1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Generic address resolution entity
4	*
5	* Authors:
6	* Pedro Roque <roque@di.fc.ul.pt>
7	* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8	*
9	* Fixes:
10	* Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11	* Harald Welte Add neighbour cache statistics like rtstat
12	*/
13
14	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16	#include <linux/slab.h>
17	#include <linux/types.h>
18	#include <linux/kernel.h>
19	#include <linux/module.h>
20	#include <linux/socket.h>
21	#include <linux/netdevice.h>
22	#include <linux/proc_fs.h>
23	#ifdef CONFIG_SYSCTL
24	#include <linux/sysctl.h>
25	#endif
26	#include <linux/times.h>
27	#include <net/net_namespace.h>
28	#include <net/neighbour.h>
29	#include <net/arp.h>
30	#include <net/dst.h>
31	#include <net/ip.h>
32	#include <net/sock.h>
33	#include <net/netevent.h>
34	#include <net/netlink.h>
35	#include <linux/rtnetlink.h>
36	#include <linux/random.h>
37	#include <linux/string.h>
38	#include <linux/log2.h>
39	#include <linux/inetdevice.h>
40	#include <net/addrconf.h>
41
42	#include <trace/events/neigh.h>
43
44	#define NEIGH_DEBUG 1
45	#define neigh_dbg(level, fmt, ...) \
46	do { \
47	if (level <= NEIGH_DEBUG) \
48	pr_debug(fmt, ##__VA_ARGS__); \
49	} while (0)
50
51	#define PNEIGH_HASHMASK 0xF
52
53	static void neigh_timer_handler(struct timer_list *t);
54	static void __neigh_notify(struct neighbour *n, int type, int flags,
55	u32 pid);
56	static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57	static void pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
58	bool skip_perm);
59
60	#ifdef CONFIG_PROC_FS
61	static const struct seq_operations neigh_stat_seq_ops;
62	#endif
63
64	static struct hlist_head *neigh_get_dev_table(struct net_device *dev, int family)
65	{
66	int i;
67
68	switch (family) {
69	default:
70	DEBUG_NET_WARN_ON_ONCE(1);
71	fallthrough; /* to avoid panic by null-ptr-deref */
72	case AF_INET:
73	i = NEIGH_ARP_TABLE;
74	break;
75	case AF_INET6:
76	i = NEIGH_ND_TABLE;
77	break;
78	}
79
80	return &dev->neighbours[i];
81	}
82
83	/*
84	Neighbour hash table buckets are protected with tbl->lock.
85
86	- All the scans/updates to hash buckets MUST be made under this lock.
87	- NOTHING clever should be made under this lock: no callbacks
88	to protocol backends, no attempts to send something to network.
89	It will result in deadlocks, if backend/driver wants to use neighbour
90	cache.
91	- If the entry requires some non-trivial actions, increase
92	its reference count and release table lock.
93
94	Neighbour entries are protected:
95	- with reference count.
96	- with rwlock neigh->lock
97
98	Reference count prevents destruction.
99
100	neigh->lock mainly serializes ll address data and its validity state.
101	However, the same lock is used to protect another entry fields:
102	- timer
103	- resolution queue
104
105	Again, nothing clever shall be made under neigh->lock,
106	the most complicated procedure, which we allow is dev->hard_header.
107	It is supposed, that dev->hard_header is simplistic and does
108	not make callbacks to neighbour tables.
109	*/
110
111	static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
112	{
113	kfree_skb(skb);
114	return -ENETDOWN;
115	}
116
117	static void neigh_cleanup_and_release(struct neighbour *neigh)
118	{
119	trace_neigh_cleanup_and_release(neigh, rc: 0);
120	__neigh_notify(n: neigh, RTM_DELNEIGH, flags: 0, pid: 0);
121	call_netevent_notifiers(val: NETEVENT_NEIGH_UPDATE, v: neigh);
122	neigh_release(neigh);
123	}
124
125	/*
126	* It is random distribution in the interval (1/2)*base...(3/2)*base.
127	* It corresponds to default IPv6 settings and is not overridable,
128	* because it is really reasonable choice.
129	*/
130
131	unsigned long neigh_rand_reach_time(unsigned long base)
132	{
133	return base ? get_random_u32_below(ceil: base) + (base >> 1) : 0;
134	}
135	EXPORT_SYMBOL(neigh_rand_reach_time);
136
137	static void neigh_mark_dead(struct neighbour *n)
138	{
139	n->dead = 1;
140	if (!list_empty(head: &n->gc_list)) {
141	list_del_init(entry: &n->gc_list);
142	atomic_dec(v: &n->tbl->gc_entries);
143	}
144	if (!list_empty(head: &n->managed_list))
145	list_del_init(entry: &n->managed_list);
146	}
147
148	static void neigh_update_gc_list(struct neighbour *n)
149	{
150	bool on_gc_list, exempt_from_gc;
151
152	spin_lock_bh(lock: &n->tbl->lock);
153	write_lock(&n->lock);
154	if (n->dead)
155	goto out;
156
157	/* remove from the gc list if new state is permanent or if neighbor is
158	* externally learned / validated; otherwise entry should be on the gc
159	* list
160	*/
161	exempt_from_gc = n->nud_state & NUD_PERMANENT ||
162	n->flags & (NTF_EXT_LEARNED | NTF_EXT_VALIDATED);
163	on_gc_list = !list_empty(head: &n->gc_list);
164
165	if (exempt_from_gc && on_gc_list) {
166	list_del_init(entry: &n->gc_list);
167	atomic_dec(v: &n->tbl->gc_entries);
168	} else if (!exempt_from_gc && !on_gc_list) {
169	/* add entries to the tail; cleaning removes from the front */
170	list_add_tail(new: &n->gc_list, head: &n->tbl->gc_list);
171	atomic_inc(v: &n->tbl->gc_entries);
172	}
173	out:
174	write_unlock(&n->lock);
175	spin_unlock_bh(lock: &n->tbl->lock);
176	}
177
178	static void neigh_update_managed_list(struct neighbour *n)
179	{
180	bool on_managed_list, add_to_managed;
181
182	spin_lock_bh(lock: &n->tbl->lock);
183	write_lock(&n->lock);
184	if (n->dead)
185	goto out;
186
187	add_to_managed = n->flags & NTF_MANAGED;
188	on_managed_list = !list_empty(head: &n->managed_list);
189
190	if (!add_to_managed && on_managed_list)
191	list_del_init(entry: &n->managed_list);
192	else if (add_to_managed && !on_managed_list)
193	list_add_tail(new: &n->managed_list, head: &n->tbl->managed_list);
194	out:
195	write_unlock(&n->lock);
196	spin_unlock_bh(lock: &n->tbl->lock);
197	}
198
199	static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
200	bool *gc_update, bool *managed_update)
201	{
202	u32 ndm_flags, old_flags = neigh->flags;
203
204	if (!(flags & NEIGH_UPDATE_F_ADMIN))
205	return;
206
207	ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
208	ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
209	ndm_flags |= (flags & NEIGH_UPDATE_F_EXT_VALIDATED) ? NTF_EXT_VALIDATED : 0;
210
211	if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
212	if (ndm_flags & NTF_EXT_LEARNED)
213	neigh->flags |= NTF_EXT_LEARNED;
214	else
215	neigh->flags &= ~NTF_EXT_LEARNED;
216	*notify = 1;
217	*gc_update = true;
218	}
219	if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
220	if (ndm_flags & NTF_MANAGED)
221	neigh->flags |= NTF_MANAGED;
222	else
223	neigh->flags &= ~NTF_MANAGED;
224	*notify = 1;
225	*managed_update = true;
226	}
227	if ((old_flags ^ ndm_flags) & NTF_EXT_VALIDATED) {
228	if (ndm_flags & NTF_EXT_VALIDATED)
229	neigh->flags |= NTF_EXT_VALIDATED;
230	else
231	neigh->flags &= ~NTF_EXT_VALIDATED;
232	*notify = 1;
233	*gc_update = true;
234	}
235	}
236
237	bool neigh_remove_one(struct neighbour *n)
238	{
239	bool retval = false;
240
241	write_lock(&n->lock);
242	if (refcount_read(r: &n->refcnt) == 1) {
243	hlist_del_rcu(n: &n->hash);
244	hlist_del_rcu(n: &n->dev_list);
245	neigh_mark_dead(n);
246	retval = true;
247	}
248	write_unlock(&n->lock);
249	if (retval)
250	neigh_cleanup_and_release(neigh: n);
251	return retval;
252	}
253
254	static int neigh_forced_gc(struct neigh_table *tbl)
255	{
256	int max_clean = atomic_read(v: &tbl->gc_entries) -
257	READ_ONCE(tbl->gc_thresh2);
258	u64 tmax = ktime_get_ns() + NSEC_PER_MSEC;
259	unsigned long tref = jiffies - 5 * HZ;
260	struct neighbour *n, *tmp;
261	int shrunk = 0;
262	int loop = 0;
263
264	NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
265
266	spin_lock_bh(lock: &tbl->lock);
267
268	list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
269	if (refcount_read(r: &n->refcnt) == 1) {
270	bool remove = false;
271
272	write_lock(&n->lock);
273	if ((n->nud_state == NUD_FAILED) ||
274	(n->nud_state == NUD_NOARP) ||
275	(tbl->is_multicast &&
276	tbl->is_multicast(n->primary_key)) ||
277	!time_in_range(n->updated, tref, jiffies))
278	remove = true;
279	write_unlock(&n->lock);
280
281	if (remove && neigh_remove_one(n))
282	shrunk++;
283	if (shrunk >= max_clean)
284	break;
285	if (++loop == 16) {
286	if (ktime_get_ns() > tmax)
287	goto unlock;
288	loop = 0;
289	}
290	}
291	}
292
293	WRITE_ONCE(tbl->last_flush, jiffies);
294	unlock:
295	spin_unlock_bh(lock: &tbl->lock);
296
297	return shrunk;
298	}
299
300	static void neigh_add_timer(struct neighbour *n, unsigned long when)
301	{
302	/* Use safe distance from the jiffies - LONG_MAX point while timer
303	* is running in DELAY/PROBE state but still show to user space
304	* large times in the past.
305	*/
306	unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
307
308	neigh_hold(n);
309	if (!time_in_range(n->confirmed, mint, jiffies))
310	n->confirmed = mint;
311	if (time_before(n->used, n->confirmed))
312	n->used = n->confirmed;
313	if (unlikely(mod_timer(&n->timer, when))) {
314	printk("NEIGH: BUG, double timer add, state is %x\n",
315	n->nud_state);
316	dump_stack();
317	}
318	}
319
320	static int neigh_del_timer(struct neighbour *n)
321	{
322	if ((n->nud_state & NUD_IN_TIMER) &&
323	timer_delete(timer: &n->timer)) {
324	neigh_release(neigh: n);
325	return 1;
326	}
327	return 0;
328	}
329
330	static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
331	int family)
332	{
333	switch (family) {
334	case AF_INET:
335	return __in_dev_arp_parms_get_rcu(dev);
336	case AF_INET6:
337	return __in6_dev_nd_parms_get_rcu(dev);
338	}
339	return NULL;
340	}
341
342	static void neigh_parms_qlen_dec(struct net_device *dev, int family)
343	{
344	struct neigh_parms *p;
345
346	rcu_read_lock();
347	p = neigh_get_dev_parms_rcu(dev, family);
348	if (p)
349	p->qlen--;
350	rcu_read_unlock();
351	}
352
353	static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
354	int family)
355	{
356	struct sk_buff_head tmp;
357	unsigned long flags;
358	struct sk_buff *skb;
359
360	skb_queue_head_init(list: &tmp);
361	spin_lock_irqsave(&list->lock, flags);
362	skb = skb_peek(list_: list);
363	while (skb != NULL) {
364	struct sk_buff *skb_next = skb_peek_next(skb, list_: list);
365	struct net_device *dev = skb->dev;
366
367	if (net == NULL || net_eq(net1: dev_net(dev), net2: net)) {
368	neigh_parms_qlen_dec(dev, family);
369	__skb_unlink(skb, list);
370	__skb_queue_tail(list: &tmp, newsk: skb);
371	}
372	skb = skb_next;
373	}
374	spin_unlock_irqrestore(lock: &list->lock, flags);
375
376	while ((skb = __skb_dequeue(list: &tmp))) {
377	dev_put(dev: skb->dev);
378	kfree_skb(skb);
379	}
380	}
381
382	static void neigh_flush_one(struct neighbour *n)
383	{
384	hlist_del_rcu(n: &n->hash);
385	hlist_del_rcu(n: &n->dev_list);
386
387	write_lock(&n->lock);
388
389	neigh_del_timer(n);
390	neigh_mark_dead(n);
391
392	if (refcount_read(r: &n->refcnt) != 1) {
393	/* The most unpleasant situation.
394	* We must destroy neighbour entry,
395	* but someone still uses it.
396	*
397	* The destroy will be delayed until
398	* the last user releases us, but
399	* we must kill timers etc. and move
400	* it to safe state.
401	*/
402	__skb_queue_purge(list: &n->arp_queue);
403	n->arp_queue_len_bytes = 0;
404	WRITE_ONCE(n->output, neigh_blackhole);
405
406	if (n->nud_state & NUD_VALID)
407	n->nud_state = NUD_NOARP;
408	else
409	n->nud_state = NUD_NONE;
410
411	neigh_dbg(2, "neigh %p is stray\n", n);
412	}
413
414	write_unlock(&n->lock);
415
416	neigh_cleanup_and_release(neigh: n);
417	}
418
419	static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
420	bool skip_perm)
421	{
422	struct hlist_head *dev_head;
423	struct hlist_node *tmp;
424	struct neighbour *n;
425
426	dev_head = neigh_get_dev_table(dev, family: tbl->family);
427
428	hlist_for_each_entry_safe(n, tmp, dev_head, dev_list) {
429	if (skip_perm &&
430	(n->nud_state & NUD_PERMANENT ||
431	n->flags & NTF_EXT_VALIDATED))
432	continue;
433
434	neigh_flush_one(n);
435	}
436	}
437
438	static void neigh_flush_table(struct neigh_table *tbl)
439	{
440	struct neigh_hash_table *nht;
441	int i;
442
443	nht = rcu_dereference_protected(tbl->nht,
444	lockdep_is_held(&tbl->lock));
445
446	for (i = 0; i < (1 << nht->hash_shift); i++) {
447	struct hlist_node *tmp;
448	struct neighbour *n;
449
450	neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i])
451	neigh_flush_one(n);
452	}
453	}
454
455	void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
456	{
457	spin_lock_bh(lock: &tbl->lock);
458	neigh_flush_dev(tbl, dev, skip_perm: false);
459	spin_unlock_bh(lock: &tbl->lock);
460	}
461	EXPORT_SYMBOL(neigh_changeaddr);
462
463	static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
464	bool skip_perm)
465	{
466	spin_lock_bh(lock: &tbl->lock);
467	if (likely(dev)) {
468	neigh_flush_dev(tbl, dev, skip_perm);
469	} else {
470	DEBUG_NET_WARN_ON_ONCE(skip_perm);
471	neigh_flush_table(tbl);
472	}
473	spin_unlock_bh(lock: &tbl->lock);
474
475	pneigh_ifdown(tbl, dev, skip_perm);
476	pneigh_queue_purge(list: &tbl->proxy_queue, net: dev ? dev_net(dev) : NULL,
477	family: tbl->family);
478	if (skb_queue_empty_lockless(list: &tbl->proxy_queue))
479	timer_delete_sync(timer: &tbl->proxy_timer);
480	return 0;
481	}
482
483	int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
484	{
485	__neigh_ifdown(tbl, dev, skip_perm: true);
486	return 0;
487	}
488	EXPORT_SYMBOL(neigh_carrier_down);
489
490	int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
491	{
492	__neigh_ifdown(tbl, dev, skip_perm: false);
493	return 0;
494	}
495	EXPORT_SYMBOL(neigh_ifdown);
496
497	static struct neighbour *neigh_alloc(struct neigh_table *tbl,
498	struct net_device *dev,
499	u32 flags, bool exempt_from_gc)
500	{
501	struct neighbour *n = NULL;
502	unsigned long now = jiffies;
503	int entries, gc_thresh3;
504
505	if (exempt_from_gc)
506	goto do_alloc;
507
508	entries = atomic_inc_return(v: &tbl->gc_entries) - 1;
509	gc_thresh3 = READ_ONCE(tbl->gc_thresh3);
510	if (entries >= gc_thresh3 ||
511	(entries >= READ_ONCE(tbl->gc_thresh2) &&
512	time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) {
513	if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) {
514	net_info_ratelimited("%s: neighbor table overflow!\n",
515	tbl->id);
516	NEIGH_CACHE_STAT_INC(tbl, table_fulls);
517	goto out_entries;
518	}
519	}
520
521	do_alloc:
522	n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
523	if (!n)
524	goto out_entries;
525
526	__skb_queue_head_init(list: &n->arp_queue);
527	rwlock_init(&n->lock);
528	seqlock_init(&n->ha_lock);
529	n->updated = n->used = now;
530	n->nud_state = NUD_NONE;
531	n->output = neigh_blackhole;
532	n->flags = flags;
533	seqlock_init(&n->hh.hh_lock);
534	n->parms = neigh_parms_clone(parms: &tbl->parms);
535	timer_setup(&n->timer, neigh_timer_handler, 0);
536
537	NEIGH_CACHE_STAT_INC(tbl, allocs);
538	n->tbl = tbl;
539	refcount_set(r: &n->refcnt, n: 1);
540	n->dead = 1;
541	INIT_LIST_HEAD(list: &n->gc_list);
542	INIT_LIST_HEAD(list: &n->managed_list);
543
544	atomic_inc(v: &tbl->entries);
545	out:
546	return n;
547
548	out_entries:
549	if (!exempt_from_gc)
550	atomic_dec(v: &tbl->gc_entries);
551	goto out;
552	}
553
554	static void neigh_get_hash_rnd(u32 *x)
555	{
556	*x = get_random_u32() | 1;
557	}
558
559	static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
560	{
561	size_t size = (1 << shift) * sizeof(struct hlist_head);
562	struct hlist_head *hash_heads;
563	struct neigh_hash_table *ret;
564	int i;
565
566	ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
567	if (!ret)
568	return NULL;
569
570	hash_heads = kzalloc(size, GFP_ATOMIC);
571	if (!hash_heads) {
572	kfree(objp: ret);
573	return NULL;
574	}
575	ret->hash_heads = hash_heads;
576	ret->hash_shift = shift;
577	for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
578	neigh_get_hash_rnd(x: &ret->hash_rnd[i]);
579	return ret;
580	}
581
582	static void neigh_hash_free_rcu(struct rcu_head *head)
583	{
584	struct neigh_hash_table *nht = container_of(head,
585	struct neigh_hash_table,
586	rcu);
587
588	kfree(objp: nht->hash_heads);
589	kfree(objp: nht);
590	}
591
592	static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
593	unsigned long new_shift)
594	{
595	unsigned int i, hash;
596	struct neigh_hash_table *new_nht, *old_nht;
597
598	NEIGH_CACHE_STAT_INC(tbl, hash_grows);
599
600	old_nht = rcu_dereference_protected(tbl->nht,
601	lockdep_is_held(&tbl->lock));
602	new_nht = neigh_hash_alloc(shift: new_shift);
603	if (!new_nht)
604	return old_nht;
605
606	for (i = 0; i < (1 << old_nht->hash_shift); i++) {
607	struct hlist_node *tmp;
608	struct neighbour *n;
609
610	neigh_for_each_in_bucket_safe(n, tmp, &old_nht->hash_heads[i]) {
611	hash = tbl->hash(n->primary_key, n->dev,
612	new_nht->hash_rnd);
613
614	hash >>= (32 - new_nht->hash_shift);
615
616	hlist_del_rcu(n: &n->hash);
617	hlist_add_head_rcu(n: &n->hash, h: &new_nht->hash_heads[hash]);
618	}
619	}
620
621	rcu_assign_pointer(tbl->nht, new_nht);
622	call_rcu(head: &old_nht->rcu, func: neigh_hash_free_rcu);
623	return new_nht;
624	}
625
626	struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
627	struct net_device *dev)
628	{
629	struct neighbour *n;
630
631	NEIGH_CACHE_STAT_INC(tbl, lookups);
632
633	rcu_read_lock();
634	n = __neigh_lookup_noref(tbl, pkey, dev);
635	if (n) {
636	if (!refcount_inc_not_zero(r: &n->refcnt))
637	n = NULL;
638	NEIGH_CACHE_STAT_INC(tbl, hits);
639	}
640
641	rcu_read_unlock();
642	return n;
643	}
644	EXPORT_SYMBOL(neigh_lookup);
645
646	static struct neighbour *
647	___neigh_create(struct neigh_table *tbl, const void *pkey,
648	struct net_device *dev, u32 flags,
649	bool exempt_from_gc, bool want_ref)
650	{
651	u32 hash_val, key_len = tbl->key_len;
652	struct neighbour *n1, *rc, *n;
653	struct neigh_hash_table *nht;
654	int error;
655
656	n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
657	trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
658	if (!n) {
659	rc = ERR_PTR(error: -ENOBUFS);
660	goto out;
661	}
662
663	memcpy(n->primary_key, pkey, key_len);
664	n->dev = dev;
665	netdev_hold(dev, tracker: &n->dev_tracker, GFP_ATOMIC);
666
667	/* Protocol specific setup. */
668	if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
669	rc = ERR_PTR(error);
670	goto out_neigh_release;
671	}
672
673	if (dev->netdev_ops->ndo_neigh_construct) {
674	error = dev->netdev_ops->ndo_neigh_construct(dev, n);
675	if (error < 0) {
676	rc = ERR_PTR(error);
677	goto out_neigh_release;
678	}
679	}
680
681	/* Device specific setup. */
682	if (n->parms->neigh_setup &&
683	(error = n->parms->neigh_setup(n)) < 0) {
684	rc = ERR_PTR(error);
685	goto out_neigh_release;
686	}
687
688	n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
689
690	spin_lock_bh(lock: &tbl->lock);
691	nht = rcu_dereference_protected(tbl->nht,
692	lockdep_is_held(&tbl->lock));
693
694	if (atomic_read(v: &tbl->entries) > (1 << nht->hash_shift))
695	nht = neigh_hash_grow(tbl, new_shift: nht->hash_shift + 1);
696
697	hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
698
699	if (n->parms->dead) {
700	rc = ERR_PTR(error: -EINVAL);
701	goto out_tbl_unlock;
702	}
703
704	neigh_for_each_in_bucket(n1, &nht->hash_heads[hash_val]) {
705	if (dev == n1->dev && !memcmp(p: n1->primary_key, q: n->primary_key, size: key_len)) {
706	if (want_ref)
707	neigh_hold(n1);
708	rc = n1;
709	goto out_tbl_unlock;
710	}
711	}
712
713	n->dead = 0;
714	if (!exempt_from_gc)
715	list_add_tail(new: &n->gc_list, head: &n->tbl->gc_list);
716	if (n->flags & NTF_MANAGED)
717	list_add_tail(new: &n->managed_list, head: &n->tbl->managed_list);
718	if (want_ref)
719	neigh_hold(n);
720	hlist_add_head_rcu(n: &n->hash, h: &nht->hash_heads[hash_val]);
721
722	hlist_add_head_rcu(n: &n->dev_list,
723	h: neigh_get_dev_table(dev, family: tbl->family));
724
725	spin_unlock_bh(lock: &tbl->lock);
726	neigh_dbg(2, "neigh %p is created\n", n);
727	rc = n;
728	out:
729	return rc;
730	out_tbl_unlock:
731	spin_unlock_bh(lock: &tbl->lock);
732	out_neigh_release:
733	if (!exempt_from_gc)
734	atomic_dec(v: &tbl->gc_entries);
735	neigh_release(neigh: n);
736	goto out;
737	}
738
739	struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
740	struct net_device *dev, bool want_ref)
741	{
742	bool exempt_from_gc = !!(dev->flags & IFF_LOOPBACK);
743
744	return ___neigh_create(tbl, pkey, dev, flags: 0, exempt_from_gc, want_ref);
745	}
746	EXPORT_SYMBOL(__neigh_create);
747
748	static u32 pneigh_hash(const void *pkey, unsigned int key_len)
749	{
750	u32 hash_val = *(u32 *)(pkey + key_len - 4);
751	hash_val ^= (hash_val >> 16);
752	hash_val ^= hash_val >> 8;
753	hash_val ^= hash_val >> 4;
754	hash_val &= PNEIGH_HASHMASK;
755	return hash_val;
756	}
757
758	struct pneigh_entry *pneigh_lookup(struct neigh_table *tbl,
759	struct net *net, const void *pkey,
760	struct net_device *dev)
761	{
762	struct pneigh_entry *n;
763	unsigned int key_len;
764	u32 hash_val;
765
766	key_len = tbl->key_len;
767	hash_val = pneigh_hash(pkey, key_len);
768	n = rcu_dereference_check(tbl->phash_buckets[hash_val],
769	lockdep_is_held(&tbl->phash_lock));
770
771	while (n) {
772	if (!memcmp(p: n->key, q: pkey, size: key_len) &&
773	net_eq(net1: pneigh_net(pneigh: n), net2: net) &&
774	(n->dev == dev || !n->dev))
775	return n;
776
777	n = rcu_dereference_check(n->next, lockdep_is_held(&tbl->phash_lock));
778	}
779
780	return NULL;
781	}
782	EXPORT_IPV6_MOD(pneigh_lookup);
783
784	int pneigh_create(struct neigh_table *tbl, struct net *net,
785	const void *pkey, struct net_device *dev,
786	u32 flags, u8 protocol, bool permanent)
787	{
788	struct pneigh_entry *n;
789	unsigned int key_len;
790	u32 hash_val;
791	int err = 0;
792
793	mutex_lock(&tbl->phash_lock);
794
795	n = pneigh_lookup(tbl, net, pkey, dev);
796	if (n)
797	goto update;
798
799	key_len = tbl->key_len;
800	n = kzalloc(sizeof(*n) + key_len, GFP_KERNEL);
801	if (!n) {
802	err = -ENOBUFS;
803	goto out;
804	}
805
806	write_pnet(pnet: &n->net, net);
807	memcpy(n->key, pkey, key_len);
808	n->dev = dev;
809	netdev_hold(dev, tracker: &n->dev_tracker, GFP_KERNEL);
810
811	if (tbl->pconstructor && tbl->pconstructor(n)) {
812	netdev_put(dev, tracker: &n->dev_tracker);
813	kfree(objp: n);
814	err = -ENOBUFS;
815	goto out;
816	}
817
818	hash_val = pneigh_hash(pkey, key_len);
819	n->next = tbl->phash_buckets[hash_val];
820	rcu_assign_pointer(tbl->phash_buckets[hash_val], n);
821	update:
822	WRITE_ONCE(n->flags, flags);
823	n->permanent = permanent;
824	WRITE_ONCE(n->protocol, protocol);
825	out:
826	mutex_unlock(lock: &tbl->phash_lock);
827	return err;
828	}
829
830	static void pneigh_destroy(struct rcu_head *rcu)
831	{
832	struct pneigh_entry *n = container_of(rcu, struct pneigh_entry, rcu);
833
834	netdev_put(dev: n->dev, tracker: &n->dev_tracker);
835	kfree(objp: n);
836	}
837
838	int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
839	struct net_device *dev)
840	{
841	struct pneigh_entry *n, __rcu **np;
842	unsigned int key_len;
843	u32 hash_val;
844
845	key_len = tbl->key_len;
846	hash_val = pneigh_hash(pkey, key_len);
847
848	mutex_lock(&tbl->phash_lock);
849
850	for (np = &tbl->phash_buckets[hash_val];
851	(n = rcu_dereference_protected(*np, 1)) != NULL;
852	np = &n->next) {
853	if (!memcmp(p: n->key, q: pkey, size: key_len) && n->dev == dev &&
854	net_eq(net1: pneigh_net(pneigh: n), net2: net)) {
855	rcu_assign_pointer(*np, n->next);
856
857	mutex_unlock(lock: &tbl->phash_lock);
858
859	if (tbl->pdestructor)
860	tbl->pdestructor(n);
861
862	call_rcu(head: &n->rcu, func: pneigh_destroy);
863	return 0;
864	}
865	}
866
867	mutex_unlock(lock: &tbl->phash_lock);
868	return -ENOENT;
869	}
870
871	static void pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
872	bool skip_perm)
873	{
874	struct pneigh_entry *n, __rcu **np;
875	LIST_HEAD(head);
876	u32 h;
877
878	mutex_lock(&tbl->phash_lock);
879
880	for (h = 0; h <= PNEIGH_HASHMASK; h++) {
881	np = &tbl->phash_buckets[h];
882	while ((n = rcu_dereference_protected(*np, 1)) != NULL) {
883	if (skip_perm && n->permanent)
884	goto skip;
885	if (!dev || n->dev == dev) {
886	rcu_assign_pointer(*np, n->next);
887	list_add(new: &n->free_node, head: &head);
888	continue;
889	}
890	skip:
891	np = &n->next;
892	}
893	}
894
895	mutex_unlock(lock: &tbl->phash_lock);
896
897	while (!list_empty(head: &head)) {
898	n = list_first_entry(&head, typeof(*n), free_node);
899	list_del(entry: &n->free_node);
900
901	if (tbl->pdestructor)
902	tbl->pdestructor(n);
903
904	call_rcu(head: &n->rcu, func: pneigh_destroy);
905	}
906	}
907
908	static inline void neigh_parms_put(struct neigh_parms *parms)
909	{
910	if (refcount_dec_and_test(r: &parms->refcnt))
911	kfree(objp: parms);
912	}
913
914	/*
915	* neighbour must already be out of the table;
916	*
917	*/
918	void neigh_destroy(struct neighbour *neigh)
919	{
920	struct net_device *dev = neigh->dev;
921
922	NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
923
924	if (!neigh->dead) {
925	pr_warn("Destroying alive neighbour %p\n", neigh);
926	dump_stack();
927	return;
928	}
929
930	if (neigh_del_timer(n: neigh))
931	pr_warn("Impossible event\n");
932
933	write_lock_bh(&neigh->lock);
934	__skb_queue_purge(list: &neigh->arp_queue);
935	write_unlock_bh(&neigh->lock);
936	neigh->arp_queue_len_bytes = 0;
937
938	if (dev->netdev_ops->ndo_neigh_destroy)
939	dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
940
941	netdev_put(dev, tracker: &neigh->dev_tracker);
942	neigh_parms_put(parms: neigh->parms);
943
944	neigh_dbg(2, "neigh %p is destroyed\n", neigh);
945
946	atomic_dec(v: &neigh->tbl->entries);
947	kfree_rcu(neigh, rcu);
948	}
949	EXPORT_SYMBOL(neigh_destroy);
950
951	/* Neighbour state is suspicious;
952	disable fast path.
953
954	Called with write_locked neigh.
955	*/
956	static void neigh_suspect(struct neighbour *neigh)
957	{
958	neigh_dbg(2, "neigh %p is suspected\n", neigh);
959
960	WRITE_ONCE(neigh->output, neigh->ops->output);
961	}
962
963	/* Neighbour state is OK;
964	enable fast path.
965
966	Called with write_locked neigh.
967	*/
968	static void neigh_connect(struct neighbour *neigh)
969	{
970	neigh_dbg(2, "neigh %p is connected\n", neigh);
971
972	WRITE_ONCE(neigh->output, neigh->ops->connected_output);
973	}
974
975	static void neigh_periodic_work(struct work_struct *work)
976	{
977	struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
978	struct neigh_hash_table *nht;
979	struct hlist_node *tmp;
980	struct neighbour *n;
981	unsigned int i;
982
983	NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
984
985	spin_lock_bh(lock: &tbl->lock);
986	nht = rcu_dereference_protected(tbl->nht,
987	lockdep_is_held(&tbl->lock));
988
989	/*
990	* periodically recompute ReachableTime from random function
991	*/
992
993	if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
994	struct neigh_parms *p;
995
996	WRITE_ONCE(tbl->last_rand, jiffies);
997	list_for_each_entry(p, &tbl->parms_list, list)
998	neigh_set_reach_time(p);
999	}
1000
1001	if (atomic_read(v: &tbl->entries) < READ_ONCE(tbl->gc_thresh1))
1002	goto out;
1003
1004	for (i = 0 ; i < (1 << nht->hash_shift); i++) {
1005	neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[i]) {
1006	unsigned int state;
1007
1008	write_lock(&n->lock);
1009
1010	state = n->nud_state;
1011	if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
1012	(n->flags &
1013	(NTF_EXT_LEARNED | NTF_EXT_VALIDATED))) {
1014	write_unlock(&n->lock);
1015	continue;
1016	}
1017
1018	if (time_before(n->used, n->confirmed) &&
1019	time_is_before_eq_jiffies(n->confirmed))
1020	n->used = n->confirmed;
1021
1022	if (refcount_read(r: &n->refcnt) == 1 &&
1023	(state == NUD_FAILED ||
1024	!time_in_range_open(jiffies, n->used,
1025	n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
1026	hlist_del_rcu(n: &n->hash);
1027	hlist_del_rcu(n: &n->dev_list);
1028	neigh_mark_dead(n);
1029	write_unlock(&n->lock);
1030	neigh_cleanup_and_release(neigh: n);
1031	continue;
1032	}
1033	write_unlock(&n->lock);
1034	}
1035	/*
1036	* It's fine to release lock here, even if hash table
1037	* grows while we are preempted.
1038	*/
1039	spin_unlock_bh(lock: &tbl->lock);
1040	cond_resched();
1041	spin_lock_bh(lock: &tbl->lock);
1042	nht = rcu_dereference_protected(tbl->nht,
1043	lockdep_is_held(&tbl->lock));
1044	}
1045	out:
1046	/* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1047	* ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1048	* BASE_REACHABLE_TIME.
1049	*/
1050	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->gc_work,
1051	NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1052	spin_unlock_bh(lock: &tbl->lock);
1053	}
1054
1055	static __inline__ int neigh_max_probes(struct neighbour *n)
1056	{
1057	struct neigh_parms *p = n->parms;
1058	return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1059	(n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1060	NEIGH_VAR(p, MCAST_PROBES));
1061	}
1062
1063	static void neigh_invalidate(struct neighbour *neigh)
1064	__releases(neigh->lock)
1065	__acquires(neigh->lock)
1066	{
1067	struct sk_buff *skb;
1068
1069	NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1070	neigh_dbg(2, "neigh %p is failed\n", neigh);
1071	neigh->updated = jiffies;
1072
1073	/* It is very thin place. report_unreachable is very complicated
1074	routine. Particularly, it can hit the same neighbour entry!
1075
1076	So that, we try to be accurate and avoid dead loop. --ANK
1077	*/
1078	while (neigh->nud_state == NUD_FAILED &&
1079	(skb = __skb_dequeue(list: &neigh->arp_queue)) != NULL) {
1080	write_unlock(&neigh->lock);
1081	neigh->ops->error_report(neigh, skb);
1082	write_lock(&neigh->lock);
1083	}
1084	__skb_queue_purge(list: &neigh->arp_queue);
1085	neigh->arp_queue_len_bytes = 0;
1086	}
1087
1088	static void neigh_probe(struct neighbour *neigh)
1089	__releases(neigh->lock)
1090	{
1091	struct sk_buff *skb = skb_peek_tail(list_: &neigh->arp_queue);
1092	/* keep skb alive even if arp_queue overflows */
1093	if (skb)
1094	skb = skb_clone(skb, GFP_ATOMIC);
1095	write_unlock(&neigh->lock);
1096	if (neigh->ops->solicit)
1097	neigh->ops->solicit(neigh, skb);
1098	atomic_inc(v: &neigh->probes);
1099	consume_skb(skb);
1100	}
1101
1102	/* Called when a timer expires for a neighbour entry. */
1103
1104	static void neigh_timer_handler(struct timer_list *t)
1105	{
1106	unsigned long now, next;
1107	struct neighbour *neigh = timer_container_of(neigh, t, timer);
1108	unsigned int state;
1109	int notify = 0;
1110
1111	write_lock(&neigh->lock);
1112
1113	state = neigh->nud_state;
1114	now = jiffies;
1115	next = now + HZ;
1116
1117	if (!(state & NUD_IN_TIMER))
1118	goto out;
1119
1120	if (state & NUD_REACHABLE) {
1121	if (time_before_eq(now,
1122	neigh->confirmed + neigh->parms->reachable_time)) {
1123	neigh_dbg(2, "neigh %p is still alive\n", neigh);
1124	next = neigh->confirmed + neigh->parms->reachable_time;
1125	} else if (time_before_eq(now,
1126	neigh->used +
1127	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1128	neigh_dbg(2, "neigh %p is delayed\n", neigh);
1129	WRITE_ONCE(neigh->nud_state, NUD_DELAY);
1130	neigh->updated = jiffies;
1131	neigh_suspect(neigh);
1132	next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1133	} else {
1134	neigh_dbg(2, "neigh %p is suspected\n", neigh);
1135	WRITE_ONCE(neigh->nud_state, NUD_STALE);
1136	neigh->updated = jiffies;
1137	neigh_suspect(neigh);
1138	notify = 1;
1139	}
1140	} else if (state & NUD_DELAY) {
1141	if (time_before_eq(now,
1142	neigh->confirmed +
1143	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1144	neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1145	WRITE_ONCE(neigh->nud_state, NUD_REACHABLE);
1146	neigh->updated = jiffies;
1147	neigh_connect(neigh);
1148	notify = 1;
1149	next = neigh->confirmed + neigh->parms->reachable_time;
1150	} else {
1151	neigh_dbg(2, "neigh %p is probed\n", neigh);
1152	WRITE_ONCE(neigh->nud_state, NUD_PROBE);
1153	neigh->updated = jiffies;
1154	atomic_set(v: &neigh->probes, i: 0);
1155	notify = 1;
1156	next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1157	HZ/100);
1158	}
1159	} else {
1160	/* NUD_PROBE|NUD_INCOMPLETE */
1161	next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1162	}
1163
1164	if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1165	atomic_read(v: &neigh->probes) >= neigh_max_probes(n: neigh)) {
1166	if (neigh->nud_state == NUD_PROBE &&
1167	neigh->flags & NTF_EXT_VALIDATED) {
1168	WRITE_ONCE(neigh->nud_state, NUD_STALE);
1169	neigh->updated = jiffies;
1170	} else {
1171	WRITE_ONCE(neigh->nud_state, NUD_FAILED);
1172	neigh_invalidate(neigh);
1173	}
1174	notify = 1;
1175	goto out;
1176	}
1177
1178	if (neigh->nud_state & NUD_IN_TIMER) {
1179	if (time_before(next, jiffies + HZ/100))
1180	next = jiffies + HZ/100;
1181	if (!mod_timer(timer: &neigh->timer, expires: next))
1182	neigh_hold(neigh);
1183	}
1184	if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1185	neigh_probe(neigh);
1186	} else {
1187	out:
1188	write_unlock(&neigh->lock);
1189	}
1190
1191	if (notify)
1192	neigh_update_notify(neigh, nlmsg_pid: 0);
1193
1194	trace_neigh_timer_handler(neigh, err: 0);
1195
1196	neigh_release(neigh);
1197	}
1198
1199	int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1200	const bool immediate_ok)
1201	{
1202	int rc;
1203	bool immediate_probe = false;
1204
1205	write_lock_bh(&neigh->lock);
1206
1207	rc = 0;
1208	if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1209	goto out_unlock_bh;
1210	if (neigh->dead)
1211	goto out_dead;
1212
1213	if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1214	if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1215	NEIGH_VAR(neigh->parms, APP_PROBES)) {
1216	unsigned long next, now = jiffies;
1217
1218	atomic_set(v: &neigh->probes,
1219	NEIGH_VAR(neigh->parms, UCAST_PROBES));
1220	neigh_del_timer(n: neigh);
1221	WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE);
1222	neigh->updated = now;
1223	if (!immediate_ok) {
1224	next = now + 1;
1225	} else {
1226	immediate_probe = true;
1227	next = now + max(NEIGH_VAR(neigh->parms,
1228	RETRANS_TIME),
1229	HZ / 100);
1230	}
1231	neigh_add_timer(n: neigh, when: next);
1232	} else {
1233	WRITE_ONCE(neigh->nud_state, NUD_FAILED);
1234	neigh->updated = jiffies;
1235	write_unlock_bh(&neigh->lock);
1236
1237	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_FAILED);
1238	return 1;
1239	}
1240	} else if (neigh->nud_state & NUD_STALE) {
1241	neigh_dbg(2, "neigh %p is delayed\n", neigh);
1242	neigh_del_timer(n: neigh);
1243	WRITE_ONCE(neigh->nud_state, NUD_DELAY);
1244	neigh->updated = jiffies;
1245	neigh_add_timer(n: neigh, when: jiffies +
1246	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1247	}
1248
1249	if (neigh->nud_state == NUD_INCOMPLETE) {
1250	if (skb) {
1251	while (neigh->arp_queue_len_bytes + skb->truesize >
1252	NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1253	struct sk_buff *buff;
1254
1255	buff = __skb_dequeue(list: &neigh->arp_queue);
1256	if (!buff)
1257	break;
1258	neigh->arp_queue_len_bytes -= buff->truesize;
1259	kfree_skb_reason(skb: buff, reason: SKB_DROP_REASON_NEIGH_QUEUEFULL);
1260	NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1261	}
1262	skb_dst_force(skb);
1263	__skb_queue_tail(list: &neigh->arp_queue, newsk: skb);
1264	neigh->arp_queue_len_bytes += skb->truesize;
1265	}
1266	rc = 1;
1267	}
1268	out_unlock_bh:
1269	if (immediate_probe)
1270	neigh_probe(neigh);
1271	else
1272	write_unlock(&neigh->lock);
1273	local_bh_enable();
1274	trace_neigh_event_send_done(neigh, err: rc);
1275	return rc;
1276
1277	out_dead:
1278	if (neigh->nud_state & NUD_STALE)
1279	goto out_unlock_bh;
1280	write_unlock_bh(&neigh->lock);
1281	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_DEAD);
1282	trace_neigh_event_send_dead(neigh, err: 1);
1283	return 1;
1284	}
1285	EXPORT_SYMBOL(__neigh_event_send);
1286
1287	static void neigh_update_hhs(struct neighbour *neigh)
1288	{
1289	struct hh_cache *hh;
1290	void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1291	= NULL;
1292
1293	if (neigh->dev->header_ops)
1294	update = neigh->dev->header_ops->cache_update;
1295
1296	if (update) {
1297	hh = &neigh->hh;
1298	if (READ_ONCE(hh->hh_len)) {
1299	write_seqlock_bh(sl: &hh->hh_lock);
1300	update(hh, neigh->dev, neigh->ha);
1301	write_sequnlock_bh(sl: &hh->hh_lock);
1302	}
1303	}
1304	}
1305
1306	/* Generic update routine.
1307	-- lladdr is new lladdr or NULL, if it is not supplied.
1308	-- new is new state.
1309	-- flags
1310	NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1311	if it is different.
1312	NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1313	lladdr instead of overriding it
1314	if it is different.
1315	NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1316	NEIGH_UPDATE_F_USE means that the entry is user triggered.
1317	NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed.
1318	NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1319	NTF_ROUTER flag.
1320	NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1321	a router.
1322	NEIGH_UPDATE_F_EXT_VALIDATED means that the entry will not be removed
1323	or invalidated.
1324
1325	Caller MUST hold reference count on the entry.
1326	*/
1327	static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1328	u8 new, u32 flags, u32 nlmsg_pid,
1329	struct netlink_ext_ack *extack)
1330	{
1331	bool gc_update = false, managed_update = false;
1332	int update_isrouter = 0;
1333	struct net_device *dev;
1334	int err, notify = 0;
1335	u8 old;
1336
1337	trace_neigh_update(n: neigh, lladdr, new, flags, nlmsg_pid);
1338
1339	write_lock_bh(&neigh->lock);
1340
1341	dev = neigh->dev;
1342	old = neigh->nud_state;
1343	err = -EPERM;
1344
1345	if (neigh->dead) {
1346	NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1347	new = old;
1348	goto out;
1349	}
1350	if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1351	(old & (NUD_NOARP | NUD_PERMANENT)))
1352	goto out;
1353
1354	neigh_update_flags(neigh, flags, notify: &notify, gc_update: &gc_update, managed_update: &managed_update);
1355	if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1356	new = old & ~NUD_PERMANENT;
1357	WRITE_ONCE(neigh->nud_state, new);
1358	err = 0;
1359	goto out;
1360	}
1361
1362	if (!(new & NUD_VALID)) {
1363	neigh_del_timer(n: neigh);
1364	if (old & NUD_CONNECTED)
1365	neigh_suspect(neigh);
1366	WRITE_ONCE(neigh->nud_state, new);
1367	err = 0;
1368	notify = old & NUD_VALID;
1369	if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1370	(new & NUD_FAILED)) {
1371	neigh_invalidate(neigh);
1372	notify = 1;
1373	}
1374	goto out;
1375	}
1376
1377	/* Compare new lladdr with cached one */
1378	if (!dev->addr_len) {
1379	/* First case: device needs no address. */
1380	lladdr = neigh->ha;
1381	} else if (lladdr) {
1382	/* The second case: if something is already cached
1383	and a new address is proposed:
1384	- compare new & old
1385	- if they are different, check override flag
1386	*/
1387	if ((old & NUD_VALID) &&
1388	!memcmp(p: lladdr, q: neigh->ha, size: dev->addr_len))
1389	lladdr = neigh->ha;
1390	} else {
1391	/* No address is supplied; if we know something,
1392	use it, otherwise discard the request.
1393	*/
1394	err = -EINVAL;
1395	if (!(old & NUD_VALID)) {
1396	NL_SET_ERR_MSG(extack, "No link layer address given");
1397	goto out;
1398	}
1399	lladdr = neigh->ha;
1400	}
1401
1402	/* Update confirmed timestamp for neighbour entry after we
1403	* received ARP packet even if it doesn't change IP to MAC binding.
1404	*/
1405	if (new & NUD_CONNECTED)
1406	neigh->confirmed = jiffies;
1407
1408	/* If entry was valid and address is not changed,
1409	do not change entry state, if new one is STALE.
1410	*/
1411	err = 0;
1412	update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1413	if (old & NUD_VALID) {
1414	if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1415	update_isrouter = 0;
1416	if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1417	(old & NUD_CONNECTED)) {
1418	lladdr = neigh->ha;
1419	new = NUD_STALE;
1420	} else
1421	goto out;
1422	} else {
1423	if (lladdr == neigh->ha && new == NUD_STALE &&
1424	!(flags & NEIGH_UPDATE_F_ADMIN))
1425	new = old;
1426	}
1427	}
1428
1429	/* Update timestamp only once we know we will make a change to the
1430	* neighbour entry. Otherwise we risk to move the locktime window with
1431	* noop updates and ignore relevant ARP updates.
1432	*/
1433	if (new != old || lladdr != neigh->ha)
1434	neigh->updated = jiffies;
1435
1436	if (new != old) {
1437	neigh_del_timer(n: neigh);
1438	if (new & NUD_PROBE)
1439	atomic_set(v: &neigh->probes, i: 0);
1440	if (new & NUD_IN_TIMER)
1441	neigh_add_timer(n: neigh, when: (jiffies +
1442	((new & NUD_REACHABLE) ?
1443	neigh->parms->reachable_time :
1444	0)));
1445	WRITE_ONCE(neigh->nud_state, new);
1446	notify = 1;
1447	}
1448
1449	if (lladdr != neigh->ha) {
1450	write_seqlock(sl: &neigh->ha_lock);
1451	memcpy(&neigh->ha, lladdr, dev->addr_len);
1452	write_sequnlock(sl: &neigh->ha_lock);
1453	neigh_update_hhs(neigh);
1454	if (!(new & NUD_CONNECTED))
1455	neigh->confirmed = jiffies -
1456	(NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1457	notify = 1;
1458	}
1459	if (new == old)
1460	goto out;
1461	if (new & NUD_CONNECTED)
1462	neigh_connect(neigh);
1463	else
1464	neigh_suspect(neigh);
1465	if (!(old & NUD_VALID)) {
1466	struct sk_buff *skb;
1467
1468	/* Again: avoid dead loop if something went wrong */
1469
1470	while (neigh->nud_state & NUD_VALID &&
1471	(skb = __skb_dequeue(list: &neigh->arp_queue)) != NULL) {
1472	struct dst_entry *dst = skb_dst(skb);
1473	struct neighbour *n2, *n1 = neigh;
1474	write_unlock_bh(&neigh->lock);
1475
1476	rcu_read_lock();
1477
1478	/* Why not just use 'neigh' as-is? The problem is that
1479	* things such as shaper, eql, and sch_teql can end up
1480	* using alternative, different, neigh objects to output
1481	* the packet in the output path. So what we need to do
1482	* here is re-lookup the top-level neigh in the path so
1483	* we can reinject the packet there.
1484	*/
1485	n2 = NULL;
1486	if (dst &&
1487	READ_ONCE(dst->obsolete) != DST_OBSOLETE_DEAD) {
1488	n2 = dst_neigh_lookup_skb(dst, skb);
1489	if (n2)
1490	n1 = n2;
1491	}
1492	READ_ONCE(n1->output)(n1, skb);
1493	if (n2)
1494	neigh_release(neigh: n2);
1495	rcu_read_unlock();
1496
1497	write_lock_bh(&neigh->lock);
1498	}
1499	__skb_queue_purge(list: &neigh->arp_queue);
1500	neigh->arp_queue_len_bytes = 0;
1501	}
1502	out:
1503	if (update_isrouter)
1504	neigh_update_is_router(neigh, flags, notify: &notify);
1505	write_unlock_bh(&neigh->lock);
1506	if (((new ^ old) & NUD_PERMANENT) || gc_update)
1507	neigh_update_gc_list(n: neigh);
1508	if (managed_update)
1509	neigh_update_managed_list(n: neigh);
1510	if (notify)
1511	neigh_update_notify(neigh, nlmsg_pid);
1512	trace_neigh_update_done(neigh, err);
1513	return err;
1514	}
1515
1516	int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1517	u32 flags, u32 nlmsg_pid)
1518	{
1519	return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1520	}
1521	EXPORT_SYMBOL(neigh_update);
1522
1523	/* Update the neigh to listen temporarily for probe responses, even if it is
1524	* in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1525	*/
1526	void __neigh_set_probe_once(struct neighbour *neigh)
1527	{
1528	if (neigh->dead)
1529	return;
1530	neigh->updated = jiffies;
1531	if (!(neigh->nud_state & NUD_FAILED))
1532	return;
1533	WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE);
1534	atomic_set(v: &neigh->probes, i: neigh_max_probes(n: neigh));
1535	neigh_add_timer(n: neigh,
1536	when: jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1537	HZ/100));
1538	}
1539	EXPORT_SYMBOL(__neigh_set_probe_once);
1540
1541	struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1542	u8 *lladdr, void *saddr,
1543	struct net_device *dev)
1544	{
1545	struct neighbour *neigh = __neigh_lookup(tbl, pkey: saddr, dev,
1546	creat: lladdr || !dev->addr_len);
1547	if (neigh)
1548	neigh_update(neigh, lladdr, NUD_STALE,
1549	NEIGH_UPDATE_F_OVERRIDE, 0);
1550	return neigh;
1551	}
1552	EXPORT_SYMBOL(neigh_event_ns);
1553
1554	/* called with read_lock_bh(&n->lock); */
1555	static void neigh_hh_init(struct neighbour *n)
1556	{
1557	struct net_device *dev = n->dev;
1558	__be16 prot = n->tbl->protocol;
1559	struct hh_cache *hh = &n->hh;
1560
1561	write_lock_bh(&n->lock);
1562
1563	/* Only one thread can come in here and initialize the
1564	* hh_cache entry.
1565	*/
1566	if (!hh->hh_len)
1567	dev->header_ops->cache(n, hh, prot);
1568
1569	write_unlock_bh(&n->lock);
1570	}
1571
1572	/* Slow and careful. */
1573
1574	int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1575	{
1576	int rc = 0;
1577
1578	if (!neigh_event_send(neigh, skb)) {
1579	int err;
1580	struct net_device *dev = neigh->dev;
1581	unsigned int seq;
1582
1583	if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1584	neigh_hh_init(n: neigh);
1585
1586	do {
1587	__skb_pull(skb, len: skb_network_offset(skb));
1588	seq = read_seqbegin(sl: &neigh->ha_lock);
1589	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1590	daddr: neigh->ha, NULL, len: skb->len);
1591	} while (read_seqretry(sl: &neigh->ha_lock, start: seq));
1592
1593	if (err >= 0)
1594	rc = dev_queue_xmit(skb);
1595	else
1596	goto out_kfree_skb;
1597	}
1598	out:
1599	return rc;
1600	out_kfree_skb:
1601	rc = -EINVAL;
1602	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_HH_FILLFAIL);
1603	goto out;
1604	}
1605	EXPORT_SYMBOL(neigh_resolve_output);
1606
1607	/* As fast as possible without hh cache */
1608
1609	int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1610	{
1611	struct net_device *dev = neigh->dev;
1612	unsigned int seq;
1613	int err;
1614
1615	do {
1616	__skb_pull(skb, len: skb_network_offset(skb));
1617	seq = read_seqbegin(sl: &neigh->ha_lock);
1618	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1619	daddr: neigh->ha, NULL, len: skb->len);
1620	} while (read_seqretry(sl: &neigh->ha_lock, start: seq));
1621
1622	if (err >= 0)
1623	err = dev_queue_xmit(skb);
1624	else {
1625	err = -EINVAL;
1626	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_HH_FILLFAIL);
1627	}
1628	return err;
1629	}
1630	EXPORT_SYMBOL(neigh_connected_output);
1631
1632	int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1633	{
1634	return dev_queue_xmit(skb);
1635	}
1636	EXPORT_SYMBOL(neigh_direct_output);
1637
1638	static void neigh_managed_work(struct work_struct *work)
1639	{
1640	struct neigh_table *tbl = container_of(work, struct neigh_table,
1641	managed_work.work);
1642	struct neighbour *neigh;
1643
1644	spin_lock_bh(lock: &tbl->lock);
1645	list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1646	neigh_event_send_probe(neigh, NULL, immediate_ok: false);
1647	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->managed_work,
1648	NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1649	spin_unlock_bh(lock: &tbl->lock);
1650	}
1651
1652	static void neigh_proxy_process(struct timer_list *t)
1653	{
1654	struct neigh_table *tbl = timer_container_of(tbl, t, proxy_timer);
1655	long sched_next = 0;
1656	unsigned long now = jiffies;
1657	struct sk_buff *skb, *n;
1658
1659	spin_lock(lock: &tbl->proxy_queue.lock);
1660
1661	skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1662	long tdif = NEIGH_CB(skb)->sched_next - now;
1663
1664	if (tdif <= 0) {
1665	struct net_device *dev = skb->dev;
1666
1667	neigh_parms_qlen_dec(dev, family: tbl->family);
1668	__skb_unlink(skb, list: &tbl->proxy_queue);
1669
1670	if (tbl->proxy_redo && netif_running(dev)) {
1671	rcu_read_lock();
1672	tbl->proxy_redo(skb);
1673	rcu_read_unlock();
1674	} else {
1675	kfree_skb(skb);
1676	}
1677
1678	dev_put(dev);
1679	} else if (!sched_next || tdif < sched_next)
1680	sched_next = tdif;
1681	}
1682	timer_delete(timer: &tbl->proxy_timer);
1683	if (sched_next)
1684	mod_timer(timer: &tbl->proxy_timer, expires: jiffies + sched_next);
1685	spin_unlock(lock: &tbl->proxy_queue.lock);
1686	}
1687
1688	static unsigned long neigh_proxy_delay(struct neigh_parms *p)
1689	{
1690	/* If proxy_delay is zero, do not call get_random_u32_below()
1691	* as it is undefined behavior.
1692	*/
1693	unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY);
1694
1695	return proxy_delay ?
1696	jiffies + get_random_u32_below(ceil: proxy_delay) : jiffies;
1697	}
1698
1699	void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1700	struct sk_buff *skb)
1701	{
1702	unsigned long sched_next = neigh_proxy_delay(p);
1703
1704	if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1705	kfree_skb(skb);
1706	return;
1707	}
1708
1709	NEIGH_CB(skb)->sched_next = sched_next;
1710	NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1711
1712	spin_lock(lock: &tbl->proxy_queue.lock);
1713	if (timer_delete(timer: &tbl->proxy_timer)) {
1714	if (time_before(tbl->proxy_timer.expires, sched_next))
1715	sched_next = tbl->proxy_timer.expires;
1716	}
1717	skb_dst_drop(skb);
1718	dev_hold(dev: skb->dev);
1719	__skb_queue_tail(list: &tbl->proxy_queue, newsk: skb);
1720	p->qlen++;
1721	mod_timer(timer: &tbl->proxy_timer, expires: sched_next);
1722	spin_unlock(lock: &tbl->proxy_queue.lock);
1723	}
1724	EXPORT_SYMBOL(pneigh_enqueue);
1725
1726	static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1727	struct net *net, int ifindex)
1728	{
1729	struct neigh_parms *p;
1730
1731	list_for_each_entry(p, &tbl->parms_list, list) {
1732	if ((p->dev && p->dev->ifindex == ifindex && net_eq(net1: neigh_parms_net(parms: p), net2: net)) ||
1733	(!p->dev && !ifindex && net_eq(net1: net, net2: &init_net)))
1734	return p;
1735	}
1736
1737	return NULL;
1738	}
1739
1740	struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1741	struct neigh_table *tbl)
1742	{
1743	struct neigh_parms *p;
1744	struct net *net = dev_net(dev);
1745	const struct net_device_ops *ops = dev->netdev_ops;
1746
1747	p = kmemdup(&tbl->parms, sizeof(*p), GFP_KERNEL);
1748	if (p) {
1749	p->tbl = tbl;
1750	refcount_set(r: &p->refcnt, n: 1);
1751	neigh_set_reach_time(p);
1752	p->qlen = 0;
1753	netdev_hold(dev, tracker: &p->dev_tracker, GFP_KERNEL);
1754	p->dev = dev;
1755	write_pnet(pnet: &p->net, net);
1756	p->sysctl_table = NULL;
1757
1758	if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1759	netdev_put(dev, tracker: &p->dev_tracker);
1760	kfree(objp: p);
1761	return NULL;
1762	}
1763
1764	spin_lock_bh(lock: &tbl->lock);
1765	list_add_rcu(new: &p->list, head: &tbl->parms.list);
1766	spin_unlock_bh(lock: &tbl->lock);
1767
1768	neigh_parms_data_state_cleanall(p);
1769	}
1770	return p;
1771	}
1772	EXPORT_SYMBOL(neigh_parms_alloc);
1773
1774	static void neigh_rcu_free_parms(struct rcu_head *head)
1775	{
1776	struct neigh_parms *parms =
1777	container_of(head, struct neigh_parms, rcu_head);
1778
1779	neigh_parms_put(parms);
1780	}
1781
1782	void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1783	{
1784	if (!parms || parms == &tbl->parms)
1785	return;
1786
1787	spin_lock_bh(lock: &tbl->lock);
1788	list_del_rcu(entry: &parms->list);
1789	parms->dead = 1;
1790	spin_unlock_bh(lock: &tbl->lock);
1791
1792	netdev_put(dev: parms->dev, tracker: &parms->dev_tracker);
1793	call_rcu(head: &parms->rcu_head, func: neigh_rcu_free_parms);
1794	}
1795	EXPORT_SYMBOL(neigh_parms_release);
1796
1797	static struct lock_class_key neigh_table_proxy_queue_class;
1798
1799	static struct neigh_table __rcu *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1800
1801	void neigh_table_init(int index, struct neigh_table *tbl)
1802	{
1803	unsigned long now = jiffies;
1804	unsigned long phsize;
1805
1806	INIT_LIST_HEAD(list: &tbl->parms_list);
1807	INIT_LIST_HEAD(list: &tbl->gc_list);
1808	INIT_LIST_HEAD(list: &tbl->managed_list);
1809
1810	list_add(new: &tbl->parms.list, head: &tbl->parms_list);
1811	write_pnet(pnet: &tbl->parms.net, net: &init_net);
1812	refcount_set(r: &tbl->parms.refcnt, n: 1);
1813	neigh_set_reach_time(p: &tbl->parms);
1814	tbl->parms.qlen = 0;
1815
1816	tbl->stats = alloc_percpu(struct neigh_statistics);
1817	if (!tbl->stats)
1818	panic(fmt: "cannot create neighbour cache statistics");
1819
1820	#ifdef CONFIG_PROC_FS
1821	if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1822	&neigh_stat_seq_ops, tbl))
1823	panic(fmt: "cannot create neighbour proc dir entry");
1824	#endif
1825
1826	RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1827
1828	phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1829	tbl->phash_buckets = kzalloc(phsize, GFP_KERNEL);
1830
1831	if (!tbl->nht || !tbl->phash_buckets)
1832	panic(fmt: "cannot allocate neighbour cache hashes");
1833
1834	if (!tbl->entry_size)
1835	tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1836	tbl->key_len, NEIGH_PRIV_ALIGN);
1837	else
1838	WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1839
1840	spin_lock_init(&tbl->lock);
1841	mutex_init(&tbl->phash_lock);
1842
1843	INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1844	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->gc_work,
1845	delay: tbl->parms.reachable_time);
1846	INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1847	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->managed_work, delay: 0);
1848
1849	timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1850	skb_queue_head_init_class(list: &tbl->proxy_queue,
1851	class: &neigh_table_proxy_queue_class);
1852
1853	tbl->last_flush = now;
1854	tbl->last_rand = now + tbl->parms.reachable_time * 20;
1855
1856	rcu_assign_pointer(neigh_tables[index], tbl);
1857	}
1858	EXPORT_SYMBOL(neigh_table_init);
1859
1860	/*
1861	* Only called from ndisc_cleanup(), which means this is dead code
1862	* because we no longer can unload IPv6 module.
1863	*/
1864	int neigh_table_clear(int index, struct neigh_table *tbl)
1865	{
1866	RCU_INIT_POINTER(neigh_tables[index], NULL);
1867	synchronize_rcu();
1868
1869	/* It is not clean... Fix it to unload IPv6 module safely */
1870	cancel_delayed_work_sync(dwork: &tbl->managed_work);
1871	cancel_delayed_work_sync(dwork: &tbl->gc_work);
1872	timer_delete_sync(timer: &tbl->proxy_timer);
1873	pneigh_queue_purge(list: &tbl->proxy_queue, NULL, family: tbl->family);
1874	neigh_ifdown(tbl, NULL);
1875	if (atomic_read(v: &tbl->entries))
1876	pr_crit("neighbour leakage\n");
1877
1878	call_rcu(head: &rcu_dereference_protected(tbl->nht, 1)->rcu,
1879	func: neigh_hash_free_rcu);
1880	tbl->nht = NULL;
1881
1882	kfree(objp: tbl->phash_buckets);
1883	tbl->phash_buckets = NULL;
1884
1885	remove_proc_entry(tbl->id, init_net.proc_net_stat);
1886
1887	free_percpu(pdata: tbl->stats);
1888	tbl->stats = NULL;
1889
1890	return 0;
1891	}
1892	EXPORT_SYMBOL(neigh_table_clear);
1893
1894	static struct neigh_table *neigh_find_table(int family)
1895	{
1896	struct neigh_table *tbl = NULL;
1897
1898	switch (family) {
1899	case AF_INET:
1900	tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ARP_TABLE]);
1901	break;
1902	case AF_INET6:
1903	tbl = rcu_dereference_rtnl(neigh_tables[NEIGH_ND_TABLE]);
1904	break;
1905	}
1906
1907	return tbl;
1908	}
1909
1910	const struct nla_policy nda_policy[NDA_MAX+1] = {
1911	[NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1912	[NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1913	[NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1914	[NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1915	[NDA_PROBES] = { .type = NLA_U32 },
1916	[NDA_VLAN] = { .type = NLA_U16 },
1917	[NDA_PORT] = { .type = NLA_U16 },
1918	[NDA_VNI] = { .type = NLA_U32 },
1919	[NDA_IFINDEX] = { .type = NLA_U32 },
1920	[NDA_MASTER] = { .type = NLA_U32 },
1921	[NDA_PROTOCOL] = { .type = NLA_U8 },
1922	[NDA_NH_ID] = { .type = NLA_U32 },
1923	[NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1924	[NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1925	};
1926
1927	static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1928	struct netlink_ext_ack *extack)
1929	{
1930	struct net *net = sock_net(sk: skb->sk);
1931	struct ndmsg *ndm;
1932	struct nlattr *dst_attr;
1933	struct neigh_table *tbl;
1934	struct neighbour *neigh;
1935	struct net_device *dev = NULL;
1936	int err = -EINVAL;
1937
1938	ASSERT_RTNL();
1939	if (nlmsg_len(nlh) < sizeof(*ndm))
1940	goto out;
1941
1942	dst_attr = nlmsg_find_attr(nlh, hdrlen: sizeof(*ndm), attrtype: NDA_DST);
1943	if (!dst_attr) {
1944	NL_SET_ERR_MSG(extack, "Network address not specified");
1945	goto out;
1946	}
1947
1948	ndm = nlmsg_data(nlh);
1949	if (ndm->ndm_ifindex) {
1950	dev = __dev_get_by_index(net, ifindex: ndm->ndm_ifindex);
1951	if (dev == NULL) {
1952	err = -ENODEV;
1953	goto out;
1954	}
1955	}
1956
1957	tbl = neigh_find_table(family: ndm->ndm_family);
1958	if (tbl == NULL)
1959	return -EAFNOSUPPORT;
1960
1961	if (nla_len(nla: dst_attr) < (int)tbl->key_len) {
1962	NL_SET_ERR_MSG(extack, "Invalid network address");
1963	goto out;
1964	}
1965
1966	if (ndm->ndm_flags & NTF_PROXY) {
1967	err = pneigh_delete(tbl, net, pkey: nla_data(nla: dst_attr), dev);
1968	goto out;
1969	}
1970
1971	if (dev == NULL)
1972	goto out;
1973
1974	neigh = neigh_lookup(tbl, nla_data(nla: dst_attr), dev);
1975	if (neigh == NULL) {
1976	err = -ENOENT;
1977	goto out;
1978	}
1979
1980	err = __neigh_update(neigh, NULL, NUD_FAILED,
1981	NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1982	NETLINK_CB(skb).portid, extack);
1983	spin_lock_bh(lock: &tbl->lock);
1984	neigh_release(neigh);
1985	neigh_remove_one(n: neigh);
1986	spin_unlock_bh(lock: &tbl->lock);
1987
1988	out:
1989	return err;
1990	}
1991
1992	static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1993	struct netlink_ext_ack *extack)
1994	{
1995	int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1996	NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1997	struct net *net = sock_net(sk: skb->sk);
1998	struct ndmsg *ndm;
1999	struct nlattr *tb[NDA_MAX+1];
2000	struct neigh_table *tbl;
2001	struct net_device *dev = NULL;
2002	struct neighbour *neigh;
2003	void *dst, *lladdr;
2004	u8 protocol = 0;
2005	u32 ndm_flags;
2006	int err;
2007
2008	ASSERT_RTNL();
2009	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ndm), tb, NDA_MAX,
2010	policy: nda_policy, extack);
2011	if (err < 0)
2012	goto out;
2013
2014	err = -EINVAL;
2015	if (!tb[NDA_DST]) {
2016	NL_SET_ERR_MSG(extack, "Network address not specified");
2017	goto out;
2018	}
2019
2020	ndm = nlmsg_data(nlh);
2021	ndm_flags = ndm->ndm_flags;
2022	if (tb[NDA_FLAGS_EXT]) {
2023	u32 ext = nla_get_u32(nla: tb[NDA_FLAGS_EXT]);
2024
2025	BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
2026	(sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
2027	hweight32(NTF_EXT_MASK)));
2028	ndm_flags |= (ext << NTF_EXT_SHIFT);
2029	}
2030	if (ndm->ndm_ifindex) {
2031	dev = __dev_get_by_index(net, ifindex: ndm->ndm_ifindex);
2032	if (dev == NULL) {
2033	err = -ENODEV;
2034	goto out;
2035	}
2036
2037	if (tb[NDA_LLADDR] && nla_len(nla: tb[NDA_LLADDR]) < dev->addr_len) {
2038	NL_SET_ERR_MSG(extack, "Invalid link address");
2039	goto out;
2040	}
2041	}
2042
2043	tbl = neigh_find_table(family: ndm->ndm_family);
2044	if (tbl == NULL)
2045	return -EAFNOSUPPORT;
2046
2047	if (nla_len(nla: tb[NDA_DST]) < (int)tbl->key_len) {
2048	NL_SET_ERR_MSG(extack, "Invalid network address");
2049	goto out;
2050	}
2051
2052	dst = nla_data(nla: tb[NDA_DST]);
2053	lladdr = tb[NDA_LLADDR] ? nla_data(nla: tb[NDA_LLADDR]) : NULL;
2054
2055	if (tb[NDA_PROTOCOL])
2056	protocol = nla_get_u8(nla: tb[NDA_PROTOCOL]);
2057	if (ndm_flags & NTF_PROXY) {
2058	if (ndm_flags & (NTF_MANAGED | NTF_EXT_VALIDATED)) {
2059	NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2060	goto out;
2061	}
2062
2063	err = pneigh_create(tbl, net, pkey: dst, dev, flags: ndm_flags, protocol,
2064	permanent: !!(ndm->ndm_state & NUD_PERMANENT));
2065	goto out;
2066	}
2067
2068	if (!dev) {
2069	NL_SET_ERR_MSG(extack, "Device not specified");
2070	goto out;
2071	}
2072
2073	if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2074	err = -EINVAL;
2075	goto out;
2076	}
2077
2078	neigh = neigh_lookup(tbl, dst, dev);
2079	if (neigh == NULL) {
2080	bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT;
2081	bool exempt_from_gc = ndm_permanent ||
2082	ndm_flags & (NTF_EXT_LEARNED |
2083	NTF_EXT_VALIDATED);
2084
2085	if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2086	err = -ENOENT;
2087	goto out;
2088	}
2089	if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2090	NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2091	err = -EINVAL;
2092	goto out;
2093	}
2094	if (ndm_flags & NTF_EXT_VALIDATED) {
2095	u8 state = ndm->ndm_state;
2096
2097	/* NTF_USE and NTF_MANAGED will result in the neighbor
2098	* being created with an invalid state (NUD_NONE).
2099	*/
2100	if (ndm_flags & (NTF_USE | NTF_MANAGED))
2101	state = NUD_NONE;
2102
2103	if (!(state & NUD_VALID)) {
2104	NL_SET_ERR_MSG(extack,
2105	"Cannot create externally validated neighbor with an invalid state");
2106	err = -EINVAL;
2107	goto out;
2108	}
2109	}
2110
2111	neigh = ___neigh_create(tbl, pkey: dst, dev,
2112	flags: ndm_flags &
2113	(NTF_EXT_LEARNED | NTF_MANAGED |
2114	NTF_EXT_VALIDATED),
2115	exempt_from_gc, want_ref: true);
2116	if (IS_ERR(ptr: neigh)) {
2117	err = PTR_ERR(ptr: neigh);
2118	goto out;
2119	}
2120	} else {
2121	if (nlh->nlmsg_flags & NLM_F_EXCL) {
2122	err = -EEXIST;
2123	neigh_release(neigh);
2124	goto out;
2125	}
2126	if (ndm_flags & NTF_EXT_VALIDATED) {
2127	u8 state = ndm->ndm_state;
2128
2129	/* NTF_USE and NTF_MANAGED do not update the existing
2130	* state other than clearing it if it was
2131	* NUD_PERMANENT.
2132	*/
2133	if (ndm_flags & (NTF_USE | NTF_MANAGED))
2134	state = READ_ONCE(neigh->nud_state) & ~NUD_PERMANENT;
2135
2136	if (!(state & NUD_VALID)) {
2137	NL_SET_ERR_MSG(extack,
2138	"Cannot mark neighbor as externally validated with an invalid state");
2139	err = -EINVAL;
2140	neigh_release(neigh);
2141	goto out;
2142	}
2143	}
2144
2145	if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2146	flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2147	NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2148	}
2149
2150	if (protocol)
2151	neigh->protocol = protocol;
2152	if (ndm_flags & NTF_EXT_LEARNED)
2153	flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2154	if (ndm_flags & NTF_ROUTER)
2155	flags |= NEIGH_UPDATE_F_ISROUTER;
2156	if (ndm_flags & NTF_MANAGED)
2157	flags |= NEIGH_UPDATE_F_MANAGED;
2158	if (ndm_flags & NTF_USE)
2159	flags |= NEIGH_UPDATE_F_USE;
2160	if (ndm_flags & NTF_EXT_VALIDATED)
2161	flags |= NEIGH_UPDATE_F_EXT_VALIDATED;
2162
2163	err = __neigh_update(neigh, lladdr, new: ndm->ndm_state, flags,
2164	NETLINK_CB(skb).portid, extack);
2165	if (!err && ndm_flags & (NTF_USE | NTF_MANAGED))
2166	neigh_event_send(neigh, NULL);
2167	neigh_release(neigh);
2168	out:
2169	return err;
2170	}
2171
2172	static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2173	{
2174	struct nlattr *nest;
2175
2176	nest = nla_nest_start_noflag(skb, attrtype: NDTA_PARMS);
2177	if (nest == NULL)
2178	return -ENOBUFS;
2179
2180	if ((parms->dev &&
2181	nla_put_u32(skb, attrtype: NDTPA_IFINDEX, READ_ONCE(parms->dev->ifindex))) ||
2182	nla_put_u32(skb, attrtype: NDTPA_REFCNT, value: refcount_read(r: &parms->refcnt)) ||
2183	nla_put_u32(skb, attrtype: NDTPA_QUEUE_LENBYTES,
2184	NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2185	/* approximative value for deprecated QUEUE_LEN (in packets) */
2186	nla_put_u32(skb, attrtype: NDTPA_QUEUE_LEN,
2187	NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2188	nla_put_u32(skb, attrtype: NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2189	nla_put_u32(skb, attrtype: NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2190	nla_put_u32(skb, attrtype: NDTPA_UCAST_PROBES,
2191	NEIGH_VAR(parms, UCAST_PROBES)) ||
2192	nla_put_u32(skb, attrtype: NDTPA_MCAST_PROBES,
2193	NEIGH_VAR(parms, MCAST_PROBES)) ||
2194	nla_put_u32(skb, attrtype: NDTPA_MCAST_REPROBES,
2195	NEIGH_VAR(parms, MCAST_REPROBES)) ||
2196	nla_put_msecs(skb, attrtype: NDTPA_REACHABLE_TIME, READ_ONCE(parms->reachable_time),
2197	padattr: NDTPA_PAD) ||
2198	nla_put_msecs(skb, attrtype: NDTPA_BASE_REACHABLE_TIME,
2199	NEIGH_VAR(parms, BASE_REACHABLE_TIME), padattr: NDTPA_PAD) ||
2200	nla_put_msecs(skb, attrtype: NDTPA_GC_STALETIME,
2201	NEIGH_VAR(parms, GC_STALETIME), padattr: NDTPA_PAD) ||
2202	nla_put_msecs(skb, attrtype: NDTPA_DELAY_PROBE_TIME,
2203	NEIGH_VAR(parms, DELAY_PROBE_TIME), padattr: NDTPA_PAD) ||
2204	nla_put_msecs(skb, attrtype: NDTPA_RETRANS_TIME,
2205	NEIGH_VAR(parms, RETRANS_TIME), padattr: NDTPA_PAD) ||
2206	nla_put_msecs(skb, attrtype: NDTPA_ANYCAST_DELAY,
2207	NEIGH_VAR(parms, ANYCAST_DELAY), padattr: NDTPA_PAD) ||
2208	nla_put_msecs(skb, attrtype: NDTPA_PROXY_DELAY,
2209	NEIGH_VAR(parms, PROXY_DELAY), padattr: NDTPA_PAD) ||
2210	nla_put_msecs(skb, attrtype: NDTPA_LOCKTIME,
2211	NEIGH_VAR(parms, LOCKTIME), padattr: NDTPA_PAD) ||
2212	nla_put_msecs(skb, attrtype: NDTPA_INTERVAL_PROBE_TIME_MS,
2213	NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), padattr: NDTPA_PAD))
2214	goto nla_put_failure;
2215	return nla_nest_end(skb, start: nest);
2216
2217	nla_put_failure:
2218	nla_nest_cancel(skb, start: nest);
2219	return -EMSGSIZE;
2220	}
2221
2222	static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2223	u32 pid, u32 seq, int type, int flags)
2224	{
2225	struct nlmsghdr *nlh;
2226	struct ndtmsg *ndtmsg;
2227
2228	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndtmsg), flags);
2229	if (nlh == NULL)
2230	return -EMSGSIZE;
2231
2232	ndtmsg = nlmsg_data(nlh);
2233	ndtmsg->ndtm_family = tbl->family;
2234	ndtmsg->ndtm_pad1 = 0;
2235	ndtmsg->ndtm_pad2 = 0;
2236
2237	if (nla_put_string(skb, attrtype: NDTA_NAME, str: tbl->id) ||
2238	nla_put_msecs(skb, attrtype: NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval),
2239	padattr: NDTA_PAD) ||
2240	nla_put_u32(skb, attrtype: NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) ||
2241	nla_put_u32(skb, attrtype: NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) ||
2242	nla_put_u32(skb, attrtype: NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3)))
2243	goto nla_put_failure;
2244	{
2245	unsigned long now = jiffies;
2246	long flush_delta = now - READ_ONCE(tbl->last_flush);
2247	long rand_delta = now - READ_ONCE(tbl->last_rand);
2248	struct neigh_hash_table *nht;
2249	struct ndt_config ndc = {
2250	.ndtc_key_len = tbl->key_len,
2251	.ndtc_entry_size = tbl->entry_size,
2252	.ndtc_entries = atomic_read(v: &tbl->entries),
2253	.ndtc_last_flush = jiffies_to_msecs(j: flush_delta),
2254	.ndtc_last_rand = jiffies_to_msecs(j: rand_delta),
2255	.ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen),
2256	};
2257
2258	nht = rcu_dereference(tbl->nht);
2259	ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2260	ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2261
2262	if (nla_put(skb, attrtype: NDTA_CONFIG, attrlen: sizeof(ndc), data: &ndc))
2263	goto nla_put_failure;
2264	}
2265
2266	{
2267	int cpu;
2268	struct ndt_stats ndst;
2269
2270	memset(&ndst, 0, sizeof(ndst));
2271
2272	for_each_possible_cpu(cpu) {
2273	struct neigh_statistics *st;
2274
2275	st = per_cpu_ptr(tbl->stats, cpu);
2276	ndst.ndts_allocs += READ_ONCE(st->allocs);
2277	ndst.ndts_destroys += READ_ONCE(st->destroys);
2278	ndst.ndts_hash_grows += READ_ONCE(st->hash_grows);
2279	ndst.ndts_res_failed += READ_ONCE(st->res_failed);
2280	ndst.ndts_lookups += READ_ONCE(st->lookups);
2281	ndst.ndts_hits += READ_ONCE(st->hits);
2282	ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast);
2283	ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast);
2284	ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs);
2285	ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs);
2286	ndst.ndts_table_fulls += READ_ONCE(st->table_fulls);
2287	}
2288
2289	if (nla_put_64bit(skb, attrtype: NDTA_STATS, attrlen: sizeof(ndst), data: &ndst,
2290	padattr: NDTA_PAD))
2291	goto nla_put_failure;
2292	}
2293
2294	BUG_ON(tbl->parms.dev);
2295	if (neightbl_fill_parms(skb, parms: &tbl->parms) < 0)
2296	goto nla_put_failure;
2297
2298	nlmsg_end(skb, nlh);
2299	return 0;
2300
2301	nla_put_failure:
2302	nlmsg_cancel(skb, nlh);
2303	return -EMSGSIZE;
2304	}
2305
2306	static int neightbl_fill_param_info(struct sk_buff *skb,
2307	struct neigh_table *tbl,
2308	struct neigh_parms *parms,
2309	u32 pid, u32 seq, int type,
2310	unsigned int flags)
2311	{
2312	struct ndtmsg *ndtmsg;
2313	struct nlmsghdr *nlh;
2314
2315	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndtmsg), flags);
2316	if (nlh == NULL)
2317	return -EMSGSIZE;
2318
2319	ndtmsg = nlmsg_data(nlh);
2320	ndtmsg->ndtm_family = tbl->family;
2321	ndtmsg->ndtm_pad1 = 0;
2322	ndtmsg->ndtm_pad2 = 0;
2323
2324	if (nla_put_string(skb, attrtype: NDTA_NAME, str: tbl->id) < 0 ||
2325	neightbl_fill_parms(skb, parms) < 0)
2326	goto errout;
2327
2328	nlmsg_end(skb, nlh);
2329	return 0;
2330	errout:
2331	nlmsg_cancel(skb, nlh);
2332	return -EMSGSIZE;
2333	}
2334
2335	static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2336	[NDTA_NAME] = { .type = NLA_STRING },
2337	[NDTA_THRESH1] = { .type = NLA_U32 },
2338	[NDTA_THRESH2] = { .type = NLA_U32 },
2339	[NDTA_THRESH3] = { .type = NLA_U32 },
2340	[NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2341	[NDTA_PARMS] = { .type = NLA_NESTED },
2342	};
2343
2344	static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2345	[NDTPA_IFINDEX] = { .type = NLA_U32 },
2346	[NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2347	[NDTPA_QUEUE_LENBYTES] = { .type = NLA_U32 },
2348	[NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2349	[NDTPA_APP_PROBES] = { .type = NLA_U32 },
2350	[NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2351	[NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2352	[NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2353	[NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2354	[NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2355	[NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2356	[NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2357	[NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2358	[NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2359	[NDTPA_LOCKTIME] = { .type = NLA_U64 },
2360	[NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 },
2361	};
2362
2363	static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2364	struct netlink_ext_ack *extack)
2365	{
2366	struct net *net = sock_net(sk: skb->sk);
2367	struct nlattr *tb[NDTA_MAX + 1];
2368	struct neigh_table *tbl;
2369	struct ndtmsg *ndtmsg;
2370	bool found = false;
2371	int err, tidx;
2372
2373	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ndtmsg), tb, NDTA_MAX,
2374	policy: nl_neightbl_policy, extack);
2375	if (err < 0)
2376	goto errout;
2377
2378	if (tb[NDTA_NAME] == NULL) {
2379	err = -EINVAL;
2380	goto errout;
2381	}
2382
2383	ndtmsg = nlmsg_data(nlh);
2384
2385	rcu_read_lock();
2386
2387	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2388	tbl = rcu_dereference(neigh_tables[tidx]);
2389	if (!tbl)
2390	continue;
2391
2392	if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2393	continue;
2394
2395	if (nla_strcmp(nla: tb[NDTA_NAME], str: tbl->id) == 0) {
2396	found = true;
2397	break;
2398	}
2399	}
2400
2401	if (!found) {
2402	rcu_read_unlock();
2403	err = -ENOENT;
2404	goto errout;
2405	}
2406
2407	/*
2408	* We acquire tbl->lock to be nice to the periodic timers and
2409	* make sure they always see a consistent set of values.
2410	*/
2411	spin_lock_bh(lock: &tbl->lock);
2412
2413	if (tb[NDTA_PARMS]) {
2414	struct nlattr *tbp[NDTPA_MAX+1];
2415	struct neigh_parms *p;
2416	int i, ifindex = 0;
2417
2418	err = nla_parse_nested_deprecated(tb: tbp, NDTPA_MAX,
2419	nla: tb[NDTA_PARMS],
2420	policy: nl_ntbl_parm_policy, extack);
2421	if (err < 0)
2422	goto errout_tbl_lock;
2423
2424	if (tbp[NDTPA_IFINDEX])
2425	ifindex = nla_get_u32(nla: tbp[NDTPA_IFINDEX]);
2426
2427	p = lookup_neigh_parms(tbl, net, ifindex);
2428	if (p == NULL) {
2429	err = -ENOENT;
2430	goto errout_tbl_lock;
2431	}
2432
2433	for (i = 1; i <= NDTPA_MAX; i++) {
2434	if (tbp[i] == NULL)
2435	continue;
2436
2437	switch (i) {
2438	case NDTPA_QUEUE_LEN:
2439	NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2440	nla_get_u32(tbp[i]) *
2441	SKB_TRUESIZE(ETH_FRAME_LEN));
2442	break;
2443	case NDTPA_QUEUE_LENBYTES:
2444	NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2445	nla_get_u32(tbp[i]));
2446	break;
2447	case NDTPA_PROXY_QLEN:
2448	NEIGH_VAR_SET(p, PROXY_QLEN,
2449	nla_get_u32(tbp[i]));
2450	break;
2451	case NDTPA_APP_PROBES:
2452	NEIGH_VAR_SET(p, APP_PROBES,
2453	nla_get_u32(tbp[i]));
2454	break;
2455	case NDTPA_UCAST_PROBES:
2456	NEIGH_VAR_SET(p, UCAST_PROBES,
2457	nla_get_u32(tbp[i]));
2458	break;
2459	case NDTPA_MCAST_PROBES:
2460	NEIGH_VAR_SET(p, MCAST_PROBES,
2461	nla_get_u32(tbp[i]));
2462	break;
2463	case NDTPA_MCAST_REPROBES:
2464	NEIGH_VAR_SET(p, MCAST_REPROBES,
2465	nla_get_u32(tbp[i]));
2466	break;
2467	case NDTPA_BASE_REACHABLE_TIME:
2468	NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2469	nla_get_msecs(tbp[i]));
2470	/* update reachable_time as well, otherwise, the change will
2471	* only be effective after the next time neigh_periodic_work
2472	* decides to recompute it (can be multiple minutes)
2473	*/
2474	neigh_set_reach_time(p);
2475	break;
2476	case NDTPA_GC_STALETIME:
2477	NEIGH_VAR_SET(p, GC_STALETIME,
2478	nla_get_msecs(tbp[i]));
2479	break;
2480	case NDTPA_DELAY_PROBE_TIME:
2481	NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2482	nla_get_msecs(tbp[i]));
2483	call_netevent_notifiers(val: NETEVENT_DELAY_PROBE_TIME_UPDATE, v: p);
2484	break;
2485	case NDTPA_INTERVAL_PROBE_TIME_MS:
2486	NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2487	nla_get_msecs(tbp[i]));
2488	break;
2489	case NDTPA_RETRANS_TIME:
2490	NEIGH_VAR_SET(p, RETRANS_TIME,
2491	nla_get_msecs(tbp[i]));
2492	break;
2493	case NDTPA_ANYCAST_DELAY:
2494	NEIGH_VAR_SET(p, ANYCAST_DELAY,
2495	nla_get_msecs(tbp[i]));
2496	break;
2497	case NDTPA_PROXY_DELAY:
2498	NEIGH_VAR_SET(p, PROXY_DELAY,
2499	nla_get_msecs(tbp[i]));
2500	break;
2501	case NDTPA_LOCKTIME:
2502	NEIGH_VAR_SET(p, LOCKTIME,
2503	nla_get_msecs(tbp[i]));
2504	break;
2505	}
2506	}
2507	}
2508
2509	err = -ENOENT;
2510	if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2511	tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2512	!net_eq(net1: net, net2: &init_net))
2513	goto errout_tbl_lock;
2514
2515	if (tb[NDTA_THRESH1])
2516	WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1]));
2517
2518	if (tb[NDTA_THRESH2])
2519	WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2]));
2520
2521	if (tb[NDTA_THRESH3])
2522	WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3]));
2523
2524	if (tb[NDTA_GC_INTERVAL])
2525	WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL]));
2526
2527	err = 0;
2528
2529	errout_tbl_lock:
2530	spin_unlock_bh(lock: &tbl->lock);
2531	rcu_read_unlock();
2532	errout:
2533	return err;
2534	}
2535
2536	static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2537	struct netlink_ext_ack *extack)
2538	{
2539	struct ndtmsg *ndtm;
2540
2541	ndtm = nlmsg_payload(nlh, len: sizeof(*ndtm));
2542	if (!ndtm) {
2543	NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2544	return -EINVAL;
2545	}
2546
2547	if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2548	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2549	return -EINVAL;
2550	}
2551
2552	if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ndtm))) {
2553	NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2554	return -EINVAL;
2555	}
2556
2557	return 0;
2558	}
2559
2560	static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2561	{
2562	const struct nlmsghdr *nlh = cb->nlh;
2563	struct net *net = sock_net(sk: skb->sk);
2564	int family, tidx, nidx = 0;
2565	int tbl_skip = cb->args[0];
2566	int neigh_skip = cb->args[1];
2567	struct neigh_table *tbl;
2568
2569	if (cb->strict_check) {
2570	int err = neightbl_valid_dump_info(nlh, extack: cb->extack);
2571
2572	if (err < 0)
2573	return err;
2574	}
2575
2576	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2577
2578	rcu_read_lock();
2579
2580	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2581	struct neigh_parms *p;
2582
2583	tbl = rcu_dereference(neigh_tables[tidx]);
2584	if (!tbl)
2585	continue;
2586
2587	if (tidx < tbl_skip || (family && tbl->family != family))
2588	continue;
2589
2590	if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2591	seq: nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2592	NLM_F_MULTI) < 0)
2593	break;
2594
2595	nidx = 0;
2596	p = list_next_entry(&tbl->parms, list);
2597	list_for_each_entry_from_rcu(p, &tbl->parms_list, list) {
2598	if (!net_eq(net1: neigh_parms_net(parms: p), net2: net))
2599	continue;
2600
2601	if (nidx < neigh_skip)
2602	goto next;
2603
2604	if (neightbl_fill_param_info(skb, tbl, parms: p,
2605	NETLINK_CB(cb->skb).portid,
2606	seq: nlh->nlmsg_seq,
2607	RTM_NEWNEIGHTBL,
2608	NLM_F_MULTI) < 0)
2609	goto out;
2610	next:
2611	nidx++;
2612	}
2613
2614	neigh_skip = 0;
2615	}
2616	out:
2617	rcu_read_unlock();
2618
2619	cb->args[0] = tidx;
2620	cb->args[1] = nidx;
2621
2622	return skb->len;
2623	}
2624
2625	static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2626	u32 pid, u32 seq, int type, unsigned int flags)
2627	{
2628	u32 neigh_flags, neigh_flags_ext;
2629	unsigned long now = jiffies;
2630	struct nda_cacheinfo ci;
2631	struct nlmsghdr *nlh;
2632	struct ndmsg *ndm;
2633
2634	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndm), flags);
2635	if (nlh == NULL)
2636	return -EMSGSIZE;
2637
2638	neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2639	neigh_flags = neigh->flags & NTF_OLD_MASK;
2640
2641	ndm = nlmsg_data(nlh);
2642	ndm->ndm_family = neigh->ops->family;
2643	ndm->ndm_pad1 = 0;
2644	ndm->ndm_pad2 = 0;
2645	ndm->ndm_flags = neigh_flags;
2646	ndm->ndm_type = neigh->type;
2647	ndm->ndm_ifindex = neigh->dev->ifindex;
2648
2649	if (nla_put(skb, attrtype: NDA_DST, attrlen: neigh->tbl->key_len, data: neigh->primary_key))
2650	goto nla_put_failure;
2651
2652	read_lock_bh(&neigh->lock);
2653	ndm->ndm_state = neigh->nud_state;
2654	if (neigh->nud_state & NUD_VALID) {
2655	char haddr[MAX_ADDR_LEN];
2656
2657	neigh_ha_snapshot(dst: haddr, n: neigh, dev: neigh->dev);
2658	if (nla_put(skb, attrtype: NDA_LLADDR, attrlen: neigh->dev->addr_len, data: haddr) < 0) {
2659	read_unlock_bh(&neigh->lock);
2660	goto nla_put_failure;
2661	}
2662	}
2663
2664	ci.ndm_used = jiffies_to_clock_t(x: now - neigh->used);
2665	ci.ndm_confirmed = jiffies_to_clock_t(x: now - neigh->confirmed);
2666	ci.ndm_updated = jiffies_to_clock_t(x: now - neigh->updated);
2667	ci.ndm_refcnt = refcount_read(r: &neigh->refcnt) - 1;
2668	read_unlock_bh(&neigh->lock);
2669
2670	if (nla_put_u32(skb, attrtype: NDA_PROBES, value: atomic_read(v: &neigh->probes)) ||
2671	nla_put(skb, attrtype: NDA_CACHEINFO, attrlen: sizeof(ci), data: &ci))
2672	goto nla_put_failure;
2673
2674	if (neigh->protocol && nla_put_u8(skb, attrtype: NDA_PROTOCOL, value: neigh->protocol))
2675	goto nla_put_failure;
2676	if (neigh_flags_ext && nla_put_u32(skb, attrtype: NDA_FLAGS_EXT, value: neigh_flags_ext))
2677	goto nla_put_failure;
2678
2679	nlmsg_end(skb, nlh);
2680	return 0;
2681
2682	nla_put_failure:
2683	nlmsg_cancel(skb, nlh);
2684	return -EMSGSIZE;
2685	}
2686
2687	static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2688	u32 pid, u32 seq, int type, unsigned int flags,
2689	struct neigh_table *tbl)
2690	{
2691	u32 neigh_flags, neigh_flags_ext;
2692	struct nlmsghdr *nlh;
2693	struct ndmsg *ndm;
2694	u8 protocol;
2695
2696	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndm), flags);
2697	if (nlh == NULL)
2698	return -EMSGSIZE;
2699
2700	neigh_flags = READ_ONCE(pn->flags);
2701	neigh_flags_ext = neigh_flags >> NTF_EXT_SHIFT;
2702	neigh_flags &= NTF_OLD_MASK;
2703
2704	ndm = nlmsg_data(nlh);
2705	ndm->ndm_family = tbl->family;
2706	ndm->ndm_pad1 = 0;
2707	ndm->ndm_pad2 = 0;
2708	ndm->ndm_flags = neigh_flags | NTF_PROXY;
2709	ndm->ndm_type = RTN_UNICAST;
2710	ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2711	ndm->ndm_state = NUD_NONE;
2712
2713	if (nla_put(skb, attrtype: NDA_DST, attrlen: tbl->key_len, data: pn->key))
2714	goto nla_put_failure;
2715
2716	protocol = READ_ONCE(pn->protocol);
2717	if (protocol && nla_put_u8(skb, attrtype: NDA_PROTOCOL, value: protocol))
2718	goto nla_put_failure;
2719	if (neigh_flags_ext && nla_put_u32(skb, attrtype: NDA_FLAGS_EXT, value: neigh_flags_ext))
2720	goto nla_put_failure;
2721
2722	nlmsg_end(skb, nlh);
2723	return 0;
2724
2725	nla_put_failure:
2726	nlmsg_cancel(skb, nlh);
2727	return -EMSGSIZE;
2728	}
2729
2730	static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2731	{
2732	call_netevent_notifiers(val: NETEVENT_NEIGH_UPDATE, v: neigh);
2733	__neigh_notify(n: neigh, RTM_NEWNEIGH, flags: 0, pid: nlmsg_pid);
2734	}
2735
2736	static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2737	{
2738	struct net_device *master;
2739
2740	if (!master_idx)
2741	return false;
2742
2743	master = dev ? netdev_master_upper_dev_get_rcu(dev) : NULL;
2744
2745	/* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2746	* invalid value for ifindex to denote "no master".
2747	*/
2748	if (master_idx == -1)
2749	return !!master;
2750
2751	if (!master || master->ifindex != master_idx)
2752	return true;
2753
2754	return false;
2755	}
2756
2757	static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2758	{
2759	if (filter_idx && (!dev || dev->ifindex != filter_idx))
2760	return true;
2761
2762	return false;
2763	}
2764
2765	struct neigh_dump_filter {
2766	int master_idx;
2767	int dev_idx;
2768	};
2769
2770	static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2771	struct netlink_callback *cb,
2772	struct neigh_dump_filter *filter)
2773	{
2774	struct net *net = sock_net(sk: skb->sk);
2775	struct neighbour *n;
2776	int err = 0, h, s_h = cb->args[1];
2777	int idx, s_idx = idx = cb->args[2];
2778	struct neigh_hash_table *nht;
2779	unsigned int flags = NLM_F_MULTI;
2780
2781	if (filter->dev_idx || filter->master_idx)
2782	flags |= NLM_F_DUMP_FILTERED;
2783
2784	nht = rcu_dereference(tbl->nht);
2785
2786	for (h = s_h; h < (1 << nht->hash_shift); h++) {
2787	if (h > s_h)
2788	s_idx = 0;
2789	idx = 0;
2790	neigh_for_each_in_bucket_rcu(n, &nht->hash_heads[h]) {
2791	if (idx < s_idx || !net_eq(net1: dev_net(dev: n->dev), net2: net))
2792	goto next;
2793	if (neigh_ifindex_filtered(dev: n->dev, filter_idx: filter->dev_idx) ||
2794	neigh_master_filtered(dev: n->dev, master_idx: filter->master_idx))
2795	goto next;
2796	err = neigh_fill_info(skb, neigh: n, NETLINK_CB(cb->skb).portid,
2797	seq: cb->nlh->nlmsg_seq,
2798	RTM_NEWNEIGH, flags);
2799	if (err < 0)
2800	goto out;
2801	next:
2802	idx++;
2803	}
2804	}
2805	out:
2806	cb->args[1] = h;
2807	cb->args[2] = idx;
2808	return err;
2809	}
2810
2811	static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2812	struct netlink_callback *cb,
2813	struct neigh_dump_filter *filter)
2814	{
2815	struct pneigh_entry *n;
2816	struct net *net = sock_net(sk: skb->sk);
2817	int err = 0, h, s_h = cb->args[3];
2818	int idx, s_idx = idx = cb->args[4];
2819	unsigned int flags = NLM_F_MULTI;
2820
2821	if (filter->dev_idx || filter->master_idx)
2822	flags |= NLM_F_DUMP_FILTERED;
2823
2824	for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2825	if (h > s_h)
2826	s_idx = 0;
2827	for (n = rcu_dereference(tbl->phash_buckets[h]), idx = 0;
2828	n;
2829	n = rcu_dereference(n->next)) {
2830	if (idx < s_idx || pneigh_net(pneigh: n) != net)
2831	goto next;
2832	if (neigh_ifindex_filtered(dev: n->dev, filter_idx: filter->dev_idx) ||
2833	neigh_master_filtered(dev: n->dev, master_idx: filter->master_idx))
2834	goto next;
2835	err = pneigh_fill_info(skb, pn: n, NETLINK_CB(cb->skb).portid,
2836	seq: cb->nlh->nlmsg_seq,
2837	RTM_NEWNEIGH, flags, tbl);
2838	if (err < 0)
2839	goto out;
2840	next:
2841	idx++;
2842	}
2843	}
2844
2845	out:
2846	cb->args[3] = h;
2847	cb->args[4] = idx;
2848	return err;
2849	}
2850
2851	static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2852	bool strict_check,
2853	struct neigh_dump_filter *filter,
2854	struct netlink_ext_ack *extack)
2855	{
2856	struct nlattr *tb[NDA_MAX + 1];
2857	int err, i;
2858
2859	if (strict_check) {
2860	struct ndmsg *ndm;
2861
2862	ndm = nlmsg_payload(nlh, len: sizeof(*ndm));
2863	if (!ndm) {
2864	NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2865	return -EINVAL;
2866	}
2867
2868	if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2869	ndm->ndm_state || ndm->ndm_type) {
2870	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2871	return -EINVAL;
2872	}
2873
2874	if (ndm->ndm_flags & ~NTF_PROXY) {
2875	NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2876	return -EINVAL;
2877	}
2878
2879	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct ndmsg),
2880	tb, NDA_MAX, policy: nda_policy,
2881	extack);
2882	} else {
2883	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(struct ndmsg), tb,
2884	NDA_MAX, policy: nda_policy, extack);
2885	}
2886	if (err < 0)
2887	return err;
2888
2889	for (i = 0; i <= NDA_MAX; ++i) {
2890	if (!tb[i])
2891	continue;
2892
2893	/* all new attributes should require strict_check */
2894	switch (i) {
2895	case NDA_IFINDEX:
2896	filter->dev_idx = nla_get_u32(nla: tb[i]);
2897	break;
2898	case NDA_MASTER:
2899	filter->master_idx = nla_get_u32(nla: tb[i]);
2900	break;
2901	default:
2902	if (strict_check) {
2903	NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2904	return -EINVAL;
2905	}
2906	}
2907	}
2908
2909	return 0;
2910	}
2911
2912	static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2913	{
2914	const struct nlmsghdr *nlh = cb->nlh;
2915	struct neigh_dump_filter filter = {};
2916	struct neigh_table *tbl;
2917	int t, family, s_t;
2918	int proxy = 0;
2919	int err;
2920
2921	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2922
2923	/* check for full ndmsg structure presence, family member is
2924	* the same for both structures
2925	*/
2926	if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2927	((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2928	proxy = 1;
2929
2930	err = neigh_valid_dump_req(nlh, strict_check: cb->strict_check, filter: &filter, extack: cb->extack);
2931	if (err < 0 && cb->strict_check)
2932	return err;
2933	err = 0;
2934
2935	s_t = cb->args[0];
2936
2937	rcu_read_lock();
2938	for (t = 0; t < NEIGH_NR_TABLES; t++) {
2939	tbl = rcu_dereference(neigh_tables[t]);
2940
2941	if (!tbl)
2942	continue;
2943	if (t < s_t || (family && tbl->family != family))
2944	continue;
2945	if (t > s_t)
2946	memset(&cb->args[1], 0, sizeof(cb->args) -
2947	sizeof(cb->args[0]));
2948	if (proxy)
2949	err = pneigh_dump_table(tbl, skb, cb, filter: &filter);
2950	else
2951	err = neigh_dump_table(tbl, skb, cb, filter: &filter);
2952	if (err < 0)
2953	break;
2954	}
2955	rcu_read_unlock();
2956
2957	cb->args[0] = t;
2958	return err;
2959	}
2960
2961	static struct ndmsg *neigh_valid_get_req(const struct nlmsghdr *nlh,
2962	struct nlattr **tb,
2963	struct netlink_ext_ack *extack)
2964	{
2965	struct ndmsg *ndm;
2966	int err, i;
2967
2968	ndm = nlmsg_payload(nlh, len: sizeof(*ndm));
2969	if (!ndm) {
2970	NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2971	return ERR_PTR(error: -EINVAL);
2972	}
2973
2974	if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2975	ndm->ndm_type) {
2976	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2977	return ERR_PTR(error: -EINVAL);
2978	}
2979
2980	if (ndm->ndm_flags & ~NTF_PROXY) {
2981	NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2982	return ERR_PTR(error: -EINVAL);
2983	}
2984
2985	if (!(ndm->ndm_flags & NTF_PROXY) && !ndm->ndm_ifindex) {
2986	NL_SET_ERR_MSG(extack, "No device specified");
2987	return ERR_PTR(error: -EINVAL);
2988	}
2989
2990	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct ndmsg), tb,
2991	NDA_MAX, policy: nda_policy, extack);
2992	if (err < 0)
2993	return ERR_PTR(error: err);
2994
2995	for (i = 0; i <= NDA_MAX; ++i) {
2996	switch (i) {
2997	case NDA_DST:
2998	if (!tb[i]) {
2999	NL_SET_ERR_ATTR_MISS(extack, NULL, NDA_DST);
3000	return ERR_PTR(error: -EINVAL);
3001	}
3002	break;
3003	default:
3004	if (!tb[i])
3005	continue;
3006
3007	NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
3008	return ERR_PTR(error: -EINVAL);
3009	}
3010	}
3011
3012	return ndm;
3013	}
3014
3015	static inline size_t neigh_nlmsg_size(void)
3016	{
3017	return NLMSG_ALIGN(sizeof(struct ndmsg))
3018	+ nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
3019	+ nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
3020	+ nla_total_size(payload: sizeof(struct nda_cacheinfo))
3021	+ nla_total_size(payload: 4) /* NDA_PROBES */
3022	+ nla_total_size(payload: 4) /* NDA_FLAGS_EXT */
3023	+ nla_total_size(payload: 1); /* NDA_PROTOCOL */
3024	}
3025
3026	static inline size_t pneigh_nlmsg_size(void)
3027	{
3028	return NLMSG_ALIGN(sizeof(struct ndmsg))
3029	+ nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
3030	+ nla_total_size(payload: 4) /* NDA_FLAGS_EXT */
3031	+ nla_total_size(payload: 1); /* NDA_PROTOCOL */
3032	}
3033
3034	static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3035	struct netlink_ext_ack *extack)
3036	{
3037	struct net *net = sock_net(sk: in_skb->sk);
3038	u32 pid = NETLINK_CB(in_skb).portid;
3039	struct nlattr *tb[NDA_MAX + 1];
3040	struct net_device *dev = NULL;
3041	u32 seq = nlh->nlmsg_seq;
3042	struct neigh_table *tbl;
3043	struct neighbour *neigh;
3044	struct sk_buff *skb;
3045	struct ndmsg *ndm;
3046	void *dst;
3047	int err;
3048
3049	ndm = neigh_valid_get_req(nlh, tb, extack);
3050	if (IS_ERR(ptr: ndm))
3051	return PTR_ERR(ptr: ndm);
3052
3053	if (ndm->ndm_flags & NTF_PROXY)
3054	skb = nlmsg_new(payload: neigh_nlmsg_size(), GFP_KERNEL);
3055	else
3056	skb = nlmsg_new(payload: pneigh_nlmsg_size(), GFP_KERNEL);
3057	if (!skb)
3058	return -ENOBUFS;
3059
3060	rcu_read_lock();
3061
3062	tbl = neigh_find_table(family: ndm->ndm_family);
3063	if (!tbl) {
3064	NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
3065	err = -EAFNOSUPPORT;
3066	goto err_unlock;
3067	}
3068
3069	if (nla_len(nla: tb[NDA_DST]) != (int)tbl->key_len) {
3070	NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
3071	err = -EINVAL;
3072	goto err_unlock;
3073	}
3074
3075	dst = nla_data(nla: tb[NDA_DST]);
3076
3077	if (ndm->ndm_ifindex) {
3078	dev = dev_get_by_index_rcu(net, ifindex: ndm->ndm_ifindex);
3079	if (!dev) {
3080	NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3081	err = -ENODEV;
3082	goto err_unlock;
3083	}
3084	}
3085
3086	if (ndm->ndm_flags & NTF_PROXY) {
3087	struct pneigh_entry *pn;
3088
3089	pn = pneigh_lookup(tbl, net, pkey: dst, dev);
3090	if (!pn) {
3091	NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3092	err = -ENOENT;
3093	goto err_unlock;
3094	}
3095
3096	err = pneigh_fill_info(skb, pn, pid, seq, RTM_NEWNEIGH, flags: 0, tbl);
3097	if (err)
3098	goto err_unlock;
3099	} else {
3100	neigh = neigh_lookup(tbl, dst, dev);
3101	if (!neigh) {
3102	NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3103	err = -ENOENT;
3104	goto err_unlock;
3105	}
3106
3107	err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, flags: 0);
3108	neigh_release(neigh);
3109	if (err)
3110	goto err_unlock;
3111	}
3112
3113	rcu_read_unlock();
3114
3115	return rtnl_unicast(skb, net, pid);
3116	err_unlock:
3117	rcu_read_unlock();
3118	kfree_skb(skb);
3119	return err;
3120	}
3121
3122	void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3123	{
3124	int chain;
3125	struct neigh_hash_table *nht;
3126
3127	rcu_read_lock();
3128	nht = rcu_dereference(tbl->nht);
3129
3130	spin_lock_bh(lock: &tbl->lock); /* avoid resizes */
3131	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3132	struct neighbour *n;
3133
3134	neigh_for_each_in_bucket(n, &nht->hash_heads[chain])
3135	cb(n, cookie);
3136	}
3137	spin_unlock_bh(lock: &tbl->lock);
3138	rcu_read_unlock();
3139	}
3140	EXPORT_SYMBOL(neigh_for_each);
3141
3142	/* The tbl->lock must be held as a writer and BH disabled. */
3143	void __neigh_for_each_release(struct neigh_table *tbl,
3144	int (*cb)(struct neighbour *))
3145	{
3146	struct neigh_hash_table *nht;
3147	int chain;
3148
3149	nht = rcu_dereference_protected(tbl->nht,
3150	lockdep_is_held(&tbl->lock));
3151	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3152	struct hlist_node *tmp;
3153	struct neighbour *n;
3154
3155	neigh_for_each_in_bucket_safe(n, tmp, &nht->hash_heads[chain]) {
3156	int release;
3157
3158	write_lock(&n->lock);
3159	release = cb(n);
3160	if (release) {
3161	hlist_del_rcu(n: &n->hash);
3162	hlist_del_rcu(n: &n->dev_list);
3163	neigh_mark_dead(n);
3164	}
3165	write_unlock(&n->lock);
3166	if (release)
3167	neigh_cleanup_and_release(neigh: n);
3168	}
3169	}
3170	}
3171	EXPORT_SYMBOL(__neigh_for_each_release);
3172
3173	int neigh_xmit(int index, struct net_device *dev,
3174	const void *addr, struct sk_buff *skb)
3175	{
3176	int err = -EAFNOSUPPORT;
3177
3178	if (likely(index < NEIGH_NR_TABLES)) {
3179	struct neigh_table *tbl;
3180	struct neighbour *neigh;
3181
3182	rcu_read_lock();
3183	tbl = rcu_dereference(neigh_tables[index]);
3184	if (!tbl)
3185	goto out_unlock;
3186	if (index == NEIGH_ARP_TABLE) {
3187	u32 key = *((u32 *)addr);
3188
3189	neigh = __ipv4_neigh_lookup_noref(dev, key);
3190	} else {
3191	neigh = __neigh_lookup_noref(tbl, pkey: addr, dev);
3192	}
3193	if (!neigh)
3194	neigh = __neigh_create(tbl, addr, dev, false);
3195	err = PTR_ERR(ptr: neigh);
3196	if (IS_ERR(ptr: neigh)) {
3197	rcu_read_unlock();
3198	goto out_kfree_skb;
3199	}
3200	err = READ_ONCE(neigh->output)(neigh, skb);
3201	out_unlock:
3202	rcu_read_unlock();
3203	}
3204	else if (index == NEIGH_LINK_TABLE) {
3205	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3206	daddr: addr, NULL, len: skb->len);
3207	if (err < 0)
3208	goto out_kfree_skb;
3209	err = dev_queue_xmit(skb);
3210	}
3211	out:
3212	return err;
3213	out_kfree_skb:
3214	kfree_skb(skb);
3215	goto out;
3216	}
3217	EXPORT_SYMBOL(neigh_xmit);
3218
3219	#ifdef CONFIG_PROC_FS
3220
3221	static struct neighbour *neigh_get_valid(struct seq_file *seq,
3222	struct neighbour *n,
3223	loff_t *pos)
3224	{
3225	struct neigh_seq_state *state = seq->private;
3226	struct net *net = seq_file_net(seq);
3227
3228	if (!net_eq(net1: dev_net(dev: n->dev), net2: net))
3229	return NULL;
3230
3231	if (state->neigh_sub_iter) {
3232	loff_t fakep = 0;
3233	void *v;
3234
3235	v = state->neigh_sub_iter(state, n, pos ? pos : &fakep);
3236	if (!v)
3237	return NULL;
3238	if (pos)
3239	return v;
3240	}
3241
3242	if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3243	return n;
3244
3245	if (READ_ONCE(n->nud_state) & ~NUD_NOARP)
3246	return n;
3247
3248	return NULL;
3249	}
3250
3251	static struct neighbour *neigh_get_first(struct seq_file *seq)
3252	{
3253	struct neigh_seq_state *state = seq->private;
3254	struct neigh_hash_table *nht = state->nht;
3255	struct neighbour *n, *tmp;
3256
3257	state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3258
3259	while (++state->bucket < (1 << nht->hash_shift)) {
3260	neigh_for_each_in_bucket(n, &nht->hash_heads[state->bucket]) {
3261	tmp = neigh_get_valid(seq, n, NULL);
3262	if (tmp)
3263	return tmp;
3264	}
3265	}
3266
3267	return NULL;
3268	}
3269
3270	static struct neighbour *neigh_get_next(struct seq_file *seq,
3271	struct neighbour *n,
3272	loff_t *pos)
3273	{
3274	struct neigh_seq_state *state = seq->private;
3275	struct neighbour *tmp;
3276
3277	if (state->neigh_sub_iter) {
3278	void *v = state->neigh_sub_iter(state, n, pos);
3279
3280	if (v)
3281	return n;
3282	}
3283
3284	hlist_for_each_entry_continue(n, hash) {
3285	tmp = neigh_get_valid(seq, n, pos);
3286	if (tmp) {
3287	n = tmp;
3288	goto out;
3289	}
3290	}
3291
3292	n = neigh_get_first(seq);
3293	out:
3294	if (n && pos)
3295	--(*pos);
3296
3297	return n;
3298	}
3299
3300	static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3301	{
3302	struct neighbour *n = neigh_get_first(seq);
3303
3304	if (n) {
3305	--(*pos);
3306	while (*pos) {
3307	n = neigh_get_next(seq, n, pos);
3308	if (!n)
3309	break;
3310	}
3311	}
3312	return *pos ? NULL : n;
3313	}
3314
3315	static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3316	{
3317	struct neigh_seq_state *state = seq->private;
3318	struct net *net = seq_file_net(seq);
3319	struct neigh_table *tbl = state->tbl;
3320	struct pneigh_entry *pn = NULL;
3321	int bucket;
3322
3323	state->flags |= NEIGH_SEQ_IS_PNEIGH;
3324	for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3325	pn = rcu_dereference(tbl->phash_buckets[bucket]);
3326
3327	while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net))
3328	pn = rcu_dereference(pn->next);
3329	if (pn)
3330	break;
3331	}
3332	state->bucket = bucket;
3333
3334	return pn;
3335	}
3336
3337	static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3338	struct pneigh_entry *pn,
3339	loff_t *pos)
3340	{
3341	struct neigh_seq_state *state = seq->private;
3342	struct net *net = seq_file_net(seq);
3343	struct neigh_table *tbl = state->tbl;
3344
3345	do {
3346	pn = rcu_dereference(pn->next);
3347	} while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net));
3348
3349	while (!pn) {
3350	if (++state->bucket > PNEIGH_HASHMASK)
3351	break;
3352
3353	pn = rcu_dereference(tbl->phash_buckets[state->bucket]);
3354
3355	while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net))
3356	pn = rcu_dereference(pn->next);
3357	if (pn)
3358	break;
3359	}
3360
3361	if (pn && pos)
3362	--(*pos);
3363
3364	return pn;
3365	}
3366
3367	static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3368	{
3369	struct pneigh_entry *pn = pneigh_get_first(seq);
3370
3371	if (pn) {
3372	--(*pos);
3373	while (*pos) {
3374	pn = pneigh_get_next(seq, pn, pos);
3375	if (!pn)
3376	break;
3377	}
3378	}
3379	return *pos ? NULL : pn;
3380	}
3381
3382	static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3383	{
3384	struct neigh_seq_state *state = seq->private;
3385	void *rc;
3386	loff_t idxpos = *pos;
3387
3388	rc = neigh_get_idx(seq, pos: &idxpos);
3389	if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3390	rc = pneigh_get_idx(seq, pos: &idxpos);
3391
3392	return rc;
3393	}
3394
3395	void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3396	__acquires(tbl->lock)
3397	__acquires(rcu)
3398	{
3399	struct neigh_seq_state *state = seq->private;
3400
3401	state->tbl = tbl;
3402	state->bucket = -1;
3403	state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3404
3405	rcu_read_lock();
3406	state->nht = rcu_dereference(tbl->nht);
3407	spin_lock_bh(lock: &tbl->lock);
3408
3409	return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3410	}
3411	EXPORT_SYMBOL(neigh_seq_start);
3412
3413	void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3414	{
3415	struct neigh_seq_state *state;
3416	void *rc;
3417
3418	if (v == SEQ_START_TOKEN) {
3419	rc = neigh_get_first(seq);
3420	goto out;
3421	}
3422
3423	state = seq->private;
3424	if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3425	rc = neigh_get_next(seq, n: v, NULL);
3426	if (rc)
3427	goto out;
3428	if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3429	rc = pneigh_get_first(seq);
3430	} else {
3431	BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3432	rc = pneigh_get_next(seq, pn: v, NULL);
3433	}
3434	out:
3435	++(*pos);
3436	return rc;
3437	}
3438	EXPORT_SYMBOL(neigh_seq_next);
3439
3440	void neigh_seq_stop(struct seq_file *seq, void *v)
3441	__releases(tbl->lock)
3442	__releases(rcu)
3443	{
3444	struct neigh_seq_state *state = seq->private;
3445	struct neigh_table *tbl = state->tbl;
3446
3447	spin_unlock_bh(lock: &tbl->lock);
3448	rcu_read_unlock();
3449	}
3450	EXPORT_SYMBOL(neigh_seq_stop);
3451
3452	/* statistics via seq_file */
3453
3454	static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3455	{
3456	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3457	int cpu;
3458
3459	if (*pos == 0)
3460	return SEQ_START_TOKEN;
3461
3462	for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3463	if (!cpu_possible(cpu))
3464	continue;
3465	*pos = cpu+1;
3466	return per_cpu_ptr(tbl->stats, cpu);
3467	}
3468	return NULL;
3469	}
3470
3471	static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3472	{
3473	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3474	int cpu;
3475
3476	for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3477	if (!cpu_possible(cpu))
3478	continue;
3479	*pos = cpu+1;
3480	return per_cpu_ptr(tbl->stats, cpu);
3481	}
3482	(*pos)++;
3483	return NULL;
3484	}
3485
3486	static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3487	{
3488
3489	}
3490
3491	static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3492	{
3493	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3494	struct neigh_statistics *st = v;
3495
3496	if (v == SEQ_START_TOKEN) {
3497	seq_puts(m: seq, s: "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3498	return 0;
3499	}
3500
3501	seq_printf(m: seq, fmt: "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3502	"%08lx %08lx %08lx "
3503	"%08lx %08lx %08lx\n",
3504	atomic_read(v: &tbl->entries),
3505
3506	st->allocs,
3507	st->destroys,
3508	st->hash_grows,
3509
3510	st->lookups,
3511	st->hits,
3512
3513	st->res_failed,
3514
3515	st->rcv_probes_mcast,
3516	st->rcv_probes_ucast,
3517
3518	st->periodic_gc_runs,
3519	st->forced_gc_runs,
3520	st->unres_discards,
3521	st->table_fulls
3522	);
3523
3524	return 0;
3525	}
3526
3527	static const struct seq_operations neigh_stat_seq_ops = {
3528	.start = neigh_stat_seq_start,
3529	.next = neigh_stat_seq_next,
3530	.stop = neigh_stat_seq_stop,
3531	.show = neigh_stat_seq_show,
3532	};
3533	#endif /* CONFIG_PROC_FS */
3534
3535	static void __neigh_notify(struct neighbour *n, int type, int flags,
3536	u32 pid)
3537	{
3538	struct sk_buff *skb;
3539	int err = -ENOBUFS;
3540	struct net *net;
3541
3542	rcu_read_lock();
3543	net = dev_net_rcu(dev: n->dev);
3544	skb = nlmsg_new(payload: neigh_nlmsg_size(), GFP_ATOMIC);
3545	if (skb == NULL)
3546	goto errout;
3547
3548	err = neigh_fill_info(skb, neigh: n, pid, seq: 0, type, flags);
3549	if (err < 0) {
3550	/* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3551	WARN_ON(err == -EMSGSIZE);
3552	kfree_skb(skb);
3553	goto errout;
3554	}
3555	rtnl_notify(skb, net, pid: 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3556	goto out;
3557	errout:
3558	rtnl_set_sk_err(net, RTNLGRP_NEIGH, error: err);
3559	out:
3560	rcu_read_unlock();
3561	}
3562
3563	void neigh_app_ns(struct neighbour *n)
3564	{
3565	__neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, pid: 0);
3566	}
3567	EXPORT_SYMBOL(neigh_app_ns);
3568
3569	#ifdef CONFIG_SYSCTL
3570	static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3571
3572	static int proc_unres_qlen(const struct ctl_table *ctl, int write,
3573	void *buffer, size_t *lenp, loff_t *ppos)
3574	{
3575	int size, ret;
3576	struct ctl_table tmp = *ctl;
3577
3578	tmp.extra1 = SYSCTL_ZERO;
3579	tmp.extra2 = &unres_qlen_max;
3580	tmp.data = &size;
3581
3582	size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3583	ret = proc_dointvec_minmax(table: &tmp, dir: write, buffer, lenp, ppos);
3584
3585	if (write && !ret)
3586	*(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3587	return ret;
3588	}
3589
3590	static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3591	int index)
3592	{
3593	struct net_device *dev;
3594	int family = neigh_parms_family(p);
3595
3596	rcu_read_lock();
3597	for_each_netdev_rcu(net, dev) {
3598	struct neigh_parms *dst_p =
3599	neigh_get_dev_parms_rcu(dev, family);
3600
3601	if (dst_p && !test_bit(index, dst_p->data_state))
3602	dst_p->data[index] = p->data[index];
3603	}
3604	rcu_read_unlock();
3605	}
3606
3607	static void neigh_proc_update(const struct ctl_table *ctl, int write)
3608	{
3609	struct net_device *dev = ctl->extra1;
3610	struct neigh_parms *p = ctl->extra2;
3611	struct net *net = neigh_parms_net(parms: p);
3612	int index = (int *) ctl->data - p->data;
3613
3614	if (!write)
3615	return;
3616
3617	set_bit(nr: index, addr: p->data_state);
3618	if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3619	call_netevent_notifiers(val: NETEVENT_DELAY_PROBE_TIME_UPDATE, v: p);
3620	if (!dev) /* NULL dev means this is default value */
3621	neigh_copy_dflt_parms(net, p, index);
3622	}
3623
3624	static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl, int write,
3625	void *buffer, size_t *lenp,
3626	loff_t *ppos)
3627	{
3628	struct ctl_table tmp = *ctl;
3629	int ret;
3630
3631	tmp.extra1 = SYSCTL_ZERO;
3632	tmp.extra2 = SYSCTL_INT_MAX;
3633
3634	ret = proc_dointvec_minmax(table: &tmp, dir: write, buffer, lenp, ppos);
3635	neigh_proc_update(ctl, write);
3636	return ret;
3637	}
3638
3639	static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table *ctl, int write,
3640	void *buffer, size_t *lenp, loff_t *ppos)
3641	{
3642	struct ctl_table tmp = *ctl;
3643	int ret;
3644
3645	int min = msecs_to_jiffies(m: 1);
3646
3647	tmp.extra1 = &min;
3648	tmp.extra2 = NULL;
3649
3650	ret = proc_dointvec_ms_jiffies_minmax(table: &tmp, dir: write, buffer, lenp, ppos);
3651	neigh_proc_update(ctl, write);
3652	return ret;
3653	}
3654
3655	int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buffer,
3656	size_t *lenp, loff_t *ppos)
3657	{
3658	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3659
3660	neigh_proc_update(ctl, write);
3661	return ret;
3662	}
3663	EXPORT_SYMBOL(neigh_proc_dointvec);
3664
3665	int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, void *buffer,
3666	size_t *lenp, loff_t *ppos)
3667	{
3668	int ret = proc_dointvec_jiffies(table: ctl, dir: write, buffer, lenp, ppos);
3669
3670	neigh_proc_update(ctl, write);
3671	return ret;
3672	}
3673	EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3674
3675	static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl, int write,
3676	void *buffer, size_t *lenp,
3677	loff_t *ppos)
3678	{
3679	int ret = proc_dointvec_userhz_jiffies(table: ctl, dir: write, buffer, lenp, ppos);
3680
3681	neigh_proc_update(ctl, write);
3682	return ret;
3683	}
3684
3685	int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write,
3686	void *buffer, size_t *lenp, loff_t *ppos)
3687	{
3688	int ret = proc_dointvec_ms_jiffies(table: ctl, dir: write, buffer, lenp, ppos);
3689
3690	neigh_proc_update(ctl, write);
3691	return ret;
3692	}
3693	EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3694
3695	static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int write,
3696	void *buffer, size_t *lenp,
3697	loff_t *ppos)
3698	{
3699	int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3700
3701	neigh_proc_update(ctl, write);
3702	return ret;
3703	}
3704
3705	static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int write,
3706	void *buffer, size_t *lenp,
3707	loff_t *ppos)
3708	{
3709	struct neigh_parms *p = ctl->extra2;
3710	int ret;
3711
3712	if (strcmp(ctl->procname, "base_reachable_time") == 0)
3713	ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3714	else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3715	ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3716	else
3717	ret = -1;
3718
3719	if (write && ret == 0) {
3720	/* update reachable_time as well, otherwise, the change will
3721	* only be effective after the next time neigh_periodic_work
3722	* decides to recompute it
3723	*/
3724	neigh_set_reach_time(p);
3725	}
3726	return ret;
3727	}
3728
3729	#define NEIGH_PARMS_DATA_OFFSET(index) \
3730	(&((struct neigh_parms *) 0)->data[index])
3731
3732	#define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3733	[NEIGH_VAR_ ## attr] = { \
3734	.procname = name, \
3735	.data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3736	.maxlen = sizeof(int), \
3737	.mode = mval, \
3738	.proc_handler = proc, \
3739	}
3740
3741	#define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3742	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3743
3744	#define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3745	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3746
3747	#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3748	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3749
3750	#define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3751	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3752
3753	#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3754	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3755
3756	#define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3757	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3758
3759	static struct neigh_sysctl_table {
3760	struct ctl_table_header *sysctl_header;
3761	struct ctl_table neigh_vars[NEIGH_VAR_MAX];
3762	} neigh_sysctl_template __read_mostly = {
3763	.neigh_vars = {
3764	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3765	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3766	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3767	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3768	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3769	NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3770	NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3771	NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3772	"interval_probe_time_ms"),
3773	NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3774	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3775	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3776	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3777	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3778	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3779	NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3780	NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3781	NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3782	[NEIGH_VAR_GC_INTERVAL] = {
3783	.procname = "gc_interval",
3784	.maxlen = sizeof(int),
3785	.mode = 0644,
3786	.proc_handler = proc_dointvec_jiffies,
3787	},
3788	[NEIGH_VAR_GC_THRESH1] = {
3789	.procname = "gc_thresh1",
3790	.maxlen = sizeof(int),
3791	.mode = 0644,
3792	.extra1 = SYSCTL_ZERO,
3793	.extra2 = SYSCTL_INT_MAX,
3794	.proc_handler = proc_dointvec_minmax,
3795	},
3796	[NEIGH_VAR_GC_THRESH2] = {
3797	.procname = "gc_thresh2",
3798	.maxlen = sizeof(int),
3799	.mode = 0644,
3800	.extra1 = SYSCTL_ZERO,
3801	.extra2 = SYSCTL_INT_MAX,
3802	.proc_handler = proc_dointvec_minmax,
3803	},
3804	[NEIGH_VAR_GC_THRESH3] = {
3805	.procname = "gc_thresh3",
3806	.maxlen = sizeof(int),
3807	.mode = 0644,
3808	.extra1 = SYSCTL_ZERO,
3809	.extra2 = SYSCTL_INT_MAX,
3810	.proc_handler = proc_dointvec_minmax,
3811	},
3812	},
3813	};
3814
3815	int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3816	proc_handler *handler)
3817	{
3818	int i;
3819	struct neigh_sysctl_table *t;
3820	const char *dev_name_source;
3821	char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3822	char *p_name;
3823	size_t neigh_vars_size;
3824
3825	t = kmemdup(&neigh_sysctl_template, sizeof(*t), GFP_KERNEL_ACCOUNT);
3826	if (!t)
3827	goto err;
3828
3829	for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3830	t->neigh_vars[i].data += (long) p;
3831	t->neigh_vars[i].extra1 = dev;
3832	t->neigh_vars[i].extra2 = p;
3833	}
3834
3835	neigh_vars_size = ARRAY_SIZE(t->neigh_vars);
3836	if (dev) {
3837	dev_name_source = dev->name;
3838	/* Terminate the table early */
3839	neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1;
3840	} else {
3841	struct neigh_table *tbl = p->tbl;
3842	dev_name_source = "default";
3843	t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3844	t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3845	t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3846	t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3847	}
3848
3849	if (handler) {
3850	/* RetransTime */
3851	t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3852	/* ReachableTime */
3853	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3854	/* RetransTime (in milliseconds)*/
3855	t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3856	/* ReachableTime (in milliseconds) */
3857	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3858	} else {
3859	/* Those handlers will update p->reachable_time after
3860	* base_reachable_time(_ms) is set to ensure the new timer starts being
3861	* applied after the next neighbour update instead of waiting for
3862	* neigh_periodic_work to update its value (can be multiple minutes)
3863	* So any handler that replaces them should do this as well
3864	*/
3865	/* ReachableTime */
3866	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3867	neigh_proc_base_reachable_time;
3868	/* ReachableTime (in milliseconds) */
3869	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3870	neigh_proc_base_reachable_time;
3871	}
3872
3873	switch (neigh_parms_family(p)) {
3874	case AF_INET:
3875	p_name = "ipv4";
3876	break;
3877	case AF_INET6:
3878	p_name = "ipv6";
3879	break;
3880	default:
3881	BUG();
3882	}
3883
3884	snprintf(buf: neigh_path, size: sizeof(neigh_path), fmt: "net/%s/neigh/%s",
3885	p_name, dev_name_source);
3886	t->sysctl_header = register_net_sysctl_sz(net: neigh_parms_net(parms: p),
3887	path: neigh_path, table: t->neigh_vars,
3888	table_size: neigh_vars_size);
3889	if (!t->sysctl_header)
3890	goto free;
3891
3892	p->sysctl_table = t;
3893	return 0;
3894
3895	free:
3896	kfree(objp: t);
3897	err:
3898	return -ENOBUFS;
3899	}
3900	EXPORT_SYMBOL(neigh_sysctl_register);
3901
3902	void neigh_sysctl_unregister(struct neigh_parms *p)
3903	{
3904	if (p->sysctl_table) {
3905	struct neigh_sysctl_table *t = p->sysctl_table;
3906	p->sysctl_table = NULL;
3907	unregister_net_sysctl_table(header: t->sysctl_header);
3908	kfree(objp: t);
3909	}
3910	}
3911	EXPORT_SYMBOL(neigh_sysctl_unregister);
3912
3913	#endif /* CONFIG_SYSCTL */
3914
3915	static const struct rtnl_msg_handler neigh_rtnl_msg_handlers[] __initconst = {
3916	{.msgtype = RTM_NEWNEIGH, .doit = neigh_add},
3917	{.msgtype = RTM_DELNEIGH, .doit = neigh_delete},
3918	{.msgtype = RTM_GETNEIGH, .doit = neigh_get, .dumpit = neigh_dump_info,
3919	.flags = RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED},
3920	{.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info,
3921	.flags = RTNL_FLAG_DUMP_UNLOCKED},
3922	{.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set,
3923	.flags = RTNL_FLAG_DOIT_UNLOCKED},
3924	};
3925
3926	static int __init neigh_init(void)
3927	{
3928	rtnl_register_many(neigh_rtnl_msg_handlers);
3929	return 0;
3930	}
3931
3932	subsys_initcall(neigh_init);
3933