projects / linux-2.6-microblaze.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge tag 'io_uring-5.17-2022-02-11' of git://git.kernel.dk/linux-block
[linux-2.6-microblaze.git] / net / core / neighbour.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *      Generic address resolution entity
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Alexey Kuznetsov        <kuznet@ms2.inr.ac.ru>
8  *
9  *      Fixes:
10  *      Vitaly E. Lavrov        releasing NULL neighbor in neigh_add.
11  *      Harald Welte            Add neighbour cache statistics like rtstat
12  */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define NEIGH_DEBUG 1
45 #define neigh_dbg(level, fmt, ...)              \
46 do {                                            \
47         if (level <= NEIGH_DEBUG)               \
48                 pr_debug(fmt, ##__VA_ARGS__);   \
49 } while (0)
50
51 #define PNEIGH_HASHMASK         0xF
52
53 static void neigh_timer_handler(struct timer_list *t);
54 static void __neigh_notify(struct neighbour *n, int type, int flags,
55                            u32 pid);
56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58                                     struct net_device *dev);
59
60 #ifdef CONFIG_PROC_FS
61 static const struct seq_operations neigh_stat_seq_ops;
62 #endif
63
64 /*
65    Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67    - All the scans/updates to hash buckets MUST be made under this lock.
68    - NOTHING clever should be made under this lock: no callbacks
69      to protocol backends, no attempts to send something to network.
70      It will result in deadlocks, if backend/driver wants to use neighbour
71      cache.
72    - If the entry requires some non-trivial actions, increase
73      its reference count and release table lock.
74
75    Neighbour entries are protected:
76    - with reference count.
77    - with rwlock neigh->lock
78
79    Reference count prevents destruction.
80
81    neigh->lock mainly serializes ll address data and its validity state.
82    However, the same lock is used to protect another entry fields:
83     - timer
84     - resolution queue
85
86    Again, nothing clever shall be made under neigh->lock,
87    the most complicated procedure, which we allow is dev->hard_header.
88    It is supposed, that dev->hard_header is simplistic and does
89    not make callbacks to neighbour tables.
90  */
91
92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 {
94         kfree_skb(skb);
95         return -ENETDOWN;
96 }
97
98 static void neigh_cleanup_and_release(struct neighbour *neigh)
99 {
100         trace_neigh_cleanup_and_release(neigh, 0);
101         __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103         neigh_release(neigh);
104 }
105
106 /*
107  * It is random distribution in the interval (1/2)*base...(3/2)*base.
108  * It corresponds to default IPv6 settings and is not overridable,
109  * because it is really reasonable choice.
110  */
111
112 unsigned long neigh_rand_reach_time(unsigned long base)
113 {
114         return base ? (prandom_u32() % base) + (base >> 1) : 0;
115 }
116 EXPORT_SYMBOL(neigh_rand_reach_time);
117
118 static void neigh_mark_dead(struct neighbour *n)
119 {
120         n->dead = 1;
121         if (!list_empty(&n->gc_list)) {
122                 list_del_init(&n->gc_list);
123                 atomic_dec(&n->tbl->gc_entries);
124         }
125         if (!list_empty(&n->managed_list))
126                 list_del_init(&n->managed_list);
127 }
128
129 static void neigh_update_gc_list(struct neighbour *n)
130 {
131         bool on_gc_list, exempt_from_gc;
132
133         write_lock_bh(&n->tbl->lock);
134         write_lock(&n->lock);
135         if (n->dead)
136                 goto out;
137
138         /* remove from the gc list if new state is permanent or if neighbor
139          * is externally learned; otherwise entry should be on the gc list
140          */
141         exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142                          n->flags & NTF_EXT_LEARNED;
143         on_gc_list = !list_empty(&n->gc_list);
144
145         if (exempt_from_gc && on_gc_list) {
146                 list_del_init(&n->gc_list);
147                 atomic_dec(&n->tbl->gc_entries);
148         } else if (!exempt_from_gc && !on_gc_list) {
149                 /* add entries to the tail; cleaning removes from the front */
150                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151                 atomic_inc(&n->tbl->gc_entries);
152         }
153 out:
154         write_unlock(&n->lock);
155         write_unlock_bh(&n->tbl->lock);
156 }
157
158 static void neigh_update_managed_list(struct neighbour *n)
159 {
160         bool on_managed_list, add_to_managed;
161
162         write_lock_bh(&n->tbl->lock);
163         write_lock(&n->lock);
164         if (n->dead)
165                 goto out;
166
167         add_to_managed = n->flags & NTF_MANAGED;
168         on_managed_list = !list_empty(&n->managed_list);
169
170         if (!add_to_managed && on_managed_list)
171                 list_del_init(&n->managed_list);
172         else if (add_to_managed && !on_managed_list)
173                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
174 out:
175         write_unlock(&n->lock);
176         write_unlock_bh(&n->tbl->lock);
177 }
178
179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180                                bool *gc_update, bool *managed_update)
181 {
182         u32 ndm_flags, old_flags = neigh->flags;
183
184         if (!(flags & NEIGH_UPDATE_F_ADMIN))
185                 return;
186
187         ndm_flags  = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188         ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189
190         if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191                 if (ndm_flags & NTF_EXT_LEARNED)
192                         neigh->flags |= NTF_EXT_LEARNED;
193                 else
194                         neigh->flags &= ~NTF_EXT_LEARNED;
195                 *notify = 1;
196                 *gc_update = true;
197         }
198         if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199                 if (ndm_flags & NTF_MANAGED)
200                         neigh->flags |= NTF_MANAGED;
201                 else
202                         neigh->flags &= ~NTF_MANAGED;
203                 *notify = 1;
204                 *managed_update = true;
205         }
206 }
207
208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209                       struct neigh_table *tbl)
210 {
211         bool retval = false;
212
213         write_lock(&n->lock);
214         if (refcount_read(&n->refcnt) == 1) {
215                 struct neighbour *neigh;
216
217                 neigh = rcu_dereference_protected(n->next,
218                                                   lockdep_is_held(&tbl->lock));
219                 rcu_assign_pointer(*np, neigh);
220                 neigh_mark_dead(n);
221                 retval = true;
222         }
223         write_unlock(&n->lock);
224         if (retval)
225                 neigh_cleanup_and_release(n);
226         return retval;
227 }
228
229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230 {
231         struct neigh_hash_table *nht;
232         void *pkey = ndel->primary_key;
233         u32 hash_val;
234         struct neighbour *n;
235         struct neighbour __rcu **np;
236
237         nht = rcu_dereference_protected(tbl->nht,
238                                         lockdep_is_held(&tbl->lock));
239         hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240         hash_val = hash_val >> (32 - nht->hash_shift);
241
242         np = &nht->hash_buckets[hash_val];
243         while ((n = rcu_dereference_protected(*np,
244                                               lockdep_is_held(&tbl->lock)))) {
245                 if (n == ndel)
246                         return neigh_del(n, np, tbl);
247                 np = &n->next;
248         }
249         return false;
250 }
251
252 static int neigh_forced_gc(struct neigh_table *tbl)
253 {
254         int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
255         unsigned long tref = jiffies - 5 * HZ;
256         struct neighbour *n, *tmp;
257         int shrunk = 0;
258
259         NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
260
261         write_lock_bh(&tbl->lock);
262
263         list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
264                 if (refcount_read(&n->refcnt) == 1) {
265                         bool remove = false;
266
267                         write_lock(&n->lock);
268                         if ((n->nud_state == NUD_FAILED) ||
269                             (n->nud_state == NUD_NOARP) ||
270                             (tbl->is_multicast &&
271                              tbl->is_multicast(n->primary_key)) ||
272                             time_after(tref, n->updated))
273                                 remove = true;
274                         write_unlock(&n->lock);
275
276                         if (remove && neigh_remove_one(n, tbl))
277                                 shrunk++;
278                         if (shrunk >= max_clean)
279                                 break;
280                 }
281         }
282
283         tbl->last_flush = jiffies;
284
285         write_unlock_bh(&tbl->lock);
286
287         return shrunk;
288 }
289
290 static void neigh_add_timer(struct neighbour *n, unsigned long when)
291 {
292         neigh_hold(n);
293         if (unlikely(mod_timer(&n->timer, when))) {
294                 printk("NEIGH: BUG, double timer add, state is %x\n",
295                        n->nud_state);
296                 dump_stack();
297         }
298 }
299
300 static int neigh_del_timer(struct neighbour *n)
301 {
302         if ((n->nud_state & NUD_IN_TIMER) &&
303             del_timer(&n->timer)) {
304                 neigh_release(n);
305                 return 1;
306         }
307         return 0;
308 }
309
310 static void pneigh_queue_purge(struct sk_buff_head *list)
311 {
312         struct sk_buff *skb;
313
314         while ((skb = skb_dequeue(list)) != NULL) {
315                 dev_put(skb->dev);
316                 kfree_skb(skb);
317         }
318 }
319
320 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
321                             bool skip_perm)
322 {
323         int i;
324         struct neigh_hash_table *nht;
325
326         nht = rcu_dereference_protected(tbl->nht,
327                                         lockdep_is_held(&tbl->lock));
328
329         for (i = 0; i < (1 << nht->hash_shift); i++) {
330                 struct neighbour *n;
331                 struct neighbour __rcu **np = &nht->hash_buckets[i];
332
333                 while ((n = rcu_dereference_protected(*np,
334                                         lockdep_is_held(&tbl->lock))) != NULL) {
335                         if (dev && n->dev != dev) {
336                                 np = &n->next;
337                                 continue;
338                         }
339                         if (skip_perm && n->nud_state & NUD_PERMANENT) {
340                                 np = &n->next;
341                                 continue;
342                         }
343                         rcu_assign_pointer(*np,
344                                    rcu_dereference_protected(n->next,
345                                                 lockdep_is_held(&tbl->lock)));
346                         write_lock(&n->lock);
347                         neigh_del_timer(n);
348                         neigh_mark_dead(n);
349                         if (refcount_read(&n->refcnt) != 1) {
350                                 /* The most unpleasant situation.
351                                    We must destroy neighbour entry,
352                                    but someone still uses it.
353
354                                    The destroy will be delayed until
355                                    the last user releases us, but
356                                    we must kill timers etc. and move
357                                    it to safe state.
358                                  */
359                                 __skb_queue_purge(&n->arp_queue);
360                                 n->arp_queue_len_bytes = 0;
361                                 n->output = neigh_blackhole;
362                                 if (n->nud_state & NUD_VALID)
363                                         n->nud_state = NUD_NOARP;
364                                 else
365                                         n->nud_state = NUD_NONE;
366                                 neigh_dbg(2, "neigh %p is stray\n", n);
367                         }
368                         write_unlock(&n->lock);
369                         neigh_cleanup_and_release(n);
370                 }
371         }
372 }
373
374 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
375 {
376         write_lock_bh(&tbl->lock);
377         neigh_flush_dev(tbl, dev, false);
378         write_unlock_bh(&tbl->lock);
379 }
380 EXPORT_SYMBOL(neigh_changeaddr);
381
382 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
383                           bool skip_perm)
384 {
385         write_lock_bh(&tbl->lock);
386         neigh_flush_dev(tbl, dev, skip_perm);
387         pneigh_ifdown_and_unlock(tbl, dev);
388
389         del_timer_sync(&tbl->proxy_timer);
390         pneigh_queue_purge(&tbl->proxy_queue);
391         return 0;
392 }
393
394 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
395 {
396         __neigh_ifdown(tbl, dev, true);
397         return 0;
398 }
399 EXPORT_SYMBOL(neigh_carrier_down);
400
401 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
402 {
403         __neigh_ifdown(tbl, dev, false);
404         return 0;
405 }
406 EXPORT_SYMBOL(neigh_ifdown);
407
408 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
409                                      struct net_device *dev,
410                                      u32 flags, bool exempt_from_gc)
411 {
412         struct neighbour *n = NULL;
413         unsigned long now = jiffies;
414         int entries;
415
416         if (exempt_from_gc)
417                 goto do_alloc;
418
419         entries = atomic_inc_return(&tbl->gc_entries) - 1;
420         if (entries >= tbl->gc_thresh3 ||
421             (entries >= tbl->gc_thresh2 &&
422              time_after(now, tbl->last_flush + 5 * HZ))) {
423                 if (!neigh_forced_gc(tbl) &&
424                     entries >= tbl->gc_thresh3) {
425                         net_info_ratelimited("%s: neighbor table overflow!\n",
426                                              tbl->id);
427                         NEIGH_CACHE_STAT_INC(tbl, table_fulls);
428                         goto out_entries;
429                 }
430         }
431
432 do_alloc:
433         n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
434         if (!n)
435                 goto out_entries;
436
437         __skb_queue_head_init(&n->arp_queue);
438         rwlock_init(&n->lock);
439         seqlock_init(&n->ha_lock);
440         n->updated        = n->used = now;
441         n->nud_state      = NUD_NONE;
442         n->output         = neigh_blackhole;
443         n->flags          = flags;
444         seqlock_init(&n->hh.hh_lock);
445         n->parms          = neigh_parms_clone(&tbl->parms);
446         timer_setup(&n->timer, neigh_timer_handler, 0);
447
448         NEIGH_CACHE_STAT_INC(tbl, allocs);
449         n->tbl            = tbl;
450         refcount_set(&n->refcnt, 1);
451         n->dead           = 1;
452         INIT_LIST_HEAD(&n->gc_list);
453         INIT_LIST_HEAD(&n->managed_list);
454
455         atomic_inc(&tbl->entries);
456 out:
457         return n;
458
459 out_entries:
460         if (!exempt_from_gc)
461                 atomic_dec(&tbl->gc_entries);
462         goto out;
463 }
464
465 static void neigh_get_hash_rnd(u32 *x)
466 {
467         *x = get_random_u32() | 1;
468 }
469
470 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
471 {
472         size_t size = (1 << shift) * sizeof(struct neighbour *);
473         struct neigh_hash_table *ret;
474         struct neighbour __rcu **buckets;
475         int i;
476
477         ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
478         if (!ret)
479                 return NULL;
480         if (size <= PAGE_SIZE) {
481                 buckets = kzalloc(size, GFP_ATOMIC);
482         } else {
483                 buckets = (struct neighbour __rcu **)
484                           __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
485                                            get_order(size));
486                 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
487         }
488         if (!buckets) {
489                 kfree(ret);
490                 return NULL;
491         }
492         ret->hash_buckets = buckets;
493         ret->hash_shift = shift;
494         for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
495                 neigh_get_hash_rnd(&ret->hash_rnd[i]);
496         return ret;
497 }
498
499 static void neigh_hash_free_rcu(struct rcu_head *head)
500 {
501         struct neigh_hash_table *nht = container_of(head,
502                                                     struct neigh_hash_table,
503                                                     rcu);
504         size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
505         struct neighbour __rcu **buckets = nht->hash_buckets;
506
507         if (size <= PAGE_SIZE) {
508                 kfree(buckets);
509         } else {
510                 kmemleak_free(buckets);
511                 free_pages((unsigned long)buckets, get_order(size));
512         }
513         kfree(nht);
514 }
515
516 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
517                                                 unsigned long new_shift)
518 {
519         unsigned int i, hash;
520         struct neigh_hash_table *new_nht, *old_nht;
521
522         NEIGH_CACHE_STAT_INC(tbl, hash_grows);
523
524         old_nht = rcu_dereference_protected(tbl->nht,
525                                             lockdep_is_held(&tbl->lock));
526         new_nht = neigh_hash_alloc(new_shift);
527         if (!new_nht)
528                 return old_nht;
529
530         for (i = 0; i < (1 << old_nht->hash_shift); i++) {
531                 struct neighbour *n, *next;
532
533                 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
534                                                    lockdep_is_held(&tbl->lock));
535                      n != NULL;
536                      n = next) {
537                         hash = tbl->hash(n->primary_key, n->dev,
538                                          new_nht->hash_rnd);
539
540                         hash >>= (32 - new_nht->hash_shift);
541                         next = rcu_dereference_protected(n->next,
542                                                 lockdep_is_held(&tbl->lock));
543
544                         rcu_assign_pointer(n->next,
545                                            rcu_dereference_protected(
546                                                 new_nht->hash_buckets[hash],
547                                                 lockdep_is_held(&tbl->lock)));
548                         rcu_assign_pointer(new_nht->hash_buckets[hash], n);
549                 }
550         }
551
552         rcu_assign_pointer(tbl->nht, new_nht);
553         call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
554         return new_nht;
555 }
556
557 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
558                                struct net_device *dev)
559 {
560         struct neighbour *n;
561
562         NEIGH_CACHE_STAT_INC(tbl, lookups);
563
564         rcu_read_lock_bh();
565         n = __neigh_lookup_noref(tbl, pkey, dev);
566         if (n) {
567                 if (!refcount_inc_not_zero(&n->refcnt))
568                         n = NULL;
569                 NEIGH_CACHE_STAT_INC(tbl, hits);
570         }
571
572         rcu_read_unlock_bh();
573         return n;
574 }
575 EXPORT_SYMBOL(neigh_lookup);
576
577 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
578                                      const void *pkey)
579 {
580         struct neighbour *n;
581         unsigned int key_len = tbl->key_len;
582         u32 hash_val;
583         struct neigh_hash_table *nht;
584
585         NEIGH_CACHE_STAT_INC(tbl, lookups);
586
587         rcu_read_lock_bh();
588         nht = rcu_dereference_bh(tbl->nht);
589         hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
590
591         for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
592              n != NULL;
593              n = rcu_dereference_bh(n->next)) {
594                 if (!memcmp(n->primary_key, pkey, key_len) &&
595                     net_eq(dev_net(n->dev), net)) {
596                         if (!refcount_inc_not_zero(&n->refcnt))
597                                 n = NULL;
598                         NEIGH_CACHE_STAT_INC(tbl, hits);
599                         break;
600                 }
601         }
602
603         rcu_read_unlock_bh();
604         return n;
605 }
606 EXPORT_SYMBOL(neigh_lookup_nodev);
607
608 static struct neighbour *
609 ___neigh_create(struct neigh_table *tbl, const void *pkey,
610                 struct net_device *dev, u32 flags,
611                 bool exempt_from_gc, bool want_ref)
612 {
613         u32 hash_val, key_len = tbl->key_len;
614         struct neighbour *n1, *rc, *n;
615         struct neigh_hash_table *nht;
616         int error;
617
618         n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
619         trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
620         if (!n) {
621                 rc = ERR_PTR(-ENOBUFS);
622                 goto out;
623         }
624
625         memcpy(n->primary_key, pkey, key_len);
626         n->dev = dev;
627         dev_hold_track(dev, &n->dev_tracker, GFP_ATOMIC);
628
629         /* Protocol specific setup. */
630         if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
631                 rc = ERR_PTR(error);
632                 goto out_neigh_release;
633         }
634
635         if (dev->netdev_ops->ndo_neigh_construct) {
636                 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
637                 if (error < 0) {
638                         rc = ERR_PTR(error);
639                         goto out_neigh_release;
640                 }
641         }
642
643         /* Device specific setup. */
644         if (n->parms->neigh_setup &&
645             (error = n->parms->neigh_setup(n)) < 0) {
646                 rc = ERR_PTR(error);
647                 goto out_neigh_release;
648         }
649
650         n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
651
652         write_lock_bh(&tbl->lock);
653         nht = rcu_dereference_protected(tbl->nht,
654                                         lockdep_is_held(&tbl->lock));
655
656         if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
657                 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
658
659         hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
660
661         if (n->parms->dead) {
662                 rc = ERR_PTR(-EINVAL);
663                 goto out_tbl_unlock;
664         }
665
666         for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
667                                             lockdep_is_held(&tbl->lock));
668              n1 != NULL;
669              n1 = rcu_dereference_protected(n1->next,
670                         lockdep_is_held(&tbl->lock))) {
671                 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
672                         if (want_ref)
673                                 neigh_hold(n1);
674                         rc = n1;
675                         goto out_tbl_unlock;
676                 }
677         }
678
679         n->dead = 0;
680         if (!exempt_from_gc)
681                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
682         if (n->flags & NTF_MANAGED)
683                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
684         if (want_ref)
685                 neigh_hold(n);
686         rcu_assign_pointer(n->next,
687                            rcu_dereference_protected(nht->hash_buckets[hash_val],
688                                                      lockdep_is_held(&tbl->lock)));
689         rcu_assign_pointer(nht->hash_buckets[hash_val], n);
690         write_unlock_bh(&tbl->lock);
691         neigh_dbg(2, "neigh %p is created\n", n);
692         rc = n;
693 out:
694         return rc;
695 out_tbl_unlock:
696         write_unlock_bh(&tbl->lock);
697 out_neigh_release:
698         if (!exempt_from_gc)
699                 atomic_dec(&tbl->gc_entries);
700         neigh_release(n);
701         goto out;
702 }
703
704 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
705                                  struct net_device *dev, bool want_ref)
706 {
707         return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
708 }
709 EXPORT_SYMBOL(__neigh_create);
710
711 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
712 {
713         u32 hash_val = *(u32 *)(pkey + key_len - 4);
714         hash_val ^= (hash_val >> 16);
715         hash_val ^= hash_val >> 8;
716         hash_val ^= hash_val >> 4;
717         hash_val &= PNEIGH_HASHMASK;
718         return hash_val;
719 }
720
721 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
722                                               struct net *net,
723                                               const void *pkey,
724                                               unsigned int key_len,
725                                               struct net_device *dev)
726 {
727         while (n) {
728                 if (!memcmp(n->key, pkey, key_len) &&
729                     net_eq(pneigh_net(n), net) &&
730                     (n->dev == dev || !n->dev))
731                         return n;
732                 n = n->next;
733         }
734         return NULL;
735 }
736
737 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
738                 struct net *net, const void *pkey, struct net_device *dev)
739 {
740         unsigned int key_len = tbl->key_len;
741         u32 hash_val = pneigh_hash(pkey, key_len);
742
743         return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
744                                  net, pkey, key_len, dev);
745 }
746 EXPORT_SYMBOL_GPL(__pneigh_lookup);
747
748 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
749                                     struct net *net, const void *pkey,
750                                     struct net_device *dev, int creat)
751 {
752         struct pneigh_entry *n;
753         unsigned int key_len = tbl->key_len;
754         u32 hash_val = pneigh_hash(pkey, key_len);
755
756         read_lock_bh(&tbl->lock);
757         n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
758                               net, pkey, key_len, dev);
759         read_unlock_bh(&tbl->lock);
760
761         if (n || !creat)
762                 goto out;
763
764         ASSERT_RTNL();
765
766         n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
767         if (!n)
768                 goto out;
769
770         write_pnet(&n->net, net);
771         memcpy(n->key, pkey, key_len);
772         n->dev = dev;
773         dev_hold_track(dev, &n->dev_tracker, GFP_KERNEL);
774
775         if (tbl->pconstructor && tbl->pconstructor(n)) {
776                 dev_put_track(dev, &n->dev_tracker);
777                 kfree(n);
778                 n = NULL;
779                 goto out;
780         }
781
782         write_lock_bh(&tbl->lock);
783         n->next = tbl->phash_buckets[hash_val];
784         tbl->phash_buckets[hash_val] = n;
785         write_unlock_bh(&tbl->lock);
786 out:
787         return n;
788 }
789 EXPORT_SYMBOL(pneigh_lookup);
790
791
792 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
793                   struct net_device *dev)
794 {
795         struct pneigh_entry *n, **np;
796         unsigned int key_len = tbl->key_len;
797         u32 hash_val = pneigh_hash(pkey, key_len);
798
799         write_lock_bh(&tbl->lock);
800         for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
801              np = &n->next) {
802                 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
803                     net_eq(pneigh_net(n), net)) {
804                         *np = n->next;
805                         write_unlock_bh(&tbl->lock);
806                         if (tbl->pdestructor)
807                                 tbl->pdestructor(n);
808                         dev_put_track(n->dev, &n->dev_tracker);
809                         kfree(n);
810                         return 0;
811                 }
812         }
813         write_unlock_bh(&tbl->lock);
814         return -ENOENT;
815 }
816
817 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
818                                     struct net_device *dev)
819 {
820         struct pneigh_entry *n, **np, *freelist = NULL;
821         u32 h;
822
823         for (h = 0; h <= PNEIGH_HASHMASK; h++) {
824                 np = &tbl->phash_buckets[h];
825                 while ((n = *np) != NULL) {
826                         if (!dev || n->dev == dev) {
827                                 *np = n->next;
828                                 n->next = freelist;
829                                 freelist = n;
830                                 continue;
831                         }
832                         np = &n->next;
833                 }
834         }
835         write_unlock_bh(&tbl->lock);
836         while ((n = freelist)) {
837                 freelist = n->next;
838                 n->next = NULL;
839                 if (tbl->pdestructor)
840                         tbl->pdestructor(n);
841                 dev_put_track(n->dev, &n->dev_tracker);
842                 kfree(n);
843         }
844         return -ENOENT;
845 }
846
847 static void neigh_parms_destroy(struct neigh_parms *parms);
848
849 static inline void neigh_parms_put(struct neigh_parms *parms)
850 {
851         if (refcount_dec_and_test(&parms->refcnt))
852                 neigh_parms_destroy(parms);
853 }
854
855 /*
856  *      neighbour must already be out of the table;
857  *
858  */
859 void neigh_destroy(struct neighbour *neigh)
860 {
861         struct net_device *dev = neigh->dev;
862
863         NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
864
865         if (!neigh->dead) {
866                 pr_warn("Destroying alive neighbour %p\n", neigh);
867                 dump_stack();
868                 return;
869         }
870
871         if (neigh_del_timer(neigh))
872                 pr_warn("Impossible event\n");
873
874         write_lock_bh(&neigh->lock);
875         __skb_queue_purge(&neigh->arp_queue);
876         write_unlock_bh(&neigh->lock);
877         neigh->arp_queue_len_bytes = 0;
878
879         if (dev->netdev_ops->ndo_neigh_destroy)
880                 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
881
882         dev_put_track(dev, &neigh->dev_tracker);
883         neigh_parms_put(neigh->parms);
884
885         neigh_dbg(2, "neigh %p is destroyed\n", neigh);
886
887         atomic_dec(&neigh->tbl->entries);
888         kfree_rcu(neigh, rcu);
889 }
890 EXPORT_SYMBOL(neigh_destroy);
891
892 /* Neighbour state is suspicious;
893    disable fast path.
894
895    Called with write_locked neigh.
896  */
897 static void neigh_suspect(struct neighbour *neigh)
898 {
899         neigh_dbg(2, "neigh %p is suspected\n", neigh);
900
901         neigh->output = neigh->ops->output;
902 }
903
904 /* Neighbour state is OK;
905    enable fast path.
906
907    Called with write_locked neigh.
908  */
909 static void neigh_connect(struct neighbour *neigh)
910 {
911         neigh_dbg(2, "neigh %p is connected\n", neigh);
912
913         neigh->output = neigh->ops->connected_output;
914 }
915
916 static void neigh_periodic_work(struct work_struct *work)
917 {
918         struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
919         struct neighbour *n;
920         struct neighbour __rcu **np;
921         unsigned int i;
922         struct neigh_hash_table *nht;
923
924         NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
925
926         write_lock_bh(&tbl->lock);
927         nht = rcu_dereference_protected(tbl->nht,
928                                         lockdep_is_held(&tbl->lock));
929
930         /*
931          *      periodically recompute ReachableTime from random function
932          */
933
934         if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
935                 struct neigh_parms *p;
936                 tbl->last_rand = jiffies;
937                 list_for_each_entry(p, &tbl->parms_list, list)
938                         p->reachable_time =
939                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
940         }
941
942         if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
943                 goto out;
944
945         for (i = 0 ; i < (1 << nht->hash_shift); i++) {
946                 np = &nht->hash_buckets[i];
947
948                 while ((n = rcu_dereference_protected(*np,
949                                 lockdep_is_held(&tbl->lock))) != NULL) {
950                         unsigned int state;
951
952                         write_lock(&n->lock);
953
954                         state = n->nud_state;
955                         if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
956                             (n->flags & NTF_EXT_LEARNED)) {
957                                 write_unlock(&n->lock);
958                                 goto next_elt;
959                         }
960
961                         if (time_before(n->used, n->confirmed))
962                                 n->used = n->confirmed;
963
964                         if (refcount_read(&n->refcnt) == 1 &&
965                             (state == NUD_FAILED ||
966                              time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
967                                 *np = n->next;
968                                 neigh_mark_dead(n);
969                                 write_unlock(&n->lock);
970                                 neigh_cleanup_and_release(n);
971                                 continue;
972                         }
973                         write_unlock(&n->lock);
974
975 next_elt:
976                         np = &n->next;
977                 }
978                 /*
979                  * It's fine to release lock here, even if hash table
980                  * grows while we are preempted.
981                  */
982                 write_unlock_bh(&tbl->lock);
983                 cond_resched();
984                 write_lock_bh(&tbl->lock);
985                 nht = rcu_dereference_protected(tbl->nht,
986                                                 lockdep_is_held(&tbl->lock));
987         }
988 out:
989         /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
990          * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
991          * BASE_REACHABLE_TIME.
992          */
993         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
994                               NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
995         write_unlock_bh(&tbl->lock);
996 }
997
998 static __inline__ int neigh_max_probes(struct neighbour *n)
999 {
1000         struct neigh_parms *p = n->parms;
1001         return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1002                (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1003                 NEIGH_VAR(p, MCAST_PROBES));
1004 }
1005
1006 static void neigh_invalidate(struct neighbour *neigh)
1007         __releases(neigh->lock)
1008         __acquires(neigh->lock)
1009 {
1010         struct sk_buff *skb;
1011
1012         NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1013         neigh_dbg(2, "neigh %p is failed\n", neigh);
1014         neigh->updated = jiffies;
1015
1016         /* It is very thin place. report_unreachable is very complicated
1017            routine. Particularly, it can hit the same neighbour entry!
1018
1019            So that, we try to be accurate and avoid dead loop. --ANK
1020          */
1021         while (neigh->nud_state == NUD_FAILED &&
1022                (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1023                 write_unlock(&neigh->lock);
1024                 neigh->ops->error_report(neigh, skb);
1025                 write_lock(&neigh->lock);
1026         }
1027         __skb_queue_purge(&neigh->arp_queue);
1028         neigh->arp_queue_len_bytes = 0;
1029 }
1030
1031 static void neigh_probe(struct neighbour *neigh)
1032         __releases(neigh->lock)
1033 {
1034         struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1035         /* keep skb alive even if arp_queue overflows */
1036         if (skb)
1037                 skb = skb_clone(skb, GFP_ATOMIC);
1038         write_unlock(&neigh->lock);
1039         if (neigh->ops->solicit)
1040                 neigh->ops->solicit(neigh, skb);
1041         atomic_inc(&neigh->probes);
1042         consume_skb(skb);
1043 }
1044
1045 /* Called when a timer expires for a neighbour entry. */
1046
1047 static void neigh_timer_handler(struct timer_list *t)
1048 {
1049         unsigned long now, next;
1050         struct neighbour *neigh = from_timer(neigh, t, timer);
1051         unsigned int state;
1052         int notify = 0;
1053
1054         write_lock(&neigh->lock);
1055
1056         state = neigh->nud_state;
1057         now = jiffies;
1058         next = now + HZ;
1059
1060         if (!(state & NUD_IN_TIMER))
1061                 goto out;
1062
1063         if (state & NUD_REACHABLE) {
1064                 if (time_before_eq(now,
1065                                    neigh->confirmed + neigh->parms->reachable_time)) {
1066                         neigh_dbg(2, "neigh %p is still alive\n", neigh);
1067                         next = neigh->confirmed + neigh->parms->reachable_time;
1068                 } else if (time_before_eq(now,
1069                                           neigh->used +
1070                                           NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1071                         neigh_dbg(2, "neigh %p is delayed\n", neigh);
1072                         neigh->nud_state = NUD_DELAY;
1073                         neigh->updated = jiffies;
1074                         neigh_suspect(neigh);
1075                         next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1076                 } else {
1077                         neigh_dbg(2, "neigh %p is suspected\n", neigh);
1078                         neigh->nud_state = NUD_STALE;
1079                         neigh->updated = jiffies;
1080                         neigh_suspect(neigh);
1081                         notify = 1;
1082                 }
1083         } else if (state & NUD_DELAY) {
1084                 if (time_before_eq(now,
1085                                    neigh->confirmed +
1086                                    NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1087                         neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1088                         neigh->nud_state = NUD_REACHABLE;
1089                         neigh->updated = jiffies;
1090                         neigh_connect(neigh);
1091                         notify = 1;
1092                         next = neigh->confirmed + neigh->parms->reachable_time;
1093                 } else {
1094                         neigh_dbg(2, "neigh %p is probed\n", neigh);
1095                         neigh->nud_state = NUD_PROBE;
1096                         neigh->updated = jiffies;
1097                         atomic_set(&neigh->probes, 0);
1098                         notify = 1;
1099                         next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1100                                          HZ/100);
1101                 }
1102         } else {
1103                 /* NUD_PROBE|NUD_INCOMPLETE */
1104                 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1105         }
1106
1107         if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1108             atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1109                 neigh->nud_state = NUD_FAILED;
1110                 notify = 1;
1111                 neigh_invalidate(neigh);
1112                 goto out;
1113         }
1114
1115         if (neigh->nud_state & NUD_IN_TIMER) {
1116                 if (time_before(next, jiffies + HZ/100))
1117                         next = jiffies + HZ/100;
1118                 if (!mod_timer(&neigh->timer, next))
1119                         neigh_hold(neigh);
1120         }
1121         if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1122                 neigh_probe(neigh);
1123         } else {
1124 out:
1125                 write_unlock(&neigh->lock);
1126         }
1127
1128         if (notify)
1129                 neigh_update_notify(neigh, 0);
1130
1131         trace_neigh_timer_handler(neigh, 0);
1132
1133         neigh_release(neigh);
1134 }
1135
1136 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1137                        const bool immediate_ok)
1138 {
1139         int rc;
1140         bool immediate_probe = false;
1141
1142         write_lock_bh(&neigh->lock);
1143
1144         rc = 0;
1145         if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1146                 goto out_unlock_bh;
1147         if (neigh->dead)
1148                 goto out_dead;
1149
1150         if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1151                 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1152                     NEIGH_VAR(neigh->parms, APP_PROBES)) {
1153                         unsigned long next, now = jiffies;
1154
1155                         atomic_set(&neigh->probes,
1156                                    NEIGH_VAR(neigh->parms, UCAST_PROBES));
1157                         neigh_del_timer(neigh);
1158                         neigh->nud_state = NUD_INCOMPLETE;
1159                         neigh->updated = now;
1160                         if (!immediate_ok) {
1161                                 next = now + 1;
1162                         } else {
1163                                 immediate_probe = true;
1164                                 next = now + max(NEIGH_VAR(neigh->parms,
1165                                                            RETRANS_TIME),
1166                                                  HZ / 100);
1167                         }
1168                         neigh_add_timer(neigh, next);
1169                 } else {
1170                         neigh->nud_state = NUD_FAILED;
1171                         neigh->updated = jiffies;
1172                         write_unlock_bh(&neigh->lock);
1173
1174                         kfree_skb(skb);
1175                         return 1;
1176                 }
1177         } else if (neigh->nud_state & NUD_STALE) {
1178                 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1179                 neigh_del_timer(neigh);
1180                 neigh->nud_state = NUD_DELAY;
1181                 neigh->updated = jiffies;
1182                 neigh_add_timer(neigh, jiffies +
1183                                 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1184         }
1185
1186         if (neigh->nud_state == NUD_INCOMPLETE) {
1187                 if (skb) {
1188                         while (neigh->arp_queue_len_bytes + skb->truesize >
1189                                NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1190                                 struct sk_buff *buff;
1191
1192                                 buff = __skb_dequeue(&neigh->arp_queue);
1193                                 if (!buff)
1194                                         break;
1195                                 neigh->arp_queue_len_bytes -= buff->truesize;
1196                                 kfree_skb(buff);
1197                                 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1198                         }
1199                         skb_dst_force(skb);
1200                         __skb_queue_tail(&neigh->arp_queue, skb);
1201                         neigh->arp_queue_len_bytes += skb->truesize;
1202                 }
1203                 rc = 1;
1204         }
1205 out_unlock_bh:
1206         if (immediate_probe)
1207                 neigh_probe(neigh);
1208         else
1209                 write_unlock(&neigh->lock);
1210         local_bh_enable();
1211         trace_neigh_event_send_done(neigh, rc);
1212         return rc;
1213
1214 out_dead:
1215         if (neigh->nud_state & NUD_STALE)
1216                 goto out_unlock_bh;
1217         write_unlock_bh(&neigh->lock);
1218         kfree_skb(skb);
1219         trace_neigh_event_send_dead(neigh, 1);
1220         return 1;
1221 }
1222 EXPORT_SYMBOL(__neigh_event_send);
1223
1224 static void neigh_update_hhs(struct neighbour *neigh)
1225 {
1226         struct hh_cache *hh;
1227         void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1228                 = NULL;
1229
1230         if (neigh->dev->header_ops)
1231                 update = neigh->dev->header_ops->cache_update;
1232
1233         if (update) {
1234                 hh = &neigh->hh;
1235                 if (READ_ONCE(hh->hh_len)) {
1236                         write_seqlock_bh(&hh->hh_lock);
1237                         update(hh, neigh->dev, neigh->ha);
1238                         write_sequnlock_bh(&hh->hh_lock);
1239                 }
1240         }
1241 }
1242
1243 /* Generic update routine.
1244    -- lladdr is new lladdr or NULL, if it is not supplied.
1245    -- new    is new state.
1246    -- flags
1247         NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1248                                 if it is different.
1249         NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1250                                 lladdr instead of overriding it
1251                                 if it is different.
1252         NEIGH_UPDATE_F_ADMIN    means that the change is administrative.
1253         NEIGH_UPDATE_F_USE      means that the entry is user triggered.
1254         NEIGH_UPDATE_F_MANAGED  means that the entry will be auto-refreshed.
1255         NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1256                                 NTF_ROUTER flag.
1257         NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1258                                 a router.
1259
1260    Caller MUST hold reference count on the entry.
1261  */
1262 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1263                           u8 new, u32 flags, u32 nlmsg_pid,
1264                           struct netlink_ext_ack *extack)
1265 {
1266         bool gc_update = false, managed_update = false;
1267         int update_isrouter = 0;
1268         struct net_device *dev;
1269         int err, notify = 0;
1270         u8 old;
1271
1272         trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1273
1274         write_lock_bh(&neigh->lock);
1275
1276         dev    = neigh->dev;
1277         old    = neigh->nud_state;
1278         err    = -EPERM;
1279
1280         if (neigh->dead) {
1281                 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1282                 new = old;
1283                 goto out;
1284         }
1285         if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1286             (old & (NUD_NOARP | NUD_PERMANENT)))
1287                 goto out;
1288
1289         neigh_update_flags(neigh, flags, &notify, &gc_update, &managed_update);
1290         if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1291                 new = old & ~NUD_PERMANENT;
1292                 neigh->nud_state = new;
1293                 err = 0;
1294                 goto out;
1295         }
1296
1297         if (!(new & NUD_VALID)) {
1298                 neigh_del_timer(neigh);
1299                 if (old & NUD_CONNECTED)
1300                         neigh_suspect(neigh);
1301                 neigh->nud_state = new;
1302                 err = 0;
1303                 notify = old & NUD_VALID;
1304                 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1305                     (new & NUD_FAILED)) {
1306                         neigh_invalidate(neigh);
1307                         notify = 1;
1308                 }
1309                 goto out;
1310         }
1311
1312         /* Compare new lladdr with cached one */
1313         if (!dev->addr_len) {
1314                 /* First case: device needs no address. */
1315                 lladdr = neigh->ha;
1316         } else if (lladdr) {
1317                 /* The second case: if something is already cached
1318                    and a new address is proposed:
1319                    - compare new & old
1320                    - if they are different, check override flag
1321                  */
1322                 if ((old & NUD_VALID) &&
1323                     !memcmp(lladdr, neigh->ha, dev->addr_len))
1324                         lladdr = neigh->ha;
1325         } else {
1326                 /* No address is supplied; if we know something,
1327                    use it, otherwise discard the request.
1328                  */
1329                 err = -EINVAL;
1330                 if (!(old & NUD_VALID)) {
1331                         NL_SET_ERR_MSG(extack, "No link layer address given");
1332                         goto out;
1333                 }
1334                 lladdr = neigh->ha;
1335         }
1336
1337         /* Update confirmed timestamp for neighbour entry after we
1338          * received ARP packet even if it doesn't change IP to MAC binding.
1339          */
1340         if (new & NUD_CONNECTED)
1341                 neigh->confirmed = jiffies;
1342
1343         /* If entry was valid and address is not changed,
1344            do not change entry state, if new one is STALE.
1345          */
1346         err = 0;
1347         update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1348         if (old & NUD_VALID) {
1349                 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1350                         update_isrouter = 0;
1351                         if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1352                             (old & NUD_CONNECTED)) {
1353                                 lladdr = neigh->ha;
1354                                 new = NUD_STALE;
1355                         } else
1356                                 goto out;
1357                 } else {
1358                         if (lladdr == neigh->ha && new == NUD_STALE &&
1359                             !(flags & NEIGH_UPDATE_F_ADMIN))
1360                                 new = old;
1361                 }
1362         }
1363
1364         /* Update timestamp only once we know we will make a change to the
1365          * neighbour entry. Otherwise we risk to move the locktime window with
1366          * noop updates and ignore relevant ARP updates.
1367          */
1368         if (new != old || lladdr != neigh->ha)
1369                 neigh->updated = jiffies;
1370
1371         if (new != old) {
1372                 neigh_del_timer(neigh);
1373                 if (new & NUD_PROBE)
1374                         atomic_set(&neigh->probes, 0);
1375                 if (new & NUD_IN_TIMER)
1376                         neigh_add_timer(neigh, (jiffies +
1377                                                 ((new & NUD_REACHABLE) ?
1378                                                  neigh->parms->reachable_time :
1379                                                  0)));
1380                 neigh->nud_state = new;
1381                 notify = 1;
1382         }
1383
1384         if (lladdr != neigh->ha) {
1385                 write_seqlock(&neigh->ha_lock);
1386                 memcpy(&neigh->ha, lladdr, dev->addr_len);
1387                 write_sequnlock(&neigh->ha_lock);
1388                 neigh_update_hhs(neigh);
1389                 if (!(new & NUD_CONNECTED))
1390                         neigh->confirmed = jiffies -
1391                                       (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1392                 notify = 1;
1393         }
1394         if (new == old)
1395                 goto out;
1396         if (new & NUD_CONNECTED)
1397                 neigh_connect(neigh);
1398         else
1399                 neigh_suspect(neigh);
1400         if (!(old & NUD_VALID)) {
1401                 struct sk_buff *skb;
1402
1403                 /* Again: avoid dead loop if something went wrong */
1404
1405                 while (neigh->nud_state & NUD_VALID &&
1406                        (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1407                         struct dst_entry *dst = skb_dst(skb);
1408                         struct neighbour *n2, *n1 = neigh;
1409                         write_unlock_bh(&neigh->lock);
1410
1411                         rcu_read_lock();
1412
1413                         /* Why not just use 'neigh' as-is?  The problem is that
1414                          * things such as shaper, eql, and sch_teql can end up
1415                          * using alternative, different, neigh objects to output
1416                          * the packet in the output path.  So what we need to do
1417                          * here is re-lookup the top-level neigh in the path so
1418                          * we can reinject the packet there.
1419                          */
1420                         n2 = NULL;
1421                         if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1422                                 n2 = dst_neigh_lookup_skb(dst, skb);
1423                                 if (n2)
1424                                         n1 = n2;
1425                         }
1426                         n1->output(n1, skb);
1427                         if (n2)
1428                                 neigh_release(n2);
1429                         rcu_read_unlock();
1430
1431                         write_lock_bh(&neigh->lock);
1432                 }
1433                 __skb_queue_purge(&neigh->arp_queue);
1434                 neigh->arp_queue_len_bytes = 0;
1435         }
1436 out:
1437         if (update_isrouter)
1438                 neigh_update_is_router(neigh, flags, &notify);
1439         write_unlock_bh(&neigh->lock);
1440         if (((new ^ old) & NUD_PERMANENT) || gc_update)
1441                 neigh_update_gc_list(neigh);
1442         if (managed_update)
1443                 neigh_update_managed_list(neigh);
1444         if (notify)
1445                 neigh_update_notify(neigh, nlmsg_pid);
1446         trace_neigh_update_done(neigh, err);
1447         return err;
1448 }
1449
1450 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1451                  u32 flags, u32 nlmsg_pid)
1452 {
1453         return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1454 }
1455 EXPORT_SYMBOL(neigh_update);
1456
1457 /* Update the neigh to listen temporarily for probe responses, even if it is
1458  * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1459  */
1460 void __neigh_set_probe_once(struct neighbour *neigh)
1461 {
1462         if (neigh->dead)
1463                 return;
1464         neigh->updated = jiffies;
1465         if (!(neigh->nud_state & NUD_FAILED))
1466                 return;
1467         neigh->nud_state = NUD_INCOMPLETE;
1468         atomic_set(&neigh->probes, neigh_max_probes(neigh));
1469         neigh_add_timer(neigh,
1470                         jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1471                                       HZ/100));
1472 }
1473 EXPORT_SYMBOL(__neigh_set_probe_once);
1474
1475 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1476                                  u8 *lladdr, void *saddr,
1477                                  struct net_device *dev)
1478 {
1479         struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1480                                                  lladdr || !dev->addr_len);
1481         if (neigh)
1482                 neigh_update(neigh, lladdr, NUD_STALE,
1483                              NEIGH_UPDATE_F_OVERRIDE, 0);
1484         return neigh;
1485 }
1486 EXPORT_SYMBOL(neigh_event_ns);
1487
1488 /* called with read_lock_bh(&n->lock); */
1489 static void neigh_hh_init(struct neighbour *n)
1490 {
1491         struct net_device *dev = n->dev;
1492         __be16 prot = n->tbl->protocol;
1493         struct hh_cache *hh = &n->hh;
1494
1495         write_lock_bh(&n->lock);
1496
1497         /* Only one thread can come in here and initialize the
1498          * hh_cache entry.
1499          */
1500         if (!hh->hh_len)
1501                 dev->header_ops->cache(n, hh, prot);
1502
1503         write_unlock_bh(&n->lock);
1504 }
1505
1506 /* Slow and careful. */
1507
1508 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1509 {
1510         int rc = 0;
1511
1512         if (!neigh_event_send(neigh, skb)) {
1513                 int err;
1514                 struct net_device *dev = neigh->dev;
1515                 unsigned int seq;
1516
1517                 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1518                         neigh_hh_init(neigh);
1519
1520                 do {
1521                         __skb_pull(skb, skb_network_offset(skb));
1522                         seq = read_seqbegin(&neigh->ha_lock);
1523                         err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1524                                               neigh->ha, NULL, skb->len);
1525                 } while (read_seqretry(&neigh->ha_lock, seq));
1526
1527                 if (err >= 0)
1528                         rc = dev_queue_xmit(skb);
1529                 else
1530                         goto out_kfree_skb;
1531         }
1532 out:
1533         return rc;
1534 out_kfree_skb:
1535         rc = -EINVAL;
1536         kfree_skb(skb);
1537         goto out;
1538 }
1539 EXPORT_SYMBOL(neigh_resolve_output);
1540
1541 /* As fast as possible without hh cache */
1542
1543 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1544 {
1545         struct net_device *dev = neigh->dev;
1546         unsigned int seq;
1547         int err;
1548
1549         do {
1550                 __skb_pull(skb, skb_network_offset(skb));
1551                 seq = read_seqbegin(&neigh->ha_lock);
1552                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1553                                       neigh->ha, NULL, skb->len);
1554         } while (read_seqretry(&neigh->ha_lock, seq));
1555
1556         if (err >= 0)
1557                 err = dev_queue_xmit(skb);
1558         else {
1559                 err = -EINVAL;
1560                 kfree_skb(skb);
1561         }
1562         return err;
1563 }
1564 EXPORT_SYMBOL(neigh_connected_output);
1565
1566 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1567 {
1568         return dev_queue_xmit(skb);
1569 }
1570 EXPORT_SYMBOL(neigh_direct_output);
1571
1572 static void neigh_managed_work(struct work_struct *work)
1573 {
1574         struct neigh_table *tbl = container_of(work, struct neigh_table,
1575                                                managed_work.work);
1576         struct neighbour *neigh;
1577
1578         write_lock_bh(&tbl->lock);
1579         list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1580                 neigh_event_send_probe(neigh, NULL, false);
1581         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1582                            NEIGH_VAR(&tbl->parms, DELAY_PROBE_TIME));
1583         write_unlock_bh(&tbl->lock);
1584 }
1585
1586 static void neigh_proxy_process(struct timer_list *t)
1587 {
1588         struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1589         long sched_next = 0;
1590         unsigned long now = jiffies;
1591         struct sk_buff *skb, *n;
1592
1593         spin_lock(&tbl->proxy_queue.lock);
1594
1595         skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1596                 long tdif = NEIGH_CB(skb)->sched_next - now;
1597
1598                 if (tdif <= 0) {
1599                         struct net_device *dev = skb->dev;
1600
1601                         __skb_unlink(skb, &tbl->proxy_queue);
1602                         if (tbl->proxy_redo && netif_running(dev)) {
1603                                 rcu_read_lock();
1604                                 tbl->proxy_redo(skb);
1605                                 rcu_read_unlock();
1606                         } else {
1607                                 kfree_skb(skb);
1608                         }
1609
1610                         dev_put(dev);
1611                 } else if (!sched_next || tdif < sched_next)
1612                         sched_next = tdif;
1613         }
1614         del_timer(&tbl->proxy_timer);
1615         if (sched_next)
1616                 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1617         spin_unlock(&tbl->proxy_queue.lock);
1618 }
1619
1620 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1621                     struct sk_buff *skb)
1622 {
1623         unsigned long sched_next = jiffies +
1624                         prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1625
1626         if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1627                 kfree_skb(skb);
1628                 return;
1629         }
1630
1631         NEIGH_CB(skb)->sched_next = sched_next;
1632         NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1633
1634         spin_lock(&tbl->proxy_queue.lock);
1635         if (del_timer(&tbl->proxy_timer)) {
1636                 if (time_before(tbl->proxy_timer.expires, sched_next))
1637                         sched_next = tbl->proxy_timer.expires;
1638         }
1639         skb_dst_drop(skb);
1640         dev_hold(skb->dev);
1641         __skb_queue_tail(&tbl->proxy_queue, skb);
1642         mod_timer(&tbl->proxy_timer, sched_next);
1643         spin_unlock(&tbl->proxy_queue.lock);
1644 }
1645 EXPORT_SYMBOL(pneigh_enqueue);
1646
1647 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1648                                                       struct net *net, int ifindex)
1649 {
1650         struct neigh_parms *p;
1651
1652         list_for_each_entry(p, &tbl->parms_list, list) {
1653                 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1654                     (!p->dev && !ifindex && net_eq(net, &init_net)))
1655                         return p;
1656         }
1657
1658         return NULL;
1659 }
1660
1661 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1662                                       struct neigh_table *tbl)
1663 {
1664         struct neigh_parms *p;
1665         struct net *net = dev_net(dev);
1666         const struct net_device_ops *ops = dev->netdev_ops;
1667
1668         p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1669         if (p) {
1670                 p->tbl            = tbl;
1671                 refcount_set(&p->refcnt, 1);
1672                 p->reachable_time =
1673                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1674                 dev_hold_track(dev, &p->dev_tracker, GFP_KERNEL);
1675                 p->dev = dev;
1676                 write_pnet(&p->net, net);
1677                 p->sysctl_table = NULL;
1678
1679                 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1680                         dev_put_track(dev, &p->dev_tracker);
1681                         kfree(p);
1682                         return NULL;
1683                 }
1684
1685                 write_lock_bh(&tbl->lock);
1686                 list_add(&p->list, &tbl->parms.list);
1687                 write_unlock_bh(&tbl->lock);
1688
1689                 neigh_parms_data_state_cleanall(p);
1690         }
1691         return p;
1692 }
1693 EXPORT_SYMBOL(neigh_parms_alloc);
1694
1695 static void neigh_rcu_free_parms(struct rcu_head *head)
1696 {
1697         struct neigh_parms *parms =
1698                 container_of(head, struct neigh_parms, rcu_head);
1699
1700         neigh_parms_put(parms);
1701 }
1702
1703 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1704 {
1705         if (!parms || parms == &tbl->parms)
1706                 return;
1707         write_lock_bh(&tbl->lock);
1708         list_del(&parms->list);
1709         parms->dead = 1;
1710         write_unlock_bh(&tbl->lock);
1711         dev_put_track(parms->dev, &parms->dev_tracker);
1712         call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1713 }
1714 EXPORT_SYMBOL(neigh_parms_release);
1715
1716 static void neigh_parms_destroy(struct neigh_parms *parms)
1717 {
1718         kfree(parms);
1719 }
1720
1721 static struct lock_class_key neigh_table_proxy_queue_class;
1722
1723 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1724
1725 void neigh_table_init(int index, struct neigh_table *tbl)
1726 {
1727         unsigned long now = jiffies;
1728         unsigned long phsize;
1729
1730         INIT_LIST_HEAD(&tbl->parms_list);
1731         INIT_LIST_HEAD(&tbl->gc_list);
1732         INIT_LIST_HEAD(&tbl->managed_list);
1733
1734         list_add(&tbl->parms.list, &tbl->parms_list);
1735         write_pnet(&tbl->parms.net, &init_net);
1736         refcount_set(&tbl->parms.refcnt, 1);
1737         tbl->parms.reachable_time =
1738                           neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1739
1740         tbl->stats = alloc_percpu(struct neigh_statistics);
1741         if (!tbl->stats)
1742                 panic("cannot create neighbour cache statistics");
1743
1744 #ifdef CONFIG_PROC_FS
1745         if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1746                               &neigh_stat_seq_ops, tbl))
1747                 panic("cannot create neighbour proc dir entry");
1748 #endif
1749
1750         RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1751
1752         phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1753         tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1754
1755         if (!tbl->nht || !tbl->phash_buckets)
1756                 panic("cannot allocate neighbour cache hashes");
1757
1758         if (!tbl->entry_size)
1759                 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1760                                         tbl->key_len, NEIGH_PRIV_ALIGN);
1761         else
1762                 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1763
1764         rwlock_init(&tbl->lock);
1765
1766         INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1767         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1768                         tbl->parms.reachable_time);
1769         INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1770         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1771
1772         timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1773         skb_queue_head_init_class(&tbl->proxy_queue,
1774                         &neigh_table_proxy_queue_class);
1775
1776         tbl->last_flush = now;
1777         tbl->last_rand  = now + tbl->parms.reachable_time * 20;
1778
1779         neigh_tables[index] = tbl;
1780 }
1781 EXPORT_SYMBOL(neigh_table_init);
1782
1783 int neigh_table_clear(int index, struct neigh_table *tbl)
1784 {
1785         neigh_tables[index] = NULL;
1786         /* It is not clean... Fix it to unload IPv6 module safely */
1787         cancel_delayed_work_sync(&tbl->managed_work);
1788         cancel_delayed_work_sync(&tbl->gc_work);
1789         del_timer_sync(&tbl->proxy_timer);
1790         pneigh_queue_purge(&tbl->proxy_queue);
1791         neigh_ifdown(tbl, NULL);
1792         if (atomic_read(&tbl->entries))
1793                 pr_crit("neighbour leakage\n");
1794
1795         call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1796                  neigh_hash_free_rcu);
1797         tbl->nht = NULL;
1798
1799         kfree(tbl->phash_buckets);
1800         tbl->phash_buckets = NULL;
1801
1802         remove_proc_entry(tbl->id, init_net.proc_net_stat);
1803
1804         free_percpu(tbl->stats);
1805         tbl->stats = NULL;
1806
1807         return 0;
1808 }
1809 EXPORT_SYMBOL(neigh_table_clear);
1810
1811 static struct neigh_table *neigh_find_table(int family)
1812 {
1813         struct neigh_table *tbl = NULL;
1814
1815         switch (family) {
1816         case AF_INET:
1817                 tbl = neigh_tables[NEIGH_ARP_TABLE];
1818                 break;
1819         case AF_INET6:
1820                 tbl = neigh_tables[NEIGH_ND_TABLE];
1821                 break;
1822         case AF_DECnet:
1823                 tbl = neigh_tables[NEIGH_DN_TABLE];
1824                 break;
1825         }
1826
1827         return tbl;
1828 }
1829
1830 const struct nla_policy nda_policy[NDA_MAX+1] = {
1831         [NDA_UNSPEC]            = { .strict_start_type = NDA_NH_ID },
1832         [NDA_DST]               = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1833         [NDA_LLADDR]            = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1834         [NDA_CACHEINFO]         = { .len = sizeof(struct nda_cacheinfo) },
1835         [NDA_PROBES]            = { .type = NLA_U32 },
1836         [NDA_VLAN]              = { .type = NLA_U16 },
1837         [NDA_PORT]              = { .type = NLA_U16 },
1838         [NDA_VNI]               = { .type = NLA_U32 },
1839         [NDA_IFINDEX]           = { .type = NLA_U32 },
1840         [NDA_MASTER]            = { .type = NLA_U32 },
1841         [NDA_PROTOCOL]          = { .type = NLA_U8 },
1842         [NDA_NH_ID]             = { .type = NLA_U32 },
1843         [NDA_FLAGS_EXT]         = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1844         [NDA_FDB_EXT_ATTRS]     = { .type = NLA_NESTED },
1845 };
1846
1847 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1848                         struct netlink_ext_ack *extack)
1849 {
1850         struct net *net = sock_net(skb->sk);
1851         struct ndmsg *ndm;
1852         struct nlattr *dst_attr;
1853         struct neigh_table *tbl;
1854         struct neighbour *neigh;
1855         struct net_device *dev = NULL;
1856         int err = -EINVAL;
1857
1858         ASSERT_RTNL();
1859         if (nlmsg_len(nlh) < sizeof(*ndm))
1860                 goto out;
1861
1862         dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1863         if (!dst_attr) {
1864                 NL_SET_ERR_MSG(extack, "Network address not specified");
1865                 goto out;
1866         }
1867
1868         ndm = nlmsg_data(nlh);
1869         if (ndm->ndm_ifindex) {
1870                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1871                 if (dev == NULL) {
1872                         err = -ENODEV;
1873                         goto out;
1874                 }
1875         }
1876
1877         tbl = neigh_find_table(ndm->ndm_family);
1878         if (tbl == NULL)
1879                 return -EAFNOSUPPORT;
1880
1881         if (nla_len(dst_attr) < (int)tbl->key_len) {
1882                 NL_SET_ERR_MSG(extack, "Invalid network address");
1883                 goto out;
1884         }
1885
1886         if (ndm->ndm_flags & NTF_PROXY) {
1887                 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1888                 goto out;
1889         }
1890
1891         if (dev == NULL)
1892                 goto out;
1893
1894         neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1895         if (neigh == NULL) {
1896                 err = -ENOENT;
1897                 goto out;
1898         }
1899
1900         err = __neigh_update(neigh, NULL, NUD_FAILED,
1901                              NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1902                              NETLINK_CB(skb).portid, extack);
1903         write_lock_bh(&tbl->lock);
1904         neigh_release(neigh);
1905         neigh_remove_one(neigh, tbl);
1906         write_unlock_bh(&tbl->lock);
1907
1908 out:
1909         return err;
1910 }
1911
1912 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1913                      struct netlink_ext_ack *extack)
1914 {
1915         int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1916                     NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1917         struct net *net = sock_net(skb->sk);
1918         struct ndmsg *ndm;
1919         struct nlattr *tb[NDA_MAX+1];
1920         struct neigh_table *tbl;
1921         struct net_device *dev = NULL;
1922         struct neighbour *neigh;
1923         void *dst, *lladdr;
1924         u8 protocol = 0;
1925         u32 ndm_flags;
1926         int err;
1927
1928         ASSERT_RTNL();
1929         err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1930                                      nda_policy, extack);
1931         if (err < 0)
1932                 goto out;
1933
1934         err = -EINVAL;
1935         if (!tb[NDA_DST]) {
1936                 NL_SET_ERR_MSG(extack, "Network address not specified");
1937                 goto out;
1938         }
1939
1940         ndm = nlmsg_data(nlh);
1941         ndm_flags = ndm->ndm_flags;
1942         if (tb[NDA_FLAGS_EXT]) {
1943                 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
1944
1945                 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1946                              (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1947                               hweight32(NTF_EXT_MASK)));
1948                 ndm_flags |= (ext << NTF_EXT_SHIFT);
1949         }
1950         if (ndm->ndm_ifindex) {
1951                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1952                 if (dev == NULL) {
1953                         err = -ENODEV;
1954                         goto out;
1955                 }
1956
1957                 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1958                         NL_SET_ERR_MSG(extack, "Invalid link address");
1959                         goto out;
1960                 }
1961         }
1962
1963         tbl = neigh_find_table(ndm->ndm_family);
1964         if (tbl == NULL)
1965                 return -EAFNOSUPPORT;
1966
1967         if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1968                 NL_SET_ERR_MSG(extack, "Invalid network address");
1969                 goto out;
1970         }
1971
1972         dst = nla_data(tb[NDA_DST]);
1973         lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
1974
1975         if (tb[NDA_PROTOCOL])
1976                 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1977         if (ndm_flags & NTF_PROXY) {
1978                 struct pneigh_entry *pn;
1979
1980                 if (ndm_flags & NTF_MANAGED) {
1981                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
1982                         goto out;
1983                 }
1984
1985                 err = -ENOBUFS;
1986                 pn = pneigh_lookup(tbl, net, dst, dev, 1);
1987                 if (pn) {
1988                         pn->flags = ndm_flags;
1989                         if (protocol)
1990                                 pn->protocol = protocol;
1991                         err = 0;
1992                 }
1993                 goto out;
1994         }
1995
1996         if (!dev) {
1997                 NL_SET_ERR_MSG(extack, "Device not specified");
1998                 goto out;
1999         }
2000
2001         if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2002                 err = -EINVAL;
2003                 goto out;
2004         }
2005
2006         neigh = neigh_lookup(tbl, dst, dev);
2007         if (neigh == NULL) {
2008                 bool ndm_permanent  = ndm->ndm_state & NUD_PERMANENT;
2009                 bool exempt_from_gc = ndm_permanent ||
2010                                       ndm_flags & NTF_EXT_LEARNED;
2011
2012                 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2013                         err = -ENOENT;
2014                         goto out;
2015                 }
2016                 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2017                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2018                         err = -EINVAL;
2019                         goto out;
2020                 }
2021
2022                 neigh = ___neigh_create(tbl, dst, dev,
2023                                         ndm_flags &
2024                                         (NTF_EXT_LEARNED | NTF_MANAGED),
2025                                         exempt_from_gc, true);
2026                 if (IS_ERR(neigh)) {
2027                         err = PTR_ERR(neigh);
2028                         goto out;
2029                 }
2030         } else {
2031                 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2032                         err = -EEXIST;
2033                         neigh_release(neigh);
2034                         goto out;
2035                 }
2036
2037                 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2038                         flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2039                                    NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2040         }
2041
2042         if (protocol)
2043                 neigh->protocol = protocol;
2044         if (ndm_flags & NTF_EXT_LEARNED)
2045                 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2046         if (ndm_flags & NTF_ROUTER)
2047                 flags |= NEIGH_UPDATE_F_ISROUTER;
2048         if (ndm_flags & NTF_MANAGED)
2049                 flags |= NEIGH_UPDATE_F_MANAGED;
2050         if (ndm_flags & NTF_USE)
2051                 flags |= NEIGH_UPDATE_F_USE;
2052
2053         err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2054                              NETLINK_CB(skb).portid, extack);
2055         if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2056                 neigh_event_send(neigh, NULL);
2057                 err = 0;
2058         }
2059         neigh_release(neigh);
2060 out:
2061         return err;
2062 }
2063
2064 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2065 {
2066         struct nlattr *nest;
2067
2068         nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2069         if (nest == NULL)
2070                 return -ENOBUFS;
2071
2072         if ((parms->dev &&
2073              nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2074             nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2075             nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2076                         NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2077             /* approximative value for deprecated QUEUE_LEN (in packets) */
2078             nla_put_u32(skb, NDTPA_QUEUE_LEN,
2079                         NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2080             nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2081             nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2082             nla_put_u32(skb, NDTPA_UCAST_PROBES,
2083                         NEIGH_VAR(parms, UCAST_PROBES)) ||
2084             nla_put_u32(skb, NDTPA_MCAST_PROBES,
2085                         NEIGH_VAR(parms, MCAST_PROBES)) ||
2086             nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2087                         NEIGH_VAR(parms, MCAST_REPROBES)) ||
2088             nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2089                           NDTPA_PAD) ||
2090             nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2091                           NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2092             nla_put_msecs(skb, NDTPA_GC_STALETIME,
2093                           NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2094             nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2095                           NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2096             nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2097                           NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2098             nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2099                           NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2100             nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2101                           NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2102             nla_put_msecs(skb, NDTPA_LOCKTIME,
2103                           NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD))
2104                 goto nla_put_failure;
2105         return nla_nest_end(skb, nest);
2106
2107 nla_put_failure:
2108         nla_nest_cancel(skb, nest);
2109         return -EMSGSIZE;
2110 }
2111
2112 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2113                               u32 pid, u32 seq, int type, int flags)
2114 {
2115         struct nlmsghdr *nlh;
2116         struct ndtmsg *ndtmsg;
2117
2118         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2119         if (nlh == NULL)
2120                 return -EMSGSIZE;
2121
2122         ndtmsg = nlmsg_data(nlh);
2123
2124         read_lock_bh(&tbl->lock);
2125         ndtmsg->ndtm_family = tbl->family;
2126         ndtmsg->ndtm_pad1   = 0;
2127         ndtmsg->ndtm_pad2   = 0;
2128
2129         if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2130             nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2131             nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2132             nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2133             nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2134                 goto nla_put_failure;
2135         {
2136                 unsigned long now = jiffies;
2137                 long flush_delta = now - tbl->last_flush;
2138                 long rand_delta = now - tbl->last_rand;
2139                 struct neigh_hash_table *nht;
2140                 struct ndt_config ndc = {
2141                         .ndtc_key_len           = tbl->key_len,
2142                         .ndtc_entry_size        = tbl->entry_size,
2143                         .ndtc_entries           = atomic_read(&tbl->entries),
2144                         .ndtc_last_flush        = jiffies_to_msecs(flush_delta),
2145                         .ndtc_last_rand         = jiffies_to_msecs(rand_delta),
2146                         .ndtc_proxy_qlen        = tbl->proxy_queue.qlen,
2147                 };
2148
2149                 rcu_read_lock_bh();
2150                 nht = rcu_dereference_bh(tbl->nht);
2151                 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2152                 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2153                 rcu_read_unlock_bh();
2154
2155                 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2156                         goto nla_put_failure;
2157         }
2158
2159         {
2160                 int cpu;
2161                 struct ndt_stats ndst;
2162
2163                 memset(&ndst, 0, sizeof(ndst));
2164
2165                 for_each_possible_cpu(cpu) {
2166                         struct neigh_statistics *st;
2167
2168                         st = per_cpu_ptr(tbl->stats, cpu);
2169                         ndst.ndts_allocs                += st->allocs;
2170                         ndst.ndts_destroys              += st->destroys;
2171                         ndst.ndts_hash_grows            += st->hash_grows;
2172                         ndst.ndts_res_failed            += st->res_failed;
2173                         ndst.ndts_lookups               += st->lookups;
2174                         ndst.ndts_hits                  += st->hits;
2175                         ndst.ndts_rcv_probes_mcast      += st->rcv_probes_mcast;
2176                         ndst.ndts_rcv_probes_ucast      += st->rcv_probes_ucast;
2177                         ndst.ndts_periodic_gc_runs      += st->periodic_gc_runs;
2178                         ndst.ndts_forced_gc_runs        += st->forced_gc_runs;
2179                         ndst.ndts_table_fulls           += st->table_fulls;
2180                 }
2181
2182                 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2183                                   NDTA_PAD))
2184                         goto nla_put_failure;
2185         }
2186
2187         BUG_ON(tbl->parms.dev);
2188         if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2189                 goto nla_put_failure;
2190
2191         read_unlock_bh(&tbl->lock);
2192         nlmsg_end(skb, nlh);
2193         return 0;
2194
2195 nla_put_failure:
2196         read_unlock_bh(&tbl->lock);
2197         nlmsg_cancel(skb, nlh);
2198         return -EMSGSIZE;
2199 }
2200
2201 static int neightbl_fill_param_info(struct sk_buff *skb,
2202                                     struct neigh_table *tbl,
2203                                     struct neigh_parms *parms,
2204                                     u32 pid, u32 seq, int type,
2205                                     unsigned int flags)
2206 {
2207         struct ndtmsg *ndtmsg;
2208         struct nlmsghdr *nlh;
2209
2210         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2211         if (nlh == NULL)
2212                 return -EMSGSIZE;
2213
2214         ndtmsg = nlmsg_data(nlh);
2215
2216         read_lock_bh(&tbl->lock);
2217         ndtmsg->ndtm_family = tbl->family;
2218         ndtmsg->ndtm_pad1   = 0;
2219         ndtmsg->ndtm_pad2   = 0;
2220
2221         if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2222             neightbl_fill_parms(skb, parms) < 0)
2223                 goto errout;
2224
2225         read_unlock_bh(&tbl->lock);
2226         nlmsg_end(skb, nlh);
2227         return 0;
2228 errout:
2229         read_unlock_bh(&tbl->lock);
2230         nlmsg_cancel(skb, nlh);
2231         return -EMSGSIZE;
2232 }
2233
2234 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2235         [NDTA_NAME]             = { .type = NLA_STRING },
2236         [NDTA_THRESH1]          = { .type = NLA_U32 },
2237         [NDTA_THRESH2]          = { .type = NLA_U32 },
2238         [NDTA_THRESH3]          = { .type = NLA_U32 },
2239         [NDTA_GC_INTERVAL]      = { .type = NLA_U64 },
2240         [NDTA_PARMS]            = { .type = NLA_NESTED },
2241 };
2242
2243 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2244         [NDTPA_IFINDEX]                 = { .type = NLA_U32 },
2245         [NDTPA_QUEUE_LEN]               = { .type = NLA_U32 },
2246         [NDTPA_PROXY_QLEN]              = { .type = NLA_U32 },
2247         [NDTPA_APP_PROBES]              = { .type = NLA_U32 },
2248         [NDTPA_UCAST_PROBES]            = { .type = NLA_U32 },
2249         [NDTPA_MCAST_PROBES]            = { .type = NLA_U32 },
2250         [NDTPA_MCAST_REPROBES]          = { .type = NLA_U32 },
2251         [NDTPA_BASE_REACHABLE_TIME]     = { .type = NLA_U64 },
2252         [NDTPA_GC_STALETIME]            = { .type = NLA_U64 },
2253         [NDTPA_DELAY_PROBE_TIME]        = { .type = NLA_U64 },
2254         [NDTPA_RETRANS_TIME]            = { .type = NLA_U64 },
2255         [NDTPA_ANYCAST_DELAY]           = { .type = NLA_U64 },
2256         [NDTPA_PROXY_DELAY]             = { .type = NLA_U64 },
2257         [NDTPA_LOCKTIME]                = { .type = NLA_U64 },
2258 };
2259
2260 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2261                         struct netlink_ext_ack *extack)
2262 {
2263         struct net *net = sock_net(skb->sk);
2264         struct neigh_table *tbl;
2265         struct ndtmsg *ndtmsg;
2266         struct nlattr *tb[NDTA_MAX+1];
2267         bool found = false;
2268         int err, tidx;
2269
2270         err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2271                                      nl_neightbl_policy, extack);
2272         if (err < 0)
2273                 goto errout;
2274
2275         if (tb[NDTA_NAME] == NULL) {
2276                 err = -EINVAL;
2277                 goto errout;
2278         }
2279
2280         ndtmsg = nlmsg_data(nlh);
2281
2282         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2283                 tbl = neigh_tables[tidx];
2284                 if (!tbl)
2285                         continue;
2286                 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2287                         continue;
2288                 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2289                         found = true;
2290                         break;
2291                 }
2292         }
2293
2294         if (!found)
2295                 return -ENOENT;
2296
2297         /*
2298          * We acquire tbl->lock to be nice to the periodic timers and
2299          * make sure they always see a consistent set of values.
2300          */
2301         write_lock_bh(&tbl->lock);
2302
2303         if (tb[NDTA_PARMS]) {
2304                 struct nlattr *tbp[NDTPA_MAX+1];
2305                 struct neigh_parms *p;
2306                 int i, ifindex = 0;
2307
2308                 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2309                                                   tb[NDTA_PARMS],
2310                                                   nl_ntbl_parm_policy, extack);
2311                 if (err < 0)
2312                         goto errout_tbl_lock;
2313
2314                 if (tbp[NDTPA_IFINDEX])
2315                         ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2316
2317                 p = lookup_neigh_parms(tbl, net, ifindex);
2318                 if (p == NULL) {
2319                         err = -ENOENT;
2320                         goto errout_tbl_lock;
2321                 }
2322
2323                 for (i = 1; i <= NDTPA_MAX; i++) {
2324                         if (tbp[i] == NULL)
2325                                 continue;
2326
2327                         switch (i) {
2328                         case NDTPA_QUEUE_LEN:
2329                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2330                                               nla_get_u32(tbp[i]) *
2331                                               SKB_TRUESIZE(ETH_FRAME_LEN));
2332                                 break;
2333                         case NDTPA_QUEUE_LENBYTES:
2334                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2335                                               nla_get_u32(tbp[i]));
2336                                 break;
2337                         case NDTPA_PROXY_QLEN:
2338                                 NEIGH_VAR_SET(p, PROXY_QLEN,
2339                                               nla_get_u32(tbp[i]));
2340                                 break;
2341                         case NDTPA_APP_PROBES:
2342                                 NEIGH_VAR_SET(p, APP_PROBES,
2343                                               nla_get_u32(tbp[i]));
2344                                 break;
2345                         case NDTPA_UCAST_PROBES:
2346                                 NEIGH_VAR_SET(p, UCAST_PROBES,
2347                                               nla_get_u32(tbp[i]));
2348                                 break;
2349                         case NDTPA_MCAST_PROBES:
2350                                 NEIGH_VAR_SET(p, MCAST_PROBES,
2351                                               nla_get_u32(tbp[i]));
2352                                 break;
2353                         case NDTPA_MCAST_REPROBES:
2354                                 NEIGH_VAR_SET(p, MCAST_REPROBES,
2355                                               nla_get_u32(tbp[i]));
2356                                 break;
2357                         case NDTPA_BASE_REACHABLE_TIME:
2358                                 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2359                                               nla_get_msecs(tbp[i]));
2360                                 /* update reachable_time as well, otherwise, the change will
2361                                  * only be effective after the next time neigh_periodic_work
2362                                  * decides to recompute it (can be multiple minutes)
2363                                  */
2364                                 p->reachable_time =
2365                                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2366                                 break;
2367                         case NDTPA_GC_STALETIME:
2368                                 NEIGH_VAR_SET(p, GC_STALETIME,
2369                                               nla_get_msecs(tbp[i]));
2370                                 break;
2371                         case NDTPA_DELAY_PROBE_TIME:
2372                                 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2373                                               nla_get_msecs(tbp[i]));
2374                                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2375                                 break;
2376                         case NDTPA_RETRANS_TIME:
2377                                 NEIGH_VAR_SET(p, RETRANS_TIME,
2378                                               nla_get_msecs(tbp[i]));
2379                                 break;
2380                         case NDTPA_ANYCAST_DELAY:
2381                                 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2382                                               nla_get_msecs(tbp[i]));
2383                                 break;
2384                         case NDTPA_PROXY_DELAY:
2385                                 NEIGH_VAR_SET(p, PROXY_DELAY,
2386                                               nla_get_msecs(tbp[i]));
2387                                 break;
2388                         case NDTPA_LOCKTIME:
2389                                 NEIGH_VAR_SET(p, LOCKTIME,
2390                                               nla_get_msecs(tbp[i]));
2391                                 break;
2392                         }
2393                 }
2394         }
2395
2396         err = -ENOENT;
2397         if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2398              tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2399             !net_eq(net, &init_net))
2400                 goto errout_tbl_lock;
2401
2402         if (tb[NDTA_THRESH1])
2403                 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2404
2405         if (tb[NDTA_THRESH2])
2406                 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2407
2408         if (tb[NDTA_THRESH3])
2409                 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2410
2411         if (tb[NDTA_GC_INTERVAL])
2412                 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2413
2414         err = 0;
2415
2416 errout_tbl_lock:
2417         write_unlock_bh(&tbl->lock);
2418 errout:
2419         return err;
2420 }
2421
2422 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2423                                     struct netlink_ext_ack *extack)
2424 {
2425         struct ndtmsg *ndtm;
2426
2427         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2428                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2429                 return -EINVAL;
2430         }
2431
2432         ndtm = nlmsg_data(nlh);
2433         if (ndtm->ndtm_pad1  || ndtm->ndtm_pad2) {
2434                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2435                 return -EINVAL;
2436         }
2437
2438         if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2439                 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2440                 return -EINVAL;
2441         }
2442
2443         return 0;
2444 }
2445
2446 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2447 {
2448         const struct nlmsghdr *nlh = cb->nlh;
2449         struct net *net = sock_net(skb->sk);
2450         int family, tidx, nidx = 0;
2451         int tbl_skip = cb->args[0];
2452         int neigh_skip = cb->args[1];
2453         struct neigh_table *tbl;
2454
2455         if (cb->strict_check) {
2456                 int err = neightbl_valid_dump_info(nlh, cb->extack);
2457
2458                 if (err < 0)
2459                         return err;
2460         }
2461
2462         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2463
2464         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2465                 struct neigh_parms *p;
2466
2467                 tbl = neigh_tables[tidx];
2468                 if (!tbl)
2469                         continue;
2470
2471                 if (tidx < tbl_skip || (family && tbl->family != family))
2472                         continue;
2473
2474                 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2475                                        nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2476                                        NLM_F_MULTI) < 0)
2477                         break;
2478
2479                 nidx = 0;
2480                 p = list_next_entry(&tbl->parms, list);
2481                 list_for_each_entry_from(p, &tbl->parms_list, list) {
2482                         if (!net_eq(neigh_parms_net(p), net))
2483                                 continue;
2484
2485                         if (nidx < neigh_skip)
2486                                 goto next;
2487
2488                         if (neightbl_fill_param_info(skb, tbl, p,
2489                                                      NETLINK_CB(cb->skb).portid,
2490                                                      nlh->nlmsg_seq,
2491                                                      RTM_NEWNEIGHTBL,
2492                                                      NLM_F_MULTI) < 0)
2493                                 goto out;
2494                 next:
2495                         nidx++;
2496                 }
2497
2498                 neigh_skip = 0;
2499         }
2500 out:
2501         cb->args[0] = tidx;
2502         cb->args[1] = nidx;
2503
2504         return skb->len;
2505 }
2506
2507 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2508                            u32 pid, u32 seq, int type, unsigned int flags)
2509 {
2510         u32 neigh_flags, neigh_flags_ext;
2511         unsigned long now = jiffies;
2512         struct nda_cacheinfo ci;
2513         struct nlmsghdr *nlh;
2514         struct ndmsg *ndm;
2515
2516         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2517         if (nlh == NULL)
2518                 return -EMSGSIZE;
2519
2520         neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2521         neigh_flags     = neigh->flags & NTF_OLD_MASK;
2522
2523         ndm = nlmsg_data(nlh);
2524         ndm->ndm_family  = neigh->ops->family;
2525         ndm->ndm_pad1    = 0;
2526         ndm->ndm_pad2    = 0;
2527         ndm->ndm_flags   = neigh_flags;
2528         ndm->ndm_type    = neigh->type;
2529         ndm->ndm_ifindex = neigh->dev->ifindex;
2530
2531         if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2532                 goto nla_put_failure;
2533
2534         read_lock_bh(&neigh->lock);
2535         ndm->ndm_state   = neigh->nud_state;
2536         if (neigh->nud_state & NUD_VALID) {
2537                 char haddr[MAX_ADDR_LEN];
2538
2539                 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2540                 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2541                         read_unlock_bh(&neigh->lock);
2542                         goto nla_put_failure;
2543                 }
2544         }
2545
2546         ci.ndm_used      = jiffies_to_clock_t(now - neigh->used);
2547         ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2548         ci.ndm_updated   = jiffies_to_clock_t(now - neigh->updated);
2549         ci.ndm_refcnt    = refcount_read(&neigh->refcnt) - 1;
2550         read_unlock_bh(&neigh->lock);
2551
2552         if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2553             nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2554                 goto nla_put_failure;
2555
2556         if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2557                 goto nla_put_failure;
2558         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2559                 goto nla_put_failure;
2560
2561         nlmsg_end(skb, nlh);
2562         return 0;
2563
2564 nla_put_failure:
2565         nlmsg_cancel(skb, nlh);
2566         return -EMSGSIZE;
2567 }
2568
2569 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2570                             u32 pid, u32 seq, int type, unsigned int flags,
2571                             struct neigh_table *tbl)
2572 {
2573         u32 neigh_flags, neigh_flags_ext;
2574         struct nlmsghdr *nlh;
2575         struct ndmsg *ndm;
2576
2577         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2578         if (nlh == NULL)
2579                 return -EMSGSIZE;
2580
2581         neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2582         neigh_flags     = pn->flags & NTF_OLD_MASK;
2583
2584         ndm = nlmsg_data(nlh);
2585         ndm->ndm_family  = tbl->family;
2586         ndm->ndm_pad1    = 0;
2587         ndm->ndm_pad2    = 0;
2588         ndm->ndm_flags   = neigh_flags | NTF_PROXY;
2589         ndm->ndm_type    = RTN_UNICAST;
2590         ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2591         ndm->ndm_state   = NUD_NONE;
2592
2593         if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2594                 goto nla_put_failure;
2595
2596         if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2597                 goto nla_put_failure;
2598         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2599                 goto nla_put_failure;
2600
2601         nlmsg_end(skb, nlh);
2602         return 0;
2603
2604 nla_put_failure:
2605         nlmsg_cancel(skb, nlh);
2606         return -EMSGSIZE;
2607 }
2608
2609 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2610 {
2611         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2612         __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2613 }
2614
2615 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2616 {
2617         struct net_device *master;
2618
2619         if (!master_idx)
2620                 return false;
2621
2622         master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2623
2624         /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2625          * invalid value for ifindex to denote "no master".
2626          */
2627         if (master_idx == -1)
2628                 return !!master;
2629
2630         if (!master || master->ifindex != master_idx)
2631                 return true;
2632
2633         return false;
2634 }
2635
2636 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2637 {
2638         if (filter_idx && (!dev || dev->ifindex != filter_idx))
2639                 return true;
2640
2641         return false;
2642 }
2643
2644 struct neigh_dump_filter {
2645         int master_idx;
2646         int dev_idx;
2647 };
2648
2649 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2650                             struct netlink_callback *cb,
2651                             struct neigh_dump_filter *filter)
2652 {
2653         struct net *net = sock_net(skb->sk);
2654         struct neighbour *n;
2655         int rc, h, s_h = cb->args[1];
2656         int idx, s_idx = idx = cb->args[2];
2657         struct neigh_hash_table *nht;
2658         unsigned int flags = NLM_F_MULTI;
2659
2660         if (filter->dev_idx || filter->master_idx)
2661                 flags |= NLM_F_DUMP_FILTERED;
2662
2663         rcu_read_lock_bh();
2664         nht = rcu_dereference_bh(tbl->nht);
2665
2666         for (h = s_h; h < (1 << nht->hash_shift); h++) {
2667                 if (h > s_h)
2668                         s_idx = 0;
2669                 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2670                      n != NULL;
2671                      n = rcu_dereference_bh(n->next)) {
2672                         if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2673                                 goto next;
2674                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2675                             neigh_master_filtered(n->dev, filter->master_idx))
2676                                 goto next;
2677                         if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2678                                             cb->nlh->nlmsg_seq,
2679                                             RTM_NEWNEIGH,
2680                                             flags) < 0) {
2681                                 rc = -1;
2682                                 goto out;
2683                         }
2684 next:
2685                         idx++;
2686                 }
2687         }
2688         rc = skb->len;
2689 out:
2690         rcu_read_unlock_bh();
2691         cb->args[1] = h;
2692         cb->args[2] = idx;
2693         return rc;
2694 }
2695
2696 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2697                              struct netlink_callback *cb,
2698                              struct neigh_dump_filter *filter)
2699 {
2700         struct pneigh_entry *n;
2701         struct net *net = sock_net(skb->sk);
2702         int rc, h, s_h = cb->args[3];
2703         int idx, s_idx = idx = cb->args[4];
2704         unsigned int flags = NLM_F_MULTI;
2705
2706         if (filter->dev_idx || filter->master_idx)
2707                 flags |= NLM_F_DUMP_FILTERED;
2708
2709         read_lock_bh(&tbl->lock);
2710
2711         for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2712                 if (h > s_h)
2713                         s_idx = 0;
2714                 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2715                         if (idx < s_idx || pneigh_net(n) != net)
2716                                 goto next;
2717                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2718                             neigh_master_filtered(n->dev, filter->master_idx))
2719                                 goto next;
2720                         if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2721                                             cb->nlh->nlmsg_seq,
2722                                             RTM_NEWNEIGH, flags, tbl) < 0) {
2723                                 read_unlock_bh(&tbl->lock);
2724                                 rc = -1;
2725                                 goto out;
2726                         }
2727                 next:
2728                         idx++;
2729                 }
2730         }
2731
2732         read_unlock_bh(&tbl->lock);
2733         rc = skb->len;
2734 out:
2735         cb->args[3] = h;
2736         cb->args[4] = idx;
2737         return rc;
2738
2739 }
2740
2741 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2742                                 bool strict_check,
2743                                 struct neigh_dump_filter *filter,
2744                                 struct netlink_ext_ack *extack)
2745 {
2746         struct nlattr *tb[NDA_MAX + 1];
2747         int err, i;
2748
2749         if (strict_check) {
2750                 struct ndmsg *ndm;
2751
2752                 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2753                         NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2754                         return -EINVAL;
2755                 }
2756
2757                 ndm = nlmsg_data(nlh);
2758                 if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_ifindex ||
2759                     ndm->ndm_state || ndm->ndm_type) {
2760                         NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2761                         return -EINVAL;
2762                 }
2763
2764                 if (ndm->ndm_flags & ~NTF_PROXY) {
2765                         NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2766                         return -EINVAL;
2767                 }
2768
2769                 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2770                                                     tb, NDA_MAX, nda_policy,
2771                                                     extack);
2772         } else {
2773                 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2774                                              NDA_MAX, nda_policy, extack);
2775         }
2776         if (err < 0)
2777                 return err;
2778
2779         for (i = 0; i <= NDA_MAX; ++i) {
2780                 if (!tb[i])
2781                         continue;
2782
2783                 /* all new attributes should require strict_check */
2784                 switch (i) {
2785                 case NDA_IFINDEX:
2786                         filter->dev_idx = nla_get_u32(tb[i]);
2787                         break;
2788                 case NDA_MASTER:
2789                         filter->master_idx = nla_get_u32(tb[i]);
2790                         break;
2791                 default:
2792                         if (strict_check) {
2793                                 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2794                                 return -EINVAL;
2795                         }
2796                 }
2797         }
2798
2799         return 0;
2800 }
2801
2802 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2803 {
2804         const struct nlmsghdr *nlh = cb->nlh;
2805         struct neigh_dump_filter filter = {};
2806         struct neigh_table *tbl;
2807         int t, family, s_t;
2808         int proxy = 0;
2809         int err;
2810
2811         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2812
2813         /* check for full ndmsg structure presence, family member is
2814          * the same for both structures
2815          */
2816         if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2817             ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2818                 proxy = 1;
2819
2820         err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2821         if (err < 0 && cb->strict_check)
2822                 return err;
2823
2824         s_t = cb->args[0];
2825
2826         for (t = 0; t < NEIGH_NR_TABLES; t++) {
2827                 tbl = neigh_tables[t];
2828
2829                 if (!tbl)
2830                         continue;
2831                 if (t < s_t || (family && tbl->family != family))
2832                         continue;
2833                 if (t > s_t)
2834                         memset(&cb->args[1], 0, sizeof(cb->args) -
2835                                                 sizeof(cb->args[0]));
2836                 if (proxy)
2837                         err = pneigh_dump_table(tbl, skb, cb, &filter);
2838                 else
2839                         err = neigh_dump_table(tbl, skb, cb, &filter);
2840                 if (err < 0)
2841                         break;
2842         }
2843
2844         cb->args[0] = t;
2845         return skb->len;
2846 }
2847
2848 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2849                                struct neigh_table **tbl,
2850                                void **dst, int *dev_idx, u8 *ndm_flags,
2851                                struct netlink_ext_ack *extack)
2852 {
2853         struct nlattr *tb[NDA_MAX + 1];
2854         struct ndmsg *ndm;
2855         int err, i;
2856
2857         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2858                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2859                 return -EINVAL;
2860         }
2861
2862         ndm = nlmsg_data(nlh);
2863         if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_state ||
2864             ndm->ndm_type) {
2865                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2866                 return -EINVAL;
2867         }
2868
2869         if (ndm->ndm_flags & ~NTF_PROXY) {
2870                 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2871                 return -EINVAL;
2872         }
2873
2874         err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2875                                             NDA_MAX, nda_policy, extack);
2876         if (err < 0)
2877                 return err;
2878
2879         *ndm_flags = ndm->ndm_flags;
2880         *dev_idx = ndm->ndm_ifindex;
2881         *tbl = neigh_find_table(ndm->ndm_family);
2882         if (*tbl == NULL) {
2883                 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2884                 return -EAFNOSUPPORT;
2885         }
2886
2887         for (i = 0; i <= NDA_MAX; ++i) {
2888                 if (!tb[i])
2889                         continue;
2890
2891                 switch (i) {
2892                 case NDA_DST:
2893                         if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2894                                 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2895                                 return -EINVAL;
2896                         }
2897                         *dst = nla_data(tb[i]);
2898                         break;
2899                 default:
2900                         NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2901                         return -EINVAL;
2902                 }
2903         }
2904
2905         return 0;
2906 }
2907
2908 static inline size_t neigh_nlmsg_size(void)
2909 {
2910         return NLMSG_ALIGN(sizeof(struct ndmsg))
2911                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2912                + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2913                + nla_total_size(sizeof(struct nda_cacheinfo))
2914                + nla_total_size(4)  /* NDA_PROBES */
2915                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2916                + nla_total_size(1); /* NDA_PROTOCOL */
2917 }
2918
2919 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2920                            u32 pid, u32 seq)
2921 {
2922         struct sk_buff *skb;
2923         int err = 0;
2924
2925         skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2926         if (!skb)
2927                 return -ENOBUFS;
2928
2929         err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2930         if (err) {
2931                 kfree_skb(skb);
2932                 goto errout;
2933         }
2934
2935         err = rtnl_unicast(skb, net, pid);
2936 errout:
2937         return err;
2938 }
2939
2940 static inline size_t pneigh_nlmsg_size(void)
2941 {
2942         return NLMSG_ALIGN(sizeof(struct ndmsg))
2943                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2944                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2945                + nla_total_size(1); /* NDA_PROTOCOL */
2946 }
2947
2948 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2949                             u32 pid, u32 seq, struct neigh_table *tbl)
2950 {
2951         struct sk_buff *skb;
2952         int err = 0;
2953
2954         skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2955         if (!skb)
2956                 return -ENOBUFS;
2957
2958         err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2959         if (err) {
2960                 kfree_skb(skb);
2961                 goto errout;
2962         }
2963
2964         err = rtnl_unicast(skb, net, pid);
2965 errout:
2966         return err;
2967 }
2968
2969 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2970                      struct netlink_ext_ack *extack)
2971 {
2972         struct net *net = sock_net(in_skb->sk);
2973         struct net_device *dev = NULL;
2974         struct neigh_table *tbl = NULL;
2975         struct neighbour *neigh;
2976         void *dst = NULL;
2977         u8 ndm_flags = 0;
2978         int dev_idx = 0;
2979         int err;
2980
2981         err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
2982                                   extack);
2983         if (err < 0)
2984                 return err;
2985
2986         if (dev_idx) {
2987                 dev = __dev_get_by_index(net, dev_idx);
2988                 if (!dev) {
2989                         NL_SET_ERR_MSG(extack, "Unknown device ifindex");
2990                         return -ENODEV;
2991                 }
2992         }
2993
2994         if (!dst) {
2995                 NL_SET_ERR_MSG(extack, "Network address not specified");
2996                 return -EINVAL;
2997         }
2998
2999         if (ndm_flags & NTF_PROXY) {
3000                 struct pneigh_entry *pn;
3001
3002                 pn = pneigh_lookup(tbl, net, dst, dev, 0);
3003                 if (!pn) {
3004                         NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3005                         return -ENOENT;
3006                 }
3007                 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3008                                         nlh->nlmsg_seq, tbl);
3009         }
3010
3011         if (!dev) {
3012                 NL_SET_ERR_MSG(extack, "No device specified");
3013                 return -EINVAL;
3014         }
3015
3016         neigh = neigh_lookup(tbl, dst, dev);
3017         if (!neigh) {
3018                 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3019                 return -ENOENT;
3020         }
3021
3022         err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3023                               nlh->nlmsg_seq);
3024
3025         neigh_release(neigh);
3026
3027         return err;
3028 }
3029
3030 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3031 {
3032         int chain;
3033         struct neigh_hash_table *nht;
3034
3035         rcu_read_lock_bh();
3036         nht = rcu_dereference_bh(tbl->nht);
3037
3038         read_lock(&tbl->lock); /* avoid resizes */
3039         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3040                 struct neighbour *n;
3041
3042                 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3043                      n != NULL;
3044                      n = rcu_dereference_bh(n->next))
3045                         cb(n, cookie);
3046         }
3047         read_unlock(&tbl->lock);
3048         rcu_read_unlock_bh();
3049 }
3050 EXPORT_SYMBOL(neigh_for_each);
3051
3052 /* The tbl->lock must be held as a writer and BH disabled. */
3053 void __neigh_for_each_release(struct neigh_table *tbl,
3054                               int (*cb)(struct neighbour *))
3055 {
3056         int chain;
3057         struct neigh_hash_table *nht;
3058
3059         nht = rcu_dereference_protected(tbl->nht,
3060                                         lockdep_is_held(&tbl->lock));
3061         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3062                 struct neighbour *n;
3063                 struct neighbour __rcu **np;
3064
3065                 np = &nht->hash_buckets[chain];
3066                 while ((n = rcu_dereference_protected(*np,
3067                                         lockdep_is_held(&tbl->lock))) != NULL) {
3068                         int release;
3069
3070                         write_lock(&n->lock);
3071                         release = cb(n);
3072                         if (release) {
3073                                 rcu_assign_pointer(*np,
3074                                         rcu_dereference_protected(n->next,
3075                                                 lockdep_is_held(&tbl->lock)));
3076                                 neigh_mark_dead(n);
3077                         } else
3078                                 np = &n->next;
3079                         write_unlock(&n->lock);
3080                         if (release)
3081                                 neigh_cleanup_and_release(n);
3082                 }
3083         }
3084 }
3085 EXPORT_SYMBOL(__neigh_for_each_release);
3086
3087 int neigh_xmit(int index, struct net_device *dev,
3088                const void *addr, struct sk_buff *skb)
3089 {
3090         int err = -EAFNOSUPPORT;
3091         if (likely(index < NEIGH_NR_TABLES)) {
3092                 struct neigh_table *tbl;
3093                 struct neighbour *neigh;
3094
3095                 tbl = neigh_tables[index];
3096                 if (!tbl)
3097                         goto out;
3098                 rcu_read_lock_bh();
3099                 if (index == NEIGH_ARP_TABLE) {
3100                         u32 key = *((u32 *)addr);
3101
3102                         neigh = __ipv4_neigh_lookup_noref(dev, key);
3103                 } else {
3104                         neigh = __neigh_lookup_noref(tbl, addr, dev);
3105                 }
3106                 if (!neigh)
3107                         neigh = __neigh_create(tbl, addr, dev, false);
3108                 err = PTR_ERR(neigh);
3109                 if (IS_ERR(neigh)) {
3110                         rcu_read_unlock_bh();
3111                         goto out_kfree_skb;
3112                 }
3113                 err = neigh->output(neigh, skb);
3114                 rcu_read_unlock_bh();
3115         }
3116         else if (index == NEIGH_LINK_TABLE) {
3117                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3118                                       addr, NULL, skb->len);
3119                 if (err < 0)
3120                         goto out_kfree_skb;
3121                 err = dev_queue_xmit(skb);
3122         }
3123 out:
3124         return err;
3125 out_kfree_skb:
3126         kfree_skb(skb);
3127         goto out;
3128 }
3129 EXPORT_SYMBOL(neigh_xmit);
3130
3131 #ifdef CONFIG_PROC_FS
3132
3133 static struct neighbour *neigh_get_first(struct seq_file *seq)
3134 {
3135         struct neigh_seq_state *state = seq->private;
3136         struct net *net = seq_file_net(seq);
3137         struct neigh_hash_table *nht = state->nht;
3138         struct neighbour *n = NULL;
3139         int bucket;
3140
3141         state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3142         for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3143                 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3144
3145                 while (n) {
3146                         if (!net_eq(dev_net(n->dev), net))
3147                                 goto next;
3148                         if (state->neigh_sub_iter) {
3149                                 loff_t fakep = 0;
3150                                 void *v;
3151
3152                                 v = state->neigh_sub_iter(state, n, &fakep);
3153                                 if (!v)
3154                                         goto next;
3155                         }
3156                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3157                                 break;
3158                         if (n->nud_state & ~NUD_NOARP)
3159                                 break;
3160 next:
3161                         n = rcu_dereference_bh(n->next);
3162                 }
3163
3164                 if (n)
3165                         break;
3166         }
3167         state->bucket = bucket;
3168
3169         return n;
3170 }
3171
3172 static struct neighbour *neigh_get_next(struct seq_file *seq,
3173                                         struct neighbour *n,
3174                                         loff_t *pos)
3175 {
3176         struct neigh_seq_state *state = seq->private;
3177         struct net *net = seq_file_net(seq);
3178         struct neigh_hash_table *nht = state->nht;
3179
3180         if (state->neigh_sub_iter) {
3181                 void *v = state->neigh_sub_iter(state, n, pos);
3182                 if (v)
3183                         return n;
3184         }
3185         n = rcu_dereference_bh(n->next);
3186
3187         while (1) {
3188                 while (n) {
3189                         if (!net_eq(dev_net(n->dev), net))
3190                                 goto next;
3191                         if (state->neigh_sub_iter) {
3192                                 void *v = state->neigh_sub_iter(state, n, pos);
3193                                 if (v)
3194                                         return n;
3195                                 goto next;
3196                         }
3197                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3198                                 break;
3199
3200                         if (n->nud_state & ~NUD_NOARP)
3201                                 break;
3202 next:
3203                         n = rcu_dereference_bh(n->next);
3204                 }
3205
3206                 if (n)
3207                         break;
3208
3209                 if (++state->bucket >= (1 << nht->hash_shift))
3210                         break;
3211
3212                 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3213         }
3214
3215         if (n && pos)
3216                 --(*pos);
3217         return n;
3218 }
3219
3220 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3221 {
3222         struct neighbour *n = neigh_get_first(seq);
3223
3224         if (n) {
3225                 --(*pos);
3226                 while (*pos) {
3227                         n = neigh_get_next(seq, n, pos);
3228                         if (!n)
3229                                 break;
3230                 }
3231         }
3232         return *pos ? NULL : n;
3233 }
3234
3235 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3236 {
3237         struct neigh_seq_state *state = seq->private;
3238         struct net *net = seq_file_net(seq);
3239         struct neigh_table *tbl = state->tbl;
3240         struct pneigh_entry *pn = NULL;
3241         int bucket;
3242
3243         state->flags |= NEIGH_SEQ_IS_PNEIGH;
3244         for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3245                 pn = tbl->phash_buckets[bucket];
3246                 while (pn && !net_eq(pneigh_net(pn), net))
3247                         pn = pn->next;
3248                 if (pn)
3249                         break;
3250         }
3251         state->bucket = bucket;
3252
3253         return pn;
3254 }
3255
3256 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3257                                             struct pneigh_entry *pn,
3258                                             loff_t *pos)
3259 {
3260         struct neigh_seq_state *state = seq->private;
3261         struct net *net = seq_file_net(seq);
3262         struct neigh_table *tbl = state->tbl;
3263
3264         do {
3265                 pn = pn->next;
3266         } while (pn && !net_eq(pneigh_net(pn), net));
3267
3268         while (!pn) {
3269                 if (++state->bucket > PNEIGH_HASHMASK)
3270                         break;
3271                 pn = tbl->phash_buckets[state->bucket];
3272                 while (pn && !net_eq(pneigh_net(pn), net))
3273                         pn = pn->next;
3274                 if (pn)
3275                         break;
3276         }
3277
3278         if (pn && pos)
3279                 --(*pos);
3280
3281         return pn;
3282 }
3283
3284 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3285 {
3286         struct pneigh_entry *pn = pneigh_get_first(seq);
3287
3288         if (pn) {
3289                 --(*pos);
3290                 while (*pos) {
3291                         pn = pneigh_get_next(seq, pn, pos);
3292                         if (!pn)
3293                                 break;
3294                 }
3295         }
3296         return *pos ? NULL : pn;
3297 }
3298
3299 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3300 {
3301         struct neigh_seq_state *state = seq->private;
3302         void *rc;
3303         loff_t idxpos = *pos;
3304
3305         rc = neigh_get_idx(seq, &idxpos);
3306         if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3307                 rc = pneigh_get_idx(seq, &idxpos);
3308
3309         return rc;
3310 }
3311
3312 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3313         __acquires(tbl->lock)
3314         __acquires(rcu_bh)
3315 {
3316         struct neigh_seq_state *state = seq->private;
3317
3318         state->tbl = tbl;
3319         state->bucket = 0;
3320         state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3321
3322         rcu_read_lock_bh();
3323         state->nht = rcu_dereference_bh(tbl->nht);
3324         read_lock(&tbl->lock);
3325
3326         return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3327 }
3328 EXPORT_SYMBOL(neigh_seq_start);
3329
3330 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3331 {
3332         struct neigh_seq_state *state;
3333         void *rc;
3334
3335         if (v == SEQ_START_TOKEN) {
3336                 rc = neigh_get_first(seq);
3337                 goto out;
3338         }
3339
3340         state = seq->private;
3341         if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3342                 rc = neigh_get_next(seq, v, NULL);
3343                 if (rc)
3344                         goto out;
3345                 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3346                         rc = pneigh_get_first(seq);
3347         } else {
3348                 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3349                 rc = pneigh_get_next(seq, v, NULL);
3350         }
3351 out:
3352         ++(*pos);
3353         return rc;
3354 }
3355 EXPORT_SYMBOL(neigh_seq_next);
3356
3357 void neigh_seq_stop(struct seq_file *seq, void *v)
3358         __releases(tbl->lock)
3359         __releases(rcu_bh)
3360 {
3361         struct neigh_seq_state *state = seq->private;
3362         struct neigh_table *tbl = state->tbl;
3363
3364         read_unlock(&tbl->lock);
3365         rcu_read_unlock_bh();
3366 }
3367 EXPORT_SYMBOL(neigh_seq_stop);
3368
3369 /* statistics via seq_file */
3370
3371 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3372 {
3373         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3374         int cpu;
3375
3376         if (*pos == 0)
3377                 return SEQ_START_TOKEN;
3378
3379         for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3380                 if (!cpu_possible(cpu))
3381                         continue;
3382                 *pos = cpu+1;
3383                 return per_cpu_ptr(tbl->stats, cpu);
3384         }
3385         return NULL;
3386 }
3387
3388 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3389 {
3390         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3391         int cpu;
3392
3393         for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3394                 if (!cpu_possible(cpu))
3395                         continue;
3396                 *pos = cpu+1;
3397                 return per_cpu_ptr(tbl->stats, cpu);
3398         }
3399         (*pos)++;
3400         return NULL;
3401 }
3402
3403 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3404 {
3405
3406 }
3407
3408 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3409 {
3410         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3411         struct neigh_statistics *st = v;
3412
3413         if (v == SEQ_START_TOKEN) {
3414                 seq_puts(seq, "entries  allocs   destroys hash_grows lookups  hits     res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3415                 return 0;
3416         }
3417
3418         seq_printf(seq, "%08x %08lx %08lx %08lx   %08lx %08lx %08lx   "
3419                         "%08lx         %08lx         %08lx         "
3420                         "%08lx       %08lx            %08lx\n",
3421                    atomic_read(&tbl->entries),
3422
3423                    st->allocs,
3424                    st->destroys,
3425                    st->hash_grows,
3426
3427                    st->lookups,
3428                    st->hits,
3429
3430                    st->res_failed,
3431
3432                    st->rcv_probes_mcast,
3433                    st->rcv_probes_ucast,
3434
3435                    st->periodic_gc_runs,
3436                    st->forced_gc_runs,
3437                    st->unres_discards,
3438                    st->table_fulls
3439                    );
3440
3441         return 0;
3442 }
3443
3444 static const struct seq_operations neigh_stat_seq_ops = {
3445         .start  = neigh_stat_seq_start,
3446         .next   = neigh_stat_seq_next,
3447         .stop   = neigh_stat_seq_stop,
3448         .show   = neigh_stat_seq_show,
3449 };
3450 #endif /* CONFIG_PROC_FS */
3451
3452 static void __neigh_notify(struct neighbour *n, int type, int flags,
3453                            u32 pid)
3454 {
3455         struct net *net = dev_net(n->dev);
3456         struct sk_buff *skb;
3457         int err = -ENOBUFS;
3458
3459         skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3460         if (skb == NULL)
3461                 goto errout;
3462
3463         err = neigh_fill_info(skb, n, pid, 0, type, flags);
3464         if (err < 0) {
3465                 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3466                 WARN_ON(err == -EMSGSIZE);
3467                 kfree_skb(skb);
3468                 goto errout;
3469         }
3470         rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3471         return;
3472 errout:
3473         if (err < 0)
3474                 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3475 }
3476
3477 void neigh_app_ns(struct neighbour *n)
3478 {
3479         __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3480 }
3481 EXPORT_SYMBOL(neigh_app_ns);
3482
3483 #ifdef CONFIG_SYSCTL
3484 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3485
3486 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3487                            void *buffer, size_t *lenp, loff_t *ppos)
3488 {
3489         int size, ret;
3490         struct ctl_table tmp = *ctl;
3491
3492         tmp.extra1 = SYSCTL_ZERO;
3493         tmp.extra2 = &unres_qlen_max;
3494         tmp.data = &size;
3495
3496         size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3497         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3498
3499         if (write && !ret)
3500                 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3501         return ret;
3502 }
3503
3504 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3505                                                    int family)
3506 {
3507         switch (family) {
3508         case AF_INET:
3509                 return __in_dev_arp_parms_get_rcu(dev);
3510         case AF_INET6:
3511                 return __in6_dev_nd_parms_get_rcu(dev);
3512         }
3513         return NULL;
3514 }
3515
3516 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3517                                   int index)
3518 {
3519         struct net_device *dev;
3520         int family = neigh_parms_family(p);
3521
3522         rcu_read_lock();
3523         for_each_netdev_rcu(net, dev) {
3524                 struct neigh_parms *dst_p =
3525                                 neigh_get_dev_parms_rcu(dev, family);
3526
3527                 if (dst_p && !test_bit(index, dst_p->data_state))
3528                         dst_p->data[index] = p->data[index];
3529         }
3530         rcu_read_unlock();
3531 }
3532
3533 static void neigh_proc_update(struct ctl_table *ctl, int write)
3534 {
3535         struct net_device *dev = ctl->extra1;
3536         struct neigh_parms *p = ctl->extra2;
3537         struct net *net = neigh_parms_net(p);
3538         int index = (int *) ctl->data - p->data;
3539
3540         if (!write)
3541                 return;
3542
3543         set_bit(index, p->data_state);
3544         if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3545                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3546         if (!dev) /* NULL dev means this is default value */
3547                 neigh_copy_dflt_parms(net, p, index);
3548 }
3549
3550 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3551                                            void *buffer, size_t *lenp,
3552                                            loff_t *ppos)
3553 {
3554         struct ctl_table tmp = *ctl;
3555         int ret;
3556
3557         tmp.extra1 = SYSCTL_ZERO;
3558         tmp.extra2 = SYSCTL_INT_MAX;
3559
3560         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3561         neigh_proc_update(ctl, write);
3562         return ret;
3563 }
3564
3565 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3566                         size_t *lenp, loff_t *ppos)
3567 {
3568         int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3569
3570         neigh_proc_update(ctl, write);
3571         return ret;
3572 }
3573 EXPORT_SYMBOL(neigh_proc_dointvec);
3574
3575 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3576                                 size_t *lenp, loff_t *ppos)
3577 {
3578         int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3579
3580         neigh_proc_update(ctl, write);
3581         return ret;
3582 }
3583 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3584
3585 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3586                                               void *buffer, size_t *lenp,
3587                                               loff_t *ppos)
3588 {
3589         int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3590
3591         neigh_proc_update(ctl, write);
3592         return ret;
3593 }
3594
3595 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3596                                    void *buffer, size_t *lenp, loff_t *ppos)
3597 {
3598         int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3599
3600         neigh_proc_update(ctl, write);
3601         return ret;
3602 }
3603 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3604
3605 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3606                                           void *buffer, size_t *lenp,
3607                                           loff_t *ppos)
3608 {
3609         int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3610
3611         neigh_proc_update(ctl, write);
3612         return ret;
3613 }
3614
3615 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3616                                           void *buffer, size_t *lenp,
3617                                           loff_t *ppos)
3618 {
3619         struct neigh_parms *p = ctl->extra2;
3620         int ret;
3621
3622         if (strcmp(ctl->procname, "base_reachable_time") == 0)
3623                 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3624         else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3625                 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3626         else
3627                 ret = -1;
3628
3629         if (write && ret == 0) {
3630                 /* update reachable_time as well, otherwise, the change will
3631                  * only be effective after the next time neigh_periodic_work
3632                  * decides to recompute it
3633                  */
3634                 p->reachable_time =
3635                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3636         }
3637         return ret;
3638 }
3639
3640 #define NEIGH_PARMS_DATA_OFFSET(index)  \
3641         (&((struct neigh_parms *) 0)->data[index])
3642
3643 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3644         [NEIGH_VAR_ ## attr] = { \
3645                 .procname       = name, \
3646                 .data           = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3647                 .maxlen         = sizeof(int), \
3648                 .mode           = mval, \
3649                 .proc_handler   = proc, \
3650         }
3651
3652 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3653         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3654
3655 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3656         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3657
3658 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3659         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3660
3661 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3662         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3663
3664 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3665         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3666
3667 static struct neigh_sysctl_table {
3668         struct ctl_table_header *sysctl_header;
3669         struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3670 } neigh_sysctl_template __read_mostly = {
3671         .neigh_vars = {
3672                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3673                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3674                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3675                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3676                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3677                 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3678                 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3679                 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3680                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3681                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3682                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3683                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3684                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3685                 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3686                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3687                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3688                 [NEIGH_VAR_GC_INTERVAL] = {
3689                         .procname       = "gc_interval",
3690                         .maxlen         = sizeof(int),
3691                         .mode           = 0644,
3692                         .proc_handler   = proc_dointvec_jiffies,
3693                 },
3694                 [NEIGH_VAR_GC_THRESH1] = {
3695                         .procname       = "gc_thresh1",
3696                         .maxlen         = sizeof(int),
3697                         .mode           = 0644,
3698                         .extra1         = SYSCTL_ZERO,
3699                         .extra2         = SYSCTL_INT_MAX,
3700                         .proc_handler   = proc_dointvec_minmax,
3701                 },
3702                 [NEIGH_VAR_GC_THRESH2] = {
3703                         .procname       = "gc_thresh2",
3704                         .maxlen         = sizeof(int),
3705                         .mode           = 0644,
3706                         .extra1         = SYSCTL_ZERO,
3707                         .extra2         = SYSCTL_INT_MAX,
3708                         .proc_handler   = proc_dointvec_minmax,
3709                 },
3710                 [NEIGH_VAR_GC_THRESH3] = {
3711                         .procname       = "gc_thresh3",
3712                         .maxlen         = sizeof(int),
3713                         .mode           = 0644,
3714                         .extra1         = SYSCTL_ZERO,
3715                         .extra2         = SYSCTL_INT_MAX,
3716                         .proc_handler   = proc_dointvec_minmax,
3717                 },
3718                 {},
3719         },
3720 };
3721
3722 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3723                           proc_handler *handler)
3724 {
3725         int i;
3726         struct neigh_sysctl_table *t;
3727         const char *dev_name_source;
3728         char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3729         char *p_name;
3730
3731         t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL);
3732         if (!t)
3733                 goto err;
3734
3735         for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3736                 t->neigh_vars[i].data += (long) p;
3737                 t->neigh_vars[i].extra1 = dev;
3738                 t->neigh_vars[i].extra2 = p;
3739         }
3740
3741         if (dev) {
3742                 dev_name_source = dev->name;
3743                 /* Terminate the table early */
3744                 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3745                        sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3746         } else {
3747                 struct neigh_table *tbl = p->tbl;
3748                 dev_name_source = "default";
3749                 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3750                 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3751                 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3752                 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3753         }
3754
3755         if (handler) {
3756                 /* RetransTime */
3757                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3758                 /* ReachableTime */
3759                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3760                 /* RetransTime (in milliseconds)*/
3761                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3762                 /* ReachableTime (in milliseconds) */
3763                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3764         } else {
3765                 /* Those handlers will update p->reachable_time after
3766                  * base_reachable_time(_ms) is set to ensure the new timer starts being
3767                  * applied after the next neighbour update instead of waiting for
3768                  * neigh_periodic_work to update its value (can be multiple minutes)
3769                  * So any handler that replaces them should do this as well
3770                  */
3771                 /* ReachableTime */
3772                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3773                         neigh_proc_base_reachable_time;
3774                 /* ReachableTime (in milliseconds) */
3775                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3776                         neigh_proc_base_reachable_time;
3777         }
3778
3779         switch (neigh_parms_family(p)) {
3780         case AF_INET:
3781               p_name = "ipv4";
3782               break;
3783         case AF_INET6:
3784               p_name = "ipv6";
3785               break;
3786         default:
3787               BUG();
3788         }
3789
3790         snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3791                 p_name, dev_name_source);
3792         t->sysctl_header =
3793                 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3794         if (!t->sysctl_header)
3795                 goto free;
3796
3797         p->sysctl_table = t;
3798         return 0;
3799
3800 free:
3801         kfree(t);
3802 err:
3803         return -ENOBUFS;
3804 }
3805 EXPORT_SYMBOL(neigh_sysctl_register);
3806
3807 void neigh_sysctl_unregister(struct neigh_parms *p)
3808 {
3809         if (p->sysctl_table) {
3810                 struct neigh_sysctl_table *t = p->sysctl_table;
3811                 p->sysctl_table = NULL;
3812                 unregister_net_sysctl_table(t->sysctl_header);
3813                 kfree(t);
3814         }
3815 }
3816 EXPORT_SYMBOL(neigh_sysctl_unregister);
3817
3818 #endif  /* CONFIG_SYSCTL */
3819
3820 static int __init neigh_init(void)
3821 {
3822         rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3823         rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3824         rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3825
3826         rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3827                       0);
3828         rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3829
3830         return 0;
3831 }
3832
3833 subsys_initcall(neigh_init);
MicroBlaze GIT Repository