2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <linux/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/dst_metadata.h>
95 #include <net/net_namespace.h>
96 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/inetpeer.h>
100 #include <net/sock.h>
101 #include <net/ip_fib.h>
104 #include <net/icmp.h>
105 #include <net/xfrm.h>
106 #include <net/lwtunnel.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
110 #include <linux/sysctl.h>
111 #include <linux/kmemleak.h>
113 #include <net/secure_seq.h>
114 #include <net/ip_tunnels.h>
115 #include <net/l3mdev.h>
117 #include "fib_lookup.h"
119 #define RT_FL_TOS(oldflp4) \
120 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
122 #define RT_GC_TIMEOUT (300*HZ)
124 static int ip_rt_max_size
;
125 static int ip_rt_redirect_number __read_mostly
= 9;
126 static int ip_rt_redirect_load __read_mostly
= HZ
/ 50;
127 static int ip_rt_redirect_silence __read_mostly
= ((HZ
/ 50) << (9 + 1));
128 static int ip_rt_error_cost __read_mostly
= HZ
;
129 static int ip_rt_error_burst __read_mostly
= 5 * HZ
;
130 static int ip_rt_mtu_expires __read_mostly
= 10 * 60 * HZ
;
131 static u32 ip_rt_min_pmtu __read_mostly
= 512 + 20 + 20;
132 static int ip_rt_min_advmss __read_mostly
= 256;
134 static int ip_rt_gc_timeout __read_mostly
= RT_GC_TIMEOUT
;
136 static int ip_min_valid_pmtu __read_mostly
= IPV4_MIN_MTU
;
139 * Interface to generic destination cache.
142 static struct dst_entry
*ipv4_dst_check(struct dst_entry
*dst
, u32 cookie
);
143 static unsigned int ipv4_default_advmss(const struct dst_entry
*dst
);
144 static unsigned int ipv4_mtu(const struct dst_entry
*dst
);
145 static struct dst_entry
*ipv4_negative_advice(struct dst_entry
*dst
);
146 static void ipv4_link_failure(struct sk_buff
*skb
);
147 static void ip_rt_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
148 struct sk_buff
*skb
, u32 mtu
);
149 static void ip_do_redirect(struct dst_entry
*dst
, struct sock
*sk
,
150 struct sk_buff
*skb
);
151 static void ipv4_dst_destroy(struct dst_entry
*dst
);
153 static u32
*ipv4_cow_metrics(struct dst_entry
*dst
, unsigned long old
)
159 static struct neighbour
*ipv4_neigh_lookup(const struct dst_entry
*dst
,
162 static void ipv4_confirm_neigh(const struct dst_entry
*dst
, const void *daddr
);
164 static struct dst_ops ipv4_dst_ops
= {
166 .check
= ipv4_dst_check
,
167 .default_advmss
= ipv4_default_advmss
,
169 .cow_metrics
= ipv4_cow_metrics
,
170 .destroy
= ipv4_dst_destroy
,
171 .negative_advice
= ipv4_negative_advice
,
172 .link_failure
= ipv4_link_failure
,
173 .update_pmtu
= ip_rt_update_pmtu
,
174 .redirect
= ip_do_redirect
,
175 .local_out
= __ip_local_out
,
176 .neigh_lookup
= ipv4_neigh_lookup
,
177 .confirm_neigh
= ipv4_confirm_neigh
,
180 #define ECN_OR_COST(class) TC_PRIO_##class
182 const __u8 ip_tos2prio
[16] = {
184 ECN_OR_COST(BESTEFFORT
),
186 ECN_OR_COST(BESTEFFORT
),
192 ECN_OR_COST(INTERACTIVE
),
194 ECN_OR_COST(INTERACTIVE
),
195 TC_PRIO_INTERACTIVE_BULK
,
196 ECN_OR_COST(INTERACTIVE_BULK
),
197 TC_PRIO_INTERACTIVE_BULK
,
198 ECN_OR_COST(INTERACTIVE_BULK
)
200 EXPORT_SYMBOL(ip_tos2prio
);
202 static DEFINE_PER_CPU(struct rt_cache_stat
, rt_cache_stat
);
203 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
205 #ifdef CONFIG_PROC_FS
206 static void *rt_cache_seq_start(struct seq_file
*seq
, loff_t
*pos
)
210 return SEQ_START_TOKEN
;
213 static void *rt_cache_seq_next(struct seq_file
*seq
, void *v
, loff_t
*pos
)
219 static void rt_cache_seq_stop(struct seq_file
*seq
, void *v
)
223 static int rt_cache_seq_show(struct seq_file
*seq
, void *v
)
225 if (v
== SEQ_START_TOKEN
)
226 seq_printf(seq
, "%-127s\n",
227 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
228 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
233 static const struct seq_operations rt_cache_seq_ops
= {
234 .start
= rt_cache_seq_start
,
235 .next
= rt_cache_seq_next
,
236 .stop
= rt_cache_seq_stop
,
237 .show
= rt_cache_seq_show
,
240 static int rt_cache_seq_open(struct inode
*inode
, struct file
*file
)
242 return seq_open(file
, &rt_cache_seq_ops
);
245 static const struct file_operations rt_cache_seq_fops
= {
246 .owner
= THIS_MODULE
,
247 .open
= rt_cache_seq_open
,
250 .release
= seq_release
,
254 static void *rt_cpu_seq_start(struct seq_file
*seq
, loff_t
*pos
)
259 return SEQ_START_TOKEN
;
261 for (cpu
= *pos
-1; cpu
< nr_cpu_ids
; ++cpu
) {
262 if (!cpu_possible(cpu
))
265 return &per_cpu(rt_cache_stat
, cpu
);
270 static void *rt_cpu_seq_next(struct seq_file
*seq
, void *v
, loff_t
*pos
)
274 for (cpu
= *pos
; cpu
< nr_cpu_ids
; ++cpu
) {
275 if (!cpu_possible(cpu
))
278 return &per_cpu(rt_cache_stat
, cpu
);
284 static void rt_cpu_seq_stop(struct seq_file
*seq
, void *v
)
289 static int rt_cpu_seq_show(struct seq_file
*seq
, void *v
)
291 struct rt_cache_stat
*st
= v
;
293 if (v
== SEQ_START_TOKEN
) {
294 seq_printf(seq
, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
298 seq_printf(seq
,"%08x %08x %08x %08x %08x %08x %08x %08x "
299 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
300 dst_entries_get_slow(&ipv4_dst_ops
),
313 0, /* st->gc_total */
314 0, /* st->gc_ignored */
315 0, /* st->gc_goal_miss */
316 0, /* st->gc_dst_overflow */
317 0, /* st->in_hlist_search */
318 0 /* st->out_hlist_search */
323 static const struct seq_operations rt_cpu_seq_ops
= {
324 .start
= rt_cpu_seq_start
,
325 .next
= rt_cpu_seq_next
,
326 .stop
= rt_cpu_seq_stop
,
327 .show
= rt_cpu_seq_show
,
331 static int rt_cpu_seq_open(struct inode
*inode
, struct file
*file
)
333 return seq_open(file
, &rt_cpu_seq_ops
);
336 static const struct file_operations rt_cpu_seq_fops
= {
337 .owner
= THIS_MODULE
,
338 .open
= rt_cpu_seq_open
,
341 .release
= seq_release
,
344 #ifdef CONFIG_IP_ROUTE_CLASSID
345 static int rt_acct_proc_show(struct seq_file
*m
, void *v
)
347 struct ip_rt_acct
*dst
, *src
;
350 dst
= kcalloc(256, sizeof(struct ip_rt_acct
), GFP_KERNEL
);
354 for_each_possible_cpu(i
) {
355 src
= (struct ip_rt_acct
*)per_cpu_ptr(ip_rt_acct
, i
);
356 for (j
= 0; j
< 256; j
++) {
357 dst
[j
].o_bytes
+= src
[j
].o_bytes
;
358 dst
[j
].o_packets
+= src
[j
].o_packets
;
359 dst
[j
].i_bytes
+= src
[j
].i_bytes
;
360 dst
[j
].i_packets
+= src
[j
].i_packets
;
364 seq_write(m
, dst
, 256 * sizeof(struct ip_rt_acct
));
369 static int rt_acct_proc_open(struct inode
*inode
, struct file
*file
)
371 return single_open(file
, rt_acct_proc_show
, NULL
);
374 static const struct file_operations rt_acct_proc_fops
= {
375 .owner
= THIS_MODULE
,
376 .open
= rt_acct_proc_open
,
379 .release
= single_release
,
383 static int __net_init
ip_rt_do_proc_init(struct net
*net
)
385 struct proc_dir_entry
*pde
;
387 pde
= proc_create("rt_cache", S_IRUGO
, net
->proc_net
,
392 pde
= proc_create("rt_cache", S_IRUGO
,
393 net
->proc_net_stat
, &rt_cpu_seq_fops
);
397 #ifdef CONFIG_IP_ROUTE_CLASSID
398 pde
= proc_create("rt_acct", 0, net
->proc_net
, &rt_acct_proc_fops
);
404 #ifdef CONFIG_IP_ROUTE_CLASSID
406 remove_proc_entry("rt_cache", net
->proc_net_stat
);
409 remove_proc_entry("rt_cache", net
->proc_net
);
414 static void __net_exit
ip_rt_do_proc_exit(struct net
*net
)
416 remove_proc_entry("rt_cache", net
->proc_net_stat
);
417 remove_proc_entry("rt_cache", net
->proc_net
);
418 #ifdef CONFIG_IP_ROUTE_CLASSID
419 remove_proc_entry("rt_acct", net
->proc_net
);
423 static struct pernet_operations ip_rt_proc_ops __net_initdata
= {
424 .init
= ip_rt_do_proc_init
,
425 .exit
= ip_rt_do_proc_exit
,
428 static int __init
ip_rt_proc_init(void)
430 return register_pernet_subsys(&ip_rt_proc_ops
);
434 static inline int ip_rt_proc_init(void)
438 #endif /* CONFIG_PROC_FS */
440 static inline bool rt_is_expired(const struct rtable
*rth
)
442 return rth
->rt_genid
!= rt_genid_ipv4(dev_net(rth
->dst
.dev
));
445 void rt_cache_flush(struct net
*net
)
447 rt_genid_bump_ipv4(net
);
450 static struct neighbour
*ipv4_neigh_lookup(const struct dst_entry
*dst
,
454 struct net_device
*dev
= dst
->dev
;
455 const __be32
*pkey
= daddr
;
456 const struct rtable
*rt
;
459 rt
= (const struct rtable
*) dst
;
461 pkey
= (const __be32
*) &rt
->rt_gateway
;
463 pkey
= &ip_hdr(skb
)->daddr
;
465 n
= __ipv4_neigh_lookup(dev
, *(__force u32
*)pkey
);
468 return neigh_create(&arp_tbl
, pkey
, dev
);
471 static void ipv4_confirm_neigh(const struct dst_entry
*dst
, const void *daddr
)
473 struct net_device
*dev
= dst
->dev
;
474 const __be32
*pkey
= daddr
;
475 const struct rtable
*rt
;
477 rt
= (const struct rtable
*)dst
;
479 pkey
= (const __be32
*)&rt
->rt_gateway
;
482 (RTCF_MULTICAST
| RTCF_BROADCAST
| RTCF_LOCAL
)))
485 __ipv4_confirm_neigh(dev
, *(__force u32
*)pkey
);
488 #define IP_IDENTS_SZ 2048u
490 static atomic_t
*ip_idents __read_mostly
;
491 static u32
*ip_tstamps __read_mostly
;
493 /* In order to protect privacy, we add a perturbation to identifiers
494 * if one generator is seldom used. This makes hard for an attacker
495 * to infer how many packets were sent between two points in time.
497 u32
ip_idents_reserve(u32 hash
, int segs
)
499 u32
*p_tstamp
= ip_tstamps
+ hash
% IP_IDENTS_SZ
;
500 atomic_t
*p_id
= ip_idents
+ hash
% IP_IDENTS_SZ
;
501 u32 old
= READ_ONCE(*p_tstamp
);
502 u32 now
= (u32
)jiffies
;
505 if (old
!= now
&& cmpxchg(p_tstamp
, old
, now
) == old
)
506 delta
= prandom_u32_max(now
- old
);
508 /* Do not use atomic_add_return() as it makes UBSAN unhappy */
510 old
= (u32
)atomic_read(p_id
);
511 new = old
+ delta
+ segs
;
512 } while (atomic_cmpxchg(p_id
, old
, new) != old
);
516 EXPORT_SYMBOL(ip_idents_reserve
);
518 void __ip_select_ident(struct net
*net
, struct iphdr
*iph
, int segs
)
520 static u32 ip_idents_hashrnd __read_mostly
;
523 net_get_random_once(&ip_idents_hashrnd
, sizeof(ip_idents_hashrnd
));
525 hash
= jhash_3words((__force u32
)iph
->daddr
,
526 (__force u32
)iph
->saddr
,
527 iph
->protocol
^ net_hash_mix(net
),
529 id
= ip_idents_reserve(hash
, segs
);
532 EXPORT_SYMBOL(__ip_select_ident
);
534 static void __build_flow_key(const struct net
*net
, struct flowi4
*fl4
,
535 const struct sock
*sk
,
536 const struct iphdr
*iph
,
538 u8 prot
, u32 mark
, int flow_flags
)
541 const struct inet_sock
*inet
= inet_sk(sk
);
543 oif
= sk
->sk_bound_dev_if
;
545 tos
= RT_CONN_FLAGS(sk
);
546 prot
= inet
->hdrincl
? IPPROTO_RAW
: sk
->sk_protocol
;
548 flowi4_init_output(fl4
, oif
, mark
, tos
,
549 RT_SCOPE_UNIVERSE
, prot
,
551 iph
->daddr
, iph
->saddr
, 0, 0,
552 sock_net_uid(net
, sk
));
555 static void build_skb_flow_key(struct flowi4
*fl4
, const struct sk_buff
*skb
,
556 const struct sock
*sk
)
558 const struct net
*net
= dev_net(skb
->dev
);
559 const struct iphdr
*iph
= ip_hdr(skb
);
560 int oif
= skb
->dev
->ifindex
;
561 u8 tos
= RT_TOS(iph
->tos
);
562 u8 prot
= iph
->protocol
;
563 u32 mark
= skb
->mark
;
565 __build_flow_key(net
, fl4
, sk
, iph
, oif
, tos
, prot
, mark
, 0);
568 static void build_sk_flow_key(struct flowi4
*fl4
, const struct sock
*sk
)
570 const struct inet_sock
*inet
= inet_sk(sk
);
571 const struct ip_options_rcu
*inet_opt
;
572 __be32 daddr
= inet
->inet_daddr
;
575 inet_opt
= rcu_dereference(inet
->inet_opt
);
576 if (inet_opt
&& inet_opt
->opt
.srr
)
577 daddr
= inet_opt
->opt
.faddr
;
578 flowi4_init_output(fl4
, sk
->sk_bound_dev_if
, sk
->sk_mark
,
579 RT_CONN_FLAGS(sk
), RT_SCOPE_UNIVERSE
,
580 inet
->hdrincl
? IPPROTO_RAW
: sk
->sk_protocol
,
581 inet_sk_flowi_flags(sk
),
582 daddr
, inet
->inet_saddr
, 0, 0, sk
->sk_uid
);
586 static void ip_rt_build_flow_key(struct flowi4
*fl4
, const struct sock
*sk
,
587 const struct sk_buff
*skb
)
590 build_skb_flow_key(fl4
, skb
, sk
);
592 build_sk_flow_key(fl4
, sk
);
595 static DEFINE_SPINLOCK(fnhe_lock
);
597 static void fnhe_flush_routes(struct fib_nh_exception
*fnhe
)
601 rt
= rcu_dereference(fnhe
->fnhe_rth_input
);
603 RCU_INIT_POINTER(fnhe
->fnhe_rth_input
, NULL
);
604 dst_dev_put(&rt
->dst
);
605 dst_release(&rt
->dst
);
607 rt
= rcu_dereference(fnhe
->fnhe_rth_output
);
609 RCU_INIT_POINTER(fnhe
->fnhe_rth_output
, NULL
);
610 dst_dev_put(&rt
->dst
);
611 dst_release(&rt
->dst
);
615 static struct fib_nh_exception
*fnhe_oldest(struct fnhe_hash_bucket
*hash
)
617 struct fib_nh_exception
*fnhe
, *oldest
;
619 oldest
= rcu_dereference(hash
->chain
);
620 for (fnhe
= rcu_dereference(oldest
->fnhe_next
); fnhe
;
621 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
622 if (time_before(fnhe
->fnhe_stamp
, oldest
->fnhe_stamp
))
625 fnhe_flush_routes(oldest
);
629 static inline u32
fnhe_hashfun(__be32 daddr
)
631 static u32 fnhe_hashrnd __read_mostly
;
634 net_get_random_once(&fnhe_hashrnd
, sizeof(fnhe_hashrnd
));
635 hval
= jhash_1word((__force u32
) daddr
, fnhe_hashrnd
);
636 return hash_32(hval
, FNHE_HASH_SHIFT
);
639 static void fill_route_from_fnhe(struct rtable
*rt
, struct fib_nh_exception
*fnhe
)
641 rt
->rt_pmtu
= fnhe
->fnhe_pmtu
;
642 rt
->rt_mtu_locked
= fnhe
->fnhe_mtu_locked
;
643 rt
->dst
.expires
= fnhe
->fnhe_expires
;
646 rt
->rt_flags
|= RTCF_REDIRECTED
;
647 rt
->rt_gateway
= fnhe
->fnhe_gw
;
648 rt
->rt_uses_gateway
= 1;
652 static void update_or_create_fnhe(struct fib_nh
*nh
, __be32 daddr
, __be32 gw
,
653 u32 pmtu
, bool lock
, unsigned long expires
)
655 struct fnhe_hash_bucket
*hash
;
656 struct fib_nh_exception
*fnhe
;
662 genid
= fnhe_genid(dev_net(nh
->nh_dev
));
663 hval
= fnhe_hashfun(daddr
);
665 spin_lock_bh(&fnhe_lock
);
667 hash
= rcu_dereference(nh
->nh_exceptions
);
669 hash
= kzalloc(FNHE_HASH_SIZE
* sizeof(*hash
), GFP_ATOMIC
);
672 rcu_assign_pointer(nh
->nh_exceptions
, hash
);
678 for (fnhe
= rcu_dereference(hash
->chain
); fnhe
;
679 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
680 if (fnhe
->fnhe_daddr
== daddr
)
686 if (fnhe
->fnhe_genid
!= genid
)
687 fnhe
->fnhe_genid
= genid
;
691 fnhe
->fnhe_pmtu
= pmtu
;
692 fnhe
->fnhe_mtu_locked
= lock
;
694 fnhe
->fnhe_expires
= max(1UL, expires
);
695 /* Update all cached dsts too */
696 rt
= rcu_dereference(fnhe
->fnhe_rth_input
);
698 fill_route_from_fnhe(rt
, fnhe
);
699 rt
= rcu_dereference(fnhe
->fnhe_rth_output
);
701 fill_route_from_fnhe(rt
, fnhe
);
703 if (depth
> FNHE_RECLAIM_DEPTH
)
704 fnhe
= fnhe_oldest(hash
);
706 fnhe
= kzalloc(sizeof(*fnhe
), GFP_ATOMIC
);
710 fnhe
->fnhe_next
= hash
->chain
;
711 rcu_assign_pointer(hash
->chain
, fnhe
);
713 fnhe
->fnhe_genid
= genid
;
714 fnhe
->fnhe_daddr
= daddr
;
716 fnhe
->fnhe_pmtu
= pmtu
;
717 fnhe
->fnhe_mtu_locked
= lock
;
718 fnhe
->fnhe_expires
= max(1UL, expires
);
720 /* Exception created; mark the cached routes for the nexthop
721 * stale, so anyone caching it rechecks if this exception
724 rt
= rcu_dereference(nh
->nh_rth_input
);
726 rt
->dst
.obsolete
= DST_OBSOLETE_KILL
;
728 for_each_possible_cpu(i
) {
729 struct rtable __rcu
**prt
;
730 prt
= per_cpu_ptr(nh
->nh_pcpu_rth_output
, i
);
731 rt
= rcu_dereference(*prt
);
733 rt
->dst
.obsolete
= DST_OBSOLETE_KILL
;
737 fnhe
->fnhe_stamp
= jiffies
;
740 spin_unlock_bh(&fnhe_lock
);
743 static void __ip_do_redirect(struct rtable
*rt
, struct sk_buff
*skb
, struct flowi4
*fl4
,
746 __be32 new_gw
= icmp_hdr(skb
)->un
.gateway
;
747 __be32 old_gw
= ip_hdr(skb
)->saddr
;
748 struct net_device
*dev
= skb
->dev
;
749 struct in_device
*in_dev
;
750 struct fib_result res
;
754 switch (icmp_hdr(skb
)->code
& 7) {
756 case ICMP_REDIR_NETTOS
:
757 case ICMP_REDIR_HOST
:
758 case ICMP_REDIR_HOSTTOS
:
765 if (rt
->rt_gateway
!= old_gw
)
768 in_dev
= __in_dev_get_rcu(dev
);
773 if (new_gw
== old_gw
|| !IN_DEV_RX_REDIRECTS(in_dev
) ||
774 ipv4_is_multicast(new_gw
) || ipv4_is_lbcast(new_gw
) ||
775 ipv4_is_zeronet(new_gw
))
776 goto reject_redirect
;
778 if (!IN_DEV_SHARED_MEDIA(in_dev
)) {
779 if (!inet_addr_onlink(in_dev
, new_gw
, old_gw
))
780 goto reject_redirect
;
781 if (IN_DEV_SEC_REDIRECTS(in_dev
) && ip_fib_check_default(new_gw
, dev
))
782 goto reject_redirect
;
784 if (inet_addr_type(net
, new_gw
) != RTN_UNICAST
)
785 goto reject_redirect
;
788 n
= __ipv4_neigh_lookup(rt
->dst
.dev
, new_gw
);
790 n
= neigh_create(&arp_tbl
, &new_gw
, rt
->dst
.dev
);
792 if (!(n
->nud_state
& NUD_VALID
)) {
793 neigh_event_send(n
, NULL
);
795 if (fib_lookup(net
, fl4
, &res
, 0) == 0) {
796 struct fib_nh
*nh
= &FIB_RES_NH(res
);
798 update_or_create_fnhe(nh
, fl4
->daddr
, new_gw
,
800 jiffies
+ ip_rt_gc_timeout
);
803 rt
->dst
.obsolete
= DST_OBSOLETE_KILL
;
804 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE
, n
);
811 #ifdef CONFIG_IP_ROUTE_VERBOSE
812 if (IN_DEV_LOG_MARTIANS(in_dev
)) {
813 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
814 __be32 daddr
= iph
->daddr
;
815 __be32 saddr
= iph
->saddr
;
817 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
818 " Advised path = %pI4 -> %pI4\n",
819 &old_gw
, dev
->name
, &new_gw
,
826 static void ip_do_redirect(struct dst_entry
*dst
, struct sock
*sk
, struct sk_buff
*skb
)
830 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
831 struct net
*net
= dev_net(skb
->dev
);
832 int oif
= skb
->dev
->ifindex
;
833 u8 tos
= RT_TOS(iph
->tos
);
834 u8 prot
= iph
->protocol
;
835 u32 mark
= skb
->mark
;
837 rt
= (struct rtable
*) dst
;
839 __build_flow_key(net
, &fl4
, sk
, iph
, oif
, tos
, prot
, mark
, 0);
840 __ip_do_redirect(rt
, skb
, &fl4
, true);
843 static struct dst_entry
*ipv4_negative_advice(struct dst_entry
*dst
)
845 struct rtable
*rt
= (struct rtable
*)dst
;
846 struct dst_entry
*ret
= dst
;
849 if (dst
->obsolete
> 0) {
852 } else if ((rt
->rt_flags
& RTCF_REDIRECTED
) ||
863 * 1. The first ip_rt_redirect_number redirects are sent
864 * with exponential backoff, then we stop sending them at all,
865 * assuming that the host ignores our redirects.
866 * 2. If we did not see packets requiring redirects
867 * during ip_rt_redirect_silence, we assume that the host
868 * forgot redirected route and start to send redirects again.
870 * This algorithm is much cheaper and more intelligent than dumb load limiting
873 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
874 * and "frag. need" (breaks PMTU discovery) in icmp.c.
877 void ip_rt_send_redirect(struct sk_buff
*skb
)
879 struct rtable
*rt
= skb_rtable(skb
);
880 struct in_device
*in_dev
;
881 struct inet_peer
*peer
;
887 in_dev
= __in_dev_get_rcu(rt
->dst
.dev
);
888 if (!in_dev
|| !IN_DEV_TX_REDIRECTS(in_dev
)) {
892 log_martians
= IN_DEV_LOG_MARTIANS(in_dev
);
893 vif
= l3mdev_master_ifindex_rcu(rt
->dst
.dev
);
896 net
= dev_net(rt
->dst
.dev
);
897 peer
= inet_getpeer_v4(net
->ipv4
.peers
, ip_hdr(skb
)->saddr
, vif
, 1);
899 icmp_send(skb
, ICMP_REDIRECT
, ICMP_REDIR_HOST
,
900 rt_nexthop(rt
, ip_hdr(skb
)->daddr
));
904 /* No redirected packets during ip_rt_redirect_silence;
905 * reset the algorithm.
907 if (time_after(jiffies
, peer
->rate_last
+ ip_rt_redirect_silence
))
908 peer
->rate_tokens
= 0;
910 /* Too many ignored redirects; do not send anything
911 * set dst.rate_last to the last seen redirected packet.
913 if (peer
->rate_tokens
>= ip_rt_redirect_number
) {
914 peer
->rate_last
= jiffies
;
918 /* Check for load limit; set rate_last to the latest sent
921 if (peer
->rate_tokens
== 0 ||
924 (ip_rt_redirect_load
<< peer
->rate_tokens
)))) {
925 __be32 gw
= rt_nexthop(rt
, ip_hdr(skb
)->daddr
);
927 icmp_send(skb
, ICMP_REDIRECT
, ICMP_REDIR_HOST
, gw
);
928 peer
->rate_last
= jiffies
;
930 #ifdef CONFIG_IP_ROUTE_VERBOSE
932 peer
->rate_tokens
== ip_rt_redirect_number
)
933 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
934 &ip_hdr(skb
)->saddr
, inet_iif(skb
),
935 &ip_hdr(skb
)->daddr
, &gw
);
942 static int ip_error(struct sk_buff
*skb
)
944 struct in_device
*in_dev
= __in_dev_get_rcu(skb
->dev
);
945 struct rtable
*rt
= skb_rtable(skb
);
946 struct inet_peer
*peer
;
952 /* IP on this device is disabled. */
956 net
= dev_net(rt
->dst
.dev
);
957 if (!IN_DEV_FORWARD(in_dev
)) {
958 switch (rt
->dst
.error
) {
960 __IP_INC_STATS(net
, IPSTATS_MIB_INADDRERRORS
);
964 __IP_INC_STATS(net
, IPSTATS_MIB_INNOROUTES
);
970 switch (rt
->dst
.error
) {
975 code
= ICMP_HOST_UNREACH
;
978 code
= ICMP_NET_UNREACH
;
979 __IP_INC_STATS(net
, IPSTATS_MIB_INNOROUTES
);
982 code
= ICMP_PKT_FILTERED
;
986 peer
= inet_getpeer_v4(net
->ipv4
.peers
, ip_hdr(skb
)->saddr
,
987 l3mdev_master_ifindex(skb
->dev
), 1);
992 peer
->rate_tokens
+= now
- peer
->rate_last
;
993 if (peer
->rate_tokens
> ip_rt_error_burst
)
994 peer
->rate_tokens
= ip_rt_error_burst
;
995 peer
->rate_last
= now
;
996 if (peer
->rate_tokens
>= ip_rt_error_cost
)
997 peer
->rate_tokens
-= ip_rt_error_cost
;
1003 icmp_send(skb
, ICMP_DEST_UNREACH
, code
, 0);
1005 out
: kfree_skb(skb
);
1009 static void __ip_rt_update_pmtu(struct rtable
*rt
, struct flowi4
*fl4
, u32 mtu
)
1011 struct dst_entry
*dst
= &rt
->dst
;
1012 u32 old_mtu
= ipv4_mtu(dst
);
1013 struct fib_result res
;
1016 if (ip_mtu_locked(dst
))
1022 if (mtu
< ip_rt_min_pmtu
) {
1024 mtu
= min(old_mtu
, ip_rt_min_pmtu
);
1027 if (rt
->rt_pmtu
== mtu
&& !lock
&&
1028 time_before(jiffies
, dst
->expires
- ip_rt_mtu_expires
/ 2))
1032 if (fib_lookup(dev_net(dst
->dev
), fl4
, &res
, 0) == 0) {
1033 struct fib_nh
*nh
= &FIB_RES_NH(res
);
1035 update_or_create_fnhe(nh
, fl4
->daddr
, 0, mtu
, lock
,
1036 jiffies
+ ip_rt_mtu_expires
);
1041 static void ip_rt_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
1042 struct sk_buff
*skb
, u32 mtu
)
1044 struct rtable
*rt
= (struct rtable
*) dst
;
1047 ip_rt_build_flow_key(&fl4
, sk
, skb
);
1048 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1051 void ipv4_update_pmtu(struct sk_buff
*skb
, struct net
*net
, u32 mtu
,
1052 int oif
, u32 mark
, u8 protocol
, int flow_flags
)
1054 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1059 mark
= IP4_REPLY_MARK(net
, skb
->mark
);
1061 __build_flow_key(net
, &fl4
, NULL
, iph
, oif
,
1062 RT_TOS(iph
->tos
), protocol
, mark
, flow_flags
);
1063 rt
= __ip_route_output_key(net
, &fl4
);
1065 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1069 EXPORT_SYMBOL_GPL(ipv4_update_pmtu
);
1071 static void __ipv4_sk_update_pmtu(struct sk_buff
*skb
, struct sock
*sk
, u32 mtu
)
1073 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1077 __build_flow_key(sock_net(sk
), &fl4
, sk
, iph
, 0, 0, 0, 0, 0);
1079 if (!fl4
.flowi4_mark
)
1080 fl4
.flowi4_mark
= IP4_REPLY_MARK(sock_net(sk
), skb
->mark
);
1082 rt
= __ip_route_output_key(sock_net(sk
), &fl4
);
1084 __ip_rt_update_pmtu(rt
, &fl4
, mtu
);
1089 void ipv4_sk_update_pmtu(struct sk_buff
*skb
, struct sock
*sk
, u32 mtu
)
1091 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1094 struct dst_entry
*odst
= NULL
;
1096 struct net
*net
= sock_net(sk
);
1100 if (!ip_sk_accept_pmtu(sk
))
1103 odst
= sk_dst_get(sk
);
1105 if (sock_owned_by_user(sk
) || !odst
) {
1106 __ipv4_sk_update_pmtu(skb
, sk
, mtu
);
1110 __build_flow_key(net
, &fl4
, sk
, iph
, 0, 0, 0, 0, 0);
1112 rt
= (struct rtable
*)odst
;
1113 if (odst
->obsolete
&& !odst
->ops
->check(odst
, 0)) {
1114 rt
= ip_route_output_flow(sock_net(sk
), &fl4
, sk
);
1121 __ip_rt_update_pmtu((struct rtable
*) rt
->dst
.path
, &fl4
, mtu
);
1123 if (!dst_check(&rt
->dst
, 0)) {
1125 dst_release(&rt
->dst
);
1127 rt
= ip_route_output_flow(sock_net(sk
), &fl4
, sk
);
1135 sk_dst_set(sk
, &rt
->dst
);
1141 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu
);
1143 void ipv4_redirect(struct sk_buff
*skb
, struct net
*net
,
1144 int oif
, u32 mark
, u8 protocol
, int flow_flags
)
1146 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1150 __build_flow_key(net
, &fl4
, NULL
, iph
, oif
,
1151 RT_TOS(iph
->tos
), protocol
, mark
, flow_flags
);
1152 rt
= __ip_route_output_key(net
, &fl4
);
1154 __ip_do_redirect(rt
, skb
, &fl4
, false);
1158 EXPORT_SYMBOL_GPL(ipv4_redirect
);
1160 void ipv4_sk_redirect(struct sk_buff
*skb
, struct sock
*sk
)
1162 const struct iphdr
*iph
= (const struct iphdr
*) skb
->data
;
1165 struct net
*net
= sock_net(sk
);
1167 __build_flow_key(net
, &fl4
, sk
, iph
, 0, 0, 0, 0, 0);
1168 rt
= __ip_route_output_key(net
, &fl4
);
1170 __ip_do_redirect(rt
, skb
, &fl4
, false);
1174 EXPORT_SYMBOL_GPL(ipv4_sk_redirect
);
1176 static struct dst_entry
*ipv4_dst_check(struct dst_entry
*dst
, u32 cookie
)
1178 struct rtable
*rt
= (struct rtable
*) dst
;
1180 /* All IPV4 dsts are created with ->obsolete set to the value
1181 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1182 * into this function always.
1184 * When a PMTU/redirect information update invalidates a route,
1185 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1186 * DST_OBSOLETE_DEAD by dst_free().
1188 if (dst
->obsolete
!= DST_OBSOLETE_FORCE_CHK
|| rt_is_expired(rt
))
1193 static void ipv4_link_failure(struct sk_buff
*skb
)
1197 icmp_send(skb
, ICMP_DEST_UNREACH
, ICMP_HOST_UNREACH
, 0);
1199 rt
= skb_rtable(skb
);
1201 dst_set_expires(&rt
->dst
, 0);
1204 static int ip_rt_bug(struct net
*net
, struct sock
*sk
, struct sk_buff
*skb
)
1206 pr_debug("%s: %pI4 -> %pI4, %s\n",
1207 __func__
, &ip_hdr(skb
)->saddr
, &ip_hdr(skb
)->daddr
,
1208 skb
->dev
? skb
->dev
->name
: "?");
1215 We do not cache source address of outgoing interface,
1216 because it is used only by IP RR, TS and SRR options,
1217 so that it out of fast path.
1219 BTW remember: "addr" is allowed to be not aligned
1223 void ip_rt_get_source(u8
*addr
, struct sk_buff
*skb
, struct rtable
*rt
)
1227 if (rt_is_output_route(rt
))
1228 src
= ip_hdr(skb
)->saddr
;
1230 struct fib_result res
;
1236 memset(&fl4
, 0, sizeof(fl4
));
1237 fl4
.daddr
= iph
->daddr
;
1238 fl4
.saddr
= iph
->saddr
;
1239 fl4
.flowi4_tos
= RT_TOS(iph
->tos
);
1240 fl4
.flowi4_oif
= rt
->dst
.dev
->ifindex
;
1241 fl4
.flowi4_iif
= skb
->dev
->ifindex
;
1242 fl4
.flowi4_mark
= skb
->mark
;
1245 if (fib_lookup(dev_net(rt
->dst
.dev
), &fl4
, &res
, 0) == 0)
1246 src
= FIB_RES_PREFSRC(dev_net(rt
->dst
.dev
), res
);
1248 src
= inet_select_addr(rt
->dst
.dev
,
1249 rt_nexthop(rt
, iph
->daddr
),
1253 memcpy(addr
, &src
, 4);
1256 #ifdef CONFIG_IP_ROUTE_CLASSID
1257 static void set_class_tag(struct rtable
*rt
, u32 tag
)
1259 if (!(rt
->dst
.tclassid
& 0xFFFF))
1260 rt
->dst
.tclassid
|= tag
& 0xFFFF;
1261 if (!(rt
->dst
.tclassid
& 0xFFFF0000))
1262 rt
->dst
.tclassid
|= tag
& 0xFFFF0000;
1266 static unsigned int ipv4_default_advmss(const struct dst_entry
*dst
)
1268 unsigned int header_size
= sizeof(struct tcphdr
) + sizeof(struct iphdr
);
1269 unsigned int advmss
= max_t(unsigned int, ipv4_mtu(dst
) - header_size
,
1272 return min(advmss
, IPV4_MAX_PMTU
- header_size
);
1275 static unsigned int ipv4_mtu(const struct dst_entry
*dst
)
1277 const struct rtable
*rt
= (const struct rtable
*) dst
;
1278 unsigned int mtu
= rt
->rt_pmtu
;
1280 if (!mtu
|| time_after_eq(jiffies
, rt
->dst
.expires
))
1281 mtu
= dst_metric_raw(dst
, RTAX_MTU
);
1286 mtu
= READ_ONCE(dst
->dev
->mtu
);
1288 if (unlikely(ip_mtu_locked(dst
))) {
1289 if (rt
->rt_uses_gateway
&& mtu
> 576)
1293 mtu
= min_t(unsigned int, mtu
, IP_MAX_MTU
);
1295 return mtu
- lwtunnel_headroom(dst
->lwtstate
, mtu
);
1298 static void ip_del_fnhe(struct fib_nh
*nh
, __be32 daddr
)
1300 struct fnhe_hash_bucket
*hash
;
1301 struct fib_nh_exception
*fnhe
, __rcu
**fnhe_p
;
1302 u32 hval
= fnhe_hashfun(daddr
);
1304 spin_lock_bh(&fnhe_lock
);
1306 hash
= rcu_dereference_protected(nh
->nh_exceptions
,
1307 lockdep_is_held(&fnhe_lock
));
1310 fnhe_p
= &hash
->chain
;
1311 fnhe
= rcu_dereference_protected(*fnhe_p
, lockdep_is_held(&fnhe_lock
));
1313 if (fnhe
->fnhe_daddr
== daddr
) {
1314 rcu_assign_pointer(*fnhe_p
, rcu_dereference_protected(
1315 fnhe
->fnhe_next
, lockdep_is_held(&fnhe_lock
)));
1316 fnhe_flush_routes(fnhe
);
1317 kfree_rcu(fnhe
, rcu
);
1320 fnhe_p
= &fnhe
->fnhe_next
;
1321 fnhe
= rcu_dereference_protected(fnhe
->fnhe_next
,
1322 lockdep_is_held(&fnhe_lock
));
1325 spin_unlock_bh(&fnhe_lock
);
1328 static struct fib_nh_exception
*find_exception(struct fib_nh
*nh
, __be32 daddr
)
1330 struct fnhe_hash_bucket
*hash
= rcu_dereference(nh
->nh_exceptions
);
1331 struct fib_nh_exception
*fnhe
;
1337 hval
= fnhe_hashfun(daddr
);
1339 for (fnhe
= rcu_dereference(hash
[hval
].chain
); fnhe
;
1340 fnhe
= rcu_dereference(fnhe
->fnhe_next
)) {
1341 if (fnhe
->fnhe_daddr
== daddr
) {
1342 if (fnhe
->fnhe_expires
&&
1343 time_after(jiffies
, fnhe
->fnhe_expires
)) {
1344 ip_del_fnhe(nh
, daddr
);
1353 static bool rt_bind_exception(struct rtable
*rt
, struct fib_nh_exception
*fnhe
,
1354 __be32 daddr
, const bool do_cache
)
1358 spin_lock_bh(&fnhe_lock
);
1360 if (daddr
== fnhe
->fnhe_daddr
) {
1361 struct rtable __rcu
**porig
;
1362 struct rtable
*orig
;
1363 int genid
= fnhe_genid(dev_net(rt
->dst
.dev
));
1365 if (rt_is_input_route(rt
))
1366 porig
= &fnhe
->fnhe_rth_input
;
1368 porig
= &fnhe
->fnhe_rth_output
;
1369 orig
= rcu_dereference(*porig
);
1371 if (fnhe
->fnhe_genid
!= genid
) {
1372 fnhe
->fnhe_genid
= genid
;
1374 fnhe
->fnhe_pmtu
= 0;
1375 fnhe
->fnhe_expires
= 0;
1376 fnhe_flush_routes(fnhe
);
1379 fill_route_from_fnhe(rt
, fnhe
);
1380 if (!rt
->rt_gateway
)
1381 rt
->rt_gateway
= daddr
;
1385 rcu_assign_pointer(*porig
, rt
);
1387 dst_dev_put(&orig
->dst
);
1388 dst_release(&orig
->dst
);
1393 fnhe
->fnhe_stamp
= jiffies
;
1395 spin_unlock_bh(&fnhe_lock
);
1400 static bool rt_cache_route(struct fib_nh
*nh
, struct rtable
*rt
)
1402 struct rtable
*orig
, *prev
, **p
;
1405 if (rt_is_input_route(rt
)) {
1406 p
= (struct rtable
**)&nh
->nh_rth_input
;
1408 p
= (struct rtable
**)raw_cpu_ptr(nh
->nh_pcpu_rth_output
);
1412 /* hold dst before doing cmpxchg() to avoid race condition
1416 prev
= cmpxchg(p
, orig
, rt
);
1419 dst_dev_put(&orig
->dst
);
1420 dst_release(&orig
->dst
);
1423 dst_release(&rt
->dst
);
1430 struct uncached_list
{
1432 struct list_head head
;
1435 static DEFINE_PER_CPU_ALIGNED(struct uncached_list
, rt_uncached_list
);
1437 void rt_add_uncached_list(struct rtable
*rt
)
1439 struct uncached_list
*ul
= raw_cpu_ptr(&rt_uncached_list
);
1441 rt
->rt_uncached_list
= ul
;
1443 spin_lock_bh(&ul
->lock
);
1444 list_add_tail(&rt
->rt_uncached
, &ul
->head
);
1445 spin_unlock_bh(&ul
->lock
);
1448 void rt_del_uncached_list(struct rtable
*rt
)
1450 if (!list_empty(&rt
->rt_uncached
)) {
1451 struct uncached_list
*ul
= rt
->rt_uncached_list
;
1453 spin_lock_bh(&ul
->lock
);
1454 list_del(&rt
->rt_uncached
);
1455 spin_unlock_bh(&ul
->lock
);
1459 static void ipv4_dst_destroy(struct dst_entry
*dst
)
1461 struct dst_metrics
*p
= (struct dst_metrics
*)DST_METRICS_PTR(dst
);
1462 struct rtable
*rt
= (struct rtable
*)dst
;
1464 if (p
!= &dst_default_metrics
&& refcount_dec_and_test(&p
->refcnt
))
1467 rt_del_uncached_list(rt
);
1470 void rt_flush_dev(struct net_device
*dev
)
1472 struct net
*net
= dev_net(dev
);
1476 for_each_possible_cpu(cpu
) {
1477 struct uncached_list
*ul
= &per_cpu(rt_uncached_list
, cpu
);
1479 spin_lock_bh(&ul
->lock
);
1480 list_for_each_entry(rt
, &ul
->head
, rt_uncached
) {
1481 if (rt
->dst
.dev
!= dev
)
1483 rt
->dst
.dev
= net
->loopback_dev
;
1484 dev_hold(rt
->dst
.dev
);
1487 spin_unlock_bh(&ul
->lock
);
1491 static bool rt_cache_valid(const struct rtable
*rt
)
1494 rt
->dst
.obsolete
== DST_OBSOLETE_FORCE_CHK
&&
1498 static void rt_set_nexthop(struct rtable
*rt
, __be32 daddr
,
1499 const struct fib_result
*res
,
1500 struct fib_nh_exception
*fnhe
,
1501 struct fib_info
*fi
, u16 type
, u32 itag
,
1502 const bool do_cache
)
1504 bool cached
= false;
1507 struct fib_nh
*nh
= &FIB_RES_NH(*res
);
1509 if (nh
->nh_gw
&& nh
->nh_scope
== RT_SCOPE_LINK
) {
1510 rt
->rt_gateway
= nh
->nh_gw
;
1511 rt
->rt_uses_gateway
= 1;
1513 dst_init_metrics(&rt
->dst
, fi
->fib_metrics
->metrics
, true);
1514 if (fi
->fib_metrics
!= &dst_default_metrics
) {
1515 rt
->dst
._metrics
|= DST_METRICS_REFCOUNTED
;
1516 refcount_inc(&fi
->fib_metrics
->refcnt
);
1518 #ifdef CONFIG_IP_ROUTE_CLASSID
1519 rt
->dst
.tclassid
= nh
->nh_tclassid
;
1521 rt
->dst
.lwtstate
= lwtstate_get(nh
->nh_lwtstate
);
1523 cached
= rt_bind_exception(rt
, fnhe
, daddr
, do_cache
);
1525 cached
= rt_cache_route(nh
, rt
);
1526 if (unlikely(!cached
)) {
1527 /* Routes we intend to cache in nexthop exception or
1528 * FIB nexthop have the DST_NOCACHE bit clear.
1529 * However, if we are unsuccessful at storing this
1530 * route into the cache we really need to set it.
1532 if (!rt
->rt_gateway
)
1533 rt
->rt_gateway
= daddr
;
1534 rt_add_uncached_list(rt
);
1537 rt_add_uncached_list(rt
);
1539 #ifdef CONFIG_IP_ROUTE_CLASSID
1540 #ifdef CONFIG_IP_MULTIPLE_TABLES
1541 set_class_tag(rt
, res
->tclassid
);
1543 set_class_tag(rt
, itag
);
1547 struct rtable
*rt_dst_alloc(struct net_device
*dev
,
1548 unsigned int flags
, u16 type
,
1549 bool nopolicy
, bool noxfrm
, bool will_cache
)
1553 rt
= dst_alloc(&ipv4_dst_ops
, dev
, 1, DST_OBSOLETE_FORCE_CHK
,
1554 (will_cache
? 0 : DST_HOST
) |
1555 (nopolicy
? DST_NOPOLICY
: 0) |
1556 (noxfrm
? DST_NOXFRM
: 0));
1559 rt
->rt_genid
= rt_genid_ipv4(dev_net(dev
));
1560 rt
->rt_flags
= flags
;
1562 rt
->rt_is_input
= 0;
1565 rt
->rt_mtu_locked
= 0;
1567 rt
->rt_uses_gateway
= 0;
1568 rt
->rt_table_id
= 0;
1569 INIT_LIST_HEAD(&rt
->rt_uncached
);
1571 rt
->dst
.output
= ip_output
;
1572 if (flags
& RTCF_LOCAL
)
1573 rt
->dst
.input
= ip_local_deliver
;
1578 EXPORT_SYMBOL(rt_dst_alloc
);
1580 /* called in rcu_read_lock() section */
1581 int ip_mc_validate_source(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
1582 u8 tos
, struct net_device
*dev
,
1583 struct in_device
*in_dev
, u32
*itag
)
1587 /* Primary sanity checks. */
1591 if (ipv4_is_multicast(saddr
) || ipv4_is_lbcast(saddr
) ||
1592 skb
->protocol
!= htons(ETH_P_IP
))
1595 if (ipv4_is_loopback(saddr
) && !IN_DEV_ROUTE_LOCALNET(in_dev
))
1598 if (ipv4_is_zeronet(saddr
)) {
1599 if (!ipv4_is_local_multicast(daddr
))
1602 err
= fib_validate_source(skb
, saddr
, 0, tos
, 0, dev
,
1610 /* called in rcu_read_lock() section */
1611 static int ip_route_input_mc(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
1612 u8 tos
, struct net_device
*dev
, int our
)
1614 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
1615 unsigned int flags
= RTCF_MULTICAST
;
1620 err
= ip_mc_validate_source(skb
, daddr
, saddr
, tos
, dev
, in_dev
, &itag
);
1625 flags
|= RTCF_LOCAL
;
1627 rth
= rt_dst_alloc(dev_net(dev
)->loopback_dev
, flags
, RTN_MULTICAST
,
1628 IN_DEV_CONF_GET(in_dev
, NOPOLICY
), false, false);
1632 #ifdef CONFIG_IP_ROUTE_CLASSID
1633 rth
->dst
.tclassid
= itag
;
1635 rth
->dst
.output
= ip_rt_bug
;
1636 rth
->rt_is_input
= 1;
1638 #ifdef CONFIG_IP_MROUTE
1639 if (!ipv4_is_local_multicast(daddr
) && IN_DEV_MFORWARD(in_dev
))
1640 rth
->dst
.input
= ip_mr_input
;
1642 RT_CACHE_STAT_INC(in_slow_mc
);
1644 skb_dst_set(skb
, &rth
->dst
);
1649 static void ip_handle_martian_source(struct net_device
*dev
,
1650 struct in_device
*in_dev
,
1651 struct sk_buff
*skb
,
1655 RT_CACHE_STAT_INC(in_martian_src
);
1656 #ifdef CONFIG_IP_ROUTE_VERBOSE
1657 if (IN_DEV_LOG_MARTIANS(in_dev
) && net_ratelimit()) {
1659 * RFC1812 recommendation, if source is martian,
1660 * the only hint is MAC header.
1662 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1663 &daddr
, &saddr
, dev
->name
);
1664 if (dev
->hard_header_len
&& skb_mac_header_was_set(skb
)) {
1665 print_hex_dump(KERN_WARNING
, "ll header: ",
1666 DUMP_PREFIX_OFFSET
, 16, 1,
1667 skb_mac_header(skb
),
1668 dev
->hard_header_len
, true);
1674 static void set_lwt_redirect(struct rtable
*rth
)
1676 if (lwtunnel_output_redirect(rth
->dst
.lwtstate
)) {
1677 rth
->dst
.lwtstate
->orig_output
= rth
->dst
.output
;
1678 rth
->dst
.output
= lwtunnel_output
;
1681 if (lwtunnel_input_redirect(rth
->dst
.lwtstate
)) {
1682 rth
->dst
.lwtstate
->orig_input
= rth
->dst
.input
;
1683 rth
->dst
.input
= lwtunnel_input
;
1687 /* called in rcu_read_lock() section */
1688 static int __mkroute_input(struct sk_buff
*skb
,
1689 const struct fib_result
*res
,
1690 struct in_device
*in_dev
,
1691 __be32 daddr
, __be32 saddr
, u32 tos
)
1693 struct fib_nh_exception
*fnhe
;
1696 struct in_device
*out_dev
;
1700 /* get a working reference to the output device */
1701 out_dev
= __in_dev_get_rcu(FIB_RES_DEV(*res
));
1703 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1707 err
= fib_validate_source(skb
, saddr
, daddr
, tos
, FIB_RES_OIF(*res
),
1708 in_dev
->dev
, in_dev
, &itag
);
1710 ip_handle_martian_source(in_dev
->dev
, in_dev
, skb
, daddr
,
1716 do_cache
= res
->fi
&& !itag
;
1717 if (out_dev
== in_dev
&& err
&& IN_DEV_TX_REDIRECTS(out_dev
) &&
1718 skb
->protocol
== htons(ETH_P_IP
) &&
1719 (IN_DEV_SHARED_MEDIA(out_dev
) ||
1720 inet_addr_onlink(out_dev
, saddr
, FIB_RES_GW(*res
))))
1721 IPCB(skb
)->flags
|= IPSKB_DOREDIRECT
;
1723 if (skb
->protocol
!= htons(ETH_P_IP
)) {
1724 /* Not IP (i.e. ARP). Do not create route, if it is
1725 * invalid for proxy arp. DNAT routes are always valid.
1727 * Proxy arp feature have been extended to allow, ARP
1728 * replies back to the same interface, to support
1729 * Private VLAN switch technologies. See arp.c.
1731 if (out_dev
== in_dev
&&
1732 IN_DEV_PROXY_ARP_PVLAN(in_dev
) == 0) {
1738 fnhe
= find_exception(&FIB_RES_NH(*res
), daddr
);
1741 rth
= rcu_dereference(fnhe
->fnhe_rth_input
);
1743 rth
= rcu_dereference(FIB_RES_NH(*res
).nh_rth_input
);
1744 if (rt_cache_valid(rth
)) {
1745 skb_dst_set_noref(skb
, &rth
->dst
);
1750 rth
= rt_dst_alloc(out_dev
->dev
, 0, res
->type
,
1751 IN_DEV_CONF_GET(in_dev
, NOPOLICY
),
1752 IN_DEV_CONF_GET(out_dev
, NOXFRM
), do_cache
);
1758 rth
->rt_is_input
= 1;
1760 rth
->rt_table_id
= res
->table
->tb_id
;
1761 RT_CACHE_STAT_INC(in_slow_tot
);
1763 rth
->dst
.input
= ip_forward
;
1765 rt_set_nexthop(rth
, daddr
, res
, fnhe
, res
->fi
, res
->type
, itag
,
1767 set_lwt_redirect(rth
);
1768 skb_dst_set(skb
, &rth
->dst
);
1775 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1776 /* To make ICMP packets follow the right flow, the multipath hash is
1777 * calculated from the inner IP addresses.
1779 static void ip_multipath_l3_keys(const struct sk_buff
*skb
,
1780 struct flow_keys
*hash_keys
)
1782 const struct iphdr
*outer_iph
= ip_hdr(skb
);
1783 const struct iphdr
*inner_iph
;
1784 const struct icmphdr
*icmph
;
1785 struct iphdr _inner_iph
;
1786 struct icmphdr _icmph
;
1788 hash_keys
->addrs
.v4addrs
.src
= outer_iph
->saddr
;
1789 hash_keys
->addrs
.v4addrs
.dst
= outer_iph
->daddr
;
1790 if (likely(outer_iph
->protocol
!= IPPROTO_ICMP
))
1793 if (unlikely((outer_iph
->frag_off
& htons(IP_OFFSET
)) != 0))
1796 icmph
= skb_header_pointer(skb
, outer_iph
->ihl
* 4, sizeof(_icmph
),
1801 if (icmph
->type
!= ICMP_DEST_UNREACH
&&
1802 icmph
->type
!= ICMP_REDIRECT
&&
1803 icmph
->type
!= ICMP_TIME_EXCEEDED
&&
1804 icmph
->type
!= ICMP_PARAMETERPROB
)
1807 inner_iph
= skb_header_pointer(skb
,
1808 outer_iph
->ihl
* 4 + sizeof(_icmph
),
1809 sizeof(_inner_iph
), &_inner_iph
);
1812 hash_keys
->addrs
.v4addrs
.src
= inner_iph
->saddr
;
1813 hash_keys
->addrs
.v4addrs
.dst
= inner_iph
->daddr
;
1816 /* if skb is set it will be used and fl4 can be NULL */
1817 int fib_multipath_hash(const struct fib_info
*fi
, const struct flowi4
*fl4
,
1818 const struct sk_buff
*skb
)
1820 struct net
*net
= fi
->fib_net
;
1821 struct flow_keys hash_keys
;
1824 switch (net
->ipv4
.sysctl_fib_multipath_hash_policy
) {
1826 memset(&hash_keys
, 0, sizeof(hash_keys
));
1827 hash_keys
.control
.addr_type
= FLOW_DISSECTOR_KEY_IPV4_ADDRS
;
1829 ip_multipath_l3_keys(skb
, &hash_keys
);
1831 hash_keys
.addrs
.v4addrs
.src
= fl4
->saddr
;
1832 hash_keys
.addrs
.v4addrs
.dst
= fl4
->daddr
;
1836 /* skb is currently provided only when forwarding */
1838 unsigned int flag
= FLOW_DISSECTOR_F_STOP_AT_ENCAP
;
1839 struct flow_keys keys
;
1841 /* short-circuit if we already have L4 hash present */
1843 return skb_get_hash_raw(skb
) >> 1;
1844 memset(&hash_keys
, 0, sizeof(hash_keys
));
1845 skb_flow_dissect_flow_keys(skb
, &keys
, flag
);
1847 hash_keys
.control
.addr_type
= FLOW_DISSECTOR_KEY_IPV4_ADDRS
;
1848 hash_keys
.addrs
.v4addrs
.src
= keys
.addrs
.v4addrs
.src
;
1849 hash_keys
.addrs
.v4addrs
.dst
= keys
.addrs
.v4addrs
.dst
;
1850 hash_keys
.ports
.src
= keys
.ports
.src
;
1851 hash_keys
.ports
.dst
= keys
.ports
.dst
;
1852 hash_keys
.basic
.ip_proto
= keys
.basic
.ip_proto
;
1854 memset(&hash_keys
, 0, sizeof(hash_keys
));
1855 hash_keys
.control
.addr_type
= FLOW_DISSECTOR_KEY_IPV4_ADDRS
;
1856 hash_keys
.addrs
.v4addrs
.src
= fl4
->saddr
;
1857 hash_keys
.addrs
.v4addrs
.dst
= fl4
->daddr
;
1858 hash_keys
.ports
.src
= fl4
->fl4_sport
;
1859 hash_keys
.ports
.dst
= fl4
->fl4_dport
;
1860 hash_keys
.basic
.ip_proto
= fl4
->flowi4_proto
;
1864 mhash
= flow_hash_from_keys(&hash_keys
);
1868 EXPORT_SYMBOL_GPL(fib_multipath_hash
);
1869 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
1871 static int ip_mkroute_input(struct sk_buff
*skb
,
1872 struct fib_result
*res
,
1873 struct in_device
*in_dev
,
1874 __be32 daddr
, __be32 saddr
, u32 tos
)
1876 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1877 if (res
->fi
&& res
->fi
->fib_nhs
> 1) {
1878 int h
= fib_multipath_hash(res
->fi
, NULL
, skb
);
1880 fib_select_multipath(res
, h
);
1884 /* create a routing cache entry */
1885 return __mkroute_input(skb
, res
, in_dev
, daddr
, saddr
, tos
);
1889 * NOTE. We drop all the packets that has local source
1890 * addresses, because every properly looped back packet
1891 * must have correct destination already attached by output routine.
1893 * Such approach solves two big problems:
1894 * 1. Not simplex devices are handled properly.
1895 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1896 * called with rcu_read_lock()
1899 static int ip_route_input_slow(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
1900 u8 tos
, struct net_device
*dev
,
1901 struct fib_result
*res
)
1903 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
1904 struct ip_tunnel_info
*tun_info
;
1906 unsigned int flags
= 0;
1910 struct net
*net
= dev_net(dev
);
1913 /* IP on this device is disabled. */
1918 /* Check for the most weird martians, which can be not detected
1922 tun_info
= skb_tunnel_info(skb
);
1923 if (tun_info
&& !(tun_info
->mode
& IP_TUNNEL_INFO_TX
))
1924 fl4
.flowi4_tun_key
.tun_id
= tun_info
->key
.tun_id
;
1926 fl4
.flowi4_tun_key
.tun_id
= 0;
1929 if (ipv4_is_multicast(saddr
) || ipv4_is_lbcast(saddr
))
1930 goto martian_source
;
1934 if (ipv4_is_lbcast(daddr
) || (saddr
== 0 && daddr
== 0))
1937 /* Accept zero addresses only to limited broadcast;
1938 * I even do not know to fix it or not. Waiting for complains :-)
1940 if (ipv4_is_zeronet(saddr
))
1941 goto martian_source
;
1943 if (ipv4_is_zeronet(daddr
))
1944 goto martian_destination
;
1946 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1947 * and call it once if daddr or/and saddr are loopback addresses
1949 if (ipv4_is_loopback(daddr
)) {
1950 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev
, net
))
1951 goto martian_destination
;
1952 } else if (ipv4_is_loopback(saddr
)) {
1953 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev
, net
))
1954 goto martian_source
;
1958 * Now we are ready to route packet.
1961 fl4
.flowi4_iif
= dev
->ifindex
;
1962 fl4
.flowi4_mark
= skb
->mark
;
1963 fl4
.flowi4_tos
= tos
;
1964 fl4
.flowi4_scope
= RT_SCOPE_UNIVERSE
;
1965 fl4
.flowi4_flags
= 0;
1968 fl4
.flowi4_uid
= sock_net_uid(net
, NULL
);
1969 err
= fib_lookup(net
, &fl4
, res
, 0);
1971 if (!IN_DEV_FORWARD(in_dev
))
1972 err
= -EHOSTUNREACH
;
1976 if (res
->type
== RTN_BROADCAST
)
1979 if (res
->type
== RTN_LOCAL
) {
1980 err
= fib_validate_source(skb
, saddr
, daddr
, tos
,
1981 0, dev
, in_dev
, &itag
);
1983 goto martian_source
;
1987 if (!IN_DEV_FORWARD(in_dev
)) {
1988 err
= -EHOSTUNREACH
;
1991 if (res
->type
!= RTN_UNICAST
)
1992 goto martian_destination
;
1994 err
= ip_mkroute_input(skb
, res
, in_dev
, daddr
, saddr
, tos
);
1998 if (skb
->protocol
!= htons(ETH_P_IP
))
2001 if (!ipv4_is_zeronet(saddr
)) {
2002 err
= fib_validate_source(skb
, saddr
, 0, tos
, 0, dev
,
2005 goto martian_source
;
2007 flags
|= RTCF_BROADCAST
;
2008 res
->type
= RTN_BROADCAST
;
2009 RT_CACHE_STAT_INC(in_brd
);
2015 rth
= rcu_dereference(FIB_RES_NH(*res
).nh_rth_input
);
2016 if (rt_cache_valid(rth
)) {
2017 skb_dst_set_noref(skb
, &rth
->dst
);
2025 rth
= rt_dst_alloc(l3mdev_master_dev_rcu(dev
) ? : net
->loopback_dev
,
2026 flags
| RTCF_LOCAL
, res
->type
,
2027 IN_DEV_CONF_GET(in_dev
, NOPOLICY
), false, do_cache
);
2031 rth
->dst
.output
= ip_rt_bug
;
2032 #ifdef CONFIG_IP_ROUTE_CLASSID
2033 rth
->dst
.tclassid
= itag
;
2035 rth
->rt_is_input
= 1;
2037 rth
->rt_table_id
= res
->table
->tb_id
;
2039 RT_CACHE_STAT_INC(in_slow_tot
);
2040 if (res
->type
== RTN_UNREACHABLE
) {
2041 rth
->dst
.input
= ip_error
;
2042 rth
->dst
.error
= -err
;
2043 rth
->rt_flags
&= ~RTCF_LOCAL
;
2047 struct fib_nh
*nh
= &FIB_RES_NH(*res
);
2049 rth
->dst
.lwtstate
= lwtstate_get(nh
->nh_lwtstate
);
2050 if (lwtunnel_input_redirect(rth
->dst
.lwtstate
)) {
2051 WARN_ON(rth
->dst
.input
== lwtunnel_input
);
2052 rth
->dst
.lwtstate
->orig_input
= rth
->dst
.input
;
2053 rth
->dst
.input
= lwtunnel_input
;
2056 if (unlikely(!rt_cache_route(nh
, rth
)))
2057 rt_add_uncached_list(rth
);
2059 skb_dst_set(skb
, &rth
->dst
);
2064 RT_CACHE_STAT_INC(in_no_route
);
2065 res
->type
= RTN_UNREACHABLE
;
2071 * Do not cache martian addresses: they should be logged (RFC1812)
2073 martian_destination
:
2074 RT_CACHE_STAT_INC(in_martian_dst
);
2075 #ifdef CONFIG_IP_ROUTE_VERBOSE
2076 if (IN_DEV_LOG_MARTIANS(in_dev
))
2077 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2078 &daddr
, &saddr
, dev
->name
);
2090 ip_handle_martian_source(dev
, in_dev
, skb
, daddr
, saddr
);
2094 int ip_route_input_noref(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
2095 u8 tos
, struct net_device
*dev
)
2097 struct fib_result res
;
2100 tos
&= IPTOS_RT_MASK
;
2102 err
= ip_route_input_rcu(skb
, daddr
, saddr
, tos
, dev
, &res
);
2107 EXPORT_SYMBOL(ip_route_input_noref
);
2109 /* called with rcu_read_lock held */
2110 int ip_route_input_rcu(struct sk_buff
*skb
, __be32 daddr
, __be32 saddr
,
2111 u8 tos
, struct net_device
*dev
, struct fib_result
*res
)
2113 /* Multicast recognition logic is moved from route cache to here.
2114 The problem was that too many Ethernet cards have broken/missing
2115 hardware multicast filters :-( As result the host on multicasting
2116 network acquires a lot of useless route cache entries, sort of
2117 SDR messages from all the world. Now we try to get rid of them.
2118 Really, provided software IP multicast filter is organized
2119 reasonably (at least, hashed), it does not result in a slowdown
2120 comparing with route cache reject entries.
2121 Note, that multicast routers are not affected, because
2122 route cache entry is created eventually.
2124 if (ipv4_is_multicast(daddr
)) {
2125 struct in_device
*in_dev
= __in_dev_get_rcu(dev
);
2130 our
= ip_check_mc_rcu(in_dev
, daddr
, saddr
,
2131 ip_hdr(skb
)->protocol
);
2133 /* check l3 master if no match yet */
2134 if ((!in_dev
|| !our
) && netif_is_l3_slave(dev
)) {
2135 struct in_device
*l3_in_dev
;
2137 l3_in_dev
= __in_dev_get_rcu(skb
->dev
);
2139 our
= ip_check_mc_rcu(l3_in_dev
, daddr
, saddr
,
2140 ip_hdr(skb
)->protocol
);
2144 #ifdef CONFIG_IP_MROUTE
2146 (!ipv4_is_local_multicast(daddr
) &&
2147 IN_DEV_MFORWARD(in_dev
))
2150 err
= ip_route_input_mc(skb
, daddr
, saddr
,
2156 return ip_route_input_slow(skb
, daddr
, saddr
, tos
, dev
, res
);
2159 /* called with rcu_read_lock() */
2160 static struct rtable
*__mkroute_output(const struct fib_result
*res
,
2161 const struct flowi4
*fl4
, int orig_oif
,
2162 struct net_device
*dev_out
,
2165 struct fib_info
*fi
= res
->fi
;
2166 struct fib_nh_exception
*fnhe
;
2167 struct in_device
*in_dev
;
2168 u16 type
= res
->type
;
2172 in_dev
= __in_dev_get_rcu(dev_out
);
2174 return ERR_PTR(-EINVAL
);
2176 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev
)))
2177 if (ipv4_is_loopback(fl4
->saddr
) &&
2178 !(dev_out
->flags
& IFF_LOOPBACK
) &&
2179 !netif_is_l3_master(dev_out
))
2180 return ERR_PTR(-EINVAL
);
2182 if (ipv4_is_lbcast(fl4
->daddr
))
2183 type
= RTN_BROADCAST
;
2184 else if (ipv4_is_multicast(fl4
->daddr
))
2185 type
= RTN_MULTICAST
;
2186 else if (ipv4_is_zeronet(fl4
->daddr
))
2187 return ERR_PTR(-EINVAL
);
2189 if (dev_out
->flags
& IFF_LOOPBACK
)
2190 flags
|= RTCF_LOCAL
;
2193 if (type
== RTN_BROADCAST
) {
2194 flags
|= RTCF_BROADCAST
| RTCF_LOCAL
;
2196 } else if (type
== RTN_MULTICAST
) {
2197 flags
|= RTCF_MULTICAST
| RTCF_LOCAL
;
2198 if (!ip_check_mc_rcu(in_dev
, fl4
->daddr
, fl4
->saddr
,
2200 flags
&= ~RTCF_LOCAL
;
2203 /* If multicast route do not exist use
2204 * default one, but do not gateway in this case.
2207 if (fi
&& res
->prefixlen
< 4)
2209 } else if ((type
== RTN_LOCAL
) && (orig_oif
!= 0) &&
2210 (orig_oif
!= dev_out
->ifindex
)) {
2211 /* For local routes that require a particular output interface
2212 * we do not want to cache the result. Caching the result
2213 * causes incorrect behaviour when there are multiple source
2214 * addresses on the interface, the end result being that if the
2215 * intended recipient is waiting on that interface for the
2216 * packet he won't receive it because it will be delivered on
2217 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2218 * be set to the loopback interface as well.
2224 do_cache
&= fi
!= NULL
;
2226 struct rtable __rcu
**prth
;
2227 struct fib_nh
*nh
= &FIB_RES_NH(*res
);
2229 fnhe
= find_exception(nh
, fl4
->daddr
);
2233 prth
= &fnhe
->fnhe_rth_output
;
2235 if (unlikely(fl4
->flowi4_flags
&
2236 FLOWI_FLAG_KNOWN_NH
&&
2238 nh
->nh_scope
== RT_SCOPE_LINK
))) {
2242 prth
= raw_cpu_ptr(nh
->nh_pcpu_rth_output
);
2244 rth
= rcu_dereference(*prth
);
2245 if (rt_cache_valid(rth
) && dst_hold_safe(&rth
->dst
))
2250 rth
= rt_dst_alloc(dev_out
, flags
, type
,
2251 IN_DEV_CONF_GET(in_dev
, NOPOLICY
),
2252 IN_DEV_CONF_GET(in_dev
, NOXFRM
),
2255 return ERR_PTR(-ENOBUFS
);
2257 rth
->rt_iif
= orig_oif
;
2259 rth
->rt_table_id
= res
->table
->tb_id
;
2261 RT_CACHE_STAT_INC(out_slow_tot
);
2263 if (flags
& (RTCF_BROADCAST
| RTCF_MULTICAST
)) {
2264 if (flags
& RTCF_LOCAL
&&
2265 !(dev_out
->flags
& IFF_LOOPBACK
)) {
2266 rth
->dst
.output
= ip_mc_output
;
2267 RT_CACHE_STAT_INC(out_slow_mc
);
2269 #ifdef CONFIG_IP_MROUTE
2270 if (type
== RTN_MULTICAST
) {
2271 if (IN_DEV_MFORWARD(in_dev
) &&
2272 !ipv4_is_local_multicast(fl4
->daddr
)) {
2273 rth
->dst
.input
= ip_mr_input
;
2274 rth
->dst
.output
= ip_mc_output
;
2280 rt_set_nexthop(rth
, fl4
->daddr
, res
, fnhe
, fi
, type
, 0, do_cache
);
2281 set_lwt_redirect(rth
);
2287 * Major route resolver routine.
2290 struct rtable
*ip_route_output_key_hash(struct net
*net
, struct flowi4
*fl4
,
2291 const struct sk_buff
*skb
)
2293 __u8 tos
= RT_FL_TOS(fl4
);
2294 struct fib_result res
= {
2302 fl4
->flowi4_iif
= LOOPBACK_IFINDEX
;
2303 fl4
->flowi4_tos
= tos
& IPTOS_RT_MASK
;
2304 fl4
->flowi4_scope
= ((tos
& RTO_ONLINK
) ?
2305 RT_SCOPE_LINK
: RT_SCOPE_UNIVERSE
);
2308 rth
= ip_route_output_key_hash_rcu(net
, fl4
, &res
, skb
);
2313 EXPORT_SYMBOL_GPL(ip_route_output_key_hash
);
2315 struct rtable
*ip_route_output_key_hash_rcu(struct net
*net
, struct flowi4
*fl4
,
2316 struct fib_result
*res
,
2317 const struct sk_buff
*skb
)
2319 struct net_device
*dev_out
= NULL
;
2320 int orig_oif
= fl4
->flowi4_oif
;
2321 unsigned int flags
= 0;
2323 int err
= -ENETUNREACH
;
2326 rth
= ERR_PTR(-EINVAL
);
2327 if (ipv4_is_multicast(fl4
->saddr
) ||
2328 ipv4_is_lbcast(fl4
->saddr
) ||
2329 ipv4_is_zeronet(fl4
->saddr
))
2332 /* I removed check for oif == dev_out->oif here.
2333 It was wrong for two reasons:
2334 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2335 is assigned to multiple interfaces.
2336 2. Moreover, we are allowed to send packets with saddr
2337 of another iface. --ANK
2340 if (fl4
->flowi4_oif
== 0 &&
2341 (ipv4_is_multicast(fl4
->daddr
) ||
2342 ipv4_is_lbcast(fl4
->daddr
))) {
2343 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2344 dev_out
= __ip_dev_find(net
, fl4
->saddr
, false);
2348 /* Special hack: user can direct multicasts
2349 and limited broadcast via necessary interface
2350 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2351 This hack is not just for fun, it allows
2352 vic,vat and friends to work.
2353 They bind socket to loopback, set ttl to zero
2354 and expect that it will work.
2355 From the viewpoint of routing cache they are broken,
2356 because we are not allowed to build multicast path
2357 with loopback source addr (look, routing cache
2358 cannot know, that ttl is zero, so that packet
2359 will not leave this host and route is valid).
2360 Luckily, this hack is good workaround.
2363 fl4
->flowi4_oif
= dev_out
->ifindex
;
2367 if (!(fl4
->flowi4_flags
& FLOWI_FLAG_ANYSRC
)) {
2368 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2369 if (!__ip_dev_find(net
, fl4
->saddr
, false))
2375 if (fl4
->flowi4_oif
) {
2376 dev_out
= dev_get_by_index_rcu(net
, fl4
->flowi4_oif
);
2377 rth
= ERR_PTR(-ENODEV
);
2381 /* RACE: Check return value of inet_select_addr instead. */
2382 if (!(dev_out
->flags
& IFF_UP
) || !__in_dev_get_rcu(dev_out
)) {
2383 rth
= ERR_PTR(-ENETUNREACH
);
2386 if (ipv4_is_local_multicast(fl4
->daddr
) ||
2387 ipv4_is_lbcast(fl4
->daddr
) ||
2388 fl4
->flowi4_proto
== IPPROTO_IGMP
) {
2390 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2395 if (ipv4_is_multicast(fl4
->daddr
))
2396 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2398 else if (!fl4
->daddr
)
2399 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2405 fl4
->daddr
= fl4
->saddr
;
2407 fl4
->daddr
= fl4
->saddr
= htonl(INADDR_LOOPBACK
);
2408 dev_out
= net
->loopback_dev
;
2409 fl4
->flowi4_oif
= LOOPBACK_IFINDEX
;
2410 res
->type
= RTN_LOCAL
;
2411 flags
|= RTCF_LOCAL
;
2415 err
= fib_lookup(net
, fl4
, res
, 0);
2419 if (fl4
->flowi4_oif
&&
2420 (ipv4_is_multicast(fl4
->daddr
) ||
2421 !netif_index_is_l3_master(net
, fl4
->flowi4_oif
))) {
2422 /* Apparently, routing tables are wrong. Assume,
2423 that the destination is on link.
2426 Because we are allowed to send to iface
2427 even if it has NO routes and NO assigned
2428 addresses. When oif is specified, routing
2429 tables are looked up with only one purpose:
2430 to catch if destination is gatewayed, rather than
2431 direct. Moreover, if MSG_DONTROUTE is set,
2432 we send packet, ignoring both routing tables
2433 and ifaddr state. --ANK
2436 We could make it even if oif is unknown,
2437 likely IPv6, but we do not.
2440 if (fl4
->saddr
== 0)
2441 fl4
->saddr
= inet_select_addr(dev_out
, 0,
2443 res
->type
= RTN_UNICAST
;
2450 if (res
->type
== RTN_LOCAL
) {
2452 if (res
->fi
->fib_prefsrc
)
2453 fl4
->saddr
= res
->fi
->fib_prefsrc
;
2455 fl4
->saddr
= fl4
->daddr
;
2458 /* L3 master device is the loopback for that domain */
2459 dev_out
= l3mdev_master_dev_rcu(FIB_RES_DEV(*res
)) ? :
2462 /* make sure orig_oif points to fib result device even
2463 * though packet rx/tx happens over loopback or l3mdev
2465 orig_oif
= FIB_RES_OIF(*res
);
2467 fl4
->flowi4_oif
= dev_out
->ifindex
;
2468 flags
|= RTCF_LOCAL
;
2472 fib_select_path(net
, res
, fl4
, skb
);
2474 dev_out
= FIB_RES_DEV(*res
);
2475 fl4
->flowi4_oif
= dev_out
->ifindex
;
2479 rth
= __mkroute_output(res
, fl4
, orig_oif
, dev_out
, flags
);
2485 static struct dst_entry
*ipv4_blackhole_dst_check(struct dst_entry
*dst
, u32 cookie
)
2490 static unsigned int ipv4_blackhole_mtu(const struct dst_entry
*dst
)
2492 unsigned int mtu
= dst_metric_raw(dst
, RTAX_MTU
);
2494 return mtu
? : dst
->dev
->mtu
;
2497 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry
*dst
, struct sock
*sk
,
2498 struct sk_buff
*skb
, u32 mtu
)
2502 static void ipv4_rt_blackhole_redirect(struct dst_entry
*dst
, struct sock
*sk
,
2503 struct sk_buff
*skb
)
2507 static u32
*ipv4_rt_blackhole_cow_metrics(struct dst_entry
*dst
,
2513 static struct dst_ops ipv4_dst_blackhole_ops
= {
2515 .check
= ipv4_blackhole_dst_check
,
2516 .mtu
= ipv4_blackhole_mtu
,
2517 .default_advmss
= ipv4_default_advmss
,
2518 .update_pmtu
= ipv4_rt_blackhole_update_pmtu
,
2519 .redirect
= ipv4_rt_blackhole_redirect
,
2520 .cow_metrics
= ipv4_rt_blackhole_cow_metrics
,
2521 .neigh_lookup
= ipv4_neigh_lookup
,
2524 struct dst_entry
*ipv4_blackhole_route(struct net
*net
, struct dst_entry
*dst_orig
)
2526 struct rtable
*ort
= (struct rtable
*) dst_orig
;
2529 rt
= dst_alloc(&ipv4_dst_blackhole_ops
, NULL
, 1, DST_OBSOLETE_DEAD
, 0);
2531 struct dst_entry
*new = &rt
->dst
;
2534 new->input
= dst_discard
;
2535 new->output
= dst_discard_out
;
2537 new->dev
= net
->loopback_dev
;
2541 rt
->rt_is_input
= ort
->rt_is_input
;
2542 rt
->rt_iif
= ort
->rt_iif
;
2543 rt
->rt_pmtu
= ort
->rt_pmtu
;
2544 rt
->rt_mtu_locked
= ort
->rt_mtu_locked
;
2546 rt
->rt_genid
= rt_genid_ipv4(net
);
2547 rt
->rt_flags
= ort
->rt_flags
;
2548 rt
->rt_type
= ort
->rt_type
;
2549 rt
->rt_gateway
= ort
->rt_gateway
;
2550 rt
->rt_uses_gateway
= ort
->rt_uses_gateway
;
2552 INIT_LIST_HEAD(&rt
->rt_uncached
);
2555 dst_release(dst_orig
);
2557 return rt
? &rt
->dst
: ERR_PTR(-ENOMEM
);
2560 struct rtable
*ip_route_output_flow(struct net
*net
, struct flowi4
*flp4
,
2561 const struct sock
*sk
)
2563 struct rtable
*rt
= __ip_route_output_key(net
, flp4
);
2568 if (flp4
->flowi4_proto
)
2569 rt
= (struct rtable
*)xfrm_lookup_route(net
, &rt
->dst
,
2570 flowi4_to_flowi(flp4
),
2575 EXPORT_SYMBOL_GPL(ip_route_output_flow
);
2577 /* called with rcu_read_lock held */
2578 static int rt_fill_info(struct net
*net
, __be32 dst
, __be32 src
, u32 table_id
,
2579 struct flowi4
*fl4
, struct sk_buff
*skb
, u32 portid
,
2582 struct rtable
*rt
= skb_rtable(skb
);
2584 struct nlmsghdr
*nlh
;
2585 unsigned long expires
= 0;
2587 u32 metrics
[RTAX_MAX
];
2589 nlh
= nlmsg_put(skb
, portid
, seq
, RTM_NEWROUTE
, sizeof(*r
), 0);
2593 r
= nlmsg_data(nlh
);
2594 r
->rtm_family
= AF_INET
;
2595 r
->rtm_dst_len
= 32;
2597 r
->rtm_tos
= fl4
->flowi4_tos
;
2598 r
->rtm_table
= table_id
< 256 ? table_id
: RT_TABLE_COMPAT
;
2599 if (nla_put_u32(skb
, RTA_TABLE
, table_id
))
2600 goto nla_put_failure
;
2601 r
->rtm_type
= rt
->rt_type
;
2602 r
->rtm_scope
= RT_SCOPE_UNIVERSE
;
2603 r
->rtm_protocol
= RTPROT_UNSPEC
;
2604 r
->rtm_flags
= (rt
->rt_flags
& ~0xFFFF) | RTM_F_CLONED
;
2605 if (rt
->rt_flags
& RTCF_NOTIFY
)
2606 r
->rtm_flags
|= RTM_F_NOTIFY
;
2607 if (IPCB(skb
)->flags
& IPSKB_DOREDIRECT
)
2608 r
->rtm_flags
|= RTCF_DOREDIRECT
;
2610 if (nla_put_in_addr(skb
, RTA_DST
, dst
))
2611 goto nla_put_failure
;
2613 r
->rtm_src_len
= 32;
2614 if (nla_put_in_addr(skb
, RTA_SRC
, src
))
2615 goto nla_put_failure
;
2618 nla_put_u32(skb
, RTA_OIF
, rt
->dst
.dev
->ifindex
))
2619 goto nla_put_failure
;
2620 #ifdef CONFIG_IP_ROUTE_CLASSID
2621 if (rt
->dst
.tclassid
&&
2622 nla_put_u32(skb
, RTA_FLOW
, rt
->dst
.tclassid
))
2623 goto nla_put_failure
;
2625 if (!rt_is_input_route(rt
) &&
2626 fl4
->saddr
!= src
) {
2627 if (nla_put_in_addr(skb
, RTA_PREFSRC
, fl4
->saddr
))
2628 goto nla_put_failure
;
2630 if (rt
->rt_uses_gateway
&&
2631 nla_put_in_addr(skb
, RTA_GATEWAY
, rt
->rt_gateway
))
2632 goto nla_put_failure
;
2634 expires
= rt
->dst
.expires
;
2636 unsigned long now
= jiffies
;
2638 if (time_before(now
, expires
))
2644 memcpy(metrics
, dst_metrics_ptr(&rt
->dst
), sizeof(metrics
));
2645 if (rt
->rt_pmtu
&& expires
)
2646 metrics
[RTAX_MTU
- 1] = rt
->rt_pmtu
;
2647 if (rt
->rt_mtu_locked
&& expires
)
2648 metrics
[RTAX_LOCK
- 1] |= BIT(RTAX_MTU
);
2649 if (rtnetlink_put_metrics(skb
, metrics
) < 0)
2650 goto nla_put_failure
;
2652 if (fl4
->flowi4_mark
&&
2653 nla_put_u32(skb
, RTA_MARK
, fl4
->flowi4_mark
))
2654 goto nla_put_failure
;
2656 if (!uid_eq(fl4
->flowi4_uid
, INVALID_UID
) &&
2657 nla_put_u32(skb
, RTA_UID
,
2658 from_kuid_munged(current_user_ns(), fl4
->flowi4_uid
)))
2659 goto nla_put_failure
;
2661 error
= rt
->dst
.error
;
2663 if (rt_is_input_route(rt
)) {
2664 #ifdef CONFIG_IP_MROUTE
2665 if (ipv4_is_multicast(dst
) && !ipv4_is_local_multicast(dst
) &&
2666 IPV4_DEVCONF_ALL(net
, MC_FORWARDING
)) {
2667 int err
= ipmr_get_route(net
, skb
,
2668 fl4
->saddr
, fl4
->daddr
,
2674 goto nla_put_failure
;
2678 if (nla_put_u32(skb
, RTA_IIF
, skb
->dev
->ifindex
))
2679 goto nla_put_failure
;
2682 if (rtnl_put_cacheinfo(skb
, &rt
->dst
, 0, expires
, error
) < 0)
2683 goto nla_put_failure
;
2685 nlmsg_end(skb
, nlh
);
2689 nlmsg_cancel(skb
, nlh
);
2693 static int inet_rtm_getroute(struct sk_buff
*in_skb
, struct nlmsghdr
*nlh
,
2694 struct netlink_ext_ack
*extack
)
2696 struct net
*net
= sock_net(in_skb
->sk
);
2698 struct nlattr
*tb
[RTA_MAX
+1];
2699 struct fib_result res
= {};
2700 struct rtable
*rt
= NULL
;
2707 struct sk_buff
*skb
;
2708 u32 table_id
= RT_TABLE_MAIN
;
2711 err
= nlmsg_parse(nlh
, sizeof(*rtm
), tb
, RTA_MAX
, rtm_ipv4_policy
,
2716 rtm
= nlmsg_data(nlh
);
2718 skb
= alloc_skb(NLMSG_GOODSIZE
, GFP_KERNEL
);
2724 /* Reserve room for dummy headers, this skb can pass
2725 through good chunk of routing engine.
2727 skb_reset_mac_header(skb
);
2728 skb_reset_network_header(skb
);
2730 src
= tb
[RTA_SRC
] ? nla_get_in_addr(tb
[RTA_SRC
]) : 0;
2731 dst
= tb
[RTA_DST
] ? nla_get_in_addr(tb
[RTA_DST
]) : 0;
2732 iif
= tb
[RTA_IIF
] ? nla_get_u32(tb
[RTA_IIF
]) : 0;
2733 mark
= tb
[RTA_MARK
] ? nla_get_u32(tb
[RTA_MARK
]) : 0;
2735 uid
= make_kuid(current_user_ns(), nla_get_u32(tb
[RTA_UID
]));
2737 uid
= (iif
? INVALID_UID
: current_uid());
2739 /* Bugfix: need to give ip_route_input enough of an IP header to
2742 ip_hdr(skb
)->protocol
= IPPROTO_UDP
;
2743 ip_hdr(skb
)->saddr
= src
;
2744 ip_hdr(skb
)->daddr
= dst
;
2746 skb_reserve(skb
, MAX_HEADER
+ sizeof(struct iphdr
));
2748 memset(&fl4
, 0, sizeof(fl4
));
2751 fl4
.flowi4_tos
= rtm
->rtm_tos
;
2752 fl4
.flowi4_oif
= tb
[RTA_OIF
] ? nla_get_u32(tb
[RTA_OIF
]) : 0;
2753 fl4
.flowi4_mark
= mark
;
2754 fl4
.flowi4_uid
= uid
;
2759 struct net_device
*dev
;
2761 dev
= dev_get_by_index_rcu(net
, iif
);
2767 skb
->protocol
= htons(ETH_P_IP
);
2770 err
= ip_route_input_rcu(skb
, dst
, src
, rtm
->rtm_tos
,
2773 rt
= skb_rtable(skb
);
2774 if (err
== 0 && rt
->dst
.error
)
2775 err
= -rt
->dst
.error
;
2777 fl4
.flowi4_iif
= LOOPBACK_IFINDEX
;
2778 rt
= ip_route_output_key_hash_rcu(net
, &fl4
, &res
, skb
);
2783 skb_dst_set(skb
, &rt
->dst
);
2789 if (rtm
->rtm_flags
& RTM_F_NOTIFY
)
2790 rt
->rt_flags
|= RTCF_NOTIFY
;
2792 if (rtm
->rtm_flags
& RTM_F_LOOKUP_TABLE
)
2793 table_id
= rt
->rt_table_id
;
2795 if (rtm
->rtm_flags
& RTM_F_FIB_MATCH
) {
2797 err
= fib_props
[res
.type
].error
;
2799 err
= -EHOSTUNREACH
;
2802 err
= fib_dump_info(skb
, NETLINK_CB(in_skb
).portid
,
2803 nlh
->nlmsg_seq
, RTM_NEWROUTE
, table_id
,
2804 rt
->rt_type
, res
.prefix
, res
.prefixlen
,
2805 fl4
.flowi4_tos
, res
.fi
, 0);
2807 err
= rt_fill_info(net
, dst
, src
, table_id
, &fl4
, skb
,
2808 NETLINK_CB(in_skb
).portid
, nlh
->nlmsg_seq
);
2815 err
= rtnl_unicast(skb
, net
, NETLINK_CB(in_skb
).portid
);
2825 void ip_rt_multicast_event(struct in_device
*in_dev
)
2827 rt_cache_flush(dev_net(in_dev
->dev
));
2830 #ifdef CONFIG_SYSCTL
2831 static int ip_rt_gc_interval __read_mostly
= 60 * HZ
;
2832 static int ip_rt_gc_min_interval __read_mostly
= HZ
/ 2;
2833 static int ip_rt_gc_elasticity __read_mostly
= 8;
2835 static int ipv4_sysctl_rtcache_flush(struct ctl_table
*__ctl
, int write
,
2836 void __user
*buffer
,
2837 size_t *lenp
, loff_t
*ppos
)
2839 struct net
*net
= (struct net
*)__ctl
->extra1
;
2842 rt_cache_flush(net
);
2843 fnhe_genid_bump(net
);
2850 static struct ctl_table ipv4_route_table
[] = {
2852 .procname
= "gc_thresh",
2853 .data
= &ipv4_dst_ops
.gc_thresh
,
2854 .maxlen
= sizeof(int),
2856 .proc_handler
= proc_dointvec
,
2859 .procname
= "max_size",
2860 .data
= &ip_rt_max_size
,
2861 .maxlen
= sizeof(int),
2863 .proc_handler
= proc_dointvec
,
2866 /* Deprecated. Use gc_min_interval_ms */
2868 .procname
= "gc_min_interval",
2869 .data
= &ip_rt_gc_min_interval
,
2870 .maxlen
= sizeof(int),
2872 .proc_handler
= proc_dointvec_jiffies
,
2875 .procname
= "gc_min_interval_ms",
2876 .data
= &ip_rt_gc_min_interval
,
2877 .maxlen
= sizeof(int),
2879 .proc_handler
= proc_dointvec_ms_jiffies
,
2882 .procname
= "gc_timeout",
2883 .data
= &ip_rt_gc_timeout
,
2884 .maxlen
= sizeof(int),
2886 .proc_handler
= proc_dointvec_jiffies
,
2889 .procname
= "gc_interval",
2890 .data
= &ip_rt_gc_interval
,
2891 .maxlen
= sizeof(int),
2893 .proc_handler
= proc_dointvec_jiffies
,
2896 .procname
= "redirect_load",
2897 .data
= &ip_rt_redirect_load
,
2898 .maxlen
= sizeof(int),
2900 .proc_handler
= proc_dointvec
,
2903 .procname
= "redirect_number",
2904 .data
= &ip_rt_redirect_number
,
2905 .maxlen
= sizeof(int),
2907 .proc_handler
= proc_dointvec
,
2910 .procname
= "redirect_silence",
2911 .data
= &ip_rt_redirect_silence
,
2912 .maxlen
= sizeof(int),
2914 .proc_handler
= proc_dointvec
,
2917 .procname
= "error_cost",
2918 .data
= &ip_rt_error_cost
,
2919 .maxlen
= sizeof(int),
2921 .proc_handler
= proc_dointvec
,
2924 .procname
= "error_burst",
2925 .data
= &ip_rt_error_burst
,
2926 .maxlen
= sizeof(int),
2928 .proc_handler
= proc_dointvec
,
2931 .procname
= "gc_elasticity",
2932 .data
= &ip_rt_gc_elasticity
,
2933 .maxlen
= sizeof(int),
2935 .proc_handler
= proc_dointvec
,
2938 .procname
= "mtu_expires",
2939 .data
= &ip_rt_mtu_expires
,
2940 .maxlen
= sizeof(int),
2942 .proc_handler
= proc_dointvec_jiffies
,
2945 .procname
= "min_pmtu",
2946 .data
= &ip_rt_min_pmtu
,
2947 .maxlen
= sizeof(int),
2949 .proc_handler
= proc_dointvec_minmax
,
2950 .extra1
= &ip_min_valid_pmtu
,
2953 .procname
= "min_adv_mss",
2954 .data
= &ip_rt_min_advmss
,
2955 .maxlen
= sizeof(int),
2957 .proc_handler
= proc_dointvec
,
2962 static struct ctl_table ipv4_route_flush_table
[] = {
2964 .procname
= "flush",
2965 .maxlen
= sizeof(int),
2967 .proc_handler
= ipv4_sysctl_rtcache_flush
,
2972 static __net_init
int sysctl_route_net_init(struct net
*net
)
2974 struct ctl_table
*tbl
;
2976 tbl
= ipv4_route_flush_table
;
2977 if (!net_eq(net
, &init_net
)) {
2978 tbl
= kmemdup(tbl
, sizeof(ipv4_route_flush_table
), GFP_KERNEL
);
2982 /* Don't export sysctls to unprivileged users */
2983 if (net
->user_ns
!= &init_user_ns
)
2984 tbl
[0].procname
= NULL
;
2986 tbl
[0].extra1
= net
;
2988 net
->ipv4
.route_hdr
= register_net_sysctl(net
, "net/ipv4/route", tbl
);
2989 if (!net
->ipv4
.route_hdr
)
2994 if (tbl
!= ipv4_route_flush_table
)
3000 static __net_exit
void sysctl_route_net_exit(struct net
*net
)
3002 struct ctl_table
*tbl
;
3004 tbl
= net
->ipv4
.route_hdr
->ctl_table_arg
;
3005 unregister_net_sysctl_table(net
->ipv4
.route_hdr
);
3006 BUG_ON(tbl
== ipv4_route_flush_table
);
3010 static __net_initdata
struct pernet_operations sysctl_route_ops
= {
3011 .init
= sysctl_route_net_init
,
3012 .exit
= sysctl_route_net_exit
,
3016 static __net_init
int rt_genid_init(struct net
*net
)
3018 atomic_set(&net
->ipv4
.rt_genid
, 0);
3019 atomic_set(&net
->fnhe_genid
, 0);
3020 atomic_set(&net
->ipv4
.dev_addr_genid
, get_random_int());
3024 static __net_initdata
struct pernet_operations rt_genid_ops
= {
3025 .init
= rt_genid_init
,
3028 static int __net_init
ipv4_inetpeer_init(struct net
*net
)
3030 struct inet_peer_base
*bp
= kmalloc(sizeof(*bp
), GFP_KERNEL
);
3034 inet_peer_base_init(bp
);
3035 net
->ipv4
.peers
= bp
;
3039 static void __net_exit
ipv4_inetpeer_exit(struct net
*net
)
3041 struct inet_peer_base
*bp
= net
->ipv4
.peers
;
3043 net
->ipv4
.peers
= NULL
;
3044 inetpeer_invalidate_tree(bp
);
3048 static __net_initdata
struct pernet_operations ipv4_inetpeer_ops
= {
3049 .init
= ipv4_inetpeer_init
,
3050 .exit
= ipv4_inetpeer_exit
,
3053 #ifdef CONFIG_IP_ROUTE_CLASSID
3054 struct ip_rt_acct __percpu
*ip_rt_acct __read_mostly
;
3055 #endif /* CONFIG_IP_ROUTE_CLASSID */
3057 int __init
ip_rt_init(void)
3061 ip_idents
= kmalloc(IP_IDENTS_SZ
* sizeof(*ip_idents
), GFP_KERNEL
);
3063 panic("IP: failed to allocate ip_idents\n");
3065 prandom_bytes(ip_idents
, IP_IDENTS_SZ
* sizeof(*ip_idents
));
3067 ip_tstamps
= kcalloc(IP_IDENTS_SZ
, sizeof(*ip_tstamps
), GFP_KERNEL
);
3069 panic("IP: failed to allocate ip_tstamps\n");
3071 for_each_possible_cpu(cpu
) {
3072 struct uncached_list
*ul
= &per_cpu(rt_uncached_list
, cpu
);
3074 INIT_LIST_HEAD(&ul
->head
);
3075 spin_lock_init(&ul
->lock
);
3077 #ifdef CONFIG_IP_ROUTE_CLASSID
3078 ip_rt_acct
= __alloc_percpu(256 * sizeof(struct ip_rt_acct
), __alignof__(struct ip_rt_acct
));
3080 panic("IP: failed to allocate ip_rt_acct\n");
3083 ipv4_dst_ops
.kmem_cachep
=
3084 kmem_cache_create("ip_dst_cache", sizeof(struct rtable
), 0,
3085 SLAB_HWCACHE_ALIGN
|SLAB_PANIC
, NULL
);
3087 ipv4_dst_blackhole_ops
.kmem_cachep
= ipv4_dst_ops
.kmem_cachep
;
3089 if (dst_entries_init(&ipv4_dst_ops
) < 0)
3090 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3092 if (dst_entries_init(&ipv4_dst_blackhole_ops
) < 0)
3093 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3095 ipv4_dst_ops
.gc_thresh
= ~0;
3096 ip_rt_max_size
= INT_MAX
;
3101 if (ip_rt_proc_init())
3102 pr_err("Unable to create route proc files\n");
3107 rtnl_register(PF_INET
, RTM_GETROUTE
, inet_rtm_getroute
, NULL
,
3108 RTNL_FLAG_DOIT_UNLOCKED
);
3110 #ifdef CONFIG_SYSCTL
3111 register_pernet_subsys(&sysctl_route_ops
);
3113 register_pernet_subsys(&rt_genid_ops
);
3114 register_pernet_subsys(&ipv4_inetpeer_ops
);
3118 #ifdef CONFIG_SYSCTL
3120 * We really need to sanitize the damn ipv4 init order, then all
3121 * this nonsense will go away.
3123 void __init
ip_static_sysctl_init(void)
3125 register_net_sysctl(&init_net
, "net/ipv4/route", ipv4_route_table
);