[PATCH net-next 7/7] neighbor: Add extack messages for add and delete commands

David Ahern Wed, 05 Dec 2018 15:34:07 -0800

From: David Ahern <dsah...@gmail.com>

    Add extack messages for failures in neigh_add and neigh_delete.


    Also, require NDA_DST length to be exactly the key length for the
    table otherwise it is an unexpected address and can lead to unexpected
    entries. e.g., IPv4 table sent and IPv6 address (using a modified ip):
        $ ip neigh add 2001:db8:1::1 dev foo
        $ ip neigh ls dev foo
        32.1.13.184 dev foo lladdr 72:ed:f1:d9:20:9a PERMANENT

Signed-off-by: David Ahern <dsah...@gmail.com>
---
 net/core/neighbour.c | 55 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 16 deletions(-)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index e324467e9a71..916a99fbb306 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1132,8 +1132,9 @@ static void neigh_update_hhs(struct neighbour *neigh)
    Caller MUST hold reference count on the entry.
  */
 
-int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
-                u32 flags, u32 nlmsg_pid)
+static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
+                         u8 new, u32 flags, u32 nlmsg_pid,
+                         struct netlink_ext_ack *extack)
 {
        u8 old;
        int err;
@@ -1150,8 +1151,10 @@ int neigh_update(struct neighbour *neigh, const u8 
*lladdr, u8 new,
        if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
            (old & (NUD_NOARP | NUD_PERMANENT)))
                goto out;
-       if (neigh->dead)
+       if (neigh->dead) {
+               NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
                goto out;
+       }
 
        neigh_update_ext_learned(neigh, flags, &notify);
 
@@ -1188,8 +1191,10 @@ int neigh_update(struct neighbour *neigh, const u8 
*lladdr, u8 new,
                   use it, otherwise discard the request.
                 */
                err = -EINVAL;
-               if (!(old & NUD_VALID))
+               if (!(old & NUD_VALID)) {
+                       NL_SET_ERR_MSG(extack, "No link layer address given");
                        goto out;
+               }
                lladdr = neigh->ha;
        }
 
@@ -1302,6 +1307,12 @@ int neigh_update(struct neighbour *neigh, const u8 
*lladdr, u8 new,
 
        return err;
 }
+
+int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
+                u32 flags, u32 nlmsg_pid)
+{
+       return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
+}
 EXPORT_SYMBOL(neigh_update);
 
 /* Update the neigh to listen temporarily for probe responses, even if it is
@@ -1673,8 +1684,10 @@ static int neigh_delete(struct sk_buff *skb, struct 
nlmsghdr *nlh,
                goto out;
 
        dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
-       if (dst_attr == NULL)
+       if (!dst_attr) {
+               NL_SET_ERR_MSG(extack, "Network address not specified");
                goto out;
+       }
 
        ndm = nlmsg_data(nlh);
        if (ndm->ndm_ifindex) {
@@ -1689,8 +1702,10 @@ static int neigh_delete(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        if (tbl == NULL)
                return -EAFNOSUPPORT;
 
-       if (nla_len(dst_attr) < (int)tbl->key_len)
+       if (nla_len(dst_attr) < (int)tbl->key_len) {
+               NL_SET_ERR_MSG(extack, "Invalid network address");
                goto out;
+       }
 
        if (ndm->ndm_flags & NTF_PROXY) {
                err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
@@ -1706,10 +1721,9 @@ static int neigh_delete(struct sk_buff *skb, struct 
nlmsghdr *nlh,
                goto out;
        }
 
-       err = neigh_update(neigh, NULL, NUD_FAILED,
-                          NEIGH_UPDATE_F_OVERRIDE |
-                          NEIGH_UPDATE_F_ADMIN,
-                          NETLINK_CB(skb).portid);
+       err = __neigh_update(neigh, NULL, NUD_FAILED,
+                            NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN,
+                            NETLINK_CB(skb).portid, extack);
        write_lock_bh(&tbl->lock);
        neigh_release(neigh);
        neigh_remove_one(neigh, tbl);
@@ -1739,8 +1753,10 @@ static int neigh_add(struct sk_buff *skb, struct 
nlmsghdr *nlh,
                goto out;
 
        err = -EINVAL;
-       if (tb[NDA_DST] == NULL)
+       if (!tb[NDA_DST]) {
+               NL_SET_ERR_MSG(extack, "Network address not specified");
                goto out;
+       }
 
        ndm = nlmsg_data(nlh);
        if (ndm->ndm_ifindex) {
@@ -1750,16 +1766,21 @@ static int neigh_add(struct sk_buff *skb, struct 
nlmsghdr *nlh,
                        goto out;
                }
 
-               if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len)
+               if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
+                       NL_SET_ERR_MSG(extack, "Invalid link address");
                        goto out;
+               }
        }
 
        tbl = neigh_find_table(ndm->ndm_family);
        if (tbl == NULL)
                return -EAFNOSUPPORT;
 
-       if (nla_len(tb[NDA_DST]) < (int)tbl->key_len)
+       if (nla_len(tb[NDA_DST]) != (int)tbl->key_len) {
+               NL_SET_ERR_MSG(extack, "Invalid network address");
                goto out;
+       }
+
        dst = nla_data(tb[NDA_DST]);
        lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
 
@@ -1775,8 +1796,10 @@ static int neigh_add(struct sk_buff *skb, struct 
nlmsghdr *nlh,
                goto out;
        }
 
-       if (dev == NULL)
+       if (!dev) {
+               NL_SET_ERR_MSG(extack, "Device not specified");
                goto out;
+       }
 
        neigh = neigh_lookup(tbl, dst, dev);
        if (neigh == NULL) {
@@ -1812,8 +1835,8 @@ static int neigh_add(struct sk_buff *skb, struct nlmsghdr 
*nlh,
                neigh_event_send(neigh, NULL);
                err = 0;
        } else
-               err = neigh_update(neigh, lladdr, ndm->ndm_state, flags,
-                                  NETLINK_CB(skb).portid);
+               err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
+                                    NETLINK_CB(skb).portid, extack);
        neigh_release(neigh);
 
 out:
-- 
2.11.0

[PATCH net-next 7/7] neighbor: Add extack messages for add and delete commands

Reply via email to