1 /* linux/net/ipv4/arp.c
3 * Copyright (C) 1994 by Florian La Roche
5 * This module implements the Address Resolution Protocol ARP (RFC 826),
6 * which is used to convert IP addresses (or in the future maybe other
7 * high-level addresses) into a low-level hardware address (like an Ethernet
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
16 * Alan Cox : Removed the Ethernet assumptions in
18 * Alan Cox : Fixed some small errors in the ARP
20 * Alan Cox : Allow >4K in /proc
21 * Alan Cox : Make ARP add its own protocol entry
22 * Ross Martin : Rewrote arp_rcv() and arp_get_info()
23 * Stephen Henson : Add AX25 support to arp_get_info()
24 * Alan Cox : Drop data when a device is downed.
25 * Alan Cox : Use init_timer().
26 * Alan Cox : Double lock fixes.
27 * Martin Seine : Move the arphdr structure
28 * to if_arp.h for compatibility.
29 * with BSD based programs.
30 * Andrew Tridgell : Added ARP netmask code and
31 * re-arranged proxy handling.
32 * Alan Cox : Changed to use notifiers.
33 * Niibe Yutaka : Reply for this device or proxies only.
34 * Alan Cox : Don't proxy across hardware types!
35 * Jonathan Naylor : Added support for NET/ROM.
36 * Mike Shaver : RFC1122 checks.
37 * Jonathan Naylor : Only lookup the hardware address for
38 * the correct hardware type.
39 * Germano Caronni : Assorted subtle races.
40 * Craig Schlenter : Don't modify permanent entry
42 * Russ Nelson : Tidied up a few bits.
43 * Alexey Kuznetsov: Major changes to caching and behaviour,
44 * eg intelligent arp probing and
46 * of host down events.
47 * Alan Cox : Missing unlock in device events.
48 * Eckes : ARP ioctl control errors.
49 * Alexey Kuznetsov: Arp free fix.
50 * Manuel Rodriguez: Gratuitous ARP.
51 * Jonathan Layes : Added arpd support through kerneld
52 * message queue (960314)
53 * Mike Shaver : /proc/sys/net/ipv4/arp_* support
54 * Mike McLagan : Routing by source
55 * Stuart Cheshire : Metricom and grat arp fixes
56 * *** FOR 2.1 clean this up ***
57 * Lawrence V. Stefani: (08/12/96) Added FDDI support.
58 * Alan Cox : Took the AP1000 nasty FDDI hack and
59 * folded into the mainstream FDDI code.
60 * Ack spit, Linus how did you allow that
62 * Jes Sorensen : Make FDDI work again in 2.1.x and
63 * clean up the APFDDI & gen. FDDI bits.
64 * Alexey Kuznetsov: new arp state machine;
65 * now it is in net/core/neighbour.c.
66 * Krzysztof Halasa: Added Frame Relay ARP support.
67 * Arnaldo C. Melo : convert /proc/net/arp to seq_file
68 * Shmulik Hen: Split arp_send to arp_create and
69 * arp_xmit so intermediate drivers like
70 * bonding can change the skb before
71 * sending (e.g. insert 8021q tag).
72 * Harald Welte : convert to make use of jenkins hash
73 * Jesper D. Brouer: Proxy ARP PVLAN RFC 3069 support.
76 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
78 #include <linux/module.h>
79 #include <linux/types.h>
80 #include <linux/string.h>
81 #include <linux/kernel.h>
82 #include <linux/capability.h>
83 #include <linux/socket.h>
84 #include <linux/sockios.h>
85 #include <linux/errno.h>
88 #include <linux/inet.h>
89 #include <linux/inetdevice.h>
90 #include <linux/netdevice.h>
91 #include <linux/etherdevice.h>
92 #include <linux/fddidevice.h>
93 #include <linux/if_arp.h>
94 #include <linux/skbuff.h>
95 #include <linux/proc_fs.h>
96 #include <linux/seq_file.h>
97 #include <linux/stat.h>
98 #include <linux/init.h>
99 #include <linux/net.h>
100 #include <linux/rcupdate.h>
101 #include <linux/slab.h>
103 #include <linux/sysctl.h>
106 #include <net/net_namespace.h>
108 #include <net/icmp.h>
109 #include <net/route.h>
110 #include <net/protocol.h>
112 #include <net/sock.h>
114 #include <net/ax25.h>
115 #include <net/netrom.h>
117 #include <linux/uaccess.h>
119 #include <linux/netfilter_arp.h>
122 * Interface to generic neighbour cache.
124 static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 *hash_rnd);
125 static int arp_constructor(struct neighbour *neigh);
126 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb);
127 static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb);
128 static void parp_redo(struct sk_buff *skb);
130 static const struct neigh_ops arp_generic_ops = {
132 .solicit = arp_solicit,
133 .error_report = arp_error_report,
134 .output = neigh_resolve_output,
135 .connected_output = neigh_connected_output,
138 static const struct neigh_ops arp_hh_ops = {
140 .solicit = arp_solicit,
141 .error_report = arp_error_report,
142 .output = neigh_resolve_output,
143 .connected_output = neigh_resolve_output,
146 static const struct neigh_ops arp_direct_ops = {
148 .output = neigh_direct_output,
149 .connected_output = neigh_direct_output,
152 static const struct neigh_ops arp_broken_ops = {
154 .solicit = arp_solicit,
155 .error_report = arp_error_report,
156 .output = neigh_compat_output,
157 .connected_output = neigh_compat_output,
160 struct neigh_table arp_tbl = {
164 .constructor = arp_constructor,
165 .proxy_redo = parp_redo,
169 .reachable_time = 30 * HZ,
171 [NEIGH_VAR_MCAST_PROBES] = 3,
172 [NEIGH_VAR_UCAST_PROBES] = 3,
173 [NEIGH_VAR_RETRANS_TIME] = 1 * HZ,
174 [NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ,
175 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
176 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
177 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
178 [NEIGH_VAR_PROXY_QLEN] = 64,
179 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
180 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
181 [NEIGH_VAR_LOCKTIME] = 1 * HZ,
184 .gc_interval = 30 * HZ,
189 EXPORT_SYMBOL(arp_tbl);
191 int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
197 ip_eth_mc_map(addr, haddr);
199 case ARPHRD_INFINIBAND:
200 ip_ib_mc_map(addr, dev->broadcast, haddr);
203 ip_ipgre_mc_map(addr, dev->broadcast, haddr);
207 memcpy(haddr, dev->broadcast, dev->addr_len);
215 static u32 arp_hash(const void *pkey,
216 const struct net_device *dev,
219 return arp_hashfn(*(u32 *)pkey, dev, *hash_rnd);
222 static int arp_constructor(struct neighbour *neigh)
224 __be32 addr = *(__be32 *)neigh->primary_key;
225 struct net_device *dev = neigh->dev;
226 struct in_device *in_dev;
227 struct neigh_parms *parms;
230 in_dev = __in_dev_get_rcu(dev);
231 if (in_dev == NULL) {
236 neigh->type = inet_addr_type(dev_net(dev), addr);
238 parms = in_dev->arp_parms;
239 __neigh_parms_put(neigh->parms);
240 neigh->parms = neigh_parms_clone(parms);
243 if (!dev->header_ops) {
244 neigh->nud_state = NUD_NOARP;
245 neigh->ops = &arp_direct_ops;
246 neigh->output = neigh_direct_output;
248 /* Good devices (checked by reading texts, but only Ethernet is
251 ARPHRD_ETHER: (ethernet, apfddi)
254 ARPHRD_METRICOM: (strip)
258 ARPHRD_IPDDP will also work, if author repairs it.
259 I did not it, because this driver does not work even
264 /* So... these "amateur" devices are hopeless.
265 The only thing, that I can say now:
266 It is very sad that we need to keep ugly obsolete
267 code to make them happy.
269 They should be moved to more reasonable state, now
270 they use rebuild_header INSTEAD OF hard_start_xmit!!!
271 Besides that, they are sort of out of date
272 (a lot of redundant clones/copies, useless in 2.1),
273 I wonder why people believe that they work.
279 #if IS_ENABLED(CONFIG_AX25)
281 #if IS_ENABLED(CONFIG_NETROM)
284 neigh->ops = &arp_broken_ops;
285 neigh->output = neigh->ops->output;
292 if (neigh->type == RTN_MULTICAST) {
293 neigh->nud_state = NUD_NOARP;
294 arp_mc_map(addr, neigh->ha, dev, 1);
295 } else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) {
296 neigh->nud_state = NUD_NOARP;
297 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
298 } else if (neigh->type == RTN_BROADCAST ||
299 (dev->flags & IFF_POINTOPOINT)) {
300 neigh->nud_state = NUD_NOARP;
301 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
304 if (dev->header_ops->cache)
305 neigh->ops = &arp_hh_ops;
307 neigh->ops = &arp_generic_ops;
309 if (neigh->nud_state & NUD_VALID)
310 neigh->output = neigh->ops->connected_output;
312 neigh->output = neigh->ops->output;
317 static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb)
319 dst_link_failure(skb);
323 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
326 u8 dst_ha[MAX_ADDR_LEN], *dst_hw = NULL;
327 struct net_device *dev = neigh->dev;
328 __be32 target = *(__be32 *)neigh->primary_key;
329 int probes = atomic_read(&neigh->probes);
330 struct in_device *in_dev;
333 in_dev = __in_dev_get_rcu(dev);
338 switch (IN_DEV_ARP_ANNOUNCE(in_dev)) {
340 case 0: /* By default announce any local IP */
341 if (skb && inet_addr_type(dev_net(dev),
342 ip_hdr(skb)->saddr) == RTN_LOCAL)
343 saddr = ip_hdr(skb)->saddr;
345 case 1: /* Restrict announcements of saddr in same subnet */
348 saddr = ip_hdr(skb)->saddr;
349 if (inet_addr_type(dev_net(dev), saddr) == RTN_LOCAL) {
350 /* saddr should be known to target */
351 if (inet_addr_onlink(in_dev, target, saddr))
356 case 2: /* Avoid secondary IPs, get a primary/preferred one */
362 saddr = inet_select_addr(dev, target, RT_SCOPE_LINK);
364 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
366 if (!(neigh->nud_state & NUD_VALID))
367 pr_debug("trying to ucast probe in NUD_INVALID\n");
368 neigh_ha_snapshot(dst_ha, neigh, dev);
371 probes -= NEIGH_VAR(neigh->parms, APP_PROBES);
378 arp_send(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr,
379 dst_hw, dev->dev_addr, NULL);
382 static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip)
384 struct net *net = dev_net(in_dev->dev);
387 switch (IN_DEV_ARP_IGNORE(in_dev)) {
388 case 0: /* Reply, the tip is already validated */
390 case 1: /* Reply only if tip is configured on the incoming interface */
392 scope = RT_SCOPE_HOST;
395 * Reply only if tip is configured on the incoming interface
396 * and is in same subnet as sip
398 scope = RT_SCOPE_HOST;
400 case 3: /* Do not reply for scope host addresses */
402 scope = RT_SCOPE_LINK;
405 case 4: /* Reserved */
410 case 8: /* Do not reply */
415 return !inet_confirm_addr(net, in_dev, sip, tip, scope);
418 static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
422 /*unsigned long now; */
423 struct net *net = dev_net(dev);
425 rt = ip_route_output(net, sip, tip, 0, 0);
428 if (rt->dst.dev != dev) {
429 NET_INC_STATS_BH(net, LINUX_MIB_ARPFILTER);
436 /* OBSOLETE FUNCTIONS */
439 * Find an arp mapping in the cache. If not found, post a request.
441 * It is very UGLY routine: it DOES NOT use skb->dst->neighbour,
442 * even if it exists. It is supposed that skb->dev was mangled
443 * by a virtual device (eql, shaper). Nobody but broken devices
444 * is allowed to use this function, it is scheduled to be removed. --ANK
447 static int arp_set_predefined(int addr_hint, unsigned char *haddr,
448 __be32 paddr, struct net_device *dev)
452 pr_debug("arp called for own IP address\n");
453 memcpy(haddr, dev->dev_addr, dev->addr_len);
456 arp_mc_map(paddr, haddr, dev, 1);
459 memcpy(haddr, dev->broadcast, dev->addr_len);
466 int arp_find(unsigned char *haddr, struct sk_buff *skb)
468 struct net_device *dev = skb->dev;
473 pr_debug("arp_find is called with dst==NULL\n");
478 paddr = rt_nexthop(skb_rtable(skb), ip_hdr(skb)->daddr);
479 if (arp_set_predefined(inet_addr_type(dev_net(dev), paddr), haddr,
483 n = __neigh_lookup(&arp_tbl, &paddr, dev, 1);
487 if (n->nud_state & NUD_VALID || neigh_event_send(n, skb) == 0) {
488 neigh_ha_snapshot(haddr, n, dev);
497 EXPORT_SYMBOL(arp_find);
499 /* END OF OBSOLETE FUNCTIONS */
502 * Check if we can use proxy ARP for this path
504 static inline int arp_fwd_proxy(struct in_device *in_dev,
505 struct net_device *dev, struct rtable *rt)
507 struct in_device *out_dev;
510 if (rt->dst.dev == dev)
513 if (!IN_DEV_PROXY_ARP(in_dev))
515 imi = IN_DEV_MEDIUM_ID(in_dev);
521 /* place to check for proxy_arp for routes */
523 out_dev = __in_dev_get_rcu(rt->dst.dev);
525 omi = IN_DEV_MEDIUM_ID(out_dev);
527 return omi != imi && omi != -1;
531 * Check for RFC3069 proxy arp private VLAN (allow to send back to same dev)
533 * RFC3069 supports proxy arp replies back to the same interface. This
534 * is done to support (ethernet) switch features, like RFC 3069, where
535 * the individual ports are not allowed to communicate with each
536 * other, BUT they are allowed to talk to the upstream router. As
537 * described in RFC 3069, it is possible to allow these hosts to
538 * communicate through the upstream router, by proxy_arp'ing.
540 * RFC 3069: "VLAN Aggregation for Efficient IP Address Allocation"
542 * This technology is known by different names:
543 * In RFC 3069 it is called VLAN Aggregation.
544 * Cisco and Allied Telesyn call it Private VLAN.
545 * Hewlett-Packard call it Source-Port filtering or port-isolation.
546 * Ericsson call it MAC-Forced Forwarding (RFC Draft).
549 static inline int arp_fwd_pvlan(struct in_device *in_dev,
550 struct net_device *dev, struct rtable *rt,
551 __be32 sip, __be32 tip)
553 /* Private VLAN is only concerned about the same ethernet segment */
554 if (rt->dst.dev != dev)
557 /* Don't reply on self probes (often done by windowz boxes)*/
561 if (IN_DEV_PROXY_ARP_PVLAN(in_dev))
568 * Interface to link layer: send routine and receive handler.
572 * Create an arp packet. If (dest_hw == NULL), we create a broadcast
575 struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
576 struct net_device *dev, __be32 src_ip,
577 const unsigned char *dest_hw,
578 const unsigned char *src_hw,
579 const unsigned char *target_hw)
583 unsigned char *arp_ptr;
584 int hlen = LL_RESERVED_SPACE(dev);
585 int tlen = dev->needed_tailroom;
591 skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC);
595 skb_reserve(skb, hlen);
596 skb_reset_network_header(skb);
597 arp = (struct arphdr *) skb_put(skb, arp_hdr_len(dev));
599 skb->protocol = htons(ETH_P_ARP);
601 src_hw = dev->dev_addr;
603 dest_hw = dev->broadcast;
606 * Fill the device header for the ARP frame
608 if (dev_hard_header(skb, dev, ptype, dest_hw, src_hw, skb->len) < 0)
612 * Fill out the arp protocol part.
614 * The arp hardware type should match the device type, except for FDDI,
615 * which (according to RFC 1390) should always equal 1 (Ethernet).
618 * Exceptions everywhere. AX.25 uses the AX.25 PID value not the
619 * DIX code for the protocol. Make these device structure fields.
623 arp->ar_hrd = htons(dev->type);
624 arp->ar_pro = htons(ETH_P_IP);
627 #if IS_ENABLED(CONFIG_AX25)
629 arp->ar_hrd = htons(ARPHRD_AX25);
630 arp->ar_pro = htons(AX25_P_IP);
633 #if IS_ENABLED(CONFIG_NETROM)
635 arp->ar_hrd = htons(ARPHRD_NETROM);
636 arp->ar_pro = htons(AX25_P_IP);
641 #if IS_ENABLED(CONFIG_FDDI)
643 arp->ar_hrd = htons(ARPHRD_ETHER);
644 arp->ar_pro = htons(ETH_P_IP);
649 arp->ar_hln = dev->addr_len;
651 arp->ar_op = htons(type);
653 arp_ptr = (unsigned char *)(arp + 1);
655 memcpy(arp_ptr, src_hw, dev->addr_len);
656 arp_ptr += dev->addr_len;
657 memcpy(arp_ptr, &src_ip, 4);
661 #if IS_ENABLED(CONFIG_FIREWIRE_NET)
662 case ARPHRD_IEEE1394:
666 if (target_hw != NULL)
667 memcpy(arp_ptr, target_hw, dev->addr_len);
669 memset(arp_ptr, 0, dev->addr_len);
670 arp_ptr += dev->addr_len;
672 memcpy(arp_ptr, &dest_ip, 4);
680 EXPORT_SYMBOL(arp_create);
683 * Send an arp packet.
685 void arp_xmit(struct sk_buff *skb)
687 /* Send it off, maybe filter it using firewalling first. */
688 NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit);
690 EXPORT_SYMBOL(arp_xmit);
693 * Create and send an arp packet.
695 void arp_send(int type, int ptype, __be32 dest_ip,
696 struct net_device *dev, __be32 src_ip,
697 const unsigned char *dest_hw, const unsigned char *src_hw,
698 const unsigned char *target_hw)
703 * No arp on this interface.
706 if (dev->flags&IFF_NOARP)
709 skb = arp_create(type, ptype, dest_ip, dev, src_ip,
710 dest_hw, src_hw, target_hw);
716 EXPORT_SYMBOL(arp_send);
719 * Process an arp request.
722 static int arp_process(struct sk_buff *skb)
724 struct net_device *dev = skb->dev;
725 struct in_device *in_dev = __in_dev_get_rcu(dev);
727 unsigned char *arp_ptr;
731 u16 dev_type = dev->type;
734 struct net *net = dev_net(dev);
735 bool is_garp = false;
737 /* arp_rcv below verifies the ARP header and verifies the device
748 if (arp->ar_pro != htons(ETH_P_IP) ||
749 htons(dev_type) != arp->ar_hrd)
756 * ETHERNET, and Fibre Channel (which are IEEE 802
757 * devices, according to RFC 2625) devices will accept ARP
758 * hardware types of either 1 (Ethernet) or 6 (IEEE 802.2).
759 * This is the case also of FDDI, where the RFC 1390 says that
760 * FDDI devices should accept ARP hardware of (1) Ethernet,
761 * however, to be more robust, we'll accept both 1 (Ethernet)
764 if ((arp->ar_hrd != htons(ARPHRD_ETHER) &&
765 arp->ar_hrd != htons(ARPHRD_IEEE802)) ||
766 arp->ar_pro != htons(ETH_P_IP))
770 if (arp->ar_pro != htons(AX25_P_IP) ||
771 arp->ar_hrd != htons(ARPHRD_AX25))
775 if (arp->ar_pro != htons(AX25_P_IP) ||
776 arp->ar_hrd != htons(ARPHRD_NETROM))
781 /* Understand only these message types */
783 if (arp->ar_op != htons(ARPOP_REPLY) &&
784 arp->ar_op != htons(ARPOP_REQUEST))
790 arp_ptr = (unsigned char *)(arp + 1);
792 arp_ptr += dev->addr_len;
793 memcpy(&sip, arp_ptr, 4);
796 #if IS_ENABLED(CONFIG_FIREWIRE_NET)
797 case ARPHRD_IEEE1394:
801 arp_ptr += dev->addr_len;
803 memcpy(&tip, arp_ptr, 4);
805 * Check for bad requests for 127.x.x.x and requests for multicast
806 * addresses. If this is one such, delete it.
808 if (ipv4_is_multicast(tip) ||
809 (!IN_DEV_ROUTE_LOCALNET(in_dev) && ipv4_is_loopback(tip)))
813 * Special case: We must set Frame Relay source Q.922 address
815 if (dev_type == ARPHRD_DLCI)
816 sha = dev->broadcast;
819 * Process entry. The idea here is we want to send a reply if it is a
820 * request for us or if it is a request for someone else that we hold
821 * a proxy for. We want to add an entry to our cache if it is a reply
822 * to us or if it is a request for our address.
823 * (The assumption for this last is that if someone is requesting our
824 * address, they are probably intending to talk to us, so it saves time
825 * if we cache their address. Their address is also probably not in
826 * our cache, since ours is not in their cache.)
828 * Putting this another way, we only care about replies if they are to
829 * us, in which case we add them to the cache. For requests, we care
830 * about those for us and those for our proxies. We reply to both,
831 * and in the case of requests for us we add the requester to the arp
835 /* Special case: IPv4 duplicate address detection packet (RFC2131) */
837 if (arp->ar_op == htons(ARPOP_REQUEST) &&
838 inet_addr_type(net, tip) == RTN_LOCAL &&
839 !arp_ignore(in_dev, sip, tip))
840 arp_send(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha,
845 if (arp->ar_op == htons(ARPOP_REQUEST) &&
846 ip_route_input_noref(skb, tip, sip, 0, dev) == 0) {
848 rt = skb_rtable(skb);
849 addr_type = rt->rt_type;
851 if (addr_type == RTN_LOCAL) {
854 dont_send = arp_ignore(in_dev, sip, tip);
855 if (!dont_send && IN_DEV_ARPFILTER(in_dev))
856 dont_send = arp_filter(sip, tip, dev);
858 n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
860 arp_send(ARPOP_REPLY, ETH_P_ARP, sip,
861 dev, tip, sha, dev->dev_addr,
867 } else if (IN_DEV_FORWARD(in_dev)) {
868 if (addr_type == RTN_UNICAST &&
869 (arp_fwd_proxy(in_dev, dev, rt) ||
870 arp_fwd_pvlan(in_dev, dev, rt, sip, tip) ||
871 (rt->dst.dev != dev &&
872 pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) {
873 n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
877 if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
878 skb->pkt_type == PACKET_HOST ||
879 NEIGH_VAR(in_dev->arp_parms, PROXY_DELAY) == 0) {
880 arp_send(ARPOP_REPLY, ETH_P_ARP, sip,
881 dev, tip, sha, dev->dev_addr,
884 pneigh_enqueue(&arp_tbl,
885 in_dev->arp_parms, skb);
893 /* Update our ARP tables */
895 n = __neigh_lookup(&arp_tbl, &sip, dev, 0);
897 if (IN_DEV_ARP_ACCEPT(in_dev)) {
898 /* Unsolicited ARP is not accepted by default.
899 It is possible, that this option should be enabled for some
900 devices (strip is candidate)
902 is_garp = arp->ar_op == htons(ARPOP_REQUEST) && tip == sip &&
903 inet_addr_type(net, sip) == RTN_UNICAST;
906 ((arp->ar_op == htons(ARPOP_REPLY) &&
907 inet_addr_type(net, sip) == RTN_UNICAST) || is_garp))
908 n = __neigh_lookup(&arp_tbl, &sip, dev, 1);
912 int state = NUD_REACHABLE;
915 /* If several different ARP replies follows back-to-back,
916 use the FIRST one. It is possible, if several proxy
917 agents are active. Taking the first reply prevents
918 arp trashing and chooses the fastest router.
920 override = time_after(jiffies,
922 NEIGH_VAR(n->parms, LOCKTIME)) ||
925 /* Broadcast replies and request packets
926 do not assert neighbour reachability.
928 if (arp->ar_op != htons(ARPOP_REPLY) ||
929 skb->pkt_type != PACKET_HOST)
931 neigh_update(n, sha, state,
932 override ? NEIGH_UPDATE_F_OVERRIDE : 0);
941 static void parp_redo(struct sk_buff *skb)
948 * Receive an arp request from the device layer.
951 static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
952 struct packet_type *pt, struct net_device *orig_dev)
954 const struct arphdr *arp;
956 if (dev->flags & IFF_NOARP ||
957 skb->pkt_type == PACKET_OTHERHOST ||
958 skb->pkt_type == PACKET_LOOPBACK)
961 skb = skb_share_check(skb, GFP_ATOMIC);
965 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
966 if (!pskb_may_pull(skb, arp_hdr_len(dev)))
970 if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4)
973 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
975 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
984 * User level interface (ioctl)
988 * Set (create) an ARP cache entry.
991 static int arp_req_set_proxy(struct net *net, struct net_device *dev, int on)
994 IPV4_DEVCONF_ALL(net, PROXY_ARP) = on;
997 if (__in_dev_get_rtnl(dev)) {
998 IN_DEV_CONF_SET(__in_dev_get_rtnl(dev), PROXY_ARP, on);
1004 static int arp_req_set_public(struct net *net, struct arpreq *r,
1005 struct net_device *dev)
1007 __be32 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1008 __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr;
1010 if (mask && mask != htonl(0xFFFFFFFF))
1012 if (!dev && (r->arp_flags & ATF_COM)) {
1013 dev = dev_getbyhwaddr_rcu(net, r->arp_ha.sa_family,
1019 if (pneigh_lookup(&arp_tbl, net, &ip, dev, 1) == NULL)
1024 return arp_req_set_proxy(net, dev, 1);
1027 static int arp_req_set(struct net *net, struct arpreq *r,
1028 struct net_device *dev)
1031 struct neighbour *neigh;
1034 if (r->arp_flags & ATF_PUBL)
1035 return arp_req_set_public(net, r, dev);
1037 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1038 if (r->arp_flags & ATF_PERM)
1039 r->arp_flags |= ATF_COM;
1041 struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0);
1050 switch (dev->type) {
1051 #if IS_ENABLED(CONFIG_FDDI)
1054 * According to RFC 1390, FDDI devices should accept ARP
1055 * hardware types of 1 (Ethernet). However, to be more
1056 * robust, we'll accept hardware types of either 1 (Ethernet)
1057 * or 6 (IEEE 802.2).
1059 if (r->arp_ha.sa_family != ARPHRD_FDDI &&
1060 r->arp_ha.sa_family != ARPHRD_ETHER &&
1061 r->arp_ha.sa_family != ARPHRD_IEEE802)
1066 if (r->arp_ha.sa_family != dev->type)
1071 neigh = __neigh_lookup_errno(&arp_tbl, &ip, dev);
1072 err = PTR_ERR(neigh);
1073 if (!IS_ERR(neigh)) {
1074 unsigned int state = NUD_STALE;
1075 if (r->arp_flags & ATF_PERM)
1076 state = NUD_PERMANENT;
1077 err = neigh_update(neigh, (r->arp_flags & ATF_COM) ?
1078 r->arp_ha.sa_data : NULL, state,
1079 NEIGH_UPDATE_F_OVERRIDE |
1080 NEIGH_UPDATE_F_ADMIN);
1081 neigh_release(neigh);
1086 static unsigned int arp_state_to_flags(struct neighbour *neigh)
1088 if (neigh->nud_state&NUD_PERMANENT)
1089 return ATF_PERM | ATF_COM;
1090 else if (neigh->nud_state&NUD_VALID)
1097 * Get an ARP cache entry.
1100 static int arp_req_get(struct arpreq *r, struct net_device *dev)
1102 __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr;
1103 struct neighbour *neigh;
1106 neigh = neigh_lookup(&arp_tbl, &ip, dev);
1108 read_lock_bh(&neigh->lock);
1109 memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len);
1110 r->arp_flags = arp_state_to_flags(neigh);
1111 read_unlock_bh(&neigh->lock);
1112 r->arp_ha.sa_family = dev->type;
1113 strlcpy(r->arp_dev, dev->name, sizeof(r->arp_dev));
1114 neigh_release(neigh);
1120 static int arp_invalidate(struct net_device *dev, __be32 ip)
1122 struct neighbour *neigh = neigh_lookup(&arp_tbl, &ip, dev);
1126 if (neigh->nud_state & ~NUD_NOARP)
1127 err = neigh_update(neigh, NULL, NUD_FAILED,
1128 NEIGH_UPDATE_F_OVERRIDE|
1129 NEIGH_UPDATE_F_ADMIN);
1130 neigh_release(neigh);
1136 static int arp_req_delete_public(struct net *net, struct arpreq *r,
1137 struct net_device *dev)
1139 __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr;
1140 __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr;
1142 if (mask == htonl(0xFFFFFFFF))
1143 return pneigh_delete(&arp_tbl, net, &ip, dev);
1148 return arp_req_set_proxy(net, dev, 0);
1151 static int arp_req_delete(struct net *net, struct arpreq *r,
1152 struct net_device *dev)
1156 if (r->arp_flags & ATF_PUBL)
1157 return arp_req_delete_public(net, r, dev);
1159 ip = ((struct sockaddr_in *)&r->arp_pa)->sin_addr.s_addr;
1161 struct rtable *rt = ip_route_output(net, ip, 0, RTO_ONLINK, 0);
1169 return arp_invalidate(dev, ip);
1173 * Handle an ARP layer I/O control request.
1176 int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1180 struct net_device *dev = NULL;
1185 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1188 err = copy_from_user(&r, arg, sizeof(struct arpreq));
1196 if (r.arp_pa.sa_family != AF_INET)
1197 return -EPFNOSUPPORT;
1199 if (!(r.arp_flags & ATF_PUBL) &&
1200 (r.arp_flags & (ATF_NETMASK | ATF_DONTPUB)))
1202 if (!(r.arp_flags & ATF_NETMASK))
1203 ((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr =
1204 htonl(0xFFFFFFFFUL);
1208 dev = __dev_get_by_name(net, r.arp_dev);
1212 /* Mmmm... It is wrong... ARPHRD_NETROM==0 */
1213 if (!r.arp_ha.sa_family)
1214 r.arp_ha.sa_family = dev->type;
1216 if ((r.arp_flags & ATF_COM) && r.arp_ha.sa_family != dev->type)
1218 } else if (cmd == SIOCGARP) {
1225 err = arp_req_delete(net, &r, dev);
1228 err = arp_req_set(net, &r, dev);
1231 err = arp_req_get(&r, dev);
1236 if (cmd == SIOCGARP && !err && copy_to_user(arg, &r, sizeof(r)))
1241 static int arp_netdev_event(struct notifier_block *this, unsigned long event,
1244 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1245 struct netdev_notifier_change_info *change_info;
1248 case NETDEV_CHANGEADDR:
1249 neigh_changeaddr(&arp_tbl, dev);
1250 rt_cache_flush(dev_net(dev));
1254 if (change_info->flags_changed & IFF_NOARP)
1255 neigh_changeaddr(&arp_tbl, dev);
1264 static struct notifier_block arp_netdev_notifier = {
1265 .notifier_call = arp_netdev_event,
1268 /* Note, that it is not on notifier chain.
1269 It is necessary, that this routine was called after route cache will be
1272 void arp_ifdown(struct net_device *dev)
1274 neigh_ifdown(&arp_tbl, dev);
1279 * Called once on startup.
1282 static struct packet_type arp_packet_type __read_mostly = {
1283 .type = cpu_to_be16(ETH_P_ARP),
1287 static int arp_proc_init(void);
1289 void __init arp_init(void)
1291 neigh_table_init(&arp_tbl);
1293 dev_add_pack(&arp_packet_type);
1295 #ifdef CONFIG_SYSCTL
1296 neigh_sysctl_register(NULL, &arp_tbl.parms, NULL);
1298 register_netdevice_notifier(&arp_netdev_notifier);
1301 #ifdef CONFIG_PROC_FS
1302 #if IS_ENABLED(CONFIG_AX25)
1304 /* ------------------------------------------------------------------------ */
1306 * ax25 -> ASCII conversion
1308 static char *ax2asc2(ax25_address *a, char *buf)
1313 for (n = 0, s = buf; n < 6; n++) {
1314 c = (a->ax25_call[n] >> 1) & 0x7F;
1321 n = (a->ax25_call[6] >> 1) & 0x0F;
1330 if (*buf == '\0' || *buf == '-')
1335 #endif /* CONFIG_AX25 */
1337 #define HBUFFERLEN 30
1339 static void arp_format_neigh_entry(struct seq_file *seq,
1340 struct neighbour *n)
1342 char hbuffer[HBUFFERLEN];
1345 struct net_device *dev = n->dev;
1346 int hatype = dev->type;
1348 read_lock(&n->lock);
1349 /* Convert hardware address to XX:XX:XX:XX ... form. */
1350 #if IS_ENABLED(CONFIG_AX25)
1351 if (hatype == ARPHRD_AX25 || hatype == ARPHRD_NETROM)
1352 ax2asc2((ax25_address *)n->ha, hbuffer);
1355 for (k = 0, j = 0; k < HBUFFERLEN - 3 && j < dev->addr_len; j++) {
1356 hbuffer[k++] = hex_asc_hi(n->ha[j]);
1357 hbuffer[k++] = hex_asc_lo(n->ha[j]);
1363 #if IS_ENABLED(CONFIG_AX25)
1366 sprintf(tbuf, "%pI4", n->primary_key);
1367 seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1368 tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1369 read_unlock(&n->lock);
1372 static void arp_format_pneigh_entry(struct seq_file *seq,
1373 struct pneigh_entry *n)
1375 struct net_device *dev = n->dev;
1376 int hatype = dev ? dev->type : 0;
1379 sprintf(tbuf, "%pI4", n->key);
1380 seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1381 tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1382 dev ? dev->name : "*");
1385 static int arp_seq_show(struct seq_file *seq, void *v)
1387 if (v == SEQ_START_TOKEN) {
1388 seq_puts(seq, "IP address HW type Flags "
1389 "HW address Mask Device\n");
1391 struct neigh_seq_state *state = seq->private;
1393 if (state->flags & NEIGH_SEQ_IS_PNEIGH)
1394 arp_format_pneigh_entry(seq, v);
1396 arp_format_neigh_entry(seq, v);
1402 static void *arp_seq_start(struct seq_file *seq, loff_t *pos)
1404 /* Don't want to confuse "arp -a" w/ magic entries,
1405 * so we tell the generic iterator to skip NUD_NOARP.
1407 return neigh_seq_start(seq, pos, &arp_tbl, NEIGH_SEQ_SKIP_NOARP);
1410 /* ------------------------------------------------------------------------ */
1412 static const struct seq_operations arp_seq_ops = {
1413 .start = arp_seq_start,
1414 .next = neigh_seq_next,
1415 .stop = neigh_seq_stop,
1416 .show = arp_seq_show,
1419 static int arp_seq_open(struct inode *inode, struct file *file)
1421 return seq_open_net(inode, file, &arp_seq_ops,
1422 sizeof(struct neigh_seq_state));
1425 static const struct file_operations arp_seq_fops = {
1426 .owner = THIS_MODULE,
1427 .open = arp_seq_open,
1429 .llseek = seq_lseek,
1430 .release = seq_release_net,
1434 static int __net_init arp_net_init(struct net *net)
1436 if (!proc_create("arp", S_IRUGO, net->proc_net, &arp_seq_fops))
1441 static void __net_exit arp_net_exit(struct net *net)
1443 remove_proc_entry("arp", net->proc_net);
1446 static struct pernet_operations arp_net_ops = {
1447 .init = arp_net_init,
1448 .exit = arp_net_exit,
1451 static int __init arp_proc_init(void)
1453 return register_pernet_subsys(&arp_net_ops);
1456 #else /* CONFIG_PROC_FS */
1458 static int __init arp_proc_init(void)
1463 #endif /* CONFIG_PROC_FS */
projects / ~andy / linux / blob