net/core/neighbour.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *      Generic address resolution entity
   4  *
   5  *      Authors:
   6  *      Pedro Roque             <roque@di.fc.ul.pt>
   7  *      Alexey Kuznetsov        <kuznet@ms2.inr.ac.ru>
   8  *
   9  *      Fixes:
  10  *      Vitaly E. Lavrov        releasing NULL neighbor in neigh_add.
  11  *      Harald Welte            Add neighbour cache statistics like rtstat
  12  */
  13
  14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  15
  16 #include <linux/slab.h>
  17 #include <linux/kmemleak.h>
  18 #include <linux/types.h>
  19 #include <linux/kernel.h>
  20 #include <linux/module.h>
  21 #include <linux/socket.h>
  22 #include <linux/netdevice.h>
  23 #include <linux/proc_fs.h>
  24 #ifdef CONFIG_SYSCTL
  25 #include <linux/sysctl.h>
  26 #endif
  27 #include <linux/times.h>
  28 #include <net/net_namespace.h>
  29 #include <net/neighbour.h>
  30 #include <net/arp.h>
  31 #include <net/dst.h>
  32 #include <net/sock.h>
  33 #include <net/netevent.h>
  34 #include <net/netlink.h>
  35 #include <linux/rtnetlink.h>
  36 #include <linux/random.h>
  37 #include <linux/string.h>
  38 #include <linux/log2.h>
  39 #include <linux/inetdevice.h>
  40 #include <net/addrconf.h>
  41
  42 #include <trace/events/neigh.h>
  43
  44 #define NEIGH_DEBUG 1
  45 #define neigh_dbg(level, fmt, ...)              \
  46 do {                                            \
  47         if (level <= NEIGH_DEBUG)               \
  48                 pr_debug(fmt, ##__VA_ARGS__);   \
  49 } while (0)
  50
  51 #define PNEIGH_HASHMASK         0xF
  52
  53 static void neigh_timer_handler(struct timer_list *t);
  54 static void __neigh_notify(struct neighbour *n, int type, int flags,
  55                            u32 pid);
  56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
  57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
  58                                     struct net_device *dev);
  59
  60 #ifdef CONFIG_PROC_FS
  61 static const struct seq_operations neigh_stat_seq_ops;
  62 #endif
  63
  64 /*
  65    Neighbour hash table buckets are protected with rwlock tbl->lock.
  66
  67    - All the scans/updates to hash buckets MUST be made under this lock.
  68    - NOTHING clever should be made under this lock: no callbacks
  69      to protocol backends, no attempts to send something to network.
  70      It will result in deadlocks, if backend/driver wants to use neighbour
  71      cache.
  72    - If the entry requires some non-trivial actions, increase
  73      its reference count and release table lock.
  74
  75    Neighbour entries are protected:
  76    - with reference count.
  77    - with rwlock neigh->lock
  78
  79    Reference count prevents destruction.
  80
  81    neigh->lock mainly serializes ll address data and its validity state.
  82    However, the same lock is used to protect another entry fields:
  83     - timer
  84     - resolution queue
  85
  86    Again, nothing clever shall be made under neigh->lock,
  87    the most complicated procedure, which we allow is dev->hard_header.
  88    It is supposed, that dev->hard_header is simplistic and does
  89    not make callbacks to neighbour tables.
  90  */
  91
  92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
  93 {
  94         kfree_skb(skb);
  95         return -ENETDOWN;
  96 }
  97
  98 static void neigh_cleanup_and_release(struct neighbour *neigh)
  99 {
 100         trace_neigh_cleanup_and_release(neigh, 0);
 101         __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
 102         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
 103         neigh_release(neigh);
 104 }
 105
 106 /*
 107  * It is random distribution in the interval (1/2)*base...(3/2)*base.
 108  * It corresponds to default IPv6 settings and is not overridable,
 109  * because it is really reasonable choice.
 110  */
 111
 112 unsigned long neigh_rand_reach_time(unsigned long base)
 113 {
 114         return base ? (prandom_u32() % base) + (base >> 1) : 0;
 115 }
 116 EXPORT_SYMBOL(neigh_rand_reach_time);
 117
 118 static void neigh_mark_dead(struct neighbour *n)
 119 {
 120         n->dead = 1;
 121         if (!list_empty(&n->gc_list)) {
 122                 list_del_init(&n->gc_list);
 123                 atomic_dec(&n->tbl->gc_entries);
 124         }
 125         if (!list_empty(&n->managed_list))
 126                 list_del_init(&n->managed_list);
 127 }
 128
 129 static void neigh_update_gc_list(struct neighbour *n)
 130 {
 131         bool on_gc_list, exempt_from_gc;
 132
 133         write_lock_bh(&n->tbl->lock);
 134         write_lock(&n->lock);
 135         if (n->dead)
 136                 goto out;
 137
 138         /* remove from the gc list if new state is permanent or if neighbor
 139          * is externally learned; otherwise entry should be on the gc list
 140          */
 141         exempt_from_gc = n->nud_state & NUD_PERMANENT ||
 142                          n->flags & NTF_EXT_LEARNED;
 143         on_gc_list = !list_empty(&n->gc_list);
 144
 145         if (exempt_from_gc && on_gc_list) {
 146                 list_del_init(&n->gc_list);
 147                 atomic_dec(&n->tbl->gc_entries);
 148         } else if (!exempt_from_gc && !on_gc_list) {
 149                 /* add entries to the tail; cleaning removes from the front */
 150                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
 151                 atomic_inc(&n->tbl->gc_entries);
 152         }
 153 out:
 154         write_unlock(&n->lock);
 155         write_unlock_bh(&n->tbl->lock);
 156 }
 157
 158 static void neigh_update_managed_list(struct neighbour *n)
 159 {
 160         bool on_managed_list, add_to_managed;
 161
 162         write_lock_bh(&n->tbl->lock);
 163         write_lock(&n->lock);
 164         if (n->dead)
 165                 goto out;
 166
 167         add_to_managed = n->flags & NTF_MANAGED;
 168         on_managed_list = !list_empty(&n->managed_list);
 169
 170         if (!add_to_managed && on_managed_list)
 171                 list_del_init(&n->managed_list);
 172         else if (add_to_managed && !on_managed_list)
 173                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
 174 out:
 175         write_unlock(&n->lock);
 176         write_unlock_bh(&n->tbl->lock);
 177 }
 178
 179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
 180                                bool *gc_update, bool *managed_update)
 181 {
 182         u32 ndm_flags, old_flags = neigh->flags;
 183
 184         if (!(flags & NEIGH_UPDATE_F_ADMIN))
 185                 return;
 186
 187         ndm_flags  = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
 188         ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
 189
 190         if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
 191                 if (ndm_flags & NTF_EXT_LEARNED)
 192                         neigh->flags |= NTF_EXT_LEARNED;
 193                 else
 194                         neigh->flags &= ~NTF_EXT_LEARNED;
 195                 *notify = 1;
 196                 *gc_update = true;
 197         }
 198         if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
 199                 if (ndm_flags & NTF_MANAGED)
 200                         neigh->flags |= NTF_MANAGED;
 201                 else
 202                         neigh->flags &= ~NTF_MANAGED;
 203                 *notify = 1;
 204                 *managed_update = true;
 205         }
 206 }
 207
 208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
 209                       struct neigh_table *tbl)
 210 {
 211         bool retval = false;
 212
 213         write_lock(&n->lock);
 214         if (refcount_read(&n->refcnt) == 1) {
 215                 struct neighbour *neigh;
 216
 217                 neigh = rcu_dereference_protected(n->next,
 218                                                   lockdep_is_held(&tbl->lock));
 219                 rcu_assign_pointer(*np, neigh);
 220                 neigh_mark_dead(n);
 221                 retval = true;
 222         }
 223         write_unlock(&n->lock);
 224         if (retval)
 225                 neigh_cleanup_and_release(n);
 226         return retval;
 227 }
 228
 229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
 230 {
 231         struct neigh_hash_table *nht;
 232         void *pkey = ndel->primary_key;
 233         u32 hash_val;
 234         struct neighbour *n;
 235         struct neighbour __rcu **np;
 236
 237         nht = rcu_dereference_protected(tbl->nht,
 238                                         lockdep_is_held(&tbl->lock));
 239         hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
 240         hash_val = hash_val >> (32 - nht->hash_shift);
 241
 242         np = &nht->hash_buckets[hash_val];
 243         while ((n = rcu_dereference_protected(*np,
 244                                               lockdep_is_held(&tbl->lock)))) {
 245                 if (n == ndel)
 246                         return neigh_del(n, np, tbl);
 247                 np = &n->next;
 248         }
 249         return false;
 250 }
 251
 252 static int neigh_forced_gc(struct neigh_table *tbl)
 253 {
 254         int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
 255         unsigned long tref = jiffies - 5 * HZ;
 256         struct neighbour *n, *tmp;
 257         int shrunk = 0;
 258
 259         NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
 260
 261         write_lock_bh(&tbl->lock);
 262
 263         list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
 264                 if (refcount_read(&n->refcnt) == 1) {
 265                         bool remove = false;
 266
 267                         write_lock(&n->lock);
 268                         if ((n->nud_state == NUD_FAILED) ||
 269                             (n->nud_state == NUD_NOARP) ||
 270                             (tbl->is_multicast &&
 271                              tbl->is_multicast(n->primary_key)) ||
 272                             time_after(tref, n->updated))
 273                                 remove = true;
 274                         write_unlock(&n->lock);
 275
 276                         if (remove && neigh_remove_one(n, tbl))
 277                                 shrunk++;
 278                         if (shrunk >= max_clean)
 279                                 break;
 280                 }
 281         }
 282
 283         tbl->last_flush = jiffies;
 284
 285         write_unlock_bh(&tbl->lock);
 286
 287         return shrunk;
 288 }
 289
 290 static void neigh_add_timer(struct neighbour *n, unsigned long when)
 291 {
 292         neigh_hold(n);
 293         if (unlikely(mod_timer(&n->timer, when))) {
 294                 printk("NEIGH: BUG, double timer add, state is %x\n",
 295                        n->nud_state);
 296                 dump_stack();
 297         }
 298 }
 299
 300 static int neigh_del_timer(struct neighbour *n)
 301 {
 302         if ((n->nud_state & NUD_IN_TIMER) &&
 303             del_timer(&n->timer)) {
 304                 neigh_release(n);
 305                 return 1;
 306         }
 307         return 0;
 308 }
 309
 310 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net)
 311 {
 312         unsigned long flags;
 313         struct sk_buff *skb;
 314
 315         spin_lock_irqsave(&list->lock, flags);
 316         skb = skb_peek(list);
 317         while (skb != NULL) {
 318                 struct sk_buff *skb_next = skb_peek_next(skb, list);
 319                 struct net_device *dev = skb->dev;
 320                 if (net == NULL || net_eq(dev_net(dev), net)) {
 321                         struct in_device *in_dev;
 322
 323                         rcu_read_lock();
 324                         in_dev = __in_dev_get_rcu(dev);
 325                         if (in_dev)
 326                                 in_dev->arp_parms->qlen--;
 327                         rcu_read_unlock();
 328                         __skb_unlink(skb, list);
 329
 330                         dev_put(dev);
 331                         kfree_skb(skb);
 332                 }
 333                 skb = skb_next;
 334         }
 335         spin_unlock_irqrestore(&list->lock, flags);
 336 }
 337
 338 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
 339                             bool skip_perm)
 340 {
 341         int i;
 342         struct neigh_hash_table *nht;
 343
 344         nht = rcu_dereference_protected(tbl->nht,
 345                                         lockdep_is_held(&tbl->lock));
 346
 347         for (i = 0; i < (1 << nht->hash_shift); i++) {
 348                 struct neighbour *n;
 349                 struct neighbour __rcu **np = &nht->hash_buckets[i];
 350
 351                 while ((n = rcu_dereference_protected(*np,
 352                                         lockdep_is_held(&tbl->lock))) != NULL) {
 353                         if (dev && n->dev != dev) {
 354                                 np = &n->next;
 355                                 continue;
 356                         }
 357                         if (skip_perm && n->nud_state & NUD_PERMANENT) {
 358                                 np = &n->next;
 359                                 continue;
 360                         }
 361                         rcu_assign_pointer(*np,
 362                                    rcu_dereference_protected(n->next,
 363                                                 lockdep_is_held(&tbl->lock)));
 364                         write_lock(&n->lock);
 365                         neigh_del_timer(n);
 366                         neigh_mark_dead(n);
 367                         if (refcount_read(&n->refcnt) != 1) {
 368                                 /* The most unpleasant situation.
 369                                    We must destroy neighbour entry,
 370                                    but someone still uses it.
 371
 372                                    The destroy will be delayed until
 373                                    the last user releases us, but
 374                                    we must kill timers etc. and move
 375                                    it to safe state.
 376                                  */
 377                                 __skb_queue_purge(&n->arp_queue);
 378                                 n->arp_queue_len_bytes = 0;
 379                                 n->output = neigh_blackhole;
 380                                 if (n->nud_state & NUD_VALID)
 381                                         n->nud_state = NUD_NOARP;
 382                                 else
 383                                         n->nud_state = NUD_NONE;
 384                                 neigh_dbg(2, "neigh %p is stray\n", n);
 385                         }
 386                         write_unlock(&n->lock);
 387                         neigh_cleanup_and_release(n);
 388                 }
 389         }
 390 }
 391
 392 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
 393 {
 394         write_lock_bh(&tbl->lock);
 395         neigh_flush_dev(tbl, dev, false);
 396         write_unlock_bh(&tbl->lock);
 397 }
 398 EXPORT_SYMBOL(neigh_changeaddr);
 399
 400 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
 401                           bool skip_perm)
 402 {
 403         write_lock_bh(&tbl->lock);
 404         neigh_flush_dev(tbl, dev, skip_perm);
 405         pneigh_ifdown_and_unlock(tbl, dev);
 406         pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev));
 407         if (skb_queue_empty_lockless(&tbl->proxy_queue))
 408                 del_timer_sync(&tbl->proxy_timer);
 409         return 0;
 410 }
 411
 412 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
 413 {
 414         __neigh_ifdown(tbl, dev, true);
 415         return 0;
 416 }
 417 EXPORT_SYMBOL(neigh_carrier_down);
 418
 419 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
 420 {
 421         __neigh_ifdown(tbl, dev, false);
 422         return 0;
 423 }
 424 EXPORT_SYMBOL(neigh_ifdown);
 425
 426 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
 427                                      struct net_device *dev,
 428                                      u32 flags, bool exempt_from_gc)
 429 {
 430         struct neighbour *n = NULL;
 431         unsigned long now = jiffies;
 432         int entries;
 433
 434         if (exempt_from_gc)
 435                 goto do_alloc;
 436
 437         entries = atomic_inc_return(&tbl->gc_entries) - 1;
 438         if (entries >= tbl->gc_thresh3 ||
 439             (entries >= tbl->gc_thresh2 &&
 440              time_after(now, tbl->last_flush + 5 * HZ))) {
 441                 if (!neigh_forced_gc(tbl) &&
 442                     entries >= tbl->gc_thresh3) {
 443                         net_info_ratelimited("%s: neighbor table overflow!\n",
 444                                              tbl->id);
 445                         NEIGH_CACHE_STAT_INC(tbl, table_fulls);
 446                         goto out_entries;
 447                 }
 448         }
 449
 450 do_alloc:
 451         n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
 452         if (!n)
 453                 goto out_entries;
 454
 455         __skb_queue_head_init(&n->arp_queue);
 456         rwlock_init(&n->lock);
 457         seqlock_init(&n->ha_lock);
 458         n->updated        = n->used = now;
 459         n->nud_state      = NUD_NONE;
 460         n->output         = neigh_blackhole;
 461         n->flags          = flags;
 462         seqlock_init(&n->hh.hh_lock);
 463         n->parms          = neigh_parms_clone(&tbl->parms);
 464         timer_setup(&n->timer, neigh_timer_handler, 0);
 465
 466         NEIGH_CACHE_STAT_INC(tbl, allocs);
 467         n->tbl            = tbl;
 468         refcount_set(&n->refcnt, 1);
 469         n->dead           = 1;
 470         INIT_LIST_HEAD(&n->gc_list);
 471         INIT_LIST_HEAD(&n->managed_list);
 472
 473         atomic_inc(&tbl->entries);
 474 out:
 475         return n;
 476
 477 out_entries:
 478         if (!exempt_from_gc)
 479                 atomic_dec(&tbl->gc_entries);
 480         goto out;
 481 }
 482
 483 static void neigh_get_hash_rnd(u32 *x)
 484 {
 485         *x = get_random_u32() | 1;
 486 }
 487
 488 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
 489 {
 490         size_t size = (1 << shift) * sizeof(struct neighbour *);
 491         struct neigh_hash_table *ret;
 492         struct neighbour __rcu **buckets;
 493         int i;
 494
 495         ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
 496         if (!ret)
 497                 return NULL;
 498         if (size <= PAGE_SIZE) {
 499                 buckets = kzalloc(size, GFP_ATOMIC);
 500         } else {
 501                 buckets = (struct neighbour __rcu **)
 502                           __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
 503                                            get_order(size));
 504                 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
 505         }
 506         if (!buckets) {
 507                 kfree(ret);
 508                 return NULL;
 509         }
 510         ret->hash_buckets = buckets;
 511         ret->hash_shift = shift;
 512         for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
 513                 neigh_get_hash_rnd(&ret->hash_rnd[i]);
 514         return ret;
 515 }
 516
 517 static void neigh_hash_free_rcu(struct rcu_head *head)
 518 {
 519         struct neigh_hash_table *nht = container_of(head,
 520                                                     struct neigh_hash_table,
 521                                                     rcu);
 522         size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
 523         struct neighbour __rcu **buckets = nht->hash_buckets;
 524
 525         if (size <= PAGE_SIZE) {
 526                 kfree(buckets);
 527         } else {
 528                 kmemleak_free(buckets);
 529                 free_pages((unsigned long)buckets, get_order(size));
 530         }
 531         kfree(nht);
 532 }
 533
 534 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
 535                                                 unsigned long new_shift)
 536 {
 537         unsigned int i, hash;
 538         struct neigh_hash_table *new_nht, *old_nht;
 539
 540         NEIGH_CACHE_STAT_INC(tbl, hash_grows);
 541
 542         old_nht = rcu_dereference_protected(tbl->nht,
 543                                             lockdep_is_held(&tbl->lock));
 544         new_nht = neigh_hash_alloc(new_shift);
 545         if (!new_nht)
 546                 return old_nht;
 547
 548         for (i = 0; i < (1 << old_nht->hash_shift); i++) {
 549                 struct neighbour *n, *next;
 550
 551                 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
 552                                                    lockdep_is_held(&tbl->lock));
 553                      n != NULL;
 554                      n = next) {
 555                         hash = tbl->hash(n->primary_key, n->dev,
 556                                          new_nht->hash_rnd);
 557
 558                         hash >>= (32 - new_nht->hash_shift);
 559                         next = rcu_dereference_protected(n->next,
 560                                                 lockdep_is_held(&tbl->lock));
 561
 562                         rcu_assign_pointer(n->next,
 563                                            rcu_dereference_protected(
 564                                                 new_nht->hash_buckets[hash],
 565                                                 lockdep_is_held(&tbl->lock)));
 566                         rcu_assign_pointer(new_nht->hash_buckets[hash], n);
 567                 }
 568         }
 569
 570         rcu_assign_pointer(tbl->nht, new_nht);
 571         call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
 572         return new_nht;
 573 }
 574
 575 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
 576                                struct net_device *dev)
 577 {
 578         struct neighbour *n;
 579
 580         NEIGH_CACHE_STAT_INC(tbl, lookups);
 581
 582         rcu_read_lock_bh();
 583         n = __neigh_lookup_noref(tbl, pkey, dev);
 584         if (n) {
 585                 if (!refcount_inc_not_zero(&n->refcnt))
 586                         n = NULL;
 587                 NEIGH_CACHE_STAT_INC(tbl, hits);
 588         }
 589
 590         rcu_read_unlock_bh();
 591         return n;
 592 }
 593 EXPORT_SYMBOL(neigh_lookup);
 594
 595 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
 596                                      const void *pkey)
 597 {
 598         struct neighbour *n;
 599         unsigned int key_len = tbl->key_len;
 600         u32 hash_val;
 601         struct neigh_hash_table *nht;
 602
 603         NEIGH_CACHE_STAT_INC(tbl, lookups);
 604
 605         rcu_read_lock_bh();
 606         nht = rcu_dereference_bh(tbl->nht);
 607         hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
 608
 609         for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
 610              n != NULL;
 611              n = rcu_dereference_bh(n->next)) {
 612                 if (!memcmp(n->primary_key, pkey, key_len) &&
 613                     net_eq(dev_net(n->dev), net)) {
 614                         if (!refcount_inc_not_zero(&n->refcnt))
 615                                 n = NULL;
 616                         NEIGH_CACHE_STAT_INC(tbl, hits);
 617                         break;
 618                 }
 619         }
 620
 621         rcu_read_unlock_bh();
 622         return n;
 623 }
 624 EXPORT_SYMBOL(neigh_lookup_nodev);
 625
 626 static struct neighbour *
 627 ___neigh_create(struct neigh_table *tbl, const void *pkey,
 628                 struct net_device *dev, u32 flags,
 629                 bool exempt_from_gc, bool want_ref)
 630 {
 631         u32 hash_val, key_len = tbl->key_len;
 632         struct neighbour *n1, *rc, *n;
 633         struct neigh_hash_table *nht;
 634         int error;
 635
 636         n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
 637         trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
 638         if (!n) {
 639                 rc = ERR_PTR(-ENOBUFS);
 640                 goto out;
 641         }
 642
 643         memcpy(n->primary_key, pkey, key_len);
 644         n->dev = dev;
 645         netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC);
 646
 647         /* Protocol specific setup. */
 648         if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
 649                 rc = ERR_PTR(error);
 650                 goto out_neigh_release;
 651         }
 652
 653         if (dev->netdev_ops->ndo_neigh_construct) {
 654                 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
 655                 if (error < 0) {
 656                         rc = ERR_PTR(error);
 657                         goto out_neigh_release;
 658                 }
 659         }
 660
 661         /* Device specific setup. */
 662         if (n->parms->neigh_setup &&
 663             (error = n->parms->neigh_setup(n)) < 0) {
 664                 rc = ERR_PTR(error);
 665                 goto out_neigh_release;
 666         }
 667
 668         n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
 669
 670         write_lock_bh(&tbl->lock);
 671         nht = rcu_dereference_protected(tbl->nht,
 672                                         lockdep_is_held(&tbl->lock));
 673
 674         if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
 675                 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
 676
 677         hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
 678
 679         if (n->parms->dead) {
 680                 rc = ERR_PTR(-EINVAL);
 681                 goto out_tbl_unlock;
 682         }
 683
 684         for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
 685                                             lockdep_is_held(&tbl->lock));
 686              n1 != NULL;
 687              n1 = rcu_dereference_protected(n1->next,
 688                         lockdep_is_held(&tbl->lock))) {
 689                 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
 690                         if (want_ref)
 691                                 neigh_hold(n1);
 692                         rc = n1;
 693                         goto out_tbl_unlock;
 694                 }
 695         }
 696
 697         n->dead = 0;
 698         if (!exempt_from_gc)
 699                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
 700         if (n->flags & NTF_MANAGED)
 701                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
 702         if (want_ref)
 703                 neigh_hold(n);
 704         rcu_assign_pointer(n->next,
 705                            rcu_dereference_protected(nht->hash_buckets[hash_val],
 706                                                      lockdep_is_held(&tbl->lock)));
 707         rcu_assign_pointer(nht->hash_buckets[hash_val], n);
 708         write_unlock_bh(&tbl->lock);
 709         neigh_dbg(2, "neigh %p is created\n", n);
 710         rc = n;
 711 out:
 712         return rc;
 713 out_tbl_unlock:
 714         write_unlock_bh(&tbl->lock);
 715 out_neigh_release:
 716         if (!exempt_from_gc)
 717                 atomic_dec(&tbl->gc_entries);
 718         neigh_release(n);
 719         goto out;
 720 }
 721
 722 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
 723                                  struct net_device *dev, bool want_ref)
 724 {
 725         return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
 726 }
 727 EXPORT_SYMBOL(__neigh_create);
 728
 729 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
 730 {
 731         u32 hash_val = *(u32 *)(pkey + key_len - 4);
 732         hash_val ^= (hash_val >> 16);
 733         hash_val ^= hash_val >> 8;
 734         hash_val ^= hash_val >> 4;
 735         hash_val &= PNEIGH_HASHMASK;
 736         return hash_val;
 737 }
 738
 739 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
 740                                               struct net *net,
 741                                               const void *pkey,
 742                                               unsigned int key_len,
 743                                               struct net_device *dev)
 744 {
 745         while (n) {
 746                 if (!memcmp(n->key, pkey, key_len) &&
 747                     net_eq(pneigh_net(n), net) &&
 748                     (n->dev == dev || !n->dev))
 749                         return n;
 750                 n = n->next;
 751         }
 752         return NULL;
 753 }
 754
 755 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
 756                 struct net *net, const void *pkey, struct net_device *dev)
 757 {
 758         unsigned int key_len = tbl->key_len;
 759         u32 hash_val = pneigh_hash(pkey, key_len);
 760
 761         return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
 762                                  net, pkey, key_len, dev);
 763 }
 764 EXPORT_SYMBOL_GPL(__pneigh_lookup);
 765
 766 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
 767                                     struct net *net, const void *pkey,
 768                                     struct net_device *dev, int creat)
 769 {
 770         struct pneigh_entry *n;
 771         unsigned int key_len = tbl->key_len;
 772         u32 hash_val = pneigh_hash(pkey, key_len);
 773
 774         read_lock_bh(&tbl->lock);
 775         n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
 776                               net, pkey, key_len, dev);
 777         read_unlock_bh(&tbl->lock);
 778
 779         if (n || !creat)
 780                 goto out;
 781
 782         ASSERT_RTNL();
 783
 784         n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
 785         if (!n)
 786                 goto out;
 787
 788         write_pnet(&n->net, net);
 789         memcpy(n->key, pkey, key_len);
 790         n->dev = dev;
 791         netdev_hold(dev, &n->dev_tracker, GFP_KERNEL);
 792
 793         if (tbl->pconstructor && tbl->pconstructor(n)) {
 794                 netdev_put(dev, &n->dev_tracker);
 795                 kfree(n);
 796                 n = NULL;
 797                 goto out;
 798         }
 799
 800         write_lock_bh(&tbl->lock);
 801         n->next = tbl->phash_buckets[hash_val];
 802         tbl->phash_buckets[hash_val] = n;
 803         write_unlock_bh(&tbl->lock);
 804 out:
 805         return n;
 806 }
 807 EXPORT_SYMBOL(pneigh_lookup);
 808
 809
 810 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
 811                   struct net_device *dev)
 812 {
 813         struct pneigh_entry *n, **np;
 814         unsigned int key_len = tbl->key_len;
 815         u32 hash_val = pneigh_hash(pkey, key_len);
 816
 817         write_lock_bh(&tbl->lock);
 818         for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
 819              np = &n->next) {
 820                 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
 821                     net_eq(pneigh_net(n), net)) {
 822                         *np = n->next;
 823                         write_unlock_bh(&tbl->lock);
 824                         if (tbl->pdestructor)
 825                                 tbl->pdestructor(n);
 826                         netdev_put(n->dev, &n->dev_tracker);
 827                         kfree(n);
 828                         return 0;
 829                 }
 830         }
 831         write_unlock_bh(&tbl->lock);
 832         return -ENOENT;
 833 }
 834
 835 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
 836                                     struct net_device *dev)
 837 {
 838         struct pneigh_entry *n, **np, *freelist = NULL;
 839         u32 h;
 840
 841         for (h = 0; h <= PNEIGH_HASHMASK; h++) {
 842                 np = &tbl->phash_buckets[h];
 843                 while ((n = *np) != NULL) {
 844                         if (!dev || n->dev == dev) {
 845                                 *np = n->next;
 846                                 n->next = freelist;
 847                                 freelist = n;
 848                                 continue;
 849                         }
 850                         np = &n->next;
 851                 }
 852         }
 853         write_unlock_bh(&tbl->lock);
 854         while ((n = freelist)) {
 855                 freelist = n->next;
 856                 n->next = NULL;
 857                 if (tbl->pdestructor)
 858                         tbl->pdestructor(n);
 859                 netdev_put(n->dev, &n->dev_tracker);
 860                 kfree(n);
 861         }
 862         return -ENOENT;
 863 }
 864
 865 static void neigh_parms_destroy(struct neigh_parms *parms);
 866
 867 static inline void neigh_parms_put(struct neigh_parms *parms)
 868 {
 869         if (refcount_dec_and_test(&parms->refcnt))
 870                 neigh_parms_destroy(parms);
 871 }
 872
 873 /*
 874  *      neighbour must already be out of the table;
 875  *
 876  */
 877 void neigh_destroy(struct neighbour *neigh)
 878 {
 879         struct net_device *dev = neigh->dev;
 880
 881         NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
 882
 883         if (!neigh->dead) {
 884                 pr_warn("Destroying alive neighbour %p\n", neigh);
 885                 dump_stack();
 886                 return;
 887         }
 888
 889         if (neigh_del_timer(neigh))
 890                 pr_warn("Impossible event\n");
 891
 892         write_lock_bh(&neigh->lock);
 893         __skb_queue_purge(&neigh->arp_queue);
 894         write_unlock_bh(&neigh->lock);
 895         neigh->arp_queue_len_bytes = 0;
 896
 897         if (dev->netdev_ops->ndo_neigh_destroy)
 898                 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
 899
 900         netdev_put(dev, &neigh->dev_tracker);
 901         neigh_parms_put(neigh->parms);
 902
 903         neigh_dbg(2, "neigh %p is destroyed\n", neigh);
 904
 905         atomic_dec(&neigh->tbl->entries);
 906         kfree_rcu(neigh, rcu);
 907 }
 908 EXPORT_SYMBOL(neigh_destroy);
 909
 910 /* Neighbour state is suspicious;
 911    disable fast path.
 912
 913    Called with write_locked neigh.
 914  */
 915 static void neigh_suspect(struct neighbour *neigh)
 916 {
 917         neigh_dbg(2, "neigh %p is suspected\n", neigh);
 918
 919         neigh->output = neigh->ops->output;
 920 }
 921
 922 /* Neighbour state is OK;
 923    enable fast path.
 924
 925    Called with write_locked neigh.
 926  */
 927 static void neigh_connect(struct neighbour *neigh)
 928 {
 929         neigh_dbg(2, "neigh %p is connected\n", neigh);
 930
 931         neigh->output = neigh->ops->connected_output;
 932 }
 933
 934 static void neigh_periodic_work(struct work_struct *work)
 935 {
 936         struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
 937         struct neighbour *n;
 938         struct neighbour __rcu **np;
 939         unsigned int i;
 940         struct neigh_hash_table *nht;
 941
 942         NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
 943
 944         write_lock_bh(&tbl->lock);
 945         nht = rcu_dereference_protected(tbl->nht,
 946                                         lockdep_is_held(&tbl->lock));
 947
 948         /*
 949          *      periodically recompute ReachableTime from random function
 950          */
 951
 952         if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
 953                 struct neigh_parms *p;
 954                 tbl->last_rand = jiffies;
 955                 list_for_each_entry(p, &tbl->parms_list, list)
 956                         p->reachable_time =
 957                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
 958         }
 959
 960         if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
 961                 goto out;
 962
 963         for (i = 0 ; i < (1 << nht->hash_shift); i++) {
 964                 np = &nht->hash_buckets[i];
 965
 966                 while ((n = rcu_dereference_protected(*np,
 967                                 lockdep_is_held(&tbl->lock))) != NULL) {
 968                         unsigned int state;
 969
 970                         write_lock(&n->lock);
 971
 972                         state = n->nud_state;
 973                         if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
 974                             (n->flags & NTF_EXT_LEARNED)) {
 975                                 write_unlock(&n->lock);
 976                                 goto next_elt;
 977                         }
 978
 979                         if (time_before(n->used, n->confirmed))
 980                                 n->used = n->confirmed;
 981
 982                         if (refcount_read(&n->refcnt) == 1 &&
 983                             (state == NUD_FAILED ||
 984                              time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
 985                                 *np = n->next;
 986                                 neigh_mark_dead(n);
 987                                 write_unlock(&n->lock);
 988                                 neigh_cleanup_and_release(n);
 989                                 continue;
 990                         }
 991                         write_unlock(&n->lock);
 992
 993 next_elt:
 994                         np = &n->next;
 995                 }
 996                 /*
 997                  * It's fine to release lock here, even if hash table
 998                  * grows while we are preempted.
 999                  */
1000                 write_unlock_bh(&tbl->lock);
1001                 cond_resched();
1002                 write_lock_bh(&tbl->lock);
1003                 nht = rcu_dereference_protected(tbl->nht,
1004                                                 lockdep_is_held(&tbl->lock));
1005         }
1006 out:
1007         /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1008          * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1009          * BASE_REACHABLE_TIME.
1010          */
1011         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1012                               NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1013         write_unlock_bh(&tbl->lock);
1014 }
1015
1016 static __inline__ int neigh_max_probes(struct neighbour *n)
1017 {
1018         struct neigh_parms *p = n->parms;
1019         return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1020                (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1021                 NEIGH_VAR(p, MCAST_PROBES));
1022 }
1023
1024 static void neigh_invalidate(struct neighbour *neigh)
1025         __releases(neigh->lock)
1026         __acquires(neigh->lock)
1027 {
1028         struct sk_buff *skb;
1029
1030         NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1031         neigh_dbg(2, "neigh %p is failed\n", neigh);
1032         neigh->updated = jiffies;
1033
1034         /* It is very thin place. report_unreachable is very complicated
1035            routine. Particularly, it can hit the same neighbour entry!
1036
1037            So that, we try to be accurate and avoid dead loop. --ANK
1038          */
1039         while (neigh->nud_state == NUD_FAILED &&
1040                (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1041                 write_unlock(&neigh->lock);
1042                 neigh->ops->error_report(neigh, skb);
1043                 write_lock(&neigh->lock);
1044         }
1045         __skb_queue_purge(&neigh->arp_queue);
1046         neigh->arp_queue_len_bytes = 0;
1047 }
1048
1049 static void neigh_probe(struct neighbour *neigh)
1050         __releases(neigh->lock)
1051 {
1052         struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1053         /* keep skb alive even if arp_queue overflows */
1054         if (skb)
1055                 skb = skb_clone(skb, GFP_ATOMIC);
1056         write_unlock(&neigh->lock);
1057         if (neigh->ops->solicit)
1058                 neigh->ops->solicit(neigh, skb);
1059         atomic_inc(&neigh->probes);
1060         consume_skb(skb);
1061 }
1062
1063 /* Called when a timer expires for a neighbour entry. */
1064
1065 static void neigh_timer_handler(struct timer_list *t)
1066 {
1067         unsigned long now, next;
1068         struct neighbour *neigh = from_timer(neigh, t, timer);
1069         unsigned int state;
1070         int notify = 0;
1071
1072         write_lock(&neigh->lock);
1073
1074         state = neigh->nud_state;
1075         now = jiffies;
1076         next = now + HZ;
1077
1078         if (!(state & NUD_IN_TIMER))
1079                 goto out;
1080
1081         if (state & NUD_REACHABLE) {
1082                 if (time_before_eq(now,
1083                                    neigh->confirmed + neigh->parms->reachable_time)) {
1084                         neigh_dbg(2, "neigh %p is still alive\n", neigh);
1085                         next = neigh->confirmed + neigh->parms->reachable_time;
1086                 } else if (time_before_eq(now,
1087                                           neigh->used +
1088                                           NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1089                         neigh_dbg(2, "neigh %p is delayed\n", neigh);
1090                         neigh->nud_state = NUD_DELAY;
1091                         neigh->updated = jiffies;
1092                         neigh_suspect(neigh);
1093                         next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1094                 } else {
1095                         neigh_dbg(2, "neigh %p is suspected\n", neigh);
1096                         neigh->nud_state = NUD_STALE;
1097                         neigh->updated = jiffies;
1098                         neigh_suspect(neigh);
1099                         notify = 1;
1100                 }
1101         } else if (state & NUD_DELAY) {
1102                 if (time_before_eq(now,
1103                                    neigh->confirmed +
1104                                    NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1105                         neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1106                         neigh->nud_state = NUD_REACHABLE;
1107                         neigh->updated = jiffies;
1108                         neigh_connect(neigh);
1109                         notify = 1;
1110                         next = neigh->confirmed + neigh->parms->reachable_time;
1111                 } else {
1112                         neigh_dbg(2, "neigh %p is probed\n", neigh);
1113                         neigh->nud_state = NUD_PROBE;
1114                         neigh->updated = jiffies;
1115                         atomic_set(&neigh->probes, 0);
1116                         notify = 1;
1117                         next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1118                                          HZ/100);
1119                 }
1120         } else {
1121                 /* NUD_PROBE|NUD_INCOMPLETE */
1122                 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1123         }
1124
1125         if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1126             atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1127                 neigh->nud_state = NUD_FAILED;
1128                 notify = 1;
1129                 neigh_invalidate(neigh);
1130                 goto out;
1131         }
1132
1133         if (neigh->nud_state & NUD_IN_TIMER) {
1134                 if (time_before(next, jiffies + HZ/100))
1135                         next = jiffies + HZ/100;
1136                 if (!mod_timer(&neigh->timer, next))
1137                         neigh_hold(neigh);
1138         }
1139         if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1140                 neigh_probe(neigh);
1141         } else {
1142 out:
1143                 write_unlock(&neigh->lock);
1144         }
1145
1146         if (notify)
1147                 neigh_update_notify(neigh, 0);
1148
1149         trace_neigh_timer_handler(neigh, 0);
1150
1151         neigh_release(neigh);
1152 }
1153
1154 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1155                        const bool immediate_ok)
1156 {
1157         int rc;
1158         bool immediate_probe = false;
1159
1160         write_lock_bh(&neigh->lock);
1161
1162         rc = 0;
1163         if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1164                 goto out_unlock_bh;
1165         if (neigh->dead)
1166                 goto out_dead;
1167
1168         if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1169                 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1170                     NEIGH_VAR(neigh->parms, APP_PROBES)) {
1171                         unsigned long next, now = jiffies;
1172
1173                         atomic_set(&neigh->probes,
1174                                    NEIGH_VAR(neigh->parms, UCAST_PROBES));
1175                         neigh_del_timer(neigh);
1176                         neigh->nud_state = NUD_INCOMPLETE;
1177                         neigh->updated = now;
1178                         if (!immediate_ok) {
1179                                 next = now + 1;
1180                         } else {
1181                                 immediate_probe = true;
1182                                 next = now + max(NEIGH_VAR(neigh->parms,
1183                                                            RETRANS_TIME),
1184                                                  HZ / 100);
1185                         }
1186                         neigh_add_timer(neigh, next);
1187                 } else {
1188                         neigh->nud_state = NUD_FAILED;
1189                         neigh->updated = jiffies;
1190                         write_unlock_bh(&neigh->lock);
1191
1192                         kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
1193                         return 1;
1194                 }
1195         } else if (neigh->nud_state & NUD_STALE) {
1196                 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1197                 neigh_del_timer(neigh);
1198                 neigh->nud_state = NUD_DELAY;
1199                 neigh->updated = jiffies;
1200                 neigh_add_timer(neigh, jiffies +
1201                                 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1202         }
1203
1204         if (neigh->nud_state == NUD_INCOMPLETE) {
1205                 if (skb) {
1206                         while (neigh->arp_queue_len_bytes + skb->truesize >
1207                                NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1208                                 struct sk_buff *buff;
1209
1210                                 buff = __skb_dequeue(&neigh->arp_queue);
1211                                 if (!buff)
1212                                         break;
1213                                 neigh->arp_queue_len_bytes -= buff->truesize;
1214                                 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL);
1215                                 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1216                         }
1217                         skb_dst_force(skb);
1218                         __skb_queue_tail(&neigh->arp_queue, skb);
1219                         neigh->arp_queue_len_bytes += skb->truesize;
1220                 }
1221                 rc = 1;
1222         }
1223 out_unlock_bh:
1224         if (immediate_probe)
1225                 neigh_probe(neigh);
1226         else
1227                 write_unlock(&neigh->lock);
1228         local_bh_enable();
1229         trace_neigh_event_send_done(neigh, rc);
1230         return rc;
1231
1232 out_dead:
1233         if (neigh->nud_state & NUD_STALE)
1234                 goto out_unlock_bh;
1235         write_unlock_bh(&neigh->lock);
1236         kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD);
1237         trace_neigh_event_send_dead(neigh, 1);
1238         return 1;
1239 }
1240 EXPORT_SYMBOL(__neigh_event_send);
1241
1242 static void neigh_update_hhs(struct neighbour *neigh)
1243 {
1244         struct hh_cache *hh;
1245         void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1246                 = NULL;
1247
1248         if (neigh->dev->header_ops)
1249                 update = neigh->dev->header_ops->cache_update;
1250
1251         if (update) {
1252                 hh = &neigh->hh;
1253                 if (READ_ONCE(hh->hh_len)) {
1254                         write_seqlock_bh(&hh->hh_lock);
1255                         update(hh, neigh->dev, neigh->ha);
1256                         write_sequnlock_bh(&hh->hh_lock);
1257                 }
1258         }
1259 }
1260
1261 /* Generic update routine.
1262    -- lladdr is new lladdr or NULL, if it is not supplied.
1263    -- new    is new state.
1264    -- flags
1265         NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1266                                 if it is different.
1267         NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1268                                 lladdr instead of overriding it
1269                                 if it is different.
1270         NEIGH_UPDATE_F_ADMIN    means that the change is administrative.
1271         NEIGH_UPDATE_F_USE      means that the entry is user triggered.
1272         NEIGH_UPDATE_F_MANAGED  means that the entry will be auto-refreshed.
1273         NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1274                                 NTF_ROUTER flag.
1275         NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1276                                 a router.
1277
1278    Caller MUST hold reference count on the entry.
1279  */
1280 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1281                           u8 new, u32 flags, u32 nlmsg_pid,
1282                           struct netlink_ext_ack *extack)
1283 {
1284         bool gc_update = false, managed_update = false;
1285         int update_isrouter = 0;
1286         struct net_device *dev;
1287         int err, notify = 0;
1288         u8 old;
1289
1290         trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1291
1292         write_lock_bh(&neigh->lock);
1293
1294         dev    = neigh->dev;
1295         old    = neigh->nud_state;
1296         err    = -EPERM;
1297
1298         if (neigh->dead) {
1299                 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1300                 new = old;
1301                 goto out;
1302         }
1303         if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1304             (old & (NUD_NOARP | NUD_PERMANENT)))
1305                 goto out;
1306
1307         neigh_update_flags(neigh, flags, &notify, &gc_update, &managed_update);
1308         if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1309                 new = old & ~NUD_PERMANENT;
1310                 neigh->nud_state = new;
1311                 err = 0;
1312                 goto out;
1313         }
1314
1315         if (!(new & NUD_VALID)) {
1316                 neigh_del_timer(neigh);
1317                 if (old & NUD_CONNECTED)
1318                         neigh_suspect(neigh);
1319                 neigh->nud_state = new;
1320                 err = 0;
1321                 notify = old & NUD_VALID;
1322                 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1323                     (new & NUD_FAILED)) {
1324                         neigh_invalidate(neigh);
1325                         notify = 1;
1326                 }
1327                 goto out;
1328         }
1329
1330         /* Compare new lladdr with cached one */
1331         if (!dev->addr_len) {
1332                 /* First case: device needs no address. */
1333                 lladdr = neigh->ha;
1334         } else if (lladdr) {
1335                 /* The second case: if something is already cached
1336                    and a new address is proposed:
1337                    - compare new & old
1338                    - if they are different, check override flag
1339                  */
1340                 if ((old & NUD_VALID) &&
1341                     !memcmp(lladdr, neigh->ha, dev->addr_len))
1342                         lladdr = neigh->ha;
1343         } else {
1344                 /* No address is supplied; if we know something,
1345                    use it, otherwise discard the request.
1346                  */
1347                 err = -EINVAL;
1348                 if (!(old & NUD_VALID)) {
1349                         NL_SET_ERR_MSG(extack, "No link layer address given");
1350                         goto out;
1351                 }
1352                 lladdr = neigh->ha;
1353         }
1354
1355         /* Update confirmed timestamp for neighbour entry after we
1356          * received ARP packet even if it doesn't change IP to MAC binding.
1357          */
1358         if (new & NUD_CONNECTED)
1359                 neigh->confirmed = jiffies;
1360
1361         /* If entry was valid and address is not changed,
1362            do not change entry state, if new one is STALE.
1363          */
1364         err = 0;
1365         update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1366         if (old & NUD_VALID) {
1367                 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1368                         update_isrouter = 0;
1369                         if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1370                             (old & NUD_CONNECTED)) {
1371                                 lladdr = neigh->ha;
1372                                 new = NUD_STALE;
1373                         } else
1374                                 goto out;
1375                 } else {
1376                         if (lladdr == neigh->ha && new == NUD_STALE &&
1377                             !(flags & NEIGH_UPDATE_F_ADMIN))
1378                                 new = old;
1379                 }
1380         }
1381
1382         /* Update timestamp only once we know we will make a change to the
1383          * neighbour entry. Otherwise we risk to move the locktime window with
1384          * noop updates and ignore relevant ARP updates.
1385          */
1386         if (new != old || lladdr != neigh->ha)
1387                 neigh->updated = jiffies;
1388
1389         if (new != old) {
1390                 neigh_del_timer(neigh);
1391                 if (new & NUD_PROBE)
1392                         atomic_set(&neigh->probes, 0);
1393                 if (new & NUD_IN_TIMER)
1394                         neigh_add_timer(neigh, (jiffies +
1395                                                 ((new & NUD_REACHABLE) ?
1396                                                  neigh->parms->reachable_time :
1397                                                  0)));
1398                 neigh->nud_state = new;
1399                 notify = 1;
1400         }
1401
1402         if (lladdr != neigh->ha) {
1403                 write_seqlock(&neigh->ha_lock);
1404                 memcpy(&neigh->ha, lladdr, dev->addr_len);
1405                 write_sequnlock(&neigh->ha_lock);
1406                 neigh_update_hhs(neigh);
1407                 if (!(new & NUD_CONNECTED))
1408                         neigh->confirmed = jiffies -
1409                                       (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1410                 notify = 1;
1411         }
1412         if (new == old)
1413                 goto out;
1414         if (new & NUD_CONNECTED)
1415                 neigh_connect(neigh);
1416         else
1417                 neigh_suspect(neigh);
1418         if (!(old & NUD_VALID)) {
1419                 struct sk_buff *skb;
1420
1421                 /* Again: avoid dead loop if something went wrong */
1422
1423                 while (neigh->nud_state & NUD_VALID &&
1424                        (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1425                         struct dst_entry *dst = skb_dst(skb);
1426                         struct neighbour *n2, *n1 = neigh;
1427                         write_unlock_bh(&neigh->lock);
1428
1429                         rcu_read_lock();
1430
1431                         /* Why not just use 'neigh' as-is?  The problem is that
1432                          * things such as shaper, eql, and sch_teql can end up
1433                          * using alternative, different, neigh objects to output
1434                          * the packet in the output path.  So what we need to do
1435                          * here is re-lookup the top-level neigh in the path so
1436                          * we can reinject the packet there.
1437                          */
1438                         n2 = NULL;
1439                         if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1440                                 n2 = dst_neigh_lookup_skb(dst, skb);
1441                                 if (n2)
1442                                         n1 = n2;
1443                         }
1444                         n1->output(n1, skb);
1445                         if (n2)
1446                                 neigh_release(n2);
1447                         rcu_read_unlock();
1448
1449                         write_lock_bh(&neigh->lock);
1450                 }
1451                 __skb_queue_purge(&neigh->arp_queue);
1452                 neigh->arp_queue_len_bytes = 0;
1453         }
1454 out:
1455         if (update_isrouter)
1456                 neigh_update_is_router(neigh, flags, &notify);
1457         write_unlock_bh(&neigh->lock);
1458         if (((new ^ old) & NUD_PERMANENT) || gc_update)
1459                 neigh_update_gc_list(neigh);
1460         if (managed_update)
1461                 neigh_update_managed_list(neigh);
1462         if (notify)
1463                 neigh_update_notify(neigh, nlmsg_pid);
1464         trace_neigh_update_done(neigh, err);
1465         return err;
1466 }
1467
1468 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1469                  u32 flags, u32 nlmsg_pid)
1470 {
1471         return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1472 }
1473 EXPORT_SYMBOL(neigh_update);
1474
1475 /* Update the neigh to listen temporarily for probe responses, even if it is
1476  * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1477  */
1478 void __neigh_set_probe_once(struct neighbour *neigh)
1479 {
1480         if (neigh->dead)
1481                 return;
1482         neigh->updated = jiffies;
1483         if (!(neigh->nud_state & NUD_FAILED))
1484                 return;
1485         neigh->nud_state = NUD_INCOMPLETE;
1486         atomic_set(&neigh->probes, neigh_max_probes(neigh));
1487         neigh_add_timer(neigh,
1488                         jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1489                                       HZ/100));
1490 }
1491 EXPORT_SYMBOL(__neigh_set_probe_once);
1492
1493 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1494                                  u8 *lladdr, void *saddr,
1495                                  struct net_device *dev)
1496 {
1497         struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1498                                                  lladdr || !dev->addr_len);
1499         if (neigh)
1500                 neigh_update(neigh, lladdr, NUD_STALE,
1501                              NEIGH_UPDATE_F_OVERRIDE, 0);
1502         return neigh;
1503 }
1504 EXPORT_SYMBOL(neigh_event_ns);
1505
1506 /* called with read_lock_bh(&n->lock); */
1507 static void neigh_hh_init(struct neighbour *n)
1508 {
1509         struct net_device *dev = n->dev;
1510         __be16 prot = n->tbl->protocol;
1511         struct hh_cache *hh = &n->hh;
1512
1513         write_lock_bh(&n->lock);
1514
1515         /* Only one thread can come in here and initialize the
1516          * hh_cache entry.
1517          */
1518         if (!hh->hh_len)
1519                 dev->header_ops->cache(n, hh, prot);
1520
1521         write_unlock_bh(&n->lock);
1522 }
1523
1524 /* Slow and careful. */
1525
1526 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1527 {
1528         int rc = 0;
1529
1530         if (!neigh_event_send(neigh, skb)) {
1531                 int err;
1532                 struct net_device *dev = neigh->dev;
1533                 unsigned int seq;
1534
1535                 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1536                         neigh_hh_init(neigh);
1537
1538                 do {
1539                         __skb_pull(skb, skb_network_offset(skb));
1540                         seq = read_seqbegin(&neigh->ha_lock);
1541                         err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1542                                               neigh->ha, NULL, skb->len);
1543                 } while (read_seqretry(&neigh->ha_lock, seq));
1544
1545                 if (err >= 0)
1546                         rc = dev_queue_xmit(skb);
1547                 else
1548                         goto out_kfree_skb;
1549         }
1550 out:
1551         return rc;
1552 out_kfree_skb:
1553         rc = -EINVAL;
1554         kfree_skb(skb);
1555         goto out;
1556 }
1557 EXPORT_SYMBOL(neigh_resolve_output);
1558
1559 /* As fast as possible without hh cache */
1560
1561 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1562 {
1563         struct net_device *dev = neigh->dev;
1564         unsigned int seq;
1565         int err;
1566
1567         do {
1568                 __skb_pull(skb, skb_network_offset(skb));
1569                 seq = read_seqbegin(&neigh->ha_lock);
1570                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1571                                       neigh->ha, NULL, skb->len);
1572         } while (read_seqretry(&neigh->ha_lock, seq));
1573
1574         if (err >= 0)
1575                 err = dev_queue_xmit(skb);
1576         else {
1577                 err = -EINVAL;
1578                 kfree_skb(skb);
1579         }
1580         return err;
1581 }
1582 EXPORT_SYMBOL(neigh_connected_output);
1583
1584 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1585 {
1586         return dev_queue_xmit(skb);
1587 }
1588 EXPORT_SYMBOL(neigh_direct_output);
1589
1590 static void neigh_managed_work(struct work_struct *work)
1591 {
1592         struct neigh_table *tbl = container_of(work, struct neigh_table,
1593                                                managed_work.work);
1594         struct neighbour *neigh;
1595
1596         write_lock_bh(&tbl->lock);
1597         list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1598                 neigh_event_send_probe(neigh, NULL, false);
1599         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1600                            NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1601         write_unlock_bh(&tbl->lock);
1602 }
1603
1604 static void neigh_proxy_process(struct timer_list *t)
1605 {
1606         struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1607         long sched_next = 0;
1608         unsigned long now = jiffies;
1609         struct sk_buff *skb, *n;
1610
1611         spin_lock(&tbl->proxy_queue.lock);
1612
1613         skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1614                 long tdif = NEIGH_CB(skb)->sched_next - now;
1615
1616                 if (tdif <= 0) {
1617                         struct net_device *dev = skb->dev;
1618                         struct in_device *in_dev;
1619
1620                         rcu_read_lock();
1621                         in_dev = __in_dev_get_rcu(dev);
1622                         if (in_dev)
1623                                 in_dev->arp_parms->qlen--;
1624                         rcu_read_unlock();
1625                         __skb_unlink(skb, &tbl->proxy_queue);
1626
1627                         if (tbl->proxy_redo && netif_running(dev)) {
1628                                 rcu_read_lock();
1629                                 tbl->proxy_redo(skb);
1630                                 rcu_read_unlock();
1631                         } else {
1632                                 kfree_skb(skb);
1633                         }
1634
1635                         dev_put(dev);
1636                 } else if (!sched_next || tdif < sched_next)
1637                         sched_next = tdif;
1638         }
1639         del_timer(&tbl->proxy_timer);
1640         if (sched_next)
1641                 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1642         spin_unlock(&tbl->proxy_queue.lock);
1643 }
1644
1645 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1646                     struct sk_buff *skb)
1647 {
1648         unsigned long sched_next = jiffies +
1649                         prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1650
1651         if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1652                 kfree_skb(skb);
1653                 return;
1654         }
1655
1656         NEIGH_CB(skb)->sched_next = sched_next;
1657         NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1658
1659         spin_lock(&tbl->proxy_queue.lock);
1660         if (del_timer(&tbl->proxy_timer)) {
1661                 if (time_before(tbl->proxy_timer.expires, sched_next))
1662                         sched_next = tbl->proxy_timer.expires;
1663         }
1664         skb_dst_drop(skb);
1665         dev_hold(skb->dev);
1666         __skb_queue_tail(&tbl->proxy_queue, skb);
1667         p->qlen++;
1668         mod_timer(&tbl->proxy_timer, sched_next);
1669         spin_unlock(&tbl->proxy_queue.lock);
1670 }
1671 EXPORT_SYMBOL(pneigh_enqueue);
1672
1673 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1674                                                       struct net *net, int ifindex)
1675 {
1676         struct neigh_parms *p;
1677
1678         list_for_each_entry(p, &tbl->parms_list, list) {
1679                 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1680                     (!p->dev && !ifindex && net_eq(net, &init_net)))
1681                         return p;
1682         }
1683
1684         return NULL;
1685 }
1686
1687 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1688                                       struct neigh_table *tbl)
1689 {
1690         struct neigh_parms *p;
1691         struct net *net = dev_net(dev);
1692         const struct net_device_ops *ops = dev->netdev_ops;
1693
1694         p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1695         if (p) {
1696                 p->tbl            = tbl;
1697                 refcount_set(&p->refcnt, 1);
1698                 p->reachable_time =
1699                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1700                 p->qlen = 0;
1701                 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL);
1702                 p->dev = dev;
1703                 write_pnet(&p->net, net);
1704                 p->sysctl_table = NULL;
1705
1706                 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1707                         netdev_put(dev, &p->dev_tracker);
1708                         kfree(p);
1709                         return NULL;
1710                 }
1711
1712                 write_lock_bh(&tbl->lock);
1713                 list_add(&p->list, &tbl->parms.list);
1714                 write_unlock_bh(&tbl->lock);
1715
1716                 neigh_parms_data_state_cleanall(p);
1717         }
1718         return p;
1719 }
1720 EXPORT_SYMBOL(neigh_parms_alloc);
1721
1722 static void neigh_rcu_free_parms(struct rcu_head *head)
1723 {
1724         struct neigh_parms *parms =
1725                 container_of(head, struct neigh_parms, rcu_head);
1726
1727         neigh_parms_put(parms);
1728 }
1729
1730 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1731 {
1732         if (!parms || parms == &tbl->parms)
1733                 return;
1734         write_lock_bh(&tbl->lock);
1735         list_del(&parms->list);
1736         parms->dead = 1;
1737         write_unlock_bh(&tbl->lock);
1738         netdev_put(parms->dev, &parms->dev_tracker);
1739         call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1740 }
1741 EXPORT_SYMBOL(neigh_parms_release);
1742
1743 static void neigh_parms_destroy(struct neigh_parms *parms)
1744 {
1745         kfree(parms);
1746 }
1747
1748 static struct lock_class_key neigh_table_proxy_queue_class;
1749
1750 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1751
1752 void neigh_table_init(int index, struct neigh_table *tbl)
1753 {
1754         unsigned long now = jiffies;
1755         unsigned long phsize;
1756
1757         INIT_LIST_HEAD(&tbl->parms_list);
1758         INIT_LIST_HEAD(&tbl->gc_list);
1759         INIT_LIST_HEAD(&tbl->managed_list);
1760
1761         list_add(&tbl->parms.list, &tbl->parms_list);
1762         write_pnet(&tbl->parms.net, &init_net);
1763         refcount_set(&tbl->parms.refcnt, 1);
1764         tbl->parms.reachable_time =
1765                           neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1766         tbl->parms.qlen = 0;
1767
1768         tbl->stats = alloc_percpu(struct neigh_statistics);
1769         if (!tbl->stats)
1770                 panic("cannot create neighbour cache statistics");
1771
1772 #ifdef CONFIG_PROC_FS
1773         if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1774                               &neigh_stat_seq_ops, tbl))
1775                 panic("cannot create neighbour proc dir entry");
1776 #endif
1777
1778         RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1779
1780         phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1781         tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1782
1783         if (!tbl->nht || !tbl->phash_buckets)
1784                 panic("cannot allocate neighbour cache hashes");
1785
1786         if (!tbl->entry_size)
1787                 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1788                                         tbl->key_len, NEIGH_PRIV_ALIGN);
1789         else
1790                 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1791
1792         rwlock_init(&tbl->lock);
1793
1794         INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1795         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1796                         tbl->parms.reachable_time);
1797         INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1798         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1799
1800         timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1801         skb_queue_head_init_class(&tbl->proxy_queue,
1802                         &neigh_table_proxy_queue_class);
1803
1804         tbl->last_flush = now;
1805         tbl->last_rand  = now + tbl->parms.reachable_time * 20;
1806
1807         neigh_tables[index] = tbl;
1808 }
1809 EXPORT_SYMBOL(neigh_table_init);
1810
1811 int neigh_table_clear(int index, struct neigh_table *tbl)
1812 {
1813         neigh_tables[index] = NULL;
1814         /* It is not clean... Fix it to unload IPv6 module safely */
1815         cancel_delayed_work_sync(&tbl->managed_work);
1816         cancel_delayed_work_sync(&tbl->gc_work);
1817         del_timer_sync(&tbl->proxy_timer);
1818         pneigh_queue_purge(&tbl->proxy_queue, NULL);
1819         neigh_ifdown(tbl, NULL);
1820         if (atomic_read(&tbl->entries))
1821                 pr_crit("neighbour leakage\n");
1822
1823         call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1824                  neigh_hash_free_rcu);
1825         tbl->nht = NULL;
1826
1827         kfree(tbl->phash_buckets);
1828         tbl->phash_buckets = NULL;
1829
1830         remove_proc_entry(tbl->id, init_net.proc_net_stat);
1831
1832         free_percpu(tbl->stats);
1833         tbl->stats = NULL;
1834
1835         return 0;
1836 }
1837 EXPORT_SYMBOL(neigh_table_clear);
1838
1839 static struct neigh_table *neigh_find_table(int family)
1840 {
1841         struct neigh_table *tbl = NULL;
1842
1843         switch (family) {
1844         case AF_INET:
1845                 tbl = neigh_tables[NEIGH_ARP_TABLE];
1846                 break;
1847         case AF_INET6:
1848                 tbl = neigh_tables[NEIGH_ND_TABLE];
1849                 break;
1850         case AF_DECnet:
1851                 tbl = neigh_tables[NEIGH_DN_TABLE];
1852                 break;
1853         }
1854
1855         return tbl;
1856 }
1857
1858 const struct nla_policy nda_policy[NDA_MAX+1] = {
1859         [NDA_UNSPEC]            = { .strict_start_type = NDA_NH_ID },
1860         [NDA_DST]               = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1861         [NDA_LLADDR]            = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1862         [NDA_CACHEINFO]         = { .len = sizeof(struct nda_cacheinfo) },
1863         [NDA_PROBES]            = { .type = NLA_U32 },
1864         [NDA_VLAN]              = { .type = NLA_U16 },
1865         [NDA_PORT]              = { .type = NLA_U16 },
1866         [NDA_VNI]               = { .type = NLA_U32 },
1867         [NDA_IFINDEX]           = { .type = NLA_U32 },
1868         [NDA_MASTER]            = { .type = NLA_U32 },
1869         [NDA_PROTOCOL]          = { .type = NLA_U8 },
1870         [NDA_NH_ID]             = { .type = NLA_U32 },
1871         [NDA_FLAGS_EXT]         = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1872         [NDA_FDB_EXT_ATTRS]     = { .type = NLA_NESTED },
1873 };
1874
1875 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1876                         struct netlink_ext_ack *extack)
1877 {
1878         struct net *net = sock_net(skb->sk);
1879         struct ndmsg *ndm;
1880         struct nlattr *dst_attr;
1881         struct neigh_table *tbl;
1882         struct neighbour *neigh;
1883         struct net_device *dev = NULL;
1884         int err = -EINVAL;
1885
1886         ASSERT_RTNL();
1887         if (nlmsg_len(nlh) < sizeof(*ndm))
1888                 goto out;
1889
1890         dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1891         if (!dst_attr) {
1892                 NL_SET_ERR_MSG(extack, "Network address not specified");
1893                 goto out;
1894         }
1895
1896         ndm = nlmsg_data(nlh);
1897         if (ndm->ndm_ifindex) {
1898                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1899                 if (dev == NULL) {
1900                         err = -ENODEV;
1901                         goto out;
1902                 }
1903         }
1904
1905         tbl = neigh_find_table(ndm->ndm_family);
1906         if (tbl == NULL)
1907                 return -EAFNOSUPPORT;
1908
1909         if (nla_len(dst_attr) < (int)tbl->key_len) {
1910                 NL_SET_ERR_MSG(extack, "Invalid network address");
1911                 goto out;
1912         }
1913
1914         if (ndm->ndm_flags & NTF_PROXY) {
1915                 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1916                 goto out;
1917         }
1918
1919         if (dev == NULL)
1920                 goto out;
1921
1922         neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1923         if (neigh == NULL) {
1924                 err = -ENOENT;
1925                 goto out;
1926         }
1927
1928         err = __neigh_update(neigh, NULL, NUD_FAILED,
1929                              NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1930                              NETLINK_CB(skb).portid, extack);
1931         write_lock_bh(&tbl->lock);
1932         neigh_release(neigh);
1933         neigh_remove_one(neigh, tbl);
1934         write_unlock_bh(&tbl->lock);
1935
1936 out:
1937         return err;
1938 }
1939
1940 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1941                      struct netlink_ext_ack *extack)
1942 {
1943         int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1944                     NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1945         struct net *net = sock_net(skb->sk);
1946         struct ndmsg *ndm;
1947         struct nlattr *tb[NDA_MAX+1];
1948         struct neigh_table *tbl;
1949         struct net_device *dev = NULL;
1950         struct neighbour *neigh;
1951         void *dst, *lladdr;
1952         u8 protocol = 0;
1953         u32 ndm_flags;
1954         int err;
1955
1956         ASSERT_RTNL();
1957         err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1958                                      nda_policy, extack);
1959         if (err < 0)
1960                 goto out;
1961
1962         err = -EINVAL;
1963         if (!tb[NDA_DST]) {
1964                 NL_SET_ERR_MSG(extack, "Network address not specified");
1965                 goto out;
1966         }
1967
1968         ndm = nlmsg_data(nlh);
1969         ndm_flags = ndm->ndm_flags;
1970         if (tb[NDA_FLAGS_EXT]) {
1971                 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
1972
1973                 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1974                              (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1975                               hweight32(NTF_EXT_MASK)));
1976                 ndm_flags |= (ext << NTF_EXT_SHIFT);
1977         }
1978         if (ndm->ndm_ifindex) {
1979                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1980                 if (dev == NULL) {
1981                         err = -ENODEV;
1982                         goto out;
1983                 }
1984
1985                 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
1986                         NL_SET_ERR_MSG(extack, "Invalid link address");
1987                         goto out;
1988                 }
1989         }
1990
1991         tbl = neigh_find_table(ndm->ndm_family);
1992         if (tbl == NULL)
1993                 return -EAFNOSUPPORT;
1994
1995         if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
1996                 NL_SET_ERR_MSG(extack, "Invalid network address");
1997                 goto out;
1998         }
1999
2000         dst = nla_data(tb[NDA_DST]);
2001         lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
2002
2003         if (tb[NDA_PROTOCOL])
2004                 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
2005         if (ndm_flags & NTF_PROXY) {
2006                 struct pneigh_entry *pn;
2007
2008                 if (ndm_flags & NTF_MANAGED) {
2009                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2010                         goto out;
2011                 }
2012
2013                 err = -ENOBUFS;
2014                 pn = pneigh_lookup(tbl, net, dst, dev, 1);
2015                 if (pn) {
2016                         pn->flags = ndm_flags;
2017                         if (protocol)
2018                                 pn->protocol = protocol;
2019                         err = 0;
2020                 }
2021                 goto out;
2022         }
2023
2024         if (!dev) {
2025                 NL_SET_ERR_MSG(extack, "Device not specified");
2026                 goto out;
2027         }
2028
2029         if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2030                 err = -EINVAL;
2031                 goto out;
2032         }
2033
2034         neigh = neigh_lookup(tbl, dst, dev);
2035         if (neigh == NULL) {
2036                 bool ndm_permanent  = ndm->ndm_state & NUD_PERMANENT;
2037                 bool exempt_from_gc = ndm_permanent ||
2038                                       ndm_flags & NTF_EXT_LEARNED;
2039
2040                 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2041                         err = -ENOENT;
2042                         goto out;
2043                 }
2044                 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2045                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2046                         err = -EINVAL;
2047                         goto out;
2048                 }
2049
2050                 neigh = ___neigh_create(tbl, dst, dev,
2051                                         ndm_flags &
2052                                         (NTF_EXT_LEARNED | NTF_MANAGED),
2053                                         exempt_from_gc, true);
2054                 if (IS_ERR(neigh)) {
2055                         err = PTR_ERR(neigh);
2056                         goto out;
2057                 }
2058         } else {
2059                 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2060                         err = -EEXIST;
2061                         neigh_release(neigh);
2062                         goto out;
2063                 }
2064
2065                 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2066                         flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2067                                    NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2068         }
2069
2070         if (protocol)
2071                 neigh->protocol = protocol;
2072         if (ndm_flags & NTF_EXT_LEARNED)
2073                 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2074         if (ndm_flags & NTF_ROUTER)
2075                 flags |= NEIGH_UPDATE_F_ISROUTER;
2076         if (ndm_flags & NTF_MANAGED)
2077                 flags |= NEIGH_UPDATE_F_MANAGED;
2078         if (ndm_flags & NTF_USE)
2079                 flags |= NEIGH_UPDATE_F_USE;
2080
2081         err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2082                              NETLINK_CB(skb).portid, extack);
2083         if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2084                 neigh_event_send(neigh, NULL);
2085                 err = 0;
2086         }
2087         neigh_release(neigh);
2088 out:
2089         return err;
2090 }
2091
2092 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2093 {
2094         struct nlattr *nest;
2095
2096         nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2097         if (nest == NULL)
2098                 return -ENOBUFS;
2099
2100         if ((parms->dev &&
2101              nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2102             nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2103             nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2104                         NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2105             /* approximative value for deprecated QUEUE_LEN (in packets) */
2106             nla_put_u32(skb, NDTPA_QUEUE_LEN,
2107                         NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2108             nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2109             nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2110             nla_put_u32(skb, NDTPA_UCAST_PROBES,
2111                         NEIGH_VAR(parms, UCAST_PROBES)) ||
2112             nla_put_u32(skb, NDTPA_MCAST_PROBES,
2113                         NEIGH_VAR(parms, MCAST_PROBES)) ||
2114             nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2115                         NEIGH_VAR(parms, MCAST_REPROBES)) ||
2116             nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2117                           NDTPA_PAD) ||
2118             nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2119                           NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2120             nla_put_msecs(skb, NDTPA_GC_STALETIME,
2121                           NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2122             nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2123                           NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2124             nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2125                           NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2126             nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2127                           NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2128             nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2129                           NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2130             nla_put_msecs(skb, NDTPA_LOCKTIME,
2131                           NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) ||
2132             nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS,
2133                           NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD))
2134                 goto nla_put_failure;
2135         return nla_nest_end(skb, nest);
2136
2137 nla_put_failure:
2138         nla_nest_cancel(skb, nest);
2139         return -EMSGSIZE;
2140 }
2141
2142 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2143                               u32 pid, u32 seq, int type, int flags)
2144 {
2145         struct nlmsghdr *nlh;
2146         struct ndtmsg *ndtmsg;
2147
2148         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2149         if (nlh == NULL)
2150                 return -EMSGSIZE;
2151
2152         ndtmsg = nlmsg_data(nlh);
2153
2154         read_lock_bh(&tbl->lock);
2155         ndtmsg->ndtm_family = tbl->family;
2156         ndtmsg->ndtm_pad1   = 0;
2157         ndtmsg->ndtm_pad2   = 0;
2158
2159         if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2160             nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2161             nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2162             nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2163             nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2164                 goto nla_put_failure;
2165         {
2166                 unsigned long now = jiffies;
2167                 long flush_delta = now - tbl->last_flush;
2168                 long rand_delta = now - tbl->last_rand;
2169                 struct neigh_hash_table *nht;
2170                 struct ndt_config ndc = {
2171                         .ndtc_key_len           = tbl->key_len,
2172                         .ndtc_entry_size        = tbl->entry_size,
2173                         .ndtc_entries           = atomic_read(&tbl->entries),
2174                         .ndtc_last_flush        = jiffies_to_msecs(flush_delta),
2175                         .ndtc_last_rand         = jiffies_to_msecs(rand_delta),
2176                         .ndtc_proxy_qlen        = tbl->proxy_queue.qlen,
2177                 };
2178
2179                 rcu_read_lock_bh();
2180                 nht = rcu_dereference_bh(tbl->nht);
2181                 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2182                 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2183                 rcu_read_unlock_bh();
2184
2185                 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2186                         goto nla_put_failure;
2187         }
2188
2189         {
2190                 int cpu;
2191                 struct ndt_stats ndst;
2192
2193                 memset(&ndst, 0, sizeof(ndst));
2194
2195                 for_each_possible_cpu(cpu) {
2196                         struct neigh_statistics *st;
2197
2198                         st = per_cpu_ptr(tbl->stats, cpu);
2199                         ndst.ndts_allocs                += st->allocs;
2200                         ndst.ndts_destroys              += st->destroys;
2201                         ndst.ndts_hash_grows            += st->hash_grows;
2202                         ndst.ndts_res_failed            += st->res_failed;
2203                         ndst.ndts_lookups               += st->lookups;
2204                         ndst.ndts_hits                  += st->hits;
2205                         ndst.ndts_rcv_probes_mcast      += st->rcv_probes_mcast;
2206                         ndst.ndts_rcv_probes_ucast      += st->rcv_probes_ucast;
2207                         ndst.ndts_periodic_gc_runs      += st->periodic_gc_runs;
2208                         ndst.ndts_forced_gc_runs        += st->forced_gc_runs;
2209                         ndst.ndts_table_fulls           += st->table_fulls;
2210                 }
2211
2212                 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2213                                   NDTA_PAD))
2214                         goto nla_put_failure;
2215         }
2216
2217         BUG_ON(tbl->parms.dev);
2218         if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2219                 goto nla_put_failure;
2220
2221         read_unlock_bh(&tbl->lock);
2222         nlmsg_end(skb, nlh);
2223         return 0;
2224
2225 nla_put_failure:
2226         read_unlock_bh(&tbl->lock);
2227         nlmsg_cancel(skb, nlh);
2228         return -EMSGSIZE;
2229 }
2230
2231 static int neightbl_fill_param_info(struct sk_buff *skb,
2232                                     struct neigh_table *tbl,
2233                                     struct neigh_parms *parms,
2234                                     u32 pid, u32 seq, int type,
2235                                     unsigned int flags)
2236 {
2237         struct ndtmsg *ndtmsg;
2238         struct nlmsghdr *nlh;
2239
2240         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2241         if (nlh == NULL)
2242                 return -EMSGSIZE;
2243
2244         ndtmsg = nlmsg_data(nlh);
2245
2246         read_lock_bh(&tbl->lock);
2247         ndtmsg->ndtm_family = tbl->family;
2248         ndtmsg->ndtm_pad1   = 0;
2249         ndtmsg->ndtm_pad2   = 0;
2250
2251         if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2252             neightbl_fill_parms(skb, parms) < 0)
2253                 goto errout;
2254
2255         read_unlock_bh(&tbl->lock);
2256         nlmsg_end(skb, nlh);
2257         return 0;
2258 errout:
2259         read_unlock_bh(&tbl->lock);
2260         nlmsg_cancel(skb, nlh);
2261         return -EMSGSIZE;
2262 }
2263
2264 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2265         [NDTA_NAME]             = { .type = NLA_STRING },
2266         [NDTA_THRESH1]          = { .type = NLA_U32 },
2267         [NDTA_THRESH2]          = { .type = NLA_U32 },
2268         [NDTA_THRESH3]          = { .type = NLA_U32 },
2269         [NDTA_GC_INTERVAL]      = { .type = NLA_U64 },
2270         [NDTA_PARMS]            = { .type = NLA_NESTED },
2271 };
2272
2273 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2274         [NDTPA_IFINDEX]                 = { .type = NLA_U32 },
2275         [NDTPA_QUEUE_LEN]               = { .type = NLA_U32 },
2276         [NDTPA_PROXY_QLEN]              = { .type = NLA_U32 },
2277         [NDTPA_APP_PROBES]              = { .type = NLA_U32 },
2278         [NDTPA_UCAST_PROBES]            = { .type = NLA_U32 },
2279         [NDTPA_MCAST_PROBES]            = { .type = NLA_U32 },
2280         [NDTPA_MCAST_REPROBES]          = { .type = NLA_U32 },
2281         [NDTPA_BASE_REACHABLE_TIME]     = { .type = NLA_U64 },
2282         [NDTPA_GC_STALETIME]            = { .type = NLA_U64 },
2283         [NDTPA_DELAY_PROBE_TIME]        = { .type = NLA_U64 },
2284         [NDTPA_RETRANS_TIME]            = { .type = NLA_U64 },
2285         [NDTPA_ANYCAST_DELAY]           = { .type = NLA_U64 },
2286         [NDTPA_PROXY_DELAY]             = { .type = NLA_U64 },
2287         [NDTPA_LOCKTIME]                = { .type = NLA_U64 },
2288         [NDTPA_INTERVAL_PROBE_TIME_MS]  = { .type = NLA_U64, .min = 1 },
2289 };
2290
2291 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2292                         struct netlink_ext_ack *extack)
2293 {
2294         struct net *net = sock_net(skb->sk);
2295         struct neigh_table *tbl;
2296         struct ndtmsg *ndtmsg;
2297         struct nlattr *tb[NDTA_MAX+1];
2298         bool found = false;
2299         int err, tidx;
2300
2301         err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2302                                      nl_neightbl_policy, extack);
2303         if (err < 0)
2304                 goto errout;
2305
2306         if (tb[NDTA_NAME] == NULL) {
2307                 err = -EINVAL;
2308                 goto errout;
2309         }
2310
2311         ndtmsg = nlmsg_data(nlh);
2312
2313         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2314                 tbl = neigh_tables[tidx];
2315                 if (!tbl)
2316                         continue;
2317                 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2318                         continue;
2319                 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2320                         found = true;
2321                         break;
2322                 }
2323         }
2324
2325         if (!found)
2326                 return -ENOENT;
2327
2328         /*
2329          * We acquire tbl->lock to be nice to the periodic timers and
2330          * make sure they always see a consistent set of values.
2331          */
2332         write_lock_bh(&tbl->lock);
2333
2334         if (tb[NDTA_PARMS]) {
2335                 struct nlattr *tbp[NDTPA_MAX+1];
2336                 struct neigh_parms *p;
2337                 int i, ifindex = 0;
2338
2339                 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2340                                                   tb[NDTA_PARMS],
2341                                                   nl_ntbl_parm_policy, extack);
2342                 if (err < 0)
2343                         goto errout_tbl_lock;
2344
2345                 if (tbp[NDTPA_IFINDEX])
2346                         ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2347
2348                 p = lookup_neigh_parms(tbl, net, ifindex);
2349                 if (p == NULL) {
2350                         err = -ENOENT;
2351                         goto errout_tbl_lock;
2352                 }
2353
2354                 for (i = 1; i <= NDTPA_MAX; i++) {
2355                         if (tbp[i] == NULL)
2356                                 continue;
2357
2358                         switch (i) {
2359                         case NDTPA_QUEUE_LEN:
2360                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2361                                               nla_get_u32(tbp[i]) *
2362                                               SKB_TRUESIZE(ETH_FRAME_LEN));
2363                                 break;
2364                         case NDTPA_QUEUE_LENBYTES:
2365                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2366                                               nla_get_u32(tbp[i]));
2367                                 break;
2368                         case NDTPA_PROXY_QLEN:
2369                                 NEIGH_VAR_SET(p, PROXY_QLEN,
2370                                               nla_get_u32(tbp[i]));
2371                                 break;
2372                         case NDTPA_APP_PROBES:
2373                                 NEIGH_VAR_SET(p, APP_PROBES,
2374                                               nla_get_u32(tbp[i]));
2375                                 break;
2376                         case NDTPA_UCAST_PROBES:
2377                                 NEIGH_VAR_SET(p, UCAST_PROBES,
2378                                               nla_get_u32(tbp[i]));
2379                                 break;
2380                         case NDTPA_MCAST_PROBES:
2381                                 NEIGH_VAR_SET(p, MCAST_PROBES,
2382                                               nla_get_u32(tbp[i]));
2383                                 break;
2384                         case NDTPA_MCAST_REPROBES:
2385                                 NEIGH_VAR_SET(p, MCAST_REPROBES,
2386                                               nla_get_u32(tbp[i]));
2387                                 break;
2388                         case NDTPA_BASE_REACHABLE_TIME:
2389                                 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2390                                               nla_get_msecs(tbp[i]));
2391                                 /* update reachable_time as well, otherwise, the change will
2392                                  * only be effective after the next time neigh_periodic_work
2393                                  * decides to recompute it (can be multiple minutes)
2394                                  */
2395                                 p->reachable_time =
2396                                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2397                                 break;
2398                         case NDTPA_GC_STALETIME:
2399                                 NEIGH_VAR_SET(p, GC_STALETIME,
2400                                               nla_get_msecs(tbp[i]));
2401                                 break;
2402                         case NDTPA_DELAY_PROBE_TIME:
2403                                 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2404                                               nla_get_msecs(tbp[i]));
2405                                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2406                                 break;
2407                         case NDTPA_INTERVAL_PROBE_TIME_MS:
2408                                 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2409                                               nla_get_msecs(tbp[i]));
2410                                 break;
2411                         case NDTPA_RETRANS_TIME:
2412                                 NEIGH_VAR_SET(p, RETRANS_TIME,
2413                                               nla_get_msecs(tbp[i]));
2414                                 break;
2415                         case NDTPA_ANYCAST_DELAY:
2416                                 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2417                                               nla_get_msecs(tbp[i]));
2418                                 break;
2419                         case NDTPA_PROXY_DELAY:
2420                                 NEIGH_VAR_SET(p, PROXY_DELAY,
2421                                               nla_get_msecs(tbp[i]));
2422                                 break;
2423                         case NDTPA_LOCKTIME:
2424                                 NEIGH_VAR_SET(p, LOCKTIME,
2425                                               nla_get_msecs(tbp[i]));
2426                                 break;
2427                         }
2428                 }
2429         }
2430
2431         err = -ENOENT;
2432         if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2433              tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2434             !net_eq(net, &init_net))
2435                 goto errout_tbl_lock;
2436
2437         if (tb[NDTA_THRESH1])
2438                 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2439
2440         if (tb[NDTA_THRESH2])
2441                 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2442
2443         if (tb[NDTA_THRESH3])
2444                 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2445
2446         if (tb[NDTA_GC_INTERVAL])
2447                 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2448
2449         err = 0;
2450
2451 errout_tbl_lock:
2452         write_unlock_bh(&tbl->lock);
2453 errout:
2454         return err;
2455 }
2456
2457 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2458                                     struct netlink_ext_ack *extack)
2459 {
2460         struct ndtmsg *ndtm;
2461
2462         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2463                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2464                 return -EINVAL;
2465         }
2466
2467         ndtm = nlmsg_data(nlh);
2468         if (ndtm->ndtm_pad1  || ndtm->ndtm_pad2) {
2469                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2470                 return -EINVAL;
2471         }
2472
2473         if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2474                 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2475                 return -EINVAL;
2476         }
2477
2478         return 0;
2479 }
2480
2481 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2482 {
2483         const struct nlmsghdr *nlh = cb->nlh;
2484         struct net *net = sock_net(skb->sk);
2485         int family, tidx, nidx = 0;
2486         int tbl_skip = cb->args[0];
2487         int neigh_skip = cb->args[1];
2488         struct neigh_table *tbl;
2489
2490         if (cb->strict_check) {
2491                 int err = neightbl_valid_dump_info(nlh, cb->extack);
2492
2493                 if (err < 0)
2494                         return err;
2495         }
2496
2497         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2498
2499         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2500                 struct neigh_parms *p;
2501
2502                 tbl = neigh_tables[tidx];
2503                 if (!tbl)
2504                         continue;
2505
2506                 if (tidx < tbl_skip || (family && tbl->family != family))
2507                         continue;
2508
2509                 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2510                                        nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2511                                        NLM_F_MULTI) < 0)
2512                         break;
2513
2514                 nidx = 0;
2515                 p = list_next_entry(&tbl->parms, list);
2516                 list_for_each_entry_from(p, &tbl->parms_list, list) {
2517                         if (!net_eq(neigh_parms_net(p), net))
2518                                 continue;
2519
2520                         if (nidx < neigh_skip)
2521                                 goto next;
2522
2523                         if (neightbl_fill_param_info(skb, tbl, p,
2524                                                      NETLINK_CB(cb->skb).portid,
2525                                                      nlh->nlmsg_seq,
2526                                                      RTM_NEWNEIGHTBL,
2527                                                      NLM_F_MULTI) < 0)
2528                                 goto out;
2529                 next:
2530                         nidx++;
2531                 }
2532
2533                 neigh_skip = 0;
2534         }
2535 out:
2536         cb->args[0] = tidx;
2537         cb->args[1] = nidx;
2538
2539         return skb->len;
2540 }
2541
2542 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2543                            u32 pid, u32 seq, int type, unsigned int flags)
2544 {
2545         u32 neigh_flags, neigh_flags_ext;
2546         unsigned long now = jiffies;
2547         struct nda_cacheinfo ci;
2548         struct nlmsghdr *nlh;
2549         struct ndmsg *ndm;
2550
2551         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2552         if (nlh == NULL)
2553                 return -EMSGSIZE;
2554
2555         neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2556         neigh_flags     = neigh->flags & NTF_OLD_MASK;
2557
2558         ndm = nlmsg_data(nlh);
2559         ndm->ndm_family  = neigh->ops->family;
2560         ndm->ndm_pad1    = 0;
2561         ndm->ndm_pad2    = 0;
2562         ndm->ndm_flags   = neigh_flags;
2563         ndm->ndm_type    = neigh->type;
2564         ndm->ndm_ifindex = neigh->dev->ifindex;
2565
2566         if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2567                 goto nla_put_failure;
2568
2569         read_lock_bh(&neigh->lock);
2570         ndm->ndm_state   = neigh->nud_state;
2571         if (neigh->nud_state & NUD_VALID) {
2572                 char haddr[MAX_ADDR_LEN];
2573
2574                 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2575                 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2576                         read_unlock_bh(&neigh->lock);
2577                         goto nla_put_failure;
2578                 }
2579         }
2580
2581         ci.ndm_used      = jiffies_to_clock_t(now - neigh->used);
2582         ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2583         ci.ndm_updated   = jiffies_to_clock_t(now - neigh->updated);
2584         ci.ndm_refcnt    = refcount_read(&neigh->refcnt) - 1;
2585         read_unlock_bh(&neigh->lock);
2586
2587         if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2588             nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2589                 goto nla_put_failure;
2590
2591         if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2592                 goto nla_put_failure;
2593         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2594                 goto nla_put_failure;
2595
2596         nlmsg_end(skb, nlh);
2597         return 0;
2598
2599 nla_put_failure:
2600         nlmsg_cancel(skb, nlh);
2601         return -EMSGSIZE;
2602 }
2603
2604 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2605                             u32 pid, u32 seq, int type, unsigned int flags,
2606                             struct neigh_table *tbl)
2607 {
2608         u32 neigh_flags, neigh_flags_ext;
2609         struct nlmsghdr *nlh;
2610         struct ndmsg *ndm;
2611
2612         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2613         if (nlh == NULL)
2614                 return -EMSGSIZE;
2615
2616         neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2617         neigh_flags     = pn->flags & NTF_OLD_MASK;
2618
2619         ndm = nlmsg_data(nlh);
2620         ndm->ndm_family  = tbl->family;
2621         ndm->ndm_pad1    = 0;
2622         ndm->ndm_pad2    = 0;
2623         ndm->ndm_flags   = neigh_flags | NTF_PROXY;
2624         ndm->ndm_type    = RTN_UNICAST;
2625         ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2626         ndm->ndm_state   = NUD_NONE;
2627
2628         if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2629                 goto nla_put_failure;
2630
2631         if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2632                 goto nla_put_failure;
2633         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2634                 goto nla_put_failure;
2635
2636         nlmsg_end(skb, nlh);
2637         return 0;
2638
2639 nla_put_failure:
2640         nlmsg_cancel(skb, nlh);
2641         return -EMSGSIZE;
2642 }
2643
2644 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2645 {
2646         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2647         __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2648 }
2649
2650 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2651 {
2652         struct net_device *master;
2653
2654         if (!master_idx)
2655                 return false;
2656
2657         master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2658
2659         /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2660          * invalid value for ifindex to denote "no master".
2661          */
2662         if (master_idx == -1)
2663                 return !!master;
2664
2665         if (!master || master->ifindex != master_idx)
2666                 return true;
2667
2668         return false;
2669 }
2670
2671 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2672 {
2673         if (filter_idx && (!dev || dev->ifindex != filter_idx))
2674                 return true;
2675
2676         return false;
2677 }
2678
2679 struct neigh_dump_filter {
2680         int master_idx;
2681         int dev_idx;
2682 };
2683
2684 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2685                             struct netlink_callback *cb,
2686                             struct neigh_dump_filter *filter)
2687 {
2688         struct net *net = sock_net(skb->sk);
2689         struct neighbour *n;
2690         int rc, h, s_h = cb->args[1];
2691         int idx, s_idx = idx = cb->args[2];
2692         struct neigh_hash_table *nht;
2693         unsigned int flags = NLM_F_MULTI;
2694
2695         if (filter->dev_idx || filter->master_idx)
2696                 flags |= NLM_F_DUMP_FILTERED;
2697
2698         rcu_read_lock_bh();
2699         nht = rcu_dereference_bh(tbl->nht);
2700
2701         for (h = s_h; h < (1 << nht->hash_shift); h++) {
2702                 if (h > s_h)
2703                         s_idx = 0;
2704                 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2705                      n != NULL;
2706                      n = rcu_dereference_bh(n->next)) {
2707                         if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2708                                 goto next;
2709                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2710                             neigh_master_filtered(n->dev, filter->master_idx))
2711                                 goto next;
2712                         if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2713                                             cb->nlh->nlmsg_seq,
2714                                             RTM_NEWNEIGH,
2715                                             flags) < 0) {
2716                                 rc = -1;
2717                                 goto out;
2718                         }
2719 next:
2720                         idx++;
2721                 }
2722         }
2723         rc = skb->len;
2724 out:
2725         rcu_read_unlock_bh();
2726         cb->args[1] = h;
2727         cb->args[2] = idx;
2728         return rc;
2729 }
2730
2731 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2732                              struct netlink_callback *cb,
2733                              struct neigh_dump_filter *filter)
2734 {
2735         struct pneigh_entry *n;
2736         struct net *net = sock_net(skb->sk);
2737         int rc, h, s_h = cb->args[3];
2738         int idx, s_idx = idx = cb->args[4];
2739         unsigned int flags = NLM_F_MULTI;
2740
2741         if (filter->dev_idx || filter->master_idx)
2742                 flags |= NLM_F_DUMP_FILTERED;
2743
2744         read_lock_bh(&tbl->lock);
2745
2746         for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2747                 if (h > s_h)
2748                         s_idx = 0;
2749                 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2750                         if (idx < s_idx || pneigh_net(n) != net)
2751                                 goto next;
2752                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2753                             neigh_master_filtered(n->dev, filter->master_idx))
2754                                 goto next;
2755                         if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2756                                             cb->nlh->nlmsg_seq,
2757                                             RTM_NEWNEIGH, flags, tbl) < 0) {
2758                                 read_unlock_bh(&tbl->lock);
2759                                 rc = -1;
2760                                 goto out;
2761                         }
2762                 next:
2763                         idx++;
2764                 }
2765         }
2766
2767         read_unlock_bh(&tbl->lock);
2768         rc = skb->len;
2769 out:
2770         cb->args[3] = h;
2771         cb->args[4] = idx;
2772         return rc;
2773
2774 }
2775
2776 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2777                                 bool strict_check,
2778                                 struct neigh_dump_filter *filter,
2779                                 struct netlink_ext_ack *extack)
2780 {
2781         struct nlattr *tb[NDA_MAX + 1];
2782         int err, i;
2783
2784         if (strict_check) {
2785                 struct ndmsg *ndm;
2786
2787                 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2788                         NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2789                         return -EINVAL;
2790                 }
2791
2792                 ndm = nlmsg_data(nlh);
2793                 if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_ifindex ||
2794                     ndm->ndm_state || ndm->ndm_type) {
2795                         NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2796                         return -EINVAL;
2797                 }
2798
2799                 if (ndm->ndm_flags & ~NTF_PROXY) {
2800                         NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2801                         return -EINVAL;
2802                 }
2803
2804                 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2805                                                     tb, NDA_MAX, nda_policy,
2806                                                     extack);
2807         } else {
2808                 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2809                                              NDA_MAX, nda_policy, extack);
2810         }
2811         if (err < 0)
2812                 return err;
2813
2814         for (i = 0; i <= NDA_MAX; ++i) {
2815                 if (!tb[i])
2816                         continue;
2817
2818                 /* all new attributes should require strict_check */
2819                 switch (i) {
2820                 case NDA_IFINDEX:
2821                         filter->dev_idx = nla_get_u32(tb[i]);
2822                         break;
2823                 case NDA_MASTER:
2824                         filter->master_idx = nla_get_u32(tb[i]);
2825                         break;
2826                 default:
2827                         if (strict_check) {
2828                                 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2829                                 return -EINVAL;
2830                         }
2831                 }
2832         }
2833
2834         return 0;
2835 }
2836
2837 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2838 {
2839         const struct nlmsghdr *nlh = cb->nlh;
2840         struct neigh_dump_filter filter = {};
2841         struct neigh_table *tbl;
2842         int t, family, s_t;
2843         int proxy = 0;
2844         int err;
2845
2846         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2847
2848         /* check for full ndmsg structure presence, family member is
2849          * the same for both structures
2850          */
2851         if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2852             ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2853                 proxy = 1;
2854
2855         err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2856         if (err < 0 && cb->strict_check)
2857                 return err;
2858
2859         s_t = cb->args[0];
2860
2861         for (t = 0; t < NEIGH_NR_TABLES; t++) {
2862                 tbl = neigh_tables[t];
2863
2864                 if (!tbl)
2865                         continue;
2866                 if (t < s_t || (family && tbl->family != family))
2867                         continue;
2868                 if (t > s_t)
2869                         memset(&cb->args[1], 0, sizeof(cb->args) -
2870                                                 sizeof(cb->args[0]));
2871                 if (proxy)
2872                         err = pneigh_dump_table(tbl, skb, cb, &filter);
2873                 else
2874                         err = neigh_dump_table(tbl, skb, cb, &filter);
2875                 if (err < 0)
2876                         break;
2877         }
2878
2879         cb->args[0] = t;
2880         return skb->len;
2881 }
2882
2883 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2884                                struct neigh_table **tbl,
2885                                void **dst, int *dev_idx, u8 *ndm_flags,
2886                                struct netlink_ext_ack *extack)
2887 {
2888         struct nlattr *tb[NDA_MAX + 1];
2889         struct ndmsg *ndm;
2890         int err, i;
2891
2892         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2893                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2894                 return -EINVAL;
2895         }
2896
2897         ndm = nlmsg_data(nlh);
2898         if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_state ||
2899             ndm->ndm_type) {
2900                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2901                 return -EINVAL;
2902         }
2903
2904         if (ndm->ndm_flags & ~NTF_PROXY) {
2905                 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2906                 return -EINVAL;
2907         }
2908
2909         err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2910                                             NDA_MAX, nda_policy, extack);
2911         if (err < 0)
2912                 return err;
2913
2914         *ndm_flags = ndm->ndm_flags;
2915         *dev_idx = ndm->ndm_ifindex;
2916         *tbl = neigh_find_table(ndm->ndm_family);
2917         if (*tbl == NULL) {
2918                 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2919                 return -EAFNOSUPPORT;
2920         }
2921
2922         for (i = 0; i <= NDA_MAX; ++i) {
2923                 if (!tb[i])
2924                         continue;
2925
2926                 switch (i) {
2927                 case NDA_DST:
2928                         if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2929                                 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2930                                 return -EINVAL;
2931                         }
2932                         *dst = nla_data(tb[i]);
2933                         break;
2934                 default:
2935                         NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2936                         return -EINVAL;
2937                 }
2938         }
2939
2940         return 0;
2941 }
2942
2943 static inline size_t neigh_nlmsg_size(void)
2944 {
2945         return NLMSG_ALIGN(sizeof(struct ndmsg))
2946                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2947                + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2948                + nla_total_size(sizeof(struct nda_cacheinfo))
2949                + nla_total_size(4)  /* NDA_PROBES */
2950                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2951                + nla_total_size(1); /* NDA_PROTOCOL */
2952 }
2953
2954 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2955                            u32 pid, u32 seq)
2956 {
2957         struct sk_buff *skb;
2958         int err = 0;
2959
2960         skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2961         if (!skb)
2962                 return -ENOBUFS;
2963
2964         err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2965         if (err) {
2966                 kfree_skb(skb);
2967                 goto errout;
2968         }
2969
2970         err = rtnl_unicast(skb, net, pid);
2971 errout:
2972         return err;
2973 }
2974
2975 static inline size_t pneigh_nlmsg_size(void)
2976 {
2977         return NLMSG_ALIGN(sizeof(struct ndmsg))
2978                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2979                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2980                + nla_total_size(1); /* NDA_PROTOCOL */
2981 }
2982
2983 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2984                             u32 pid, u32 seq, struct neigh_table *tbl)
2985 {
2986         struct sk_buff *skb;
2987         int err = 0;
2988
2989         skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
2990         if (!skb)
2991                 return -ENOBUFS;
2992
2993         err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
2994         if (err) {
2995                 kfree_skb(skb);
2996                 goto errout;
2997         }
2998
2999         err = rtnl_unicast(skb, net, pid);
3000 errout:
3001         return err;
3002 }
3003
3004 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3005                      struct netlink_ext_ack *extack)
3006 {
3007         struct net *net = sock_net(in_skb->sk);
3008         struct net_device *dev = NULL;
3009         struct neigh_table *tbl = NULL;
3010         struct neighbour *neigh;
3011         void *dst = NULL;
3012         u8 ndm_flags = 0;
3013         int dev_idx = 0;
3014         int err;
3015
3016         err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
3017                                   extack);
3018         if (err < 0)
3019                 return err;
3020
3021         if (dev_idx) {
3022                 dev = __dev_get_by_index(net, dev_idx);
3023                 if (!dev) {
3024                         NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3025                         return -ENODEV;
3026                 }
3027         }
3028
3029         if (!dst) {
3030                 NL_SET_ERR_MSG(extack, "Network address not specified");
3031                 return -EINVAL;
3032         }
3033
3034         if (ndm_flags & NTF_PROXY) {
3035                 struct pneigh_entry *pn;
3036
3037                 pn = pneigh_lookup(tbl, net, dst, dev, 0);
3038                 if (!pn) {
3039                         NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3040                         return -ENOENT;
3041                 }
3042                 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3043                                         nlh->nlmsg_seq, tbl);
3044         }
3045
3046         if (!dev) {
3047                 NL_SET_ERR_MSG(extack, "No device specified");
3048                 return -EINVAL;
3049         }
3050
3051         neigh = neigh_lookup(tbl, dst, dev);
3052         if (!neigh) {
3053                 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3054                 return -ENOENT;
3055         }
3056
3057         err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3058                               nlh->nlmsg_seq);
3059
3060         neigh_release(neigh);
3061
3062         return err;
3063 }
3064
3065 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3066 {
3067         int chain;
3068         struct neigh_hash_table *nht;
3069
3070         rcu_read_lock_bh();
3071         nht = rcu_dereference_bh(tbl->nht);
3072
3073         read_lock(&tbl->lock); /* avoid resizes */
3074         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3075                 struct neighbour *n;
3076
3077                 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3078                      n != NULL;
3079                      n = rcu_dereference_bh(n->next))
3080                         cb(n, cookie);
3081         }
3082         read_unlock(&tbl->lock);
3083         rcu_read_unlock_bh();
3084 }
3085 EXPORT_SYMBOL(neigh_for_each);
3086
3087 /* The tbl->lock must be held as a writer and BH disabled. */
3088 void __neigh_for_each_release(struct neigh_table *tbl,
3089                               int (*cb)(struct neighbour *))
3090 {
3091         int chain;
3092         struct neigh_hash_table *nht;
3093
3094         nht = rcu_dereference_protected(tbl->nht,
3095                                         lockdep_is_held(&tbl->lock));
3096         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3097                 struct neighbour *n;
3098                 struct neighbour __rcu **np;
3099
3100                 np = &nht->hash_buckets[chain];
3101                 while ((n = rcu_dereference_protected(*np,
3102                                         lockdep_is_held(&tbl->lock))) != NULL) {
3103                         int release;
3104
3105                         write_lock(&n->lock);
3106                         release = cb(n);
3107                         if (release) {
3108                                 rcu_assign_pointer(*np,
3109                                         rcu_dereference_protected(n->next,
3110                                                 lockdep_is_held(&tbl->lock)));
3111                                 neigh_mark_dead(n);
3112                         } else
3113                                 np = &n->next;
3114                         write_unlock(&n->lock);
3115                         if (release)
3116                                 neigh_cleanup_and_release(n);
3117                 }
3118         }
3119 }
3120 EXPORT_SYMBOL(__neigh_for_each_release);
3121
3122 int neigh_xmit(int index, struct net_device *dev,
3123                const void *addr, struct sk_buff *skb)
3124 {
3125         int err = -EAFNOSUPPORT;
3126         if (likely(index < NEIGH_NR_TABLES)) {
3127                 struct neigh_table *tbl;
3128                 struct neighbour *neigh;
3129
3130                 tbl = neigh_tables[index];
3131                 if (!tbl)
3132                         goto out;
3133                 rcu_read_lock_bh();
3134                 if (index == NEIGH_ARP_TABLE) {
3135                         u32 key = *((u32 *)addr);
3136
3137                         neigh = __ipv4_neigh_lookup_noref(dev, key);
3138                 } else {
3139                         neigh = __neigh_lookup_noref(tbl, addr, dev);
3140                 }
3141                 if (!neigh)
3142                         neigh = __neigh_create(tbl, addr, dev, false);
3143                 err = PTR_ERR(neigh);
3144                 if (IS_ERR(neigh)) {
3145                         rcu_read_unlock_bh();
3146                         goto out_kfree_skb;
3147                 }
3148                 err = neigh->output(neigh, skb);
3149                 rcu_read_unlock_bh();
3150         }
3151         else if (index == NEIGH_LINK_TABLE) {
3152                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3153                                       addr, NULL, skb->len);
3154                 if (err < 0)
3155                         goto out_kfree_skb;
3156                 err = dev_queue_xmit(skb);
3157         }
3158 out:
3159         return err;
3160 out_kfree_skb:
3161         kfree_skb(skb);
3162         goto out;
3163 }
3164 EXPORT_SYMBOL(neigh_xmit);
3165
3166 #ifdef CONFIG_PROC_FS
3167
3168 static struct neighbour *neigh_get_first(struct seq_file *seq)
3169 {
3170         struct neigh_seq_state *state = seq->private;
3171         struct net *net = seq_file_net(seq);
3172         struct neigh_hash_table *nht = state->nht;
3173         struct neighbour *n = NULL;
3174         int bucket;
3175
3176         state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3177         for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3178                 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3179
3180                 while (n) {
3181                         if (!net_eq(dev_net(n->dev), net))
3182                                 goto next;
3183                         if (state->neigh_sub_iter) {
3184                                 loff_t fakep = 0;
3185                                 void *v;
3186
3187                                 v = state->neigh_sub_iter(state, n, &fakep);
3188                                 if (!v)
3189                                         goto next;
3190                         }
3191                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3192                                 break;
3193                         if (n->nud_state & ~NUD_NOARP)
3194                                 break;
3195 next:
3196                         n = rcu_dereference_bh(n->next);
3197                 }
3198
3199                 if (n)
3200                         break;
3201         }
3202         state->bucket = bucket;
3203
3204         return n;
3205 }
3206
3207 static struct neighbour *neigh_get_next(struct seq_file *seq,
3208                                         struct neighbour *n,
3209                                         loff_t *pos)
3210 {
3211         struct neigh_seq_state *state = seq->private;
3212         struct net *net = seq_file_net(seq);
3213         struct neigh_hash_table *nht = state->nht;
3214
3215         if (state->neigh_sub_iter) {
3216                 void *v = state->neigh_sub_iter(state, n, pos);
3217                 if (v)
3218                         return n;
3219         }
3220         n = rcu_dereference_bh(n->next);
3221
3222         while (1) {
3223                 while (n) {
3224                         if (!net_eq(dev_net(n->dev), net))
3225                                 goto next;
3226                         if (state->neigh_sub_iter) {
3227                                 void *v = state->neigh_sub_iter(state, n, pos);
3228                                 if (v)
3229                                         return n;
3230                                 goto next;
3231                         }
3232                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3233                                 break;
3234
3235                         if (n->nud_state & ~NUD_NOARP)
3236                                 break;
3237 next:
3238                         n = rcu_dereference_bh(n->next);
3239                 }
3240
3241                 if (n)
3242                         break;
3243
3244                 if (++state->bucket >= (1 << nht->hash_shift))
3245                         break;
3246
3247                 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3248         }
3249
3250         if (n && pos)
3251                 --(*pos);
3252         return n;
3253 }
3254
3255 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3256 {
3257         struct neighbour *n = neigh_get_first(seq);
3258
3259         if (n) {
3260                 --(*pos);
3261                 while (*pos) {
3262                         n = neigh_get_next(seq, n, pos);
3263                         if (!n)
3264                                 break;
3265                 }
3266         }
3267         return *pos ? NULL : n;
3268 }
3269
3270 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3271 {
3272         struct neigh_seq_state *state = seq->private;
3273         struct net *net = seq_file_net(seq);
3274         struct neigh_table *tbl = state->tbl;
3275         struct pneigh_entry *pn = NULL;
3276         int bucket;
3277
3278         state->flags |= NEIGH_SEQ_IS_PNEIGH;
3279         for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3280                 pn = tbl->phash_buckets[bucket];
3281                 while (pn && !net_eq(pneigh_net(pn), net))
3282                         pn = pn->next;
3283                 if (pn)
3284                         break;
3285         }
3286         state->bucket = bucket;
3287
3288         return pn;
3289 }
3290
3291 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3292                                             struct pneigh_entry *pn,
3293                                             loff_t *pos)
3294 {
3295         struct neigh_seq_state *state = seq->private;
3296         struct net *net = seq_file_net(seq);
3297         struct neigh_table *tbl = state->tbl;
3298
3299         do {
3300                 pn = pn->next;
3301         } while (pn && !net_eq(pneigh_net(pn), net));
3302
3303         while (!pn) {
3304                 if (++state->bucket > PNEIGH_HASHMASK)
3305                         break;
3306                 pn = tbl->phash_buckets[state->bucket];
3307                 while (pn && !net_eq(pneigh_net(pn), net))
3308                         pn = pn->next;
3309                 if (pn)
3310                         break;
3311         }
3312
3313         if (pn && pos)
3314                 --(*pos);
3315
3316         return pn;
3317 }
3318
3319 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3320 {
3321         struct pneigh_entry *pn = pneigh_get_first(seq);
3322
3323         if (pn) {
3324                 --(*pos);
3325                 while (*pos) {
3326                         pn = pneigh_get_next(seq, pn, pos);
3327                         if (!pn)
3328                                 break;
3329                 }
3330         }
3331         return *pos ? NULL : pn;
3332 }
3333
3334 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3335 {
3336         struct neigh_seq_state *state = seq->private;
3337         void *rc;
3338         loff_t idxpos = *pos;
3339
3340         rc = neigh_get_idx(seq, &idxpos);
3341         if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3342                 rc = pneigh_get_idx(seq, &idxpos);
3343
3344         return rc;
3345 }
3346
3347 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3348         __acquires(tbl->lock)
3349         __acquires(rcu_bh)
3350 {
3351         struct neigh_seq_state *state = seq->private;
3352
3353         state->tbl = tbl;
3354         state->bucket = 0;
3355         state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3356
3357         rcu_read_lock_bh();
3358         state->nht = rcu_dereference_bh(tbl->nht);
3359         read_lock(&tbl->lock);
3360
3361         return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3362 }
3363 EXPORT_SYMBOL(neigh_seq_start);
3364
3365 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3366 {
3367         struct neigh_seq_state *state;
3368         void *rc;
3369
3370         if (v == SEQ_START_TOKEN) {
3371                 rc = neigh_get_first(seq);
3372                 goto out;
3373         }
3374
3375         state = seq->private;
3376         if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3377                 rc = neigh_get_next(seq, v, NULL);
3378                 if (rc)
3379                         goto out;
3380                 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3381                         rc = pneigh_get_first(seq);
3382         } else {
3383                 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3384                 rc = pneigh_get_next(seq, v, NULL);
3385         }
3386 out:
3387         ++(*pos);
3388         return rc;
3389 }
3390 EXPORT_SYMBOL(neigh_seq_next);
3391
3392 void neigh_seq_stop(struct seq_file *seq, void *v)
3393         __releases(tbl->lock)
3394         __releases(rcu_bh)
3395 {
3396         struct neigh_seq_state *state = seq->private;
3397         struct neigh_table *tbl = state->tbl;
3398
3399         read_unlock(&tbl->lock);
3400         rcu_read_unlock_bh();
3401 }
3402 EXPORT_SYMBOL(neigh_seq_stop);
3403
3404 /* statistics via seq_file */
3405
3406 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3407 {
3408         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3409         int cpu;
3410
3411         if (*pos == 0)
3412                 return SEQ_START_TOKEN;
3413
3414         for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3415                 if (!cpu_possible(cpu))
3416                         continue;
3417                 *pos = cpu+1;
3418                 return per_cpu_ptr(tbl->stats, cpu);
3419         }
3420         return NULL;
3421 }
3422
3423 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3424 {
3425         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3426         int cpu;
3427
3428         for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3429                 if (!cpu_possible(cpu))
3430                         continue;
3431                 *pos = cpu+1;
3432                 return per_cpu_ptr(tbl->stats, cpu);
3433         }
3434         (*pos)++;
3435         return NULL;
3436 }
3437
3438 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3439 {
3440
3441 }
3442
3443 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3444 {
3445         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3446         struct neigh_statistics *st = v;
3447
3448         if (v == SEQ_START_TOKEN) {
3449                 seq_puts(seq, "entries  allocs   destroys hash_grows lookups  hits     res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3450                 return 0;
3451         }
3452
3453         seq_printf(seq, "%08x %08lx %08lx %08lx   %08lx %08lx %08lx   "
3454                         "%08lx         %08lx         %08lx         "
3455                         "%08lx       %08lx            %08lx\n",
3456                    atomic_read(&tbl->entries),
3457
3458                    st->allocs,
3459                    st->destroys,
3460                    st->hash_grows,
3461
3462                    st->lookups,
3463                    st->hits,
3464
3465                    st->res_failed,
3466
3467                    st->rcv_probes_mcast,
3468                    st->rcv_probes_ucast,
3469
3470                    st->periodic_gc_runs,
3471                    st->forced_gc_runs,
3472                    st->unres_discards,
3473                    st->table_fulls
3474                    );
3475
3476         return 0;
3477 }
3478
3479 static const struct seq_operations neigh_stat_seq_ops = {
3480         .start  = neigh_stat_seq_start,
3481         .next   = neigh_stat_seq_next,
3482         .stop   = neigh_stat_seq_stop,
3483         .show   = neigh_stat_seq_show,
3484 };
3485 #endif /* CONFIG_PROC_FS */
3486
3487 static void __neigh_notify(struct neighbour *n, int type, int flags,
3488                            u32 pid)
3489 {
3490         struct net *net = dev_net(n->dev);
3491         struct sk_buff *skb;
3492         int err = -ENOBUFS;
3493
3494         skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3495         if (skb == NULL)
3496                 goto errout;
3497
3498         err = neigh_fill_info(skb, n, pid, 0, type, flags);
3499         if (err < 0) {
3500                 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3501                 WARN_ON(err == -EMSGSIZE);
3502                 kfree_skb(skb);
3503                 goto errout;
3504         }
3505         rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3506         return;
3507 errout:
3508         if (err < 0)
3509                 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3510 }
3511
3512 void neigh_app_ns(struct neighbour *n)
3513 {
3514         __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3515 }
3516 EXPORT_SYMBOL(neigh_app_ns);
3517
3518 #ifdef CONFIG_SYSCTL
3519 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3520
3521 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3522                            void *buffer, size_t *lenp, loff_t *ppos)
3523 {
3524         int size, ret;
3525         struct ctl_table tmp = *ctl;
3526
3527         tmp.extra1 = SYSCTL_ZERO;
3528         tmp.extra2 = &unres_qlen_max;
3529         tmp.data = &size;
3530
3531         size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3532         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3533
3534         if (write && !ret)
3535                 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3536         return ret;
3537 }
3538
3539 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
3540                                                    int family)
3541 {
3542         switch (family) {
3543         case AF_INET:
3544                 return __in_dev_arp_parms_get_rcu(dev);
3545         case AF_INET6:
3546                 return __in6_dev_nd_parms_get_rcu(dev);
3547         }
3548         return NULL;
3549 }
3550
3551 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3552                                   int index)
3553 {
3554         struct net_device *dev;
3555         int family = neigh_parms_family(p);
3556
3557         rcu_read_lock();
3558         for_each_netdev_rcu(net, dev) {
3559                 struct neigh_parms *dst_p =
3560                                 neigh_get_dev_parms_rcu(dev, family);
3561
3562                 if (dst_p && !test_bit(index, dst_p->data_state))
3563                         dst_p->data[index] = p->data[index];
3564         }
3565         rcu_read_unlock();
3566 }
3567
3568 static void neigh_proc_update(struct ctl_table *ctl, int write)
3569 {
3570         struct net_device *dev = ctl->extra1;
3571         struct neigh_parms *p = ctl->extra2;
3572         struct net *net = neigh_parms_net(p);
3573         int index = (int *) ctl->data - p->data;
3574
3575         if (!write)
3576                 return;
3577
3578         set_bit(index, p->data_state);
3579         if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3580                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3581         if (!dev) /* NULL dev means this is default value */
3582                 neigh_copy_dflt_parms(net, p, index);
3583 }
3584
3585 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3586                                            void *buffer, size_t *lenp,
3587                                            loff_t *ppos)
3588 {
3589         struct ctl_table tmp = *ctl;
3590         int ret;
3591
3592         tmp.extra1 = SYSCTL_ZERO;
3593         tmp.extra2 = SYSCTL_INT_MAX;
3594
3595         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3596         neigh_proc_update(ctl, write);
3597         return ret;
3598 }
3599
3600 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write,
3601                                                    void *buffer, size_t *lenp, loff_t *ppos)
3602 {
3603         struct ctl_table tmp = *ctl;
3604         int ret;
3605
3606         int min = msecs_to_jiffies(1);
3607
3608         tmp.extra1 = &min;
3609         tmp.extra2 = NULL;
3610
3611         ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos);
3612         neigh_proc_update(ctl, write);
3613         return ret;
3614 }
3615
3616 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3617                         size_t *lenp, loff_t *ppos)
3618 {
3619         int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3620
3621         neigh_proc_update(ctl, write);
3622         return ret;
3623 }
3624 EXPORT_SYMBOL(neigh_proc_dointvec);
3625
3626 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3627                                 size_t *lenp, loff_t *ppos)
3628 {
3629         int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3630
3631         neigh_proc_update(ctl, write);
3632         return ret;
3633 }
3634 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3635
3636 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3637                                               void *buffer, size_t *lenp,
3638                                               loff_t *ppos)
3639 {
3640         int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3641
3642         neigh_proc_update(ctl, write);
3643         return ret;
3644 }
3645
3646 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3647                                    void *buffer, size_t *lenp, loff_t *ppos)
3648 {
3649         int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3650
3651         neigh_proc_update(ctl, write);
3652         return ret;
3653 }
3654 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3655
3656 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3657                                           void *buffer, size_t *lenp,
3658                                           loff_t *ppos)
3659 {
3660         int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3661
3662         neigh_proc_update(ctl, write);
3663         return ret;
3664 }
3665
3666 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3667                                           void *buffer, size_t *lenp,
3668                                           loff_t *ppos)
3669 {
3670         struct neigh_parms *p = ctl->extra2;
3671         int ret;
3672
3673         if (strcmp(ctl->procname, "base_reachable_time") == 0)
3674                 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3675         else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3676                 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3677         else
3678                 ret = -1;
3679
3680         if (write && ret == 0) {
3681                 /* update reachable_time as well, otherwise, the change will
3682                  * only be effective after the next time neigh_periodic_work
3683                  * decides to recompute it
3684                  */
3685                 p->reachable_time =
3686                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3687         }
3688         return ret;
3689 }
3690
3691 #define NEIGH_PARMS_DATA_OFFSET(index)  \
3692         (&((struct neigh_parms *) 0)->data[index])
3693
3694 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3695         [NEIGH_VAR_ ## attr] = { \
3696                 .procname       = name, \
3697                 .data           = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3698                 .maxlen         = sizeof(int), \
3699                 .mode           = mval, \
3700                 .proc_handler   = proc, \
3701         }
3702
3703 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3704         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3705
3706 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3707         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3708
3709 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3710         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3711
3712 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3713         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3714
3715 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3716         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3717
3718 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3719         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3720
3721 static struct neigh_sysctl_table {
3722         struct ctl_table_header *sysctl_header;
3723         struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3724 } neigh_sysctl_template __read_mostly = {
3725         .neigh_vars = {
3726                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3727                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3728                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3729                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3730                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3731                 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3732                 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3733                 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3734                                                        "interval_probe_time_ms"),
3735                 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3736                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3737                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3738                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3739                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3740                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3741                 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3742                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3743                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3744                 [NEIGH_VAR_GC_INTERVAL] = {
3745                         .procname       = "gc_interval",
3746                         .maxlen         = sizeof(int),
3747                         .mode           = 0644,
3748                         .proc_handler   = proc_dointvec_jiffies,
3749                 },
3750                 [NEIGH_VAR_GC_THRESH1] = {
3751                         .procname       = "gc_thresh1",
3752                         .maxlen         = sizeof(int),
3753                         .mode           = 0644,
3754                         .extra1         = SYSCTL_ZERO,
3755                         .extra2         = SYSCTL_INT_MAX,
3756                         .proc_handler   = proc_dointvec_minmax,
3757                 },
3758                 [NEIGH_VAR_GC_THRESH2] = {
3759                         .procname       = "gc_thresh2",
3760                         .maxlen         = sizeof(int),
3761                         .mode           = 0644,
3762                         .extra1         = SYSCTL_ZERO,
3763                         .extra2         = SYSCTL_INT_MAX,
3764                         .proc_handler   = proc_dointvec_minmax,
3765                 },
3766                 [NEIGH_VAR_GC_THRESH3] = {
3767                         .procname       = "gc_thresh3",
3768                         .maxlen         = sizeof(int),
3769                         .mode           = 0644,
3770                         .extra1         = SYSCTL_ZERO,
3771                         .extra2         = SYSCTL_INT_MAX,
3772                         .proc_handler   = proc_dointvec_minmax,
3773                 },
3774                 {},
3775         },
3776 };
3777
3778 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3779                           proc_handler *handler)
3780 {
3781         int i;
3782         struct neigh_sysctl_table *t;
3783         const char *dev_name_source;
3784         char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3785         char *p_name;
3786
3787         t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3788         if (!t)
3789                 goto err;
3790
3791         for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3792                 t->neigh_vars[i].data += (long) p;
3793                 t->neigh_vars[i].extra1 = dev;
3794                 t->neigh_vars[i].extra2 = p;
3795         }
3796
3797         if (dev) {
3798                 dev_name_source = dev->name;
3799                 /* Terminate the table early */
3800                 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3801                        sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3802         } else {
3803                 struct neigh_table *tbl = p->tbl;
3804                 dev_name_source = "default";
3805                 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3806                 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3807                 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3808                 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3809         }
3810
3811         if (handler) {
3812                 /* RetransTime */
3813                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3814                 /* ReachableTime */
3815                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3816                 /* RetransTime (in milliseconds)*/
3817                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3818                 /* ReachableTime (in milliseconds) */
3819                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3820         } else {
3821                 /* Those handlers will update p->reachable_time after
3822                  * base_reachable_time(_ms) is set to ensure the new timer starts being
3823                  * applied after the next neighbour update instead of waiting for
3824                  * neigh_periodic_work to update its value (can be multiple minutes)
3825                  * So any handler that replaces them should do this as well
3826                  */
3827                 /* ReachableTime */
3828                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3829                         neigh_proc_base_reachable_time;
3830                 /* ReachableTime (in milliseconds) */
3831                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3832                         neigh_proc_base_reachable_time;
3833         }
3834
3835         switch (neigh_parms_family(p)) {
3836         case AF_INET:
3837               p_name = "ipv4";
3838               break;
3839         case AF_INET6:
3840               p_name = "ipv6";
3841               break;
3842         default:
3843               BUG();
3844         }
3845
3846         snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3847                 p_name, dev_name_source);
3848         t->sysctl_header =
3849                 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3850         if (!t->sysctl_header)
3851                 goto free;
3852
3853         p->sysctl_table = t;
3854         return 0;
3855
3856 free:
3857         kfree(t);
3858 err:
3859         return -ENOBUFS;
3860 }
3861 EXPORT_SYMBOL(neigh_sysctl_register);
3862
3863 void neigh_sysctl_unregister(struct neigh_parms *p)
3864 {
3865         if (p->sysctl_table) {
3866                 struct neigh_sysctl_table *t = p->sysctl_table;
3867                 p->sysctl_table = NULL;
3868                 unregister_net_sysctl_table(t->sysctl_header);
3869                 kfree(t);
3870         }
3871 }
3872 EXPORT_SYMBOL(neigh_sysctl_unregister);
3873
3874 #endif  /* CONFIG_SYSCTL */
3875
3876 static int __init neigh_init(void)
3877 {
3878         rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3879         rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3880         rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3881
3882         rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3883                       0);
3884         rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3885
3886         return 0;
3887 }
3888
3889 subsys_initcall(neigh_init);