1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Generic address resolution entity
4	*
5	* Authors:
6	* Pedro Roque <roque@di.fc.ul.pt>
7	* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8	*
9	* Fixes:
10	* Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
11	* Harald Welte Add neighbour cache statistics like rtstat
12	*/
13
14	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16	#include <linux/slab.h>
17	#include <linux/kmemleak.h>
18	#include <linux/types.h>
19	#include <linux/kernel.h>
20	#include <linux/module.h>
21	#include <linux/socket.h>
22	#include <linux/netdevice.h>
23	#include <linux/proc_fs.h>
24	#ifdef CONFIG_SYSCTL
25	#include <linux/sysctl.h>
26	#endif
27	#include <linux/times.h>
28	#include <net/net_namespace.h>
29	#include <net/neighbour.h>
30	#include <net/arp.h>
31	#include <net/dst.h>
32	#include <net/sock.h>
33	#include <net/netevent.h>
34	#include <net/netlink.h>
35	#include <linux/rtnetlink.h>
36	#include <linux/random.h>
37	#include <linux/string.h>
38	#include <linux/log2.h>
39	#include <linux/inetdevice.h>
40	#include <net/addrconf.h>
41
42	#include <trace/events/neigh.h>
43
44	#define NEIGH_DEBUG 1
45	#define neigh_dbg(level, fmt, ...) \
46	do { \
47	if (level <= NEIGH_DEBUG) \
48	pr_debug(fmt, ##__VA_ARGS__); \
49	} while (0)
50
51	#define PNEIGH_HASHMASK 0xF
52
53	static void neigh_timer_handler(struct timer_list *t);
54	static void __neigh_notify(struct neighbour *n, int type, int flags,
55	u32 pid);
56	static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid);
57	static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
58	struct net_device *dev);
59
60	#ifdef CONFIG_PROC_FS
61	static const struct seq_operations neigh_stat_seq_ops;
62	#endif
63
64	/*
65	Neighbour hash table buckets are protected with rwlock tbl->lock.
66
67	- All the scans/updates to hash buckets MUST be made under this lock.
68	- NOTHING clever should be made under this lock: no callbacks
69	to protocol backends, no attempts to send something to network.
70	It will result in deadlocks, if backend/driver wants to use neighbour
71	cache.
72	- If the entry requires some non-trivial actions, increase
73	its reference count and release table lock.
74
75	Neighbour entries are protected:
76	- with reference count.
77	- with rwlock neigh->lock
78
79	Reference count prevents destruction.
80
81	neigh->lock mainly serializes ll address data and its validity state.
82	However, the same lock is used to protect another entry fields:
83	- timer
84	- resolution queue
85
86	Again, nothing clever shall be made under neigh->lock,
87	the most complicated procedure, which we allow is dev->hard_header.
88	It is supposed, that dev->hard_header is simplistic and does
89	not make callbacks to neighbour tables.
90	*/
91
92	static int neigh_blackhole(struct neighbour *neigh, struct sk_buff *skb)
93	{
94	kfree_skb(skb);
95	return -ENETDOWN;
96	}
97
98	static void neigh_cleanup_and_release(struct neighbour *neigh)
99	{
100	trace_neigh_cleanup_and_release(neigh, rc: 0);
101	__neigh_notify(n: neigh, RTM_DELNEIGH, flags: 0, pid: 0);
102	call_netevent_notifiers(val: NETEVENT_NEIGH_UPDATE, v: neigh);
103	neigh_release(neigh);
104	}
105
106	/*
107	* It is random distribution in the interval (1/2)*base...(3/2)*base.
108	* It corresponds to default IPv6 settings and is not overridable,
109	* because it is really reasonable choice.
110	*/
111
112	unsigned long neigh_rand_reach_time(unsigned long base)
113	{
114	return base ? get_random_u32_below(ceil: base) + (base >> 1) : 0;
115	}
116	EXPORT_SYMBOL(neigh_rand_reach_time);
117
118	static void neigh_mark_dead(struct neighbour *n)
119	{
120	n->dead = 1;
121	if (!list_empty(head: &n->gc_list)) {
122	list_del_init(entry: &n->gc_list);
123	atomic_dec(v: &n->tbl->gc_entries);
124	}
125	if (!list_empty(head: &n->managed_list))
126	list_del_init(entry: &n->managed_list);
127	}
128
129	static void neigh_update_gc_list(struct neighbour *n)
130	{
131	bool on_gc_list, exempt_from_gc;
132
133	write_lock_bh(&n->tbl->lock);
134	write_lock(&n->lock);
135	if (n->dead)
136	goto out;
137
138	/* remove from the gc list if new state is permanent or if neighbor
139	* is externally learned; otherwise entry should be on the gc list
140	*/
141	exempt_from_gc = n->nud_state & NUD_PERMANENT ||
142	n->flags & NTF_EXT_LEARNED;
143	on_gc_list = !list_empty(head: &n->gc_list);
144
145	if (exempt_from_gc && on_gc_list) {
146	list_del_init(entry: &n->gc_list);
147	atomic_dec(v: &n->tbl->gc_entries);
148	} else if (!exempt_from_gc && !on_gc_list) {
149	/* add entries to the tail; cleaning removes from the front */
150	list_add_tail(new: &n->gc_list, head: &n->tbl->gc_list);
151	atomic_inc(v: &n->tbl->gc_entries);
152	}
153	out:
154	write_unlock(&n->lock);
155	write_unlock_bh(&n->tbl->lock);
156	}
157
158	static void neigh_update_managed_list(struct neighbour *n)
159	{
160	bool on_managed_list, add_to_managed;
161
162	write_lock_bh(&n->tbl->lock);
163	write_lock(&n->lock);
164	if (n->dead)
165	goto out;
166
167	add_to_managed = n->flags & NTF_MANAGED;
168	on_managed_list = !list_empty(head: &n->managed_list);
169
170	if (!add_to_managed && on_managed_list)
171	list_del_init(entry: &n->managed_list);
172	else if (add_to_managed && !on_managed_list)
173	list_add_tail(new: &n->managed_list, head: &n->tbl->managed_list);
174	out:
175	write_unlock(&n->lock);
176	write_unlock_bh(&n->tbl->lock);
177	}
178
179	static void neigh_update_flags(struct neighbour *neigh, u32 flags, int *notify,
180	bool *gc_update, bool *managed_update)
181	{
182	u32 ndm_flags, old_flags = neigh->flags;
183
184	if (!(flags & NEIGH_UPDATE_F_ADMIN))
185	return;
186
187	ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
188	ndm_flags |= (flags & NEIGH_UPDATE_F_MANAGED) ? NTF_MANAGED : 0;
189
190	if ((old_flags ^ ndm_flags) & NTF_EXT_LEARNED) {
191	if (ndm_flags & NTF_EXT_LEARNED)
192	neigh->flags |= NTF_EXT_LEARNED;
193	else
194	neigh->flags &= ~NTF_EXT_LEARNED;
195	*notify = 1;
196	*gc_update = true;
197	}
198	if ((old_flags ^ ndm_flags) & NTF_MANAGED) {
199	if (ndm_flags & NTF_MANAGED)
200	neigh->flags |= NTF_MANAGED;
201	else
202	neigh->flags &= ~NTF_MANAGED;
203	*notify = 1;
204	*managed_update = true;
205	}
206	}
207
208	static bool neigh_del(struct neighbour *n, struct neighbour __rcu **np,
209	struct neigh_table *tbl)
210	{
211	bool retval = false;
212
213	write_lock(&n->lock);
214	if (refcount_read(r: &n->refcnt) == 1) {
215	struct neighbour *neigh;
216
217	neigh = rcu_dereference_protected(n->next,
218	lockdep_is_held(&tbl->lock));
219	rcu_assign_pointer(*np, neigh);
220	neigh_mark_dead(n);
221	retval = true;
222	}
223	write_unlock(&n->lock);
224	if (retval)
225	neigh_cleanup_and_release(neigh: n);
226	return retval;
227	}
228
229	bool neigh_remove_one(struct neighbour *ndel, struct neigh_table *tbl)
230	{
231	struct neigh_hash_table *nht;
232	void *pkey = ndel->primary_key;
233	u32 hash_val;
234	struct neighbour *n;
235	struct neighbour __rcu **np;
236
237	nht = rcu_dereference_protected(tbl->nht,
238	lockdep_is_held(&tbl->lock));
239	hash_val = tbl->hash(pkey, ndel->dev, nht->hash_rnd);
240	hash_val = hash_val >> (32 - nht->hash_shift);
241
242	np = &nht->hash_buckets[hash_val];
243	while ((n = rcu_dereference_protected(*np,
244	lockdep_is_held(&tbl->lock)))) {
245	if (n == ndel)
246	return neigh_del(n, np, tbl);
247	np = &n->next;
248	}
249	return false;
250	}
251
252	static int neigh_forced_gc(struct neigh_table *tbl)
253	{
254	int max_clean = atomic_read(v: &tbl->gc_entries) -
255	READ_ONCE(tbl->gc_thresh2);
256	unsigned long tref = jiffies - 5 * HZ;
257	struct neighbour *n, *tmp;
258	int shrunk = 0;
259
260	NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
261
262	write_lock_bh(&tbl->lock);
263
264	list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
265	if (refcount_read(r: &n->refcnt) == 1) {
266	bool remove = false;
267
268	write_lock(&n->lock);
269	if ((n->nud_state == NUD_FAILED) ||
270	(n->nud_state == NUD_NOARP) ||
271	(tbl->is_multicast &&
272	tbl->is_multicast(n->primary_key)) ||
273	!time_in_range(n->updated, tref, jiffies))
274	remove = true;
275	write_unlock(&n->lock);
276
277	if (remove && neigh_remove_one(ndel: n, tbl))
278	shrunk++;
279	if (shrunk >= max_clean)
280	break;
281	}
282	}
283
284	WRITE_ONCE(tbl->last_flush, jiffies);
285
286	write_unlock_bh(&tbl->lock);
287
288	return shrunk;
289	}
290
291	static void neigh_add_timer(struct neighbour *n, unsigned long when)
292	{
293	/* Use safe distance from the jiffies - LONG_MAX point while timer
294	* is running in DELAY/PROBE state but still show to user space
295	* large times in the past.
296	*/
297	unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ);
298
299	neigh_hold(n);
300	if (!time_in_range(n->confirmed, mint, jiffies))
301	n->confirmed = mint;
302	if (time_before(n->used, n->confirmed))
303	n->used = n->confirmed;
304	if (unlikely(mod_timer(&n->timer, when))) {
305	printk("NEIGH: BUG, double timer add, state is %x\n",
306	n->nud_state);
307	dump_stack();
308	}
309	}
310
311	static int neigh_del_timer(struct neighbour *n)
312	{
313	if ((n->nud_state & NUD_IN_TIMER) &&
314	del_timer(timer: &n->timer)) {
315	neigh_release(neigh: n);
316	return 1;
317	}
318	return 0;
319	}
320
321	static struct neigh_parms *neigh_get_dev_parms_rcu(struct net_device *dev,
322	int family)
323	{
324	switch (family) {
325	case AF_INET:
326	return __in_dev_arp_parms_get_rcu(dev);
327	case AF_INET6:
328	return __in6_dev_nd_parms_get_rcu(dev);
329	}
330	return NULL;
331	}
332
333	static void neigh_parms_qlen_dec(struct net_device *dev, int family)
334	{
335	struct neigh_parms *p;
336
337	rcu_read_lock();
338	p = neigh_get_dev_parms_rcu(dev, family);
339	if (p)
340	p->qlen--;
341	rcu_read_unlock();
342	}
343
344	static void pneigh_queue_purge(struct sk_buff_head *list, struct net *net,
345	int family)
346	{
347	struct sk_buff_head tmp;
348	unsigned long flags;
349	struct sk_buff *skb;
350
351	skb_queue_head_init(list: &tmp);
352	spin_lock_irqsave(&list->lock, flags);
353	skb = skb_peek(list_: list);
354	while (skb != NULL) {
355	struct sk_buff *skb_next = skb_peek_next(skb, list_: list);
356	struct net_device *dev = skb->dev;
357
358	if (net == NULL || net_eq(net1: dev_net(dev), net2: net)) {
359	neigh_parms_qlen_dec(dev, family);
360	__skb_unlink(skb, list);
361	__skb_queue_tail(list: &tmp, newsk: skb);
362	}
363	skb = skb_next;
364	}
365	spin_unlock_irqrestore(lock: &list->lock, flags);
366
367	while ((skb = __skb_dequeue(list: &tmp))) {
368	dev_put(dev: skb->dev);
369	kfree_skb(skb);
370	}
371	}
372
373	static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev,
374	bool skip_perm)
375	{
376	int i;
377	struct neigh_hash_table *nht;
378
379	nht = rcu_dereference_protected(tbl->nht,
380	lockdep_is_held(&tbl->lock));
381
382	for (i = 0; i < (1 << nht->hash_shift); i++) {
383	struct neighbour *n;
384	struct neighbour __rcu **np = &nht->hash_buckets[i];
385
386	while ((n = rcu_dereference_protected(*np,
387	lockdep_is_held(&tbl->lock))) != NULL) {
388	if (dev && n->dev != dev) {
389	np = &n->next;
390	continue;
391	}
392	if (skip_perm && n->nud_state & NUD_PERMANENT) {
393	np = &n->next;
394	continue;
395	}
396	rcu_assign_pointer(*np,
397	rcu_dereference_protected(n->next,
398	lockdep_is_held(&tbl->lock)));
399	write_lock(&n->lock);
400	neigh_del_timer(n);
401	neigh_mark_dead(n);
402	if (refcount_read(r: &n->refcnt) != 1) {
403	/* The most unpleasant situation.
404	We must destroy neighbour entry,
405	but someone still uses it.
406
407	The destroy will be delayed until
408	the last user releases us, but
409	we must kill timers etc. and move
410	it to safe state.
411	*/
412	__skb_queue_purge(list: &n->arp_queue);
413	n->arp_queue_len_bytes = 0;
414	WRITE_ONCE(n->output, neigh_blackhole);
415	if (n->nud_state & NUD_VALID)
416	n->nud_state = NUD_NOARP;
417	else
418	n->nud_state = NUD_NONE;
419	neigh_dbg(2, "neigh %p is stray\n", n);
420	}
421	write_unlock(&n->lock);
422	neigh_cleanup_and_release(neigh: n);
423	}
424	}
425	}
426
427	void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev)
428	{
429	write_lock_bh(&tbl->lock);
430	neigh_flush_dev(tbl, dev, skip_perm: false);
431	write_unlock_bh(&tbl->lock);
432	}
433	EXPORT_SYMBOL(neigh_changeaddr);
434
435	static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
436	bool skip_perm)
437	{
438	write_lock_bh(&tbl->lock);
439	neigh_flush_dev(tbl, dev, skip_perm);
440	pneigh_ifdown_and_unlock(tbl, dev);
441	pneigh_queue_purge(list: &tbl->proxy_queue, net: dev ? dev_net(dev) : NULL,
442	family: tbl->family);
443	if (skb_queue_empty_lockless(list: &tbl->proxy_queue))
444	del_timer_sync(timer: &tbl->proxy_timer);
445	return 0;
446	}
447
448	int neigh_carrier_down(struct neigh_table *tbl, struct net_device *dev)
449	{
450	__neigh_ifdown(tbl, dev, skip_perm: true);
451	return 0;
452	}
453	EXPORT_SYMBOL(neigh_carrier_down);
454
455	int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
456	{
457	__neigh_ifdown(tbl, dev, skip_perm: false);
458	return 0;
459	}
460	EXPORT_SYMBOL(neigh_ifdown);
461
462	static struct neighbour *neigh_alloc(struct neigh_table *tbl,
463	struct net_device *dev,
464	u32 flags, bool exempt_from_gc)
465	{
466	struct neighbour *n = NULL;
467	unsigned long now = jiffies;
468	int entries, gc_thresh3;
469
470	if (exempt_from_gc)
471	goto do_alloc;
472
473	entries = atomic_inc_return(v: &tbl->gc_entries) - 1;
474	gc_thresh3 = READ_ONCE(tbl->gc_thresh3);
475	if (entries >= gc_thresh3 ||
476	(entries >= READ_ONCE(tbl->gc_thresh2) &&
477	time_after(now, READ_ONCE(tbl->last_flush) + 5 * HZ))) {
478	if (!neigh_forced_gc(tbl) && entries >= gc_thresh3) {
479	net_info_ratelimited("%s: neighbor table overflow!\n",
480	tbl->id);
481	NEIGH_CACHE_STAT_INC(tbl, table_fulls);
482	goto out_entries;
483	}
484	}
485
486	do_alloc:
487	n = kzalloc(size: tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
488	if (!n)
489	goto out_entries;
490
491	__skb_queue_head_init(list: &n->arp_queue);
492	rwlock_init(&n->lock);
493	seqlock_init(&n->ha_lock);
494	n->updated = n->used = now;
495	n->nud_state = NUD_NONE;
496	n->output = neigh_blackhole;
497	n->flags = flags;
498	seqlock_init(&n->hh.hh_lock);
499	n->parms = neigh_parms_clone(parms: &tbl->parms);
500	timer_setup(&n->timer, neigh_timer_handler, 0);
501
502	NEIGH_CACHE_STAT_INC(tbl, allocs);
503	n->tbl = tbl;
504	refcount_set(r: &n->refcnt, n: 1);
505	n->dead = 1;
506	INIT_LIST_HEAD(list: &n->gc_list);
507	INIT_LIST_HEAD(list: &n->managed_list);
508
509	atomic_inc(v: &tbl->entries);
510	out:
511	return n;
512
513	out_entries:
514	if (!exempt_from_gc)
515	atomic_dec(v: &tbl->gc_entries);
516	goto out;
517	}
518
519	static void neigh_get_hash_rnd(u32 *x)
520	{
521	*x = get_random_u32() | 1;
522	}
523
524	static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
525	{
526	size_t size = (1 << shift) * sizeof(struct neighbour *);
527	struct neigh_hash_table *ret;
528	struct neighbour __rcu **buckets;
529	int i;
530
531	ret = kmalloc(size: sizeof(*ret), GFP_ATOMIC);
532	if (!ret)
533	return NULL;
534	if (size <= PAGE_SIZE) {
535	buckets = kzalloc(size, GFP_ATOMIC);
536	} else {
537	buckets = (struct neighbour __rcu **)
538	__get_free_pages(GFP_ATOMIC | __GFP_ZERO,
539	order: get_order(size));
540	kmemleak_alloc(ptr: buckets, size, min_count: 1, GFP_ATOMIC);
541	}
542	if (!buckets) {
543	kfree(objp: ret);
544	return NULL;
545	}
546	ret->hash_buckets = buckets;
547	ret->hash_shift = shift;
548	for (i = 0; i < NEIGH_NUM_HASH_RND; i++)
549	neigh_get_hash_rnd(x: &ret->hash_rnd[i]);
550	return ret;
551	}
552
553	static void neigh_hash_free_rcu(struct rcu_head *head)
554	{
555	struct neigh_hash_table *nht = container_of(head,
556	struct neigh_hash_table,
557	rcu);
558	size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
559	struct neighbour __rcu **buckets = nht->hash_buckets;
560
561	if (size <= PAGE_SIZE) {
562	kfree(objp: buckets);
563	} else {
564	kmemleak_free(ptr: buckets);
565	free_pages(addr: (unsigned long)buckets, order: get_order(size));
566	}
567	kfree(objp: nht);
568	}
569
570	static struct neigh_hash_table *neigh_hash_grow(struct neigh_table *tbl,
571	unsigned long new_shift)
572	{
573	unsigned int i, hash;
574	struct neigh_hash_table *new_nht, *old_nht;
575
576	NEIGH_CACHE_STAT_INC(tbl, hash_grows);
577
578	old_nht = rcu_dereference_protected(tbl->nht,
579	lockdep_is_held(&tbl->lock));
580	new_nht = neigh_hash_alloc(shift: new_shift);
581	if (!new_nht)
582	return old_nht;
583
584	for (i = 0; i < (1 << old_nht->hash_shift); i++) {
585	struct neighbour *n, *next;
586
587	for (n = rcu_dereference_protected(old_nht->hash_buckets[i],
588	lockdep_is_held(&tbl->lock));
589	n != NULL;
590	n = next) {
591	hash = tbl->hash(n->primary_key, n->dev,
592	new_nht->hash_rnd);
593
594	hash >>= (32 - new_nht->hash_shift);
595	next = rcu_dereference_protected(n->next,
596	lockdep_is_held(&tbl->lock));
597
598	rcu_assign_pointer(n->next,
599	rcu_dereference_protected(
600	new_nht->hash_buckets[hash],
601	lockdep_is_held(&tbl->lock)));
602	rcu_assign_pointer(new_nht->hash_buckets[hash], n);
603	}
604	}
605
606	rcu_assign_pointer(tbl->nht, new_nht);
607	call_rcu(head: &old_nht->rcu, func: neigh_hash_free_rcu);
608	return new_nht;
609	}
610
611	struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
612	struct net_device *dev)
613	{
614	struct neighbour *n;
615
616	NEIGH_CACHE_STAT_INC(tbl, lookups);
617
618	rcu_read_lock();
619	n = __neigh_lookup_noref(tbl, pkey, dev);
620	if (n) {
621	if (!refcount_inc_not_zero(r: &n->refcnt))
622	n = NULL;
623	NEIGH_CACHE_STAT_INC(tbl, hits);
624	}
625
626	rcu_read_unlock();
627	return n;
628	}
629	EXPORT_SYMBOL(neigh_lookup);
630
631	static struct neighbour *
632	___neigh_create(struct neigh_table *tbl, const void *pkey,
633	struct net_device *dev, u32 flags,
634	bool exempt_from_gc, bool want_ref)
635	{
636	u32 hash_val, key_len = tbl->key_len;
637	struct neighbour *n1, *rc, *n;
638	struct neigh_hash_table *nht;
639	int error;
640
641	n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
642	trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
643	if (!n) {
644	rc = ERR_PTR(error: -ENOBUFS);
645	goto out;
646	}
647
648	memcpy(n->primary_key, pkey, key_len);
649	n->dev = dev;
650	netdev_hold(dev, tracker: &n->dev_tracker, GFP_ATOMIC);
651
652	/* Protocol specific setup. */
653	if (tbl->constructor && (error = tbl->constructor(n)) < 0) {
654	rc = ERR_PTR(error);
655	goto out_neigh_release;
656	}
657
658	if (dev->netdev_ops->ndo_neigh_construct) {
659	error = dev->netdev_ops->ndo_neigh_construct(dev, n);
660	if (error < 0) {
661	rc = ERR_PTR(error);
662	goto out_neigh_release;
663	}
664	}
665
666	/* Device specific setup. */
667	if (n->parms->neigh_setup &&
668	(error = n->parms->neigh_setup(n)) < 0) {
669	rc = ERR_PTR(error);
670	goto out_neigh_release;
671	}
672
673	n->confirmed = jiffies - (NEIGH_VAR(n->parms, BASE_REACHABLE_TIME) << 1);
674
675	write_lock_bh(&tbl->lock);
676	nht = rcu_dereference_protected(tbl->nht,
677	lockdep_is_held(&tbl->lock));
678
679	if (atomic_read(v: &tbl->entries) > (1 << nht->hash_shift))
680	nht = neigh_hash_grow(tbl, new_shift: nht->hash_shift + 1);
681
682	hash_val = tbl->hash(n->primary_key, dev, nht->hash_rnd) >> (32 - nht->hash_shift);
683
684	if (n->parms->dead) {
685	rc = ERR_PTR(error: -EINVAL);
686	goto out_tbl_unlock;
687	}
688
689	for (n1 = rcu_dereference_protected(nht->hash_buckets[hash_val],
690	lockdep_is_held(&tbl->lock));
691	n1 != NULL;
692	n1 = rcu_dereference_protected(n1->next,
693	lockdep_is_held(&tbl->lock))) {
694	if (dev == n1->dev && !memcmp(p: n1->primary_key, q: n->primary_key, size: key_len)) {
695	if (want_ref)
696	neigh_hold(n1);
697	rc = n1;
698	goto out_tbl_unlock;
699	}
700	}
701
702	n->dead = 0;
703	if (!exempt_from_gc)
704	list_add_tail(new: &n->gc_list, head: &n->tbl->gc_list);
705	if (n->flags & NTF_MANAGED)
706	list_add_tail(new: &n->managed_list, head: &n->tbl->managed_list);
707	if (want_ref)
708	neigh_hold(n);
709	rcu_assign_pointer(n->next,
710	rcu_dereference_protected(nht->hash_buckets[hash_val],
711	lockdep_is_held(&tbl->lock)));
712	rcu_assign_pointer(nht->hash_buckets[hash_val], n);
713	write_unlock_bh(&tbl->lock);
714	neigh_dbg(2, "neigh %p is created\n", n);
715	rc = n;
716	out:
717	return rc;
718	out_tbl_unlock:
719	write_unlock_bh(&tbl->lock);
720	out_neigh_release:
721	if (!exempt_from_gc)
722	atomic_dec(v: &tbl->gc_entries);
723	neigh_release(neigh: n);
724	goto out;
725	}
726
727	struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
728	struct net_device *dev, bool want_ref)
729	{
730	return ___neigh_create(tbl, pkey, dev, flags: 0, exempt_from_gc: false, want_ref);
731	}
732	EXPORT_SYMBOL(__neigh_create);
733
734	static u32 pneigh_hash(const void *pkey, unsigned int key_len)
735	{
736	u32 hash_val = *(u32 *)(pkey + key_len - 4);
737	hash_val ^= (hash_val >> 16);
738	hash_val ^= hash_val >> 8;
739	hash_val ^= hash_val >> 4;
740	hash_val &= PNEIGH_HASHMASK;
741	return hash_val;
742	}
743
744	static struct pneigh_entry *__pneigh_lookup_1(struct pneigh_entry *n,
745	struct net *net,
746	const void *pkey,
747	unsigned int key_len,
748	struct net_device *dev)
749	{
750	while (n) {
751	if (!memcmp(p: n->key, q: pkey, size: key_len) &&
752	net_eq(net1: pneigh_net(pneigh: n), net2: net) &&
753	(n->dev == dev || !n->dev))
754	return n;
755	n = n->next;
756	}
757	return NULL;
758	}
759
760	struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
761	struct net *net, const void *pkey, struct net_device *dev)
762	{
763	unsigned int key_len = tbl->key_len;
764	u32 hash_val = pneigh_hash(pkey, key_len);
765
766	return __pneigh_lookup_1(n: tbl->phash_buckets[hash_val],
767	net, pkey, key_len, dev);
768	}
769	EXPORT_SYMBOL_GPL(__pneigh_lookup);
770
771	struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
772	struct net *net, const void *pkey,
773	struct net_device *dev, int creat)
774	{
775	struct pneigh_entry *n;
776	unsigned int key_len = tbl->key_len;
777	u32 hash_val = pneigh_hash(pkey, key_len);
778
779	read_lock_bh(&tbl->lock);
780	n = __pneigh_lookup_1(n: tbl->phash_buckets[hash_val],
781	net, pkey, key_len, dev);
782	read_unlock_bh(&tbl->lock);
783
784	if (n || !creat)
785	goto out;
786
787	ASSERT_RTNL();
788
789	n = kzalloc(size: sizeof(*n) + key_len, GFP_KERNEL);
790	if (!n)
791	goto out;
792
793	write_pnet(pnet: &n->net, net);
794	memcpy(n->key, pkey, key_len);
795	n->dev = dev;
796	netdev_hold(dev, tracker: &n->dev_tracker, GFP_KERNEL);
797
798	if (tbl->pconstructor && tbl->pconstructor(n)) {
799	netdev_put(dev, tracker: &n->dev_tracker);
800	kfree(objp: n);
801	n = NULL;
802	goto out;
803	}
804
805	write_lock_bh(&tbl->lock);
806	n->next = tbl->phash_buckets[hash_val];
807	tbl->phash_buckets[hash_val] = n;
808	write_unlock_bh(&tbl->lock);
809	out:
810	return n;
811	}
812	EXPORT_SYMBOL(pneigh_lookup);
813
814
815	int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *pkey,
816	struct net_device *dev)
817	{
818	struct pneigh_entry *n, **np;
819	unsigned int key_len = tbl->key_len;
820	u32 hash_val = pneigh_hash(pkey, key_len);
821
822	write_lock_bh(&tbl->lock);
823	for (np = &tbl->phash_buckets[hash_val]; (n = *np) != NULL;
824	np = &n->next) {
825	if (!memcmp(p: n->key, q: pkey, size: key_len) && n->dev == dev &&
826	net_eq(net1: pneigh_net(pneigh: n), net2: net)) {
827	*np = n->next;
828	write_unlock_bh(&tbl->lock);
829	if (tbl->pdestructor)
830	tbl->pdestructor(n);
831	netdev_put(dev: n->dev, tracker: &n->dev_tracker);
832	kfree(objp: n);
833	return 0;
834	}
835	}
836	write_unlock_bh(&tbl->lock);
837	return -ENOENT;
838	}
839
840	static int pneigh_ifdown_and_unlock(struct neigh_table *tbl,
841	struct net_device *dev)
842	{
843	struct pneigh_entry *n, **np, *freelist = NULL;
844	u32 h;
845
846	for (h = 0; h <= PNEIGH_HASHMASK; h++) {
847	np = &tbl->phash_buckets[h];
848	while ((n = *np) != NULL) {
849	if (!dev || n->dev == dev) {
850	*np = n->next;
851	n->next = freelist;
852	freelist = n;
853	continue;
854	}
855	np = &n->next;
856	}
857	}
858	write_unlock_bh(&tbl->lock);
859	while ((n = freelist)) {
860	freelist = n->next;
861	n->next = NULL;
862	if (tbl->pdestructor)
863	tbl->pdestructor(n);
864	netdev_put(dev: n->dev, tracker: &n->dev_tracker);
865	kfree(objp: n);
866	}
867	return -ENOENT;
868	}
869
870	static void neigh_parms_destroy(struct neigh_parms *parms);
871
872	static inline void neigh_parms_put(struct neigh_parms *parms)
873	{
874	if (refcount_dec_and_test(r: &parms->refcnt))
875	neigh_parms_destroy(parms);
876	}
877
878	/*
879	* neighbour must already be out of the table;
880	*
881	*/
882	void neigh_destroy(struct neighbour *neigh)
883	{
884	struct net_device *dev = neigh->dev;
885
886	NEIGH_CACHE_STAT_INC(neigh->tbl, destroys);
887
888	if (!neigh->dead) {
889	pr_warn("Destroying alive neighbour %p\n", neigh);
890	dump_stack();
891	return;
892	}
893
894	if (neigh_del_timer(n: neigh))
895	pr_warn("Impossible event\n");
896
897	write_lock_bh(&neigh->lock);
898	__skb_queue_purge(list: &neigh->arp_queue);
899	write_unlock_bh(&neigh->lock);
900	neigh->arp_queue_len_bytes = 0;
901
902	if (dev->netdev_ops->ndo_neigh_destroy)
903	dev->netdev_ops->ndo_neigh_destroy(dev, neigh);
904
905	netdev_put(dev, tracker: &neigh->dev_tracker);
906	neigh_parms_put(parms: neigh->parms);
907
908	neigh_dbg(2, "neigh %p is destroyed\n", neigh);
909
910	atomic_dec(v: &neigh->tbl->entries);
911	kfree_rcu(neigh, rcu);
912	}
913	EXPORT_SYMBOL(neigh_destroy);
914
915	/* Neighbour state is suspicious;
916	disable fast path.
917
918	Called with write_locked neigh.
919	*/
920	static void neigh_suspect(struct neighbour *neigh)
921	{
922	neigh_dbg(2, "neigh %p is suspected\n", neigh);
923
924	WRITE_ONCE(neigh->output, neigh->ops->output);
925	}
926
927	/* Neighbour state is OK;
928	enable fast path.
929
930	Called with write_locked neigh.
931	*/
932	static void neigh_connect(struct neighbour *neigh)
933	{
934	neigh_dbg(2, "neigh %p is connected\n", neigh);
935
936	WRITE_ONCE(neigh->output, neigh->ops->connected_output);
937	}
938
939	static void neigh_periodic_work(struct work_struct *work)
940	{
941	struct neigh_table *tbl = container_of(work, struct neigh_table, gc_work.work);
942	struct neighbour *n;
943	struct neighbour __rcu **np;
944	unsigned int i;
945	struct neigh_hash_table *nht;
946
947	NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs);
948
949	write_lock_bh(&tbl->lock);
950	nht = rcu_dereference_protected(tbl->nht,
951	lockdep_is_held(&tbl->lock));
952
953	/*
954	* periodically recompute ReachableTime from random function
955	*/
956
957	if (time_after(jiffies, tbl->last_rand + 300 * HZ)) {
958	struct neigh_parms *p;
959
960	WRITE_ONCE(tbl->last_rand, jiffies);
961	list_for_each_entry(p, &tbl->parms_list, list)
962	p->reachable_time =
963	neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
964	}
965
966	if (atomic_read(v: &tbl->entries) < READ_ONCE(tbl->gc_thresh1))
967	goto out;
968
969	for (i = 0 ; i < (1 << nht->hash_shift); i++) {
970	np = &nht->hash_buckets[i];
971
972	while ((n = rcu_dereference_protected(*np,
973	lockdep_is_held(&tbl->lock))) != NULL) {
974	unsigned int state;
975
976	write_lock(&n->lock);
977
978	state = n->nud_state;
979	if ((state & (NUD_PERMANENT | NUD_IN_TIMER)) ||
980	(n->flags & NTF_EXT_LEARNED)) {
981	write_unlock(&n->lock);
982	goto next_elt;
983	}
984
985	if (time_before(n->used, n->confirmed) &&
986	time_is_before_eq_jiffies(n->confirmed))
987	n->used = n->confirmed;
988
989	if (refcount_read(r: &n->refcnt) == 1 &&
990	(state == NUD_FAILED ||
991	!time_in_range_open(jiffies, n->used,
992	n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
993	rcu_assign_pointer(*np,
994	rcu_dereference_protected(n->next,
995	lockdep_is_held(&tbl->lock)));
996	neigh_mark_dead(n);
997	write_unlock(&n->lock);
998	neigh_cleanup_and_release(neigh: n);
999	continue;
1000	}
1001	write_unlock(&n->lock);
1002
1003	next_elt:
1004	np = &n->next;
1005	}
1006	/*
1007	* It's fine to release lock here, even if hash table
1008	* grows while we are preempted.
1009	*/
1010	write_unlock_bh(&tbl->lock);
1011	cond_resched();
1012	write_lock_bh(&tbl->lock);
1013	nht = rcu_dereference_protected(tbl->nht,
1014	lockdep_is_held(&tbl->lock));
1015	}
1016	out:
1017	/* Cycle through all hash buckets every BASE_REACHABLE_TIME/2 ticks.
1018	* ARP entry timeouts range from 1/2 BASE_REACHABLE_TIME to 3/2
1019	* BASE_REACHABLE_TIME.
1020	*/
1021	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->gc_work,
1022	NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME) >> 1);
1023	write_unlock_bh(&tbl->lock);
1024	}
1025
1026	static __inline__ int neigh_max_probes(struct neighbour *n)
1027	{
1028	struct neigh_parms *p = n->parms;
1029	return NEIGH_VAR(p, UCAST_PROBES) + NEIGH_VAR(p, APP_PROBES) +
1030	(n->nud_state & NUD_PROBE ? NEIGH_VAR(p, MCAST_REPROBES) :
1031	NEIGH_VAR(p, MCAST_PROBES));
1032	}
1033
1034	static void neigh_invalidate(struct neighbour *neigh)
1035	__releases(neigh->lock)
1036	__acquires(neigh->lock)
1037	{
1038	struct sk_buff *skb;
1039
1040	NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
1041	neigh_dbg(2, "neigh %p is failed\n", neigh);
1042	neigh->updated = jiffies;
1043
1044	/* It is very thin place. report_unreachable is very complicated
1045	routine. Particularly, it can hit the same neighbour entry!
1046
1047	So that, we try to be accurate and avoid dead loop. --ANK
1048	*/
1049	while (neigh->nud_state == NUD_FAILED &&
1050	(skb = __skb_dequeue(list: &neigh->arp_queue)) != NULL) {
1051	write_unlock(&neigh->lock);
1052	neigh->ops->error_report(neigh, skb);
1053	write_lock(&neigh->lock);
1054	}
1055	__skb_queue_purge(list: &neigh->arp_queue);
1056	neigh->arp_queue_len_bytes = 0;
1057	}
1058
1059	static void neigh_probe(struct neighbour *neigh)
1060	__releases(neigh->lock)
1061	{
1062	struct sk_buff *skb = skb_peek_tail(list_: &neigh->arp_queue);
1063	/* keep skb alive even if arp_queue overflows */
1064	if (skb)
1065	skb = skb_clone(skb, GFP_ATOMIC);
1066	write_unlock(&neigh->lock);
1067	if (neigh->ops->solicit)
1068	neigh->ops->solicit(neigh, skb);
1069	atomic_inc(v: &neigh->probes);
1070	consume_skb(skb);
1071	}
1072
1073	/* Called when a timer expires for a neighbour entry. */
1074
1075	static void neigh_timer_handler(struct timer_list *t)
1076	{
1077	unsigned long now, next;
1078	struct neighbour *neigh = from_timer(neigh, t, timer);
1079	unsigned int state;
1080	int notify = 0;
1081
1082	write_lock(&neigh->lock);
1083
1084	state = neigh->nud_state;
1085	now = jiffies;
1086	next = now + HZ;
1087
1088	if (!(state & NUD_IN_TIMER))
1089	goto out;
1090
1091	if (state & NUD_REACHABLE) {
1092	if (time_before_eq(now,
1093	neigh->confirmed + neigh->parms->reachable_time)) {
1094	neigh_dbg(2, "neigh %p is still alive\n", neigh);
1095	next = neigh->confirmed + neigh->parms->reachable_time;
1096	} else if (time_before_eq(now,
1097	neigh->used +
1098	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1099	neigh_dbg(2, "neigh %p is delayed\n", neigh);
1100	WRITE_ONCE(neigh->nud_state, NUD_DELAY);
1101	neigh->updated = jiffies;
1102	neigh_suspect(neigh);
1103	next = now + NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME);
1104	} else {
1105	neigh_dbg(2, "neigh %p is suspected\n", neigh);
1106	WRITE_ONCE(neigh->nud_state, NUD_STALE);
1107	neigh->updated = jiffies;
1108	neigh_suspect(neigh);
1109	notify = 1;
1110	}
1111	} else if (state & NUD_DELAY) {
1112	if (time_before_eq(now,
1113	neigh->confirmed +
1114	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME))) {
1115	neigh_dbg(2, "neigh %p is now reachable\n", neigh);
1116	WRITE_ONCE(neigh->nud_state, NUD_REACHABLE);
1117	neigh->updated = jiffies;
1118	neigh_connect(neigh);
1119	notify = 1;
1120	next = neigh->confirmed + neigh->parms->reachable_time;
1121	} else {
1122	neigh_dbg(2, "neigh %p is probed\n", neigh);
1123	WRITE_ONCE(neigh->nud_state, NUD_PROBE);
1124	neigh->updated = jiffies;
1125	atomic_set(v: &neigh->probes, i: 0);
1126	notify = 1;
1127	next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1128	HZ/100);
1129	}
1130	} else {
1131	/* NUD_PROBE|NUD_INCOMPLETE */
1132	next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
1133	}
1134
1135	if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
1136	atomic_read(v: &neigh->probes) >= neigh_max_probes(n: neigh)) {
1137	WRITE_ONCE(neigh->nud_state, NUD_FAILED);
1138	notify = 1;
1139	neigh_invalidate(neigh);
1140	goto out;
1141	}
1142
1143	if (neigh->nud_state & NUD_IN_TIMER) {
1144	if (time_before(next, jiffies + HZ/100))
1145	next = jiffies + HZ/100;
1146	if (!mod_timer(timer: &neigh->timer, expires: next))
1147	neigh_hold(neigh);
1148	}
1149	if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
1150	neigh_probe(neigh);
1151	} else {
1152	out:
1153	write_unlock(&neigh->lock);
1154	}
1155
1156	if (notify)
1157	neigh_update_notify(neigh, nlmsg_pid: 0);
1158
1159	trace_neigh_timer_handler(neigh, err: 0);
1160
1161	neigh_release(neigh);
1162	}
1163
1164	int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb,
1165	const bool immediate_ok)
1166	{
1167	int rc;
1168	bool immediate_probe = false;
1169
1170	write_lock_bh(&neigh->lock);
1171
1172	rc = 0;
1173	if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
1174	goto out_unlock_bh;
1175	if (neigh->dead)
1176	goto out_dead;
1177
1178	if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
1179	if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
1180	NEIGH_VAR(neigh->parms, APP_PROBES)) {
1181	unsigned long next, now = jiffies;
1182
1183	atomic_set(v: &neigh->probes,
1184	NEIGH_VAR(neigh->parms, UCAST_PROBES));
1185	neigh_del_timer(n: neigh);
1186	WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE);
1187	neigh->updated = now;
1188	if (!immediate_ok) {
1189	next = now + 1;
1190	} else {
1191	immediate_probe = true;
1192	next = now + max(NEIGH_VAR(neigh->parms,
1193	RETRANS_TIME),
1194	HZ / 100);
1195	}
1196	neigh_add_timer(n: neigh, when: next);
1197	} else {
1198	WRITE_ONCE(neigh->nud_state, NUD_FAILED);
1199	neigh->updated = jiffies;
1200	write_unlock_bh(&neigh->lock);
1201
1202	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_FAILED);
1203	return 1;
1204	}
1205	} else if (neigh->nud_state & NUD_STALE) {
1206	neigh_dbg(2, "neigh %p is delayed\n", neigh);
1207	neigh_del_timer(n: neigh);
1208	WRITE_ONCE(neigh->nud_state, NUD_DELAY);
1209	neigh->updated = jiffies;
1210	neigh_add_timer(n: neigh, when: jiffies +
1211	NEIGH_VAR(neigh->parms, DELAY_PROBE_TIME));
1212	}
1213
1214	if (neigh->nud_state == NUD_INCOMPLETE) {
1215	if (skb) {
1216	while (neigh->arp_queue_len_bytes + skb->truesize >
1217	NEIGH_VAR(neigh->parms, QUEUE_LEN_BYTES)) {
1218	struct sk_buff *buff;
1219
1220	buff = __skb_dequeue(list: &neigh->arp_queue);
1221	if (!buff)
1222	break;
1223	neigh->arp_queue_len_bytes -= buff->truesize;
1224	kfree_skb_reason(skb: buff, reason: SKB_DROP_REASON_NEIGH_QUEUEFULL);
1225	NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
1226	}
1227	skb_dst_force(skb);
1228	__skb_queue_tail(list: &neigh->arp_queue, newsk: skb);
1229	neigh->arp_queue_len_bytes += skb->truesize;
1230	}
1231	rc = 1;
1232	}
1233	out_unlock_bh:
1234	if (immediate_probe)
1235	neigh_probe(neigh);
1236	else
1237	write_unlock(&neigh->lock);
1238	local_bh_enable();
1239	trace_neigh_event_send_done(neigh, err: rc);
1240	return rc;
1241
1242	out_dead:
1243	if (neigh->nud_state & NUD_STALE)
1244	goto out_unlock_bh;
1245	write_unlock_bh(&neigh->lock);
1246	kfree_skb_reason(skb, reason: SKB_DROP_REASON_NEIGH_DEAD);
1247	trace_neigh_event_send_dead(neigh, err: 1);
1248	return 1;
1249	}
1250	EXPORT_SYMBOL(__neigh_event_send);
1251
1252	static void neigh_update_hhs(struct neighbour *neigh)
1253	{
1254	struct hh_cache *hh;
1255	void (*update)(struct hh_cache*, const struct net_device*, const unsigned char *)
1256	= NULL;
1257
1258	if (neigh->dev->header_ops)
1259	update = neigh->dev->header_ops->cache_update;
1260
1261	if (update) {
1262	hh = &neigh->hh;
1263	if (READ_ONCE(hh->hh_len)) {
1264	write_seqlock_bh(sl: &hh->hh_lock);
1265	update(hh, neigh->dev, neigh->ha);
1266	write_sequnlock_bh(sl: &hh->hh_lock);
1267	}
1268	}
1269	}
1270
1271	/* Generic update routine.
1272	-- lladdr is new lladdr or NULL, if it is not supplied.
1273	-- new is new state.
1274	-- flags
1275	NEIGH_UPDATE_F_OVERRIDE allows to override existing lladdr,
1276	if it is different.
1277	NEIGH_UPDATE_F_WEAK_OVERRIDE will suspect existing "connected"
1278	lladdr instead of overriding it
1279	if it is different.
1280	NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1281	NEIGH_UPDATE_F_USE means that the entry is user triggered.
1282	NEIGH_UPDATE_F_MANAGED means that the entry will be auto-refreshed.
1283	NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1284	NTF_ROUTER flag.
1285	NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
1286	a router.
1287
1288	Caller MUST hold reference count on the entry.
1289	*/
1290	static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
1291	u8 new, u32 flags, u32 nlmsg_pid,
1292	struct netlink_ext_ack *extack)
1293	{
1294	bool gc_update = false, managed_update = false;
1295	int update_isrouter = 0;
1296	struct net_device *dev;
1297	int err, notify = 0;
1298	u8 old;
1299
1300	trace_neigh_update(n: neigh, lladdr, new, flags, nlmsg_pid);
1301
1302	write_lock_bh(&neigh->lock);
1303
1304	dev = neigh->dev;
1305	old = neigh->nud_state;
1306	err = -EPERM;
1307
1308	if (neigh->dead) {
1309	NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
1310	new = old;
1311	goto out;
1312	}
1313	if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1314	(old & (NUD_NOARP | NUD_PERMANENT)))
1315	goto out;
1316
1317	neigh_update_flags(neigh, flags, notify: &notify, gc_update: &gc_update, managed_update: &managed_update);
1318	if (flags & (NEIGH_UPDATE_F_USE | NEIGH_UPDATE_F_MANAGED)) {
1319	new = old & ~NUD_PERMANENT;
1320	WRITE_ONCE(neigh->nud_state, new);
1321	err = 0;
1322	goto out;
1323	}
1324
1325	if (!(new & NUD_VALID)) {
1326	neigh_del_timer(n: neigh);
1327	if (old & NUD_CONNECTED)
1328	neigh_suspect(neigh);
1329	WRITE_ONCE(neigh->nud_state, new);
1330	err = 0;
1331	notify = old & NUD_VALID;
1332	if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
1333	(new & NUD_FAILED)) {
1334	neigh_invalidate(neigh);
1335	notify = 1;
1336	}
1337	goto out;
1338	}
1339
1340	/* Compare new lladdr with cached one */
1341	if (!dev->addr_len) {
1342	/* First case: device needs no address. */
1343	lladdr = neigh->ha;
1344	} else if (lladdr) {
1345	/* The second case: if something is already cached
1346	and a new address is proposed:
1347	- compare new & old
1348	- if they are different, check override flag
1349	*/
1350	if ((old & NUD_VALID) &&
1351	!memcmp(p: lladdr, q: neigh->ha, size: dev->addr_len))
1352	lladdr = neigh->ha;
1353	} else {
1354	/* No address is supplied; if we know something,
1355	use it, otherwise discard the request.
1356	*/
1357	err = -EINVAL;
1358	if (!(old & NUD_VALID)) {
1359	NL_SET_ERR_MSG(extack, "No link layer address given");
1360	goto out;
1361	}
1362	lladdr = neigh->ha;
1363	}
1364
1365	/* Update confirmed timestamp for neighbour entry after we
1366	* received ARP packet even if it doesn't change IP to MAC binding.
1367	*/
1368	if (new & NUD_CONNECTED)
1369	neigh->confirmed = jiffies;
1370
1371	/* If entry was valid and address is not changed,
1372	do not change entry state, if new one is STALE.
1373	*/
1374	err = 0;
1375	update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1376	if (old & NUD_VALID) {
1377	if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) {
1378	update_isrouter = 0;
1379	if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1380	(old & NUD_CONNECTED)) {
1381	lladdr = neigh->ha;
1382	new = NUD_STALE;
1383	} else
1384	goto out;
1385	} else {
1386	if (lladdr == neigh->ha && new == NUD_STALE &&
1387	!(flags & NEIGH_UPDATE_F_ADMIN))
1388	new = old;
1389	}
1390	}
1391
1392	/* Update timestamp only once we know we will make a change to the
1393	* neighbour entry. Otherwise we risk to move the locktime window with
1394	* noop updates and ignore relevant ARP updates.
1395	*/
1396	if (new != old || lladdr != neigh->ha)
1397	neigh->updated = jiffies;
1398
1399	if (new != old) {
1400	neigh_del_timer(n: neigh);
1401	if (new & NUD_PROBE)
1402	atomic_set(v: &neigh->probes, i: 0);
1403	if (new & NUD_IN_TIMER)
1404	neigh_add_timer(n: neigh, when: (jiffies +
1405	((new & NUD_REACHABLE) ?
1406	neigh->parms->reachable_time :
1407	0)));
1408	WRITE_ONCE(neigh->nud_state, new);
1409	notify = 1;
1410	}
1411
1412	if (lladdr != neigh->ha) {
1413	write_seqlock(sl: &neigh->ha_lock);
1414	memcpy(&neigh->ha, lladdr, dev->addr_len);
1415	write_sequnlock(sl: &neigh->ha_lock);
1416	neigh_update_hhs(neigh);
1417	if (!(new & NUD_CONNECTED))
1418	neigh->confirmed = jiffies -
1419	(NEIGH_VAR(neigh->parms, BASE_REACHABLE_TIME) << 1);
1420	notify = 1;
1421	}
1422	if (new == old)
1423	goto out;
1424	if (new & NUD_CONNECTED)
1425	neigh_connect(neigh);
1426	else
1427	neigh_suspect(neigh);
1428	if (!(old & NUD_VALID)) {
1429	struct sk_buff *skb;
1430
1431	/* Again: avoid dead loop if something went wrong */
1432
1433	while (neigh->nud_state & NUD_VALID &&
1434	(skb = __skb_dequeue(list: &neigh->arp_queue)) != NULL) {
1435	struct dst_entry *dst = skb_dst(skb);
1436	struct neighbour *n2, *n1 = neigh;
1437	write_unlock_bh(&neigh->lock);
1438
1439	rcu_read_lock();
1440
1441	/* Why not just use 'neigh' as-is? The problem is that
1442	* things such as shaper, eql, and sch_teql can end up
1443	* using alternative, different, neigh objects to output
1444	* the packet in the output path. So what we need to do
1445	* here is re-lookup the top-level neigh in the path so
1446	* we can reinject the packet there.
1447	*/
1448	n2 = NULL;
1449	if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
1450	n2 = dst_neigh_lookup_skb(dst, skb);
1451	if (n2)
1452	n1 = n2;
1453	}
1454	READ_ONCE(n1->output)(n1, skb);
1455	if (n2)
1456	neigh_release(neigh: n2);
1457	rcu_read_unlock();
1458
1459	write_lock_bh(&neigh->lock);
1460	}
1461	__skb_queue_purge(list: &neigh->arp_queue);
1462	neigh->arp_queue_len_bytes = 0;
1463	}
1464	out:
1465	if (update_isrouter)
1466	neigh_update_is_router(neigh, flags, notify: &notify);
1467	write_unlock_bh(&neigh->lock);
1468	if (((new ^ old) & NUD_PERMANENT) || gc_update)
1469	neigh_update_gc_list(n: neigh);
1470	if (managed_update)
1471	neigh_update_managed_list(n: neigh);
1472	if (notify)
1473	neigh_update_notify(neigh, nlmsg_pid);
1474	trace_neigh_update_done(neigh, err);
1475	return err;
1476	}
1477
1478	int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1479	u32 flags, u32 nlmsg_pid)
1480	{
1481	return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1482	}
1483	EXPORT_SYMBOL(neigh_update);
1484
1485	/* Update the neigh to listen temporarily for probe responses, even if it is
1486	* in a NUD_FAILED state. The caller has to hold neigh->lock for writing.
1487	*/
1488	void __neigh_set_probe_once(struct neighbour *neigh)
1489	{
1490	if (neigh->dead)
1491	return;
1492	neigh->updated = jiffies;
1493	if (!(neigh->nud_state & NUD_FAILED))
1494	return;
1495	WRITE_ONCE(neigh->nud_state, NUD_INCOMPLETE);
1496	atomic_set(v: &neigh->probes, i: neigh_max_probes(n: neigh));
1497	neigh_add_timer(n: neigh,
1498	when: jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1499	HZ/100));
1500	}
1501	EXPORT_SYMBOL(__neigh_set_probe_once);
1502
1503	struct neighbour *neigh_event_ns(struct neigh_table *tbl,
1504	u8 *lladdr, void *saddr,
1505	struct net_device *dev)
1506	{
1507	struct neighbour *neigh = __neigh_lookup(tbl, pkey: saddr, dev,
1508	creat: lladdr || !dev->addr_len);
1509	if (neigh)
1510	neigh_update(neigh, lladdr, NUD_STALE,
1511	NEIGH_UPDATE_F_OVERRIDE, 0);
1512	return neigh;
1513	}
1514	EXPORT_SYMBOL(neigh_event_ns);
1515
1516	/* called with read_lock_bh(&n->lock); */
1517	static void neigh_hh_init(struct neighbour *n)
1518	{
1519	struct net_device *dev = n->dev;
1520	__be16 prot = n->tbl->protocol;
1521	struct hh_cache *hh = &n->hh;
1522
1523	write_lock_bh(&n->lock);
1524
1525	/* Only one thread can come in here and initialize the
1526	* hh_cache entry.
1527	*/
1528	if (!hh->hh_len)
1529	dev->header_ops->cache(n, hh, prot);
1530
1531	write_unlock_bh(&n->lock);
1532	}
1533
1534	/* Slow and careful. */
1535
1536	int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1537	{
1538	int rc = 0;
1539
1540	if (!neigh_event_send(neigh, skb)) {
1541	int err;
1542	struct net_device *dev = neigh->dev;
1543	unsigned int seq;
1544
1545	if (dev->header_ops->cache && !READ_ONCE(neigh->hh.hh_len))
1546	neigh_hh_init(n: neigh);
1547
1548	do {
1549	__skb_pull(skb, len: skb_network_offset(skb));
1550	seq = read_seqbegin(sl: &neigh->ha_lock);
1551	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1552	daddr: neigh->ha, NULL, len: skb->len);
1553	} while (read_seqretry(sl: &neigh->ha_lock, start: seq));
1554
1555	if (err >= 0)
1556	rc = dev_queue_xmit(skb);
1557	else
1558	goto out_kfree_skb;
1559	}
1560	out:
1561	return rc;
1562	out_kfree_skb:
1563	rc = -EINVAL;
1564	kfree_skb(skb);
1565	goto out;
1566	}
1567	EXPORT_SYMBOL(neigh_resolve_output);
1568
1569	/* As fast as possible without hh cache */
1570
1571	int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1572	{
1573	struct net_device *dev = neigh->dev;
1574	unsigned int seq;
1575	int err;
1576
1577	do {
1578	__skb_pull(skb, len: skb_network_offset(skb));
1579	seq = read_seqbegin(sl: &neigh->ha_lock);
1580	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1581	daddr: neigh->ha, NULL, len: skb->len);
1582	} while (read_seqretry(sl: &neigh->ha_lock, start: seq));
1583
1584	if (err >= 0)
1585	err = dev_queue_xmit(skb);
1586	else {
1587	err = -EINVAL;
1588	kfree_skb(skb);
1589	}
1590	return err;
1591	}
1592	EXPORT_SYMBOL(neigh_connected_output);
1593
1594	int neigh_direct_output(struct neighbour *neigh, struct sk_buff *skb)
1595	{
1596	return dev_queue_xmit(skb);
1597	}
1598	EXPORT_SYMBOL(neigh_direct_output);
1599
1600	static void neigh_managed_work(struct work_struct *work)
1601	{
1602	struct neigh_table *tbl = container_of(work, struct neigh_table,
1603	managed_work.work);
1604	struct neighbour *neigh;
1605
1606	write_lock_bh(&tbl->lock);
1607	list_for_each_entry(neigh, &tbl->managed_list, managed_list)
1608	neigh_event_send_probe(neigh, NULL, immediate_ok: false);
1609	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->managed_work,
1610	NEIGH_VAR(&tbl->parms, INTERVAL_PROBE_TIME_MS));
1611	write_unlock_bh(&tbl->lock);
1612	}
1613
1614	static void neigh_proxy_process(struct timer_list *t)
1615	{
1616	struct neigh_table *tbl = from_timer(tbl, t, proxy_timer);
1617	long sched_next = 0;
1618	unsigned long now = jiffies;
1619	struct sk_buff *skb, *n;
1620
1621	spin_lock(lock: &tbl->proxy_queue.lock);
1622
1623	skb_queue_walk_safe(&tbl->proxy_queue, skb, n) {
1624	long tdif = NEIGH_CB(skb)->sched_next - now;
1625
1626	if (tdif <= 0) {
1627	struct net_device *dev = skb->dev;
1628
1629	neigh_parms_qlen_dec(dev, family: tbl->family);
1630	__skb_unlink(skb, list: &tbl->proxy_queue);
1631
1632	if (tbl->proxy_redo && netif_running(dev)) {
1633	rcu_read_lock();
1634	tbl->proxy_redo(skb);
1635	rcu_read_unlock();
1636	} else {
1637	kfree_skb(skb);
1638	}
1639
1640	dev_put(dev);
1641	} else if (!sched_next || tdif < sched_next)
1642	sched_next = tdif;
1643	}
1644	del_timer(timer: &tbl->proxy_timer);
1645	if (sched_next)
1646	mod_timer(timer: &tbl->proxy_timer, expires: jiffies + sched_next);
1647	spin_unlock(lock: &tbl->proxy_queue.lock);
1648	}
1649
1650	static unsigned long neigh_proxy_delay(struct neigh_parms *p)
1651	{
1652	/* If proxy_delay is zero, do not call get_random_u32_below()
1653	* as it is undefined behavior.
1654	*/
1655	unsigned long proxy_delay = NEIGH_VAR(p, PROXY_DELAY);
1656
1657	return proxy_delay ?
1658	jiffies + get_random_u32_below(ceil: proxy_delay) : jiffies;
1659	}
1660
1661	void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
1662	struct sk_buff *skb)
1663	{
1664	unsigned long sched_next = neigh_proxy_delay(p);
1665
1666	if (p->qlen > NEIGH_VAR(p, PROXY_QLEN)) {
1667	kfree_skb(skb);
1668	return;
1669	}
1670
1671	NEIGH_CB(skb)->sched_next = sched_next;
1672	NEIGH_CB(skb)->flags |= LOCALLY_ENQUEUED;
1673
1674	spin_lock(lock: &tbl->proxy_queue.lock);
1675	if (del_timer(timer: &tbl->proxy_timer)) {
1676	if (time_before(tbl->proxy_timer.expires, sched_next))
1677	sched_next = tbl->proxy_timer.expires;
1678	}
1679	skb_dst_drop(skb);
1680	dev_hold(dev: skb->dev);
1681	__skb_queue_tail(list: &tbl->proxy_queue, newsk: skb);
1682	p->qlen++;
1683	mod_timer(timer: &tbl->proxy_timer, expires: sched_next);
1684	spin_unlock(lock: &tbl->proxy_queue.lock);
1685	}
1686	EXPORT_SYMBOL(pneigh_enqueue);
1687
1688	static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
1689	struct net *net, int ifindex)
1690	{
1691	struct neigh_parms *p;
1692
1693	list_for_each_entry(p, &tbl->parms_list, list) {
1694	if ((p->dev && p->dev->ifindex == ifindex && net_eq(net1: neigh_parms_net(parms: p), net2: net)) ||
1695	(!p->dev && !ifindex && net_eq(net1: net, net2: &init_net)))
1696	return p;
1697	}
1698
1699	return NULL;
1700	}
1701
1702	struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1703	struct neigh_table *tbl)
1704	{
1705	struct neigh_parms *p;
1706	struct net *net = dev_net(dev);
1707	const struct net_device_ops *ops = dev->netdev_ops;
1708
1709	p = kmemdup(p: &tbl->parms, size: sizeof(*p), GFP_KERNEL);
1710	if (p) {
1711	p->tbl = tbl;
1712	refcount_set(r: &p->refcnt, n: 1);
1713	p->reachable_time =
1714	neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
1715	p->qlen = 0;
1716	netdev_hold(dev, tracker: &p->dev_tracker, GFP_KERNEL);
1717	p->dev = dev;
1718	write_pnet(pnet: &p->net, net);
1719	p->sysctl_table = NULL;
1720
1721	if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1722	netdev_put(dev, tracker: &p->dev_tracker);
1723	kfree(objp: p);
1724	return NULL;
1725	}
1726
1727	write_lock_bh(&tbl->lock);
1728	list_add(new: &p->list, head: &tbl->parms.list);
1729	write_unlock_bh(&tbl->lock);
1730
1731	neigh_parms_data_state_cleanall(p);
1732	}
1733	return p;
1734	}
1735	EXPORT_SYMBOL(neigh_parms_alloc);
1736
1737	static void neigh_rcu_free_parms(struct rcu_head *head)
1738	{
1739	struct neigh_parms *parms =
1740	container_of(head, struct neigh_parms, rcu_head);
1741
1742	neigh_parms_put(parms);
1743	}
1744
1745	void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
1746	{
1747	if (!parms || parms == &tbl->parms)
1748	return;
1749	write_lock_bh(&tbl->lock);
1750	list_del(entry: &parms->list);
1751	parms->dead = 1;
1752	write_unlock_bh(&tbl->lock);
1753	netdev_put(dev: parms->dev, tracker: &parms->dev_tracker);
1754	call_rcu(head: &parms->rcu_head, func: neigh_rcu_free_parms);
1755	}
1756	EXPORT_SYMBOL(neigh_parms_release);
1757
1758	static void neigh_parms_destroy(struct neigh_parms *parms)
1759	{
1760	kfree(objp: parms);
1761	}
1762
1763	static struct lock_class_key neigh_table_proxy_queue_class;
1764
1765	static struct neigh_table *neigh_tables[NEIGH_NR_TABLES] __read_mostly;
1766
1767	void neigh_table_init(int index, struct neigh_table *tbl)
1768	{
1769	unsigned long now = jiffies;
1770	unsigned long phsize;
1771
1772	INIT_LIST_HEAD(list: &tbl->parms_list);
1773	INIT_LIST_HEAD(list: &tbl->gc_list);
1774	INIT_LIST_HEAD(list: &tbl->managed_list);
1775
1776	list_add(new: &tbl->parms.list, head: &tbl->parms_list);
1777	write_pnet(pnet: &tbl->parms.net, net: &init_net);
1778	refcount_set(r: &tbl->parms.refcnt, n: 1);
1779	tbl->parms.reachable_time =
1780	neigh_rand_reach_time(NEIGH_VAR(&tbl->parms, BASE_REACHABLE_TIME));
1781	tbl->parms.qlen = 0;
1782
1783	tbl->stats = alloc_percpu(struct neigh_statistics);
1784	if (!tbl->stats)
1785	panic(fmt: "cannot create neighbour cache statistics");
1786
1787	#ifdef CONFIG_PROC_FS
1788	if (!proc_create_seq_data(tbl->id, 0, init_net.proc_net_stat,
1789	&neigh_stat_seq_ops, tbl))
1790	panic(fmt: "cannot create neighbour proc dir entry");
1791	#endif
1792
1793	RCU_INIT_POINTER(tbl->nht, neigh_hash_alloc(3));
1794
1795	phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *);
1796	tbl->phash_buckets = kzalloc(size: phsize, GFP_KERNEL);
1797
1798	if (!tbl->nht || !tbl->phash_buckets)
1799	panic(fmt: "cannot allocate neighbour cache hashes");
1800
1801	if (!tbl->entry_size)
1802	tbl->entry_size = ALIGN(offsetof(struct neighbour, primary_key) +
1803	tbl->key_len, NEIGH_PRIV_ALIGN);
1804	else
1805	WARN_ON(tbl->entry_size % NEIGH_PRIV_ALIGN);
1806
1807	rwlock_init(&tbl->lock);
1808
1809	INIT_DEFERRABLE_WORK(&tbl->gc_work, neigh_periodic_work);
1810	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->gc_work,
1811	delay: tbl->parms.reachable_time);
1812	INIT_DEFERRABLE_WORK(&tbl->managed_work, neigh_managed_work);
1813	queue_delayed_work(wq: system_power_efficient_wq, dwork: &tbl->managed_work, delay: 0);
1814
1815	timer_setup(&tbl->proxy_timer, neigh_proxy_process, 0);
1816	skb_queue_head_init_class(list: &tbl->proxy_queue,
1817	class: &neigh_table_proxy_queue_class);
1818
1819	tbl->last_flush = now;
1820	tbl->last_rand = now + tbl->parms.reachable_time * 20;
1821
1822	neigh_tables[index] = tbl;
1823	}
1824	EXPORT_SYMBOL(neigh_table_init);
1825
1826	int neigh_table_clear(int index, struct neigh_table *tbl)
1827	{
1828	neigh_tables[index] = NULL;
1829	/* It is not clean... Fix it to unload IPv6 module safely */
1830	cancel_delayed_work_sync(dwork: &tbl->managed_work);
1831	cancel_delayed_work_sync(dwork: &tbl->gc_work);
1832	del_timer_sync(timer: &tbl->proxy_timer);
1833	pneigh_queue_purge(list: &tbl->proxy_queue, NULL, family: tbl->family);
1834	neigh_ifdown(tbl, NULL);
1835	if (atomic_read(v: &tbl->entries))
1836	pr_crit("neighbour leakage\n");
1837
1838	call_rcu(head: &rcu_dereference_protected(tbl->nht, 1)->rcu,
1839	func: neigh_hash_free_rcu);
1840	tbl->nht = NULL;
1841
1842	kfree(objp: tbl->phash_buckets);
1843	tbl->phash_buckets = NULL;
1844
1845	remove_proc_entry(tbl->id, init_net.proc_net_stat);
1846
1847	free_percpu(pdata: tbl->stats);
1848	tbl->stats = NULL;
1849
1850	return 0;
1851	}
1852	EXPORT_SYMBOL(neigh_table_clear);
1853
1854	static struct neigh_table *neigh_find_table(int family)
1855	{
1856	struct neigh_table *tbl = NULL;
1857
1858	switch (family) {
1859	case AF_INET:
1860	tbl = neigh_tables[NEIGH_ARP_TABLE];
1861	break;
1862	case AF_INET6:
1863	tbl = neigh_tables[NEIGH_ND_TABLE];
1864	break;
1865	}
1866
1867	return tbl;
1868	}
1869
1870	const struct nla_policy nda_policy[NDA_MAX+1] = {
1871	[NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
1872	[NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1873	[NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
1874	[NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
1875	[NDA_PROBES] = { .type = NLA_U32 },
1876	[NDA_VLAN] = { .type = NLA_U16 },
1877	[NDA_PORT] = { .type = NLA_U16 },
1878	[NDA_VNI] = { .type = NLA_U32 },
1879	[NDA_IFINDEX] = { .type = NLA_U32 },
1880	[NDA_MASTER] = { .type = NLA_U32 },
1881	[NDA_PROTOCOL] = { .type = NLA_U8 },
1882	[NDA_NH_ID] = { .type = NLA_U32 },
1883	[NDA_FLAGS_EXT] = NLA_POLICY_MASK(NLA_U32, NTF_EXT_MASK),
1884	[NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
1885	};
1886
1887	static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh,
1888	struct netlink_ext_ack *extack)
1889	{
1890	struct net *net = sock_net(sk: skb->sk);
1891	struct ndmsg *ndm;
1892	struct nlattr *dst_attr;
1893	struct neigh_table *tbl;
1894	struct neighbour *neigh;
1895	struct net_device *dev = NULL;
1896	int err = -EINVAL;
1897
1898	ASSERT_RTNL();
1899	if (nlmsg_len(nlh) < sizeof(*ndm))
1900	goto out;
1901
1902	dst_attr = nlmsg_find_attr(nlh, hdrlen: sizeof(*ndm), attrtype: NDA_DST);
1903	if (!dst_attr) {
1904	NL_SET_ERR_MSG(extack, "Network address not specified");
1905	goto out;
1906	}
1907
1908	ndm = nlmsg_data(nlh);
1909	if (ndm->ndm_ifindex) {
1910	dev = __dev_get_by_index(net, ifindex: ndm->ndm_ifindex);
1911	if (dev == NULL) {
1912	err = -ENODEV;
1913	goto out;
1914	}
1915	}
1916
1917	tbl = neigh_find_table(family: ndm->ndm_family);
1918	if (tbl == NULL)
1919	return -EAFNOSUPPORT;
1920
1921	if (nla_len(nla: dst_attr) < (int)tbl->key_len) {
1922	NL_SET_ERR_MSG(extack, "Invalid network address");
1923	goto out;
1924	}
1925
1926	if (ndm->ndm_flags & NTF_PROXY) {
1927	err = pneigh_delete(tbl, net, pkey: nla_data(nla: dst_attr), dev);
1928	goto out;
1929	}
1930
1931	if (dev == NULL)
1932	goto out;
1933
1934	neigh = neigh_lookup(tbl, nla_data(nla: dst_attr), dev);
1935	if (neigh == NULL) {
1936	err = -ENOENT;
1937	goto out;
1938	}
1939
1940	err = __neigh_update(neigh, NULL, NUD_FAILED,
1941	NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
1942	NETLINK_CB(skb).portid, extack);
1943	write_lock_bh(&tbl->lock);
1944	neigh_release(neigh);
1945	neigh_remove_one(ndel: neigh, tbl);
1946	write_unlock_bh(&tbl->lock);
1947
1948	out:
1949	return err;
1950	}
1951
1952	static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1953	struct netlink_ext_ack *extack)
1954	{
1955	int flags = NEIGH_UPDATE_F_ADMIN | NEIGH_UPDATE_F_OVERRIDE |
1956	NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1957	struct net *net = sock_net(sk: skb->sk);
1958	struct ndmsg *ndm;
1959	struct nlattr *tb[NDA_MAX+1];
1960	struct neigh_table *tbl;
1961	struct net_device *dev = NULL;
1962	struct neighbour *neigh;
1963	void *dst, *lladdr;
1964	u8 protocol = 0;
1965	u32 ndm_flags;
1966	int err;
1967
1968	ASSERT_RTNL();
1969	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ndm), tb, NDA_MAX,
1970	policy: nda_policy, extack);
1971	if (err < 0)
1972	goto out;
1973
1974	err = -EINVAL;
1975	if (!tb[NDA_DST]) {
1976	NL_SET_ERR_MSG(extack, "Network address not specified");
1977	goto out;
1978	}
1979
1980	ndm = nlmsg_data(nlh);
1981	ndm_flags = ndm->ndm_flags;
1982	if (tb[NDA_FLAGS_EXT]) {
1983	u32 ext = nla_get_u32(nla: tb[NDA_FLAGS_EXT]);
1984
1985	BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
1986	(sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
1987	hweight32(NTF_EXT_MASK)));
1988	ndm_flags |= (ext << NTF_EXT_SHIFT);
1989	}
1990	if (ndm->ndm_ifindex) {
1991	dev = __dev_get_by_index(net, ifindex: ndm->ndm_ifindex);
1992	if (dev == NULL) {
1993	err = -ENODEV;
1994	goto out;
1995	}
1996
1997	if (tb[NDA_LLADDR] && nla_len(nla: tb[NDA_LLADDR]) < dev->addr_len) {
1998	NL_SET_ERR_MSG(extack, "Invalid link address");
1999	goto out;
2000	}
2001	}
2002
2003	tbl = neigh_find_table(family: ndm->ndm_family);
2004	if (tbl == NULL)
2005	return -EAFNOSUPPORT;
2006
2007	if (nla_len(nla: tb[NDA_DST]) < (int)tbl->key_len) {
2008	NL_SET_ERR_MSG(extack, "Invalid network address");
2009	goto out;
2010	}
2011
2012	dst = nla_data(nla: tb[NDA_DST]);
2013	lladdr = tb[NDA_LLADDR] ? nla_data(nla: tb[NDA_LLADDR]) : NULL;
2014
2015	if (tb[NDA_PROTOCOL])
2016	protocol = nla_get_u8(nla: tb[NDA_PROTOCOL]);
2017	if (ndm_flags & NTF_PROXY) {
2018	struct pneigh_entry *pn;
2019
2020	if (ndm_flags & NTF_MANAGED) {
2021	NL_SET_ERR_MSG(extack, "Invalid NTF_* flag combination");
2022	goto out;
2023	}
2024
2025	err = -ENOBUFS;
2026	pn = pneigh_lookup(tbl, net, dst, dev, 1);
2027	if (pn) {
2028	pn->flags = ndm_flags;
2029	if (protocol)
2030	pn->protocol = protocol;
2031	err = 0;
2032	}
2033	goto out;
2034	}
2035
2036	if (!dev) {
2037	NL_SET_ERR_MSG(extack, "Device not specified");
2038	goto out;
2039	}
2040
2041	if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
2042	err = -EINVAL;
2043	goto out;
2044	}
2045
2046	neigh = neigh_lookup(tbl, dst, dev);
2047	if (neigh == NULL) {
2048	bool ndm_permanent = ndm->ndm_state & NUD_PERMANENT;
2049	bool exempt_from_gc = ndm_permanent ||
2050	ndm_flags & NTF_EXT_LEARNED;
2051
2052	if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2053	err = -ENOENT;
2054	goto out;
2055	}
2056	if (ndm_permanent && (ndm_flags & NTF_MANAGED)) {
2057	NL_SET_ERR_MSG(extack, "Invalid NTF_* flag for permanent entry");
2058	err = -EINVAL;
2059	goto out;
2060	}
2061
2062	neigh = ___neigh_create(tbl, pkey: dst, dev,
2063	flags: ndm_flags &
2064	(NTF_EXT_LEARNED | NTF_MANAGED),
2065	exempt_from_gc, want_ref: true);
2066	if (IS_ERR(ptr: neigh)) {
2067	err = PTR_ERR(ptr: neigh);
2068	goto out;
2069	}
2070	} else {
2071	if (nlh->nlmsg_flags & NLM_F_EXCL) {
2072	err = -EEXIST;
2073	neigh_release(neigh);
2074	goto out;
2075	}
2076
2077	if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
2078	flags &= ~(NEIGH_UPDATE_F_OVERRIDE |
2079	NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
2080	}
2081
2082	if (protocol)
2083	neigh->protocol = protocol;
2084	if (ndm_flags & NTF_EXT_LEARNED)
2085	flags |= NEIGH_UPDATE_F_EXT_LEARNED;
2086	if (ndm_flags & NTF_ROUTER)
2087	flags |= NEIGH_UPDATE_F_ISROUTER;
2088	if (ndm_flags & NTF_MANAGED)
2089	flags |= NEIGH_UPDATE_F_MANAGED;
2090	if (ndm_flags & NTF_USE)
2091	flags |= NEIGH_UPDATE_F_USE;
2092
2093	err = __neigh_update(neigh, lladdr, new: ndm->ndm_state, flags,
2094	NETLINK_CB(skb).portid, extack);
2095	if (!err && ndm_flags & (NTF_USE | NTF_MANAGED)) {
2096	neigh_event_send(neigh, NULL);
2097	err = 0;
2098	}
2099	neigh_release(neigh);
2100	out:
2101	return err;
2102	}
2103
2104	static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
2105	{
2106	struct nlattr *nest;
2107
2108	nest = nla_nest_start_noflag(skb, attrtype: NDTA_PARMS);
2109	if (nest == NULL)
2110	return -ENOBUFS;
2111
2112	if ((parms->dev &&
2113	nla_put_u32(skb, attrtype: NDTPA_IFINDEX, value: parms->dev->ifindex)) ||
2114	nla_put_u32(skb, attrtype: NDTPA_REFCNT, value: refcount_read(r: &parms->refcnt)) ||
2115	nla_put_u32(skb, attrtype: NDTPA_QUEUE_LENBYTES,
2116	NEIGH_VAR(parms, QUEUE_LEN_BYTES)) ||
2117	/* approximative value for deprecated QUEUE_LEN (in packets) */
2118	nla_put_u32(skb, attrtype: NDTPA_QUEUE_LEN,
2119	NEIGH_VAR(parms, QUEUE_LEN_BYTES) / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
2120	nla_put_u32(skb, attrtype: NDTPA_PROXY_QLEN, NEIGH_VAR(parms, PROXY_QLEN)) ||
2121	nla_put_u32(skb, attrtype: NDTPA_APP_PROBES, NEIGH_VAR(parms, APP_PROBES)) ||
2122	nla_put_u32(skb, attrtype: NDTPA_UCAST_PROBES,
2123	NEIGH_VAR(parms, UCAST_PROBES)) ||
2124	nla_put_u32(skb, attrtype: NDTPA_MCAST_PROBES,
2125	NEIGH_VAR(parms, MCAST_PROBES)) ||
2126	nla_put_u32(skb, attrtype: NDTPA_MCAST_REPROBES,
2127	NEIGH_VAR(parms, MCAST_REPROBES)) ||
2128	nla_put_msecs(skb, attrtype: NDTPA_REACHABLE_TIME, njiffies: parms->reachable_time,
2129	padattr: NDTPA_PAD) ||
2130	nla_put_msecs(skb, attrtype: NDTPA_BASE_REACHABLE_TIME,
2131	NEIGH_VAR(parms, BASE_REACHABLE_TIME), padattr: NDTPA_PAD) ||
2132	nla_put_msecs(skb, attrtype: NDTPA_GC_STALETIME,
2133	NEIGH_VAR(parms, GC_STALETIME), padattr: NDTPA_PAD) ||
2134	nla_put_msecs(skb, attrtype: NDTPA_DELAY_PROBE_TIME,
2135	NEIGH_VAR(parms, DELAY_PROBE_TIME), padattr: NDTPA_PAD) ||
2136	nla_put_msecs(skb, attrtype: NDTPA_RETRANS_TIME,
2137	NEIGH_VAR(parms, RETRANS_TIME), padattr: NDTPA_PAD) ||
2138	nla_put_msecs(skb, attrtype: NDTPA_ANYCAST_DELAY,
2139	NEIGH_VAR(parms, ANYCAST_DELAY), padattr: NDTPA_PAD) ||
2140	nla_put_msecs(skb, attrtype: NDTPA_PROXY_DELAY,
2141	NEIGH_VAR(parms, PROXY_DELAY), padattr: NDTPA_PAD) ||
2142	nla_put_msecs(skb, attrtype: NDTPA_LOCKTIME,
2143	NEIGH_VAR(parms, LOCKTIME), padattr: NDTPA_PAD) ||
2144	nla_put_msecs(skb, attrtype: NDTPA_INTERVAL_PROBE_TIME_MS,
2145	NEIGH_VAR(parms, INTERVAL_PROBE_TIME_MS), padattr: NDTPA_PAD))
2146	goto nla_put_failure;
2147	return nla_nest_end(skb, start: nest);
2148
2149	nla_put_failure:
2150	nla_nest_cancel(skb, start: nest);
2151	return -EMSGSIZE;
2152	}
2153
2154	static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
2155	u32 pid, u32 seq, int type, int flags)
2156	{
2157	struct nlmsghdr *nlh;
2158	struct ndtmsg *ndtmsg;
2159
2160	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndtmsg), flags);
2161	if (nlh == NULL)
2162	return -EMSGSIZE;
2163
2164	ndtmsg = nlmsg_data(nlh);
2165
2166	read_lock_bh(&tbl->lock);
2167	ndtmsg->ndtm_family = tbl->family;
2168	ndtmsg->ndtm_pad1 = 0;
2169	ndtmsg->ndtm_pad2 = 0;
2170
2171	if (nla_put_string(skb, attrtype: NDTA_NAME, str: tbl->id) ||
2172	nla_put_msecs(skb, attrtype: NDTA_GC_INTERVAL, READ_ONCE(tbl->gc_interval),
2173	padattr: NDTA_PAD) ||
2174	nla_put_u32(skb, attrtype: NDTA_THRESH1, READ_ONCE(tbl->gc_thresh1)) ||
2175	nla_put_u32(skb, attrtype: NDTA_THRESH2, READ_ONCE(tbl->gc_thresh2)) ||
2176	nla_put_u32(skb, attrtype: NDTA_THRESH3, READ_ONCE(tbl->gc_thresh3)))
2177	goto nla_put_failure;
2178	{
2179	unsigned long now = jiffies;
2180	long flush_delta = now - READ_ONCE(tbl->last_flush);
2181	long rand_delta = now - READ_ONCE(tbl->last_rand);
2182	struct neigh_hash_table *nht;
2183	struct ndt_config ndc = {
2184	.ndtc_key_len = tbl->key_len,
2185	.ndtc_entry_size = tbl->entry_size,
2186	.ndtc_entries = atomic_read(v: &tbl->entries),
2187	.ndtc_last_flush = jiffies_to_msecs(j: flush_delta),
2188	.ndtc_last_rand = jiffies_to_msecs(j: rand_delta),
2189	.ndtc_proxy_qlen = READ_ONCE(tbl->proxy_queue.qlen),
2190	};
2191
2192	rcu_read_lock();
2193	nht = rcu_dereference(tbl->nht);
2194	ndc.ndtc_hash_rnd = nht->hash_rnd[0];
2195	ndc.ndtc_hash_mask = ((1 << nht->hash_shift) - 1);
2196	rcu_read_unlock();
2197
2198	if (nla_put(skb, attrtype: NDTA_CONFIG, attrlen: sizeof(ndc), data: &ndc))
2199	goto nla_put_failure;
2200	}
2201
2202	{
2203	int cpu;
2204	struct ndt_stats ndst;
2205
2206	memset(&ndst, 0, sizeof(ndst));
2207
2208	for_each_possible_cpu(cpu) {
2209	struct neigh_statistics *st;
2210
2211	st = per_cpu_ptr(tbl->stats, cpu);
2212	ndst.ndts_allocs += READ_ONCE(st->allocs);
2213	ndst.ndts_destroys += READ_ONCE(st->destroys);
2214	ndst.ndts_hash_grows += READ_ONCE(st->hash_grows);
2215	ndst.ndts_res_failed += READ_ONCE(st->res_failed);
2216	ndst.ndts_lookups += READ_ONCE(st->lookups);
2217	ndst.ndts_hits += READ_ONCE(st->hits);
2218	ndst.ndts_rcv_probes_mcast += READ_ONCE(st->rcv_probes_mcast);
2219	ndst.ndts_rcv_probes_ucast += READ_ONCE(st->rcv_probes_ucast);
2220	ndst.ndts_periodic_gc_runs += READ_ONCE(st->periodic_gc_runs);
2221	ndst.ndts_forced_gc_runs += READ_ONCE(st->forced_gc_runs);
2222	ndst.ndts_table_fulls += READ_ONCE(st->table_fulls);
2223	}
2224
2225	if (nla_put_64bit(skb, attrtype: NDTA_STATS, attrlen: sizeof(ndst), data: &ndst,
2226	padattr: NDTA_PAD))
2227	goto nla_put_failure;
2228	}
2229
2230	BUG_ON(tbl->parms.dev);
2231	if (neightbl_fill_parms(skb, parms: &tbl->parms) < 0)
2232	goto nla_put_failure;
2233
2234	read_unlock_bh(&tbl->lock);
2235	nlmsg_end(skb, nlh);
2236	return 0;
2237
2238	nla_put_failure:
2239	read_unlock_bh(&tbl->lock);
2240	nlmsg_cancel(skb, nlh);
2241	return -EMSGSIZE;
2242	}
2243
2244	static int neightbl_fill_param_info(struct sk_buff *skb,
2245	struct neigh_table *tbl,
2246	struct neigh_parms *parms,
2247	u32 pid, u32 seq, int type,
2248	unsigned int flags)
2249	{
2250	struct ndtmsg *ndtmsg;
2251	struct nlmsghdr *nlh;
2252
2253	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndtmsg), flags);
2254	if (nlh == NULL)
2255	return -EMSGSIZE;
2256
2257	ndtmsg = nlmsg_data(nlh);
2258
2259	read_lock_bh(&tbl->lock);
2260	ndtmsg->ndtm_family = tbl->family;
2261	ndtmsg->ndtm_pad1 = 0;
2262	ndtmsg->ndtm_pad2 = 0;
2263
2264	if (nla_put_string(skb, attrtype: NDTA_NAME, str: tbl->id) < 0 ||
2265	neightbl_fill_parms(skb, parms) < 0)
2266	goto errout;
2267
2268	read_unlock_bh(&tbl->lock);
2269	nlmsg_end(skb, nlh);
2270	return 0;
2271	errout:
2272	read_unlock_bh(&tbl->lock);
2273	nlmsg_cancel(skb, nlh);
2274	return -EMSGSIZE;
2275	}
2276
2277	static const struct nla_policy nl_neightbl_policy[NDTA_MAX+1] = {
2278	[NDTA_NAME] = { .type = NLA_STRING },
2279	[NDTA_THRESH1] = { .type = NLA_U32 },
2280	[NDTA_THRESH2] = { .type = NLA_U32 },
2281	[NDTA_THRESH3] = { .type = NLA_U32 },
2282	[NDTA_GC_INTERVAL] = { .type = NLA_U64 },
2283	[NDTA_PARMS] = { .type = NLA_NESTED },
2284	};
2285
2286	static const struct nla_policy nl_ntbl_parm_policy[NDTPA_MAX+1] = {
2287	[NDTPA_IFINDEX] = { .type = NLA_U32 },
2288	[NDTPA_QUEUE_LEN] = { .type = NLA_U32 },
2289	[NDTPA_PROXY_QLEN] = { .type = NLA_U32 },
2290	[NDTPA_APP_PROBES] = { .type = NLA_U32 },
2291	[NDTPA_UCAST_PROBES] = { .type = NLA_U32 },
2292	[NDTPA_MCAST_PROBES] = { .type = NLA_U32 },
2293	[NDTPA_MCAST_REPROBES] = { .type = NLA_U32 },
2294	[NDTPA_BASE_REACHABLE_TIME] = { .type = NLA_U64 },
2295	[NDTPA_GC_STALETIME] = { .type = NLA_U64 },
2296	[NDTPA_DELAY_PROBE_TIME] = { .type = NLA_U64 },
2297	[NDTPA_RETRANS_TIME] = { .type = NLA_U64 },
2298	[NDTPA_ANYCAST_DELAY] = { .type = NLA_U64 },
2299	[NDTPA_PROXY_DELAY] = { .type = NLA_U64 },
2300	[NDTPA_LOCKTIME] = { .type = NLA_U64 },
2301	[NDTPA_INTERVAL_PROBE_TIME_MS] = { .type = NLA_U64, .min = 1 },
2302	};
2303
2304	static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh,
2305	struct netlink_ext_ack *extack)
2306	{
2307	struct net *net = sock_net(sk: skb->sk);
2308	struct neigh_table *tbl;
2309	struct ndtmsg *ndtmsg;
2310	struct nlattr *tb[NDTA_MAX+1];
2311	bool found = false;
2312	int err, tidx;
2313
2314	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ndtmsg), tb, NDTA_MAX,
2315	policy: nl_neightbl_policy, extack);
2316	if (err < 0)
2317	goto errout;
2318
2319	if (tb[NDTA_NAME] == NULL) {
2320	err = -EINVAL;
2321	goto errout;
2322	}
2323
2324	ndtmsg = nlmsg_data(nlh);
2325
2326	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2327	tbl = neigh_tables[tidx];
2328	if (!tbl)
2329	continue;
2330	if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family)
2331	continue;
2332	if (nla_strcmp(nla: tb[NDTA_NAME], str: tbl->id) == 0) {
2333	found = true;
2334	break;
2335	}
2336	}
2337
2338	if (!found)
2339	return -ENOENT;
2340
2341	/*
2342	* We acquire tbl->lock to be nice to the periodic timers and
2343	* make sure they always see a consistent set of values.
2344	*/
2345	write_lock_bh(&tbl->lock);
2346
2347	if (tb[NDTA_PARMS]) {
2348	struct nlattr *tbp[NDTPA_MAX+1];
2349	struct neigh_parms *p;
2350	int i, ifindex = 0;
2351
2352	err = nla_parse_nested_deprecated(tb: tbp, NDTPA_MAX,
2353	nla: tb[NDTA_PARMS],
2354	policy: nl_ntbl_parm_policy, extack);
2355	if (err < 0)
2356	goto errout_tbl_lock;
2357
2358	if (tbp[NDTPA_IFINDEX])
2359	ifindex = nla_get_u32(nla: tbp[NDTPA_IFINDEX]);
2360
2361	p = lookup_neigh_parms(tbl, net, ifindex);
2362	if (p == NULL) {
2363	err = -ENOENT;
2364	goto errout_tbl_lock;
2365	}
2366
2367	for (i = 1; i <= NDTPA_MAX; i++) {
2368	if (tbp[i] == NULL)
2369	continue;
2370
2371	switch (i) {
2372	case NDTPA_QUEUE_LEN:
2373	NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2374	nla_get_u32(tbp[i]) *
2375	SKB_TRUESIZE(ETH_FRAME_LEN));
2376	break;
2377	case NDTPA_QUEUE_LENBYTES:
2378	NEIGH_VAR_SET(p, QUEUE_LEN_BYTES,
2379	nla_get_u32(tbp[i]));
2380	break;
2381	case NDTPA_PROXY_QLEN:
2382	NEIGH_VAR_SET(p, PROXY_QLEN,
2383	nla_get_u32(tbp[i]));
2384	break;
2385	case NDTPA_APP_PROBES:
2386	NEIGH_VAR_SET(p, APP_PROBES,
2387	nla_get_u32(tbp[i]));
2388	break;
2389	case NDTPA_UCAST_PROBES:
2390	NEIGH_VAR_SET(p, UCAST_PROBES,
2391	nla_get_u32(tbp[i]));
2392	break;
2393	case NDTPA_MCAST_PROBES:
2394	NEIGH_VAR_SET(p, MCAST_PROBES,
2395	nla_get_u32(tbp[i]));
2396	break;
2397	case NDTPA_MCAST_REPROBES:
2398	NEIGH_VAR_SET(p, MCAST_REPROBES,
2399	nla_get_u32(tbp[i]));
2400	break;
2401	case NDTPA_BASE_REACHABLE_TIME:
2402	NEIGH_VAR_SET(p, BASE_REACHABLE_TIME,
2403	nla_get_msecs(tbp[i]));
2404	/* update reachable_time as well, otherwise, the change will
2405	* only be effective after the next time neigh_periodic_work
2406	* decides to recompute it (can be multiple minutes)
2407	*/
2408	p->reachable_time =
2409	neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
2410	break;
2411	case NDTPA_GC_STALETIME:
2412	NEIGH_VAR_SET(p, GC_STALETIME,
2413	nla_get_msecs(tbp[i]));
2414	break;
2415	case NDTPA_DELAY_PROBE_TIME:
2416	NEIGH_VAR_SET(p, DELAY_PROBE_TIME,
2417	nla_get_msecs(tbp[i]));
2418	call_netevent_notifiers(val: NETEVENT_DELAY_PROBE_TIME_UPDATE, v: p);
2419	break;
2420	case NDTPA_INTERVAL_PROBE_TIME_MS:
2421	NEIGH_VAR_SET(p, INTERVAL_PROBE_TIME_MS,
2422	nla_get_msecs(tbp[i]));
2423	break;
2424	case NDTPA_RETRANS_TIME:
2425	NEIGH_VAR_SET(p, RETRANS_TIME,
2426	nla_get_msecs(tbp[i]));
2427	break;
2428	case NDTPA_ANYCAST_DELAY:
2429	NEIGH_VAR_SET(p, ANYCAST_DELAY,
2430	nla_get_msecs(tbp[i]));
2431	break;
2432	case NDTPA_PROXY_DELAY:
2433	NEIGH_VAR_SET(p, PROXY_DELAY,
2434	nla_get_msecs(tbp[i]));
2435	break;
2436	case NDTPA_LOCKTIME:
2437	NEIGH_VAR_SET(p, LOCKTIME,
2438	nla_get_msecs(tbp[i]));
2439	break;
2440	}
2441	}
2442	}
2443
2444	err = -ENOENT;
2445	if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
2446	tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
2447	!net_eq(net1: net, net2: &init_net))
2448	goto errout_tbl_lock;
2449
2450	if (tb[NDTA_THRESH1])
2451	WRITE_ONCE(tbl->gc_thresh1, nla_get_u32(tb[NDTA_THRESH1]));
2452
2453	if (tb[NDTA_THRESH2])
2454	WRITE_ONCE(tbl->gc_thresh2, nla_get_u32(tb[NDTA_THRESH2]));
2455
2456	if (tb[NDTA_THRESH3])
2457	WRITE_ONCE(tbl->gc_thresh3, nla_get_u32(tb[NDTA_THRESH3]));
2458
2459	if (tb[NDTA_GC_INTERVAL])
2460	WRITE_ONCE(tbl->gc_interval, nla_get_msecs(tb[NDTA_GC_INTERVAL]));
2461
2462	err = 0;
2463
2464	errout_tbl_lock:
2465	write_unlock_bh(&tbl->lock);
2466	errout:
2467	return err;
2468	}
2469
2470	static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
2471	struct netlink_ext_ack *extack)
2472	{
2473	struct ndtmsg *ndtm;
2474
2475	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ndtm))) {
2476	NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
2477	return -EINVAL;
2478	}
2479
2480	ndtm = nlmsg_data(nlh);
2481	if (ndtm->ndtm_pad1 || ndtm->ndtm_pad2) {
2482	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
2483	return -EINVAL;
2484	}
2485
2486	if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ndtm))) {
2487	NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
2488	return -EINVAL;
2489	}
2490
2491	return 0;
2492	}
2493
2494	static int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2495	{
2496	const struct nlmsghdr *nlh = cb->nlh;
2497	struct net *net = sock_net(sk: skb->sk);
2498	int family, tidx, nidx = 0;
2499	int tbl_skip = cb->args[0];
2500	int neigh_skip = cb->args[1];
2501	struct neigh_table *tbl;
2502
2503	if (cb->strict_check) {
2504	int err = neightbl_valid_dump_info(nlh, extack: cb->extack);
2505
2506	if (err < 0)
2507	return err;
2508	}
2509
2510	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2511
2512	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2513	struct neigh_parms *p;
2514
2515	tbl = neigh_tables[tidx];
2516	if (!tbl)
2517	continue;
2518
2519	if (tidx < tbl_skip || (family && tbl->family != family))
2520	continue;
2521
2522	if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2523	seq: nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2524	NLM_F_MULTI) < 0)
2525	break;
2526
2527	nidx = 0;
2528	p = list_next_entry(&tbl->parms, list);
2529	list_for_each_entry_from(p, &tbl->parms_list, list) {
2530	if (!net_eq(net1: neigh_parms_net(parms: p), net2: net))
2531	continue;
2532
2533	if (nidx < neigh_skip)
2534	goto next;
2535
2536	if (neightbl_fill_param_info(skb, tbl, parms: p,
2537	NETLINK_CB(cb->skb).portid,
2538	seq: nlh->nlmsg_seq,
2539	RTM_NEWNEIGHTBL,
2540	NLM_F_MULTI) < 0)
2541	goto out;
2542	next:
2543	nidx++;
2544	}
2545
2546	neigh_skip = 0;
2547	}
2548	out:
2549	cb->args[0] = tidx;
2550	cb->args[1] = nidx;
2551
2552	return skb->len;
2553	}
2554
2555	static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2556	u32 pid, u32 seq, int type, unsigned int flags)
2557	{
2558	u32 neigh_flags, neigh_flags_ext;
2559	unsigned long now = jiffies;
2560	struct nda_cacheinfo ci;
2561	struct nlmsghdr *nlh;
2562	struct ndmsg *ndm;
2563
2564	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndm), flags);
2565	if (nlh == NULL)
2566	return -EMSGSIZE;
2567
2568	neigh_flags_ext = neigh->flags >> NTF_EXT_SHIFT;
2569	neigh_flags = neigh->flags & NTF_OLD_MASK;
2570
2571	ndm = nlmsg_data(nlh);
2572	ndm->ndm_family = neigh->ops->family;
2573	ndm->ndm_pad1 = 0;
2574	ndm->ndm_pad2 = 0;
2575	ndm->ndm_flags = neigh_flags;
2576	ndm->ndm_type = neigh->type;
2577	ndm->ndm_ifindex = neigh->dev->ifindex;
2578
2579	if (nla_put(skb, attrtype: NDA_DST, attrlen: neigh->tbl->key_len, data: neigh->primary_key))
2580	goto nla_put_failure;
2581
2582	read_lock_bh(&neigh->lock);
2583	ndm->ndm_state = neigh->nud_state;
2584	if (neigh->nud_state & NUD_VALID) {
2585	char haddr[MAX_ADDR_LEN];
2586
2587	neigh_ha_snapshot(dst: haddr, n: neigh, dev: neigh->dev);
2588	if (nla_put(skb, attrtype: NDA_LLADDR, attrlen: neigh->dev->addr_len, data: haddr) < 0) {
2589	read_unlock_bh(&neigh->lock);
2590	goto nla_put_failure;
2591	}
2592	}
2593
2594	ci.ndm_used = jiffies_to_clock_t(x: now - neigh->used);
2595	ci.ndm_confirmed = jiffies_to_clock_t(x: now - neigh->confirmed);
2596	ci.ndm_updated = jiffies_to_clock_t(x: now - neigh->updated);
2597	ci.ndm_refcnt = refcount_read(r: &neigh->refcnt) - 1;
2598	read_unlock_bh(&neigh->lock);
2599
2600	if (nla_put_u32(skb, attrtype: NDA_PROBES, value: atomic_read(v: &neigh->probes)) ||
2601	nla_put(skb, attrtype: NDA_CACHEINFO, attrlen: sizeof(ci), data: &ci))
2602	goto nla_put_failure;
2603
2604	if (neigh->protocol && nla_put_u8(skb, attrtype: NDA_PROTOCOL, value: neigh->protocol))
2605	goto nla_put_failure;
2606	if (neigh_flags_ext && nla_put_u32(skb, attrtype: NDA_FLAGS_EXT, value: neigh_flags_ext))
2607	goto nla_put_failure;
2608
2609	nlmsg_end(skb, nlh);
2610	return 0;
2611
2612	nla_put_failure:
2613	nlmsg_cancel(skb, nlh);
2614	return -EMSGSIZE;
2615	}
2616
2617	static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn,
2618	u32 pid, u32 seq, int type, unsigned int flags,
2619	struct neigh_table *tbl)
2620	{
2621	u32 neigh_flags, neigh_flags_ext;
2622	struct nlmsghdr *nlh;
2623	struct ndmsg *ndm;
2624
2625	nlh = nlmsg_put(skb, portid: pid, seq, type, payload: sizeof(*ndm), flags);
2626	if (nlh == NULL)
2627	return -EMSGSIZE;
2628
2629	neigh_flags_ext = pn->flags >> NTF_EXT_SHIFT;
2630	neigh_flags = pn->flags & NTF_OLD_MASK;
2631
2632	ndm = nlmsg_data(nlh);
2633	ndm->ndm_family = tbl->family;
2634	ndm->ndm_pad1 = 0;
2635	ndm->ndm_pad2 = 0;
2636	ndm->ndm_flags = neigh_flags | NTF_PROXY;
2637	ndm->ndm_type = RTN_UNICAST;
2638	ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0;
2639	ndm->ndm_state = NUD_NONE;
2640
2641	if (nla_put(skb, attrtype: NDA_DST, attrlen: tbl->key_len, data: pn->key))
2642	goto nla_put_failure;
2643
2644	if (pn->protocol && nla_put_u8(skb, attrtype: NDA_PROTOCOL, value: pn->protocol))
2645	goto nla_put_failure;
2646	if (neigh_flags_ext && nla_put_u32(skb, attrtype: NDA_FLAGS_EXT, value: neigh_flags_ext))
2647	goto nla_put_failure;
2648
2649	nlmsg_end(skb, nlh);
2650	return 0;
2651
2652	nla_put_failure:
2653	nlmsg_cancel(skb, nlh);
2654	return -EMSGSIZE;
2655	}
2656
2657	static void neigh_update_notify(struct neighbour *neigh, u32 nlmsg_pid)
2658	{
2659	call_netevent_notifiers(val: NETEVENT_NEIGH_UPDATE, v: neigh);
2660	__neigh_notify(n: neigh, RTM_NEWNEIGH, flags: 0, pid: nlmsg_pid);
2661	}
2662
2663	static bool neigh_master_filtered(struct net_device *dev, int master_idx)
2664	{
2665	struct net_device *master;
2666
2667	if (!master_idx)
2668	return false;
2669
2670	master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2671
2672	/* 0 is already used to denote NDA_MASTER wasn't passed, therefore need another
2673	* invalid value for ifindex to denote "no master".
2674	*/
2675	if (master_idx == -1)
2676	return !!master;
2677
2678	if (!master || master->ifindex != master_idx)
2679	return true;
2680
2681	return false;
2682	}
2683
2684	static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2685	{
2686	if (filter_idx && (!dev || dev->ifindex != filter_idx))
2687	return true;
2688
2689	return false;
2690	}
2691
2692	struct neigh_dump_filter {
2693	int master_idx;
2694	int dev_idx;
2695	};
2696
2697	static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2698	struct netlink_callback *cb,
2699	struct neigh_dump_filter *filter)
2700	{
2701	struct net *net = sock_net(sk: skb->sk);
2702	struct neighbour *n;
2703	int rc, h, s_h = cb->args[1];
2704	int idx, s_idx = idx = cb->args[2];
2705	struct neigh_hash_table *nht;
2706	unsigned int flags = NLM_F_MULTI;
2707
2708	if (filter->dev_idx || filter->master_idx)
2709	flags |= NLM_F_DUMP_FILTERED;
2710
2711	rcu_read_lock();
2712	nht = rcu_dereference(tbl->nht);
2713
2714	for (h = s_h; h < (1 << nht->hash_shift); h++) {
2715	if (h > s_h)
2716	s_idx = 0;
2717	for (n = rcu_dereference(nht->hash_buckets[h]), idx = 0;
2718	n != NULL;
2719	n = rcu_dereference(n->next)) {
2720	if (idx < s_idx || !net_eq(net1: dev_net(dev: n->dev), net2: net))
2721	goto next;
2722	if (neigh_ifindex_filtered(dev: n->dev, filter_idx: filter->dev_idx) ||
2723	neigh_master_filtered(dev: n->dev, master_idx: filter->master_idx))
2724	goto next;
2725	if (neigh_fill_info(skb, neigh: n, NETLINK_CB(cb->skb).portid,
2726	seq: cb->nlh->nlmsg_seq,
2727	RTM_NEWNEIGH,
2728	flags) < 0) {
2729	rc = -1;
2730	goto out;
2731	}
2732	next:
2733	idx++;
2734	}
2735	}
2736	rc = skb->len;
2737	out:
2738	rcu_read_unlock();
2739	cb->args[1] = h;
2740	cb->args[2] = idx;
2741	return rc;
2742	}
2743
2744	static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb,
2745	struct netlink_callback *cb,
2746	struct neigh_dump_filter *filter)
2747	{
2748	struct pneigh_entry *n;
2749	struct net *net = sock_net(sk: skb->sk);
2750	int rc, h, s_h = cb->args[3];
2751	int idx, s_idx = idx = cb->args[4];
2752	unsigned int flags = NLM_F_MULTI;
2753
2754	if (filter->dev_idx || filter->master_idx)
2755	flags |= NLM_F_DUMP_FILTERED;
2756
2757	read_lock_bh(&tbl->lock);
2758
2759	for (h = s_h; h <= PNEIGH_HASHMASK; h++) {
2760	if (h > s_h)
2761	s_idx = 0;
2762	for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2763	if (idx < s_idx || pneigh_net(pneigh: n) != net)
2764	goto next;
2765	if (neigh_ifindex_filtered(dev: n->dev, filter_idx: filter->dev_idx) ||
2766	neigh_master_filtered(dev: n->dev, master_idx: filter->master_idx))
2767	goto next;
2768	if (pneigh_fill_info(skb, pn: n, NETLINK_CB(cb->skb).portid,
2769	seq: cb->nlh->nlmsg_seq,
2770	RTM_NEWNEIGH, flags, tbl) < 0) {
2771	read_unlock_bh(&tbl->lock);
2772	rc = -1;
2773	goto out;
2774	}
2775	next:
2776	idx++;
2777	}
2778	}
2779
2780	read_unlock_bh(&tbl->lock);
2781	rc = skb->len;
2782	out:
2783	cb->args[3] = h;
2784	cb->args[4] = idx;
2785	return rc;
2786
2787	}
2788
2789	static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
2790	bool strict_check,
2791	struct neigh_dump_filter *filter,
2792	struct netlink_ext_ack *extack)
2793	{
2794	struct nlattr *tb[NDA_MAX + 1];
2795	int err, i;
2796
2797	if (strict_check) {
2798	struct ndmsg *ndm;
2799
2800	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ndm))) {
2801	NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
2802	return -EINVAL;
2803	}
2804
2805	ndm = nlmsg_data(nlh);
2806	if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_ifindex ||
2807	ndm->ndm_state || ndm->ndm_type) {
2808	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
2809	return -EINVAL;
2810	}
2811
2812	if (ndm->ndm_flags & ~NTF_PROXY) {
2813	NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
2814	return -EINVAL;
2815	}
2816
2817	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct ndmsg),
2818	tb, NDA_MAX, policy: nda_policy,
2819	extack);
2820	} else {
2821	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(struct ndmsg), tb,
2822	NDA_MAX, policy: nda_policy, extack);
2823	}
2824	if (err < 0)
2825	return err;
2826
2827	for (i = 0; i <= NDA_MAX; ++i) {
2828	if (!tb[i])
2829	continue;
2830
2831	/* all new attributes should require strict_check */
2832	switch (i) {
2833	case NDA_IFINDEX:
2834	filter->dev_idx = nla_get_u32(nla: tb[i]);
2835	break;
2836	case NDA_MASTER:
2837	filter->master_idx = nla_get_u32(nla: tb[i]);
2838	break;
2839	default:
2840	if (strict_check) {
2841	NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
2842	return -EINVAL;
2843	}
2844	}
2845	}
2846
2847	return 0;
2848	}
2849
2850	static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
2851	{
2852	const struct nlmsghdr *nlh = cb->nlh;
2853	struct neigh_dump_filter filter = {};
2854	struct neigh_table *tbl;
2855	int t, family, s_t;
2856	int proxy = 0;
2857	int err;
2858
2859	family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2860
2861	/* check for full ndmsg structure presence, family member is
2862	* the same for both structures
2863	*/
2864	if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
2865	((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2866	proxy = 1;
2867
2868	err = neigh_valid_dump_req(nlh, strict_check: cb->strict_check, filter: &filter, extack: cb->extack);
2869	if (err < 0 && cb->strict_check)
2870	return err;
2871
2872	s_t = cb->args[0];
2873
2874	for (t = 0; t < NEIGH_NR_TABLES; t++) {
2875	tbl = neigh_tables[t];
2876
2877	if (!tbl)
2878	continue;
2879	if (t < s_t || (family && tbl->family != family))
2880	continue;
2881	if (t > s_t)
2882	memset(&cb->args[1], 0, sizeof(cb->args) -
2883	sizeof(cb->args[0]));
2884	if (proxy)
2885	err = pneigh_dump_table(tbl, skb, cb, filter: &filter);
2886	else
2887	err = neigh_dump_table(tbl, skb, cb, filter: &filter);
2888	if (err < 0)
2889	break;
2890	}
2891
2892	cb->args[0] = t;
2893	return skb->len;
2894	}
2895
2896	static int neigh_valid_get_req(const struct nlmsghdr *nlh,
2897	struct neigh_table **tbl,
2898	void **dst, int *dev_idx, u8 *ndm_flags,
2899	struct netlink_ext_ack *extack)
2900	{
2901	struct nlattr *tb[NDA_MAX + 1];
2902	struct ndmsg *ndm;
2903	int err, i;
2904
2905	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ndm))) {
2906	NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
2907	return -EINVAL;
2908	}
2909
2910	ndm = nlmsg_data(nlh);
2911	if (ndm->ndm_pad1 || ndm->ndm_pad2 || ndm->ndm_state ||
2912	ndm->ndm_type) {
2913	NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
2914	return -EINVAL;
2915	}
2916
2917	if (ndm->ndm_flags & ~NTF_PROXY) {
2918	NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
2919	return -EINVAL;
2920	}
2921
2922	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct ndmsg), tb,
2923	NDA_MAX, policy: nda_policy, extack);
2924	if (err < 0)
2925	return err;
2926
2927	*ndm_flags = ndm->ndm_flags;
2928	*dev_idx = ndm->ndm_ifindex;
2929	*tbl = neigh_find_table(family: ndm->ndm_family);
2930	if (*tbl == NULL) {
2931	NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
2932	return -EAFNOSUPPORT;
2933	}
2934
2935	for (i = 0; i <= NDA_MAX; ++i) {
2936	if (!tb[i])
2937	continue;
2938
2939	switch (i) {
2940	case NDA_DST:
2941	if (nla_len(nla: tb[i]) != (int)(*tbl)->key_len) {
2942	NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
2943	return -EINVAL;
2944	}
2945	*dst = nla_data(nla: tb[i]);
2946	break;
2947	default:
2948	NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
2949	return -EINVAL;
2950	}
2951	}
2952
2953	return 0;
2954	}
2955
2956	static inline size_t neigh_nlmsg_size(void)
2957	{
2958	return NLMSG_ALIGN(sizeof(struct ndmsg))
2959	+ nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2960	+ nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2961	+ nla_total_size(payload: sizeof(struct nda_cacheinfo))
2962	+ nla_total_size(payload: 4) /* NDA_PROBES */
2963	+ nla_total_size(payload: 4) /* NDA_FLAGS_EXT */
2964	+ nla_total_size(payload: 1); /* NDA_PROTOCOL */
2965	}
2966
2967	static int neigh_get_reply(struct net *net, struct neighbour *neigh,
2968	u32 pid, u32 seq)
2969	{
2970	struct sk_buff *skb;
2971	int err = 0;
2972
2973	skb = nlmsg_new(payload: neigh_nlmsg_size(), GFP_KERNEL);
2974	if (!skb)
2975	return -ENOBUFS;
2976
2977	err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, flags: 0);
2978	if (err) {
2979	kfree_skb(skb);
2980	goto errout;
2981	}
2982
2983	err = rtnl_unicast(skb, net, pid);
2984	errout:
2985	return err;
2986	}
2987
2988	static inline size_t pneigh_nlmsg_size(void)
2989	{
2990	return NLMSG_ALIGN(sizeof(struct ndmsg))
2991	+ nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2992	+ nla_total_size(payload: 4) /* NDA_FLAGS_EXT */
2993	+ nla_total_size(payload: 1); /* NDA_PROTOCOL */
2994	}
2995
2996	static int pneigh_get_reply(struct net *net, struct pneigh_entry *neigh,
2997	u32 pid, u32 seq, struct neigh_table *tbl)
2998	{
2999	struct sk_buff *skb;
3000	int err = 0;
3001
3002	skb = nlmsg_new(payload: pneigh_nlmsg_size(), GFP_KERNEL);
3003	if (!skb)
3004	return -ENOBUFS;
3005
3006	err = pneigh_fill_info(skb, pn: neigh, pid, seq, RTM_NEWNEIGH, flags: 0, tbl);
3007	if (err) {
3008	kfree_skb(skb);
3009	goto errout;
3010	}
3011
3012	err = rtnl_unicast(skb, net, pid);
3013	errout:
3014	return err;
3015	}
3016
3017	static int neigh_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3018	struct netlink_ext_ack *extack)
3019	{
3020	struct net *net = sock_net(sk: in_skb->sk);
3021	struct net_device *dev = NULL;
3022	struct neigh_table *tbl = NULL;
3023	struct neighbour *neigh;
3024	void *dst = NULL;
3025	u8 ndm_flags = 0;
3026	int dev_idx = 0;
3027	int err;
3028
3029	err = neigh_valid_get_req(nlh, tbl: &tbl, dst: &dst, dev_idx: &dev_idx, ndm_flags: &ndm_flags,
3030	extack);
3031	if (err < 0)
3032	return err;
3033
3034	if (dev_idx) {
3035	dev = __dev_get_by_index(net, ifindex: dev_idx);
3036	if (!dev) {
3037	NL_SET_ERR_MSG(extack, "Unknown device ifindex");
3038	return -ENODEV;
3039	}
3040	}
3041
3042	if (!dst) {
3043	NL_SET_ERR_MSG(extack, "Network address not specified");
3044	return -EINVAL;
3045	}
3046
3047	if (ndm_flags & NTF_PROXY) {
3048	struct pneigh_entry *pn;
3049
3050	pn = pneigh_lookup(tbl, net, dst, dev, 0);
3051	if (!pn) {
3052	NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
3053	return -ENOENT;
3054	}
3055	return pneigh_get_reply(net, neigh: pn, NETLINK_CB(in_skb).portid,
3056	seq: nlh->nlmsg_seq, tbl);
3057	}
3058
3059	if (!dev) {
3060	NL_SET_ERR_MSG(extack, "No device specified");
3061	return -EINVAL;
3062	}
3063
3064	neigh = neigh_lookup(tbl, dst, dev);
3065	if (!neigh) {
3066	NL_SET_ERR_MSG(extack, "Neighbour entry not found");
3067	return -ENOENT;
3068	}
3069
3070	err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
3071	seq: nlh->nlmsg_seq);
3072
3073	neigh_release(neigh);
3074
3075	return err;
3076	}
3077
3078	void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie)
3079	{
3080	int chain;
3081	struct neigh_hash_table *nht;
3082
3083	rcu_read_lock();
3084	nht = rcu_dereference(tbl->nht);
3085
3086	read_lock_bh(&tbl->lock); /* avoid resizes */
3087	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3088	struct neighbour *n;
3089
3090	for (n = rcu_dereference(nht->hash_buckets[chain]);
3091	n != NULL;
3092	n = rcu_dereference(n->next))
3093	cb(n, cookie);
3094	}
3095	read_unlock_bh(&tbl->lock);
3096	rcu_read_unlock();
3097	}
3098	EXPORT_SYMBOL(neigh_for_each);
3099
3100	/* The tbl->lock must be held as a writer and BH disabled. */
3101	void __neigh_for_each_release(struct neigh_table *tbl,
3102	int (*cb)(struct neighbour *))
3103	{
3104	int chain;
3105	struct neigh_hash_table *nht;
3106
3107	nht = rcu_dereference_protected(tbl->nht,
3108	lockdep_is_held(&tbl->lock));
3109	for (chain = 0; chain < (1 << nht->hash_shift); chain++) {
3110	struct neighbour *n;
3111	struct neighbour __rcu **np;
3112
3113	np = &nht->hash_buckets[chain];
3114	while ((n = rcu_dereference_protected(*np,
3115	lockdep_is_held(&tbl->lock))) != NULL) {
3116	int release;
3117
3118	write_lock(&n->lock);
3119	release = cb(n);
3120	if (release) {
3121	rcu_assign_pointer(*np,
3122	rcu_dereference_protected(n->next,
3123	lockdep_is_held(&tbl->lock)));
3124	neigh_mark_dead(n);
3125	} else
3126	np = &n->next;
3127	write_unlock(&n->lock);
3128	if (release)
3129	neigh_cleanup_and_release(neigh: n);
3130	}
3131	}
3132	}
3133	EXPORT_SYMBOL(__neigh_for_each_release);
3134
3135	int neigh_xmit(int index, struct net_device *dev,
3136	const void *addr, struct sk_buff *skb)
3137	{
3138	int err = -EAFNOSUPPORT;
3139	if (likely(index < NEIGH_NR_TABLES)) {
3140	struct neigh_table *tbl;
3141	struct neighbour *neigh;
3142
3143	tbl = neigh_tables[index];
3144	if (!tbl)
3145	goto out;
3146	rcu_read_lock();
3147	if (index == NEIGH_ARP_TABLE) {
3148	u32 key = *((u32 *)addr);
3149
3150	neigh = __ipv4_neigh_lookup_noref(dev, key);
3151	} else {
3152	neigh = __neigh_lookup_noref(tbl, pkey: addr, dev);
3153	}
3154	if (!neigh)
3155	neigh = __neigh_create(tbl, addr, dev, false);
3156	err = PTR_ERR(ptr: neigh);
3157	if (IS_ERR(ptr: neigh)) {
3158	rcu_read_unlock();
3159	goto out_kfree_skb;
3160	}
3161	err = READ_ONCE(neigh->output)(neigh, skb);
3162	rcu_read_unlock();
3163	}
3164	else if (index == NEIGH_LINK_TABLE) {
3165	err = dev_hard_header(skb, dev, ntohs(skb->protocol),
3166	daddr: addr, NULL, len: skb->len);
3167	if (err < 0)
3168	goto out_kfree_skb;
3169	err = dev_queue_xmit(skb);
3170	}
3171	out:
3172	return err;
3173	out_kfree_skb:
3174	kfree_skb(skb);
3175	goto out;
3176	}
3177	EXPORT_SYMBOL(neigh_xmit);
3178
3179	#ifdef CONFIG_PROC_FS
3180
3181	static struct neighbour *neigh_get_first(struct seq_file *seq)
3182	{
3183	struct neigh_seq_state *state = seq->private;
3184	struct net *net = seq_file_net(seq);
3185	struct neigh_hash_table *nht = state->nht;
3186	struct neighbour *n = NULL;
3187	int bucket;
3188
3189	state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
3190	for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
3191	n = rcu_dereference(nht->hash_buckets[bucket]);
3192
3193	while (n) {
3194	if (!net_eq(net1: dev_net(dev: n->dev), net2: net))
3195	goto next;
3196	if (state->neigh_sub_iter) {
3197	loff_t fakep = 0;
3198	void *v;
3199
3200	v = state->neigh_sub_iter(state, n, &fakep);
3201	if (!v)
3202	goto next;
3203	}
3204	if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3205	break;
3206	if (READ_ONCE(n->nud_state) & ~NUD_NOARP)
3207	break;
3208	next:
3209	n = rcu_dereference(n->next);
3210	}
3211
3212	if (n)
3213	break;
3214	}
3215	state->bucket = bucket;
3216
3217	return n;
3218	}
3219
3220	static struct neighbour *neigh_get_next(struct seq_file *seq,
3221	struct neighbour *n,
3222	loff_t *pos)
3223	{
3224	struct neigh_seq_state *state = seq->private;
3225	struct net *net = seq_file_net(seq);
3226	struct neigh_hash_table *nht = state->nht;
3227
3228	if (state->neigh_sub_iter) {
3229	void *v = state->neigh_sub_iter(state, n, pos);
3230	if (v)
3231	return n;
3232	}
3233	n = rcu_dereference(n->next);
3234
3235	while (1) {
3236	while (n) {
3237	if (!net_eq(net1: dev_net(dev: n->dev), net2: net))
3238	goto next;
3239	if (state->neigh_sub_iter) {
3240	void *v = state->neigh_sub_iter(state, n, pos);
3241	if (v)
3242	return n;
3243	goto next;
3244	}
3245	if (!(state->flags & NEIGH_SEQ_SKIP_NOARP))
3246	break;
3247
3248	if (READ_ONCE(n->nud_state) & ~NUD_NOARP)
3249	break;
3250	next:
3251	n = rcu_dereference(n->next);
3252	}
3253
3254	if (n)
3255	break;
3256
3257	if (++state->bucket >= (1 << nht->hash_shift))
3258	break;
3259
3260	n = rcu_dereference(nht->hash_buckets[state->bucket]);
3261	}
3262
3263	if (n && pos)
3264	--(*pos);
3265	return n;
3266	}
3267
3268	static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
3269	{
3270	struct neighbour *n = neigh_get_first(seq);
3271
3272	if (n) {
3273	--(*pos);
3274	while (*pos) {
3275	n = neigh_get_next(seq, n, pos);
3276	if (!n)
3277	break;
3278	}
3279	}
3280	return *pos ? NULL : n;
3281	}
3282
3283	static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
3284	{
3285	struct neigh_seq_state *state = seq->private;
3286	struct net *net = seq_file_net(seq);
3287	struct neigh_table *tbl = state->tbl;
3288	struct pneigh_entry *pn = NULL;
3289	int bucket;
3290
3291	state->flags |= NEIGH_SEQ_IS_PNEIGH;
3292	for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) {
3293	pn = tbl->phash_buckets[bucket];
3294	while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net))
3295	pn = pn->next;
3296	if (pn)
3297	break;
3298	}
3299	state->bucket = bucket;
3300
3301	return pn;
3302	}
3303
3304	static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
3305	struct pneigh_entry *pn,
3306	loff_t *pos)
3307	{
3308	struct neigh_seq_state *state = seq->private;
3309	struct net *net = seq_file_net(seq);
3310	struct neigh_table *tbl = state->tbl;
3311
3312	do {
3313	pn = pn->next;
3314	} while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net));
3315
3316	while (!pn) {
3317	if (++state->bucket > PNEIGH_HASHMASK)
3318	break;
3319	pn = tbl->phash_buckets[state->bucket];
3320	while (pn && !net_eq(net1: pneigh_net(pneigh: pn), net2: net))
3321	pn = pn->next;
3322	if (pn)
3323	break;
3324	}
3325
3326	if (pn && pos)
3327	--(*pos);
3328
3329	return pn;
3330	}
3331
3332	static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
3333	{
3334	struct pneigh_entry *pn = pneigh_get_first(seq);
3335
3336	if (pn) {
3337	--(*pos);
3338	while (*pos) {
3339	pn = pneigh_get_next(seq, pn, pos);
3340	if (!pn)
3341	break;
3342	}
3343	}
3344	return *pos ? NULL : pn;
3345	}
3346
3347	static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
3348	{
3349	struct neigh_seq_state *state = seq->private;
3350	void *rc;
3351	loff_t idxpos = *pos;
3352
3353	rc = neigh_get_idx(seq, pos: &idxpos);
3354	if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3355	rc = pneigh_get_idx(seq, pos: &idxpos);
3356
3357	return rc;
3358	}
3359
3360	void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
3361	__acquires(tbl->lock)
3362	__acquires(rcu)
3363	{
3364	struct neigh_seq_state *state = seq->private;
3365
3366	state->tbl = tbl;
3367	state->bucket = 0;
3368	state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH);
3369
3370	rcu_read_lock();
3371	state->nht = rcu_dereference(tbl->nht);
3372	read_lock_bh(&tbl->lock);
3373
3374	return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
3375	}
3376	EXPORT_SYMBOL(neigh_seq_start);
3377
3378	void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3379	{
3380	struct neigh_seq_state *state;
3381	void *rc;
3382
3383	if (v == SEQ_START_TOKEN) {
3384	rc = neigh_get_first(seq);
3385	goto out;
3386	}
3387
3388	state = seq->private;
3389	if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) {
3390	rc = neigh_get_next(seq, n: v, NULL);
3391	if (rc)
3392	goto out;
3393	if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY))
3394	rc = pneigh_get_first(seq);
3395	} else {
3396	BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY);
3397	rc = pneigh_get_next(seq, pn: v, NULL);
3398	}
3399	out:
3400	++(*pos);
3401	return rc;
3402	}
3403	EXPORT_SYMBOL(neigh_seq_next);
3404
3405	void neigh_seq_stop(struct seq_file *seq, void *v)
3406	__releases(tbl->lock)
3407	__releases(rcu)
3408	{
3409	struct neigh_seq_state *state = seq->private;
3410	struct neigh_table *tbl = state->tbl;
3411
3412	read_unlock_bh(&tbl->lock);
3413	rcu_read_unlock();
3414	}
3415	EXPORT_SYMBOL(neigh_seq_stop);
3416
3417	/* statistics via seq_file */
3418
3419	static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos)
3420	{
3421	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3422	int cpu;
3423
3424	if (*pos == 0)
3425	return SEQ_START_TOKEN;
3426
3427	for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
3428	if (!cpu_possible(cpu))
3429	continue;
3430	*pos = cpu+1;
3431	return per_cpu_ptr(tbl->stats, cpu);
3432	}
3433	return NULL;
3434	}
3435
3436	static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3437	{
3438	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3439	int cpu;
3440
3441	for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
3442	if (!cpu_possible(cpu))
3443	continue;
3444	*pos = cpu+1;
3445	return per_cpu_ptr(tbl->stats, cpu);
3446	}
3447	(*pos)++;
3448	return NULL;
3449	}
3450
3451	static void neigh_stat_seq_stop(struct seq_file *seq, void *v)
3452	{
3453
3454	}
3455
3456	static int neigh_stat_seq_show(struct seq_file *seq, void *v)
3457	{
3458	struct neigh_table *tbl = pde_data(inode: file_inode(f: seq->file));
3459	struct neigh_statistics *st = v;
3460
3461	if (v == SEQ_START_TOKEN) {
3462	seq_puts(m: seq, s: "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards table_fulls\n");
3463	return 0;
3464	}
3465
3466	seq_printf(m: seq, fmt: "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
3467	"%08lx %08lx %08lx "
3468	"%08lx %08lx %08lx\n",
3469	atomic_read(v: &tbl->entries),
3470
3471	st->allocs,
3472	st->destroys,
3473	st->hash_grows,
3474
3475	st->lookups,
3476	st->hits,
3477
3478	st->res_failed,
3479
3480	st->rcv_probes_mcast,
3481	st->rcv_probes_ucast,
3482
3483	st->periodic_gc_runs,
3484	st->forced_gc_runs,
3485	st->unres_discards,
3486	st->table_fulls
3487	);
3488
3489	return 0;
3490	}
3491
3492	static const struct seq_operations neigh_stat_seq_ops = {
3493	.start = neigh_stat_seq_start,
3494	.next = neigh_stat_seq_next,
3495	.stop = neigh_stat_seq_stop,
3496	.show = neigh_stat_seq_show,
3497	};
3498	#endif /* CONFIG_PROC_FS */
3499
3500	static void __neigh_notify(struct neighbour *n, int type, int flags,
3501	u32 pid)
3502	{
3503	struct net *net = dev_net(dev: n->dev);
3504	struct sk_buff *skb;
3505	int err = -ENOBUFS;
3506
3507	skb = nlmsg_new(payload: neigh_nlmsg_size(), GFP_ATOMIC);
3508	if (skb == NULL)
3509	goto errout;
3510
3511	err = neigh_fill_info(skb, neigh: n, pid, seq: 0, type, flags);
3512	if (err < 0) {
3513	/* -EMSGSIZE implies BUG in neigh_nlmsg_size() */
3514	WARN_ON(err == -EMSGSIZE);
3515	kfree_skb(skb);
3516	goto errout;
3517	}
3518	rtnl_notify(skb, net, pid: 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
3519	return;
3520	errout:
3521	if (err < 0)
3522	rtnl_set_sk_err(net, RTNLGRP_NEIGH, error: err);
3523	}
3524
3525	void neigh_app_ns(struct neighbour *n)
3526	{
3527	__neigh_notify(n, RTM_GETNEIGH, NLM_F_REQUEST, pid: 0);
3528	}
3529	EXPORT_SYMBOL(neigh_app_ns);
3530
3531	#ifdef CONFIG_SYSCTL
3532	static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
3533
3534	static int proc_unres_qlen(struct ctl_table *ctl, int write,
3535	void *buffer, size_t *lenp, loff_t *ppos)
3536	{
3537	int size, ret;
3538	struct ctl_table tmp = *ctl;
3539
3540	tmp.extra1 = SYSCTL_ZERO;
3541	tmp.extra2 = &unres_qlen_max;
3542	tmp.data = &size;
3543
3544	size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
3545	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3546
3547	if (write && !ret)
3548	*(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
3549	return ret;
3550	}
3551
3552	static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
3553	int index)
3554	{
3555	struct net_device *dev;
3556	int family = neigh_parms_family(p);
3557
3558	rcu_read_lock();
3559	for_each_netdev_rcu(net, dev) {
3560	struct neigh_parms *dst_p =
3561	neigh_get_dev_parms_rcu(dev, family);
3562
3563	if (dst_p && !test_bit(index, dst_p->data_state))
3564	dst_p->data[index] = p->data[index];
3565	}
3566	rcu_read_unlock();
3567	}
3568
3569	static void neigh_proc_update(struct ctl_table *ctl, int write)
3570	{
3571	struct net_device *dev = ctl->extra1;
3572	struct neigh_parms *p = ctl->extra2;
3573	struct net *net = neigh_parms_net(parms: p);
3574	int index = (int *) ctl->data - p->data;
3575
3576	if (!write)
3577	return;
3578
3579	set_bit(nr: index, addr: p->data_state);
3580	if (index == NEIGH_VAR_DELAY_PROBE_TIME)
3581	call_netevent_notifiers(val: NETEVENT_DELAY_PROBE_TIME_UPDATE, v: p);
3582	if (!dev) /* NULL dev means this is default value */
3583	neigh_copy_dflt_parms(net, p, index);
3584	}
3585
3586	static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3587	void *buffer, size_t *lenp,
3588	loff_t *ppos)
3589	{
3590	struct ctl_table tmp = *ctl;
3591	int ret;
3592
3593	tmp.extra1 = SYSCTL_ZERO;
3594	tmp.extra2 = SYSCTL_INT_MAX;
3595
3596	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3597	neigh_proc_update(ctl, write);
3598	return ret;
3599	}
3600
3601	static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, int write,
3602	void *buffer, size_t *lenp, loff_t *ppos)
3603	{
3604	struct ctl_table tmp = *ctl;
3605	int ret;
3606
3607	int min = msecs_to_jiffies(m: 1);
3608
3609	tmp.extra1 = &min;
3610	tmp.extra2 = NULL;
3611
3612	ret = proc_dointvec_ms_jiffies_minmax(table: &tmp, write, buffer, lenp, ppos);
3613	neigh_proc_update(ctl, write);
3614	return ret;
3615	}
3616
3617	int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
3618	size_t *lenp, loff_t *ppos)
3619	{
3620	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3621
3622	neigh_proc_update(ctl, write);
3623	return ret;
3624	}
3625	EXPORT_SYMBOL(neigh_proc_dointvec);
3626
3627	int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
3628	size_t *lenp, loff_t *ppos)
3629	{
3630	int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3631
3632	neigh_proc_update(ctl, write);
3633	return ret;
3634	}
3635	EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3636
3637	static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3638	void *buffer, size_t *lenp,
3639	loff_t *ppos)
3640	{
3641	int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3642
3643	neigh_proc_update(ctl, write);
3644	return ret;
3645	}
3646
3647	int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3648	void *buffer, size_t *lenp, loff_t *ppos)
3649	{
3650	int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3651
3652	neigh_proc_update(ctl, write);
3653	return ret;
3654	}
3655	EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3656
3657	static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3658	void *buffer, size_t *lenp,
3659	loff_t *ppos)
3660	{
3661	int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3662
3663	neigh_proc_update(ctl, write);
3664	return ret;
3665	}
3666
3667	static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3668	void *buffer, size_t *lenp,
3669	loff_t *ppos)
3670	{
3671	struct neigh_parms *p = ctl->extra2;
3672	int ret;
3673
3674	if (strcmp(ctl->procname, "base_reachable_time") == 0)
3675	ret = neigh_proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
3676	else if (strcmp(ctl->procname, "base_reachable_time_ms") == 0)
3677	ret = neigh_proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3678	else
3679	ret = -1;
3680
3681	if (write && ret == 0) {
3682	/* update reachable_time as well, otherwise, the change will
3683	* only be effective after the next time neigh_periodic_work
3684	* decides to recompute it
3685	*/
3686	p->reachable_time =
3687	neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
3688	}
3689	return ret;
3690	}
3691
3692	#define NEIGH_PARMS_DATA_OFFSET(index) \
3693	(&((struct neigh_parms *) 0)->data[index])
3694
3695	#define NEIGH_SYSCTL_ENTRY(attr, data_attr, name, mval, proc) \
3696	[NEIGH_VAR_ ## attr] = { \
3697	.procname = name, \
3698	.data = NEIGH_PARMS_DATA_OFFSET(NEIGH_VAR_ ## data_attr), \
3699	.maxlen = sizeof(int), \
3700	.mode = mval, \
3701	.proc_handler = proc, \
3702	}
3703
3704	#define NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(attr, name) \
3705	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_zero_intmax)
3706
3707	#define NEIGH_SYSCTL_JIFFIES_ENTRY(attr, name) \
3708	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_jiffies)
3709
3710	#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3711	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3712
3713	#define NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(attr, name) \
3714	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies_positive)
3715
3716	#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3717	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3718
3719	#define NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(attr, data_attr, name) \
3720	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_unres_qlen)
3721
3722	static struct neigh_sysctl_table {
3723	struct ctl_table_header *sysctl_header;
3724	struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
3725	} neigh_sysctl_template __read_mostly = {
3726	.neigh_vars = {
3727	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
3728	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(UCAST_PROBES, "ucast_solicit"),
3729	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(APP_PROBES, "app_solicit"),
3730	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_REPROBES, "mcast_resolicit"),
3731	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(RETRANS_TIME, "retrans_time"),
3732	NEIGH_SYSCTL_JIFFIES_ENTRY(BASE_REACHABLE_TIME, "base_reachable_time"),
3733	NEIGH_SYSCTL_JIFFIES_ENTRY(DELAY_PROBE_TIME, "delay_first_probe_time"),
3734	NEIGH_SYSCTL_MS_JIFFIES_POSITIVE_ENTRY(INTERVAL_PROBE_TIME_MS,
3735	"interval_probe_time_ms"),
3736	NEIGH_SYSCTL_JIFFIES_ENTRY(GC_STALETIME, "gc_stale_time"),
3737	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(QUEUE_LEN_BYTES, "unres_qlen_bytes"),
3738	NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(PROXY_QLEN, "proxy_qlen"),
3739	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(ANYCAST_DELAY, "anycast_delay"),
3740	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(PROXY_DELAY, "proxy_delay"),
3741	NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(LOCKTIME, "locktime"),
3742	NEIGH_SYSCTL_UNRES_QLEN_REUSED_ENTRY(QUEUE_LEN, QUEUE_LEN_BYTES, "unres_qlen"),
3743	NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(RETRANS_TIME_MS, RETRANS_TIME, "retrans_time_ms"),
3744	NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(BASE_REACHABLE_TIME_MS, BASE_REACHABLE_TIME, "base_reachable_time_ms"),
3745	[NEIGH_VAR_GC_INTERVAL] = {
3746	.procname = "gc_interval",
3747	.maxlen = sizeof(int),
3748	.mode = 0644,
3749	.proc_handler = proc_dointvec_jiffies,
3750	},
3751	[NEIGH_VAR_GC_THRESH1] = {
3752	.procname = "gc_thresh1",
3753	.maxlen = sizeof(int),
3754	.mode = 0644,
3755	.extra1 = SYSCTL_ZERO,
3756	.extra2 = SYSCTL_INT_MAX,
3757	.proc_handler = proc_dointvec_minmax,
3758	},
3759	[NEIGH_VAR_GC_THRESH2] = {
3760	.procname = "gc_thresh2",
3761	.maxlen = sizeof(int),
3762	.mode = 0644,
3763	.extra1 = SYSCTL_ZERO,
3764	.extra2 = SYSCTL_INT_MAX,
3765	.proc_handler = proc_dointvec_minmax,
3766	},
3767	[NEIGH_VAR_GC_THRESH3] = {
3768	.procname = "gc_thresh3",
3769	.maxlen = sizeof(int),
3770	.mode = 0644,
3771	.extra1 = SYSCTL_ZERO,
3772	.extra2 = SYSCTL_INT_MAX,
3773	.proc_handler = proc_dointvec_minmax,
3774	},
3775	{},
3776	},
3777	};
3778
3779	int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3780	proc_handler *handler)
3781	{
3782	int i;
3783	struct neigh_sysctl_table *t;
3784	const char *dev_name_source;
3785	char neigh_path[ sizeof("net//neigh/") + IFNAMSIZ + IFNAMSIZ ];
3786	char *p_name;
3787	size_t neigh_vars_size;
3788
3789	t = kmemdup(p: &neigh_sysctl_template, size: sizeof(*t), GFP_KERNEL_ACCOUNT);
3790	if (!t)
3791	goto err;
3792
3793	for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3794	t->neigh_vars[i].data += (long) p;
3795	t->neigh_vars[i].extra1 = dev;
3796	t->neigh_vars[i].extra2 = p;
3797	}
3798
3799	neigh_vars_size = ARRAY_SIZE(t->neigh_vars);
3800	if (dev) {
3801	dev_name_source = dev->name;
3802	/* Terminate the table early */
3803	memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
3804	sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
3805	neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1;
3806	} else {
3807	struct neigh_table *tbl = p->tbl;
3808	dev_name_source = "default";
3809	t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &tbl->gc_interval;
3810	t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &tbl->gc_thresh1;
3811	t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &tbl->gc_thresh2;
3812	t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &tbl->gc_thresh3;
3813	}
3814
3815	if (handler) {
3816	/* RetransTime */
3817	t->neigh_vars[NEIGH_VAR_RETRANS_TIME].proc_handler = handler;
3818	/* ReachableTime */
3819	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler = handler;
3820	/* RetransTime (in milliseconds)*/
3821	t->neigh_vars[NEIGH_VAR_RETRANS_TIME_MS].proc_handler = handler;
3822	/* ReachableTime (in milliseconds) */
3823	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler = handler;
3824	} else {
3825	/* Those handlers will update p->reachable_time after
3826	* base_reachable_time(_ms) is set to ensure the new timer starts being
3827	* applied after the next neighbour update instead of waiting for
3828	* neigh_periodic_work to update its value (can be multiple minutes)
3829	* So any handler that replaces them should do this as well
3830	*/
3831	/* ReachableTime */
3832	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME].proc_handler =
3833	neigh_proc_base_reachable_time;
3834	/* ReachableTime (in milliseconds) */
3835	t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].proc_handler =
3836	neigh_proc_base_reachable_time;
3837	}
3838
3839	switch (neigh_parms_family(p)) {
3840	case AF_INET:
3841	p_name = "ipv4";
3842	break;
3843	case AF_INET6:
3844	p_name = "ipv6";
3845	break;
3846	default:
3847	BUG();
3848	}
3849
3850	snprintf(buf: neigh_path, size: sizeof(neigh_path), fmt: "net/%s/neigh/%s",
3851	p_name, dev_name_source);
3852	t->sysctl_header = register_net_sysctl_sz(net: neigh_parms_net(parms: p),
3853	path: neigh_path, table: t->neigh_vars,
3854	table_size: neigh_vars_size);
3855	if (!t->sysctl_header)
3856	goto free;
3857
3858	p->sysctl_table = t;
3859	return 0;
3860
3861	free:
3862	kfree(objp: t);
3863	err:
3864	return -ENOBUFS;
3865	}
3866	EXPORT_SYMBOL(neigh_sysctl_register);
3867
3868	void neigh_sysctl_unregister(struct neigh_parms *p)
3869	{
3870	if (p->sysctl_table) {
3871	struct neigh_sysctl_table *t = p->sysctl_table;
3872	p->sysctl_table = NULL;
3873	unregister_net_sysctl_table(header: t->sysctl_header);
3874	kfree(objp: t);
3875	}
3876	}
3877	EXPORT_SYMBOL(neigh_sysctl_unregister);
3878
3879	#endif /* CONFIG_SYSCTL */
3880
3881	static int __init neigh_init(void)
3882	{
3883	rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, flags: 0);
3884	rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, flags: 0);
3885	rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, flags: 0);
3886
3887	rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3888	flags: 0);
3889	rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, flags: 0);
3890
3891	return 0;
3892	}
3893
3894	subsys_initcall(neigh_init);
3895