2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/bootmem.h>
74 #include <linux/string.h>
75 #include <linux/socket.h>
76 #include <linux/sockios.h>
77 #include <linux/errno.h>
79 #include <linux/inet.h>
80 #include <linux/netdevice.h>
81 #include <linux/proc_fs.h>
82 #include <linux/init.h>
83 #include <linux/workqueue.h>
84 #include <linux/skbuff.h>
85 #include <linux/inetdevice.h>
86 #include <linux/igmp.h>
87 #include <linux/pkt_sched.h>
88 #include <linux/mroute.h>
89 #include <linux/netfilter_ipv4.h>
90 #include <linux/random.h>
91 #include <linux/jhash.h>
92 #include <linux/rcupdate.h>
93 #include <linux/times.h>
94 #include <linux/slab.h>
95 #include <linux/prefetch.h>
97 #include <net/net_namespace.h>
98 #include <net/protocol.h>
100 #include <net/route.h>
101 #include <net/inetpeer.h>
102 #include <net/sock.h>
103 #include <net/ip_fib.h>
106 #include <net/icmp.h>
107 #include <net/xfrm.h>
108 #include <net/netevent.h>
109 #include <net/rtnetlink.h>
111 #include <linux/sysctl.h>
112 #include <linux/kmemleak.h>
114 #include <net/secure_seq.h>
116 #define RT_FL_TOS(oldflp4) \
117 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
119 #define IP_MAX_MTU 0xFFF0
121 #define RT_GC_TIMEOUT (300*HZ)
123 static int ip_rt_max_size
;
124 static int ip_rt_gc_timeout __read_mostly
= RT_GC_TIMEOUT
;
125 static int ip_rt_gc_interval __read_mostly
= 60 * HZ
;
126 static int ip_rt_gc_min_interval __read_mostly
= HZ
/ 2;
127 static int ip_rt_redirect_number __read_mostly
= 9;
128 static int ip_rt_redirect_load __read_mostly
= HZ
/ 50;
129 static int ip_rt_redirect_silence __read_mostly
= ((HZ
/ 50) << (9 + 1));
130 static int ip_rt_error_cost __read_mostly
= HZ
;
131 static int ip_rt_error_burst __read_mostly
= 5 * HZ
;
132 static int ip_rt_gc_elasticity __read_mostly
= 8;
133 static int ip_rt_mtu_expires __read_mostly
= 10 * 60 * HZ
;
134 static int ip_rt_min_pmtu __read_mostly
= 512 + 20 + 20;
135 static int ip_rt_min_advmss __read_mostly
= 256;
136 static int rt_chain_length_max __read_mostly
= 20;
138 static struct delayed_work expires_work
;
139 static unsigned long expires_ljiffies
;
142 * Interface to generic destination cache.
145 static struct dst_entry
*ipv4_dst_check(struct dst_entry
*dst
, u32 cookie
);
146 static unsigned int ipv4_default_advmss(const struct dst_entry
*dst
);
147 static unsigned int ipv4_mtu(const struct dst_entry
*dst
);
148 static void ipv4_dst_destroy(struct dst_entry
*dst
);
149 static struct dst_entry
*ipv4_negative_advice(struct dst_entry
*dst
);
150 static void ipv4_link_failure(struct sk_buff
*skb
);
151 static void ip_rt_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
152 struct sk_buff
*skb
, u32 mtu
);
153 static void ip_do_redirect(struct dst_entry
*dst
, struct sock
*sk
,
154 struct sk_buff
*skb
);
155 static int rt_garbage_collect(struct dst_ops
*ops
);
157 static void ipv4_dst_ifdown(struct dst_entry
*dst
, struct net_device
*dev
,
162 static u32
*ipv4_cow_metrics(struct dst_entry
*dst
, unsigned long old
)
168 static struct neighbour
*ipv4_neigh_lookup(const struct dst_entry
*dst
,
172 static struct dst_ops ipv4_dst_ops
= {
174 .protocol
= cpu_to_be16(ETH_P_IP
),
175 .gc
= rt_garbage_collect
,
176 .check
= ipv4_dst_check
,
177 .default_advmss
= ipv4_default_advmss
,
179 .cow_metrics
= ipv4_cow_metrics
,
180 .destroy
= ipv4_dst_destroy
,
181 .ifdown
= ipv4_dst_ifdown
,
182 .negative_advice
= ipv4_negative_advice
,
183 .link_failure
= ipv4_link_failure
,
184 .update_pmtu
= ip_rt_update_pmtu
,
185 .redirect
= ip_do_redirect
,
186 .local_out
= __ip_local_out
,
187 .neigh_lookup
= ipv4_neigh_lookup
,
190 #define ECN_OR_COST(class) TC_PRIO_##class
192 const __u8 ip_tos2prio
[16] = {
194 ECN_OR_COST(BESTEFFORT
),
196 ECN_OR_COST(BESTEFFORT
),
202 ECN_OR_COST(INTERACTIVE
),
204 ECN_OR_COST(INTERACTIVE
),
205 TC_PRIO_INTERACTIVE_BULK
,
206 ECN_OR_COST(INTERACTIVE_BULK
),
207 TC_PRIO_INTERACTIVE_BULK
,
208 ECN_OR_COST(INTERACTIVE_BULK
)
210 EXPORT_SYMBOL(ip_tos2prio
);
216 /* The locking scheme is rather straight forward:
218 * 1) Read-Copy Update protects the buckets of the central route hash.
219 * 2) Only writers remove entries, and they hold the lock
220 * as they look at rtable reference counts.
221 * 3) Only readers acquire references to rtable entries,
222 * they do so with atomic increments and with the
226 struct rt_hash_bucket
{
227 struct rtable __rcu
*chain
;
230 #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) || \
231 defined(CONFIG_PROVE_LOCKING)
233 * Instead of using one spinlock for each rt_hash_bucket, we use a table of spinlocks
234 * The size of this table is a power of two and depends on the number of CPUS.
235 * (on lockdep we have a quite big spinlock_t, so keep the size down there)
237 #ifdef CONFIG_LOCKDEP
238 # define RT_HASH_LOCK_SZ 256
241 # define RT_HASH_LOCK_SZ 4096
243 # define RT_HASH_LOCK_SZ 2048
245 # define RT_HASH_LOCK_SZ 1024
247 # define RT_HASH_LOCK_SZ 512
249 # define RT_HASH_LOCK_SZ 256
253 static spinlock_t
*rt_hash_locks
;
254 # define rt_hash_lock_addr(slot) &rt_hash_locks[(slot) & (RT_HASH_LOCK_SZ - 1)]
256 static __init
void rt_hash_lock_init(void)
260 rt_hash_locks
= kmalloc(sizeof(spinlock_t
) * RT_HASH_LOCK_SZ
,
263 panic("IP: failed to allocate rt_hash_locks\n");
265 for (i
= 0; i
< RT_HASH_LOCK_SZ
; i
++)
266 spin_lock_init(&rt_hash_locks
[i
]);
269 # define rt_hash_lock_addr(slot) NULL
271 static inline void rt_hash_lock_init(void)
276 static struct rt_hash_bucket
*rt_hash_table __read_mostly
;
277 static unsigned int rt_hash_mask __read_mostly
;
278 static unsigned int rt_hash_log __read_mostly
;
280 static DEFINE_PER_CPU(struct rt_cache_stat
, rt_cache_stat
);
281 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
283 static inline unsigned int rt_hash(__be32 daddr
, __be32 saddr
, int idx
,
286 return jhash_3words((__force u32
)daddr
, (__force u32
)saddr
,
291 static inline int rt_genid(struct net
*net
)
293 return atomic_read(&net
->ipv4
.rt_genid
);
296 #ifdef CONFIG_PROC_FS
297 struct rt_cache_iter_state
{
298 struct seq_net_private p
;
303 static struct rtable
*rt_cache_get_first(struct seq_file
*seq
)
305 struct rt_cache_iter_state
*st
= seq
->private;
306 struct rtable
*r
= NULL
;
308 for (st
->bucket
= rt_hash_mask
; st
->bucket
>= 0; --st
->bucket
) {
309 if (!rcu_access_pointer(rt_hash_table
[st
->bucket
].chain
))
312 r
= rcu_dereference_bh(rt_hash_table
[st
->bucket
].chain
);
314 if (dev_net(r
->dst
.dev
) == seq_file_net(seq
) &&
315 r
->rt_genid
== st
->genid
)
317 r
= rcu_dereference_bh(r
->dst
.rt_next
);
319 rcu_read_unlock_bh();
324 static struct rtable
*__rt_cache_get_next(struct seq_file
*seq
,
327 struct rt_cache_iter_state
*st
= seq
->private;
329 r
= rcu_dereference_bh(r
->dst
.rt_next
);
331 rcu_read_unlock_bh();
333 if (--st
->bucket
< 0)
335 } while (!rcu_access_pointer(rt_hash_table
[st
->bucket
].chain
));
337 r
= rcu_dereference_bh(rt_hash_table
[st
->bucket
].chain
);
342 static struct rtable
*rt_cache_get_next(struct seq_file
*seq
,
345 struct rt_cache_iter_state
*st
= seq
->private;
346 while ((r
= __rt_cache_get_next(seq
, r
)) != NULL
) {
347 if (dev_net(r
->dst
.dev
) != seq_file_net(seq
))
349 if (r
->rt_genid
== st
->genid
)
355 static struct rtable
*rt_cache_get_idx(struct seq_file
*seq
, loff_t pos
)
357 struct rtable
*r
= rt_cache_get_first(seq
);
360 while (pos
&& (r
= rt_cache_get_next(seq
, r
)))
362 return pos
? NULL
: r
;
365 static void *rt_cache_seq_start(struct seq_file
*seq
, loff_t
*pos
)
367 struct rt_cache_iter_state
*st
= seq
->private;
369 return rt_cache_get_idx(seq
, *pos
- 1);
370 st
->genid
= rt_genid(seq_file_net(seq
));
371 return SEQ_START_TOKEN
;
374 static void *rt_cache_seq_next(struct seq_file
*seq
, void *v
, loff_t
*pos
)
378 if (v
== SEQ_START_TOKEN
)
379 r
= rt_cache_get_first(seq
);
381 r
= rt_cache_get_next(seq
, v
);
386 static void rt_cache_seq_stop(struct seq_file
*seq
, void *v
)
388 if (v
&& v
!= SEQ_START_TOKEN
)
389 rcu_read_unlock_bh();
392 static int rt_cache_seq_show(struct seq_file
*seq
, void *v
)
394 if (v
== SEQ_START_TOKEN
)
395 seq_printf(seq
, "%-127s\n",
396 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
397 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
400 struct rtable
*r
= v
;
403 seq_printf(seq
, "%s\t%08X\t%08X\t%8X\t%d\t%u\t%d\t"
404 "%08X\t%d\t%u\t%u\t%02X\t%d\t%1d\t%08X%n",
405 r
->dst
.dev
? r
->dst
.dev
->name
: "*",
406 (__force u32
)r
->rt_dst
,
407 (__force u32
)r
->rt_gateway
,
408 r
->rt_flags
, atomic_read(&r
->dst
.__refcnt
),
409 r
->dst
.__use
, 0, (__force u32
)r
->rt_src
,
410 dst_metric_advmss(&r
->dst
) + 40,
411 dst_metric(&r
->dst
, RTAX_WINDOW
), 0,
415 seq_printf(seq
, "%*s\n", 127 - len
, "");
420 static const struct seq_operations rt_cache_seq_ops
= {
421 .start
= rt_cache_seq_start
,
422 .next
= rt_cache_seq_next
,
423 .stop
= rt_cache_seq_stop
,
424 .show
= rt_cache_seq_show
,
427 static int rt_cache_seq_open(struct inode
*inode
, struct file
*file
)
429 return seq_open_net(inode
, file
, &rt_cache_seq_ops
,
430 sizeof(struct rt_cache_iter_state
));
433 static const struct file_operations rt_cache_seq_fops
= {
434 .owner
= THIS_MODULE
,
435 .open
= rt_cache_seq_open
,
438 .release
= seq_release_net
,
442 static void *rt_cpu_seq_start(struct seq_file
*seq
, loff_t
*pos
)
447 return SEQ_START_TOKEN
;
449 for (cpu
= *pos
-1; cpu
< nr_cpu_ids
; ++cpu
) {
450 if (!cpu_possible(cpu
))
453 return &per_cpu(rt_cache_stat
, cpu
);
458 static void *rt_cpu_seq_next(struct seq_file
*seq
, void *v
, loff_t
*pos
)
462 for (cpu
= *pos
; cpu
< nr_cpu_ids
; ++cpu
) {
463 if (!cpu_possible(cpu
))
466 return &per_cpu(rt_cache_stat
, cpu
);
472 static void rt_cpu_seq_stop(struct seq_file
*seq
, void *v
)
477 static int rt_cpu_seq_show(struct seq_file
*seq
, void *v
)
479 struct rt_cache_stat
*st
= v
;
481 if (v
== SEQ_START_TOKEN
) {
482 seq_printf(seq
, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
486 seq_printf(seq
,"%08x %08x %08x %08x %08x %08x %08x %08x "
487 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
488 dst_entries_get_slow(&ipv4_dst_ops
),
511 static const struct seq_operations rt_cpu_seq_ops
= {
512 .start
= rt_cpu_seq_start
,
513 .next
= rt_cpu_seq_next
,
514 .stop
= rt_cpu_seq_stop
,
515 .show
= rt_cpu_seq_show
,
519 static int rt_cpu_seq_open(struct inode
*inode
, struct file
*file
)
521 return seq_open(file
, &rt_cpu_seq_ops
);
524 static const struct file_operations rt_cpu_seq_fops
= {
525 .owner
= THIS_MODULE
,
526 .open
= rt_cpu_seq_open
,
529 .release
= seq_release
,
532 #ifdef CONFIG_IP_ROUTE_CLASSID
533 static int rt_acct_proc_show(struct seq_file
*m
, void *v
)
535 struct ip_rt_acct
*dst
, *src
;
538 dst
= kcalloc(256, sizeof(struct ip_rt_acct
), GFP_KERNEL
);
542 for_each_possible_cpu(i
) {
543 src
= (struct ip_rt_acct
*)per_cpu_ptr(ip_rt_acct
, i
);
544 for (j
= 0; j
< 256; j
++) {
545 dst
[j
].o_bytes
+= src
[j
].o_bytes
;
546 dst
[j
].o_packets
+= src
[j
].o_packets
;
547 dst
[j
].i_bytes
+= src
[j
].i_bytes
;
548 dst
[j
].i_packets
+= src
[j
].i_packets
;
552 seq_write(m
, dst
, 256 * sizeof(struct ip_rt_acct
));
557 static int rt_acct_proc_open(struct inode
*inode
, struct file
*file
)
559 return single_open(file
, rt_acct_proc_show
, NULL
);
562 static const struct file_operations rt_acct_proc_fops
= {
563 .owner
= THIS_MODULE
,
564 .open
= rt_acct_proc_open
,
567 .release
= single_release
,
571 static int __net_init
ip_rt_do_proc_init(struct net
*net
)
573 struct proc_dir_entry
*pde
;
575 pde
= proc_net_fops_create(net
, "rt_cache", S_IRUGO
,
580 pde
= proc_create("rt_cache", S_IRUGO
,
581 net
->proc_net_stat
, &rt_cpu_seq_fops
);
585 #ifdef CONFIG_IP_ROUTE_CLASSID
586 pde
= proc_create("rt_acct", 0, net
->proc_net
, &rt_acct_proc_fops
);
592 #ifdef CONFIG_IP_ROUTE_CLASSID
594 remove_proc_entry("rt_cache", net
->proc_net_stat
);
597 remove_proc_entry("rt_cache", net
->proc_net
);
602 static void __net_exit
ip_rt_do_proc_exit(struct net
*net
)
604 remove_proc_entry("rt_cache", net
->proc_net_stat
);
605 remove_proc_entry("rt_cache", net
->proc_net
);
606 #ifdef CONFIG_IP_ROUTE_CLASSID
607 remove_proc_entry("rt_acct", net
->proc_net
);
611 static struct pernet_operations ip_rt_proc_ops __net_initdata
= {
612 .init
= ip_rt_do_proc_init
,
613 .exit
= ip_rt_do_proc_exit
,
616 static int __init
ip_rt_proc_init(void)
618 return register_pernet_subsys(&ip_rt_proc_ops
);
622 static inline int ip_rt_proc_init(void)
626 #endif /* CONFIG_PROC_FS */
628 static inline void rt_free(struct rtable
*rt
)
630 call_rcu_bh(&rt
->dst
.rcu_head
, dst_rcu_free
);
633 static inline void rt_drop(struct rtable
*rt
)
636 call_rcu_bh(&rt
->dst
.rcu_head
, dst_rcu_free
);
639 static inline int rt_fast_clean(struct rtable
*rth
)
641 /* Kill broadcast/multicast entries very aggresively, if they
642 collide in hash table with more useful entries */
643 return (rth
->rt_flags
& (RTCF_BROADCAST
| RTCF_MULTICAST
)) &&
644 rt_is_input_route(rth
) && rth
->dst
.rt_next
;
647 static inline int rt_valuable(struct rtable
*rth
)
649 return (rth
->rt_flags
& (RTCF_REDIRECTED
| RTCF_NOTIFY
)) ||
653 static int rt_may_expire(struct rtable
*rth
, unsigned long tmo1
, unsigned long tmo2
)
658 if (atomic_read(&rth
->dst
.__refcnt
))
661 age
= jiffies
- rth
->dst
.lastuse
;
662 if ((age
<= tmo1
&& !rt_fast_clean(rth
)) ||
663 (age
<= tmo2
&& rt_valuable(rth
)))
669 /* Bits of score are:
671 * 30: not quite useless
672 * 29..0: usage counter
674 static inline u32
rt_score(struct rtable
*rt
)
676 u32 score
= jiffies
- rt
->dst
.lastuse
;
678 score
= ~score
& ~(3<<30);
683 if (rt_is_output_route(rt
) ||
684 !(rt
->rt_flags
& (RTCF_BROADCAST
|RTCF_MULTICAST
|RTCF_LOCAL
)))
690 static inline bool rt_caching(const struct net
*net
)
692 return net
->ipv4
.current_rt_cache_rebuild_count
<=
693 net
->ipv4
.sysctl_rt_cache_rebuild_count
;
696 static inline bool compare_hash_inputs(const struct rtable
*rt1
,
697 const struct rtable
*rt2
)
699 return ((((__force u32
)rt1
->rt_key_dst
^ (__force u32
)rt2
->rt_key_dst
) |
700 ((__force u32
)rt1
->rt_key_src
^ (__force u32
)rt2
->rt_key_src
) |
701 (rt1
->rt_route_iif
^ rt2
->rt_route_iif
)) == 0);
704 static inline int compare_keys(struct rtable
*rt1
, struct rtable
*rt2
)
706 return (((__force u32
)rt1
->rt_key_dst
^ (__force u32
)rt2
->rt_key_dst
) |
707 ((__force u32
)rt1
->rt_key_src
^ (__force u32
)rt2
->rt_key_src
) |
708 (rt1
->rt_mark
^ rt2
->rt_mark
) |
709 (rt1
->rt_key_tos
^ rt2
->rt_key_tos
) |
710 (rt1
->rt_route_iif
^ rt2
->rt_route_iif
) |
711 (rt1
->rt_oif
^ rt2
->rt_oif
)) == 0;
714 static inline int compare_netns(struct rtable
*rt1
, struct rtable
*rt2
)
716 return net_eq(dev_net(rt1
->dst
.dev
), dev_net(rt2
->dst
.dev
));
719 static inline int rt_is_expired(struct rtable
*rth
)
721 return rth
->rt_genid
!= rt_genid(dev_net(rth
->dst
.dev
));
725 * Perform a full scan of hash table and free all entries.
726 * Can be called by a softirq or a process.
727 * In the later case, we want to be reschedule if necessary
729 static void rt_do_flush(struct net
*net
, int process_context
)
732 struct rtable
*rth
, *next
;
734 for (i
= 0; i
<= rt_hash_mask
; i
++) {
735 struct rtable __rcu
**pprev
;
738 if (process_context
&& need_resched())
740 rth
= rcu_access_pointer(rt_hash_table
[i
].chain
);
744 spin_lock_bh(rt_hash_lock_addr(i
));
747 pprev
= &rt_hash_table
[i
].chain
;
748 rth
= rcu_dereference_protected(*pprev
,
749 lockdep_is_held(rt_hash_lock_addr(i
)));
752 next
= rcu_dereference_protected(rth
->dst
.rt_next
,
753 lockdep_is_held(rt_hash_lock_addr(i
)));
756 net_eq(dev_net(rth
->dst
.dev
), net
)) {
757 rcu_assign_pointer(*pprev
, next
);
758 rcu_assign_pointer(rth
->dst
.rt_next
, list
);
761 pprev
= &rth
->dst
.rt_next
;
766 spin_unlock_bh(rt_hash_lock_addr(i
));
768 for (; list
; list
= next
) {
769 next
= rcu_dereference_protected(list
->dst
.rt_next
, 1);
776 * While freeing expired entries, we compute average chain length
777 * and standard deviation, using fixed-point arithmetic.
778 * This to have an estimation of rt_chain_length_max
779 * rt_chain_length_max = max(elasticity, AVG + 4*SD)
780 * We use 3 bits for frational part, and 29 (or 61) for magnitude.
784 #define ONE (1UL << FRACT_BITS)
787 * Given a hash chain and an item in this hash chain,
788 * find if a previous entry has the same hash_inputs
789 * (but differs on tos, mark or oif)
790 * Returns 0 if an alias is found.
791 * Returns ONE if rth has no alias before itself.
793 static int has_noalias(const struct rtable
*head
, const struct rtable
*rth
)
795 const struct rtable
*aux
= head
;
798 if (compare_hash_inputs(aux
, rth
))
800 aux
= rcu_dereference_protected(aux
->dst
.rt_next
, 1);
805 static void rt_check_expire(void)
807 static unsigned int rover
;
808 unsigned int i
= rover
, goal
;
810 struct rtable __rcu
**rthp
;
811 unsigned long samples
= 0;
812 unsigned long sum
= 0, sum2
= 0;
816 delta
= jiffies
- expires_ljiffies
;
817 expires_ljiffies
= jiffies
;
818 mult
= ((u64
)delta
) << rt_hash_log
;
819 if (ip_rt_gc_timeout
> 1)
820 do_div(mult
, ip_rt_gc_timeout
);
821 goal
= (unsigned int)mult
;
822 if (goal
> rt_hash_mask
)
823 goal
= rt_hash_mask
+ 1;
824 for (; goal
> 0; goal
--) {
825 unsigned long tmo
= ip_rt_gc_timeout
;
826 unsigned long length
;
828 i
= (i
+ 1) & rt_hash_mask
;
829 rthp
= &rt_hash_table
[i
].chain
;
836 if (rcu_dereference_raw(*rthp
) == NULL
)
839 spin_lock_bh(rt_hash_lock_addr(i
));
840 while ((rth
= rcu_dereference_protected(*rthp
,
841 lockdep_is_held(rt_hash_lock_addr(i
)))) != NULL
) {
842 prefetch(rth
->dst
.rt_next
);
843 if (rt_is_expired(rth
) ||
844 rt_may_expire(rth
, tmo
, ip_rt_gc_timeout
)) {
845 *rthp
= rth
->dst
.rt_next
;
850 /* We only count entries on a chain with equal
851 * hash inputs once so that entries for
852 * different QOS levels, and other non-hash
853 * input attributes don't unfairly skew the
857 rthp
= &rth
->dst
.rt_next
;
858 length
+= has_noalias(rt_hash_table
[i
].chain
, rth
);
860 spin_unlock_bh(rt_hash_lock_addr(i
));
862 sum2
+= length
*length
;
865 unsigned long avg
= sum
/ samples
;
866 unsigned long sd
= int_sqrt(sum2
/ samples
- avg
*avg
);
867 rt_chain_length_max
= max_t(unsigned long,
869 (avg
+ 4*sd
) >> FRACT_BITS
);
875 * rt_worker_func() is run in process context.
876 * we call rt_check_expire() to scan part of the hash table
878 static void rt_worker_func(struct work_struct
*work
)
881 schedule_delayed_work(&expires_work
, ip_rt_gc_interval
);
885 * Perturbation of rt_genid by a small quantity [1..256]
886 * Using 8 bits of shuffling ensure we can call rt_cache_invalidate()
887 * many times (2^24) without giving recent rt_genid.
888 * Jenkins hash is strong enough that litle changes of rt_genid are OK.
890 static void rt_cache_invalidate(struct net
*net
)
892 unsigned char shuffle
;
894 get_random_bytes(&shuffle
, sizeof(shuffle
));
895 atomic_add(shuffle
+ 1U, &net
->ipv4
.rt_genid
);
899 * delay < 0 : invalidate cache (fast : entries will be deleted later)
900 * delay >= 0 : invalidate & flush cache (can be long)
902 void rt_cache_flush(struct net
*net
, int delay
)
904 rt_cache_invalidate(net
);
906 rt_do_flush(net
, !in_softirq());
909 /* Flush previous cache invalidated entries from the cache */
910 void rt_cache_flush_batch(struct net
*net
)
912 rt_do_flush(net
, !in_softirq());
915 static void rt_emergency_hash_rebuild(struct net
*net
)
917 net_warn_ratelimited("Route hash chain too long!\n");
918 rt_cache_invalidate(net
);
922 Short description of GC goals.
924 We want to build algorithm, which will keep routing cache
925 at some equilibrium point, when number of aged off entries
926 is kept approximately equal to newly generated ones.
928 Current expiration strength is variable "expire".
929 We try to adjust it dynamically, so that if networking
930 is idle expires is large enough to keep enough of warm entries,
931 and when load increases it reduces to limit cache size.
934 static int rt_garbage_collect(struct dst_ops
*ops
)
936 static unsigned long expire
= RT_GC_TIMEOUT
;
937 static unsigned long last_gc
;
939 static int equilibrium
;
941 struct rtable __rcu
**rthp
;
942 unsigned long now
= jiffies
;
944 int entries
= dst_entries_get_fast(&ipv4_dst_ops
);
947 * Garbage collection is pretty expensive,
948 * do not make it too frequently.
951 RT_CACHE_STAT_INC(gc_total
);
953 if (now
- last_gc
< ip_rt_gc_min_interval
&&
954 entries
< ip_rt_max_size
) {
955 RT_CACHE_STAT_INC(gc_ignored
);
959 entries
= dst_entries_get_slow(&ipv4_dst_ops
);
960 /* Calculate number of entries, which we want to expire now. */
961 goal
= entries
- (ip_rt_gc_elasticity
<< rt_hash_log
);
963 if (equilibrium
< ipv4_dst_ops
.gc_thresh
)
964 equilibrium
= ipv4_dst_ops
.gc_thresh
;
965 goal
= entries
- equilibrium
;
967 equilibrium
+= min_t(unsigned int, goal
>> 1, rt_hash_mask
+ 1);
968 goal
= entries
- equilibrium
;
971 /* We are in dangerous area. Try to reduce cache really
974 goal
= max_t(unsigned int, goal
>> 1, rt_hash_mask
+ 1);
975 equilibrium
= entries
- goal
;
978 if (now
- last_gc
>= ip_rt_gc_min_interval
)
989 for (i
= rt_hash_mask
, k
= rover
; i
>= 0; i
--) {
990 unsigned long tmo
= expire
;
992 k
= (k
+ 1) & rt_hash_mask
;
993 rthp
= &rt_hash_table
[k
].chain
;
994 spin_lock_bh(rt_hash_lock_addr(k
));
995 while ((rth
= rcu_dereference_protected(*rthp
,
996 lockdep_is_held(rt_hash_lock_addr(k
)))) != NULL
) {
997 if (!rt_is_expired(rth
) &&
998 !rt_may_expire(rth
, tmo
, expire
)) {
1000 rthp
= &rth
->dst
.rt_next
;
1003 *rthp
= rth
->dst
.rt_next
;
1007 spin_unlock_bh(rt_hash_lock_addr(k
));
1016 /* Goal is not achieved. We stop process if:
1018 - if expire reduced to zero. Otherwise, expire is halfed.
1019 - if table is not full.
1020 - if we are called from interrupt.
1021 - jiffies check is just fallback/debug loop breaker.
1022 We will not spin here for long time in any case.
1025 RT_CACHE_STAT_INC(gc_goal_miss
);
1032 if (dst_entries_get_fast(&ipv4_dst_ops
) < ip_rt_max_size
)
1034 } while (!in_softirq() && time_before_eq(jiffies
, now
));
1036 if (dst_entries_get_fast(&ipv4_dst_ops
) < ip_rt_max_size
)
1038 if (dst_entries_get_slow(&ipv4_dst_ops
) < ip_rt_max_size
)
1040 net_warn_ratelimited("dst cache overflow\n");
1041 RT_CACHE_STAT_INC(gc_dst_overflow
);
1045 expire
+= ip_rt_gc_min_interval
;
1046 if (expire
> ip_rt_gc_timeout
||
1047 dst_entries_get_fast(&ipv4_dst_ops
) < ipv4_dst_ops
.gc_thresh
||
1048 dst_entries_get_slow(&ipv4_dst_ops
) < ipv4_dst_ops
.gc_thresh
)
1049 expire
= ip_rt_gc_timeout
;
1054 * Returns number of entries in a hash chain that have different hash_inputs
1056 static int slow_chain_length(const struct rtable
*head
)
1059 const struct rtable
*rth
= head
;
1062 length
+= has_noalias(head
, rth
);
1063 rth
= rcu_dereference_protected(rth
->dst
.rt_next
, 1);
1065 return length
>> FRACT_BITS
;
1068 static struct neighbour
*ipv4_neigh_lookup(const struct dst_entry
*dst
,
1069 struct sk_buff
*skb
,
1072 struct net_device
*dev
= dst
->dev
;
1073 const __be32
*pkey
= daddr
;
1074 const struct rtable
*rt
;
1075 struct neighbour
*n
;
1077 rt
= (const struct rtable
*) dst
;
1079 pkey
= (const __be32
*) &rt
->rt_gateway
;
1081 pkey
= &ip_hdr(skb
)->daddr
;
1083 n
= __ipv4_neigh_lookup(dev
, *(__force u32
*)pkey
);
1086 return neigh_create(&arp_tbl
, pkey
, dev
);
1089 static struct rtable
*rt_intern_hash(unsigned int hash
, struct rtable
*rt
,
1090 struct sk_buff
*skb
, int ifindex
)
1092 struct rtable
*rth
, *cand
;
1093 struct rtable __rcu
**rthp
, **candp
;
1100 min_score
= ~(u32
)0;
1105 if (!rt_caching(dev_net(rt
->dst
.dev
)) || (rt
->dst
.flags
& DST_NOCACHE
)) {
1107 * If we're not caching, just tell the caller we
1108 * were successful and don't touch the route. The
1109 * caller hold the sole reference to the cache entry, and
1110 * it will be released when the caller is done with it.
1111 * If we drop it here, the callers have no way to resolve routes
1112 * when we're not caching. Instead, just point *rp at rt, so
1113 * the caller gets a single use out of the route
1114 * Note that we do rt_free on this new route entry, so that
1115 * once its refcount hits zero, we are still able to reap it
1117 * Note: To avoid expensive rcu stuff for this uncached dst,
1118 * we set DST_NOCACHE so that dst_release() can free dst without
1119 * waiting a grace period.
1122 rt
->dst
.flags
|= DST_NOCACHE
;
1126 rthp
= &rt_hash_table
[hash
].chain
;
1128 spin_lock_bh(rt_hash_lock_addr(hash
));
1129 while ((rth
= rcu_dereference_protected(*rthp
,
1130 lockdep_is_held(rt_hash_lock_addr(hash
)))) != NULL
) {
1131 if (rt_is_expired(rth
)) {
1132 *rthp
= rth
->dst
.rt_next
;
1136 if (compare_keys(rth
, rt
) && compare_netns(rth
, rt
)) {
1138 *rthp
= rth
->dst
.rt_next
;
1140 * Since lookup is lockfree, the deletion
1141 * must be visible to another weakly ordered CPU before
1142 * the insertion at the start of the hash chain.
1144 rcu_assign_pointer(rth
->dst
.rt_next
,
1145 rt_hash_table
[hash
].chain
);
1147 * Since lookup is lockfree, the update writes
1148 * must be ordered for consistency on SMP.
1150 rcu_assign_pointer(rt_hash_table
[hash
].chain
, rth
);
1152 dst_use(&rth
->dst
, now
);
1153 spin_unlock_bh(rt_hash_lock_addr(hash
));
1157 skb_dst_set(skb
, &rth
->dst
);
1161 if (!atomic_read(&rth
->dst
.__refcnt
)) {
1162 u32 score
= rt_score(rth
);
1164 if (score
<= min_score
) {
1173 rthp
= &rth
->dst
.rt_next
;
1177 /* ip_rt_gc_elasticity used to be average length of chain
1178 * length, when exceeded gc becomes really aggressive.
1180 * The second limit is less certain. At the moment it allows
1181 * only 2 entries per bucket. We will see.
1183 if (chain_length
> ip_rt_gc_elasticity
) {
1184 *candp
= cand
->dst
.rt_next
;
1188 if (chain_length
> rt_chain_length_max
&&
1189 slow_chain_length(rt_hash_table
[hash
].chain
) > rt_chain_length_max
) {
1190 struct net
*net
= dev_net(rt
->dst
.dev
);
1191 int num
= ++net
->ipv4
.current_rt_cache_rebuild_count
;
1192 if (!rt_caching(net
)) {
1193 pr_warn("%s: %d rebuilds is over limit, route caching disabled\n",
1194 rt
->dst
.dev
->name
, num
);
1196 rt_emergency_hash_rebuild(net
);
1197 spin_unlock_bh(rt_hash_lock_addr(hash
));
1199 hash
= rt_hash(rt
->rt_key_dst
, rt
->rt_key_src
,
1200 ifindex
, rt_genid(net
));
1205 rt
->dst
.rt_next
= rt_hash_table
[hash
].chain
;
1208 * Since lookup is lockfree, we must make sure
1209 * previous writes to rt are committed to memory
1210 * before making rt visible to other CPUS.
1212 rcu_assign_pointer(rt_hash_table
[hash
].chain
, rt
);
1214 spin_unlock_bh(rt_hash_lock_addr(hash
));
1218 skb_dst_set(skb
, &rt
->dst
);
1223 * Peer allocation may fail only in serious out-of-memory conditions. However
1224 * we still can generate some output.
1225 * Random ID selection looks a bit dangerous because we have no chances to
1226 * select ID being unique in a reasonable period of time.
1227 * But broken packet identifier may be better than no packet at all.
1229 static void ip_select_fb_ident(struct iphdr
*iph
)
1231 static DEFINE_SPINLOCK(ip_fb_id_lock
);
1232 static u32 ip_fallback_id
;
1235 spin_lock_bh(&ip_fb_id_lock
);
1236 salt
= secure_ip_id((__force __be32
)ip_fallback_id
^ iph
->daddr
);
1237 iph
->id
= htons(salt
& 0xFFFF);
1238 ip_fallback_id
= salt
;
1239 spin_unlock_bh(&ip_fb_id_lock
);
1242 void __ip_select_ident(struct iphdr
*iph
, struct dst_entry
*dst
, int more
)
1244 struct net
*net
= dev_net(dst
->dev
);
1245 struct inet_peer
*peer
;
1247 peer
= inet_getpeer_v4(net
->ipv4
.peers
, iph
->daddr
, 1);
1249 iph
->id
= htons(inet_getid(peer
, more
));
1254 ip_select_fb_ident(iph
);
1256 EXPORT_SYMBOL(__ip_select_ident
);
1258 static void rt_del(unsigned int hash
, struct rtable
*rt
)
1260 struct rtable __rcu
**rthp
;
1263 rthp
= &rt_hash_table
[hash
].chain
;
1264 spin_lock_bh(rt_hash_lock_addr(hash
));
1266 while ((aux
= rcu_dereference_protected(*rthp
,
1267 lockdep_is_held(rt_hash_lock_addr(hash
)))) != NULL
) {
1268 if (aux
== rt
|| rt_is_expired(aux
)) {
1269 *rthp
= aux
->dst
.rt_next
;
1273 rthp
= &aux
->dst
.rt_next
;
1275 spin_unlock_bh(rt_hash_lock_addr(hash
));
1278 static void __build_flow_key(struct flowi4
*fl4
, const struct sock
*sk
,
1279 const struct iphdr
*iph
,
1281 u8 prot
, u32 mark
, int flow_flags
)
1284 const struct inet_sock
*inet
= inet_sk(sk
);
1286 oif
= sk
->sk_bound_dev_if
;
1288 tos
= RT_CONN_FLAGS(sk
);
1289 prot
= inet
->hdrincl
? IPPROTO_RAW
: sk
->sk_protocol
;
1291 flowi4_init_output(fl4
, oif
, mark
, tos
,
1292 RT_SCOPE_UNIVERSE
, prot
,
1294 iph
->daddr
, iph
->saddr
, 0, 0);
1297 static void build_skb_flow_key(struct flowi4
*fl4
, const struct sk_buff
*skb
,
1298 const struct sock
*sk
)
1300 const struct iphdr
*iph
= ip_hdr(skb
);
1301 int oif
= skb
->dev
->ifindex
;
1302 u8 tos
= RT_TOS(iph
->tos
);
1303 u8 prot
= iph
->protocol
;
1304 u32 mark
= skb
->mark
;
1306 __build_flow_key(fl4
, sk
, iph
, oif
, tos
, prot
, mark
, 0);
1309 static void build_sk_flow_key(struct flowi4
*fl4
, const struct sock
*sk
)
1311 const struct inet_sock
*inet
= inet_sk(sk
);
1312 const struct ip_options_rcu
*inet_opt
;
1313 __be32 daddr
= inet
->inet_daddr
;
1316 inet_opt
= rcu_dereference(inet
->inet_opt
);
1317 if (inet_opt
&& inet_opt
->opt
.srr
)
1318 daddr
= inet_opt
->opt
.faddr
;
1319 flowi4_init_output(fl4
, sk
->sk_bound_dev_if
, sk
->sk_mark
,
1320 RT_CONN_FLAGS(sk
), RT_SCOPE_UNIVERSE
,
1321 inet
->hdrincl
? IPPROTO_RAW
: sk
->sk_protocol
,
1322 inet_sk_flowi_flags(sk
),
1323 daddr
, inet
->inet_saddr
, 0, 0);
1327 static void ip_rt_build_flow_key(struct flowi4
*fl4
, const struct sock
*sk
,
1328 const struct sk_buff
*skb
)
1331 build_skb_flow_key(fl4
, skb
, sk
);
1333 build_sk_flow_key(fl4
, sk
);
1336 static DEFINE_SPINLOCK(fnhe_lock
);
1338 static struct fib_nh_exception
*fnhe_oldest(struct fnhe_hash_bucket
*hash
, __be32 daddr
)
1340 struct fib_nh_exception
*fnhe
, *oldest
;
1342 oldest
= rcu_dereference(hash
->chain
);
1343 for (fnhe
= rcu_dereference(oldest
->fnhe_next
); fnhe
;
1344 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
1345 if (time_before(fnhe
->fnhe_stamp
, oldest
->fnhe_stamp
))
1351 static inline u32
fnhe_hashfun(__be32 daddr
)
1355 hval
= (__force u32
) daddr
;
1356 hval
^= (hval
>> 11) ^ (hval
>> 22);
1358 return hval
& (FNHE_HASH_SIZE
- 1);
1361 static struct fib_nh_exception
*find_or_create_fnhe(struct fib_nh
*nh
, __be32 daddr
)
1363 struct fnhe_hash_bucket
*hash
= nh
->nh_exceptions
;
1364 struct fib_nh_exception
*fnhe
;
1369 hash
= nh
->nh_exceptions
= kzalloc(FNHE_HASH_SIZE
* sizeof(*hash
),
1375 hval
= fnhe_hashfun(daddr
);
1379 for (fnhe
= rcu_dereference(hash
->chain
); fnhe
;
1380 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
1381 if (fnhe
->fnhe_daddr
== daddr
)
1386 if (depth
> FNHE_RECLAIM_DEPTH
) {
1387 fnhe
= fnhe_oldest(hash
+ hval
, daddr
);
1390 fnhe
= kzalloc(sizeof(*fnhe
), GFP_ATOMIC
);
1394 fnhe
->fnhe_next
= hash
->chain
;
1395 rcu_assign_pointer(hash
->chain
, fnhe
);
1398 fnhe
->fnhe_daddr
= daddr
;
1400 fnhe
->fnhe_stamp
= jiffies
;
1404 static void __ip_do_redirect(struct rtable
*rt
, struct sk_buff
*skb
, struct flowi4
*fl4
)
1406 __be32 new_gw
= icmp_hdr(skb
)->un
.gateway
;
1407 __be32 old_gw
= ip_hdr(skb
)->saddr
;
1408 struct net_device
*dev
= skb
->dev
;
1409 struct in_device
*in_dev
;
1410 struct fib_result res
;
1411 struct neighbour
*n
;
1414 switch (icmp_hdr(skb
)->code
& 7) {
1415 case ICMP_REDIR_NET
:
1416 case ICMP_REDIR_NETTOS
:
1417 case ICMP_REDIR_HOST
:
1418 case ICMP_REDIR_HOSTTOS
:
1425 if (rt
->rt_gateway
!= old_gw
)
1428 in_dev
= __in_dev_get_rcu(dev
);
1433 if (new_gw
== old_gw
|| !IN_DEV_RX_REDIRECTS(in_dev
) ||
1434 ipv4_is_multicast(new_gw
) || ipv4_is_lbcast(new_gw
) ||
1435 ipv4_is_zeronet(new_gw
))
1436 goto reject_redirect
;
1438 if (!IN_DEV_SHARED_MEDIA(in_dev
)) {
1439 if (!inet_addr_onlink(in_dev
, new_gw
, old_gw
))
1440 goto reject_redirect
;
1441 if (IN_DEV_SEC_REDIRECTS(in_dev
) && ip_fib_check_default(new_gw
, dev
))
1442 goto reject_redirect
;
1444 if (inet_addr_type(net
, new_gw
) != RTN_UNICAST
)
1445 goto reject_redirect
;
1448 n
= ipv4_neigh_lookup(&rt
->dst
, NULL
, &new_gw
);
1450 if (!(n
->nud_state
& NUD_VALID
)) {
1451 neigh_event_send(n
, NULL
);
1453 if (fib_lookup(net
, fl4
, &res
) == 0) {
1454 struct fib_nh
*nh
= &FIB_RES_NH(res
);
1455 struct fib_nh_exception
*fnhe
;
1457 spin_lock_bh(&fnhe_lock
);
1458 fnhe
= find_or_create_fnhe(nh
, fl4
->daddr
);
1460 fnhe
->fnhe_gw
= new_gw
;
1461 spin_unlock_bh(&fnhe_lock
);
1463 rt
->rt_gateway
= new_gw
;
1464 rt
->rt_flags
|= RTCF_REDIRECTED
;
1465 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE
, n
);
1472 #ifdef CONFIG_IP_ROUTE_VERBOSE
1473 if (IN_DEV_LOG_MARTIANS(in_dev
)) {
1474 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1475 __be32 daddr
= iph
->daddr
;
1476 __be32 saddr
= iph
->saddr
;
1478 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
1479 " Advised path = %pI4 -> %pI4\n",
1480 &old_gw
, dev
->name
, &new_gw
,
1487 static void ip_do_redirect(struct dst_entry
*dst
, struct sock
*sk
, struct sk_buff
*skb
)
1492 rt
= (struct rtable
*) dst
;
1494 ip_rt_build_flow_key(&fl4
, sk
, skb
);
1495 __ip_do_redirect(rt
, skb
, &fl4
);
1498 static struct dst_entry
*ipv4_negative_advice(struct dst_entry
*dst
)
1500 struct rtable
*rt
= (struct rtable
*)dst
;
1501 struct dst_entry
*ret
= dst
;
1504 if (dst
->obsolete
> 0) {
1507 } else if ((rt
->rt_flags
& RTCF_REDIRECTED
) ||
1509 unsigned int hash
= rt_hash(rt
->rt_key_dst
, rt
->rt_key_src
,
1511 rt_genid(dev_net(dst
->dev
)));
1521 * 1. The first ip_rt_redirect_number redirects are sent
1522 * with exponential backoff, then we stop sending them at all,
1523 * assuming that the host ignores our redirects.
1524 * 2. If we did not see packets requiring redirects
1525 * during ip_rt_redirect_silence, we assume that the host
1526 * forgot redirected route and start to send redirects again.
1528 * This algorithm is much cheaper and more intelligent than dumb load limiting
1531 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
1532 * and "frag. need" (breaks PMTU discovery) in icmp.c.
1535 void ip_rt_send_redirect(struct sk_buff
*skb
)
1537 struct rtable
*rt
= skb_rtable(skb
);
1538 struct in_device
*in_dev
;
1539 struct inet_peer
*peer
;
1544 in_dev
= __in_dev_get_rcu(rt
->dst
.dev
);
1545 if (!in_dev
|| !IN_DEV_TX_REDIRECTS(in_dev
)) {
1549 log_martians
= IN_DEV_LOG_MARTIANS(in_dev
);
1552 net
= dev_net(rt
->dst
.dev
);
1553 peer
= inet_getpeer_v4(net
->ipv4
.peers
, ip_hdr(skb
)->saddr
, 1);
1555 icmp_send(skb
, ICMP_REDIRECT
, ICMP_REDIR_HOST
, rt
->rt_gateway
);
1559 /* No redirected packets during ip_rt_redirect_silence;
1560 * reset the algorithm.
1562 if (time_after(jiffies
, peer
->rate_last
+ ip_rt_redirect_silence
))
1563 peer
->rate_tokens
= 0;
1565 /* Too many ignored redirects; do not send anything
1566 * set dst.rate_last to the last seen redirected packet.
1568 if (peer
->rate_tokens
>= ip_rt_redirect_number
) {
1569 peer
->rate_last
= jiffies
;
1573 /* Check for load limit; set rate_last to the latest sent
1576 if (peer
->rate_tokens
== 0 ||
1579 (ip_rt_redirect_load
<< peer
->rate_tokens
)))) {
1580 icmp_send(skb
, ICMP_REDIRECT
, ICMP_REDIR_HOST
, rt
->rt_gateway
);
1581 peer
->rate_last
= jiffies
;
1582 ++peer
->rate_tokens
;
1583 #ifdef CONFIG_IP_ROUTE_VERBOSE
1585 peer
->rate_tokens
== ip_rt_redirect_number
)
1586 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
1587 &ip_hdr(skb
)->saddr
, rt
->rt_iif
,
1588 &rt
->rt_dst
, &rt
->rt_gateway
);
1595 static int ip_error(struct sk_buff
*skb
)
1597 struct in_device
*in_dev
= __in_dev_get_rcu(skb
->dev
);
1598 struct rtable
*rt
= skb_rtable(skb
);
1599 struct inet_peer
*peer
;
1605 net
= dev_net(rt
->dst
.dev
);
1606 if (!IN_DEV_FORWARD(in_dev
)) {
1607 switch (rt
->dst
.error
) {
1609 IP_INC_STATS_BH(net
, IPSTATS_MIB_INADDRERRORS
);
1613 IP_INC_STATS_BH(net
, IPSTATS_MIB_INNOROUTES
);
1619 switch (rt
->dst
.error
) {
1624 code
= ICMP_HOST_UNREACH
;
1627 code
= ICMP_NET_UNREACH
;
1628 IP_INC_STATS_BH(net
, IPSTATS_MIB_INNOROUTES
);
1631 code
= ICMP_PKT_FILTERED
;
1635 peer
= inet_getpeer_v4(net
->ipv4
.peers
, ip_hdr(skb
)->saddr
, 1);
1640 peer
->rate_tokens
+= now
- peer
->rate_last
;
1641 if (peer
->rate_tokens
> ip_rt_error_burst
)
1642 peer
->rate_tokens
= ip_rt_error_burst
;
1643 peer
->rate_last
= now
;
1644 if (peer
->rate_tokens
>= ip_rt_error_cost
)
1645 peer
->rate_tokens
-= ip_rt_error_cost
;
1651 icmp_send(skb
, ICMP_DEST_UNREACH
, code
, 0);
1653 out
: kfree_skb(skb
);
1657 static void __ip_rt_update_pmtu(struct rtable
*rt
, struct flowi4
*fl4
, u32 mtu
)
1659 struct fib_result res
;
1661 if (mtu
< ip_rt_min_pmtu
)
1662 mtu
= ip_rt_min_pmtu
;
1664 if (fib_lookup(dev_net(rt
->dst
.dev
), fl4
, &res
) == 0) {
1665 struct fib_nh
*nh
= &FIB_RES_NH(res
);
1666 struct fib_nh_exception
*fnhe
;
1668 spin_lock_bh(&fnhe_lock
);
1669 fnhe
= find_or_create_fnhe(nh
, fl4
->daddr
);
1671 fnhe
->fnhe_pmtu
= mtu
;
1672 fnhe
->fnhe_expires
= jiffies
+ ip_rt_mtu_expires
;
1674 spin_unlock_bh(&fnhe_lock
);
1677 dst_set_expires(&rt
->dst
, ip_rt_mtu_expires
);
1680 static void ip_rt_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
1681 struct sk_buff
*skb
, u32 mtu
)
1683 struct rtable
*rt
= (struct rtable
*) dst
;
1686 ip_rt_build_flow_key(&fl4
, sk
, skb
);
1687 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1690 void ipv4_update_pmtu(struct sk_buff
*skb
, struct net
*net
, u32 mtu
,
1691 int oif
, u32 mark
, u8 protocol
, int flow_flags
)
1693 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1697 __build_flow_key(&fl4
, NULL
, iph
, oif
,
1698 RT_TOS(iph
->tos
), protocol
, mark
, flow_flags
);
1699 rt
= __ip_route_output_key(net
, &fl4
);
1701 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1705 EXPORT_SYMBOL_GPL(ipv4_update_pmtu
);
1707 void ipv4_sk_update_pmtu(struct sk_buff
*skb
, struct sock
*sk
, u32 mtu
)
1709 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1713 __build_flow_key(&fl4
, sk
, iph
, 0, 0, 0, 0, 0);
1714 rt
= __ip_route_output_key(sock_net(sk
), &fl4
);
1716 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1720 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu
);
1722 void ipv4_redirect(struct sk_buff
*skb
, struct net
*net
,
1723 int oif
, u32 mark
, u8 protocol
, int flow_flags
)
1725 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1729 __build_flow_key(&fl4
, NULL
, iph
, oif
,
1730 RT_TOS(iph
->tos
), protocol
, mark
, flow_flags
);
1731 rt
= __ip_route_output_key(net
, &fl4
);
1733 __ip_do_redirect(rt
, skb
, &fl4
);
1737 EXPORT_SYMBOL_GPL(ipv4_redirect
);
1739 void ipv4_sk_redirect(struct sk_buff
*skb
, struct sock
*sk
)
1741 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1745 __build_flow_key(&fl4
, sk
, iph
, 0, 0, 0, 0, 0);
1746 rt
= __ip_route_output_key(sock_net(sk
), &fl4
);
1748 __ip_do_redirect(rt
, skb
, &fl4
);
1752 EXPORT_SYMBOL_GPL(ipv4_sk_redirect
);
1754 static struct dst_entry
*ipv4_dst_check(struct dst_entry
*dst
, u32 cookie
)
1756 struct rtable
*rt
= (struct rtable
*) dst
;
1758 if (rt_is_expired(rt
))
1763 static void ipv4_dst_destroy(struct dst_entry
*dst
)
1765 struct rtable
*rt
= (struct rtable
*) dst
;
1768 fib_info_put(rt
->fi
);
1774 static void ipv4_link_failure(struct sk_buff
*skb
)
1778 icmp_send(skb
, ICMP_DEST_UNREACH
, ICMP_HOST_UNREACH
, 0);
1780 rt
= skb_rtable(skb
);
1782 dst_set_expires(&rt
->dst
, 0);
1785 static int ip_rt_bug(struct sk_buff
*skb
)
1787 pr_debug("%s: %pI4 -> %pI4, %s\n",
1788 __func__
, &ip_hdr(skb
)->saddr
, &ip_hdr(skb
)->daddr
,
1789 skb
->dev
? skb
->dev
->name
: "?");
1796 We do not cache source address of outgoing interface,
1797 because it is used only by IP RR, TS and SRR options,
1798 so that it out of fast path.
1800 BTW remember: "addr" is allowed to be not aligned
1804 void ip_rt_get_source(u8
*addr
, struct sk_buff
*skb
, struct rtable
*rt
)
1808 if (rt_is_output_route(rt
))
1809 src
= ip_hdr(skb
)->saddr
;
1811 struct fib_result res
;
1817 memset(&fl4
, 0, sizeof(fl4
));
1818 fl4
.daddr
= iph
->daddr
;
1819 fl4
.saddr
= iph
->saddr
;
1820 fl4
.flowi4_tos
= RT_TOS(iph
->tos
);
1821 fl4
.flowi4_oif
= rt
->dst
.dev
->ifindex
;
1822 fl4
.flowi4_iif
= skb
->dev
->ifindex
;
1823 fl4
.flowi4_mark
= skb
->mark
;
1826 if (fib_lookup(dev_net(rt
->dst
.dev
), &fl4
, &res
) == 0)
1827 src
= FIB_RES_PREFSRC(dev_net(rt
->dst
.dev
), res
);
1829 src
= inet_select_addr(rt
->dst
.dev
, rt
->rt_gateway
,
1833 memcpy(addr
, &src
, 4);
1836 #ifdef CONFIG_IP_ROUTE_CLASSID
1837 static void set_class_tag(struct rtable
*rt
, u32 tag
)
1839 if (!(rt
->dst
.tclassid
& 0xFFFF))
1840 rt
->dst
.tclassid
|= tag
& 0xFFFF;
1841 if (!(rt
->dst
.tclassid
& 0xFFFF0000))
1842 rt
->dst
.tclassid
|= tag
& 0xFFFF0000;
1846 static unsigned int ipv4_default_advmss(const struct dst_entry
*dst
)
1848 unsigned int advmss
= dst_metric_raw(dst
, RTAX_ADVMSS
);
1851 advmss
= max_t(unsigned int, dst
->dev
->mtu
- 40,
1853 if (advmss
> 65535 - 40)
1854 advmss
= 65535 - 40;
1859 static unsigned int ipv4_mtu(const struct dst_entry
*dst
)
1861 const struct rtable
*rt
= (const struct rtable
*) dst
;
1862 unsigned int mtu
= rt
->rt_pmtu
;
1864 if (mtu
&& time_after_eq(jiffies
, rt
->dst
.expires
))
1868 mtu
= dst_metric_raw(dst
, RTAX_MTU
);
1870 if (mtu
&& rt_is_output_route(rt
))
1873 mtu
= dst
->dev
->mtu
;
1875 if (unlikely(dst_metric_locked(dst
, RTAX_MTU
))) {
1877 if (rt
->rt_gateway
!= rt
->rt_dst
&& mtu
> 576)
1881 if (mtu
> IP_MAX_MTU
)
1887 static void rt_init_metrics(struct rtable
*rt
, const struct flowi4
*fl4
,
1888 struct fib_info
*fi
)
1890 if (fi
->fib_metrics
!= (u32
*) dst_default_metrics
) {
1892 atomic_inc(&fi
->fib_clntref
);
1894 dst_init_metrics(&rt
->dst
, fi
->fib_metrics
, true);
1897 static void rt_bind_exception(struct rtable
*rt
, struct fib_nh
*nh
, __be32 daddr
)
1899 struct fnhe_hash_bucket
*hash
= nh
->nh_exceptions
;
1900 struct fib_nh_exception
*fnhe
;
1903 hval
= fnhe_hashfun(daddr
);
1905 for (fnhe
= rcu_dereference(hash
[hval
].chain
); fnhe
;
1906 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
1907 if (fnhe
->fnhe_daddr
== daddr
) {
1908 if (fnhe
->fnhe_pmtu
) {
1909 unsigned long expires
= fnhe
->fnhe_expires
;
1910 unsigned long diff
= expires
- jiffies
;
1912 if (time_before(jiffies
, expires
)) {
1913 rt
->rt_pmtu
= fnhe
->fnhe_pmtu
;
1914 dst_set_expires(&rt
->dst
, diff
);
1918 rt
->rt_gateway
= fnhe
->fnhe_gw
;
1919 fnhe
->fnhe_stamp
= jiffies
;
1925 static void rt_set_nexthop(struct rtable
*rt
, const struct flowi4
*fl4
,
1926 const struct fib_result
*res
,
1927 struct fib_info
*fi
, u16 type
, u32 itag
)
1930 struct fib_nh
*nh
= &FIB_RES_NH(*res
);
1932 if (nh
->nh_gw
&& nh
->nh_scope
== RT_SCOPE_LINK
)
1933 rt
->rt_gateway
= nh
->nh_gw
;
1934 if (unlikely(nh
->nh_exceptions
))
1935 rt_bind_exception(rt
, nh
, fl4
->daddr
);
1936 rt_init_metrics(rt
, fl4
, fi
);
1937 #ifdef CONFIG_IP_ROUTE_CLASSID
1938 rt
->dst
.tclassid
= FIB_RES_NH(*res
).nh_tclassid
;
1942 #ifdef CONFIG_IP_ROUTE_CLASSID
1943 #ifdef CONFIG_IP_MULTIPLE_TABLES
1944 set_class_tag(rt
, res
->tclassid
);
1946 set_class_tag(rt
, itag
);
1950 static struct rtable
*rt_dst_alloc(struct net_device
*dev
,
1951 bool nopolicy
, bool noxfrm
)
1953 return dst_alloc(&ipv4_dst_ops
, dev
, 1, -1,
1955 (nopolicy
? DST_NOPOLICY
: 0) |
1956 (noxfrm
? DST_NOXFRM
: 0));
1959 /* called in rcu_read_lock() section */
1960 static int ip_route_input_mc(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
1961 u8 tos
, struct net_device
*dev
, int our
)
1965 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
1969 /* Primary sanity checks. */
1974 if (ipv4_is_multicast(saddr
) || ipv4_is_lbcast(saddr
) ||
1975 skb
->protocol
!= htons(ETH_P_IP
))
1978 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev
)))
1979 if (ipv4_is_loopback(saddr
))
1982 if (ipv4_is_zeronet(saddr
)) {
1983 if (!ipv4_is_local_multicast(daddr
))
1986 err
= fib_validate_source(skb
, saddr
, 0, tos
, 0, dev
,
1991 rth
= rt_dst_alloc(dev_net(dev
)->loopback_dev
,
1992 IN_DEV_CONF_GET(in_dev
, NOPOLICY
), false);
1996 #ifdef CONFIG_IP_ROUTE_CLASSID
1997 rth
->dst
.tclassid
= itag
;
1999 rth
->dst
.output
= ip_rt_bug
;
2001 rth
->rt_key_dst
= daddr
;
2002 rth
->rt_key_src
= saddr
;
2003 rth
->rt_genid
= rt_genid(dev_net(dev
));
2004 rth
->rt_flags
= RTCF_MULTICAST
;
2005 rth
->rt_type
= RTN_MULTICAST
;
2006 rth
->rt_key_tos
= tos
;
2007 rth
->rt_dst
= daddr
;
2008 rth
->rt_src
= saddr
;
2009 rth
->rt_route_iif
= dev
->ifindex
;
2010 rth
->rt_iif
= dev
->ifindex
;
2012 rth
->rt_mark
= skb
->mark
;
2014 rth
->rt_gateway
= daddr
;
2017 rth
->dst
.input
= ip_local_deliver
;
2018 rth
->rt_flags
|= RTCF_LOCAL
;
2021 #ifdef CONFIG_IP_MROUTE
2022 if (!ipv4_is_local_multicast(daddr
) && IN_DEV_MFORWARD(in_dev
))
2023 rth
->dst
.input
= ip_mr_input
;
2025 RT_CACHE_STAT_INC(in_slow_mc
);
2027 hash
= rt_hash(daddr
, saddr
, dev
->ifindex
, rt_genid(dev_net(dev
)));
2028 rth
= rt_intern_hash(hash
, rth
, skb
, dev
->ifindex
);
2029 return IS_ERR(rth
) ? PTR_ERR(rth
) : 0;
2040 static void ip_handle_martian_source(struct net_device
*dev
,
2041 struct in_device
*in_dev
,
2042 struct sk_buff
*skb
,
2046 RT_CACHE_STAT_INC(in_martian_src
);
2047 #ifdef CONFIG_IP_ROUTE_VERBOSE
2048 if (IN_DEV_LOG_MARTIANS(in_dev
) && net_ratelimit()) {
2050 * RFC1812 recommendation, if source is martian,
2051 * the only hint is MAC header.
2053 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
2054 &daddr
, &saddr
, dev
->name
);
2055 if (dev
->hard_header_len
&& skb_mac_header_was_set(skb
)) {
2056 print_hex_dump(KERN_WARNING
, "ll header: ",
2057 DUMP_PREFIX_OFFSET
, 16, 1,
2058 skb_mac_header(skb
),
2059 dev
->hard_header_len
, true);
2065 /* called in rcu_read_lock() section */
2066 static int __mkroute_input(struct sk_buff
*skb
,
2067 const struct fib_result
*res
,
2068 struct in_device
*in_dev
,
2069 __be32 daddr
, __be32 saddr
, u32 tos
,
2070 struct rtable
**result
)
2074 struct in_device
*out_dev
;
2075 unsigned int flags
= 0;
2078 /* get a working reference to the output device */
2079 out_dev
= __in_dev_get_rcu(FIB_RES_DEV(*res
));
2080 if (out_dev
== NULL
) {
2081 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
2086 err
= fib_validate_source(skb
, saddr
, daddr
, tos
, FIB_RES_OIF(*res
),
2087 in_dev
->dev
, in_dev
, &itag
);
2089 ip_handle_martian_source(in_dev
->dev
, in_dev
, skb
, daddr
,
2096 flags
|= RTCF_DIRECTSRC
;
2098 if (out_dev
== in_dev
&& err
&&
2099 (IN_DEV_SHARED_MEDIA(out_dev
) ||
2100 inet_addr_onlink(out_dev
, saddr
, FIB_RES_GW(*res
))))
2101 flags
|= RTCF_DOREDIRECT
;
2103 if (skb
->protocol
!= htons(ETH_P_IP
)) {
2104 /* Not IP (i.e. ARP). Do not create route, if it is
2105 * invalid for proxy arp. DNAT routes are always valid.
2107 * Proxy arp feature have been extended to allow, ARP
2108 * replies back to the same interface, to support
2109 * Private VLAN switch technologies. See arp.c.
2111 if (out_dev
== in_dev
&&
2112 IN_DEV_PROXY_ARP_PVLAN(in_dev
) == 0) {
2118 rth
= rt_dst_alloc(out_dev
->dev
,
2119 IN_DEV_CONF_GET(in_dev
, NOPOLICY
),
2120 IN_DEV_CONF_GET(out_dev
, NOXFRM
));
2126 rth
->rt_key_dst
= daddr
;
2127 rth
->rt_key_src
= saddr
;
2128 rth
->rt_genid
= rt_genid(dev_net(rth
->dst
.dev
));
2129 rth
->rt_flags
= flags
;
2130 rth
->rt_type
= res
->type
;
2131 rth
->rt_key_tos
= tos
;
2132 rth
->rt_dst
= daddr
;
2133 rth
->rt_src
= saddr
;
2134 rth
->rt_route_iif
= in_dev
->dev
->ifindex
;
2135 rth
->rt_iif
= in_dev
->dev
->ifindex
;
2137 rth
->rt_mark
= skb
->mark
;
2139 rth
->rt_gateway
= daddr
;
2142 rth
->dst
.input
= ip_forward
;
2143 rth
->dst
.output
= ip_output
;
2145 rt_set_nexthop(rth
, NULL
, res
, res
->fi
, res
->type
, itag
);
2153 static int ip_mkroute_input(struct sk_buff
*skb
,
2154 struct fib_result
*res
,
2155 const struct flowi4
*fl4
,
2156 struct in_device
*in_dev
,
2157 __be32 daddr
, __be32 saddr
, u32 tos
)
2159 struct rtable
*rth
= NULL
;
2163 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2164 if (res
->fi
&& res
->fi
->fib_nhs
> 1)
2165 fib_select_multipath(res
);
2168 /* create a routing cache entry */
2169 err
= __mkroute_input(skb
, res
, in_dev
, daddr
, saddr
, tos
, &rth
);
2173 /* put it into the cache */
2174 hash
= rt_hash(daddr
, saddr
, fl4
->flowi4_iif
,
2175 rt_genid(dev_net(rth
->dst
.dev
)));
2176 rth
= rt_intern_hash(hash
, rth
, skb
, fl4
->flowi4_iif
);
2178 return PTR_ERR(rth
);
2183 * NOTE. We drop all the packets that has local source
2184 * addresses, because every properly looped back packet
2185 * must have correct destination already attached by output routine.
2187 * Such approach solves two big problems:
2188 * 1. Not simplex devices are handled properly.
2189 * 2. IP spoofing attempts are filtered with 100% of guarantee.
2190 * called with rcu_read_lock()
2193 static int ip_route_input_slow(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
2194 u8 tos
, struct net_device
*dev
)
2196 struct fib_result res
;
2197 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
2199 unsigned int flags
= 0;
2204 struct net
*net
= dev_net(dev
);
2206 /* IP on this device is disabled. */
2211 /* Check for the most weird martians, which can be not detected
2215 if (ipv4_is_multicast(saddr
) || ipv4_is_lbcast(saddr
))
2216 goto martian_source
;
2218 if (ipv4_is_lbcast(daddr
) || (saddr
== 0 && daddr
== 0))
2221 /* Accept zero addresses only to limited broadcast;
2222 * I even do not know to fix it or not. Waiting for complains :-)
2224 if (ipv4_is_zeronet(saddr
))
2225 goto martian_source
;
2227 if (ipv4_is_zeronet(daddr
))
2228 goto martian_destination
;
2230 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev
))) {
2231 if (ipv4_is_loopback(daddr
))
2232 goto martian_destination
;
2234 if (ipv4_is_loopback(saddr
))
2235 goto martian_source
;
2239 * Now we are ready to route packet.
2242 fl4
.flowi4_iif
= dev
->ifindex
;
2243 fl4
.flowi4_mark
= skb
->mark
;
2244 fl4
.flowi4_tos
= tos
;
2245 fl4
.flowi4_scope
= RT_SCOPE_UNIVERSE
;
2248 err
= fib_lookup(net
, &fl4
, &res
);
2252 RT_CACHE_STAT_INC(in_slow_tot
);
2254 if (res
.type
== RTN_BROADCAST
)
2257 if (res
.type
== RTN_LOCAL
) {
2258 err
= fib_validate_source(skb
, saddr
, daddr
, tos
,
2259 net
->loopback_dev
->ifindex
,
2260 dev
, in_dev
, &itag
);
2262 goto martian_source_keep_err
;
2264 flags
|= RTCF_DIRECTSRC
;
2268 if (!IN_DEV_FORWARD(in_dev
))
2270 if (res
.type
!= RTN_UNICAST
)
2271 goto martian_destination
;
2273 err
= ip_mkroute_input(skb
, &res
, &fl4
, in_dev
, daddr
, saddr
, tos
);
2277 if (skb
->protocol
!= htons(ETH_P_IP
))
2280 if (!ipv4_is_zeronet(saddr
)) {
2281 err
= fib_validate_source(skb
, saddr
, 0, tos
, 0, dev
,
2284 goto martian_source_keep_err
;
2286 flags
|= RTCF_DIRECTSRC
;
2288 flags
|= RTCF_BROADCAST
;
2289 res
.type
= RTN_BROADCAST
;
2290 RT_CACHE_STAT_INC(in_brd
);
2293 rth
= rt_dst_alloc(net
->loopback_dev
,
2294 IN_DEV_CONF_GET(in_dev
, NOPOLICY
), false);
2298 rth
->dst
.input
= ip_local_deliver
;
2299 rth
->dst
.output
= ip_rt_bug
;
2300 #ifdef CONFIG_IP_ROUTE_CLASSID
2301 rth
->dst
.tclassid
= itag
;
2304 rth
->rt_key_dst
= daddr
;
2305 rth
->rt_key_src
= saddr
;
2306 rth
->rt_genid
= rt_genid(net
);
2307 rth
->rt_flags
= flags
|RTCF_LOCAL
;
2308 rth
->rt_type
= res
.type
;
2309 rth
->rt_key_tos
= tos
;
2310 rth
->rt_dst
= daddr
;
2311 rth
->rt_src
= saddr
;
2312 rth
->rt_route_iif
= dev
->ifindex
;
2313 rth
->rt_iif
= dev
->ifindex
;
2315 rth
->rt_mark
= skb
->mark
;
2317 rth
->rt_gateway
= daddr
;
2319 if (res
.type
== RTN_UNREACHABLE
) {
2320 rth
->dst
.input
= ip_error
;
2321 rth
->dst
.error
= -err
;
2322 rth
->rt_flags
&= ~RTCF_LOCAL
;
2324 hash
= rt_hash(daddr
, saddr
, fl4
.flowi4_iif
, rt_genid(net
));
2325 rth
= rt_intern_hash(hash
, rth
, skb
, fl4
.flowi4_iif
);
2332 RT_CACHE_STAT_INC(in_no_route
);
2333 res
.type
= RTN_UNREACHABLE
;
2339 * Do not cache martian addresses: they should be logged (RFC1812)
2341 martian_destination
:
2342 RT_CACHE_STAT_INC(in_martian_dst
);
2343 #ifdef CONFIG_IP_ROUTE_VERBOSE
2344 if (IN_DEV_LOG_MARTIANS(in_dev
))
2345 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2346 &daddr
, &saddr
, dev
->name
);
2359 martian_source_keep_err
:
2360 ip_handle_martian_source(dev
, in_dev
, skb
, daddr
, saddr
);
2364 int ip_route_input_common(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
2365 u8 tos
, struct net_device
*dev
, bool noref
)
2369 int iif
= dev
->ifindex
;
2377 if (!rt_caching(net
))
2380 tos
&= IPTOS_RT_MASK
;
2381 hash
= rt_hash(daddr
, saddr
, iif
, rt_genid(net
));
2383 for (rth
= rcu_dereference(rt_hash_table
[hash
].chain
); rth
;
2384 rth
= rcu_dereference(rth
->dst
.rt_next
)) {
2385 if ((((__force u32
)rth
->rt_key_dst
^ (__force u32
)daddr
) |
2386 ((__force u32
)rth
->rt_key_src
^ (__force u32
)saddr
) |
2387 (rth
->rt_route_iif
^ iif
) |
2388 (rth
->rt_key_tos
^ tos
)) == 0 &&
2389 rth
->rt_mark
== skb
->mark
&&
2390 net_eq(dev_net(rth
->dst
.dev
), net
) &&
2391 !rt_is_expired(rth
)) {
2393 dst_use_noref(&rth
->dst
, jiffies
);
2394 skb_dst_set_noref(skb
, &rth
->dst
);
2396 dst_use(&rth
->dst
, jiffies
);
2397 skb_dst_set(skb
, &rth
->dst
);
2399 RT_CACHE_STAT_INC(in_hit
);
2403 RT_CACHE_STAT_INC(in_hlist_search
);
2407 /* Multicast recognition logic is moved from route cache to here.
2408 The problem was that too many Ethernet cards have broken/missing
2409 hardware multicast filters :-( As result the host on multicasting
2410 network acquires a lot of useless route cache entries, sort of
2411 SDR messages from all the world. Now we try to get rid of them.
2412 Really, provided software IP multicast filter is organized
2413 reasonably (at least, hashed), it does not result in a slowdown
2414 comparing with route cache reject entries.
2415 Note, that multicast routers are not affected, because
2416 route cache entry is created eventually.
2418 if (ipv4_is_multicast(daddr
)) {
2419 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
2422 int our
= ip_check_mc_rcu(in_dev
, daddr
, saddr
,
2423 ip_hdr(skb
)->protocol
);
2425 #ifdef CONFIG_IP_MROUTE
2427 (!ipv4_is_local_multicast(daddr
) &&
2428 IN_DEV_MFORWARD(in_dev
))
2431 int res
= ip_route_input_mc(skb
, daddr
, saddr
,
2440 res
= ip_route_input_slow(skb
, daddr
, saddr
, tos
, dev
);
2444 EXPORT_SYMBOL(ip_route_input_common
);
2446 /* called with rcu_read_lock() */
2447 static struct rtable
*__mkroute_output(const struct fib_result
*res
,
2448 const struct flowi4
*fl4
,
2449 __be32 orig_daddr
, __be32 orig_saddr
,
2450 int orig_oif
, __u8 orig_rtos
,
2451 struct net_device
*dev_out
,
2454 struct fib_info
*fi
= res
->fi
;
2455 struct in_device
*in_dev
;
2456 u16 type
= res
->type
;
2459 in_dev
= __in_dev_get_rcu(dev_out
);
2461 return ERR_PTR(-EINVAL
);
2463 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev
)))
2464 if (ipv4_is_loopback(fl4
->saddr
) && !(dev_out
->flags
& IFF_LOOPBACK
))
2465 return ERR_PTR(-EINVAL
);
2467 if (ipv4_is_lbcast(fl4
->daddr
))
2468 type
= RTN_BROADCAST
;
2469 else if (ipv4_is_multicast(fl4
->daddr
))
2470 type
= RTN_MULTICAST
;
2471 else if (ipv4_is_zeronet(fl4
->daddr
))
2472 return ERR_PTR(-EINVAL
);
2474 if (dev_out
->flags
& IFF_LOOPBACK
)
2475 flags
|= RTCF_LOCAL
;
2477 if (type
== RTN_BROADCAST
) {
2478 flags
|= RTCF_BROADCAST
| RTCF_LOCAL
;
2480 } else if (type
== RTN_MULTICAST
) {
2481 flags
|= RTCF_MULTICAST
| RTCF_LOCAL
;
2482 if (!ip_check_mc_rcu(in_dev
, fl4
->daddr
, fl4
->saddr
,
2484 flags
&= ~RTCF_LOCAL
;
2485 /* If multicast route do not exist use
2486 * default one, but do not gateway in this case.
2489 if (fi
&& res
->prefixlen
< 4)
2493 rth
= rt_dst_alloc(dev_out
,
2494 IN_DEV_CONF_GET(in_dev
, NOPOLICY
),
2495 IN_DEV_CONF_GET(in_dev
, NOXFRM
));
2497 return ERR_PTR(-ENOBUFS
);
2499 rth
->dst
.output
= ip_output
;
2501 rth
->rt_key_dst
= orig_daddr
;
2502 rth
->rt_key_src
= orig_saddr
;
2503 rth
->rt_genid
= rt_genid(dev_net(dev_out
));
2504 rth
->rt_flags
= flags
;
2505 rth
->rt_type
= type
;
2506 rth
->rt_key_tos
= orig_rtos
;
2507 rth
->rt_dst
= fl4
->daddr
;
2508 rth
->rt_src
= fl4
->saddr
;
2509 rth
->rt_route_iif
= 0;
2510 rth
->rt_iif
= orig_oif
? : dev_out
->ifindex
;
2511 rth
->rt_oif
= orig_oif
;
2512 rth
->rt_mark
= fl4
->flowi4_mark
;
2514 rth
->rt_gateway
= fl4
->daddr
;
2517 RT_CACHE_STAT_INC(out_slow_tot
);
2519 if (flags
& RTCF_LOCAL
)
2520 rth
->dst
.input
= ip_local_deliver
;
2521 if (flags
& (RTCF_BROADCAST
| RTCF_MULTICAST
)) {
2522 if (flags
& RTCF_LOCAL
&&
2523 !(dev_out
->flags
& IFF_LOOPBACK
)) {
2524 rth
->dst
.output
= ip_mc_output
;
2525 RT_CACHE_STAT_INC(out_slow_mc
);
2527 #ifdef CONFIG_IP_MROUTE
2528 if (type
== RTN_MULTICAST
) {
2529 if (IN_DEV_MFORWARD(in_dev
) &&
2530 !ipv4_is_local_multicast(fl4
->daddr
)) {
2531 rth
->dst
.input
= ip_mr_input
;
2532 rth
->dst
.output
= ip_mc_output
;
2538 rt_set_nexthop(rth
, fl4
, res
, fi
, type
, 0);
2540 if (fl4
->flowi4_flags
& FLOWI_FLAG_RT_NOCACHE
)
2541 rth
->dst
.flags
|= DST_NOCACHE
;
2547 * Major route resolver routine.
2548 * called with rcu_read_lock();
2551 static struct rtable
*ip_route_output_slow(struct net
*net
, struct flowi4
*fl4
)
2553 struct net_device
*dev_out
= NULL
;
2554 __u8 tos
= RT_FL_TOS(fl4
);
2555 unsigned int flags
= 0;
2556 struct fib_result res
;
2566 orig_daddr
= fl4
->daddr
;
2567 orig_saddr
= fl4
->saddr
;
2568 orig_oif
= fl4
->flowi4_oif
;
2570 fl4
->flowi4_iif
= net
->loopback_dev
->ifindex
;
2571 fl4
->flowi4_tos
= tos
& IPTOS_RT_MASK
;
2572 fl4
->flowi4_scope
= ((tos
& RTO_ONLINK
) ?
2573 RT_SCOPE_LINK
: RT_SCOPE_UNIVERSE
);
2577 rth
= ERR_PTR(-EINVAL
);
2578 if (ipv4_is_multicast(fl4
->saddr
) ||
2579 ipv4_is_lbcast(fl4
->saddr
) ||
2580 ipv4_is_zeronet(fl4
->saddr
))
2583 /* I removed check for oif == dev_out->oif here.
2584 It was wrong for two reasons:
2585 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2586 is assigned to multiple interfaces.
2587 2. Moreover, we are allowed to send packets with saddr
2588 of another iface. --ANK
2591 if (fl4
->flowi4_oif
== 0 &&
2592 (ipv4_is_multicast(fl4
->daddr
) ||
2593 ipv4_is_lbcast(fl4
->daddr
))) {
2594 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2595 dev_out
= __ip_dev_find(net
, fl4
->saddr
, false);
2596 if (dev_out
== NULL
)
2599 /* Special hack: user can direct multicasts
2600 and limited broadcast via necessary interface
2601 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2602 This hack is not just for fun, it allows
2603 vic,vat and friends to work.
2604 They bind socket to loopback, set ttl to zero
2605 and expect that it will work.
2606 From the viewpoint of routing cache they are broken,
2607 because we are not allowed to build multicast path
2608 with loopback source addr (look, routing cache
2609 cannot know, that ttl is zero, so that packet
2610 will not leave this host and route is valid).
2611 Luckily, this hack is good workaround.
2614 fl4
->flowi4_oif
= dev_out
->ifindex
;
2618 if (!(fl4
->flowi4_flags
& FLOWI_FLAG_ANYSRC
)) {
2619 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2620 if (!__ip_dev_find(net
, fl4
->saddr
, false))
2626 if (fl4
->flowi4_oif
) {
2627 dev_out
= dev_get_by_index_rcu(net
, fl4
->flowi4_oif
);
2628 rth
= ERR_PTR(-ENODEV
);
2629 if (dev_out
== NULL
)
2632 /* RACE: Check return value of inet_select_addr instead. */
2633 if (!(dev_out
->flags
& IFF_UP
) || !__in_dev_get_rcu(dev_out
)) {
2634 rth
= ERR_PTR(-ENETUNREACH
);
2637 if (ipv4_is_local_multicast(fl4
->daddr
) ||
2638 ipv4_is_lbcast(fl4
->daddr
)) {
2640 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2645 if (ipv4_is_multicast(fl4
->daddr
))
2646 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2648 else if (!fl4
->daddr
)
2649 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2655 fl4
->daddr
= fl4
->saddr
;
2657 fl4
->daddr
= fl4
->saddr
= htonl(INADDR_LOOPBACK
);
2658 dev_out
= net
->loopback_dev
;
2659 fl4
->flowi4_oif
= net
->loopback_dev
->ifindex
;
2660 res
.type
= RTN_LOCAL
;
2661 flags
|= RTCF_LOCAL
;
2665 if (fib_lookup(net
, fl4
, &res
)) {
2668 if (fl4
->flowi4_oif
) {
2669 /* Apparently, routing tables are wrong. Assume,
2670 that the destination is on link.
2673 Because we are allowed to send to iface
2674 even if it has NO routes and NO assigned
2675 addresses. When oif is specified, routing
2676 tables are looked up with only one purpose:
2677 to catch if destination is gatewayed, rather than
2678 direct. Moreover, if MSG_DONTROUTE is set,
2679 we send packet, ignoring both routing tables
2680 and ifaddr state. --ANK
2683 We could make it even if oif is unknown,
2684 likely IPv6, but we do not.
2687 if (fl4
->saddr
== 0)
2688 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2690 res
.type
= RTN_UNICAST
;
2693 rth
= ERR_PTR(-ENETUNREACH
);
2697 if (res
.type
== RTN_LOCAL
) {
2699 if (res
.fi
->fib_prefsrc
)
2700 fl4
->saddr
= res
.fi
->fib_prefsrc
;
2702 fl4
->saddr
= fl4
->daddr
;
2704 dev_out
= net
->loopback_dev
;
2705 fl4
->flowi4_oif
= dev_out
->ifindex
;
2707 flags
|= RTCF_LOCAL
;
2711 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2712 if (res
.fi
->fib_nhs
> 1 && fl4
->flowi4_oif
== 0)
2713 fib_select_multipath(&res
);
2716 if (!res
.prefixlen
&&
2717 res
.table
->tb_num_default
> 1 &&
2718 res
.type
== RTN_UNICAST
&& !fl4
->flowi4_oif
)
2719 fib_select_default(&res
);
2722 fl4
->saddr
= FIB_RES_PREFSRC(net
, res
);
2724 dev_out
= FIB_RES_DEV(res
);
2725 fl4
->flowi4_oif
= dev_out
->ifindex
;
2729 rth
= __mkroute_output(&res
, fl4
, orig_daddr
, orig_saddr
, orig_oif
,
2730 tos
, dev_out
, flags
);
2734 hash
= rt_hash(orig_daddr
, orig_saddr
, orig_oif
,
2735 rt_genid(dev_net(dev_out
)));
2736 rth
= rt_intern_hash(hash
, rth
, NULL
, orig_oif
);
2744 struct rtable
*__ip_route_output_key(struct net
*net
, struct flowi4
*flp4
)
2749 if (!rt_caching(net
))
2752 hash
= rt_hash(flp4
->daddr
, flp4
->saddr
, flp4
->flowi4_oif
, rt_genid(net
));
2755 for (rth
= rcu_dereference_bh(rt_hash_table
[hash
].chain
); rth
;
2756 rth
= rcu_dereference_bh(rth
->dst
.rt_next
)) {
2757 if (rth
->rt_key_dst
== flp4
->daddr
&&
2758 rth
->rt_key_src
== flp4
->saddr
&&
2759 rt_is_output_route(rth
) &&
2760 rth
->rt_oif
== flp4
->flowi4_oif
&&
2761 rth
->rt_mark
== flp4
->flowi4_mark
&&
2762 !((rth
->rt_key_tos
^ flp4
->flowi4_tos
) &
2763 (IPTOS_RT_MASK
| RTO_ONLINK
)) &&
2764 net_eq(dev_net(rth
->dst
.dev
), net
) &&
2765 !rt_is_expired(rth
)) {
2766 dst_use(&rth
->dst
, jiffies
);
2767 RT_CACHE_STAT_INC(out_hit
);
2768 rcu_read_unlock_bh();
2770 flp4
->saddr
= rth
->rt_src
;
2772 flp4
->daddr
= rth
->rt_dst
;
2775 RT_CACHE_STAT_INC(out_hlist_search
);
2777 rcu_read_unlock_bh();
2780 return ip_route_output_slow(net
, flp4
);
2782 EXPORT_SYMBOL_GPL(__ip_route_output_key
);
2784 static struct dst_entry
*ipv4_blackhole_dst_check(struct dst_entry
*dst
, u32 cookie
)
2789 static unsigned int ipv4_blackhole_mtu(const struct dst_entry
*dst
)
2791 unsigned int mtu
= dst_metric_raw(dst
, RTAX_MTU
);
2793 return mtu
? : dst
->dev
->mtu
;
2796 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
2797 struct sk_buff
*skb
, u32 mtu
)
2801 static void ipv4_rt_blackhole_redirect(struct dst_entry
*dst
, struct sock
*sk
,
2802 struct sk_buff
*skb
)
2806 static u32
*ipv4_rt_blackhole_cow_metrics(struct dst_entry
*dst
,
2812 static struct dst_ops ipv4_dst_blackhole_ops
= {
2814 .protocol
= cpu_to_be16(ETH_P_IP
),
2815 .destroy
= ipv4_dst_destroy
,
2816 .check
= ipv4_blackhole_dst_check
,
2817 .mtu
= ipv4_blackhole_mtu
,
2818 .default_advmss
= ipv4_default_advmss
,
2819 .update_pmtu
= ipv4_rt_blackhole_update_pmtu
,
2820 .redirect
= ipv4_rt_blackhole_redirect
,
2821 .cow_metrics
= ipv4_rt_blackhole_cow_metrics
,
2822 .neigh_lookup
= ipv4_neigh_lookup
,
2825 struct dst_entry
*ipv4_blackhole_route(struct net
*net
, struct dst_entry
*dst_orig
)
2827 struct rtable
*rt
= dst_alloc(&ipv4_dst_blackhole_ops
, NULL
, 1, 0, 0);
2828 struct rtable
*ort
= (struct rtable
*) dst_orig
;
2831 struct dst_entry
*new = &rt
->dst
;
2834 new->input
= dst_discard
;
2835 new->output
= dst_discard
;
2837 new->dev
= ort
->dst
.dev
;
2841 rt
->rt_key_dst
= ort
->rt_key_dst
;
2842 rt
->rt_key_src
= ort
->rt_key_src
;
2843 rt
->rt_key_tos
= ort
->rt_key_tos
;
2844 rt
->rt_route_iif
= ort
->rt_route_iif
;
2845 rt
->rt_iif
= ort
->rt_iif
;
2846 rt
->rt_oif
= ort
->rt_oif
;
2847 rt
->rt_mark
= ort
->rt_mark
;
2848 rt
->rt_pmtu
= ort
->rt_pmtu
;
2850 rt
->rt_genid
= rt_genid(net
);
2851 rt
->rt_flags
= ort
->rt_flags
;
2852 rt
->rt_type
= ort
->rt_type
;
2853 rt
->rt_dst
= ort
->rt_dst
;
2854 rt
->rt_src
= ort
->rt_src
;
2855 rt
->rt_gateway
= ort
->rt_gateway
;
2858 atomic_inc(&rt
->fi
->fib_clntref
);
2863 dst_release(dst_orig
);
2865 return rt
? &rt
->dst
: ERR_PTR(-ENOMEM
);
2868 struct rtable
*ip_route_output_flow(struct net
*net
, struct flowi4
*flp4
,
2871 struct rtable
*rt
= __ip_route_output_key(net
, flp4
);
2876 if (flp4
->flowi4_proto
)
2877 rt
= (struct rtable
*) xfrm_lookup(net
, &rt
->dst
,
2878 flowi4_to_flowi(flp4
),
2883 EXPORT_SYMBOL_GPL(ip_route_output_flow
);
2885 static int rt_fill_info(struct net
*net
,
2886 struct sk_buff
*skb
, u32 pid
, u32 seq
, int event
,
2887 int nowait
, unsigned int flags
)
2889 struct rtable
*rt
= skb_rtable(skb
);
2891 struct nlmsghdr
*nlh
;
2892 unsigned long expires
= 0;
2895 nlh
= nlmsg_put(skb
, pid
, seq
, event
, sizeof(*r
), flags
);
2899 r
= nlmsg_data(nlh
);
2900 r
->rtm_family
= AF_INET
;
2901 r
->rtm_dst_len
= 32;
2903 r
->rtm_tos
= rt
->rt_key_tos
;
2904 r
->rtm_table
= RT_TABLE_MAIN
;
2905 if (nla_put_u32(skb
, RTA_TABLE
, RT_TABLE_MAIN
))
2906 goto nla_put_failure
;
2907 r
->rtm_type
= rt
->rt_type
;
2908 r
->rtm_scope
= RT_SCOPE_UNIVERSE
;
2909 r
->rtm_protocol
= RTPROT_UNSPEC
;
2910 r
->rtm_flags
= (rt
->rt_flags
& ~0xFFFF) | RTM_F_CLONED
;
2911 if (rt
->rt_flags
& RTCF_NOTIFY
)
2912 r
->rtm_flags
|= RTM_F_NOTIFY
;
2914 if (nla_put_be32(skb
, RTA_DST
, rt
->rt_dst
))
2915 goto nla_put_failure
;
2916 if (rt
->rt_key_src
) {
2917 r
->rtm_src_len
= 32;
2918 if (nla_put_be32(skb
, RTA_SRC
, rt
->rt_key_src
))
2919 goto nla_put_failure
;
2922 nla_put_u32(skb
, RTA_OIF
, rt
->dst
.dev
->ifindex
))
2923 goto nla_put_failure
;
2924 #ifdef CONFIG_IP_ROUTE_CLASSID
2925 if (rt
->dst
.tclassid
&&
2926 nla_put_u32(skb
, RTA_FLOW
, rt
->dst
.tclassid
))
2927 goto nla_put_failure
;
2929 if (!rt_is_input_route(rt
) &&
2930 rt
->rt_src
!= rt
->rt_key_src
) {
2931 if (nla_put_be32(skb
, RTA_PREFSRC
, rt
->rt_src
))
2932 goto nla_put_failure
;
2934 if (rt
->rt_dst
!= rt
->rt_gateway
&&
2935 nla_put_be32(skb
, RTA_GATEWAY
, rt
->rt_gateway
))
2936 goto nla_put_failure
;
2938 if (rtnetlink_put_metrics(skb
, dst_metrics_ptr(&rt
->dst
)) < 0)
2939 goto nla_put_failure
;
2942 nla_put_be32(skb
, RTA_MARK
, rt
->rt_mark
))
2943 goto nla_put_failure
;
2945 error
= rt
->dst
.error
;
2946 expires
= rt
->dst
.expires
;
2948 if (time_before(jiffies
, expires
))
2954 if (rt_is_input_route(rt
)) {
2955 #ifdef CONFIG_IP_MROUTE
2956 __be32 dst
= rt
->rt_dst
;
2958 if (ipv4_is_multicast(dst
) && !ipv4_is_local_multicast(dst
) &&
2959 IPV4_DEVCONF_ALL(net
, MC_FORWARDING
)) {
2960 int err
= ipmr_get_route(net
, skb
,
2961 rt
->rt_src
, rt
->rt_dst
,
2967 goto nla_put_failure
;
2969 if (err
== -EMSGSIZE
)
2970 goto nla_put_failure
;
2976 if (nla_put_u32(skb
, RTA_IIF
, rt
->rt_iif
))
2977 goto nla_put_failure
;
2980 if (rtnl_put_cacheinfo(skb
, &rt
->dst
, 0, expires
, error
) < 0)
2981 goto nla_put_failure
;
2983 return nlmsg_end(skb
, nlh
);
2986 nlmsg_cancel(skb
, nlh
);
2990 static int inet_rtm_getroute(struct sk_buff
*in_skb
, struct nlmsghdr
*nlh
, void *arg
)
2992 struct net
*net
= sock_net(in_skb
->sk
);
2994 struct nlattr
*tb
[RTA_MAX
+1];
2995 struct rtable
*rt
= NULL
;
3001 struct sk_buff
*skb
;
3003 err
= nlmsg_parse(nlh
, sizeof(*rtm
), tb
, RTA_MAX
, rtm_ipv4_policy
);
3007 rtm
= nlmsg_data(nlh
);
3009 skb
= alloc_skb(NLMSG_GOODSIZE
, GFP_KERNEL
);
3015 /* Reserve room for dummy headers, this skb can pass
3016 through good chunk of routing engine.
3018 skb_reset_mac_header(skb
);
3019 skb_reset_network_header(skb
);
3021 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
3022 ip_hdr(skb
)->protocol
= IPPROTO_ICMP
;
3023 skb_reserve(skb
, MAX_HEADER
+ sizeof(struct iphdr
));
3025 src
= tb
[RTA_SRC
] ? nla_get_be32(tb
[RTA_SRC
]) : 0;
3026 dst
= tb
[RTA_DST
] ? nla_get_be32(tb
[RTA_DST
]) : 0;
3027 iif
= tb
[RTA_IIF
] ? nla_get_u32(tb
[RTA_IIF
]) : 0;
3028 mark
= tb
[RTA_MARK
] ? nla_get_u32(tb
[RTA_MARK
]) : 0;
3031 struct net_device
*dev
;
3033 dev
= __dev_get_by_index(net
, iif
);
3039 skb
->protocol
= htons(ETH_P_IP
);
3043 err
= ip_route_input(skb
, dst
, src
, rtm
->rtm_tos
, dev
);
3046 rt
= skb_rtable(skb
);
3047 if (err
== 0 && rt
->dst
.error
)
3048 err
= -rt
->dst
.error
;
3050 struct flowi4 fl4
= {
3053 .flowi4_tos
= rtm
->rtm_tos
,
3054 .flowi4_oif
= tb
[RTA_OIF
] ? nla_get_u32(tb
[RTA_OIF
]) : 0,
3055 .flowi4_mark
= mark
,
3057 rt
= ip_route_output_key(net
, &fl4
);
3067 skb_dst_set(skb
, &rt
->dst
);
3068 if (rtm
->rtm_flags
& RTM_F_NOTIFY
)
3069 rt
->rt_flags
|= RTCF_NOTIFY
;
3071 err
= rt_fill_info(net
, skb
, NETLINK_CB(in_skb
).pid
, nlh
->nlmsg_seq
,
3072 RTM_NEWROUTE
, 0, 0);
3076 err
= rtnl_unicast(skb
, net
, NETLINK_CB(in_skb
).pid
);
3085 int ip_rt_dump(struct sk_buff
*skb
, struct netlink_callback
*cb
)
3092 net
= sock_net(skb
->sk
);
3097 s_idx
= idx
= cb
->args
[1];
3098 for (h
= s_h
; h
<= rt_hash_mask
; h
++, s_idx
= 0) {
3099 if (!rt_hash_table
[h
].chain
)
3102 for (rt
= rcu_dereference_bh(rt_hash_table
[h
].chain
), idx
= 0; rt
;
3103 rt
= rcu_dereference_bh(rt
->dst
.rt_next
), idx
++) {
3104 if (!net_eq(dev_net(rt
->dst
.dev
), net
) || idx
< s_idx
)
3106 if (rt_is_expired(rt
))
3108 skb_dst_set_noref(skb
, &rt
->dst
);
3109 if (rt_fill_info(net
, skb
, NETLINK_CB(cb
->skb
).pid
,
3110 cb
->nlh
->nlmsg_seq
, RTM_NEWROUTE
,
3111 1, NLM_F_MULTI
) <= 0) {
3113 rcu_read_unlock_bh();
3118 rcu_read_unlock_bh();
3127 void ip_rt_multicast_event(struct in_device
*in_dev
)
3129 rt_cache_flush(dev_net(in_dev
->dev
), 0);
3132 #ifdef CONFIG_SYSCTL
3133 static int ipv4_sysctl_rtcache_flush(ctl_table
*__ctl
, int write
,
3134 void __user
*buffer
,
3135 size_t *lenp
, loff_t
*ppos
)
3142 memcpy(&ctl
, __ctl
, sizeof(ctl
));
3143 ctl
.data
= &flush_delay
;
3144 proc_dointvec(&ctl
, write
, buffer
, lenp
, ppos
);
3146 net
= (struct net
*)__ctl
->extra1
;
3147 rt_cache_flush(net
, flush_delay
);
3154 static ctl_table ipv4_route_table
[] = {
3156 .procname
= "gc_thresh",
3157 .data
= &ipv4_dst_ops
.gc_thresh
,
3158 .maxlen
= sizeof(int),
3160 .proc_handler
= proc_dointvec
,
3163 .procname
= "max_size",
3164 .data
= &ip_rt_max_size
,
3165 .maxlen
= sizeof(int),
3167 .proc_handler
= proc_dointvec
,
3170 /* Deprecated. Use gc_min_interval_ms */
3172 .procname
= "gc_min_interval",
3173 .data
= &ip_rt_gc_min_interval
,
3174 .maxlen
= sizeof(int),
3176 .proc_handler
= proc_dointvec_jiffies
,
3179 .procname
= "gc_min_interval_ms",
3180 .data
= &ip_rt_gc_min_interval
,
3181 .maxlen
= sizeof(int),
3183 .proc_handler
= proc_dointvec_ms_jiffies
,
3186 .procname
= "gc_timeout",
3187 .data
= &ip_rt_gc_timeout
,
3188 .maxlen
= sizeof(int),
3190 .proc_handler
= proc_dointvec_jiffies
,
3193 .procname
= "gc_interval",
3194 .data
= &ip_rt_gc_interval
,
3195 .maxlen
= sizeof(int),
3197 .proc_handler
= proc_dointvec_jiffies
,
3200 .procname
= "redirect_load",
3201 .data
= &ip_rt_redirect_load
,
3202 .maxlen
= sizeof(int),
3204 .proc_handler
= proc_dointvec
,
3207 .procname
= "redirect_number",
3208 .data
= &ip_rt_redirect_number
,
3209 .maxlen
= sizeof(int),
3211 .proc_handler
= proc_dointvec
,
3214 .procname
= "redirect_silence",
3215 .data
= &ip_rt_redirect_silence
,
3216 .maxlen
= sizeof(int),
3218 .proc_handler
= proc_dointvec
,
3221 .procname
= "error_cost",
3222 .data
= &ip_rt_error_cost
,
3223 .maxlen
= sizeof(int),
3225 .proc_handler
= proc_dointvec
,
3228 .procname
= "error_burst",
3229 .data
= &ip_rt_error_burst
,
3230 .maxlen
= sizeof(int),
3232 .proc_handler
= proc_dointvec
,
3235 .procname
= "gc_elasticity",
3236 .data
= &ip_rt_gc_elasticity
,
3237 .maxlen
= sizeof(int),
3239 .proc_handler
= proc_dointvec
,
3242 .procname
= "mtu_expires",
3243 .data
= &ip_rt_mtu_expires
,
3244 .maxlen
= sizeof(int),
3246 .proc_handler
= proc_dointvec_jiffies
,
3249 .procname
= "min_pmtu",
3250 .data
= &ip_rt_min_pmtu
,
3251 .maxlen
= sizeof(int),
3253 .proc_handler
= proc_dointvec
,
3256 .procname
= "min_adv_mss",
3257 .data
= &ip_rt_min_advmss
,
3258 .maxlen
= sizeof(int),
3260 .proc_handler
= proc_dointvec
,
3265 static struct ctl_table ipv4_route_flush_table
[] = {
3267 .procname
= "flush",
3268 .maxlen
= sizeof(int),
3270 .proc_handler
= ipv4_sysctl_rtcache_flush
,
3275 static __net_init
int sysctl_route_net_init(struct net
*net
)
3277 struct ctl_table
*tbl
;
3279 tbl
= ipv4_route_flush_table
;
3280 if (!net_eq(net
, &init_net
)) {
3281 tbl
= kmemdup(tbl
, sizeof(ipv4_route_flush_table
), GFP_KERNEL
);
3285 tbl
[0].extra1
= net
;
3287 net
->ipv4
.route_hdr
= register_net_sysctl(net
, "net/ipv4/route", tbl
);
3288 if (net
->ipv4
.route_hdr
== NULL
)
3293 if (tbl
!= ipv4_route_flush_table
)
3299 static __net_exit
void sysctl_route_net_exit(struct net
*net
)
3301 struct ctl_table
*tbl
;
3303 tbl
= net
->ipv4
.route_hdr
->ctl_table_arg
;
3304 unregister_net_sysctl_table(net
->ipv4
.route_hdr
);
3305 BUG_ON(tbl
== ipv4_route_flush_table
);
3309 static __net_initdata
struct pernet_operations sysctl_route_ops
= {
3310 .init
= sysctl_route_net_init
,
3311 .exit
= sysctl_route_net_exit
,
3315 static __net_init
int rt_genid_init(struct net
*net
)
3317 get_random_bytes(&net
->ipv4
.rt_genid
,
3318 sizeof(net
->ipv4
.rt_genid
));
3319 get_random_bytes(&net
->ipv4
.dev_addr_genid
,
3320 sizeof(net
->ipv4
.dev_addr_genid
));
3324 static __net_initdata
struct pernet_operations rt_genid_ops
= {
3325 .init
= rt_genid_init
,
3328 static int __net_init
ipv4_inetpeer_init(struct net
*net
)
3330 struct inet_peer_base
*bp
= kmalloc(sizeof(*bp
), GFP_KERNEL
);
3334 inet_peer_base_init(bp
);
3335 net
->ipv4
.peers
= bp
;
3339 static void __net_exit
ipv4_inetpeer_exit(struct net
*net
)
3341 struct inet_peer_base
*bp
= net
->ipv4
.peers
;
3343 net
->ipv4
.peers
= NULL
;
3344 inetpeer_invalidate_tree(bp
);
3348 static __net_initdata
struct pernet_operations ipv4_inetpeer_ops
= {
3349 .init
= ipv4_inetpeer_init
,
3350 .exit
= ipv4_inetpeer_exit
,
3353 #ifdef CONFIG_IP_ROUTE_CLASSID
3354 struct ip_rt_acct __percpu
*ip_rt_acct __read_mostly
;
3355 #endif /* CONFIG_IP_ROUTE_CLASSID */
3357 static __initdata
unsigned long rhash_entries
;
3358 static int __init
set_rhash_entries(char *str
)
3365 ret
= kstrtoul(str
, 0, &rhash_entries
);
3371 __setup("rhash_entries=", set_rhash_entries
);
3373 int __init
ip_rt_init(void)
3377 #ifdef CONFIG_IP_ROUTE_CLASSID
3378 ip_rt_acct
= __alloc_percpu(256 * sizeof(struct ip_rt_acct
), __alignof__(struct ip_rt_acct
));
3380 panic("IP: failed to allocate ip_rt_acct\n");
3383 ipv4_dst_ops
.kmem_cachep
=
3384 kmem_cache_create("ip_dst_cache", sizeof(struct rtable
), 0,
3385 SLAB_HWCACHE_ALIGN
|SLAB_PANIC
, NULL
);
3387 ipv4_dst_blackhole_ops
.kmem_cachep
= ipv4_dst_ops
.kmem_cachep
;
3389 if (dst_entries_init(&ipv4_dst_ops
) < 0)
3390 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3392 if (dst_entries_init(&ipv4_dst_blackhole_ops
) < 0)
3393 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3395 rt_hash_table
= (struct rt_hash_bucket
*)
3396 alloc_large_system_hash("IP route cache",
3397 sizeof(struct rt_hash_bucket
),
3399 (totalram_pages
>= 128 * 1024) ?
3405 rhash_entries
? 0 : 512 * 1024);
3406 memset(rt_hash_table
, 0, (rt_hash_mask
+ 1) * sizeof(struct rt_hash_bucket
));
3407 rt_hash_lock_init();
3409 ipv4_dst_ops
.gc_thresh
= (rt_hash_mask
+ 1);
3410 ip_rt_max_size
= (rt_hash_mask
+ 1) * 16;
3415 INIT_DELAYED_WORK_DEFERRABLE(&expires_work
, rt_worker_func
);
3416 expires_ljiffies
= jiffies
;
3417 schedule_delayed_work(&expires_work
,
3418 net_random() % ip_rt_gc_interval
+ ip_rt_gc_interval
);
3420 if (ip_rt_proc_init())
3421 pr_err("Unable to create route proc files\n");
3424 xfrm4_init(ip_rt_max_size
);
3426 rtnl_register(PF_INET
, RTM_GETROUTE
, inet_rtm_getroute
, NULL
, NULL
);
3428 #ifdef CONFIG_SYSCTL
3429 register_pernet_subsys(&sysctl_route_ops
);
3431 register_pernet_subsys(&rt_genid_ops
);
3432 register_pernet_subsys(&ipv4_inetpeer_ops
);
3436 #ifdef CONFIG_SYSCTL
3438 * We really need to sanitize the damn ipv4 init order, then all
3439 * this nonsense will go away.
3441 void __init
ip_static_sysctl_init(void)
3443 register_net_sysctl(&init_net
, "net/ipv4/route", ipv4_route_table
);