2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/dst_metadata.h>
95 #include <net/net_namespace.h>
96 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/inetpeer.h>
100 #include <net/sock.h>
101 #include <net/ip_fib.h>
104 #include <net/icmp.h>
105 #include <net/xfrm.h>
106 #include <net/lwtunnel.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
110 #include <linux/sysctl.h>
111 #include <linux/kmemleak.h>
113 #include <net/secure_seq.h>
114 #include <net/ip_tunnels.h>
115 #include <net/l3mdev.h>
117 #define RT_FL_TOS(oldflp4) \
118 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
120 #define RT_GC_TIMEOUT (300*HZ)
122 static int ip_rt_max_size;
123 static int ip_rt_redirect_number __read_mostly = 9;
124 static int ip_rt_redirect_load __read_mostly = HZ / 50;
125 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
126 static int ip_rt_error_cost __read_mostly = HZ;
127 static int ip_rt_error_burst __read_mostly = 5 * HZ;
128 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
129 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
130 static int ip_rt_min_advmss __read_mostly = 256;
133 * Interface to generic destination cache.
136 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
137 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
138 static unsigned int ipv4_mtu(const struct dst_entry *dst);
139 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
140 static void ipv4_link_failure(struct sk_buff *skb);
141 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb, u32 mtu);
143 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
144 struct sk_buff *skb);
145 static void ipv4_dst_destroy(struct dst_entry *dst);
147 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
153 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
157 static struct dst_ops ipv4_dst_ops = {
159 .check = ipv4_dst_check,
160 .default_advmss = ipv4_default_advmss,
162 .cow_metrics = ipv4_cow_metrics,
163 .destroy = ipv4_dst_destroy,
164 .negative_advice = ipv4_negative_advice,
165 .link_failure = ipv4_link_failure,
166 .update_pmtu = ip_rt_update_pmtu,
167 .redirect = ip_do_redirect,
168 .local_out = __ip_local_out,
169 .neigh_lookup = ipv4_neigh_lookup,
172 #define ECN_OR_COST(class) TC_PRIO_##class
174 const __u8 ip_tos2prio[16] = {
176 ECN_OR_COST(BESTEFFORT),
178 ECN_OR_COST(BESTEFFORT),
184 ECN_OR_COST(INTERACTIVE),
186 ECN_OR_COST(INTERACTIVE),
187 TC_PRIO_INTERACTIVE_BULK,
188 ECN_OR_COST(INTERACTIVE_BULK),
189 TC_PRIO_INTERACTIVE_BULK,
190 ECN_OR_COST(INTERACTIVE_BULK)
192 EXPORT_SYMBOL(ip_tos2prio);
194 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
195 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
197 #ifdef CONFIG_PROC_FS
198 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
202 return SEQ_START_TOKEN;
205 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
211 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
215 static int rt_cache_seq_show(struct seq_file *seq, void *v)
217 if (v == SEQ_START_TOKEN)
218 seq_printf(seq, "%-127s\n",
219 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
220 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
225 static const struct seq_operations rt_cache_seq_ops = {
226 .start = rt_cache_seq_start,
227 .next = rt_cache_seq_next,
228 .stop = rt_cache_seq_stop,
229 .show = rt_cache_seq_show,
232 static int rt_cache_seq_open(struct inode *inode, struct file *file)
234 return seq_open(file, &rt_cache_seq_ops);
237 static const struct file_operations rt_cache_seq_fops = {
238 .owner = THIS_MODULE,
239 .open = rt_cache_seq_open,
242 .release = seq_release,
246 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
251 return SEQ_START_TOKEN;
253 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
254 if (!cpu_possible(cpu))
257 return &per_cpu(rt_cache_stat, cpu);
262 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
266 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
267 if (!cpu_possible(cpu))
270 return &per_cpu(rt_cache_stat, cpu);
276 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
281 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
283 struct rt_cache_stat *st = v;
285 if (v == SEQ_START_TOKEN) {
286 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
290 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
291 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
292 dst_entries_get_slow(&ipv4_dst_ops),
305 0, /* st->gc_total */
306 0, /* st->gc_ignored */
307 0, /* st->gc_goal_miss */
308 0, /* st->gc_dst_overflow */
309 0, /* st->in_hlist_search */
310 0 /* st->out_hlist_search */
315 static const struct seq_operations rt_cpu_seq_ops = {
316 .start = rt_cpu_seq_start,
317 .next = rt_cpu_seq_next,
318 .stop = rt_cpu_seq_stop,
319 .show = rt_cpu_seq_show,
323 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
325 return seq_open(file, &rt_cpu_seq_ops);
328 static const struct file_operations rt_cpu_seq_fops = {
329 .owner = THIS_MODULE,
330 .open = rt_cpu_seq_open,
333 .release = seq_release,
336 #ifdef CONFIG_IP_ROUTE_CLASSID
337 static int rt_acct_proc_show(struct seq_file *m, void *v)
339 struct ip_rt_acct *dst, *src;
342 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
346 for_each_possible_cpu(i) {
347 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
348 for (j = 0; j < 256; j++) {
349 dst[j].o_bytes += src[j].o_bytes;
350 dst[j].o_packets += src[j].o_packets;
351 dst[j].i_bytes += src[j].i_bytes;
352 dst[j].i_packets += src[j].i_packets;
356 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
361 static int rt_acct_proc_open(struct inode *inode, struct file *file)
363 return single_open(file, rt_acct_proc_show, NULL);
366 static const struct file_operations rt_acct_proc_fops = {
367 .owner = THIS_MODULE,
368 .open = rt_acct_proc_open,
371 .release = single_release,
375 static int __net_init ip_rt_do_proc_init(struct net *net)
377 struct proc_dir_entry *pde;
379 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
384 pde = proc_create("rt_cache", S_IRUGO,
385 net->proc_net_stat, &rt_cpu_seq_fops);
389 #ifdef CONFIG_IP_ROUTE_CLASSID
390 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
396 #ifdef CONFIG_IP_ROUTE_CLASSID
398 remove_proc_entry("rt_cache", net->proc_net_stat);
401 remove_proc_entry("rt_cache", net->proc_net);
406 static void __net_exit ip_rt_do_proc_exit(struct net *net)
408 remove_proc_entry("rt_cache", net->proc_net_stat);
409 remove_proc_entry("rt_cache", net->proc_net);
410 #ifdef CONFIG_IP_ROUTE_CLASSID
411 remove_proc_entry("rt_acct", net->proc_net);
415 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
416 .init = ip_rt_do_proc_init,
417 .exit = ip_rt_do_proc_exit,
420 static int __init ip_rt_proc_init(void)
422 return register_pernet_subsys(&ip_rt_proc_ops);
426 static inline int ip_rt_proc_init(void)
430 #endif /* CONFIG_PROC_FS */
432 static inline bool rt_is_expired(const struct rtable *rth)
434 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
437 void rt_cache_flush(struct net *net)
439 rt_genid_bump_ipv4(net);
442 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
446 struct net_device *dev = dst->dev;
447 const __be32 *pkey = daddr;
448 const struct rtable *rt;
451 rt = (const struct rtable *) dst;
453 pkey = (const __be32 *) &rt->rt_gateway;
455 pkey = &ip_hdr(skb)->daddr;
457 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
460 return neigh_create(&arp_tbl, pkey, dev);
463 #define IP_IDENTS_SZ 2048u
465 static atomic_t *ip_idents __read_mostly;
466 static u32 *ip_tstamps __read_mostly;
468 /* In order to protect privacy, we add a perturbation to identifiers
469 * if one generator is seldom used. This makes hard for an attacker
470 * to infer how many packets were sent between two points in time.
472 u32 ip_idents_reserve(u32 hash, int segs)
474 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
475 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
476 u32 old = ACCESS_ONCE(*p_tstamp);
477 u32 now = (u32)jiffies;
480 if (old != now && cmpxchg(p_tstamp, old, now) == old)
481 delta = prandom_u32_max(now - old);
483 return atomic_add_return(segs + delta, p_id) - segs;
485 EXPORT_SYMBOL(ip_idents_reserve);
487 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
489 static u32 ip_idents_hashrnd __read_mostly;
492 net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
494 hash = jhash_3words((__force u32)iph->daddr,
495 (__force u32)iph->saddr,
496 iph->protocol ^ net_hash_mix(net),
498 id = ip_idents_reserve(hash, segs);
501 EXPORT_SYMBOL(__ip_select_ident);
503 static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk,
504 const struct iphdr *iph,
506 u8 prot, u32 mark, int flow_flags)
509 const struct inet_sock *inet = inet_sk(sk);
511 oif = sk->sk_bound_dev_if;
513 tos = RT_CONN_FLAGS(sk);
514 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
516 flowi4_init_output(fl4, oif, mark, tos,
517 RT_SCOPE_UNIVERSE, prot,
519 iph->daddr, iph->saddr, 0, 0);
522 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
523 const struct sock *sk)
525 const struct iphdr *iph = ip_hdr(skb);
526 int oif = skb->dev->ifindex;
527 u8 tos = RT_TOS(iph->tos);
528 u8 prot = iph->protocol;
529 u32 mark = skb->mark;
531 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
534 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
536 const struct inet_sock *inet = inet_sk(sk);
537 const struct ip_options_rcu *inet_opt;
538 __be32 daddr = inet->inet_daddr;
541 inet_opt = rcu_dereference(inet->inet_opt);
542 if (inet_opt && inet_opt->opt.srr)
543 daddr = inet_opt->opt.faddr;
544 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
545 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
546 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
547 inet_sk_flowi_flags(sk),
548 daddr, inet->inet_saddr, 0, 0);
552 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
553 const struct sk_buff *skb)
556 build_skb_flow_key(fl4, skb, sk);
558 build_sk_flow_key(fl4, sk);
561 static inline void rt_free(struct rtable *rt)
563 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
566 static DEFINE_SPINLOCK(fnhe_lock);
568 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
572 rt = rcu_dereference(fnhe->fnhe_rth_input);
574 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
577 rt = rcu_dereference(fnhe->fnhe_rth_output);
579 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
584 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
586 struct fib_nh_exception *fnhe, *oldest;
588 oldest = rcu_dereference(hash->chain);
589 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
590 fnhe = rcu_dereference(fnhe->fnhe_next)) {
591 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
594 fnhe_flush_routes(oldest);
598 static inline u32 fnhe_hashfun(__be32 daddr)
600 static u32 fnhe_hashrnd __read_mostly;
603 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
604 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
605 return hash_32(hval, FNHE_HASH_SHIFT);
608 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
610 rt->rt_pmtu = fnhe->fnhe_pmtu;
611 rt->dst.expires = fnhe->fnhe_expires;
614 rt->rt_flags |= RTCF_REDIRECTED;
615 rt->rt_gateway = fnhe->fnhe_gw;
616 rt->rt_uses_gateway = 1;
620 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
621 u32 pmtu, unsigned long expires)
623 struct fnhe_hash_bucket *hash;
624 struct fib_nh_exception *fnhe;
628 u32 hval = fnhe_hashfun(daddr);
630 spin_lock_bh(&fnhe_lock);
632 hash = rcu_dereference(nh->nh_exceptions);
634 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
637 rcu_assign_pointer(nh->nh_exceptions, hash);
643 for (fnhe = rcu_dereference(hash->chain); fnhe;
644 fnhe = rcu_dereference(fnhe->fnhe_next)) {
645 if (fnhe->fnhe_daddr == daddr)
654 fnhe->fnhe_pmtu = pmtu;
655 fnhe->fnhe_expires = max(1UL, expires);
657 /* Update all cached dsts too */
658 rt = rcu_dereference(fnhe->fnhe_rth_input);
660 fill_route_from_fnhe(rt, fnhe);
661 rt = rcu_dereference(fnhe->fnhe_rth_output);
663 fill_route_from_fnhe(rt, fnhe);
665 if (depth > FNHE_RECLAIM_DEPTH)
666 fnhe = fnhe_oldest(hash);
668 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
672 fnhe->fnhe_next = hash->chain;
673 rcu_assign_pointer(hash->chain, fnhe);
675 fnhe->fnhe_genid = fnhe_genid(dev_net(nh->nh_dev));
676 fnhe->fnhe_daddr = daddr;
678 fnhe->fnhe_pmtu = pmtu;
679 fnhe->fnhe_expires = expires;
681 /* Exception created; mark the cached routes for the nexthop
682 * stale, so anyone caching it rechecks if this exception
685 rt = rcu_dereference(nh->nh_rth_input);
687 rt->dst.obsolete = DST_OBSOLETE_KILL;
689 for_each_possible_cpu(i) {
690 struct rtable __rcu **prt;
691 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
692 rt = rcu_dereference(*prt);
694 rt->dst.obsolete = DST_OBSOLETE_KILL;
698 fnhe->fnhe_stamp = jiffies;
701 spin_unlock_bh(&fnhe_lock);
704 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
707 __be32 new_gw = icmp_hdr(skb)->un.gateway;
708 __be32 old_gw = ip_hdr(skb)->saddr;
709 struct net_device *dev = skb->dev;
710 struct in_device *in_dev;
711 struct fib_result res;
715 switch (icmp_hdr(skb)->code & 7) {
717 case ICMP_REDIR_NETTOS:
718 case ICMP_REDIR_HOST:
719 case ICMP_REDIR_HOSTTOS:
726 if (rt->rt_gateway != old_gw)
729 in_dev = __in_dev_get_rcu(dev);
734 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
735 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
736 ipv4_is_zeronet(new_gw))
737 goto reject_redirect;
739 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
740 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
741 goto reject_redirect;
742 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
743 goto reject_redirect;
745 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
746 goto reject_redirect;
749 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
751 if (!(n->nud_state & NUD_VALID)) {
752 neigh_event_send(n, NULL);
754 if (fib_lookup(net, fl4, &res, 0) == 0) {
755 struct fib_nh *nh = &FIB_RES_NH(res);
757 update_or_create_fnhe(nh, fl4->daddr, new_gw,
761 rt->dst.obsolete = DST_OBSOLETE_KILL;
762 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
769 #ifdef CONFIG_IP_ROUTE_VERBOSE
770 if (IN_DEV_LOG_MARTIANS(in_dev)) {
771 const struct iphdr *iph = (const struct iphdr *) skb->data;
772 __be32 daddr = iph->daddr;
773 __be32 saddr = iph->saddr;
775 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
776 " Advised path = %pI4 -> %pI4\n",
777 &old_gw, dev->name, &new_gw,
784 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
788 const struct iphdr *iph = (const struct iphdr *) skb->data;
789 int oif = skb->dev->ifindex;
790 u8 tos = RT_TOS(iph->tos);
791 u8 prot = iph->protocol;
792 u32 mark = skb->mark;
794 rt = (struct rtable *) dst;
796 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
797 __ip_do_redirect(rt, skb, &fl4, true);
800 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
802 struct rtable *rt = (struct rtable *)dst;
803 struct dst_entry *ret = dst;
806 if (dst->obsolete > 0) {
809 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
820 * 1. The first ip_rt_redirect_number redirects are sent
821 * with exponential backoff, then we stop sending them at all,
822 * assuming that the host ignores our redirects.
823 * 2. If we did not see packets requiring redirects
824 * during ip_rt_redirect_silence, we assume that the host
825 * forgot redirected route and start to send redirects again.
827 * This algorithm is much cheaper and more intelligent than dumb load limiting
830 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
831 * and "frag. need" (breaks PMTU discovery) in icmp.c.
834 void ip_rt_send_redirect(struct sk_buff *skb)
836 struct rtable *rt = skb_rtable(skb);
837 struct in_device *in_dev;
838 struct inet_peer *peer;
844 in_dev = __in_dev_get_rcu(rt->dst.dev);
845 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
849 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
850 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
853 net = dev_net(rt->dst.dev);
854 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
856 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
857 rt_nexthop(rt, ip_hdr(skb)->daddr));
861 /* No redirected packets during ip_rt_redirect_silence;
862 * reset the algorithm.
864 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
865 peer->rate_tokens = 0;
867 /* Too many ignored redirects; do not send anything
868 * set dst.rate_last to the last seen redirected packet.
870 if (peer->rate_tokens >= ip_rt_redirect_number) {
871 peer->rate_last = jiffies;
875 /* Check for load limit; set rate_last to the latest sent
878 if (peer->rate_tokens == 0 ||
881 (ip_rt_redirect_load << peer->rate_tokens)))) {
882 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
884 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
885 peer->rate_last = jiffies;
887 #ifdef CONFIG_IP_ROUTE_VERBOSE
889 peer->rate_tokens == ip_rt_redirect_number)
890 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
891 &ip_hdr(skb)->saddr, inet_iif(skb),
892 &ip_hdr(skb)->daddr, &gw);
899 static int ip_error(struct sk_buff *skb)
901 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
902 struct rtable *rt = skb_rtable(skb);
903 struct inet_peer *peer;
909 /* IP on this device is disabled. */
913 net = dev_net(rt->dst.dev);
914 if (!IN_DEV_FORWARD(in_dev)) {
915 switch (rt->dst.error) {
917 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
921 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
927 switch (rt->dst.error) {
932 code = ICMP_HOST_UNREACH;
935 code = ICMP_NET_UNREACH;
936 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
939 code = ICMP_PKT_FILTERED;
943 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
944 l3mdev_master_ifindex(skb->dev), 1);
949 peer->rate_tokens += now - peer->rate_last;
950 if (peer->rate_tokens > ip_rt_error_burst)
951 peer->rate_tokens = ip_rt_error_burst;
952 peer->rate_last = now;
953 if (peer->rate_tokens >= ip_rt_error_cost)
954 peer->rate_tokens -= ip_rt_error_cost;
960 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
966 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
968 struct dst_entry *dst = &rt->dst;
969 struct fib_result res;
971 if (dst_metric_locked(dst, RTAX_MTU))
974 if (ipv4_mtu(dst) < mtu)
977 if (mtu < ip_rt_min_pmtu)
978 mtu = ip_rt_min_pmtu;
980 if (rt->rt_pmtu == mtu &&
981 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
985 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
986 struct fib_nh *nh = &FIB_RES_NH(res);
988 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
989 jiffies + ip_rt_mtu_expires);
994 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
995 struct sk_buff *skb, u32 mtu)
997 struct rtable *rt = (struct rtable *) dst;
1000 ip_rt_build_flow_key(&fl4, sk, skb);
1001 __ip_rt_update_pmtu(rt, &fl4, mtu);
1004 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1005 int oif, u32 mark, u8 protocol, int flow_flags)
1007 const struct iphdr *iph = (const struct iphdr *) skb->data;
1012 mark = IP4_REPLY_MARK(net, skb->mark);
1014 __build_flow_key(&fl4, NULL, iph, oif,
1015 RT_TOS(iph->tos), protocol, mark, flow_flags);
1016 rt = __ip_route_output_key(net, &fl4);
1018 __ip_rt_update_pmtu(rt, &fl4, mtu);
1022 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1024 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1026 const struct iphdr *iph = (const struct iphdr *) skb->data;
1030 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1032 if (!fl4.flowi4_mark)
1033 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1035 rt = __ip_route_output_key(sock_net(sk), &fl4);
1037 __ip_rt_update_pmtu(rt, &fl4, mtu);
1042 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1044 const struct iphdr *iph = (const struct iphdr *) skb->data;
1047 struct dst_entry *odst = NULL;
1052 if (!ip_sk_accept_pmtu(sk))
1055 odst = sk_dst_get(sk);
1057 if (sock_owned_by_user(sk) || !odst) {
1058 __ipv4_sk_update_pmtu(skb, sk, mtu);
1062 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1064 rt = (struct rtable *)odst;
1065 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1066 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1073 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1075 if (!dst_check(&rt->dst, 0)) {
1077 dst_release(&rt->dst);
1079 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1087 sk_dst_set(sk, &rt->dst);
1093 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1095 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1096 int oif, u32 mark, u8 protocol, int flow_flags)
1098 const struct iphdr *iph = (const struct iphdr *) skb->data;
1102 __build_flow_key(&fl4, NULL, iph, oif,
1103 RT_TOS(iph->tos), protocol, mark, flow_flags);
1104 rt = __ip_route_output_key(net, &fl4);
1106 __ip_do_redirect(rt, skb, &fl4, false);
1110 EXPORT_SYMBOL_GPL(ipv4_redirect);
1112 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1114 const struct iphdr *iph = (const struct iphdr *) skb->data;
1118 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1119 rt = __ip_route_output_key(sock_net(sk), &fl4);
1121 __ip_do_redirect(rt, skb, &fl4, false);
1125 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1127 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1129 struct rtable *rt = (struct rtable *) dst;
1131 /* All IPV4 dsts are created with ->obsolete set to the value
1132 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1133 * into this function always.
1135 * When a PMTU/redirect information update invalidates a route,
1136 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1137 * DST_OBSOLETE_DEAD by dst_free().
1139 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1144 static void ipv4_link_failure(struct sk_buff *skb)
1148 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1150 rt = skb_rtable(skb);
1152 dst_set_expires(&rt->dst, 0);
1155 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1157 pr_debug("%s: %pI4 -> %pI4, %s\n",
1158 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1159 skb->dev ? skb->dev->name : "?");
1166 We do not cache source address of outgoing interface,
1167 because it is used only by IP RR, TS and SRR options,
1168 so that it out of fast path.
1170 BTW remember: "addr" is allowed to be not aligned
1174 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1178 if (rt_is_output_route(rt))
1179 src = ip_hdr(skb)->saddr;
1181 struct fib_result res;
1187 memset(&fl4, 0, sizeof(fl4));
1188 fl4.daddr = iph->daddr;
1189 fl4.saddr = iph->saddr;
1190 fl4.flowi4_tos = RT_TOS(iph->tos);
1191 fl4.flowi4_oif = rt->dst.dev->ifindex;
1192 fl4.flowi4_iif = skb->dev->ifindex;
1193 fl4.flowi4_mark = skb->mark;
1196 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1197 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1199 src = inet_select_addr(rt->dst.dev,
1200 rt_nexthop(rt, iph->daddr),
1204 memcpy(addr, &src, 4);
1207 #ifdef CONFIG_IP_ROUTE_CLASSID
1208 static void set_class_tag(struct rtable *rt, u32 tag)
1210 if (!(rt->dst.tclassid & 0xFFFF))
1211 rt->dst.tclassid |= tag & 0xFFFF;
1212 if (!(rt->dst.tclassid & 0xFFFF0000))
1213 rt->dst.tclassid |= tag & 0xFFFF0000;
1217 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1219 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1222 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1224 if (advmss > 65535 - 40)
1225 advmss = 65535 - 40;
1230 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1232 const struct rtable *rt = (const struct rtable *) dst;
1233 unsigned int mtu = rt->rt_pmtu;
1235 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1236 mtu = dst_metric_raw(dst, RTAX_MTU);
1241 mtu = dst->dev->mtu;
1243 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1244 if (rt->rt_uses_gateway && mtu > 576)
1248 return min_t(unsigned int, mtu, IP_MAX_MTU);
1251 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1253 struct fnhe_hash_bucket *hash = rcu_dereference(nh->nh_exceptions);
1254 struct fib_nh_exception *fnhe;
1260 hval = fnhe_hashfun(daddr);
1262 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1263 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1264 if (fnhe->fnhe_daddr == daddr)
1270 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1275 spin_lock_bh(&fnhe_lock);
1277 if (daddr == fnhe->fnhe_daddr) {
1278 struct rtable __rcu **porig;
1279 struct rtable *orig;
1280 int genid = fnhe_genid(dev_net(rt->dst.dev));
1282 if (rt_is_input_route(rt))
1283 porig = &fnhe->fnhe_rth_input;
1285 porig = &fnhe->fnhe_rth_output;
1286 orig = rcu_dereference(*porig);
1288 if (fnhe->fnhe_genid != genid) {
1289 fnhe->fnhe_genid = genid;
1291 fnhe->fnhe_pmtu = 0;
1292 fnhe->fnhe_expires = 0;
1293 fnhe_flush_routes(fnhe);
1296 fill_route_from_fnhe(rt, fnhe);
1297 if (!rt->rt_gateway)
1298 rt->rt_gateway = daddr;
1300 if (!(rt->dst.flags & DST_NOCACHE)) {
1301 rcu_assign_pointer(*porig, rt);
1307 fnhe->fnhe_stamp = jiffies;
1309 spin_unlock_bh(&fnhe_lock);
1314 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1316 struct rtable *orig, *prev, **p;
1319 if (rt_is_input_route(rt)) {
1320 p = (struct rtable **)&nh->nh_rth_input;
1322 p = (struct rtable **)raw_cpu_ptr(nh->nh_pcpu_rth_output);
1326 prev = cmpxchg(p, orig, rt);
1336 struct uncached_list {
1338 struct list_head head;
1341 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1343 static void rt_add_uncached_list(struct rtable *rt)
1345 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1347 rt->rt_uncached_list = ul;
1349 spin_lock_bh(&ul->lock);
1350 list_add_tail(&rt->rt_uncached, &ul->head);
1351 spin_unlock_bh(&ul->lock);
1354 static void ipv4_dst_destroy(struct dst_entry *dst)
1356 struct rtable *rt = (struct rtable *) dst;
1358 if (!list_empty(&rt->rt_uncached)) {
1359 struct uncached_list *ul = rt->rt_uncached_list;
1361 spin_lock_bh(&ul->lock);
1362 list_del(&rt->rt_uncached);
1363 spin_unlock_bh(&ul->lock);
1367 void rt_flush_dev(struct net_device *dev)
1369 struct net *net = dev_net(dev);
1373 for_each_possible_cpu(cpu) {
1374 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1376 spin_lock_bh(&ul->lock);
1377 list_for_each_entry(rt, &ul->head, rt_uncached) {
1378 if (rt->dst.dev != dev)
1380 rt->dst.dev = net->loopback_dev;
1381 dev_hold(rt->dst.dev);
1384 spin_unlock_bh(&ul->lock);
1388 static bool rt_cache_valid(const struct rtable *rt)
1391 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1395 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1396 const struct fib_result *res,
1397 struct fib_nh_exception *fnhe,
1398 struct fib_info *fi, u16 type, u32 itag)
1400 bool cached = false;
1403 struct fib_nh *nh = &FIB_RES_NH(*res);
1405 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1406 rt->rt_gateway = nh->nh_gw;
1407 rt->rt_uses_gateway = 1;
1409 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1410 #ifdef CONFIG_IP_ROUTE_CLASSID
1411 rt->dst.tclassid = nh->nh_tclassid;
1413 rt->dst.lwtstate = lwtstate_get(nh->nh_lwtstate);
1415 cached = rt_bind_exception(rt, fnhe, daddr);
1416 else if (!(rt->dst.flags & DST_NOCACHE))
1417 cached = rt_cache_route(nh, rt);
1418 if (unlikely(!cached)) {
1419 /* Routes we intend to cache in nexthop exception or
1420 * FIB nexthop have the DST_NOCACHE bit clear.
1421 * However, if we are unsuccessful at storing this
1422 * route into the cache we really need to set it.
1424 rt->dst.flags |= DST_NOCACHE;
1425 if (!rt->rt_gateway)
1426 rt->rt_gateway = daddr;
1427 rt_add_uncached_list(rt);
1430 rt_add_uncached_list(rt);
1432 #ifdef CONFIG_IP_ROUTE_CLASSID
1433 #ifdef CONFIG_IP_MULTIPLE_TABLES
1434 set_class_tag(rt, res->tclassid);
1436 set_class_tag(rt, itag);
1440 static struct rtable *rt_dst_alloc(struct net_device *dev,
1441 unsigned int flags, u16 type,
1442 bool nopolicy, bool noxfrm, bool will_cache)
1446 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1447 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1448 (nopolicy ? DST_NOPOLICY : 0) |
1449 (noxfrm ? DST_NOXFRM : 0));
1452 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1453 rt->rt_flags = flags;
1455 rt->rt_is_input = 0;
1459 rt->rt_uses_gateway = 0;
1460 rt->rt_table_id = 0;
1461 INIT_LIST_HEAD(&rt->rt_uncached);
1463 rt->dst.output = ip_output;
1464 if (flags & RTCF_LOCAL)
1465 rt->dst.input = ip_local_deliver;
1471 /* called in rcu_read_lock() section */
1472 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1473 u8 tos, struct net_device *dev, int our)
1476 struct in_device *in_dev = __in_dev_get_rcu(dev);
1477 unsigned int flags = RTCF_MULTICAST;
1481 /* Primary sanity checks. */
1486 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1487 skb->protocol != htons(ETH_P_IP))
1490 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1493 if (ipv4_is_zeronet(saddr)) {
1494 if (!ipv4_is_local_multicast(daddr))
1497 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1503 flags |= RTCF_LOCAL;
1505 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1506 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1510 #ifdef CONFIG_IP_ROUTE_CLASSID
1511 rth->dst.tclassid = itag;
1513 rth->dst.output = ip_rt_bug;
1514 rth->rt_is_input= 1;
1516 #ifdef CONFIG_IP_MROUTE
1517 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1518 rth->dst.input = ip_mr_input;
1520 RT_CACHE_STAT_INC(in_slow_mc);
1522 skb_dst_set(skb, &rth->dst);
1534 static void ip_handle_martian_source(struct net_device *dev,
1535 struct in_device *in_dev,
1536 struct sk_buff *skb,
1540 RT_CACHE_STAT_INC(in_martian_src);
1541 #ifdef CONFIG_IP_ROUTE_VERBOSE
1542 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1544 * RFC1812 recommendation, if source is martian,
1545 * the only hint is MAC header.
1547 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1548 &daddr, &saddr, dev->name);
1549 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1550 print_hex_dump(KERN_WARNING, "ll header: ",
1551 DUMP_PREFIX_OFFSET, 16, 1,
1552 skb_mac_header(skb),
1553 dev->hard_header_len, true);
1559 /* called in rcu_read_lock() section */
1560 static int __mkroute_input(struct sk_buff *skb,
1561 const struct fib_result *res,
1562 struct in_device *in_dev,
1563 __be32 daddr, __be32 saddr, u32 tos)
1565 struct fib_nh_exception *fnhe;
1568 struct in_device *out_dev;
1572 /* get a working reference to the output device */
1573 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1575 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1579 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1580 in_dev->dev, in_dev, &itag);
1582 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1588 do_cache = res->fi && !itag;
1589 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1590 skb->protocol == htons(ETH_P_IP) &&
1591 (IN_DEV_SHARED_MEDIA(out_dev) ||
1592 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1593 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1595 if (skb->protocol != htons(ETH_P_IP)) {
1596 /* Not IP (i.e. ARP). Do not create route, if it is
1597 * invalid for proxy arp. DNAT routes are always valid.
1599 * Proxy arp feature have been extended to allow, ARP
1600 * replies back to the same interface, to support
1601 * Private VLAN switch technologies. See arp.c.
1603 if (out_dev == in_dev &&
1604 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1610 fnhe = find_exception(&FIB_RES_NH(*res), daddr);
1613 rth = rcu_dereference(fnhe->fnhe_rth_input);
1615 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1617 if (rt_cache_valid(rth)) {
1618 skb_dst_set_noref(skb, &rth->dst);
1623 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1624 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1625 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1631 rth->rt_is_input = 1;
1633 rth->rt_table_id = res->table->tb_id;
1634 RT_CACHE_STAT_INC(in_slow_tot);
1636 rth->dst.input = ip_forward;
1638 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag);
1639 if (lwtunnel_output_redirect(rth->dst.lwtstate)) {
1640 rth->dst.lwtstate->orig_output = rth->dst.output;
1641 rth->dst.output = lwtunnel_output;
1643 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
1644 rth->dst.lwtstate->orig_input = rth->dst.input;
1645 rth->dst.input = lwtunnel_input;
1647 skb_dst_set(skb, &rth->dst);
1654 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1656 /* To make ICMP packets follow the right flow, the multipath hash is
1657 * calculated from the inner IP addresses in reverse order.
1659 static int ip_multipath_icmp_hash(struct sk_buff *skb)
1661 const struct iphdr *outer_iph = ip_hdr(skb);
1662 struct icmphdr _icmph;
1663 const struct icmphdr *icmph;
1664 struct iphdr _inner_iph;
1665 const struct iphdr *inner_iph;
1667 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1670 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1675 if (icmph->type != ICMP_DEST_UNREACH &&
1676 icmph->type != ICMP_REDIRECT &&
1677 icmph->type != ICMP_TIME_EXCEEDED &&
1678 icmph->type != ICMP_PARAMETERPROB) {
1682 inner_iph = skb_header_pointer(skb,
1683 outer_iph->ihl * 4 + sizeof(_icmph),
1684 sizeof(_inner_iph), &_inner_iph);
1688 return fib_multipath_hash(inner_iph->daddr, inner_iph->saddr);
1691 return fib_multipath_hash(outer_iph->saddr, outer_iph->daddr);
1694 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
1696 static int ip_mkroute_input(struct sk_buff *skb,
1697 struct fib_result *res,
1698 const struct flowi4 *fl4,
1699 struct in_device *in_dev,
1700 __be32 daddr, __be32 saddr, u32 tos)
1702 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1703 if (res->fi && res->fi->fib_nhs > 1) {
1706 if (unlikely(ip_hdr(skb)->protocol == IPPROTO_ICMP))
1707 h = ip_multipath_icmp_hash(skb);
1709 h = fib_multipath_hash(saddr, daddr);
1710 fib_select_multipath(res, h);
1714 /* create a routing cache entry */
1715 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1719 * NOTE. We drop all the packets that has local source
1720 * addresses, because every properly looped back packet
1721 * must have correct destination already attached by output routine.
1723 * Such approach solves two big problems:
1724 * 1. Not simplex devices are handled properly.
1725 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1726 * called with rcu_read_lock()
1729 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1730 u8 tos, struct net_device *dev)
1732 struct fib_result res;
1733 struct in_device *in_dev = __in_dev_get_rcu(dev);
1734 struct ip_tunnel_info *tun_info;
1736 unsigned int flags = 0;
1740 struct net *net = dev_net(dev);
1743 /* IP on this device is disabled. */
1748 /* Check for the most weird martians, which can be not detected
1752 tun_info = skb_tunnel_info(skb);
1753 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1754 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
1756 fl4.flowi4_tun_key.tun_id = 0;
1759 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1760 goto martian_source;
1764 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1767 /* Accept zero addresses only to limited broadcast;
1768 * I even do not know to fix it or not. Waiting for complains :-)
1770 if (ipv4_is_zeronet(saddr))
1771 goto martian_source;
1773 if (ipv4_is_zeronet(daddr))
1774 goto martian_destination;
1776 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1777 * and call it once if daddr or/and saddr are loopback addresses
1779 if (ipv4_is_loopback(daddr)) {
1780 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1781 goto martian_destination;
1782 } else if (ipv4_is_loopback(saddr)) {
1783 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1784 goto martian_source;
1788 * Now we are ready to route packet.
1791 fl4.flowi4_iif = l3mdev_fib_oif_rcu(dev);
1792 fl4.flowi4_mark = skb->mark;
1793 fl4.flowi4_tos = tos;
1794 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1795 fl4.flowi4_flags = 0;
1798 err = fib_lookup(net, &fl4, &res, 0);
1800 if (!IN_DEV_FORWARD(in_dev))
1801 err = -EHOSTUNREACH;
1805 if (res.type == RTN_BROADCAST)
1808 if (res.type == RTN_LOCAL) {
1809 err = fib_validate_source(skb, saddr, daddr, tos,
1810 0, dev, in_dev, &itag);
1812 goto martian_source;
1816 if (!IN_DEV_FORWARD(in_dev)) {
1817 err = -EHOSTUNREACH;
1820 if (res.type != RTN_UNICAST)
1821 goto martian_destination;
1823 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1827 if (skb->protocol != htons(ETH_P_IP))
1830 if (!ipv4_is_zeronet(saddr)) {
1831 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1834 goto martian_source;
1836 flags |= RTCF_BROADCAST;
1837 res.type = RTN_BROADCAST;
1838 RT_CACHE_STAT_INC(in_brd);
1844 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1845 if (rt_cache_valid(rth)) {
1846 skb_dst_set_noref(skb, &rth->dst);
1854 rth = rt_dst_alloc(net->loopback_dev, flags | RTCF_LOCAL, res.type,
1855 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1859 rth->dst.output= ip_rt_bug;
1860 #ifdef CONFIG_IP_ROUTE_CLASSID
1861 rth->dst.tclassid = itag;
1863 rth->rt_is_input = 1;
1865 rth->rt_table_id = res.table->tb_id;
1867 RT_CACHE_STAT_INC(in_slow_tot);
1868 if (res.type == RTN_UNREACHABLE) {
1869 rth->dst.input= ip_error;
1870 rth->dst.error= -err;
1871 rth->rt_flags &= ~RTCF_LOCAL;
1874 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1875 rth->dst.flags |= DST_NOCACHE;
1876 rt_add_uncached_list(rth);
1879 skb_dst_set(skb, &rth->dst);
1884 RT_CACHE_STAT_INC(in_no_route);
1885 res.type = RTN_UNREACHABLE;
1891 * Do not cache martian addresses: they should be logged (RFC1812)
1893 martian_destination:
1894 RT_CACHE_STAT_INC(in_martian_dst);
1895 #ifdef CONFIG_IP_ROUTE_VERBOSE
1896 if (IN_DEV_LOG_MARTIANS(in_dev))
1897 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1898 &daddr, &saddr, dev->name);
1910 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1914 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1915 u8 tos, struct net_device *dev)
1921 /* Multicast recognition logic is moved from route cache to here.
1922 The problem was that too many Ethernet cards have broken/missing
1923 hardware multicast filters :-( As result the host on multicasting
1924 network acquires a lot of useless route cache entries, sort of
1925 SDR messages from all the world. Now we try to get rid of them.
1926 Really, provided software IP multicast filter is organized
1927 reasonably (at least, hashed), it does not result in a slowdown
1928 comparing with route cache reject entries.
1929 Note, that multicast routers are not affected, because
1930 route cache entry is created eventually.
1932 if (ipv4_is_multicast(daddr)) {
1933 struct in_device *in_dev = __in_dev_get_rcu(dev);
1936 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1937 ip_hdr(skb)->protocol);
1939 #ifdef CONFIG_IP_MROUTE
1941 (!ipv4_is_local_multicast(daddr) &&
1942 IN_DEV_MFORWARD(in_dev))
1945 int res = ip_route_input_mc(skb, daddr, saddr,
1954 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1958 EXPORT_SYMBOL(ip_route_input_noref);
1960 /* called with rcu_read_lock() */
1961 static struct rtable *__mkroute_output(const struct fib_result *res,
1962 const struct flowi4 *fl4, int orig_oif,
1963 struct net_device *dev_out,
1966 struct fib_info *fi = res->fi;
1967 struct fib_nh_exception *fnhe;
1968 struct in_device *in_dev;
1969 u16 type = res->type;
1973 in_dev = __in_dev_get_rcu(dev_out);
1975 return ERR_PTR(-EINVAL);
1977 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1978 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1979 return ERR_PTR(-EINVAL);
1981 if (ipv4_is_lbcast(fl4->daddr))
1982 type = RTN_BROADCAST;
1983 else if (ipv4_is_multicast(fl4->daddr))
1984 type = RTN_MULTICAST;
1985 else if (ipv4_is_zeronet(fl4->daddr))
1986 return ERR_PTR(-EINVAL);
1988 if (dev_out->flags & IFF_LOOPBACK)
1989 flags |= RTCF_LOCAL;
1992 if (type == RTN_BROADCAST) {
1993 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1995 } else if (type == RTN_MULTICAST) {
1996 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1997 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1999 flags &= ~RTCF_LOCAL;
2002 /* If multicast route do not exist use
2003 * default one, but do not gateway in this case.
2006 if (fi && res->prefixlen < 4)
2011 do_cache &= fi != NULL;
2013 struct rtable __rcu **prth;
2014 struct fib_nh *nh = &FIB_RES_NH(*res);
2016 fnhe = find_exception(nh, fl4->daddr);
2018 prth = &fnhe->fnhe_rth_output;
2020 if (unlikely(fl4->flowi4_flags &
2021 FLOWI_FLAG_KNOWN_NH &&
2023 nh->nh_scope == RT_SCOPE_LINK))) {
2027 prth = raw_cpu_ptr(nh->nh_pcpu_rth_output);
2029 rth = rcu_dereference(*prth);
2030 if (rt_cache_valid(rth)) {
2031 dst_hold(&rth->dst);
2037 rth = rt_dst_alloc(dev_out, flags, type,
2038 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2039 IN_DEV_CONF_GET(in_dev, NOXFRM),
2042 return ERR_PTR(-ENOBUFS);
2044 rth->rt_iif = orig_oif ? : 0;
2046 rth->rt_table_id = res->table->tb_id;
2048 RT_CACHE_STAT_INC(out_slow_tot);
2050 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2051 if (flags & RTCF_LOCAL &&
2052 !(dev_out->flags & IFF_LOOPBACK)) {
2053 rth->dst.output = ip_mc_output;
2054 RT_CACHE_STAT_INC(out_slow_mc);
2056 #ifdef CONFIG_IP_MROUTE
2057 if (type == RTN_MULTICAST) {
2058 if (IN_DEV_MFORWARD(in_dev) &&
2059 !ipv4_is_local_multicast(fl4->daddr)) {
2060 rth->dst.input = ip_mr_input;
2061 rth->dst.output = ip_mc_output;
2067 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
2068 if (lwtunnel_output_redirect(rth->dst.lwtstate))
2069 rth->dst.output = lwtunnel_output;
2075 * Major route resolver routine.
2078 struct rtable *__ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2081 struct net_device *dev_out = NULL;
2082 __u8 tos = RT_FL_TOS(fl4);
2083 unsigned int flags = 0;
2084 struct fib_result res;
2087 int err = -ENETUNREACH;
2093 orig_oif = fl4->flowi4_oif;
2095 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2096 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2097 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2098 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2102 rth = ERR_PTR(-EINVAL);
2103 if (ipv4_is_multicast(fl4->saddr) ||
2104 ipv4_is_lbcast(fl4->saddr) ||
2105 ipv4_is_zeronet(fl4->saddr))
2108 /* I removed check for oif == dev_out->oif here.
2109 It was wrong for two reasons:
2110 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2111 is assigned to multiple interfaces.
2112 2. Moreover, we are allowed to send packets with saddr
2113 of another iface. --ANK
2116 if (fl4->flowi4_oif == 0 &&
2117 (ipv4_is_multicast(fl4->daddr) ||
2118 ipv4_is_lbcast(fl4->daddr))) {
2119 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2120 dev_out = __ip_dev_find(net, fl4->saddr, false);
2124 /* Special hack: user can direct multicasts
2125 and limited broadcast via necessary interface
2126 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2127 This hack is not just for fun, it allows
2128 vic,vat and friends to work.
2129 They bind socket to loopback, set ttl to zero
2130 and expect that it will work.
2131 From the viewpoint of routing cache they are broken,
2132 because we are not allowed to build multicast path
2133 with loopback source addr (look, routing cache
2134 cannot know, that ttl is zero, so that packet
2135 will not leave this host and route is valid).
2136 Luckily, this hack is good workaround.
2139 fl4->flowi4_oif = dev_out->ifindex;
2143 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2144 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2145 if (!__ip_dev_find(net, fl4->saddr, false))
2151 if (fl4->flowi4_oif) {
2152 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2153 rth = ERR_PTR(-ENODEV);
2157 /* RACE: Check return value of inet_select_addr instead. */
2158 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2159 rth = ERR_PTR(-ENETUNREACH);
2162 if (ipv4_is_local_multicast(fl4->daddr) ||
2163 ipv4_is_lbcast(fl4->daddr) ||
2164 fl4->flowi4_proto == IPPROTO_IGMP) {
2166 fl4->saddr = inet_select_addr(dev_out, 0,
2171 if (ipv4_is_multicast(fl4->daddr))
2172 fl4->saddr = inet_select_addr(dev_out, 0,
2174 else if (!fl4->daddr)
2175 fl4->saddr = inet_select_addr(dev_out, 0,
2179 rth = l3mdev_get_rtable(dev_out, fl4);
2185 fl4->daddr = fl4->saddr;
2187 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2188 dev_out = net->loopback_dev;
2189 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2190 res.type = RTN_LOCAL;
2191 flags |= RTCF_LOCAL;
2195 err = fib_lookup(net, fl4, &res, 0);
2199 if (fl4->flowi4_oif &&
2200 !netif_index_is_l3_master(net, fl4->flowi4_oif)) {
2201 /* Apparently, routing tables are wrong. Assume,
2202 that the destination is on link.
2205 Because we are allowed to send to iface
2206 even if it has NO routes and NO assigned
2207 addresses. When oif is specified, routing
2208 tables are looked up with only one purpose:
2209 to catch if destination is gatewayed, rather than
2210 direct. Moreover, if MSG_DONTROUTE is set,
2211 we send packet, ignoring both routing tables
2212 and ifaddr state. --ANK
2215 We could make it even if oif is unknown,
2216 likely IPv6, but we do not.
2219 if (fl4->saddr == 0)
2220 fl4->saddr = inet_select_addr(dev_out, 0,
2222 res.type = RTN_UNICAST;
2229 if (res.type == RTN_LOCAL) {
2231 if (res.fi->fib_prefsrc)
2232 fl4->saddr = res.fi->fib_prefsrc;
2234 fl4->saddr = fl4->daddr;
2236 dev_out = net->loopback_dev;
2237 fl4->flowi4_oif = dev_out->ifindex;
2238 flags |= RTCF_LOCAL;
2242 fib_select_path(net, &res, fl4, mp_hash);
2244 dev_out = FIB_RES_DEV(res);
2245 fl4->flowi4_oif = dev_out->ifindex;
2249 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2255 EXPORT_SYMBOL_GPL(__ip_route_output_key_hash);
2257 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2262 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2264 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2266 return mtu ? : dst->dev->mtu;
2269 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2270 struct sk_buff *skb, u32 mtu)
2274 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2275 struct sk_buff *skb)
2279 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2285 static struct dst_ops ipv4_dst_blackhole_ops = {
2287 .check = ipv4_blackhole_dst_check,
2288 .mtu = ipv4_blackhole_mtu,
2289 .default_advmss = ipv4_default_advmss,
2290 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2291 .redirect = ipv4_rt_blackhole_redirect,
2292 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2293 .neigh_lookup = ipv4_neigh_lookup,
2296 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2298 struct rtable *ort = (struct rtable *) dst_orig;
2301 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2303 struct dst_entry *new = &rt->dst;
2306 new->input = dst_discard;
2307 new->output = dst_discard_out;
2309 new->dev = ort->dst.dev;
2313 rt->rt_is_input = ort->rt_is_input;
2314 rt->rt_iif = ort->rt_iif;
2315 rt->rt_pmtu = ort->rt_pmtu;
2317 rt->rt_genid = rt_genid_ipv4(net);
2318 rt->rt_flags = ort->rt_flags;
2319 rt->rt_type = ort->rt_type;
2320 rt->rt_gateway = ort->rt_gateway;
2321 rt->rt_uses_gateway = ort->rt_uses_gateway;
2323 INIT_LIST_HEAD(&rt->rt_uncached);
2327 dst_release(dst_orig);
2329 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2332 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2333 const struct sock *sk)
2335 struct rtable *rt = __ip_route_output_key(net, flp4);
2340 if (flp4->flowi4_proto)
2341 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2342 flowi4_to_flowi(flp4),
2347 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2349 static int rt_fill_info(struct net *net, __be32 dst, __be32 src, u32 table_id,
2350 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2351 u32 seq, int event, int nowait, unsigned int flags)
2353 struct rtable *rt = skb_rtable(skb);
2355 struct nlmsghdr *nlh;
2356 unsigned long expires = 0;
2358 u32 metrics[RTAX_MAX];
2360 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2364 r = nlmsg_data(nlh);
2365 r->rtm_family = AF_INET;
2366 r->rtm_dst_len = 32;
2368 r->rtm_tos = fl4->flowi4_tos;
2369 r->rtm_table = table_id;
2370 if (nla_put_u32(skb, RTA_TABLE, table_id))
2371 goto nla_put_failure;
2372 r->rtm_type = rt->rt_type;
2373 r->rtm_scope = RT_SCOPE_UNIVERSE;
2374 r->rtm_protocol = RTPROT_UNSPEC;
2375 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2376 if (rt->rt_flags & RTCF_NOTIFY)
2377 r->rtm_flags |= RTM_F_NOTIFY;
2378 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2379 r->rtm_flags |= RTCF_DOREDIRECT;
2381 if (nla_put_in_addr(skb, RTA_DST, dst))
2382 goto nla_put_failure;
2384 r->rtm_src_len = 32;
2385 if (nla_put_in_addr(skb, RTA_SRC, src))
2386 goto nla_put_failure;
2389 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2390 goto nla_put_failure;
2391 #ifdef CONFIG_IP_ROUTE_CLASSID
2392 if (rt->dst.tclassid &&
2393 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2394 goto nla_put_failure;
2396 if (!rt_is_input_route(rt) &&
2397 fl4->saddr != src) {
2398 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2399 goto nla_put_failure;
2401 if (rt->rt_uses_gateway &&
2402 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gateway))
2403 goto nla_put_failure;
2405 expires = rt->dst.expires;
2407 unsigned long now = jiffies;
2409 if (time_before(now, expires))
2415 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2416 if (rt->rt_pmtu && expires)
2417 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2418 if (rtnetlink_put_metrics(skb, metrics) < 0)
2419 goto nla_put_failure;
2421 if (fl4->flowi4_mark &&
2422 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2423 goto nla_put_failure;
2425 error = rt->dst.error;
2427 if (rt_is_input_route(rt)) {
2428 #ifdef CONFIG_IP_MROUTE
2429 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2430 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2431 int err = ipmr_get_route(net, skb,
2432 fl4->saddr, fl4->daddr,
2438 goto nla_put_failure;
2440 if (err == -EMSGSIZE)
2441 goto nla_put_failure;
2447 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2448 goto nla_put_failure;
2451 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2452 goto nla_put_failure;
2454 nlmsg_end(skb, nlh);
2458 nlmsg_cancel(skb, nlh);
2462 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2464 struct net *net = sock_net(in_skb->sk);
2466 struct nlattr *tb[RTA_MAX+1];
2467 struct rtable *rt = NULL;
2474 struct sk_buff *skb;
2475 u32 table_id = RT_TABLE_MAIN;
2477 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2481 rtm = nlmsg_data(nlh);
2483 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2489 /* Reserve room for dummy headers, this skb can pass
2490 through good chunk of routing engine.
2492 skb_reset_mac_header(skb);
2493 skb_reset_network_header(skb);
2495 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2496 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2497 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2499 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
2500 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
2501 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2502 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2504 memset(&fl4, 0, sizeof(fl4));
2507 fl4.flowi4_tos = rtm->rtm_tos;
2508 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2509 fl4.flowi4_mark = mark;
2511 if (netif_index_is_l3_master(net, fl4.flowi4_oif))
2512 fl4.flowi4_flags = FLOWI_FLAG_L3MDEV_SRC | FLOWI_FLAG_SKIP_NH_OIF;
2515 struct net_device *dev;
2517 dev = __dev_get_by_index(net, iif);
2523 skb->protocol = htons(ETH_P_IP);
2527 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2530 rt = skb_rtable(skb);
2531 if (err == 0 && rt->dst.error)
2532 err = -rt->dst.error;
2534 rt = ip_route_output_key(net, &fl4);
2544 skb_dst_set(skb, &rt->dst);
2545 if (rtm->rtm_flags & RTM_F_NOTIFY)
2546 rt->rt_flags |= RTCF_NOTIFY;
2548 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
2549 table_id = rt->rt_table_id;
2551 err = rt_fill_info(net, dst, src, table_id, &fl4, skb,
2552 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2553 RTM_NEWROUTE, 0, 0);
2557 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2566 void ip_rt_multicast_event(struct in_device *in_dev)
2568 rt_cache_flush(dev_net(in_dev->dev));
2571 #ifdef CONFIG_SYSCTL
2572 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2573 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2574 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2575 static int ip_rt_gc_elasticity __read_mostly = 8;
2577 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
2578 void __user *buffer,
2579 size_t *lenp, loff_t *ppos)
2581 struct net *net = (struct net *)__ctl->extra1;
2584 rt_cache_flush(net);
2585 fnhe_genid_bump(net);
2592 static struct ctl_table ipv4_route_table[] = {
2594 .procname = "gc_thresh",
2595 .data = &ipv4_dst_ops.gc_thresh,
2596 .maxlen = sizeof(int),
2598 .proc_handler = proc_dointvec,
2601 .procname = "max_size",
2602 .data = &ip_rt_max_size,
2603 .maxlen = sizeof(int),
2605 .proc_handler = proc_dointvec,
2608 /* Deprecated. Use gc_min_interval_ms */
2610 .procname = "gc_min_interval",
2611 .data = &ip_rt_gc_min_interval,
2612 .maxlen = sizeof(int),
2614 .proc_handler = proc_dointvec_jiffies,
2617 .procname = "gc_min_interval_ms",
2618 .data = &ip_rt_gc_min_interval,
2619 .maxlen = sizeof(int),
2621 .proc_handler = proc_dointvec_ms_jiffies,
2624 .procname = "gc_timeout",
2625 .data = &ip_rt_gc_timeout,
2626 .maxlen = sizeof(int),
2628 .proc_handler = proc_dointvec_jiffies,
2631 .procname = "gc_interval",
2632 .data = &ip_rt_gc_interval,
2633 .maxlen = sizeof(int),
2635 .proc_handler = proc_dointvec_jiffies,
2638 .procname = "redirect_load",
2639 .data = &ip_rt_redirect_load,
2640 .maxlen = sizeof(int),
2642 .proc_handler = proc_dointvec,
2645 .procname = "redirect_number",
2646 .data = &ip_rt_redirect_number,
2647 .maxlen = sizeof(int),
2649 .proc_handler = proc_dointvec,
2652 .procname = "redirect_silence",
2653 .data = &ip_rt_redirect_silence,
2654 .maxlen = sizeof(int),
2656 .proc_handler = proc_dointvec,
2659 .procname = "error_cost",
2660 .data = &ip_rt_error_cost,
2661 .maxlen = sizeof(int),
2663 .proc_handler = proc_dointvec,
2666 .procname = "error_burst",
2667 .data = &ip_rt_error_burst,
2668 .maxlen = sizeof(int),
2670 .proc_handler = proc_dointvec,
2673 .procname = "gc_elasticity",
2674 .data = &ip_rt_gc_elasticity,
2675 .maxlen = sizeof(int),
2677 .proc_handler = proc_dointvec,
2680 .procname = "mtu_expires",
2681 .data = &ip_rt_mtu_expires,
2682 .maxlen = sizeof(int),
2684 .proc_handler = proc_dointvec_jiffies,
2687 .procname = "min_pmtu",
2688 .data = &ip_rt_min_pmtu,
2689 .maxlen = sizeof(int),
2691 .proc_handler = proc_dointvec,
2694 .procname = "min_adv_mss",
2695 .data = &ip_rt_min_advmss,
2696 .maxlen = sizeof(int),
2698 .proc_handler = proc_dointvec,
2703 static struct ctl_table ipv4_route_flush_table[] = {
2705 .procname = "flush",
2706 .maxlen = sizeof(int),
2708 .proc_handler = ipv4_sysctl_rtcache_flush,
2713 static __net_init int sysctl_route_net_init(struct net *net)
2715 struct ctl_table *tbl;
2717 tbl = ipv4_route_flush_table;
2718 if (!net_eq(net, &init_net)) {
2719 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2723 /* Don't export sysctls to unprivileged users */
2724 if (net->user_ns != &init_user_ns)
2725 tbl[0].procname = NULL;
2727 tbl[0].extra1 = net;
2729 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2730 if (!net->ipv4.route_hdr)
2735 if (tbl != ipv4_route_flush_table)
2741 static __net_exit void sysctl_route_net_exit(struct net *net)
2743 struct ctl_table *tbl;
2745 tbl = net->ipv4.route_hdr->ctl_table_arg;
2746 unregister_net_sysctl_table(net->ipv4.route_hdr);
2747 BUG_ON(tbl == ipv4_route_flush_table);
2751 static __net_initdata struct pernet_operations sysctl_route_ops = {
2752 .init = sysctl_route_net_init,
2753 .exit = sysctl_route_net_exit,
2757 static __net_init int rt_genid_init(struct net *net)
2759 atomic_set(&net->ipv4.rt_genid, 0);
2760 atomic_set(&net->fnhe_genid, 0);
2761 get_random_bytes(&net->ipv4.dev_addr_genid,
2762 sizeof(net->ipv4.dev_addr_genid));
2766 static __net_initdata struct pernet_operations rt_genid_ops = {
2767 .init = rt_genid_init,
2770 static int __net_init ipv4_inetpeer_init(struct net *net)
2772 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2776 inet_peer_base_init(bp);
2777 net->ipv4.peers = bp;
2781 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2783 struct inet_peer_base *bp = net->ipv4.peers;
2785 net->ipv4.peers = NULL;
2786 inetpeer_invalidate_tree(bp);
2790 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2791 .init = ipv4_inetpeer_init,
2792 .exit = ipv4_inetpeer_exit,
2795 #ifdef CONFIG_IP_ROUTE_CLASSID
2796 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2797 #endif /* CONFIG_IP_ROUTE_CLASSID */
2799 int __init ip_rt_init(void)
2804 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2806 panic("IP: failed to allocate ip_idents\n");
2808 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2810 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
2812 panic("IP: failed to allocate ip_tstamps\n");
2814 for_each_possible_cpu(cpu) {
2815 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
2817 INIT_LIST_HEAD(&ul->head);
2818 spin_lock_init(&ul->lock);
2820 #ifdef CONFIG_IP_ROUTE_CLASSID
2821 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2823 panic("IP: failed to allocate ip_rt_acct\n");
2826 ipv4_dst_ops.kmem_cachep =
2827 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2828 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2830 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2832 if (dst_entries_init(&ipv4_dst_ops) < 0)
2833 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2835 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2836 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2838 ipv4_dst_ops.gc_thresh = ~0;
2839 ip_rt_max_size = INT_MAX;
2844 if (ip_rt_proc_init())
2845 pr_err("Unable to create route proc files\n");
2850 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2852 #ifdef CONFIG_SYSCTL
2853 register_pernet_subsys(&sysctl_route_ops);
2855 register_pernet_subsys(&rt_genid_ops);
2856 register_pernet_subsys(&ipv4_inetpeer_ops);
2860 #ifdef CONFIG_SYSCTL
2862 * We really need to sanitize the damn ipv4 init order, then all
2863 * this nonsense will go away.
2865 void __init ip_static_sysctl_init(void)
2867 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / cascardo / linux.git / blob