projects / platform / kernel / linux-starfive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
bpf: Add dummy type reference to nf_conn___init to fix type deduplication
[platform/kernel/linux-starfive.git] / net / core / neighbour.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *      Generic address resolution entity
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Alexey Kuznetsov        <kuznet@ms2.inr.ac.ru>
8  *
9  *      Fixes:
10  *      Vitaly E. Lavrov        releasing NULL neighbor in neigh_add.
11  *      Harald Welte            Add neighbour cache statistics like rtstat
12  */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/slab.h>
17 #include <linux/kmemleak.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/socket.h>
22 #include <linux/netdevice.h>
23 #include <linux/proc_fs.h>
24 #ifdef CONFIG_SYSCTL
25 #include <linux/sysctl.h>
26 #endif
27 #include <linux/times.h>
28 #include <net/net_namespace.h>
29 #include <net/neighbour.h>
30 #include <net/arp.h>
31 #include <net/dst.h>
32 #include <net/sock.h>
33 #include <net/netevent.h>
34 #include <net/netlink.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/random.h>
37 #include <linux/string.h>
38 #include <linux/log2.h>
39 #include <linux/inetdevice.h>
40 #include <net/addrconf.h>
41
42 #include <trace/events/neigh.h>
43
44 #define NEIGH_DEBUG 1
45 #define neigh_dbg(level, fmt, ...)              \
46 do {                                            \
47         if (level <= NEIGH_DEBUG)               \
48                 pr_debug(fmt, ##__VA_ARGS__);   \
49 } while (0)
50
51 #define PNEIGH_HASHMASK         0xF
52
53 static void neigh_timer_handler(struct timer_list *t);
54 static void __neigh_notify(struct neighbour *n, int type, int flags,
55                            u32 pid);
56 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58                                     struct net_device *dev);
59
60 #ifdef CONFIG_PROC_FS
61 static const struct seq_operations neigh_stat_seq_ops;
62 #endif
63
64 /*
65    Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67    - All the scans/updates to hash buckets MUST be made under this lock.
68    - NOTHING clever should be made under this lock: no callbacks
69      to protocol backends, no attempts to send something to network.
70      It will result in deadlocks, if backend/driver wants to use neighbour
71      cache.
72    - If the entry requires some non-trivial actions, increase
73      its reference count and release table lock.
74
75    Neighbour entries are protected:
76    - with reference count.
77    - with rwlock neigh->lock
78
79    Reference count prevents destruction.
80
81    neigh->lock mainly serializes ll address data and its validity state.
82    However, the same lock is used to protect another entry fields:
83     - timer
84     - resolution queue
85
86    Again, nothing clever shall be made under neigh->lock,
87    the most complicated procedure, which we allow is dev->hard_header.
88    It is supposed, that dev->hard_header is simplistic and does
89    not make callbacks to neighbour tables.
90  */
91
92 static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93 {
94         kfree_skb(skb);
95         return -ENETDOWN;
96 }
97
98 static void neigh_cleanup_and_release(struct neighbour *neigh)
99 {
100         trace_neigh_cleanup_and_release(neigh, 0);
101         __neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
102         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
103         neigh_release(neigh);
104 }
105
106 /*
107  * It is random distribution in the interval (1/2)*base...(3/2)*base.
108  * It corresponds to default IPv6 settings and is not overridable,
109  * because it is really reasonable choice.
110  */
111
112 unsigned long neigh_rand_reach_time(unsigned long base)
113 {
114         return base ? prandom_u32_max(base) + (base >> 1) : 0;
115 }
116 EXPORT_SYMBOL(neigh_rand_reach_time);
117
118 static void neigh_mark_dead(struct neighbour *n)
119 {
120         n->dead = 1;
121         if (!list_empty(&n->gc_list)) {
122                 list_del_init(&n->gc_list);
123                 atomic_dec(&n->tbl->gc_entries);
124         }
125         if (!list_empty(&n->managed_list))
126                 list_del_init(&n->managed_list);
127 }
128
129 static void neigh_update_gc_list(struct neighbour *n)
130 {
131         bool on_gc_list, exempt_from_gc;
132
133         write_lock_bh(&n->tbl->lock);
134         write_lock(&n->lock);
135         if (n->dead)
136                 goto out;
137
138         /* remove from the gc list if new state is permanent or if neighbor
139          * is externally learned; otherwise entry should be on the gc list
140          */
141         exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142                          n->flags & NTF_EXT_LEARNED;
143         on_gc_list = !list_empty(&n->gc_list);
144
145         if (exempt_from_gc && on_gc_list) {
146                 list_del_init(&n->gc_list);
147                 atomic_dec(&n->tbl->gc_entries);
148         } else if (!exempt_from_gc && !on_gc_list) {
149                 /* add entries to the tail; cleaning removes from the front */
150                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
151                 atomic_inc(&n->tbl->gc_entries);
152         }
153 out:
154         write_unlock(&n->lock);
155         write_unlock_bh(&n->tbl->lock);
156 }
157
158 static void neigh_update_managed_list(struct neighbour *n)
159 {
160         bool on_managed_list, add_to_managed;
161
162         write_lock_bh(&n->tbl->lock);
163         write_lock(&n->lock);
164         if (n->dead)
165                 goto out;
166
167         add_to_managed = n->flags & NTF_MANAGED;
168         on_managed_list = !list_empty(&n->managed_list);
169
170         if (!add_to_managed && on_managed_list)
171                 list_del_init(&n->managed_list);
172         else if (add_to_managed && !on_managed_list)
173                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
174 out:
175         write_unlock(&n->lock);
176         write_unlock_bh(&n->tbl->lock);
177 }
178
179 static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180                                bool *gc_update, bool *managed_update)
181 {
182         u32 ndm_flags, old_flags = neigh->flags;
183
184         if (!(flags & NEIGH_UPDATE_F_ADMIN))
185                 return;
186
187         ndm_flags  = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188         ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189
190         if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191                 if (ndm_flags & NTF_EXT_LEARNED)
192                         neigh->flags |= NTF_EXT_LEARNED;
193                 else
194                         neigh->flags &= ~NTF_EXT_LEARNED;
195                 *notify = 1;
196                 *gc_update = true;
197         }
198         if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199                 if (ndm_flags & NTF_MANAGED)
200                         neigh->flags |= NTF_MANAGED;
201                 else
202                         neigh->flags &= ~NTF_MANAGED;
203                 *notify = 1;
204                 *managed_update = true;
205         }
206 }
207
208 static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209                       struct neigh_table *tbl)
210 {
211         bool retval = false;
212
213         write_lock(&n->lock);
214         if (refcount_read(&n->refcnt) == 1) {
215                 struct neighbour *neigh;
216
217                 neigh = rcu_dereference_protected(n->next,
218                                                   lockdep_is_held(&tbl->lock));
219                 rcu_assign_pointer(*np, neigh);
220                 neigh_mark_dead(n);
221                 retval = true;
222         }
223         write_unlock(&n->lock);
224         if (retval)
225                 neigh_cleanup_and_release(n);
226         return retval;
227 }
228
229 bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230 {
231         struct neigh_hash_table *nht;
232         void *pkey = ndel->primary_key;
233         u32 hash_val;
234         struct neighbour *n;
235         struct neighbour __rcu **np;
236
237         nht = rcu_dereference_protected(tbl->nht,
238                                         lockdep_is_held(&tbl->lock));
239         hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240         hash_val = hash_val >> (32 - nht->hash_shift);
241
242         np = &nht->hash_buckets[hash_val];
243         while ((n = rcu_dereference_protected(*np,
244                                               lockdep_is_held(&tbl->lock)))) {
245                 if (n == ndel)
246                         return neigh_del(n, np, tbl);
247                 np = &n->next;
248         }
249         return false;
250 }
251
252 static int neigh_forced_gc(struct neigh_table *tbl)
253 {
254         int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
255         unsigned long tref = jiffies - 5 * HZ;
256         struct neighbour *n, *tmp;
257         int shrunk = 0;
258
259         NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
260
261         write_lock_bh(&tbl->lock);
262
263         list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
264                 if (refcount_read(&n->refcnt) == 1) {
265                         bool remove = false;
266
267                         write_lock(&n->lock);
268                         if ((n->nud_state == NUD_FAILED) ||
269                             (n->nud_state == NUD_NOARP) ||
270                             (tbl->is_multicast &&
271                              tbl->is_multicast(n->primary_key)) ||
272                             time_after(tref, n->updated))
273                                 remove = true;
274                         write_unlock(&n->lock);
275
276                         if (remove && neigh_remove_one(n, tbl))
277                                 shrunk++;
278                         if (shrunk >= max_clean)
279                                 break;
280                 }
281         }
282
283         tbl->last_flush = jiffies;
284
285         write_unlock_bh(&tbl->lock);
286
287         return shrunk;
288 }
289
290 static void neigh_add_timer(struct neighbour *n, unsigned long when)
291 {
292         neigh_hold(n);
293         if (unlikely(mod_timer(&n->timer, when))) {
294                 printk("NEIGH: BUG, double timer add, state is %x\n",
295                        n->nud_state);
296                 dump_stack();
297         }
298 }
299
300 static int neigh_del_timer(struct neighbour *n)
301 {
302         if ((n->nud_state & NUD_IN_TIMER) &&
303             del_timer(&n->timer)) {
304                 neigh_release(n);
305                 return 1;
306         }
307         return 0;
308 }
309
310 static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
311                                                    int family)
312 {
313         switch (family) {
314         case AF_INET:
315                 return __in_dev_arp_parms_get_rcu(dev);
316         case AF_INET6:
317                 return __in6_dev_nd_parms_get_rcu(dev);
318         }
319         return NULL;
320 }
321
322 static void neigh_parms_qlen_dec(struct net_device *dev, int family)
323 {
324         struct neigh_parms *p;
325
326         rcu_read_lock();
327         p = neigh_get_dev_parms_rcu(dev, family);
328         if (p)
329                 p->qlen--;
330         rcu_read_unlock();
331 }
332
333 static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
334                                int family)
335 {
336         struct sk_buff_head tmp;
337         unsigned long flags;
338         struct sk_buff *skb;
339
340         skb_queue_head_init(&tmp);
341         spin_lock_irqsave(&list->lock, flags);
342         skb = skb_peek(list);
343         while (skb != NULL) {
344                 struct sk_buff *skb_next = skb_peek_next(skb, list);
345                 struct net_device *dev = skb->dev;
346
347                 if (net == NULL || net_eq(dev_net(dev), net)) {
348                         neigh_parms_qlen_dec(dev, family);
349                         __skb_unlink(skb, list);
350                         __skb_queue_tail(&tmp, skb);
351                 }
352                 skb = skb_next;
353         }
354         spin_unlock_irqrestore(&list->lock, flags);
355
356         while ((skb = __skb_dequeue(&tmp))) {
357                 dev_put(skb->dev);
358                 kfree_skb(skb);
359         }
360 }
361
362 static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
363                             bool skip_perm)
364 {
365         int i;
366         struct neigh_hash_table *nht;
367
368         nht = rcu_dereference_protected(tbl->nht,
369                                         lockdep_is_held(&tbl->lock));
370
371         for (i = 0; i < (1 << nht->hash_shift); i++) {
372                 struct neighbour *n;
373                 struct neighbour __rcu **np = &nht->hash_buckets[i];
374
375                 while ((n = rcu_dereference_protected(*np,
376                                         lockdep_is_held(&tbl->lock))) != NULL) {
377                         if (dev && n->dev != dev) {
378                                 np = &n->next;
379                                 continue;
380                         }
381                         if (skip_perm && n->nud_state & NUD_PERMANENT) {
382                                 np = &n->next;
383                                 continue;
384                         }
385                         rcu_assign_pointer(*np,
386                                    rcu_dereference_protected(n->next,
387                                                 lockdep_is_held(&tbl->lock)));
388                         write_lock(&n->lock);
389                         neigh_del_timer(n);
390                         neigh_mark_dead(n);
391                         if (refcount_read(&n->refcnt) != 1) {
392                                 /* The most unpleasant situation.
393                                    We must destroy neighbour entry,
394                                    but someone still uses it.
395
396                                    The destroy will be delayed until
397                                    the last user releases us, but
398                                    we must kill timers etc. and move
399                                    it to safe state.
400                                  */
401                                 __skb_queue_purge(&n->arp_queue);
402                                 n->arp_queue_len_bytes = 0;
403                                 n->output = neigh_blackhole;
404                                 if (n->nud_state & NUD_VALID)
405                                         n->nud_state = NUD_NOARP;
406                                 else
407                                         n->nud_state = NUD_NONE;
408                                 neigh_dbg(2, "neigh %p is stray\n", n);
409                         }
410                         write_unlock(&n->lock);
411                         neigh_cleanup_and_release(n);
412                 }
413         }
414 }
415
416 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
417 {
418         write_lock_bh(&tbl->lock);
419         neigh_flush_dev(tbl, dev, false);
420         write_unlock_bh(&tbl->lock);
421 }
422 EXPORT_SYMBOL(neigh_changeaddr);
423
424 static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
425                           bool skip_perm)
426 {
427         write_lock_bh(&tbl->lock);
428         neigh_flush_dev(tbl, dev, skip_perm);
429         pneigh_ifdown_and_unlock(tbl, dev);
430         pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL,
431                            tbl->family);
432         if (skb_queue_empty_lockless(&tbl->proxy_queue))
433                 del_timer_sync(&tbl->proxy_timer);
434         return 0;
435 }
436
437 int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
438 {
439         __neigh_ifdown(tbl, dev, true);
440         return 0;
441 }
442 EXPORT_SYMBOL(neigh_carrier_down);
443
444 int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
445 {
446         __neigh_ifdown(tbl, dev, false);
447         return 0;
448 }
449 EXPORT_SYMBOL(neigh_ifdown);
450
451 static struct neighbour *neigh_alloc(struct neigh_table *tbl,
452                                      struct net_device *dev,
453                                      u32 flags, bool exempt_from_gc)
454 {
455         struct neighbour *n = NULL;
456         unsigned long now = jiffies;
457         int entries;
458
459         if (exempt_from_gc)
460                 goto do_alloc;
461
462         entries = atomic_inc_return(&tbl->gc_entries) - 1;
463         if (entries >= tbl->gc_thresh3 ||
464             (entries >= tbl->gc_thresh2 &&
465              time_after(now, tbl->last_flush + 5 * HZ))) {
466                 if (!neigh_forced_gc(tbl) &&
467                     entries >= tbl->gc_thresh3) {
468                         net_info_ratelimited("%s: neighbor table overflow!\n",
469                                              tbl->id);
470                         NEIGH_CACHE_STAT_INC(tbl, table_fulls);
471                         goto out_entries;
472                 }
473         }
474
475 do_alloc:
476         n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
477         if (!n)
478                 goto out_entries;
479
480         __skb_queue_head_init(&n->arp_queue);
481         rwlock_init(&n->lock);
482         seqlock_init(&n->ha_lock);
483         n->updated        = n->used = now;
484         n->nud_state      = NUD_NONE;
485         n->output         = neigh_blackhole;
486         n->flags          = flags;
487         seqlock_init(&n->hh.hh_lock);
488         n->parms          = neigh_parms_clone(&tbl->parms);
489         timer_setup(&n->timer, neigh_timer_handler, 0);
490
491         NEIGH_CACHE_STAT_INC(tbl, allocs);
492         n->tbl            = tbl;
493         refcount_set(&n->refcnt, 1);
494         n->dead           = 1;
495         INIT_LIST_HEAD(&n->gc_list);
496         INIT_LIST_HEAD(&n->managed_list);
497
498         atomic_inc(&tbl->entries);
499 out:
500         return n;
501
502 out_entries:
503         if (!exempt_from_gc)
504                 atomic_dec(&tbl->gc_entries);
505         goto out;
506 }
507
508 static void neigh_get_hash_rnd(u32 *x)
509 {
510         *x = get_random_u32() | 1;
511 }
512
513 static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
514 {
515         size_t size = (1 << shift) * sizeof(struct neighbour *);
516         struct neigh_hash_table *ret;
517         struct neighbour __rcu **buckets;
518         int i;
519
520         ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
521         if (!ret)
522                 return NULL;
523         if (size <= PAGE_SIZE) {
524                 buckets = kzalloc(size, GFP_ATOMIC);
525         } else {
526                 buckets = (struct neighbour __rcu **)
527                           __get_free_pages(GFP_ATOMIC | __GFP_ZERO,
528                                            get_order(size));
529                 kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
530         }
531         if (!buckets) {
532                 kfree(ret);
533                 return NULL;
534         }
535         ret->hash_buckets = buckets;
536         ret->hash_shift = shift;
537         for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
538                 neigh_get_hash_rnd(&ret->hash_rnd[i]);
539         return ret;
540 }
541
542 static void neigh_hash_free_rcu(struct rcu_head *head)
543 {
544         struct neigh_hash_table *nht = container_of(head,
545                                                     struct neigh_hash_table,
546                                                     rcu);
547         size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
548         struct neighbour __rcu **buckets = nht->hash_buckets;
549
550         if (size <= PAGE_SIZE) {
551                 kfree(buckets);
552         } else {
553                 kmemleak_free(buckets);
554                 free_pages((unsigned long)buckets, get_order(size));
555         }
556         kfree(nht);
557 }
558
559 static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
560                                                 unsigned long new_shift)
561 {
562         unsigned int i, hash;
563         struct neigh_hash_table *new_nht, *old_nht;
564
565         NEIGH_CACHE_STAT_INC(tbl, hash_grows);
566
567         old_nht = rcu_dereference_protected(tbl->nht,
568                                             lockdep_is_held(&tbl->lock));
569         new_nht = neigh_hash_alloc(new_shift);
570         if (!new_nht)
571                 return old_nht;
572
573         for (i = 0; i < (1 << old_nht->hash_shift); i++) {
574                 struct neighbour *n, *next;
575
576                 for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
577                                                    lockdep_is_held(&tbl->lock));
578                      n != NULL;
579                      n = next) {
580                         hash = tbl->hash(n->primary_key, n->dev,
581                                          new_nht->hash_rnd);
582
583                         hash >>= (32 - new_nht->hash_shift);
584                         next = rcu_dereference_protected(n->next,
585                                                 lockdep_is_held(&tbl->lock));
586
587                         rcu_assign_pointer(n->next,
588                                            rcu_dereference_protected(
589                                                 new_nht->hash_buckets[hash],
590                                                 lockdep_is_held(&tbl->lock)));
591                         rcu_assign_pointer(new_nht->hash_buckets[hash], n);
592                 }
593         }
594
595         rcu_assign_pointer(tbl->nht, new_nht);
596         call_rcu(&old_nht->rcu, neigh_hash_free_rcu);
597         return new_nht;
598 }
599
600 struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
601                                struct net_device *dev)
602 {
603         struct neighbour *n;
604
605         NEIGH_CACHE_STAT_INC(tbl, lookups);
606
607         rcu_read_lock_bh();
608         n = __neigh_lookup_noref(tbl, pkey, dev);
609         if (n) {
610                 if (!refcount_inc_not_zero(&n->refcnt))
611                         n = NULL;
612                 NEIGH_CACHE_STAT_INC(tbl, hits);
613         }
614
615         rcu_read_unlock_bh();
616         return n;
617 }
618 EXPORT_SYMBOL(neigh_lookup);
619
620 struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
621                                      const void *pkey)
622 {
623         struct neighbour *n;
624         unsigned int key_len = tbl->key_len;
625         u32 hash_val;
626         struct neigh_hash_table *nht;
627
628         NEIGH_CACHE_STAT_INC(tbl, lookups);
629
630         rcu_read_lock_bh();
631         nht = rcu_dereference_bh(tbl->nht);
632         hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
633
634         for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
635              n != NULL;
636              n = rcu_dereference_bh(n->next)) {
637                 if (!memcmp(n->primary_key, pkey, key_len) &&
638                     net_eq(dev_net(n->dev), net)) {
639                         if (!refcount_inc_not_zero(&n->refcnt))
640                                 n = NULL;
641                         NEIGH_CACHE_STAT_INC(tbl, hits);
642                         break;
643                 }
644         }
645
646         rcu_read_unlock_bh();
647         return n;
648 }
649 EXPORT_SYMBOL(neigh_lookup_nodev);
650
651 static struct neighbour *
652 ___neigh_create(struct neigh_table *tbl, const void *pkey,
653                 struct net_device *dev, u32 flags,
654                 bool exempt_from_gc, bool want_ref)
655 {
656         u32 hash_val, key_len = tbl->key_len;
657         struct neighbour *n1, *rc, *n;
658         struct neigh_hash_table *nht;
659         int error;
660
661         n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
662         trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
663         if (!n) {
664                 rc = ERR_PTR(-ENOBUFS);
665                 goto out;
666         }
667
668         memcpy(n->primary_key, pkey, key_len);
669         n->dev = dev;
670         netdev_hold(dev, &n->dev_tracker, GFP_ATOMIC);
671
672         /* Protocol specific setup. */
673         if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
674                 rc = ERR_PTR(error);
675                 goto out_neigh_release;
676         }
677
678         if (dev->netdev_ops->ndo_neigh_construct) {
679                 error = dev->netdev_ops->ndo_neigh_construct(dev, n);
680                 if (error < 0) {
681                         rc = ERR_PTR(error);
682                         goto out_neigh_release;
683                 }
684         }
685
686         /* Device specific setup. */
687         if (n->parms->neigh_setup &&
688             (error = n->parms->neigh_setup(n)) < 0) {
689                 rc = ERR_PTR(error);
690                 goto out_neigh_release;
691         }
692
693         n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
694
695         write_lock_bh(&tbl->lock);
696         nht = rcu_dereference_protected(tbl->nht,
697                                         lockdep_is_held(&tbl->lock));
698
699         if (atomic_read(&tbl->entries) > (1 << nht->hash_shift))
700                 nht = neigh_hash_grow(tbl, nht->hash_shift + 1);
701
702         hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
703
704         if (n->parms->dead) {
705                 rc = ERR_PTR(-EINVAL);
706                 goto out_tbl_unlock;
707         }
708
709         for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
710                                             lockdep_is_held(&tbl->lock));
711              n1 != NULL;
712              n1 = rcu_dereference_protected(n1->next,
713                         lockdep_is_held(&tbl->lock))) {
714                 if (dev == n1->dev && !memcmp(n1->primary_key, n->primary_key, key_len)) {
715                         if (want_ref)
716                                 neigh_hold(n1);
717                         rc = n1;
718                         goto out_tbl_unlock;
719                 }
720         }
721
722         n->dead = 0;
723         if (!exempt_from_gc)
724                 list_add_tail(&n->gc_list, &n->tbl->gc_list);
725         if (n->flags & NTF_MANAGED)
726                 list_add_tail(&n->managed_list, &n->tbl->managed_list);
727         if (want_ref)
728                 neigh_hold(n);
729         rcu_assign_pointer(n->next,
730                            rcu_dereference_protected(nht->hash_buckets[hash_val],
731                                                      lockdep_is_held(&tbl->lock)));
732         rcu_assign_pointer(nht->hash_buckets[hash_val], n);
733         write_unlock_bh(&tbl->lock);
734         neigh_dbg(2, "neigh %p is created\n", n);
735         rc = n;
736 out:
737         return rc;
738 out_tbl_unlock:
739         write_unlock_bh(&tbl->lock);
740 out_neigh_release:
741         if (!exempt_from_gc)
742                 atomic_dec(&tbl->gc_entries);
743         neigh_release(n);
744         goto out;
745 }
746
747 struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
748                                  struct net_device *dev, bool want_ref)
749 {
750         return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
751 }
752 EXPORT_SYMBOL(__neigh_create);
753
754 static u32 pneigh_hash(const void *pkey, unsigned int key_len)
755 {
756         u32 hash_val = *(u32 *)(pkey + key_len - 4);
757         hash_val ^= (hash_val >> 16);
758         hash_val ^= hash_val >> 8;
759         hash_val ^= hash_val >> 4;
760         hash_val &= PNEIGH_HASHMASK;
761         return hash_val;
762 }
763
764 static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
765                                               struct net *net,
766                                               const void *pkey,
767                                               unsigned int key_len,
768                                               struct net_device *dev)
769 {
770         while (n) {
771                 if (!memcmp(n->key, pkey, key_len) &&
772                     net_eq(pneigh_net(n), net) &&
773                     (n->dev == dev || !n->dev))
774                         return n;
775                 n = n->next;
776         }
777         return NULL;
778 }
779
780 struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
781                 struct net *net, const void *pkey, struct net_device *dev)
782 {
783         unsigned int key_len = tbl->key_len;
784         u32 hash_val = pneigh_hash(pkey, key_len);
785
786         return __pneigh_lookup_1(tbl->phash_buckets[hash_val],
787                                  net, pkey, key_len, dev);
788 }
789 EXPORT_SYMBOL_GPL(__pneigh_lookup);
790
791 struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
792                                     struct net *net, const void *pkey,
793                                     struct net_device *dev, int creat)
794 {
795         struct pneigh_entry *n;
796         unsigned int key_len = tbl->key_len;
797         u32 hash_val = pneigh_hash(pkey, key_len);
798
799         read_lock_bh(&tbl->lock);
800         n = __pneigh_lookup_1(tbl->phash_buckets[hash_val],
801                               net, pkey, key_len, dev);
802         read_unlock_bh(&tbl->lock);
803
804         if (n || !creat)
805                 goto out;
806
807         ASSERT_RTNL();
808
809         n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
810         if (!n)
811                 goto out;
812
813         write_pnet(&n->net, net);
814         memcpy(n->key, pkey, key_len);
815         n->dev = dev;
816         netdev_hold(dev, &n->dev_tracker, GFP_KERNEL);
817
818         if (tbl->pconstructor && tbl->pconstructor(n)) {
819                 netdev_put(dev, &n->dev_tracker);
820                 kfree(n);
821                 n = NULL;
822                 goto out;
823         }
824
825         write_lock_bh(&tbl->lock);
826         n->next = tbl->phash_buckets[hash_val];
827         tbl->phash_buckets[hash_val] = n;
828         write_unlock_bh(&tbl->lock);
829 out:
830         return n;
831 }
832 EXPORT_SYMBOL(pneigh_lookup);
833
834
835 int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
836                   struct net_device *dev)
837 {
838         struct pneigh_entry *n, **np;
839         unsigned int key_len = tbl->key_len;
840         u32 hash_val = pneigh_hash(pkey, key_len);
841
842         write_lock_bh(&tbl->lock);
843         for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
844              np = &n->next) {
845                 if (!memcmp(n->key, pkey, key_len) && n->dev == dev &&
846                     net_eq(pneigh_net(n), net)) {
847                         *np = n->next;
848                         write_unlock_bh(&tbl->lock);
849                         if (tbl->pdestructor)
850                                 tbl->pdestructor(n);
851                         netdev_put(n->dev, &n->dev_tracker);
852                         kfree(n);
853                         return 0;
854                 }
855         }
856         write_unlock_bh(&tbl->lock);
857         return -ENOENT;
858 }
859
860 static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
861                                     struct net_device *dev)
862 {
863         struct pneigh_entry *n, **np, *freelist = NULL;
864         u32 h;
865
866         for (h = 0; h <= PNEIGH_HASHMASK; h++) {
867                 np = &tbl->phash_buckets[h];
868                 while ((n = *np) != NULL) {
869                         if (!dev || n->dev == dev) {
870                                 *np = n->next;
871                                 n->next = freelist;
872                                 freelist = n;
873                                 continue;
874                         }
875                         np = &n->next;
876                 }
877         }
878         write_unlock_bh(&tbl->lock);
879         while ((n = freelist)) {
880                 freelist = n->next;
881                 n->next = NULL;
882                 if (tbl->pdestructor)
883                         tbl->pdestructor(n);
884                 netdev_put(n->dev, &n->dev_tracker);
885                 kfree(n);
886         }
887         return -ENOENT;
888 }
889
890 static void neigh_parms_destroy(struct neigh_parms *parms);
891
892 static inline void neigh_parms_put(struct neigh_parms *parms)
893 {
894         if (refcount_dec_and_test(&parms->refcnt))
895                 neigh_parms_destroy(parms);
896 }
897
898 /*
899  *      neighbour must already be out of the table;
900  *
901  */
902 void neigh_destroy(struct neighbour *neigh)
903 {
904         struct net_device *dev = neigh->dev;
905
906         NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
907
908         if (!neigh->dead) {
909                 pr_warn("Destroying alive neighbour %p\n", neigh);
910                 dump_stack();
911                 return;
912         }
913
914         if (neigh_del_timer(neigh))
915                 pr_warn("Impossible event\n");
916
917         write_lock_bh(&neigh->lock);
918         __skb_queue_purge(&neigh->arp_queue);
919         write_unlock_bh(&neigh->lock);
920         neigh->arp_queue_len_bytes = 0;
921
922         if (dev->netdev_ops->ndo_neigh_destroy)
923                 dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
924
925         netdev_put(dev, &neigh->dev_tracker);
926         neigh_parms_put(neigh->parms);
927
928         neigh_dbg(2, "neigh %p is destroyed\n", neigh);
929
930         atomic_dec(&neigh->tbl->entries);
931         kfree_rcu(neigh, rcu);
932 }
933 EXPORT_SYMBOL(neigh_destroy);
934
935 /* Neighbour state is suspicious;
936    disable fast path.
937
938    Called with write_locked neigh.
939  */
940 static void neigh_suspect(struct neighbour *neigh)
941 {
942         neigh_dbg(2, "neigh %p is suspected\n", neigh);
943
944         neigh->output = neigh->ops->output;
945 }
946
947 /* Neighbour state is OK;
948    enable fast path.
949
950    Called with write_locked neigh.
951  */
952 static void neigh_connect(struct neighbour *neigh)
953 {
954         neigh_dbg(2, "neigh %p is connected\n", neigh);
955
956         neigh->output = neigh->ops->connected_output;
957 }
958
959 static void neigh_periodic_work(struct work_struct *work)
960 {
961         struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
962         struct neighbour *n;
963         struct neighbour __rcu **np;
964         unsigned int i;
965         struct neigh_hash_table *nht;
966
967         NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
968
969         write_lock_bh(&tbl->lock);
970         nht = rcu_dereference_protected(tbl->nht,
971                                         lockdep_is_held(&tbl->lock));
972
973         /*
974          *      periodically recompute ReachableTime from random function
975          */
976
977         if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
978                 struct neigh_parms *p;
979                 tbl->last_rand = jiffies;
980                 list_for_each_entry(p, &tbl->parms_list, list)
981                         p->reachable_time =
982                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
983         }
984
985         if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
986                 goto out;
987
988         for (i = 0 ; i < (1 << nht->hash_shift); i++) {
989                 np = &nht->hash_buckets[i];
990
991                 while ((n = rcu_dereference_protected(*np,
992                                 lockdep_is_held(&tbl->lock))) != NULL) {
993                         unsigned int state;
994
995                         write_lock(&n->lock);
996
997                         state = n->nud_state;
998                         if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
999                             (n->flags & NTF_EXT_LEARNED)) {
1000                                 write_unlock(&n->lock);
1001                                 goto next_elt;
1002                         }
1003
1004                         if (time_before(n->used, n->confirmed))
1005                                 n->used = n->confirmed;
1006
1007                         if (refcount_read(&n->refcnt) == 1 &&
1008                             (state == NUD_FAILED ||
1009                              time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
1010                                 *np = n->next;
1011                                 neigh_mark_dead(n);
1012                                 write_unlock(&n->lock);
1013                                 neigh_cleanup_and_release(n);
1014                                 continue;
1015                         }
1016                         write_unlock(&n->lock);
1017
1018 next_elt:
1019                         np = &n->next;
1020                 }
1021                 /*
1022                  * It's fine to release lock here, even if hash table
1023                  * grows while we are preempted.
1024                  */
1025                 write_unlock_bh(&tbl->lock);
1026                 cond_resched();
1027                 write_lock_bh(&tbl->lock);
1028                 nht = rcu_dereference_protected(tbl->nht,
1029                                                 lockdep_is_held(&tbl->lock));
1030         }
1031 out:
1032         /* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1033          * ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1034          * BASE_REACHABLE_TIME.
1035          */
1036         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1037                               NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1038         write_unlock_bh(&tbl->lock);
1039 }
1040
1041 static __inline__ int neigh_max_probes(struct neighbour *n)
1042 {
1043         struct neigh_parms *p = n->parms;
1044         return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1045                (n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1046                 NEIGH_VAR(p, MCAST_PROBES));
1047 }
1048
1049 static void neigh_invalidate(struct neighbour *neigh)
1050         __releases(neigh->lock)
1051         __acquires(neigh->lock)
1052 {
1053         struct sk_buff *skb;
1054
1055         NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1056         neigh_dbg(2, "neigh %p is failed\n", neigh);
1057         neigh->updated = jiffies;
1058
1059         /* It is very thin place. report_unreachable is very complicated
1060            routine. Particularly, it can hit the same neighbour entry!
1061
1062            So that, we try to be accurate and avoid dead loop. --ANK
1063          */
1064         while (neigh->nud_state == NUD_FAILED &&
1065                (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1066                 write_unlock(&neigh->lock);
1067                 neigh->ops->error_report(neigh, skb);
1068                 write_lock(&neigh->lock);
1069         }
1070         __skb_queue_purge(&neigh->arp_queue);
1071         neigh->arp_queue_len_bytes = 0;
1072 }
1073
1074 static void neigh_probe(struct neighbour *neigh)
1075         __releases(neigh->lock)
1076 {
1077         struct sk_buff *skb = skb_peek_tail(&neigh->arp_queue);
1078         /* keep skb alive even if arp_queue overflows */
1079         if (skb)
1080                 skb = skb_clone(skb, GFP_ATOMIC);
1081         write_unlock(&neigh->lock);
1082         if (neigh->ops->solicit)
1083                 neigh->ops->solicit(neigh, skb);
1084         atomic_inc(&neigh->probes);
1085         consume_skb(skb);
1086 }
1087
1088 /* Called when a timer expires for a neighbour entry. */
1089
1090 static void neigh_timer_handler(struct timer_list *t)
1091 {
1092         unsigned long now, next;
1093         struct neighbour *neigh = from_timer(neigh, t, timer);
1094         unsigned int state;
1095         int notify = 0;
1096
1097         write_lock(&neigh->lock);
1098
1099         state = neigh->nud_state;
1100         now = jiffies;
1101         next = now + HZ;
1102
1103         if (!(state & NUD_IN_TIMER))
1104                 goto out;
1105
1106         if (state & NUD_REACHABLE) {
1107                 if (time_before_eq(now,
1108                                    neigh->confirmed + neigh->parms->reachable_time)) {
1109                         neigh_dbg(2, "neigh %p is still alive\n", neigh);
1110                         next = neigh->confirmed + neigh->parms->reachable_time;
1111                 } else if (time_before_eq(now,
1112                                           neigh->used +
1113                                           NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1114                         neigh_dbg(2, "neigh %p is delayed\n", neigh);
1115                         neigh->nud_state = NUD_DELAY;
1116                         neigh->updated = jiffies;
1117                         neigh_suspect(neigh);
1118                         next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1119                 } else {
1120                         neigh_dbg(2, "neigh %p is suspected\n", neigh);
1121                         neigh->nud_state = NUD_STALE;
1122                         neigh->updated = jiffies;
1123                         neigh_suspect(neigh);
1124                         notify = 1;
1125                 }
1126         } else if (state & NUD_DELAY) {
1127                 if (time_before_eq(now,
1128                                    neigh->confirmed +
1129                                    NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1130                         neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1131                         neigh->nud_state = NUD_REACHABLE;
1132                         neigh->updated = jiffies;
1133                         neigh_connect(neigh);
1134                         notify = 1;
1135                         next = neigh->confirmed + neigh->parms->reachable_time;
1136                 } else {
1137                         neigh_dbg(2, "neigh %p is probed\n", neigh);
1138                         neigh->nud_state = NUD_PROBE;
1139                         neigh->updated = jiffies;
1140                         atomic_set(&neigh->probes, 0);
1141                         notify = 1;
1142                         next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1143                                          HZ/100);
1144                 }
1145         } else {
1146                 /* NUD_PROBE|NUD_INCOMPLETE */
1147                 next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1148         }
1149
1150         if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1151             atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
1152                 neigh->nud_state = NUD_FAILED;
1153                 notify = 1;
1154                 neigh_invalidate(neigh);
1155                 goto out;
1156         }
1157
1158         if (neigh->nud_state & NUD_IN_TIMER) {
1159                 if (time_before(next, jiffies + HZ/100))
1160                         next = jiffies + HZ/100;
1161                 if (!mod_timer(&neigh->timer, next))
1162                         neigh_hold(neigh);
1163         }
1164         if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1165                 neigh_probe(neigh);
1166         } else {
1167 out:
1168                 write_unlock(&neigh->lock);
1169         }
1170
1171         if (notify)
1172                 neigh_update_notify(neigh, 0);
1173
1174         trace_neigh_timer_handler(neigh, 0);
1175
1176         neigh_release(neigh);
1177 }
1178
1179 int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1180                        const bool immediate_ok)
1181 {
1182         int rc;
1183         bool immediate_probe = false;
1184
1185         write_lock_bh(&neigh->lock);
1186
1187         rc = 0;
1188         if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1189                 goto out_unlock_bh;
1190         if (neigh->dead)
1191                 goto out_dead;
1192
1193         if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1194                 if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1195                     NEIGH_VAR(neigh->parms, APP_PROBES)) {
1196                         unsigned long next, now = jiffies;
1197
1198                         atomic_set(&neigh->probes,
1199                                    NEIGH_VAR(neigh->parms, UCAST_PROBES));
1200                         neigh_del_timer(neigh);
1201                         neigh->nud_state = NUD_INCOMPLETE;
1202                         neigh->updated = now;
1203                         if (!immediate_ok) {
1204                                 next = now + 1;
1205                         } else {
1206                                 immediate_probe = true;
1207                                 next = now + max(NEIGH_VAR(neigh->parms,
1208                                                            RETRANS_TIME),
1209                                                  HZ / 100);
1210                         }
1211                         neigh_add_timer(neigh, next);
1212                 } else {
1213                         neigh->nud_state = NUD_FAILED;
1214                         neigh->updated = jiffies;
1215                         write_unlock_bh(&neigh->lock);
1216
1217                         kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_FAILED);
1218                         return 1;
1219                 }
1220         } else if (neigh->nud_state & NUD_STALE) {
1221                 neigh_dbg(2, "neigh %p is delayed\n", neigh);
1222                 neigh_del_timer(neigh);
1223                 neigh->nud_state = NUD_DELAY;
1224                 neigh->updated = jiffies;
1225                 neigh_add_timer(neigh, jiffies +
1226                                 NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1227         }
1228
1229         if (neigh->nud_state == NUD_INCOMPLETE) {
1230                 if (skb) {
1231                         while (neigh->arp_queue_len_bytes + skb->truesize >
1232                                NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1233                                 struct sk_buff *buff;
1234
1235                                 buff = __skb_dequeue(&neigh->arp_queue);
1236                                 if (!buff)
1237                                         break;
1238                                 neigh->arp_queue_len_bytes -= buff->truesize;
1239                                 kfree_skb_reason(buff, SKB_DROP_REASON_NEIGH_QUEUEFULL);
1240                                 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1241                         }
1242                         skb_dst_force(skb);
1243                         __skb_queue_tail(&neigh->arp_queue, skb);
1244                         neigh->arp_queue_len_bytes += skb->truesize;
1245                 }
1246                 rc = 1;
1247         }
1248 out_unlock_bh:
1249         if (immediate_probe)
1250                 neigh_probe(neigh);
1251         else
1252                 write_unlock(&neigh->lock);
1253         local_bh_enable();
1254         trace_neigh_event_send_done(neigh, rc);
1255         return rc;
1256
1257 out_dead:
1258         if (neigh->nud_state & NUD_STALE)
1259                 goto out_unlock_bh;
1260         write_unlock_bh(&neigh->lock);
1261         kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_DEAD);
1262         trace_neigh_event_send_dead(neigh, 1);
1263         return 1;
1264 }
1265 EXPORT_SYMBOL(__neigh_event_send);
1266
1267 static void neigh_update_hhs(struct neighbour *neigh)
1268 {
1269         struct hh_cache *hh;
1270         void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1271                 = NULL;
1272
1273         if (neigh->dev->header_ops)
1274                 update = neigh->dev->header_ops->cache_update;
1275
1276         if (update) {
1277                 hh = &neigh->hh;
1278                 if (READ_ONCE(hh->hh_len)) {
1279                         write_seqlock_bh(&hh->hh_lock);
1280                         update(hh, neigh->dev, neigh->ha);
1281                         write_sequnlock_bh(&hh->hh_lock);
1282                 }
1283         }
1284 }
1285
1286 /* Generic update routine.
1287    -- lladdr is new lladdr or NULL, if it is not supplied.
1288    -- new    is new state.
1289    -- flags
1290         NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1291                                 if it is different.
1292         NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1293                                 lladdr instead of overriding it
1294                                 if it is different.
1295         NEIGH_UPDATE_F_ADMIN    means that the change is administrative.
1296         NEIGH_UPDATE_F_USE      means that the entry is user triggered.
1297         NEIGH_UPDATE_F_MANAGED  means that the entry will be auto-refreshed.
1298         NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1299                                 NTF_ROUTER flag.
1300         NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1301                                 a router.
1302
1303    Caller MUST hold reference count on the entry.
1304  */
1305 static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1306                           u8 new, u32 flags, u32 nlmsg_pid,
1307                           struct netlink_ext_ack *extack)
1308 {
1309         bool gc_update = false, managed_update = false;
1310         int update_isrouter = 0;
1311         struct net_device *dev;
1312         int err, notify = 0;
1313         u8 old;
1314
1315         trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1316
1317         write_lock_bh(&neigh->lock);
1318
1319         dev    = neigh->dev;
1320         old    = neigh->nud_state;
1321         err    = -EPERM;
1322
1323         if (neigh->dead) {
1324                 NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1325                 new = old;
1326                 goto out;
1327         }
1328         if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1329             (old & (NUD_NOARP | NUD_PERMANENT)))
1330                 goto out;
1331
1332         neigh_update_flags(neigh, flags, &notify, &gc_update, &managed_update);
1333         if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1334                 new = old & ~NUD_PERMANENT;
1335                 neigh->nud_state = new;
1336                 err = 0;
1337                 goto out;
1338         }
1339
1340         if (!(new & NUD_VALID)) {
1341                 neigh_del_timer(neigh);
1342                 if (old & NUD_CONNECTED)
1343                         neigh_suspect(neigh);
1344                 neigh->nud_state = new;
1345                 err = 0;
1346                 notify = old & NUD_VALID;
1347                 if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1348                     (new & NUD_FAILED)) {
1349                         neigh_invalidate(neigh);
1350                         notify = 1;
1351                 }
1352                 goto out;
1353         }
1354
1355         /* Compare new lladdr with cached one */
1356         if (!dev->addr_len) {
1357                 /* First case: device needs no address. */
1358                 lladdr = neigh->ha;
1359         } else if (lladdr) {
1360                 /* The second case: if something is already cached
1361                    and a new address is proposed:
1362                    - compare new & old
1363                    - if they are different, check override flag
1364                  */
1365                 if ((old & NUD_VALID) &&
1366                     !memcmp(lladdr, neigh->ha, dev->addr_len))
1367                         lladdr = neigh->ha;
1368         } else {
1369                 /* No address is supplied; if we know something,
1370                    use it, otherwise discard the request.
1371                  */
1372                 err = -EINVAL;
1373                 if (!(old & NUD_VALID)) {
1374                         NL_SET_ERR_MSG(extack, "No link layer address given");
1375                         goto out;
1376                 }
1377                 lladdr = neigh->ha;
1378         }
1379
1380         /* Update confirmed timestamp for neighbour entry after we
1381          * received ARP packet even if it doesn't change IP to MAC binding.
1382          */
1383         if (new & NUD_CONNECTED)
1384                 neigh->confirmed = jiffies;
1385
1386         /* If entry was valid and address is not changed,
1387            do not change entry state, if new one is STALE.
1388          */
1389         err = 0;
1390         update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1391         if (old & NUD_VALID) {
1392                 if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1393                         update_isrouter = 0;
1394                         if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1395                             (old & NUD_CONNECTED)) {
1396                                 lladdr = neigh->ha;
1397                                 new = NUD_STALE;
1398                         } else
1399                                 goto out;
1400                 } else {
1401                         if (lladdr == neigh->ha && new == NUD_STALE &&
1402                             !(flags & NEIGH_UPDATE_F_ADMIN))
1403                                 new = old;
1404                 }
1405         }
1406
1407         /* Update timestamp only once we know we will make a change to the
1408          * neighbour entry. Otherwise we risk to move the locktime window with
1409          * noop updates and ignore relevant ARP updates.
1410          */
1411         if (new != old || lladdr != neigh->ha)
1412                 neigh->updated = jiffies;
1413
1414         if (new != old) {
1415                 neigh_del_timer(neigh);
1416                 if (new & NUD_PROBE)
1417                         atomic_set(&neigh->probes, 0);
1418                 if (new & NUD_IN_TIMER)
1419                         neigh_add_timer(neigh, (jiffies +
1420                                                 ((new & NUD_REACHABLE) ?
1421                                                  neigh->parms->reachable_time :
1422                                                  0)));
1423                 neigh->nud_state = new;
1424                 notify = 1;
1425         }
1426
1427         if (lladdr != neigh->ha) {
1428                 write_seqlock(&neigh->ha_lock);
1429                 memcpy(&neigh->ha, lladdr, dev->addr_len);
1430                 write_sequnlock(&neigh->ha_lock);
1431                 neigh_update_hhs(neigh);
1432                 if (!(new & NUD_CONNECTED))
1433                         neigh->confirmed = jiffies -
1434                                       (NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1435                 notify = 1;
1436         }
1437         if (new == old)
1438                 goto out;
1439         if (new & NUD_CONNECTED)
1440                 neigh_connect(neigh);
1441         else
1442                 neigh_suspect(neigh);
1443         if (!(old & NUD_VALID)) {
1444                 struct sk_buff *skb;
1445
1446                 /* Again: avoid dead loop if something went wrong */
1447
1448                 while (neigh->nud_state & NUD_VALID &&
1449                        (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
1450                         struct dst_entry *dst = skb_dst(skb);
1451                         struct neighbour *n2, *n1 = neigh;
1452                         write_unlock_bh(&neigh->lock);
1453
1454                         rcu_read_lock();
1455
1456                         /* Why not just use 'neigh' as-is?  The problem is that
1457                          * things such as shaper, eql, and sch_teql can end up
1458                          * using alternative, different, neigh objects to output
1459                          * the packet in the output path.  So what we need to do
1460                          * here is re-lookup the top-level neigh in the path so
1461                          * we can reinject the packet there.
1462                          */
1463                         n2 = NULL;
1464                         if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1465                                 n2 = dst_neigh_lookup_skb(dst, skb);
1466                                 if (n2)
1467                                         n1 = n2;
1468                         }
1469                         n1->output(n1, skb);
1470                         if (n2)
1471                                 neigh_release(n2);
1472                         rcu_read_unlock();
1473
1474                         write_lock_bh(&neigh->lock);
1475                 }
1476                 __skb_queue_purge(&neigh->arp_queue);
1477                 neigh->arp_queue_len_bytes = 0;
1478         }
1479 out:
1480         if (update_isrouter)
1481                 neigh_update_is_router(neigh, flags, &notify);
1482         write_unlock_bh(&neigh->lock);
1483         if (((new ^ old) & NUD_PERMANENT) || gc_update)
1484                 neigh_update_gc_list(neigh);
1485         if (managed_update)
1486                 neigh_update_managed_list(neigh);
1487         if (notify)
1488                 neigh_update_notify(neigh, nlmsg_pid);
1489         trace_neigh_update_done(neigh, err);
1490         return err;
1491 }
1492
1493 int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1494                  u32 flags, u32 nlmsg_pid)
1495 {
1496         return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1497 }
1498 EXPORT_SYMBOL(neigh_update);
1499
1500 /* Update the neigh to listen temporarily for probe responses, even if it is
1501  * in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1502  */
1503 void __neigh_set_probe_once(struct neighbour *neigh)
1504 {
1505         if (neigh->dead)
1506                 return;
1507         neigh->updated = jiffies;
1508         if (!(neigh->nud_state & NUD_FAILED))
1509                 return;
1510         neigh->nud_state = NUD_INCOMPLETE;
1511         atomic_set(&neigh->probes, neigh_max_probes(neigh));
1512         neigh_add_timer(neigh,
1513                         jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1514                                       HZ/100));
1515 }
1516 EXPORT_SYMBOL(__neigh_set_probe_once);
1517
1518 struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1519                                  u8 *lladdr, void *saddr,
1520                                  struct net_device *dev)
1521 {
1522         struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
1523                                                  lladdr || !dev->addr_len);
1524         if (neigh)
1525                 neigh_update(neigh, lladdr, NUD_STALE,
1526                              NEIGH_UPDATE_F_OVERRIDE, 0);
1527         return neigh;
1528 }
1529 EXPORT_SYMBOL(neigh_event_ns);
1530
1531 /* called with read_lock_bh(&n->lock); */
1532 static void neigh_hh_init(struct neighbour *n)
1533 {
1534         struct net_device *dev = n->dev;
1535         __be16 prot = n->tbl->protocol;
1536         struct hh_cache *hh = &n->hh;
1537
1538         write_lock_bh(&n->lock);
1539
1540         /* Only one thread can come in here and initialize the
1541          * hh_cache entry.
1542          */
1543         if (!hh->hh_len)
1544                 dev->header_ops->cache(n, hh, prot);
1545
1546         write_unlock_bh(&n->lock);
1547 }
1548
1549 /* Slow and careful. */
1550
1551 int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1552 {
1553         int rc = 0;
1554
1555         if (!neigh_event_send(neigh, skb)) {
1556                 int err;
1557                 struct net_device *dev = neigh->dev;
1558                 unsigned int seq;
1559
1560                 if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1561                         neigh_hh_init(neigh);
1562
1563                 do {
1564                         __skb_pull(skb, skb_network_offset(skb));
1565                         seq = read_seqbegin(&neigh->ha_lock);
1566                         err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1567                                               neigh->ha, NULL, skb->len);
1568                 } while (read_seqretry(&neigh->ha_lock, seq));
1569
1570                 if (err >= 0)
1571                         rc = dev_queue_xmit(skb);
1572                 else
1573                         goto out_kfree_skb;
1574         }
1575 out:
1576         return rc;
1577 out_kfree_skb:
1578         rc = -EINVAL;
1579         kfree_skb(skb);
1580         goto out;
1581 }
1582 EXPORT_SYMBOL(neigh_resolve_output);
1583
1584 /* As fast as possible without hh cache */
1585
1586 int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1587 {
1588         struct net_device *dev = neigh->dev;
1589         unsigned int seq;
1590         int err;
1591
1592         do {
1593                 __skb_pull(skb, skb_network_offset(skb));
1594                 seq = read_seqbegin(&neigh->ha_lock);
1595                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1596                                       neigh->ha, NULL, skb->len);
1597         } while (read_seqretry(&neigh->ha_lock, seq));
1598
1599         if (err >= 0)
1600                 err = dev_queue_xmit(skb);
1601         else {
1602                 err = -EINVAL;
1603                 kfree_skb(skb);
1604         }
1605         return err;
1606 }
1607 EXPORT_SYMBOL(neigh_connected_output);
1608
1609 int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1610 {
1611         return dev_queue_xmit(skb);
1612 }
1613 EXPORT_SYMBOL(neigh_direct_output);
1614
1615 static void neigh_managed_work(struct work_struct *work)
1616 {
1617         struct neigh_table *tbl = container_of(work, struct neigh_table,
1618                                                managed_work.work);
1619         struct neighbour *neigh;
1620
1621         write_lock_bh(&tbl->lock);
1622         list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1623                 neigh_event_send_probe(neigh, NULL, false);
1624         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
1625                            NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1626         write_unlock_bh(&tbl->lock);
1627 }
1628
1629 static void neigh_proxy_process(struct timer_list *t)
1630 {
1631         struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1632         long sched_next = 0;
1633         unsigned long now = jiffies;
1634         struct sk_buff *skb, *n;
1635
1636         spin_lock(&tbl->proxy_queue.lock);
1637
1638         skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1639                 long tdif = NEIGH_CB(skb)->sched_next - now;
1640
1641                 if (tdif <= 0) {
1642                         struct net_device *dev = skb->dev;
1643
1644                         neigh_parms_qlen_dec(dev, tbl->family);
1645                         __skb_unlink(skb, &tbl->proxy_queue);
1646
1647                         if (tbl->proxy_redo && netif_running(dev)) {
1648                                 rcu_read_lock();
1649                                 tbl->proxy_redo(skb);
1650                                 rcu_read_unlock();
1651                         } else {
1652                                 kfree_skb(skb);
1653                         }
1654
1655                         dev_put(dev);
1656                 } else if (!sched_next || tdif < sched_next)
1657                         sched_next = tdif;
1658         }
1659         del_timer(&tbl->proxy_timer);
1660         if (sched_next)
1661                 mod_timer(&tbl->proxy_timer, jiffies + sched_next);
1662         spin_unlock(&tbl->proxy_queue.lock);
1663 }
1664
1665 void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1666                     struct sk_buff *skb)
1667 {
1668         unsigned long sched_next = jiffies +
1669                         prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY));
1670
1671         if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1672                 kfree_skb(skb);
1673                 return;
1674         }
1675
1676         NEIGH_CB(skb)->sched_next = sched_next;
1677         NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1678
1679         spin_lock(&tbl->proxy_queue.lock);
1680         if (del_timer(&tbl->proxy_timer)) {
1681                 if (time_before(tbl->proxy_timer.expires, sched_next))
1682                         sched_next = tbl->proxy_timer.expires;
1683         }
1684         skb_dst_drop(skb);
1685         dev_hold(skb->dev);
1686         __skb_queue_tail(&tbl->proxy_queue, skb);
1687         p->qlen++;
1688         mod_timer(&tbl->proxy_timer, sched_next);
1689         spin_unlock(&tbl->proxy_queue.lock);
1690 }
1691 EXPORT_SYMBOL(pneigh_enqueue);
1692
1693 static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1694                                                       struct net *net, int ifindex)
1695 {
1696         struct neigh_parms *p;
1697
1698         list_for_each_entry(p, &tbl->parms_list, list) {
1699                 if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) ||
1700                     (!p->dev && !ifindex && net_eq(net, &init_net)))
1701                         return p;
1702         }
1703
1704         return NULL;
1705 }
1706
1707 struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1708                                       struct neigh_table *tbl)
1709 {
1710         struct neigh_parms *p;
1711         struct net *net = dev_net(dev);
1712         const struct net_device_ops *ops = dev->netdev_ops;
1713
1714         p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1715         if (p) {
1716                 p->tbl            = tbl;
1717                 refcount_set(&p->refcnt, 1);
1718                 p->reachable_time =
1719                                 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1720                 p->qlen = 0;
1721                 netdev_hold(dev, &p->dev_tracker, GFP_KERNEL);
1722                 p->dev = dev;
1723                 write_pnet(&p->net, net);
1724                 p->sysctl_table = NULL;
1725
1726                 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1727                         netdev_put(dev, &p->dev_tracker);
1728                         kfree(p);
1729                         return NULL;
1730                 }
1731
1732                 write_lock_bh(&tbl->lock);
1733                 list_add(&p->list, &tbl->parms.list);
1734                 write_unlock_bh(&tbl->lock);
1735
1736                 neigh_parms_data_state_cleanall(p);
1737         }
1738         return p;
1739 }
1740 EXPORT_SYMBOL(neigh_parms_alloc);
1741
1742 static void neigh_rcu_free_parms(struct rcu_head *head)
1743 {
1744         struct neigh_parms *parms =
1745                 container_of(head, struct neigh_parms, rcu_head);
1746
1747         neigh_parms_put(parms);
1748 }
1749
1750 void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1751 {
1752         if (!parms || parms == &tbl->parms)
1753                 return;
1754         write_lock_bh(&tbl->lock);
1755         list_del(&parms->list);
1756         parms->dead = 1;
1757         write_unlock_bh(&tbl->lock);
1758         netdev_put(parms->dev, &parms->dev_tracker);
1759         call_rcu(&parms->rcu_head, neigh_rcu_free_parms);
1760 }
1761 EXPORT_SYMBOL(neigh_parms_release);
1762
1763 static void neigh_parms_destroy(struct neigh_parms *parms)
1764 {
1765         kfree(parms);
1766 }
1767
1768 static struct lock_class_key neigh_table_proxy_queue_class;
1769
1770 static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1771
1772 void neigh_table_init(int index, struct neigh_table *tbl)
1773 {
1774         unsigned long now = jiffies;
1775         unsigned long phsize;
1776
1777         INIT_LIST_HEAD(&tbl->parms_list);
1778         INIT_LIST_HEAD(&tbl->gc_list);
1779         INIT_LIST_HEAD(&tbl->managed_list);
1780
1781         list_add(&tbl->parms.list, &tbl->parms_list);
1782         write_pnet(&tbl->parms.net, &init_net);
1783         refcount_set(&tbl->parms.refcnt, 1);
1784         tbl->parms.reachable_time =
1785                           neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1786         tbl->parms.qlen = 0;
1787
1788         tbl->stats = alloc_percpu(struct neigh_statistics);
1789         if (!tbl->stats)
1790                 panic("cannot create neighbour cache statistics");
1791
1792 #ifdef CONFIG_PROC_FS
1793         if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1794                               &neigh_stat_seq_ops, tbl))
1795                 panic("cannot create neighbour proc dir entry");
1796 #endif
1797
1798         RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1799
1800         phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1801         tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1802
1803         if (!tbl->nht || !tbl->phash_buckets)
1804                 panic("cannot allocate neighbour cache hashes");
1805
1806         if (!tbl->entry_size)
1807                 tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1808                                         tbl->key_len, NEIGH_PRIV_ALIGN);
1809         else
1810                 WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1811
1812         rwlock_init(&tbl->lock);
1813
1814         INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1815         queue_delayed_work(system_power_efficient_wq, &tbl->gc_work,
1816                         tbl->parms.reachable_time);
1817         INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1818         queue_delayed_work(system_power_efficient_wq, &tbl->managed_work, 0);
1819
1820         timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1821         skb_queue_head_init_class(&tbl->proxy_queue,
1822                         &neigh_table_proxy_queue_class);
1823
1824         tbl->last_flush = now;
1825         tbl->last_rand  = now + tbl->parms.reachable_time * 20;
1826
1827         neigh_tables[index] = tbl;
1828 }
1829 EXPORT_SYMBOL(neigh_table_init);
1830
1831 int neigh_table_clear(int index, struct neigh_table *tbl)
1832 {
1833         neigh_tables[index] = NULL;
1834         /* It is not clean... Fix it to unload IPv6 module safely */
1835         cancel_delayed_work_sync(&tbl->managed_work);
1836         cancel_delayed_work_sync(&tbl->gc_work);
1837         del_timer_sync(&tbl->proxy_timer);
1838         pneigh_queue_purge(&tbl->proxy_queue, NULL, tbl->family);
1839         neigh_ifdown(tbl, NULL);
1840         if (atomic_read(&tbl->entries))
1841                 pr_crit("neighbour leakage\n");
1842
1843         call_rcu(&rcu_dereference_protected(tbl->nht, 1)->rcu,
1844                  neigh_hash_free_rcu);
1845         tbl->nht = NULL;
1846
1847         kfree(tbl->phash_buckets);
1848         tbl->phash_buckets = NULL;
1849
1850         remove_proc_entry(tbl->id, init_net.proc_net_stat);
1851
1852         free_percpu(tbl->stats);
1853         tbl->stats = NULL;
1854
1855         return 0;
1856 }
1857 EXPORT_SYMBOL(neigh_table_clear);
1858
1859 static struct neigh_table *neigh_find_table(int family)
1860 {
1861         struct neigh_table *tbl = NULL;
1862
1863         switch (family) {
1864         case AF_INET:
1865                 tbl = neigh_tables[NEIGH_ARP_TABLE];
1866                 break;
1867         case AF_INET6:
1868                 tbl = neigh_tables[NEIGH_ND_TABLE];
1869                 break;
1870         }
1871
1872         return tbl;
1873 }
1874
1875 const struct nla_policy nda_policy[NDA_MAX+1] = {
1876         [NDA_UNSPEC]            = { .strict_start_type = NDA_NH_ID },
1877         [NDA_DST]               = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1878         [NDA_LLADDR]            = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1879         [NDA_CACHEINFO]         = { .len = sizeof(struct nda_cacheinfo) },
1880         [NDA_PROBES]            = { .type = NLA_U32 },
1881         [NDA_VLAN]              = { .type = NLA_U16 },
1882         [NDA_PORT]              = { .type = NLA_U16 },
1883         [NDA_VNI]               = { .type = NLA_U32 },
1884         [NDA_IFINDEX]           = { .type = NLA_U32 },
1885         [NDA_MASTER]            = { .type = NLA_U32 },
1886         [NDA_PROTOCOL]          = { .type = NLA_U8 },
1887         [NDA_NH_ID]             = { .type = NLA_U32 },
1888         [NDA_FLAGS_EXT]         = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1889         [NDA_FDB_EXT_ATTRS]     = { .type = NLA_NESTED },
1890 };
1891
1892 static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1893                         struct netlink_ext_ack *extack)
1894 {
1895         struct net *net = sock_net(skb->sk);
1896         struct ndmsg *ndm;
1897         struct nlattr *dst_attr;
1898         struct neigh_table *tbl;
1899         struct neighbour *neigh;
1900         struct net_device *dev = NULL;
1901         int err = -EINVAL;
1902
1903         ASSERT_RTNL();
1904         if (nlmsg_len(nlh) < sizeof(*ndm))
1905                 goto out;
1906
1907         dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1908         if (!dst_attr) {
1909                 NL_SET_ERR_MSG(extack, "Network address not specified");
1910                 goto out;
1911         }
1912
1913         ndm = nlmsg_data(nlh);
1914         if (ndm->ndm_ifindex) {
1915                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1916                 if (dev == NULL) {
1917                         err = -ENODEV;
1918                         goto out;
1919                 }
1920         }
1921
1922         tbl = neigh_find_table(ndm->ndm_family);
1923         if (tbl == NULL)
1924                 return -EAFNOSUPPORT;
1925
1926         if (nla_len(dst_attr) < (int)tbl->key_len) {
1927                 NL_SET_ERR_MSG(extack, "Invalid network address");
1928                 goto out;
1929         }
1930
1931         if (ndm->ndm_flags & NTF_PROXY) {
1932                 err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
1933                 goto out;
1934         }
1935
1936         if (dev == NULL)
1937                 goto out;
1938
1939         neigh = neigh_lookup(tbl, nla_data(dst_attr), dev);
1940         if (neigh == NULL) {
1941                 err = -ENOENT;
1942                 goto out;
1943         }
1944
1945         err = __neigh_update(neigh, NULL, NUD_FAILED,
1946                              NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1947                              NETLINK_CB(skb).portid, extack);
1948         write_lock_bh(&tbl->lock);
1949         neigh_release(neigh);
1950         neigh_remove_one(neigh, tbl);
1951         write_unlock_bh(&tbl->lock);
1952
1953 out:
1954         return err;
1955 }
1956
1957 static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1958                      struct netlink_ext_ack *extack)
1959 {
1960         int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1961                     NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1962         struct net *net = sock_net(skb->sk);
1963         struct ndmsg *ndm;
1964         struct nlattr *tb[NDA_MAX+1];
1965         struct neigh_table *tbl;
1966         struct net_device *dev = NULL;
1967         struct neighbour *neigh;
1968         void *dst, *lladdr;
1969         u8 protocol = 0;
1970         u32 ndm_flags;
1971         int err;
1972
1973         ASSERT_RTNL();
1974         err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
1975                                      nda_policy, extack);
1976         if (err < 0)
1977                 goto out;
1978
1979         err = -EINVAL;
1980         if (!tb[NDA_DST]) {
1981                 NL_SET_ERR_MSG(extack, "Network address not specified");
1982                 goto out;
1983         }
1984
1985         ndm = nlmsg_data(nlh);
1986         ndm_flags = ndm->ndm_flags;
1987         if (tb[NDA_FLAGS_EXT]) {
1988                 u32 ext = nla_get_u32(tb[NDA_FLAGS_EXT]);
1989
1990                 BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1991                              (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1992                               hweight32(NTF_EXT_MASK)));
1993                 ndm_flags |= (ext << NTF_EXT_SHIFT);
1994         }
1995         if (ndm->ndm_ifindex) {
1996                 dev = __dev_get_by_index(net, ndm->ndm_ifindex);
1997                 if (dev == NULL) {
1998                         err = -ENODEV;
1999                         goto out;
2000                 }
2001
2002                 if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
2003                         NL_SET_ERR_MSG(extack, "Invalid link address");
2004                         goto out;
2005                 }
2006         }
2007
2008         tbl = neigh_find_table(ndm->ndm_family);
2009         if (tbl == NULL)
2010                 return -EAFNOSUPPORT;
2011
2012         if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
2013                 NL_SET_ERR_MSG(extack, "Invalid network address");
2014                 goto out;
2015         }
2016
2017         dst = nla_data(tb[NDA_DST]);
2018         lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
2019
2020         if (tb[NDA_PROTOCOL])
2021                 protocol = nla_get_u8(tb[NDA_PROTOCOL]);
2022         if (ndm_flags & NTF_PROXY) {
2023                 struct pneigh_entry *pn;
2024
2025                 if (ndm_flags & NTF_MANAGED) {
2026                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2027                         goto out;
2028                 }
2029
2030                 err = -ENOBUFS;
2031                 pn = pneigh_lookup(tbl, net, dst, dev, 1);
2032                 if (pn) {
2033                         pn->flags = ndm_flags;
2034                         if (protocol)
2035                                 pn->protocol = protocol;
2036                         err = 0;
2037                 }
2038                 goto out;
2039         }
2040
2041         if (!dev) {
2042                 NL_SET_ERR_MSG(extack, "Device not specified");
2043                 goto out;
2044         }
2045
2046         if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2047                 err = -EINVAL;
2048                 goto out;
2049         }
2050
2051         neigh = neigh_lookup(tbl, dst, dev);
2052         if (neigh == NULL) {
2053                 bool ndm_permanent  = ndm->ndm_state & NUD_PERMANENT;
2054                 bool exempt_from_gc = ndm_permanent ||
2055                                       ndm_flags & NTF_EXT_LEARNED;
2056
2057                 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2058                         err = -ENOENT;
2059                         goto out;
2060                 }
2061                 if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2062                         NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2063                         err = -EINVAL;
2064                         goto out;
2065                 }
2066
2067                 neigh = ___neigh_create(tbl, dst, dev,
2068                                         ndm_flags &
2069                                         (NTF_EXT_LEARNED | NTF_MANAGED),
2070                                         exempt_from_gc, true);
2071                 if (IS_ERR(neigh)) {
2072                         err = PTR_ERR(neigh);
2073                         goto out;
2074                 }
2075         } else {
2076                 if (nlh->nlmsg_flags & NLM_F_EXCL) {
2077                         err = -EEXIST;
2078                         neigh_release(neigh);
2079                         goto out;
2080                 }
2081
2082                 if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2083                         flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2084                                    NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2085         }
2086
2087         if (protocol)
2088                 neigh->protocol = protocol;
2089         if (ndm_flags & NTF_EXT_LEARNED)
2090                 flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2091         if (ndm_flags & NTF_ROUTER)
2092                 flags |= NEIGH_UPDATE_F_ISROUTER;
2093         if (ndm_flags & NTF_MANAGED)
2094                 flags |= NEIGH_UPDATE_F_MANAGED;
2095         if (ndm_flags & NTF_USE)
2096                 flags |= NEIGH_UPDATE_F_USE;
2097
2098         err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
2099                              NETLINK_CB(skb).portid, extack);
2100         if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2101                 neigh_event_send(neigh, NULL);
2102                 err = 0;
2103         }
2104         neigh_release(neigh);
2105 out:
2106         return err;
2107 }
2108
2109 static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2110 {
2111         struct nlattr *nest;
2112
2113         nest = nla_nest_start_noflag(skb, NDTA_PARMS);
2114         if (nest == NULL)
2115                 return -ENOBUFS;
2116
2117         if ((parms->dev &&
2118              nla_put_u32(skb, NDTPA_IFINDEX, parms->dev->ifindex)) ||
2119             nla_put_u32(skb, NDTPA_REFCNT, refcount_read(&parms->refcnt)) ||
2120             nla_put_u32(skb, NDTPA_QUEUE_LENBYTES,
2121                         NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2122             /* approximative value for deprecated QUEUE_LEN (in packets) */
2123             nla_put_u32(skb, NDTPA_QUEUE_LEN,
2124                         NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2125             nla_put_u32(skb, NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2126             nla_put_u32(skb, NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2127             nla_put_u32(skb, NDTPA_UCAST_PROBES,
2128                         NEIGH_VAR(parms, UCAST_PROBES)) ||
2129             nla_put_u32(skb, NDTPA_MCAST_PROBES,
2130                         NEIGH_VAR(parms, MCAST_PROBES)) ||
2131             nla_put_u32(skb, NDTPA_MCAST_REPROBES,
2132                         NEIGH_VAR(parms, MCAST_REPROBES)) ||
2133             nla_put_msecs(skb, NDTPA_REACHABLE_TIME, parms->reachable_time,
2134                           NDTPA_PAD) ||
2135             nla_put_msecs(skb, NDTPA_BASE_REACHABLE_TIME,
2136                           NEIGH_VAR(parms, BASE_REACHABLE_TIME), NDTPA_PAD) ||
2137             nla_put_msecs(skb, NDTPA_GC_STALETIME,
2138                           NEIGH_VAR(parms, GC_STALETIME), NDTPA_PAD) ||
2139             nla_put_msecs(skb, NDTPA_DELAY_PROBE_TIME,
2140                           NEIGH_VAR(parms, DELAY_PROBE_TIME), NDTPA_PAD) ||
2141             nla_put_msecs(skb, NDTPA_RETRANS_TIME,
2142                           NEIGH_VAR(parms, RETRANS_TIME), NDTPA_PAD) ||
2143             nla_put_msecs(skb, NDTPA_ANYCAST_DELAY,
2144                           NEIGH_VAR(parms, ANYCAST_DELAY), NDTPA_PAD) ||
2145             nla_put_msecs(skb, NDTPA_PROXY_DELAY,
2146                           NEIGH_VAR(parms, PROXY_DELAY), NDTPA_PAD) ||
2147             nla_put_msecs(skb, NDTPA_LOCKTIME,
2148                           NEIGH_VAR(parms, LOCKTIME), NDTPA_PAD) ||
2149             nla_put_msecs(skb, NDTPA_INTERVAL_PROBE_TIME_MS,
2150                           NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), NDTPA_PAD))
2151                 goto nla_put_failure;
2152         return nla_nest_end(skb, nest);
2153
2154 nla_put_failure:
2155         nla_nest_cancel(skb, nest);
2156         return -EMSGSIZE;
2157 }
2158
2159 static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2160                               u32 pid, u32 seq, int type, int flags)
2161 {
2162         struct nlmsghdr *nlh;
2163         struct ndtmsg *ndtmsg;
2164
2165         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2166         if (nlh == NULL)
2167                 return -EMSGSIZE;
2168
2169         ndtmsg = nlmsg_data(nlh);
2170
2171         read_lock_bh(&tbl->lock);
2172         ndtmsg->ndtm_family = tbl->family;
2173         ndtmsg->ndtm_pad1   = 0;
2174         ndtmsg->ndtm_pad2   = 0;
2175
2176         if (nla_put_string(skb, NDTA_NAME, tbl->id) ||
2177             nla_put_msecs(skb, NDTA_GC_INTERVAL, tbl->gc_interval, NDTA_PAD) ||
2178             nla_put_u32(skb, NDTA_THRESH1, tbl->gc_thresh1) ||
2179             nla_put_u32(skb, NDTA_THRESH2, tbl->gc_thresh2) ||
2180             nla_put_u32(skb, NDTA_THRESH3, tbl->gc_thresh3))
2181                 goto nla_put_failure;
2182         {
2183                 unsigned long now = jiffies;
2184                 long flush_delta = now - tbl->last_flush;
2185                 long rand_delta = now - tbl->last_rand;
2186                 struct neigh_hash_table *nht;
2187                 struct ndt_config ndc = {
2188                         .ndtc_key_len           = tbl->key_len,
2189                         .ndtc_entry_size        = tbl->entry_size,
2190                         .ndtc_entries           = atomic_read(&tbl->entries),
2191                         .ndtc_last_flush        = jiffies_to_msecs(flush_delta),
2192                         .ndtc_last_rand         = jiffies_to_msecs(rand_delta),
2193                         .ndtc_proxy_qlen        = tbl->proxy_queue.qlen,
2194                 };
2195
2196                 rcu_read_lock_bh();
2197                 nht = rcu_dereference_bh(tbl->nht);
2198                 ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2199                 ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2200                 rcu_read_unlock_bh();
2201
2202                 if (nla_put(skb, NDTA_CONFIG, sizeof(ndc), &ndc))
2203                         goto nla_put_failure;
2204         }
2205
2206         {
2207                 int cpu;
2208                 struct ndt_stats ndst;
2209
2210                 memset(&ndst, 0, sizeof(ndst));
2211
2212                 for_each_possible_cpu(cpu) {
2213                         struct neigh_statistics *st;
2214
2215                         st = per_cpu_ptr(tbl->stats, cpu);
2216                         ndst.ndts_allocs                += st->allocs;
2217                         ndst.ndts_destroys              += st->destroys;
2218                         ndst.ndts_hash_grows            += st->hash_grows;
2219                         ndst.ndts_res_failed            += st->res_failed;
2220                         ndst.ndts_lookups               += st->lookups;
2221                         ndst.ndts_hits                  += st->hits;
2222                         ndst.ndts_rcv_probes_mcast      += st->rcv_probes_mcast;
2223                         ndst.ndts_rcv_probes_ucast      += st->rcv_probes_ucast;
2224                         ndst.ndts_periodic_gc_runs      += st->periodic_gc_runs;
2225                         ndst.ndts_forced_gc_runs        += st->forced_gc_runs;
2226                         ndst.ndts_table_fulls           += st->table_fulls;
2227                 }
2228
2229                 if (nla_put_64bit(skb, NDTA_STATS, sizeof(ndst), &ndst,
2230                                   NDTA_PAD))
2231                         goto nla_put_failure;
2232         }
2233
2234         BUG_ON(tbl->parms.dev);
2235         if (neightbl_fill_parms(skb, &tbl->parms) < 0)
2236                 goto nla_put_failure;
2237
2238         read_unlock_bh(&tbl->lock);
2239         nlmsg_end(skb, nlh);
2240         return 0;
2241
2242 nla_put_failure:
2243         read_unlock_bh(&tbl->lock);
2244         nlmsg_cancel(skb, nlh);
2245         return -EMSGSIZE;
2246 }
2247
2248 static int neightbl_fill_param_info(struct sk_buff *skb,
2249                                     struct neigh_table *tbl,
2250                                     struct neigh_parms *parms,
2251                                     u32 pid, u32 seq, int type,
2252                                     unsigned int flags)
2253 {
2254         struct ndtmsg *ndtmsg;
2255         struct nlmsghdr *nlh;
2256
2257         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndtmsg), flags);
2258         if (nlh == NULL)
2259                 return -EMSGSIZE;
2260
2261         ndtmsg = nlmsg_data(nlh);
2262
2263         read_lock_bh(&tbl->lock);
2264         ndtmsg->ndtm_family = tbl->family;
2265         ndtmsg->ndtm_pad1   = 0;
2266         ndtmsg->ndtm_pad2   = 0;
2267
2268         if (nla_put_string(skb, NDTA_NAME, tbl->id) < 0 ||
2269             neightbl_fill_parms(skb, parms) < 0)
2270                 goto errout;
2271
2272         read_unlock_bh(&tbl->lock);
2273         nlmsg_end(skb, nlh);
2274         return 0;
2275 errout:
2276         read_unlock_bh(&tbl->lock);
2277         nlmsg_cancel(skb, nlh);
2278         return -EMSGSIZE;
2279 }
2280
2281 static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2282         [NDTA_NAME]             = { .type = NLA_STRING },
2283         [NDTA_THRESH1]          = { .type = NLA_U32 },
2284         [NDTA_THRESH2]          = { .type = NLA_U32 },
2285         [NDTA_THRESH3]          = { .type = NLA_U32 },
2286         [NDTA_GC_INTERVAL]      = { .type = NLA_U64 },
2287         [NDTA_PARMS]            = { .type = NLA_NESTED },
2288 };
2289
2290 static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2291         [NDTPA_IFINDEX]                 = { .type = NLA_U32 },
2292         [NDTPA_QUEUE_LEN]               = { .type = NLA_U32 },
2293         [NDTPA_PROXY_QLEN]              = { .type = NLA_U32 },
2294         [NDTPA_APP_PROBES]              = { .type = NLA_U32 },
2295         [NDTPA_UCAST_PROBES]            = { .type = NLA_U32 },
2296         [NDTPA_MCAST_PROBES]            = { .type = NLA_U32 },
2297         [NDTPA_MCAST_REPROBES]          = { .type = NLA_U32 },
2298         [NDTPA_BASE_REACHABLE_TIME]     = { .type = NLA_U64 },
2299         [NDTPA_GC_STALETIME]            = { .type = NLA_U64 },
2300         [NDTPA_DELAY_PROBE_TIME]        = { .type = NLA_U64 },
2301         [NDTPA_RETRANS_TIME]            = { .type = NLA_U64 },
2302         [NDTPA_ANYCAST_DELAY]           = { .type = NLA_U64 },
2303         [NDTPA_PROXY_DELAY]             = { .type = NLA_U64 },
2304         [NDTPA_LOCKTIME]                = { .type = NLA_U64 },
2305         [NDTPA_INTERVAL_PROBE_TIME_MS]  = { .type = NLA_U64, .min = 1 },
2306 };
2307
2308 static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2309                         struct netlink_ext_ack *extack)
2310 {
2311         struct net *net = sock_net(skb->sk);
2312         struct neigh_table *tbl;
2313         struct ndtmsg *ndtmsg;
2314         struct nlattr *tb[NDTA_MAX+1];
2315         bool found = false;
2316         int err, tidx;
2317
2318         err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2319                                      nl_neightbl_policy, extack);
2320         if (err < 0)
2321                 goto errout;
2322
2323         if (tb[NDTA_NAME] == NULL) {
2324                 err = -EINVAL;
2325                 goto errout;
2326         }
2327
2328         ndtmsg = nlmsg_data(nlh);
2329
2330         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2331                 tbl = neigh_tables[tidx];
2332                 if (!tbl)
2333                         continue;
2334                 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2335                         continue;
2336                 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) {
2337                         found = true;
2338                         break;
2339                 }
2340         }
2341
2342         if (!found)
2343                 return -ENOENT;
2344
2345         /*
2346          * We acquire tbl->lock to be nice to the periodic timers and
2347          * make sure they always see a consistent set of values.
2348          */
2349         write_lock_bh(&tbl->lock);
2350
2351         if (tb[NDTA_PARMS]) {
2352                 struct nlattr *tbp[NDTPA_MAX+1];
2353                 struct neigh_parms *p;
2354                 int i, ifindex = 0;
2355
2356                 err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
2357                                                   tb[NDTA_PARMS],
2358                                                   nl_ntbl_parm_policy, extack);
2359                 if (err < 0)
2360                         goto errout_tbl_lock;
2361
2362                 if (tbp[NDTPA_IFINDEX])
2363                         ifindex = nla_get_u32(tbp[NDTPA_IFINDEX]);
2364
2365                 p = lookup_neigh_parms(tbl, net, ifindex);
2366                 if (p == NULL) {
2367                         err = -ENOENT;
2368                         goto errout_tbl_lock;
2369                 }
2370
2371                 for (i = 1; i <= NDTPA_MAX; i++) {
2372                         if (tbp[i] == NULL)
2373                                 continue;
2374
2375                         switch (i) {
2376                         case NDTPA_QUEUE_LEN:
2377                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2378                                               nla_get_u32(tbp[i]) *
2379                                               SKB_TRUESIZE(ETH_FRAME_LEN));
2380                                 break;
2381                         case NDTPA_QUEUE_LENBYTES:
2382                                 NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2383                                               nla_get_u32(tbp[i]));
2384                                 break;
2385                         case NDTPA_PROXY_QLEN:
2386                                 NEIGH_VAR_SET(p, PROXY_QLEN,
2387                                               nla_get_u32(tbp[i]));
2388                                 break;
2389                         case NDTPA_APP_PROBES:
2390                                 NEIGH_VAR_SET(p, APP_PROBES,
2391                                               nla_get_u32(tbp[i]));
2392                                 break;
2393                         case NDTPA_UCAST_PROBES:
2394                                 NEIGH_VAR_SET(p, UCAST_PROBES,
2395                                               nla_get_u32(tbp[i]));
2396                                 break;
2397                         case NDTPA_MCAST_PROBES:
2398                                 NEIGH_VAR_SET(p, MCAST_PROBES,
2399                                               nla_get_u32(tbp[i]));
2400                                 break;
2401                         case NDTPA_MCAST_REPROBES:
2402                                 NEIGH_VAR_SET(p, MCAST_REPROBES,
2403                                               nla_get_u32(tbp[i]));
2404                                 break;
2405                         case NDTPA_BASE_REACHABLE_TIME:
2406                                 NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2407                                               nla_get_msecs(tbp[i]));
2408                                 /* update reachable_time as well, otherwise, the change will
2409                                  * only be effective after the next time neigh_periodic_work
2410                                  * decides to recompute it (can be multiple minutes)
2411                                  */
2412                                 p->reachable_time =
2413                                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2414                                 break;
2415                         case NDTPA_GC_STALETIME:
2416                                 NEIGH_VAR_SET(p, GC_STALETIME,
2417                                               nla_get_msecs(tbp[i]));
2418                                 break;
2419                         case NDTPA_DELAY_PROBE_TIME:
2420                                 NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2421                                               nla_get_msecs(tbp[i]));
2422                                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
2423                                 break;
2424                         case NDTPA_INTERVAL_PROBE_TIME_MS:
2425                                 NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2426                                               nla_get_msecs(tbp[i]));
2427                                 break;
2428                         case NDTPA_RETRANS_TIME:
2429                                 NEIGH_VAR_SET(p, RETRANS_TIME,
2430                                               nla_get_msecs(tbp[i]));
2431                                 break;
2432                         case NDTPA_ANYCAST_DELAY:
2433                                 NEIGH_VAR_SET(p, ANYCAST_DELAY,
2434                                               nla_get_msecs(tbp[i]));
2435                                 break;
2436                         case NDTPA_PROXY_DELAY:
2437                                 NEIGH_VAR_SET(p, PROXY_DELAY,
2438                                               nla_get_msecs(tbp[i]));
2439                                 break;
2440                         case NDTPA_LOCKTIME:
2441                                 NEIGH_VAR_SET(p, LOCKTIME,
2442                                               nla_get_msecs(tbp[i]));
2443                                 break;
2444                         }
2445                 }
2446         }
2447
2448         err = -ENOENT;
2449         if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2450              tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2451             !net_eq(net, &init_net))
2452                 goto errout_tbl_lock;
2453
2454         if (tb[NDTA_THRESH1])
2455                 tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
2456
2457         if (tb[NDTA_THRESH2])
2458                 tbl->gc_thresh2 = nla_get_u32(tb[NDTA_THRESH2]);
2459
2460         if (tb[NDTA_THRESH3])
2461                 tbl->gc_thresh3 = nla_get_u32(tb[NDTA_THRESH3]);
2462
2463         if (tb[NDTA_GC_INTERVAL])
2464                 tbl->gc_interval = nla_get_msecs(tb[NDTA_GC_INTERVAL]);
2465
2466         err = 0;
2467
2468 errout_tbl_lock:
2469         write_unlock_bh(&tbl->lock);
2470 errout:
2471         return err;
2472 }
2473
2474 static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2475                                     struct netlink_ext_ack *extack)
2476 {
2477         struct ndtmsg *ndtm;
2478
2479         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
2480                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2481                 return -EINVAL;
2482         }
2483
2484         ndtm = nlmsg_data(nlh);
2485         if (ndtm->ndtm_pad1  || ndtm->ndtm_pad2) {
2486                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2487                 return -EINVAL;
2488         }
2489
2490         if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
2491                 NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2492                 return -EINVAL;
2493         }
2494
2495         return 0;
2496 }
2497
2498 static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2499 {
2500         const struct nlmsghdr *nlh = cb->nlh;
2501         struct net *net = sock_net(skb->sk);
2502         int family, tidx, nidx = 0;
2503         int tbl_skip = cb->args[0];
2504         int neigh_skip = cb->args[1];
2505         struct neigh_table *tbl;
2506
2507         if (cb->strict_check) {
2508                 int err = neightbl_valid_dump_info(nlh, cb->extack);
2509
2510                 if (err < 0)
2511                         return err;
2512         }
2513
2514         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2515
2516         for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2517                 struct neigh_parms *p;
2518
2519                 tbl = neigh_tables[tidx];
2520                 if (!tbl)
2521                         continue;
2522
2523                 if (tidx < tbl_skip || (family && tbl->family != family))
2524                         continue;
2525
2526                 if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2527                                        nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2528                                        NLM_F_MULTI) < 0)
2529                         break;
2530
2531                 nidx = 0;
2532                 p = list_next_entry(&tbl->parms, list);
2533                 list_for_each_entry_from(p, &tbl->parms_list, list) {
2534                         if (!net_eq(neigh_parms_net(p), net))
2535                                 continue;
2536
2537                         if (nidx < neigh_skip)
2538                                 goto next;
2539
2540                         if (neightbl_fill_param_info(skb, tbl, p,
2541                                                      NETLINK_CB(cb->skb).portid,
2542                                                      nlh->nlmsg_seq,
2543                                                      RTM_NEWNEIGHTBL,
2544                                                      NLM_F_MULTI) < 0)
2545                                 goto out;
2546                 next:
2547                         nidx++;
2548                 }
2549
2550                 neigh_skip = 0;
2551         }
2552 out:
2553         cb->args[0] = tidx;
2554         cb->args[1] = nidx;
2555
2556         return skb->len;
2557 }
2558
2559 static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2560                            u32 pid, u32 seq, int type, unsigned int flags)
2561 {
2562         u32 neigh_flags, neigh_flags_ext;
2563         unsigned long now = jiffies;
2564         struct nda_cacheinfo ci;
2565         struct nlmsghdr *nlh;
2566         struct ndmsg *ndm;
2567
2568         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2569         if (nlh == NULL)
2570                 return -EMSGSIZE;
2571
2572         neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2573         neigh_flags     = neigh->flags & NTF_OLD_MASK;
2574
2575         ndm = nlmsg_data(nlh);
2576         ndm->ndm_family  = neigh->ops->family;
2577         ndm->ndm_pad1    = 0;
2578         ndm->ndm_pad2    = 0;
2579         ndm->ndm_flags   = neigh_flags;
2580         ndm->ndm_type    = neigh->type;
2581         ndm->ndm_ifindex = neigh->dev->ifindex;
2582
2583         if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
2584                 goto nla_put_failure;
2585
2586         read_lock_bh(&neigh->lock);
2587         ndm->ndm_state   = neigh->nud_state;
2588         if (neigh->nud_state & NUD_VALID) {
2589                 char haddr[MAX_ADDR_LEN];
2590
2591                 neigh_ha_snapshot(haddr, neigh, neigh->dev);
2592                 if (nla_put(skb, NDA_LLADDR, neigh->dev->addr_len, haddr) < 0) {
2593                         read_unlock_bh(&neigh->lock);
2594                         goto nla_put_failure;
2595                 }
2596         }
2597
2598         ci.ndm_used      = jiffies_to_clock_t(now - neigh->used);
2599         ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2600         ci.ndm_updated   = jiffies_to_clock_t(now - neigh->updated);
2601         ci.ndm_refcnt    = refcount_read(&neigh->refcnt) - 1;
2602         read_unlock_bh(&neigh->lock);
2603
2604         if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
2605             nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2606                 goto nla_put_failure;
2607
2608         if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
2609                 goto nla_put_failure;
2610         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2611                 goto nla_put_failure;
2612
2613         nlmsg_end(skb, nlh);
2614         return 0;
2615
2616 nla_put_failure:
2617         nlmsg_cancel(skb, nlh);
2618         return -EMSGSIZE;
2619 }
2620
2621 static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2622                             u32 pid, u32 seq, int type, unsigned int flags,
2623                             struct neigh_table *tbl)
2624 {
2625         u32 neigh_flags, neigh_flags_ext;
2626         struct nlmsghdr *nlh;
2627         struct ndmsg *ndm;
2628
2629         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ndm), flags);
2630         if (nlh == NULL)
2631                 return -EMSGSIZE;
2632
2633         neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2634         neigh_flags     = pn->flags & NTF_OLD_MASK;
2635
2636         ndm = nlmsg_data(nlh);
2637         ndm->ndm_family  = tbl->family;
2638         ndm->ndm_pad1    = 0;
2639         ndm->ndm_pad2    = 0;
2640         ndm->ndm_flags   = neigh_flags | NTF_PROXY;
2641         ndm->ndm_type    = RTN_UNICAST;
2642         ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2643         ndm->ndm_state   = NUD_NONE;
2644
2645         if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2646                 goto nla_put_failure;
2647
2648         if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
2649                 goto nla_put_failure;
2650         if (neigh_flags_ext && nla_put_u32(skb, NDA_FLAGS_EXT, neigh_flags_ext))
2651                 goto nla_put_failure;
2652
2653         nlmsg_end(skb, nlh);
2654         return 0;
2655
2656 nla_put_failure:
2657         nlmsg_cancel(skb, nlh);
2658         return -EMSGSIZE;
2659 }
2660
2661 static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2662 {
2663         call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
2664         __neigh_notify(neigh, RTM_NEWNEIGH, 0, nlmsg_pid);
2665 }
2666
2667 static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2668 {
2669         struct net_device *master;
2670
2671         if (!master_idx)
2672                 return false;
2673
2674         master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2675
2676         /* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2677          * invalid value for ifindex to denote "no master".
2678          */
2679         if (master_idx == -1)
2680                 return !!master;
2681
2682         if (!master || master->ifindex != master_idx)
2683                 return true;
2684
2685         return false;
2686 }
2687
2688 static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2689 {
2690         if (filter_idx && (!dev || dev->ifindex != filter_idx))
2691                 return true;
2692
2693         return false;
2694 }
2695
2696 struct neigh_dump_filter {
2697         int master_idx;
2698         int dev_idx;
2699 };
2700
2701 static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2702                             struct netlink_callback *cb,
2703                             struct neigh_dump_filter *filter)
2704 {
2705         struct net *net = sock_net(skb->sk);
2706         struct neighbour *n;
2707         int rc, h, s_h = cb->args[1];
2708         int idx, s_idx = idx = cb->args[2];
2709         struct neigh_hash_table *nht;
2710         unsigned int flags = NLM_F_MULTI;
2711
2712         if (filter->dev_idx || filter->master_idx)
2713                 flags |= NLM_F_DUMP_FILTERED;
2714
2715         rcu_read_lock_bh();
2716         nht = rcu_dereference_bh(tbl->nht);
2717
2718         for (h = s_h; h < (1 << nht->hash_shift); h++) {
2719                 if (h > s_h)
2720                         s_idx = 0;
2721                 for (n = rcu_dereference_bh(nht->hash_buckets[h]), idx = 0;
2722                      n != NULL;
2723                      n = rcu_dereference_bh(n->next)) {
2724                         if (idx < s_idx || !net_eq(dev_net(n->dev), net))
2725                                 goto next;
2726                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2727                             neigh_master_filtered(n->dev, filter->master_idx))
2728                                 goto next;
2729                         if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2730                                             cb->nlh->nlmsg_seq,
2731                                             RTM_NEWNEIGH,
2732                                             flags) < 0) {
2733                                 rc = -1;
2734                                 goto out;
2735                         }
2736 next:
2737                         idx++;
2738                 }
2739         }
2740         rc = skb->len;
2741 out:
2742         rcu_read_unlock_bh();
2743         cb->args[1] = h;
2744         cb->args[2] = idx;
2745         return rc;
2746 }
2747
2748 static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2749                              struct netlink_callback *cb,
2750                              struct neigh_dump_filter *filter)
2751 {
2752         struct pneigh_entry *n;
2753         struct net *net = sock_net(skb->sk);
2754         int rc, h, s_h = cb->args[3];
2755         int idx, s_idx = idx = cb->args[4];
2756         unsigned int flags = NLM_F_MULTI;
2757
2758         if (filter->dev_idx || filter->master_idx)
2759                 flags |= NLM_F_DUMP_FILTERED;
2760
2761         read_lock_bh(&tbl->lock);
2762
2763         for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2764                 if (h > s_h)
2765                         s_idx = 0;
2766                 for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2767                         if (idx < s_idx || pneigh_net(n) != net)
2768                                 goto next;
2769                         if (neigh_ifindex_filtered(n->dev, filter->dev_idx) ||
2770                             neigh_master_filtered(n->dev, filter->master_idx))
2771                                 goto next;
2772                         if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2773                                             cb->nlh->nlmsg_seq,
2774                                             RTM_NEWNEIGH, flags, tbl) < 0) {
2775                                 read_unlock_bh(&tbl->lock);
2776                                 rc = -1;
2777                                 goto out;
2778                         }
2779                 next:
2780                         idx++;
2781                 }
2782         }
2783
2784         read_unlock_bh(&tbl->lock);
2785         rc = skb->len;
2786 out:
2787         cb->args[3] = h;
2788         cb->args[4] = idx;
2789         return rc;
2790
2791 }
2792
2793 static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2794                                 bool strict_check,
2795                                 struct neigh_dump_filter *filter,
2796                                 struct netlink_ext_ack *extack)
2797 {
2798         struct nlattr *tb[NDA_MAX + 1];
2799         int err, i;
2800
2801         if (strict_check) {
2802                 struct ndmsg *ndm;
2803
2804                 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2805                         NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2806                         return -EINVAL;
2807                 }
2808
2809                 ndm = nlmsg_data(nlh);
2810                 if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_ifindex ||
2811                     ndm->ndm_state || ndm->ndm_type) {
2812                         NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2813                         return -EINVAL;
2814                 }
2815
2816                 if (ndm->ndm_flags & ~NTF_PROXY) {
2817                         NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2818                         return -EINVAL;
2819                 }
2820
2821                 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
2822                                                     tb, NDA_MAX, nda_policy,
2823                                                     extack);
2824         } else {
2825                 err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
2826                                              NDA_MAX, nda_policy, extack);
2827         }
2828         if (err < 0)
2829                 return err;
2830
2831         for (i = 0; i <= NDA_MAX; ++i) {
2832                 if (!tb[i])
2833                         continue;
2834
2835                 /* all new attributes should require strict_check */
2836                 switch (i) {
2837                 case NDA_IFINDEX:
2838                         filter->dev_idx = nla_get_u32(tb[i]);
2839                         break;
2840                 case NDA_MASTER:
2841                         filter->master_idx = nla_get_u32(tb[i]);
2842                         break;
2843                 default:
2844                         if (strict_check) {
2845                                 NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2846                                 return -EINVAL;
2847                         }
2848                 }
2849         }
2850
2851         return 0;
2852 }
2853
2854 static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2855 {
2856         const struct nlmsghdr *nlh = cb->nlh;
2857         struct neigh_dump_filter filter = {};
2858         struct neigh_table *tbl;
2859         int t, family, s_t;
2860         int proxy = 0;
2861         int err;
2862
2863         family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2864
2865         /* check for full ndmsg structure presence, family member is
2866          * the same for both structures
2867          */
2868         if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2869             ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2870                 proxy = 1;
2871
2872         err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
2873         if (err < 0 && cb->strict_check)
2874                 return err;
2875
2876         s_t = cb->args[0];
2877
2878         for (t = 0; t < NEIGH_NR_TABLES; t++) {
2879                 tbl = neigh_tables[t];
2880
2881                 if (!tbl)
2882                         continue;
2883                 if (t < s_t || (family && tbl->family != family))
2884                         continue;
2885                 if (t > s_t)
2886                         memset(&cb->args[1], 0, sizeof(cb->args) -
2887                                                 sizeof(cb->args[0]));
2888                 if (proxy)
2889                         err = pneigh_dump_table(tbl, skb, cb, &filter);
2890                 else
2891                         err = neigh_dump_table(tbl, skb, cb, &filter);
2892                 if (err < 0)
2893                         break;
2894         }
2895
2896         cb->args[0] = t;
2897         return skb->len;
2898 }
2899
2900 static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2901                                struct neigh_table **tbl,
2902                                void **dst, int *dev_idx, u8 *ndm_flags,
2903                                struct netlink_ext_ack *extack)
2904 {
2905         struct nlattr *tb[NDA_MAX + 1];
2906         struct ndmsg *ndm;
2907         int err, i;
2908
2909         if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
2910                 NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2911                 return -EINVAL;
2912         }
2913
2914         ndm = nlmsg_data(nlh);
2915         if (ndm->ndm_pad1  || ndm->ndm_pad2  || ndm->ndm_state ||
2916             ndm->ndm_type) {
2917                 NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2918                 return -EINVAL;
2919         }
2920
2921         if (ndm->ndm_flags & ~NTF_PROXY) {
2922                 NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2923                 return -EINVAL;
2924         }
2925
2926         err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
2927                                             NDA_MAX, nda_policy, extack);
2928         if (err < 0)
2929                 return err;
2930
2931         *ndm_flags = ndm->ndm_flags;
2932         *dev_idx = ndm->ndm_ifindex;
2933         *tbl = neigh_find_table(ndm->ndm_family);
2934         if (*tbl == NULL) {
2935                 NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2936                 return -EAFNOSUPPORT;
2937         }
2938
2939         for (i = 0; i <= NDA_MAX; ++i) {
2940                 if (!tb[i])
2941                         continue;
2942
2943                 switch (i) {
2944                 case NDA_DST:
2945                         if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
2946                                 NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2947                                 return -EINVAL;
2948                         }
2949                         *dst = nla_data(tb[i]);
2950                         break;
2951                 default:
2952                         NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2953                         return -EINVAL;
2954                 }
2955         }
2956
2957         return 0;
2958 }
2959
2960 static inline size_t neigh_nlmsg_size(void)
2961 {
2962         return NLMSG_ALIGN(sizeof(struct ndmsg))
2963                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2964                + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2965                + nla_total_size(sizeof(struct nda_cacheinfo))
2966                + nla_total_size(4)  /* NDA_PROBES */
2967                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2968                + nla_total_size(1); /* NDA_PROTOCOL */
2969 }
2970
2971 static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2972                            u32 pid, u32 seq)
2973 {
2974         struct sk_buff *skb;
2975         int err = 0;
2976
2977         skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
2978         if (!skb)
2979                 return -ENOBUFS;
2980
2981         err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
2982         if (err) {
2983                 kfree_skb(skb);
2984                 goto errout;
2985         }
2986
2987         err = rtnl_unicast(skb, net, pid);
2988 errout:
2989         return err;
2990 }
2991
2992 static inline size_t pneigh_nlmsg_size(void)
2993 {
2994         return NLMSG_ALIGN(sizeof(struct ndmsg))
2995                + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2996                + nla_total_size(4)  /* NDA_FLAGS_EXT */
2997                + nla_total_size(1); /* NDA_PROTOCOL */
2998 }
2999
3000 static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
3001                             u32 pid, u32 seq, struct neigh_table *tbl)
3002 {
3003         struct sk_buff *skb;
3004         int err = 0;
3005
3006         skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
3007         if (!skb)
3008                 return -ENOBUFS;
3009
3010         err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
3011         if (err) {
3012                 kfree_skb(skb);
3013                 goto errout;
3014         }
3015
3016         err = rtnl_unicast(skb, net, pid);
3017 errout:
3018         return err;
3019 }
3020
3021 static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3022                      struct netlink_ext_ack *extack)
3023 {
3024         struct net *net = sock_net(in_skb->sk);
3025         struct net_device *dev = NULL;
3026         struct neigh_table *tbl = NULL;
3027         struct neighbour *neigh;
3028         void *dst = NULL;
3029         u8 ndm_flags = 0;
3030         int dev_idx = 0;
3031         int err;
3032
3033         err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
3034                                   extack);
3035         if (err < 0)
3036                 return err;
3037
3038         if (dev_idx) {
3039                 dev = __dev_get_by_index(net, dev_idx);
3040                 if (!dev) {
3041                         NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3042                         return -ENODEV;
3043                 }
3044         }
3045
3046         if (!dst) {
3047                 NL_SET_ERR_MSG(extack, "Network address not specified");
3048                 return -EINVAL;
3049         }
3050
3051         if (ndm_flags & NTF_PROXY) {
3052                 struct pneigh_entry *pn;
3053
3054                 pn = pneigh_lookup(tbl, net, dst, dev, 0);
3055                 if (!pn) {
3056                         NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3057                         return -ENOENT;
3058                 }
3059                 return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
3060                                         nlh->nlmsg_seq, tbl);
3061         }
3062
3063         if (!dev) {
3064                 NL_SET_ERR_MSG(extack, "No device specified");
3065                 return -EINVAL;
3066         }
3067
3068         neigh = neigh_lookup(tbl, dst, dev);
3069         if (!neigh) {
3070                 NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3071                 return -ENOENT;
3072         }
3073
3074         err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3075                               nlh->nlmsg_seq);
3076
3077         neigh_release(neigh);
3078
3079         return err;
3080 }
3081
3082 void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3083 {
3084         int chain;
3085         struct neigh_hash_table *nht;
3086
3087         rcu_read_lock_bh();
3088         nht = rcu_dereference_bh(tbl->nht);
3089
3090         read_lock(&tbl->lock); /* avoid resizes */
3091         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3092                 struct neighbour *n;
3093
3094                 for (n = rcu_dereference_bh(nht->hash_buckets[chain]);
3095                      n != NULL;
3096                      n = rcu_dereference_bh(n->next))
3097                         cb(n, cookie);
3098         }
3099         read_unlock(&tbl->lock);
3100         rcu_read_unlock_bh();
3101 }
3102 EXPORT_SYMBOL(neigh_for_each);
3103
3104 /* The tbl->lock must be held as a writer and BH disabled. */
3105 void __neigh_for_each_release(struct neigh_table *tbl,
3106                               int (*cb)(struct neighbour *))
3107 {
3108         int chain;
3109         struct neigh_hash_table *nht;
3110
3111         nht = rcu_dereference_protected(tbl->nht,
3112                                         lockdep_is_held(&tbl->lock));
3113         for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3114                 struct neighbour *n;
3115                 struct neighbour __rcu **np;
3116
3117                 np = &nht->hash_buckets[chain];
3118                 while ((n = rcu_dereference_protected(*np,
3119                                         lockdep_is_held(&tbl->lock))) != NULL) {
3120                         int release;
3121
3122                         write_lock(&n->lock);
3123                         release = cb(n);
3124                         if (release) {
3125                                 rcu_assign_pointer(*np,
3126                                         rcu_dereference_protected(n->next,
3127                                                 lockdep_is_held(&tbl->lock)));
3128                                 neigh_mark_dead(n);
3129                         } else
3130                                 np = &n->next;
3131                         write_unlock(&n->lock);
3132                         if (release)
3133                                 neigh_cleanup_and_release(n);
3134                 }
3135         }
3136 }
3137 EXPORT_SYMBOL(__neigh_for_each_release);
3138
3139 int neigh_xmit(int index, struct net_device *dev,
3140                const void *addr, struct sk_buff *skb)
3141 {
3142         int err = -EAFNOSUPPORT;
3143         if (likely(index < NEIGH_NR_TABLES)) {
3144                 struct neigh_table *tbl;
3145                 struct neighbour *neigh;
3146
3147                 tbl = neigh_tables[index];
3148                 if (!tbl)
3149                         goto out;
3150                 rcu_read_lock_bh();
3151                 if (index == NEIGH_ARP_TABLE) {
3152                         u32 key = *((u32 *)addr);
3153
3154                         neigh = __ipv4_neigh_lookup_noref(dev, key);
3155                 } else {
3156                         neigh = __neigh_lookup_noref(tbl, addr, dev);
3157                 }
3158                 if (!neigh)
3159                         neigh = __neigh_create(tbl, addr, dev, false);
3160                 err = PTR_ERR(neigh);
3161                 if (IS_ERR(neigh)) {
3162                         rcu_read_unlock_bh();
3163                         goto out_kfree_skb;
3164                 }
3165                 err = neigh->output(neigh, skb);
3166                 rcu_read_unlock_bh();
3167         }
3168         else if (index == NEIGH_LINK_TABLE) {
3169                 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3170                                       addr, NULL, skb->len);
3171                 if (err < 0)
3172                         goto out_kfree_skb;
3173                 err = dev_queue_xmit(skb);
3174         }
3175 out:
3176         return err;
3177 out_kfree_skb:
3178         kfree_skb(skb);
3179         goto out;
3180 }
3181 EXPORT_SYMBOL(neigh_xmit);
3182
3183 #ifdef CONFIG_PROC_FS
3184
3185 static struct neighbour *neigh_get_first(struct seq_file *seq)
3186 {
3187         struct neigh_seq_state *state = seq->private;
3188         struct net *net = seq_file_net(seq);
3189         struct neigh_hash_table *nht = state->nht;
3190         struct neighbour *n = NULL;
3191         int bucket;
3192
3193         state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3194         for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3195                 n = rcu_dereference_bh(nht->hash_buckets[bucket]);
3196
3197                 while (n) {
3198                         if (!net_eq(dev_net(n->dev), net))
3199                                 goto next;
3200                         if (state->neigh_sub_iter) {
3201                                 loff_t fakep = 0;
3202                                 void *v;
3203
3204                                 v = state->neigh_sub_iter(state, n, &fakep);
3205                                 if (!v)
3206                                         goto next;
3207                         }
3208                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3209                                 break;
3210                         if (n->nud_state & ~NUD_NOARP)
3211                                 break;
3212 next:
3213                         n = rcu_dereference_bh(n->next);
3214                 }
3215
3216                 if (n)
3217                         break;
3218         }
3219         state->bucket = bucket;
3220
3221         return n;
3222 }
3223
3224 static struct neighbour *neigh_get_next(struct seq_file *seq,
3225                                         struct neighbour *n,
3226                                         loff_t *pos)
3227 {
3228         struct neigh_seq_state *state = seq->private;
3229         struct net *net = seq_file_net(seq);
3230         struct neigh_hash_table *nht = state->nht;
3231
3232         if (state->neigh_sub_iter) {
3233                 void *v = state->neigh_sub_iter(state, n, pos);
3234                 if (v)
3235                         return n;
3236         }
3237         n = rcu_dereference_bh(n->next);
3238
3239         while (1) {
3240                 while (n) {
3241                         if (!net_eq(dev_net(n->dev), net))
3242                                 goto next;
3243                         if (state->neigh_sub_iter) {
3244                                 void *v = state->neigh_sub_iter(state, n, pos);
3245                                 if (v)
3246                                         return n;
3247                                 goto next;
3248                         }
3249                         if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3250                                 break;
3251
3252                         if (n->nud_state & ~NUD_NOARP)
3253                                 break;
3254 next:
3255                         n = rcu_dereference_bh(n->next);
3256                 }
3257
3258                 if (n)
3259                         break;
3260
3261                 if (++state->bucket >= (1 << nht->hash_shift))
3262                         break;
3263
3264                 n = rcu_dereference_bh(nht->hash_buckets[state->bucket]);
3265         }
3266
3267         if (n && pos)
3268                 --(*pos);
3269         return n;
3270 }
3271
3272 static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3273 {
3274         struct neighbour *n = neigh_get_first(seq);
3275
3276         if (n) {
3277                 --(*pos);
3278                 while (*pos) {
3279                         n = neigh_get_next(seq, n, pos);
3280                         if (!n)
3281                                 break;
3282                 }
3283         }
3284         return *pos ? NULL : n;
3285 }
3286
3287 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3288 {
3289         struct neigh_seq_state *state = seq->private;
3290         struct net *net = seq_file_net(seq);
3291         struct neigh_table *tbl = state->tbl;
3292         struct pneigh_entry *pn = NULL;
3293         int bucket;
3294
3295         state->flags |= NEIGH_SEQ_IS_PNEIGH;
3296         for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3297                 pn = tbl->phash_buckets[bucket];
3298                 while (pn && !net_eq(pneigh_net(pn), net))
3299                         pn = pn->next;
3300                 if (pn)
3301                         break;
3302         }
3303         state->bucket = bucket;
3304
3305         return pn;
3306 }
3307
3308 static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3309                                             struct pneigh_entry *pn,
3310                                             loff_t *pos)
3311 {
3312         struct neigh_seq_state *state = seq->private;
3313         struct net *net = seq_file_net(seq);
3314         struct neigh_table *tbl = state->tbl;
3315
3316         do {
3317                 pn = pn->next;
3318         } while (pn && !net_eq(pneigh_net(pn), net));
3319
3320         while (!pn) {
3321                 if (++state->bucket > PNEIGH_HASHMASK)
3322                         break;
3323                 pn = tbl->phash_buckets[state->bucket];
3324                 while (pn && !net_eq(pneigh_net(pn), net))
3325                         pn = pn->next;
3326                 if (pn)
3327                         break;
3328         }
3329
3330         if (pn && pos)
3331                 --(*pos);
3332
3333         return pn;
3334 }
3335
3336 static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3337 {
3338         struct pneigh_entry *pn = pneigh_get_first(seq);
3339
3340         if (pn) {
3341                 --(*pos);
3342                 while (*pos) {
3343                         pn = pneigh_get_next(seq, pn, pos);
3344                         if (!pn)
3345                                 break;
3346                 }
3347         }
3348         return *pos ? NULL : pn;
3349 }
3350
3351 static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3352 {
3353         struct neigh_seq_state *state = seq->private;
3354         void *rc;
3355         loff_t idxpos = *pos;
3356
3357         rc = neigh_get_idx(seq, &idxpos);
3358         if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3359                 rc = pneigh_get_idx(seq, &idxpos);
3360
3361         return rc;
3362 }
3363
3364 void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3365         __acquires(tbl->lock)
3366         __acquires(rcu_bh)
3367 {
3368         struct neigh_seq_state *state = seq->private;
3369
3370         state->tbl = tbl;
3371         state->bucket = 0;
3372         state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3373
3374         rcu_read_lock_bh();
3375         state->nht = rcu_dereference_bh(tbl->nht);
3376         read_lock(&tbl->lock);
3377
3378         return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3379 }
3380 EXPORT_SYMBOL(neigh_seq_start);
3381
3382 void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3383 {
3384         struct neigh_seq_state *state;
3385         void *rc;
3386
3387         if (v == SEQ_START_TOKEN) {
3388                 rc = neigh_get_first(seq);
3389                 goto out;
3390         }
3391
3392         state = seq->private;
3393         if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3394                 rc = neigh_get_next(seq, v, NULL);
3395                 if (rc)
3396                         goto out;
3397                 if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3398                         rc = pneigh_get_first(seq);
3399         } else {
3400                 BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3401                 rc = pneigh_get_next(seq, v, NULL);
3402         }
3403 out:
3404         ++(*pos);
3405         return rc;
3406 }
3407 EXPORT_SYMBOL(neigh_seq_next);
3408
3409 void neigh_seq_stop(struct seq_file *seq, void *v)
3410         __releases(tbl->lock)
3411         __releases(rcu_bh)
3412 {
3413         struct neigh_seq_state *state = seq->private;
3414         struct neigh_table *tbl = state->tbl;
3415
3416         read_unlock(&tbl->lock);
3417         rcu_read_unlock_bh();
3418 }
3419 EXPORT_SYMBOL(neigh_seq_stop);
3420
3421 /* statistics via seq_file */
3422
3423 static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3424 {
3425         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3426         int cpu;
3427
3428         if (*pos == 0)
3429                 return SEQ_START_TOKEN;
3430
3431         for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3432                 if (!cpu_possible(cpu))
3433                         continue;
3434                 *pos = cpu+1;
3435                 return per_cpu_ptr(tbl->stats, cpu);
3436         }
3437         return NULL;
3438 }
3439
3440 static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3441 {
3442         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3443         int cpu;
3444
3445         for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3446                 if (!cpu_possible(cpu))
3447                         continue;
3448                 *pos = cpu+1;
3449                 return per_cpu_ptr(tbl->stats, cpu);
3450         }
3451         (*pos)++;
3452         return NULL;
3453 }
3454
3455 static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3456 {
3457
3458 }
3459
3460 static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3461 {
3462         struct neigh_table *tbl = pde_data(file_inode(seq->file));
3463         struct neigh_statistics *st = v;
3464
3465         if (v == SEQ_START_TOKEN) {
3466                 seq_puts(seq, "entries  allocs   destroys hash_grows lookups  hits     res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3467                 return 0;
3468         }
3469
3470         seq_printf(seq, "%08x %08lx %08lx %08lx   %08lx %08lx %08lx   "
3471                         "%08lx         %08lx         %08lx         "
3472                         "%08lx       %08lx            %08lx\n",
3473                    atomic_read(&tbl->entries),
3474
3475                    st->allocs,
3476                    st->destroys,
3477                    st->hash_grows,
3478
3479                    st->lookups,
3480                    st->hits,
3481
3482                    st->res_failed,
3483
3484                    st->rcv_probes_mcast,
3485                    st->rcv_probes_ucast,
3486
3487                    st->periodic_gc_runs,
3488                    st->forced_gc_runs,
3489                    st->unres_discards,
3490                    st->table_fulls
3491                    );
3492
3493         return 0;
3494 }
3495
3496 static const struct seq_operations neigh_stat_seq_ops = {
3497         .start  = neigh_stat_seq_start,
3498         .next   = neigh_stat_seq_next,
3499         .stop   = neigh_stat_seq_stop,
3500         .show   = neigh_stat_seq_show,
3501 };
3502 #endif /* CONFIG_PROC_FS */
3503
3504 static void __neigh_notify(struct neighbour *n, int type, int flags,
3505                            u32 pid)
3506 {
3507         struct net *net = dev_net(n->dev);
3508         struct sk_buff *skb;
3509         int err = -ENOBUFS;
3510
3511         skb = nlmsg_new(neigh_nlmsg_size(), GFP_ATOMIC);
3512         if (skb == NULL)
3513                 goto errout;
3514
3515         err = neigh_fill_info(skb, n, pid, 0, type, flags);
3516         if (err < 0) {
3517                 /* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3518                 WARN_ON(err == -EMSGSIZE);
3519                 kfree_skb(skb);
3520                 goto errout;
3521         }
3522         rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3523         return;
3524 errout:
3525         if (err < 0)
3526                 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
3527 }
3528
3529 void neigh_app_ns(struct neighbour *n)
3530 {
3531         __neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, 0);
3532 }
3533 EXPORT_SYMBOL(neigh_app_ns);
3534
3535 #ifdef CONFIG_SYSCTL
3536 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3537
3538 static int proc_unres_qlen(struct ctl_table *ctl, int write,
3539                            void *buffer, size_t *lenp, loff_t *ppos)
3540 {
3541         int size, ret;
3542         struct ctl_table tmp = *ctl;
3543
3544         tmp.extra1 = SYSCTL_ZERO;
3545         tmp.extra2 = &unres_qlen_max;
3546         tmp.data = &size;
3547
3548         size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3549         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3550
3551         if (write && !ret)
3552                 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3553         return ret;
3554 }
3555
3556 static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3557                                   int index)
3558 {
3559         struct net_device *dev;
3560         int family = neigh_parms_family(p);
3561
3562         rcu_read_lock();
3563         for_each_netdev_rcu(net, dev) {
3564                 struct neigh_parms *dst_p =
3565                                 neigh_get_dev_parms_rcu(dev, family);
3566
3567                 if (dst_p && !test_bit(index, dst_p->data_state))
3568                         dst_p->data[index] = p->data[index];
3569         }
3570         rcu_read_unlock();
3571 }
3572
3573 static void neigh_proc_update(struct ctl_table *ctl, int write)
3574 {
3575         struct net_device *dev = ctl->extra1;
3576         struct neigh_parms *p = ctl->extra2;
3577         struct net *net = neigh_parms_net(p);
3578         int index = (int *) ctl->data - p->data;
3579
3580         if (!write)
3581                 return;
3582
3583         set_bit(index, p->data_state);
3584         if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3585                 call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
3586         if (!dev) /* NULL dev means this is default value */
3587                 neigh_copy_dflt_parms(net, p, index);
3588 }
3589
3590 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3591                                            void *buffer, size_t *lenp,
3592                                            loff_t *ppos)
3593 {
3594         struct ctl_table tmp = *ctl;
3595         int ret;
3596
3597         tmp.extra1 = SYSCTL_ZERO;
3598         tmp.extra2 = SYSCTL_INT_MAX;
3599
3600         ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3601         neigh_proc_update(ctl, write);
3602         return ret;
3603 }
3604
3605 static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write,
3606                                                    void *buffer, size_t *lenp, loff_t *ppos)
3607 {
3608         struct ctl_table tmp = *ctl;
3609         int ret;
3610
3611         int min = msecs_to_jiffies(1);
3612
3613         tmp.extra1 = &min;
3614         tmp.extra2 = NULL;
3615
3616         ret = proc_dointvec_ms_jiffies_minmax(&tmp, write, buffer, lenp, ppos);
3617         neigh_proc_update(ctl, write);
3618         return ret;
3619 }
3620
3621 int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3622                         size_t *lenp, loff_t *ppos)
3623 {
3624         int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3625
3626         neigh_proc_update(ctl, write);
3627         return ret;
3628 }
3629 EXPORT_SYMBOL(neigh_proc_dointvec);
3630
3631 int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3632                                 size_t *lenp, loff_t *ppos)
3633 {
3634         int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3635
3636         neigh_proc_update(ctl, write);
3637         return ret;
3638 }
3639 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3640
3641 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3642                                               void *buffer, size_t *lenp,
3643                                               loff_t *ppos)
3644 {
3645         int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3646
3647         neigh_proc_update(ctl, write);
3648         return ret;
3649 }
3650
3651 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3652                                    void *buffer, size_t *lenp, loff_t *ppos)
3653 {
3654         int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3655
3656         neigh_proc_update(ctl, write);
3657         return ret;
3658 }
3659 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3660
3661 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3662                                           void *buffer, size_t *lenp,
3663                                           loff_t *ppos)
3664 {
3665         int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3666
3667         neigh_proc_update(ctl, write);
3668         return ret;
3669 }
3670
3671 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3672                                           void *buffer, size_t *lenp,
3673                                           loff_t *ppos)
3674 {
3675         struct neigh_parms *p = ctl->extra2;
3676         int ret;
3677
3678         if (strcmp(ctl->procname, "base_reachable_time") == 0)
3679                 ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3680         else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3681                 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3682         else
3683                 ret = -1;
3684
3685         if (write && ret == 0) {
3686                 /* update reachable_time as well, otherwise, the change will
3687                  * only be effective after the next time neigh_periodic_work
3688                  * decides to recompute it
3689                  */
3690                 p->reachable_time =
3691                         neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3692         }
3693         return ret;
3694 }
3695
3696 #define NEIGH_PARMS_DATA_OFFSET(index)  \
3697         (&((struct neigh_parms *) 0)->data[index])
3698
3699 #define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3700         [NEIGH_VAR_ ## attr] = { \
3701                 .procname       = name, \
3702                 .data           = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3703                 .maxlen         = sizeof(int), \
3704                 .mode           = mval, \
3705                 .proc_handler   = proc, \
3706         }
3707
3708 #define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3709         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3710
3711 #define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3712         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3713
3714 #define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3715         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3716
3717 #define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3718         NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3719
3720 #define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3721         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3722
3723 #define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3724         NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3725
3726 static struct neigh_sysctl_table {
3727         struct ctl_table_header *sysctl_header;
3728         struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3729 } neigh_sysctl_template __read_mostly = {
3730         .neigh_vars = {
3731                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3732                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3733                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3734                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3735                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3736                 NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3737                 NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3738                 NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3739                                                        "interval_probe_time_ms"),
3740                 NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3741                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3742                 NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3743                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3744                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3745                 NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3746                 NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3747                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3748                 NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3749                 [NEIGH_VAR_GC_INTERVAL] = {
3750                         .procname       = "gc_interval",
3751                         .maxlen         = sizeof(int),
3752                         .mode           = 0644,
3753                         .proc_handler   = proc_dointvec_jiffies,
3754                 },
3755                 [NEIGH_VAR_GC_THRESH1] = {
3756                         .procname       = "gc_thresh1",
3757                         .maxlen         = sizeof(int),
3758                         .mode           = 0644,
3759                         .extra1         = SYSCTL_ZERO,
3760                         .extra2         = SYSCTL_INT_MAX,
3761                         .proc_handler   = proc_dointvec_minmax,
3762                 },
3763                 [NEIGH_VAR_GC_THRESH2] = {
3764                         .procname       = "gc_thresh2",
3765                         .maxlen         = sizeof(int),
3766                         .mode           = 0644,
3767                         .extra1         = SYSCTL_ZERO,
3768                         .extra2         = SYSCTL_INT_MAX,
3769                         .proc_handler   = proc_dointvec_minmax,
3770                 },
3771                 [NEIGH_VAR_GC_THRESH3] = {
3772                         .procname       = "gc_thresh3",
3773                         .maxlen         = sizeof(int),
3774                         .mode           = 0644,
3775                         .extra1         = SYSCTL_ZERO,
3776                         .extra2         = SYSCTL_INT_MAX,
3777                         .proc_handler   = proc_dointvec_minmax,
3778                 },
3779                 {},
3780         },
3781 };
3782
3783 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3784                           proc_handler *handler)
3785 {
3786         int i;
3787         struct neigh_sysctl_table *t;
3788         const char *dev_name_source;
3789         char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3790         char *p_name;
3791
3792         t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3793         if (!t)
3794                 goto err;
3795
3796         for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3797                 t->neigh_vars[i].data += (long) p;
3798                 t->neigh_vars[i].extra1 = dev;
3799                 t->neigh_vars[i].extra2 = p;
3800         }
3801
3802         if (dev) {
3803                 dev_name_source = dev->name;
3804                 /* Terminate the table early */
3805                 memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3806                        sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3807         } else {
3808                 struct neigh_table *tbl = p->tbl;
3809                 dev_name_source = "default";
3810                 t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3811                 t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3812                 t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3813                 t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3814         }
3815
3816         if (handler) {
3817                 /* RetransTime */
3818                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3819                 /* ReachableTime */
3820                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3821                 /* RetransTime (in milliseconds)*/
3822                 t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3823                 /* ReachableTime (in milliseconds) */
3824                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3825         } else {
3826                 /* Those handlers will update p->reachable_time after
3827                  * base_reachable_time(_ms) is set to ensure the new timer starts being
3828                  * applied after the next neighbour update instead of waiting for
3829                  * neigh_periodic_work to update its value (can be multiple minutes)
3830                  * So any handler that replaces them should do this as well
3831                  */
3832                 /* ReachableTime */
3833                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3834                         neigh_proc_base_reachable_time;
3835                 /* ReachableTime (in milliseconds) */
3836                 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3837                         neigh_proc_base_reachable_time;
3838         }
3839
3840         switch (neigh_parms_family(p)) {
3841         case AF_INET:
3842               p_name = "ipv4";
3843               break;
3844         case AF_INET6:
3845               p_name = "ipv6";
3846               break;
3847         default:
3848               BUG();
3849         }
3850
3851         snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
3852                 p_name, dev_name_source);
3853         t->sysctl_header =
3854                 register_net_sysctl(neigh_parms_net(p), neigh_path, t->neigh_vars);
3855         if (!t->sysctl_header)
3856                 goto free;
3857
3858         p->sysctl_table = t;
3859         return 0;
3860
3861 free:
3862         kfree(t);
3863 err:
3864         return -ENOBUFS;
3865 }
3866 EXPORT_SYMBOL(neigh_sysctl_register);
3867
3868 void neigh_sysctl_unregister(struct neigh_parms *p)
3869 {
3870         if (p->sysctl_table) {
3871                 struct neigh_sysctl_table *t = p->sysctl_table;
3872                 p->sysctl_table = NULL;
3873                 unregister_net_sysctl_table(t->sysctl_header);
3874                 kfree(t);
3875         }
3876 }
3877 EXPORT_SYMBOL(neigh_sysctl_unregister);
3878
3879 #endif  /* CONFIG_SYSCTL */
3880
3881 static int __init neigh_init(void)
3882 {
3883         rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3884         rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3885         rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3886
3887         rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3888                       0);
3889         rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, 0);
3890
3891         return 0;
3892 }
3893
3894 subsys_initcall(neigh_init);
Domain: System / Kernel;