[PATCH linux-2.6.17-rc1] net: fix neigh_delete to handle mult. tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The neigh_delete assumes that there is only one table with the desired
protocol family for the address being deleted.  This assumption is not
always valid.  For example, in a kernel configured with both the
typical Ethernet configuration (CONFIG_NET_ETHERNET=y etc.) as well
as ATM (CONFIG_ATM=y and CONFIG_ATM_CLIP=y), there are two tables, namely arp_tbl and clip_tbl, both with family AF_INET.

The problem fixed by this patch is that the "for" loop in neigh_delete
will not iterate further once it finds one table with a matching family.
The code changes refactor neigh_delete such that it will continue
to iterate through the neighbor tables until it finds a match or finishes the tables.

To see the symptom of the problem, you must have a kernel with more
than one AF_INET transport configured, then try to delete a neighbor
table entry.  The delete will fail with EINVAL.  For example:

   [root@bonefish ~]# ip neigh list dev eth4
   192.168.4.24 lladdr 00:90:fb:a1:07:2f nud reachable
   [root@bonefish ~]# ip neigh delete 192.168.4.24 dev eth4
   RTNETLINK answers: Invalid argument
   [root@bonefish ~]# ip neigh list dev eth4
   192.168.4.24 lladdr 00:90:fb:a1:07:2f nud reachable

One side effect of this change is that neigh_lookup is now called while
a read lock is held on neigh_tbl_lock.  neigh_lookup does take read
locks on the tbl->lock set.  However, this does not introduce any new lock
order dependencies, since we already have that precedent set in the
neightbl_set function.

Signed-off-by: Don Law <[email protected]>

---

I have built this patch against the 2.6.17-rc1 kernel.

I tested this patch with the simple test case described above, plus let
it run for a few days on the box to make sure it behaves OK.  I also
verified that I can properly delete IPV6 neighbor entries.


--- linux-2.6.17-rc1/net/core/neighbour.c.orig  2006-04-11 16:28:10.000000000 -0
400
+++ linux-2.6.17-rc1/net/core/neighbour.c       2006-04-13 10:01:19.000000000 -0
400
@@ -1430,48 +1430,54 @@ int neigh_delete(struct sk_buff *skb, st
       struct rtattr **nda = arg;
       struct neigh_table *tbl;
       struct net_device *dev = NULL;
-       int err = -ENODEV;
+       int err;

       if (ndm->ndm_ifindex &&
-           (dev = dev_get_by_index(ndm->ndm_ifindex)) == NULL)
-               goto out;
+                       (dev = dev_get_by_index(ndm->ndm_ifindex)) == NULL)
+               return -ENODEV;

       read_lock(&neigh_tbl_lock);
-       for (tbl = neigh_tables; tbl; tbl = tbl->next) {
+       for (tbl = neigh_tables; ; tbl = tbl->next) {
               struct rtattr *dst_attr = nda[NDA_DST - 1];
               struct neighbour *n;

+               if (!tbl) {
+                       read_unlock(&neigh_tbl_lock);
+                       err = -EADDRNOTAVAIL;
+                       break;
+               }
               if (tbl->family != ndm->ndm_family)
                       continue;
-               read_unlock(&neigh_tbl_lock);

               err = -EINVAL;
-               if (!dst_attr || RTA_PAYLOAD(dst_attr) < tbl->key_len)
-                       goto out_dev_put;
+               if (!dst_attr || RTA_PAYLOAD(dst_attr) < tbl->key_len) {
+                       read_unlock(&neigh_tbl_lock);
+                       break;
+               }

               if (ndm->ndm_flags & NTF_PROXY) {
+                       read_unlock(&neigh_tbl_lock);
                       err = pneigh_delete(tbl, RTA_DATA(dst_attr), dev);
-                       goto out_dev_put;
+                       break;
               }

-               if (!dev)
-                       goto out;
+               if (!dev) {
+                       read_unlock(&neigh_tbl_lock);
+                       break;
+               }

               n = neigh_lookup(tbl, RTA_DATA(dst_attr), dev);
               if (n) {
- err = neigh_update(n, NULL, NUD_FAILED, + read_unlock(&neigh_tbl_lock);
+                       err = neigh_update(n, NULL, NUD_FAILED,
                                          NEIGH_UPDATE_F_OVERRIDE|
                                          NEIGH_UPDATE_F_ADMIN);
                       neigh_release(n);
+                       break;
               }
-               goto out_dev_put;
       }
-       read_unlock(&neigh_tbl_lock);
-       err = -EADDRNOTAVAIL;
-out_dev_put:
       if (dev)
               dev_put(dev);
-out:
       return err;
}


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux