1f30c2269SUwe Zeisberger /* linux/net/ipv4/arp.c 21da177e4SLinus Torvalds * 31da177e4SLinus Torvalds * Copyright (C) 1994 by Florian La Roche 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * This module implements the Address Resolution Protocol ARP (RFC 826), 61da177e4SLinus Torvalds * which is used to convert IP addresses (or in the future maybe other 71da177e4SLinus Torvalds * high-level addresses) into a low-level hardware address (like an Ethernet 81da177e4SLinus Torvalds * address). 91da177e4SLinus Torvalds * 101da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 111da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 121da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 131da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 141da177e4SLinus Torvalds * 151da177e4SLinus Torvalds * Fixes: 161da177e4SLinus Torvalds * Alan Cox : Removed the Ethernet assumptions in 171da177e4SLinus Torvalds * Florian's code 181da177e4SLinus Torvalds * Alan Cox : Fixed some small errors in the ARP 191da177e4SLinus Torvalds * logic 201da177e4SLinus Torvalds * Alan Cox : Allow >4K in /proc 211da177e4SLinus Torvalds * Alan Cox : Make ARP add its own protocol entry 221da177e4SLinus Torvalds * Ross Martin : Rewrote arp_rcv() and arp_get_info() 231da177e4SLinus Torvalds * Stephen Henson : Add AX25 support to arp_get_info() 241da177e4SLinus Torvalds * Alan Cox : Drop data when a device is downed. 251da177e4SLinus Torvalds * Alan Cox : Use init_timer(). 261da177e4SLinus Torvalds * Alan Cox : Double lock fixes. 271da177e4SLinus Torvalds * Martin Seine : Move the arphdr structure 281da177e4SLinus Torvalds * to if_arp.h for compatibility. 291da177e4SLinus Torvalds * with BSD based programs. 301da177e4SLinus Torvalds * Andrew Tridgell : Added ARP netmask code and 311da177e4SLinus Torvalds * re-arranged proxy handling. 321da177e4SLinus Torvalds * Alan Cox : Changed to use notifiers. 331da177e4SLinus Torvalds * Niibe Yutaka : Reply for this device or proxies only. 341da177e4SLinus Torvalds * Alan Cox : Don't proxy across hardware types! 351da177e4SLinus Torvalds * Jonathan Naylor : Added support for NET/ROM. 361da177e4SLinus Torvalds * Mike Shaver : RFC1122 checks. 371da177e4SLinus Torvalds * Jonathan Naylor : Only lookup the hardware address for 381da177e4SLinus Torvalds * the correct hardware type. 391da177e4SLinus Torvalds * Germano Caronni : Assorted subtle races. 401da177e4SLinus Torvalds * Craig Schlenter : Don't modify permanent entry 411da177e4SLinus Torvalds * during arp_rcv. 421da177e4SLinus Torvalds * Russ Nelson : Tidied up a few bits. 431da177e4SLinus Torvalds * Alexey Kuznetsov: Major changes to caching and behaviour, 441da177e4SLinus Torvalds * eg intelligent arp probing and 451da177e4SLinus Torvalds * generation 461da177e4SLinus Torvalds * of host down events. 471da177e4SLinus Torvalds * Alan Cox : Missing unlock in device events. 481da177e4SLinus Torvalds * Eckes : ARP ioctl control errors. 491da177e4SLinus Torvalds * Alexey Kuznetsov: Arp free fix. 501da177e4SLinus Torvalds * Manuel Rodriguez: Gratuitous ARP. 511da177e4SLinus Torvalds * Jonathan Layes : Added arpd support through kerneld 521da177e4SLinus Torvalds * message queue (960314) 531da177e4SLinus Torvalds * Mike Shaver : /proc/sys/net/ipv4/arp_* support 541da177e4SLinus Torvalds * Mike McLagan : Routing by source 551da177e4SLinus Torvalds * Stuart Cheshire : Metricom and grat arp fixes 561da177e4SLinus Torvalds * *** FOR 2.1 clean this up *** 571da177e4SLinus Torvalds * Lawrence V. Stefani: (08/12/96) Added FDDI support. 581da177e4SLinus Torvalds * Alan Cox : Took the AP1000 nasty FDDI hack and 591da177e4SLinus Torvalds * folded into the mainstream FDDI code. 601da177e4SLinus Torvalds * Ack spit, Linus how did you allow that 611da177e4SLinus Torvalds * one in... 621da177e4SLinus Torvalds * Jes Sorensen : Make FDDI work again in 2.1.x and 631da177e4SLinus Torvalds * clean up the APFDDI & gen. FDDI bits. 641da177e4SLinus Torvalds * Alexey Kuznetsov: new arp state machine; 651da177e4SLinus Torvalds * now it is in net/core/neighbour.c. 661da177e4SLinus Torvalds * Krzysztof Halasa: Added Frame Relay ARP support. 671da177e4SLinus Torvalds * Arnaldo C. Melo : convert /proc/net/arp to seq_file 681da177e4SLinus Torvalds * Shmulik Hen: Split arp_send to arp_create and 691da177e4SLinus Torvalds * arp_xmit so intermediate drivers like 701da177e4SLinus Torvalds * bonding can change the skb before 711da177e4SLinus Torvalds * sending (e.g. insert 8021q tag). 721da177e4SLinus Torvalds * Harald Welte : convert to make use of jenkins hash 7365324144SJesper Dangaard Brouer * Jesper D. Brouer: Proxy ARP PVLAN RFC 3069 support. 741da177e4SLinus Torvalds */ 751da177e4SLinus Torvalds 7691df42beSJoe Perches #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7791df42beSJoe Perches 781da177e4SLinus Torvalds #include <linux/module.h> 791da177e4SLinus Torvalds #include <linux/types.h> 801da177e4SLinus Torvalds #include <linux/string.h> 811da177e4SLinus Torvalds #include <linux/kernel.h> 824fc268d2SRandy Dunlap #include <linux/capability.h> 831da177e4SLinus Torvalds #include <linux/socket.h> 841da177e4SLinus Torvalds #include <linux/sockios.h> 851da177e4SLinus Torvalds #include <linux/errno.h> 861da177e4SLinus Torvalds #include <linux/in.h> 871da177e4SLinus Torvalds #include <linux/mm.h> 881da177e4SLinus Torvalds #include <linux/inet.h> 8914c85021SArnaldo Carvalho de Melo #include <linux/inetdevice.h> 901da177e4SLinus Torvalds #include <linux/netdevice.h> 911da177e4SLinus Torvalds #include <linux/etherdevice.h> 921da177e4SLinus Torvalds #include <linux/fddidevice.h> 931da177e4SLinus Torvalds #include <linux/if_arp.h> 941da177e4SLinus Torvalds #include <linux/skbuff.h> 951da177e4SLinus Torvalds #include <linux/proc_fs.h> 961da177e4SLinus Torvalds #include <linux/seq_file.h> 971da177e4SLinus Torvalds #include <linux/stat.h> 981da177e4SLinus Torvalds #include <linux/init.h> 991da177e4SLinus Torvalds #include <linux/net.h> 1001da177e4SLinus Torvalds #include <linux/rcupdate.h> 1015a0e3ad6STejun Heo #include <linux/slab.h> 1021da177e4SLinus Torvalds #ifdef CONFIG_SYSCTL 1031da177e4SLinus Torvalds #include <linux/sysctl.h> 1041da177e4SLinus Torvalds #endif 1051da177e4SLinus Torvalds 106457c4cbcSEric W. Biederman #include <net/net_namespace.h> 1071da177e4SLinus Torvalds #include <net/ip.h> 1081da177e4SLinus Torvalds #include <net/icmp.h> 1091da177e4SLinus Torvalds #include <net/route.h> 1101da177e4SLinus Torvalds #include <net/protocol.h> 1111da177e4SLinus Torvalds #include <net/tcp.h> 1121da177e4SLinus Torvalds #include <net/sock.h> 1131da177e4SLinus Torvalds #include <net/arp.h> 1141da177e4SLinus Torvalds #include <net/ax25.h> 1151da177e4SLinus Torvalds #include <net/netrom.h> 11663d008a4SJiri Benc #include <net/dst_metadata.h> 11763d008a4SJiri Benc #include <net/ip_tunnels.h> 1181da177e4SLinus Torvalds 119deffd777SChangli Gao #include <linux/uaccess.h> 1201da177e4SLinus Torvalds 1211da177e4SLinus Torvalds #include <linux/netfilter_arp.h> 1221da177e4SLinus Torvalds 1231da177e4SLinus Torvalds /* 1241da177e4SLinus Torvalds * Interface to generic neighbour cache. 1251da177e4SLinus Torvalds */ 1262c2aba6cSDavid S. Miller static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 *hash_rnd); 12760395a20SEric W. Biederman static bool arp_key_eq(const struct neighbour *n, const void *pkey); 1281da177e4SLinus Torvalds static int arp_constructor(struct neighbour *neigh); 1291da177e4SLinus Torvalds static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb); 1301da177e4SLinus Torvalds static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb); 1311da177e4SLinus Torvalds static void parp_redo(struct sk_buff *skb); 1321da177e4SLinus Torvalds 13389d69d2bSStephen Hemminger static const struct neigh_ops arp_generic_ops = { 1341da177e4SLinus Torvalds .family = AF_INET, 1351da177e4SLinus Torvalds .solicit = arp_solicit, 1361da177e4SLinus Torvalds .error_report = arp_error_report, 1371da177e4SLinus Torvalds .output = neigh_resolve_output, 1381da177e4SLinus Torvalds .connected_output = neigh_connected_output, 1391da177e4SLinus Torvalds }; 1401da177e4SLinus Torvalds 14189d69d2bSStephen Hemminger static const struct neigh_ops arp_hh_ops = { 1421da177e4SLinus Torvalds .family = AF_INET, 1431da177e4SLinus Torvalds .solicit = arp_solicit, 1441da177e4SLinus Torvalds .error_report = arp_error_report, 1451da177e4SLinus Torvalds .output = neigh_resolve_output, 1461da177e4SLinus Torvalds .connected_output = neigh_resolve_output, 1471da177e4SLinus Torvalds }; 1481da177e4SLinus Torvalds 14989d69d2bSStephen Hemminger static const struct neigh_ops arp_direct_ops = { 1501da177e4SLinus Torvalds .family = AF_INET, 1518f40b161SDavid S. Miller .output = neigh_direct_output, 1528f40b161SDavid S. Miller .connected_output = neigh_direct_output, 1531da177e4SLinus Torvalds }; 1541da177e4SLinus Torvalds 1551da177e4SLinus Torvalds struct neigh_table arp_tbl = { 1561da177e4SLinus Torvalds .family = AF_INET, 1571da177e4SLinus Torvalds .key_len = 4, 158bdf53c58SEric W. Biederman .protocol = cpu_to_be16(ETH_P_IP), 1591da177e4SLinus Torvalds .hash = arp_hash, 16060395a20SEric W. Biederman .key_eq = arp_key_eq, 1611da177e4SLinus Torvalds .constructor = arp_constructor, 1621da177e4SLinus Torvalds .proxy_redo = parp_redo, 1631da177e4SLinus Torvalds .id = "arp_cache", 1641da177e4SLinus Torvalds .parms = { 1651da177e4SLinus Torvalds .tbl = &arp_tbl, 1661da177e4SLinus Torvalds .reachable_time = 30 * HZ, 1671f9248e5SJiri Pirko .data = { 1681f9248e5SJiri Pirko [NEIGH_VAR_MCAST_PROBES] = 3, 1691f9248e5SJiri Pirko [NEIGH_VAR_UCAST_PROBES] = 3, 1701f9248e5SJiri Pirko [NEIGH_VAR_RETRANS_TIME] = 1 * HZ, 1711f9248e5SJiri Pirko [NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ, 1721f9248e5SJiri Pirko [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 1731f9248e5SJiri Pirko [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 1741f9248e5SJiri Pirko [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024, 1751f9248e5SJiri Pirko [NEIGH_VAR_PROXY_QLEN] = 64, 1761f9248e5SJiri Pirko [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 1771f9248e5SJiri Pirko [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 1781f9248e5SJiri Pirko [NEIGH_VAR_LOCKTIME] = 1 * HZ, 1791f9248e5SJiri Pirko }, 1801da177e4SLinus Torvalds }, 1811da177e4SLinus Torvalds .gc_interval = 30 * HZ, 1821da177e4SLinus Torvalds .gc_thresh1 = 128, 1831da177e4SLinus Torvalds .gc_thresh2 = 512, 1841da177e4SLinus Torvalds .gc_thresh3 = 1024, 1851da177e4SLinus Torvalds }; 1864bc2f18bSEric Dumazet EXPORT_SYMBOL(arp_tbl); 1871da177e4SLinus Torvalds 188714e85beSAl Viro int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir) 1891da177e4SLinus Torvalds { 1901da177e4SLinus Torvalds switch (dev->type) { 1911da177e4SLinus Torvalds case ARPHRD_ETHER: 1921da177e4SLinus Torvalds case ARPHRD_FDDI: 1931da177e4SLinus Torvalds case ARPHRD_IEEE802: 1941da177e4SLinus Torvalds ip_eth_mc_map(addr, haddr); 1951da177e4SLinus Torvalds return 0; 1961da177e4SLinus Torvalds case ARPHRD_INFINIBAND: 197a9e527e3SRolf Manderscheid ip_ib_mc_map(addr, dev->broadcast, haddr); 1981da177e4SLinus Torvalds return 0; 19993ca3bb5STimo Teräs case ARPHRD_IPGRE: 20093ca3bb5STimo Teräs ip_ipgre_mc_map(addr, dev->broadcast, haddr); 20193ca3bb5STimo Teräs return 0; 2021da177e4SLinus Torvalds default: 2031da177e4SLinus Torvalds if (dir) { 2041da177e4SLinus Torvalds memcpy(haddr, dev->broadcast, dev->addr_len); 2051da177e4SLinus Torvalds return 0; 2061da177e4SLinus Torvalds } 2071da177e4SLinus Torvalds } 2081da177e4SLinus Torvalds return -EINVAL; 2091da177e4SLinus Torvalds } 2101da177e4SLinus Torvalds 2111da177e4SLinus Torvalds 212d6bf7817SEric Dumazet static u32 arp_hash(const void *pkey, 213d6bf7817SEric Dumazet const struct net_device *dev, 2142c2aba6cSDavid S. Miller __u32 *hash_rnd) 2151da177e4SLinus Torvalds { 21660395a20SEric W. Biederman return arp_hashfn(pkey, dev, hash_rnd); 21760395a20SEric W. Biederman } 21860395a20SEric W. Biederman 21960395a20SEric W. Biederman static bool arp_key_eq(const struct neighbour *neigh, const void *pkey) 22060395a20SEric W. Biederman { 22160395a20SEric W. Biederman return neigh_key_eq32(neigh, pkey); 2221da177e4SLinus Torvalds } 2231da177e4SLinus Torvalds 2241da177e4SLinus Torvalds static int arp_constructor(struct neighbour *neigh) 2251da177e4SLinus Torvalds { 226fd683222SAl Viro __be32 addr = *(__be32 *)neigh->primary_key; 2271da177e4SLinus Torvalds struct net_device *dev = neigh->dev; 2281da177e4SLinus Torvalds struct in_device *in_dev; 2291da177e4SLinus Torvalds struct neigh_parms *parms; 2301da177e4SLinus Torvalds 2311da177e4SLinus Torvalds rcu_read_lock(); 232e5ed6399SHerbert Xu in_dev = __in_dev_get_rcu(dev); 23351456b29SIan Morris if (!in_dev) { 2341da177e4SLinus Torvalds rcu_read_unlock(); 2351da177e4SLinus Torvalds return -EINVAL; 2361da177e4SLinus Torvalds } 2371da177e4SLinus Torvalds 23830bbaa19SDavid Ahern neigh->type = inet_addr_type_dev_table(dev_net(dev), dev, addr); 239a79878f0SDenis V. Lunev 2401da177e4SLinus Torvalds parms = in_dev->arp_parms; 2411da177e4SLinus Torvalds __neigh_parms_put(neigh->parms); 2421da177e4SLinus Torvalds neigh->parms = neigh_parms_clone(parms); 2431da177e4SLinus Torvalds rcu_read_unlock(); 2441da177e4SLinus Torvalds 2453b04dddeSStephen Hemminger if (!dev->header_ops) { 2461da177e4SLinus Torvalds neigh->nud_state = NUD_NOARP; 2471da177e4SLinus Torvalds neigh->ops = &arp_direct_ops; 2488f40b161SDavid S. Miller neigh->output = neigh_direct_output; 2491da177e4SLinus Torvalds } else { 2501da177e4SLinus Torvalds /* Good devices (checked by reading texts, but only Ethernet is 2511da177e4SLinus Torvalds tested) 2521da177e4SLinus Torvalds 2531da177e4SLinus Torvalds ARPHRD_ETHER: (ethernet, apfddi) 2541da177e4SLinus Torvalds ARPHRD_FDDI: (fddi) 2551da177e4SLinus Torvalds ARPHRD_IEEE802: (tr) 2561da177e4SLinus Torvalds ARPHRD_METRICOM: (strip) 2571da177e4SLinus Torvalds ARPHRD_ARCNET: 2581da177e4SLinus Torvalds etc. etc. etc. 2591da177e4SLinus Torvalds 2601da177e4SLinus Torvalds ARPHRD_IPDDP will also work, if author repairs it. 2611da177e4SLinus Torvalds I did not it, because this driver does not work even 2621da177e4SLinus Torvalds in old paradigm. 2631da177e4SLinus Torvalds */ 2641da177e4SLinus Torvalds 2651da177e4SLinus Torvalds if (neigh->type == RTN_MULTICAST) { 2661da177e4SLinus Torvalds neigh->nud_state = NUD_NOARP; 2671da177e4SLinus Torvalds arp_mc_map(addr, neigh->ha, dev, 1); 2681da177e4SLinus Torvalds } else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) { 2691da177e4SLinus Torvalds neigh->nud_state = NUD_NOARP; 2701da177e4SLinus Torvalds memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 271deffd777SChangli Gao } else if (neigh->type == RTN_BROADCAST || 272deffd777SChangli Gao (dev->flags & IFF_POINTOPOINT)) { 2731da177e4SLinus Torvalds neigh->nud_state = NUD_NOARP; 2741da177e4SLinus Torvalds memcpy(neigh->ha, dev->broadcast, dev->addr_len); 2751da177e4SLinus Torvalds } 2763b04dddeSStephen Hemminger 2773b04dddeSStephen Hemminger if (dev->header_ops->cache) 2781da177e4SLinus Torvalds neigh->ops = &arp_hh_ops; 2791da177e4SLinus Torvalds else 2801da177e4SLinus Torvalds neigh->ops = &arp_generic_ops; 2813b04dddeSStephen Hemminger 2821da177e4SLinus Torvalds if (neigh->nud_state & NUD_VALID) 2831da177e4SLinus Torvalds neigh->output = neigh->ops->connected_output; 2841da177e4SLinus Torvalds else 2851da177e4SLinus Torvalds neigh->output = neigh->ops->output; 2861da177e4SLinus Torvalds } 2871da177e4SLinus Torvalds return 0; 2881da177e4SLinus Torvalds } 2891da177e4SLinus Torvalds 2901da177e4SLinus Torvalds static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb) 2911da177e4SLinus Torvalds { 2921da177e4SLinus Torvalds dst_link_failure(skb); 2931da177e4SLinus Torvalds kfree_skb(skb); 2941da177e4SLinus Torvalds } 2951da177e4SLinus Torvalds 2960accfc26SThomas Graf /* Create and send an arp packet. */ 2970accfc26SThomas Graf static void arp_send_dst(int type, int ptype, __be32 dest_ip, 2980accfc26SThomas Graf struct net_device *dev, __be32 src_ip, 2990accfc26SThomas Graf const unsigned char *dest_hw, 3000accfc26SThomas Graf const unsigned char *src_hw, 30163d008a4SJiri Benc const unsigned char *target_hw, 30263d008a4SJiri Benc struct dst_entry *dst) 3030accfc26SThomas Graf { 3040accfc26SThomas Graf struct sk_buff *skb; 3050accfc26SThomas Graf 3060accfc26SThomas Graf /* arp on this interface. */ 3070accfc26SThomas Graf if (dev->flags & IFF_NOARP) 3080accfc26SThomas Graf return; 3090accfc26SThomas Graf 3100accfc26SThomas Graf skb = arp_create(type, ptype, dest_ip, dev, src_ip, 3110accfc26SThomas Graf dest_hw, src_hw, target_hw); 3120accfc26SThomas Graf if (!skb) 3130accfc26SThomas Graf return; 3140accfc26SThomas Graf 315181a4224SJiri Benc skb_dst_set(skb, dst_clone(dst)); 3160accfc26SThomas Graf arp_xmit(skb); 3170accfc26SThomas Graf } 3180accfc26SThomas Graf 3190accfc26SThomas Graf void arp_send(int type, int ptype, __be32 dest_ip, 3200accfc26SThomas Graf struct net_device *dev, __be32 src_ip, 3210accfc26SThomas Graf const unsigned char *dest_hw, const unsigned char *src_hw, 3220accfc26SThomas Graf const unsigned char *target_hw) 3230accfc26SThomas Graf { 3240accfc26SThomas Graf arp_send_dst(type, ptype, dest_ip, dev, src_ip, dest_hw, src_hw, 3250accfc26SThomas Graf target_hw, NULL); 3260accfc26SThomas Graf } 3270accfc26SThomas Graf EXPORT_SYMBOL(arp_send); 3280accfc26SThomas Graf 3291da177e4SLinus Torvalds static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb) 3301da177e4SLinus Torvalds { 331a61ced5dSAl Viro __be32 saddr = 0; 332cf0be880SCong Wang u8 dst_ha[MAX_ADDR_LEN], *dst_hw = NULL; 3331da177e4SLinus Torvalds struct net_device *dev = neigh->dev; 334a61ced5dSAl Viro __be32 target = *(__be32 *)neigh->primary_key; 3351da177e4SLinus Torvalds int probes = atomic_read(&neigh->probes); 3364b4194c4SEric Dumazet struct in_device *in_dev; 33763d008a4SJiri Benc struct dst_entry *dst = NULL; 3381da177e4SLinus Torvalds 3394b4194c4SEric Dumazet rcu_read_lock(); 3404b4194c4SEric Dumazet in_dev = __in_dev_get_rcu(dev); 3414b4194c4SEric Dumazet if (!in_dev) { 3424b4194c4SEric Dumazet rcu_read_unlock(); 3431da177e4SLinus Torvalds return; 3444b4194c4SEric Dumazet } 3451da177e4SLinus Torvalds switch (IN_DEV_ARP_ANNOUNCE(in_dev)) { 3461da177e4SLinus Torvalds default: 3471da177e4SLinus Torvalds case 0: /* By default announce any local IP */ 34830bbaa19SDavid Ahern if (skb && inet_addr_type_dev_table(dev_net(dev), dev, 349deffd777SChangli Gao ip_hdr(skb)->saddr) == RTN_LOCAL) 350eddc9ec5SArnaldo Carvalho de Melo saddr = ip_hdr(skb)->saddr; 3511da177e4SLinus Torvalds break; 3521da177e4SLinus Torvalds case 1: /* Restrict announcements of saddr in same subnet */ 3531da177e4SLinus Torvalds if (!skb) 3541da177e4SLinus Torvalds break; 355eddc9ec5SArnaldo Carvalho de Melo saddr = ip_hdr(skb)->saddr; 35630bbaa19SDavid Ahern if (inet_addr_type_dev_table(dev_net(dev), dev, 35730bbaa19SDavid Ahern saddr) == RTN_LOCAL) { 3581da177e4SLinus Torvalds /* saddr should be known to target */ 3591da177e4SLinus Torvalds if (inet_addr_onlink(in_dev, target, saddr)) 3601da177e4SLinus Torvalds break; 3611da177e4SLinus Torvalds } 3621da177e4SLinus Torvalds saddr = 0; 3631da177e4SLinus Torvalds break; 3641da177e4SLinus Torvalds case 2: /* Avoid secondary IPs, get a primary/preferred one */ 3651da177e4SLinus Torvalds break; 3661da177e4SLinus Torvalds } 3674b4194c4SEric Dumazet rcu_read_unlock(); 3681da177e4SLinus Torvalds 3691da177e4SLinus Torvalds if (!saddr) 3701da177e4SLinus Torvalds saddr = inet_select_addr(dev, target, RT_SCOPE_LINK); 3711da177e4SLinus Torvalds 3721f9248e5SJiri Pirko probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES); 373deffd777SChangli Gao if (probes < 0) { 3741da177e4SLinus Torvalds if (!(neigh->nud_state & NUD_VALID)) 37591df42beSJoe Perches pr_debug("trying to ucast probe in NUD_INVALID\n"); 3769650388bSEric Dumazet neigh_ha_snapshot(dst_ha, neigh, dev); 377cf0be880SCong Wang dst_hw = dst_ha; 378deffd777SChangli Gao } else { 3791f9248e5SJiri Pirko probes -= NEIGH_VAR(neigh->parms, APP_PROBES); 380deffd777SChangli Gao if (probes < 0) { 3811da177e4SLinus Torvalds neigh_app_ns(neigh); 3821da177e4SLinus Torvalds return; 3831da177e4SLinus Torvalds } 384deffd777SChangli Gao } 3851da177e4SLinus Torvalds 38663d008a4SJiri Benc if (skb && !(dev->priv_flags & IFF_XMIT_DST_RELEASE)) 387181a4224SJiri Benc dst = skb_dst(skb); 3880accfc26SThomas Graf arp_send_dst(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr, 38963d008a4SJiri Benc dst_hw, dev->dev_addr, NULL, dst); 3901da177e4SLinus Torvalds } 3911da177e4SLinus Torvalds 3929bd85e32SDenis V. Lunev static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip) 3931da177e4SLinus Torvalds { 394b601fa19SNicolas Dichtel struct net *net = dev_net(in_dev->dev); 3951da177e4SLinus Torvalds int scope; 3961da177e4SLinus Torvalds 3971da177e4SLinus Torvalds switch (IN_DEV_ARP_IGNORE(in_dev)) { 3981da177e4SLinus Torvalds case 0: /* Reply, the tip is already validated */ 3991da177e4SLinus Torvalds return 0; 4001da177e4SLinus Torvalds case 1: /* Reply only if tip is configured on the incoming interface */ 4011da177e4SLinus Torvalds sip = 0; 4021da177e4SLinus Torvalds scope = RT_SCOPE_HOST; 4031da177e4SLinus Torvalds break; 4041da177e4SLinus Torvalds case 2: /* 4051da177e4SLinus Torvalds * Reply only if tip is configured on the incoming interface 4061da177e4SLinus Torvalds * and is in same subnet as sip 4071da177e4SLinus Torvalds */ 4081da177e4SLinus Torvalds scope = RT_SCOPE_HOST; 4091da177e4SLinus Torvalds break; 4101da177e4SLinus Torvalds case 3: /* Do not reply for scope host addresses */ 4111da177e4SLinus Torvalds sip = 0; 4121da177e4SLinus Torvalds scope = RT_SCOPE_LINK; 413b601fa19SNicolas Dichtel in_dev = NULL; 4141da177e4SLinus Torvalds break; 4151da177e4SLinus Torvalds case 4: /* Reserved */ 4161da177e4SLinus Torvalds case 5: 4171da177e4SLinus Torvalds case 6: 4181da177e4SLinus Torvalds case 7: 4191da177e4SLinus Torvalds return 0; 4201da177e4SLinus Torvalds case 8: /* Do not reply */ 4211da177e4SLinus Torvalds return 1; 4221da177e4SLinus Torvalds default: 4231da177e4SLinus Torvalds return 0; 4241da177e4SLinus Torvalds } 425b601fa19SNicolas Dichtel return !inet_confirm_addr(net, in_dev, sip, tip, scope); 4261da177e4SLinus Torvalds } 4271da177e4SLinus Torvalds 428ed9bad06SAl Viro static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev) 4291da177e4SLinus Torvalds { 4301da177e4SLinus Torvalds struct rtable *rt; 4311da177e4SLinus Torvalds int flag = 0; 4321da177e4SLinus Torvalds /*unsigned long now; */ 433ca12a1a4SPavel Emelyanov struct net *net = dev_net(dev); 4341da177e4SLinus Torvalds 43578fbfd8aSDavid S. Miller rt = ip_route_output(net, sip, tip, 0, 0); 436b23dd4feSDavid S. Miller if (IS_ERR(rt)) 4371da177e4SLinus Torvalds return 1; 438d8d1f30bSChangli Gao if (rt->dst.dev != dev) { 43902a1d6e7SEric Dumazet __NET_INC_STATS(net, LINUX_MIB_ARPFILTER); 4401da177e4SLinus Torvalds flag = 1; 4411da177e4SLinus Torvalds } 4421da177e4SLinus Torvalds ip_rt_put(rt); 4431da177e4SLinus Torvalds return flag; 4441da177e4SLinus Torvalds } 4451da177e4SLinus Torvalds 4461da177e4SLinus Torvalds /* 4471da177e4SLinus Torvalds * Check if we can use proxy ARP for this path 4481da177e4SLinus Torvalds */ 44965324144SJesper Dangaard Brouer static inline int arp_fwd_proxy(struct in_device *in_dev, 45065324144SJesper Dangaard Brouer struct net_device *dev, struct rtable *rt) 4511da177e4SLinus Torvalds { 4521da177e4SLinus Torvalds struct in_device *out_dev; 4531da177e4SLinus Torvalds int imi, omi = -1; 4541da177e4SLinus Torvalds 455d8d1f30bSChangli Gao if (rt->dst.dev == dev) 45665324144SJesper Dangaard Brouer return 0; 45765324144SJesper Dangaard Brouer 4581da177e4SLinus Torvalds if (!IN_DEV_PROXY_ARP(in_dev)) 4591da177e4SLinus Torvalds return 0; 460deffd777SChangli Gao imi = IN_DEV_MEDIUM_ID(in_dev); 461deffd777SChangli Gao if (imi == 0) 4621da177e4SLinus Torvalds return 1; 4631da177e4SLinus Torvalds if (imi == -1) 4641da177e4SLinus Torvalds return 0; 4651da177e4SLinus Torvalds 4661da177e4SLinus Torvalds /* place to check for proxy_arp for routes */ 4671da177e4SLinus Torvalds 468d8d1f30bSChangli Gao out_dev = __in_dev_get_rcu(rt->dst.dev); 469faa9dcf7SEric Dumazet if (out_dev) 4701da177e4SLinus Torvalds omi = IN_DEV_MEDIUM_ID(out_dev); 471faa9dcf7SEric Dumazet 472a02cec21SEric Dumazet return omi != imi && omi != -1; 4731da177e4SLinus Torvalds } 4741da177e4SLinus Torvalds 4751da177e4SLinus Torvalds /* 47665324144SJesper Dangaard Brouer * Check for RFC3069 proxy arp private VLAN (allow to send back to same dev) 47765324144SJesper Dangaard Brouer * 47865324144SJesper Dangaard Brouer * RFC3069 supports proxy arp replies back to the same interface. This 47965324144SJesper Dangaard Brouer * is done to support (ethernet) switch features, like RFC 3069, where 48065324144SJesper Dangaard Brouer * the individual ports are not allowed to communicate with each 48165324144SJesper Dangaard Brouer * other, BUT they are allowed to talk to the upstream router. As 48265324144SJesper Dangaard Brouer * described in RFC 3069, it is possible to allow these hosts to 48365324144SJesper Dangaard Brouer * communicate through the upstream router, by proxy_arp'ing. 48465324144SJesper Dangaard Brouer * 48565324144SJesper Dangaard Brouer * RFC 3069: "VLAN Aggregation for Efficient IP Address Allocation" 48665324144SJesper Dangaard Brouer * 48765324144SJesper Dangaard Brouer * This technology is known by different names: 48865324144SJesper Dangaard Brouer * In RFC 3069 it is called VLAN Aggregation. 48965324144SJesper Dangaard Brouer * Cisco and Allied Telesyn call it Private VLAN. 49065324144SJesper Dangaard Brouer * Hewlett-Packard call it Source-Port filtering or port-isolation. 49165324144SJesper Dangaard Brouer * Ericsson call it MAC-Forced Forwarding (RFC Draft). 49265324144SJesper Dangaard Brouer * 49365324144SJesper Dangaard Brouer */ 49465324144SJesper Dangaard Brouer static inline int arp_fwd_pvlan(struct in_device *in_dev, 49565324144SJesper Dangaard Brouer struct net_device *dev, struct rtable *rt, 49665324144SJesper Dangaard Brouer __be32 sip, __be32 tip) 49765324144SJesper Dangaard Brouer { 49865324144SJesper Dangaard Brouer /* Private VLAN is only concerned about the same ethernet segment */ 499d8d1f30bSChangli Gao if (rt->dst.dev != dev) 50065324144SJesper Dangaard Brouer return 0; 50165324144SJesper Dangaard Brouer 50265324144SJesper Dangaard Brouer /* Don't reply on self probes (often done by windowz boxes)*/ 50365324144SJesper Dangaard Brouer if (sip == tip) 50465324144SJesper Dangaard Brouer return 0; 50565324144SJesper Dangaard Brouer 50665324144SJesper Dangaard Brouer if (IN_DEV_PROXY_ARP_PVLAN(in_dev)) 50765324144SJesper Dangaard Brouer return 1; 50865324144SJesper Dangaard Brouer else 50965324144SJesper Dangaard Brouer return 0; 51065324144SJesper Dangaard Brouer } 51165324144SJesper Dangaard Brouer 51265324144SJesper Dangaard Brouer /* 5131da177e4SLinus Torvalds * Interface to link layer: send routine and receive handler. 5141da177e4SLinus Torvalds */ 5151da177e4SLinus Torvalds 5161da177e4SLinus Torvalds /* 51751456b29SIan Morris * Create an arp packet. If dest_hw is not set, we create a broadcast 5181da177e4SLinus Torvalds * message. 5191da177e4SLinus Torvalds */ 520ed9bad06SAl Viro struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip, 521ed9bad06SAl Viro struct net_device *dev, __be32 src_ip, 522abfdf1c4SJan Engelhardt const unsigned char *dest_hw, 523abfdf1c4SJan Engelhardt const unsigned char *src_hw, 524abfdf1c4SJan Engelhardt const unsigned char *target_hw) 5251da177e4SLinus Torvalds { 5261da177e4SLinus Torvalds struct sk_buff *skb; 5271da177e4SLinus Torvalds struct arphdr *arp; 5281da177e4SLinus Torvalds unsigned char *arp_ptr; 52966088243SHerbert Xu int hlen = LL_RESERVED_SPACE(dev); 53066088243SHerbert Xu int tlen = dev->needed_tailroom; 5311da177e4SLinus Torvalds 5321da177e4SLinus Torvalds /* 5331da177e4SLinus Torvalds * Allocate a buffer 5341da177e4SLinus Torvalds */ 5351da177e4SLinus Torvalds 53666088243SHerbert Xu skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC); 53751456b29SIan Morris if (!skb) 5381da177e4SLinus Torvalds return NULL; 5391da177e4SLinus Torvalds 54066088243SHerbert Xu skb_reserve(skb, hlen); 541c1d2bbe1SArnaldo Carvalho de Melo skb_reset_network_header(skb); 542988b7050SPavel Emelyanov arp = (struct arphdr *) skb_put(skb, arp_hdr_len(dev)); 5431da177e4SLinus Torvalds skb->dev = dev; 5441da177e4SLinus Torvalds skb->protocol = htons(ETH_P_ARP); 54551456b29SIan Morris if (!src_hw) 5461da177e4SLinus Torvalds src_hw = dev->dev_addr; 54751456b29SIan Morris if (!dest_hw) 5481da177e4SLinus Torvalds dest_hw = dev->broadcast; 5491da177e4SLinus Torvalds 5501da177e4SLinus Torvalds /* 5511da177e4SLinus Torvalds * Fill the device header for the ARP frame 5521da177e4SLinus Torvalds */ 5530c4e8581SStephen Hemminger if (dev_hard_header(skb, dev, ptype, dest_hw, src_hw, skb->len) < 0) 5541da177e4SLinus Torvalds goto out; 5551da177e4SLinus Torvalds 5561da177e4SLinus Torvalds /* 5571da177e4SLinus Torvalds * Fill out the arp protocol part. 5581da177e4SLinus Torvalds * 5591da177e4SLinus Torvalds * The arp hardware type should match the device type, except for FDDI, 5601da177e4SLinus Torvalds * which (according to RFC 1390) should always equal 1 (Ethernet). 5611da177e4SLinus Torvalds */ 5621da177e4SLinus Torvalds /* 5631da177e4SLinus Torvalds * Exceptions everywhere. AX.25 uses the AX.25 PID value not the 5641da177e4SLinus Torvalds * DIX code for the protocol. Make these device structure fields. 5651da177e4SLinus Torvalds */ 5661da177e4SLinus Torvalds switch (dev->type) { 5671da177e4SLinus Torvalds default: 5681da177e4SLinus Torvalds arp->ar_hrd = htons(dev->type); 5691da177e4SLinus Torvalds arp->ar_pro = htons(ETH_P_IP); 5701da177e4SLinus Torvalds break; 5711da177e4SLinus Torvalds 57240e4783eSIgor Maravic #if IS_ENABLED(CONFIG_AX25) 5731da177e4SLinus Torvalds case ARPHRD_AX25: 5741da177e4SLinus Torvalds arp->ar_hrd = htons(ARPHRD_AX25); 5751da177e4SLinus Torvalds arp->ar_pro = htons(AX25_P_IP); 5761da177e4SLinus Torvalds break; 5771da177e4SLinus Torvalds 57840e4783eSIgor Maravic #if IS_ENABLED(CONFIG_NETROM) 5791da177e4SLinus Torvalds case ARPHRD_NETROM: 5801da177e4SLinus Torvalds arp->ar_hrd = htons(ARPHRD_NETROM); 5811da177e4SLinus Torvalds arp->ar_pro = htons(AX25_P_IP); 5821da177e4SLinus Torvalds break; 5831da177e4SLinus Torvalds #endif 5841da177e4SLinus Torvalds #endif 5851da177e4SLinus Torvalds 58640e4783eSIgor Maravic #if IS_ENABLED(CONFIG_FDDI) 5871da177e4SLinus Torvalds case ARPHRD_FDDI: 5881da177e4SLinus Torvalds arp->ar_hrd = htons(ARPHRD_ETHER); 5891da177e4SLinus Torvalds arp->ar_pro = htons(ETH_P_IP); 5901da177e4SLinus Torvalds break; 5911da177e4SLinus Torvalds #endif 5921da177e4SLinus Torvalds } 5931da177e4SLinus Torvalds 5941da177e4SLinus Torvalds arp->ar_hln = dev->addr_len; 5951da177e4SLinus Torvalds arp->ar_pln = 4; 5961da177e4SLinus Torvalds arp->ar_op = htons(type); 5971da177e4SLinus Torvalds 5981da177e4SLinus Torvalds arp_ptr = (unsigned char *)(arp + 1); 5991da177e4SLinus Torvalds 6001da177e4SLinus Torvalds memcpy(arp_ptr, src_hw, dev->addr_len); 6011da177e4SLinus Torvalds arp_ptr += dev->addr_len; 6021da177e4SLinus Torvalds memcpy(arp_ptr, &src_ip, 4); 6031da177e4SLinus Torvalds arp_ptr += 4; 6046752c8dbSYOSHIFUJI Hideaki / 吉藤英明 6056752c8dbSYOSHIFUJI Hideaki / 吉藤英明 switch (dev->type) { 6066752c8dbSYOSHIFUJI Hideaki / 吉藤英明 #if IS_ENABLED(CONFIG_FIREWIRE_NET) 6076752c8dbSYOSHIFUJI Hideaki / 吉藤英明 case ARPHRD_IEEE1394: 6086752c8dbSYOSHIFUJI Hideaki / 吉藤英明 break; 6096752c8dbSYOSHIFUJI Hideaki / 吉藤英明 #endif 6106752c8dbSYOSHIFUJI Hideaki / 吉藤英明 default: 61100db4124SIan Morris if (target_hw) 6121da177e4SLinus Torvalds memcpy(arp_ptr, target_hw, dev->addr_len); 6131da177e4SLinus Torvalds else 6141da177e4SLinus Torvalds memset(arp_ptr, 0, dev->addr_len); 6151da177e4SLinus Torvalds arp_ptr += dev->addr_len; 6166752c8dbSYOSHIFUJI Hideaki / 吉藤英明 } 6171da177e4SLinus Torvalds memcpy(arp_ptr, &dest_ip, 4); 6181da177e4SLinus Torvalds 6191da177e4SLinus Torvalds return skb; 6201da177e4SLinus Torvalds 6211da177e4SLinus Torvalds out: 6221da177e4SLinus Torvalds kfree_skb(skb); 6231da177e4SLinus Torvalds return NULL; 6241da177e4SLinus Torvalds } 6254bc2f18bSEric Dumazet EXPORT_SYMBOL(arp_create); 6261da177e4SLinus Torvalds 6270c4b51f0SEric W. Biederman static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 628f9e4306fSEric W. Biederman { 629f9e4306fSEric W. Biederman return dev_queue_xmit(skb); 630f9e4306fSEric W. Biederman } 631f9e4306fSEric W. Biederman 6321da177e4SLinus Torvalds /* 6331da177e4SLinus Torvalds * Send an arp packet. 6341da177e4SLinus Torvalds */ 6351da177e4SLinus Torvalds void arp_xmit(struct sk_buff *skb) 6361da177e4SLinus Torvalds { 6371da177e4SLinus Torvalds /* Send it off, maybe filter it using firewalling first. */ 63829a26a56SEric W. Biederman NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, 63929a26a56SEric W. Biederman dev_net(skb->dev), NULL, skb, NULL, skb->dev, 64029a26a56SEric W. Biederman arp_xmit_finish); 6411da177e4SLinus Torvalds } 6424bc2f18bSEric Dumazet EXPORT_SYMBOL(arp_xmit); 6431da177e4SLinus Torvalds 644d9ef2e7bSIhar Hrachyshka static bool arp_is_garp(struct net *net, struct net_device *dev, 645d9ef2e7bSIhar Hrachyshka int *addr_type, __be16 ar_op, 6466fd05633SIhar Hrachyshka __be32 sip, __be32 tip, 6476fd05633SIhar Hrachyshka unsigned char *sha, unsigned char *tha) 6486fd05633SIhar Hrachyshka { 649d9ef2e7bSIhar Hrachyshka bool is_garp = tip == sip; 6506fd05633SIhar Hrachyshka 6516fd05633SIhar Hrachyshka /* Gratuitous ARP _replies_ also require target hwaddr to be 6526fd05633SIhar Hrachyshka * the same as source. 6536fd05633SIhar Hrachyshka */ 6546fd05633SIhar Hrachyshka if (is_garp && ar_op == htons(ARPOP_REPLY)) 6556fd05633SIhar Hrachyshka is_garp = 6566fd05633SIhar Hrachyshka /* IPv4 over IEEE 1394 doesn't provide target 6576fd05633SIhar Hrachyshka * hardware address field in its ARP payload. 6586fd05633SIhar Hrachyshka */ 6596fd05633SIhar Hrachyshka tha && 6606fd05633SIhar Hrachyshka !memcmp(tha, sha, dev->addr_len); 6616fd05633SIhar Hrachyshka 662d9ef2e7bSIhar Hrachyshka if (is_garp) { 663d9ef2e7bSIhar Hrachyshka *addr_type = inet_addr_type_dev_table(net, dev, sip); 664d9ef2e7bSIhar Hrachyshka if (*addr_type != RTN_UNICAST) 665d9ef2e7bSIhar Hrachyshka is_garp = false; 666d9ef2e7bSIhar Hrachyshka } 6676fd05633SIhar Hrachyshka return is_garp; 6686fd05633SIhar Hrachyshka } 6696fd05633SIhar Hrachyshka 6701da177e4SLinus Torvalds /* 6711da177e4SLinus Torvalds * Process an arp request. 6721da177e4SLinus Torvalds */ 6731da177e4SLinus Torvalds 6740c4b51f0SEric W. Biederman static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) 6751da177e4SLinus Torvalds { 6761da177e4SLinus Torvalds struct net_device *dev = skb->dev; 677faa9dcf7SEric Dumazet struct in_device *in_dev = __in_dev_get_rcu(dev); 6781da177e4SLinus Torvalds struct arphdr *arp; 6791da177e4SLinus Torvalds unsigned char *arp_ptr; 6801da177e4SLinus Torvalds struct rtable *rt; 681e0260fedSMark Ryden unsigned char *sha; 68223d268ebSIhar Hrachyshka unsigned char *tha = NULL; 6839e12bb22SAl Viro __be32 sip, tip; 6841da177e4SLinus Torvalds u16 dev_type = dev->type; 6851da177e4SLinus Torvalds int addr_type; 6861da177e4SLinus Torvalds struct neighbour *n; 68763d008a4SJiri Benc struct dst_entry *reply_dst = NULL; 68856022a8fSSalam Noureddine bool is_garp = false; 6891da177e4SLinus Torvalds 6901da177e4SLinus Torvalds /* arp_rcv below verifies the ARP header and verifies the device 6911da177e4SLinus Torvalds * is ARP'able. 6921da177e4SLinus Torvalds */ 6931da177e4SLinus Torvalds 69451456b29SIan Morris if (!in_dev) 6958dfd329fSZhang Shengju goto out_free_skb; 6961da177e4SLinus Torvalds 697d0a92be0SArnaldo Carvalho de Melo arp = arp_hdr(skb); 6981da177e4SLinus Torvalds 6991da177e4SLinus Torvalds switch (dev_type) { 7001da177e4SLinus Torvalds default: 7011da177e4SLinus Torvalds if (arp->ar_pro != htons(ETH_P_IP) || 7021da177e4SLinus Torvalds htons(dev_type) != arp->ar_hrd) 7038dfd329fSZhang Shengju goto out_free_skb; 7041da177e4SLinus Torvalds break; 7051da177e4SLinus Torvalds case ARPHRD_ETHER: 7061da177e4SLinus Torvalds case ARPHRD_FDDI: 7071da177e4SLinus Torvalds case ARPHRD_IEEE802: 7081da177e4SLinus Torvalds /* 709211ed865SPaul Gortmaker * ETHERNET, and Fibre Channel (which are IEEE 802 7101da177e4SLinus Torvalds * devices, according to RFC 2625) devices will accept ARP 7111da177e4SLinus Torvalds * hardware types of either 1 (Ethernet) or 6 (IEEE 802.2). 7121da177e4SLinus Torvalds * This is the case also of FDDI, where the RFC 1390 says that 7131da177e4SLinus Torvalds * FDDI devices should accept ARP hardware of (1) Ethernet, 7141da177e4SLinus Torvalds * however, to be more robust, we'll accept both 1 (Ethernet) 7151da177e4SLinus Torvalds * or 6 (IEEE 802.2) 7161da177e4SLinus Torvalds */ 7171da177e4SLinus Torvalds if ((arp->ar_hrd != htons(ARPHRD_ETHER) && 7181da177e4SLinus Torvalds arp->ar_hrd != htons(ARPHRD_IEEE802)) || 7191da177e4SLinus Torvalds arp->ar_pro != htons(ETH_P_IP)) 7208dfd329fSZhang Shengju goto out_free_skb; 7211da177e4SLinus Torvalds break; 7221da177e4SLinus Torvalds case ARPHRD_AX25: 7231da177e4SLinus Torvalds if (arp->ar_pro != htons(AX25_P_IP) || 7241da177e4SLinus Torvalds arp->ar_hrd != htons(ARPHRD_AX25)) 7258dfd329fSZhang Shengju goto out_free_skb; 7261da177e4SLinus Torvalds break; 7271da177e4SLinus Torvalds case ARPHRD_NETROM: 7281da177e4SLinus Torvalds if (arp->ar_pro != htons(AX25_P_IP) || 7291da177e4SLinus Torvalds arp->ar_hrd != htons(ARPHRD_NETROM)) 7308dfd329fSZhang Shengju goto out_free_skb; 7311da177e4SLinus Torvalds break; 7321da177e4SLinus Torvalds } 7331da177e4SLinus Torvalds 7341da177e4SLinus Torvalds /* Understand only these message types */ 7351da177e4SLinus Torvalds 7361da177e4SLinus Torvalds if (arp->ar_op != htons(ARPOP_REPLY) && 7371da177e4SLinus Torvalds arp->ar_op != htons(ARPOP_REQUEST)) 7388dfd329fSZhang Shengju goto out_free_skb; 7391da177e4SLinus Torvalds 7401da177e4SLinus Torvalds /* 7411da177e4SLinus Torvalds * Extract fields 7421da177e4SLinus Torvalds */ 7431da177e4SLinus Torvalds arp_ptr = (unsigned char *)(arp + 1); 7441da177e4SLinus Torvalds sha = arp_ptr; 7451da177e4SLinus Torvalds arp_ptr += dev->addr_len; 7461da177e4SLinus Torvalds memcpy(&sip, arp_ptr, 4); 7471da177e4SLinus Torvalds arp_ptr += 4; 7486752c8dbSYOSHIFUJI Hideaki / 吉藤英明 switch (dev_type) { 7496752c8dbSYOSHIFUJI Hideaki / 吉藤英明 #if IS_ENABLED(CONFIG_FIREWIRE_NET) 7506752c8dbSYOSHIFUJI Hideaki / 吉藤英明 case ARPHRD_IEEE1394: 7516752c8dbSYOSHIFUJI Hideaki / 吉藤英明 break; 7526752c8dbSYOSHIFUJI Hideaki / 吉藤英明 #endif 7536752c8dbSYOSHIFUJI Hideaki / 吉藤英明 default: 75423d268ebSIhar Hrachyshka tha = arp_ptr; 7551da177e4SLinus Torvalds arp_ptr += dev->addr_len; 7566752c8dbSYOSHIFUJI Hideaki / 吉藤英明 } 7571da177e4SLinus Torvalds memcpy(&tip, arp_ptr, 4); 7581da177e4SLinus Torvalds /* 7591da177e4SLinus Torvalds * Check for bad requests for 127.x.x.x and requests for multicast 7601da177e4SLinus Torvalds * addresses. If this is one such, delete it. 7611da177e4SLinus Torvalds */ 762d0daebc3SThomas Graf if (ipv4_is_multicast(tip) || 763d0daebc3SThomas Graf (!IN_DEV_ROUTE_LOCALNET(in_dev) && ipv4_is_loopback(tip))) 7648dfd329fSZhang Shengju goto out_free_skb; 7651da177e4SLinus Torvalds 76697daf331SJohannes Berg /* 76797daf331SJohannes Berg * For some 802.11 wireless deployments (and possibly other networks), 76897daf331SJohannes Berg * there will be an ARP proxy and gratuitous ARP frames are attacks 76997daf331SJohannes Berg * and thus should not be accepted. 77097daf331SJohannes Berg */ 77197daf331SJohannes Berg if (sip == tip && IN_DEV_ORCONF(in_dev, DROP_GRATUITOUS_ARP)) 7728dfd329fSZhang Shengju goto out_free_skb; 77397daf331SJohannes Berg 7741da177e4SLinus Torvalds /* 7751da177e4SLinus Torvalds * Special case: We must set Frame Relay source Q.922 address 7761da177e4SLinus Torvalds */ 7771da177e4SLinus Torvalds if (dev_type == ARPHRD_DLCI) 7781da177e4SLinus Torvalds sha = dev->broadcast; 7791da177e4SLinus Torvalds 7801da177e4SLinus Torvalds /* 7811da177e4SLinus Torvalds * Process entry. The idea here is we want to send a reply if it is a 7821da177e4SLinus Torvalds * request for us or if it is a request for someone else that we hold 7831da177e4SLinus Torvalds * a proxy for. We want to add an entry to our cache if it is a reply 7841da177e4SLinus Torvalds * to us or if it is a request for our address. 7851da177e4SLinus Torvalds * (The assumption for this last is that if someone is requesting our 7861da177e4SLinus Torvalds * address, they are probably intending to talk to us, so it saves time 7871da177e4SLinus Torvalds * if we cache their address. Their address is also probably not in 7881da177e4SLinus Torvalds * our cache, since ours is not in their cache.) 7891da177e4SLinus Torvalds * 7901da177e4SLinus Torvalds * Putting this another way, we only care about replies if they are to 7911da177e4SLinus Torvalds * us, in which case we add them to the cache. For requests, we care 7921da177e4SLinus Torvalds * about those for us and those for our proxies. We reply to both, 7931da177e4SLinus Torvalds * and in the case of requests for us we add the requester to the arp 7941da177e4SLinus Torvalds * cache. 7951da177e4SLinus Torvalds */ 7961da177e4SLinus Torvalds 79763d008a4SJiri Benc if (arp->ar_op == htons(ARPOP_REQUEST) && skb_metadata_dst(skb)) 79863d008a4SJiri Benc reply_dst = (struct dst_entry *) 79963d008a4SJiri Benc iptunnel_metadata_reply(skb_metadata_dst(skb), 80063d008a4SJiri Benc GFP_ATOMIC); 80163d008a4SJiri Benc 802f8a68e75SEric W. Biederman /* Special case: IPv4 duplicate address detection packet (RFC2131) */ 803f8a68e75SEric W. Biederman if (sip == 0) { 8041da177e4SLinus Torvalds if (arp->ar_op == htons(ARPOP_REQUEST) && 80530bbaa19SDavid Ahern inet_addr_type_dev_table(net, dev, tip) == RTN_LOCAL && 8069bd85e32SDenis V. Lunev !arp_ignore(in_dev, sip, tip)) 80763d008a4SJiri Benc arp_send_dst(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, 80863d008a4SJiri Benc sha, dev->dev_addr, sha, reply_dst); 8098dfd329fSZhang Shengju goto out_consume_skb; 8101da177e4SLinus Torvalds } 8111da177e4SLinus Torvalds 8121da177e4SLinus Torvalds if (arp->ar_op == htons(ARPOP_REQUEST) && 813c6cffba4SDavid S. Miller ip_route_input_noref(skb, tip, sip, 0, dev) == 0) { 8141da177e4SLinus Torvalds 815511c3f92SEric Dumazet rt = skb_rtable(skb); 8161da177e4SLinus Torvalds addr_type = rt->rt_type; 8171da177e4SLinus Torvalds 8181da177e4SLinus Torvalds if (addr_type == RTN_LOCAL) { 819deffd777SChangli Gao int dont_send; 8201da177e4SLinus Torvalds 821deffd777SChangli Gao dont_send = arp_ignore(in_dev, sip, tip); 8221da177e4SLinus Torvalds if (!dont_send && IN_DEV_ARPFILTER(in_dev)) 823ae9c416dSChangli Gao dont_send = arp_filter(sip, tip, dev); 8248164f1b7SBen Greear if (!dont_send) { 8258164f1b7SBen Greear n = neigh_event_ns(&arp_tbl, sha, &sip, dev); 8268164f1b7SBen Greear if (n) { 82763d008a4SJiri Benc arp_send_dst(ARPOP_REPLY, ETH_P_ARP, 82863d008a4SJiri Benc sip, dev, tip, sha, 82963d008a4SJiri Benc dev->dev_addr, sha, 83063d008a4SJiri Benc reply_dst); 8311da177e4SLinus Torvalds neigh_release(n); 8321da177e4SLinus Torvalds } 8338164f1b7SBen Greear } 8348dfd329fSZhang Shengju goto out_consume_skb; 8351da177e4SLinus Torvalds } else if (IN_DEV_FORWARD(in_dev)) { 83665324144SJesper Dangaard Brouer if (addr_type == RTN_UNICAST && 83765324144SJesper Dangaard Brouer (arp_fwd_proxy(in_dev, dev, rt) || 83865324144SJesper Dangaard Brouer arp_fwd_pvlan(in_dev, dev, rt, sip, tip) || 83970620c46SThomas Graf (rt->dst.dev != dev && 84070620c46SThomas Graf pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) { 8411da177e4SLinus Torvalds n = neigh_event_ns(&arp_tbl, sha, &sip, dev); 8421da177e4SLinus Torvalds if (n) 8431da177e4SLinus Torvalds neigh_release(n); 8441da177e4SLinus Torvalds 845a61bbcf2SPatrick McHardy if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED || 8461da177e4SLinus Torvalds skb->pkt_type == PACKET_HOST || 8471f9248e5SJiri Pirko NEIGH_VAR(in_dev->arp_parms, PROXY_DELAY) == 0) { 84863d008a4SJiri Benc arp_send_dst(ARPOP_REPLY, ETH_P_ARP, 84963d008a4SJiri Benc sip, dev, tip, sha, 85063d008a4SJiri Benc dev->dev_addr, sha, 85163d008a4SJiri Benc reply_dst); 8521da177e4SLinus Torvalds } else { 853deffd777SChangli Gao pneigh_enqueue(&arp_tbl, 854deffd777SChangli Gao in_dev->arp_parms, skb); 855181a4224SJiri Benc goto out_free_dst; 8561da177e4SLinus Torvalds } 8578dfd329fSZhang Shengju goto out_consume_skb; 8581da177e4SLinus Torvalds } 8591da177e4SLinus Torvalds } 8601da177e4SLinus Torvalds } 8611da177e4SLinus Torvalds 8621da177e4SLinus Torvalds /* Update our ARP tables */ 8631da177e4SLinus Torvalds 8641da177e4SLinus Torvalds n = __neigh_lookup(&arp_tbl, &sip, dev, 0); 8651da177e4SLinus Torvalds 866d9ef2e7bSIhar Hrachyshka addr_type = -1; 8675990baaaSIhar Hrachyshka if (n || IN_DEV_ARP_ACCEPT(in_dev)) { 8687d472a59SIhar Hrachyshka is_garp = arp_is_garp(net, dev, &addr_type, arp->ar_op, 8697d472a59SIhar Hrachyshka sip, tip, sha, tha); 8707d472a59SIhar Hrachyshka } 87130bbaa19SDavid Ahern 8727d472a59SIhar Hrachyshka if (IN_DEV_ARP_ACCEPT(in_dev)) { 8731da177e4SLinus Torvalds /* Unsolicited ARP is not accepted by default. 8741da177e4SLinus Torvalds It is possible, that this option should be enabled for some 8751da177e4SLinus Torvalds devices (strip is candidate) 8761da177e4SLinus Torvalds */ 87751456b29SIan Morris if (!n && 878d9ef2e7bSIhar Hrachyshka (is_garp || 879d9ef2e7bSIhar Hrachyshka (arp->ar_op == htons(ARPOP_REPLY) && 880d9ef2e7bSIhar Hrachyshka (addr_type == RTN_UNICAST || 881d9ef2e7bSIhar Hrachyshka (addr_type < 0 && 882d9ef2e7bSIhar Hrachyshka /* postpone calculation to as late as possible */ 883d9ef2e7bSIhar Hrachyshka inet_addr_type_dev_table(net, dev, sip) == 884d9ef2e7bSIhar Hrachyshka RTN_UNICAST))))) 8851b1ac759SJean Delvare n = __neigh_lookup(&arp_tbl, &sip, dev, 1); 886abd596a4SNeil Horman } 8871da177e4SLinus Torvalds 8881da177e4SLinus Torvalds if (n) { 8891da177e4SLinus Torvalds int state = NUD_REACHABLE; 8901da177e4SLinus Torvalds int override; 8911da177e4SLinus Torvalds 8921da177e4SLinus Torvalds /* If several different ARP replies follows back-to-back, 8931da177e4SLinus Torvalds use the FIRST one. It is possible, if several proxy 8941da177e4SLinus Torvalds agents are active. Taking the first reply prevents 8951da177e4SLinus Torvalds arp trashing and chooses the fastest router. 8961da177e4SLinus Torvalds */ 89756022a8fSSalam Noureddine override = time_after(jiffies, 89856022a8fSSalam Noureddine n->updated + 89956022a8fSSalam Noureddine NEIGH_VAR(n->parms, LOCKTIME)) || 90056022a8fSSalam Noureddine is_garp; 9011da177e4SLinus Torvalds 9021da177e4SLinus Torvalds /* Broadcast replies and request packets 9031da177e4SLinus Torvalds do not assert neighbour reachability. 9041da177e4SLinus Torvalds */ 9051da177e4SLinus Torvalds if (arp->ar_op != htons(ARPOP_REPLY) || 9061da177e4SLinus Torvalds skb->pkt_type != PACKET_HOST) 9071da177e4SLinus Torvalds state = NUD_STALE; 908deffd777SChangli Gao neigh_update(n, sha, state, 9097b8f7a40SRoopa Prabhu override ? NEIGH_UPDATE_F_OVERRIDE : 0, 0); 9101da177e4SLinus Torvalds neigh_release(n); 9111da177e4SLinus Torvalds } 9121da177e4SLinus Torvalds 9138dfd329fSZhang Shengju out_consume_skb: 914ead2ceb0SNeil Horman consume_skb(skb); 9158dfd329fSZhang Shengju 916181a4224SJiri Benc out_free_dst: 917181a4224SJiri Benc dst_release(reply_dst); 9188dfd329fSZhang Shengju return NET_RX_SUCCESS; 9198dfd329fSZhang Shengju 9208dfd329fSZhang Shengju out_free_skb: 9218dfd329fSZhang Shengju kfree_skb(skb); 9228dfd329fSZhang Shengju return NET_RX_DROP; 9231da177e4SLinus Torvalds } 9241da177e4SLinus Torvalds 925444fc8fcSHerbert Xu static void parp_redo(struct sk_buff *skb) 926444fc8fcSHerbert Xu { 9270c4b51f0SEric W. Biederman arp_process(dev_net(skb->dev), NULL, skb); 928444fc8fcSHerbert Xu } 929444fc8fcSHerbert Xu 9301da177e4SLinus Torvalds 9311da177e4SLinus Torvalds /* 9321da177e4SLinus Torvalds * Receive an arp request from the device layer. 9331da177e4SLinus Torvalds */ 9341da177e4SLinus Torvalds 9356c97e72aSAdrian Bunk static int arp_rcv(struct sk_buff *skb, struct net_device *dev, 9366c97e72aSAdrian Bunk struct packet_type *pt, struct net_device *orig_dev) 9371da177e4SLinus Torvalds { 938044453b3SEric Dumazet const struct arphdr *arp; 939044453b3SEric Dumazet 940825bae5dSRick Jones /* do not tweak dropwatch on an ARP we will ignore */ 941044453b3SEric Dumazet if (dev->flags & IFF_NOARP || 942044453b3SEric Dumazet skb->pkt_type == PACKET_OTHERHOST || 943044453b3SEric Dumazet skb->pkt_type == PACKET_LOOPBACK) 944825bae5dSRick Jones goto consumeskb; 945044453b3SEric Dumazet 946044453b3SEric Dumazet skb = skb_share_check(skb, GFP_ATOMIC); 947044453b3SEric Dumazet if (!skb) 948044453b3SEric Dumazet goto out_of_mem; 9491da177e4SLinus Torvalds 9501da177e4SLinus Torvalds /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 951988b7050SPavel Emelyanov if (!pskb_may_pull(skb, arp_hdr_len(dev))) 9521da177e4SLinus Torvalds goto freeskb; 9531da177e4SLinus Torvalds 954d0a92be0SArnaldo Carvalho de Melo arp = arp_hdr(skb); 955044453b3SEric Dumazet if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) 9561da177e4SLinus Torvalds goto freeskb; 9571da177e4SLinus Torvalds 958a61bbcf2SPatrick McHardy memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 959a61bbcf2SPatrick McHardy 96029a26a56SEric W. Biederman return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, 96129a26a56SEric W. Biederman dev_net(dev), NULL, skb, dev, NULL, 96229a26a56SEric W. Biederman arp_process); 9631da177e4SLinus Torvalds 964825bae5dSRick Jones consumeskb: 965825bae5dSRick Jones consume_skb(skb); 9668dfd329fSZhang Shengju return NET_RX_SUCCESS; 9671da177e4SLinus Torvalds freeskb: 9681da177e4SLinus Torvalds kfree_skb(skb); 9691da177e4SLinus Torvalds out_of_mem: 9708dfd329fSZhang Shengju return NET_RX_DROP; 9711da177e4SLinus Torvalds } 9721da177e4SLinus Torvalds 9731da177e4SLinus Torvalds /* 9741da177e4SLinus Torvalds * User level interface (ioctl) 9751da177e4SLinus Torvalds */ 9761da177e4SLinus Torvalds 9771da177e4SLinus Torvalds /* 9781da177e4SLinus Torvalds * Set (create) an ARP cache entry. 9791da177e4SLinus Torvalds */ 9801da177e4SLinus Torvalds 98132e569b7SPavel Emelyanov static int arp_req_set_proxy(struct net *net, struct net_device *dev, int on) 982f8b33fdfSPavel Emelyanov { 98351456b29SIan Morris if (!dev) { 984586f1211SPavel Emelyanov IPV4_DEVCONF_ALL(net, PROXY_ARP) = on; 985f8b33fdfSPavel Emelyanov return 0; 986f8b33fdfSPavel Emelyanov } 987c506653dSEric Dumazet if (__in_dev_get_rtnl(dev)) { 988c506653dSEric Dumazet IN_DEV_CONF_SET(__in_dev_get_rtnl(dev), PROXY_ARP, on); 989f8b33fdfSPavel Emelyanov return 0; 990f8b33fdfSPavel Emelyanov } 991f8b33fdfSPavel Emelyanov return -ENXIO; 992f8b33fdfSPavel Emelyanov } 993f8b33fdfSPavel Emelyanov 99432e569b7SPavel Emelyanov static int arp_req_set_public(struct net *net, struct arpreq *r, 99532e569b7SPavel Emelyanov struct net_device *dev) 9961da177e4SLinus Torvalds { 997ed9bad06SAl Viro __be32 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 998ed9bad06SAl Viro __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr; 99943dc1701SPavel Emelyanov 1000ed9bad06SAl Viro if (mask && mask != htonl(0xFFFFFFFF)) 10011da177e4SLinus Torvalds return -EINVAL; 10021da177e4SLinus Torvalds if (!dev && (r->arp_flags & ATF_COM)) { 1003941666c2SEric Dumazet dev = dev_getbyhwaddr_rcu(net, r->arp_ha.sa_family, 100443dc1701SPavel Emelyanov r->arp_ha.sa_data); 10051da177e4SLinus Torvalds if (!dev) 10061da177e4SLinus Torvalds return -ENODEV; 10071da177e4SLinus Torvalds } 10081da177e4SLinus Torvalds if (mask) { 100951456b29SIan Morris if (!pneigh_lookup(&arp_tbl, net, &ip, dev, 1)) 10101da177e4SLinus Torvalds return -ENOBUFS; 10111da177e4SLinus Torvalds return 0; 10121da177e4SLinus Torvalds } 1013f8b33fdfSPavel Emelyanov 101432e569b7SPavel Emelyanov return arp_req_set_proxy(net, dev, 1); 10151da177e4SLinus Torvalds } 10161da177e4SLinus Torvalds 101732e569b7SPavel Emelyanov static int arp_req_set(struct net *net, struct arpreq *r, 101832e569b7SPavel Emelyanov struct net_device *dev) 101943dc1701SPavel Emelyanov { 102043dc1701SPavel Emelyanov __be32 ip; 102143dc1701SPavel Emelyanov struct neighbour *neigh; 102243dc1701SPavel Emelyanov int err; 102343dc1701SPavel Emelyanov 102443dc1701SPavel Emelyanov if (r->arp_flags & ATF_PUBL) 102532e569b7SPavel Emelyanov return arp_req_set_public(net, r, dev); 102643dc1701SPavel Emelyanov 102743dc1701SPavel Emelyanov ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 10281da177e4SLinus Torvalds if (r->arp_flags & ATF_PERM) 10291da177e4SLinus Torvalds r->arp_flags |= ATF_COM; 103051456b29SIan Morris if (!dev) { 103178fbfd8aSDavid S. Miller struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0); 1032b23dd4feSDavid S. Miller 1033b23dd4feSDavid S. Miller if (IS_ERR(rt)) 1034b23dd4feSDavid S. Miller return PTR_ERR(rt); 1035d8d1f30bSChangli Gao dev = rt->dst.dev; 10361da177e4SLinus Torvalds ip_rt_put(rt); 10371da177e4SLinus Torvalds if (!dev) 10381da177e4SLinus Torvalds return -EINVAL; 10391da177e4SLinus Torvalds } 10401da177e4SLinus Torvalds switch (dev->type) { 104140e4783eSIgor Maravic #if IS_ENABLED(CONFIG_FDDI) 10421da177e4SLinus Torvalds case ARPHRD_FDDI: 10431da177e4SLinus Torvalds /* 10441da177e4SLinus Torvalds * According to RFC 1390, FDDI devices should accept ARP 10451da177e4SLinus Torvalds * hardware types of 1 (Ethernet). However, to be more 10461da177e4SLinus Torvalds * robust, we'll accept hardware types of either 1 (Ethernet) 10471da177e4SLinus Torvalds * or 6 (IEEE 802.2). 10481da177e4SLinus Torvalds */ 10491da177e4SLinus Torvalds if (r->arp_ha.sa_family != ARPHRD_FDDI && 10501da177e4SLinus Torvalds r->arp_ha.sa_family != ARPHRD_ETHER && 10511da177e4SLinus Torvalds r->arp_ha.sa_family != ARPHRD_IEEE802) 10521da177e4SLinus Torvalds return -EINVAL; 10531da177e4SLinus Torvalds break; 10541da177e4SLinus Torvalds #endif 10551da177e4SLinus Torvalds default: 10561da177e4SLinus Torvalds if (r->arp_ha.sa_family != dev->type) 10571da177e4SLinus Torvalds return -EINVAL; 10581da177e4SLinus Torvalds break; 10591da177e4SLinus Torvalds } 10601da177e4SLinus Torvalds 10611da177e4SLinus Torvalds neigh = __neigh_lookup_errno(&arp_tbl, &ip, dev); 10621da177e4SLinus Torvalds err = PTR_ERR(neigh); 10631da177e4SLinus Torvalds if (!IS_ERR(neigh)) { 106495c96174SEric Dumazet unsigned int state = NUD_STALE; 10651da177e4SLinus Torvalds if (r->arp_flags & ATF_PERM) 10661da177e4SLinus Torvalds state = NUD_PERMANENT; 10671da177e4SLinus Torvalds err = neigh_update(neigh, (r->arp_flags & ATF_COM) ? 10681da177e4SLinus Torvalds r->arp_ha.sa_data : NULL, state, 10691da177e4SLinus Torvalds NEIGH_UPDATE_F_OVERRIDE | 10707b8f7a40SRoopa Prabhu NEIGH_UPDATE_F_ADMIN, 0); 10711da177e4SLinus Torvalds neigh_release(neigh); 10721da177e4SLinus Torvalds } 10731da177e4SLinus Torvalds return err; 10741da177e4SLinus Torvalds } 10751da177e4SLinus Torvalds 107695c96174SEric Dumazet static unsigned int arp_state_to_flags(struct neighbour *neigh) 10771da177e4SLinus Torvalds { 10781da177e4SLinus Torvalds if (neigh->nud_state&NUD_PERMANENT) 1079deffd777SChangli Gao return ATF_PERM | ATF_COM; 10801da177e4SLinus Torvalds else if (neigh->nud_state&NUD_VALID) 1081deffd777SChangli Gao return ATF_COM; 1082deffd777SChangli Gao else 1083deffd777SChangli Gao return 0; 10841da177e4SLinus Torvalds } 10851da177e4SLinus Torvalds 10861da177e4SLinus Torvalds /* 10871da177e4SLinus Torvalds * Get an ARP cache entry. 10881da177e4SLinus Torvalds */ 10891da177e4SLinus Torvalds 10901da177e4SLinus Torvalds static int arp_req_get(struct arpreq *r, struct net_device *dev) 10911da177e4SLinus Torvalds { 1092ed9bad06SAl Viro __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr; 10931da177e4SLinus Torvalds struct neighbour *neigh; 10941da177e4SLinus Torvalds int err = -ENXIO; 10951da177e4SLinus Torvalds 10961da177e4SLinus Torvalds neigh = neigh_lookup(&arp_tbl, &ip, dev); 10971da177e4SLinus Torvalds if (neigh) { 109811c91ef9SEric Dumazet if (!(neigh->nud_state & NUD_NOARP)) { 10991da177e4SLinus Torvalds read_lock_bh(&neigh->lock); 11001da177e4SLinus Torvalds memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len); 11011da177e4SLinus Torvalds r->arp_flags = arp_state_to_flags(neigh); 11021da177e4SLinus Torvalds read_unlock_bh(&neigh->lock); 11031da177e4SLinus Torvalds r->arp_ha.sa_family = dev->type; 11041da177e4SLinus Torvalds strlcpy(r->arp_dev, dev->name, sizeof(r->arp_dev)); 11051da177e4SLinus Torvalds err = 0; 11061da177e4SLinus Torvalds } 110711c91ef9SEric Dumazet neigh_release(neigh); 110811c91ef9SEric Dumazet } 11091da177e4SLinus Torvalds return err; 11101da177e4SLinus Torvalds } 11111da177e4SLinus Torvalds 11127195cf72SStephen Hemminger static int arp_invalidate(struct net_device *dev, __be32 ip) 1113545ecdc3SMaxim Levitsky { 1114545ecdc3SMaxim Levitsky struct neighbour *neigh = neigh_lookup(&arp_tbl, &ip, dev); 1115545ecdc3SMaxim Levitsky int err = -ENXIO; 1116*5071034eSSowmini Varadhan struct neigh_table *tbl = &arp_tbl; 1117545ecdc3SMaxim Levitsky 1118545ecdc3SMaxim Levitsky if (neigh) { 1119545ecdc3SMaxim Levitsky if (neigh->nud_state & ~NUD_NOARP) 1120545ecdc3SMaxim Levitsky err = neigh_update(neigh, NULL, NUD_FAILED, 1121545ecdc3SMaxim Levitsky NEIGH_UPDATE_F_OVERRIDE| 11227b8f7a40SRoopa Prabhu NEIGH_UPDATE_F_ADMIN, 0); 1123*5071034eSSowmini Varadhan write_lock_bh(&tbl->lock); 1124545ecdc3SMaxim Levitsky neigh_release(neigh); 1125*5071034eSSowmini Varadhan neigh_remove_one(neigh, tbl); 1126*5071034eSSowmini Varadhan write_unlock_bh(&tbl->lock); 1127545ecdc3SMaxim Levitsky } 1128545ecdc3SMaxim Levitsky 1129545ecdc3SMaxim Levitsky return err; 1130545ecdc3SMaxim Levitsky } 1131545ecdc3SMaxim Levitsky 113232e569b7SPavel Emelyanov static int arp_req_delete_public(struct net *net, struct arpreq *r, 113332e569b7SPavel Emelyanov struct net_device *dev) 11341da177e4SLinus Torvalds { 1135ed9bad06SAl Viro __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr; 113646479b43SPavel Emelyanov __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr; 11371da177e4SLinus Torvalds 1138ed9bad06SAl Viro if (mask == htonl(0xFFFFFFFF)) 11392db82b53SDenis V. Lunev return pneigh_delete(&arp_tbl, net, &ip, dev); 114046479b43SPavel Emelyanov 1141f8b33fdfSPavel Emelyanov if (mask) 11421da177e4SLinus Torvalds return -EINVAL; 1143f8b33fdfSPavel Emelyanov 114432e569b7SPavel Emelyanov return arp_req_set_proxy(net, dev, 0); 11451da177e4SLinus Torvalds } 11461da177e4SLinus Torvalds 114732e569b7SPavel Emelyanov static int arp_req_delete(struct net *net, struct arpreq *r, 114832e569b7SPavel Emelyanov struct net_device *dev) 114946479b43SPavel Emelyanov { 115046479b43SPavel Emelyanov __be32 ip; 115146479b43SPavel Emelyanov 115246479b43SPavel Emelyanov if (r->arp_flags & ATF_PUBL) 115332e569b7SPavel Emelyanov return arp_req_delete_public(net, r, dev); 115446479b43SPavel Emelyanov 115546479b43SPavel Emelyanov ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr; 115651456b29SIan Morris if (!dev) { 115778fbfd8aSDavid S. Miller struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0); 1158b23dd4feSDavid S. Miller if (IS_ERR(rt)) 1159b23dd4feSDavid S. Miller return PTR_ERR(rt); 1160d8d1f30bSChangli Gao dev = rt->dst.dev; 11611da177e4SLinus Torvalds ip_rt_put(rt); 11621da177e4SLinus Torvalds if (!dev) 11631da177e4SLinus Torvalds return -EINVAL; 11641da177e4SLinus Torvalds } 1165545ecdc3SMaxim Levitsky return arp_invalidate(dev, ip); 11661da177e4SLinus Torvalds } 11671da177e4SLinus Torvalds 11681da177e4SLinus Torvalds /* 11691da177e4SLinus Torvalds * Handle an ARP layer I/O control request. 11701da177e4SLinus Torvalds */ 11711da177e4SLinus Torvalds 117232e569b7SPavel Emelyanov int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg) 11731da177e4SLinus Torvalds { 11741da177e4SLinus Torvalds int err; 11751da177e4SLinus Torvalds struct arpreq r; 11761da177e4SLinus Torvalds struct net_device *dev = NULL; 11771da177e4SLinus Torvalds 11781da177e4SLinus Torvalds switch (cmd) { 11791da177e4SLinus Torvalds case SIOCDARP: 11801da177e4SLinus Torvalds case SIOCSARP: 118152e804c6SEric W. Biederman if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 11821da177e4SLinus Torvalds return -EPERM; 11831da177e4SLinus Torvalds case SIOCGARP: 11841da177e4SLinus Torvalds err = copy_from_user(&r, arg, sizeof(struct arpreq)); 11851da177e4SLinus Torvalds if (err) 11861da177e4SLinus Torvalds return -EFAULT; 11871da177e4SLinus Torvalds break; 11881da177e4SLinus Torvalds default: 11891da177e4SLinus Torvalds return -EINVAL; 11901da177e4SLinus Torvalds } 11911da177e4SLinus Torvalds 11921da177e4SLinus Torvalds if (r.arp_pa.sa_family != AF_INET) 11931da177e4SLinus Torvalds return -EPFNOSUPPORT; 11941da177e4SLinus Torvalds 11951da177e4SLinus Torvalds if (!(r.arp_flags & ATF_PUBL) && 11961da177e4SLinus Torvalds (r.arp_flags & (ATF_NETMASK | ATF_DONTPUB))) 11971da177e4SLinus Torvalds return -EINVAL; 11981da177e4SLinus Torvalds if (!(r.arp_flags & ATF_NETMASK)) 11991da177e4SLinus Torvalds ((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr = 12001da177e4SLinus Torvalds htonl(0xFFFFFFFFUL); 1201c506653dSEric Dumazet rtnl_lock(); 12021da177e4SLinus Torvalds if (r.arp_dev[0]) { 12031da177e4SLinus Torvalds err = -ENODEV; 1204c506653dSEric Dumazet dev = __dev_get_by_name(net, r.arp_dev); 120551456b29SIan Morris if (!dev) 12061da177e4SLinus Torvalds goto out; 12071da177e4SLinus Torvalds 12081da177e4SLinus Torvalds /* Mmmm... It is wrong... ARPHRD_NETROM==0 */ 12091da177e4SLinus Torvalds if (!r.arp_ha.sa_family) 12101da177e4SLinus Torvalds r.arp_ha.sa_family = dev->type; 12111da177e4SLinus Torvalds err = -EINVAL; 12121da177e4SLinus Torvalds if ((r.arp_flags & ATF_COM) && r.arp_ha.sa_family != dev->type) 12131da177e4SLinus Torvalds goto out; 12141da177e4SLinus Torvalds } else if (cmd == SIOCGARP) { 12151da177e4SLinus Torvalds err = -ENODEV; 12161da177e4SLinus Torvalds goto out; 12171da177e4SLinus Torvalds } 12181da177e4SLinus Torvalds 12191da177e4SLinus Torvalds switch (cmd) { 12201da177e4SLinus Torvalds case SIOCDARP: 122132e569b7SPavel Emelyanov err = arp_req_delete(net, &r, dev); 12221da177e4SLinus Torvalds break; 12231da177e4SLinus Torvalds case SIOCSARP: 122432e569b7SPavel Emelyanov err = arp_req_set(net, &r, dev); 12251da177e4SLinus Torvalds break; 12261da177e4SLinus Torvalds case SIOCGARP: 12271da177e4SLinus Torvalds err = arp_req_get(&r, dev); 12281da177e4SLinus Torvalds break; 12291da177e4SLinus Torvalds } 12301da177e4SLinus Torvalds out: 1231c506653dSEric Dumazet rtnl_unlock(); 1232941666c2SEric Dumazet if (cmd == SIOCGARP && !err && copy_to_user(arg, &r, sizeof(r))) 1233941666c2SEric Dumazet err = -EFAULT; 12341da177e4SLinus Torvalds return err; 12351da177e4SLinus Torvalds } 12361da177e4SLinus Torvalds 1237deffd777SChangli Gao static int arp_netdev_event(struct notifier_block *this, unsigned long event, 1238deffd777SChangli Gao void *ptr) 12391da177e4SLinus Torvalds { 1240351638e7SJiri Pirko struct net_device *dev = netdev_notifier_info_to_dev(ptr); 12416c8b4e3fSTimo Teräs struct netdev_notifier_change_info *change_info; 12421da177e4SLinus Torvalds 12431da177e4SLinus Torvalds switch (event) { 12441da177e4SLinus Torvalds case NETDEV_CHANGEADDR: 12451da177e4SLinus Torvalds neigh_changeaddr(&arp_tbl, dev); 1246bafa6d9dSNicolas Dichtel rt_cache_flush(dev_net(dev)); 12471da177e4SLinus Torvalds break; 12486c8b4e3fSTimo Teräs case NETDEV_CHANGE: 12496c8b4e3fSTimo Teräs change_info = ptr; 12506c8b4e3fSTimo Teräs if (change_info->flags_changed & IFF_NOARP) 12516c8b4e3fSTimo Teräs neigh_changeaddr(&arp_tbl, dev); 12526c8b4e3fSTimo Teräs break; 12531da177e4SLinus Torvalds default: 12541da177e4SLinus Torvalds break; 12551da177e4SLinus Torvalds } 12561da177e4SLinus Torvalds 12571da177e4SLinus Torvalds return NOTIFY_DONE; 12581da177e4SLinus Torvalds } 12591da177e4SLinus Torvalds 12601da177e4SLinus Torvalds static struct notifier_block arp_netdev_notifier = { 12611da177e4SLinus Torvalds .notifier_call = arp_netdev_event, 12621da177e4SLinus Torvalds }; 12631da177e4SLinus Torvalds 12641da177e4SLinus Torvalds /* Note, that it is not on notifier chain. 12651da177e4SLinus Torvalds It is necessary, that this routine was called after route cache will be 12661da177e4SLinus Torvalds flushed. 12671da177e4SLinus Torvalds */ 12681da177e4SLinus Torvalds void arp_ifdown(struct net_device *dev) 12691da177e4SLinus Torvalds { 12701da177e4SLinus Torvalds neigh_ifdown(&arp_tbl, dev); 12711da177e4SLinus Torvalds } 12721da177e4SLinus Torvalds 12731da177e4SLinus Torvalds 12741da177e4SLinus Torvalds /* 12751da177e4SLinus Torvalds * Called once on startup. 12761da177e4SLinus Torvalds */ 12771da177e4SLinus Torvalds 12787546dd97SStephen Hemminger static struct packet_type arp_packet_type __read_mostly = { 127909640e63SHarvey Harrison .type = cpu_to_be16(ETH_P_ARP), 12801da177e4SLinus Torvalds .func = arp_rcv, 12811da177e4SLinus Torvalds }; 12821da177e4SLinus Torvalds 12831da177e4SLinus Torvalds static int arp_proc_init(void); 12841da177e4SLinus Torvalds 12851da177e4SLinus Torvalds void __init arp_init(void) 12861da177e4SLinus Torvalds { 1287d7480fd3SWANG Cong neigh_table_init(NEIGH_ARP_TABLE, &arp_tbl); 12881da177e4SLinus Torvalds 12891da177e4SLinus Torvalds dev_add_pack(&arp_packet_type); 12901da177e4SLinus Torvalds arp_proc_init(); 12911da177e4SLinus Torvalds #ifdef CONFIG_SYSCTL 129273af614aSJiri Pirko neigh_sysctl_register(NULL, &arp_tbl.parms, NULL); 12931da177e4SLinus Torvalds #endif 12941da177e4SLinus Torvalds register_netdevice_notifier(&arp_netdev_notifier); 12951da177e4SLinus Torvalds } 12961da177e4SLinus Torvalds 12971da177e4SLinus Torvalds #ifdef CONFIG_PROC_FS 129840e4783eSIgor Maravic #if IS_ENABLED(CONFIG_AX25) 12991da177e4SLinus Torvalds 13001da177e4SLinus Torvalds /* ------------------------------------------------------------------------ */ 13011da177e4SLinus Torvalds /* 13021da177e4SLinus Torvalds * ax25 -> ASCII conversion 13031da177e4SLinus Torvalds */ 13044872e57cSRalf Baechle static void ax2asc2(ax25_address *a, char *buf) 13051da177e4SLinus Torvalds { 13061da177e4SLinus Torvalds char c, *s; 13071da177e4SLinus Torvalds int n; 13081da177e4SLinus Torvalds 13091da177e4SLinus Torvalds for (n = 0, s = buf; n < 6; n++) { 13101da177e4SLinus Torvalds c = (a->ax25_call[n] >> 1) & 0x7F; 13111da177e4SLinus Torvalds 1312deffd777SChangli Gao if (c != ' ') 1313deffd777SChangli Gao *s++ = c; 13141da177e4SLinus Torvalds } 13151da177e4SLinus Torvalds 13161da177e4SLinus Torvalds *s++ = '-'; 1317deffd777SChangli Gao n = (a->ax25_call[6] >> 1) & 0x0F; 1318deffd777SChangli Gao if (n > 9) { 13191da177e4SLinus Torvalds *s++ = '1'; 13201da177e4SLinus Torvalds n -= 10; 13211da177e4SLinus Torvalds } 13221da177e4SLinus Torvalds 13231da177e4SLinus Torvalds *s++ = n + '0'; 13241da177e4SLinus Torvalds *s++ = '\0'; 13251da177e4SLinus Torvalds 13264872e57cSRalf Baechle if (*buf == '\0' || *buf == '-') { 13274872e57cSRalf Baechle buf[0] = '*'; 13284872e57cSRalf Baechle buf[1] = '\0'; 13294872e57cSRalf Baechle } 13301da177e4SLinus Torvalds } 13311da177e4SLinus Torvalds #endif /* CONFIG_AX25 */ 13321da177e4SLinus Torvalds 13331da177e4SLinus Torvalds #define HBUFFERLEN 30 13341da177e4SLinus Torvalds 13351da177e4SLinus Torvalds static void arp_format_neigh_entry(struct seq_file *seq, 13361da177e4SLinus Torvalds struct neighbour *n) 13371da177e4SLinus Torvalds { 13381da177e4SLinus Torvalds char hbuffer[HBUFFERLEN]; 13391da177e4SLinus Torvalds int k, j; 13401da177e4SLinus Torvalds char tbuf[16]; 13411da177e4SLinus Torvalds struct net_device *dev = n->dev; 13421da177e4SLinus Torvalds int hatype = dev->type; 13431da177e4SLinus Torvalds 13441da177e4SLinus Torvalds read_lock(&n->lock); 13451da177e4SLinus Torvalds /* Convert hardware address to XX:XX:XX:XX ... form. */ 134640e4783eSIgor Maravic #if IS_ENABLED(CONFIG_AX25) 13471da177e4SLinus Torvalds if (hatype == ARPHRD_AX25 || hatype == ARPHRD_NETROM) 13481da177e4SLinus Torvalds ax2asc2((ax25_address *)n->ha, hbuffer); 13491da177e4SLinus Torvalds else { 13501da177e4SLinus Torvalds #endif 13511da177e4SLinus Torvalds for (k = 0, j = 0; k < HBUFFERLEN - 3 && j < dev->addr_len; j++) { 135251f82a2bSDenis Cheng hbuffer[k++] = hex_asc_hi(n->ha[j]); 135351f82a2bSDenis Cheng hbuffer[k++] = hex_asc_lo(n->ha[j]); 13541da177e4SLinus Torvalds hbuffer[k++] = ':'; 13551da177e4SLinus Torvalds } 1356a3e8ee68Sroel kluin if (k != 0) 1357a3e8ee68Sroel kluin --k; 1358a3e8ee68Sroel kluin hbuffer[k] = 0; 135940e4783eSIgor Maravic #if IS_ENABLED(CONFIG_AX25) 13601da177e4SLinus Torvalds } 13611da177e4SLinus Torvalds #endif 1362673d57e7SHarvey Harrison sprintf(tbuf, "%pI4", n->primary_key); 13634872e57cSRalf Baechle seq_printf(seq, "%-16s 0x%-10x0x%-10x%-17s * %s\n", 13641da177e4SLinus Torvalds tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); 13651da177e4SLinus Torvalds read_unlock(&n->lock); 13661da177e4SLinus Torvalds } 13671da177e4SLinus Torvalds 13681da177e4SLinus Torvalds static void arp_format_pneigh_entry(struct seq_file *seq, 13691da177e4SLinus Torvalds struct pneigh_entry *n) 13701da177e4SLinus Torvalds { 13711da177e4SLinus Torvalds struct net_device *dev = n->dev; 13721da177e4SLinus Torvalds int hatype = dev ? dev->type : 0; 13731da177e4SLinus Torvalds char tbuf[16]; 13741da177e4SLinus Torvalds 1375673d57e7SHarvey Harrison sprintf(tbuf, "%pI4", n->key); 13761da177e4SLinus Torvalds seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", 13771da177e4SLinus Torvalds tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", 13781da177e4SLinus Torvalds dev ? dev->name : "*"); 13791da177e4SLinus Torvalds } 13801da177e4SLinus Torvalds 13811da177e4SLinus Torvalds static int arp_seq_show(struct seq_file *seq, void *v) 13821da177e4SLinus Torvalds { 13831da177e4SLinus Torvalds if (v == SEQ_START_TOKEN) { 13841da177e4SLinus Torvalds seq_puts(seq, "IP address HW type Flags " 13851da177e4SLinus Torvalds "HW address Mask Device\n"); 13861da177e4SLinus Torvalds } else { 13871da177e4SLinus Torvalds struct neigh_seq_state *state = seq->private; 13881da177e4SLinus Torvalds 13891da177e4SLinus Torvalds if (state->flags & NEIGH_SEQ_IS_PNEIGH) 13901da177e4SLinus Torvalds arp_format_pneigh_entry(seq, v); 13911da177e4SLinus Torvalds else 13921da177e4SLinus Torvalds arp_format_neigh_entry(seq, v); 13931da177e4SLinus Torvalds } 13941da177e4SLinus Torvalds 13951da177e4SLinus Torvalds return 0; 13961da177e4SLinus Torvalds } 13971da177e4SLinus Torvalds 13981da177e4SLinus Torvalds static void *arp_seq_start(struct seq_file *seq, loff_t *pos) 13991da177e4SLinus Torvalds { 14001da177e4SLinus Torvalds /* Don't want to confuse "arp -a" w/ magic entries, 14011da177e4SLinus Torvalds * so we tell the generic iterator to skip NUD_NOARP. 14021da177e4SLinus Torvalds */ 14031da177e4SLinus Torvalds return neigh_seq_start(seq, pos, &arp_tbl, NEIGH_SEQ_SKIP_NOARP); 14041da177e4SLinus Torvalds } 14051da177e4SLinus Torvalds 14061da177e4SLinus Torvalds /* ------------------------------------------------------------------------ */ 14071da177e4SLinus Torvalds 1408f690808eSStephen Hemminger static const struct seq_operations arp_seq_ops = { 14091da177e4SLinus Torvalds .start = arp_seq_start, 14101da177e4SLinus Torvalds .next = neigh_seq_next, 14111da177e4SLinus Torvalds .stop = neigh_seq_stop, 14121da177e4SLinus Torvalds .show = arp_seq_show, 14131da177e4SLinus Torvalds }; 14141da177e4SLinus Torvalds 14151da177e4SLinus Torvalds static int arp_seq_open(struct inode *inode, struct file *file) 14161da177e4SLinus Torvalds { 1417426b5303SEric W. Biederman return seq_open_net(inode, file, &arp_seq_ops, 1418cf7732e4SPavel Emelyanov sizeof(struct neigh_seq_state)); 14191da177e4SLinus Torvalds } 14201da177e4SLinus Torvalds 14219a32144eSArjan van de Ven static const struct file_operations arp_seq_fops = { 14221da177e4SLinus Torvalds .owner = THIS_MODULE, 14231da177e4SLinus Torvalds .open = arp_seq_open, 14241da177e4SLinus Torvalds .read = seq_read, 14251da177e4SLinus Torvalds .llseek = seq_lseek, 1426426b5303SEric W. Biederman .release = seq_release_net, 14271da177e4SLinus Torvalds }; 14281da177e4SLinus Torvalds 1429ffc31d3dSDenis V. Lunev 1430ffc31d3dSDenis V. Lunev static int __net_init arp_net_init(struct net *net) 14311da177e4SLinus Torvalds { 1432d4beaa66SGao feng if (!proc_create("arp", S_IRUGO, net->proc_net, &arp_seq_fops)) 14331da177e4SLinus Torvalds return -ENOMEM; 14341da177e4SLinus Torvalds return 0; 14351da177e4SLinus Torvalds } 14361da177e4SLinus Torvalds 1437ffc31d3dSDenis V. Lunev static void __net_exit arp_net_exit(struct net *net) 1438ffc31d3dSDenis V. Lunev { 1439ece31ffdSGao feng remove_proc_entry("arp", net->proc_net); 1440ffc31d3dSDenis V. Lunev } 1441ffc31d3dSDenis V. Lunev 1442ffc31d3dSDenis V. Lunev static struct pernet_operations arp_net_ops = { 1443ffc31d3dSDenis V. Lunev .init = arp_net_init, 1444ffc31d3dSDenis V. Lunev .exit = arp_net_exit, 1445ffc31d3dSDenis V. Lunev }; 1446ffc31d3dSDenis V. Lunev 1447ffc31d3dSDenis V. Lunev static int __init arp_proc_init(void) 1448ffc31d3dSDenis V. Lunev { 1449ffc31d3dSDenis V. Lunev return register_pernet_subsys(&arp_net_ops); 1450ffc31d3dSDenis V. Lunev } 1451ffc31d3dSDenis V. Lunev 14521da177e4SLinus Torvalds #else /* CONFIG_PROC_FS */ 14531da177e4SLinus Torvalds 14541da177e4SLinus Torvalds static int __init arp_proc_init(void) 14551da177e4SLinus Torvalds { 14561da177e4SLinus Torvalds return 0; 14571da177e4SLinus Torvalds } 14581da177e4SLinus Torvalds 14591da177e4SLinus Torvalds #endif /* CONFIG_PROC_FS */ 1460