 106 * It is random distribution in the interval (1/2)*base...(3/2)*base. 107 * It corresponds to default IPv6 settings and is not overridable, 108 * because it is really reasonable choice. 109 */ 110 111 unsigned long neigh_rand_reach_time(unsigned long base) 112 { 113 return base ? get_random_u32_below(base) + (base >> 1) : 0; 114 } 115 EXPORT_SYMBOL(neigh_rand_reach_time); 116 117 static void neigh_mark_dead(struct neighbour *n) 118 { 119 n->dead = 1; 120 if (!list_empty(&n->gc_list)) { 121 list_del_init(&n->gc_list); 122 atomic_dec(&n->tbl->gc_entries); 123 } 124 if (!list_empty(&n->managed_list)) 125 list_del_init(&n->managed_list); 126 } 127 128 static void neigh_update_gc_list(struct neighbour *n) 129 { 130 bool on_gc_list, exempt_from_gc; 131 132 write_lock_bh(&n->tbl->lock); 133 write_lock(&n->lock); 134 if (n->dead) 135 goto out; 136 137 /* remove from the gc list if new state is permanent or if neighbor 138 * is externally learned; otherwise entry should be on the gc list 139 */ 140 exempt_from_gc = n->nud_state & NUD_PERMANENT || 141 n->flags & NTF_EXT_LEARNED; 142 on_gc_list = !list_empty(&n->gc_list); 143 144 if (exempt_from_gc && on_gc_list) { 145 list_del_init(&n->gc_list); 146 atomic_dec(&n->tbl->gc_entries); 147 } else if (!exempt_from_gc && !on_gc_list) { 148 /* add entries to the tail; cleaning removes from the front */ 149 list_add_tail(&n->gc_list, &n->tbl->gc_list); 150 atomic_inc(&n->tbl->gc_entries); 151 } 152 out: 153 write_unlock(&n->lock); 154 write_unlock_bh(&n->tbl->lock); 155 } 156 157 static void neigh_update_managed_list(struct neighbour *n) 158 { 159 bool on_managed_list, add_to_managed; 160 161 write_lock_bh(&n->tbl->lock); 162 write_lock(&n->lock); 163 if (n->dead) 164 goto out; 165 166 add_to_managed = n->flags & NTF_MANAGED; 167 on_managed_list = !list_empty(&n->managed_list); 168 169 if (!add_to_managed && on_managed_list) 170 list_del_init(&n->managed_list); 171 else if (add_to_managed && !on_managed_list) 172 list_add_tail(&n->managed_list, &n->tbl->managed_list); 173 out: 174 write_unlock(&n->lock); 175 write_unlock_bh(&n->tbl->lock); 176 } 177 178 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 179 bool *gc_update, bool *managed_update) 180 { 181 u32 ndm_flags, old_flags = neigh->flags; 182 183 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 184 return; 185 186 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 187 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 188 189 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 190 if (ndm_flags & NTF_EXT_LEARNED) 191 neigh->flags |= NTF_EXT_LEARNED; 192 else 193 neigh->flags &= ~NTF_EXT_LEARNED; 194 *notify = 1; 195 *gc_update = true; 196 } 197 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 198 if (ndm_flags & NTF_MANAGED) 199 neigh->flags |= NTF_MANAGED; 200 else 201 neigh->flags &= ~NTF_MANAGED; 202 *notify = 1; 203 *managed_update = true; 204 } 205 } 206 207 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np, 208 struct neigh_table *tbl) 209 { 210 bool retval = false; 211 212 write_lock(&n->lock); 213 if (refcount_read(&n->refcnt) == 1) { 214 struct neighbour *neigh; 215 216 neigh = rcu_dereference_protected(n->next, 217 lockdep_is_held(&tbl->lock)); 218 rcu_assign_pointer(*np, neigh); 219 neigh_mark_dead(n); 220 retval = true; 221 } 222 write_unlock(&n->lock); 223 if (retval) 224 neigh_cleanup_and_release(n); 225 return retval; 226 } 227 228 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl) 229 { 230 struct neigh_hash_table *nht; 231 void *pkey = ndel->primary_key; 232 u32 hash_val; 233 struct neighbour *n; 234 struct neighbour __rcu **np; 235 236 nht = rcu_dereference_protected(tbl->nht, 237 lockdep_is_held(&tbl->lock)); 238 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd); 239 hash_val = hash_val >> (32 - nht->hash_shift); 240 241 np = &nht->hash_buckets[hash_val]; 242 while ((n = rcu_dereference_protected(*np, 243 lockdep_is_held(&tbl->lock)))) { 244 if (n == ndel) 245 return neigh_del(n, np, tbl); 246 np = &n->next; 247 } 248 return false; 249 } 250 251 static int neigh_forced_gc(struct neigh_table *tbl) 252 { 253 int max_clean = atomic_read(&tbl->gc_entries) - 254 READ_ONCE(tbl->gc_thresh2); 255 u64 tmax = ktime_get_ns() + NSEC_PER_MSEC; 256 unsigned long tref = jiffies - 5 * HZ; 257 struct neighbour *n, *tmp; 258 int shrunk = 0; 259 int loop = 0; 260 261 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 262 263 write_lock_bh(&tbl->lock); 264 265 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 266 if (refcount_read(&n->refcnt) == 1) { 267 bool remove = false; 268 269 write_lock(&n->lock); 270 if ((n->nud_state == NUD_FAILED) || 271 (n->nud_state == NUD_NOARP) || 272 (tbl->is_multicast && 273 tbl->is_multicast(n->primary_key)) || 274 !time_in_range(n->updated, tref, jiffies)) 275 remove = true; 276 write_unlock(&n->lock); 277 278 if (remove && neigh_remove_one(n, tbl)) 279 shrunk++; 280 if (shrunk >= max_clean) 281 break; 282 if (++loop == 16) { 283 if (ktime_get_ns() > tmax) 284 goto unlock; 285 loop = 0; 286 } 287 } 288 } 289 290 WRITE_ONCE(tbl->last_flush, jiffies); 291 unlock: 292 write_unlock_bh(&tbl->lock); 293 294 return shrunk; 295 } 296 297 static void neigh_add_timer(struct neighbour *n, unsigned long when) 298 { 299 /* Use safe distance from the jiffies - LONG_MAX point while timer 300 * is running in DELAY/PROBE state but still show to user space 301 * large times in the past. 302 */ 303 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); 304 305 neigh_hold(n); 306 if (!time_in_range(n->confirmed, mint, jiffies)) 307 n->confirmed = mint; 308 if (time_before(n->used, n->confirmed)) 309 n->used = n->confirmed; 310 if (unlikely(mod_timer(&n->timer, when))) { 311 printk("NEIGH: BUG, double timer add, state is %x\n", 312 n->nud_state); 313 dump_stack(); 314 } 315 } 316 317 static int neigh_del_timer(struct neighbour *n) 318 { 319 if ((n->nud_state & NUD_IN_TIMER) && 320 del_timer(&n->timer)) { 321 neigh_release(n); 322 return 1; 323 } 324 return 0; 325 } 326 327 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 328 int family) 329 { 330 switch (family) { 331 case AF_INET: 332 return __in_dev_arp_parms_get_rcu(dev); 333 case AF_INET6: 334 return __in6_dev_nd_parms_get_rcu(dev); 335 } 336 return NULL; 337 } 338 339 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 340 { 341 struct neigh_parms *p; 342 343 rcu_read_lock(); 344 p = neigh_get_dev_parms_rcu(dev, family); 345 if (p) 346 p->qlen--; 347 rcu_read_unlock(); 348 } 349 350 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 351 int family) 352 { 353 struct sk_buff_head tmp; 354 unsigned long flags; 355 struct sk_buff *skb; 356 357 skb_queue_head_init(&tmp); 358 spin_lock_irqsave(&list->lock, flags); 359 skb = skb_peek(list); 360 while (skb != NULL) { 361 struct sk_buff *skb_next = skb_peek_next(skb, list); 362 struct net_device *dev = skb->dev; 363 364 if (net == NULL || net_eq(dev_net(dev), net)) { 365 neigh_parms_qlen_dec(dev, family); 366 __skb_unlink(skb, list); 367 __skb_queue_tail(&tmp, skb); 368 } 369 skb = skb_next; 370 } 371 spin_unlock_irqrestore(&list->lock, flags); 372 373 while ((skb = __skb_dequeue(&tmp))) { 374 dev_put(skb->dev); 375 kfree_skb(skb); 376 } 377 } 378 379 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 380 bool skip_perm) 381 { 382 int i; 383 struct neigh_hash_table *nht; 384 385 nht = rcu_dereference_protected(tbl->nht, 386 lockdep_is_held(&tbl->lock)); 387 388 for (i = 0; i < (1 << nht->hash_shift); i++) { 389 struct neighbour *n; 390 struct neighbour __rcu **np = &nht->hash_buckets[i]; 391 392 while ((n = rcu_dereference_protected(*np, 393 lockdep_is_held(&tbl->lock))) != NULL) { 394 if (dev && n->dev != dev) { 395 np = &n->next; 396 continue; 397 } 398 if (skip_perm && n->nud_state & NUD_PERMANENT) { 399 np = &n->next; 400 continue; 401 } 402 rcu_assign_pointer(*np, 403 rcu_dereference_protected(n->next, 404 lockdep_is_held(&tbl->lock))); 405 write_lock(&n->lock); 406 neigh_del_timer(n); 407 neigh_mark_dead(n); 408 if (refcount_read(&n->refcnt) != 1) { 409 /* The most unpleasant situation. 410 We must destroy neighbour entry, 411 but someone still uses it. 412 413 The destroy will be delayed until 414 the last user releases us, but 415 we must kill timers etc. and move 416 it to safe state. 417 */ 418 __skb_queue_purge(&n->arp_queue); 419 n->arp_queue_len_bytes = 0; 420 WRITE_ONCE(n->output, neigh_blackhole); 421 if (n->nud_state & NUD_VALID) 422 n->nud_state = NUD_NOARP; 423 else 424 n->nud_state = NUD_NONE; 425 neigh_dbg(2, "neigh %p is stray\n", n); 426 } 427 write_unlock(&n->lock); 428 neigh_cleanup_and_release(n); 429 } 430 } 431 } 432 433 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 434 { 435 write_lock_bh(&tbl->lock); 436 neigh_flush_dev(tbl, dev, false); 437 write_unlock_bh(&tbl->lock); 438 } 439 EXPORT_SYMBOL(neigh_changeaddr); 440 441 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 442 bool skip_perm) 443 { 444 write_lock_bh(&tbl->lock); 445 neigh_flush_dev(tbl, dev, skip_perm); 446 pneigh_ifdown_and_unlock(tbl, dev); 447 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 448 tbl->family); 449 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 450 del_timer_sync(&tbl->proxy_timer); 451 return 0; 452 } 453 454 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 455 { 456 __neigh_ifdown(tbl, dev, true); 457 return 0; 458 } 459 EXPORT_SYMBOL(neigh_carrier_down); 460 461 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 462 { 463 __neigh_ifdown(tbl, dev, false); 464 return 0; 465 } 466 EXPORT_SYMBOL(neigh_ifdown); 467 468 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 469 struct net_device *dev, 470 u32 flags, bool exempt_from_gc) 471 { 472 struct neighbour *n = NULL; 473 unsigned long now = jiffies; 474 int entries, gc_thresh3; 475 476 if (exempt_from_gc) 477 goto do_alloc; 478 479 entries = atomic_inc_return(&tbl->gc_entries) - 1; 480 gc_thresh3 = READ_ONCE(tbl->gc_thresh3); 481 if (entries >= gc_thresh3 || 482 (entries >= READ_ONCE(tbl->gc_thresh2) && 483 time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) { 484 if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) { 485 net_info_ratelimited("%s: neighbor table overflow!\n", 486 tbl->id); 487 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 488 goto out_entries; 489 } 490 } 491 492 do_alloc: 493 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 494 if (!n) 495 goto out_entries; 496 497 __skb_queue_head_init(&n->arp_queue); 498 rwlock_init(&n->lock); 499 seqlock_init(&n->ha_lock); 500 n->updated = n->used = now; 501 n->nud_state = NUD_NONE; 502 n->output = neigh_blackhole; 503 n->flags = flags; 504 seqlock_init(&n->hh.hh_lock); 505 n->parms = neigh_parms_clone(&tbl->parms); 506 timer_setup(&n->timer, neigh_timer_handler, 0); 507 508 NEIGH_CACHE_STAT_INC(tbl, allocs); 509 n->tbl = tbl; 510 refcount_set(&n->refcnt, 1); 511 n->dead = 1; 512 INIT_LIST_HEAD(&n->gc_list); 513 INIT_LIST_HEAD(&n->managed_list); 514 515 atomic_inc(&tbl->entries); 516 out: 517 return n; 518 519 out_entries: 520 if (!exempt_from_gc) 521 atomic_dec(&tbl->gc_entries); 522 goto out; 523 } 524 525 static void neigh_get_hash_rnd(u32 *x) 526 { 527 *x = get_random_u32() | 1; 528 } 529 530 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 531 { 532 size_t size = (1 << shift) * sizeof(struct neighbour *); 533 struct neigh_hash_table *ret; 534 struct neighbour __rcu **buckets; 535 int i; 536 537 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 538 if (!ret) 539 return NULL; 540 buckets = kvzalloc(size, GFP_ATOMIC); 541 if (!buckets) { 542 kfree(ret); 543 return NULL; 544 } 545 ret->hash_buckets = buckets; 546 ret->hash_shift = shift; 547 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 548 neigh_get_hash_rnd(&ret->hash_rnd[i]); 549 return ret; 550 } 551 552 static void neigh_hash_free_rcu(struct rcu_head *head) 553 { 554 struct neigh_hash_table *nht = container_of(head, 555 struct neigh_hash_table, 556 rcu); 557 558 kvfree(nht->hash_buckets); 559 kfree(nht); 560 } 561 562 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 563 unsigned long new_shift) 564 { 565 unsigned int i, hash; 566 struct neigh_hash_table *new_nht, *old_nht; 567 568 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 569 570 old_nht = rcu_dereference_protected(tbl->nht, 571 lockdep_is_held(&tbl->lock)); 572 new_nht = neigh_hash_alloc(new_shift); 573 if (!new_nht) 574 return old_nht; 575 576 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 577 struct neighbour *n, *next; 578 579 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 580 lockdep_is_held(&tbl->lock)); 581 n != NULL; 582 n = next) { 583 hash = tbl->hash(n->primary_key, n->dev, 584 new_nht->hash_rnd); 585 586 hash >>= (32 - new_nht->hash_shift); 587 next = rcu_dereference_protected(n->next, 588 lockdep_is_held(&tbl->lock)); 589 590 rcu_assign_pointer(n->next, 591 rcu_dereference_protected( 592 new_nht->hash_buckets[hash], 593 lockdep_is_held(&tbl->lock))); 594 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 595 } 596 } 597 598 rcu_assign_pointer(tbl->nht, new_nht); 599 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 600 return new_nht; 601 } 602 603 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 604 struct net_device *dev) 605 { 606 struct neighbour *n; 607 608 NEIGH_CACHE_STAT_INC(tbl, lookups); 609 610 rcu_read_lock(); 611 n = __neigh_lookup_noref(tbl, pkey, dev); 612 if (n) { 613 if (!refcount_inc_not_zero(&n->refcnt)) 614 n = NULL; 615 NEIGH_CACHE_STAT_INC(tbl, hits); 616 } 617 618 rcu_read_unlock(); 619 return n; 620 } 621 EXPORT_SYMBOL(neigh_lookup); 622 623 static struct neighbour * 624 ___neigh_create(struct neigh_table *tbl, const void *pkey, 625 struct net_device *dev, u32 flags, 626 bool exempt_from_gc, bool want_ref) 627 { 628 u32 hash_val, key_len = tbl->key_len; 629 struct neighbour *n1, *rc, *n; 630 struct neigh_hash_table *nht; 631 int error; 632 633 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 634 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 635 if (!n) { 636 rc = ERR_PTR(-ENOBUFS); 637 goto out; 638 } 639 640 memcpy(n->primary_key, pkey, key_len); 641 n->dev = dev; 642 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 643 644 /* Protocol specific setup. */ 645 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 646 rc = ERR_PTR(error); 647 goto out_neigh_release; 648 } 649 650 if (dev->netdev_ops->ndo_neigh_construct) { 651 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 652 if (error < 0) { 653 rc = ERR_PTR(error); 654 goto out_neigh_release; 655 } 656 } 657 658 /* Device specific setup. */ 659 if (n->parms->neigh_setup && 660 (error = n->parms->neigh_setup(n)) < 0) { 661 rc = ERR_PTR(error); 662 goto out_neigh_release; 663 } 664 665 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 666 667 write_lock_bh(&tbl->lock); 668 nht = rcu_dereference_protected(tbl->nht, 669 lockdep_is_held(&tbl->lock)); 670 671 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 672 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 673 674 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 675 676 if (n->parms->dead) { 677 rc = ERR_PTR(-EINVAL); 678 goto out_tbl_unlock; 679 } 680 681 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 682 lockdep_is_held(&tbl->lock)); 683 n1 != NULL; 684 n1 = rcu_dereference_protected(n1->next, 685 lockdep_is_held(&tbl->lock))) { 686 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 687 if (want_ref) 688 neigh_hold(n1); 689 rc = n1; 690 goto out_tbl_unlock; 691 } 692 } 693 694 n->dead = 0; 695 if (!exempt_from_gc) 696 list_add_tail(&n->gc_list, &n->tbl->gc_list); 697 if (n->flags & NTF_MANAGED) 698 list_add_tail(&n->managed_list, &n->tbl->managed_list); 699 if (want_ref) 700 neigh_hold(n); 701 rcu_assign_pointer(n->next, 702 rcu_dereference_protected(nht->hash_buckets[hash_val], 703 lockdep_is_held(&tbl->lock))); 704 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 705 write_unlock_bh(&tbl->lock); 706 neigh_dbg(2, "neigh %p is created\n", n); 707 rc = n; 708 out: 709 return rc; 710 out_tbl_unlock: 711 write_unlock_bh(&tbl->lock); 712 out_neigh_release: 713 if (!exempt_from_gc) 714 atomic_dec(&tbl->gc_entries); 715 neigh_release(n); 716 goto out; 717 } 718 719 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 720 struct net_device *dev, bool want_ref) 721 { 722 bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK); 723 724 return ___neigh_create(tbl, pkey, dev, 0, exempt_from_gc, want_ref); 725 } 726 EXPORT_SYMBOL(__neigh_create); 727 728 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 729 { 730 u32 hash_val = *(u32 *)(pkey + key_len - 4); 731 hash_val ^= (hash_val >> 16); 732 hash_val ^= hash_val >> 8; 733 hash_val ^= hash_val >> 4; 734 hash_val &= PNEIGH_HASHMASK; 735 return hash_val; 736 } 737 738 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 739 struct net *net, 740 const void *pkey, 741 unsigned int key_len, 742 struct net_device *dev) 743 { 744 while (n) { 745 if (!memcmp(n->key, pkey, key_len) && 746 net_eq(pneigh_net(n), net) && 747 (n->dev == dev || !n->dev)) 748 return n; 749 n = n->next; 750 } 751 return NULL; 752 } 753 754 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 755 struct net *net, const void *pkey, struct net_device *dev) 756 { 757 unsigned int key_len = tbl->key_len; 758 u32 hash_val = pneigh_hash(pkey, key_len); 759 760 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 761 net, pkey, key_len, dev); 762 } 763 EXPORT_SYMBOL_GPL(__pneigh_lookup); 764 765 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 766 struct net *net, const void *pkey, 767 struct net_device *dev, int creat) 768 { 769 struct pneigh_entry *n; 770 unsigned int key_len = tbl->key_len; 771 u32 hash_val = pneigh_hash(pkey, key_len); 772 773 read_lock_bh(&tbl->lock); 774 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 775 net, pkey, key_len, dev); 776 read_unlock_bh(&tbl->lock); 777 778 if (n || !creat) 779 goto out; 780 781 ASSERT_RTNL(); 782 783 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 784 if (!n) 785 goto out; 786 787 write_pnet(&n->net, net); 788 memcpy(n->key, pkey, key_len); 789 n->dev = dev; 790 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 791 792 if (tbl->pconstructor && tbl->pconstructor(n)) { 793 netdev_put(dev, &n->dev_tracker); 794 kfree(n); 795 n = NULL; 796 goto out; 797 } 798 799 write_lock_bh(&tbl->lock); 800 n->next = tbl->phash_buckets[hash_val]; 801 tbl->phash_buckets[hash_val] = n; 802 write_unlock_bh(&tbl->lock); 803 out: 804 return n; 805 } 806 EXPORT_SYMBOL(pneigh_lookup); 807 808 809 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 810 struct net_device *dev) 811 { 812 struct pneigh_entry *n, **np; 813 unsigned int key_len = tbl->key_len; 814 u32 hash_val = pneigh_hash(pkey, key_len); 815 816 write_lock_bh(&tbl->lock); 817 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 818 np = &n->next) { 819 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 820 net_eq(pneigh_net(n), net)) { 821 *np = n->next; 822 write_unlock_bh(&tbl->lock); 823 if (tbl->pdestructor) 824 tbl->pdestructor(n); 825 netdev_put(n->dev, &n->dev_tracker); 826 kfree(n); 827 return 0; 828 } 829 } 830 write_unlock_bh(&tbl->lock); 831 return -ENOENT; 832 } 833 834 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 835 struct net_device *dev) 836 { 837 struct pneigh_entry *n, **np, *freelist = NULL; 838 u32 h; 839 840 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 841 np = &tbl->phash_buckets[h]; 842 while ((n = *np) != NULL) { 843 if (!dev || n->dev == dev) { 844 *np = n->next; 845 n->next = freelist; 846 freelist = n; 847 continue; 848 } 849 np = &n->next; 850 } 851 } 852 write_unlock_bh(&tbl->lock); 853 while ((n = freelist)) { 854 freelist = n->next; 855 n->next = NULL; 856 if (tbl->pdestructor) 857 tbl->pdestructor(n); 858 netdev_put(n->dev, &n->dev_tracker); 859 kfree(n); 860 } 861 return -ENOENT; 862 } 863 864 static void neigh_parms_destroy(struct neigh_parms *parms); 865 866 static inline void neigh_parms_put(struct neigh_parms *parms) 867 { 868 if (refcount_dec_and_test(&parms->refcnt)) 869 neigh_parms_destroy(parms); 870 } 871 872 /* 873 * neighbour must already be out of the table; 874 * 875 */ 876 void neigh_destroy(struct neighbour *neigh) 877 { 878 struct net_device *dev = neigh->dev; 879 880 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 881 882 if (!neigh->dead) { 883 pr_warn("Destroying alive neighbour %p\n", neigh); 884 dump_stack(); 885 return; 886 } 887 888 if (neigh_del_timer(neigh)) 889 pr_warn("Impossible event\n"); 890 891 write_lock_bh(&neigh->lock); 892 __skb_queue_purge(&neigh->arp_queue); 893 write_unlock_bh(&neigh->lock); 894 neigh->arp_queue_len_bytes = 0; 895 896 if (dev->netdev_ops->ndo_neigh_destroy) 897 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 898 899 netdev_put(dev, &neigh->dev_tracker); 900 neigh_parms_put(neigh->parms); 901 902 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 903 904 atomic_dec(&neigh->tbl->entries); 905 kfree_rcu(neigh, rcu); 906 } 907 EXPORT_SYMBOL(neigh_destroy); 908 909 /* Neighbour state is suspicious; 910 disable fast path. 911 912 Called with write_locked neigh. 913 */ 914 static void neigh_suspect(struct neighbour *neigh) 915 { 916 neigh_dbg(2, "neigh %p is suspected\n", neigh); 917 918 WRITE_ONCE(neigh->output, neigh->ops->output); 919 } 920 921 /* Neighbour state is OK; 922 enable fast path. 923 924 Called with write_locked neigh. 925 */ 926 static void neigh_connect(struct neighbour *neigh) 927 { 928 neigh_dbg(2, "neigh %p is connected\n", neigh); 929 930 WRITE_ONCE(neigh->output, neigh->ops->connected_output); 931 } 932 933 static void neigh_periodic_work(struct work_struct *work) 934 { 935 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 936 struct neighbour *n; 937 struct neighbour __rcu **np; 938 unsigned int i; 939 struct neigh_hash_table *nht; 940 941 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 942 943 write_lock_bh(&tbl->lock); 944 nht = rcu_dereference_protected(tbl->nht, 945 lockdep_is_held(&tbl->lock)); 946 947 /* 948 * periodically recompute ReachableTime from random function 949 */ 950 951 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 952 struct neigh_parms *p; 953 954 WRITE_ONCE(tbl->last_rand, jiffies); 955 list_for_each_entry(p, &tbl->parms_list, list) 956 p->reachable_time = 957 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 958 } 959 960 if (atomic_read(&tbl->entries) < READ_ONCE(tbl->gc_thresh1)) 961 goto out; 962 963 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 964 np = &nht->hash_buckets[i]; 965 966 while ((n = rcu_dereference_protected(*np, 967 lockdep_is_held(&tbl->lock))) != NULL) { 968 unsigned int state; 969 970 write_lock(&n->lock); 971 972 state = n->nud_state; 973 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 974 (n->flags & NTF_EXT_LEARNED)) { 975 write_unlock(&n->lock); 976 goto next_elt; 977 } 978 979 if (time_before(n->used, n->confirmed) && 980 time_is_before_eq_jiffies(n->confirmed)) 981 n->used = n->confirmed; 982 983 if (refcount_read(&n->refcnt) == 1 && 984 (state == NUD_FAILED || 985 !time_in_range_open(jiffies, n->used, 986 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 987 rcu_assign_pointer(*np, 988 rcu_dereference_protected(n->next, 989 lockdep_is_held(&tbl->lock))); 990 neigh_mark_dead(n); 991 write_unlock(&n->lock); 992 neigh_cleanup_and_release(n); 993 continue; 994 } 995 write_unlock(&n->lock); 996 997 next_elt: 998 np = &n->next; 999 } 1000 /* 1001 * It's fine to release lock here, even if hash table 1002 * grows while we are preempted. 1003 */ 1004 write_unlock_bh(&tbl->lock); 1005 cond_resched(); 1006 write_lock_bh(&tbl->lock); 1007 nht = rcu_dereference_protected(tbl->nht, 1008 lockdep_is_held(&tbl->lock)); 1009 } 1010 out: 1011 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1012 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1013 * BASE_REACHABLE_TIME. 1014 */ 1015 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1016 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1017 write_unlock_bh(&tbl->lock); 1018 } 1019 1020 static __inline__ int neigh_max_probes(struct neighbour *n) 1021 { 1022 struct neigh_parms *p = n->parms; 1023 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1024 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1025 NEIGH_VAR(p, MCAST_PROBES)); 1026 } 1027 1028 static void neigh_invalidate(struct neighbour *neigh) 1029 __releases(neigh->lock) 1030 __acquires(neigh->lock) 1031 { 1032 struct sk_buff *skb; 1033 1034 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1035 neigh_dbg(2, "neigh %p is failed\n", neigh); 1036 neigh->updated = jiffies; 1037 1038 /* It is very thin place. report_unreachable is very complicated 1039 routine. Particularly, it can hit the same neighbour entry! 1040 1041 So that, we try to be accurate and avoid dead loop. --ANK 1042 */ 1043 while (neigh->nud_state == NUD_FAILED && 1044 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1045 write_unlock(&neigh->lock); 1046 neigh->ops->error_report(neigh, skb); 1047 write_lock(&neigh->lock); 1048 } 1049 __skb_queue_purge(&neigh->arp_queue); 1050 neigh->arp_queue_len_bytes = 0; 1051 } 1052 1053 static void neigh_probe(struct neighbour *neigh) 1054 __releases(neigh->lock) 1055 { 1056 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1057 /* keep skb alive even if arp_queue overflows */ 1058 if (skb) 1059 skb = skb_clone(skb, GFP_ATOMIC); 1060 write_unlock(&neigh->lock); 1061 if (neigh->ops->solicit) 1062 neigh->ops->solicit(neigh, skb); 1063 atomic_inc(&neigh->probes); 1064 consume_skb(skb); 1065 } 1066 1067 /* Called when a timer expires for a neighbour entry. */ 1068 1069 static void neigh_timer_handler(struct timer_list *t) 1070 { 1071 unsigned long now, next; 1072 struct neighbour *neigh = from_timer(neigh, t, timer); 1073 unsigned int state; 1074 int notify = 0; 1075 1076 write_lock(&neigh->lock); 1077 1078 state = neigh->nud_state; 1079 now = jiffies; 1080 next = now + HZ; 1081 1082 if (!(state & NUD_IN_TIMER)) 1083 goto out; 1084 1085 if (state & NUD_REACHABLE) { 1086 if (time_before_eq(now, 1087 neigh->confirmed + neigh->parms->reachable_time)) { 1088 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1089 next = neigh->confirmed + neigh->parms->reachable_time; 1090 } else if (time_before_eq(now, 1091 neigh->used + 1092 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1093 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1094 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1095 neigh->updated = jiffies; 1096 neigh_suspect(neigh); 1097 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1098 } else { 1099 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1100 WRITE_ONCE(neigh->nud_state, NUD_STALE); 1101 neigh->updated = jiffies; 1102 neigh_suspect(neigh); 1103 notify = 1; 1104 } 1105 } else if (state & NUD_DELAY) { 1106 if (time_before_eq(now, 1107 neigh->confirmed + 1108 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1109 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1110 WRITE_ONCE(neigh->nud_state, NUD_REACHABLE); 1111 neigh->updated = jiffies; 1112 neigh_connect(neigh); 1113 notify = 1; 1114 next = neigh->confirmed + neigh->parms->reachable_time; 1115 } else { 1116 neigh_dbg(2, "neigh %p is probed\n", neigh); 1117 WRITE_ONCE(neigh->nud_state, NUD_PROBE); 1118 neigh->updated = jiffies; 1119 atomic_set(&neigh->probes, 0); 1120 notify = 1; 1121 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1122 HZ/100); 1123 } 1124 } else { 1125 /* NUD_PROBE|NUD_INCOMPLETE */ 1126 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1127 } 1128 1129 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1130 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1131 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1132 notify = 1; 1133 neigh_invalidate(neigh); 1134 goto out; 1135 } 1136 1137 if (neigh->nud_state & NUD_IN_TIMER) { 1138 if (time_before(next, jiffies + HZ/100)) 1139 next = jiffies + HZ/100; 1140 if (!mod_timer(&neigh->timer, next)) 1141 neigh_hold(neigh); 1142 } 1143 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1144 neigh_probe(neigh); 1145 } else { 1146 out: 1147 write_unlock(&neigh->lock); 1148 } 1149 1150 if (notify) 1151 neigh_update_notify(neigh, 0); 1152 1153 trace_neigh_timer_handler(neigh, 0); 1154 1155 neigh_release(neigh); 1156 } 1157 1158 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1159 const bool immediate_ok) 1160 { 1161 int rc; 1162 bool immediate_probe = false; 1163 1164 write_lock_bh(&neigh->lock); 1165 1166 rc = 0; 1167 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1168 goto out_unlock_bh; 1169 if (neigh->dead) 1170 goto out_dead; 1171 1172 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1173 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1174 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1175 unsigned long next, now = jiffies; 1176 1177 atomic_set(&neigh->probes, 1178 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1179 neigh_del_timer(neigh); 1180 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1181 neigh->updated = now; 1182 if (!immediate_ok) { 1183 next = now + 1; 1184 } else { 1185 immediate_probe = true; 1186 next = now + max(NEIGH_VAR(neigh->parms, 1187 RETRANS_TIME), 1188 HZ / 100); 1189 } 1190 neigh_add_timer(neigh, next); 1191 } else { 1192 WRITE_ONCE(neigh->nud_state, NUD_FAILED); 1193 neigh->updated = jiffies; 1194 write_unlock_bh(&neigh->lock); 1195 1196 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1197 return 1; 1198 } 1199 } else if (neigh->nud_state & NUD_STALE) { 1200 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1201 neigh_del_timer(neigh); 1202 WRITE_ONCE(neigh->nud_state, NUD_DELAY); 1203 neigh->updated = jiffies; 1204 neigh_add_timer(neigh, jiffies + 1205 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1206 } 1207 1208 if (neigh->nud_state == NUD_INCOMPLETE) { 1209 if (skb) { 1210 while (neigh->arp_queue_len_bytes + skb->truesize > 1211 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1212 struct sk_buff *buff; 1213 1214 buff = __skb_dequeue(&neigh->arp_queue); 1215 if (!buff) 1216 break; 1217 neigh->arp_queue_len_bytes -= buff->truesize; 1218 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1219 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1220 } 1221 skb_dst_force(skb); 1222 __skb_queue_tail(&neigh->arp_queue, skb); 1223 neigh->arp_queue_len_bytes += skb->truesize; 1224 } 1225 rc = 1; 1226 } 1227 out_unlock_bh: 1228 if (immediate_probe) 1229 neigh_probe(neigh); 1230 else 1231 write_unlock(&neigh->lock); 1232 local_bh_enable(); 1233 trace_neigh_event_send_done(neigh, rc); 1234 return rc; 1235 1236 out_dead: 1237 if (neigh->nud_state & NUD_STALE) 1238 goto out_unlock_bh; 1239 write_unlock_bh(&neigh->lock); 1240 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1241 trace_neigh_event_send_dead(neigh, 1); 1242 return 1; 1243 } 1244 EXPORT_SYMBOL(__neigh_event_send); 1245 1246 static void neigh_update_hhs(struct neighbour *neigh) 1247 { 1248 struct hh_cache *hh; 1249 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1250 = NULL; 1251 1252 if (neigh->dev->header_ops) 1253 update = neigh->dev->header_ops->cache_update; 1254 1255 if (update) { 1256 hh = &neigh->hh; 1257 if (READ_ONCE(hh->hh_len)) { 1258 write_seqlock_bh(&hh->hh_lock); 1259 update(hh, neigh->dev, neigh->ha); 1260 write_sequnlock_bh(&hh->hh_lock); 1261 } 1262 } 1263 } 1264 1265 /* Generic update routine. 1266 -- lladdr is new lladdr or NULL, if it is not supplied. 1267 -- new is new state. 1268 -- flags 1269 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1270 if it is different. 1271 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1272 lladdr instead of overriding it 1273 if it is different. 1274 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1275 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1276 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1277 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1278 NTF_ROUTER flag. 1279 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1280 a router. 1281 1282 Caller MUST hold reference count on the entry. 1283 */ 1284 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1285 u8 new, u32 flags, u32 nlmsg_pid, 1286 struct netlink_ext_ack *extack) 1287 { 1288 bool gc_update = false, managed_update = false; 1289 int update_isrouter = 0; 1290 struct net_device *dev; 1291 int err, notify = 0; 1292 u8 old; 1293 1294 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1295 1296 write_lock_bh(&neigh->lock); 1297 1298 dev = neigh->dev; 1299 old = neigh->nud_state; 1300 err = -EPERM; 1301 1302 if (neigh->dead) { 1303 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1304 new = old; 1305 goto out; 1306 } 1307 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1308 (old & (NUD_NOARP | NUD_PERMANENT))) 1309 goto out; 1310 1311 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1312 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1313 new = old & ~NUD_PERMANENT; 1314 WRITE_ONCE(neigh->nud_state, new); 1315 err = 0; 1316 goto out; 1317 } 1318 1319 if (!(new & NUD_VALID)) { 1320 neigh_del_timer(neigh); 1321 if (old & NUD_CONNECTED) 1322 neigh_suspect(neigh); 1323 WRITE_ONCE(neigh->nud_state, new); 1324 err = 0; 1325 notify = old & NUD_VALID; 1326 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1327 (new & NUD_FAILED)) { 1328 neigh_invalidate(neigh); 1329 notify = 1; 1330 } 1331 goto out; 1332 } 1333 1334 /* Compare new lladdr with cached one */ 1335 if (!dev->addr_len) { 1336 /* First case: device needs no address. */ 1337 lladdr = neigh->ha; 1338 } else if (lladdr) { 1339 /* The second case: if something is already cached 1340 and a new address is proposed: 1341 - compare new & old 1342 - if they are different, check override flag 1343 */ 1344 if ((old & NUD_VALID) && 1345 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1346 lladdr = neigh->ha; 1347 } else { 1348 /* No address is supplied; if we know something, 1349 use it, otherwise discard the request. 1350 */ 1351 err = -EINVAL; 1352 if (!(old & NUD_VALID)) { 1353 NL_SET_ERR_MSG(extack, "No link layer address given"); 1354 goto out; 1355 } 1356 lladdr = neigh->ha; 1357 } 1358 1359 /* Update confirmed timestamp for neighbour entry after we 1360 * received ARP packet even if it doesn't change IP to MAC binding. 1361 */ 1362 if (new & NUD_CONNECTED) 1363 neigh->confirmed = jiffies; 1364 1365 /* If entry was valid and address is not changed, 1366 do not change entry state, if new one is STALE. 1367 */ 1368 err = 0; 1369 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1370 if (old & NUD_VALID) { 1371 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1372 update_isrouter = 0; 1373 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1374 (old & NUD_CONNECTED)) { 1375 lladdr = neigh->ha; 1376 new = NUD_STALE; 1377 } else 1378 goto out; 1379 } else { 1380 if (lladdr == neigh->ha && new == NUD_STALE && 1381 !(flags & NEIGH_UPDATE_F_ADMIN)) 1382 new = old; 1383 } 1384 } 1385 1386 /* Update timestamp only once we know we will make a change to the 1387 * neighbour entry. Otherwise we risk to move the locktime window with 1388 * noop updates and ignore relevant ARP updates. 1389 */ 1390 if (new != old || lladdr != neigh->ha) 1391 neigh->updated = jiffies; 1392 1393 if (new != old) { 1394 neigh_del_timer(neigh); 1395 if (new & NUD_PROBE) 1396 atomic_set(&neigh->probes, 0); 1397 if (new & NUD_IN_TIMER) 1398 neigh_add_timer(neigh, (jiffies + 1399 ((new & NUD_REACHABLE) ? 1400 neigh->parms->reachable_time : 1401 0))); 1402 WRITE_ONCE(neigh->nud_state, new); 1403 notify = 1; 1404 } 1405 1406 if (lladdr != neigh->ha) { 1407 write_seqlock(&neigh->ha_lock); 1408 memcpy(&neigh->ha, lladdr, dev->addr_len); 1409 write_sequnlock(&neigh->ha_lock); 1410 neigh_update_hhs(neigh); 1411 if (!(new & NUD_CONNECTED)) 1412 neigh->confirmed = jiffies - 1413 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1414 notify = 1; 1415 } 1416 if (new == old) 1417 goto out; 1418 if (new & NUD_CONNECTED) 1419 neigh_connect(neigh); 1420 else 1421 neigh_suspect(neigh); 1422 if (!(old & NUD_VALID)) { 1423 struct sk_buff *skb; 1424 1425 /* Again: avoid dead loop if something went wrong */ 1426 1427 while (neigh->nud_state & NUD_VALID && 1428 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1429 struct dst_entry *dst = skb_dst(skb); 1430 struct neighbour *n2, *n1 = neigh; 1431 write_unlock_bh(&neigh->lock); 1432 1433 rcu_read_lock(); 1434 1435 /* Why not just use 'neigh' as-is? The problem is that 1436 * things such as shaper, eql, and sch_teql can end up 1437 * using alternative, different, neigh objects to output 1438 * the packet in the output path. So what we need to do 1439 * here is re-lookup the top-level neigh in the path so 1440 * we can reinject the packet there. 1441 */ 1442 n2 = NULL; 1443 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1444 n2 = dst_neigh_lookup_skb(dst, skb); 1445 if (n2) 1446 n1 = n2; 1447 } 1448 READ_ONCE(n1->output)(n1, skb); 1449 if (n2) 1450 neigh_release(n2); 1451 rcu_read_unlock(); 1452 1453 write_lock_bh(&neigh->lock); 1454 } 1455 __skb_queue_purge(&neigh->arp_queue); 1456 neigh->arp_queue_len_bytes = 0; 1457 } 1458 out: 1459 if (update_isrouter) 1460 neigh_update_is_router(neigh, flags, ¬ify); 1461 write_unlock_bh(&neigh->lock); 1462 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1463 neigh_update_gc_list(neigh); 1464 if (managed_update) 1465 neigh_update_managed_list(neigh); 1466 if (notify) 1467 neigh_update_notify(neigh, nlmsg_pid); 1468 trace_neigh_update_done(neigh, err); 1469 return err; 1470 } 1471 1472 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1473 u32 flags, u32 nlmsg_pid) 1474 { 1475 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1476 } 1477 EXPORT_SYMBOL(neigh_update); 1478 1479 /* Update the neigh to listen temporarily for probe responses, even if it is 1480 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1481 */ 1482 void __neigh_set_probe_once(struct neighbour *neigh) 1483 { 1484 if (neigh->dead) 1485 return; 1486 neigh->updated = jiffies; 1487 if (!(neigh->nud_state & NUD_FAILED)) 1488 return; 1489 WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE); 1490 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1491 neigh_add_timer(neigh, 1492 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1493 HZ/100)); 1494 } 1495 EXPORT_SYMBOL(__neigh_set_probe_once); 1496 1497 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1498 u8 *lladdr, void *saddr, 1499 struct net_device *dev) 1500 { 1501 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1502 lladdr || !dev->addr_len); 1503 if (neigh) 1504 neigh_update(neigh, lladdr, NUD_STALE, 1505 NEIGH_UPDATE_F_OVERRIDE, 0); 1506 return neigh; 1507 } 1508 EXPORT_SYMBOL(neigh_event_ns); 1509 1510 /* called with read_lock_bh(&n->lock); */ 1511 static void neigh_hh_init(struct neighbour *n) 1512 { 1513 struct net_device *dev = n->dev; 1514 __be16 prot = n->tbl->protocol; 1515 struct hh_cache *hh = &n->hh; 1516 1517 write_lock_bh(&n->lock); 1518 1519 /* Only one thread can come in here and initialize the 1520 * hh_cache entry. 1521 */ 1522 if (!hh->hh_len) 1523 dev->header_ops->cache(n, hh, prot); 1524 1525 write_unlock_bh(&n->lock); 1526 } 1527 1528 /* Slow and careful. */ 1529 1530 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1531 { 1532 int rc = 0; 1533 1534 if (!neigh_event_send(neigh, skb)) { 1535 int err; 1536 struct net_device *dev = neigh->dev; 1537 unsigned int seq; 1538 1539 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1540 neigh_hh_init(neigh); 1541 1542 do { 1543 __skb_pull(skb, skb_network_offset(skb)); 1544 seq = read_seqbegin(&neigh->ha_lock); 1545 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1546 neigh->ha, NULL, skb->len); 1547 } while (read_seqretry(&neigh->ha_lock, seq)); 1548 1549 if (err >= 0) 1550 rc = dev_queue_xmit(skb); 1551 else 1552 goto out_kfree_skb; 1553 } 1554 out: 1555 return rc; 1556 out_kfree_skb: 1557 rc = -EINVAL; 1558 kfree_skb(skb); 1559 goto out; 1560 } 1561 EXPORT_SYMBOL(neigh_resolve_output); 1562 1563 /* As fast as possible without hh cache */ 1564 1565 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1566 { 1567 struct net_device *dev = neigh->dev; 1568 unsigned int seq; 1569 int err; 1570 1571 do { 1572 __skb_pull(skb, skb_network_offset(skb)); 1573 seq = read_seqbegin(&neigh->ha_lock); 1574 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1575 neigh->ha, NULL, skb->len); 1576 } while (read_seqretry(&neigh->ha_lock, seq)); 1577 1578 if (err >= 0) 1579 err = dev_queue_xmit(skb); 1580 else { 1581 err = -EINVAL; 1582 kfree_skb(skb); 1583 } 1584 return err; 1585 } 1586 EXPORT_SYMBOL(neigh_connected_output); 1587 1588 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1589 { 1590 return dev_queue_xmit(skb); 1591 } 1592 EXPORT_SYMBOL(neigh_direct_output); 1593 1594 static void neigh_managed_work(struct work_struct *work) 1595 { 1596 struct neigh_table *tbl = container_of(work, struct neigh_table, 1597 managed_work.work); 1598 struct neighbour *neigh; 1599 1600 write_lock_bh(&tbl->lock); 1601 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1602 neigh_event_send_probe(neigh, NULL, false); 1603 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1604 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1605 write_unlock_bh(&tbl->lock); 1606 } 1607 1608 static void neigh_proxy_process(struct timer_list *t) 1609 { 1610 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1611 long sched_next = 0; 1612 unsigned long now = jiffies; 1613 struct sk_buff *skb, *n; 1614 1615 spin_lock(&tbl->proxy_queue.lock); 1616 1617 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1618 long tdif = NEIGH_CB(skb)->sched_next - now; 1619 1620 if (tdif <= 0) { 1621 struct net_device *dev = skb->dev; 1622 1623 neigh_parms_qlen_dec(dev, tbl->family); 1624 __skb_unlink(skb, &tbl->proxy_queue); 1625 1626 if (tbl->proxy_redo && netif_running(dev)) { 1627 rcu_read_lock(); 1628 tbl->proxy_redo(skb); 1629 rcu_read_unlock(); 1630 } else { 1631 kfree_skb(skb); 1632 } 1633 1634 dev_put(dev); 1635 } else if (!sched_next || tdif < sched_next) 1636 sched_next = tdif; 1637 } 1638 del_timer(&tbl->proxy_timer); 1639 if (sched_next) 1640 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1641 spin_unlock(&tbl->proxy_queue.lock); 1642 } 1643 1644 static unsigned long neigh_proxy_delay(struct neigh_parms *p) 1645 { 1646 /* If proxy_delay is zero, do not call get_random_u32_below() 1647 * as it is undefined behavior. 1648 */ 1649 unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY); 1650 1651 return proxy_delay ? 1652 jiffies + get_random_u32_below(proxy_delay) : jiffies; 1653 } 1654 1655 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1656 struct sk_buff *skb) 1657 { 1658 unsigned long sched_next = neigh_proxy_delay(p); 1659 1660 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1661 kfree_skb(skb); 1662 return; 1663 } 1664 1665 NEIGH_CB(skb)->sched_next = sched_next; 1666 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1667 1668 spin_lock(&tbl->proxy_queue.lock); 1669 if (del_timer(&tbl->proxy_timer)) { 1670 if (time_before(tbl->proxy_timer.expires, sched_next)) 1671 sched_next = tbl->proxy_timer.expires; 1672 } 1673 skb_dst_drop(skb); 1674 dev_hold(skb->dev); 1675 __skb_queue_tail(&tbl->proxy_queue, skb); 1676 p->qlen++; 1677 mod_timer(&tbl->proxy_timer, sched_next); 1678 spin_unlock(&tbl->proxy_queue.lock); 1679 } 1680 EXPORT_SYMBOL(pneigh_enqueue); 1681 1682 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1683 struct net *net, int ifindex) 1684 { 1685 struct neigh_parms *p; 1686 1687 list_for_each_entry(p, &tbl->parms_list, list) { 1688 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1689 (!p->dev && !ifindex && net_eq(net, &init_net))) 1690 return p; 1691 } 1692 1693 return NULL; 1694 } 1695 1696 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1697 struct neigh_table *tbl) 1698 { 1699 struct neigh_parms *p; 1700 struct net *net = dev_net(dev); 1701 const struct net_device_ops *ops = dev->netdev_ops; 1702 1703 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1704 if (p) { 1705 p->tbl = tbl; 1706 refcount_set(&p->refcnt, 1); 1707 p->reachable_time = 1708 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1709 p->qlen = 0; 1710 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1711 p->dev = dev; 1712 write_pnet(&p->net, net); 1713 p->sysctl_table = NULL; 1714 1715 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1716 netdev_put(dev, &p->dev_tracker); 1717 kfree(p); 1718 return NULL; 1719 } 1720 1721 write_lock_bh(&tbl->lock); 1722 list_add(&p->list, &tbl->parms.list); 1723 write_unlock_bh(&tbl->lock); 1724 1725 neigh_parms_data_state_cleanall(p); 1726 } 1727 return p; 1728 } 1729 EXPORT_SYMBOL(neigh_parms_alloc); 1730 1731 static void neigh_rcu_free_parms(struct rcu_head *head) 1732 { 1733 struct neigh_parms *parms = 1734 container_of(head, struct neigh_parms, rcu_head); 1735 1736 neigh_parms_put(parms); 1737 } 1738 1739 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1740 { 1741 if (!parms || parms == &tbl->parms) 1742 return; 1743 write_lock_bh(&tbl->lock); 1744 list_del(&parms->list); 1745 parms->dead = 1; 1746 write_unlock_bh(&tbl->lock); 1747 netdev_put(parms->dev, &parms->dev_tracker); 1748 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1749 } 1750 EXPORT_SYMBOL(neigh_parms_release); 1751 1752 static void neigh_parms_destroy(struct neigh_parms *parms) 1753 { 1754 kfree(parms); 1755 } 1756 1757 static struct lock_class_key neigh_table_proxy_queue_class; 1758 1759 static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1760 1761 void neigh_table_init(int index, struct neigh_table *tbl) 1762 { 1763 unsigned long now = jiffies; 1764 unsigned long phsize; 1765 1766 INIT_LIST_HEAD(&tbl->parms_list); 1767 INIT_LIST_HEAD(&tbl->gc_list); 1768 INIT_LIST_HEAD(&tbl->managed_list); 1769 1770 list_add(&tbl->parms.list, &tbl->parms_list); 1771 write_pnet(&tbl->parms.net, &init_net); 1772 refcount_set(&tbl->parms.refcnt, 1); 1773 tbl->parms.reachable_time = 1774 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1775 tbl->parms.qlen = 0; 1776 1777 tbl->stats = alloc_percpu(struct neigh_statistics); 1778 if (!tbl->stats) 1779 panic("cannot create neighbour cache statistics"); 1780 1781 #ifdef CONFIG_PROC_FS 1782 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1783 &neigh_stat_seq_ops, tbl)) 1784 panic("cannot create neighbour proc dir entry"); 1785 #endif 1786 1787 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1788 1789 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1790 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1791 1792 if (!tbl->nht || !tbl->phash_buckets) 1793 panic("cannot allocate neighbour cache hashes"); 1794 1795 if (!tbl->entry_size) 1796 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1797 tbl->key_len, NEIGH_PRIV_ALIGN); 1798 else 1799 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1800 1801 rwlock_init(&tbl->lock); 1802 1803 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1804 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1805 tbl->parms.reachable_time); 1806 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1807 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1808 1809 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1810 skb_queue_head_init_class(&tbl->proxy_queue, 1811 &neigh_table_proxy_queue_class); 1812 1813 tbl->last_flush = now; 1814 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1815 1816 rcu_assign_pointer(neigh_tables[index], tbl); 1817 } 1818 EXPORT_SYMBOL(neigh_table_init); 1819 1820 /* 1821 * Only called from ndisc_cleanup(), which means this is dead code 1822 * because we no longer can unload IPv6 module. 1823 */ 1824 int neigh_table_clear(int index, struct neigh_table *tbl) 1825 { 1826 RCU_INIT_POINTER(neigh_tables[index], NULL); 1827 synchronize_rcu(); 1828 1829 /* It is not clean... Fix it to unload IPv6 module safely */ 1830 cancel_delayed_work_sync(&tbl->managed_work); 1831 cancel_delayed_work_sync(&tbl->gc_work); 1832 del_timer_sync(&tbl->proxy_timer); 1833 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1834 neigh_ifdown(tbl, NULL); 1835 if (atomic_read(&tbl->entries)) 1836 pr_crit("neighbour leakage\n"); 1837 1838 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1839 neigh_hash_free_rcu); 1840 tbl->nht = NULL; 1841 1842 kfree(tbl->phash_buckets); 1843 tbl->phash_buckets = NULL; 1844 1845 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1846 1847 free_percpu(tbl->stats); 1848 tbl->stats = NULL; 1849 1850 return 0; 1851 } 1852 EXPORT_SYMBOL(neigh_table_clear); 1853 1854 static struct neigh_table *neigh_find_table(int family) 1855 { 1856 struct neigh_table *tbl = NULL; 1857 1858 switch (family) { 1859 case AF_INET: 1860 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]); 1861 break; 1862 case AF_INET6: 1863 tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]); 1864 break; 1865 } 1866 1867 return tbl; 1868 } 1869 1870 const struct nla_policy nda_policy[NDA_MAX+1] = { 1871 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1872 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1873 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1874 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1875 [NDA_PROBES] = { .type = NLA_U32 }, 1876 [NDA_VLAN] = { .type = NLA_U16 }, 1877 [NDA_PORT] = { .type = NLA_U16 }, 1878 [NDA_VNI] = { .type = NLA_U32 }, 1879 [NDA_IFINDEX] = { .type = NLA_U32 }, 1880 [NDA_MASTER] = { .type = NLA_U32 }, 1881 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1882 [NDA_NH_ID] = { .type = NLA_U32 }, 1883 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1884 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1885 }; 1886 1887 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1888 struct netlink_ext_ack *extack) 1889 { 1890 struct net *net = sock_net(skb->sk); 1891 struct ndmsg *ndm; 1892 struct nlattr *dst_attr; 1893 struct neigh_table *tbl; 1894 struct neighbour *neigh; 1895 struct net_device *dev = NULL; 1896 int err = -EINVAL; 1897 1898 ASSERT_RTNL(); 1899 if (nlmsg_len(nlh) < sizeof(*ndm)) 1900 goto out; 1901 1902 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1903 if (!dst_attr) { 1904 NL_SET_ERR_MSG(extack, "Network address not specified"); 1905 goto out; 1906 } 1907 1908 ndm = nlmsg_data(nlh); 1909 if (ndm->ndm_ifindex) { 1910 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1911 if (dev == NULL) { 1912 err = -ENODEV; 1913 goto out; 1914 } 1915 } 1916 1917 tbl = neigh_find_table(ndm->ndm_family); 1918 if (tbl == NULL) 1919 return -EAFNOSUPPORT; 1920 1921 if (nla_len(dst_attr) < (int)tbl->key_len) { 1922 NL_SET_ERR_MSG(extack, "Invalid network address"); 1923 goto out; 1924 } 1925 1926 if (ndm->ndm_flags & NTF_PROXY) { 1927 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1928 goto out; 1929 } 1930 1931 if (dev == NULL) 1932 goto out; 1933 1934 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1935 if (neigh == NULL) { 1936 err = -ENOENT; 1937 goto out; 1938 } 1939 1940 err = __neigh_update(neigh, NULL, NUD_FAILED, 1941 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1942 NETLINK_CB(skb).portid, extack); 1943 write_lock_bh(&tbl->lock); 1944 neigh_release(neigh); 1945 neigh_remove_one(neigh, tbl); 1946 write_unlock_bh(&tbl->lock); 1947 1948 out: 1949 return err; 1950 } 1951 1952 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1953 struct netlink_ext_ack *extack) 1954 { 1955 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1956 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1957 struct net *net = sock_net(skb->sk); 1958 struct ndmsg *ndm; 1959 struct nlattr *tb[NDA_MAX+1]; 1960 struct neigh_table *tbl; 1961 struct net_device *dev = NULL; 1962 struct neighbour *neigh; 1963 void *dst, *lladdr; 1964 u8 protocol = 0; 1965 u32 ndm_flags; 1966 int err; 1967 1968 ASSERT_RTNL(); 1969 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1970 nda_policy, extack); 1971 if (err < 0) 1972 goto out; 1973 1974 err = -EINVAL; 1975 if (!tb[NDA_DST]) { 1976 NL_SET_ERR_MSG(extack, "Network address not specified"); 1977 goto out; 1978 } 1979 1980 ndm = nlmsg_data(nlh); 1981 ndm_flags = ndm->ndm_flags; 1982 if (tb[NDA_FLAGS_EXT]) { 1983 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1984 1985 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1986 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1987 hweight32(NTF_EXT_MASK))); 1988 ndm_flags |= (ext << NTF_EXT_SHIFT); 1989 } 1990 if (ndm->ndm_ifindex) { 1991 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1992 if (dev == NULL) { 1993 err = -ENODEV; 1994 goto out; 1995 } 1996 1997 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 1998 NL_SET_ERR_MSG(extack, "Invalid link address"); 1999 goto out; 2000 } 2001 } 2002 2003 tbl = neigh_find_table(ndm->ndm_family); 2004 if (tbl == NULL) 2005 return -EAFNOSUPPORT; 2006 2007 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 2008 NL_SET_ERR_MSG(extack, "Invalid network address"); 2009 goto out; 2010 } 2011 2012 dst = nla_data(tb[NDA_DST]); 2013 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2014 2015 if (tb[NDA_PROTOCOL]) 2016 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2017 if (ndm_flags & NTF_PROXY) { 2018 struct pneigh_entry *pn; 2019 2020 if (ndm_flags & NTF_MANAGED) { 2021 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2022 goto out; 2023 } 2024 2025 err = -ENOBUFS; 2026 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2027 if (pn) { 2028 pn->flags = ndm_flags; 2029 if (protocol) 2030 pn->protocol = protocol; 2031 err = 0; 2032 } 2033 goto out; 2034 } 2035 2036 if (!dev) { 2037 NL_SET_ERR_MSG(extack, "Device not specified"); 2038 goto out; 2039 } 2040 2041 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2042 err = -EINVAL; 2043 goto out; 2044 } 2045 2046 neigh = neigh_lookup(tbl, dst, dev); 2047 if (neigh == NULL) { 2048 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2049 bool exempt_from_gc = ndm_permanent || 2050 ndm_flags & NTF_EXT_LEARNED; 2051 2052 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2053 err = -ENOENT; 2054 goto out; 2055 } 2056 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2057 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2058 err = -EINVAL; 2059 goto out; 2060 } 2061 2062 neigh = ___neigh_create(tbl, dst, dev, 2063 ndm_flags & 2064 (NTF_EXT_LEARNED | NTF_MANAGED), 2065 exempt_from_gc, true); 2066 if (IS_ERR(neigh)) { 2067 err = PTR_ERR(neigh); 2068 goto out; 2069 } 2070 } else { 2071 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2072 err = -EEXIST; 2073 neigh_release(neigh); 2074 goto out; 2075 } 2076 2077 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2078 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2080 } 2081 2082 if (protocol) 2083 neigh->protocol = protocol; 2084 if (ndm_flags & NTF_EXT_LEARNED) 2085 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2086 if (ndm_flags & NTF_ROUTER) 2087 flags |= NEIGH_UPDATE_F_ISROUTER; 2088 if (ndm_flags & NTF_MANAGED) 2089 flags |= NEIGH_UPDATE_F_MANAGED; 2090 if (ndm_flags & NTF_USE) 2091 flags |= NEIGH_UPDATE_F_USE; 2092 2093 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2094 NETLINK_CB(skb).portid, extack); 2095 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2096 neigh_event_send(neigh, NULL); 2097 err = 0; 2098 } 2099 neigh_release(neigh); 2100 out: 2101 return err; 2102 } 2103 2104 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2105 { 2106 struct nlattr *nest; 2107 2108 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2109 if (nest == NULL) 2110 return -ENOBUFS; 2111 2112 if ((parms->dev && 2113 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2114 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2115 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2116 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2117 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2118 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2119 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2120 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2121 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2122 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2123 NEIGH_VAR(parms, UCAST_PROBES)) || 2124 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2125 NEIGH_VAR(parms, MCAST_PROBES)) || 2126 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2127 NEIGH_VAR(parms, MCAST_REPROBES)) || 2128 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2129 NDTPA_PAD) || 2130 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2131 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2132 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2133 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2134 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2135 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2136 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2137 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2138 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2139 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2140 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2141 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2142 nla_put_msecs(skb, NDTPA_LOCKTIME, 2143 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2144 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2145 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2146 goto nla_put_failure; 2147 return nla_nest_end(skb, nest); 2148 2149 nla_put_failure: 2150 nla_nest_cancel(skb, nest); 2151 return -EMSGSIZE; 2152 } 2153 2154 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2155 u32 pid, u32 seq, int type, int flags) 2156 { 2157 struct nlmsghdr *nlh; 2158 struct ndtmsg *ndtmsg; 2159 2160 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2161 if (nlh == NULL) 2162 return -EMSGSIZE; 2163 2164 ndtmsg = nlmsg_data(nlh); 2165 2166 read_lock_bh(&tbl->lock); 2167 ndtmsg->ndtm_family = tbl->family; 2168 ndtmsg->ndtm_pad1 = 0; 2169 ndtmsg->ndtm_pad2 = 0; 2170 2171 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2172 nla_put_msecs(skb, NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval), 2173 NDTA_PAD) || 2174 nla_put_u32(skb, NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) || 2175 nla_put_u32(skb, NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) || 2176 nla_put_u32(skb, NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3))) 2177 goto nla_put_failure; 2178 { 2179 unsigned long now = jiffies; 2180 long flush_delta = now - READ_ONCE(tbl->last_flush); 2181 long rand_delta = now - READ_ONCE(tbl->last_rand); 2182 struct neigh_hash_table *nht; 2183 struct ndt_config ndc = { 2184 .ndtc_key_len = tbl->key_len, 2185 .ndtc_entry_size = tbl->entry_size, 2186 .ndtc_entries = atomic_read(&tbl->entries), 2187 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2188 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2189 .ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen), 2190 }; 2191 2192 rcu_read_lock(); 2193 nht = rcu_dereference(tbl->nht); 2194 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2195 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2196 rcu_read_unlock(); 2197 2198 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2199 goto nla_put_failure; 2200 } 2201 2202 { 2203 int cpu; 2204 struct ndt_stats ndst; 2205 2206 memset(&ndst, 0, sizeof(ndst)); 2207 2208 for_each_possible_cpu(cpu) { 2209 struct neigh_statistics *st; 2210 2211 st = per_cpu_ptr(tbl->stats, cpu); 2212 ndst.ndts_allocs += READ_ONCE(st->allocs); 2213 ndst.ndts_destroys += READ_ONCE(st->destroys); 2214 ndst.ndts_hash_grows += READ_ONCE(st->hash_grows); 2215 ndst.ndts_res_failed += READ_ONCE(st->res_failed); 2216 ndst.ndts_lookups += READ_ONCE(st->lookups); 2217 ndst.ndts_hits += READ_ONCE(st->hits); 2218 ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast); 2219 ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast); 2220 ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs); 2221 ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs); 2222 ndst.ndts_table_fulls += READ_ONCE(st->table_fulls); 2223 } 2224 2225 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2226 NDTA_PAD)) 2227 goto nla_put_failure; 2228 } 2229 2230 BUG_ON(tbl->parms.dev); 2231 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2232 goto nla_put_failure; 2233 2234 read_unlock_bh(&tbl->lock); 2235 nlmsg_end(skb, nlh); 2236 return 0; 2237 2238 nla_put_failure: 2239 read_unlock_bh(&tbl->lock); 2240 nlmsg_cancel(skb, nlh); 2241 return -EMSGSIZE; 2242 } 2243 2244 static int neightbl_fill_param_info(struct sk_buff *skb, 2245 struct neigh_table *tbl, 2246 struct neigh_parms *parms, 2247 u32 pid, u32 seq, int type, 2248 unsigned int flags) 2249 { 2250 struct ndtmsg *ndtmsg; 2251 struct nlmsghdr *nlh; 2252 2253 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2254 if (nlh == NULL) 2255 return -EMSGSIZE; 2256 2257 ndtmsg = nlmsg_data(nlh); 2258 2259 read_lock_bh(&tbl->lock); 2260 ndtmsg->ndtm_family = tbl->family; 2261 ndtmsg->ndtm_pad1 = 0; 2262 ndtmsg->ndtm_pad2 = 0; 2263 2264 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2265 neightbl_fill_parms(skb, parms) < 0) 2266 goto errout; 2267 2268 read_unlock_bh(&tbl->lock); 2269 nlmsg_end(skb, nlh); 2270 return 0; 2271 errout: 2272 read_unlock_bh(&tbl->lock); 2273 nlmsg_cancel(skb, nlh); 2274 return -EMSGSIZE; 2275 } 2276 2277 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2278 [NDTA_NAME] = { .type = NLA_STRING }, 2279 [NDTA_THRESH1] = { .type = NLA_U32 }, 2280 [NDTA_THRESH2] = { .type = NLA_U32 }, 2281 [NDTA_THRESH3] = { .type = NLA_U32 }, 2282 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2283 [NDTA_PARMS] = { .type = NLA_NESTED }, 2284 }; 2285 2286 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2287 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2288 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2289 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2290 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2291 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2292 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2293 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2294 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2295 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2296 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2297 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2298 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2299 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2300 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2301 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2302 }; 2303 2304 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2305 struct netlink_ext_ack *extack) 2306 { 2307 struct net *net = sock_net(skb->sk); 2308 struct neigh_table *tbl; 2309 struct ndtmsg *ndtmsg; 2310 struct nlattr *tb[NDTA_MAX+1]; 2311 bool found = false; 2312 int err, tidx; 2313 2314 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2315 nl_neightbl_policy, extack); 2316 if (err < 0) 2317 goto errout; 2318 2319 if (tb[NDTA_NAME] == NULL) { 2320 err = -EINVAL; 2321 goto errout; 2322 } 2323 2324 ndtmsg = nlmsg_data(nlh); 2325 2326 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2327 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2328 if (!tbl) 2329 continue; 2330 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2331 continue; 2332 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2333 found = true; 2334 break; 2335 } 2336 } 2337 2338 if (!found) 2339 return -ENOENT; 2340 2341 /* 2342 * We acquire tbl->lock to be nice to the periodic timers and 2343 * make sure they always see a consistent set of values. 2344 */ 2345 write_lock_bh(&tbl->lock); 2346 2347 if (tb[NDTA_PARMS]) { 2348 struct nlattr *tbp[NDTPA_MAX+1]; 2349 struct neigh_parms *p; 2350 int i, ifindex = 0; 2351 2352 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2353 tb[NDTA_PARMS], 2354 nl_ntbl_parm_policy, extack); 2355 if (err < 0) 2356 goto errout_tbl_lock; 2357 2358 if (tbp[NDTPA_IFINDEX]) 2359 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2360 2361 p = lookup_neigh_parms(tbl, net, ifindex); 2362 if (p == NULL) { 2363 err = -ENOENT; 2364 goto errout_tbl_lock; 2365 } 2366 2367 for (i = 1; i <= NDTPA_MAX; i++) { 2368 if (tbp[i] == NULL) 2369 continue; 2370 2371 switch (i) { 2372 case NDTPA_QUEUE_LEN: 2373 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2374 nla_get_u32(tbp[i]) * 2375 SKB_TRUESIZE(ETH_FRAME_LEN)); 2376 break; 2377 case NDTPA_QUEUE_LENBYTES: 2378 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2379 nla_get_u32(tbp[i])); 2380 break; 2381 case NDTPA_PROXY_QLEN: 2382 NEIGH_VAR_SET(p, PROXY_QLEN, 2383 nla_get_u32(tbp[i])); 2384 break; 2385 case NDTPA_APP_PROBES: 2386 NEIGH_VAR_SET(p, APP_PROBES, 2387 nla_get_u32(tbp[i])); 2388 break; 2389 case NDTPA_UCAST_PROBES: 2390 NEIGH_VAR_SET(p, UCAST_PROBES, 2391 nla_get_u32(tbp[i])); 2392 break; 2393 case NDTPA_MCAST_PROBES: 2394 NEIGH_VAR_SET(p, MCAST_PROBES, 2395 nla_get_u32(tbp[i])); 2396 break; 2397 case NDTPA_MCAST_REPROBES: 2398 NEIGH_VAR_SET(p, MCAST_REPROBES, 2399 nla_get_u32(tbp[i])); 2400 break; 2401 case NDTPA_BASE_REACHABLE_TIME: 2402 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2403 nla_get_msecs(tbp[i])); 2404 /* update reachable_time as well, otherwise, the change will 2405 * only be effective after the next time neigh_periodic_work 2406 * decides to recompute it (can be multiple minutes) 2407 */ 2408 p->reachable_time = 2409 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2410 break; 2411 case NDTPA_GC_STALETIME: 2412 NEIGH_VAR_SET(p, GC_STALETIME, 2413 nla_get_msecs(tbp[i])); 2414 break; 2415 case NDTPA_DELAY_PROBE_TIME: 2416 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2417 nla_get_msecs(tbp[i])); 2418 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2419 break; 2420 case NDTPA_INTERVAL_PROBE_TIME_MS: 2421 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2422 nla_get_msecs(tbp[i])); 2423 break; 2424 case NDTPA_RETRANS_TIME: 2425 NEIGH_VAR_SET(p, RETRANS_TIME, 2426 nla_get_msecs(tbp[i])); 2427 break; 2428 case NDTPA_ANYCAST_DELAY: 2429 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2430 nla_get_msecs(tbp[i])); 2431 break; 2432 case NDTPA_PROXY_DELAY: 2433 NEIGH_VAR_SET(p, PROXY_DELAY, 2434 nla_get_msecs(tbp[i])); 2435 break; 2436 case NDTPA_LOCKTIME: 2437 NEIGH_VAR_SET(p, LOCKTIME, 2438 nla_get_msecs(tbp[i])); 2439 break; 2440 } 2441 } 2442 } 2443 2444 err = -ENOENT; 2445 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2446 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2447 !net_eq(net, &init_net)) 2448 goto errout_tbl_lock; 2449 2450 if (tb[NDTA_THRESH1]) 2451 WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1])); 2452 2453 if (tb[NDTA_THRESH2]) 2454 WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2])); 2455 2456 if (tb[NDTA_THRESH3]) 2457 WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3])); 2458 2459 if (tb[NDTA_GC_INTERVAL]) 2460 WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL])); 2461 2462 err = 0; 2463 2464 errout_tbl_lock: 2465 write_unlock_bh(&tbl->lock); 2466 errout: 2467 return err; 2468 } 2469 2470 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2471 struct netlink_ext_ack *extack) 2472 { 2473 struct ndtmsg *ndtm; 2474 2475 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2476 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2477 return -EINVAL; 2478 } 2479 2480 ndtm = nlmsg_data(nlh); 2481 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2482 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2483 return -EINVAL; 2484 } 2485 2486 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2487 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2488 return -EINVAL; 2489 } 2490 2491 return 0; 2492 } 2493 2494 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2495 { 2496 const struct nlmsghdr *nlh = cb->nlh; 2497 struct net *net = sock_net(skb->sk); 2498 int family, tidx, nidx = 0; 2499 int tbl_skip = cb->args[0]; 2500 int neigh_skip = cb->args[1]; 2501 struct neigh_table *tbl; 2502 2503 if (cb->strict_check) { 2504 int err = neightbl_valid_dump_info(nlh, cb->extack); 2505 2506 if (err < 0) 2507 return err; 2508 } 2509 2510 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2511 2512 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2513 struct neigh_parms *p; 2514 2515 tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2516 if (!tbl) 2517 continue; 2518 2519 if (tidx < tbl_skip || (family && tbl->family != family)) 2520 continue; 2521 2522 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2523 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2524 NLM_F_MULTI) < 0) 2525 break; 2526 2527 nidx = 0; 2528 p = list_next_entry(&tbl->parms, list); 2529 list_for_each_entry_from(p, &tbl->parms_list, list) { 2530 if (!net_eq(neigh_parms_net(p), net)) 2531 continue; 2532 2533 if (nidx < neigh_skip) 2534 goto next; 2535 2536 if (neightbl_fill_param_info(skb, tbl, p, 2537 NETLINK_CB(cb->skb).portid, 2538 nlh->nlmsg_seq, 2539 RTM_NEWNEIGHTBL, 2540 NLM_F_MULTI) < 0) 2541 goto out; 2542 next: 2543 nidx++; 2544 } 2545 2546 neigh_skip = 0; 2547 } 2548 out: 2549 cb->args[0] = tidx; 2550 cb->args[1] = nidx; 2551 2552 return skb->len; 2553 } 2554 2555 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2556 u32 pid, u32 seq, int type, unsigned int flags) 2557 { 2558 u32 neigh_flags, neigh_flags_ext; 2559 unsigned long now = jiffies; 2560 struct nda_cacheinfo ci; 2561 struct nlmsghdr *nlh; 2562 struct ndmsg *ndm; 2563 2564 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2565 if (nlh == NULL) 2566 return -EMSGSIZE; 2567 2568 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2569 neigh_flags = neigh->flags & NTF_OLD_MASK; 2570 2571 ndm = nlmsg_data(nlh); 2572 ndm->ndm_family = neigh->ops->family; 2573 ndm->ndm_pad1 = 0; 2574 ndm->ndm_pad2 = 0; 2575 ndm->ndm_flags = neigh_flags; 2576 ndm->ndm_type = neigh->type; 2577 ndm->ndm_ifindex = neigh->dev->ifindex; 2578 2579 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2580 goto nla_put_failure; 2581 2582 read_lock_bh(&neigh->lock); 2583 ndm->ndm_state = neigh->nud_state; 2584 if (neigh->nud_state & NUD_VALID) { 2585 char haddr[MAX_ADDR_LEN]; 2586 2587 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2588 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2589 read_unlock_bh(&neigh->lock); 2590 goto nla_put_failure; 2591 } 2592 } 2593 2594 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2595 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2596 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2597 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2598 read_unlock_bh(&neigh->lock); 2599 2600 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2601 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2602 goto nla_put_failure; 2603 2604 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2605 goto nla_put_failure; 2606 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2607 goto nla_put_failure; 2608 2609 nlmsg_end(skb, nlh); 2610 return 0; 2611 2612 nla_put_failure: 2613 nlmsg_cancel(skb, nlh); 2614 return -EMSGSIZE; 2615 } 2616 2617 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2618 u32 pid, u32 seq, int type, unsigned int flags, 2619 struct neigh_table *tbl) 2620 { 2621 u32 neigh_flags, neigh_flags_ext; 2622 struct nlmsghdr *nlh; 2623 struct ndmsg *ndm; 2624 2625 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2626 if (nlh == NULL) 2627 return -EMSGSIZE; 2628 2629 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2630 neigh_flags = pn->flags & NTF_OLD_MASK; 2631 2632 ndm = nlmsg_data(nlh); 2633 ndm->ndm_family = tbl->family; 2634 ndm->ndm_pad1 = 0; 2635 ndm->ndm_pad2 = 0; 2636 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2637 ndm->ndm_type = RTN_UNICAST; 2638 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2639 ndm->ndm_state = NUD_NONE; 2640 2641 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2642 goto nla_put_failure; 2643 2644 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2645 goto nla_put_failure; 2646 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2647 goto nla_put_failure; 2648 2649 nlmsg_end(skb, nlh); 2650 return 0; 2651 2652 nla_put_failure: 2653 nlmsg_cancel(skb, nlh); 2654 return -EMSGSIZE; 2655 } 2656 2657 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2658 { 2659 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2660 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2661 } 2662 2663 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2664 { 2665 struct net_device *master; 2666 2667 if (!master_idx) 2668 return false; 2669 2670 master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL; 2671 2672 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2673 * invalid value for ifindex to denote "no master". 2674 */ 2675 if (master_idx == -1) 2676 return !!master; 2677 2678 if (!master || master->ifindex != master_idx) 2679 return true; 2680 2681 return false; 2682 } 2683 2684 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2685 { 2686 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2687 return true; 2688 2689 return false; 2690 } 2691 2692 struct neigh_dump_filter { 2693 int master_idx; 2694 int dev_idx; 2695 }; 2696 2697 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2698 struct netlink_callback *cb, 2699 struct neigh_dump_filter *filter) 2700 { 2701 struct net *net = sock_net(skb->sk); 2702 struct neighbour *n; 2703 int err = 0, h, s_h = cb->args[1]; 2704 int idx, s_idx = idx = cb->args[2]; 2705 struct neigh_hash_table *nht; 2706 unsigned int flags = NLM_F_MULTI; 2707 2708 if (filter->dev_idx || filter->master_idx) 2709 flags |= NLM_F_DUMP_FILTERED; 2710 2711 nht = rcu_dereference(tbl->nht); 2712 2713 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2714 if (h > s_h) 2715 s_idx = 0; 2716 for (n = rcu_dereference(nht->hash_buckets[h]), idx = 0; 2717 n != NULL; 2718 n = rcu_dereference(n->next)) { 2719 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2720 goto next; 2721 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2722 neigh_master_filtered(n->dev, filter->master_idx)) 2723 goto next; 2724 err = neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2725 cb->nlh->nlmsg_seq, 2726 RTM_NEWNEIGH, flags); 2727 if (err < 0) 2728 goto out; 2729 next: 2730 idx++; 2731 } 2732 } 2733 out: 2734 cb->args[1] = h; 2735 cb->args[2] = idx; 2736 return err; 2737 } 2738 2739 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2740 struct netlink_callback *cb, 2741 struct neigh_dump_filter *filter) 2742 { 2743 struct pneigh_entry *n; 2744 struct net *net = sock_net(skb->sk); 2745 int err = 0, h, s_h = cb->args[3]; 2746 int idx, s_idx = idx = cb->args[4]; 2747 unsigned int flags = NLM_F_MULTI; 2748 2749 if (filter->dev_idx || filter->master_idx) 2750 flags |= NLM_F_DUMP_FILTERED; 2751 2752 read_lock_bh(&tbl->lock); 2753 2754 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2755 if (h > s_h) 2756 s_idx = 0; 2757 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2758 if (idx < s_idx || pneigh_net(n) != net) 2759 goto next; 2760 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2761 neigh_master_filtered(n->dev, filter->master_idx)) 2762 goto next; 2763 err = pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2764 cb->nlh->nlmsg_seq, 2765 RTM_NEWNEIGH, flags, tbl); 2766 if (err < 0) { 2767 read_unlock_bh(&tbl->lock); 2768 goto out; 2769 } 2770 next: 2771 idx++; 2772 } 2773 } 2774 2775 read_unlock_bh(&tbl->lock); 2776 out: 2777 cb->args[3] = h; 2778 cb->args[4] = idx; 2779 return err; 2780 } 2781 2782 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2783 bool strict_check, 2784 struct neigh_dump_filter *filter, 2785 struct netlink_ext_ack *extack) 2786 { 2787 struct nlattr *tb[NDA_MAX + 1]; 2788 int err, i; 2789 2790 if (strict_check) { 2791 struct ndmsg *ndm; 2792 2793 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2794 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2795 return -EINVAL; 2796 } 2797 2798 ndm = nlmsg_data(nlh); 2799 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2800 ndm->ndm_state || ndm->ndm_type) { 2801 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2802 return -EINVAL; 2803 } 2804 2805 if (ndm->ndm_flags & ~NTF_PROXY) { 2806 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2807 return -EINVAL; 2808 } 2809 2810 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2811 tb, NDA_MAX, nda_policy, 2812 extack); 2813 } else { 2814 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2815 NDA_MAX, nda_policy, extack); 2816 } 2817 if (err < 0) 2818 return err; 2819 2820 for (i = 0; i <= NDA_MAX; ++i) { 2821 if (!tb[i]) 2822 continue; 2823 2824 /* all new attributes should require strict_check */ 2825 switch (i) { 2826 case NDA_IFINDEX: 2827 filter->dev_idx = nla_get_u32(tb[i]); 2828 break; 2829 case NDA_MASTER: 2830 filter->master_idx = nla_get_u32(tb[i]); 2831 break; 2832 default: 2833 if (strict_check) { 2834 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2835 return -EINVAL; 2836 } 2837 } 2838 } 2839 2840 return 0; 2841 } 2842 2843 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2844 { 2845 const struct nlmsghdr *nlh = cb->nlh; 2846 struct neigh_dump_filter filter = {}; 2847 struct neigh_table *tbl; 2848 int t, family, s_t; 2849 int proxy = 0; 2850 int err; 2851 2852 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2853 2854 /* check for full ndmsg structure presence, family member is 2855 * the same for both structures 2856 */ 2857 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2858 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2859 proxy = 1; 2860 2861 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2862 if (err < 0 && cb->strict_check) 2863 return err; 2864 2865 s_t = cb->args[0]; 2866 2867 rcu_read_lock(); 2868 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2869 tbl = rcu_dereference(neigh_tables[t]); 2870 2871 if (!tbl) 2872 continue; 2873 if (t < s_t || (family && tbl->family != family)) 2874 continue; 2875 if (t > s_t) 2876 memset(&cb->args[1], 0, sizeof(cb->args) - 2877 sizeof(cb->args[0])); 2878 if (proxy) 2879 err = pneigh_dump_table(tbl, skb, cb, &filter); 2880 else 2881 err = neigh_dump_table(tbl, skb, cb, &filter); 2882 if (err < 0) 2883 break; 2884 } 2885 rcu_read_unlock(); 2886 2887 cb->args[0] = t; 2888 return err; 2889 } 2890 2891 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2892 struct neigh_table **tbl, 2893 void **dst, int *dev_idx, u8 *ndm_flags, 2894 struct netlink_ext_ack *extack) 2895 { 2896 struct nlattr *tb[NDA_MAX + 1]; 2897 struct ndmsg *ndm; 2898 int err, i; 2899 2900 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2901 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2902 return -EINVAL; 2903 } 2904 2905 ndm = nlmsg_data(nlh); 2906 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2907 ndm->ndm_type) { 2908 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2909 return -EINVAL; 2910 } 2911 2912 if (ndm->ndm_flags & ~NTF_PROXY) { 2913 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2914 return -EINVAL; 2915 } 2916 2917 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2918 NDA_MAX, nda_policy, extack); 2919 if (err < 0) 2920 return err; 2921 2922 *ndm_flags = ndm->ndm_flags; 2923 *dev_idx = ndm->ndm_ifindex; 2924 *tbl = neigh_find_table(ndm->ndm_family); 2925 if (*tbl == NULL) { 2926 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2927 return -EAFNOSUPPORT; 2928 } 2929 2930 for (i = 0; i <= NDA_MAX; ++i) { 2931 if (!tb[i]) 2932 continue; 2933 2934 switch (i) { 2935 case NDA_DST: 2936 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2937 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2938 return -EINVAL; 2939 } 2940 *dst = nla_data(tb[i]); 2941 break; 2942 default: 2943 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2944 return -EINVAL; 2945 } 2946 } 2947 2948 return 0; 2949 } 2950 2951 static inline size_t neigh_nlmsg_size(void) 2952 { 2953 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2954 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2955 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2956 + nla_total_size(sizeof(struct nda_cacheinfo)) 2957 + nla_total_size(4) /* NDA_PROBES */ 2958 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2959 + nla_total_size(1); /* NDA_PROTOCOL */ 2960 } 2961 2962 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2963 u32 pid, u32 seq) 2964 { 2965 struct sk_buff *skb; 2966 int err = 0; 2967 2968 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2969 if (!skb) 2970 return -ENOBUFS; 2971 2972 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2973 if (err) { 2974 kfree_skb(skb); 2975 goto errout; 2976 } 2977 2978 err = rtnl_unicast(skb, net, pid); 2979 errout: 2980 return err; 2981 } 2982 2983 static inline size_t pneigh_nlmsg_size(void) 2984 { 2985 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2986 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2987 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2988 + nla_total_size(1); /* NDA_PROTOCOL */ 2989 } 2990 2991 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 2992 u32 pid, u32 seq, struct neigh_table *tbl) 2993 { 2994 struct sk_buff *skb; 2995 int err = 0; 2996 2997 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 2998 if (!skb) 2999 return -ENOBUFS; 3000 3001 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3002 if (err) { 3003 kfree_skb(skb); 3004 goto errout; 3005 } 3006 3007 err = rtnl_unicast(skb, net, pid); 3008 errout: 3009 return err; 3010 } 3011 3012 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3013 struct netlink_ext_ack *extack) 3014 { 3015 struct net *net = sock_net(in_skb->sk); 3016 struct net_device *dev = NULL; 3017 struct neigh_table *tbl = NULL; 3018 struct neighbour *neigh; 3019 void *dst = NULL; 3020 u8 ndm_flags = 0; 3021 int dev_idx = 0; 3022 int err; 3023 3024 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3025 extack); 3026 if (err < 0) 3027 return err; 3028 3029 if (dev_idx) { 3030 dev = __dev_get_by_index(net, dev_idx); 3031 if (!dev) { 3032 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3033 return -ENODEV; 3034 } 3035 } 3036 3037 if (!dst) { 3038 NL_SET_ERR_MSG(extack, "Network address not specified"); 3039 return -EINVAL; 3040 } 3041 3042 if (ndm_flags & NTF_PROXY) { 3043 struct pneigh_entry *pn; 3044 3045 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3046 if (!pn) { 3047 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3048 return -ENOENT; 3049 } 3050 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3051 nlh->nlmsg_seq, tbl); 3052 } 3053 3054 if (!dev) { 3055 NL_SET_ERR_MSG(extack, "No device specified"); 3056 return -EINVAL; 3057 } 3058 3059 neigh = neigh_lookup(tbl, dst, dev); 3060 if (!neigh) { 3061 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3062 return -ENOENT; 3063 } 3064 3065 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3066 nlh->nlmsg_seq); 3067 3068 neigh_release(neigh); 3069 3070 return err; 3071 } 3072 3073 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3074 { 3075 int chain; 3076 struct neigh_hash_table *nht; 3077 3078 rcu_read_lock(); 3079 nht = rcu_dereference(tbl->nht); 3080 3081 read_lock_bh(&tbl->lock); /* avoid resizes */ 3082 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3083 struct neighbour *n; 3084 3085 for (n = rcu_dereference(nht->hash_buckets[chain]); 3086 n != NULL; 3087 n = rcu_dereference(n->next)) 3088 cb(n, cookie); 3089 } 3090 read_unlock_bh(&tbl->lock); 3091 rcu_read_unlock(); 3092 } 3093 EXPORT_SYMBOL(neigh_for_each); 3094 3095 /* The tbl->lock must be held as a writer and BH disabled. */ 3096 void __neigh_for_each_release(struct neigh_table *tbl, 3097 int (*cb)(struct neighbour *)) 3098 { 3099 int chain; 3100 struct neigh_hash_table *nht; 3101 3102 nht = rcu_dereference_protected(tbl->nht, 3103 lockdep_is_held(&tbl->lock)); 3104 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3105 struct neighbour *n; 3106 struct neighbour __rcu **np; 3107 3108 np = &nht->hash_buckets[chain]; 3109 while ((n = rcu_dereference_protected(*np, 3110 lockdep_is_held(&tbl->lock))) != NULL) { 3111 int release; 3112 3113 write_lock(&n->lock); 3114 release = cb(n); 3115 if (release) { 3116 rcu_assign_pointer(*np, 3117 rcu_dereference_protected(n->next, 3118 lockdep_is_held(&tbl->lock))); 3119 neigh_mark_dead(n); 3120 } else 3121 np = &n->next; 3122 write_unlock(&n->lock); 3123 if (release) 3124 neigh_cleanup_and_release(n); 3125 } 3126 } 3127 } 3128 EXPORT_SYMBOL(__neigh_for_each_release); 3129 3130 int neigh_xmit(int index, struct net_device *dev, 3131 const void *addr, struct sk_buff *skb) 3132 { 3133 int err = -EAFNOSUPPORT; 3134 3135 if (likely(index < NEIGH_NR_TABLES)) { 3136 struct neigh_table *tbl; 3137 struct neighbour *neigh; 3138 3139 rcu_read_lock(); 3140 tbl = rcu_dereference(neigh_tables[index]); 3141 if (!tbl) 3142 goto out_unlock; 3143 if (index == NEIGH_ARP_TABLE) { 3144 u32 key = *((u32 *)addr); 3145 3146 neigh = __ipv4_neigh_lookup_noref(dev, key); 3147 } else { 3148 neigh = __neigh_lookup_noref(tbl, addr, dev); 3149 } 3150 if (!neigh) 3151 neigh = __neigh_create(tbl, addr, dev, false); 3152 err = PTR_ERR(neigh); 3153 if (IS_ERR(neigh)) { 3154 rcu_read_unlock(); 3155 goto out_kfree_skb; 3156 } 3157 err = READ_ONCE(neigh->output)(neigh, skb); 3158 out_unlock: 3159 rcu_read_unlock(); 3160 } 3161 else if (index == NEIGH_LINK_TABLE) { 3162 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3163 addr, NULL, skb->len); 3164 if (err < 0) 3165 goto out_kfree_skb; 3166 err = dev_queue_xmit(skb); 3167 } 3168 out: 3169 return err; 3170 out_kfree_skb: 3171 kfree_skb(skb); 3172 goto out; 3173 } 3174 EXPORT_SYMBOL(neigh_xmit); 3175 3176 #ifdef CONFIG_PROC_FS 3177 3178 static struct neighbour *neigh_get_first(struct seq_file *seq) 3179 { 3180 struct neigh_seq_state *state = seq->private; 3181 struct net *net = seq_file_net(seq); 3182 struct neigh_hash_table *nht = state->nht; 3183 struct neighbour *n = NULL; 3184 int bucket; 3185 3186 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3187 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 3188 n = rcu_dereference(nht->hash_buckets[bucket]); 3189 3190 while (n) { 3191 if (!net_eq(dev_net(n->dev), net)) 3192 goto next; 3193 if (state->neigh_sub_iter) { 3194 loff_t fakep = 0; 3195 void *v; 3196 3197 v = state->neigh_sub_iter(state, n, &fakep); 3198 if (!v) 3199 goto next; 3200 } 3201 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3202 break; 3203 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3204 break; 3205 next: 3206 n = rcu_dereference(n->next); 3207 } 3208 3209 if (n) 3210 break; 3211 } 3212 state->bucket = bucket; 3213 3214 return n; 3215 } 3216 3217 static struct neighbour *neigh_get_next(struct seq_file *seq, 3218 struct neighbour *n, 3219 loff_t *pos) 3220 { 3221 struct neigh_seq_state *state = seq->private; 3222 struct net *net = seq_file_net(seq); 3223 struct neigh_hash_table *nht = state->nht; 3224 3225 if (state->neigh_sub_iter) { 3226 void *v = state->neigh_sub_iter(state, n, pos); 3227 if (v) 3228 return n; 3229 } 3230 n = rcu_dereference(n->next); 3231 3232 while (1) { 3233 while (n) { 3234 if (!net_eq(dev_net(n->dev), net)) 3235 goto next; 3236 if (state->neigh_sub_iter) { 3237 void *v = state->neigh_sub_iter(state, n, pos); 3238 if (v) 3239 return n; 3240 goto next; 3241 } 3242 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3243 break; 3244 3245 if (READ_ONCE(n->nud_state) & ~NUD_NOARP) 3246 break; 3247 next: 3248 n = rcu_dereference(n->next); 3249 } 3250 3251 if (n) 3252 break; 3253 3254 if (++state->bucket >= (1 << nht->hash_shift)) 3255 break; 3256 3257 n = rcu_dereference(nht->hash_buckets[state->bucket]); 3258 } 3259 3260 if (n && pos) 3261 --(*pos); 3262 return n; 3263 } 3264 3265 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3266 { 3267 struct neighbour *n = neigh_get_first(seq); 3268 3269 if (n) { 3270 --(*pos); 3271 while (*pos) { 3272 n = neigh_get_next(seq, n, pos); 3273 if (!n) 3274 break; 3275 } 3276 } 3277 return *pos ? NULL : n; 3278 } 3279 3280 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3281 { 3282 struct neigh_seq_state *state = seq->private; 3283 struct net *net = seq_file_net(seq); 3284 struct neigh_table *tbl = state->tbl; 3285 struct pneigh_entry *pn = NULL; 3286 int bucket; 3287 3288 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3289 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3290 pn = tbl->phash_buckets[bucket]; 3291 while (pn && !net_eq(pneigh_net(pn), net)) 3292 pn = pn->next; 3293 if (pn) 3294 break; 3295 } 3296 state->bucket = bucket; 3297 3298 return pn; 3299 } 3300 3301 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3302 struct pneigh_entry *pn, 3303 loff_t *pos) 3304 { 3305 struct neigh_seq_state *state = seq->private; 3306 struct net *net = seq_file_net(seq); 3307 struct neigh_table *tbl = state->tbl; 3308 3309 do { 3310 pn = pn->next; 3311 } while (pn && !net_eq(pneigh_net(pn), net)); 3312 3313 while (!pn) { 3314 if (++state->bucket > PNEIGH_HASHMASK) 3315 break; 3316 pn = tbl->phash_buckets[state->bucket]; 3317 while (pn && !net_eq(pneigh_net(pn), net)) 3318 pn = pn->next; 3319 if (pn) 3320 break; 3321 } 3322 3323 if (pn && pos) 3324 --(*pos); 3325 3326 return pn; 3327 } 3328 3329 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3330 { 3331 struct pneigh_entry *pn = pneigh_get_first(seq); 3332 3333 if (pn) { 3334 --(*pos); 3335 while (*pos) { 3336 pn = pneigh_get_next(seq, pn, pos); 3337 if (!pn) 3338 break; 3339 } 3340 } 3341 return *pos ? NULL : pn; 3342 } 3343 3344 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3345 { 3346 struct neigh_seq_state *state = seq->private; 3347 void *rc; 3348 loff_t idxpos = *pos; 3349 3350 rc = neigh_get_idx(seq, &idxpos); 3351 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3352 rc = pneigh_get_idx(seq, &idxpos); 3353 3354 return rc; 3355 } 3356 3357 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3358 __acquires(tbl->lock) 3359 __acquires(rcu) 3360 { 3361 struct neigh_seq_state *state = seq->private; 3362 3363 state->tbl = tbl; 3364 state->bucket = 0; 3365 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3366 3367 rcu_read_lock(); 3368 state->nht = rcu_dereference(tbl->nht); 3369 read_lock_bh(&tbl->lock); 3370 3371 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3372 } 3373 EXPORT_SYMBOL(neigh_seq_start); 3374 3375 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3376 { 3377 struct neigh_seq_state *state; 3378 void *rc; 3379 3380 if (v == SEQ_START_TOKEN) { 3381 rc = neigh_get_first(seq); 3382 goto out; 3383 } 3384 3385 state = seq->private; 3386 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3387 rc = neigh_get_next(seq, v, NULL); 3388 if (rc) 3389 goto out; 3390 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3391 rc = pneigh_get_first(seq); 3392 } else { 3393 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3394 rc = pneigh_get_next(seq, v, NULL); 3395 } 3396 out: 3397 ++(*pos); 3398 return rc; 3399 } 3400 EXPORT_SYMBOL(neigh_seq_next); 3401 3402 void neigh_seq_stop(struct seq_file *seq, void *v) 3403 __releases(tbl->lock) 3404 __releases(rcu) 3405 { 3406 struct neigh_seq_state *state = seq->private; 3407 struct neigh_table *tbl = state->tbl; 3408 3409 read_unlock_bh(&tbl->lock); 3410 rcu_read_unlock(); 3411 } 3412 EXPORT_SYMBOL(neigh_seq_stop); 3413 3414 /* statistics via seq_file */ 3415 3416 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3417 { 3418 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3419 int cpu; 3420 3421 if (*pos == 0) 3422 return SEQ_START_TOKEN; 3423 3424 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3425 if (!cpu_possible(cpu)) 3426 continue; 3427 *pos = cpu+1; 3428 return per_cpu_ptr(tbl->stats, cpu); 3429 } 3430 return NULL; 3431 } 3432 3433 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3434 { 3435 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3436 int cpu; 3437 3438 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3439 if (!cpu_possible(cpu)) 3440 continue; 3441 *pos = cpu+1; 3442 return per_cpu_ptr(tbl->stats, cpu); 3443 } 3444 (*pos)++; 3445 return NULL; 3446 } 3447 3448 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3449 { 3450 3451 } 3452 3453 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3454 { 3455 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3456 struct neigh_statistics *st = v; 3457 3458 if (v == SEQ_START_TOKEN) { 3459 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3460 return 0; 3461 } 3462 3463 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3464 "%08lx %08lx %08lx " 3465 "%08lx %08lx %08lx\n", 3466 atomic_read(&tbl->entries), 3467 3468 st->allocs, 3469 st->destroys, 3470 st->hash_grows, 3471 3472 st->lookups, 3473 st->hits, 3474 3475 st->res_failed, 3476 3477 st->rcv_probes_mcast, 3478 st->rcv_probes_ucast, 3479 3480 st->periodic_gc_runs, 3481 st->forced_gc_runs, 3482 st->unres_discards, 3483 st->table_fulls 3484 ); 3485 3486 return 0; 3487 } 3488 3489 static const struct seq_operations neigh_stat_seq_ops = { 3490 .start = neigh_stat_seq_start, 3491 .next = neigh_stat_seq_next, 3492 .stop = neigh_stat_seq_stop, 3493 .show = neigh_stat_seq_show, 3494 }; 3495 #endif /* CONFIG_PROC_FS */ 3496 3497 static void __neigh_notify(struct neighbour *n, int type, int flags, 3498 u32 pid) 3499 { 3500 struct net *net = dev_net(n->dev); 3501 struct sk_buff *skb; 3502 int err = -ENOBUFS; 3503 3504 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3505 if (skb == NULL) 3506 goto errout; 3507 3508 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3509 if (err < 0) { 3510 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3511 WARN_ON(err == -EMSGSIZE); 3512 kfree_skb(skb); 3513 goto errout; 3514 } 3515 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3516 return; 3517 errout: 3518 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3519 } 3520 3521 void neigh_app_ns(struct neighbour *n) 3522 { 3523 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3524 } 3525 EXPORT_SYMBOL(neigh_app_ns); 3526 3527 #ifdef CONFIG_SYSCTL 3528 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3529 3530 static int proc_unres_qlen(const struct ctl_table *ctl, int write, 3531 void *buffer, size_t *lenp, loff_t *ppos) 3532 { 3533 int size, ret; 3534 struct ctl_table tmp = *ctl; 3535 3536 tmp.extra1 = SYSCTL_ZERO; 3537 tmp.extra2 = &unres_qlen_max; 3538 tmp.data = &size; 3539 3540 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3541 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3542 3543 if (write && !ret) 3544 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3545 return ret; 3546 } 3547 3548 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3549 int index) 3550 { 3551 struct net_device *dev; 3552 int family = neigh_parms_family(p); 3553 3554 rcu_read_lock(); 3555 for_each_netdev_rcu(net, dev) { 3556 struct neigh_parms *dst_p = 3557 neigh_get_dev_parms_rcu(dev, family); 3558 3559 if (dst_p && !test_bit(index, dst_p->data_state)) 3560 dst_p->data[index] = p->data[index]; 3561 } 3562 rcu_read_unlock(); 3563 } 3564 3565 static void neigh_proc_update(const struct ctl_table *ctl, int write) 3566 { 3567 struct net_device *dev = ctl->extra1; 3568 struct neigh_parms *p = ctl->extra2; 3569 struct net *net = neigh_parms_net(p); 3570 int index = (int *) ctl->data - p->data; 3571 3572 if (!write) 3573 return; 3574 3575 set_bit(index, p->data_state); 3576 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3577 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3578 if (!dev) /* NULL dev means this is default value */ 3579 neigh_copy_dflt_parms(net, p, index); 3580 } 3581 3582 static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write, 3583 void *buffer, size_t *lenp, 3584 loff_t *ppos) 3585 { 3586 struct ctl_table tmp = *ctl; 3587 int ret; 3588 3589 tmp.extra1 = SYSCTL_ZERO; 3590 tmp.extra2 = SYSCTL_INT_MAX; 3591 3592 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3593 neigh_proc_update(ctl, write); 3594 return ret; 3595 } 3596 3597 static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write, 3598 void *buffer, size_t *lenp, loff_t *ppos) 3599 { 3600 struct ctl_table tmp = *ctl; 3601 int ret; 3602 3603 int min = msecs_to_jiffies(1); 3604 3605 tmp.extra1 = &min; 3606 tmp.extra2 = NULL; 3607 3608 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3609 neigh_proc_update(ctl, write); 3610 return ret; 3611 } 3612 3613 int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer, 3614 size_t *lenp, loff_t *ppos) 3615 { 3616 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3617 3618 neigh_proc_update(ctl, write); 3619 return ret; 3620 } 3621 EXPORT_SYMBOL(neigh_proc_dointvec); 3622 3623 int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer, 3624 size_t *lenp, loff_t *ppos) 3625 { 3626 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3627 3628 neigh_proc_update(ctl, write); 3629 return ret; 3630 } 3631 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3632 3633 static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write, 3634 void *buffer, size_t *lenp, 3635 loff_t *ppos) 3636 { 3637 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3638 3639 neigh_proc_update(ctl, write); 3640 return ret; 3641 } 3642 3643 int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write, 3644 void *buffer, size_t *lenp, loff_t *ppos) 3645 { 3646 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3647 3648 neigh_proc_update(ctl, write); 3649 return ret; 3650 } 3651 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3652 3653 static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write, 3654 void *buffer, size_t *lenp, 3655 loff_t *ppos) 3656 { 3657 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3658 3659 neigh_proc_update(ctl, write); 3660 return ret; 3661 } 3662 3663 static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write, 3664 void *buffer, size_t *lenp, 3665 loff_t *ppos) 3666 { 3667 struct neigh_parms *p = ctl->extra2; 3668 int ret; 3669 3670 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3671 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3672 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3673 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3674 else 3675 ret = -1; 3676 3677 if (write && ret == 0) { 3678 /* update reachable_time as well, otherwise, the change will 3679 * only be effective after the next time neigh_periodic_work 3680 * decides to recompute it 3681 */ 3682 p->reachable_time = 3683 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3684 } 3685 return ret; 3686 } 3687 3688 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3689 (&((struct neigh_parms *) 0)->data[index]) 3690 3691 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3692 [NEIGH_VAR_ ## attr] = { \ 3693 .procname = name, \ 3694 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3695 .maxlen = sizeof(int), \ 3696 .mode = mval, \ 3697 .proc_handler = proc, \ 3698 } 3699 3700 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3701 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3702 3703 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3704 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3705 3706 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3707 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3708 3709 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3710 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3711 3712 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3713 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3714 3715 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3716 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3717 3718 static struct neigh_sysctl_table { 3719 struct ctl_table_header *sysctl_header; 3720 struct ctl_table neigh_vars[NEIGH_VAR_MAX]; 3721 } neigh_sysctl_template __read_mostly = { 3722 .neigh_vars = { 3723 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3724 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3725 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3726 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3727 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3728 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3729 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3730 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3731 "interval_probe_time_ms"), 3732 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3733 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3734 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3735 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3736 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3737 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3738 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3739 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3740 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3741 [NEIGH_VAR_GC_INTERVAL] = { 3742 .procname = "gc_interval", 3743 .maxlen = sizeof(int), 3744 .mode = 0644, 3745 .proc_handler = proc_dointvec_jiffies, 3746 }, 3747 [NEIGH_VAR_GC_THRESH1] = { 3748 .procname = "gc_thresh1", 3749 .maxlen = sizeof(int), 3750 .mode = 0644, 3751 .extra1 = SYSCTL_ZERO, 3752 .extra2 = SYSCTL_INT_MAX, 3753 .proc_handler = proc_dointvec_minmax, 3754 }, 3755 [NEIGH_VAR_GC_THRESH2] = { 3756 .procname = "gc_thresh2", 3757 .maxlen = sizeof(int), 3758 .mode = 0644, 3759 .extra1 = SYSCTL_ZERO, 3760 .extra2 = SYSCTL_INT_MAX, 3761 .proc_handler = proc_dointvec_minmax, 3762 }, 3763 [NEIGH_VAR_GC_THRESH3] = { 3764 .procname = "gc_thresh3", 3765 .maxlen = sizeof(int), 3766 .mode = 0644, 3767 .extra1 = SYSCTL_ZERO, 3768 .extra2 = SYSCTL_INT_MAX, 3769 .proc_handler = proc_dointvec_minmax, 3770 }, 3771 }, 3772 }; 3773 3774 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3775 proc_handler *handler) 3776 { 3777 int i; 3778 struct neigh_sysctl_table *t; 3779 const char *dev_name_source; 3780 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3781 char *p_name; 3782 size_t neigh_vars_size; 3783 3784 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3785 if (!t) 3786 goto err; 3787 3788 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3789 t->neigh_vars[i].data += (long) p; 3790 t->neigh_vars[i].extra1 = dev; 3791 t->neigh_vars[i].extra2 = p; 3792 } 3793 3794 neigh_vars_size = ARRAY_SIZE(t->neigh_vars); 3795 if (dev) { 3796 dev_name_source = dev->name; 3797 /* Terminate the table early */ 3798 neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1; 3799 } else { 3800 struct neigh_table *tbl = p->tbl; 3801 dev_name_source = "default"; 3802 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3803 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3804 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3805 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3806 } 3807 3808 if (handler) { 3809 /* RetransTime */ 3810 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3811 /* ReachableTime */ 3812 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3813 /* RetransTime (in milliseconds)*/ 3814 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3815 /* ReachableTime (in milliseconds) */ 3816 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3817 } else { 3818 /* Those handlers will update p->reachable_time after 3819 * base_reachable_time(_ms) is set to ensure the new timer starts being 3820 * applied after the next neighbour update instead of waiting for 3821 * neigh_periodic_work to update its value (can be multiple minutes) 3822 * So any handler that replaces them should do this as well 3823 */ 3824 /* ReachableTime */ 3825 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3826 neigh_proc_base_reachable_time; 3827 /* ReachableTime (in milliseconds) */ 3828 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3829 neigh_proc_base_reachable_time; 3830 } 3831 3832 switch (neigh_parms_family(p)) { 3833 case AF_INET: 3834 p_name = "ipv4"; 3835 break; 3836 case AF_INET6: 3837 p_name = "ipv6"; 3838 break; 3839 default: 3840 BUG(); 3841 } 3842 3843 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3844 p_name, dev_name_source); 3845 t->sysctl_header = register_net_sysctl_sz(neigh_parms_net(p), 3846 neigh_path, t->neigh_vars, 3847 neigh_vars_size); 3848 if (!t->sysctl_header) 3849 goto free; 3850 3851 p->sysctl_table = t; 3852 return 0; 3853 3854 free: 3855 kfree(t); 3856 err: 3857 return -ENOBUFS; 3858 } 3859 EXPORT_SYMBOL(neigh_sysctl_register); 3860 3861 void neigh_sysctl_unregister(struct neigh_parms *p) 3862 { 3863 if (p->sysctl_table) { 3864 struct neigh_sysctl_table *t = p->sysctl_table; 3865 p->sysctl_table = NULL; 3866 unregister_net_sysctl_table(t->sysctl_header); 3867 kfree(t); 3868 } 3869 } 3870 EXPORT_SYMBOL(neigh_sysctl_unregister); 3871 3872 #endif /* CONFIG_SYSCTL */ 3873 3874 static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = { 3875 {.msgtype = RTM_NEWNEIGH, .doit = neigh_add}, 3876 {.msgtype = RTM_DELNEIGH, .doit = neigh_delete}, 3877 {.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info, 3878 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3879 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info}, 3880 {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3881 }; 3882 3883 static int __init neigh_init(void) 3884 { 3885 rtnl_register_many(neigh_rtnl_msg_handlers); 3886 return 0; 3887 } 3888 3889 subsys_initcall(neigh_init); 3890