Loading...
1/*
2 * Generic address resolution entity
3 *
4 * Authors:
5 * Pedro Roque <roque@di.fc.ul.pt>
6 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 *
13 * Fixes:
14 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
15 * Harald Welte Add neighbour cache statistics like rtstat
16 */
17
18#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19
20#include <linux/slab.h>
21#include <linux/types.h>
22#include <linux/kernel.h>
23#include <linux/module.h>
24#include <linux/socket.h>
25#include <linux/netdevice.h>
26#include <linux/proc_fs.h>
27#ifdef CONFIG_SYSCTL
28#include <linux/sysctl.h>
29#endif
30#include <linux/times.h>
31#include <net/net_namespace.h>
32#include <net/neighbour.h>
33#include <net/dst.h>
34#include <net/sock.h>
35#include <net/netevent.h>
36#include <net/netlink.h>
37#include <linux/rtnetlink.h>
38#include <linux/random.h>
39#include <linux/string.h>
40#include <linux/log2.h>
41#include <linux/inetdevice.h>
42#include <net/addrconf.h>
43
44#define DEBUG
45#define NEIGH_DEBUG 1
46#define neigh_dbg(level, fmt, ...) \
47do { \
48 if (level <= NEIGH_DEBUG) \
49 pr_debug(fmt, ##__VA_ARGS__); \
50} while (0)
51
52#define PNEIGH_HASHMASK 0xF
53
54static void neigh_timer_handler(unsigned long arg);
55static void __neigh_notify(struct neighbour *n, int type, int flags);
56static void neigh_update_notify(struct neighbour *neigh);
57static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev);
58
59#ifdef CONFIG_PROC_FS
60static const struct file_operations neigh_stat_seq_fops;
61#endif
62
63/*
64 Neighbour hash table buckets are protected with rwlock tbl->lock.
65
66 - All the scans/updates to hash buckets MUST be made under this lock.
67 - NOTHING clever should be made under this lock: no callbacks
68 to protocol backends, no attempts to send something to network.
69 It will result in deadlocks, if backend/driver wants to use neighbour
70 cache.
71 - If the entry requires some non-trivial actions, increase
72 its reference count and release table lock.
73
74 Neighbour entries are protected:
75 - with reference count.
76 - with rwlock neigh->lock
77
78 Reference count prevents destruction.
79
80 neigh->lock mainly serializes ll address data and its validity state.
81 However, the same lock is used to protect another entry fields:
82 - timer
83 - resolution queue
84
85 Again, nothing clever shall be made under neigh->lock,
86 the most complicated procedure, which we allow is dev->hard_header.
87 It is supposed, that dev->hard_header is simplistic and does
88 not make callbacks to neighbour tables.
89 */
90
91static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
92{
93 kfree_skb(skb);
94 return -ENETDOWN;
95}
96
97static void neigh_cleanup_and_release(struct neighbour *neigh)
98{
99 if (neigh->parms->neigh_cleanup)
100 neigh->parms->neigh_cleanup(neigh);
101
102 __neigh_notify(neigh, RTM_DELNEIGH, 0);
103 neigh_release(neigh);
104}
105
106/*
107 * It is random distribution in the interval (1/2)*base...(3/2)*base.
108 * It corresponds to default IPv6 settings and is not overridable,
109 * because it is really reasonable choice.
110 */
111
112unsigned long neigh_rand_reach_time(unsigned long base)
113{
114 return base ? (prandom_u32() % base) + (base >> 1) : 0;
115}
116EXPORT_SYMBOL(neigh_rand_reach_time);
117
118
119static int neigh_forced_gc(struct neigh_table *tbl)
120{
121 int shrunk = 0;
122 int i;
123 struct neigh_hash_table *nht;
124
125 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
126
127 write_lock_bh(&tbl->lock);
128 nht = rcu_dereference_protected(tbl->nht,
129 lockdep_is_held(&tbl->lock));
130 for (i = 0; i < (1 << nht->hash_shift); i++) {
131 struct neighbour *n;
132 struct neighbour __rcu **np;
133
134 np = &nht->hash_buckets[i];
135 while ((n = rcu_dereference_protected(*np,
136 lockdep_is_held(&tbl->lock))) != NULL) {
137 /* Neighbour record may be discarded if:
138 * - nobody refers to it.
139 * - it is not permanent
140 */
141 write_lock(&n->lock);
142 if (atomic_read(&n->refcnt) == 1 &&
143 !(n->nud_state & NUD_PERMANENT)) {
144 rcu_assign_pointer(*np,
145 rcu_dereference_protected(n->next,
146 lockdep_is_held(&tbl->lock)));
147 n->dead = 1;
148 shrunk = 1;
149 write_unlock(&n->lock);
150 neigh_cleanup_and_release(n);
151 continue;
152 }
153 write_unlock(&n->lock);
154 np = &n->next;
155 }
156 }
157
158 tbl->last_flush = jiffies;
159
160 write_unlock_bh(&tbl->lock);
161
162 return shrunk;
163}
164
165static void neigh_add_timer(struct neighbour *n, unsigned long when)
166{
167 neigh_hold(n);
168 if (unlikely(mod_timer(&n->timer, when))) {
169 printk("NEIGH: BUG, double timer add, state is %x\n",
170 n->nud_state);
171 dump_stack();
172 }
173}
174
175static int neigh_del_timer(struct neighbour *n)
176{
177 if ((n->nud_state & NUD_IN_TIMER) &&
178 del_timer(&n->timer)) {
179 neigh_release(n);
180 return 1;
181 }
182 return 0;
183}
184
185static void pneigh_queue_purge(struct sk_buff_head *list)
186{
187 struct sk_buff *skb;
188
189 while ((skb = skb_dequeue(list)) != NULL) {
190 dev_put(skb->dev);
191 kfree_skb(skb);
192 }
193}
194
195static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev)
196{
197 int i;
198 struct neigh_hash_table *nht;
199
200 nht = rcu_dereference_protected(tbl->nht,
201 lockdep_is_held(&tbl->lock));
202
203 for (i = 0; i < (1 << nht->hash_shift); i++) {
204 struct neighbour *n;
205 struct neighbour __rcu **np = &nht->hash_buckets[i];
206
207 while ((n = rcu_dereference_protected(*np,
208 lockdep_is_held(&tbl->lock))) != NULL) {
209 if (dev && n->dev != dev) {
210 np = &n->next;
211 continue;
212 }
213 rcu_assign_pointer(*np,
214 rcu_dereference_protected(n->next,
215 lockdep_is_held(&tbl->lock)));
216 write_lock(&n->lock);
217 neigh_del_timer(n);
218 n->dead = 1;
219
220 if (atomic_read(&n->refcnt) != 1) {
221 /* The most unpleasant situation.
222 We must destroy neighbour entry,
223 but someone still uses it.
224
225 The destroy will be delayed until
226 the last user releases us, but
227 we must kill timers etc. and move
228 it to safe state.
229 */
230 __skb_queue_purge(&n->arp_queue);
231 n->arp_queue_len_bytes = 0;
232 n->output = neigh_blackhole;
233 if (n->nud_state & NUD_VALID)
234 n->nud_state = NUD_NOARP;
235 else
236 n->nud_state = NUD_NONE;
237 neigh_dbg(2, "neigh %p is stray\n", n);
238 }
239 write_unlock(&n->lock);
240 neigh_cleanup_and_release(n);
241 }
242 }
243}
244
245void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
246{
247 write_lock_bh(&tbl->lock);
248 neigh_flush_dev(tbl, dev);
249 write_unlock_bh(&tbl->lock);
250}
251EXPORT_SYMBOL(neigh_changeaddr);
252
253int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
254{
255 write_lock_bh(&tbl->lock);
256 neigh_flush_dev(tbl, dev);
257 pneigh_ifdown(tbl, dev);
258 write_unlock_bh(&tbl->lock);
259
260 del_timer_sync(&tbl->proxy_timer);
261 pneigh_queue_purge(&tbl->proxy_queue);
262 return 0;
263}
264EXPORT_SYMBOL(neigh_ifdown);
265
266static struct neighbour *neigh_alloc(struct neigh_table *tbl, struct net_device *dev)
267{
268 struct neighbour *n = NULL;
269 unsigned long now = jiffies;
270 int entries;
271
272 entries = atomic_inc_return(&tbl->entries) - 1;
273 if (entries >= tbl->gc_thresh3 ||
274 (entries >= tbl->gc_thresh2 &&
275 time_after(now, tbl->last_flush + 5 * HZ))) {
276 if (!neigh_forced_gc(tbl) &&
277 entries >= tbl->gc_thresh3) {
278 net_info_ratelimited("%s: neighbor table overflow!\n",
279 tbl->id);
280 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
281 goto out_entries;
282 }
283 }
284
285 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
286 if (!n)
287 goto out_entries;
288
289 __skb_queue_head_init(&n->arp_queue);
290 rwlock_init(&n->lock);
291 seqlock_init(&n->ha_lock);
292 n->updated = n->used = now;
293 n->nud_state = NUD_NONE;
294 n->output = neigh_blackhole;
295 seqlock_init(&n->hh.hh_lock);
296 n->parms = neigh_parms_clone(&tbl->parms);
297 setup_timer(&n->timer, neigh_timer_handler, (unsigned long)n);
298
299 NEIGH_CACHE_STAT_INC(tbl, allocs);
300 n->tbl = tbl;
301 atomic_set(&n->refcnt, 1);
302 n->dead = 1;
303out:
304 return n;
305
306out_entries:
307 atomic_dec(&tbl->entries);
308 goto out;
309}
310
311static void neigh_get_hash_rnd(u32 *x)
312{
313 get_random_bytes(x, sizeof(*x));
314 *x |= 1;
315}
316
317static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
318{
319 size_t size = (1 << shift) * sizeof(struct neighbour *);
320 struct neigh_hash_table *ret;
321 struct neighbour __rcu **buckets;
322 int i;
323
324 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
325 if (!ret)
326 return NULL;
327 if (size <= PAGE_SIZE)
328 buckets = kzalloc(size, GFP_ATOMIC);
329 else
330 buckets = (struct neighbour __rcu **)
331 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
332 get_order(size));
333 if (!buckets) {
334 kfree(ret);
335 return NULL;
336 }
337 ret->hash_buckets = buckets;
338 ret->hash_shift = shift;
339 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
340 neigh_get_hash_rnd(&ret->hash_rnd[i]);
341 return ret;
342}
343
344static void neigh_hash_free_rcu(struct rcu_head *head)
345{
346 struct neigh_hash_table *nht = container_of(head,
347 struct neigh_hash_table,
348 rcu);
349 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
350 struct neighbour __rcu **buckets = nht->hash_buckets;
351
352 if (size <= PAGE_SIZE)
353 kfree(buckets);
354 else
355 free_pages((unsigned long)buckets, get_order(size));
356 kfree(nht);
357}
358
359static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
360 unsigned long new_shift)
361{
362 unsigned int i, hash;
363 struct neigh_hash_table *new_nht, *old_nht;
364
365 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
366
367 old_nht = rcu_dereference_protected(tbl->nht,
368 lockdep_is_held(&tbl->lock));
369 new_nht = neigh_hash_alloc(new_shift);
370 if (!new_nht)
371 return old_nht;
372
373 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
374 struct neighbour *n, *next;
375
376 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
377 lockdep_is_held(&tbl->lock));
378 n != NULL;
379 n = next) {
380 hash = tbl->hash(n->primary_key, n->dev,
381 new_nht->hash_rnd);
382
383 hash >>= (32 - new_nht->hash_shift);
384 next = rcu_dereference_protected(n->next,
385 lockdep_is_held(&tbl->lock));
386
387 rcu_assign_pointer(n->next,
388 rcu_dereference_protected(
389 new_nht->hash_buckets[hash],
390 lockdep_is_held(&tbl->lock)));
391 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
392 }
393 }
394
395 rcu_assign_pointer(tbl->nht, new_nht);
396 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
397 return new_nht;
398}
399
400struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
401 struct net_device *dev)
402{
403 struct neighbour *n;
404
405 NEIGH_CACHE_STAT_INC(tbl, lookups);
406
407 rcu_read_lock_bh();
408 n = __neigh_lookup_noref(tbl, pkey, dev);
409 if (n) {
410 if (!atomic_inc_not_zero(&n->refcnt))
411 n = NULL;
412 NEIGH_CACHE_STAT_INC(tbl, hits);
413 }
414
415 rcu_read_unlock_bh();
416 return n;
417}
418EXPORT_SYMBOL(neigh_lookup);
419
420struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
421 const void *pkey)
422{
423 struct neighbour *n;
424 int key_len = tbl->key_len;
425 u32 hash_val;
426 struct neigh_hash_table *nht;
427
428 NEIGH_CACHE_STAT_INC(tbl, lookups);
429
430 rcu_read_lock_bh();
431 nht = rcu_dereference_bh(tbl->nht);
432 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
433
434 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
435 n != NULL;
436 n = rcu_dereference_bh(n->next)) {
437 if (!memcmp(n->primary_key, pkey, key_len) &&
438 net_eq(dev_net(n->dev), net)) {
439 if (!atomic_inc_not_zero(&n->refcnt))
440 n = NULL;
441 NEIGH_CACHE_STAT_INC(tbl, hits);
442 break;
443 }
444 }
445
446 rcu_read_unlock_bh();
447 return n;
448}
449EXPORT_SYMBOL(neigh_lookup_nodev);
450
451struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
452 struct net_device *dev, bool want_ref)
453{
454 u32 hash_val;
455 int key_len = tbl->key_len;
456 int error;
457 struct neighbour *n1, *rc, *n = neigh_alloc(tbl, dev);
458 struct neigh_hash_table *nht;
459
460 if (!n) {
461 rc = ERR_PTR(-ENOBUFS);
462 goto out;
463 }
464
465 memcpy(n->primary_key, pkey, key_len);
466 n->dev = dev;
467 dev_hold(dev);
468
469 /* Protocol specific setup. */
470 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
471 rc = ERR_PTR(error);
472 goto out_neigh_release;
473 }
474
475 if (dev->netdev_ops->ndo_neigh_construct) {
476 error = dev->netdev_ops->ndo_neigh_construct(n);
477 if (error < 0) {
478 rc = ERR_PTR(error);
479 goto out_neigh_release;
480 }
481 }
482
483 /* Device specific setup. */
484 if (n->parms->neigh_setup &&
485 (error = n->parms->neigh_setup(n)) < 0) {
486 rc = ERR_PTR(error);
487 goto out_neigh_release;
488 }
489
490 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
491
492 write_lock_bh(&tbl->lock);
493 nht = rcu_dereference_protected(tbl->nht,
494 lockdep_is_held(&tbl->lock));
495
496 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
497 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
498
499 hash_val = tbl->hash(pkey, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
500
501 if (n->parms->dead) {
502 rc = ERR_PTR(-EINVAL);
503 goto out_tbl_unlock;
504 }
505
506 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
507 lockdep_is_held(&tbl->lock));
508 n1 != NULL;
509 n1 = rcu_dereference_protected(n1->next,
510 lockdep_is_held(&tbl->lock))) {
511 if (dev == n1->dev && !memcmp(n1->primary_key, pkey, key_len)) {
512 if (want_ref)
513 neigh_hold(n1);
514 rc = n1;
515 goto out_tbl_unlock;
516 }
517 }
518
519 n->dead = 0;
520 if (want_ref)
521 neigh_hold(n);
522 rcu_assign_pointer(n->next,
523 rcu_dereference_protected(nht->hash_buckets[hash_val],
524 lockdep_is_held(&tbl->lock)));
525 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
526 write_unlock_bh(&tbl->lock);
527 neigh_dbg(2, "neigh %p is created\n", n);
528 rc = n;
529out:
530 return rc;
531out_tbl_unlock:
532 write_unlock_bh(&tbl->lock);
533out_neigh_release:
534 neigh_release(n);
535 goto out;
536}
537EXPORT_SYMBOL(__neigh_create);
538
539static u32 pneigh_hash(const void *pkey, int key_len)
540{
541 u32 hash_val = *(u32 *)(pkey + key_len - 4);
542 hash_val ^= (hash_val >> 16);
543 hash_val ^= hash_val >> 8;
544 hash_val ^= hash_val >> 4;
545 hash_val &= PNEIGH_HASHMASK;
546 return hash_val;
547}
548
549static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
550 struct net *net,
551 const void *pkey,
552 int key_len,
553 struct net_device *dev)
554{
555 while (n) {
556 if (!memcmp(n->key, pkey, key_len) &&
557 net_eq(pneigh_net(n), net) &&
558 (n->dev == dev || !n->dev))
559 return n;
560 n = n->next;
561 }
562 return NULL;
563}
564
565struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
566 struct net *net, const void *pkey, struct net_device *dev)
567{
568 int key_len = tbl->key_len;
569 u32 hash_val = pneigh_hash(pkey, key_len);
570
571 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
572 net, pkey, key_len, dev);
573}
574EXPORT_SYMBOL_GPL(__pneigh_lookup);
575
576struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
577 struct net *net, const void *pkey,
578 struct net_device *dev, int creat)
579{
580 struct pneigh_entry *n;
581 int key_len = tbl->key_len;
582 u32 hash_val = pneigh_hash(pkey, key_len);
583
584 read_lock_bh(&tbl->lock);
585 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
586 net, pkey, key_len, dev);
587 read_unlock_bh(&tbl->lock);
588
589 if (n || !creat)
590 goto out;
591
592 ASSERT_RTNL();
593
594 n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL);
595 if (!n)
596 goto out;
597
598 write_pnet(&n->net, net);
599 memcpy(n->key, pkey, key_len);
600 n->dev = dev;
601 if (dev)
602 dev_hold(dev);
603
604 if (tbl->pconstructor && tbl->pconstructor(n)) {
605 if (dev)
606 dev_put(dev);
607 kfree(n);
608 n = NULL;
609 goto out;
610 }
611
612 write_lock_bh(&tbl->lock);
613 n->next = tbl->phash_buckets[hash_val];
614 tbl->phash_buckets[hash_val] = n;
615 write_unlock_bh(&tbl->lock);
616out:
617 return n;
618}
619EXPORT_SYMBOL(pneigh_lookup);
620
621
622int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
623 struct net_device *dev)
624{
625 struct pneigh_entry *n, **np;
626 int key_len = tbl->key_len;
627 u32 hash_val = pneigh_hash(pkey, key_len);
628
629 write_lock_bh(&tbl->lock);
630 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
631 np = &n->next) {
632 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
633 net_eq(pneigh_net(n), net)) {
634 *np = n->next;
635 write_unlock_bh(&tbl->lock);
636 if (tbl->pdestructor)
637 tbl->pdestructor(n);
638 if (n->dev)
639 dev_put(n->dev);
640 kfree(n);
641 return 0;
642 }
643 }
644 write_unlock_bh(&tbl->lock);
645 return -ENOENT;
646}
647
648static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
649{
650 struct pneigh_entry *n, **np;
651 u32 h;
652
653 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
654 np = &tbl->phash_buckets[h];
655 while ((n = *np) != NULL) {
656 if (!dev || n->dev == dev) {
657 *np = n->next;
658 if (tbl->pdestructor)
659 tbl->pdestructor(n);
660 if (n->dev)
661 dev_put(n->dev);
662 kfree(n);
663 continue;
664 }
665 np = &n->next;
666 }
667 }
668 return -ENOENT;
669}
670
671static void neigh_parms_destroy(struct neigh_parms *parms);
672
673static inline void neigh_parms_put(struct neigh_parms *parms)
674{
675 if (atomic_dec_and_test(&parms->refcnt))
676 neigh_parms_destroy(parms);
677}
678
679/*
680 * neighbour must already be out of the table;
681 *
682 */
683void neigh_destroy(struct neighbour *neigh)
684{
685 struct net_device *dev = neigh->dev;
686
687 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
688
689 if (!neigh->dead) {
690 pr_warn("Destroying alive neighbour %p\n", neigh);
691 dump_stack();
692 return;
693 }
694
695 if (neigh_del_timer(neigh))
696 pr_warn("Impossible event\n");
697
698 write_lock_bh(&neigh->lock);
699 __skb_queue_purge(&neigh->arp_queue);
700 write_unlock_bh(&neigh->lock);
701 neigh->arp_queue_len_bytes = 0;
702
703 if (dev->netdev_ops->ndo_neigh_destroy)
704 dev->netdev_ops->ndo_neigh_destroy(neigh);
705
706 dev_put(dev);
707 neigh_parms_put(neigh->parms);
708
709 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
710
711 atomic_dec(&neigh->tbl->entries);
712 kfree_rcu(neigh, rcu);
713}
714EXPORT_SYMBOL(neigh_destroy);
715
716/* Neighbour state is suspicious;
717 disable fast path.
718
719 Called with write_locked neigh.
720 */
721static void neigh_suspect(struct neighbour *neigh)
722{
723 neigh_dbg(2, "neigh %p is suspected\n", neigh);
724
725 neigh->output = neigh->ops->output;
726}
727
728/* Neighbour state is OK;
729 enable fast path.
730
731 Called with write_locked neigh.
732 */
733static void neigh_connect(struct neighbour *neigh)
734{
735 neigh_dbg(2, "neigh %p is connected\n", neigh);
736
737 neigh->output = neigh->ops->connected_output;
738}
739
740static void neigh_periodic_work(struct work_struct *work)
741{
742 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
743 struct neighbour *n;
744 struct neighbour __rcu **np;
745 unsigned int i;
746 struct neigh_hash_table *nht;
747
748 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
749
750 write_lock_bh(&tbl->lock);
751 nht = rcu_dereference_protected(tbl->nht,
752 lockdep_is_held(&tbl->lock));
753
754 /*
755 * periodically recompute ReachableTime from random function
756 */
757
758 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
759 struct neigh_parms *p;
760 tbl->last_rand = jiffies;
761 list_for_each_entry(p, &tbl->parms_list, list)
762 p->reachable_time =
763 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
764 }
765
766 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
767 goto out;
768
769 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
770 np = &nht->hash_buckets[i];
771
772 while ((n = rcu_dereference_protected(*np,
773 lockdep_is_held(&tbl->lock))) != NULL) {
774 unsigned int state;
775
776 write_lock(&n->lock);
777
778 state = n->nud_state;
779 if (state & (NUD_PERMANENT | NUD_IN_TIMER)) {
780 write_unlock(&n->lock);
781 goto next_elt;
782 }
783
784 if (time_before(n->used, n->confirmed))
785 n->used = n->confirmed;
786
787 if (atomic_read(&n->refcnt) == 1 &&
788 (state == NUD_FAILED ||
789 time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
790 *np = n->next;
791 n->dead = 1;
792 write_unlock(&n->lock);
793 neigh_cleanup_and_release(n);
794 continue;
795 }
796 write_unlock(&n->lock);
797
798next_elt:
799 np = &n->next;
800 }
801 /*
802 * It's fine to release lock here, even if hash table
803 * grows while we are preempted.
804 */
805 write_unlock_bh(&tbl->lock);
806 cond_resched();
807 write_lock_bh(&tbl->lock);
808 nht = rcu_dereference_protected(tbl->nht,
809 lockdep_is_held(&tbl->lock));
810 }
811out:
812 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
813 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
814 * BASE_REACHABLE_TIME.
815 */
816 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
817 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
818 write_unlock_bh(&tbl->lock);
819}
820
821static __inline__ int neigh_max_probes(struct neighbour *n)
822{
823 struct neigh_parms *p = n->parms;
824 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
825 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
826 NEIGH_VAR(p, MCAST_PROBES));
827}
828
829static void neigh_invalidate(struct neighbour *neigh)
830 __releases(neigh->lock)
831 __acquires(neigh->lock)
832{
833 struct sk_buff *skb;
834
835 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
836 neigh_dbg(2, "neigh %p is failed\n", neigh);
837 neigh->updated = jiffies;
838
839 /* It is very thin place. report_unreachable is very complicated
840 routine. Particularly, it can hit the same neighbour entry!
841
842 So that, we try to be accurate and avoid dead loop. --ANK
843 */
844 while (neigh->nud_state == NUD_FAILED &&
845 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
846 write_unlock(&neigh->lock);
847 neigh->ops->error_report(neigh, skb);
848 write_lock(&neigh->lock);
849 }
850 __skb_queue_purge(&neigh->arp_queue);
851 neigh->arp_queue_len_bytes = 0;
852}
853
854static void neigh_probe(struct neighbour *neigh)
855 __releases(neigh->lock)
856{
857 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
858 /* keep skb alive even if arp_queue overflows */
859 if (skb)
860 skb = skb_clone(skb, GFP_ATOMIC);
861 write_unlock(&neigh->lock);
862 neigh->ops->solicit(neigh, skb);
863 atomic_inc(&neigh->probes);
864 kfree_skb(skb);
865}
866
867/* Called when a timer expires for a neighbour entry. */
868
869static void neigh_timer_handler(unsigned long arg)
870{
871 unsigned long now, next;
872 struct neighbour *neigh = (struct neighbour *)arg;
873 unsigned int state;
874 int notify = 0;
875
876 write_lock(&neigh->lock);
877
878 state = neigh->nud_state;
879 now = jiffies;
880 next = now + HZ;
881
882 if (!(state & NUD_IN_TIMER))
883 goto out;
884
885 if (state & NUD_REACHABLE) {
886 if (time_before_eq(now,
887 neigh->confirmed + neigh->parms->reachable_time)) {
888 neigh_dbg(2, "neigh %p is still alive\n", neigh);
889 next = neigh->confirmed + neigh->parms->reachable_time;
890 } else if (time_before_eq(now,
891 neigh->used +
892 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
893 neigh_dbg(2, "neigh %p is delayed\n", neigh);
894 neigh->nud_state = NUD_DELAY;
895 neigh->updated = jiffies;
896 neigh_suspect(neigh);
897 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
898 } else {
899 neigh_dbg(2, "neigh %p is suspected\n", neigh);
900 neigh->nud_state = NUD_STALE;
901 neigh->updated = jiffies;
902 neigh_suspect(neigh);
903 notify = 1;
904 }
905 } else if (state & NUD_DELAY) {
906 if (time_before_eq(now,
907 neigh->confirmed +
908 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
909 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
910 neigh->nud_state = NUD_REACHABLE;
911 neigh->updated = jiffies;
912 neigh_connect(neigh);
913 notify = 1;
914 next = neigh->confirmed + neigh->parms->reachable_time;
915 } else {
916 neigh_dbg(2, "neigh %p is probed\n", neigh);
917 neigh->nud_state = NUD_PROBE;
918 neigh->updated = jiffies;
919 atomic_set(&neigh->probes, 0);
920 notify = 1;
921 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
922 }
923 } else {
924 /* NUD_PROBE|NUD_INCOMPLETE */
925 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
926 }
927
928 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
929 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
930 neigh->nud_state = NUD_FAILED;
931 notify = 1;
932 neigh_invalidate(neigh);
933 goto out;
934 }
935
936 if (neigh->nud_state & NUD_IN_TIMER) {
937 if (time_before(next, jiffies + HZ/2))
938 next = jiffies + HZ/2;
939 if (!mod_timer(&neigh->timer, next))
940 neigh_hold(neigh);
941 }
942 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
943 neigh_probe(neigh);
944 } else {
945out:
946 write_unlock(&neigh->lock);
947 }
948
949 if (notify)
950 neigh_update_notify(neigh);
951
952 neigh_release(neigh);
953}
954
955int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
956{
957 int rc;
958 bool immediate_probe = false;
959
960 write_lock_bh(&neigh->lock);
961
962 rc = 0;
963 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
964 goto out_unlock_bh;
965 if (neigh->dead)
966 goto out_dead;
967
968 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
969 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
970 NEIGH_VAR(neigh->parms, APP_PROBES)) {
971 unsigned long next, now = jiffies;
972
973 atomic_set(&neigh->probes,
974 NEIGH_VAR(neigh->parms, UCAST_PROBES));
975 neigh->nud_state = NUD_INCOMPLETE;
976 neigh->updated = now;
977 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
978 HZ/2);
979 neigh_add_timer(neigh, next);
980 immediate_probe = true;
981 } else {
982 neigh->nud_state = NUD_FAILED;
983 neigh->updated = jiffies;
984 write_unlock_bh(&neigh->lock);
985
986 kfree_skb(skb);
987 return 1;
988 }
989 } else if (neigh->nud_state & NUD_STALE) {
990 neigh_dbg(2, "neigh %p is delayed\n", neigh);
991 neigh->nud_state = NUD_DELAY;
992 neigh->updated = jiffies;
993 neigh_add_timer(neigh, jiffies +
994 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
995 }
996
997 if (neigh->nud_state == NUD_INCOMPLETE) {
998 if (skb) {
999 while (neigh->arp_queue_len_bytes + skb->truesize >
1000 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1001 struct sk_buff *buff;
1002
1003 buff = __skb_dequeue(&neigh->arp_queue);
1004 if (!buff)
1005 break;
1006 neigh->arp_queue_len_bytes -= buff->truesize;
1007 kfree_skb(buff);
1008 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1009 }
1010 skb_dst_force(skb);
1011 __skb_queue_tail(&neigh->arp_queue, skb);
1012 neigh->arp_queue_len_bytes += skb->truesize;
1013 }
1014 rc = 1;
1015 }
1016out_unlock_bh:
1017 if (immediate_probe)
1018 neigh_probe(neigh);
1019 else
1020 write_unlock(&neigh->lock);
1021 local_bh_enable();
1022 return rc;
1023
1024out_dead:
1025 if (neigh->nud_state & NUD_STALE)
1026 goto out_unlock_bh;
1027 write_unlock_bh(&neigh->lock);
1028 kfree_skb(skb);
1029 return 1;
1030}
1031EXPORT_SYMBOL(__neigh_event_send);
1032
1033static void neigh_update_hhs(struct neighbour *neigh)
1034{
1035 struct hh_cache *hh;
1036 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1037 = NULL;
1038
1039 if (neigh->dev->header_ops)
1040 update = neigh->dev->header_ops->cache_update;
1041
1042 if (update) {
1043 hh = &neigh->hh;
1044 if (hh->hh_len) {
1045 write_seqlock_bh(&hh->hh_lock);
1046 update(hh, neigh->dev, neigh->ha);
1047 write_sequnlock_bh(&hh->hh_lock);
1048 }
1049 }
1050}
1051
1052
1053
1054/* Generic update routine.
1055 -- lladdr is new lladdr or NULL, if it is not supplied.
1056 -- new is new state.
1057 -- flags
1058 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1059 if it is different.
1060 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1061 lladdr instead of overriding it
1062 if it is different.
1063 It also allows to retain current state
1064 if lladdr is unchanged.
1065 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1066
1067 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1068 NTF_ROUTER flag.
1069 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1070 a router.
1071
1072 Caller MUST hold reference count on the entry.
1073 */
1074
1075int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1076 u32 flags)
1077{
1078 u8 old;
1079 int err;
1080 int notify = 0;
1081 struct net_device *dev;
1082 int update_isrouter = 0;
1083
1084 write_lock_bh(&neigh->lock);
1085
1086 dev = neigh->dev;
1087 old = neigh->nud_state;
1088 err = -EPERM;
1089
1090 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1091 (old & (NUD_NOARP | NUD_PERMANENT)))
1092 goto out;
1093 if (neigh->dead)
1094 goto out;
1095
1096 if (!(new & NUD_VALID)) {
1097 neigh_del_timer(neigh);
1098 if (old & NUD_CONNECTED)
1099 neigh_suspect(neigh);
1100 neigh->nud_state = new;
1101 err = 0;
1102 notify = old & NUD_VALID;
1103 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1104 (new & NUD_FAILED)) {
1105 neigh_invalidate(neigh);
1106 notify = 1;
1107 }
1108 goto out;
1109 }
1110
1111 /* Compare new lladdr with cached one */
1112 if (!dev->addr_len) {
1113 /* First case: device needs no address. */
1114 lladdr = neigh->ha;
1115 } else if (lladdr) {
1116 /* The second case: if something is already cached
1117 and a new address is proposed:
1118 - compare new & old
1119 - if they are different, check override flag
1120 */
1121 if ((old & NUD_VALID) &&
1122 !memcmp(lladdr, neigh->ha, dev->addr_len))
1123 lladdr = neigh->ha;
1124 } else {
1125 /* No address is supplied; if we know something,
1126 use it, otherwise discard the request.
1127 */
1128 err = -EINVAL;
1129 if (!(old & NUD_VALID))
1130 goto out;
1131 lladdr = neigh->ha;
1132 }
1133
1134 if (new & NUD_CONNECTED)
1135 neigh->confirmed = jiffies;
1136 neigh->updated = jiffies;
1137
1138 /* If entry was valid and address is not changed,
1139 do not change entry state, if new one is STALE.
1140 */
1141 err = 0;
1142 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1143 if (old & NUD_VALID) {
1144 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1145 update_isrouter = 0;
1146 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1147 (old & NUD_CONNECTED)) {
1148 lladdr = neigh->ha;
1149 new = NUD_STALE;
1150 } else
1151 goto out;
1152 } else {
1153 if (lladdr == neigh->ha && new == NUD_STALE &&
1154 ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) ||
1155 (old & NUD_CONNECTED))
1156 )
1157 new = old;
1158 }
1159 }
1160
1161 if (new != old) {
1162 neigh_del_timer(neigh);
1163 if (new & NUD_PROBE)
1164 atomic_set(&neigh->probes, 0);
1165 if (new & NUD_IN_TIMER)
1166 neigh_add_timer(neigh, (jiffies +
1167 ((new & NUD_REACHABLE) ?
1168 neigh->parms->reachable_time :
1169 0)));
1170 neigh->nud_state = new;
1171 notify = 1;
1172 }
1173
1174 if (lladdr != neigh->ha) {
1175 write_seqlock(&neigh->ha_lock);
1176 memcpy(&neigh->ha, lladdr, dev->addr_len);
1177 write_sequnlock(&neigh->ha_lock);
1178 neigh_update_hhs(neigh);
1179 if (!(new & NUD_CONNECTED))
1180 neigh->confirmed = jiffies -
1181 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1182 notify = 1;
1183 }
1184 if (new == old)
1185 goto out;
1186 if (new & NUD_CONNECTED)
1187 neigh_connect(neigh);
1188 else
1189 neigh_suspect(neigh);
1190 if (!(old & NUD_VALID)) {
1191 struct sk_buff *skb;
1192
1193 /* Again: avoid dead loop if something went wrong */
1194
1195 while (neigh->nud_state & NUD_VALID &&
1196 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1197 struct dst_entry *dst = skb_dst(skb);
1198 struct neighbour *n2, *n1 = neigh;
1199 write_unlock_bh(&neigh->lock);
1200
1201 rcu_read_lock();
1202
1203 /* Why not just use 'neigh' as-is? The problem is that
1204 * things such as shaper, eql, and sch_teql can end up
1205 * using alternative, different, neigh objects to output
1206 * the packet in the output path. So what we need to do
1207 * here is re-lookup the top-level neigh in the path so
1208 * we can reinject the packet there.
1209 */
1210 n2 = NULL;
1211 if (dst) {
1212 n2 = dst_neigh_lookup_skb(dst, skb);
1213 if (n2)
1214 n1 = n2;
1215 }
1216 n1->output(n1, skb);
1217 if (n2)
1218 neigh_release(n2);
1219 rcu_read_unlock();
1220
1221 write_lock_bh(&neigh->lock);
1222 }
1223 __skb_queue_purge(&neigh->arp_queue);
1224 neigh->arp_queue_len_bytes = 0;
1225 }
1226out:
1227 if (update_isrouter) {
1228 neigh->flags = (flags & NEIGH_UPDATE_F_ISROUTER) ?
1229 (neigh->flags | NTF_ROUTER) :
1230 (neigh->flags & ~NTF_ROUTER);
1231 }
1232 write_unlock_bh(&neigh->lock);
1233
1234 if (notify)
1235 neigh_update_notify(neigh);
1236
1237 return err;
1238}
1239EXPORT_SYMBOL(neigh_update);
1240
1241/* Update the neigh to listen temporarily for probe responses, even if it is
1242 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1243 */
1244void __neigh_set_probe_once(struct neighbour *neigh)
1245{
1246 if (neigh->dead)
1247 return;
1248 neigh->updated = jiffies;
1249 if (!(neigh->nud_state & NUD_FAILED))
1250 return;
1251 neigh->nud_state = NUD_INCOMPLETE;
1252 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1253 neigh_add_timer(neigh,
1254 jiffies + NEIGH_VAR(neigh->parms, RETRANS_TIME));
1255}
1256EXPORT_SYMBOL(__neigh_set_probe_once);
1257
1258struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1259 u8 *lladdr, void *saddr,
1260 struct net_device *dev)
1261{
1262 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1263 lladdr || !dev->addr_len);
1264 if (neigh)
1265 neigh_update(neigh, lladdr, NUD_STALE,
1266 NEIGH_UPDATE_F_OVERRIDE);
1267 return neigh;
1268}
1269EXPORT_SYMBOL(neigh_event_ns);
1270
1271/* called with read_lock_bh(&n->lock); */
1272static void neigh_hh_init(struct neighbour *n)
1273{
1274 struct net_device *dev = n->dev;
1275 __be16 prot = n->tbl->protocol;
1276 struct hh_cache *hh = &n->hh;
1277
1278 write_lock_bh(&n->lock);
1279
1280 /* Only one thread can come in here and initialize the
1281 * hh_cache entry.
1282 */
1283 if (!hh->hh_len)
1284 dev->header_ops->cache(n, hh, prot);
1285
1286 write_unlock_bh(&n->lock);
1287}
1288
1289/* Slow and careful. */
1290
1291int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1292{
1293 int rc = 0;
1294
1295 if (!neigh_event_send(neigh, skb)) {
1296 int err;
1297 struct net_device *dev = neigh->dev;
1298 unsigned int seq;
1299
1300 if (dev->header_ops->cache && !neigh->hh.hh_len)
1301 neigh_hh_init(neigh);
1302
1303 do {
1304 __skb_pull(skb, skb_network_offset(skb));
1305 seq = read_seqbegin(&neigh->ha_lock);
1306 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1307 neigh->ha, NULL, skb->len);
1308 } while (read_seqretry(&neigh->ha_lock, seq));
1309
1310 if (err >= 0)
1311 rc = dev_queue_xmit(skb);
1312 else
1313 goto out_kfree_skb;
1314 }
1315out:
1316 return rc;
1317out_kfree_skb:
1318 rc = -EINVAL;
1319 kfree_skb(skb);
1320 goto out;
1321}
1322EXPORT_SYMBOL(neigh_resolve_output);
1323
1324/* As fast as possible without hh cache */
1325
1326int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1327{
1328 struct net_device *dev = neigh->dev;
1329 unsigned int seq;
1330 int err;
1331
1332 do {
1333 __skb_pull(skb, skb_network_offset(skb));
1334 seq = read_seqbegin(&neigh->ha_lock);
1335 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1336 neigh->ha, NULL, skb->len);
1337 } while (read_seqretry(&neigh->ha_lock, seq));
1338
1339 if (err >= 0)
1340 err = dev_queue_xmit(skb);
1341 else {
1342 err = -EINVAL;
1343 kfree_skb(skb);
1344 }
1345 return err;
1346}
1347EXPORT_SYMBOL(neigh_connected_output);
1348
1349int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1350{
1351 return dev_queue_xmit(skb);
1352}
1353EXPORT_SYMBOL(neigh_direct_output);
1354
1355static void neigh_proxy_process(unsigned long arg)
1356{
1357 struct neigh_table *tbl = (struct neigh_table *)arg;
1358 long sched_next = 0;
1359 unsigned long now = jiffies;
1360 struct sk_buff *skb, *n;
1361
1362 spin_lock(&tbl->proxy_queue.lock);
1363
1364 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1365 long tdif = NEIGH_CB(skb)->sched_next - now;
1366
1367 if (tdif <= 0) {
1368 struct net_device *dev = skb->dev;
1369
1370 __skb_unlink(skb, &tbl->proxy_queue);
1371 if (tbl->proxy_redo && netif_running(dev)) {
1372 rcu_read_lock();
1373 tbl->proxy_redo(skb);
1374 rcu_read_unlock();
1375 } else {
1376 kfree_skb(skb);
1377 }
1378
1379 dev_put(dev);
1380 } else if (!sched_next || tdif < sched_next)
1381 sched_next = tdif;
1382 }
1383 del_timer(&tbl->proxy_timer);
1384 if (sched_next)
1385 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1386 spin_unlock(&tbl->proxy_queue.lock);
1387}
1388
1389void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1390 struct sk_buff *skb)
1391{
1392 unsigned long now = jiffies;
1393
1394 unsigned long sched_next = now + (prandom_u32() %
1395 NEIGH_VAR(p, PROXY_DELAY));
1396
1397 if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1398 kfree_skb(skb);
1399 return;
1400 }
1401
1402 NEIGH_CB(skb)->sched_next = sched_next;
1403 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1404
1405 spin_lock(&tbl->proxy_queue.lock);
1406 if (del_timer(&tbl->proxy_timer)) {
1407 if (time_before(tbl->proxy_timer.expires, sched_next))
1408 sched_next = tbl->proxy_timer.expires;
1409 }
1410 skb_dst_drop(skb);
1411 dev_hold(skb->dev);
1412 __skb_queue_tail(&tbl->proxy_queue, skb);
1413 mod_timer(&tbl->proxy_timer, sched_next);
1414 spin_unlock(&tbl->proxy_queue.lock);
1415}
1416EXPORT_SYMBOL(pneigh_enqueue);
1417
1418static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1419 struct net *net, int ifindex)
1420{
1421 struct neigh_parms *p;
1422
1423 list_for_each_entry(p, &tbl->parms_list, list) {
1424 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1425 (!p->dev && !ifindex && net_eq(net, &init_net)))
1426 return p;
1427 }
1428
1429 return NULL;
1430}
1431
1432struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1433 struct neigh_table *tbl)
1434{
1435 struct neigh_parms *p;
1436 struct net *net = dev_net(dev);
1437 const struct net_device_ops *ops = dev->netdev_ops;
1438
1439 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1440 if (p) {
1441 p->tbl = tbl;
1442 atomic_set(&p->refcnt, 1);
1443 p->reachable_time =
1444 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1445 dev_hold(dev);
1446 p->dev = dev;
1447 write_pnet(&p->net, net);
1448 p->sysctl_table = NULL;
1449
1450 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1451 dev_put(dev);
1452 kfree(p);
1453 return NULL;
1454 }
1455
1456 write_lock_bh(&tbl->lock);
1457 list_add(&p->list, &tbl->parms.list);
1458 write_unlock_bh(&tbl->lock);
1459
1460 neigh_parms_data_state_cleanall(p);
1461 }
1462 return p;
1463}
1464EXPORT_SYMBOL(neigh_parms_alloc);
1465
1466static void neigh_rcu_free_parms(struct rcu_head *head)
1467{
1468 struct neigh_parms *parms =
1469 container_of(head, struct neigh_parms, rcu_head);
1470
1471 neigh_parms_put(parms);
1472}
1473
1474void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1475{
1476 if (!parms || parms == &tbl->parms)
1477 return;
1478 write_lock_bh(&tbl->lock);
1479 list_del(&parms->list);
1480 parms->dead = 1;
1481 write_unlock_bh(&tbl->lock);
1482 if (parms->dev)
1483 dev_put(parms->dev);
1484 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1485}
1486EXPORT_SYMBOL(neigh_parms_release);
1487
1488static void neigh_parms_destroy(struct neigh_parms *parms)
1489{
1490 kfree(parms);
1491}
1492
1493static struct lock_class_key neigh_table_proxy_queue_class;
1494
1495static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1496
1497void neigh_table_init(int index, struct neigh_table *tbl)
1498{
1499 unsigned long now = jiffies;
1500 unsigned long phsize;
1501
1502 INIT_LIST_HEAD(&tbl->parms_list);
1503 list_add(&tbl->parms.list, &tbl->parms_list);
1504 write_pnet(&tbl->parms.net, &init_net);
1505 atomic_set(&tbl->parms.refcnt, 1);
1506 tbl->parms.reachable_time =
1507 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1508
1509 tbl->stats = alloc_percpu(struct neigh_statistics);
1510 if (!tbl->stats)
1511 panic("cannot create neighbour cache statistics");
1512
1513#ifdef CONFIG_PROC_FS
1514 if (!proc_create_data(tbl->id, 0, init_net.proc_net_stat,
1515 &neigh_stat_seq_fops, tbl))
1516 panic("cannot create neighbour proc dir entry");
1517#endif
1518
1519 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1520
1521 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1522 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1523
1524 if (!tbl->nht || !tbl->phash_buckets)
1525 panic("cannot allocate neighbour cache hashes");
1526
1527 if (!tbl->entry_size)
1528 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1529 tbl->key_len, NEIGH_PRIV_ALIGN);
1530 else
1531 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1532
1533 rwlock_init(&tbl->lock);
1534 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1535 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1536 tbl->parms.reachable_time);
1537 setup_timer(&tbl->proxy_timer, neigh_proxy_process, (unsigned long)tbl);
1538 skb_queue_head_init_class(&tbl->proxy_queue,
1539 &neigh_table_proxy_queue_class);
1540
1541 tbl->last_flush = now;
1542 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1543
1544 neigh_tables[index] = tbl;
1545}
1546EXPORT_SYMBOL(neigh_table_init);
1547
1548int neigh_table_clear(int index, struct neigh_table *tbl)
1549{
1550 neigh_tables[index] = NULL;
1551 /* It is not clean... Fix it to unload IPv6 module safely */
1552 cancel_delayed_work_sync(&tbl->gc_work);
1553 del_timer_sync(&tbl->proxy_timer);
1554 pneigh_queue_purge(&tbl->proxy_queue);
1555 neigh_ifdown(tbl, NULL);
1556 if (atomic_read(&tbl->entries))
1557 pr_crit("neighbour leakage\n");
1558
1559 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1560 neigh_hash_free_rcu);
1561 tbl->nht = NULL;
1562
1563 kfree(tbl->phash_buckets);
1564 tbl->phash_buckets = NULL;
1565
1566 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1567
1568 free_percpu(tbl->stats);
1569 tbl->stats = NULL;
1570
1571 return 0;
1572}
1573EXPORT_SYMBOL(neigh_table_clear);
1574
1575static struct neigh_table *neigh_find_table(int family)
1576{
1577 struct neigh_table *tbl = NULL;
1578
1579 switch (family) {
1580 case AF_INET:
1581 tbl = neigh_tables[NEIGH_ARP_TABLE];
1582 break;
1583 case AF_INET6:
1584 tbl = neigh_tables[NEIGH_ND_TABLE];
1585 break;
1586 case AF_DECnet:
1587 tbl = neigh_tables[NEIGH_DN_TABLE];
1588 break;
1589 }
1590
1591 return tbl;
1592}
1593
1594static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh)
1595{
1596 struct net *net = sock_net(skb->sk);
1597 struct ndmsg *ndm;
1598 struct nlattr *dst_attr;
1599 struct neigh_table *tbl;
1600 struct neighbour *neigh;
1601 struct net_device *dev = NULL;
1602 int err = -EINVAL;
1603
1604 ASSERT_RTNL();
1605 if (nlmsg_len(nlh) < sizeof(*ndm))
1606 goto out;
1607
1608 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1609 if (dst_attr == NULL)
1610 goto out;
1611
1612 ndm = nlmsg_data(nlh);
1613 if (ndm->ndm_ifindex) {
1614 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1615 if (dev == NULL) {
1616 err = -ENODEV;
1617 goto out;
1618 }
1619 }
1620
1621 tbl = neigh_find_table(ndm->ndm_family);
1622 if (tbl == NULL)
1623 return -EAFNOSUPPORT;
1624
1625 if (nla_len(dst_attr) < tbl->key_len)
1626 goto out;
1627
1628 if (ndm->ndm_flags & NTF_PROXY) {
1629 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1630 goto out;
1631 }
1632
1633 if (dev == NULL)
1634 goto out;
1635
1636 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1637 if (neigh == NULL) {
1638 err = -ENOENT;
1639 goto out;
1640 }
1641
1642 err = neigh_update(neigh, NULL, NUD_FAILED,
1643 NEIGH_UPDATE_F_OVERRIDE |
1644 NEIGH_UPDATE_F_ADMIN);
1645 neigh_release(neigh);
1646
1647out:
1648 return err;
1649}
1650
1651static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh)
1652{
1653 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE;
1654 struct net *net = sock_net(skb->sk);
1655 struct ndmsg *ndm;
1656 struct nlattr *tb[NDA_MAX+1];
1657 struct neigh_table *tbl;
1658 struct net_device *dev = NULL;
1659 struct neighbour *neigh;
1660 void *dst, *lladdr;
1661 int err;
1662
1663 ASSERT_RTNL();
1664 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
1665 if (err < 0)
1666 goto out;
1667
1668 err = -EINVAL;
1669 if (tb[NDA_DST] == NULL)
1670 goto out;
1671
1672 ndm = nlmsg_data(nlh);
1673 if (ndm->ndm_ifindex) {
1674 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1675 if (dev == NULL) {
1676 err = -ENODEV;
1677 goto out;
1678 }
1679
1680 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len)
1681 goto out;
1682 }
1683
1684 tbl = neigh_find_table(ndm->ndm_family);
1685 if (tbl == NULL)
1686 return -EAFNOSUPPORT;
1687
1688 if (nla_len(tb[NDA_DST]) < tbl->key_len)
1689 goto out;
1690 dst = nla_data(tb[NDA_DST]);
1691 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1692
1693 if (ndm->ndm_flags & NTF_PROXY) {
1694 struct pneigh_entry *pn;
1695
1696 err = -ENOBUFS;
1697 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1698 if (pn) {
1699 pn->flags = ndm->ndm_flags;
1700 err = 0;
1701 }
1702 goto out;
1703 }
1704
1705 if (dev == NULL)
1706 goto out;
1707
1708 neigh = neigh_lookup(tbl, dst, dev);
1709 if (neigh == NULL) {
1710 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1711 err = -ENOENT;
1712 goto out;
1713 }
1714
1715 neigh = __neigh_lookup_errno(tbl, dst, dev);
1716 if (IS_ERR(neigh)) {
1717 err = PTR_ERR(neigh);
1718 goto out;
1719 }
1720 } else {
1721 if (nlh->nlmsg_flags & NLM_F_EXCL) {
1722 err = -EEXIST;
1723 neigh_release(neigh);
1724 goto out;
1725 }
1726
1727 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1728 flags &= ~NEIGH_UPDATE_F_OVERRIDE;
1729 }
1730
1731 if (ndm->ndm_flags & NTF_USE) {
1732 neigh_event_send(neigh, NULL);
1733 err = 0;
1734 } else
1735 err = neigh_update(neigh, lladdr, ndm->ndm_state, flags);
1736 neigh_release(neigh);
1737
1738out:
1739 return err;
1740}
1741
1742static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1743{
1744 struct nlattr *nest;
1745
1746 nest = nla_nest_start(skb, NDTA_PARMS);
1747 if (nest == NULL)
1748 return -ENOBUFS;
1749
1750 if ((parms->dev &&
1751 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
1752 nla_put_u32(skb, NDTPA_REFCNT, atomic_read(&parms->refcnt)) ||
1753 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
1754 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
1755 /* approximative value for deprecated QUEUE_LEN (in packets) */
1756 nla_put_u32(skb, NDTPA_QUEUE_LEN,
1757 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
1758 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
1759 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
1760 nla_put_u32(skb, NDTPA_UCAST_PROBES,
1761 NEIGH_VAR(parms, UCAST_PROBES)) ||
1762 nla_put_u32(skb, NDTPA_MCAST_PROBES,
1763 NEIGH_VAR(parms, MCAST_PROBES)) ||
1764 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
1765 NEIGH_VAR(parms, MCAST_REPROBES)) ||
1766 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time) ||
1767 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
1768 NEIGH_VAR(parms, BASE_REACHABLE_TIME)) ||
1769 nla_put_msecs(skb, NDTPA_GC_STALETIME,
1770 NEIGH_VAR(parms, GC_STALETIME)) ||
1771 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
1772 NEIGH_VAR(parms, DELAY_PROBE_TIME)) ||
1773 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
1774 NEIGH_VAR(parms, RETRANS_TIME)) ||
1775 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
1776 NEIGH_VAR(parms, ANYCAST_DELAY)) ||
1777 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
1778 NEIGH_VAR(parms, PROXY_DELAY)) ||
1779 nla_put_msecs(skb, NDTPA_LOCKTIME,
1780 NEIGH_VAR(parms, LOCKTIME)))
1781 goto nla_put_failure;
1782 return nla_nest_end(skb, nest);
1783
1784nla_put_failure:
1785 nla_nest_cancel(skb, nest);
1786 return -EMSGSIZE;
1787}
1788
1789static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
1790 u32 pid, u32 seq, int type, int flags)
1791{
1792 struct nlmsghdr *nlh;
1793 struct ndtmsg *ndtmsg;
1794
1795 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
1796 if (nlh == NULL)
1797 return -EMSGSIZE;
1798
1799 ndtmsg = nlmsg_data(nlh);
1800
1801 read_lock_bh(&tbl->lock);
1802 ndtmsg->ndtm_family = tbl->family;
1803 ndtmsg->ndtm_pad1 = 0;
1804 ndtmsg->ndtm_pad2 = 0;
1805
1806 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
1807 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval) ||
1808 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
1809 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
1810 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
1811 goto nla_put_failure;
1812 {
1813 unsigned long now = jiffies;
1814 unsigned int flush_delta = now - tbl->last_flush;
1815 unsigned int rand_delta = now - tbl->last_rand;
1816 struct neigh_hash_table *nht;
1817 struct ndt_config ndc = {
1818 .ndtc_key_len = tbl->key_len,
1819 .ndtc_entry_size = tbl->entry_size,
1820 .ndtc_entries = atomic_read(&tbl->entries),
1821 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
1822 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
1823 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
1824 };
1825
1826 rcu_read_lock_bh();
1827 nht = rcu_dereference_bh(tbl->nht);
1828 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
1829 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
1830 rcu_read_unlock_bh();
1831
1832 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
1833 goto nla_put_failure;
1834 }
1835
1836 {
1837 int cpu;
1838 struct ndt_stats ndst;
1839
1840 memset(&ndst, 0, sizeof(ndst));
1841
1842 for_each_possible_cpu(cpu) {
1843 struct neigh_statistics *st;
1844
1845 st = per_cpu_ptr(tbl->stats, cpu);
1846 ndst.ndts_allocs += st->allocs;
1847 ndst.ndts_destroys += st->destroys;
1848 ndst.ndts_hash_grows += st->hash_grows;
1849 ndst.ndts_res_failed += st->res_failed;
1850 ndst.ndts_lookups += st->lookups;
1851 ndst.ndts_hits += st->hits;
1852 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
1853 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
1854 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
1855 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
1856 ndst.ndts_table_fulls += st->table_fulls;
1857 }
1858
1859 if (nla_put(skb, NDTA_STATS, sizeof(ndst), &ndst))
1860 goto nla_put_failure;
1861 }
1862
1863 BUG_ON(tbl->parms.dev);
1864 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
1865 goto nla_put_failure;
1866
1867 read_unlock_bh(&tbl->lock);
1868 nlmsg_end(skb, nlh);
1869 return 0;
1870
1871nla_put_failure:
1872 read_unlock_bh(&tbl->lock);
1873 nlmsg_cancel(skb, nlh);
1874 return -EMSGSIZE;
1875}
1876
1877static int neightbl_fill_param_info(struct sk_buff *skb,
1878 struct neigh_table *tbl,
1879 struct neigh_parms *parms,
1880 u32 pid, u32 seq, int type,
1881 unsigned int flags)
1882{
1883 struct ndtmsg *ndtmsg;
1884 struct nlmsghdr *nlh;
1885
1886 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
1887 if (nlh == NULL)
1888 return -EMSGSIZE;
1889
1890 ndtmsg = nlmsg_data(nlh);
1891
1892 read_lock_bh(&tbl->lock);
1893 ndtmsg->ndtm_family = tbl->family;
1894 ndtmsg->ndtm_pad1 = 0;
1895 ndtmsg->ndtm_pad2 = 0;
1896
1897 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
1898 neightbl_fill_parms(skb, parms) < 0)
1899 goto errout;
1900
1901 read_unlock_bh(&tbl->lock);
1902 nlmsg_end(skb, nlh);
1903 return 0;
1904errout:
1905 read_unlock_bh(&tbl->lock);
1906 nlmsg_cancel(skb, nlh);
1907 return -EMSGSIZE;
1908}
1909
1910static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
1911 [NDTA_NAME] = { .type = NLA_STRING },
1912 [NDTA_THRESH1] = { .type = NLA_U32 },
1913 [NDTA_THRESH2] = { .type = NLA_U32 },
1914 [NDTA_THRESH3] = { .type = NLA_U32 },
1915 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
1916 [NDTA_PARMS] = { .type = NLA_NESTED },
1917};
1918
1919static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
1920 [NDTPA_IFINDEX] = { .type = NLA_U32 },
1921 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
1922 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
1923 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
1924 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
1925 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
1926 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
1927 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
1928 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
1929 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
1930 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
1931 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
1932 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
1933 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
1934};
1935
1936static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh)
1937{
1938 struct net *net = sock_net(skb->sk);
1939 struct neigh_table *tbl;
1940 struct ndtmsg *ndtmsg;
1941 struct nlattr *tb[NDTA_MAX+1];
1942 bool found = false;
1943 int err, tidx;
1944
1945 err = nlmsg_parse(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
1946 nl_neightbl_policy);
1947 if (err < 0)
1948 goto errout;
1949
1950 if (tb[NDTA_NAME] == NULL) {
1951 err = -EINVAL;
1952 goto errout;
1953 }
1954
1955 ndtmsg = nlmsg_data(nlh);
1956
1957 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
1958 tbl = neigh_tables[tidx];
1959 if (!tbl)
1960 continue;
1961 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
1962 continue;
1963 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
1964 found = true;
1965 break;
1966 }
1967 }
1968
1969 if (!found)
1970 return -ENOENT;
1971
1972 /*
1973 * We acquire tbl->lock to be nice to the periodic timers and
1974 * make sure they always see a consistent set of values.
1975 */
1976 write_lock_bh(&tbl->lock);
1977
1978 if (tb[NDTA_PARMS]) {
1979 struct nlattr *tbp[NDTPA_MAX+1];
1980 struct neigh_parms *p;
1981 int i, ifindex = 0;
1982
1983 err = nla_parse_nested(tbp, NDTPA_MAX, tb[NDTA_PARMS],
1984 nl_ntbl_parm_policy);
1985 if (err < 0)
1986 goto errout_tbl_lock;
1987
1988 if (tbp[NDTPA_IFINDEX])
1989 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
1990
1991 p = lookup_neigh_parms(tbl, net, ifindex);
1992 if (p == NULL) {
1993 err = -ENOENT;
1994 goto errout_tbl_lock;
1995 }
1996
1997 for (i = 1; i <= NDTPA_MAX; i++) {
1998 if (tbp[i] == NULL)
1999 continue;
2000
2001 switch (i) {
2002 case NDTPA_QUEUE_LEN:
2003 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2004 nla_get_u32(tbp[i]) *
2005 SKB_TRUESIZE(ETH_FRAME_LEN));
2006 break;
2007 case NDTPA_QUEUE_LENBYTES:
2008 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2009 nla_get_u32(tbp[i]));
2010 break;
2011 case NDTPA_PROXY_QLEN:
2012 NEIGH_VAR_SET(p, PROXY_QLEN,
2013 nla_get_u32(tbp[i]));
2014 break;
2015 case NDTPA_APP_PROBES:
2016 NEIGH_VAR_SET(p, APP_PROBES,
2017 nla_get_u32(tbp[i]));
2018 break;
2019 case NDTPA_UCAST_PROBES:
2020 NEIGH_VAR_SET(p, UCAST_PROBES,
2021 nla_get_u32(tbp[i]));
2022 break;
2023 case NDTPA_MCAST_PROBES:
2024 NEIGH_VAR_SET(p, MCAST_PROBES,
2025 nla_get_u32(tbp[i]));
2026 break;
2027 case NDTPA_MCAST_REPROBES:
2028 NEIGH_VAR_SET(p, MCAST_REPROBES,
2029 nla_get_u32(tbp[i]));
2030 break;
2031 case NDTPA_BASE_REACHABLE_TIME:
2032 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2033 nla_get_msecs(tbp[i]));
2034 /* update reachable_time as well, otherwise, the change will
2035 * only be effective after the next time neigh_periodic_work
2036 * decides to recompute it (can be multiple minutes)
2037 */
2038 p->reachable_time =
2039 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2040 break;
2041 case NDTPA_GC_STALETIME:
2042 NEIGH_VAR_SET(p, GC_STALETIME,
2043 nla_get_msecs(tbp[i]));
2044 break;
2045 case NDTPA_DELAY_PROBE_TIME:
2046 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2047 nla_get_msecs(tbp[i]));
2048 break;
2049 case NDTPA_RETRANS_TIME:
2050 NEIGH_VAR_SET(p, RETRANS_TIME,
2051 nla_get_msecs(tbp[i]));
2052 break;
2053 case NDTPA_ANYCAST_DELAY:
2054 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2055 nla_get_msecs(tbp[i]));
2056 break;
2057 case NDTPA_PROXY_DELAY:
2058 NEIGH_VAR_SET(p, PROXY_DELAY,
2059 nla_get_msecs(tbp[i]));
2060 break;
2061 case NDTPA_LOCKTIME:
2062 NEIGH_VAR_SET(p, LOCKTIME,
2063 nla_get_msecs(tbp[i]));
2064 break;
2065 }
2066 }
2067 }
2068
2069 err = -ENOENT;
2070 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2071 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2072 !net_eq(net, &init_net))
2073 goto errout_tbl_lock;
2074
2075 if (tb[NDTA_THRESH1])
2076 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2077
2078 if (tb[NDTA_THRESH2])
2079 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2080
2081 if (tb[NDTA_THRESH3])
2082 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2083
2084 if (tb[NDTA_GC_INTERVAL])
2085 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2086
2087 err = 0;
2088
2089errout_tbl_lock:
2090 write_unlock_bh(&tbl->lock);
2091errout:
2092 return err;
2093}
2094
2095static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2096{
2097 struct net *net = sock_net(skb->sk);
2098 int family, tidx, nidx = 0;
2099 int tbl_skip = cb->args[0];
2100 int neigh_skip = cb->args[1];
2101 struct neigh_table *tbl;
2102
2103 family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family;
2104
2105 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2106 struct neigh_parms *p;
2107
2108 tbl = neigh_tables[tidx];
2109 if (!tbl)
2110 continue;
2111
2112 if (tidx < tbl_skip || (family && tbl->family != family))
2113 continue;
2114
2115 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2116 cb->nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2117 NLM_F_MULTI) < 0)
2118 break;
2119
2120 nidx = 0;
2121 p = list_next_entry(&tbl->parms, list);
2122 list_for_each_entry_from(p, &tbl->parms_list, list) {
2123 if (!net_eq(neigh_parms_net(p), net))
2124 continue;
2125
2126 if (nidx < neigh_skip)
2127 goto next;
2128
2129 if (neightbl_fill_param_info(skb, tbl, p,
2130 NETLINK_CB(cb->skb).portid,
2131 cb->nlh->nlmsg_seq,
2132 RTM_NEWNEIGHTBL,
2133 NLM_F_MULTI) < 0)
2134 goto out;
2135 next:
2136 nidx++;
2137 }
2138
2139 neigh_skip = 0;
2140 }
2141out:
2142 cb->args[0] = tidx;
2143 cb->args[1] = nidx;
2144
2145 return skb->len;
2146}
2147
2148static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2149 u32 pid, u32 seq, int type, unsigned int flags)
2150{
2151 unsigned long now = jiffies;
2152 struct nda_cacheinfo ci;
2153 struct nlmsghdr *nlh;
2154 struct ndmsg *ndm;
2155
2156 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2157 if (nlh == NULL)
2158 return -EMSGSIZE;
2159
2160 ndm = nlmsg_data(nlh);
2161 ndm->ndm_family = neigh->ops->family;
2162 ndm->ndm_pad1 = 0;
2163 ndm->ndm_pad2 = 0;
2164 ndm->ndm_flags = neigh->flags;
2165 ndm->ndm_type = neigh->type;
2166 ndm->ndm_ifindex = neigh->dev->ifindex;
2167
2168 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2169 goto nla_put_failure;
2170
2171 read_lock_bh(&neigh->lock);
2172 ndm->ndm_state = neigh->nud_state;
2173 if (neigh->nud_state & NUD_VALID) {
2174 char haddr[MAX_ADDR_LEN];
2175
2176 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2177 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2178 read_unlock_bh(&neigh->lock);
2179 goto nla_put_failure;
2180 }
2181 }
2182
2183 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2184 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2185 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2186 ci.ndm_refcnt = atomic_read(&neigh->refcnt) - 1;
2187 read_unlock_bh(&neigh->lock);
2188
2189 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2190 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2191 goto nla_put_failure;
2192
2193 nlmsg_end(skb, nlh);
2194 return 0;
2195
2196nla_put_failure:
2197 nlmsg_cancel(skb, nlh);
2198 return -EMSGSIZE;
2199}
2200
2201static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2202 u32 pid, u32 seq, int type, unsigned int flags,
2203 struct neigh_table *tbl)
2204{
2205 struct nlmsghdr *nlh;
2206 struct ndmsg *ndm;
2207
2208 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2209 if (nlh == NULL)
2210 return -EMSGSIZE;
2211
2212 ndm = nlmsg_data(nlh);
2213 ndm->ndm_family = tbl->family;
2214 ndm->ndm_pad1 = 0;
2215 ndm->ndm_pad2 = 0;
2216 ndm->ndm_flags = pn->flags | NTF_PROXY;
2217 ndm->ndm_type = RTN_UNICAST;
2218 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2219 ndm->ndm_state = NUD_NONE;
2220
2221 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2222 goto nla_put_failure;
2223
2224 nlmsg_end(skb, nlh);
2225 return 0;
2226
2227nla_put_failure:
2228 nlmsg_cancel(skb, nlh);
2229 return -EMSGSIZE;
2230}
2231
2232static void neigh_update_notify(struct neighbour *neigh)
2233{
2234 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2235 __neigh_notify(neigh, RTM_NEWNEIGH, 0);
2236}
2237
2238static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2239{
2240 struct net_device *master;
2241
2242 if (!master_idx)
2243 return false;
2244
2245 master = netdev_master_upper_dev_get(dev);
2246 if (!master || master->ifindex != master_idx)
2247 return true;
2248
2249 return false;
2250}
2251
2252static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2253{
2254 if (filter_idx && dev->ifindex != filter_idx)
2255 return true;
2256
2257 return false;
2258}
2259
2260static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2261 struct netlink_callback *cb)
2262{
2263 struct net *net = sock_net(skb->sk);
2264 const struct nlmsghdr *nlh = cb->nlh;
2265 struct nlattr *tb[NDA_MAX + 1];
2266 struct neighbour *n;
2267 int rc, h, s_h = cb->args[1];
2268 int idx, s_idx = idx = cb->args[2];
2269 struct neigh_hash_table *nht;
2270 int filter_master_idx = 0, filter_idx = 0;
2271 unsigned int flags = NLM_F_MULTI;
2272 int err;
2273
2274 err = nlmsg_parse(nlh, sizeof(struct ndmsg), tb, NDA_MAX, NULL);
2275 if (!err) {
2276 if (tb[NDA_IFINDEX])
2277 filter_idx = nla_get_u32(tb[NDA_IFINDEX]);
2278
2279 if (tb[NDA_MASTER])
2280 filter_master_idx = nla_get_u32(tb[NDA_MASTER]);
2281
2282 if (filter_idx || filter_master_idx)
2283 flags |= NLM_F_DUMP_FILTERED;
2284 }
2285
2286 rcu_read_lock_bh();
2287 nht = rcu_dereference_bh(tbl->nht);
2288
2289 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2290 if (h > s_h)
2291 s_idx = 0;
2292 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2293 n != NULL;
2294 n = rcu_dereference_bh(n->next)) {
2295 if (!net_eq(dev_net(n->dev), net))
2296 continue;
2297 if (neigh_ifindex_filtered(n->dev, filter_idx))
2298 continue;
2299 if (neigh_master_filtered(n->dev, filter_master_idx))
2300 continue;
2301 if (idx < s_idx)
2302 goto next;
2303 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2304 cb->nlh->nlmsg_seq,
2305 RTM_NEWNEIGH,
2306 flags) < 0) {
2307 rc = -1;
2308 goto out;
2309 }
2310next:
2311 idx++;
2312 }
2313 }
2314 rc = skb->len;
2315out:
2316 rcu_read_unlock_bh();
2317 cb->args[1] = h;
2318 cb->args[2] = idx;
2319 return rc;
2320}
2321
2322static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2323 struct netlink_callback *cb)
2324{
2325 struct pneigh_entry *n;
2326 struct net *net = sock_net(skb->sk);
2327 int rc, h, s_h = cb->args[3];
2328 int idx, s_idx = idx = cb->args[4];
2329
2330 read_lock_bh(&tbl->lock);
2331
2332 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2333 if (h > s_h)
2334 s_idx = 0;
2335 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2336 if (pneigh_net(n) != net)
2337 continue;
2338 if (idx < s_idx)
2339 goto next;
2340 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2341 cb->nlh->nlmsg_seq,
2342 RTM_NEWNEIGH,
2343 NLM_F_MULTI, tbl) < 0) {
2344 read_unlock_bh(&tbl->lock);
2345 rc = -1;
2346 goto out;
2347 }
2348 next:
2349 idx++;
2350 }
2351 }
2352
2353 read_unlock_bh(&tbl->lock);
2354 rc = skb->len;
2355out:
2356 cb->args[3] = h;
2357 cb->args[4] = idx;
2358 return rc;
2359
2360}
2361
2362static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2363{
2364 struct neigh_table *tbl;
2365 int t, family, s_t;
2366 int proxy = 0;
2367 int err;
2368
2369 family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family;
2370
2371 /* check for full ndmsg structure presence, family member is
2372 * the same for both structures
2373 */
2374 if (nlmsg_len(cb->nlh) >= sizeof(struct ndmsg) &&
2375 ((struct ndmsg *) nlmsg_data(cb->nlh))->ndm_flags == NTF_PROXY)
2376 proxy = 1;
2377
2378 s_t = cb->args[0];
2379
2380 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2381 tbl = neigh_tables[t];
2382
2383 if (!tbl)
2384 continue;
2385 if (t < s_t || (family && tbl->family != family))
2386 continue;
2387 if (t > s_t)
2388 memset(&cb->args[1], 0, sizeof(cb->args) -
2389 sizeof(cb->args[0]));
2390 if (proxy)
2391 err = pneigh_dump_table(tbl, skb, cb);
2392 else
2393 err = neigh_dump_table(tbl, skb, cb);
2394 if (err < 0)
2395 break;
2396 }
2397
2398 cb->args[0] = t;
2399 return skb->len;
2400}
2401
2402void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
2403{
2404 int chain;
2405 struct neigh_hash_table *nht;
2406
2407 rcu_read_lock_bh();
2408 nht = rcu_dereference_bh(tbl->nht);
2409
2410 read_lock(&tbl->lock); /* avoid resizes */
2411 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2412 struct neighbour *n;
2413
2414 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
2415 n != NULL;
2416 n = rcu_dereference_bh(n->next))
2417 cb(n, cookie);
2418 }
2419 read_unlock(&tbl->lock);
2420 rcu_read_unlock_bh();
2421}
2422EXPORT_SYMBOL(neigh_for_each);
2423
2424/* The tbl->lock must be held as a writer and BH disabled. */
2425void __neigh_for_each_release(struct neigh_table *tbl,
2426 int (*cb)(struct neighbour *))
2427{
2428 int chain;
2429 struct neigh_hash_table *nht;
2430
2431 nht = rcu_dereference_protected(tbl->nht,
2432 lockdep_is_held(&tbl->lock));
2433 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
2434 struct neighbour *n;
2435 struct neighbour __rcu **np;
2436
2437 np = &nht->hash_buckets[chain];
2438 while ((n = rcu_dereference_protected(*np,
2439 lockdep_is_held(&tbl->lock))) != NULL) {
2440 int release;
2441
2442 write_lock(&n->lock);
2443 release = cb(n);
2444 if (release) {
2445 rcu_assign_pointer(*np,
2446 rcu_dereference_protected(n->next,
2447 lockdep_is_held(&tbl->lock)));
2448 n->dead = 1;
2449 } else
2450 np = &n->next;
2451 write_unlock(&n->lock);
2452 if (release)
2453 neigh_cleanup_and_release(n);
2454 }
2455 }
2456}
2457EXPORT_SYMBOL(__neigh_for_each_release);
2458
2459int neigh_xmit(int index, struct net_device *dev,
2460 const void *addr, struct sk_buff *skb)
2461{
2462 int err = -EAFNOSUPPORT;
2463 if (likely(index < NEIGH_NR_TABLES)) {
2464 struct neigh_table *tbl;
2465 struct neighbour *neigh;
2466
2467 tbl = neigh_tables[index];
2468 if (!tbl)
2469 goto out;
2470 neigh = __neigh_lookup_noref(tbl, addr, dev);
2471 if (!neigh)
2472 neigh = __neigh_create(tbl, addr, dev, false);
2473 err = PTR_ERR(neigh);
2474 if (IS_ERR(neigh))
2475 goto out_kfree_skb;
2476 err = neigh->output(neigh, skb);
2477 }
2478 else if (index == NEIGH_LINK_TABLE) {
2479 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
2480 addr, NULL, skb->len);
2481 if (err < 0)
2482 goto out_kfree_skb;
2483 err = dev_queue_xmit(skb);
2484 }
2485out:
2486 return err;
2487out_kfree_skb:
2488 kfree_skb(skb);
2489 goto out;
2490}
2491EXPORT_SYMBOL(neigh_xmit);
2492
2493#ifdef CONFIG_PROC_FS
2494
2495static struct neighbour *neigh_get_first(struct seq_file *seq)
2496{
2497 struct neigh_seq_state *state = seq->private;
2498 struct net *net = seq_file_net(seq);
2499 struct neigh_hash_table *nht = state->nht;
2500 struct neighbour *n = NULL;
2501 int bucket = state->bucket;
2502
2503 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
2504 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
2505 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
2506
2507 while (n) {
2508 if (!net_eq(dev_net(n->dev), net))
2509 goto next;
2510 if (state->neigh_sub_iter) {
2511 loff_t fakep = 0;
2512 void *v;
2513
2514 v = state->neigh_sub_iter(state, n, &fakep);
2515 if (!v)
2516 goto next;
2517 }
2518 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
2519 break;
2520 if (n->nud_state & ~NUD_NOARP)
2521 break;
2522next:
2523 n = rcu_dereference_bh(n->next);
2524 }
2525
2526 if (n)
2527 break;
2528 }
2529 state->bucket = bucket;
2530
2531 return n;
2532}
2533
2534static struct neighbour *neigh_get_next(struct seq_file *seq,
2535 struct neighbour *n,
2536 loff_t *pos)
2537{
2538 struct neigh_seq_state *state = seq->private;
2539 struct net *net = seq_file_net(seq);
2540 struct neigh_hash_table *nht = state->nht;
2541
2542 if (state->neigh_sub_iter) {
2543 void *v = state->neigh_sub_iter(state, n, pos);
2544 if (v)
2545 return n;
2546 }
2547 n = rcu_dereference_bh(n->next);
2548
2549 while (1) {
2550 while (n) {
2551 if (!net_eq(dev_net(n->dev), net))
2552 goto next;
2553 if (state->neigh_sub_iter) {
2554 void *v = state->neigh_sub_iter(state, n, pos);
2555 if (v)
2556 return n;
2557 goto next;
2558 }
2559 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
2560 break;
2561
2562 if (n->nud_state & ~NUD_NOARP)
2563 break;
2564next:
2565 n = rcu_dereference_bh(n->next);
2566 }
2567
2568 if (n)
2569 break;
2570
2571 if (++state->bucket >= (1 << nht->hash_shift))
2572 break;
2573
2574 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
2575 }
2576
2577 if (n && pos)
2578 --(*pos);
2579 return n;
2580}
2581
2582static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
2583{
2584 struct neighbour *n = neigh_get_first(seq);
2585
2586 if (n) {
2587 --(*pos);
2588 while (*pos) {
2589 n = neigh_get_next(seq, n, pos);
2590 if (!n)
2591 break;
2592 }
2593 }
2594 return *pos ? NULL : n;
2595}
2596
2597static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
2598{
2599 struct neigh_seq_state *state = seq->private;
2600 struct net *net = seq_file_net(seq);
2601 struct neigh_table *tbl = state->tbl;
2602 struct pneigh_entry *pn = NULL;
2603 int bucket = state->bucket;
2604
2605 state->flags |= NEIGH_SEQ_IS_PNEIGH;
2606 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
2607 pn = tbl->phash_buckets[bucket];
2608 while (pn && !net_eq(pneigh_net(pn), net))
2609 pn = pn->next;
2610 if (pn)
2611 break;
2612 }
2613 state->bucket = bucket;
2614
2615 return pn;
2616}
2617
2618static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
2619 struct pneigh_entry *pn,
2620 loff_t *pos)
2621{
2622 struct neigh_seq_state *state = seq->private;
2623 struct net *net = seq_file_net(seq);
2624 struct neigh_table *tbl = state->tbl;
2625
2626 do {
2627 pn = pn->next;
2628 } while (pn && !net_eq(pneigh_net(pn), net));
2629
2630 while (!pn) {
2631 if (++state->bucket > PNEIGH_HASHMASK)
2632 break;
2633 pn = tbl->phash_buckets[state->bucket];
2634 while (pn && !net_eq(pneigh_net(pn), net))
2635 pn = pn->next;
2636 if (pn)
2637 break;
2638 }
2639
2640 if (pn && pos)
2641 --(*pos);
2642
2643 return pn;
2644}
2645
2646static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
2647{
2648 struct pneigh_entry *pn = pneigh_get_first(seq);
2649
2650 if (pn) {
2651 --(*pos);
2652 while (*pos) {
2653 pn = pneigh_get_next(seq, pn, pos);
2654 if (!pn)
2655 break;
2656 }
2657 }
2658 return *pos ? NULL : pn;
2659}
2660
2661static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
2662{
2663 struct neigh_seq_state *state = seq->private;
2664 void *rc;
2665 loff_t idxpos = *pos;
2666
2667 rc = neigh_get_idx(seq, &idxpos);
2668 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
2669 rc = pneigh_get_idx(seq, &idxpos);
2670
2671 return rc;
2672}
2673
2674void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
2675 __acquires(rcu_bh)
2676{
2677 struct neigh_seq_state *state = seq->private;
2678
2679 state->tbl = tbl;
2680 state->bucket = 0;
2681 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
2682
2683 rcu_read_lock_bh();
2684 state->nht = rcu_dereference_bh(tbl->nht);
2685
2686 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
2687}
2688EXPORT_SYMBOL(neigh_seq_start);
2689
2690void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2691{
2692 struct neigh_seq_state *state;
2693 void *rc;
2694
2695 if (v == SEQ_START_TOKEN) {
2696 rc = neigh_get_first(seq);
2697 goto out;
2698 }
2699
2700 state = seq->private;
2701 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
2702 rc = neigh_get_next(seq, v, NULL);
2703 if (rc)
2704 goto out;
2705 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
2706 rc = pneigh_get_first(seq);
2707 } else {
2708 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
2709 rc = pneigh_get_next(seq, v, NULL);
2710 }
2711out:
2712 ++(*pos);
2713 return rc;
2714}
2715EXPORT_SYMBOL(neigh_seq_next);
2716
2717void neigh_seq_stop(struct seq_file *seq, void *v)
2718 __releases(rcu_bh)
2719{
2720 rcu_read_unlock_bh();
2721}
2722EXPORT_SYMBOL(neigh_seq_stop);
2723
2724/* statistics via seq_file */
2725
2726static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
2727{
2728 struct neigh_table *tbl = seq->private;
2729 int cpu;
2730
2731 if (*pos == 0)
2732 return SEQ_START_TOKEN;
2733
2734 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
2735 if (!cpu_possible(cpu))
2736 continue;
2737 *pos = cpu+1;
2738 return per_cpu_ptr(tbl->stats, cpu);
2739 }
2740 return NULL;
2741}
2742
2743static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2744{
2745 struct neigh_table *tbl = seq->private;
2746 int cpu;
2747
2748 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
2749 if (!cpu_possible(cpu))
2750 continue;
2751 *pos = cpu+1;
2752 return per_cpu_ptr(tbl->stats, cpu);
2753 }
2754 return NULL;
2755}
2756
2757static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
2758{
2759
2760}
2761
2762static int neigh_stat_seq_show(struct seq_file *seq, void *v)
2763{
2764 struct neigh_table *tbl = seq->private;
2765 struct neigh_statistics *st = v;
2766
2767 if (v == SEQ_START_TOKEN) {
2768 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
2769 return 0;
2770 }
2771
2772 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
2773 "%08lx %08lx %08lx %08lx %08lx %08lx\n",
2774 atomic_read(&tbl->entries),
2775
2776 st->allocs,
2777 st->destroys,
2778 st->hash_grows,
2779
2780 st->lookups,
2781 st->hits,
2782
2783 st->res_failed,
2784
2785 st->rcv_probes_mcast,
2786 st->rcv_probes_ucast,
2787
2788 st->periodic_gc_runs,
2789 st->forced_gc_runs,
2790 st->unres_discards,
2791 st->table_fulls
2792 );
2793
2794 return 0;
2795}
2796
2797static const struct seq_operations neigh_stat_seq_ops = {
2798 .start = neigh_stat_seq_start,
2799 .next = neigh_stat_seq_next,
2800 .stop = neigh_stat_seq_stop,
2801 .show = neigh_stat_seq_show,
2802};
2803
2804static int neigh_stat_seq_open(struct inode *inode, struct file *file)
2805{
2806 int ret = seq_open(file, &neigh_stat_seq_ops);
2807
2808 if (!ret) {
2809 struct seq_file *sf = file->private_data;
2810 sf->private = PDE_DATA(inode);
2811 }
2812 return ret;
2813};
2814
2815static const struct file_operations neigh_stat_seq_fops = {
2816 .owner = THIS_MODULE,
2817 .open = neigh_stat_seq_open,
2818 .read = seq_read,
2819 .llseek = seq_lseek,
2820 .release = seq_release,
2821};
2822
2823#endif /* CONFIG_PROC_FS */
2824
2825static inline size_t neigh_nlmsg_size(void)
2826{
2827 return NLMSG_ALIGN(sizeof(struct ndmsg))
2828 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2829 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2830 + nla_total_size(sizeof(struct nda_cacheinfo))
2831 + nla_total_size(4); /* NDA_PROBES */
2832}
2833
2834static void __neigh_notify(struct neighbour *n, int type, int flags)
2835{
2836 struct net *net = dev_net(n->dev);
2837 struct sk_buff *skb;
2838 int err = -ENOBUFS;
2839
2840 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
2841 if (skb == NULL)
2842 goto errout;
2843
2844 err = neigh_fill_info(skb, n, 0, 0, type, flags);
2845 if (err < 0) {
2846 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
2847 WARN_ON(err == -EMSGSIZE);
2848 kfree_skb(skb);
2849 goto errout;
2850 }
2851 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
2852 return;
2853errout:
2854 if (err < 0)
2855 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
2856}
2857
2858void neigh_app_ns(struct neighbour *n)
2859{
2860 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST);
2861}
2862EXPORT_SYMBOL(neigh_app_ns);
2863
2864#ifdef CONFIG_SYSCTL
2865static int zero;
2866static int int_max = INT_MAX;
2867static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
2868
2869static int proc_unres_qlen(struct ctl_table *ctl, int write,
2870 void __user *buffer, size_t *lenp, loff_t *ppos)
2871{
2872 int size, ret;
2873 struct ctl_table tmp = *ctl;
2874
2875 tmp.extra1 = &zero;
2876 tmp.extra2 = &unres_qlen_max;
2877 tmp.data = &size;
2878
2879 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
2880 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
2881
2882 if (write && !ret)
2883 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
2884 return ret;
2885}
2886
2887static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
2888 int family)
2889{
2890 switch (family) {
2891 case AF_INET:
2892 return __in_dev_arp_parms_get_rcu(dev);
2893 case AF_INET6:
2894 return __in6_dev_nd_parms_get_rcu(dev);
2895 }
2896 return NULL;
2897}
2898
2899static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
2900 int index)
2901{
2902 struct net_device *dev;
2903 int family = neigh_parms_family(p);
2904
2905 rcu_read_lock();
2906 for_each_netdev_rcu(net, dev) {
2907 struct neigh_parms *dst_p =
2908 neigh_get_dev_parms_rcu(dev, family);
2909
2910 if (dst_p && !test_bit(index, dst_p->data_state))
2911 dst_p->data[index] = p->data[index];
2912 }
2913 rcu_read_unlock();
2914}
2915
2916static void neigh_proc_update(struct ctl_table *ctl, int write)
2917{
2918 struct net_device *dev = ctl->extra1;
2919 struct neigh_parms *p = ctl->extra2;
2920 struct net *net = neigh_parms_net(p);
2921 int index = (int *) ctl->data - p->data;
2922
2923 if (!write)
2924 return;
2925
2926 set_bit(index, p->data_state);
2927 if (!dev) /* NULL dev means this is default value */
2928 neigh_copy_dflt_parms(net, p, index);
2929}
2930
2931static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
2932 void __user *buffer,
2933 size_t *lenp, loff_t *ppos)
2934{
2935 struct ctl_table tmp = *ctl;
2936 int ret;
2937
2938 tmp.extra1 = &zero;
2939 tmp.extra2 = &int_max;
2940
2941 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
2942 neigh_proc_update(ctl, write);
2943 return ret;
2944}
2945
2946int neigh_proc_dointvec(struct ctl_table *ctl, int write,
2947 void __user *buffer, size_t *lenp, loff_t *ppos)
2948{
2949 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2950
2951 neigh_proc_update(ctl, write);
2952 return ret;
2953}
2954EXPORT_SYMBOL(neigh_proc_dointvec);
2955
2956int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
2957 void __user *buffer,
2958 size_t *lenp, loff_t *ppos)
2959{
2960 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
2961
2962 neigh_proc_update(ctl, write);
2963 return ret;
2964}
2965EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
2966
2967static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
2968 void __user *buffer,
2969 size_t *lenp, loff_t *ppos)
2970{
2971 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
2972
2973 neigh_proc_update(ctl, write);
2974 return ret;
2975}
2976
2977int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
2978 void __user *buffer,
2979 size_t *lenp, loff_t *ppos)
2980{
2981 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
2982
2983 neigh_proc_update(ctl, write);
2984 return ret;
2985}
2986EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
2987
2988static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
2989 void __user *buffer,
2990 size_t *lenp, loff_t *ppos)
2991{
2992 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
2993
2994 neigh_proc_update(ctl, write);
2995 return ret;
2996}
2997
2998static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
2999 void __user *buffer,
3000 size_t *lenp, loff_t *ppos)
3001{
3002 struct neigh_parms *p = ctl->extra2;
3003 int ret;
3004
3005 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3006 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3007 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3008 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3009 else
3010 ret = -1;
3011
3012 if (write && ret == 0) {
3013 /* update reachable_time as well, otherwise, the change will
3014 * only be effective after the next time neigh_periodic_work
3015 * decides to recompute it
3016 */
3017 p->reachable_time =
3018 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3019 }
3020 return ret;
3021}
3022
3023#define NEIGH_PARMS_DATA_OFFSET(index) \
3024 (&((struct neigh_parms *) 0)->data[index])
3025
3026#define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3027 [NEIGH_VAR_ ## attr] = { \
3028 .procname = name, \
3029 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3030 .maxlen = sizeof(int), \
3031 .mode = mval, \
3032 .proc_handler = proc, \
3033 }
3034
3035#define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3036 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3037
3038#define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3039 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3040
3041#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3042 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3043
3044#define NEIGH_SYSCTL_MS_JIFFIES_ENTRY(attr, name) \
3045 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3046
3047#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3048 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3049
3050#define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3051 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3052
3053static struct neigh_sysctl_table {
3054 struct ctl_table_header *sysctl_header;
3055 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3056} neigh_sysctl_template __read_mostly = {
3057 .neigh_vars = {
3058 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3059 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3060 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3061 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3062 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3063 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3064 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3065 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3066 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3067 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3068 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3069 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3070 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3071 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3072 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3073 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3074 [NEIGH_VAR_GC_INTERVAL] = {
3075 .procname = "gc_interval",
3076 .maxlen = sizeof(int),
3077 .mode = 0644,
3078 .proc_handler = proc_dointvec_jiffies,
3079 },
3080 [NEIGH_VAR_GC_THRESH1] = {
3081 .procname = "gc_thresh1",
3082 .maxlen = sizeof(int),
3083 .mode = 0644,
3084 .extra1 = &zero,
3085 .extra2 = &int_max,
3086 .proc_handler = proc_dointvec_minmax,
3087 },
3088 [NEIGH_VAR_GC_THRESH2] = {
3089 .procname = "gc_thresh2",
3090 .maxlen = sizeof(int),
3091 .mode = 0644,
3092 .extra1 = &zero,
3093 .extra2 = &int_max,
3094 .proc_handler = proc_dointvec_minmax,
3095 },
3096 [NEIGH_VAR_GC_THRESH3] = {
3097 .procname = "gc_thresh3",
3098 .maxlen = sizeof(int),
3099 .mode = 0644,
3100 .extra1 = &zero,
3101 .extra2 = &int_max,
3102 .proc_handler = proc_dointvec_minmax,
3103 },
3104 {},
3105 },
3106};
3107
3108int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3109 proc_handler *handler)
3110{
3111 int i;
3112 struct neigh_sysctl_table *t;
3113 const char *dev_name_source;
3114 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3115 char *p_name;
3116
3117 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3118 if (!t)
3119 goto err;
3120
3121 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3122 t->neigh_vars[i].data += (long) p;
3123 t->neigh_vars[i].extra1 = dev;
3124 t->neigh_vars[i].extra2 = p;
3125 }
3126
3127 if (dev) {
3128 dev_name_source = dev->name;
3129 /* Terminate the table early */
3130 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3131 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3132 } else {
3133 struct neigh_table *tbl = p->tbl;
3134 dev_name_source = "default";
3135 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3136 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3137 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3138 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3139 }
3140
3141 if (handler) {
3142 /* RetransTime */
3143 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3144 /* ReachableTime */
3145 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3146 /* RetransTime (in milliseconds)*/
3147 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3148 /* ReachableTime (in milliseconds) */
3149 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3150 } else {
3151 /* Those handlers will update p->reachable_time after
3152 * base_reachable_time(_ms) is set to ensure the new timer starts being
3153 * applied after the next neighbour update instead of waiting for
3154 * neigh_periodic_work to update its value (can be multiple minutes)
3155 * So any handler that replaces them should do this as well
3156 */
3157 /* ReachableTime */
3158 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3159 neigh_proc_base_reachable_time;
3160 /* ReachableTime (in milliseconds) */
3161 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3162 neigh_proc_base_reachable_time;
3163 }
3164
3165 /* Don't export sysctls to unprivileged users */
3166 if (neigh_parms_net(p)->user_ns != &init_user_ns)
3167 t->neigh_vars[0].procname = NULL;
3168
3169 switch (neigh_parms_family(p)) {
3170 case AF_INET:
3171 p_name = "ipv4";
3172 break;
3173 case AF_INET6:
3174 p_name = "ipv6";
3175 break;
3176 default:
3177 BUG();
3178 }
3179
3180 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3181 p_name, dev_name_source);
3182 t->sysctl_header =
3183 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3184 if (!t->sysctl_header)
3185 goto free;
3186
3187 p->sysctl_table = t;
3188 return 0;
3189
3190free:
3191 kfree(t);
3192err:
3193 return -ENOBUFS;
3194}
3195EXPORT_SYMBOL(neigh_sysctl_register);
3196
3197void neigh_sysctl_unregister(struct neigh_parms *p)
3198{
3199 if (p->sysctl_table) {
3200 struct neigh_sysctl_table *t = p->sysctl_table;
3201 p->sysctl_table = NULL;
3202 unregister_net_sysctl_table(t->sysctl_header);
3203 kfree(t);
3204 }
3205}
3206EXPORT_SYMBOL(neigh_sysctl_unregister);
3207
3208#endif /* CONFIG_SYSCTL */
3209
3210static int __init neigh_init(void)
3211{
3212 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, NULL);
3213 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, NULL);
3214 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, NULL, neigh_dump_info, NULL);
3215
3216 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3217 NULL);
3218 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, NULL);
3219
3220 return 0;
3221}
3222
3223subsys_initcall(neigh_init);
3224
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Generic address resolution entity
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 *
9 * Fixes:
10 * Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11 * Harald Welte Add neighbour cache statistics like rtstat
12 */
13
14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16#include <linux/slab.h>
17#include <linux/kmemleak.h>
18#include <linux/types.h>
19#include <linux/kernel.h>
20#include <linux/module.h>
21#include <linux/socket.h>
22#include <linux/netdevice.h>
23#include <linux/proc_fs.h>
24#ifdef CONFIG_SYSCTL
25#include <linux/sysctl.h>
26#endif
27#include <linux/times.h>
28#include <net/net_namespace.h>
29#include <net/neighbour.h>
30#include <net/arp.h>
31#include <net/dst.h>
32#include <net/sock.h>
33#include <net/netevent.h>
34#include <net/netlink.h>
35#include <linux/rtnetlink.h>
36#include <linux/random.h>
37#include <linux/string.h>
38#include <linux/log2.h>
39#include <linux/inetdevice.h>
40#include <net/addrconf.h>
41
42#include <trace/events/neigh.h>
43
44#define NEIGH_DEBUG 1
45#define neigh_dbg(level, fmt, ...) \
46do { \
47 if (level <= NEIGH_DEBUG) \
48 pr_debug(fmt, ##__VA_ARGS__); \
49} while (0)
50
51#define PNEIGH_HASHMASK 0xF
52
53static void neigh_timer_handler(struct timer_list *t);
54static void __neigh_notify(struct neighbour *n, int type, int flags,
55 u32 pid);
56static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58 struct net_device *dev);
59
60#ifdef CONFIG_PROC_FS
61static const struct seq_operations neigh_stat_seq_ops;
62#endif
63
64/*
65 Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67 - All the scans/updates to hash buckets MUST be made under this lock.
68 - NOTHING clever should be made under this lock: no callbacks
69 to protocol backends, no attempts to send something to network.
70 It will result in deadlocks, if backend/driver wants to use neighbour
71 cache.
72 - If the entry requires some non-trivial actions, increase
73 its reference count and release table lock.
74
75 Neighbour entries are protected:
76 - with reference count.
77 - with rwlock neigh->lock
78
79 Reference count prevents destruction.
80
81 neigh->lock mainly serializes ll address data and its validity state.
82 However, the same lock is used to protect another entry fields:
83 - timer
84 - resolution queue
85
86 Again, nothing clever shall be made under neigh->lock,
87 the most complicated procedure, which we allow is dev->hard_header.
88 It is supposed, that dev->hard_header is simplistic and does
89 not make callbacks to neighbour tables.
90 */
91
92static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93{
94 kfree_skb(skb);
95 return -ENETDOWN;
96}
97
98static void neigh_cleanup_and_release(struct neighbour *neigh)
99{
100 trace_neigh_cleanup_and_release(neigh, 0);
101 __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103 neigh_release(neigh);
104}
105
106/*
107 * It is random distribution in the interval (1/2)*base...(3/2)*base.
108 * It corresponds to default IPv6 settings and is not overridable,
109 * because it is really reasonable choice.
110 */
111
112unsigned long neigh_rand_reach_time(unsigned long base)
113{
114 return base ? get_random_u32_below(base) + (base >> 1) : 0;
115}
116EXPORT_SYMBOL(neigh_rand_reach_time);
117
118static void neigh_mark_dead(struct neighbour *n)
119{
120 n->dead = 1;
121 if (!list_empty(&n->gc_list)) {
122 list_del_init(&n->gc_list);
123 atomic_dec(&n->tbl->gc_entries);
124 }
125 if (!list_empty(&n->managed_list))
126 list_del_init(&n->managed_list);
127}
128
129static void neigh_update_gc_list(struct neighbour *n)
130{
131 bool on_gc_list, exempt_from_gc;
132
133 write_lock_bh(&n->tbl->lock);
134 write_lock(&n->lock);
135 if (n->dead)
136 goto out;
137
138 /* remove from the gc list if new state is permanent or if neighbor
139 * is externally learned; otherwise entry should be on the gc list
140 */
141 exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142 n->flags & NTF_EXT_LEARNED;
143 on_gc_list = !list_empty(&n->gc_list);
144
145 if (exempt_from_gc && on_gc_list) {
146 list_del_init(&n->gc_list);
147 atomic_dec(&n->tbl->gc_entries);
148 } else if (!exempt_from_gc && !on_gc_list) {
149 /* add entries to the tail; cleaning removes from the front */
150 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151 atomic_inc(&n->tbl->gc_entries);
152 }
153out:
154 write_unlock(&n->lock);
155 write_unlock_bh(&n->tbl->lock);
156}
157
158static void neigh_update_managed_list(struct neighbour *n)
159{
160 bool on_managed_list, add_to_managed;
161
162 write_lock_bh(&n->tbl->lock);
163 write_lock(&n->lock);
164 if (n->dead)
165 goto out;
166
167 add_to_managed = n->flags & NTF_MANAGED;
168 on_managed_list = !list_empty(&n->managed_list);
169
170 if (!add_to_managed && on_managed_list)
171 list_del_init(&n->managed_list);
172 else if (add_to_managed && !on_managed_list)
173 list_add_tail(&n->managed_list, &n->tbl->managed_list);
174out:
175 write_unlock(&n->lock);
176 write_unlock_bh(&n->tbl->lock);
177}
178
179static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180 bool *gc_update, bool *managed_update)
181{
182 u32 ndm_flags, old_flags = neigh->flags;
183
184 if (!(flags & NEIGH_UPDATE_F_ADMIN))
185 return;
186
187 ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188 ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189
190 if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191 if (ndm_flags & NTF_EXT_LEARNED)
192 neigh->flags |= NTF_EXT_LEARNED;
193 else
194 neigh->flags &= ~NTF_EXT_LEARNED;
195 *notify = 1;
196 *gc_update = true;
197 }
198 if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199 if (ndm_flags & NTF_MANAGED)
200 neigh->flags |= NTF_MANAGED;
201 else
202 neigh->flags &= ~NTF_MANAGED;
203 *notify = 1;
204 *managed_update = true;
205 }
206}
207
208static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209 struct neigh_table *tbl)
210{
211 bool retval = false;
212
213 write_lock(&n->lock);
214 if (refcount_read(&n->refcnt) == 1) {
215 struct neighbour *neigh;
216
217 neigh = rcu_dereference_protected(n->next,
218 lockdep_is_held(&tbl->lock));
219 rcu_assign_pointer(*np, neigh);
220 neigh_mark_dead(n);
221 retval = true;
222 }
223 write_unlock(&n->lock);
224 if (retval)
225 neigh_cleanup_and_release(n);
226 return retval;
227}
228
229bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230{
231 struct neigh_hash_table *nht;
232 void *pkey = ndel->primary_key;
233 u32 hash_val;
234 struct neighbour *n;
235 struct neighbour __rcu **np;
236
237 nht = rcu_dereference_protected(tbl->nht,
238 lockdep_is_held(&tbl->lock));
239 hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240 hash_val = hash_val >> (32 - nht->hash_shift);
241
242 np = &nht->hash_buckets[hash_val];
243 while ((n = rcu_dereference_protected(*np,
244 lockdep_is_held(&tbl->lock)))) {
245 if (n == ndel)
246 return neigh_del(n, np, tbl);
247 np = &n->next;
248 }
249 return false;
250}
251
252static int neigh_forced_gc(struct neigh_table *tbl)
253{
254 int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
255 unsigned long tref = jiffies - 5 * HZ;
256 struct neighbour *n, *tmp;
257 int shrunk = 0;
258
259 NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
260
261 write_lock_bh(&tbl->lock);
262
263 list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
264 if (refcount_read(&n->refcnt) == 1) {
265 bool remove = false;
266
267 write_lock(&n->lock);
268 if ((n->nud_state == NUD_FAILED) ||
269 (n->nud_state == NUD_NOARP) ||
270 (tbl->is_multicast &&
271 tbl->is_multicast(n->primary_key)) ||
272 !time_in_range(n->updated, tref, jiffies))
273 remove = true;
274 write_unlock(&n->lock);
275
276 if (remove && neigh_remove_one(n, tbl))
277 shrunk++;
278 if (shrunk >= max_clean)
279 break;
280 }
281 }
282
283 tbl->last_flush = jiffies;
284
285 write_unlock_bh(&tbl->lock);
286
287 return shrunk;
288}
289
290static void neigh_add_timer(struct neighbour *n, unsigned long when)
291{
292 /* Use safe distance from the jiffies - LONG_MAX point while timer
293 * is running in DELAY/PROBE state but still show to user space
294 * large times in the past.
295 */
296 unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
297
298 neigh_hold(n);
299 if (!time_in_range(n->confirmed, mint, jiffies))
300 n->confirmed = mint;
301 if (time_before(n->used, n->confirmed))
302 n->used = n->confirmed;
303 if (unlikely(mod_timer(&n->timer, when))) {
304 printk("NEIGH: BUG, double timer add, state is %x\n",
305 n->nud_state);
306 dump_stack();
307 }
308}
309
310static int neigh_del_timer(struct neighbour *n)
311{
312 if ((n->nud_state & NUD_IN_TIMER) &&
313 del_timer(&n->timer)) {
314 neigh_release(n);
315 return 1;
316 }
317 return 0;
318}
319
320static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
321 int family)
322{
323 switch (family) {
324 case AF_INET:
325 return __in_dev_arp_parms_get_rcu(dev);
326 case AF_INET6:
327 return __in6_dev_nd_parms_get_rcu(dev);
328 }
329 return NULL;
330}
331
332static void neigh_parms_qlen_dec(struct net_device *dev, int family)
333{
334 struct neigh_parms *p;
335
336 rcu_read_lock();
337 p = neigh_get_dev_parms_rcu(dev, family);
338 if (p)
339 p->qlen--;
340 rcu_read_unlock();
341}
342
343static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
344 int family)
345{
346 struct sk_buff_head tmp;
347 unsigned long flags;
348 struct sk_buff *skb;
349
350 skb_queue_head_init(&tmp);
351 spin_lock_irqsave(&list->lock, flags);
352 skb = skb_peek(list);
353 while (skb != NULL) {
354 struct sk_buff *skb_next = skb_peek_next(skb, list);
355 struct net_device *dev = skb->dev;
356
357 if (net == NULL || net_eq(dev_net(dev), net)) {
358 neigh_parms_qlen_dec(dev, family);
359 __skb_unlink(skb, list);
360 __skb_queue_tail(&tmp, skb);
361 }
362 skb = skb_next;
363 }
364 spin_unlock_irqrestore(&list->lock, flags);
365
366 while ((skb = __skb_dequeue(&tmp))) {
367 dev_put(skb->dev);
368 kfree_skb(skb);
369 }
370}
371
372static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
373 bool skip_perm)
374{
375 int i;
376 struct neigh_hash_table *nht;
377
378 nht = rcu_dereference_protected(tbl->nht,
379 lockdep_is_held(&tbl->lock));
380
381 for (i = 0; i < (1 << nht->hash_shift); i++) {
382 struct neighbour *n;
383 struct neighbour __rcu **np = &nht->hash_buckets[i];
384
385 while ((n = rcu_dereference_protected(*np,
386 lockdep_is_held(&tbl->lock))) != NULL) {
387 if (dev && n->dev != dev) {
388 np = &n->next;
389 continue;
390 }
391 if (skip_perm && n->nud_state & NUD_PERMANENT) {
392 np = &n->next;
393 continue;
394 }
395 rcu_assign_pointer(*np,
396 rcu_dereference_protected(n->next,
397 lockdep_is_held(&tbl->lock)));
398 write_lock(&n->lock);
399 neigh_del_timer(n);
400 neigh_mark_dead(n);
401 if (refcount_read(&n->refcnt) != 1) {
402 /* The most unpleasant situation.
403 We must destroy neighbour entry,
404 but someone still uses it.
405
406 The destroy will be delayed until
407 the last user releases us, but
408 we must kill timers etc. and move
409 it to safe state.
410 */
411 __skb_queue_purge(&n->arp_queue);
412 n->arp_queue_len_bytes = 0;
413 n->output = neigh_blackhole;
414 if (n->nud_state & NUD_VALID)
415 n->nud_state = NUD_NOARP;
416 else
417 n->nud_state = NUD_NONE;
418 neigh_dbg(2, "neigh %p is stray\n", n);
419 }
420 write_unlock(&n->lock);
421 neigh_cleanup_and_release(n);
422 }
423 }
424}
425
426void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
427{
428 write_lock_bh(&tbl->lock);
429 neigh_flush_dev(tbl, dev, false);
430 write_unlock_bh(&tbl->lock);
431}
432EXPORT_SYMBOL(neigh_changeaddr);
433
434static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
435 bool skip_perm)
436{
437 write_lock_bh(&tbl->lock);
438 neigh_flush_dev(tbl, dev, skip_perm);
439 pneigh_ifdown_and_unlock(tbl, dev);
440 pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL,
441 tbl->family);
442 if (skb_queue_empty_lockless(&tbl->proxy_queue))
443 del_timer_sync(&tbl->proxy_timer);
444 return 0;
445}
446
447int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
448{
449 __neigh_ifdown(tbl, dev, true);
450 return 0;
451}
452EXPORT_SYMBOL(neigh_carrier_down);
453
454int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
455{
456 __neigh_ifdown(tbl, dev, false);
457 return 0;
458}
459EXPORT_SYMBOL(neigh_ifdown);
460
461static struct neighbour *neigh_alloc(struct neigh_table *tbl,
462 struct net_device *dev,
463 u32 flags, bool exempt_from_gc)
464{
465 struct neighbour *n = NULL;
466 unsigned long now = jiffies;
467 int entries;
468
469 if (exempt_from_gc)
470 goto do_alloc;
471
472 entries = atomic_inc_return(&tbl->gc_entries) - 1;
473 if (entries >= tbl->gc_thresh3 ||
474 (entries >= tbl->gc_thresh2 &&
475 time_after(now, tbl->last_flush + 5 * HZ))) {
476 if (!neigh_forced_gc(tbl) &&
477 entries >= tbl->gc_thresh3) {
478 net_info_ratelimited("%s: neighbor table overflow!\n",
479 tbl->id);
480 NEIGH_CACHE_STAT_INC(tbl, table_fulls);
481 goto out_entries;
482 }
483 }
484
485do_alloc:
486 n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
487 if (!n)
488 goto out_entries;
489
490 __skb_queue_head_init(&n->arp_queue);
491 rwlock_init(&n->lock);
492 seqlock_init(&n->ha_lock);
493 n->updated = n->used = now;
494 n->nud_state = NUD_NONE;
495 n->output = neigh_blackhole;
496 n->flags = flags;
497 seqlock_init(&n->hh.hh_lock);
498 n->parms = neigh_parms_clone(&tbl->parms);
499 timer_setup(&n->timer, neigh_timer_handler, 0);
500
501 NEIGH_CACHE_STAT_INC(tbl, allocs);
502 n->tbl = tbl;
503 refcount_set(&n->refcnt, 1);
504 n->dead = 1;
505 INIT_LIST_HEAD(&n->gc_list);
506 INIT_LIST_HEAD(&n->managed_list);
507
508 atomic_inc(&tbl->entries);
509out:
510 return n;
511
512out_entries:
513 if (!exempt_from_gc)
514 atomic_dec(&tbl->gc_entries);
515 goto out;
516}
517
518static void neigh_get_hash_rnd(u32 *x)
519{
520 *x = get_random_u32() | 1;
521}
522
523static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
524{
525 size_t size = (1 << shift) * sizeof(struct neighbour *);
526 struct neigh_hash_table *ret;
527 struct neighbour __rcu **buckets;
528 int i;
529
530 ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
531 if (!ret)
532 return NULL;
533 if (size <= PAGE_SIZE) {
534 buckets = kzalloc(size, GFP_ATOMIC);
535 } else {
536 buckets = (struct neighbour __rcu **)
537 __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
538 get_order(size));
539 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
540 }
541 if (!buckets) {
542 kfree(ret);
543 return NULL;
544 }
545 ret->hash_buckets = buckets;
546 ret->hash_shift = shift;
547 for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
548 neigh_get_hash_rnd(&ret->hash_rnd[i]);
549 return ret;
550}
551
552static void neigh_hash_free_rcu(struct rcu_head *head)
553{
554 struct neigh_hash_table *nht = container_of(head,
555 struct neigh_hash_table,
556 rcu);
557 size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
558 struct neighbour __rcu **buckets = nht->hash_buckets;
559
560 if (size <= PAGE_SIZE) {
561 kfree(buckets);
562 } else {
563 kmemleak_free(buckets);
564 free_pages((unsigned long)buckets, get_order(size));
565 }
566 kfree(nht);
567}
568
569static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
570 unsigned long new_shift)
571{
572 unsigned int i, hash;
573 struct neigh_hash_table *new_nht, *old_nht;
574
575 NEIGH_CACHE_STAT_INC(tbl, hash_grows);
576
577 old_nht = rcu_dereference_protected(tbl->nht,
578 lockdep_is_held(&tbl->lock));
579 new_nht = neigh_hash_alloc(new_shift);
580 if (!new_nht)
581 return old_nht;
582
583 for (i = 0; i < (1 << old_nht->hash_shift); i++) {
584 struct neighbour *n, *next;
585
586 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
587 lockdep_is_held(&tbl->lock));
588 n != NULL;
589 n = next) {
590 hash = tbl->hash(n->primary_key, n->dev,
591 new_nht->hash_rnd);
592
593 hash >>= (32 - new_nht->hash_shift);
594 next = rcu_dereference_protected(n->next,
595 lockdep_is_held(&tbl->lock));
596
597 rcu_assign_pointer(n->next,
598 rcu_dereference_protected(
599 new_nht->hash_buckets[hash],
600 lockdep_is_held(&tbl->lock)));
601 rcu_assign_pointer(new_nht->hash_buckets[hash], n);
602 }
603 }
604
605 rcu_assign_pointer(tbl->nht, new_nht);
606 call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
607 return new_nht;
608}
609
610struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
611 struct net_device *dev)
612{
613 struct neighbour *n;
614
615 NEIGH_CACHE_STAT_INC(tbl, lookups);
616
617 rcu_read_lock_bh();
618 n = __neigh_lookup_noref(tbl, pkey, dev);
619 if (n) {
620 if (!refcount_inc_not_zero(&n->refcnt))
621 n = NULL;
622 NEIGH_CACHE_STAT_INC(tbl, hits);
623 }
624
625 rcu_read_unlock_bh();
626 return n;
627}
628EXPORT_SYMBOL(neigh_lookup);
629
630struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
631 const void *pkey)
632{
633 struct neighbour *n;
634 unsigned int key_len = tbl->key_len;
635 u32 hash_val;
636 struct neigh_hash_table *nht;
637
638 NEIGH_CACHE_STAT_INC(tbl, lookups);
639
640 rcu_read_lock_bh();
641 nht = rcu_dereference_bh(tbl->nht);
642 hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
643
644 for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
645 n != NULL;
646 n = rcu_dereference_bh(n->next)) {
647 if (!memcmp(n->primary_key, pkey, key_len) &&
648 net_eq(dev_net(n->dev), net)) {
649 if (!refcount_inc_not_zero(&n->refcnt))
650 n = NULL;
651 NEIGH_CACHE_STAT_INC(tbl, hits);
652 break;
653 }
654 }
655
656 rcu_read_unlock_bh();
657 return n;
658}
659EXPORT_SYMBOL(neigh_lookup_nodev);
660
661static struct neighbour *
662___neigh_create(struct neigh_table *tbl, const void *pkey,
663 struct net_device *dev, u32 flags,
664 bool exempt_from_gc, bool want_ref)
665{
666 u32 hash_val, key_len = tbl->key_len;
667 struct neighbour *n1, *rc, *n;
668 struct neigh_hash_table *nht;
669 int error;
670
671 n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
672 trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
673 if (!n) {
674 rc = ERR_PTR(-ENOBUFS);
675 goto out;
676 }
677
678 memcpy(n->primary_key, pkey, key_len);
679 n->dev = dev;
680 netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC);
681
682 /* Protocol specific setup. */
683 if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
684 rc = ERR_PTR(error);
685 goto out_neigh_release;
686 }
687
688 if (dev->netdev_ops->ndo_neigh_construct) {
689 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
690 if (error < 0) {
691 rc = ERR_PTR(error);
692 goto out_neigh_release;
693 }
694 }
695
696 /* Device specific setup. */
697 if (n->parms->neigh_setup &&
698 (error = n->parms->neigh_setup(n)) < 0) {
699 rc = ERR_PTR(error);
700 goto out_neigh_release;
701 }
702
703 n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
704
705 write_lock_bh(&tbl->lock);
706 nht = rcu_dereference_protected(tbl->nht,
707 lockdep_is_held(&tbl->lock));
708
709 if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
710 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
711
712 hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
713
714 if (n->parms->dead) {
715 rc = ERR_PTR(-EINVAL);
716 goto out_tbl_unlock;
717 }
718
719 for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
720 lockdep_is_held(&tbl->lock));
721 n1 != NULL;
722 n1 = rcu_dereference_protected(n1->next,
723 lockdep_is_held(&tbl->lock))) {
724 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
725 if (want_ref)
726 neigh_hold(n1);
727 rc = n1;
728 goto out_tbl_unlock;
729 }
730 }
731
732 n->dead = 0;
733 if (!exempt_from_gc)
734 list_add_tail(&n->gc_list, &n->tbl->gc_list);
735 if (n->flags & NTF_MANAGED)
736 list_add_tail(&n->managed_list, &n->tbl->managed_list);
737 if (want_ref)
738 neigh_hold(n);
739 rcu_assign_pointer(n->next,
740 rcu_dereference_protected(nht->hash_buckets[hash_val],
741 lockdep_is_held(&tbl->lock)));
742 rcu_assign_pointer(nht->hash_buckets[hash_val], n);
743 write_unlock_bh(&tbl->lock);
744 neigh_dbg(2, "neigh %p is created\n", n);
745 rc = n;
746out:
747 return rc;
748out_tbl_unlock:
749 write_unlock_bh(&tbl->lock);
750out_neigh_release:
751 if (!exempt_from_gc)
752 atomic_dec(&tbl->gc_entries);
753 neigh_release(n);
754 goto out;
755}
756
757struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
758 struct net_device *dev, bool want_ref)
759{
760 return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
761}
762EXPORT_SYMBOL(__neigh_create);
763
764static u32 pneigh_hash(const void *pkey, unsigned int key_len)
765{
766 u32 hash_val = *(u32 *)(pkey + key_len - 4);
767 hash_val ^= (hash_val >> 16);
768 hash_val ^= hash_val >> 8;
769 hash_val ^= hash_val >> 4;
770 hash_val &= PNEIGH_HASHMASK;
771 return hash_val;
772}
773
774static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
775 struct net *net,
776 const void *pkey,
777 unsigned int key_len,
778 struct net_device *dev)
779{
780 while (n) {
781 if (!memcmp(n->key, pkey, key_len) &&
782 net_eq(pneigh_net(n), net) &&
783 (n->dev == dev || !n->dev))
784 return n;
785 n = n->next;
786 }
787 return NULL;
788}
789
790struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
791 struct net *net, const void *pkey, struct net_device *dev)
792{
793 unsigned int key_len = tbl->key_len;
794 u32 hash_val = pneigh_hash(pkey, key_len);
795
796 return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
797 net, pkey, key_len, dev);
798}
799EXPORT_SYMBOL_GPL(__pneigh_lookup);
800
801struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
802 struct net *net, const void *pkey,
803 struct net_device *dev, int creat)
804{
805 struct pneigh_entry *n;
806 unsigned int key_len = tbl->key_len;
807 u32 hash_val = pneigh_hash(pkey, key_len);
808
809 read_lock_bh(&tbl->lock);
810 n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
811 net, pkey, key_len, dev);
812 read_unlock_bh(&tbl->lock);
813
814 if (n || !creat)
815 goto out;
816
817 ASSERT_RTNL();
818
819 n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
820 if (!n)
821 goto out;
822
823 write_pnet(&n->net, net);
824 memcpy(n->key, pkey, key_len);
825 n->dev = dev;
826 netdev_hold(dev, &n->dev_tracker, GFP_KERNEL);
827
828 if (tbl->pconstructor && tbl->pconstructor(n)) {
829 netdev_put(dev, &n->dev_tracker);
830 kfree(n);
831 n = NULL;
832 goto out;
833 }
834
835 write_lock_bh(&tbl->lock);
836 n->next = tbl->phash_buckets[hash_val];
837 tbl->phash_buckets[hash_val] = n;
838 write_unlock_bh(&tbl->lock);
839out:
840 return n;
841}
842EXPORT_SYMBOL(pneigh_lookup);
843
844
845int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
846 struct net_device *dev)
847{
848 struct pneigh_entry *n, **np;
849 unsigned int key_len = tbl->key_len;
850 u32 hash_val = pneigh_hash(pkey, key_len);
851
852 write_lock_bh(&tbl->lock);
853 for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
854 np = &n->next) {
855 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
856 net_eq(pneigh_net(n), net)) {
857 *np = n->next;
858 write_unlock_bh(&tbl->lock);
859 if (tbl->pdestructor)
860 tbl->pdestructor(n);
861 netdev_put(n->dev, &n->dev_tracker);
862 kfree(n);
863 return 0;
864 }
865 }
866 write_unlock_bh(&tbl->lock);
867 return -ENOENT;
868}
869
870static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
871 struct net_device *dev)
872{
873 struct pneigh_entry *n, **np, *freelist = NULL;
874 u32 h;
875
876 for (h = 0; h <= PNEIGH_HASHMASK; h++) {
877 np = &tbl->phash_buckets[h];
878 while ((n = *np) != NULL) {
879 if (!dev || n->dev == dev) {
880 *np = n->next;
881 n->next = freelist;
882 freelist = n;
883 continue;
884 }
885 np = &n->next;
886 }
887 }
888 write_unlock_bh(&tbl->lock);
889 while ((n = freelist)) {
890 freelist = n->next;
891 n->next = NULL;
892 if (tbl->pdestructor)
893 tbl->pdestructor(n);
894 netdev_put(n->dev, &n->dev_tracker);
895 kfree(n);
896 }
897 return -ENOENT;
898}
899
900static void neigh_parms_destroy(struct neigh_parms *parms);
901
902static inline void neigh_parms_put(struct neigh_parms *parms)
903{
904 if (refcount_dec_and_test(&parms->refcnt))
905 neigh_parms_destroy(parms);
906}
907
908/*
909 * neighbour must already be out of the table;
910 *
911 */
912void neigh_destroy(struct neighbour *neigh)
913{
914 struct net_device *dev = neigh->dev;
915
916 NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
917
918 if (!neigh->dead) {
919 pr_warn("Destroying alive neighbour %p\n", neigh);
920 dump_stack();
921 return;
922 }
923
924 if (neigh_del_timer(neigh))
925 pr_warn("Impossible event\n");
926
927 write_lock_bh(&neigh->lock);
928 __skb_queue_purge(&neigh->arp_queue);
929 write_unlock_bh(&neigh->lock);
930 neigh->arp_queue_len_bytes = 0;
931
932 if (dev->netdev_ops->ndo_neigh_destroy)
933 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
934
935 netdev_put(dev, &neigh->dev_tracker);
936 neigh_parms_put(neigh->parms);
937
938 neigh_dbg(2, "neigh %p is destroyed\n", neigh);
939
940 atomic_dec(&neigh->tbl->entries);
941 kfree_rcu(neigh, rcu);
942}
943EXPORT_SYMBOL(neigh_destroy);
944
945/* Neighbour state is suspicious;
946 disable fast path.
947
948 Called with write_locked neigh.
949 */
950static void neigh_suspect(struct neighbour *neigh)
951{
952 neigh_dbg(2, "neigh %p is suspected\n", neigh);
953
954 neigh->output = neigh->ops->output;
955}
956
957/* Neighbour state is OK;
958 enable fast path.
959
960 Called with write_locked neigh.
961 */
962static void neigh_connect(struct neighbour *neigh)
963{
964 neigh_dbg(2, "neigh %p is connected\n", neigh);
965
966 neigh->output = neigh->ops->connected_output;
967}
968
969static void neigh_periodic_work(struct work_struct *work)
970{
971 struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
972 struct neighbour *n;
973 struct neighbour __rcu **np;
974 unsigned int i;
975 struct neigh_hash_table *nht;
976
977 NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
978
979 write_lock_bh(&tbl->lock);
980 nht = rcu_dereference_protected(tbl->nht,
981 lockdep_is_held(&tbl->lock));
982
983 /*
984 * periodically recompute ReachableTime from random function
985 */
986
987 if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
988 struct neigh_parms *p;
989 tbl->last_rand = jiffies;
990 list_for_each_entry(p, &tbl->parms_list, list)
991 p->reachable_time =
992 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
993 }
994
995 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
996 goto out;
997
998 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
999 np = &nht->hash_buckets[i];
1000
1001 while ((n = rcu_dereference_protected(*np,
1002 lockdep_is_held(&tbl->lock))) != NULL) {
1003 unsigned int state;
1004
1005 write_lock(&n->lock);
1006
1007 state = n->nud_state;
1008 if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
1009 (n->flags & NTF_EXT_LEARNED)) {
1010 write_unlock(&n->lock);
1011 goto next_elt;
1012 }
1013
1014 if (time_before(n->used, n->confirmed) &&
1015 time_is_before_eq_jiffies(n->confirmed))
1016 n->used = n->confirmed;
1017
1018 if (refcount_read(&n->refcnt) == 1 &&
1019 (state == NUD_FAILED ||
1020 !time_in_range_open(jiffies, n->used,
1021 n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
1022 *np = n->next;
1023 neigh_mark_dead(n);
1024 write_unlock(&n->lock);
1025 neigh_cleanup_and_release(n);
1026 continue;
1027 }
1028 write_unlock(&n->lock);
1029
1030next_elt:
1031 np = &n->next;
1032 }
1033 /*
1034 * It's fine to release lock here, even if hash table
1035 * grows while we are preempted.
1036 */
1037 write_unlock_bh(&tbl->lock);
1038 cond_resched();
1039 write_lock_bh(&tbl->lock);
1040 nht = rcu_dereference_protected(tbl->nht,
1041 lockdep_is_held(&tbl->lock));
1042 }
1043out:
1044 /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1045 * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1046 * BASE_REACHABLE_TIME.
1047 */
1048 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1049 NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1050 write_unlock_bh(&tbl->lock);
1051}
1052
1053static __inline__ int neigh_max_probes(struct neighbour *n)
1054{
1055 struct neigh_parms *p = n->parms;
1056 return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1057 (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1058 NEIGH_VAR(p, MCAST_PROBES));
1059}
1060
1061static void neigh_invalidate(struct neighbour *neigh)
1062 __releases(neigh->lock)
1063 __acquires(neigh->lock)
1064{
1065 struct sk_buff *skb;
1066
1067 NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1068 neigh_dbg(2, "neigh %p is failed\n", neigh);
1069 neigh->updated = jiffies;
1070
1071 /* It is very thin place. report_unreachable is very complicated
1072 routine. Particularly, it can hit the same neighbour entry!
1073
1074 So that, we try to be accurate and avoid dead loop. --ANK
1075 */
1076 while (neigh->nud_state == NUD_FAILED &&
1077 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1078 write_unlock(&neigh->lock);
1079 neigh->ops->error_report(neigh, skb);
1080 write_lock(&neigh->lock);
1081 }
1082 __skb_queue_purge(&neigh->arp_queue);
1083 neigh->arp_queue_len_bytes = 0;
1084}
1085
1086static void neigh_probe(struct neighbour *neigh)
1087 __releases(neigh->lock)
1088{
1089 struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1090 /* keep skb alive even if arp_queue overflows */
1091 if (skb)
1092 skb = skb_clone(skb, GFP_ATOMIC);
1093 write_unlock(&neigh->lock);
1094 if (neigh->ops->solicit)
1095 neigh->ops->solicit(neigh, skb);
1096 atomic_inc(&neigh->probes);
1097 consume_skb(skb);
1098}
1099
1100/* Called when a timer expires for a neighbour entry. */
1101
1102static void neigh_timer_handler(struct timer_list *t)
1103{
1104 unsigned long now, next;
1105 struct neighbour *neigh = from_timer(neigh, t, timer);
1106 unsigned int state;
1107 int notify = 0;
1108
1109 write_lock(&neigh->lock);
1110
1111 state = neigh->nud_state;
1112 now = jiffies;
1113 next = now + HZ;
1114
1115 if (!(state & NUD_IN_TIMER))
1116 goto out;
1117
1118 if (state & NUD_REACHABLE) {
1119 if (time_before_eq(now,
1120 neigh->confirmed + neigh->parms->reachable_time)) {
1121 neigh_dbg(2, "neigh %p is still alive\n", neigh);
1122 next = neigh->confirmed + neigh->parms->reachable_time;
1123 } else if (time_before_eq(now,
1124 neigh->used +
1125 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1126 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1127 neigh->nud_state = NUD_DELAY;
1128 neigh->updated = jiffies;
1129 neigh_suspect(neigh);
1130 next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1131 } else {
1132 neigh_dbg(2, "neigh %p is suspected\n", neigh);
1133 neigh->nud_state = NUD_STALE;
1134 neigh->updated = jiffies;
1135 neigh_suspect(neigh);
1136 notify = 1;
1137 }
1138 } else if (state & NUD_DELAY) {
1139 if (time_before_eq(now,
1140 neigh->confirmed +
1141 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1142 neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1143 neigh->nud_state = NUD_REACHABLE;
1144 neigh->updated = jiffies;
1145 neigh_connect(neigh);
1146 notify = 1;
1147 next = neigh->confirmed + neigh->parms->reachable_time;
1148 } else {
1149 neigh_dbg(2, "neigh %p is probed\n", neigh);
1150 neigh->nud_state = NUD_PROBE;
1151 neigh->updated = jiffies;
1152 atomic_set(&neigh->probes, 0);
1153 notify = 1;
1154 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1155 HZ/100);
1156 }
1157 } else {
1158 /* NUD_PROBE|NUD_INCOMPLETE */
1159 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1160 }
1161
1162 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1163 atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1164 neigh->nud_state = NUD_FAILED;
1165 notify = 1;
1166 neigh_invalidate(neigh);
1167 goto out;
1168 }
1169
1170 if (neigh->nud_state & NUD_IN_TIMER) {
1171 if (time_before(next, jiffies + HZ/100))
1172 next = jiffies + HZ/100;
1173 if (!mod_timer(&neigh->timer, next))
1174 neigh_hold(neigh);
1175 }
1176 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1177 neigh_probe(neigh);
1178 } else {
1179out:
1180 write_unlock(&neigh->lock);
1181 }
1182
1183 if (notify)
1184 neigh_update_notify(neigh, 0);
1185
1186 trace_neigh_timer_handler(neigh, 0);
1187
1188 neigh_release(neigh);
1189}
1190
1191int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1192 const bool immediate_ok)
1193{
1194 int rc;
1195 bool immediate_probe = false;
1196
1197 write_lock_bh(&neigh->lock);
1198
1199 rc = 0;
1200 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1201 goto out_unlock_bh;
1202 if (neigh->dead)
1203 goto out_dead;
1204
1205 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1206 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1207 NEIGH_VAR(neigh->parms, APP_PROBES)) {
1208 unsigned long next, now = jiffies;
1209
1210 atomic_set(&neigh->probes,
1211 NEIGH_VAR(neigh->parms, UCAST_PROBES));
1212 neigh_del_timer(neigh);
1213 neigh->nud_state = NUD_INCOMPLETE;
1214 neigh->updated = now;
1215 if (!immediate_ok) {
1216 next = now + 1;
1217 } else {
1218 immediate_probe = true;
1219 next = now + max(NEIGH_VAR(neigh->parms,
1220 RETRANS_TIME),
1221 HZ / 100);
1222 }
1223 neigh_add_timer(neigh, next);
1224 } else {
1225 neigh->nud_state = NUD_FAILED;
1226 neigh->updated = jiffies;
1227 write_unlock_bh(&neigh->lock);
1228
1229 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
1230 return 1;
1231 }
1232 } else if (neigh->nud_state & NUD_STALE) {
1233 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1234 neigh_del_timer(neigh);
1235 neigh->nud_state = NUD_DELAY;
1236 neigh->updated = jiffies;
1237 neigh_add_timer(neigh, jiffies +
1238 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1239 }
1240
1241 if (neigh->nud_state == NUD_INCOMPLETE) {
1242 if (skb) {
1243 while (neigh->arp_queue_len_bytes + skb->truesize >
1244 NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1245 struct sk_buff *buff;
1246
1247 buff = __skb_dequeue(&neigh->arp_queue);
1248 if (!buff)
1249 break;
1250 neigh->arp_queue_len_bytes -= buff->truesize;
1251 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL);
1252 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1253 }
1254 skb_dst_force(skb);
1255 __skb_queue_tail(&neigh->arp_queue, skb);
1256 neigh->arp_queue_len_bytes += skb->truesize;
1257 }
1258 rc = 1;
1259 }
1260out_unlock_bh:
1261 if (immediate_probe)
1262 neigh_probe(neigh);
1263 else
1264 write_unlock(&neigh->lock);
1265 local_bh_enable();
1266 trace_neigh_event_send_done(neigh, rc);
1267 return rc;
1268
1269out_dead:
1270 if (neigh->nud_state & NUD_STALE)
1271 goto out_unlock_bh;
1272 write_unlock_bh(&neigh->lock);
1273 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD);
1274 trace_neigh_event_send_dead(neigh, 1);
1275 return 1;
1276}
1277EXPORT_SYMBOL(__neigh_event_send);
1278
1279static void neigh_update_hhs(struct neighbour *neigh)
1280{
1281 struct hh_cache *hh;
1282 void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1283 = NULL;
1284
1285 if (neigh->dev->header_ops)
1286 update = neigh->dev->header_ops->cache_update;
1287
1288 if (update) {
1289 hh = &neigh->hh;
1290 if (READ_ONCE(hh->hh_len)) {
1291 write_seqlock_bh(&hh->hh_lock);
1292 update(hh, neigh->dev, neigh->ha);
1293 write_sequnlock_bh(&hh->hh_lock);
1294 }
1295 }
1296}
1297
1298/* Generic update routine.
1299 -- lladdr is new lladdr or NULL, if it is not supplied.
1300 -- new is new state.
1301 -- flags
1302 NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1303 if it is different.
1304 NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1305 lladdr instead of overriding it
1306 if it is different.
1307 NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1308 NEIGH_UPDATE_F_USE means that the entry is user triggered.
1309 NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed.
1310 NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1311 NTF_ROUTER flag.
1312 NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1313 a router.
1314
1315 Caller MUST hold reference count on the entry.
1316 */
1317static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1318 u8 new, u32 flags, u32 nlmsg_pid,
1319 struct netlink_ext_ack *extack)
1320{
1321 bool gc_update = false, managed_update = false;
1322 int update_isrouter = 0;
1323 struct net_device *dev;
1324 int err, notify = 0;
1325 u8 old;
1326
1327 trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1328
1329 write_lock_bh(&neigh->lock);
1330
1331 dev = neigh->dev;
1332 old = neigh->nud_state;
1333 err = -EPERM;
1334
1335 if (neigh->dead) {
1336 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1337 new = old;
1338 goto out;
1339 }
1340 if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1341 (old & (NUD_NOARP | NUD_PERMANENT)))
1342 goto out;
1343
1344 neigh_update_flags(neigh, flags, ¬ify, &gc_update, &managed_update);
1345 if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1346 new = old & ~NUD_PERMANENT;
1347 neigh->nud_state = new;
1348 err = 0;
1349 goto out;
1350 }
1351
1352 if (!(new & NUD_VALID)) {
1353 neigh_del_timer(neigh);
1354 if (old & NUD_CONNECTED)
1355 neigh_suspect(neigh);
1356 neigh->nud_state = new;
1357 err = 0;
1358 notify = old & NUD_VALID;
1359 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1360 (new & NUD_FAILED)) {
1361 neigh_invalidate(neigh);
1362 notify = 1;
1363 }
1364 goto out;
1365 }
1366
1367 /* Compare new lladdr with cached one */
1368 if (!dev->addr_len) {
1369 /* First case: device needs no address. */
1370 lladdr = neigh->ha;
1371 } else if (lladdr) {
1372 /* The second case: if something is already cached
1373 and a new address is proposed:
1374 - compare new & old
1375 - if they are different, check override flag
1376 */
1377 if ((old & NUD_VALID) &&
1378 !memcmp(lladdr, neigh->ha, dev->addr_len))
1379 lladdr = neigh->ha;
1380 } else {
1381 /* No address is supplied; if we know something,
1382 use it, otherwise discard the request.
1383 */
1384 err = -EINVAL;
1385 if (!(old & NUD_VALID)) {
1386 NL_SET_ERR_MSG(extack, "No link layer address given");
1387 goto out;
1388 }
1389 lladdr = neigh->ha;
1390 }
1391
1392 /* Update confirmed timestamp for neighbour entry after we
1393 * received ARP packet even if it doesn't change IP to MAC binding.
1394 */
1395 if (new & NUD_CONNECTED)
1396 neigh->confirmed = jiffies;
1397
1398 /* If entry was valid and address is not changed,
1399 do not change entry state, if new one is STALE.
1400 */
1401 err = 0;
1402 update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1403 if (old & NUD_VALID) {
1404 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1405 update_isrouter = 0;
1406 if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1407 (old & NUD_CONNECTED)) {
1408 lladdr = neigh->ha;
1409 new = NUD_STALE;
1410 } else
1411 goto out;
1412 } else {
1413 if (lladdr == neigh->ha && new == NUD_STALE &&
1414 !(flags & NEIGH_UPDATE_F_ADMIN))
1415 new = old;
1416 }
1417 }
1418
1419 /* Update timestamp only once we know we will make a change to the
1420 * neighbour entry. Otherwise we risk to move the locktime window with
1421 * noop updates and ignore relevant ARP updates.
1422 */
1423 if (new != old || lladdr != neigh->ha)
1424 neigh->updated = jiffies;
1425
1426 if (new != old) {
1427 neigh_del_timer(neigh);
1428 if (new & NUD_PROBE)
1429 atomic_set(&neigh->probes, 0);
1430 if (new & NUD_IN_TIMER)
1431 neigh_add_timer(neigh, (jiffies +
1432 ((new & NUD_REACHABLE) ?
1433 neigh->parms->reachable_time :
1434 0)));
1435 neigh->nud_state = new;
1436 notify = 1;
1437 }
1438
1439 if (lladdr != neigh->ha) {
1440 write_seqlock(&neigh->ha_lock);
1441 memcpy(&neigh->ha, lladdr, dev->addr_len);
1442 write_sequnlock(&neigh->ha_lock);
1443 neigh_update_hhs(neigh);
1444 if (!(new & NUD_CONNECTED))
1445 neigh->confirmed = jiffies -
1446 (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1447 notify = 1;
1448 }
1449 if (new == old)
1450 goto out;
1451 if (new & NUD_CONNECTED)
1452 neigh_connect(neigh);
1453 else
1454 neigh_suspect(neigh);
1455 if (!(old & NUD_VALID)) {
1456 struct sk_buff *skb;
1457
1458 /* Again: avoid dead loop if something went wrong */
1459
1460 while (neigh->nud_state & NUD_VALID &&
1461 (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1462 struct dst_entry *dst = skb_dst(skb);
1463 struct neighbour *n2, *n1 = neigh;
1464 write_unlock_bh(&neigh->lock);
1465
1466 rcu_read_lock();
1467
1468 /* Why not just use 'neigh' as-is? The problem is that
1469 * things such as shaper, eql, and sch_teql can end up
1470 * using alternative, different, neigh objects to output
1471 * the packet in the output path. So what we need to do
1472 * here is re-lookup the top-level neigh in the path so
1473 * we can reinject the packet there.
1474 */
1475 n2 = NULL;
1476 if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1477 n2 = dst_neigh_lookup_skb(dst, skb);
1478 if (n2)
1479 n1 = n2;
1480 }
1481 n1->output(n1, skb);
1482 if (n2)
1483 neigh_release(n2);
1484 rcu_read_unlock();
1485
1486 write_lock_bh(&neigh->lock);
1487 }
1488 __skb_queue_purge(&neigh->arp_queue);
1489 neigh->arp_queue_len_bytes = 0;
1490 }
1491out:
1492 if (update_isrouter)
1493 neigh_update_is_router(neigh, flags, ¬ify);
1494 write_unlock_bh(&neigh->lock);
1495 if (((new ^ old) & NUD_PERMANENT) || gc_update)
1496 neigh_update_gc_list(neigh);
1497 if (managed_update)
1498 neigh_update_managed_list(neigh);
1499 if (notify)
1500 neigh_update_notify(neigh, nlmsg_pid);
1501 trace_neigh_update_done(neigh, err);
1502 return err;
1503}
1504
1505int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1506 u32 flags, u32 nlmsg_pid)
1507{
1508 return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1509}
1510EXPORT_SYMBOL(neigh_update);
1511
1512/* Update the neigh to listen temporarily for probe responses, even if it is
1513 * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1514 */
1515void __neigh_set_probe_once(struct neighbour *neigh)
1516{
1517 if (neigh->dead)
1518 return;
1519 neigh->updated = jiffies;
1520 if (!(neigh->nud_state & NUD_FAILED))
1521 return;
1522 neigh->nud_state = NUD_INCOMPLETE;
1523 atomic_set(&neigh->probes, neigh_max_probes(neigh));
1524 neigh_add_timer(neigh,
1525 jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1526 HZ/100));
1527}
1528EXPORT_SYMBOL(__neigh_set_probe_once);
1529
1530struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1531 u8 *lladdr, void *saddr,
1532 struct net_device *dev)
1533{
1534 struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1535 lladdr || !dev->addr_len);
1536 if (neigh)
1537 neigh_update(neigh, lladdr, NUD_STALE,
1538 NEIGH_UPDATE_F_OVERRIDE, 0);
1539 return neigh;
1540}
1541EXPORT_SYMBOL(neigh_event_ns);
1542
1543/* called with read_lock_bh(&n->lock); */
1544static void neigh_hh_init(struct neighbour *n)
1545{
1546 struct net_device *dev = n->dev;
1547 __be16 prot = n->tbl->protocol;
1548 struct hh_cache *hh = &n->hh;
1549
1550 write_lock_bh(&n->lock);
1551
1552 /* Only one thread can come in here and initialize the
1553 * hh_cache entry.
1554 */
1555 if (!hh->hh_len)
1556 dev->header_ops->cache(n, hh, prot);
1557
1558 write_unlock_bh(&n->lock);
1559}
1560
1561/* Slow and careful. */
1562
1563int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1564{
1565 int rc = 0;
1566
1567 if (!neigh_event_send(neigh, skb)) {
1568 int err;
1569 struct net_device *dev = neigh->dev;
1570 unsigned int seq;
1571
1572 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1573 neigh_hh_init(neigh);
1574
1575 do {
1576 __skb_pull(skb, skb_network_offset(skb));
1577 seq = read_seqbegin(&neigh->ha_lock);
1578 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1579 neigh->ha, NULL, skb->len);
1580 } while (read_seqretry(&neigh->ha_lock, seq));
1581
1582 if (err >= 0)
1583 rc = dev_queue_xmit(skb);
1584 else
1585 goto out_kfree_skb;
1586 }
1587out:
1588 return rc;
1589out_kfree_skb:
1590 rc = -EINVAL;
1591 kfree_skb(skb);
1592 goto out;
1593}
1594EXPORT_SYMBOL(neigh_resolve_output);
1595
1596/* As fast as possible without hh cache */
1597
1598int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1599{
1600 struct net_device *dev = neigh->dev;
1601 unsigned int seq;
1602 int err;
1603
1604 do {
1605 __skb_pull(skb, skb_network_offset(skb));
1606 seq = read_seqbegin(&neigh->ha_lock);
1607 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1608 neigh->ha, NULL, skb->len);
1609 } while (read_seqretry(&neigh->ha_lock, seq));
1610
1611 if (err >= 0)
1612 err = dev_queue_xmit(skb);
1613 else {
1614 err = -EINVAL;
1615 kfree_skb(skb);
1616 }
1617 return err;
1618}
1619EXPORT_SYMBOL(neigh_connected_output);
1620
1621int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1622{
1623 return dev_queue_xmit(skb);
1624}
1625EXPORT_SYMBOL(neigh_direct_output);
1626
1627static void neigh_managed_work(struct work_struct *work)
1628{
1629 struct neigh_table *tbl = container_of(work, struct neigh_table,
1630 managed_work.work);
1631 struct neighbour *neigh;
1632
1633 write_lock_bh(&tbl->lock);
1634 list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1635 neigh_event_send_probe(neigh, NULL, false);
1636 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1637 NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1638 write_unlock_bh(&tbl->lock);
1639}
1640
1641static void neigh_proxy_process(struct timer_list *t)
1642{
1643 struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1644 long sched_next = 0;
1645 unsigned long now = jiffies;
1646 struct sk_buff *skb, *n;
1647
1648 spin_lock(&tbl->proxy_queue.lock);
1649
1650 skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1651 long tdif = NEIGH_CB(skb)->sched_next - now;
1652
1653 if (tdif <= 0) {
1654 struct net_device *dev = skb->dev;
1655
1656 neigh_parms_qlen_dec(dev, tbl->family);
1657 __skb_unlink(skb, &tbl->proxy_queue);
1658
1659 if (tbl->proxy_redo && netif_running(dev)) {
1660 rcu_read_lock();
1661 tbl->proxy_redo(skb);
1662 rcu_read_unlock();
1663 } else {
1664 kfree_skb(skb);
1665 }
1666
1667 dev_put(dev);
1668 } else if (!sched_next || tdif < sched_next)
1669 sched_next = tdif;
1670 }
1671 del_timer(&tbl->proxy_timer);
1672 if (sched_next)
1673 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1674 spin_unlock(&tbl->proxy_queue.lock);
1675}
1676
1677void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1678 struct sk_buff *skb)
1679{
1680 unsigned long sched_next = jiffies +
1681 get_random_u32_below(NEIGH_VAR(p, PROXY_DELAY));
1682
1683 if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1684 kfree_skb(skb);
1685 return;
1686 }
1687
1688 NEIGH_CB(skb)->sched_next = sched_next;
1689 NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1690
1691 spin_lock(&tbl->proxy_queue.lock);
1692 if (del_timer(&tbl->proxy_timer)) {
1693 if (time_before(tbl->proxy_timer.expires, sched_next))
1694 sched_next = tbl->proxy_timer.expires;
1695 }
1696 skb_dst_drop(skb);
1697 dev_hold(skb->dev);
1698 __skb_queue_tail(&tbl->proxy_queue, skb);
1699 p->qlen++;
1700 mod_timer(&tbl->proxy_timer, sched_next);
1701 spin_unlock(&tbl->proxy_queue.lock);
1702}
1703EXPORT_SYMBOL(pneigh_enqueue);
1704
1705static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1706 struct net *net, int ifindex)
1707{
1708 struct neigh_parms *p;
1709
1710 list_for_each_entry(p, &tbl->parms_list, list) {
1711 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1712 (!p->dev && !ifindex && net_eq(net, &init_net)))
1713 return p;
1714 }
1715
1716 return NULL;
1717}
1718
1719struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1720 struct neigh_table *tbl)
1721{
1722 struct neigh_parms *p;
1723 struct net *net = dev_net(dev);
1724 const struct net_device_ops *ops = dev->netdev_ops;
1725
1726 p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1727 if (p) {
1728 p->tbl = tbl;
1729 refcount_set(&p->refcnt, 1);
1730 p->reachable_time =
1731 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1732 p->qlen = 0;
1733 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL);
1734 p->dev = dev;
1735 write_pnet(&p->net, net);
1736 p->sysctl_table = NULL;
1737
1738 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1739 netdev_put(dev, &p->dev_tracker);
1740 kfree(p);
1741 return NULL;
1742 }
1743
1744 write_lock_bh(&tbl->lock);
1745 list_add(&p->list, &tbl->parms.list);
1746 write_unlock_bh(&tbl->lock);
1747
1748 neigh_parms_data_state_cleanall(p);
1749 }
1750 return p;
1751}
1752EXPORT_SYMBOL(neigh_parms_alloc);
1753
1754static void neigh_rcu_free_parms(struct rcu_head *head)
1755{
1756 struct neigh_parms *parms =
1757 container_of(head, struct neigh_parms, rcu_head);
1758
1759 neigh_parms_put(parms);
1760}
1761
1762void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1763{
1764 if (!parms || parms == &tbl->parms)
1765 return;
1766 write_lock_bh(&tbl->lock);
1767 list_del(&parms->list);
1768 parms->dead = 1;
1769 write_unlock_bh(&tbl->lock);
1770 netdev_put(parms->dev, &parms->dev_tracker);
1771 call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1772}
1773EXPORT_SYMBOL(neigh_parms_release);
1774
1775static void neigh_parms_destroy(struct neigh_parms *parms)
1776{
1777 kfree(parms);
1778}
1779
1780static struct lock_class_key neigh_table_proxy_queue_class;
1781
1782static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1783
1784void neigh_table_init(int index, struct neigh_table *tbl)
1785{
1786 unsigned long now = jiffies;
1787 unsigned long phsize;
1788
1789 INIT_LIST_HEAD(&tbl->parms_list);
1790 INIT_LIST_HEAD(&tbl->gc_list);
1791 INIT_LIST_HEAD(&tbl->managed_list);
1792
1793 list_add(&tbl->parms.list, &tbl->parms_list);
1794 write_pnet(&tbl->parms.net, &init_net);
1795 refcount_set(&tbl->parms.refcnt, 1);
1796 tbl->parms.reachable_time =
1797 neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1798 tbl->parms.qlen = 0;
1799
1800 tbl->stats = alloc_percpu(struct neigh_statistics);
1801 if (!tbl->stats)
1802 panic("cannot create neighbour cache statistics");
1803
1804#ifdef CONFIG_PROC_FS
1805 if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1806 &neigh_stat_seq_ops, tbl))
1807 panic("cannot create neighbour proc dir entry");
1808#endif
1809
1810 RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1811
1812 phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1813 tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1814
1815 if (!tbl->nht || !tbl->phash_buckets)
1816 panic("cannot allocate neighbour cache hashes");
1817
1818 if (!tbl->entry_size)
1819 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1820 tbl->key_len, NEIGH_PRIV_ALIGN);
1821 else
1822 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1823
1824 rwlock_init(&tbl->lock);
1825
1826 INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1827 queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1828 tbl->parms.reachable_time);
1829 INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1830 queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1831
1832 timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1833 skb_queue_head_init_class(&tbl->proxy_queue,
1834 &neigh_table_proxy_queue_class);
1835
1836 tbl->last_flush = now;
1837 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1838
1839 neigh_tables[index] = tbl;
1840}
1841EXPORT_SYMBOL(neigh_table_init);
1842
1843int neigh_table_clear(int index, struct neigh_table *tbl)
1844{
1845 neigh_tables[index] = NULL;
1846 /* It is not clean... Fix it to unload IPv6 module safely */
1847 cancel_delayed_work_sync(&tbl->managed_work);
1848 cancel_delayed_work_sync(&tbl->gc_work);
1849 del_timer_sync(&tbl->proxy_timer);
1850 pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family);
1851 neigh_ifdown(tbl, NULL);
1852 if (atomic_read(&tbl->entries))
1853 pr_crit("neighbour leakage\n");
1854
1855 call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1856 neigh_hash_free_rcu);
1857 tbl->nht = NULL;
1858
1859 kfree(tbl->phash_buckets);
1860 tbl->phash_buckets = NULL;
1861
1862 remove_proc_entry(tbl->id, init_net.proc_net_stat);
1863
1864 free_percpu(tbl->stats);
1865 tbl->stats = NULL;
1866
1867 return 0;
1868}
1869EXPORT_SYMBOL(neigh_table_clear);
1870
1871static struct neigh_table *neigh_find_table(int family)
1872{
1873 struct neigh_table *tbl = NULL;
1874
1875 switch (family) {
1876 case AF_INET:
1877 tbl = neigh_tables[NEIGH_ARP_TABLE];
1878 break;
1879 case AF_INET6:
1880 tbl = neigh_tables[NEIGH_ND_TABLE];
1881 break;
1882 }
1883
1884 return tbl;
1885}
1886
1887const struct nla_policy nda_policy[NDA_MAX+1] = {
1888 [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1889 [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1890 [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1891 [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1892 [NDA_PROBES] = { .type = NLA_U32 },
1893 [NDA_VLAN] = { .type = NLA_U16 },
1894 [NDA_PORT] = { .type = NLA_U16 },
1895 [NDA_VNI] = { .type = NLA_U32 },
1896 [NDA_IFINDEX] = { .type = NLA_U32 },
1897 [NDA_MASTER] = { .type = NLA_U32 },
1898 [NDA_PROTOCOL] = { .type = NLA_U8 },
1899 [NDA_NH_ID] = { .type = NLA_U32 },
1900 [NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1901 [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1902};
1903
1904static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1905 struct netlink_ext_ack *extack)
1906{
1907 struct net *net = sock_net(skb->sk);
1908 struct ndmsg *ndm;
1909 struct nlattr *dst_attr;
1910 struct neigh_table *tbl;
1911 struct neighbour *neigh;
1912 struct net_device *dev = NULL;
1913 int err = -EINVAL;
1914
1915 ASSERT_RTNL();
1916 if (nlmsg_len(nlh) < sizeof(*ndm))
1917 goto out;
1918
1919 dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1920 if (!dst_attr) {
1921 NL_SET_ERR_MSG(extack, "Network address not specified");
1922 goto out;
1923 }
1924
1925 ndm = nlmsg_data(nlh);
1926 if (ndm->ndm_ifindex) {
1927 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1928 if (dev == NULL) {
1929 err = -ENODEV;
1930 goto out;
1931 }
1932 }
1933
1934 tbl = neigh_find_table(ndm->ndm_family);
1935 if (tbl == NULL)
1936 return -EAFNOSUPPORT;
1937
1938 if (nla_len(dst_attr) < (int)tbl->key_len) {
1939 NL_SET_ERR_MSG(extack, "Invalid network address");
1940 goto out;
1941 }
1942
1943 if (ndm->ndm_flags & NTF_PROXY) {
1944 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1945 goto out;
1946 }
1947
1948 if (dev == NULL)
1949 goto out;
1950
1951 neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1952 if (neigh == NULL) {
1953 err = -ENOENT;
1954 goto out;
1955 }
1956
1957 err = __neigh_update(neigh, NULL, NUD_FAILED,
1958 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1959 NETLINK_CB(skb).portid, extack);
1960 write_lock_bh(&tbl->lock);
1961 neigh_release(neigh);
1962 neigh_remove_one(neigh, tbl);
1963 write_unlock_bh(&tbl->lock);
1964
1965out:
1966 return err;
1967}
1968
1969static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1970 struct netlink_ext_ack *extack)
1971{
1972 int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1973 NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1974 struct net *net = sock_net(skb->sk);
1975 struct ndmsg *ndm;
1976 struct nlattr *tb[NDA_MAX+1];
1977 struct neigh_table *tbl;
1978 struct net_device *dev = NULL;
1979 struct neighbour *neigh;
1980 void *dst, *lladdr;
1981 u8 protocol = 0;
1982 u32 ndm_flags;
1983 int err;
1984
1985 ASSERT_RTNL();
1986 err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1987 nda_policy, extack);
1988 if (err < 0)
1989 goto out;
1990
1991 err = -EINVAL;
1992 if (!tb[NDA_DST]) {
1993 NL_SET_ERR_MSG(extack, "Network address not specified");
1994 goto out;
1995 }
1996
1997 ndm = nlmsg_data(nlh);
1998 ndm_flags = ndm->ndm_flags;
1999 if (tb[NDA_FLAGS_EXT]) {
2000 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
2001
2002 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
2003 (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
2004 hweight32(NTF_EXT_MASK)));
2005 ndm_flags |= (ext << NTF_EXT_SHIFT);
2006 }
2007 if (ndm->ndm_ifindex) {
2008 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
2009 if (dev == NULL) {
2010 err = -ENODEV;
2011 goto out;
2012 }
2013
2014 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
2015 NL_SET_ERR_MSG(extack, "Invalid link address");
2016 goto out;
2017 }
2018 }
2019
2020 tbl = neigh_find_table(ndm->ndm_family);
2021 if (tbl == NULL)
2022 return -EAFNOSUPPORT;
2023
2024 if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
2025 NL_SET_ERR_MSG(extack, "Invalid network address");
2026 goto out;
2027 }
2028
2029 dst = nla_data(tb[NDA_DST]);
2030 lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
2031
2032 if (tb[NDA_PROTOCOL])
2033 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
2034 if (ndm_flags & NTF_PROXY) {
2035 struct pneigh_entry *pn;
2036
2037 if (ndm_flags & NTF_MANAGED) {
2038 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2039 goto out;
2040 }
2041
2042 err = -ENOBUFS;
2043 pn = pneigh_lookup(tbl, net, dst, dev, 1);
2044 if (pn) {
2045 pn->flags = ndm_flags;
2046 if (protocol)
2047 pn->protocol = protocol;
2048 err = 0;
2049 }
2050 goto out;
2051 }
2052
2053 if (!dev) {
2054 NL_SET_ERR_MSG(extack, "Device not specified");
2055 goto out;
2056 }
2057
2058 if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2059 err = -EINVAL;
2060 goto out;
2061 }
2062
2063 neigh = neigh_lookup(tbl, dst, dev);
2064 if (neigh == NULL) {
2065 bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT;
2066 bool exempt_from_gc = ndm_permanent ||
2067 ndm_flags & NTF_EXT_LEARNED;
2068
2069 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2070 err = -ENOENT;
2071 goto out;
2072 }
2073 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2074 NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2075 err = -EINVAL;
2076 goto out;
2077 }
2078
2079 neigh = ___neigh_create(tbl, dst, dev,
2080 ndm_flags &
2081 (NTF_EXT_LEARNED | NTF_MANAGED),
2082 exempt_from_gc, true);
2083 if (IS_ERR(neigh)) {
2084 err = PTR_ERR(neigh);
2085 goto out;
2086 }
2087 } else {
2088 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2089 err = -EEXIST;
2090 neigh_release(neigh);
2091 goto out;
2092 }
2093
2094 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2095 flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2096 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2097 }
2098
2099 if (protocol)
2100 neigh->protocol = protocol;
2101 if (ndm_flags & NTF_EXT_LEARNED)
2102 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2103 if (ndm_flags & NTF_ROUTER)
2104 flags |= NEIGH_UPDATE_F_ISROUTER;
2105 if (ndm_flags & NTF_MANAGED)
2106 flags |= NEIGH_UPDATE_F_MANAGED;
2107 if (ndm_flags & NTF_USE)
2108 flags |= NEIGH_UPDATE_F_USE;
2109
2110 err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2111 NETLINK_CB(skb).portid, extack);
2112 if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2113 neigh_event_send(neigh, NULL);
2114 err = 0;
2115 }
2116 neigh_release(neigh);
2117out:
2118 return err;
2119}
2120
2121static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2122{
2123 struct nlattr *nest;
2124
2125 nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2126 if (nest == NULL)
2127 return -ENOBUFS;
2128
2129 if ((parms->dev &&
2130 nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2131 nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2132 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2133 NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2134 /* approximative value for deprecated QUEUE_LEN (in packets) */
2135 nla_put_u32(skb, NDTPA_QUEUE_LEN,
2136 NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2137 nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2138 nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2139 nla_put_u32(skb, NDTPA_UCAST_PROBES,
2140 NEIGH_VAR(parms, UCAST_PROBES)) ||
2141 nla_put_u32(skb, NDTPA_MCAST_PROBES,
2142 NEIGH_VAR(parms, MCAST_PROBES)) ||
2143 nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2144 NEIGH_VAR(parms, MCAST_REPROBES)) ||
2145 nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2146 NDTPA_PAD) ||
2147 nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2148 NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2149 nla_put_msecs(skb, NDTPA_GC_STALETIME,
2150 NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2151 nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2152 NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2153 nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2154 NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2155 nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2156 NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2157 nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2158 NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2159 nla_put_msecs(skb, NDTPA_LOCKTIME,
2160 NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) ||
2161 nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS,
2162 NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD))
2163 goto nla_put_failure;
2164 return nla_nest_end(skb, nest);
2165
2166nla_put_failure:
2167 nla_nest_cancel(skb, nest);
2168 return -EMSGSIZE;
2169}
2170
2171static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2172 u32 pid, u32 seq, int type, int flags)
2173{
2174 struct nlmsghdr *nlh;
2175 struct ndtmsg *ndtmsg;
2176
2177 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2178 if (nlh == NULL)
2179 return -EMSGSIZE;
2180
2181 ndtmsg = nlmsg_data(nlh);
2182
2183 read_lock_bh(&tbl->lock);
2184 ndtmsg->ndtm_family = tbl->family;
2185 ndtmsg->ndtm_pad1 = 0;
2186 ndtmsg->ndtm_pad2 = 0;
2187
2188 if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2189 nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2190 nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2191 nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2192 nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2193 goto nla_put_failure;
2194 {
2195 unsigned long now = jiffies;
2196 long flush_delta = now - tbl->last_flush;
2197 long rand_delta = now - tbl->last_rand;
2198 struct neigh_hash_table *nht;
2199 struct ndt_config ndc = {
2200 .ndtc_key_len = tbl->key_len,
2201 .ndtc_entry_size = tbl->entry_size,
2202 .ndtc_entries = atomic_read(&tbl->entries),
2203 .ndtc_last_flush = jiffies_to_msecs(flush_delta),
2204 .ndtc_last_rand = jiffies_to_msecs(rand_delta),
2205 .ndtc_proxy_qlen = tbl->proxy_queue.qlen,
2206 };
2207
2208 rcu_read_lock_bh();
2209 nht = rcu_dereference_bh(tbl->nht);
2210 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2211 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2212 rcu_read_unlock_bh();
2213
2214 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2215 goto nla_put_failure;
2216 }
2217
2218 {
2219 int cpu;
2220 struct ndt_stats ndst;
2221
2222 memset(&ndst, 0, sizeof(ndst));
2223
2224 for_each_possible_cpu(cpu) {
2225 struct neigh_statistics *st;
2226
2227 st = per_cpu_ptr(tbl->stats, cpu);
2228 ndst.ndts_allocs += st->allocs;
2229 ndst.ndts_destroys += st->destroys;
2230 ndst.ndts_hash_grows += st->hash_grows;
2231 ndst.ndts_res_failed += st->res_failed;
2232 ndst.ndts_lookups += st->lookups;
2233 ndst.ndts_hits += st->hits;
2234 ndst.ndts_rcv_probes_mcast += st->rcv_probes_mcast;
2235 ndst.ndts_rcv_probes_ucast += st->rcv_probes_ucast;
2236 ndst.ndts_periodic_gc_runs += st->periodic_gc_runs;
2237 ndst.ndts_forced_gc_runs += st->forced_gc_runs;
2238 ndst.ndts_table_fulls += st->table_fulls;
2239 }
2240
2241 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2242 NDTA_PAD))
2243 goto nla_put_failure;
2244 }
2245
2246 BUG_ON(tbl->parms.dev);
2247 if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2248 goto nla_put_failure;
2249
2250 read_unlock_bh(&tbl->lock);
2251 nlmsg_end(skb, nlh);
2252 return 0;
2253
2254nla_put_failure:
2255 read_unlock_bh(&tbl->lock);
2256 nlmsg_cancel(skb, nlh);
2257 return -EMSGSIZE;
2258}
2259
2260static int neightbl_fill_param_info(struct sk_buff *skb,
2261 struct neigh_table *tbl,
2262 struct neigh_parms *parms,
2263 u32 pid, u32 seq, int type,
2264 unsigned int flags)
2265{
2266 struct ndtmsg *ndtmsg;
2267 struct nlmsghdr *nlh;
2268
2269 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2270 if (nlh == NULL)
2271 return -EMSGSIZE;
2272
2273 ndtmsg = nlmsg_data(nlh);
2274
2275 read_lock_bh(&tbl->lock);
2276 ndtmsg->ndtm_family = tbl->family;
2277 ndtmsg->ndtm_pad1 = 0;
2278 ndtmsg->ndtm_pad2 = 0;
2279
2280 if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2281 neightbl_fill_parms(skb, parms) < 0)
2282 goto errout;
2283
2284 read_unlock_bh(&tbl->lock);
2285 nlmsg_end(skb, nlh);
2286 return 0;
2287errout:
2288 read_unlock_bh(&tbl->lock);
2289 nlmsg_cancel(skb, nlh);
2290 return -EMSGSIZE;
2291}
2292
2293static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2294 [NDTA_NAME] = { .type = NLA_STRING },
2295 [NDTA_THRESH1] = { .type = NLA_U32 },
2296 [NDTA_THRESH2] = { .type = NLA_U32 },
2297 [NDTA_THRESH3] = { .type = NLA_U32 },
2298 [NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2299 [NDTA_PARMS] = { .type = NLA_NESTED },
2300};
2301
2302static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2303 [NDTPA_IFINDEX] = { .type = NLA_U32 },
2304 [NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2305 [NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2306 [NDTPA_APP_PROBES] = { .type = NLA_U32 },
2307 [NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2308 [NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2309 [NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2310 [NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2311 [NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2312 [NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2313 [NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2314 [NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2315 [NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2316 [NDTPA_LOCKTIME] = { .type = NLA_U64 },
2317 [NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 },
2318};
2319
2320static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2321 struct netlink_ext_ack *extack)
2322{
2323 struct net *net = sock_net(skb->sk);
2324 struct neigh_table *tbl;
2325 struct ndtmsg *ndtmsg;
2326 struct nlattr *tb[NDTA_MAX+1];
2327 bool found = false;
2328 int err, tidx;
2329
2330 err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2331 nl_neightbl_policy, extack);
2332 if (err < 0)
2333 goto errout;
2334
2335 if (tb[NDTA_NAME] == NULL) {
2336 err = -EINVAL;
2337 goto errout;
2338 }
2339
2340 ndtmsg = nlmsg_data(nlh);
2341
2342 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2343 tbl = neigh_tables[tidx];
2344 if (!tbl)
2345 continue;
2346 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2347 continue;
2348 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2349 found = true;
2350 break;
2351 }
2352 }
2353
2354 if (!found)
2355 return -ENOENT;
2356
2357 /*
2358 * We acquire tbl->lock to be nice to the periodic timers and
2359 * make sure they always see a consistent set of values.
2360 */
2361 write_lock_bh(&tbl->lock);
2362
2363 if (tb[NDTA_PARMS]) {
2364 struct nlattr *tbp[NDTPA_MAX+1];
2365 struct neigh_parms *p;
2366 int i, ifindex = 0;
2367
2368 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2369 tb[NDTA_PARMS],
2370 nl_ntbl_parm_policy, extack);
2371 if (err < 0)
2372 goto errout_tbl_lock;
2373
2374 if (tbp[NDTPA_IFINDEX])
2375 ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2376
2377 p = lookup_neigh_parms(tbl, net, ifindex);
2378 if (p == NULL) {
2379 err = -ENOENT;
2380 goto errout_tbl_lock;
2381 }
2382
2383 for (i = 1; i <= NDTPA_MAX; i++) {
2384 if (tbp[i] == NULL)
2385 continue;
2386
2387 switch (i) {
2388 case NDTPA_QUEUE_LEN:
2389 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2390 nla_get_u32(tbp[i]) *
2391 SKB_TRUESIZE(ETH_FRAME_LEN));
2392 break;
2393 case NDTPA_QUEUE_LENBYTES:
2394 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2395 nla_get_u32(tbp[i]));
2396 break;
2397 case NDTPA_PROXY_QLEN:
2398 NEIGH_VAR_SET(p, PROXY_QLEN,
2399 nla_get_u32(tbp[i]));
2400 break;
2401 case NDTPA_APP_PROBES:
2402 NEIGH_VAR_SET(p, APP_PROBES,
2403 nla_get_u32(tbp[i]));
2404 break;
2405 case NDTPA_UCAST_PROBES:
2406 NEIGH_VAR_SET(p, UCAST_PROBES,
2407 nla_get_u32(tbp[i]));
2408 break;
2409 case NDTPA_MCAST_PROBES:
2410 NEIGH_VAR_SET(p, MCAST_PROBES,
2411 nla_get_u32(tbp[i]));
2412 break;
2413 case NDTPA_MCAST_REPROBES:
2414 NEIGH_VAR_SET(p, MCAST_REPROBES,
2415 nla_get_u32(tbp[i]));
2416 break;
2417 case NDTPA_BASE_REACHABLE_TIME:
2418 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2419 nla_get_msecs(tbp[i]));
2420 /* update reachable_time as well, otherwise, the change will
2421 * only be effective after the next time neigh_periodic_work
2422 * decides to recompute it (can be multiple minutes)
2423 */
2424 p->reachable_time =
2425 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2426 break;
2427 case NDTPA_GC_STALETIME:
2428 NEIGH_VAR_SET(p, GC_STALETIME,
2429 nla_get_msecs(tbp[i]));
2430 break;
2431 case NDTPA_DELAY_PROBE_TIME:
2432 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2433 nla_get_msecs(tbp[i]));
2434 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2435 break;
2436 case NDTPA_INTERVAL_PROBE_TIME_MS:
2437 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2438 nla_get_msecs(tbp[i]));
2439 break;
2440 case NDTPA_RETRANS_TIME:
2441 NEIGH_VAR_SET(p, RETRANS_TIME,
2442 nla_get_msecs(tbp[i]));
2443 break;
2444 case NDTPA_ANYCAST_DELAY:
2445 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2446 nla_get_msecs(tbp[i]));
2447 break;
2448 case NDTPA_PROXY_DELAY:
2449 NEIGH_VAR_SET(p, PROXY_DELAY,
2450 nla_get_msecs(tbp[i]));
2451 break;
2452 case NDTPA_LOCKTIME:
2453 NEIGH_VAR_SET(p, LOCKTIME,
2454 nla_get_msecs(tbp[i]));
2455 break;
2456 }
2457 }
2458 }
2459
2460 err = -ENOENT;
2461 if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2462 tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2463 !net_eq(net, &init_net))
2464 goto errout_tbl_lock;
2465
2466 if (tb[NDTA_THRESH1])
2467 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2468
2469 if (tb[NDTA_THRESH2])
2470 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2471
2472 if (tb[NDTA_THRESH3])
2473 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2474
2475 if (tb[NDTA_GC_INTERVAL])
2476 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2477
2478 err = 0;
2479
2480errout_tbl_lock:
2481 write_unlock_bh(&tbl->lock);
2482errout:
2483 return err;
2484}
2485
2486static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2487 struct netlink_ext_ack *extack)
2488{
2489 struct ndtmsg *ndtm;
2490
2491 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2492 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2493 return -EINVAL;
2494 }
2495
2496 ndtm = nlmsg_data(nlh);
2497 if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2498 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2499 return -EINVAL;
2500 }
2501
2502 if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2503 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2504 return -EINVAL;
2505 }
2506
2507 return 0;
2508}
2509
2510static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2511{
2512 const struct nlmsghdr *nlh = cb->nlh;
2513 struct net *net = sock_net(skb->sk);
2514 int family, tidx, nidx = 0;
2515 int tbl_skip = cb->args[0];
2516 int neigh_skip = cb->args[1];
2517 struct neigh_table *tbl;
2518
2519 if (cb->strict_check) {
2520 int err = neightbl_valid_dump_info(nlh, cb->extack);
2521
2522 if (err < 0)
2523 return err;
2524 }
2525
2526 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2527
2528 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2529 struct neigh_parms *p;
2530
2531 tbl = neigh_tables[tidx];
2532 if (!tbl)
2533 continue;
2534
2535 if (tidx < tbl_skip || (family && tbl->family != family))
2536 continue;
2537
2538 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2539 nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2540 NLM_F_MULTI) < 0)
2541 break;
2542
2543 nidx = 0;
2544 p = list_next_entry(&tbl->parms, list);
2545 list_for_each_entry_from(p, &tbl->parms_list, list) {
2546 if (!net_eq(neigh_parms_net(p), net))
2547 continue;
2548
2549 if (nidx < neigh_skip)
2550 goto next;
2551
2552 if (neightbl_fill_param_info(skb, tbl, p,
2553 NETLINK_CB(cb->skb).portid,
2554 nlh->nlmsg_seq,
2555 RTM_NEWNEIGHTBL,
2556 NLM_F_MULTI) < 0)
2557 goto out;
2558 next:
2559 nidx++;
2560 }
2561
2562 neigh_skip = 0;
2563 }
2564out:
2565 cb->args[0] = tidx;
2566 cb->args[1] = nidx;
2567
2568 return skb->len;
2569}
2570
2571static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2572 u32 pid, u32 seq, int type, unsigned int flags)
2573{
2574 u32 neigh_flags, neigh_flags_ext;
2575 unsigned long now = jiffies;
2576 struct nda_cacheinfo ci;
2577 struct nlmsghdr *nlh;
2578 struct ndmsg *ndm;
2579
2580 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2581 if (nlh == NULL)
2582 return -EMSGSIZE;
2583
2584 neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2585 neigh_flags = neigh->flags & NTF_OLD_MASK;
2586
2587 ndm = nlmsg_data(nlh);
2588 ndm->ndm_family = neigh->ops->family;
2589 ndm->ndm_pad1 = 0;
2590 ndm->ndm_pad2 = 0;
2591 ndm->ndm_flags = neigh_flags;
2592 ndm->ndm_type = neigh->type;
2593 ndm->ndm_ifindex = neigh->dev->ifindex;
2594
2595 if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2596 goto nla_put_failure;
2597
2598 read_lock_bh(&neigh->lock);
2599 ndm->ndm_state = neigh->nud_state;
2600 if (neigh->nud_state & NUD_VALID) {
2601 char haddr[MAX_ADDR_LEN];
2602
2603 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2604 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2605 read_unlock_bh(&neigh->lock);
2606 goto nla_put_failure;
2607 }
2608 }
2609
2610 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2611 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2612 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2613 ci.ndm_refcnt = refcount_read(&neigh->refcnt) - 1;
2614 read_unlock_bh(&neigh->lock);
2615
2616 if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2617 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2618 goto nla_put_failure;
2619
2620 if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2621 goto nla_put_failure;
2622 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2623 goto nla_put_failure;
2624
2625 nlmsg_end(skb, nlh);
2626 return 0;
2627
2628nla_put_failure:
2629 nlmsg_cancel(skb, nlh);
2630 return -EMSGSIZE;
2631}
2632
2633static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2634 u32 pid, u32 seq, int type, unsigned int flags,
2635 struct neigh_table *tbl)
2636{
2637 u32 neigh_flags, neigh_flags_ext;
2638 struct nlmsghdr *nlh;
2639 struct ndmsg *ndm;
2640
2641 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2642 if (nlh == NULL)
2643 return -EMSGSIZE;
2644
2645 neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2646 neigh_flags = pn->flags & NTF_OLD_MASK;
2647
2648 ndm = nlmsg_data(nlh);
2649 ndm->ndm_family = tbl->family;
2650 ndm->ndm_pad1 = 0;
2651 ndm->ndm_pad2 = 0;
2652 ndm->ndm_flags = neigh_flags | NTF_PROXY;
2653 ndm->ndm_type = RTN_UNICAST;
2654 ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2655 ndm->ndm_state = NUD_NONE;
2656
2657 if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2658 goto nla_put_failure;
2659
2660 if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2661 goto nla_put_failure;
2662 if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2663 goto nla_put_failure;
2664
2665 nlmsg_end(skb, nlh);
2666 return 0;
2667
2668nla_put_failure:
2669 nlmsg_cancel(skb, nlh);
2670 return -EMSGSIZE;
2671}
2672
2673static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2674{
2675 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2676 __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2677}
2678
2679static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2680{
2681 struct net_device *master;
2682
2683 if (!master_idx)
2684 return false;
2685
2686 master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2687
2688 /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2689 * invalid value for ifindex to denote "no master".
2690 */
2691 if (master_idx == -1)
2692 return !!master;
2693
2694 if (!master || master->ifindex != master_idx)
2695 return true;
2696
2697 return false;
2698}
2699
2700static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2701{
2702 if (filter_idx && (!dev || dev->ifindex != filter_idx))
2703 return true;
2704
2705 return false;
2706}
2707
2708struct neigh_dump_filter {
2709 int master_idx;
2710 int dev_idx;
2711};
2712
2713static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2714 struct netlink_callback *cb,
2715 struct neigh_dump_filter *filter)
2716{
2717 struct net *net = sock_net(skb->sk);
2718 struct neighbour *n;
2719 int rc, h, s_h = cb->args[1];
2720 int idx, s_idx = idx = cb->args[2];
2721 struct neigh_hash_table *nht;
2722 unsigned int flags = NLM_F_MULTI;
2723
2724 if (filter->dev_idx || filter->master_idx)
2725 flags |= NLM_F_DUMP_FILTERED;
2726
2727 rcu_read_lock_bh();
2728 nht = rcu_dereference_bh(tbl->nht);
2729
2730 for (h = s_h; h < (1 << nht->hash_shift); h++) {
2731 if (h > s_h)
2732 s_idx = 0;
2733 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2734 n != NULL;
2735 n = rcu_dereference_bh(n->next)) {
2736 if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2737 goto next;
2738 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2739 neigh_master_filtered(n->dev, filter->master_idx))
2740 goto next;
2741 if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2742 cb->nlh->nlmsg_seq,
2743 RTM_NEWNEIGH,
2744 flags) < 0) {
2745 rc = -1;
2746 goto out;
2747 }
2748next:
2749 idx++;
2750 }
2751 }
2752 rc = skb->len;
2753out:
2754 rcu_read_unlock_bh();
2755 cb->args[1] = h;
2756 cb->args[2] = idx;
2757 return rc;
2758}
2759
2760static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2761 struct netlink_callback *cb,
2762 struct neigh_dump_filter *filter)
2763{
2764 struct pneigh_entry *n;
2765 struct net *net = sock_net(skb->sk);
2766 int rc, h, s_h = cb->args[3];
2767 int idx, s_idx = idx = cb->args[4];
2768 unsigned int flags = NLM_F_MULTI;
2769
2770 if (filter->dev_idx || filter->master_idx)
2771 flags |= NLM_F_DUMP_FILTERED;
2772
2773 read_lock_bh(&tbl->lock);
2774
2775 for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2776 if (h > s_h)
2777 s_idx = 0;
2778 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2779 if (idx < s_idx || pneigh_net(n) != net)
2780 goto next;
2781 if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2782 neigh_master_filtered(n->dev, filter->master_idx))
2783 goto next;
2784 if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2785 cb->nlh->nlmsg_seq,
2786 RTM_NEWNEIGH, flags, tbl) < 0) {
2787 read_unlock_bh(&tbl->lock);
2788 rc = -1;
2789 goto out;
2790 }
2791 next:
2792 idx++;
2793 }
2794 }
2795
2796 read_unlock_bh(&tbl->lock);
2797 rc = skb->len;
2798out:
2799 cb->args[3] = h;
2800 cb->args[4] = idx;
2801 return rc;
2802
2803}
2804
2805static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2806 bool strict_check,
2807 struct neigh_dump_filter *filter,
2808 struct netlink_ext_ack *extack)
2809{
2810 struct nlattr *tb[NDA_MAX + 1];
2811 int err, i;
2812
2813 if (strict_check) {
2814 struct ndmsg *ndm;
2815
2816 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2817 NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2818 return -EINVAL;
2819 }
2820
2821 ndm = nlmsg_data(nlh);
2822 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2823 ndm->ndm_state || ndm->ndm_type) {
2824 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2825 return -EINVAL;
2826 }
2827
2828 if (ndm->ndm_flags & ~NTF_PROXY) {
2829 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2830 return -EINVAL;
2831 }
2832
2833 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2834 tb, NDA_MAX, nda_policy,
2835 extack);
2836 } else {
2837 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2838 NDA_MAX, nda_policy, extack);
2839 }
2840 if (err < 0)
2841 return err;
2842
2843 for (i = 0; i <= NDA_MAX; ++i) {
2844 if (!tb[i])
2845 continue;
2846
2847 /* all new attributes should require strict_check */
2848 switch (i) {
2849 case NDA_IFINDEX:
2850 filter->dev_idx = nla_get_u32(tb[i]);
2851 break;
2852 case NDA_MASTER:
2853 filter->master_idx = nla_get_u32(tb[i]);
2854 break;
2855 default:
2856 if (strict_check) {
2857 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2858 return -EINVAL;
2859 }
2860 }
2861 }
2862
2863 return 0;
2864}
2865
2866static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2867{
2868 const struct nlmsghdr *nlh = cb->nlh;
2869 struct neigh_dump_filter filter = {};
2870 struct neigh_table *tbl;
2871 int t, family, s_t;
2872 int proxy = 0;
2873 int err;
2874
2875 family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2876
2877 /* check for full ndmsg structure presence, family member is
2878 * the same for both structures
2879 */
2880 if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2881 ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2882 proxy = 1;
2883
2884 err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2885 if (err < 0 && cb->strict_check)
2886 return err;
2887
2888 s_t = cb->args[0];
2889
2890 for (t = 0; t < NEIGH_NR_TABLES; t++) {
2891 tbl = neigh_tables[t];
2892
2893 if (!tbl)
2894 continue;
2895 if (t < s_t || (family && tbl->family != family))
2896 continue;
2897 if (t > s_t)
2898 memset(&cb->args[1], 0, sizeof(cb->args) -
2899 sizeof(cb->args[0]));
2900 if (proxy)
2901 err = pneigh_dump_table(tbl, skb, cb, &filter);
2902 else
2903 err = neigh_dump_table(tbl, skb, cb, &filter);
2904 if (err < 0)
2905 break;
2906 }
2907
2908 cb->args[0] = t;
2909 return skb->len;
2910}
2911
2912static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2913 struct neigh_table **tbl,
2914 void **dst, int *dev_idx, u8 *ndm_flags,
2915 struct netlink_ext_ack *extack)
2916{
2917 struct nlattr *tb[NDA_MAX + 1];
2918 struct ndmsg *ndm;
2919 int err, i;
2920
2921 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2922 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2923 return -EINVAL;
2924 }
2925
2926 ndm = nlmsg_data(nlh);
2927 if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2928 ndm->ndm_type) {
2929 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2930 return -EINVAL;
2931 }
2932
2933 if (ndm->ndm_flags & ~NTF_PROXY) {
2934 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2935 return -EINVAL;
2936 }
2937
2938 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2939 NDA_MAX, nda_policy, extack);
2940 if (err < 0)
2941 return err;
2942
2943 *ndm_flags = ndm->ndm_flags;
2944 *dev_idx = ndm->ndm_ifindex;
2945 *tbl = neigh_find_table(ndm->ndm_family);
2946 if (*tbl == NULL) {
2947 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2948 return -EAFNOSUPPORT;
2949 }
2950
2951 for (i = 0; i <= NDA_MAX; ++i) {
2952 if (!tb[i])
2953 continue;
2954
2955 switch (i) {
2956 case NDA_DST:
2957 if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2958 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2959 return -EINVAL;
2960 }
2961 *dst = nla_data(tb[i]);
2962 break;
2963 default:
2964 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2965 return -EINVAL;
2966 }
2967 }
2968
2969 return 0;
2970}
2971
2972static inline size_t neigh_nlmsg_size(void)
2973{
2974 return NLMSG_ALIGN(sizeof(struct ndmsg))
2975 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2976 + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2977 + nla_total_size(sizeof(struct nda_cacheinfo))
2978 + nla_total_size(4) /* NDA_PROBES */
2979 + nla_total_size(4) /* NDA_FLAGS_EXT */
2980 + nla_total_size(1); /* NDA_PROTOCOL */
2981}
2982
2983static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2984 u32 pid, u32 seq)
2985{
2986 struct sk_buff *skb;
2987 int err = 0;
2988
2989 skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2990 if (!skb)
2991 return -ENOBUFS;
2992
2993 err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2994 if (err) {
2995 kfree_skb(skb);
2996 goto errout;
2997 }
2998
2999 err = rtnl_unicast(skb, net, pid);
3000errout:
3001 return err;
3002}
3003
3004static inline size_t pneigh_nlmsg_size(void)
3005{
3006 return NLMSG_ALIGN(sizeof(struct ndmsg))
3007 + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
3008 + nla_total_size(4) /* NDA_FLAGS_EXT */
3009 + nla_total_size(1); /* NDA_PROTOCOL */
3010}
3011
3012static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
3013 u32 pid, u32 seq, struct neigh_table *tbl)
3014{
3015 struct sk_buff *skb;
3016 int err = 0;
3017
3018 skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
3019 if (!skb)
3020 return -ENOBUFS;
3021
3022 err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
3023 if (err) {
3024 kfree_skb(skb);
3025 goto errout;
3026 }
3027
3028 err = rtnl_unicast(skb, net, pid);
3029errout:
3030 return err;
3031}
3032
3033static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3034 struct netlink_ext_ack *extack)
3035{
3036 struct net *net = sock_net(in_skb->sk);
3037 struct net_device *dev = NULL;
3038 struct neigh_table *tbl = NULL;
3039 struct neighbour *neigh;
3040 void *dst = NULL;
3041 u8 ndm_flags = 0;
3042 int dev_idx = 0;
3043 int err;
3044
3045 err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
3046 extack);
3047 if (err < 0)
3048 return err;
3049
3050 if (dev_idx) {
3051 dev = __dev_get_by_index(net, dev_idx);
3052 if (!dev) {
3053 NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3054 return -ENODEV;
3055 }
3056 }
3057
3058 if (!dst) {
3059 NL_SET_ERR_MSG(extack, "Network address not specified");
3060 return -EINVAL;
3061 }
3062
3063 if (ndm_flags & NTF_PROXY) {
3064 struct pneigh_entry *pn;
3065
3066 pn = pneigh_lookup(tbl, net, dst, dev, 0);
3067 if (!pn) {
3068 NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3069 return -ENOENT;
3070 }
3071 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3072 nlh->nlmsg_seq, tbl);
3073 }
3074
3075 if (!dev) {
3076 NL_SET_ERR_MSG(extack, "No device specified");
3077 return -EINVAL;
3078 }
3079
3080 neigh = neigh_lookup(tbl, dst, dev);
3081 if (!neigh) {
3082 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3083 return -ENOENT;
3084 }
3085
3086 err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3087 nlh->nlmsg_seq);
3088
3089 neigh_release(neigh);
3090
3091 return err;
3092}
3093
3094void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3095{
3096 int chain;
3097 struct neigh_hash_table *nht;
3098
3099 rcu_read_lock_bh();
3100 nht = rcu_dereference_bh(tbl->nht);
3101
3102 read_lock(&tbl->lock); /* avoid resizes */
3103 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3104 struct neighbour *n;
3105
3106 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3107 n != NULL;
3108 n = rcu_dereference_bh(n->next))
3109 cb(n, cookie);
3110 }
3111 read_unlock(&tbl->lock);
3112 rcu_read_unlock_bh();
3113}
3114EXPORT_SYMBOL(neigh_for_each);
3115
3116/* The tbl->lock must be held as a writer and BH disabled. */
3117void __neigh_for_each_release(struct neigh_table *tbl,
3118 int (*cb)(struct neighbour *))
3119{
3120 int chain;
3121 struct neigh_hash_table *nht;
3122
3123 nht = rcu_dereference_protected(tbl->nht,
3124 lockdep_is_held(&tbl->lock));
3125 for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3126 struct neighbour *n;
3127 struct neighbour __rcu **np;
3128
3129 np = &nht->hash_buckets[chain];
3130 while ((n = rcu_dereference_protected(*np,
3131 lockdep_is_held(&tbl->lock))) != NULL) {
3132 int release;
3133
3134 write_lock(&n->lock);
3135 release = cb(n);
3136 if (release) {
3137 rcu_assign_pointer(*np,
3138 rcu_dereference_protected(n->next,
3139 lockdep_is_held(&tbl->lock)));
3140 neigh_mark_dead(n);
3141 } else
3142 np = &n->next;
3143 write_unlock(&n->lock);
3144 if (release)
3145 neigh_cleanup_and_release(n);
3146 }
3147 }
3148}
3149EXPORT_SYMBOL(__neigh_for_each_release);
3150
3151int neigh_xmit(int index, struct net_device *dev,
3152 const void *addr, struct sk_buff *skb)
3153{
3154 int err = -EAFNOSUPPORT;
3155 if (likely(index < NEIGH_NR_TABLES)) {
3156 struct neigh_table *tbl;
3157 struct neighbour *neigh;
3158
3159 tbl = neigh_tables[index];
3160 if (!tbl)
3161 goto out;
3162 rcu_read_lock_bh();
3163 if (index == NEIGH_ARP_TABLE) {
3164 u32 key = *((u32 *)addr);
3165
3166 neigh = __ipv4_neigh_lookup_noref(dev, key);
3167 } else {
3168 neigh = __neigh_lookup_noref(tbl, addr, dev);
3169 }
3170 if (!neigh)
3171 neigh = __neigh_create(tbl, addr, dev, false);
3172 err = PTR_ERR(neigh);
3173 if (IS_ERR(neigh)) {
3174 rcu_read_unlock_bh();
3175 goto out_kfree_skb;
3176 }
3177 err = neigh->output(neigh, skb);
3178 rcu_read_unlock_bh();
3179 }
3180 else if (index == NEIGH_LINK_TABLE) {
3181 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3182 addr, NULL, skb->len);
3183 if (err < 0)
3184 goto out_kfree_skb;
3185 err = dev_queue_xmit(skb);
3186 }
3187out:
3188 return err;
3189out_kfree_skb:
3190 kfree_skb(skb);
3191 goto out;
3192}
3193EXPORT_SYMBOL(neigh_xmit);
3194
3195#ifdef CONFIG_PROC_FS
3196
3197static struct neighbour *neigh_get_first(struct seq_file *seq)
3198{
3199 struct neigh_seq_state *state = seq->private;
3200 struct net *net = seq_file_net(seq);
3201 struct neigh_hash_table *nht = state->nht;
3202 struct neighbour *n = NULL;
3203 int bucket;
3204
3205 state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3206 for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3207 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3208
3209 while (n) {
3210 if (!net_eq(dev_net(n->dev), net))
3211 goto next;
3212 if (state->neigh_sub_iter) {
3213 loff_t fakep = 0;
3214 void *v;
3215
3216 v = state->neigh_sub_iter(state, n, &fakep);
3217 if (!v)
3218 goto next;
3219 }
3220 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3221 break;
3222 if (n->nud_state & ~NUD_NOARP)
3223 break;
3224next:
3225 n = rcu_dereference_bh(n->next);
3226 }
3227
3228 if (n)
3229 break;
3230 }
3231 state->bucket = bucket;
3232
3233 return n;
3234}
3235
3236static struct neighbour *neigh_get_next(struct seq_file *seq,
3237 struct neighbour *n,
3238 loff_t *pos)
3239{
3240 struct neigh_seq_state *state = seq->private;
3241 struct net *net = seq_file_net(seq);
3242 struct neigh_hash_table *nht = state->nht;
3243
3244 if (state->neigh_sub_iter) {
3245 void *v = state->neigh_sub_iter(state, n, pos);
3246 if (v)
3247 return n;
3248 }
3249 n = rcu_dereference_bh(n->next);
3250
3251 while (1) {
3252 while (n) {
3253 if (!net_eq(dev_net(n->dev), net))
3254 goto next;
3255 if (state->neigh_sub_iter) {
3256 void *v = state->neigh_sub_iter(state, n, pos);
3257 if (v)
3258 return n;
3259 goto next;
3260 }
3261 if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3262 break;
3263
3264 if (n->nud_state & ~NUD_NOARP)
3265 break;
3266next:
3267 n = rcu_dereference_bh(n->next);
3268 }
3269
3270 if (n)
3271 break;
3272
3273 if (++state->bucket >= (1 << nht->hash_shift))
3274 break;
3275
3276 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3277 }
3278
3279 if (n && pos)
3280 --(*pos);
3281 return n;
3282}
3283
3284static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3285{
3286 struct neighbour *n = neigh_get_first(seq);
3287
3288 if (n) {
3289 --(*pos);
3290 while (*pos) {
3291 n = neigh_get_next(seq, n, pos);
3292 if (!n)
3293 break;
3294 }
3295 }
3296 return *pos ? NULL : n;
3297}
3298
3299static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3300{
3301 struct neigh_seq_state *state = seq->private;
3302 struct net *net = seq_file_net(seq);
3303 struct neigh_table *tbl = state->tbl;
3304 struct pneigh_entry *pn = NULL;
3305 int bucket;
3306
3307 state->flags |= NEIGH_SEQ_IS_PNEIGH;
3308 for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3309 pn = tbl->phash_buckets[bucket];
3310 while (pn && !net_eq(pneigh_net(pn), net))
3311 pn = pn->next;
3312 if (pn)
3313 break;
3314 }
3315 state->bucket = bucket;
3316
3317 return pn;
3318}
3319
3320static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3321 struct pneigh_entry *pn,
3322 loff_t *pos)
3323{
3324 struct neigh_seq_state *state = seq->private;
3325 struct net *net = seq_file_net(seq);
3326 struct neigh_table *tbl = state->tbl;
3327
3328 do {
3329 pn = pn->next;
3330 } while (pn && !net_eq(pneigh_net(pn), net));
3331
3332 while (!pn) {
3333 if (++state->bucket > PNEIGH_HASHMASK)
3334 break;
3335 pn = tbl->phash_buckets[state->bucket];
3336 while (pn && !net_eq(pneigh_net(pn), net))
3337 pn = pn->next;
3338 if (pn)
3339 break;
3340 }
3341
3342 if (pn && pos)
3343 --(*pos);
3344
3345 return pn;
3346}
3347
3348static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3349{
3350 struct pneigh_entry *pn = pneigh_get_first(seq);
3351
3352 if (pn) {
3353 --(*pos);
3354 while (*pos) {
3355 pn = pneigh_get_next(seq, pn, pos);
3356 if (!pn)
3357 break;
3358 }
3359 }
3360 return *pos ? NULL : pn;
3361}
3362
3363static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3364{
3365 struct neigh_seq_state *state = seq->private;
3366 void *rc;
3367 loff_t idxpos = *pos;
3368
3369 rc = neigh_get_idx(seq, &idxpos);
3370 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3371 rc = pneigh_get_idx(seq, &idxpos);
3372
3373 return rc;
3374}
3375
3376void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3377 __acquires(tbl->lock)
3378 __acquires(rcu_bh)
3379{
3380 struct neigh_seq_state *state = seq->private;
3381
3382 state->tbl = tbl;
3383 state->bucket = 0;
3384 state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3385
3386 rcu_read_lock_bh();
3387 state->nht = rcu_dereference_bh(tbl->nht);
3388 read_lock(&tbl->lock);
3389
3390 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3391}
3392EXPORT_SYMBOL(neigh_seq_start);
3393
3394void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3395{
3396 struct neigh_seq_state *state;
3397 void *rc;
3398
3399 if (v == SEQ_START_TOKEN) {
3400 rc = neigh_get_first(seq);
3401 goto out;
3402 }
3403
3404 state = seq->private;
3405 if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3406 rc = neigh_get_next(seq, v, NULL);
3407 if (rc)
3408 goto out;
3409 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3410 rc = pneigh_get_first(seq);
3411 } else {
3412 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3413 rc = pneigh_get_next(seq, v, NULL);
3414 }
3415out:
3416 ++(*pos);
3417 return rc;
3418}
3419EXPORT_SYMBOL(neigh_seq_next);
3420
3421void neigh_seq_stop(struct seq_file *seq, void *v)
3422 __releases(tbl->lock)
3423 __releases(rcu_bh)
3424{
3425 struct neigh_seq_state *state = seq->private;
3426 struct neigh_table *tbl = state->tbl;
3427
3428 read_unlock(&tbl->lock);
3429 rcu_read_unlock_bh();
3430}
3431EXPORT_SYMBOL(neigh_seq_stop);
3432
3433/* statistics via seq_file */
3434
3435static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3436{
3437 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3438 int cpu;
3439
3440 if (*pos == 0)
3441 return SEQ_START_TOKEN;
3442
3443 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3444 if (!cpu_possible(cpu))
3445 continue;
3446 *pos = cpu+1;
3447 return per_cpu_ptr(tbl->stats, cpu);
3448 }
3449 return NULL;
3450}
3451
3452static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3453{
3454 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3455 int cpu;
3456
3457 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3458 if (!cpu_possible(cpu))
3459 continue;
3460 *pos = cpu+1;
3461 return per_cpu_ptr(tbl->stats, cpu);
3462 }
3463 (*pos)++;
3464 return NULL;
3465}
3466
3467static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3468{
3469
3470}
3471
3472static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3473{
3474 struct neigh_table *tbl = pde_data(file_inode(seq->file));
3475 struct neigh_statistics *st = v;
3476
3477 if (v == SEQ_START_TOKEN) {
3478 seq_puts(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3479 return 0;
3480 }
3481
3482 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3483 "%08lx %08lx %08lx "
3484 "%08lx %08lx %08lx\n",
3485 atomic_read(&tbl->entries),
3486
3487 st->allocs,
3488 st->destroys,
3489 st->hash_grows,
3490
3491 st->lookups,
3492 st->hits,
3493
3494 st->res_failed,
3495
3496 st->rcv_probes_mcast,
3497 st->rcv_probes_ucast,
3498
3499 st->periodic_gc_runs,
3500 st->forced_gc_runs,
3501 st->unres_discards,
3502 st->table_fulls
3503 );
3504
3505 return 0;
3506}
3507
3508static const struct seq_operations neigh_stat_seq_ops = {
3509 .start = neigh_stat_seq_start,
3510 .next = neigh_stat_seq_next,
3511 .stop = neigh_stat_seq_stop,
3512 .show = neigh_stat_seq_show,
3513};
3514#endif /* CONFIG_PROC_FS */
3515
3516static void __neigh_notify(struct neighbour *n, int type, int flags,
3517 u32 pid)
3518{
3519 struct net *net = dev_net(n->dev);
3520 struct sk_buff *skb;
3521 int err = -ENOBUFS;
3522
3523 skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3524 if (skb == NULL)
3525 goto errout;
3526
3527 err = neigh_fill_info(skb, n, pid, 0, type, flags);
3528 if (err < 0) {
3529 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3530 WARN_ON(err == -EMSGSIZE);
3531 kfree_skb(skb);
3532 goto errout;
3533 }
3534 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3535 return;
3536errout:
3537 if (err < 0)
3538 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3539}
3540
3541void neigh_app_ns(struct neighbour *n)
3542{
3543 __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3544}
3545EXPORT_SYMBOL(neigh_app_ns);
3546
3547#ifdef CONFIG_SYSCTL
3548static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3549
3550static int proc_unres_qlen(struct ctl_table *ctl, int write,
3551 void *buffer, size_t *lenp, loff_t *ppos)
3552{
3553 int size, ret;
3554 struct ctl_table tmp = *ctl;
3555
3556 tmp.extra1 = SYSCTL_ZERO;
3557 tmp.extra2 = &unres_qlen_max;
3558 tmp.data = &size;
3559
3560 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3561 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3562
3563 if (write && !ret)
3564 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3565 return ret;
3566}
3567
3568static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3569 int index)
3570{
3571 struct net_device *dev;
3572 int family = neigh_parms_family(p);
3573
3574 rcu_read_lock();
3575 for_each_netdev_rcu(net, dev) {
3576 struct neigh_parms *dst_p =
3577 neigh_get_dev_parms_rcu(dev, family);
3578
3579 if (dst_p && !test_bit(index, dst_p->data_state))
3580 dst_p->data[index] = p->data[index];
3581 }
3582 rcu_read_unlock();
3583}
3584
3585static void neigh_proc_update(struct ctl_table *ctl, int write)
3586{
3587 struct net_device *dev = ctl->extra1;
3588 struct neigh_parms *p = ctl->extra2;
3589 struct net *net = neigh_parms_net(p);
3590 int index = (int *) ctl->data - p->data;
3591
3592 if (!write)
3593 return;
3594
3595 set_bit(index, p->data_state);
3596 if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3597 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3598 if (!dev) /* NULL dev means this is default value */
3599 neigh_copy_dflt_parms(net, p, index);
3600}
3601
3602static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3603 void *buffer, size_t *lenp,
3604 loff_t *ppos)
3605{
3606 struct ctl_table tmp = *ctl;
3607 int ret;
3608
3609 tmp.extra1 = SYSCTL_ZERO;
3610 tmp.extra2 = SYSCTL_INT_MAX;
3611
3612 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3613 neigh_proc_update(ctl, write);
3614 return ret;
3615}
3616
3617static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write,
3618 void *buffer, size_t *lenp, loff_t *ppos)
3619{
3620 struct ctl_table tmp = *ctl;
3621 int ret;
3622
3623 int min = msecs_to_jiffies(1);
3624
3625 tmp.extra1 = &min;
3626 tmp.extra2 = NULL;
3627
3628 ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos);
3629 neigh_proc_update(ctl, write);
3630 return ret;
3631}
3632
3633int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3634 size_t *lenp, loff_t *ppos)
3635{
3636 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3637
3638 neigh_proc_update(ctl, write);
3639 return ret;
3640}
3641EXPORT_SYMBOL(neigh_proc_dointvec);
3642
3643int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3644 size_t *lenp, loff_t *ppos)
3645{
3646 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3647
3648 neigh_proc_update(ctl, write);
3649 return ret;
3650}
3651EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3652
3653static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3654 void *buffer, size_t *lenp,
3655 loff_t *ppos)
3656{
3657 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3658
3659 neigh_proc_update(ctl, write);
3660 return ret;
3661}
3662
3663int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3664 void *buffer, size_t *lenp, loff_t *ppos)
3665{
3666 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3667
3668 neigh_proc_update(ctl, write);
3669 return ret;
3670}
3671EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3672
3673static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3674 void *buffer, size_t *lenp,
3675 loff_t *ppos)
3676{
3677 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3678
3679 neigh_proc_update(ctl, write);
3680 return ret;
3681}
3682
3683static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3684 void *buffer, size_t *lenp,
3685 loff_t *ppos)
3686{
3687 struct neigh_parms *p = ctl->extra2;
3688 int ret;
3689
3690 if (strcmp(ctl->procname, "base_reachable_time") == 0)
3691 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3692 else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3693 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3694 else
3695 ret = -1;
3696
3697 if (write && ret == 0) {
3698 /* update reachable_time as well, otherwise, the change will
3699 * only be effective after the next time neigh_periodic_work
3700 * decides to recompute it
3701 */
3702 p->reachable_time =
3703 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3704 }
3705 return ret;
3706}
3707
3708#define NEIGH_PARMS_DATA_OFFSET(index) \
3709 (&((struct neigh_parms *) 0)->data[index])
3710
3711#define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3712 [NEIGH_VAR_ ## attr] = { \
3713 .procname = name, \
3714 .data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3715 .maxlen = sizeof(int), \
3716 .mode = mval, \
3717 .proc_handler = proc, \
3718 }
3719
3720#define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3721 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3722
3723#define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3724 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3725
3726#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3727 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3728
3729#define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3730 NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3731
3732#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3733 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3734
3735#define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3736 NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3737
3738static struct neigh_sysctl_table {
3739 struct ctl_table_header *sysctl_header;
3740 struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3741} neigh_sysctl_template __read_mostly = {
3742 .neigh_vars = {
3743 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3744 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3745 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3746 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3747 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3748 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3749 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3750 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3751 "interval_probe_time_ms"),
3752 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3753 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3754 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3755 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3756 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3757 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3758 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3759 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3760 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3761 [NEIGH_VAR_GC_INTERVAL] = {
3762 .procname = "gc_interval",
3763 .maxlen = sizeof(int),
3764 .mode = 0644,
3765 .proc_handler = proc_dointvec_jiffies,
3766 },
3767 [NEIGH_VAR_GC_THRESH1] = {
3768 .procname = "gc_thresh1",
3769 .maxlen = sizeof(int),
3770 .mode = 0644,
3771 .extra1 = SYSCTL_ZERO,
3772 .extra2 = SYSCTL_INT_MAX,
3773 .proc_handler = proc_dointvec_minmax,
3774 },
3775 [NEIGH_VAR_GC_THRESH2] = {
3776 .procname = "gc_thresh2",
3777 .maxlen = sizeof(int),
3778 .mode = 0644,
3779 .extra1 = SYSCTL_ZERO,
3780 .extra2 = SYSCTL_INT_MAX,
3781 .proc_handler = proc_dointvec_minmax,
3782 },
3783 [NEIGH_VAR_GC_THRESH3] = {
3784 .procname = "gc_thresh3",
3785 .maxlen = sizeof(int),
3786 .mode = 0644,
3787 .extra1 = SYSCTL_ZERO,
3788 .extra2 = SYSCTL_INT_MAX,
3789 .proc_handler = proc_dointvec_minmax,
3790 },
3791 {},
3792 },
3793};
3794
3795int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3796 proc_handler *handler)
3797{
3798 int i;
3799 struct neigh_sysctl_table *t;
3800 const char *dev_name_source;
3801 char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3802 char *p_name;
3803
3804 t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3805 if (!t)
3806 goto err;
3807
3808 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3809 t->neigh_vars[i].data += (long) p;
3810 t->neigh_vars[i].extra1 = dev;
3811 t->neigh_vars[i].extra2 = p;
3812 }
3813
3814 if (dev) {
3815 dev_name_source = dev->name;
3816 /* Terminate the table early */
3817 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3818 sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3819 } else {
3820 struct neigh_table *tbl = p->tbl;
3821 dev_name_source = "default";
3822 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3823 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3824 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3825 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3826 }
3827
3828 if (handler) {
3829 /* RetransTime */
3830 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3831 /* ReachableTime */
3832 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3833 /* RetransTime (in milliseconds)*/
3834 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3835 /* ReachableTime (in milliseconds) */
3836 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3837 } else {
3838 /* Those handlers will update p->reachable_time after
3839 * base_reachable_time(_ms) is set to ensure the new timer starts being
3840 * applied after the next neighbour update instead of waiting for
3841 * neigh_periodic_work to update its value (can be multiple minutes)
3842 * So any handler that replaces them should do this as well
3843 */
3844 /* ReachableTime */
3845 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3846 neigh_proc_base_reachable_time;
3847 /* ReachableTime (in milliseconds) */
3848 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3849 neigh_proc_base_reachable_time;
3850 }
3851
3852 switch (neigh_parms_family(p)) {
3853 case AF_INET:
3854 p_name = "ipv4";
3855 break;
3856 case AF_INET6:
3857 p_name = "ipv6";
3858 break;
3859 default:
3860 BUG();
3861 }
3862
3863 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3864 p_name, dev_name_source);
3865 t->sysctl_header =
3866 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3867 if (!t->sysctl_header)
3868 goto free;
3869
3870 p->sysctl_table = t;
3871 return 0;
3872
3873free:
3874 kfree(t);
3875err:
3876 return -ENOBUFS;
3877}
3878EXPORT_SYMBOL(neigh_sysctl_register);
3879
3880void neigh_sysctl_unregister(struct neigh_parms *p)
3881{
3882 if (p->sysctl_table) {
3883 struct neigh_sysctl_table *t = p->sysctl_table;
3884 p->sysctl_table = NULL;
3885 unregister_net_sysctl_table(t->sysctl_header);
3886 kfree(t);
3887 }
3888}
3889EXPORT_SYMBOL(neigh_sysctl_unregister);
3890
3891#endif /* CONFIG_SYSCTL */
3892
3893static int __init neigh_init(void)
3894{
3895 rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3896 rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3897 rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3898
3899 rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3900 0);
3901 rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3902
3903 return 0;
3904}
3905
3906subsys_initcall(neigh_init);