2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/bootmem.h>
74 #include <linux/string.h>
75 #include <linux/socket.h>
76 #include <linux/sockios.h>
77 #include <linux/errno.h>
79 #include <linux/inet.h>
80 #include <linux/netdevice.h>
81 #include <linux/proc_fs.h>
82 #include <linux/init.h>
83 #include <linux/workqueue.h>
84 #include <linux/skbuff.h>
85 #include <linux/inetdevice.h>
86 #include <linux/igmp.h>
87 #include <linux/pkt_sched.h>
88 #include <linux/mroute.h>
89 #include <linux/netfilter_ipv4.h>
90 #include <linux/random.h>
91 #include <linux/jhash.h>
92 #include <linux/rcupdate.h>
93 #include <linux/times.h>
94 #include <linux/slab.h>
95 #include <linux/prefetch.h>
97 #include <net/net_namespace.h>
98 #include <net/protocol.h>
100 #include <net/route.h>
101 #include <net/inetpeer.h>
102 #include <net/sock.h>
103 #include <net/ip_fib.h>
106 #include <net/icmp.h>
107 #include <net/xfrm.h>
108 #include <net/netevent.h>
109 #include <net/rtnetlink.h>
111 #include <linux/sysctl.h>
112 #include <linux/kmemleak.h>
114 #include <net/secure_seq.h>
116 #define RT_FL_TOS(oldflp4) \
117 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
119 #define IP_MAX_MTU 0xFFF0
121 #define RT_GC_TIMEOUT (300*HZ)
123 static int ip_rt_max_size;
124 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
125 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
126 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
127 static int ip_rt_redirect_number __read_mostly = 9;
128 static int ip_rt_redirect_load __read_mostly = HZ / 50;
129 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
130 static int ip_rt_error_cost __read_mostly = HZ;
131 static int ip_rt_error_burst __read_mostly = 5 * HZ;
132 static int ip_rt_gc_elasticity __read_mostly = 8;
133 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
134 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
135 static int ip_rt_min_advmss __read_mostly = 256;
136 static int rt_chain_length_max __read_mostly = 20;
138 static struct delayed_work expires_work;
139 static unsigned long expires_ljiffies;
142 * Interface to generic destination cache.
145 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
146 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
147 static unsigned int ipv4_mtu(const struct dst_entry *dst);
148 static void ipv4_dst_destroy(struct dst_entry *dst);
149 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
150 static void ipv4_link_failure(struct sk_buff *skb);
151 static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
152 static int rt_garbage_collect(struct dst_ops *ops);
154 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
159 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
161 struct rtable *rt = (struct rtable *) dst;
162 struct inet_peer *peer;
165 peer = rt_get_peer_create(rt, rt->rt_dst);
167 u32 *old_p = __DST_METRICS_PTR(old);
168 unsigned long prev, new;
171 if (inet_metrics_new(peer))
172 memcpy(p, old_p, sizeof(u32) * RTAX_MAX);
174 new = (unsigned long) p;
175 prev = cmpxchg(&dst->_metrics, old, new);
178 p = __DST_METRICS_PTR(prev);
179 if (prev & DST_METRICS_READ_ONLY)
183 fib_info_put(rt->fi);
191 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr);
193 static struct dst_ops ipv4_dst_ops = {
195 .protocol = cpu_to_be16(ETH_P_IP),
196 .gc = rt_garbage_collect,
197 .check = ipv4_dst_check,
198 .default_advmss = ipv4_default_advmss,
200 .cow_metrics = ipv4_cow_metrics,
201 .destroy = ipv4_dst_destroy,
202 .ifdown = ipv4_dst_ifdown,
203 .negative_advice = ipv4_negative_advice,
204 .link_failure = ipv4_link_failure,
205 .update_pmtu = ip_rt_update_pmtu,
206 .local_out = __ip_local_out,
207 .neigh_lookup = ipv4_neigh_lookup,
210 #define ECN_OR_COST(class) TC_PRIO_##class
212 const __u8 ip_tos2prio[16] = {
214 ECN_OR_COST(BESTEFFORT),
216 ECN_OR_COST(BESTEFFORT),
222 ECN_OR_COST(INTERACTIVE),
224 ECN_OR_COST(INTERACTIVE),
225 TC_PRIO_INTERACTIVE_BULK,
226 ECN_OR_COST(INTERACTIVE_BULK),
227 TC_PRIO_INTERACTIVE_BULK,
228 ECN_OR_COST(INTERACTIVE_BULK)
230 EXPORT_SYMBOL(ip_tos2prio);
236 /* The locking scheme is rather straight forward:
238 * 1) Read-Copy Update protects the buckets of the central route hash.
239 * 2) Only writers remove entries, and they hold the lock
240 * as they look at rtable reference counts.
241 * 3) Only readers acquire references to rtable entries,
242 * they do so with atomic increments and with the
246 struct rt_hash_bucket {
247 struct rtable __rcu *chain;
250 #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) || \
251 defined(CONFIG_PROVE_LOCKING)
253 * Instead of using one spinlock for each rt_hash_bucket, we use a table of spinlocks
254 * The size of this table is a power of two and depends on the number of CPUS.
255 * (on lockdep we have a quite big spinlock_t, so keep the size down there)
257 #ifdef CONFIG_LOCKDEP
258 # define RT_HASH_LOCK_SZ 256
261 # define RT_HASH_LOCK_SZ 4096
263 # define RT_HASH_LOCK_SZ 2048
265 # define RT_HASH_LOCK_SZ 1024
267 # define RT_HASH_LOCK_SZ 512
269 # define RT_HASH_LOCK_SZ 256
273 static spinlock_t *rt_hash_locks;
274 # define rt_hash_lock_addr(slot) &rt_hash_locks[(slot) & (RT_HASH_LOCK_SZ - 1)]
276 static __init void rt_hash_lock_init(void)
280 rt_hash_locks = kmalloc(sizeof(spinlock_t) * RT_HASH_LOCK_SZ,
283 panic("IP: failed to allocate rt_hash_locks\n");
285 for (i = 0; i < RT_HASH_LOCK_SZ; i++)
286 spin_lock_init(&rt_hash_locks[i]);
289 # define rt_hash_lock_addr(slot) NULL
291 static inline void rt_hash_lock_init(void)
296 static struct rt_hash_bucket *rt_hash_table __read_mostly;
297 static unsigned int rt_hash_mask __read_mostly;
298 static unsigned int rt_hash_log __read_mostly;
300 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
301 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
303 static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
306 return jhash_3words((__force u32)daddr, (__force u32)saddr,
311 static inline int rt_genid(struct net *net)
313 return atomic_read(&net->ipv4.rt_genid);
316 #ifdef CONFIG_PROC_FS
317 struct rt_cache_iter_state {
318 struct seq_net_private p;
323 static struct rtable *rt_cache_get_first(struct seq_file *seq)
325 struct rt_cache_iter_state *st = seq->private;
326 struct rtable *r = NULL;
328 for (st->bucket = rt_hash_mask; st->bucket >= 0; --st->bucket) {
329 if (!rcu_access_pointer(rt_hash_table[st->bucket].chain))
332 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
334 if (dev_net(r->dst.dev) == seq_file_net(seq) &&
335 r->rt_genid == st->genid)
337 r = rcu_dereference_bh(r->dst.rt_next);
339 rcu_read_unlock_bh();
344 static struct rtable *__rt_cache_get_next(struct seq_file *seq,
347 struct rt_cache_iter_state *st = seq->private;
349 r = rcu_dereference_bh(r->dst.rt_next);
351 rcu_read_unlock_bh();
353 if (--st->bucket < 0)
355 } while (!rcu_access_pointer(rt_hash_table[st->bucket].chain));
357 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
362 static struct rtable *rt_cache_get_next(struct seq_file *seq,
365 struct rt_cache_iter_state *st = seq->private;
366 while ((r = __rt_cache_get_next(seq, r)) != NULL) {
367 if (dev_net(r->dst.dev) != seq_file_net(seq))
369 if (r->rt_genid == st->genid)
375 static struct rtable *rt_cache_get_idx(struct seq_file *seq, loff_t pos)
377 struct rtable *r = rt_cache_get_first(seq);
380 while (pos && (r = rt_cache_get_next(seq, r)))
382 return pos ? NULL : r;
385 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
387 struct rt_cache_iter_state *st = seq->private;
389 return rt_cache_get_idx(seq, *pos - 1);
390 st->genid = rt_genid(seq_file_net(seq));
391 return SEQ_START_TOKEN;
394 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
398 if (v == SEQ_START_TOKEN)
399 r = rt_cache_get_first(seq);
401 r = rt_cache_get_next(seq, v);
406 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
408 if (v && v != SEQ_START_TOKEN)
409 rcu_read_unlock_bh();
412 static int rt_cache_seq_show(struct seq_file *seq, void *v)
414 if (v == SEQ_START_TOKEN)
415 seq_printf(seq, "%-127s\n",
416 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
417 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
420 struct rtable *r = v;
425 n = dst_get_neighbour_noref(&r->dst);
426 HHUptod = (n && (n->nud_state & NUD_CONNECTED)) ? 1 : 0;
429 seq_printf(seq, "%s\t%08X\t%08X\t%8X\t%d\t%u\t%d\t"
430 "%08X\t%d\t%u\t%u\t%02X\t%d\t%1d\t%08X%n",
431 r->dst.dev ? r->dst.dev->name : "*",
432 (__force u32)r->rt_dst,
433 (__force u32)r->rt_gateway,
434 r->rt_flags, atomic_read(&r->dst.__refcnt),
435 r->dst.__use, 0, (__force u32)r->rt_src,
436 dst_metric_advmss(&r->dst) + 40,
437 dst_metric(&r->dst, RTAX_WINDOW),
438 (int)((dst_metric(&r->dst, RTAX_RTT) >> 3) +
439 dst_metric(&r->dst, RTAX_RTTVAR)),
443 r->rt_spec_dst, &len);
445 seq_printf(seq, "%*s\n", 127 - len, "");
450 static const struct seq_operations rt_cache_seq_ops = {
451 .start = rt_cache_seq_start,
452 .next = rt_cache_seq_next,
453 .stop = rt_cache_seq_stop,
454 .show = rt_cache_seq_show,
457 static int rt_cache_seq_open(struct inode *inode, struct file *file)
459 return seq_open_net(inode, file, &rt_cache_seq_ops,
460 sizeof(struct rt_cache_iter_state));
463 static const struct file_operations rt_cache_seq_fops = {
464 .owner = THIS_MODULE,
465 .open = rt_cache_seq_open,
468 .release = seq_release_net,
472 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
477 return SEQ_START_TOKEN;
479 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
480 if (!cpu_possible(cpu))
483 return &per_cpu(rt_cache_stat, cpu);
488 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
492 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
493 if (!cpu_possible(cpu))
496 return &per_cpu(rt_cache_stat, cpu);
502 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
507 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
509 struct rt_cache_stat *st = v;
511 if (v == SEQ_START_TOKEN) {
512 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
516 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
517 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
518 dst_entries_get_slow(&ipv4_dst_ops),
541 static const struct seq_operations rt_cpu_seq_ops = {
542 .start = rt_cpu_seq_start,
543 .next = rt_cpu_seq_next,
544 .stop = rt_cpu_seq_stop,
545 .show = rt_cpu_seq_show,
549 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
551 return seq_open(file, &rt_cpu_seq_ops);
554 static const struct file_operations rt_cpu_seq_fops = {
555 .owner = THIS_MODULE,
556 .open = rt_cpu_seq_open,
559 .release = seq_release,
562 #ifdef CONFIG_IP_ROUTE_CLASSID
563 static int rt_acct_proc_show(struct seq_file *m, void *v)
565 struct ip_rt_acct *dst, *src;
568 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
572 for_each_possible_cpu(i) {
573 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
574 for (j = 0; j < 256; j++) {
575 dst[j].o_bytes += src[j].o_bytes;
576 dst[j].o_packets += src[j].o_packets;
577 dst[j].i_bytes += src[j].i_bytes;
578 dst[j].i_packets += src[j].i_packets;
582 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
587 static int rt_acct_proc_open(struct inode *inode, struct file *file)
589 return single_open(file, rt_acct_proc_show, NULL);
592 static const struct file_operations rt_acct_proc_fops = {
593 .owner = THIS_MODULE,
594 .open = rt_acct_proc_open,
597 .release = single_release,
601 static int __net_init ip_rt_do_proc_init(struct net *net)
603 struct proc_dir_entry *pde;
605 pde = proc_net_fops_create(net, "rt_cache", S_IRUGO,
610 pde = proc_create("rt_cache", S_IRUGO,
611 net->proc_net_stat, &rt_cpu_seq_fops);
615 #ifdef CONFIG_IP_ROUTE_CLASSID
616 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
622 #ifdef CONFIG_IP_ROUTE_CLASSID
624 remove_proc_entry("rt_cache", net->proc_net_stat);
627 remove_proc_entry("rt_cache", net->proc_net);
632 static void __net_exit ip_rt_do_proc_exit(struct net *net)
634 remove_proc_entry("rt_cache", net->proc_net_stat);
635 remove_proc_entry("rt_cache", net->proc_net);
636 #ifdef CONFIG_IP_ROUTE_CLASSID
637 remove_proc_entry("rt_acct", net->proc_net);
641 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
642 .init = ip_rt_do_proc_init,
643 .exit = ip_rt_do_proc_exit,
646 static int __init ip_rt_proc_init(void)
648 return register_pernet_subsys(&ip_rt_proc_ops);
652 static inline int ip_rt_proc_init(void)
656 #endif /* CONFIG_PROC_FS */
658 static inline void rt_free(struct rtable *rt)
660 call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
663 static inline void rt_drop(struct rtable *rt)
666 call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
669 static inline int rt_fast_clean(struct rtable *rth)
671 /* Kill broadcast/multicast entries very aggresively, if they
672 collide in hash table with more useful entries */
673 return (rth->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) &&
674 rt_is_input_route(rth) && rth->dst.rt_next;
677 static inline int rt_valuable(struct rtable *rth)
679 return (rth->rt_flags & (RTCF_REDIRECTED | RTCF_NOTIFY)) ||
680 (rt_has_peer(rth) && rt_peer_ptr(rth)->pmtu_expires);
683 static int rt_may_expire(struct rtable *rth, unsigned long tmo1, unsigned long tmo2)
688 if (atomic_read(&rth->dst.__refcnt))
691 age = jiffies - rth->dst.lastuse;
692 if ((age <= tmo1 && !rt_fast_clean(rth)) ||
693 (age <= tmo2 && rt_valuable(rth)))
699 /* Bits of score are:
701 * 30: not quite useless
702 * 29..0: usage counter
704 static inline u32 rt_score(struct rtable *rt)
706 u32 score = jiffies - rt->dst.lastuse;
708 score = ~score & ~(3<<30);
713 if (rt_is_output_route(rt) ||
714 !(rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL)))
720 static inline bool rt_caching(const struct net *net)
722 return net->ipv4.current_rt_cache_rebuild_count <=
723 net->ipv4.sysctl_rt_cache_rebuild_count;
726 static inline bool compare_hash_inputs(const struct rtable *rt1,
727 const struct rtable *rt2)
729 return ((((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
730 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
731 (rt1->rt_route_iif ^ rt2->rt_route_iif)) == 0);
734 static inline int compare_keys(struct rtable *rt1, struct rtable *rt2)
736 return (((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
737 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
738 (rt1->rt_mark ^ rt2->rt_mark) |
739 (rt1->rt_key_tos ^ rt2->rt_key_tos) |
740 (rt1->rt_route_iif ^ rt2->rt_route_iif) |
741 (rt1->rt_oif ^ rt2->rt_oif)) == 0;
744 static inline int compare_netns(struct rtable *rt1, struct rtable *rt2)
746 return net_eq(dev_net(rt1->dst.dev), dev_net(rt2->dst.dev));
749 static inline int rt_is_expired(struct rtable *rth)
751 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
755 * Perform a full scan of hash table and free all entries.
756 * Can be called by a softirq or a process.
757 * In the later case, we want to be reschedule if necessary
759 static void rt_do_flush(struct net *net, int process_context)
762 struct rtable *rth, *next;
764 for (i = 0; i <= rt_hash_mask; i++) {
765 struct rtable __rcu **pprev;
768 if (process_context && need_resched())
770 rth = rcu_access_pointer(rt_hash_table[i].chain);
774 spin_lock_bh(rt_hash_lock_addr(i));
777 pprev = &rt_hash_table[i].chain;
778 rth = rcu_dereference_protected(*pprev,
779 lockdep_is_held(rt_hash_lock_addr(i)));
782 next = rcu_dereference_protected(rth->dst.rt_next,
783 lockdep_is_held(rt_hash_lock_addr(i)));
786 net_eq(dev_net(rth->dst.dev), net)) {
787 rcu_assign_pointer(*pprev, next);
788 rcu_assign_pointer(rth->dst.rt_next, list);
791 pprev = &rth->dst.rt_next;
796 spin_unlock_bh(rt_hash_lock_addr(i));
798 for (; list; list = next) {
799 next = rcu_dereference_protected(list->dst.rt_next, 1);
806 * While freeing expired entries, we compute average chain length
807 * and standard deviation, using fixed-point arithmetic.
808 * This to have an estimation of rt_chain_length_max
809 * rt_chain_length_max = max(elasticity, AVG + 4*SD)
810 * We use 3 bits for frational part, and 29 (or 61) for magnitude.
814 #define ONE (1UL << FRACT_BITS)
817 * Given a hash chain and an item in this hash chain,
818 * find if a previous entry has the same hash_inputs
819 * (but differs on tos, mark or oif)
820 * Returns 0 if an alias is found.
821 * Returns ONE if rth has no alias before itself.
823 static int has_noalias(const struct rtable *head, const struct rtable *rth)
825 const struct rtable *aux = head;
828 if (compare_hash_inputs(aux, rth))
830 aux = rcu_dereference_protected(aux->dst.rt_next, 1);
835 static void rt_check_expire(void)
837 static unsigned int rover;
838 unsigned int i = rover, goal;
840 struct rtable __rcu **rthp;
841 unsigned long samples = 0;
842 unsigned long sum = 0, sum2 = 0;
846 delta = jiffies - expires_ljiffies;
847 expires_ljiffies = jiffies;
848 mult = ((u64)delta) << rt_hash_log;
849 if (ip_rt_gc_timeout > 1)
850 do_div(mult, ip_rt_gc_timeout);
851 goal = (unsigned int)mult;
852 if (goal > rt_hash_mask)
853 goal = rt_hash_mask + 1;
854 for (; goal > 0; goal--) {
855 unsigned long tmo = ip_rt_gc_timeout;
856 unsigned long length;
858 i = (i + 1) & rt_hash_mask;
859 rthp = &rt_hash_table[i].chain;
866 if (rcu_dereference_raw(*rthp) == NULL)
869 spin_lock_bh(rt_hash_lock_addr(i));
870 while ((rth = rcu_dereference_protected(*rthp,
871 lockdep_is_held(rt_hash_lock_addr(i)))) != NULL) {
872 prefetch(rth->dst.rt_next);
873 if (rt_is_expired(rth)) {
874 *rthp = rth->dst.rt_next;
878 if (rth->dst.expires) {
879 /* Entry is expired even if it is in use */
880 if (time_before_eq(jiffies, rth->dst.expires)) {
883 rthp = &rth->dst.rt_next;
885 * We only count entries on
886 * a chain with equal hash inputs once
887 * so that entries for different QOS
888 * levels, and other non-hash input
889 * attributes don't unfairly skew
890 * the length computation
892 length += has_noalias(rt_hash_table[i].chain, rth);
895 } else if (!rt_may_expire(rth, tmo, ip_rt_gc_timeout))
898 /* Cleanup aged off entries. */
899 *rthp = rth->dst.rt_next;
902 spin_unlock_bh(rt_hash_lock_addr(i));
904 sum2 += length*length;
907 unsigned long avg = sum / samples;
908 unsigned long sd = int_sqrt(sum2 / samples - avg*avg);
909 rt_chain_length_max = max_t(unsigned long,
911 (avg + 4*sd) >> FRACT_BITS);
917 * rt_worker_func() is run in process context.
918 * we call rt_check_expire() to scan part of the hash table
920 static void rt_worker_func(struct work_struct *work)
923 schedule_delayed_work(&expires_work, ip_rt_gc_interval);
927 * Perturbation of rt_genid by a small quantity [1..256]
928 * Using 8 bits of shuffling ensure we can call rt_cache_invalidate()
929 * many times (2^24) without giving recent rt_genid.
930 * Jenkins hash is strong enough that litle changes of rt_genid are OK.
932 static void rt_cache_invalidate(struct net *net)
934 unsigned char shuffle;
936 get_random_bytes(&shuffle, sizeof(shuffle));
937 atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
938 inetpeer_invalidate_tree(net->ipv4.peers);
942 * delay < 0 : invalidate cache (fast : entries will be deleted later)
943 * delay >= 0 : invalidate & flush cache (can be long)
945 void rt_cache_flush(struct net *net, int delay)
947 rt_cache_invalidate(net);
949 rt_do_flush(net, !in_softirq());
952 /* Flush previous cache invalidated entries from the cache */
953 void rt_cache_flush_batch(struct net *net)
955 rt_do_flush(net, !in_softirq());
958 static void rt_emergency_hash_rebuild(struct net *net)
960 net_warn_ratelimited("Route hash chain too long!\n");
961 rt_cache_invalidate(net);
965 Short description of GC goals.
967 We want to build algorithm, which will keep routing cache
968 at some equilibrium point, when number of aged off entries
969 is kept approximately equal to newly generated ones.
971 Current expiration strength is variable "expire".
972 We try to adjust it dynamically, so that if networking
973 is idle expires is large enough to keep enough of warm entries,
974 and when load increases it reduces to limit cache size.
977 static int rt_garbage_collect(struct dst_ops *ops)
979 static unsigned long expire = RT_GC_TIMEOUT;
980 static unsigned long last_gc;
982 static int equilibrium;
984 struct rtable __rcu **rthp;
985 unsigned long now = jiffies;
987 int entries = dst_entries_get_fast(&ipv4_dst_ops);
990 * Garbage collection is pretty expensive,
991 * do not make it too frequently.
994 RT_CACHE_STAT_INC(gc_total);
996 if (now - last_gc < ip_rt_gc_min_interval &&
997 entries < ip_rt_max_size) {
998 RT_CACHE_STAT_INC(gc_ignored);
1002 entries = dst_entries_get_slow(&ipv4_dst_ops);
1003 /* Calculate number of entries, which we want to expire now. */
1004 goal = entries - (ip_rt_gc_elasticity << rt_hash_log);
1006 if (equilibrium < ipv4_dst_ops.gc_thresh)
1007 equilibrium = ipv4_dst_ops.gc_thresh;
1008 goal = entries - equilibrium;
1010 equilibrium += min_t(unsigned int, goal >> 1, rt_hash_mask + 1);
1011 goal = entries - equilibrium;
1014 /* We are in dangerous area. Try to reduce cache really
1017 goal = max_t(unsigned int, goal >> 1, rt_hash_mask + 1);
1018 equilibrium = entries - goal;
1021 if (now - last_gc >= ip_rt_gc_min_interval)
1025 equilibrium += goal;
1032 for (i = rt_hash_mask, k = rover; i >= 0; i--) {
1033 unsigned long tmo = expire;
1035 k = (k + 1) & rt_hash_mask;
1036 rthp = &rt_hash_table[k].chain;
1037 spin_lock_bh(rt_hash_lock_addr(k));
1038 while ((rth = rcu_dereference_protected(*rthp,
1039 lockdep_is_held(rt_hash_lock_addr(k)))) != NULL) {
1040 if (!rt_is_expired(rth) &&
1041 !rt_may_expire(rth, tmo, expire)) {
1043 rthp = &rth->dst.rt_next;
1046 *rthp = rth->dst.rt_next;
1050 spin_unlock_bh(rt_hash_lock_addr(k));
1059 /* Goal is not achieved. We stop process if:
1061 - if expire reduced to zero. Otherwise, expire is halfed.
1062 - if table is not full.
1063 - if we are called from interrupt.
1064 - jiffies check is just fallback/debug loop breaker.
1065 We will not spin here for long time in any case.
1068 RT_CACHE_STAT_INC(gc_goal_miss);
1075 if (dst_entries_get_fast(&ipv4_dst_ops) < ip_rt_max_size)
1077 } while (!in_softirq() && time_before_eq(jiffies, now));
1079 if (dst_entries_get_fast(&ipv4_dst_ops) < ip_rt_max_size)
1081 if (dst_entries_get_slow(&ipv4_dst_ops) < ip_rt_max_size)
1083 net_warn_ratelimited("dst cache overflow\n");
1084 RT_CACHE_STAT_INC(gc_dst_overflow);
1088 expire += ip_rt_gc_min_interval;
1089 if (expire > ip_rt_gc_timeout ||
1090 dst_entries_get_fast(&ipv4_dst_ops) < ipv4_dst_ops.gc_thresh ||
1091 dst_entries_get_slow(&ipv4_dst_ops) < ipv4_dst_ops.gc_thresh)
1092 expire = ip_rt_gc_timeout;
1097 * Returns number of entries in a hash chain that have different hash_inputs
1099 static int slow_chain_length(const struct rtable *head)
1102 const struct rtable *rth = head;
1105 length += has_noalias(head, rth);
1106 rth = rcu_dereference_protected(rth->dst.rt_next, 1);
1108 return length >> FRACT_BITS;
1111 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr)
1113 static const __be32 inaddr_any = 0;
1114 struct net_device *dev = dst->dev;
1115 const __be32 *pkey = daddr;
1116 const struct rtable *rt;
1117 struct neighbour *n;
1119 rt = (const struct rtable *) dst;
1121 if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))
1123 else if (rt->rt_gateway)
1124 pkey = (const __be32 *) &rt->rt_gateway;
1126 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
1129 return neigh_create(&arp_tbl, pkey, dev);
1132 static int rt_bind_neighbour(struct rtable *rt)
1134 struct neighbour *n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1137 dst_set_neighbour(&rt->dst, n);
1142 static struct rtable *rt_intern_hash(unsigned int hash, struct rtable *rt,
1143 struct sk_buff *skb, int ifindex)
1145 struct rtable *rth, *cand;
1146 struct rtable __rcu **rthp, **candp;
1150 int attempts = !in_softirq();
1154 min_score = ~(u32)0;
1159 if (!rt_caching(dev_net(rt->dst.dev))) {
1161 * If we're not caching, just tell the caller we
1162 * were successful and don't touch the route. The
1163 * caller hold the sole reference to the cache entry, and
1164 * it will be released when the caller is done with it.
1165 * If we drop it here, the callers have no way to resolve routes
1166 * when we're not caching. Instead, just point *rp at rt, so
1167 * the caller gets a single use out of the route
1168 * Note that we do rt_free on this new route entry, so that
1169 * once its refcount hits zero, we are still able to reap it
1171 * Note: To avoid expensive rcu stuff for this uncached dst,
1172 * we set DST_NOCACHE so that dst_release() can free dst without
1173 * waiting a grace period.
1176 rt->dst.flags |= DST_NOCACHE;
1177 if (rt->rt_type == RTN_UNICAST || rt_is_output_route(rt)) {
1178 int err = rt_bind_neighbour(rt);
1180 net_warn_ratelimited("Neighbour table failure & not caching routes\n");
1182 return ERR_PTR(err);
1189 rthp = &rt_hash_table[hash].chain;
1191 spin_lock_bh(rt_hash_lock_addr(hash));
1192 while ((rth = rcu_dereference_protected(*rthp,
1193 lockdep_is_held(rt_hash_lock_addr(hash)))) != NULL) {
1194 if (rt_is_expired(rth)) {
1195 *rthp = rth->dst.rt_next;
1199 if (compare_keys(rth, rt) && compare_netns(rth, rt)) {
1201 *rthp = rth->dst.rt_next;
1203 * Since lookup is lockfree, the deletion
1204 * must be visible to another weakly ordered CPU before
1205 * the insertion at the start of the hash chain.
1207 rcu_assign_pointer(rth->dst.rt_next,
1208 rt_hash_table[hash].chain);
1210 * Since lookup is lockfree, the update writes
1211 * must be ordered for consistency on SMP.
1213 rcu_assign_pointer(rt_hash_table[hash].chain, rth);
1215 dst_use(&rth->dst, now);
1216 spin_unlock_bh(rt_hash_lock_addr(hash));
1220 skb_dst_set(skb, &rth->dst);
1224 if (!atomic_read(&rth->dst.__refcnt)) {
1225 u32 score = rt_score(rth);
1227 if (score <= min_score) {
1236 rthp = &rth->dst.rt_next;
1240 /* ip_rt_gc_elasticity used to be average length of chain
1241 * length, when exceeded gc becomes really aggressive.
1243 * The second limit is less certain. At the moment it allows
1244 * only 2 entries per bucket. We will see.
1246 if (chain_length > ip_rt_gc_elasticity) {
1247 *candp = cand->dst.rt_next;
1251 if (chain_length > rt_chain_length_max &&
1252 slow_chain_length(rt_hash_table[hash].chain) > rt_chain_length_max) {
1253 struct net *net = dev_net(rt->dst.dev);
1254 int num = ++net->ipv4.current_rt_cache_rebuild_count;
1255 if (!rt_caching(net)) {
1256 pr_warn("%s: %d rebuilds is over limit, route caching disabled\n",
1257 rt->dst.dev->name, num);
1259 rt_emergency_hash_rebuild(net);
1260 spin_unlock_bh(rt_hash_lock_addr(hash));
1262 hash = rt_hash(rt->rt_key_dst, rt->rt_key_src,
1263 ifindex, rt_genid(net));
1268 /* Try to bind route to arp only if it is output
1269 route or unicast forwarding path.
1271 if (rt->rt_type == RTN_UNICAST || rt_is_output_route(rt)) {
1272 int err = rt_bind_neighbour(rt);
1274 spin_unlock_bh(rt_hash_lock_addr(hash));
1276 if (err != -ENOBUFS) {
1278 return ERR_PTR(err);
1281 /* Neighbour tables are full and nothing
1282 can be released. Try to shrink route cache,
1283 it is most likely it holds some neighbour records.
1285 if (attempts-- > 0) {
1286 int saved_elasticity = ip_rt_gc_elasticity;
1287 int saved_int = ip_rt_gc_min_interval;
1288 ip_rt_gc_elasticity = 1;
1289 ip_rt_gc_min_interval = 0;
1290 rt_garbage_collect(&ipv4_dst_ops);
1291 ip_rt_gc_min_interval = saved_int;
1292 ip_rt_gc_elasticity = saved_elasticity;
1296 net_warn_ratelimited("Neighbour table overflow\n");
1298 return ERR_PTR(-ENOBUFS);
1302 rt->dst.rt_next = rt_hash_table[hash].chain;
1305 * Since lookup is lockfree, we must make sure
1306 * previous writes to rt are committed to memory
1307 * before making rt visible to other CPUS.
1309 rcu_assign_pointer(rt_hash_table[hash].chain, rt);
1311 spin_unlock_bh(rt_hash_lock_addr(hash));
1315 skb_dst_set(skb, &rt->dst);
1319 static atomic_t __rt_peer_genid = ATOMIC_INIT(0);
1321 static u32 rt_peer_genid(void)
1323 return atomic_read(&__rt_peer_genid);
1326 void rt_bind_peer(struct rtable *rt, __be32 daddr, int create)
1328 struct inet_peer_base *base;
1329 struct inet_peer *peer;
1331 base = inetpeer_base_ptr(rt->_peer);
1335 peer = inet_getpeer_v4(base, daddr, create);
1337 if (!rt_set_peer(rt, peer))
1340 rt->rt_peer_genid = rt_peer_genid();
1344 * Peer allocation may fail only in serious out-of-memory conditions. However
1345 * we still can generate some output.
1346 * Random ID selection looks a bit dangerous because we have no chances to
1347 * select ID being unique in a reasonable period of time.
1348 * But broken packet identifier may be better than no packet at all.
1350 static void ip_select_fb_ident(struct iphdr *iph)
1352 static DEFINE_SPINLOCK(ip_fb_id_lock);
1353 static u32 ip_fallback_id;
1356 spin_lock_bh(&ip_fb_id_lock);
1357 salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
1358 iph->id = htons(salt & 0xFFFF);
1359 ip_fallback_id = salt;
1360 spin_unlock_bh(&ip_fb_id_lock);
1363 void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1365 struct rtable *rt = (struct rtable *) dst;
1367 if (rt && !(rt->dst.flags & DST_NOPEER)) {
1368 struct inet_peer *peer = rt_get_peer_create(rt, rt->rt_dst);
1370 /* If peer is attached to destination, it is never detached,
1371 so that we need not to grab a lock to dereference it.
1374 iph->id = htons(inet_getid(peer, more));
1378 pr_debug("rt_bind_peer(0) @%p\n", __builtin_return_address(0));
1380 ip_select_fb_ident(iph);
1382 EXPORT_SYMBOL(__ip_select_ident);
1384 static void rt_del(unsigned int hash, struct rtable *rt)
1386 struct rtable __rcu **rthp;
1389 rthp = &rt_hash_table[hash].chain;
1390 spin_lock_bh(rt_hash_lock_addr(hash));
1392 while ((aux = rcu_dereference_protected(*rthp,
1393 lockdep_is_held(rt_hash_lock_addr(hash)))) != NULL) {
1394 if (aux == rt || rt_is_expired(aux)) {
1395 *rthp = aux->dst.rt_next;
1399 rthp = &aux->dst.rt_next;
1401 spin_unlock_bh(rt_hash_lock_addr(hash));
1404 static void check_peer_redir(struct dst_entry *dst, struct inet_peer *peer)
1406 struct rtable *rt = (struct rtable *) dst;
1407 __be32 orig_gw = rt->rt_gateway;
1408 struct neighbour *n, *old_n;
1410 dst_confirm(&rt->dst);
1412 rt->rt_gateway = peer->redirect_learned.a4;
1414 n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1416 rt->rt_gateway = orig_gw;
1419 old_n = xchg(&rt->dst._neighbour, n);
1421 neigh_release(old_n);
1422 if (!(n->nud_state & NUD_VALID)) {
1423 neigh_event_send(n, NULL);
1425 rt->rt_flags |= RTCF_REDIRECTED;
1426 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
1430 /* called in rcu_read_lock() section */
1431 void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1432 __be32 saddr, struct net_device *dev)
1435 struct in_device *in_dev = __in_dev_get_rcu(dev);
1436 __be32 skeys[2] = { saddr, 0 };
1437 int ikeys[2] = { dev->ifindex, 0 };
1438 struct inet_peer *peer;
1445 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
1446 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
1447 ipv4_is_zeronet(new_gw))
1448 goto reject_redirect;
1450 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
1451 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
1452 goto reject_redirect;
1453 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
1454 goto reject_redirect;
1456 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
1457 goto reject_redirect;
1460 for (s = 0; s < 2; s++) {
1461 for (i = 0; i < 2; i++) {
1463 struct rtable __rcu **rthp;
1466 hash = rt_hash(daddr, skeys[s], ikeys[i], rt_genid(net));
1468 rthp = &rt_hash_table[hash].chain;
1470 while ((rt = rcu_dereference(*rthp)) != NULL) {
1471 rthp = &rt->dst.rt_next;
1473 if (rt->rt_key_dst != daddr ||
1474 rt->rt_key_src != skeys[s] ||
1475 rt->rt_oif != ikeys[i] ||
1476 rt_is_input_route(rt) ||
1477 rt_is_expired(rt) ||
1478 !net_eq(dev_net(rt->dst.dev), net) ||
1480 rt->dst.dev != dev ||
1481 rt->rt_gateway != old_gw)
1484 peer = rt_get_peer_create(rt, rt->rt_dst);
1486 if (peer->redirect_learned.a4 != new_gw) {
1487 peer->redirect_learned.a4 = new_gw;
1488 atomic_inc(&__rt_peer_genid);
1490 check_peer_redir(&rt->dst, peer);
1498 #ifdef CONFIG_IP_ROUTE_VERBOSE
1499 if (IN_DEV_LOG_MARTIANS(in_dev))
1500 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
1501 " Advised path = %pI4 -> %pI4\n",
1502 &old_gw, dev->name, &new_gw,
1508 static bool peer_pmtu_expired(struct inet_peer *peer)
1510 unsigned long orig = ACCESS_ONCE(peer->pmtu_expires);
1513 time_after_eq(jiffies, orig) &&
1514 cmpxchg(&peer->pmtu_expires, orig, 0) == orig;
1517 static bool peer_pmtu_cleaned(struct inet_peer *peer)
1519 unsigned long orig = ACCESS_ONCE(peer->pmtu_expires);
1522 cmpxchg(&peer->pmtu_expires, orig, 0) == orig;
1525 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
1527 struct rtable *rt = (struct rtable *)dst;
1528 struct dst_entry *ret = dst;
1531 if (dst->obsolete > 0) {
1534 } else if (rt->rt_flags & RTCF_REDIRECTED) {
1535 unsigned int hash = rt_hash(rt->rt_key_dst, rt->rt_key_src,
1537 rt_genid(dev_net(dst->dev)));
1540 } else if (rt_has_peer(rt)) {
1541 struct inet_peer *peer = rt_peer_ptr(rt);
1542 if (peer_pmtu_expired(peer))
1543 dst_metric_set(dst, RTAX_MTU, peer->pmtu_orig);
1551 * 1. The first ip_rt_redirect_number redirects are sent
1552 * with exponential backoff, then we stop sending them at all,
1553 * assuming that the host ignores our redirects.
1554 * 2. If we did not see packets requiring redirects
1555 * during ip_rt_redirect_silence, we assume that the host
1556 * forgot redirected route and start to send redirects again.
1558 * This algorithm is much cheaper and more intelligent than dumb load limiting
1561 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
1562 * and "frag. need" (breaks PMTU discovery) in icmp.c.
1565 void ip_rt_send_redirect(struct sk_buff *skb)
1567 struct rtable *rt = skb_rtable(skb);
1568 struct in_device *in_dev;
1569 struct inet_peer *peer;
1573 in_dev = __in_dev_get_rcu(rt->dst.dev);
1574 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
1578 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
1581 peer = rt_get_peer_create(rt, rt->rt_dst);
1583 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1587 /* No redirected packets during ip_rt_redirect_silence;
1588 * reset the algorithm.
1590 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
1591 peer->rate_tokens = 0;
1593 /* Too many ignored redirects; do not send anything
1594 * set dst.rate_last to the last seen redirected packet.
1596 if (peer->rate_tokens >= ip_rt_redirect_number) {
1597 peer->rate_last = jiffies;
1601 /* Check for load limit; set rate_last to the latest sent
1604 if (peer->rate_tokens == 0 ||
1607 (ip_rt_redirect_load << peer->rate_tokens)))) {
1608 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1609 peer->rate_last = jiffies;
1610 ++peer->rate_tokens;
1611 #ifdef CONFIG_IP_ROUTE_VERBOSE
1613 peer->rate_tokens == ip_rt_redirect_number)
1614 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
1615 &ip_hdr(skb)->saddr, rt->rt_iif,
1616 &rt->rt_dst, &rt->rt_gateway);
1621 static int ip_error(struct sk_buff *skb)
1623 struct rtable *rt = skb_rtable(skb);
1624 struct inet_peer *peer;
1629 switch (rt->dst.error) {
1634 code = ICMP_HOST_UNREACH;
1637 code = ICMP_NET_UNREACH;
1638 IP_INC_STATS_BH(dev_net(rt->dst.dev),
1639 IPSTATS_MIB_INNOROUTES);
1642 code = ICMP_PKT_FILTERED;
1646 peer = rt_get_peer_create(rt, rt->rt_dst);
1651 peer->rate_tokens += now - peer->rate_last;
1652 if (peer->rate_tokens > ip_rt_error_burst)
1653 peer->rate_tokens = ip_rt_error_burst;
1654 peer->rate_last = now;
1655 if (peer->rate_tokens >= ip_rt_error_cost)
1656 peer->rate_tokens -= ip_rt_error_cost;
1661 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1663 out: kfree_skb(skb);
1668 * The last two values are not from the RFC but
1669 * are needed for AMPRnet AX.25 paths.
1672 static const unsigned short mtu_plateau[] =
1673 {32000, 17914, 8166, 4352, 2002, 1492, 576, 296, 216, 128 };
1675 static inline unsigned short guess_mtu(unsigned short old_mtu)
1679 for (i = 0; i < ARRAY_SIZE(mtu_plateau); i++)
1680 if (old_mtu > mtu_plateau[i])
1681 return mtu_plateau[i];
1685 unsigned short ip_rt_frag_needed(struct net *net, const struct iphdr *iph,
1686 unsigned short new_mtu,
1687 struct net_device *dev)
1689 unsigned short old_mtu = ntohs(iph->tot_len);
1690 unsigned short est_mtu = 0;
1691 struct inet_peer *peer;
1693 peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1);
1695 unsigned short mtu = new_mtu;
1697 if (new_mtu < 68 || new_mtu >= old_mtu) {
1698 /* BSD 4.2 derived systems incorrectly adjust
1699 * tot_len by the IP header length, and report
1700 * a zero MTU in the ICMP message.
1703 old_mtu >= 68 + (iph->ihl << 2))
1704 old_mtu -= iph->ihl << 2;
1705 mtu = guess_mtu(old_mtu);
1708 if (mtu < ip_rt_min_pmtu)
1709 mtu = ip_rt_min_pmtu;
1710 if (!peer->pmtu_expires || mtu < peer->pmtu_learned) {
1711 unsigned long pmtu_expires;
1713 pmtu_expires = jiffies + ip_rt_mtu_expires;
1718 peer->pmtu_learned = mtu;
1719 peer->pmtu_expires = pmtu_expires;
1720 atomic_inc(&__rt_peer_genid);
1725 return est_mtu ? : new_mtu;
1728 static void check_peer_pmtu(struct dst_entry *dst, struct inet_peer *peer)
1730 unsigned long expires = ACCESS_ONCE(peer->pmtu_expires);
1734 if (time_before(jiffies, expires)) {
1735 u32 orig_dst_mtu = dst_mtu(dst);
1736 if (peer->pmtu_learned < orig_dst_mtu) {
1737 if (!peer->pmtu_orig)
1738 peer->pmtu_orig = dst_metric_raw(dst, RTAX_MTU);
1739 dst_metric_set(dst, RTAX_MTU, peer->pmtu_learned);
1741 } else if (cmpxchg(&peer->pmtu_expires, expires, 0) == expires)
1742 dst_metric_set(dst, RTAX_MTU, peer->pmtu_orig);
1745 static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1747 struct rtable *rt = (struct rtable *) dst;
1748 struct inet_peer *peer;
1752 peer = rt_get_peer_create(rt, rt->rt_dst);
1754 unsigned long pmtu_expires = ACCESS_ONCE(peer->pmtu_expires);
1756 if (mtu < ip_rt_min_pmtu)
1757 mtu = ip_rt_min_pmtu;
1758 if (!pmtu_expires || mtu < peer->pmtu_learned) {
1760 pmtu_expires = jiffies + ip_rt_mtu_expires;
1764 peer->pmtu_learned = mtu;
1765 peer->pmtu_expires = pmtu_expires;
1767 atomic_inc(&__rt_peer_genid);
1768 rt->rt_peer_genid = rt_peer_genid();
1770 check_peer_pmtu(dst, peer);
1775 static void ipv4_validate_peer(struct rtable *rt)
1777 if (rt->rt_peer_genid != rt_peer_genid()) {
1778 struct inet_peer *peer = rt_get_peer(rt, rt->rt_dst);
1781 check_peer_pmtu(&rt->dst, peer);
1783 if (peer->redirect_learned.a4 &&
1784 peer->redirect_learned.a4 != rt->rt_gateway)
1785 check_peer_redir(&rt->dst, peer);
1788 rt->rt_peer_genid = rt_peer_genid();
1792 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1794 struct rtable *rt = (struct rtable *) dst;
1796 if (rt_is_expired(rt))
1798 ipv4_validate_peer(rt);
1802 static void ipv4_dst_destroy(struct dst_entry *dst)
1804 struct rtable *rt = (struct rtable *) dst;
1807 fib_info_put(rt->fi);
1810 if (rt_has_peer(rt)) {
1811 struct inet_peer *peer = rt_peer_ptr(rt);
1817 static void ipv4_link_failure(struct sk_buff *skb)
1821 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1823 rt = skb_rtable(skb);
1824 if (rt && rt_has_peer(rt)) {
1825 struct inet_peer *peer = rt_peer_ptr(rt);
1826 if (peer_pmtu_cleaned(peer))
1827 dst_metric_set(&rt->dst, RTAX_MTU, peer->pmtu_orig);
1831 static int ip_rt_bug(struct sk_buff *skb)
1833 pr_debug("%s: %pI4 -> %pI4, %s\n",
1834 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1835 skb->dev ? skb->dev->name : "?");
1842 We do not cache source address of outgoing interface,
1843 because it is used only by IP RR, TS and SRR options,
1844 so that it out of fast path.
1846 BTW remember: "addr" is allowed to be not aligned
1850 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1854 if (rt_is_output_route(rt))
1855 src = ip_hdr(skb)->saddr;
1857 struct fib_result res;
1863 memset(&fl4, 0, sizeof(fl4));
1864 fl4.daddr = iph->daddr;
1865 fl4.saddr = iph->saddr;
1866 fl4.flowi4_tos = RT_TOS(iph->tos);
1867 fl4.flowi4_oif = rt->dst.dev->ifindex;
1868 fl4.flowi4_iif = skb->dev->ifindex;
1869 fl4.flowi4_mark = skb->mark;
1872 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1873 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1875 src = inet_select_addr(rt->dst.dev, rt->rt_gateway,
1879 memcpy(addr, &src, 4);
1882 #ifdef CONFIG_IP_ROUTE_CLASSID
1883 static void set_class_tag(struct rtable *rt, u32 tag)
1885 if (!(rt->dst.tclassid & 0xFFFF))
1886 rt->dst.tclassid |= tag & 0xFFFF;
1887 if (!(rt->dst.tclassid & 0xFFFF0000))
1888 rt->dst.tclassid |= tag & 0xFFFF0000;
1892 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1894 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1897 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1899 if (advmss > 65535 - 40)
1900 advmss = 65535 - 40;
1905 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1907 const struct rtable *rt = (const struct rtable *) dst;
1908 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
1910 if (mtu && rt_is_output_route(rt))
1913 mtu = dst->dev->mtu;
1915 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1917 if (rt->rt_gateway != rt->rt_dst && mtu > 576)
1921 if (mtu > IP_MAX_MTU)
1927 static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4,
1928 struct fib_info *fi)
1930 struct inet_peer_base *base;
1931 struct inet_peer *peer;
1934 /* If a peer entry exists for this destination, we must hook
1935 * it up in order to get at cached metrics.
1937 if (fl4 && (fl4->flowi4_flags & FLOWI_FLAG_PRECOW_METRICS))
1940 base = inetpeer_base_ptr(rt->_peer);
1943 peer = inet_getpeer_v4(base, rt->rt_dst, create);
1945 __rt_set_peer(rt, peer);
1946 rt->rt_peer_genid = rt_peer_genid();
1947 if (inet_metrics_new(peer))
1948 memcpy(peer->metrics, fi->fib_metrics,
1949 sizeof(u32) * RTAX_MAX);
1950 dst_init_metrics(&rt->dst, peer->metrics, false);
1952 check_peer_pmtu(&rt->dst, peer);
1954 if (peer->redirect_learned.a4 &&
1955 peer->redirect_learned.a4 != rt->rt_gateway) {
1956 rt->rt_gateway = peer->redirect_learned.a4;
1957 rt->rt_flags |= RTCF_REDIRECTED;
1960 if (fi->fib_metrics != (u32 *) dst_default_metrics) {
1962 atomic_inc(&fi->fib_clntref);
1964 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1968 static void rt_set_nexthop(struct rtable *rt, const struct flowi4 *fl4,
1969 const struct fib_result *res,
1970 struct fib_info *fi, u16 type, u32 itag)
1972 struct dst_entry *dst = &rt->dst;
1975 if (FIB_RES_GW(*res) &&
1976 FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
1977 rt->rt_gateway = FIB_RES_GW(*res);
1978 rt_init_metrics(rt, fl4, fi);
1979 #ifdef CONFIG_IP_ROUTE_CLASSID
1980 dst->tclassid = FIB_RES_NH(*res).nh_tclassid;
1984 if (dst_mtu(dst) > IP_MAX_MTU)
1985 dst_metric_set(dst, RTAX_MTU, IP_MAX_MTU);
1986 if (dst_metric_raw(dst, RTAX_ADVMSS) > 65535 - 40)
1987 dst_metric_set(dst, RTAX_ADVMSS, 65535 - 40);
1989 #ifdef CONFIG_IP_ROUTE_CLASSID
1990 #ifdef CONFIG_IP_MULTIPLE_TABLES
1991 set_class_tag(rt, fib_rules_tclass(res));
1993 set_class_tag(rt, itag);
1997 static struct rtable *rt_dst_alloc(struct net_device *dev,
1998 bool nopolicy, bool noxfrm)
2000 return dst_alloc(&ipv4_dst_ops, dev, 1, -1,
2002 (nopolicy ? DST_NOPOLICY : 0) |
2003 (noxfrm ? DST_NOXFRM : 0));
2006 /* called in rcu_read_lock() section */
2007 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2008 u8 tos, struct net_device *dev, int our)
2013 struct in_device *in_dev = __in_dev_get_rcu(dev);
2017 /* Primary sanity checks. */
2022 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
2023 ipv4_is_loopback(saddr) || skb->protocol != htons(ETH_P_IP))
2026 if (ipv4_is_zeronet(saddr)) {
2027 if (!ipv4_is_local_multicast(daddr))
2029 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
2031 err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
2036 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
2037 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
2041 #ifdef CONFIG_IP_ROUTE_CLASSID
2042 rth->dst.tclassid = itag;
2044 rth->dst.output = ip_rt_bug;
2046 rth->rt_key_dst = daddr;
2047 rth->rt_key_src = saddr;
2048 rth->rt_genid = rt_genid(dev_net(dev));
2049 rth->rt_flags = RTCF_MULTICAST;
2050 rth->rt_type = RTN_MULTICAST;
2051 rth->rt_key_tos = tos;
2052 rth->rt_dst = daddr;
2053 rth->rt_src = saddr;
2054 rth->rt_route_iif = dev->ifindex;
2055 rth->rt_iif = dev->ifindex;
2057 rth->rt_mark = skb->mark;
2058 rth->rt_gateway = daddr;
2059 rth->rt_spec_dst= spec_dst;
2060 rth->rt_peer_genid = 0;
2061 rt_init_peer(rth, dev_net(dev)->ipv4.peers);
2064 rth->dst.input= ip_local_deliver;
2065 rth->rt_flags |= RTCF_LOCAL;
2068 #ifdef CONFIG_IP_MROUTE
2069 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
2070 rth->dst.input = ip_mr_input;
2072 RT_CACHE_STAT_INC(in_slow_mc);
2074 hash = rt_hash(daddr, saddr, dev->ifindex, rt_genid(dev_net(dev)));
2075 rth = rt_intern_hash(hash, rth, skb, dev->ifindex);
2076 return IS_ERR(rth) ? PTR_ERR(rth) : 0;
2087 static void ip_handle_martian_source(struct net_device *dev,
2088 struct in_device *in_dev,
2089 struct sk_buff *skb,
2093 RT_CACHE_STAT_INC(in_martian_src);
2094 #ifdef CONFIG_IP_ROUTE_VERBOSE
2095 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
2097 * RFC1812 recommendation, if source is martian,
2098 * the only hint is MAC header.
2100 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
2101 &daddr, &saddr, dev->name);
2102 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
2103 print_hex_dump(KERN_WARNING, "ll header: ",
2104 DUMP_PREFIX_OFFSET, 16, 1,
2105 skb_mac_header(skb),
2106 dev->hard_header_len, true);
2112 /* called in rcu_read_lock() section */
2113 static int __mkroute_input(struct sk_buff *skb,
2114 const struct fib_result *res,
2115 struct in_device *in_dev,
2116 __be32 daddr, __be32 saddr, u32 tos,
2117 struct rtable **result)
2121 struct in_device *out_dev;
2122 unsigned int flags = 0;
2126 /* get a working reference to the output device */
2127 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
2128 if (out_dev == NULL) {
2129 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
2134 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
2135 in_dev->dev, &spec_dst, &itag);
2137 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
2144 flags |= RTCF_DIRECTSRC;
2146 if (out_dev == in_dev && err &&
2147 (IN_DEV_SHARED_MEDIA(out_dev) ||
2148 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
2149 flags |= RTCF_DOREDIRECT;
2151 if (skb->protocol != htons(ETH_P_IP)) {
2152 /* Not IP (i.e. ARP). Do not create route, if it is
2153 * invalid for proxy arp. DNAT routes are always valid.
2155 * Proxy arp feature have been extended to allow, ARP
2156 * replies back to the same interface, to support
2157 * Private VLAN switch technologies. See arp.c.
2159 if (out_dev == in_dev &&
2160 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
2166 rth = rt_dst_alloc(out_dev->dev,
2167 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2168 IN_DEV_CONF_GET(out_dev, NOXFRM));
2174 rth->rt_key_dst = daddr;
2175 rth->rt_key_src = saddr;
2176 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
2177 rth->rt_flags = flags;
2178 rth->rt_type = res->type;
2179 rth->rt_key_tos = tos;
2180 rth->rt_dst = daddr;
2181 rth->rt_src = saddr;
2182 rth->rt_route_iif = in_dev->dev->ifindex;
2183 rth->rt_iif = in_dev->dev->ifindex;
2185 rth->rt_mark = skb->mark;
2186 rth->rt_gateway = daddr;
2187 rth->rt_spec_dst= spec_dst;
2188 rth->rt_peer_genid = 0;
2189 rt_init_peer(rth, dev_net(rth->dst.dev)->ipv4.peers);
2192 rth->dst.input = ip_forward;
2193 rth->dst.output = ip_output;
2195 rt_set_nexthop(rth, NULL, res, res->fi, res->type, itag);
2203 static int ip_mkroute_input(struct sk_buff *skb,
2204 struct fib_result *res,
2205 const struct flowi4 *fl4,
2206 struct in_device *in_dev,
2207 __be32 daddr, __be32 saddr, u32 tos)
2209 struct rtable *rth = NULL;
2213 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2214 if (res->fi && res->fi->fib_nhs > 1)
2215 fib_select_multipath(res);
2218 /* create a routing cache entry */
2219 err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
2223 /* put it into the cache */
2224 hash = rt_hash(daddr, saddr, fl4->flowi4_iif,
2225 rt_genid(dev_net(rth->dst.dev)));
2226 rth = rt_intern_hash(hash, rth, skb, fl4->flowi4_iif);
2228 return PTR_ERR(rth);
2233 * NOTE. We drop all the packets that has local source
2234 * addresses, because every properly looped back packet
2235 * must have correct destination already attached by output routine.
2237 * Such approach solves two big problems:
2238 * 1. Not simplex devices are handled properly.
2239 * 2. IP spoofing attempts are filtered with 100% of guarantee.
2240 * called with rcu_read_lock()
2243 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2244 u8 tos, struct net_device *dev)
2246 struct fib_result res;
2247 struct in_device *in_dev = __in_dev_get_rcu(dev);
2249 unsigned int flags = 0;
2255 struct net *net = dev_net(dev);
2257 /* IP on this device is disabled. */
2262 /* Check for the most weird martians, which can be not detected
2266 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
2267 ipv4_is_loopback(saddr))
2268 goto martian_source;
2270 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
2273 /* Accept zero addresses only to limited broadcast;
2274 * I even do not know to fix it or not. Waiting for complains :-)
2276 if (ipv4_is_zeronet(saddr))
2277 goto martian_source;
2279 if (ipv4_is_zeronet(daddr) || ipv4_is_loopback(daddr))
2280 goto martian_destination;
2283 * Now we are ready to route packet.
2286 fl4.flowi4_iif = dev->ifindex;
2287 fl4.flowi4_mark = skb->mark;
2288 fl4.flowi4_tos = tos;
2289 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
2292 err = fib_lookup(net, &fl4, &res);
2294 if (!IN_DEV_FORWARD(in_dev))
2299 RT_CACHE_STAT_INC(in_slow_tot);
2301 if (res.type == RTN_BROADCAST)
2304 if (res.type == RTN_LOCAL) {
2305 err = fib_validate_source(skb, saddr, daddr, tos,
2306 net->loopback_dev->ifindex,
2307 dev, &spec_dst, &itag);
2309 goto martian_source_keep_err;
2311 flags |= RTCF_DIRECTSRC;
2316 if (!IN_DEV_FORWARD(in_dev))
2318 if (res.type != RTN_UNICAST)
2319 goto martian_destination;
2321 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
2325 if (skb->protocol != htons(ETH_P_IP))
2328 if (ipv4_is_zeronet(saddr))
2329 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
2331 err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
2334 goto martian_source_keep_err;
2336 flags |= RTCF_DIRECTSRC;
2338 flags |= RTCF_BROADCAST;
2339 res.type = RTN_BROADCAST;
2340 RT_CACHE_STAT_INC(in_brd);
2343 rth = rt_dst_alloc(net->loopback_dev,
2344 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
2348 rth->dst.input= ip_local_deliver;
2349 rth->dst.output= ip_rt_bug;
2350 #ifdef CONFIG_IP_ROUTE_CLASSID
2351 rth->dst.tclassid = itag;
2354 rth->rt_key_dst = daddr;
2355 rth->rt_key_src = saddr;
2356 rth->rt_genid = rt_genid(net);
2357 rth->rt_flags = flags|RTCF_LOCAL;
2358 rth->rt_type = res.type;
2359 rth->rt_key_tos = tos;
2360 rth->rt_dst = daddr;
2361 rth->rt_src = saddr;
2362 #ifdef CONFIG_IP_ROUTE_CLASSID
2363 rth->dst.tclassid = itag;
2365 rth->rt_route_iif = dev->ifindex;
2366 rth->rt_iif = dev->ifindex;
2368 rth->rt_mark = skb->mark;
2369 rth->rt_gateway = daddr;
2370 rth->rt_spec_dst= spec_dst;
2371 rth->rt_peer_genid = 0;
2372 rt_init_peer(rth, net->ipv4.peers);
2374 if (res.type == RTN_UNREACHABLE) {
2375 rth->dst.input= ip_error;
2376 rth->dst.error= -err;
2377 rth->rt_flags &= ~RTCF_LOCAL;
2379 hash = rt_hash(daddr, saddr, fl4.flowi4_iif, rt_genid(net));
2380 rth = rt_intern_hash(hash, rth, skb, fl4.flowi4_iif);
2387 RT_CACHE_STAT_INC(in_no_route);
2388 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
2389 res.type = RTN_UNREACHABLE;
2395 * Do not cache martian addresses: they should be logged (RFC1812)
2397 martian_destination:
2398 RT_CACHE_STAT_INC(in_martian_dst);
2399 #ifdef CONFIG_IP_ROUTE_VERBOSE
2400 if (IN_DEV_LOG_MARTIANS(in_dev))
2401 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2402 &daddr, &saddr, dev->name);
2406 err = -EHOSTUNREACH;
2419 martian_source_keep_err:
2420 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2424 int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2425 u8 tos, struct net_device *dev, bool noref)
2429 int iif = dev->ifindex;
2437 if (!rt_caching(net))
2440 tos &= IPTOS_RT_MASK;
2441 hash = rt_hash(daddr, saddr, iif, rt_genid(net));
2443 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
2444 rth = rcu_dereference(rth->dst.rt_next)) {
2445 if ((((__force u32)rth->rt_key_dst ^ (__force u32)daddr) |
2446 ((__force u32)rth->rt_key_src ^ (__force u32)saddr) |
2447 (rth->rt_route_iif ^ iif) |
2448 (rth->rt_key_tos ^ tos)) == 0 &&
2449 rth->rt_mark == skb->mark &&
2450 net_eq(dev_net(rth->dst.dev), net) &&
2451 !rt_is_expired(rth)) {
2452 ipv4_validate_peer(rth);
2454 dst_use_noref(&rth->dst, jiffies);
2455 skb_dst_set_noref(skb, &rth->dst);
2457 dst_use(&rth->dst, jiffies);
2458 skb_dst_set(skb, &rth->dst);
2460 RT_CACHE_STAT_INC(in_hit);
2464 RT_CACHE_STAT_INC(in_hlist_search);
2468 /* Multicast recognition logic is moved from route cache to here.
2469 The problem was that too many Ethernet cards have broken/missing
2470 hardware multicast filters :-( As result the host on multicasting
2471 network acquires a lot of useless route cache entries, sort of
2472 SDR messages from all the world. Now we try to get rid of them.
2473 Really, provided software IP multicast filter is organized
2474 reasonably (at least, hashed), it does not result in a slowdown
2475 comparing with route cache reject entries.
2476 Note, that multicast routers are not affected, because
2477 route cache entry is created eventually.
2479 if (ipv4_is_multicast(daddr)) {
2480 struct in_device *in_dev = __in_dev_get_rcu(dev);
2483 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
2484 ip_hdr(skb)->protocol);
2486 #ifdef CONFIG_IP_MROUTE
2488 (!ipv4_is_local_multicast(daddr) &&
2489 IN_DEV_MFORWARD(in_dev))
2492 int res = ip_route_input_mc(skb, daddr, saddr,
2501 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
2505 EXPORT_SYMBOL(ip_route_input_common);
2507 /* called with rcu_read_lock() */
2508 static struct rtable *__mkroute_output(const struct fib_result *res,
2509 const struct flowi4 *fl4,
2510 __be32 orig_daddr, __be32 orig_saddr,
2511 int orig_oif, __u8 orig_rtos,
2512 struct net_device *dev_out,
2515 struct fib_info *fi = res->fi;
2516 struct in_device *in_dev;
2517 u16 type = res->type;
2520 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
2521 return ERR_PTR(-EINVAL);
2523 if (ipv4_is_lbcast(fl4->daddr))
2524 type = RTN_BROADCAST;
2525 else if (ipv4_is_multicast(fl4->daddr))
2526 type = RTN_MULTICAST;
2527 else if (ipv4_is_zeronet(fl4->daddr))
2528 return ERR_PTR(-EINVAL);
2530 if (dev_out->flags & IFF_LOOPBACK)
2531 flags |= RTCF_LOCAL;
2533 in_dev = __in_dev_get_rcu(dev_out);
2535 return ERR_PTR(-EINVAL);
2537 if (type == RTN_BROADCAST) {
2538 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2540 } else if (type == RTN_MULTICAST) {
2541 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2542 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2544 flags &= ~RTCF_LOCAL;
2545 /* If multicast route do not exist use
2546 * default one, but do not gateway in this case.
2549 if (fi && res->prefixlen < 4)
2553 rth = rt_dst_alloc(dev_out,
2554 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2555 IN_DEV_CONF_GET(in_dev, NOXFRM));
2557 return ERR_PTR(-ENOBUFS);
2559 rth->dst.output = ip_output;
2561 rth->rt_key_dst = orig_daddr;
2562 rth->rt_key_src = orig_saddr;
2563 rth->rt_genid = rt_genid(dev_net(dev_out));
2564 rth->rt_flags = flags;
2565 rth->rt_type = type;
2566 rth->rt_key_tos = orig_rtos;
2567 rth->rt_dst = fl4->daddr;
2568 rth->rt_src = fl4->saddr;
2569 rth->rt_route_iif = 0;
2570 rth->rt_iif = orig_oif ? : dev_out->ifindex;
2571 rth->rt_oif = orig_oif;
2572 rth->rt_mark = fl4->flowi4_mark;
2573 rth->rt_gateway = fl4->daddr;
2574 rth->rt_spec_dst= fl4->saddr;
2575 rth->rt_peer_genid = 0;
2576 rt_init_peer(rth, dev_net(dev_out)->ipv4.peers);
2579 RT_CACHE_STAT_INC(out_slow_tot);
2581 if (flags & RTCF_LOCAL) {
2582 rth->dst.input = ip_local_deliver;
2583 rth->rt_spec_dst = fl4->daddr;
2585 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2586 rth->rt_spec_dst = fl4->saddr;
2587 if (flags & RTCF_LOCAL &&
2588 !(dev_out->flags & IFF_LOOPBACK)) {
2589 rth->dst.output = ip_mc_output;
2590 RT_CACHE_STAT_INC(out_slow_mc);
2592 #ifdef CONFIG_IP_MROUTE
2593 if (type == RTN_MULTICAST) {
2594 if (IN_DEV_MFORWARD(in_dev) &&
2595 !ipv4_is_local_multicast(fl4->daddr)) {
2596 rth->dst.input = ip_mr_input;
2597 rth->dst.output = ip_mc_output;
2603 rt_set_nexthop(rth, fl4, res, fi, type, 0);
2609 * Major route resolver routine.
2610 * called with rcu_read_lock();
2613 static struct rtable *ip_route_output_slow(struct net *net, struct flowi4 *fl4)
2615 struct net_device *dev_out = NULL;
2616 __u8 tos = RT_FL_TOS(fl4);
2617 unsigned int flags = 0;
2618 struct fib_result res;
2625 #ifdef CONFIG_IP_MULTIPLE_TABLES
2629 orig_daddr = fl4->daddr;
2630 orig_saddr = fl4->saddr;
2631 orig_oif = fl4->flowi4_oif;
2633 fl4->flowi4_iif = net->loopback_dev->ifindex;
2634 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2635 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2636 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2640 rth = ERR_PTR(-EINVAL);
2641 if (ipv4_is_multicast(fl4->saddr) ||
2642 ipv4_is_lbcast(fl4->saddr) ||
2643 ipv4_is_zeronet(fl4->saddr))
2646 /* I removed check for oif == dev_out->oif here.
2647 It was wrong for two reasons:
2648 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2649 is assigned to multiple interfaces.
2650 2. Moreover, we are allowed to send packets with saddr
2651 of another iface. --ANK
2654 if (fl4->flowi4_oif == 0 &&
2655 (ipv4_is_multicast(fl4->daddr) ||
2656 ipv4_is_lbcast(fl4->daddr))) {
2657 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2658 dev_out = __ip_dev_find(net, fl4->saddr, false);
2659 if (dev_out == NULL)
2662 /* Special hack: user can direct multicasts
2663 and limited broadcast via necessary interface
2664 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2665 This hack is not just for fun, it allows
2666 vic,vat and friends to work.
2667 They bind socket to loopback, set ttl to zero
2668 and expect that it will work.
2669 From the viewpoint of routing cache they are broken,
2670 because we are not allowed to build multicast path
2671 with loopback source addr (look, routing cache
2672 cannot know, that ttl is zero, so that packet
2673 will not leave this host and route is valid).
2674 Luckily, this hack is good workaround.
2677 fl4->flowi4_oif = dev_out->ifindex;
2681 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2682 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2683 if (!__ip_dev_find(net, fl4->saddr, false))
2689 if (fl4->flowi4_oif) {
2690 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2691 rth = ERR_PTR(-ENODEV);
2692 if (dev_out == NULL)
2695 /* RACE: Check return value of inet_select_addr instead. */
2696 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2697 rth = ERR_PTR(-ENETUNREACH);
2700 if (ipv4_is_local_multicast(fl4->daddr) ||
2701 ipv4_is_lbcast(fl4->daddr)) {
2703 fl4->saddr = inet_select_addr(dev_out, 0,
2708 if (ipv4_is_multicast(fl4->daddr))
2709 fl4->saddr = inet_select_addr(dev_out, 0,
2711 else if (!fl4->daddr)
2712 fl4->saddr = inet_select_addr(dev_out, 0,
2718 fl4->daddr = fl4->saddr;
2720 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2721 dev_out = net->loopback_dev;
2722 fl4->flowi4_oif = net->loopback_dev->ifindex;
2723 res.type = RTN_LOCAL;
2724 flags |= RTCF_LOCAL;
2728 if (fib_lookup(net, fl4, &res)) {
2730 if (fl4->flowi4_oif) {
2731 /* Apparently, routing tables are wrong. Assume,
2732 that the destination is on link.
2735 Because we are allowed to send to iface
2736 even if it has NO routes and NO assigned
2737 addresses. When oif is specified, routing
2738 tables are looked up with only one purpose:
2739 to catch if destination is gatewayed, rather than
2740 direct. Moreover, if MSG_DONTROUTE is set,
2741 we send packet, ignoring both routing tables
2742 and ifaddr state. --ANK
2745 We could make it even if oif is unknown,
2746 likely IPv6, but we do not.
2749 if (fl4->saddr == 0)
2750 fl4->saddr = inet_select_addr(dev_out, 0,
2752 res.type = RTN_UNICAST;
2755 rth = ERR_PTR(-ENETUNREACH);
2759 if (res.type == RTN_LOCAL) {
2761 if (res.fi->fib_prefsrc)
2762 fl4->saddr = res.fi->fib_prefsrc;
2764 fl4->saddr = fl4->daddr;
2766 dev_out = net->loopback_dev;
2767 fl4->flowi4_oif = dev_out->ifindex;
2769 flags |= RTCF_LOCAL;
2773 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2774 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2775 fib_select_multipath(&res);
2778 if (!res.prefixlen &&
2779 res.table->tb_num_default > 1 &&
2780 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2781 fib_select_default(&res);
2784 fl4->saddr = FIB_RES_PREFSRC(net, res);
2786 dev_out = FIB_RES_DEV(res);
2787 fl4->flowi4_oif = dev_out->ifindex;
2791 rth = __mkroute_output(&res, fl4, orig_daddr, orig_saddr, orig_oif,
2792 tos, dev_out, flags);
2796 hash = rt_hash(orig_daddr, orig_saddr, orig_oif,
2797 rt_genid(dev_net(dev_out)));
2798 rth = rt_intern_hash(hash, rth, NULL, orig_oif);
2806 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *flp4)
2811 if (!rt_caching(net))
2814 hash = rt_hash(flp4->daddr, flp4->saddr, flp4->flowi4_oif, rt_genid(net));
2817 for (rth = rcu_dereference_bh(rt_hash_table[hash].chain); rth;
2818 rth = rcu_dereference_bh(rth->dst.rt_next)) {
2819 if (rth->rt_key_dst == flp4->daddr &&
2820 rth->rt_key_src == flp4->saddr &&
2821 rt_is_output_route(rth) &&
2822 rth->rt_oif == flp4->flowi4_oif &&
2823 rth->rt_mark == flp4->flowi4_mark &&
2824 !((rth->rt_key_tos ^ flp4->flowi4_tos) &
2825 (IPTOS_RT_MASK | RTO_ONLINK)) &&
2826 net_eq(dev_net(rth->dst.dev), net) &&
2827 !rt_is_expired(rth)) {
2828 ipv4_validate_peer(rth);
2829 dst_use(&rth->dst, jiffies);
2830 RT_CACHE_STAT_INC(out_hit);
2831 rcu_read_unlock_bh();
2833 flp4->saddr = rth->rt_src;
2835 flp4->daddr = rth->rt_dst;
2838 RT_CACHE_STAT_INC(out_hlist_search);
2840 rcu_read_unlock_bh();
2843 return ip_route_output_slow(net, flp4);
2845 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2847 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2852 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2854 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2856 return mtu ? : dst->dev->mtu;
2859 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2863 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2869 static struct dst_ops ipv4_dst_blackhole_ops = {
2871 .protocol = cpu_to_be16(ETH_P_IP),
2872 .destroy = ipv4_dst_destroy,
2873 .check = ipv4_blackhole_dst_check,
2874 .mtu = ipv4_blackhole_mtu,
2875 .default_advmss = ipv4_default_advmss,
2876 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2877 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2878 .neigh_lookup = ipv4_neigh_lookup,
2881 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2883 struct rtable *rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, 0, 0);
2884 struct rtable *ort = (struct rtable *) dst_orig;
2887 struct dst_entry *new = &rt->dst;
2890 new->input = dst_discard;
2891 new->output = dst_discard;
2892 dst_copy_metrics(new, &ort->dst);
2894 new->dev = ort->dst.dev;
2898 rt->rt_key_dst = ort->rt_key_dst;
2899 rt->rt_key_src = ort->rt_key_src;
2900 rt->rt_key_tos = ort->rt_key_tos;
2901 rt->rt_route_iif = ort->rt_route_iif;
2902 rt->rt_iif = ort->rt_iif;
2903 rt->rt_oif = ort->rt_oif;
2904 rt->rt_mark = ort->rt_mark;
2906 rt->rt_genid = rt_genid(net);
2907 rt->rt_flags = ort->rt_flags;
2908 rt->rt_type = ort->rt_type;
2909 rt->rt_dst = ort->rt_dst;
2910 rt->rt_src = ort->rt_src;
2911 rt->rt_gateway = ort->rt_gateway;
2912 rt->rt_spec_dst = ort->rt_spec_dst;
2913 rt_transfer_peer(rt, ort);
2916 atomic_inc(&rt->fi->fib_clntref);
2921 dst_release(dst_orig);
2923 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2926 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2929 struct rtable *rt = __ip_route_output_key(net, flp4);
2934 if (flp4->flowi4_proto)
2935 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2936 flowi4_to_flowi(flp4),
2941 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2943 static int rt_fill_info(struct net *net,
2944 struct sk_buff *skb, u32 pid, u32 seq, int event,
2945 int nowait, unsigned int flags)
2947 struct rtable *rt = skb_rtable(skb);
2949 struct nlmsghdr *nlh;
2950 unsigned long expires = 0;
2951 u32 id = 0, ts = 0, tsage = 0, error;
2953 nlh = nlmsg_put(skb, pid, seq, event, sizeof(*r), flags);
2957 r = nlmsg_data(nlh);
2958 r->rtm_family = AF_INET;
2959 r->rtm_dst_len = 32;
2961 r->rtm_tos = rt->rt_key_tos;
2962 r->rtm_table = RT_TABLE_MAIN;
2963 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2964 goto nla_put_failure;
2965 r->rtm_type = rt->rt_type;
2966 r->rtm_scope = RT_SCOPE_UNIVERSE;
2967 r->rtm_protocol = RTPROT_UNSPEC;
2968 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2969 if (rt->rt_flags & RTCF_NOTIFY)
2970 r->rtm_flags |= RTM_F_NOTIFY;
2972 if (nla_put_be32(skb, RTA_DST, rt->rt_dst))
2973 goto nla_put_failure;
2974 if (rt->rt_key_src) {
2975 r->rtm_src_len = 32;
2976 if (nla_put_be32(skb, RTA_SRC, rt->rt_key_src))
2977 goto nla_put_failure;
2980 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2981 goto nla_put_failure;
2982 #ifdef CONFIG_IP_ROUTE_CLASSID
2983 if (rt->dst.tclassid &&
2984 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2985 goto nla_put_failure;
2987 if (rt_is_input_route(rt)) {
2988 if (nla_put_be32(skb, RTA_PREFSRC, rt->rt_spec_dst))
2989 goto nla_put_failure;
2990 } else if (rt->rt_src != rt->rt_key_src) {
2991 if (nla_put_be32(skb, RTA_PREFSRC, rt->rt_src))
2992 goto nla_put_failure;
2994 if (rt->rt_dst != rt->rt_gateway &&
2995 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2996 goto nla_put_failure;
2998 if (rtnetlink_put_metrics(skb, dst_metrics_ptr(&rt->dst)) < 0)
2999 goto nla_put_failure;
3002 nla_put_be32(skb, RTA_MARK, rt->rt_mark))
3003 goto nla_put_failure;
3005 error = rt->dst.error;
3006 if (rt_has_peer(rt)) {
3007 const struct inet_peer *peer = rt_peer_ptr(rt);
3008 inet_peer_refcheck(peer);
3009 id = atomic_read(&peer->ip_id_count) & 0xffff;
3010 if (peer->tcp_ts_stamp) {
3012 tsage = get_seconds() - peer->tcp_ts_stamp;
3014 expires = ACCESS_ONCE(peer->pmtu_expires);
3016 if (time_before(jiffies, expires))
3023 if (rt_is_input_route(rt)) {
3024 #ifdef CONFIG_IP_MROUTE
3025 __be32 dst = rt->rt_dst;
3027 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
3028 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
3029 int err = ipmr_get_route(net, skb,
3030 rt->rt_src, rt->rt_dst,
3036 goto nla_put_failure;
3038 if (err == -EMSGSIZE)
3039 goto nla_put_failure;
3045 if (nla_put_u32(skb, RTA_IIF, rt->rt_iif))
3046 goto nla_put_failure;
3049 if (rtnl_put_cacheinfo(skb, &rt->dst, id, ts, tsage,
3050 expires, error) < 0)
3051 goto nla_put_failure;
3053 return nlmsg_end(skb, nlh);
3056 nlmsg_cancel(skb, nlh);
3060 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void *arg)
3062 struct net *net = sock_net(in_skb->sk);
3064 struct nlattr *tb[RTA_MAX+1];
3065 struct rtable *rt = NULL;
3071 struct sk_buff *skb;
3073 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
3077 rtm = nlmsg_data(nlh);
3079 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3085 /* Reserve room for dummy headers, this skb can pass
3086 through good chunk of routing engine.
3088 skb_reset_mac_header(skb);
3089 skb_reset_network_header(skb);
3091 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
3092 ip_hdr(skb)->protocol = IPPROTO_ICMP;
3093 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
3095 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
3096 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
3097 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
3098 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
3101 struct net_device *dev;
3103 dev = __dev_get_by_index(net, iif);
3109 skb->protocol = htons(ETH_P_IP);
3113 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
3116 rt = skb_rtable(skb);
3117 if (err == 0 && rt->dst.error)
3118 err = -rt->dst.error;
3120 struct flowi4 fl4 = {
3123 .flowi4_tos = rtm->rtm_tos,
3124 .flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0,
3125 .flowi4_mark = mark,
3127 rt = ip_route_output_key(net, &fl4);
3137 skb_dst_set(skb, &rt->dst);
3138 if (rtm->rtm_flags & RTM_F_NOTIFY)
3139 rt->rt_flags |= RTCF_NOTIFY;
3141 err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
3142 RTM_NEWROUTE, 0, 0);
3146 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
3155 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
3162 net = sock_net(skb->sk);
3167 s_idx = idx = cb->args[1];
3168 for (h = s_h; h <= rt_hash_mask; h++, s_idx = 0) {
3169 if (!rt_hash_table[h].chain)
3172 for (rt = rcu_dereference_bh(rt_hash_table[h].chain), idx = 0; rt;
3173 rt = rcu_dereference_bh(rt->dst.rt_next), idx++) {
3174 if (!net_eq(dev_net(rt->dst.dev), net) || idx < s_idx)
3176 if (rt_is_expired(rt))
3178 skb_dst_set_noref(skb, &rt->dst);
3179 if (rt_fill_info(net, skb, NETLINK_CB(cb->skb).pid,
3180 cb->nlh->nlmsg_seq, RTM_NEWROUTE,
3181 1, NLM_F_MULTI) <= 0) {
3183 rcu_read_unlock_bh();
3188 rcu_read_unlock_bh();
3197 void ip_rt_multicast_event(struct in_device *in_dev)
3199 rt_cache_flush(dev_net(in_dev->dev), 0);
3202 #ifdef CONFIG_SYSCTL
3203 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
3204 void __user *buffer,
3205 size_t *lenp, loff_t *ppos)
3212 memcpy(&ctl, __ctl, sizeof(ctl));
3213 ctl.data = &flush_delay;
3214 proc_dointvec(&ctl, write, buffer, lenp, ppos);
3216 net = (struct net *)__ctl->extra1;
3217 rt_cache_flush(net, flush_delay);
3224 static ctl_table ipv4_route_table[] = {
3226 .procname = "gc_thresh",
3227 .data = &ipv4_dst_ops.gc_thresh,
3228 .maxlen = sizeof(int),
3230 .proc_handler = proc_dointvec,
3233 .procname = "max_size",
3234 .data = &ip_rt_max_size,
3235 .maxlen = sizeof(int),
3237 .proc_handler = proc_dointvec,
3240 /* Deprecated. Use gc_min_interval_ms */
3242 .procname = "gc_min_interval",
3243 .data = &ip_rt_gc_min_interval,
3244 .maxlen = sizeof(int),
3246 .proc_handler = proc_dointvec_jiffies,
3249 .procname = "gc_min_interval_ms",
3250 .data = &ip_rt_gc_min_interval,
3251 .maxlen = sizeof(int),
3253 .proc_handler = proc_dointvec_ms_jiffies,
3256 .procname = "gc_timeout",
3257 .data = &ip_rt_gc_timeout,
3258 .maxlen = sizeof(int),
3260 .proc_handler = proc_dointvec_jiffies,
3263 .procname = "gc_interval",
3264 .data = &ip_rt_gc_interval,
3265 .maxlen = sizeof(int),
3267 .proc_handler = proc_dointvec_jiffies,
3270 .procname = "redirect_load",
3271 .data = &ip_rt_redirect_load,
3272 .maxlen = sizeof(int),
3274 .proc_handler = proc_dointvec,
3277 .procname = "redirect_number",
3278 .data = &ip_rt_redirect_number,
3279 .maxlen = sizeof(int),
3281 .proc_handler = proc_dointvec,
3284 .procname = "redirect_silence",
3285 .data = &ip_rt_redirect_silence,
3286 .maxlen = sizeof(int),
3288 .proc_handler = proc_dointvec,
3291 .procname = "error_cost",
3292 .data = &ip_rt_error_cost,
3293 .maxlen = sizeof(int),
3295 .proc_handler = proc_dointvec,
3298 .procname = "error_burst",
3299 .data = &ip_rt_error_burst,
3300 .maxlen = sizeof(int),
3302 .proc_handler = proc_dointvec,
3305 .procname = "gc_elasticity",
3306 .data = &ip_rt_gc_elasticity,
3307 .maxlen = sizeof(int),
3309 .proc_handler = proc_dointvec,
3312 .procname = "mtu_expires",
3313 .data = &ip_rt_mtu_expires,
3314 .maxlen = sizeof(int),
3316 .proc_handler = proc_dointvec_jiffies,
3319 .procname = "min_pmtu",
3320 .data = &ip_rt_min_pmtu,
3321 .maxlen = sizeof(int),
3323 .proc_handler = proc_dointvec,
3326 .procname = "min_adv_mss",
3327 .data = &ip_rt_min_advmss,
3328 .maxlen = sizeof(int),
3330 .proc_handler = proc_dointvec,
3335 static struct ctl_table ipv4_route_flush_table[] = {
3337 .procname = "flush",
3338 .maxlen = sizeof(int),
3340 .proc_handler = ipv4_sysctl_rtcache_flush,
3345 static __net_init int sysctl_route_net_init(struct net *net)
3347 struct ctl_table *tbl;
3349 tbl = ipv4_route_flush_table;
3350 if (!net_eq(net, &init_net)) {
3351 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3355 tbl[0].extra1 = net;
3357 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
3358 if (net->ipv4.route_hdr == NULL)
3363 if (tbl != ipv4_route_flush_table)
3369 static __net_exit void sysctl_route_net_exit(struct net *net)
3371 struct ctl_table *tbl;
3373 tbl = net->ipv4.route_hdr->ctl_table_arg;
3374 unregister_net_sysctl_table(net->ipv4.route_hdr);
3375 BUG_ON(tbl == ipv4_route_flush_table);
3379 static __net_initdata struct pernet_operations sysctl_route_ops = {
3380 .init = sysctl_route_net_init,
3381 .exit = sysctl_route_net_exit,
3385 static __net_init int rt_genid_init(struct net *net)
3387 get_random_bytes(&net->ipv4.rt_genid,
3388 sizeof(net->ipv4.rt_genid));
3389 get_random_bytes(&net->ipv4.dev_addr_genid,
3390 sizeof(net->ipv4.dev_addr_genid));
3394 static __net_initdata struct pernet_operations rt_genid_ops = {
3395 .init = rt_genid_init,
3398 static int __net_init ipv4_inetpeer_init(struct net *net)
3400 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3404 inet_peer_base_init(bp);
3405 net->ipv4.peers = bp;
3409 static void __net_exit ipv4_inetpeer_exit(struct net *net)
3411 struct inet_peer_base *bp = net->ipv4.peers;
3413 net->ipv4.peers = NULL;
3414 inetpeer_invalidate_tree(bp);
3418 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
3419 .init = ipv4_inetpeer_init,
3420 .exit = ipv4_inetpeer_exit,
3423 #ifdef CONFIG_IP_ROUTE_CLASSID
3424 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3425 #endif /* CONFIG_IP_ROUTE_CLASSID */
3427 static __initdata unsigned long rhash_entries;
3428 static int __init set_rhash_entries(char *str)
3435 ret = kstrtoul(str, 0, &rhash_entries);
3441 __setup("rhash_entries=", set_rhash_entries);
3443 int __init ip_rt_init(void)
3447 #ifdef CONFIG_IP_ROUTE_CLASSID
3448 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3450 panic("IP: failed to allocate ip_rt_acct\n");
3453 ipv4_dst_ops.kmem_cachep =
3454 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3455 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3457 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3459 if (dst_entries_init(&ipv4_dst_ops) < 0)
3460 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3462 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3463 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3465 rt_hash_table = (struct rt_hash_bucket *)
3466 alloc_large_system_hash("IP route cache",
3467 sizeof(struct rt_hash_bucket),
3469 (totalram_pages >= 128 * 1024) ?
3475 rhash_entries ? 0 : 512 * 1024);
3476 memset(rt_hash_table, 0, (rt_hash_mask + 1) * sizeof(struct rt_hash_bucket));
3477 rt_hash_lock_init();
3479 ipv4_dst_ops.gc_thresh = (rt_hash_mask + 1);
3480 ip_rt_max_size = (rt_hash_mask + 1) * 16;
3485 INIT_DELAYED_WORK_DEFERRABLE(&expires_work, rt_worker_func);
3486 expires_ljiffies = jiffies;
3487 schedule_delayed_work(&expires_work,
3488 net_random() % ip_rt_gc_interval + ip_rt_gc_interval);
3490 if (ip_rt_proc_init())
3491 pr_err("Unable to create route proc files\n");
3494 xfrm4_init(ip_rt_max_size);
3496 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
3498 #ifdef CONFIG_SYSCTL
3499 register_pernet_subsys(&sysctl_route_ops);
3501 register_pernet_subsys(&rt_genid_ops);
3502 register_pernet_subsys(&ipv4_inetpeer_ops);
3506 #ifdef CONFIG_SYSCTL
3508 * We really need to sanitize the damn ipv4 init order, then all
3509 * this nonsense will go away.
3511 void __init ip_static_sysctl_init(void)
3513 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);