1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Generic address resolution entity 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * 9 * Fixes: 10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add. 11 * Harald Welte Add neighbour cache statistics like rtstat 12 */ 13 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 15 16 #include <linux/slab.h> 17 #include <linux/kmemleak.h> 18 #include <linux/types.h> 19 #include <linux/kernel.h> 20 #include <linux/module.h> 21 #include <linux/socket.h> 22 #include <linux/netdevice.h> 23 #include <linux/proc_fs.h> 24 #ifdef CONFIG_SYSCTL 25 #include <linux/sysctl.h> 26 #endif 27 #include <linux/times.h> 28 #include <net/net_namespace.h> 29 #include <net/neighbour.h> 30 #include <net/arp.h> 31 #include <net/dst.h> 32 #include <net/sock.h> 33 #include <net/netevent.h> 34 #include <net/netlink.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/random.h> 37 #include <linux/string.h> 38 #include <linux/log2.h> 39 #include <linux/inetdevice.h> 40 #include <net/addrconf.h> 41 42 #include <trace/events/neigh.h> 43 44 #define NEIGH_DEBUG 1 45 #define neigh_dbg(level, fmt, ...) \ 46 do { \ 47 if (level <= NEIGH_DEBUG) \ 48 pr_debug(fmt, ##__VA_ARGS__); \ 49 } while (0) 50 51 #define PNEIGH_HASHMASK 0xF 52 53 static void neigh_timer_handler(struct timer_list *t); 54 static void __neigh_notify(struct neighbour *n, int type, int flags, 55 u32 pid); 56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid); 57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 58 struct net_device *dev); 59 60 #ifdef CONFIG_PROC_FS 61 static const struct seq_operations neigh_stat_seq_ops; 62 #endif 63 64 /* 65 Neighbour hash table buckets are protected with rwlock tbl->lock. 66 67 - All the scans/updates to hash buckets MUST be made under this lock. 68 - NOTHING clever should be made under this lock: no callbacks 69 to protocol backends, no attempts to send something to network. 70 It will result in deadlocks, if backend/driver wants to use neighbour 71 cache. 72 - If the entry requires some non-trivial actions, increase 73 its reference count and release table lock. 74 75 Neighbour entries are protected: 76 - with reference count. 77 - with rwlock neigh->lock 78 79 Reference count prevents destruction. 80 81 neigh->lock mainly serializes ll address data and its validity state. 82 However, the same lock is used to protect another entry fields: 83 - timer 84 - resolution queue 85 86 Again, nothing clever shall be made under neigh->lock, 87 the most complicated procedure, which we allow is dev->hard_header. 88 It is supposed, that dev->hard_header is simplistic and does 89 not make callbacks to neighbour tables. 90 */ 91 92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb) 93 { 94 kfree_skb(skb); 95 return -ENETDOWN; 96 } 97 98 static void neigh_cleanup_and_release(struct neighbour *neigh) 99 { 100 trace_neigh_cleanup_and_release(neigh, 0); 101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0); 102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 103 neigh_release(neigh); 104 } 105 106 /* 107 * It is random distribution in the interval (1/2)*base...(3/2)*base. 108 * It corresponds to default IPv6 settings and is not overridable, 109 * because it is really reasonable choice. 110 */ 111 112 unsigned long neigh_rand_reach_time(unsigned long base) 113 { 114 return base ? get_random_u32_below(base) + (base >> 1) : 0; 115 } 116 EXPORT_SYMBOL(neigh_rand_reach_time); 117 118 static void neigh_mark_dead(struct neighbour *n) 119 { 120 n->dead = 1; 121 if (!list_empty(&n->gc_list)) { 122 list_del_init(&n->gc_list); 123 atomic_dec(&n->tbl->gc_entries); 124 } 125 if (!list_empty(&n->managed_list)) 126 list_del_init(&n->managed_list); 127 } 128 129 static void neigh_update_gc_list(struct neighbour *n) 130 { 131 bool on_gc_list, exempt_from_gc; 132 133 write_lock_bh(&n->tbl->lock); 134 write_lock(&n->lock); 135 if (n->dead) 136 goto out; 137 138 /* remove from the gc list if new state is permanent or if neighbor 139 * is externally learned; otherwise entry should be on the gc list 140 */ 141 exempt_from_gc = n->nud_state & NUD_PERMANENT || 142 n->flags & NTF_EXT_LEARNED; 143 on_gc_list = !list_empty(&n->gc_list); 144 145 if (exempt_from_gc && on_gc_list) { 146 list_del_init(&n->gc_list); 147 atomic_dec(&n->tbl->gc_entries); 148 } else if (!exempt_from_gc && !on_gc_list) { 149 /* add entries to the tail; cleaning removes from the front */ 150 list_add_tail(&n->gc_list, &n->tbl->gc_list); 151 atomic_inc(&n->tbl->gc_entries); 152 } 153 out: 154 write_unlock(&n->lock); 155 write_unlock_bh(&n->tbl->lock); 156 } 157 158 static void neigh_update_managed_list(struct neighbour *n) 159 { 160 bool on_managed_list, add_to_managed; 161 162 write_lock_bh(&n->tbl->lock); 163 write_lock(&n->lock); 164 if (n->dead) 165 goto out; 166 167 add_to_managed = n->flags & NTF_MANAGED; 168 on_managed_list = !list_empty(&n->managed_list); 169 170 if (!add_to_managed && on_managed_list) 171 list_del_init(&n->managed_list); 172 else if (add_to_managed && !on_managed_list) 173 list_add_tail(&n->managed_list, &n->tbl->managed_list); 174 out: 175 write_unlock(&n->lock); 176 write_unlock_bh(&n->tbl->lock); 177 } 178 179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify, 180 bool *gc_update, bool *managed_update) 181 { 182 u32 ndm_flags, old_flags = neigh->flags; 183 184 if (!(flags & NEIGH_UPDATE_F_ADMIN)) 185 return; 186 187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0; 188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0; 189 190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) { 191 if (ndm_flags & NTF_EXT_LEARNED) 192 neigh->flags |= NTF_EXT_LEARNED; 193 else 194 neigh->flags &= ~NTF_EXT_LEARNED; 195 *notify = 1; 196 *gc_update = true; 197 } 198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) { 199 if (ndm_flags & NTF_MANAGED) 200 neigh->flags |= NTF_MANAGED; 201 else 202 neigh->flags &= ~NTF_MANAGED; 203 *notify = 1; 204 *managed_update = true; 205 } 206 } 207 208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np, 209 struct neigh_table *tbl) 210 { 211 bool retval = false; 212 213 write_lock(&n->lock); 214 if (refcount_read(&n->refcnt) == 1) { 215 struct neighbour *neigh; 216 217 neigh = rcu_dereference_protected(n->next, 218 lockdep_is_held(&tbl->lock)); 219 rcu_assign_pointer(*np, neigh); 220 neigh_mark_dead(n); 221 retval = true; 222 } 223 write_unlock(&n->lock); 224 if (retval) 225 neigh_cleanup_and_release(n); 226 return retval; 227 } 228 229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl) 230 { 231 struct neigh_hash_table *nht; 232 void *pkey = ndel->primary_key; 233 u32 hash_val; 234 struct neighbour *n; 235 struct neighbour __rcu **np; 236 237 nht = rcu_dereference_protected(tbl->nht, 238 lockdep_is_held(&tbl->lock)); 239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd); 240 hash_val = hash_val >> (32 - nht->hash_shift); 241 242 np = &nht->hash_buckets[hash_val]; 243 while ((n = rcu_dereference_protected(*np, 244 lockdep_is_held(&tbl->lock)))) { 245 if (n == ndel) 246 return neigh_del(n, np, tbl); 247 np = &n->next; 248 } 249 return false; 250 } 251 252 static int neigh_forced_gc(struct neigh_table *tbl) 253 { 254 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2; 255 unsigned long tref = jiffies - 5 * HZ; 256 struct neighbour *n, *tmp; 257 int shrunk = 0; 258 259 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); 260 261 write_lock_bh(&tbl->lock); 262 263 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) { 264 if (refcount_read(&n->refcnt) == 1) { 265 bool remove = false; 266 267 write_lock(&n->lock); 268 if ((n->nud_state == NUD_FAILED) || 269 (n->nud_state == NUD_NOARP) || 270 (tbl->is_multicast && 271 tbl->is_multicast(n->primary_key)) || 272 time_after(tref, n->updated)) 273 remove = true; 274 write_unlock(&n->lock); 275 276 if (remove && neigh_remove_one(n, tbl)) 277 shrunk++; 278 if (shrunk >= max_clean) 279 break; 280 } 281 } 282 283 tbl->last_flush = jiffies; 284 285 write_unlock_bh(&tbl->lock); 286 287 return shrunk; 288 } 289 290 static void neigh_add_timer(struct neighbour *n, unsigned long when) 291 { 292 neigh_hold(n); 293 if (unlikely(mod_timer(&n->timer, when))) { 294 printk("NEIGH: BUG, double timer add, state is %x\n", 295 n->nud_state); 296 dump_stack(); 297 } 298 } 299 300 static int neigh_del_timer(struct neighbour *n) 301 { 302 if ((n->nud_state & NUD_IN_TIMER) && 303 del_timer(&n->timer)) { 304 neigh_release(n); 305 return 1; 306 } 307 return 0; 308 } 309 310 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev, 311 int family) 312 { 313 switch (family) { 314 case AF_INET: 315 return __in_dev_arp_parms_get_rcu(dev); 316 case AF_INET6: 317 return __in6_dev_nd_parms_get_rcu(dev); 318 } 319 return NULL; 320 } 321 322 static void neigh_parms_qlen_dec(struct net_device *dev, int family) 323 { 324 struct neigh_parms *p; 325 326 rcu_read_lock(); 327 p = neigh_get_dev_parms_rcu(dev, family); 328 if (p) 329 p->qlen--; 330 rcu_read_unlock(); 331 } 332 333 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net, 334 int family) 335 { 336 struct sk_buff_head tmp; 337 unsigned long flags; 338 struct sk_buff *skb; 339 340 skb_queue_head_init(&tmp); 341 spin_lock_irqsave(&list->lock, flags); 342 skb = skb_peek(list); 343 while (skb != NULL) { 344 struct sk_buff *skb_next = skb_peek_next(skb, list); 345 struct net_device *dev = skb->dev; 346 347 if (net == NULL || net_eq(dev_net(dev), net)) { 348 neigh_parms_qlen_dec(dev, family); 349 __skb_unlink(skb, list); 350 __skb_queue_tail(&tmp, skb); 351 } 352 skb = skb_next; 353 } 354 spin_unlock_irqrestore(&list->lock, flags); 355 356 while ((skb = __skb_dequeue(&tmp))) { 357 dev_put(skb->dev); 358 kfree_skb(skb); 359 } 360 } 361 362 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev, 363 bool skip_perm) 364 { 365 int i; 366 struct neigh_hash_table *nht; 367 368 nht = rcu_dereference_protected(tbl->nht, 369 lockdep_is_held(&tbl->lock)); 370 371 for (i = 0; i < (1 << nht->hash_shift); i++) { 372 struct neighbour *n; 373 struct neighbour __rcu **np = &nht->hash_buckets[i]; 374 375 while ((n = rcu_dereference_protected(*np, 376 lockdep_is_held(&tbl->lock))) != NULL) { 377 if (dev && n->dev != dev) { 378 np = &n->next; 379 continue; 380 } 381 if (skip_perm && n->nud_state & NUD_PERMANENT) { 382 np = &n->next; 383 continue; 384 } 385 rcu_assign_pointer(*np, 386 rcu_dereference_protected(n->next, 387 lockdep_is_held(&tbl->lock))); 388 write_lock(&n->lock); 389 neigh_del_timer(n); 390 neigh_mark_dead(n); 391 if (refcount_read(&n->refcnt) != 1) { 392 /* The most unpleasant situation. 393 We must destroy neighbour entry, 394 but someone still uses it. 395 396 The destroy will be delayed until 397 the last user releases us, but 398 we must kill timers etc. and move 399 it to safe state. 400 */ 401 __skb_queue_purge(&n->arp_queue); 402 n->arp_queue_len_bytes = 0; 403 n->output = neigh_blackhole; 404 if (n->nud_state & NUD_VALID) 405 n->nud_state = NUD_NOARP; 406 else 407 n->nud_state = NUD_NONE; 408 neigh_dbg(2, "neigh %p is stray\n", n); 409 } 410 write_unlock(&n->lock); 411 neigh_cleanup_and_release(n); 412 } 413 } 414 } 415 416 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) 417 { 418 write_lock_bh(&tbl->lock); 419 neigh_flush_dev(tbl, dev, false); 420 write_unlock_bh(&tbl->lock); 421 } 422 EXPORT_SYMBOL(neigh_changeaddr); 423 424 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, 425 bool skip_perm) 426 { 427 write_lock_bh(&tbl->lock); 428 neigh_flush_dev(tbl, dev, skip_perm); 429 pneigh_ifdown_and_unlock(tbl, dev); 430 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL, 431 tbl->family); 432 if (skb_queue_empty_lockless(&tbl->proxy_queue)) 433 del_timer_sync(&tbl->proxy_timer); 434 return 0; 435 } 436 437 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev) 438 { 439 __neigh_ifdown(tbl, dev, true); 440 return 0; 441 } 442 EXPORT_SYMBOL(neigh_carrier_down); 443 444 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) 445 { 446 __neigh_ifdown(tbl, dev, false); 447 return 0; 448 } 449 EXPORT_SYMBOL(neigh_ifdown); 450 451 static struct neighbour *neigh_alloc(struct neigh_table *tbl, 452 struct net_device *dev, 453 u32 flags, bool exempt_from_gc) 454 { 455 struct neighbour *n = NULL; 456 unsigned long now = jiffies; 457 int entries; 458 459 if (exempt_from_gc) 460 goto do_alloc; 461 462 entries = atomic_inc_return(&tbl->gc_entries) - 1; 463 if (entries >= tbl->gc_thresh3 || 464 (entries >= tbl->gc_thresh2 && 465 time_after(now, tbl->last_flush + 5 * HZ))) { 466 if (!neigh_forced_gc(tbl) && 467 entries >= tbl->gc_thresh3) { 468 net_info_ratelimited("%s: neighbor table overflow!\n", 469 tbl->id); 470 NEIGH_CACHE_STAT_INC(tbl, table_fulls); 471 goto out_entries; 472 } 473 } 474 475 do_alloc: 476 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC); 477 if (!n) 478 goto out_entries; 479 480 __skb_queue_head_init(&n->arp_queue); 481 rwlock_init(&n->lock); 482 seqlock_init(&n->ha_lock); 483 n->updated = n->used = now; 484 n->nud_state = NUD_NONE; 485 n->output = neigh_blackhole; 486 n->flags = flags; 487 seqlock_init(&n->hh.hh_lock); 488 n->parms = neigh_parms_clone(&tbl->parms); 489 timer_setup(&n->timer, neigh_timer_handler, 0); 490 491 NEIGH_CACHE_STAT_INC(tbl, allocs); 492 n->tbl = tbl; 493 refcount_set(&n->refcnt, 1); 494 n->dead = 1; 495 INIT_LIST_HEAD(&n->gc_list); 496 INIT_LIST_HEAD(&n->managed_list); 497 498 atomic_inc(&tbl->entries); 499 out: 500 return n; 501 502 out_entries: 503 if (!exempt_from_gc) 504 atomic_dec(&tbl->gc_entries); 505 goto out; 506 } 507 508 static void neigh_get_hash_rnd(u32 *x) 509 { 510 *x = get_random_u32() | 1; 511 } 512 513 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift) 514 { 515 size_t size = (1 << shift) * sizeof(struct neighbour *); 516 struct neigh_hash_table *ret; 517 struct neighbour __rcu **buckets; 518 int i; 519 520 ret = kmalloc(sizeof(*ret), GFP_ATOMIC); 521 if (!ret) 522 return NULL; 523 if (size <= PAGE_SIZE) { 524 buckets = kzalloc(size, GFP_ATOMIC); 525 } else { 526 buckets = (struct neighbour __rcu **) 527 __get_free_pages(GFP_ATOMIC | __GFP_ZERO, 528 get_order(size)); 529 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC); 530 } 531 if (!buckets) { 532 kfree(ret); 533 return NULL; 534 } 535 ret->hash_buckets = buckets; 536 ret->hash_shift = shift; 537 for (i = 0; i < NEIGH_NUM_HASH_RND; i++) 538 neigh_get_hash_rnd(&ret->hash_rnd[i]); 539 return ret; 540 } 541 542 static void neigh_hash_free_rcu(struct rcu_head *head) 543 { 544 struct neigh_hash_table *nht = container_of(head, 545 struct neigh_hash_table, 546 rcu); 547 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *); 548 struct neighbour __rcu **buckets = nht->hash_buckets; 549 550 if (size <= PAGE_SIZE) { 551 kfree(buckets); 552 } else { 553 kmemleak_free(buckets); 554 free_pages((unsigned long)buckets, get_order(size)); 555 } 556 kfree(nht); 557 } 558 559 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl, 560 unsigned long new_shift) 561 { 562 unsigned int i, hash; 563 struct neigh_hash_table *new_nht, *old_nht; 564 565 NEIGH_CACHE_STAT_INC(tbl, hash_grows); 566 567 old_nht = rcu_dereference_protected(tbl->nht, 568 lockdep_is_held(&tbl->lock)); 569 new_nht = neigh_hash_alloc(new_shift); 570 if (!new_nht) 571 return old_nht; 572 573 for (i = 0; i < (1 << old_nht->hash_shift); i++) { 574 struct neighbour *n, *next; 575 576 for (n = rcu_dereference_protected(old_nht->hash_buckets[i], 577 lockdep_is_held(&tbl->lock)); 578 n != NULL; 579 n = next) { 580 hash = tbl->hash(n->primary_key, n->dev, 581 new_nht->hash_rnd); 582 583 hash >>= (32 - new_nht->hash_shift); 584 next = rcu_dereference_protected(n->next, 585 lockdep_is_held(&tbl->lock)); 586 587 rcu_assign_pointer(n->next, 588 rcu_dereference_protected( 589 new_nht->hash_buckets[hash], 590 lockdep_is_held(&tbl->lock))); 591 rcu_assign_pointer(new_nht->hash_buckets[hash], n); 592 } 593 } 594 595 rcu_assign_pointer(tbl->nht, new_nht); 596 call_rcu(&old_nht->rcu, neigh_hash_free_rcu); 597 return new_nht; 598 } 599 600 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey, 601 struct net_device *dev) 602 { 603 struct neighbour *n; 604 605 NEIGH_CACHE_STAT_INC(tbl, lookups); 606 607 rcu_read_lock_bh(); 608 n = __neigh_lookup_noref(tbl, pkey, dev); 609 if (n) { 610 if (!refcount_inc_not_zero(&n->refcnt)) 611 n = NULL; 612 NEIGH_CACHE_STAT_INC(tbl, hits); 613 } 614 615 rcu_read_unlock_bh(); 616 return n; 617 } 618 EXPORT_SYMBOL(neigh_lookup); 619 620 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net, 621 const void *pkey) 622 { 623 struct neighbour *n; 624 unsigned int key_len = tbl->key_len; 625 u32 hash_val; 626 struct neigh_hash_table *nht; 627 628 NEIGH_CACHE_STAT_INC(tbl, lookups); 629 630 rcu_read_lock_bh(); 631 nht = rcu_dereference_bh(tbl->nht); 632 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift); 633 634 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); 635 n != NULL; 636 n = rcu_dereference_bh(n->next)) { 637 if (!memcmp(n->primary_key, pkey, key_len) && 638 net_eq(dev_net(n->dev), net)) { 639 if (!refcount_inc_not_zero(&n->refcnt)) 640 n = NULL; 641 NEIGH_CACHE_STAT_INC(tbl, hits); 642 break; 643 } 644 } 645 646 rcu_read_unlock_bh(); 647 return n; 648 } 649 EXPORT_SYMBOL(neigh_lookup_nodev); 650 651 static struct neighbour * 652 ___neigh_create(struct neigh_table *tbl, const void *pkey, 653 struct net_device *dev, u32 flags, 654 bool exempt_from_gc, bool want_ref) 655 { 656 u32 hash_val, key_len = tbl->key_len; 657 struct neighbour *n1, *rc, *n; 658 struct neigh_hash_table *nht; 659 int error; 660 661 n = neigh_alloc(tbl, dev, flags, exempt_from_gc); 662 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc); 663 if (!n) { 664 rc = ERR_PTR(-ENOBUFS); 665 goto out; 666 } 667 668 memcpy(n->primary_key, pkey, key_len); 669 n->dev = dev; 670 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC); 671 672 /* Protocol specific setup. */ 673 if (tbl->constructor && (error = tbl->constructor(n)) < 0) { 674 rc = ERR_PTR(error); 675 goto out_neigh_release; 676 } 677 678 if (dev->netdev_ops->ndo_neigh_construct) { 679 error = dev->netdev_ops->ndo_neigh_construct(dev, n); 680 if (error < 0) { 681 rc = ERR_PTR(error); 682 goto out_neigh_release; 683 } 684 } 685 686 /* Device specific setup. */ 687 if (n->parms->neigh_setup && 688 (error = n->parms->neigh_setup(n)) < 0) { 689 rc = ERR_PTR(error); 690 goto out_neigh_release; 691 } 692 693 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1); 694 695 write_lock_bh(&tbl->lock); 696 nht = rcu_dereference_protected(tbl->nht, 697 lockdep_is_held(&tbl->lock)); 698 699 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift)) 700 nht = neigh_hash_grow(tbl, nht->hash_shift + 1); 701 702 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift); 703 704 if (n->parms->dead) { 705 rc = ERR_PTR(-EINVAL); 706 goto out_tbl_unlock; 707 } 708 709 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val], 710 lockdep_is_held(&tbl->lock)); 711 n1 != NULL; 712 n1 = rcu_dereference_protected(n1->next, 713 lockdep_is_held(&tbl->lock))) { 714 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) { 715 if (want_ref) 716 neigh_hold(n1); 717 rc = n1; 718 goto out_tbl_unlock; 719 } 720 } 721 722 n->dead = 0; 723 if (!exempt_from_gc) 724 list_add_tail(&n->gc_list, &n->tbl->gc_list); 725 if (n->flags & NTF_MANAGED) 726 list_add_tail(&n->managed_list, &n->tbl->managed_list); 727 if (want_ref) 728 neigh_hold(n); 729 rcu_assign_pointer(n->next, 730 rcu_dereference_protected(nht->hash_buckets[hash_val], 731 lockdep_is_held(&tbl->lock))); 732 rcu_assign_pointer(nht->hash_buckets[hash_val], n); 733 write_unlock_bh(&tbl->lock); 734 neigh_dbg(2, "neigh %p is created\n", n); 735 rc = n; 736 out: 737 return rc; 738 out_tbl_unlock: 739 write_unlock_bh(&tbl->lock); 740 out_neigh_release: 741 if (!exempt_from_gc) 742 atomic_dec(&tbl->gc_entries); 743 neigh_release(n); 744 goto out; 745 } 746 747 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey, 748 struct net_device *dev, bool want_ref) 749 { 750 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref); 751 } 752 EXPORT_SYMBOL(__neigh_create); 753 754 static u32 pneigh_hash(const void *pkey, unsigned int key_len) 755 { 756 u32 hash_val = *(u32 *)(pkey + key_len - 4); 757 hash_val ^= (hash_val >> 16); 758 hash_val ^= hash_val >> 8; 759 hash_val ^= hash_val >> 4; 760 hash_val &= PNEIGH_HASHMASK; 761 return hash_val; 762 } 763 764 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n, 765 struct net *net, 766 const void *pkey, 767 unsigned int key_len, 768 struct net_device *dev) 769 { 770 while (n) { 771 if (!memcmp(n->key, pkey, key_len) && 772 net_eq(pneigh_net(n), net) && 773 (n->dev == dev || !n->dev)) 774 return n; 775 n = n->next; 776 } 777 return NULL; 778 } 779 780 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, 781 struct net *net, const void *pkey, struct net_device *dev) 782 { 783 unsigned int key_len = tbl->key_len; 784 u32 hash_val = pneigh_hash(pkey, key_len); 785 786 return __pneigh_lookup_1(tbl->phash_buckets[hash_val], 787 net, pkey, key_len, dev); 788 } 789 EXPORT_SYMBOL_GPL(__pneigh_lookup); 790 791 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 792 struct net *net, const void *pkey, 793 struct net_device *dev, int creat) 794 { 795 struct pneigh_entry *n; 796 unsigned int key_len = tbl->key_len; 797 u32 hash_val = pneigh_hash(pkey, key_len); 798 799 read_lock_bh(&tbl->lock); 800 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val], 801 net, pkey, key_len, dev); 802 read_unlock_bh(&tbl->lock); 803 804 if (n || !creat) 805 goto out; 806 807 ASSERT_RTNL(); 808 809 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL); 810 if (!n) 811 goto out; 812 813 write_pnet(&n->net, net); 814 memcpy(n->key, pkey, key_len); 815 n->dev = dev; 816 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL); 817 818 if (tbl->pconstructor && tbl->pconstructor(n)) { 819 netdev_put(dev, &n->dev_tracker); 820 kfree(n); 821 n = NULL; 822 goto out; 823 } 824 825 write_lock_bh(&tbl->lock); 826 n->next = tbl->phash_buckets[hash_val]; 827 tbl->phash_buckets[hash_val] = n; 828 write_unlock_bh(&tbl->lock); 829 out: 830 return n; 831 } 832 EXPORT_SYMBOL(pneigh_lookup); 833 834 835 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey, 836 struct net_device *dev) 837 { 838 struct pneigh_entry *n, **np; 839 unsigned int key_len = tbl->key_len; 840 u32 hash_val = pneigh_hash(pkey, key_len); 841 842 write_lock_bh(&tbl->lock); 843 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL; 844 np = &n->next) { 845 if (!memcmp(n->key, pkey, key_len) && n->dev == dev && 846 net_eq(pneigh_net(n), net)) { 847 *np = n->next; 848 write_unlock_bh(&tbl->lock); 849 if (tbl->pdestructor) 850 tbl->pdestructor(n); 851 netdev_put(n->dev, &n->dev_tracker); 852 kfree(n); 853 return 0; 854 } 855 } 856 write_unlock_bh(&tbl->lock); 857 return -ENOENT; 858 } 859 860 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl, 861 struct net_device *dev) 862 { 863 struct pneigh_entry *n, **np, *freelist = NULL; 864 u32 h; 865 866 for (h = 0; h <= PNEIGH_HASHMASK; h++) { 867 np = &tbl->phash_buckets[h]; 868 while ((n = *np) != NULL) { 869 if (!dev || n->dev == dev) { 870 *np = n->next; 871 n->next = freelist; 872 freelist = n; 873 continue; 874 } 875 np = &n->next; 876 } 877 } 878 write_unlock_bh(&tbl->lock); 879 while ((n = freelist)) { 880 freelist = n->next; 881 n->next = NULL; 882 if (tbl->pdestructor) 883 tbl->pdestructor(n); 884 netdev_put(n->dev, &n->dev_tracker); 885 kfree(n); 886 } 887 return -ENOENT; 888 } 889 890 static void neigh_parms_destroy(struct neigh_parms *parms); 891 892 static inline void neigh_parms_put(struct neigh_parms *parms) 893 { 894 if (refcount_dec_and_test(&parms->refcnt)) 895 neigh_parms_destroy(parms); 896 } 897 898 /* 899 * neighbour must already be out of the table; 900 * 901 */ 902 void neigh_destroy(struct neighbour *neigh) 903 { 904 struct net_device *dev = neigh->dev; 905 906 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys); 907 908 if (!neigh->dead) { 909 pr_warn("Destroying alive neighbour %p\n", neigh); 910 dump_stack(); 911 return; 912 } 913 914 if (neigh_del_timer(neigh)) 915 pr_warn("Impossible event\n"); 916 917 write_lock_bh(&neigh->lock); 918 __skb_queue_purge(&neigh->arp_queue); 919 write_unlock_bh(&neigh->lock); 920 neigh->arp_queue_len_bytes = 0; 921 922 if (dev->netdev_ops->ndo_neigh_destroy) 923 dev->netdev_ops->ndo_neigh_destroy(dev, neigh); 924 925 netdev_put(dev, &neigh->dev_tracker); 926 neigh_parms_put(neigh->parms); 927 928 neigh_dbg(2, "neigh %p is destroyed\n", neigh); 929 930 atomic_dec(&neigh->tbl->entries); 931 kfree_rcu(neigh, rcu); 932 } 933 EXPORT_SYMBOL(neigh_destroy); 934 935 /* Neighbour state is suspicious; 936 disable fast path. 937 938 Called with write_locked neigh. 939 */ 940 static void neigh_suspect(struct neighbour *neigh) 941 { 942 neigh_dbg(2, "neigh %p is suspected\n", neigh); 943 944 neigh->output = neigh->ops->output; 945 } 946 947 /* Neighbour state is OK; 948 enable fast path. 949 950 Called with write_locked neigh. 951 */ 952 static void neigh_connect(struct neighbour *neigh) 953 { 954 neigh_dbg(2, "neigh %p is connected\n", neigh); 955 956 neigh->output = neigh->ops->connected_output; 957 } 958 959 static void neigh_periodic_work(struct work_struct *work) 960 { 961 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work); 962 struct neighbour *n; 963 struct neighbour __rcu **np; 964 unsigned int i; 965 struct neigh_hash_table *nht; 966 967 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); 968 969 write_lock_bh(&tbl->lock); 970 nht = rcu_dereference_protected(tbl->nht, 971 lockdep_is_held(&tbl->lock)); 972 973 /* 974 * periodically recompute ReachableTime from random function 975 */ 976 977 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) { 978 struct neigh_parms *p; 979 tbl->last_rand = jiffies; 980 list_for_each_entry(p, &tbl->parms_list, list) 981 p->reachable_time = 982 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 983 } 984 985 if (atomic_read(&tbl->entries) < tbl->gc_thresh1) 986 goto out; 987 988 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 989 np = &nht->hash_buckets[i]; 990 991 while ((n = rcu_dereference_protected(*np, 992 lockdep_is_held(&tbl->lock))) != NULL) { 993 unsigned int state; 994 995 write_lock(&n->lock); 996 997 state = n->nud_state; 998 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) || 999 (n->flags & NTF_EXT_LEARNED)) { 1000 write_unlock(&n->lock); 1001 goto next_elt; 1002 } 1003 1004 if (time_before(n->used, n->confirmed)) 1005 n->used = n->confirmed; 1006 1007 if (refcount_read(&n->refcnt) == 1 && 1008 (state == NUD_FAILED || 1009 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { 1010 *np = n->next; 1011 neigh_mark_dead(n); 1012 write_unlock(&n->lock); 1013 neigh_cleanup_and_release(n); 1014 continue; 1015 } 1016 write_unlock(&n->lock); 1017 1018 next_elt: 1019 np = &n->next; 1020 } 1021 /* 1022 * It's fine to release lock here, even if hash table 1023 * grows while we are preempted. 1024 */ 1025 write_unlock_bh(&tbl->lock); 1026 cond_resched(); 1027 write_lock_bh(&tbl->lock); 1028 nht = rcu_dereference_protected(tbl->nht, 1029 lockdep_is_held(&tbl->lock)); 1030 } 1031 out: 1032 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks. 1033 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2 1034 * BASE_REACHABLE_TIME. 1035 */ 1036 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1037 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1); 1038 write_unlock_bh(&tbl->lock); 1039 } 1040 1041 static __inline__ int neigh_max_probes(struct neighbour *n) 1042 { 1043 struct neigh_parms *p = n->parms; 1044 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) + 1045 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) : 1046 NEIGH_VAR(p, MCAST_PROBES)); 1047 } 1048 1049 static void neigh_invalidate(struct neighbour *neigh) 1050 __releases(neigh->lock) 1051 __acquires(neigh->lock) 1052 { 1053 struct sk_buff *skb; 1054 1055 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); 1056 neigh_dbg(2, "neigh %p is failed\n", neigh); 1057 neigh->updated = jiffies; 1058 1059 /* It is very thin place. report_unreachable is very complicated 1060 routine. Particularly, it can hit the same neighbour entry! 1061 1062 So that, we try to be accurate and avoid dead loop. --ANK 1063 */ 1064 while (neigh->nud_state == NUD_FAILED && 1065 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1066 write_unlock(&neigh->lock); 1067 neigh->ops->error_report(neigh, skb); 1068 write_lock(&neigh->lock); 1069 } 1070 __skb_queue_purge(&neigh->arp_queue); 1071 neigh->arp_queue_len_bytes = 0; 1072 } 1073 1074 static void neigh_probe(struct neighbour *neigh) 1075 __releases(neigh->lock) 1076 { 1077 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue); 1078 /* keep skb alive even if arp_queue overflows */ 1079 if (skb) 1080 skb = skb_clone(skb, GFP_ATOMIC); 1081 write_unlock(&neigh->lock); 1082 if (neigh->ops->solicit) 1083 neigh->ops->solicit(neigh, skb); 1084 atomic_inc(&neigh->probes); 1085 consume_skb(skb); 1086 } 1087 1088 /* Called when a timer expires for a neighbour entry. */ 1089 1090 static void neigh_timer_handler(struct timer_list *t) 1091 { 1092 unsigned long now, next; 1093 struct neighbour *neigh = from_timer(neigh, t, timer); 1094 unsigned int state; 1095 int notify = 0; 1096 1097 write_lock(&neigh->lock); 1098 1099 state = neigh->nud_state; 1100 now = jiffies; 1101 next = now + HZ; 1102 1103 if (!(state & NUD_IN_TIMER)) 1104 goto out; 1105 1106 if (state & NUD_REACHABLE) { 1107 if (time_before_eq(now, 1108 neigh->confirmed + neigh->parms->reachable_time)) { 1109 neigh_dbg(2, "neigh %p is still alive\n", neigh); 1110 next = neigh->confirmed + neigh->parms->reachable_time; 1111 } else if (time_before_eq(now, 1112 neigh->used + 1113 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1114 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1115 neigh->nud_state = NUD_DELAY; 1116 neigh->updated = jiffies; 1117 neigh_suspect(neigh); 1118 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME); 1119 } else { 1120 neigh_dbg(2, "neigh %p is suspected\n", neigh); 1121 neigh->nud_state = NUD_STALE; 1122 neigh->updated = jiffies; 1123 neigh_suspect(neigh); 1124 notify = 1; 1125 } 1126 } else if (state & NUD_DELAY) { 1127 if (time_before_eq(now, 1128 neigh->confirmed + 1129 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) { 1130 neigh_dbg(2, "neigh %p is now reachable\n", neigh); 1131 neigh->nud_state = NUD_REACHABLE; 1132 neigh->updated = jiffies; 1133 neigh_connect(neigh); 1134 notify = 1; 1135 next = neigh->confirmed + neigh->parms->reachable_time; 1136 } else { 1137 neigh_dbg(2, "neigh %p is probed\n", neigh); 1138 neigh->nud_state = NUD_PROBE; 1139 neigh->updated = jiffies; 1140 atomic_set(&neigh->probes, 0); 1141 notify = 1; 1142 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1143 HZ/100); 1144 } 1145 } else { 1146 /* NUD_PROBE|NUD_INCOMPLETE */ 1147 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100); 1148 } 1149 1150 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && 1151 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { 1152 neigh->nud_state = NUD_FAILED; 1153 notify = 1; 1154 neigh_invalidate(neigh); 1155 goto out; 1156 } 1157 1158 if (neigh->nud_state & NUD_IN_TIMER) { 1159 if (time_before(next, jiffies + HZ/100)) 1160 next = jiffies + HZ/100; 1161 if (!mod_timer(&neigh->timer, next)) 1162 neigh_hold(neigh); 1163 } 1164 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 1165 neigh_probe(neigh); 1166 } else { 1167 out: 1168 write_unlock(&neigh->lock); 1169 } 1170 1171 if (notify) 1172 neigh_update_notify(neigh, 0); 1173 1174 trace_neigh_timer_handler(neigh, 0); 1175 1176 neigh_release(neigh); 1177 } 1178 1179 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb, 1180 const bool immediate_ok) 1181 { 1182 int rc; 1183 bool immediate_probe = false; 1184 1185 write_lock_bh(&neigh->lock); 1186 1187 rc = 0; 1188 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 1189 goto out_unlock_bh; 1190 if (neigh->dead) 1191 goto out_dead; 1192 1193 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 1194 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) + 1195 NEIGH_VAR(neigh->parms, APP_PROBES)) { 1196 unsigned long next, now = jiffies; 1197 1198 atomic_set(&neigh->probes, 1199 NEIGH_VAR(neigh->parms, UCAST_PROBES)); 1200 neigh_del_timer(neigh); 1201 neigh->nud_state = NUD_INCOMPLETE; 1202 neigh->updated = now; 1203 if (!immediate_ok) { 1204 next = now + 1; 1205 } else { 1206 immediate_probe = true; 1207 next = now + max(NEIGH_VAR(neigh->parms, 1208 RETRANS_TIME), 1209 HZ / 100); 1210 } 1211 neigh_add_timer(neigh, next); 1212 } else { 1213 neigh->nud_state = NUD_FAILED; 1214 neigh->updated = jiffies; 1215 write_unlock_bh(&neigh->lock); 1216 1217 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED); 1218 return 1; 1219 } 1220 } else if (neigh->nud_state & NUD_STALE) { 1221 neigh_dbg(2, "neigh %p is delayed\n", neigh); 1222 neigh_del_timer(neigh); 1223 neigh->nud_state = NUD_DELAY; 1224 neigh->updated = jiffies; 1225 neigh_add_timer(neigh, jiffies + 1226 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME)); 1227 } 1228 1229 if (neigh->nud_state == NUD_INCOMPLETE) { 1230 if (skb) { 1231 while (neigh->arp_queue_len_bytes + skb->truesize > 1232 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) { 1233 struct sk_buff *buff; 1234 1235 buff = __skb_dequeue(&neigh->arp_queue); 1236 if (!buff) 1237 break; 1238 neigh->arp_queue_len_bytes -= buff->truesize; 1239 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL); 1240 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards); 1241 } 1242 skb_dst_force(skb); 1243 __skb_queue_tail(&neigh->arp_queue, skb); 1244 neigh->arp_queue_len_bytes += skb->truesize; 1245 } 1246 rc = 1; 1247 } 1248 out_unlock_bh: 1249 if (immediate_probe) 1250 neigh_probe(neigh); 1251 else 1252 write_unlock(&neigh->lock); 1253 local_bh_enable(); 1254 trace_neigh_event_send_done(neigh, rc); 1255 return rc; 1256 1257 out_dead: 1258 if (neigh->nud_state & NUD_STALE) 1259 goto out_unlock_bh; 1260 write_unlock_bh(&neigh->lock); 1261 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD); 1262 trace_neigh_event_send_dead(neigh, 1); 1263 return 1; 1264 } 1265 EXPORT_SYMBOL(__neigh_event_send); 1266 1267 static void neigh_update_hhs(struct neighbour *neigh) 1268 { 1269 struct hh_cache *hh; 1270 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *) 1271 = NULL; 1272 1273 if (neigh->dev->header_ops) 1274 update = neigh->dev->header_ops->cache_update; 1275 1276 if (update) { 1277 hh = &neigh->hh; 1278 if (READ_ONCE(hh->hh_len)) { 1279 write_seqlock_bh(&hh->hh_lock); 1280 update(hh, neigh->dev, neigh->ha); 1281 write_sequnlock_bh(&hh->hh_lock); 1282 } 1283 } 1284 } 1285 1286 /* Generic update routine. 1287 -- lladdr is new lladdr or NULL, if it is not supplied. 1288 -- new is new state. 1289 -- flags 1290 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr, 1291 if it is different. 1292 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected" 1293 lladdr instead of overriding it 1294 if it is different. 1295 NEIGH_UPDATE_F_ADMIN means that the change is administrative. 1296 NEIGH_UPDATE_F_USE means that the entry is user triggered. 1297 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed. 1298 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing 1299 NTF_ROUTER flag. 1300 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as 1301 a router. 1302 1303 Caller MUST hold reference count on the entry. 1304 */ 1305 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, 1306 u8 new, u32 flags, u32 nlmsg_pid, 1307 struct netlink_ext_ack *extack) 1308 { 1309 bool gc_update = false, managed_update = false; 1310 int update_isrouter = 0; 1311 struct net_device *dev; 1312 int err, notify = 0; 1313 u8 old; 1314 1315 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid); 1316 1317 write_lock_bh(&neigh->lock); 1318 1319 dev = neigh->dev; 1320 old = neigh->nud_state; 1321 err = -EPERM; 1322 1323 if (neigh->dead) { 1324 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead"); 1325 new = old; 1326 goto out; 1327 } 1328 if (!(flags & NEIGH_UPDATE_F_ADMIN) && 1329 (old & (NUD_NOARP | NUD_PERMANENT))) 1330 goto out; 1331 1332 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update); 1333 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) { 1334 new = old & ~NUD_PERMANENT; 1335 neigh->nud_state = new; 1336 err = 0; 1337 goto out; 1338 } 1339 1340 if (!(new & NUD_VALID)) { 1341 neigh_del_timer(neigh); 1342 if (old & NUD_CONNECTED) 1343 neigh_suspect(neigh); 1344 neigh->nud_state = new; 1345 err = 0; 1346 notify = old & NUD_VALID; 1347 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) && 1348 (new & NUD_FAILED)) { 1349 neigh_invalidate(neigh); 1350 notify = 1; 1351 } 1352 goto out; 1353 } 1354 1355 /* Compare new lladdr with cached one */ 1356 if (!dev->addr_len) { 1357 /* First case: device needs no address. */ 1358 lladdr = neigh->ha; 1359 } else if (lladdr) { 1360 /* The second case: if something is already cached 1361 and a new address is proposed: 1362 - compare new & old 1363 - if they are different, check override flag 1364 */ 1365 if ((old & NUD_VALID) && 1366 !memcmp(lladdr, neigh->ha, dev->addr_len)) 1367 lladdr = neigh->ha; 1368 } else { 1369 /* No address is supplied; if we know something, 1370 use it, otherwise discard the request. 1371 */ 1372 err = -EINVAL; 1373 if (!(old & NUD_VALID)) { 1374 NL_SET_ERR_MSG(extack, "No link layer address given"); 1375 goto out; 1376 } 1377 lladdr = neigh->ha; 1378 } 1379 1380 /* Update confirmed timestamp for neighbour entry after we 1381 * received ARP packet even if it doesn't change IP to MAC binding. 1382 */ 1383 if (new & NUD_CONNECTED) 1384 neigh->confirmed = jiffies; 1385 1386 /* If entry was valid and address is not changed, 1387 do not change entry state, if new one is STALE. 1388 */ 1389 err = 0; 1390 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1391 if (old & NUD_VALID) { 1392 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { 1393 update_isrouter = 0; 1394 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && 1395 (old & NUD_CONNECTED)) { 1396 lladdr = neigh->ha; 1397 new = NUD_STALE; 1398 } else 1399 goto out; 1400 } else { 1401 if (lladdr == neigh->ha && new == NUD_STALE && 1402 !(flags & NEIGH_UPDATE_F_ADMIN)) 1403 new = old; 1404 } 1405 } 1406 1407 /* Update timestamp only once we know we will make a change to the 1408 * neighbour entry. Otherwise we risk to move the locktime window with 1409 * noop updates and ignore relevant ARP updates. 1410 */ 1411 if (new != old || lladdr != neigh->ha) 1412 neigh->updated = jiffies; 1413 1414 if (new != old) { 1415 neigh_del_timer(neigh); 1416 if (new & NUD_PROBE) 1417 atomic_set(&neigh->probes, 0); 1418 if (new & NUD_IN_TIMER) 1419 neigh_add_timer(neigh, (jiffies + 1420 ((new & NUD_REACHABLE) ? 1421 neigh->parms->reachable_time : 1422 0))); 1423 neigh->nud_state = new; 1424 notify = 1; 1425 } 1426 1427 if (lladdr != neigh->ha) { 1428 write_seqlock(&neigh->ha_lock); 1429 memcpy(&neigh->ha, lladdr, dev->addr_len); 1430 write_sequnlock(&neigh->ha_lock); 1431 neigh_update_hhs(neigh); 1432 if (!(new & NUD_CONNECTED)) 1433 neigh->confirmed = jiffies - 1434 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1); 1435 notify = 1; 1436 } 1437 if (new == old) 1438 goto out; 1439 if (new & NUD_CONNECTED) 1440 neigh_connect(neigh); 1441 else 1442 neigh_suspect(neigh); 1443 if (!(old & NUD_VALID)) { 1444 struct sk_buff *skb; 1445 1446 /* Again: avoid dead loop if something went wrong */ 1447 1448 while (neigh->nud_state & NUD_VALID && 1449 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { 1450 struct dst_entry *dst = skb_dst(skb); 1451 struct neighbour *n2, *n1 = neigh; 1452 write_unlock_bh(&neigh->lock); 1453 1454 rcu_read_lock(); 1455 1456 /* Why not just use 'neigh' as-is? The problem is that 1457 * things such as shaper, eql, and sch_teql can end up 1458 * using alternative, different, neigh objects to output 1459 * the packet in the output path. So what we need to do 1460 * here is re-lookup the top-level neigh in the path so 1461 * we can reinject the packet there. 1462 */ 1463 n2 = NULL; 1464 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { 1465 n2 = dst_neigh_lookup_skb(dst, skb); 1466 if (n2) 1467 n1 = n2; 1468 } 1469 n1->output(n1, skb); 1470 if (n2) 1471 neigh_release(n2); 1472 rcu_read_unlock(); 1473 1474 write_lock_bh(&neigh->lock); 1475 } 1476 __skb_queue_purge(&neigh->arp_queue); 1477 neigh->arp_queue_len_bytes = 0; 1478 } 1479 out: 1480 if (update_isrouter) 1481 neigh_update_is_router(neigh, flags, ¬ify); 1482 write_unlock_bh(&neigh->lock); 1483 if (((new ^ old) & NUD_PERMANENT) || gc_update) 1484 neigh_update_gc_list(neigh); 1485 if (managed_update) 1486 neigh_update_managed_list(neigh); 1487 if (notify) 1488 neigh_update_notify(neigh, nlmsg_pid); 1489 trace_neigh_update_done(neigh, err); 1490 return err; 1491 } 1492 1493 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, 1494 u32 flags, u32 nlmsg_pid) 1495 { 1496 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL); 1497 } 1498 EXPORT_SYMBOL(neigh_update); 1499 1500 /* Update the neigh to listen temporarily for probe responses, even if it is 1501 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing. 1502 */ 1503 void __neigh_set_probe_once(struct neighbour *neigh) 1504 { 1505 if (neigh->dead) 1506 return; 1507 neigh->updated = jiffies; 1508 if (!(neigh->nud_state & NUD_FAILED)) 1509 return; 1510 neigh->nud_state = NUD_INCOMPLETE; 1511 atomic_set(&neigh->probes, neigh_max_probes(neigh)); 1512 neigh_add_timer(neigh, 1513 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), 1514 HZ/100)); 1515 } 1516 EXPORT_SYMBOL(__neigh_set_probe_once); 1517 1518 struct neighbour *neigh_event_ns(struct neigh_table *tbl, 1519 u8 *lladdr, void *saddr, 1520 struct net_device *dev) 1521 { 1522 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, 1523 lladdr || !dev->addr_len); 1524 if (neigh) 1525 neigh_update(neigh, lladdr, NUD_STALE, 1526 NEIGH_UPDATE_F_OVERRIDE, 0); 1527 return neigh; 1528 } 1529 EXPORT_SYMBOL(neigh_event_ns); 1530 1531 /* called with read_lock_bh(&n->lock); */ 1532 static void neigh_hh_init(struct neighbour *n) 1533 { 1534 struct net_device *dev = n->dev; 1535 __be16 prot = n->tbl->protocol; 1536 struct hh_cache *hh = &n->hh; 1537 1538 write_lock_bh(&n->lock); 1539 1540 /* Only one thread can come in here and initialize the 1541 * hh_cache entry. 1542 */ 1543 if (!hh->hh_len) 1544 dev->header_ops->cache(n, hh, prot); 1545 1546 write_unlock_bh(&n->lock); 1547 } 1548 1549 /* Slow and careful. */ 1550 1551 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) 1552 { 1553 int rc = 0; 1554 1555 if (!neigh_event_send(neigh, skb)) { 1556 int err; 1557 struct net_device *dev = neigh->dev; 1558 unsigned int seq; 1559 1560 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len)) 1561 neigh_hh_init(neigh); 1562 1563 do { 1564 __skb_pull(skb, skb_network_offset(skb)); 1565 seq = read_seqbegin(&neigh->ha_lock); 1566 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1567 neigh->ha, NULL, skb->len); 1568 } while (read_seqretry(&neigh->ha_lock, seq)); 1569 1570 if (err >= 0) 1571 rc = dev_queue_xmit(skb); 1572 else 1573 goto out_kfree_skb; 1574 } 1575 out: 1576 return rc; 1577 out_kfree_skb: 1578 rc = -EINVAL; 1579 kfree_skb(skb); 1580 goto out; 1581 } 1582 EXPORT_SYMBOL(neigh_resolve_output); 1583 1584 /* As fast as possible without hh cache */ 1585 1586 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) 1587 { 1588 struct net_device *dev = neigh->dev; 1589 unsigned int seq; 1590 int err; 1591 1592 do { 1593 __skb_pull(skb, skb_network_offset(skb)); 1594 seq = read_seqbegin(&neigh->ha_lock); 1595 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1596 neigh->ha, NULL, skb->len); 1597 } while (read_seqretry(&neigh->ha_lock, seq)); 1598 1599 if (err >= 0) 1600 err = dev_queue_xmit(skb); 1601 else { 1602 err = -EINVAL; 1603 kfree_skb(skb); 1604 } 1605 return err; 1606 } 1607 EXPORT_SYMBOL(neigh_connected_output); 1608 1609 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb) 1610 { 1611 return dev_queue_xmit(skb); 1612 } 1613 EXPORT_SYMBOL(neigh_direct_output); 1614 1615 static void neigh_managed_work(struct work_struct *work) 1616 { 1617 struct neigh_table *tbl = container_of(work, struct neigh_table, 1618 managed_work.work); 1619 struct neighbour *neigh; 1620 1621 write_lock_bh(&tbl->lock); 1622 list_for_each_entry(neigh, &tbl->managed_list, managed_list) 1623 neigh_event_send_probe(neigh, NULL, false); 1624 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 1625 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS)); 1626 write_unlock_bh(&tbl->lock); 1627 } 1628 1629 static void neigh_proxy_process(struct timer_list *t) 1630 { 1631 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer); 1632 long sched_next = 0; 1633 unsigned long now = jiffies; 1634 struct sk_buff *skb, *n; 1635 1636 spin_lock(&tbl->proxy_queue.lock); 1637 1638 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) { 1639 long tdif = NEIGH_CB(skb)->sched_next - now; 1640 1641 if (tdif <= 0) { 1642 struct net_device *dev = skb->dev; 1643 1644 neigh_parms_qlen_dec(dev, tbl->family); 1645 __skb_unlink(skb, &tbl->proxy_queue); 1646 1647 if (tbl->proxy_redo && netif_running(dev)) { 1648 rcu_read_lock(); 1649 tbl->proxy_redo(skb); 1650 rcu_read_unlock(); 1651 } else { 1652 kfree_skb(skb); 1653 } 1654 1655 dev_put(dev); 1656 } else if (!sched_next || tdif < sched_next) 1657 sched_next = tdif; 1658 } 1659 del_timer(&tbl->proxy_timer); 1660 if (sched_next) 1661 mod_timer(&tbl->proxy_timer, jiffies + sched_next); 1662 spin_unlock(&tbl->proxy_queue.lock); 1663 } 1664 1665 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, 1666 struct sk_buff *skb) 1667 { 1668 unsigned long sched_next = jiffies + 1669 get_random_u32_below(NEIGH_VAR(p, PROXY_DELAY)); 1670 1671 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) { 1672 kfree_skb(skb); 1673 return; 1674 } 1675 1676 NEIGH_CB(skb)->sched_next = sched_next; 1677 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED; 1678 1679 spin_lock(&tbl->proxy_queue.lock); 1680 if (del_timer(&tbl->proxy_timer)) { 1681 if (time_before(tbl->proxy_timer.expires, sched_next)) 1682 sched_next = tbl->proxy_timer.expires; 1683 } 1684 skb_dst_drop(skb); 1685 dev_hold(skb->dev); 1686 __skb_queue_tail(&tbl->proxy_queue, skb); 1687 p->qlen++; 1688 mod_timer(&tbl->proxy_timer, sched_next); 1689 spin_unlock(&tbl->proxy_queue.lock); 1690 } 1691 EXPORT_SYMBOL(pneigh_enqueue); 1692 1693 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, 1694 struct net *net, int ifindex) 1695 { 1696 struct neigh_parms *p; 1697 1698 list_for_each_entry(p, &tbl->parms_list, list) { 1699 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || 1700 (!p->dev && !ifindex && net_eq(net, &init_net))) 1701 return p; 1702 } 1703 1704 return NULL; 1705 } 1706 1707 struct neigh_parms *neigh_parms_alloc(struct net_device *dev, 1708 struct neigh_table *tbl) 1709 { 1710 struct neigh_parms *p; 1711 struct net *net = dev_net(dev); 1712 const struct net_device_ops *ops = dev->netdev_ops; 1713 1714 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL); 1715 if (p) { 1716 p->tbl = tbl; 1717 refcount_set(&p->refcnt, 1); 1718 p->reachable_time = 1719 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 1720 p->qlen = 0; 1721 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL); 1722 p->dev = dev; 1723 write_pnet(&p->net, net); 1724 p->sysctl_table = NULL; 1725 1726 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1727 netdev_put(dev, &p->dev_tracker); 1728 kfree(p); 1729 return NULL; 1730 } 1731 1732 write_lock_bh(&tbl->lock); 1733 list_add(&p->list, &tbl->parms.list); 1734 write_unlock_bh(&tbl->lock); 1735 1736 neigh_parms_data_state_cleanall(p); 1737 } 1738 return p; 1739 } 1740 EXPORT_SYMBOL(neigh_parms_alloc); 1741 1742 static void neigh_rcu_free_parms(struct rcu_head *head) 1743 { 1744 struct neigh_parms *parms = 1745 container_of(head, struct neigh_parms, rcu_head); 1746 1747 neigh_parms_put(parms); 1748 } 1749 1750 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) 1751 { 1752 if (!parms || parms == &tbl->parms) 1753 return; 1754 write_lock_bh(&tbl->lock); 1755 list_del(&parms->list); 1756 parms->dead = 1; 1757 write_unlock_bh(&tbl->lock); 1758 netdev_put(parms->dev, &parms->dev_tracker); 1759 call_rcu(&parms->rcu_head, neigh_rcu_free_parms); 1760 } 1761 EXPORT_SYMBOL(neigh_parms_release); 1762 1763 static void neigh_parms_destroy(struct neigh_parms *parms) 1764 { 1765 kfree(parms); 1766 } 1767 1768 static struct lock_class_key neigh_table_proxy_queue_class; 1769 1770 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly; 1771 1772 void neigh_table_init(int index, struct neigh_table *tbl) 1773 { 1774 unsigned long now = jiffies; 1775 unsigned long phsize; 1776 1777 INIT_LIST_HEAD(&tbl->parms_list); 1778 INIT_LIST_HEAD(&tbl->gc_list); 1779 INIT_LIST_HEAD(&tbl->managed_list); 1780 1781 list_add(&tbl->parms.list, &tbl->parms_list); 1782 write_pnet(&tbl->parms.net, &init_net); 1783 refcount_set(&tbl->parms.refcnt, 1); 1784 tbl->parms.reachable_time = 1785 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME)); 1786 tbl->parms.qlen = 0; 1787 1788 tbl->stats = alloc_percpu(struct neigh_statistics); 1789 if (!tbl->stats) 1790 panic("cannot create neighbour cache statistics"); 1791 1792 #ifdef CONFIG_PROC_FS 1793 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat, 1794 &neigh_stat_seq_ops, tbl)) 1795 panic("cannot create neighbour proc dir entry"); 1796 #endif 1797 1798 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3)); 1799 1800 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); 1801 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL); 1802 1803 if (!tbl->nht || !tbl->phash_buckets) 1804 panic("cannot allocate neighbour cache hashes"); 1805 1806 if (!tbl->entry_size) 1807 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) + 1808 tbl->key_len, NEIGH_PRIV_ALIGN); 1809 else 1810 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN); 1811 1812 rwlock_init(&tbl->lock); 1813 1814 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work); 1815 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work, 1816 tbl->parms.reachable_time); 1817 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work); 1818 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0); 1819 1820 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0); 1821 skb_queue_head_init_class(&tbl->proxy_queue, 1822 &neigh_table_proxy_queue_class); 1823 1824 tbl->last_flush = now; 1825 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1826 1827 neigh_tables[index] = tbl; 1828 } 1829 EXPORT_SYMBOL(neigh_table_init); 1830 1831 int neigh_table_clear(int index, struct neigh_table *tbl) 1832 { 1833 neigh_tables[index] = NULL; 1834 /* It is not clean... Fix it to unload IPv6 module safely */ 1835 cancel_delayed_work_sync(&tbl->managed_work); 1836 cancel_delayed_work_sync(&tbl->gc_work); 1837 del_timer_sync(&tbl->proxy_timer); 1838 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family); 1839 neigh_ifdown(tbl, NULL); 1840 if (atomic_read(&tbl->entries)) 1841 pr_crit("neighbour leakage\n"); 1842 1843 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu, 1844 neigh_hash_free_rcu); 1845 tbl->nht = NULL; 1846 1847 kfree(tbl->phash_buckets); 1848 tbl->phash_buckets = NULL; 1849 1850 remove_proc_entry(tbl->id, init_net.proc_net_stat); 1851 1852 free_percpu(tbl->stats); 1853 tbl->stats = NULL; 1854 1855 return 0; 1856 } 1857 EXPORT_SYMBOL(neigh_table_clear); 1858 1859 static struct neigh_table *neigh_find_table(int family) 1860 { 1861 struct neigh_table *tbl = NULL; 1862 1863 switch (family) { 1864 case AF_INET: 1865 tbl = neigh_tables[NEIGH_ARP_TABLE]; 1866 break; 1867 case AF_INET6: 1868 tbl = neigh_tables[NEIGH_ND_TABLE]; 1869 break; 1870 } 1871 1872 return tbl; 1873 } 1874 1875 const struct nla_policy nda_policy[NDA_MAX+1] = { 1876 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID }, 1877 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1878 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 1879 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) }, 1880 [NDA_PROBES] = { .type = NLA_U32 }, 1881 [NDA_VLAN] = { .type = NLA_U16 }, 1882 [NDA_PORT] = { .type = NLA_U16 }, 1883 [NDA_VNI] = { .type = NLA_U32 }, 1884 [NDA_IFINDEX] = { .type = NLA_U32 }, 1885 [NDA_MASTER] = { .type = NLA_U32 }, 1886 [NDA_PROTOCOL] = { .type = NLA_U8 }, 1887 [NDA_NH_ID] = { .type = NLA_U32 }, 1888 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK), 1889 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED }, 1890 }; 1891 1892 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, 1893 struct netlink_ext_ack *extack) 1894 { 1895 struct net *net = sock_net(skb->sk); 1896 struct ndmsg *ndm; 1897 struct nlattr *dst_attr; 1898 struct neigh_table *tbl; 1899 struct neighbour *neigh; 1900 struct net_device *dev = NULL; 1901 int err = -EINVAL; 1902 1903 ASSERT_RTNL(); 1904 if (nlmsg_len(nlh) < sizeof(*ndm)) 1905 goto out; 1906 1907 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST); 1908 if (!dst_attr) { 1909 NL_SET_ERR_MSG(extack, "Network address not specified"); 1910 goto out; 1911 } 1912 1913 ndm = nlmsg_data(nlh); 1914 if (ndm->ndm_ifindex) { 1915 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1916 if (dev == NULL) { 1917 err = -ENODEV; 1918 goto out; 1919 } 1920 } 1921 1922 tbl = neigh_find_table(ndm->ndm_family); 1923 if (tbl == NULL) 1924 return -EAFNOSUPPORT; 1925 1926 if (nla_len(dst_attr) < (int)tbl->key_len) { 1927 NL_SET_ERR_MSG(extack, "Invalid network address"); 1928 goto out; 1929 } 1930 1931 if (ndm->ndm_flags & NTF_PROXY) { 1932 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev); 1933 goto out; 1934 } 1935 1936 if (dev == NULL) 1937 goto out; 1938 1939 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev); 1940 if (neigh == NULL) { 1941 err = -ENOENT; 1942 goto out; 1943 } 1944 1945 err = __neigh_update(neigh, NULL, NUD_FAILED, 1946 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN, 1947 NETLINK_CB(skb).portid, extack); 1948 write_lock_bh(&tbl->lock); 1949 neigh_release(neigh); 1950 neigh_remove_one(neigh, tbl); 1951 write_unlock_bh(&tbl->lock); 1952 1953 out: 1954 return err; 1955 } 1956 1957 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1958 struct netlink_ext_ack *extack) 1959 { 1960 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE | 1961 NEIGH_UPDATE_F_OVERRIDE_ISROUTER; 1962 struct net *net = sock_net(skb->sk); 1963 struct ndmsg *ndm; 1964 struct nlattr *tb[NDA_MAX+1]; 1965 struct neigh_table *tbl; 1966 struct net_device *dev = NULL; 1967 struct neighbour *neigh; 1968 void *dst, *lladdr; 1969 u8 protocol = 0; 1970 u32 ndm_flags; 1971 int err; 1972 1973 ASSERT_RTNL(); 1974 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX, 1975 nda_policy, extack); 1976 if (err < 0) 1977 goto out; 1978 1979 err = -EINVAL; 1980 if (!tb[NDA_DST]) { 1981 NL_SET_ERR_MSG(extack, "Network address not specified"); 1982 goto out; 1983 } 1984 1985 ndm = nlmsg_data(nlh); 1986 ndm_flags = ndm->ndm_flags; 1987 if (tb[NDA_FLAGS_EXT]) { 1988 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]); 1989 1990 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE < 1991 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE + 1992 hweight32(NTF_EXT_MASK))); 1993 ndm_flags |= (ext << NTF_EXT_SHIFT); 1994 } 1995 if (ndm->ndm_ifindex) { 1996 dev = __dev_get_by_index(net, ndm->ndm_ifindex); 1997 if (dev == NULL) { 1998 err = -ENODEV; 1999 goto out; 2000 } 2001 2002 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) { 2003 NL_SET_ERR_MSG(extack, "Invalid link address"); 2004 goto out; 2005 } 2006 } 2007 2008 tbl = neigh_find_table(ndm->ndm_family); 2009 if (tbl == NULL) 2010 return -EAFNOSUPPORT; 2011 2012 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) { 2013 NL_SET_ERR_MSG(extack, "Invalid network address"); 2014 goto out; 2015 } 2016 2017 dst = nla_data(tb[NDA_DST]); 2018 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL; 2019 2020 if (tb[NDA_PROTOCOL]) 2021 protocol = nla_get_u8(tb[NDA_PROTOCOL]); 2022 if (ndm_flags & NTF_PROXY) { 2023 struct pneigh_entry *pn; 2024 2025 if (ndm_flags & NTF_MANAGED) { 2026 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination"); 2027 goto out; 2028 } 2029 2030 err = -ENOBUFS; 2031 pn = pneigh_lookup(tbl, net, dst, dev, 1); 2032 if (pn) { 2033 pn->flags = ndm_flags; 2034 if (protocol) 2035 pn->protocol = protocol; 2036 err = 0; 2037 } 2038 goto out; 2039 } 2040 2041 if (!dev) { 2042 NL_SET_ERR_MSG(extack, "Device not specified"); 2043 goto out; 2044 } 2045 2046 if (tbl->allow_add && !tbl->allow_add(dev, extack)) { 2047 err = -EINVAL; 2048 goto out; 2049 } 2050 2051 neigh = neigh_lookup(tbl, dst, dev); 2052 if (neigh == NULL) { 2053 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT; 2054 bool exempt_from_gc = ndm_permanent || 2055 ndm_flags & NTF_EXT_LEARNED; 2056 2057 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 2058 err = -ENOENT; 2059 goto out; 2060 } 2061 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) { 2062 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry"); 2063 err = -EINVAL; 2064 goto out; 2065 } 2066 2067 neigh = ___neigh_create(tbl, dst, dev, 2068 ndm_flags & 2069 (NTF_EXT_LEARNED | NTF_MANAGED), 2070 exempt_from_gc, true); 2071 if (IS_ERR(neigh)) { 2072 err = PTR_ERR(neigh); 2073 goto out; 2074 } 2075 } else { 2076 if (nlh->nlmsg_flags & NLM_F_EXCL) { 2077 err = -EEXIST; 2078 neigh_release(neigh); 2079 goto out; 2080 } 2081 2082 if (!(nlh->nlmsg_flags & NLM_F_REPLACE)) 2083 flags &= ~(NEIGH_UPDATE_F_OVERRIDE | 2084 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 2085 } 2086 2087 if (protocol) 2088 neigh->protocol = protocol; 2089 if (ndm_flags & NTF_EXT_LEARNED) 2090 flags |= NEIGH_UPDATE_F_EXT_LEARNED; 2091 if (ndm_flags & NTF_ROUTER) 2092 flags |= NEIGH_UPDATE_F_ISROUTER; 2093 if (ndm_flags & NTF_MANAGED) 2094 flags |= NEIGH_UPDATE_F_MANAGED; 2095 if (ndm_flags & NTF_USE) 2096 flags |= NEIGH_UPDATE_F_USE; 2097 2098 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags, 2099 NETLINK_CB(skb).portid, extack); 2100 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) { 2101 neigh_event_send(neigh, NULL); 2102 err = 0; 2103 } 2104 neigh_release(neigh); 2105 out: 2106 return err; 2107 } 2108 2109 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) 2110 { 2111 struct nlattr *nest; 2112 2113 nest = nla_nest_start_noflag(skb, NDTA_PARMS); 2114 if (nest == NULL) 2115 return -ENOBUFS; 2116 2117 if ((parms->dev && 2118 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) || 2119 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) || 2120 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, 2121 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) || 2122 /* approximative value for deprecated QUEUE_LEN (in packets) */ 2123 nla_put_u32(skb, NDTPA_QUEUE_LEN, 2124 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) || 2125 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) || 2126 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) || 2127 nla_put_u32(skb, NDTPA_UCAST_PROBES, 2128 NEIGH_VAR(parms, UCAST_PROBES)) || 2129 nla_put_u32(skb, NDTPA_MCAST_PROBES, 2130 NEIGH_VAR(parms, MCAST_PROBES)) || 2131 nla_put_u32(skb, NDTPA_MCAST_REPROBES, 2132 NEIGH_VAR(parms, MCAST_REPROBES)) || 2133 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time, 2134 NDTPA_PAD) || 2135 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME, 2136 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) || 2137 nla_put_msecs(skb, NDTPA_GC_STALETIME, 2138 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) || 2139 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME, 2140 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) || 2141 nla_put_msecs(skb, NDTPA_RETRANS_TIME, 2142 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) || 2143 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY, 2144 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) || 2145 nla_put_msecs(skb, NDTPA_PROXY_DELAY, 2146 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) || 2147 nla_put_msecs(skb, NDTPA_LOCKTIME, 2148 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) || 2149 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS, 2150 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD)) 2151 goto nla_put_failure; 2152 return nla_nest_end(skb, nest); 2153 2154 nla_put_failure: 2155 nla_nest_cancel(skb, nest); 2156 return -EMSGSIZE; 2157 } 2158 2159 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 2160 u32 pid, u32 seq, int type, int flags) 2161 { 2162 struct nlmsghdr *nlh; 2163 struct ndtmsg *ndtmsg; 2164 2165 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2166 if (nlh == NULL) 2167 return -EMSGSIZE; 2168 2169 ndtmsg = nlmsg_data(nlh); 2170 2171 read_lock_bh(&tbl->lock); 2172 ndtmsg->ndtm_family = tbl->family; 2173 ndtmsg->ndtm_pad1 = 0; 2174 ndtmsg->ndtm_pad2 = 0; 2175 2176 if (nla_put_string(skb, NDTA_NAME, tbl->id) || 2177 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) || 2178 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) || 2179 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) || 2180 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3)) 2181 goto nla_put_failure; 2182 { 2183 unsigned long now = jiffies; 2184 long flush_delta = now - tbl->last_flush; 2185 long rand_delta = now - tbl->last_rand; 2186 struct neigh_hash_table *nht; 2187 struct ndt_config ndc = { 2188 .ndtc_key_len = tbl->key_len, 2189 .ndtc_entry_size = tbl->entry_size, 2190 .ndtc_entries = atomic_read(&tbl->entries), 2191 .ndtc_last_flush = jiffies_to_msecs(flush_delta), 2192 .ndtc_last_rand = jiffies_to_msecs(rand_delta), 2193 .ndtc_proxy_qlen = tbl->proxy_queue.qlen, 2194 }; 2195 2196 rcu_read_lock_bh(); 2197 nht = rcu_dereference_bh(tbl->nht); 2198 ndc.ndtc_hash_rnd = nht->hash_rnd[0]; 2199 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1); 2200 rcu_read_unlock_bh(); 2201 2202 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc)) 2203 goto nla_put_failure; 2204 } 2205 2206 { 2207 int cpu; 2208 struct ndt_stats ndst; 2209 2210 memset(&ndst, 0, sizeof(ndst)); 2211 2212 for_each_possible_cpu(cpu) { 2213 struct neigh_statistics *st; 2214 2215 st = per_cpu_ptr(tbl->stats, cpu); 2216 ndst.ndts_allocs += st->allocs; 2217 ndst.ndts_destroys += st->destroys; 2218 ndst.ndts_hash_grows += st->hash_grows; 2219 ndst.ndts_res_failed += st->res_failed; 2220 ndst.ndts_lookups += st->lookups; 2221 ndst.ndts_hits += st->hits; 2222 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast; 2223 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast; 2224 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs; 2225 ndst.ndts_forced_gc_runs += st->forced_gc_runs; 2226 ndst.ndts_table_fulls += st->table_fulls; 2227 } 2228 2229 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst, 2230 NDTA_PAD)) 2231 goto nla_put_failure; 2232 } 2233 2234 BUG_ON(tbl->parms.dev); 2235 if (neightbl_fill_parms(skb, &tbl->parms) < 0) 2236 goto nla_put_failure; 2237 2238 read_unlock_bh(&tbl->lock); 2239 nlmsg_end(skb, nlh); 2240 return 0; 2241 2242 nla_put_failure: 2243 read_unlock_bh(&tbl->lock); 2244 nlmsg_cancel(skb, nlh); 2245 return -EMSGSIZE; 2246 } 2247 2248 static int neightbl_fill_param_info(struct sk_buff *skb, 2249 struct neigh_table *tbl, 2250 struct neigh_parms *parms, 2251 u32 pid, u32 seq, int type, 2252 unsigned int flags) 2253 { 2254 struct ndtmsg *ndtmsg; 2255 struct nlmsghdr *nlh; 2256 2257 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags); 2258 if (nlh == NULL) 2259 return -EMSGSIZE; 2260 2261 ndtmsg = nlmsg_data(nlh); 2262 2263 read_lock_bh(&tbl->lock); 2264 ndtmsg->ndtm_family = tbl->family; 2265 ndtmsg->ndtm_pad1 = 0; 2266 ndtmsg->ndtm_pad2 = 0; 2267 2268 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 || 2269 neightbl_fill_parms(skb, parms) < 0) 2270 goto errout; 2271 2272 read_unlock_bh(&tbl->lock); 2273 nlmsg_end(skb, nlh); 2274 return 0; 2275 errout: 2276 read_unlock_bh(&tbl->lock); 2277 nlmsg_cancel(skb, nlh); 2278 return -EMSGSIZE; 2279 } 2280 2281 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = { 2282 [NDTA_NAME] = { .type = NLA_STRING }, 2283 [NDTA_THRESH1] = { .type = NLA_U32 }, 2284 [NDTA_THRESH2] = { .type = NLA_U32 }, 2285 [NDTA_THRESH3] = { .type = NLA_U32 }, 2286 [NDTA_GC_INTERVAL] = { .type = NLA_U64 }, 2287 [NDTA_PARMS] = { .type = NLA_NESTED }, 2288 }; 2289 2290 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = { 2291 [NDTPA_IFINDEX] = { .type = NLA_U32 }, 2292 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 }, 2293 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 }, 2294 [NDTPA_APP_PROBES] = { .type = NLA_U32 }, 2295 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 }, 2296 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 }, 2297 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 }, 2298 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 }, 2299 [NDTPA_GC_STALETIME] = { .type = NLA_U64 }, 2300 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 }, 2301 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 }, 2302 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 }, 2303 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 }, 2304 [NDTPA_LOCKTIME] = { .type = NLA_U64 }, 2305 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 }, 2306 }; 2307 2308 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, 2309 struct netlink_ext_ack *extack) 2310 { 2311 struct net *net = sock_net(skb->sk); 2312 struct neigh_table *tbl; 2313 struct ndtmsg *ndtmsg; 2314 struct nlattr *tb[NDTA_MAX+1]; 2315 bool found = false; 2316 int err, tidx; 2317 2318 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX, 2319 nl_neightbl_policy, extack); 2320 if (err < 0) 2321 goto errout; 2322 2323 if (tb[NDTA_NAME] == NULL) { 2324 err = -EINVAL; 2325 goto errout; 2326 } 2327 2328 ndtmsg = nlmsg_data(nlh); 2329 2330 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2331 tbl = neigh_tables[tidx]; 2332 if (!tbl) 2333 continue; 2334 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2335 continue; 2336 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2337 found = true; 2338 break; 2339 } 2340 } 2341 2342 if (!found) 2343 return -ENOENT; 2344 2345 /* 2346 * We acquire tbl->lock to be nice to the periodic timers and 2347 * make sure they always see a consistent set of values. 2348 */ 2349 write_lock_bh(&tbl->lock); 2350 2351 if (tb[NDTA_PARMS]) { 2352 struct nlattr *tbp[NDTPA_MAX+1]; 2353 struct neigh_parms *p; 2354 int i, ifindex = 0; 2355 2356 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX, 2357 tb[NDTA_PARMS], 2358 nl_ntbl_parm_policy, extack); 2359 if (err < 0) 2360 goto errout_tbl_lock; 2361 2362 if (tbp[NDTPA_IFINDEX]) 2363 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]); 2364 2365 p = lookup_neigh_parms(tbl, net, ifindex); 2366 if (p == NULL) { 2367 err = -ENOENT; 2368 goto errout_tbl_lock; 2369 } 2370 2371 for (i = 1; i <= NDTPA_MAX; i++) { 2372 if (tbp[i] == NULL) 2373 continue; 2374 2375 switch (i) { 2376 case NDTPA_QUEUE_LEN: 2377 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2378 nla_get_u32(tbp[i]) * 2379 SKB_TRUESIZE(ETH_FRAME_LEN)); 2380 break; 2381 case NDTPA_QUEUE_LENBYTES: 2382 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES, 2383 nla_get_u32(tbp[i])); 2384 break; 2385 case NDTPA_PROXY_QLEN: 2386 NEIGH_VAR_SET(p, PROXY_QLEN, 2387 nla_get_u32(tbp[i])); 2388 break; 2389 case NDTPA_APP_PROBES: 2390 NEIGH_VAR_SET(p, APP_PROBES, 2391 nla_get_u32(tbp[i])); 2392 break; 2393 case NDTPA_UCAST_PROBES: 2394 NEIGH_VAR_SET(p, UCAST_PROBES, 2395 nla_get_u32(tbp[i])); 2396 break; 2397 case NDTPA_MCAST_PROBES: 2398 NEIGH_VAR_SET(p, MCAST_PROBES, 2399 nla_get_u32(tbp[i])); 2400 break; 2401 case NDTPA_MCAST_REPROBES: 2402 NEIGH_VAR_SET(p, MCAST_REPROBES, 2403 nla_get_u32(tbp[i])); 2404 break; 2405 case NDTPA_BASE_REACHABLE_TIME: 2406 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME, 2407 nla_get_msecs(tbp[i])); 2408 /* update reachable_time as well, otherwise, the change will 2409 * only be effective after the next time neigh_periodic_work 2410 * decides to recompute it (can be multiple minutes) 2411 */ 2412 p->reachable_time = 2413 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 2414 break; 2415 case NDTPA_GC_STALETIME: 2416 NEIGH_VAR_SET(p, GC_STALETIME, 2417 nla_get_msecs(tbp[i])); 2418 break; 2419 case NDTPA_DELAY_PROBE_TIME: 2420 NEIGH_VAR_SET(p, DELAY_PROBE_TIME, 2421 nla_get_msecs(tbp[i])); 2422 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 2423 break; 2424 case NDTPA_INTERVAL_PROBE_TIME_MS: 2425 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS, 2426 nla_get_msecs(tbp[i])); 2427 break; 2428 case NDTPA_RETRANS_TIME: 2429 NEIGH_VAR_SET(p, RETRANS_TIME, 2430 nla_get_msecs(tbp[i])); 2431 break; 2432 case NDTPA_ANYCAST_DELAY: 2433 NEIGH_VAR_SET(p, ANYCAST_DELAY, 2434 nla_get_msecs(tbp[i])); 2435 break; 2436 case NDTPA_PROXY_DELAY: 2437 NEIGH_VAR_SET(p, PROXY_DELAY, 2438 nla_get_msecs(tbp[i])); 2439 break; 2440 case NDTPA_LOCKTIME: 2441 NEIGH_VAR_SET(p, LOCKTIME, 2442 nla_get_msecs(tbp[i])); 2443 break; 2444 } 2445 } 2446 } 2447 2448 err = -ENOENT; 2449 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || 2450 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && 2451 !net_eq(net, &init_net)) 2452 goto errout_tbl_lock; 2453 2454 if (tb[NDTA_THRESH1]) 2455 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]); 2456 2457 if (tb[NDTA_THRESH2]) 2458 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]); 2459 2460 if (tb[NDTA_THRESH3]) 2461 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]); 2462 2463 if (tb[NDTA_GC_INTERVAL]) 2464 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]); 2465 2466 err = 0; 2467 2468 errout_tbl_lock: 2469 write_unlock_bh(&tbl->lock); 2470 errout: 2471 return err; 2472 } 2473 2474 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh, 2475 struct netlink_ext_ack *extack) 2476 { 2477 struct ndtmsg *ndtm; 2478 2479 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) { 2480 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request"); 2481 return -EINVAL; 2482 } 2483 2484 ndtm = nlmsg_data(nlh); 2485 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) { 2486 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request"); 2487 return -EINVAL; 2488 } 2489 2490 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) { 2491 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request"); 2492 return -EINVAL; 2493 } 2494 2495 return 0; 2496 } 2497 2498 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2499 { 2500 const struct nlmsghdr *nlh = cb->nlh; 2501 struct net *net = sock_net(skb->sk); 2502 int family, tidx, nidx = 0; 2503 int tbl_skip = cb->args[0]; 2504 int neigh_skip = cb->args[1]; 2505 struct neigh_table *tbl; 2506 2507 if (cb->strict_check) { 2508 int err = neightbl_valid_dump_info(nlh, cb->extack); 2509 2510 if (err < 0) 2511 return err; 2512 } 2513 2514 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2515 2516 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2517 struct neigh_parms *p; 2518 2519 tbl = neigh_tables[tidx]; 2520 if (!tbl) 2521 continue; 2522 2523 if (tidx < tbl_skip || (family && tbl->family != family)) 2524 continue; 2525 2526 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid, 2527 nlh->nlmsg_seq, RTM_NEWNEIGHTBL, 2528 NLM_F_MULTI) < 0) 2529 break; 2530 2531 nidx = 0; 2532 p = list_next_entry(&tbl->parms, list); 2533 list_for_each_entry_from(p, &tbl->parms_list, list) { 2534 if (!net_eq(neigh_parms_net(p), net)) 2535 continue; 2536 2537 if (nidx < neigh_skip) 2538 goto next; 2539 2540 if (neightbl_fill_param_info(skb, tbl, p, 2541 NETLINK_CB(cb->skb).portid, 2542 nlh->nlmsg_seq, 2543 RTM_NEWNEIGHTBL, 2544 NLM_F_MULTI) < 0) 2545 goto out; 2546 next: 2547 nidx++; 2548 } 2549 2550 neigh_skip = 0; 2551 } 2552 out: 2553 cb->args[0] = tidx; 2554 cb->args[1] = nidx; 2555 2556 return skb->len; 2557 } 2558 2559 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh, 2560 u32 pid, u32 seq, int type, unsigned int flags) 2561 { 2562 u32 neigh_flags, neigh_flags_ext; 2563 unsigned long now = jiffies; 2564 struct nda_cacheinfo ci; 2565 struct nlmsghdr *nlh; 2566 struct ndmsg *ndm; 2567 2568 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2569 if (nlh == NULL) 2570 return -EMSGSIZE; 2571 2572 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT; 2573 neigh_flags = neigh->flags & NTF_OLD_MASK; 2574 2575 ndm = nlmsg_data(nlh); 2576 ndm->ndm_family = neigh->ops->family; 2577 ndm->ndm_pad1 = 0; 2578 ndm->ndm_pad2 = 0; 2579 ndm->ndm_flags = neigh_flags; 2580 ndm->ndm_type = neigh->type; 2581 ndm->ndm_ifindex = neigh->dev->ifindex; 2582 2583 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key)) 2584 goto nla_put_failure; 2585 2586 read_lock_bh(&neigh->lock); 2587 ndm->ndm_state = neigh->nud_state; 2588 if (neigh->nud_state & NUD_VALID) { 2589 char haddr[MAX_ADDR_LEN]; 2590 2591 neigh_ha_snapshot(haddr, neigh, neigh->dev); 2592 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) { 2593 read_unlock_bh(&neigh->lock); 2594 goto nla_put_failure; 2595 } 2596 } 2597 2598 ci.ndm_used = jiffies_to_clock_t(now - neigh->used); 2599 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed); 2600 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated); 2601 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1; 2602 read_unlock_bh(&neigh->lock); 2603 2604 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) || 2605 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 2606 goto nla_put_failure; 2607 2608 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol)) 2609 goto nla_put_failure; 2610 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2611 goto nla_put_failure; 2612 2613 nlmsg_end(skb, nlh); 2614 return 0; 2615 2616 nla_put_failure: 2617 nlmsg_cancel(skb, nlh); 2618 return -EMSGSIZE; 2619 } 2620 2621 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, 2622 u32 pid, u32 seq, int type, unsigned int flags, 2623 struct neigh_table *tbl) 2624 { 2625 u32 neigh_flags, neigh_flags_ext; 2626 struct nlmsghdr *nlh; 2627 struct ndmsg *ndm; 2628 2629 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags); 2630 if (nlh == NULL) 2631 return -EMSGSIZE; 2632 2633 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT; 2634 neigh_flags = pn->flags & NTF_OLD_MASK; 2635 2636 ndm = nlmsg_data(nlh); 2637 ndm->ndm_family = tbl->family; 2638 ndm->ndm_pad1 = 0; 2639 ndm->ndm_pad2 = 0; 2640 ndm->ndm_flags = neigh_flags | NTF_PROXY; 2641 ndm->ndm_type = RTN_UNICAST; 2642 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; 2643 ndm->ndm_state = NUD_NONE; 2644 2645 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) 2646 goto nla_put_failure; 2647 2648 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol)) 2649 goto nla_put_failure; 2650 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext)) 2651 goto nla_put_failure; 2652 2653 nlmsg_end(skb, nlh); 2654 return 0; 2655 2656 nla_put_failure: 2657 nlmsg_cancel(skb, nlh); 2658 return -EMSGSIZE; 2659 } 2660 2661 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid) 2662 { 2663 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh); 2664 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid); 2665 } 2666 2667 static bool neigh_master_filtered(struct net_device *dev, int master_idx) 2668 { 2669 struct net_device *master; 2670 2671 if (!master_idx) 2672 return false; 2673 2674 master = dev ? netdev_master_upper_dev_get(dev) : NULL; 2675 2676 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another 2677 * invalid value for ifindex to denote "no master". 2678 */ 2679 if (master_idx == -1) 2680 return !!master; 2681 2682 if (!master || master->ifindex != master_idx) 2683 return true; 2684 2685 return false; 2686 } 2687 2688 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx) 2689 { 2690 if (filter_idx && (!dev || dev->ifindex != filter_idx)) 2691 return true; 2692 2693 return false; 2694 } 2695 2696 struct neigh_dump_filter { 2697 int master_idx; 2698 int dev_idx; 2699 }; 2700 2701 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2702 struct netlink_callback *cb, 2703 struct neigh_dump_filter *filter) 2704 { 2705 struct net *net = sock_net(skb->sk); 2706 struct neighbour *n; 2707 int rc, h, s_h = cb->args[1]; 2708 int idx, s_idx = idx = cb->args[2]; 2709 struct neigh_hash_table *nht; 2710 unsigned int flags = NLM_F_MULTI; 2711 2712 if (filter->dev_idx || filter->master_idx) 2713 flags |= NLM_F_DUMP_FILTERED; 2714 2715 rcu_read_lock_bh(); 2716 nht = rcu_dereference_bh(tbl->nht); 2717 2718 for (h = s_h; h < (1 << nht->hash_shift); h++) { 2719 if (h > s_h) 2720 s_idx = 0; 2721 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0; 2722 n != NULL; 2723 n = rcu_dereference_bh(n->next)) { 2724 if (idx < s_idx || !net_eq(dev_net(n->dev), net)) 2725 goto next; 2726 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2727 neigh_master_filtered(n->dev, filter->master_idx)) 2728 goto next; 2729 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2730 cb->nlh->nlmsg_seq, 2731 RTM_NEWNEIGH, 2732 flags) < 0) { 2733 rc = -1; 2734 goto out; 2735 } 2736 next: 2737 idx++; 2738 } 2739 } 2740 rc = skb->len; 2741 out: 2742 rcu_read_unlock_bh(); 2743 cb->args[1] = h; 2744 cb->args[2] = idx; 2745 return rc; 2746 } 2747 2748 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, 2749 struct netlink_callback *cb, 2750 struct neigh_dump_filter *filter) 2751 { 2752 struct pneigh_entry *n; 2753 struct net *net = sock_net(skb->sk); 2754 int rc, h, s_h = cb->args[3]; 2755 int idx, s_idx = idx = cb->args[4]; 2756 unsigned int flags = NLM_F_MULTI; 2757 2758 if (filter->dev_idx || filter->master_idx) 2759 flags |= NLM_F_DUMP_FILTERED; 2760 2761 read_lock_bh(&tbl->lock); 2762 2763 for (h = s_h; h <= PNEIGH_HASHMASK; h++) { 2764 if (h > s_h) 2765 s_idx = 0; 2766 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { 2767 if (idx < s_idx || pneigh_net(n) != net) 2768 goto next; 2769 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) || 2770 neigh_master_filtered(n->dev, filter->master_idx)) 2771 goto next; 2772 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid, 2773 cb->nlh->nlmsg_seq, 2774 RTM_NEWNEIGH, flags, tbl) < 0) { 2775 read_unlock_bh(&tbl->lock); 2776 rc = -1; 2777 goto out; 2778 } 2779 next: 2780 idx++; 2781 } 2782 } 2783 2784 read_unlock_bh(&tbl->lock); 2785 rc = skb->len; 2786 out: 2787 cb->args[3] = h; 2788 cb->args[4] = idx; 2789 return rc; 2790 2791 } 2792 2793 static int neigh_valid_dump_req(const struct nlmsghdr *nlh, 2794 bool strict_check, 2795 struct neigh_dump_filter *filter, 2796 struct netlink_ext_ack *extack) 2797 { 2798 struct nlattr *tb[NDA_MAX + 1]; 2799 int err, i; 2800 2801 if (strict_check) { 2802 struct ndmsg *ndm; 2803 2804 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2805 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request"); 2806 return -EINVAL; 2807 } 2808 2809 ndm = nlmsg_data(nlh); 2810 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex || 2811 ndm->ndm_state || ndm->ndm_type) { 2812 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request"); 2813 return -EINVAL; 2814 } 2815 2816 if (ndm->ndm_flags & ~NTF_PROXY) { 2817 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request"); 2818 return -EINVAL; 2819 } 2820 2821 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), 2822 tb, NDA_MAX, nda_policy, 2823 extack); 2824 } else { 2825 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb, 2826 NDA_MAX, nda_policy, extack); 2827 } 2828 if (err < 0) 2829 return err; 2830 2831 for (i = 0; i <= NDA_MAX; ++i) { 2832 if (!tb[i]) 2833 continue; 2834 2835 /* all new attributes should require strict_check */ 2836 switch (i) { 2837 case NDA_IFINDEX: 2838 filter->dev_idx = nla_get_u32(tb[i]); 2839 break; 2840 case NDA_MASTER: 2841 filter->master_idx = nla_get_u32(tb[i]); 2842 break; 2843 default: 2844 if (strict_check) { 2845 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request"); 2846 return -EINVAL; 2847 } 2848 } 2849 } 2850 2851 return 0; 2852 } 2853 2854 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) 2855 { 2856 const struct nlmsghdr *nlh = cb->nlh; 2857 struct neigh_dump_filter filter = {}; 2858 struct neigh_table *tbl; 2859 int t, family, s_t; 2860 int proxy = 0; 2861 int err; 2862 2863 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; 2864 2865 /* check for full ndmsg structure presence, family member is 2866 * the same for both structures 2867 */ 2868 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) && 2869 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY) 2870 proxy = 1; 2871 2872 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack); 2873 if (err < 0 && cb->strict_check) 2874 return err; 2875 2876 s_t = cb->args[0]; 2877 2878 for (t = 0; t < NEIGH_NR_TABLES; t++) { 2879 tbl = neigh_tables[t]; 2880 2881 if (!tbl) 2882 continue; 2883 if (t < s_t || (family && tbl->family != family)) 2884 continue; 2885 if (t > s_t) 2886 memset(&cb->args[1], 0, sizeof(cb->args) - 2887 sizeof(cb->args[0])); 2888 if (proxy) 2889 err = pneigh_dump_table(tbl, skb, cb, &filter); 2890 else 2891 err = neigh_dump_table(tbl, skb, cb, &filter); 2892 if (err < 0) 2893 break; 2894 } 2895 2896 cb->args[0] = t; 2897 return skb->len; 2898 } 2899 2900 static int neigh_valid_get_req(const struct nlmsghdr *nlh, 2901 struct neigh_table **tbl, 2902 void **dst, int *dev_idx, u8 *ndm_flags, 2903 struct netlink_ext_ack *extack) 2904 { 2905 struct nlattr *tb[NDA_MAX + 1]; 2906 struct ndmsg *ndm; 2907 int err, i; 2908 2909 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) { 2910 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request"); 2911 return -EINVAL; 2912 } 2913 2914 ndm = nlmsg_data(nlh); 2915 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state || 2916 ndm->ndm_type) { 2917 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request"); 2918 return -EINVAL; 2919 } 2920 2921 if (ndm->ndm_flags & ~NTF_PROXY) { 2922 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request"); 2923 return -EINVAL; 2924 } 2925 2926 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb, 2927 NDA_MAX, nda_policy, extack); 2928 if (err < 0) 2929 return err; 2930 2931 *ndm_flags = ndm->ndm_flags; 2932 *dev_idx = ndm->ndm_ifindex; 2933 *tbl = neigh_find_table(ndm->ndm_family); 2934 if (*tbl == NULL) { 2935 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request"); 2936 return -EAFNOSUPPORT; 2937 } 2938 2939 for (i = 0; i <= NDA_MAX; ++i) { 2940 if (!tb[i]) 2941 continue; 2942 2943 switch (i) { 2944 case NDA_DST: 2945 if (nla_len(tb[i]) != (int)(*tbl)->key_len) { 2946 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request"); 2947 return -EINVAL; 2948 } 2949 *dst = nla_data(tb[i]); 2950 break; 2951 default: 2952 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request"); 2953 return -EINVAL; 2954 } 2955 } 2956 2957 return 0; 2958 } 2959 2960 static inline size_t neigh_nlmsg_size(void) 2961 { 2962 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2963 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2964 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */ 2965 + nla_total_size(sizeof(struct nda_cacheinfo)) 2966 + nla_total_size(4) /* NDA_PROBES */ 2967 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2968 + nla_total_size(1); /* NDA_PROTOCOL */ 2969 } 2970 2971 static int neigh_get_reply(struct net *net, struct neighbour *neigh, 2972 u32 pid, u32 seq) 2973 { 2974 struct sk_buff *skb; 2975 int err = 0; 2976 2977 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL); 2978 if (!skb) 2979 return -ENOBUFS; 2980 2981 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0); 2982 if (err) { 2983 kfree_skb(skb); 2984 goto errout; 2985 } 2986 2987 err = rtnl_unicast(skb, net, pid); 2988 errout: 2989 return err; 2990 } 2991 2992 static inline size_t pneigh_nlmsg_size(void) 2993 { 2994 return NLMSG_ALIGN(sizeof(struct ndmsg)) 2995 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */ 2996 + nla_total_size(4) /* NDA_FLAGS_EXT */ 2997 + nla_total_size(1); /* NDA_PROTOCOL */ 2998 } 2999 3000 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh, 3001 u32 pid, u32 seq, struct neigh_table *tbl) 3002 { 3003 struct sk_buff *skb; 3004 int err = 0; 3005 3006 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL); 3007 if (!skb) 3008 return -ENOBUFS; 3009 3010 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl); 3011 if (err) { 3012 kfree_skb(skb); 3013 goto errout; 3014 } 3015 3016 err = rtnl_unicast(skb, net, pid); 3017 errout: 3018 return err; 3019 } 3020 3021 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 3022 struct netlink_ext_ack *extack) 3023 { 3024 struct net *net = sock_net(in_skb->sk); 3025 struct net_device *dev = NULL; 3026 struct neigh_table *tbl = NULL; 3027 struct neighbour *neigh; 3028 void *dst = NULL; 3029 u8 ndm_flags = 0; 3030 int dev_idx = 0; 3031 int err; 3032 3033 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags, 3034 extack); 3035 if (err < 0) 3036 return err; 3037 3038 if (dev_idx) { 3039 dev = __dev_get_by_index(net, dev_idx); 3040 if (!dev) { 3041 NL_SET_ERR_MSG(extack, "Unknown device ifindex"); 3042 return -ENODEV; 3043 } 3044 } 3045 3046 if (!dst) { 3047 NL_SET_ERR_MSG(extack, "Network address not specified"); 3048 return -EINVAL; 3049 } 3050 3051 if (ndm_flags & NTF_PROXY) { 3052 struct pneigh_entry *pn; 3053 3054 pn = pneigh_lookup(tbl, net, dst, dev, 0); 3055 if (!pn) { 3056 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found"); 3057 return -ENOENT; 3058 } 3059 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid, 3060 nlh->nlmsg_seq, tbl); 3061 } 3062 3063 if (!dev) { 3064 NL_SET_ERR_MSG(extack, "No device specified"); 3065 return -EINVAL; 3066 } 3067 3068 neigh = neigh_lookup(tbl, dst, dev); 3069 if (!neigh) { 3070 NL_SET_ERR_MSG(extack, "Neighbour entry not found"); 3071 return -ENOENT; 3072 } 3073 3074 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid, 3075 nlh->nlmsg_seq); 3076 3077 neigh_release(neigh); 3078 3079 return err; 3080 } 3081 3082 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) 3083 { 3084 int chain; 3085 struct neigh_hash_table *nht; 3086 3087 rcu_read_lock_bh(); 3088 nht = rcu_dereference_bh(tbl->nht); 3089 3090 read_lock(&tbl->lock); /* avoid resizes */ 3091 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3092 struct neighbour *n; 3093 3094 for (n = rcu_dereference_bh(nht->hash_buckets[chain]); 3095 n != NULL; 3096 n = rcu_dereference_bh(n->next)) 3097 cb(n, cookie); 3098 } 3099 read_unlock(&tbl->lock); 3100 rcu_read_unlock_bh(); 3101 } 3102 EXPORT_SYMBOL(neigh_for_each); 3103 3104 /* The tbl->lock must be held as a writer and BH disabled. */ 3105 void __neigh_for_each_release(struct neigh_table *tbl, 3106 int (*cb)(struct neighbour *)) 3107 { 3108 int chain; 3109 struct neigh_hash_table *nht; 3110 3111 nht = rcu_dereference_protected(tbl->nht, 3112 lockdep_is_held(&tbl->lock)); 3113 for (chain = 0; chain < (1 << nht->hash_shift); chain++) { 3114 struct neighbour *n; 3115 struct neighbour __rcu **np; 3116 3117 np = &nht->hash_buckets[chain]; 3118 while ((n = rcu_dereference_protected(*np, 3119 lockdep_is_held(&tbl->lock))) != NULL) { 3120 int release; 3121 3122 write_lock(&n->lock); 3123 release = cb(n); 3124 if (release) { 3125 rcu_assign_pointer(*np, 3126 rcu_dereference_protected(n->next, 3127 lockdep_is_held(&tbl->lock))); 3128 neigh_mark_dead(n); 3129 } else 3130 np = &n->next; 3131 write_unlock(&n->lock); 3132 if (release) 3133 neigh_cleanup_and_release(n); 3134 } 3135 } 3136 } 3137 EXPORT_SYMBOL(__neigh_for_each_release); 3138 3139 int neigh_xmit(int index, struct net_device *dev, 3140 const void *addr, struct sk_buff *skb) 3141 { 3142 int err = -EAFNOSUPPORT; 3143 if (likely(index < NEIGH_NR_TABLES)) { 3144 struct neigh_table *tbl; 3145 struct neighbour *neigh; 3146 3147 tbl = neigh_tables[index]; 3148 if (!tbl) 3149 goto out; 3150 rcu_read_lock_bh(); 3151 if (index == NEIGH_ARP_TABLE) { 3152 u32 key = *((u32 *)addr); 3153 3154 neigh = __ipv4_neigh_lookup_noref(dev, key); 3155 } else { 3156 neigh = __neigh_lookup_noref(tbl, addr, dev); 3157 } 3158 if (!neigh) 3159 neigh = __neigh_create(tbl, addr, dev, false); 3160 err = PTR_ERR(neigh); 3161 if (IS_ERR(neigh)) { 3162 rcu_read_unlock_bh(); 3163 goto out_kfree_skb; 3164 } 3165 err = neigh->output(neigh, skb); 3166 rcu_read_unlock_bh(); 3167 } 3168 else if (index == NEIGH_LINK_TABLE) { 3169 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 3170 addr, NULL, skb->len); 3171 if (err < 0) 3172 goto out_kfree_skb; 3173 err = dev_queue_xmit(skb); 3174 } 3175 out: 3176 return err; 3177 out_kfree_skb: 3178 kfree_skb(skb); 3179 goto out; 3180 } 3181 EXPORT_SYMBOL(neigh_xmit); 3182 3183 #ifdef CONFIG_PROC_FS 3184 3185 static struct neighbour *neigh_get_first(struct seq_file *seq) 3186 { 3187 struct neigh_seq_state *state = seq->private; 3188 struct net *net = seq_file_net(seq); 3189 struct neigh_hash_table *nht = state->nht; 3190 struct neighbour *n = NULL; 3191 int bucket; 3192 3193 state->flags &= ~NEIGH_SEQ_IS_PNEIGH; 3194 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) { 3195 n = rcu_dereference_bh(nht->hash_buckets[bucket]); 3196 3197 while (n) { 3198 if (!net_eq(dev_net(n->dev), net)) 3199 goto next; 3200 if (state->neigh_sub_iter) { 3201 loff_t fakep = 0; 3202 void *v; 3203 3204 v = state->neigh_sub_iter(state, n, &fakep); 3205 if (!v) 3206 goto next; 3207 } 3208 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3209 break; 3210 if (n->nud_state & ~NUD_NOARP) 3211 break; 3212 next: 3213 n = rcu_dereference_bh(n->next); 3214 } 3215 3216 if (n) 3217 break; 3218 } 3219 state->bucket = bucket; 3220 3221 return n; 3222 } 3223 3224 static struct neighbour *neigh_get_next(struct seq_file *seq, 3225 struct neighbour *n, 3226 loff_t *pos) 3227 { 3228 struct neigh_seq_state *state = seq->private; 3229 struct net *net = seq_file_net(seq); 3230 struct neigh_hash_table *nht = state->nht; 3231 3232 if (state->neigh_sub_iter) { 3233 void *v = state->neigh_sub_iter(state, n, pos); 3234 if (v) 3235 return n; 3236 } 3237 n = rcu_dereference_bh(n->next); 3238 3239 while (1) { 3240 while (n) { 3241 if (!net_eq(dev_net(n->dev), net)) 3242 goto next; 3243 if (state->neigh_sub_iter) { 3244 void *v = state->neigh_sub_iter(state, n, pos); 3245 if (v) 3246 return n; 3247 goto next; 3248 } 3249 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) 3250 break; 3251 3252 if (n->nud_state & ~NUD_NOARP) 3253 break; 3254 next: 3255 n = rcu_dereference_bh(n->next); 3256 } 3257 3258 if (n) 3259 break; 3260 3261 if (++state->bucket >= (1 << nht->hash_shift)) 3262 break; 3263 3264 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]); 3265 } 3266 3267 if (n && pos) 3268 --(*pos); 3269 return n; 3270 } 3271 3272 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) 3273 { 3274 struct neighbour *n = neigh_get_first(seq); 3275 3276 if (n) { 3277 --(*pos); 3278 while (*pos) { 3279 n = neigh_get_next(seq, n, pos); 3280 if (!n) 3281 break; 3282 } 3283 } 3284 return *pos ? NULL : n; 3285 } 3286 3287 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) 3288 { 3289 struct neigh_seq_state *state = seq->private; 3290 struct net *net = seq_file_net(seq); 3291 struct neigh_table *tbl = state->tbl; 3292 struct pneigh_entry *pn = NULL; 3293 int bucket; 3294 3295 state->flags |= NEIGH_SEQ_IS_PNEIGH; 3296 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { 3297 pn = tbl->phash_buckets[bucket]; 3298 while (pn && !net_eq(pneigh_net(pn), net)) 3299 pn = pn->next; 3300 if (pn) 3301 break; 3302 } 3303 state->bucket = bucket; 3304 3305 return pn; 3306 } 3307 3308 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, 3309 struct pneigh_entry *pn, 3310 loff_t *pos) 3311 { 3312 struct neigh_seq_state *state = seq->private; 3313 struct net *net = seq_file_net(seq); 3314 struct neigh_table *tbl = state->tbl; 3315 3316 do { 3317 pn = pn->next; 3318 } while (pn && !net_eq(pneigh_net(pn), net)); 3319 3320 while (!pn) { 3321 if (++state->bucket > PNEIGH_HASHMASK) 3322 break; 3323 pn = tbl->phash_buckets[state->bucket]; 3324 while (pn && !net_eq(pneigh_net(pn), net)) 3325 pn = pn->next; 3326 if (pn) 3327 break; 3328 } 3329 3330 if (pn && pos) 3331 --(*pos); 3332 3333 return pn; 3334 } 3335 3336 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) 3337 { 3338 struct pneigh_entry *pn = pneigh_get_first(seq); 3339 3340 if (pn) { 3341 --(*pos); 3342 while (*pos) { 3343 pn = pneigh_get_next(seq, pn, pos); 3344 if (!pn) 3345 break; 3346 } 3347 } 3348 return *pos ? NULL : pn; 3349 } 3350 3351 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) 3352 { 3353 struct neigh_seq_state *state = seq->private; 3354 void *rc; 3355 loff_t idxpos = *pos; 3356 3357 rc = neigh_get_idx(seq, &idxpos); 3358 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3359 rc = pneigh_get_idx(seq, &idxpos); 3360 3361 return rc; 3362 } 3363 3364 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) 3365 __acquires(tbl->lock) 3366 __acquires(rcu_bh) 3367 { 3368 struct neigh_seq_state *state = seq->private; 3369 3370 state->tbl = tbl; 3371 state->bucket = 0; 3372 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); 3373 3374 rcu_read_lock_bh(); 3375 state->nht = rcu_dereference_bh(tbl->nht); 3376 read_lock(&tbl->lock); 3377 3378 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN; 3379 } 3380 EXPORT_SYMBOL(neigh_seq_start); 3381 3382 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3383 { 3384 struct neigh_seq_state *state; 3385 void *rc; 3386 3387 if (v == SEQ_START_TOKEN) { 3388 rc = neigh_get_first(seq); 3389 goto out; 3390 } 3391 3392 state = seq->private; 3393 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { 3394 rc = neigh_get_next(seq, v, NULL); 3395 if (rc) 3396 goto out; 3397 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 3398 rc = pneigh_get_first(seq); 3399 } else { 3400 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); 3401 rc = pneigh_get_next(seq, v, NULL); 3402 } 3403 out: 3404 ++(*pos); 3405 return rc; 3406 } 3407 EXPORT_SYMBOL(neigh_seq_next); 3408 3409 void neigh_seq_stop(struct seq_file *seq, void *v) 3410 __releases(tbl->lock) 3411 __releases(rcu_bh) 3412 { 3413 struct neigh_seq_state *state = seq->private; 3414 struct neigh_table *tbl = state->tbl; 3415 3416 read_unlock(&tbl->lock); 3417 rcu_read_unlock_bh(); 3418 } 3419 EXPORT_SYMBOL(neigh_seq_stop); 3420 3421 /* statistics via seq_file */ 3422 3423 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) 3424 { 3425 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3426 int cpu; 3427 3428 if (*pos == 0) 3429 return SEQ_START_TOKEN; 3430 3431 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) { 3432 if (!cpu_possible(cpu)) 3433 continue; 3434 *pos = cpu+1; 3435 return per_cpu_ptr(tbl->stats, cpu); 3436 } 3437 return NULL; 3438 } 3439 3440 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3441 { 3442 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3443 int cpu; 3444 3445 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) { 3446 if (!cpu_possible(cpu)) 3447 continue; 3448 *pos = cpu+1; 3449 return per_cpu_ptr(tbl->stats, cpu); 3450 } 3451 (*pos)++; 3452 return NULL; 3453 } 3454 3455 static void neigh_stat_seq_stop(struct seq_file *seq, void *v) 3456 { 3457 3458 } 3459 3460 static int neigh_stat_seq_show(struct seq_file *seq, void *v) 3461 { 3462 struct neigh_table *tbl = pde_data(file_inode(seq->file)); 3463 struct neigh_statistics *st = v; 3464 3465 if (v == SEQ_START_TOKEN) { 3466 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n"); 3467 return 0; 3468 } 3469 3470 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 3471 "%08lx %08lx %08lx " 3472 "%08lx %08lx %08lx\n", 3473 atomic_read(&tbl->entries), 3474 3475 st->allocs, 3476 st->destroys, 3477 st->hash_grows, 3478 3479 st->lookups, 3480 st->hits, 3481 3482 st->res_failed, 3483 3484 st->rcv_probes_mcast, 3485 st->rcv_probes_ucast, 3486 3487 st->periodic_gc_runs, 3488 st->forced_gc_runs, 3489 st->unres_discards, 3490 st->table_fulls 3491 ); 3492 3493 return 0; 3494 } 3495 3496 static const struct seq_operations neigh_stat_seq_ops = { 3497 .start = neigh_stat_seq_start, 3498 .next = neigh_stat_seq_next, 3499 .stop = neigh_stat_seq_stop, 3500 .show = neigh_stat_seq_show, 3501 }; 3502 #endif /* CONFIG_PROC_FS */ 3503 3504 static void __neigh_notify(struct neighbour *n, int type, int flags, 3505 u32 pid) 3506 { 3507 struct net *net = dev_net(n->dev); 3508 struct sk_buff *skb; 3509 int err = -ENOBUFS; 3510 3511 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC); 3512 if (skb == NULL) 3513 goto errout; 3514 3515 err = neigh_fill_info(skb, n, pid, 0, type, flags); 3516 if (err < 0) { 3517 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */ 3518 WARN_ON(err == -EMSGSIZE); 3519 kfree_skb(skb); 3520 goto errout; 3521 } 3522 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 3523 return; 3524 errout: 3525 if (err < 0) 3526 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 3527 } 3528 3529 void neigh_app_ns(struct neighbour *n) 3530 { 3531 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0); 3532 } 3533 EXPORT_SYMBOL(neigh_app_ns); 3534 3535 #ifdef CONFIG_SYSCTL 3536 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3537 3538 static int proc_unres_qlen(struct ctl_table *ctl, int write, 3539 void *buffer, size_t *lenp, loff_t *ppos) 3540 { 3541 int size, ret; 3542 struct ctl_table tmp = *ctl; 3543 3544 tmp.extra1 = SYSCTL_ZERO; 3545 tmp.extra2 = &unres_qlen_max; 3546 tmp.data = &size; 3547 3548 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN); 3549 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3550 3551 if (write && !ret) 3552 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 3553 return ret; 3554 } 3555 3556 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, 3557 int index) 3558 { 3559 struct net_device *dev; 3560 int family = neigh_parms_family(p); 3561 3562 rcu_read_lock(); 3563 for_each_netdev_rcu(net, dev) { 3564 struct neigh_parms *dst_p = 3565 neigh_get_dev_parms_rcu(dev, family); 3566 3567 if (dst_p && !test_bit(index, dst_p->data_state)) 3568 dst_p->data[index] = p->data[index]; 3569 } 3570 rcu_read_unlock(); 3571 } 3572 3573 static void neigh_proc_update(struct ctl_table *ctl, int write) 3574 { 3575 struct net_device *dev = ctl->extra1; 3576 struct neigh_parms *p = ctl->extra2; 3577 struct net *net = neigh_parms_net(p); 3578 int index = (int *) ctl->data - p->data; 3579 3580 if (!write) 3581 return; 3582 3583 set_bit(index, p->data_state); 3584 if (index == NEIGH_VAR_DELAY_PROBE_TIME) 3585 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p); 3586 if (!dev) /* NULL dev means this is default value */ 3587 neigh_copy_dflt_parms(net, p, index); 3588 } 3589 3590 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 3591 void *buffer, size_t *lenp, 3592 loff_t *ppos) 3593 { 3594 struct ctl_table tmp = *ctl; 3595 int ret; 3596 3597 tmp.extra1 = SYSCTL_ZERO; 3598 tmp.extra2 = SYSCTL_INT_MAX; 3599 3600 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 3601 neigh_proc_update(ctl, write); 3602 return ret; 3603 } 3604 3605 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write, 3606 void *buffer, size_t *lenp, loff_t *ppos) 3607 { 3608 struct ctl_table tmp = *ctl; 3609 int ret; 3610 3611 int min = msecs_to_jiffies(1); 3612 3613 tmp.extra1 = &min; 3614 tmp.extra2 = NULL; 3615 3616 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos); 3617 neigh_proc_update(ctl, write); 3618 return ret; 3619 } 3620 3621 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer, 3622 size_t *lenp, loff_t *ppos) 3623 { 3624 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3625 3626 neigh_proc_update(ctl, write); 3627 return ret; 3628 } 3629 EXPORT_SYMBOL(neigh_proc_dointvec); 3630 3631 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer, 3632 size_t *lenp, loff_t *ppos) 3633 { 3634 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3635 3636 neigh_proc_update(ctl, write); 3637 return ret; 3638 } 3639 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3640 3641 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 3642 void *buffer, size_t *lenp, 3643 loff_t *ppos) 3644 { 3645 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3646 3647 neigh_proc_update(ctl, write); 3648 return ret; 3649 } 3650 3651 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 3652 void *buffer, size_t *lenp, loff_t *ppos) 3653 { 3654 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3655 3656 neigh_proc_update(ctl, write); 3657 return ret; 3658 } 3659 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3660 3661 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 3662 void *buffer, size_t *lenp, 3663 loff_t *ppos) 3664 { 3665 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3666 3667 neigh_proc_update(ctl, write); 3668 return ret; 3669 } 3670 3671 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 3672 void *buffer, size_t *lenp, 3673 loff_t *ppos) 3674 { 3675 struct neigh_parms *p = ctl->extra2; 3676 int ret; 3677 3678 if (strcmp(ctl->procname, "base_reachable_time") == 0) 3679 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); 3680 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0) 3681 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3682 else 3683 ret = -1; 3684 3685 if (write && ret == 0) { 3686 /* update reachable_time as well, otherwise, the change will 3687 * only be effective after the next time neigh_periodic_work 3688 * decides to recompute it 3689 */ 3690 p->reachable_time = 3691 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 3692 } 3693 return ret; 3694 } 3695 3696 #define NEIGH_PARMS_DATA_OFFSET(index) \ 3697 (&((struct neigh_parms *) 0)->data[index]) 3698 3699 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \ 3700 [NEIGH_VAR_ ## attr] = { \ 3701 .procname = name, \ 3702 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \ 3703 .maxlen = sizeof(int), \ 3704 .mode = mval, \ 3705 .proc_handler = proc, \ 3706 } 3707 3708 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \ 3709 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax) 3710 3711 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \ 3712 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies) 3713 3714 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \ 3715 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies) 3716 3717 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \ 3718 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive) 3719 3720 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \ 3721 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies) 3722 3723 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \ 3724 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen) 3725 3726 static struct neigh_sysctl_table { 3727 struct ctl_table_header *sysctl_header; 3728 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1]; 3729 } neigh_sysctl_template __read_mostly = { 3730 .neigh_vars = { 3731 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"), 3732 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"), 3733 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"), 3734 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"), 3735 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"), 3736 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"), 3737 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"), 3738 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS, 3739 "interval_probe_time_ms"), 3740 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"), 3741 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"), 3742 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"), 3743 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"), 3744 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"), 3745 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"), 3746 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"), 3747 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"), 3748 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"), 3749 [NEIGH_VAR_GC_INTERVAL] = { 3750 .procname = "gc_interval", 3751 .maxlen = sizeof(int), 3752 .mode = 0644, 3753 .proc_handler = proc_dointvec_jiffies, 3754 }, 3755 [NEIGH_VAR_GC_THRESH1] = { 3756 .procname = "gc_thresh1", 3757 .maxlen = sizeof(int), 3758 .mode = 0644, 3759 .extra1 = SYSCTL_ZERO, 3760 .extra2 = SYSCTL_INT_MAX, 3761 .proc_handler = proc_dointvec_minmax, 3762 }, 3763 [NEIGH_VAR_GC_THRESH2] = { 3764 .procname = "gc_thresh2", 3765 .maxlen = sizeof(int), 3766 .mode = 0644, 3767 .extra1 = SYSCTL_ZERO, 3768 .extra2 = SYSCTL_INT_MAX, 3769 .proc_handler = proc_dointvec_minmax, 3770 }, 3771 [NEIGH_VAR_GC_THRESH3] = { 3772 .procname = "gc_thresh3", 3773 .maxlen = sizeof(int), 3774 .mode = 0644, 3775 .extra1 = SYSCTL_ZERO, 3776 .extra2 = SYSCTL_INT_MAX, 3777 .proc_handler = proc_dointvec_minmax, 3778 }, 3779 {}, 3780 }, 3781 }; 3782 3783 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, 3784 proc_handler *handler) 3785 { 3786 int i; 3787 struct neigh_sysctl_table *t; 3788 const char *dev_name_source; 3789 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ]; 3790 char *p_name; 3791 3792 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT); 3793 if (!t) 3794 goto err; 3795 3796 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) { 3797 t->neigh_vars[i].data += (long) p; 3798 t->neigh_vars[i].extra1 = dev; 3799 t->neigh_vars[i].extra2 = p; 3800 } 3801 3802 if (dev) { 3803 dev_name_source = dev->name; 3804 /* Terminate the table early */ 3805 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0, 3806 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL])); 3807 } else { 3808 struct neigh_table *tbl = p->tbl; 3809 dev_name_source = "default"; 3810 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval; 3811 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1; 3812 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2; 3813 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3; 3814 } 3815 3816 if (handler) { 3817 /* RetransTime */ 3818 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler; 3819 /* ReachableTime */ 3820 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler; 3821 /* RetransTime (in milliseconds)*/ 3822 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler; 3823 /* ReachableTime (in milliseconds) */ 3824 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler; 3825 } else { 3826 /* Those handlers will update p->reachable_time after 3827 * base_reachable_time(_ms) is set to ensure the new timer starts being 3828 * applied after the next neighbour update instead of waiting for 3829 * neigh_periodic_work to update its value (can be multiple minutes) 3830 * So any handler that replaces them should do this as well 3831 */ 3832 /* ReachableTime */ 3833 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = 3834 neigh_proc_base_reachable_time; 3835 /* ReachableTime (in milliseconds) */ 3836 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = 3837 neigh_proc_base_reachable_time; 3838 } 3839 3840 switch (neigh_parms_family(p)) { 3841 case AF_INET: 3842 p_name = "ipv4"; 3843 break; 3844 case AF_INET6: 3845 p_name = "ipv6"; 3846 break; 3847 default: 3848 BUG(); 3849 } 3850 3851 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3852 p_name, dev_name_source); 3853 t->sysctl_header = 3854 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars); 3855 if (!t->sysctl_header) 3856 goto free; 3857 3858 p->sysctl_table = t; 3859 return 0; 3860 3861 free: 3862 kfree(t); 3863 err: 3864 return -ENOBUFS; 3865 } 3866 EXPORT_SYMBOL(neigh_sysctl_register); 3867 3868 void neigh_sysctl_unregister(struct neigh_parms *p) 3869 { 3870 if (p->sysctl_table) { 3871 struct neigh_sysctl_table *t = p->sysctl_table; 3872 p->sysctl_table = NULL; 3873 unregister_net_sysctl_table(t->sysctl_header); 3874 kfree(t); 3875 } 3876 } 3877 EXPORT_SYMBOL(neigh_sysctl_unregister); 3878 3879 #endif /* CONFIG_SYSCTL */ 3880 3881 static int __init neigh_init(void) 3882 { 3883 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0); 3884 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0); 3885 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0); 3886 3887 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info, 3888 0); 3889 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0); 3890 3891 return 0; 3892 } 3893 3894 subsys_initcall(neigh_init); 3895