1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
7 * ROUTE - implementation of the IP router.
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
13 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
16 * Alan Cox : Verify area fixes.
17 * Alan Cox : cli() protects routing changes
18 * Rui Oliveira : ICMP routing table updates
19 * (rco@di.uminho.pt) Routing table insertion and update
20 * Linus Torvalds : Rewrote bits to be sensible
21 * Alan Cox : Added BSD route gw semantics
22 * Alan Cox : Super /proc >4K
23 * Alan Cox : MTU in route table
24 * Alan Cox : MSS actually. Also added the window
26 * Sam Lantinga : Fixed route matching in rt_del()
27 * Alan Cox : Routing cache support.
28 * Alan Cox : Removed compatibility cruft.
29 * Alan Cox : RTF_REJECT support.
30 * Alan Cox : TCP irtt support.
31 * Jonathan Naylor : Added Metric support.
32 * Miquel van Smoorenburg : BSD API fixes.
33 * Miquel van Smoorenburg : Metrics.
34 * Alan Cox : Use __u32 properly
35 * Alan Cox : Aligned routing errors more closely with BSD
36 * our system is still very different.
37 * Alan Cox : Faster /proc handling
38 * Alexey Kuznetsov : Massive rework to support tree based routing,
39 * routing caches and better behaviour.
41 * Olaf Erb : irtt wasn't being copied right.
42 * Bjorn Ekwall : Kerneld route support.
43 * Alan Cox : Multicast fixed (I hope)
44 * Pavel Krauz : Limited broadcast fixed
45 * Mike McLagan : Routing by source
46 * Alexey Kuznetsov : End of old history. Split to fib.c and
47 * route.c and rewritten from scratch.
48 * Andi Kleen : Load-limit warning messages.
49 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
50 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
51 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
52 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
53 * Marc Boucher : routing by fwmark
54 * Robert Olsson : Added rt_cache statistics
55 * Arnaldo C. Melo : Convert proc stuff to seq_file
56 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
57 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
58 * Ilia Sotnikov : Removed TOS from hash calculations
61 #define pr_fmt(fmt) "IPv4: " fmt
63 #include <linux/module.h>
64 #include <linux/uaccess.h>
65 #include <linux/bitops.h>
66 #include <linux/types.h>
67 #include <linux/kernel.h>
69 #include <linux/string.h>
70 #include <linux/socket.h>
71 #include <linux/sockios.h>
72 #include <linux/errno.h>
74 #include <linux/inet.h>
75 #include <linux/netdevice.h>
76 #include <linux/proc_fs.h>
77 #include <linux/init.h>
78 #include <linux/skbuff.h>
79 #include <linux/inetdevice.h>
80 #include <linux/igmp.h>
81 #include <linux/pkt_sched.h>
82 #include <linux/mroute.h>
83 #include <linux/netfilter_ipv4.h>
84 #include <linux/random.h>
85 #include <linux/rcupdate.h>
86 #include <linux/times.h>
87 #include <linux/slab.h>
88 #include <linux/jhash.h>
90 #include <net/dst_metadata.h>
91 #include <net/net_namespace.h>
92 #include <net/protocol.h>
94 #include <net/route.h>
95 #include <net/inetpeer.h>
97 #include <net/ip_fib.h>
98 #include <net/nexthop.h>
101 #include <net/icmp.h>
102 #include <net/xfrm.h>
103 #include <net/lwtunnel.h>
104 #include <net/netevent.h>
105 #include <net/rtnetlink.h>
107 #include <linux/sysctl.h>
109 #include <net/secure_seq.h>
110 #include <net/ip_tunnels.h>
111 #include <net/l3mdev.h>
113 #include "fib_lookup.h"
115 #define RT_FL_TOS(oldflp4) \
116 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
118 #define RT_GC_TIMEOUT (300*HZ)
120 static int ip_rt_max_size;
121 static int ip_rt_redirect_number __read_mostly = 9;
122 static int ip_rt_redirect_load __read_mostly = HZ / 50;
123 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
124 static int ip_rt_error_cost __read_mostly = HZ;
125 static int ip_rt_error_burst __read_mostly = 5 * HZ;
126 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
127 static u32 ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
128 static int ip_rt_min_advmss __read_mostly = 256;
130 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
133 * Interface to generic destination cache.
136 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
137 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
138 static unsigned int ipv4_mtu(const struct dst_entry *dst);
139 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
140 static void ipv4_link_failure(struct sk_buff *skb);
141 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb, u32 mtu,
144 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb);
146 static void ipv4_dst_destroy(struct dst_entry *dst);
148 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
154 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
157 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr);
159 static struct dst_ops ipv4_dst_ops = {
161 .check = ipv4_dst_check,
162 .default_advmss = ipv4_default_advmss,
164 .cow_metrics = ipv4_cow_metrics,
165 .destroy = ipv4_dst_destroy,
166 .negative_advice = ipv4_negative_advice,
167 .link_failure = ipv4_link_failure,
168 .update_pmtu = ip_rt_update_pmtu,
169 .redirect = ip_do_redirect,
170 .local_out = __ip_local_out,
171 .neigh_lookup = ipv4_neigh_lookup,
172 .confirm_neigh = ipv4_confirm_neigh,
175 #define ECN_OR_COST(class) TC_PRIO_##class
177 const __u8 ip_tos2prio[16] = {
179 ECN_OR_COST(BESTEFFORT),
181 ECN_OR_COST(BESTEFFORT),
187 ECN_OR_COST(INTERACTIVE),
189 ECN_OR_COST(INTERACTIVE),
190 TC_PRIO_INTERACTIVE_BULK,
191 ECN_OR_COST(INTERACTIVE_BULK),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK)
195 EXPORT_SYMBOL(ip_tos2prio);
197 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
198 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
200 #ifdef CONFIG_PROC_FS
201 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
205 return SEQ_START_TOKEN;
208 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
214 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
218 static int rt_cache_seq_show(struct seq_file *seq, void *v)
220 if (v == SEQ_START_TOKEN)
221 seq_printf(seq, "%-127s\n",
222 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
223 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
228 static const struct seq_operations rt_cache_seq_ops = {
229 .start = rt_cache_seq_start,
230 .next = rt_cache_seq_next,
231 .stop = rt_cache_seq_stop,
232 .show = rt_cache_seq_show,
235 static int rt_cache_seq_open(struct inode *inode, struct file *file)
237 return seq_open(file, &rt_cache_seq_ops);
240 static const struct proc_ops rt_cache_proc_ops = {
241 .proc_open = rt_cache_seq_open,
242 .proc_read = seq_read,
243 .proc_lseek = seq_lseek,
244 .proc_release = seq_release,
248 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
253 return SEQ_START_TOKEN;
255 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
256 if (!cpu_possible(cpu))
259 return &per_cpu(rt_cache_stat, cpu);
264 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
268 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
269 if (!cpu_possible(cpu))
272 return &per_cpu(rt_cache_stat, cpu);
279 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
284 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
286 struct rt_cache_stat *st = v;
288 if (v == SEQ_START_TOKEN) {
289 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
293 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
294 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
295 dst_entries_get_slow(&ipv4_dst_ops),
308 0, /* st->gc_total */
309 0, /* st->gc_ignored */
310 0, /* st->gc_goal_miss */
311 0, /* st->gc_dst_overflow */
312 0, /* st->in_hlist_search */
313 0 /* st->out_hlist_search */
318 static const struct seq_operations rt_cpu_seq_ops = {
319 .start = rt_cpu_seq_start,
320 .next = rt_cpu_seq_next,
321 .stop = rt_cpu_seq_stop,
322 .show = rt_cpu_seq_show,
326 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
328 return seq_open(file, &rt_cpu_seq_ops);
331 static const struct proc_ops rt_cpu_proc_ops = {
332 .proc_open = rt_cpu_seq_open,
333 .proc_read = seq_read,
334 .proc_lseek = seq_lseek,
335 .proc_release = seq_release,
338 #ifdef CONFIG_IP_ROUTE_CLASSID
339 static int rt_acct_proc_show(struct seq_file *m, void *v)
341 struct ip_rt_acct *dst, *src;
344 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
348 for_each_possible_cpu(i) {
349 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
350 for (j = 0; j < 256; j++) {
351 dst[j].o_bytes += src[j].o_bytes;
352 dst[j].o_packets += src[j].o_packets;
353 dst[j].i_bytes += src[j].i_bytes;
354 dst[j].i_packets += src[j].i_packets;
358 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
364 static int __net_init ip_rt_do_proc_init(struct net *net)
366 struct proc_dir_entry *pde;
368 pde = proc_create("rt_cache", 0444, net->proc_net,
373 pde = proc_create("rt_cache", 0444,
374 net->proc_net_stat, &rt_cpu_proc_ops);
378 #ifdef CONFIG_IP_ROUTE_CLASSID
379 pde = proc_create_single("rt_acct", 0, net->proc_net,
386 #ifdef CONFIG_IP_ROUTE_CLASSID
388 remove_proc_entry("rt_cache", net->proc_net_stat);
391 remove_proc_entry("rt_cache", net->proc_net);
396 static void __net_exit ip_rt_do_proc_exit(struct net *net)
398 remove_proc_entry("rt_cache", net->proc_net_stat);
399 remove_proc_entry("rt_cache", net->proc_net);
400 #ifdef CONFIG_IP_ROUTE_CLASSID
401 remove_proc_entry("rt_acct", net->proc_net);
405 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
406 .init = ip_rt_do_proc_init,
407 .exit = ip_rt_do_proc_exit,
410 static int __init ip_rt_proc_init(void)
412 return register_pernet_subsys(&ip_rt_proc_ops);
416 static inline int ip_rt_proc_init(void)
420 #endif /* CONFIG_PROC_FS */
422 static inline bool rt_is_expired(const struct rtable *rth)
424 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
427 void rt_cache_flush(struct net *net)
429 rt_genid_bump_ipv4(net);
432 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
436 const struct rtable *rt = container_of(dst, struct rtable, dst);
437 struct net_device *dev = dst->dev;
442 if (likely(rt->rt_gw_family == AF_INET)) {
443 n = ip_neigh_gw4(dev, rt->rt_gw4);
444 } else if (rt->rt_gw_family == AF_INET6) {
445 n = ip_neigh_gw6(dev, &rt->rt_gw6);
449 pkey = skb ? ip_hdr(skb)->daddr : *((__be32 *) daddr);
450 n = ip_neigh_gw4(dev, pkey);
453 if (!IS_ERR(n) && !refcount_inc_not_zero(&n->refcnt))
456 rcu_read_unlock_bh();
461 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr)
463 const struct rtable *rt = container_of(dst, struct rtable, dst);
464 struct net_device *dev = dst->dev;
465 const __be32 *pkey = daddr;
467 if (rt->rt_gw_family == AF_INET) {
468 pkey = (const __be32 *)&rt->rt_gw4;
469 } else if (rt->rt_gw_family == AF_INET6) {
470 return __ipv6_confirm_neigh_stub(dev, &rt->rt_gw6);
473 (RTCF_MULTICAST | RTCF_BROADCAST | RTCF_LOCAL))) {
476 __ipv4_confirm_neigh(dev, *(__force u32 *)pkey);
479 #define IP_IDENTS_SZ 2048u
481 static atomic_t *ip_idents __read_mostly;
482 static u32 *ip_tstamps __read_mostly;
484 /* In order to protect privacy, we add a perturbation to identifiers
485 * if one generator is seldom used. This makes hard for an attacker
486 * to infer how many packets were sent between two points in time.
488 u32 ip_idents_reserve(u32 hash, int segs)
490 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
491 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
492 u32 old = READ_ONCE(*p_tstamp);
493 u32 now = (u32)jiffies;
496 if (old != now && cmpxchg(p_tstamp, old, now) == old)
497 delta = prandom_u32_max(now - old);
499 /* If UBSAN reports an error there, please make sure your compiler
500 * supports -fno-strict-overflow before reporting it that was a bug
501 * in UBSAN, and it has been fixed in GCC-8.
503 return atomic_add_return(segs + delta, p_id) - segs;
505 EXPORT_SYMBOL(ip_idents_reserve);
507 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
511 /* Note the following code is not safe, but this is okay. */
512 if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
513 get_random_bytes(&net->ipv4.ip_id_key,
514 sizeof(net->ipv4.ip_id_key));
516 hash = siphash_3u32((__force u32)iph->daddr,
517 (__force u32)iph->saddr,
519 &net->ipv4.ip_id_key);
520 id = ip_idents_reserve(hash, segs);
523 EXPORT_SYMBOL(__ip_select_ident);
525 static void __build_flow_key(const struct net *net, struct flowi4 *fl4,
526 const struct sock *sk,
527 const struct iphdr *iph,
529 u8 prot, u32 mark, int flow_flags)
532 const struct inet_sock *inet = inet_sk(sk);
534 oif = sk->sk_bound_dev_if;
536 tos = RT_CONN_FLAGS(sk);
537 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
539 flowi4_init_output(fl4, oif, mark, tos,
540 RT_SCOPE_UNIVERSE, prot,
542 iph->daddr, iph->saddr, 0, 0,
543 sock_net_uid(net, sk));
546 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
547 const struct sock *sk)
549 const struct net *net = dev_net(skb->dev);
550 const struct iphdr *iph = ip_hdr(skb);
551 int oif = skb->dev->ifindex;
552 u8 tos = RT_TOS(iph->tos);
553 u8 prot = iph->protocol;
554 u32 mark = skb->mark;
556 __build_flow_key(net, fl4, sk, iph, oif, tos, prot, mark, 0);
559 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
561 const struct inet_sock *inet = inet_sk(sk);
562 const struct ip_options_rcu *inet_opt;
563 __be32 daddr = inet->inet_daddr;
566 inet_opt = rcu_dereference(inet->inet_opt);
567 if (inet_opt && inet_opt->opt.srr)
568 daddr = inet_opt->opt.faddr;
569 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
570 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
571 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
572 inet_sk_flowi_flags(sk),
573 daddr, inet->inet_saddr, 0, 0, sk->sk_uid);
577 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
578 const struct sk_buff *skb)
581 build_skb_flow_key(fl4, skb, sk);
583 build_sk_flow_key(fl4, sk);
586 static DEFINE_SPINLOCK(fnhe_lock);
588 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
592 rt = rcu_dereference(fnhe->fnhe_rth_input);
594 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
595 dst_dev_put(&rt->dst);
596 dst_release(&rt->dst);
598 rt = rcu_dereference(fnhe->fnhe_rth_output);
600 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
601 dst_dev_put(&rt->dst);
602 dst_release(&rt->dst);
606 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
608 struct fib_nh_exception *fnhe, *oldest;
610 oldest = rcu_dereference(hash->chain);
611 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
612 fnhe = rcu_dereference(fnhe->fnhe_next)) {
613 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
616 fnhe_flush_routes(oldest);
620 static inline u32 fnhe_hashfun(__be32 daddr)
622 static u32 fnhe_hashrnd __read_mostly;
625 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
626 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
627 return hash_32(hval, FNHE_HASH_SHIFT);
630 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
632 rt->rt_pmtu = fnhe->fnhe_pmtu;
633 rt->rt_mtu_locked = fnhe->fnhe_mtu_locked;
634 rt->dst.expires = fnhe->fnhe_expires;
637 rt->rt_flags |= RTCF_REDIRECTED;
638 rt->rt_uses_gateway = 1;
639 rt->rt_gw_family = AF_INET;
640 rt->rt_gw4 = fnhe->fnhe_gw;
644 static void update_or_create_fnhe(struct fib_nh_common *nhc, __be32 daddr,
645 __be32 gw, u32 pmtu, bool lock,
646 unsigned long expires)
648 struct fnhe_hash_bucket *hash;
649 struct fib_nh_exception *fnhe;
655 genid = fnhe_genid(dev_net(nhc->nhc_dev));
656 hval = fnhe_hashfun(daddr);
658 spin_lock_bh(&fnhe_lock);
660 hash = rcu_dereference(nhc->nhc_exceptions);
662 hash = kcalloc(FNHE_HASH_SIZE, sizeof(*hash), GFP_ATOMIC);
665 rcu_assign_pointer(nhc->nhc_exceptions, hash);
671 for (fnhe = rcu_dereference(hash->chain); fnhe;
672 fnhe = rcu_dereference(fnhe->fnhe_next)) {
673 if (fnhe->fnhe_daddr == daddr)
679 if (fnhe->fnhe_genid != genid)
680 fnhe->fnhe_genid = genid;
684 fnhe->fnhe_pmtu = pmtu;
685 fnhe->fnhe_mtu_locked = lock;
687 fnhe->fnhe_expires = max(1UL, expires);
688 /* Update all cached dsts too */
689 rt = rcu_dereference(fnhe->fnhe_rth_input);
691 fill_route_from_fnhe(rt, fnhe);
692 rt = rcu_dereference(fnhe->fnhe_rth_output);
694 fill_route_from_fnhe(rt, fnhe);
696 if (depth > FNHE_RECLAIM_DEPTH)
697 fnhe = fnhe_oldest(hash);
699 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
703 fnhe->fnhe_next = hash->chain;
704 rcu_assign_pointer(hash->chain, fnhe);
706 fnhe->fnhe_genid = genid;
707 fnhe->fnhe_daddr = daddr;
709 fnhe->fnhe_pmtu = pmtu;
710 fnhe->fnhe_mtu_locked = lock;
711 fnhe->fnhe_expires = max(1UL, expires);
713 /* Exception created; mark the cached routes for the nexthop
714 * stale, so anyone caching it rechecks if this exception
717 rt = rcu_dereference(nhc->nhc_rth_input);
719 rt->dst.obsolete = DST_OBSOLETE_KILL;
721 for_each_possible_cpu(i) {
722 struct rtable __rcu **prt;
723 prt = per_cpu_ptr(nhc->nhc_pcpu_rth_output, i);
724 rt = rcu_dereference(*prt);
726 rt->dst.obsolete = DST_OBSOLETE_KILL;
730 fnhe->fnhe_stamp = jiffies;
733 spin_unlock_bh(&fnhe_lock);
736 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
739 __be32 new_gw = icmp_hdr(skb)->un.gateway;
740 __be32 old_gw = ip_hdr(skb)->saddr;
741 struct net_device *dev = skb->dev;
742 struct in_device *in_dev;
743 struct fib_result res;
747 switch (icmp_hdr(skb)->code & 7) {
749 case ICMP_REDIR_NETTOS:
750 case ICMP_REDIR_HOST:
751 case ICMP_REDIR_HOSTTOS:
758 if (rt->rt_gw_family != AF_INET || rt->rt_gw4 != old_gw)
761 in_dev = __in_dev_get_rcu(dev);
766 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
767 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
768 ipv4_is_zeronet(new_gw))
769 goto reject_redirect;
771 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
772 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
773 goto reject_redirect;
774 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
775 goto reject_redirect;
777 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
778 goto reject_redirect;
781 n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
783 n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
785 if (!(n->nud_state & NUD_VALID)) {
786 neigh_event_send(n, NULL);
788 if (fib_lookup(net, fl4, &res, 0) == 0) {
789 struct fib_nh_common *nhc = FIB_RES_NHC(res);
791 update_or_create_fnhe(nhc, fl4->daddr, new_gw,
793 jiffies + ip_rt_gc_timeout);
796 rt->dst.obsolete = DST_OBSOLETE_KILL;
797 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
804 #ifdef CONFIG_IP_ROUTE_VERBOSE
805 if (IN_DEV_LOG_MARTIANS(in_dev)) {
806 const struct iphdr *iph = (const struct iphdr *) skb->data;
807 __be32 daddr = iph->daddr;
808 __be32 saddr = iph->saddr;
810 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
811 " Advised path = %pI4 -> %pI4\n",
812 &old_gw, dev->name, &new_gw,
819 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
823 const struct iphdr *iph = (const struct iphdr *) skb->data;
824 struct net *net = dev_net(skb->dev);
825 int oif = skb->dev->ifindex;
826 u8 tos = RT_TOS(iph->tos);
827 u8 prot = iph->protocol;
828 u32 mark = skb->mark;
830 rt = (struct rtable *) dst;
832 __build_flow_key(net, &fl4, sk, iph, oif, tos, prot, mark, 0);
833 __ip_do_redirect(rt, skb, &fl4, true);
836 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
838 struct rtable *rt = (struct rtable *)dst;
839 struct dst_entry *ret = dst;
842 if (dst->obsolete > 0) {
845 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
856 * 1. The first ip_rt_redirect_number redirects are sent
857 * with exponential backoff, then we stop sending them at all,
858 * assuming that the host ignores our redirects.
859 * 2. If we did not see packets requiring redirects
860 * during ip_rt_redirect_silence, we assume that the host
861 * forgot redirected route and start to send redirects again.
863 * This algorithm is much cheaper and more intelligent than dumb load limiting
866 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
867 * and "frag. need" (breaks PMTU discovery) in icmp.c.
870 void ip_rt_send_redirect(struct sk_buff *skb)
872 struct rtable *rt = skb_rtable(skb);
873 struct in_device *in_dev;
874 struct inet_peer *peer;
880 in_dev = __in_dev_get_rcu(rt->dst.dev);
881 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
885 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
886 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
889 net = dev_net(rt->dst.dev);
890 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
892 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
893 rt_nexthop(rt, ip_hdr(skb)->daddr));
897 /* No redirected packets during ip_rt_redirect_silence;
898 * reset the algorithm.
900 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence)) {
901 peer->rate_tokens = 0;
902 peer->n_redirects = 0;
905 /* Too many ignored redirects; do not send anything
906 * set dst.rate_last to the last seen redirected packet.
908 if (peer->n_redirects >= ip_rt_redirect_number) {
909 peer->rate_last = jiffies;
913 /* Check for load limit; set rate_last to the latest sent
916 if (peer->n_redirects == 0 ||
919 (ip_rt_redirect_load << peer->n_redirects)))) {
920 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
922 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
923 peer->rate_last = jiffies;
925 #ifdef CONFIG_IP_ROUTE_VERBOSE
927 peer->n_redirects == ip_rt_redirect_number)
928 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
929 &ip_hdr(skb)->saddr, inet_iif(skb),
930 &ip_hdr(skb)->daddr, &gw);
937 static int ip_error(struct sk_buff *skb)
939 struct rtable *rt = skb_rtable(skb);
940 struct net_device *dev = skb->dev;
941 struct in_device *in_dev;
942 struct inet_peer *peer;
948 if (netif_is_l3_master(skb->dev)) {
949 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
954 in_dev = __in_dev_get_rcu(dev);
956 /* IP on this device is disabled. */
960 net = dev_net(rt->dst.dev);
961 if (!IN_DEV_FORWARD(in_dev)) {
962 switch (rt->dst.error) {
964 __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
968 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
974 switch (rt->dst.error) {
979 code = ICMP_HOST_UNREACH;
982 code = ICMP_NET_UNREACH;
983 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
986 code = ICMP_PKT_FILTERED;
990 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
991 l3mdev_master_ifindex(skb->dev), 1);
996 peer->rate_tokens += now - peer->rate_last;
997 if (peer->rate_tokens > ip_rt_error_burst)
998 peer->rate_tokens = ip_rt_error_burst;
999 peer->rate_last = now;
1000 if (peer->rate_tokens >= ip_rt_error_cost)
1001 peer->rate_tokens -= ip_rt_error_cost;
1007 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1009 out: kfree_skb(skb);
1013 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
1015 struct dst_entry *dst = &rt->dst;
1016 u32 old_mtu = ipv4_mtu(dst);
1017 struct fib_result res;
1020 if (ip_mtu_locked(dst))
1026 if (mtu < ip_rt_min_pmtu) {
1028 mtu = min(old_mtu, ip_rt_min_pmtu);
1031 if (rt->rt_pmtu == mtu && !lock &&
1032 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
1036 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
1037 struct fib_nh_common *nhc = FIB_RES_NHC(res);
1039 update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
1040 jiffies + ip_rt_mtu_expires);
1045 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1046 struct sk_buff *skb, u32 mtu,
1049 struct rtable *rt = (struct rtable *) dst;
1052 ip_rt_build_flow_key(&fl4, sk, skb);
1053 __ip_rt_update_pmtu(rt, &fl4, mtu);
1056 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1057 int oif, u8 protocol)
1059 const struct iphdr *iph = (const struct iphdr *) skb->data;
1062 u32 mark = IP4_REPLY_MARK(net, skb->mark);
1064 __build_flow_key(net, &fl4, NULL, iph, oif,
1065 RT_TOS(iph->tos), protocol, mark, 0);
1066 rt = __ip_route_output_key(net, &fl4);
1068 __ip_rt_update_pmtu(rt, &fl4, mtu);
1072 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1074 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1076 const struct iphdr *iph = (const struct iphdr *) skb->data;
1080 __build_flow_key(sock_net(sk), &fl4, sk, iph, 0, 0, 0, 0, 0);
1082 if (!fl4.flowi4_mark)
1083 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1085 rt = __ip_route_output_key(sock_net(sk), &fl4);
1087 __ip_rt_update_pmtu(rt, &fl4, mtu);
1092 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1094 const struct iphdr *iph = (const struct iphdr *) skb->data;
1097 struct dst_entry *odst = NULL;
1099 struct net *net = sock_net(sk);
1103 if (!ip_sk_accept_pmtu(sk))
1106 odst = sk_dst_get(sk);
1108 if (sock_owned_by_user(sk) || !odst) {
1109 __ipv4_sk_update_pmtu(skb, sk, mtu);
1113 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1115 rt = (struct rtable *)odst;
1116 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1117 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1124 __ip_rt_update_pmtu((struct rtable *) xfrm_dst_path(&rt->dst), &fl4, mtu);
1126 if (!dst_check(&rt->dst, 0)) {
1128 dst_release(&rt->dst);
1130 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1138 sk_dst_set(sk, &rt->dst);
1144 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1146 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1147 int oif, u8 protocol)
1149 const struct iphdr *iph = (const struct iphdr *) skb->data;
1153 __build_flow_key(net, &fl4, NULL, iph, oif,
1154 RT_TOS(iph->tos), protocol, 0, 0);
1155 rt = __ip_route_output_key(net, &fl4);
1157 __ip_do_redirect(rt, skb, &fl4, false);
1161 EXPORT_SYMBOL_GPL(ipv4_redirect);
1163 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1165 const struct iphdr *iph = (const struct iphdr *) skb->data;
1168 struct net *net = sock_net(sk);
1170 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1171 rt = __ip_route_output_key(net, &fl4);
1173 __ip_do_redirect(rt, skb, &fl4, false);
1177 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1179 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1181 struct rtable *rt = (struct rtable *) dst;
1183 /* All IPV4 dsts are created with ->obsolete set to the value
1184 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1185 * into this function always.
1187 * When a PMTU/redirect information update invalidates a route,
1188 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1189 * DST_OBSOLETE_DEAD.
1191 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1196 static void ipv4_send_dest_unreach(struct sk_buff *skb)
1198 struct ip_options opt;
1201 /* Recompile ip options since IPCB may not be valid anymore.
1202 * Also check we have a reasonable ipv4 header.
1204 if (!pskb_network_may_pull(skb, sizeof(struct iphdr)) ||
1205 ip_hdr(skb)->version != 4 || ip_hdr(skb)->ihl < 5)
1208 memset(&opt, 0, sizeof(opt));
1209 if (ip_hdr(skb)->ihl > 5) {
1210 if (!pskb_network_may_pull(skb, ip_hdr(skb)->ihl * 4))
1212 opt.optlen = ip_hdr(skb)->ihl * 4 - sizeof(struct iphdr);
1215 res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL);
1221 __icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0, &opt);
1224 static void ipv4_link_failure(struct sk_buff *skb)
1228 ipv4_send_dest_unreach(skb);
1230 rt = skb_rtable(skb);
1232 dst_set_expires(&rt->dst, 0);
1235 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1237 pr_debug("%s: %pI4 -> %pI4, %s\n",
1238 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1239 skb->dev ? skb->dev->name : "?");
1246 We do not cache source address of outgoing interface,
1247 because it is used only by IP RR, TS and SRR options,
1248 so that it out of fast path.
1250 BTW remember: "addr" is allowed to be not aligned
1254 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1258 if (rt_is_output_route(rt))
1259 src = ip_hdr(skb)->saddr;
1261 struct fib_result res;
1262 struct iphdr *iph = ip_hdr(skb);
1263 struct flowi4 fl4 = {
1264 .daddr = iph->daddr,
1265 .saddr = iph->saddr,
1266 .flowi4_tos = RT_TOS(iph->tos),
1267 .flowi4_oif = rt->dst.dev->ifindex,
1268 .flowi4_iif = skb->dev->ifindex,
1269 .flowi4_mark = skb->mark,
1273 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1274 src = fib_result_prefsrc(dev_net(rt->dst.dev), &res);
1276 src = inet_select_addr(rt->dst.dev,
1277 rt_nexthop(rt, iph->daddr),
1281 memcpy(addr, &src, 4);
1284 #ifdef CONFIG_IP_ROUTE_CLASSID
1285 static void set_class_tag(struct rtable *rt, u32 tag)
1287 if (!(rt->dst.tclassid & 0xFFFF))
1288 rt->dst.tclassid |= tag & 0xFFFF;
1289 if (!(rt->dst.tclassid & 0xFFFF0000))
1290 rt->dst.tclassid |= tag & 0xFFFF0000;
1294 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1296 unsigned int header_size = sizeof(struct tcphdr) + sizeof(struct iphdr);
1297 unsigned int advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
1300 return min(advmss, IPV4_MAX_PMTU - header_size);
1303 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1305 const struct rtable *rt = (const struct rtable *) dst;
1306 unsigned int mtu = rt->rt_pmtu;
1308 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1309 mtu = dst_metric_raw(dst, RTAX_MTU);
1314 mtu = READ_ONCE(dst->dev->mtu);
1316 if (unlikely(ip_mtu_locked(dst))) {
1317 if (rt->rt_uses_gateway && mtu > 576)
1321 mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
1323 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1326 static void ip_del_fnhe(struct fib_nh_common *nhc, __be32 daddr)
1328 struct fnhe_hash_bucket *hash;
1329 struct fib_nh_exception *fnhe, __rcu **fnhe_p;
1330 u32 hval = fnhe_hashfun(daddr);
1332 spin_lock_bh(&fnhe_lock);
1334 hash = rcu_dereference_protected(nhc->nhc_exceptions,
1335 lockdep_is_held(&fnhe_lock));
1338 fnhe_p = &hash->chain;
1339 fnhe = rcu_dereference_protected(*fnhe_p, lockdep_is_held(&fnhe_lock));
1341 if (fnhe->fnhe_daddr == daddr) {
1342 rcu_assign_pointer(*fnhe_p, rcu_dereference_protected(
1343 fnhe->fnhe_next, lockdep_is_held(&fnhe_lock)));
1344 /* set fnhe_daddr to 0 to ensure it won't bind with
1345 * new dsts in rt_bind_exception().
1347 fnhe->fnhe_daddr = 0;
1348 fnhe_flush_routes(fnhe);
1349 kfree_rcu(fnhe, rcu);
1352 fnhe_p = &fnhe->fnhe_next;
1353 fnhe = rcu_dereference_protected(fnhe->fnhe_next,
1354 lockdep_is_held(&fnhe_lock));
1357 spin_unlock_bh(&fnhe_lock);
1360 static struct fib_nh_exception *find_exception(struct fib_nh_common *nhc,
1363 struct fnhe_hash_bucket *hash = rcu_dereference(nhc->nhc_exceptions);
1364 struct fib_nh_exception *fnhe;
1370 hval = fnhe_hashfun(daddr);
1372 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1373 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1374 if (fnhe->fnhe_daddr == daddr) {
1375 if (fnhe->fnhe_expires &&
1376 time_after(jiffies, fnhe->fnhe_expires)) {
1377 ip_del_fnhe(nhc, daddr);
1387 * 1. mtu on route is locked - use it
1388 * 2. mtu from nexthop exception
1389 * 3. mtu from egress device
1392 u32 ip_mtu_from_fib_result(struct fib_result *res, __be32 daddr)
1394 struct fib_nh_common *nhc = res->nhc;
1395 struct net_device *dev = nhc->nhc_dev;
1396 struct fib_info *fi = res->fi;
1399 if (dev_net(dev)->ipv4.sysctl_ip_fwd_use_pmtu ||
1400 fi->fib_metrics->metrics[RTAX_LOCK - 1] & (1 << RTAX_MTU))
1404 struct fib_nh_exception *fnhe;
1406 fnhe = find_exception(nhc, daddr);
1407 if (fnhe && !time_after_eq(jiffies, fnhe->fnhe_expires))
1408 mtu = fnhe->fnhe_pmtu;
1412 mtu = min(READ_ONCE(dev->mtu), IP_MAX_MTU);
1414 return mtu - lwtunnel_headroom(nhc->nhc_lwtstate, mtu);
1417 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1418 __be32 daddr, const bool do_cache)
1422 spin_lock_bh(&fnhe_lock);
1424 if (daddr == fnhe->fnhe_daddr) {
1425 struct rtable __rcu **porig;
1426 struct rtable *orig;
1427 int genid = fnhe_genid(dev_net(rt->dst.dev));
1429 if (rt_is_input_route(rt))
1430 porig = &fnhe->fnhe_rth_input;
1432 porig = &fnhe->fnhe_rth_output;
1433 orig = rcu_dereference(*porig);
1435 if (fnhe->fnhe_genid != genid) {
1436 fnhe->fnhe_genid = genid;
1438 fnhe->fnhe_pmtu = 0;
1439 fnhe->fnhe_expires = 0;
1440 fnhe->fnhe_mtu_locked = false;
1441 fnhe_flush_routes(fnhe);
1444 fill_route_from_fnhe(rt, fnhe);
1447 rt->rt_gw_family = AF_INET;
1452 rcu_assign_pointer(*porig, rt);
1454 dst_dev_put(&orig->dst);
1455 dst_release(&orig->dst);
1460 fnhe->fnhe_stamp = jiffies;
1462 spin_unlock_bh(&fnhe_lock);
1467 static bool rt_cache_route(struct fib_nh_common *nhc, struct rtable *rt)
1469 struct rtable *orig, *prev, **p;
1472 if (rt_is_input_route(rt)) {
1473 p = (struct rtable **)&nhc->nhc_rth_input;
1475 p = (struct rtable **)raw_cpu_ptr(nhc->nhc_pcpu_rth_output);
1479 /* hold dst before doing cmpxchg() to avoid race condition
1483 prev = cmpxchg(p, orig, rt);
1486 rt_add_uncached_list(orig);
1487 dst_release(&orig->dst);
1490 dst_release(&rt->dst);
1497 struct uncached_list {
1499 struct list_head head;
1502 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1504 void rt_add_uncached_list(struct rtable *rt)
1506 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1508 rt->rt_uncached_list = ul;
1510 spin_lock_bh(&ul->lock);
1511 list_add_tail(&rt->rt_uncached, &ul->head);
1512 spin_unlock_bh(&ul->lock);
1515 void rt_del_uncached_list(struct rtable *rt)
1517 if (!list_empty(&rt->rt_uncached)) {
1518 struct uncached_list *ul = rt->rt_uncached_list;
1520 spin_lock_bh(&ul->lock);
1521 list_del(&rt->rt_uncached);
1522 spin_unlock_bh(&ul->lock);
1526 static void ipv4_dst_destroy(struct dst_entry *dst)
1528 struct rtable *rt = (struct rtable *)dst;
1530 ip_dst_metrics_put(dst);
1531 rt_del_uncached_list(rt);
1534 void rt_flush_dev(struct net_device *dev)
1539 for_each_possible_cpu(cpu) {
1540 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1542 spin_lock_bh(&ul->lock);
1543 list_for_each_entry(rt, &ul->head, rt_uncached) {
1544 if (rt->dst.dev != dev)
1546 rt->dst.dev = blackhole_netdev;
1547 dev_hold(rt->dst.dev);
1550 spin_unlock_bh(&ul->lock);
1554 static bool rt_cache_valid(const struct rtable *rt)
1557 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1561 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1562 const struct fib_result *res,
1563 struct fib_nh_exception *fnhe,
1564 struct fib_info *fi, u16 type, u32 itag,
1565 const bool do_cache)
1567 bool cached = false;
1570 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1572 if (nhc->nhc_gw_family && nhc->nhc_scope == RT_SCOPE_LINK) {
1573 rt->rt_uses_gateway = 1;
1574 rt->rt_gw_family = nhc->nhc_gw_family;
1575 /* only INET and INET6 are supported */
1576 if (likely(nhc->nhc_gw_family == AF_INET))
1577 rt->rt_gw4 = nhc->nhc_gw.ipv4;
1579 rt->rt_gw6 = nhc->nhc_gw.ipv6;
1582 ip_dst_init_metrics(&rt->dst, fi->fib_metrics);
1584 #ifdef CONFIG_IP_ROUTE_CLASSID
1585 if (nhc->nhc_family == AF_INET) {
1588 nh = container_of(nhc, struct fib_nh, nh_common);
1589 rt->dst.tclassid = nh->nh_tclassid;
1592 rt->dst.lwtstate = lwtstate_get(nhc->nhc_lwtstate);
1594 cached = rt_bind_exception(rt, fnhe, daddr, do_cache);
1596 cached = rt_cache_route(nhc, rt);
1597 if (unlikely(!cached)) {
1598 /* Routes we intend to cache in nexthop exception or
1599 * FIB nexthop have the DST_NOCACHE bit clear.
1600 * However, if we are unsuccessful at storing this
1601 * route into the cache we really need to set it.
1604 rt->rt_gw_family = AF_INET;
1607 rt_add_uncached_list(rt);
1610 rt_add_uncached_list(rt);
1612 #ifdef CONFIG_IP_ROUTE_CLASSID
1613 #ifdef CONFIG_IP_MULTIPLE_TABLES
1614 set_class_tag(rt, res->tclassid);
1616 set_class_tag(rt, itag);
1620 struct rtable *rt_dst_alloc(struct net_device *dev,
1621 unsigned int flags, u16 type,
1622 bool nopolicy, bool noxfrm)
1626 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1627 (nopolicy ? DST_NOPOLICY : 0) |
1628 (noxfrm ? DST_NOXFRM : 0));
1631 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1632 rt->rt_flags = flags;
1634 rt->rt_is_input = 0;
1637 rt->rt_mtu_locked = 0;
1638 rt->rt_uses_gateway = 0;
1639 rt->rt_gw_family = 0;
1641 INIT_LIST_HEAD(&rt->rt_uncached);
1643 rt->dst.output = ip_output;
1644 if (flags & RTCF_LOCAL)
1645 rt->dst.input = ip_local_deliver;
1650 EXPORT_SYMBOL(rt_dst_alloc);
1652 struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt)
1654 struct rtable *new_rt;
1656 new_rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1660 new_rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1661 new_rt->rt_flags = rt->rt_flags;
1662 new_rt->rt_type = rt->rt_type;
1663 new_rt->rt_is_input = rt->rt_is_input;
1664 new_rt->rt_iif = rt->rt_iif;
1665 new_rt->rt_pmtu = rt->rt_pmtu;
1666 new_rt->rt_mtu_locked = rt->rt_mtu_locked;
1667 new_rt->rt_gw_family = rt->rt_gw_family;
1668 if (rt->rt_gw_family == AF_INET)
1669 new_rt->rt_gw4 = rt->rt_gw4;
1670 else if (rt->rt_gw_family == AF_INET6)
1671 new_rt->rt_gw6 = rt->rt_gw6;
1672 INIT_LIST_HEAD(&new_rt->rt_uncached);
1674 new_rt->dst.input = rt->dst.input;
1675 new_rt->dst.output = rt->dst.output;
1676 new_rt->dst.error = rt->dst.error;
1677 new_rt->dst.lastuse = jiffies;
1678 new_rt->dst.lwtstate = lwtstate_get(rt->dst.lwtstate);
1682 EXPORT_SYMBOL(rt_dst_clone);
1684 /* called in rcu_read_lock() section */
1685 int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1686 u8 tos, struct net_device *dev,
1687 struct in_device *in_dev, u32 *itag)
1691 /* Primary sanity checks. */
1695 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1696 skb->protocol != htons(ETH_P_IP))
1699 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1702 if (ipv4_is_zeronet(saddr)) {
1703 if (!ipv4_is_local_multicast(daddr) &&
1704 ip_hdr(skb)->protocol != IPPROTO_IGMP)
1707 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1715 /* called in rcu_read_lock() section */
1716 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1717 u8 tos, struct net_device *dev, int our)
1719 struct in_device *in_dev = __in_dev_get_rcu(dev);
1720 unsigned int flags = RTCF_MULTICAST;
1725 err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag);
1730 flags |= RTCF_LOCAL;
1732 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1733 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
1737 #ifdef CONFIG_IP_ROUTE_CLASSID
1738 rth->dst.tclassid = itag;
1740 rth->dst.output = ip_rt_bug;
1741 rth->rt_is_input= 1;
1743 #ifdef CONFIG_IP_MROUTE
1744 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1745 rth->dst.input = ip_mr_input;
1747 RT_CACHE_STAT_INC(in_slow_mc);
1749 skb_dst_set(skb, &rth->dst);
1754 static void ip_handle_martian_source(struct net_device *dev,
1755 struct in_device *in_dev,
1756 struct sk_buff *skb,
1760 RT_CACHE_STAT_INC(in_martian_src);
1761 #ifdef CONFIG_IP_ROUTE_VERBOSE
1762 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1764 * RFC1812 recommendation, if source is martian,
1765 * the only hint is MAC header.
1767 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1768 &daddr, &saddr, dev->name);
1769 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1770 print_hex_dump(KERN_WARNING, "ll header: ",
1771 DUMP_PREFIX_OFFSET, 16, 1,
1772 skb_mac_header(skb),
1773 dev->hard_header_len, false);
1779 /* called in rcu_read_lock() section */
1780 static int __mkroute_input(struct sk_buff *skb,
1781 const struct fib_result *res,
1782 struct in_device *in_dev,
1783 __be32 daddr, __be32 saddr, u32 tos)
1785 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1786 struct net_device *dev = nhc->nhc_dev;
1787 struct fib_nh_exception *fnhe;
1790 struct in_device *out_dev;
1794 /* get a working reference to the output device */
1795 out_dev = __in_dev_get_rcu(dev);
1797 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1801 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1802 in_dev->dev, in_dev, &itag);
1804 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1810 do_cache = res->fi && !itag;
1811 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1812 skb->protocol == htons(ETH_P_IP)) {
1815 gw = nhc->nhc_gw_family == AF_INET ? nhc->nhc_gw.ipv4 : 0;
1816 if (IN_DEV_SHARED_MEDIA(out_dev) ||
1817 inet_addr_onlink(out_dev, saddr, gw))
1818 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1821 if (skb->protocol != htons(ETH_P_IP)) {
1822 /* Not IP (i.e. ARP). Do not create route, if it is
1823 * invalid for proxy arp. DNAT routes are always valid.
1825 * Proxy arp feature have been extended to allow, ARP
1826 * replies back to the same interface, to support
1827 * Private VLAN switch technologies. See arp.c.
1829 if (out_dev == in_dev &&
1830 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1836 fnhe = find_exception(nhc, daddr);
1839 rth = rcu_dereference(fnhe->fnhe_rth_input);
1841 rth = rcu_dereference(nhc->nhc_rth_input);
1842 if (rt_cache_valid(rth)) {
1843 skb_dst_set_noref(skb, &rth->dst);
1848 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1849 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1850 IN_DEV_CONF_GET(out_dev, NOXFRM));
1856 rth->rt_is_input = 1;
1857 RT_CACHE_STAT_INC(in_slow_tot);
1859 rth->dst.input = ip_forward;
1861 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag,
1863 lwtunnel_set_redirect(&rth->dst);
1864 skb_dst_set(skb, &rth->dst);
1871 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1872 /* To make ICMP packets follow the right flow, the multipath hash is
1873 * calculated from the inner IP addresses.
1875 static void ip_multipath_l3_keys(const struct sk_buff *skb,
1876 struct flow_keys *hash_keys)
1878 const struct iphdr *outer_iph = ip_hdr(skb);
1879 const struct iphdr *key_iph = outer_iph;
1880 const struct iphdr *inner_iph;
1881 const struct icmphdr *icmph;
1882 struct iphdr _inner_iph;
1883 struct icmphdr _icmph;
1885 if (likely(outer_iph->protocol != IPPROTO_ICMP))
1888 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1891 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1896 if (!icmp_is_err(icmph->type))
1899 inner_iph = skb_header_pointer(skb,
1900 outer_iph->ihl * 4 + sizeof(_icmph),
1901 sizeof(_inner_iph), &_inner_iph);
1905 key_iph = inner_iph;
1907 hash_keys->addrs.v4addrs.src = key_iph->saddr;
1908 hash_keys->addrs.v4addrs.dst = key_iph->daddr;
1911 /* if skb is set it will be used and fl4 can be NULL */
1912 int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4,
1913 const struct sk_buff *skb, struct flow_keys *flkeys)
1915 u32 multipath_hash = fl4 ? fl4->flowi4_multipath_hash : 0;
1916 struct flow_keys hash_keys;
1919 switch (net->ipv4.sysctl_fib_multipath_hash_policy) {
1921 memset(&hash_keys, 0, sizeof(hash_keys));
1922 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1924 ip_multipath_l3_keys(skb, &hash_keys);
1926 hash_keys.addrs.v4addrs.src = fl4->saddr;
1927 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1931 /* skb is currently provided only when forwarding */
1933 unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;
1934 struct flow_keys keys;
1936 /* short-circuit if we already have L4 hash present */
1938 return skb_get_hash_raw(skb) >> 1;
1940 memset(&hash_keys, 0, sizeof(hash_keys));
1943 skb_flow_dissect_flow_keys(skb, &keys, flag);
1947 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1948 hash_keys.addrs.v4addrs.src = flkeys->addrs.v4addrs.src;
1949 hash_keys.addrs.v4addrs.dst = flkeys->addrs.v4addrs.dst;
1950 hash_keys.ports.src = flkeys->ports.src;
1951 hash_keys.ports.dst = flkeys->ports.dst;
1952 hash_keys.basic.ip_proto = flkeys->basic.ip_proto;
1954 memset(&hash_keys, 0, sizeof(hash_keys));
1955 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1956 hash_keys.addrs.v4addrs.src = fl4->saddr;
1957 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1958 hash_keys.ports.src = fl4->fl4_sport;
1959 hash_keys.ports.dst = fl4->fl4_dport;
1960 hash_keys.basic.ip_proto = fl4->flowi4_proto;
1964 memset(&hash_keys, 0, sizeof(hash_keys));
1965 /* skb is currently provided only when forwarding */
1967 struct flow_keys keys;
1969 skb_flow_dissect_flow_keys(skb, &keys, 0);
1970 /* Inner can be v4 or v6 */
1971 if (keys.control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1972 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1973 hash_keys.addrs.v4addrs.src = keys.addrs.v4addrs.src;
1974 hash_keys.addrs.v4addrs.dst = keys.addrs.v4addrs.dst;
1975 } else if (keys.control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1976 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1977 hash_keys.addrs.v6addrs.src = keys.addrs.v6addrs.src;
1978 hash_keys.addrs.v6addrs.dst = keys.addrs.v6addrs.dst;
1979 hash_keys.tags.flow_label = keys.tags.flow_label;
1980 hash_keys.basic.ip_proto = keys.basic.ip_proto;
1982 /* Same as case 0 */
1983 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1984 ip_multipath_l3_keys(skb, &hash_keys);
1987 /* Same as case 0 */
1988 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1989 hash_keys.addrs.v4addrs.src = fl4->saddr;
1990 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1994 mhash = flow_hash_from_keys(&hash_keys);
1997 mhash = jhash_2words(mhash, multipath_hash, 0);
2001 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
2003 static int ip_mkroute_input(struct sk_buff *skb,
2004 struct fib_result *res,
2005 struct in_device *in_dev,
2006 __be32 daddr, __be32 saddr, u32 tos,
2007 struct flow_keys *hkeys)
2009 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2010 if (res->fi && fib_info_num_path(res->fi) > 1) {
2011 int h = fib_multipath_hash(res->fi->fib_net, NULL, skb, hkeys);
2013 fib_select_multipath(res, h);
2017 /* create a routing cache entry */
2018 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
2021 /* Implements all the saddr-related checks as ip_route_input_slow(),
2022 * assuming daddr is valid and the destination is not a local broadcast one.
2023 * Uses the provided hint instead of performing a route lookup.
2025 int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2026 u8 tos, struct net_device *dev,
2027 const struct sk_buff *hint)
2029 struct in_device *in_dev = __in_dev_get_rcu(dev);
2030 struct rtable *rt = (struct rtable *)hint;
2031 struct net *net = dev_net(dev);
2035 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
2036 goto martian_source;
2038 if (ipv4_is_zeronet(saddr))
2039 goto martian_source;
2041 if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2042 goto martian_source;
2044 if (rt->rt_type != RTN_LOCAL)
2045 goto skip_validate_source;
2047 tos &= IPTOS_RT_MASK;
2048 err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag);
2050 goto martian_source;
2052 skip_validate_source:
2053 skb_dst_copy(skb, hint);
2057 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2062 * NOTE. We drop all the packets that has local source
2063 * addresses, because every properly looped back packet
2064 * must have correct destination already attached by output routine.
2065 * Changes in the enforced policies must be applied also to
2066 * ip_route_use_hint().
2068 * Such approach solves two big problems:
2069 * 1. Not simplex devices are handled properly.
2070 * 2. IP spoofing attempts are filtered with 100% of guarantee.
2071 * called with rcu_read_lock()
2074 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2075 u8 tos, struct net_device *dev,
2076 struct fib_result *res)
2078 struct in_device *in_dev = __in_dev_get_rcu(dev);
2079 struct flow_keys *flkeys = NULL, _flkeys;
2080 struct net *net = dev_net(dev);
2081 struct ip_tunnel_info *tun_info;
2083 unsigned int flags = 0;
2087 bool do_cache = true;
2089 /* IP on this device is disabled. */
2094 /* Check for the most weird martians, which can be not detected
2098 tun_info = skb_tunnel_info(skb);
2099 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
2100 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
2102 fl4.flowi4_tun_key.tun_id = 0;
2105 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
2106 goto martian_source;
2110 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
2113 /* Accept zero addresses only to limited broadcast;
2114 * I even do not know to fix it or not. Waiting for complains :-)
2116 if (ipv4_is_zeronet(saddr))
2117 goto martian_source;
2119 if (ipv4_is_zeronet(daddr))
2120 goto martian_destination;
2122 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
2123 * and call it once if daddr or/and saddr are loopback addresses
2125 if (ipv4_is_loopback(daddr)) {
2126 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2127 goto martian_destination;
2128 } else if (ipv4_is_loopback(saddr)) {
2129 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2130 goto martian_source;
2134 * Now we are ready to route packet.
2137 fl4.flowi4_iif = dev->ifindex;
2138 fl4.flowi4_mark = skb->mark;
2139 fl4.flowi4_tos = tos;
2140 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
2141 fl4.flowi4_flags = 0;
2144 fl4.flowi4_uid = sock_net_uid(net, NULL);
2146 if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
2149 fl4.flowi4_proto = 0;
2154 err = fib_lookup(net, &fl4, res, 0);
2156 if (!IN_DEV_FORWARD(in_dev))
2157 err = -EHOSTUNREACH;
2161 if (res->type == RTN_BROADCAST) {
2162 if (IN_DEV_BFORWARD(in_dev))
2164 /* not do cache if bc_forwarding is enabled */
2165 if (IPV4_DEVCONF_ALL(net, BC_FORWARDING))
2170 if (res->type == RTN_LOCAL) {
2171 err = fib_validate_source(skb, saddr, daddr, tos,
2172 0, dev, in_dev, &itag);
2174 goto martian_source;
2178 if (!IN_DEV_FORWARD(in_dev)) {
2179 err = -EHOSTUNREACH;
2182 if (res->type != RTN_UNICAST)
2183 goto martian_destination;
2186 err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys);
2190 if (skb->protocol != htons(ETH_P_IP))
2193 if (!ipv4_is_zeronet(saddr)) {
2194 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
2197 goto martian_source;
2199 flags |= RTCF_BROADCAST;
2200 res->type = RTN_BROADCAST;
2201 RT_CACHE_STAT_INC(in_brd);
2204 do_cache &= res->fi && !itag;
2206 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2208 rth = rcu_dereference(nhc->nhc_rth_input);
2209 if (rt_cache_valid(rth)) {
2210 skb_dst_set_noref(skb, &rth->dst);
2216 rth = rt_dst_alloc(l3mdev_master_dev_rcu(dev) ? : net->loopback_dev,
2217 flags | RTCF_LOCAL, res->type,
2218 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
2222 rth->dst.output= ip_rt_bug;
2223 #ifdef CONFIG_IP_ROUTE_CLASSID
2224 rth->dst.tclassid = itag;
2226 rth->rt_is_input = 1;
2228 RT_CACHE_STAT_INC(in_slow_tot);
2229 if (res->type == RTN_UNREACHABLE) {
2230 rth->dst.input= ip_error;
2231 rth->dst.error= -err;
2232 rth->rt_flags &= ~RTCF_LOCAL;
2236 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2238 rth->dst.lwtstate = lwtstate_get(nhc->nhc_lwtstate);
2239 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
2240 WARN_ON(rth->dst.input == lwtunnel_input);
2241 rth->dst.lwtstate->orig_input = rth->dst.input;
2242 rth->dst.input = lwtunnel_input;
2245 if (unlikely(!rt_cache_route(nhc, rth)))
2246 rt_add_uncached_list(rth);
2248 skb_dst_set(skb, &rth->dst);
2253 RT_CACHE_STAT_INC(in_no_route);
2254 res->type = RTN_UNREACHABLE;
2260 * Do not cache martian addresses: they should be logged (RFC1812)
2262 martian_destination:
2263 RT_CACHE_STAT_INC(in_martian_dst);
2264 #ifdef CONFIG_IP_ROUTE_VERBOSE
2265 if (IN_DEV_LOG_MARTIANS(in_dev))
2266 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2267 &daddr, &saddr, dev->name);
2279 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2283 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2284 u8 tos, struct net_device *dev)
2286 struct fib_result res;
2289 tos &= IPTOS_RT_MASK;
2291 err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res);
2296 EXPORT_SYMBOL(ip_route_input_noref);
2298 /* called with rcu_read_lock held */
2299 int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2300 u8 tos, struct net_device *dev, struct fib_result *res)
2302 /* Multicast recognition logic is moved from route cache to here.
2303 The problem was that too many Ethernet cards have broken/missing
2304 hardware multicast filters :-( As result the host on multicasting
2305 network acquires a lot of useless route cache entries, sort of
2306 SDR messages from all the world. Now we try to get rid of them.
2307 Really, provided software IP multicast filter is organized
2308 reasonably (at least, hashed), it does not result in a slowdown
2309 comparing with route cache reject entries.
2310 Note, that multicast routers are not affected, because
2311 route cache entry is created eventually.
2313 if (ipv4_is_multicast(daddr)) {
2314 struct in_device *in_dev = __in_dev_get_rcu(dev);
2320 our = ip_check_mc_rcu(in_dev, daddr, saddr,
2321 ip_hdr(skb)->protocol);
2323 /* check l3 master if no match yet */
2324 if (!our && netif_is_l3_slave(dev)) {
2325 struct in_device *l3_in_dev;
2327 l3_in_dev = __in_dev_get_rcu(skb->dev);
2329 our = ip_check_mc_rcu(l3_in_dev, daddr, saddr,
2330 ip_hdr(skb)->protocol);
2334 #ifdef CONFIG_IP_MROUTE
2336 (!ipv4_is_local_multicast(daddr) &&
2337 IN_DEV_MFORWARD(in_dev))
2340 err = ip_route_input_mc(skb, daddr, saddr,
2346 return ip_route_input_slow(skb, daddr, saddr, tos, dev, res);
2349 /* called with rcu_read_lock() */
2350 static struct rtable *__mkroute_output(const struct fib_result *res,
2351 const struct flowi4 *fl4, int orig_oif,
2352 struct net_device *dev_out,
2355 struct fib_info *fi = res->fi;
2356 struct fib_nh_exception *fnhe;
2357 struct in_device *in_dev;
2358 u16 type = res->type;
2362 in_dev = __in_dev_get_rcu(dev_out);
2364 return ERR_PTR(-EINVAL);
2366 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
2367 if (ipv4_is_loopback(fl4->saddr) &&
2368 !(dev_out->flags & IFF_LOOPBACK) &&
2369 !netif_is_l3_master(dev_out))
2370 return ERR_PTR(-EINVAL);
2372 if (ipv4_is_lbcast(fl4->daddr))
2373 type = RTN_BROADCAST;
2374 else if (ipv4_is_multicast(fl4->daddr))
2375 type = RTN_MULTICAST;
2376 else if (ipv4_is_zeronet(fl4->daddr))
2377 return ERR_PTR(-EINVAL);
2379 if (dev_out->flags & IFF_LOOPBACK)
2380 flags |= RTCF_LOCAL;
2383 if (type == RTN_BROADCAST) {
2384 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2386 } else if (type == RTN_MULTICAST) {
2387 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2388 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2390 flags &= ~RTCF_LOCAL;
2393 /* If multicast route do not exist use
2394 * default one, but do not gateway in this case.
2397 if (fi && res->prefixlen < 4)
2399 } else if ((type == RTN_LOCAL) && (orig_oif != 0) &&
2400 (orig_oif != dev_out->ifindex)) {
2401 /* For local routes that require a particular output interface
2402 * we do not want to cache the result. Caching the result
2403 * causes incorrect behaviour when there are multiple source
2404 * addresses on the interface, the end result being that if the
2405 * intended recipient is waiting on that interface for the
2406 * packet he won't receive it because it will be delivered on
2407 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2408 * be set to the loopback interface as well.
2414 do_cache &= fi != NULL;
2416 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2417 struct rtable __rcu **prth;
2419 fnhe = find_exception(nhc, fl4->daddr);
2423 prth = &fnhe->fnhe_rth_output;
2425 if (unlikely(fl4->flowi4_flags &
2426 FLOWI_FLAG_KNOWN_NH &&
2427 !(nhc->nhc_gw_family &&
2428 nhc->nhc_scope == RT_SCOPE_LINK))) {
2432 prth = raw_cpu_ptr(nhc->nhc_pcpu_rth_output);
2434 rth = rcu_dereference(*prth);
2435 if (rt_cache_valid(rth) && dst_hold_safe(&rth->dst))
2440 rth = rt_dst_alloc(dev_out, flags, type,
2441 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2442 IN_DEV_CONF_GET(in_dev, NOXFRM));
2444 return ERR_PTR(-ENOBUFS);
2446 rth->rt_iif = orig_oif;
2448 RT_CACHE_STAT_INC(out_slow_tot);
2450 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2451 if (flags & RTCF_LOCAL &&
2452 !(dev_out->flags & IFF_LOOPBACK)) {
2453 rth->dst.output = ip_mc_output;
2454 RT_CACHE_STAT_INC(out_slow_mc);
2456 #ifdef CONFIG_IP_MROUTE
2457 if (type == RTN_MULTICAST) {
2458 if (IN_DEV_MFORWARD(in_dev) &&
2459 !ipv4_is_local_multicast(fl4->daddr)) {
2460 rth->dst.input = ip_mr_input;
2461 rth->dst.output = ip_mc_output;
2467 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0, do_cache);
2468 lwtunnel_set_redirect(&rth->dst);
2474 * Major route resolver routine.
2477 struct rtable *ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2478 const struct sk_buff *skb)
2480 __u8 tos = RT_FL_TOS(fl4);
2481 struct fib_result res = {
2489 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2490 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2491 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2492 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2495 rth = ip_route_output_key_hash_rcu(net, fl4, &res, skb);
2500 EXPORT_SYMBOL_GPL(ip_route_output_key_hash);
2502 struct rtable *ip_route_output_key_hash_rcu(struct net *net, struct flowi4 *fl4,
2503 struct fib_result *res,
2504 const struct sk_buff *skb)
2506 struct net_device *dev_out = NULL;
2507 int orig_oif = fl4->flowi4_oif;
2508 unsigned int flags = 0;
2513 if (ipv4_is_multicast(fl4->saddr) ||
2514 ipv4_is_lbcast(fl4->saddr) ||
2515 ipv4_is_zeronet(fl4->saddr)) {
2516 rth = ERR_PTR(-EINVAL);
2520 rth = ERR_PTR(-ENETUNREACH);
2522 /* I removed check for oif == dev_out->oif here.
2523 It was wrong for two reasons:
2524 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2525 is assigned to multiple interfaces.
2526 2. Moreover, we are allowed to send packets with saddr
2527 of another iface. --ANK
2530 if (fl4->flowi4_oif == 0 &&
2531 (ipv4_is_multicast(fl4->daddr) ||
2532 ipv4_is_lbcast(fl4->daddr))) {
2533 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2534 dev_out = __ip_dev_find(net, fl4->saddr, false);
2538 /* Special hack: user can direct multicasts
2539 and limited broadcast via necessary interface
2540 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2541 This hack is not just for fun, it allows
2542 vic,vat and friends to work.
2543 They bind socket to loopback, set ttl to zero
2544 and expect that it will work.
2545 From the viewpoint of routing cache they are broken,
2546 because we are not allowed to build multicast path
2547 with loopback source addr (look, routing cache
2548 cannot know, that ttl is zero, so that packet
2549 will not leave this host and route is valid).
2550 Luckily, this hack is good workaround.
2553 fl4->flowi4_oif = dev_out->ifindex;
2557 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2558 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2559 if (!__ip_dev_find(net, fl4->saddr, false))
2565 if (fl4->flowi4_oif) {
2566 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2567 rth = ERR_PTR(-ENODEV);
2571 /* RACE: Check return value of inet_select_addr instead. */
2572 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2573 rth = ERR_PTR(-ENETUNREACH);
2576 if (ipv4_is_local_multicast(fl4->daddr) ||
2577 ipv4_is_lbcast(fl4->daddr) ||
2578 fl4->flowi4_proto == IPPROTO_IGMP) {
2580 fl4->saddr = inet_select_addr(dev_out, 0,
2585 if (ipv4_is_multicast(fl4->daddr))
2586 fl4->saddr = inet_select_addr(dev_out, 0,
2588 else if (!fl4->daddr)
2589 fl4->saddr = inet_select_addr(dev_out, 0,
2595 fl4->daddr = fl4->saddr;
2597 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2598 dev_out = net->loopback_dev;
2599 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2600 res->type = RTN_LOCAL;
2601 flags |= RTCF_LOCAL;
2605 err = fib_lookup(net, fl4, res, 0);
2609 if (fl4->flowi4_oif &&
2610 (ipv4_is_multicast(fl4->daddr) ||
2611 !netif_index_is_l3_master(net, fl4->flowi4_oif))) {
2612 /* Apparently, routing tables are wrong. Assume,
2613 that the destination is on link.
2616 Because we are allowed to send to iface
2617 even if it has NO routes and NO assigned
2618 addresses. When oif is specified, routing
2619 tables are looked up with only one purpose:
2620 to catch if destination is gatewayed, rather than
2621 direct. Moreover, if MSG_DONTROUTE is set,
2622 we send packet, ignoring both routing tables
2623 and ifaddr state. --ANK
2626 We could make it even if oif is unknown,
2627 likely IPv6, but we do not.
2630 if (fl4->saddr == 0)
2631 fl4->saddr = inet_select_addr(dev_out, 0,
2633 res->type = RTN_UNICAST;
2640 if (res->type == RTN_LOCAL) {
2642 if (res->fi->fib_prefsrc)
2643 fl4->saddr = res->fi->fib_prefsrc;
2645 fl4->saddr = fl4->daddr;
2648 /* L3 master device is the loopback for that domain */
2649 dev_out = l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) ? :
2652 /* make sure orig_oif points to fib result device even
2653 * though packet rx/tx happens over loopback or l3mdev
2655 orig_oif = FIB_RES_OIF(*res);
2657 fl4->flowi4_oif = dev_out->ifindex;
2658 flags |= RTCF_LOCAL;
2662 fib_select_path(net, res, fl4, skb);
2664 dev_out = FIB_RES_DEV(*res);
2665 fl4->flowi4_oif = dev_out->ifindex;
2669 rth = __mkroute_output(res, fl4, orig_oif, dev_out, flags);
2675 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2680 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2682 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2684 return mtu ? : dst->dev->mtu;
2687 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2688 struct sk_buff *skb, u32 mtu,
2693 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2694 struct sk_buff *skb)
2698 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2704 static struct dst_ops ipv4_dst_blackhole_ops = {
2706 .check = ipv4_blackhole_dst_check,
2707 .mtu = ipv4_blackhole_mtu,
2708 .default_advmss = ipv4_default_advmss,
2709 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2710 .redirect = ipv4_rt_blackhole_redirect,
2711 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2712 .neigh_lookup = ipv4_neigh_lookup,
2715 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2717 struct rtable *ort = (struct rtable *) dst_orig;
2720 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_DEAD, 0);
2722 struct dst_entry *new = &rt->dst;
2725 new->input = dst_discard;
2726 new->output = dst_discard_out;
2728 new->dev = net->loopback_dev;
2732 rt->rt_is_input = ort->rt_is_input;
2733 rt->rt_iif = ort->rt_iif;
2734 rt->rt_pmtu = ort->rt_pmtu;
2735 rt->rt_mtu_locked = ort->rt_mtu_locked;
2737 rt->rt_genid = rt_genid_ipv4(net);
2738 rt->rt_flags = ort->rt_flags;
2739 rt->rt_type = ort->rt_type;
2740 rt->rt_uses_gateway = ort->rt_uses_gateway;
2741 rt->rt_gw_family = ort->rt_gw_family;
2742 if (rt->rt_gw_family == AF_INET)
2743 rt->rt_gw4 = ort->rt_gw4;
2744 else if (rt->rt_gw_family == AF_INET6)
2745 rt->rt_gw6 = ort->rt_gw6;
2747 INIT_LIST_HEAD(&rt->rt_uncached);
2750 dst_release(dst_orig);
2752 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2755 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2756 const struct sock *sk)
2758 struct rtable *rt = __ip_route_output_key(net, flp4);
2763 if (flp4->flowi4_proto)
2764 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2765 flowi4_to_flowi(flp4),
2770 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2772 struct rtable *ip_route_output_tunnel(struct sk_buff *skb,
2773 struct net_device *dev,
2774 struct net *net, __be32 *saddr,
2775 const struct ip_tunnel_info *info,
2776 u8 protocol, bool use_cache)
2778 #ifdef CONFIG_DST_CACHE
2779 struct dst_cache *dst_cache;
2781 struct rtable *rt = NULL;
2785 #ifdef CONFIG_DST_CACHE
2786 dst_cache = (struct dst_cache *)&info->dst_cache;
2788 rt = dst_cache_get_ip4(dst_cache, saddr);
2793 memset(&fl4, 0, sizeof(fl4));
2794 fl4.flowi4_mark = skb->mark;
2795 fl4.flowi4_proto = protocol;
2796 fl4.daddr = info->key.u.ipv4.dst;
2797 fl4.saddr = info->key.u.ipv4.src;
2798 tos = info->key.tos;
2799 fl4.flowi4_tos = RT_TOS(tos);
2801 rt = ip_route_output_key(net, &fl4);
2803 netdev_dbg(dev, "no route to %pI4\n", &fl4.daddr);
2804 return ERR_PTR(-ENETUNREACH);
2806 if (rt->dst.dev == dev) { /* is this necessary? */
2807 netdev_dbg(dev, "circular route to %pI4\n", &fl4.daddr);
2809 return ERR_PTR(-ELOOP);
2811 #ifdef CONFIG_DST_CACHE
2813 dst_cache_set_ip4(dst_cache, &rt->dst, fl4.saddr);
2818 EXPORT_SYMBOL_GPL(ip_route_output_tunnel);
2820 /* called with rcu_read_lock held */
2821 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2822 struct rtable *rt, u32 table_id, struct flowi4 *fl4,
2823 struct sk_buff *skb, u32 portid, u32 seq,
2827 struct nlmsghdr *nlh;
2828 unsigned long expires = 0;
2830 u32 metrics[RTAX_MAX];
2832 nlh = nlmsg_put(skb, portid, seq, RTM_NEWROUTE, sizeof(*r), flags);
2836 r = nlmsg_data(nlh);
2837 r->rtm_family = AF_INET;
2838 r->rtm_dst_len = 32;
2840 r->rtm_tos = fl4 ? fl4->flowi4_tos : 0;
2841 r->rtm_table = table_id < 256 ? table_id : RT_TABLE_COMPAT;
2842 if (nla_put_u32(skb, RTA_TABLE, table_id))
2843 goto nla_put_failure;
2844 r->rtm_type = rt->rt_type;
2845 r->rtm_scope = RT_SCOPE_UNIVERSE;
2846 r->rtm_protocol = RTPROT_UNSPEC;
2847 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2848 if (rt->rt_flags & RTCF_NOTIFY)
2849 r->rtm_flags |= RTM_F_NOTIFY;
2850 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2851 r->rtm_flags |= RTCF_DOREDIRECT;
2853 if (nla_put_in_addr(skb, RTA_DST, dst))
2854 goto nla_put_failure;
2856 r->rtm_src_len = 32;
2857 if (nla_put_in_addr(skb, RTA_SRC, src))
2858 goto nla_put_failure;
2861 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2862 goto nla_put_failure;
2863 #ifdef CONFIG_IP_ROUTE_CLASSID
2864 if (rt->dst.tclassid &&
2865 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2866 goto nla_put_failure;
2868 if (fl4 && !rt_is_input_route(rt) &&
2869 fl4->saddr != src) {
2870 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2871 goto nla_put_failure;
2873 if (rt->rt_uses_gateway) {
2874 if (rt->rt_gw_family == AF_INET &&
2875 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gw4)) {
2876 goto nla_put_failure;
2877 } else if (rt->rt_gw_family == AF_INET6) {
2878 int alen = sizeof(struct in6_addr);
2882 nla = nla_reserve(skb, RTA_VIA, alen + 2);
2884 goto nla_put_failure;
2886 via = nla_data(nla);
2887 via->rtvia_family = AF_INET6;
2888 memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
2892 expires = rt->dst.expires;
2894 unsigned long now = jiffies;
2896 if (time_before(now, expires))
2902 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2903 if (rt->rt_pmtu && expires)
2904 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2905 if (rt->rt_mtu_locked && expires)
2906 metrics[RTAX_LOCK - 1] |= BIT(RTAX_MTU);
2907 if (rtnetlink_put_metrics(skb, metrics) < 0)
2908 goto nla_put_failure;
2911 if (fl4->flowi4_mark &&
2912 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2913 goto nla_put_failure;
2915 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2916 nla_put_u32(skb, RTA_UID,
2917 from_kuid_munged(current_user_ns(),
2919 goto nla_put_failure;
2921 if (rt_is_input_route(rt)) {
2922 #ifdef CONFIG_IP_MROUTE
2923 if (ipv4_is_multicast(dst) &&
2924 !ipv4_is_local_multicast(dst) &&
2925 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2926 int err = ipmr_get_route(net, skb,
2927 fl4->saddr, fl4->daddr,
2933 goto nla_put_failure;
2937 if (nla_put_u32(skb, RTA_IIF, fl4->flowi4_iif))
2938 goto nla_put_failure;
2942 error = rt->dst.error;
2944 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2945 goto nla_put_failure;
2947 nlmsg_end(skb, nlh);
2951 nlmsg_cancel(skb, nlh);
2955 static int fnhe_dump_bucket(struct net *net, struct sk_buff *skb,
2956 struct netlink_callback *cb, u32 table_id,
2957 struct fnhe_hash_bucket *bucket, int genid,
2958 int *fa_index, int fa_start, unsigned int flags)
2962 for (i = 0; i < FNHE_HASH_SIZE; i++) {
2963 struct fib_nh_exception *fnhe;
2965 for (fnhe = rcu_dereference(bucket[i].chain); fnhe;
2966 fnhe = rcu_dereference(fnhe->fnhe_next)) {
2970 if (*fa_index < fa_start)
2973 if (fnhe->fnhe_genid != genid)
2976 if (fnhe->fnhe_expires &&
2977 time_after(jiffies, fnhe->fnhe_expires))
2980 rt = rcu_dereference(fnhe->fnhe_rth_input);
2982 rt = rcu_dereference(fnhe->fnhe_rth_output);
2986 err = rt_fill_info(net, fnhe->fnhe_daddr, 0, rt,
2987 table_id, NULL, skb,
2988 NETLINK_CB(cb->skb).portid,
2989 cb->nlh->nlmsg_seq, flags);
3000 int fib_dump_info_fnhe(struct sk_buff *skb, struct netlink_callback *cb,
3001 u32 table_id, struct fib_info *fi,
3002 int *fa_index, int fa_start, unsigned int flags)
3004 struct net *net = sock_net(cb->skb->sk);
3005 int nhsel, genid = fnhe_genid(net);
3007 for (nhsel = 0; nhsel < fib_info_num_path(fi); nhsel++) {
3008 struct fib_nh_common *nhc = fib_info_nhc(fi, nhsel);
3009 struct fnhe_hash_bucket *bucket;
3012 if (nhc->nhc_flags & RTNH_F_DEAD)
3016 bucket = rcu_dereference(nhc->nhc_exceptions);
3019 err = fnhe_dump_bucket(net, skb, cb, table_id, bucket,
3020 genid, fa_index, fa_start,
3030 static struct sk_buff *inet_rtm_getroute_build_skb(__be32 src, __be32 dst,
3031 u8 ip_proto, __be16 sport,
3034 struct sk_buff *skb;
3037 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3041 /* Reserve room for dummy headers, this skb can pass
3042 * through good chunk of routing engine.
3044 skb_reset_mac_header(skb);
3045 skb_reset_network_header(skb);
3046 skb->protocol = htons(ETH_P_IP);
3047 iph = skb_put(skb, sizeof(struct iphdr));
3048 iph->protocol = ip_proto;
3054 skb_set_transport_header(skb, skb->len);
3056 switch (iph->protocol) {
3058 struct udphdr *udph;
3060 udph = skb_put_zero(skb, sizeof(struct udphdr));
3061 udph->source = sport;
3063 udph->len = sizeof(struct udphdr);
3068 struct tcphdr *tcph;
3070 tcph = skb_put_zero(skb, sizeof(struct tcphdr));
3071 tcph->source = sport;
3073 tcph->doff = sizeof(struct tcphdr) / 4;
3075 tcph->check = ~tcp_v4_check(sizeof(struct tcphdr),
3079 case IPPROTO_ICMP: {
3080 struct icmphdr *icmph;
3082 icmph = skb_put_zero(skb, sizeof(struct icmphdr));
3083 icmph->type = ICMP_ECHO;
3091 static int inet_rtm_valid_getroute_req(struct sk_buff *skb,
3092 const struct nlmsghdr *nlh,
3094 struct netlink_ext_ack *extack)
3099 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
3100 NL_SET_ERR_MSG(extack,
3101 "ipv4: Invalid header for route get request");
3105 if (!netlink_strict_get_check(skb))
3106 return nlmsg_parse_deprecated(nlh, sizeof(*rtm), tb, RTA_MAX,
3107 rtm_ipv4_policy, extack);
3109 rtm = nlmsg_data(nlh);
3110 if ((rtm->rtm_src_len && rtm->rtm_src_len != 32) ||
3111 (rtm->rtm_dst_len && rtm->rtm_dst_len != 32) ||
3112 rtm->rtm_table || rtm->rtm_protocol ||
3113 rtm->rtm_scope || rtm->rtm_type) {
3114 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for route get request");
3118 if (rtm->rtm_flags & ~(RTM_F_NOTIFY |
3119 RTM_F_LOOKUP_TABLE |
3121 NL_SET_ERR_MSG(extack, "ipv4: Unsupported rtm_flags for route get request");
3125 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
3126 rtm_ipv4_policy, extack);
3130 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
3131 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
3132 NL_SET_ERR_MSG(extack, "ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4");
3136 for (i = 0; i <= RTA_MAX; i++) {
3152 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in route get request");
3160 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3161 struct netlink_ext_ack *extack)
3163 struct net *net = sock_net(in_skb->sk);
3164 struct nlattr *tb[RTA_MAX+1];
3165 u32 table_id = RT_TABLE_MAIN;
3166 __be16 sport = 0, dport = 0;
3167 struct fib_result res = {};
3168 u8 ip_proto = IPPROTO_UDP;
3169 struct rtable *rt = NULL;
3170 struct sk_buff *skb;
3172 struct flowi4 fl4 = {};
3180 err = inet_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
3184 rtm = nlmsg_data(nlh);
3185 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
3186 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
3187 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
3188 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
3190 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
3192 uid = (iif ? INVALID_UID : current_uid());
3194 if (tb[RTA_IP_PROTO]) {
3195 err = rtm_getroute_parse_ip_proto(tb[RTA_IP_PROTO],
3196 &ip_proto, AF_INET, extack);
3202 sport = nla_get_be16(tb[RTA_SPORT]);
3205 dport = nla_get_be16(tb[RTA_DPORT]);
3207 skb = inet_rtm_getroute_build_skb(src, dst, ip_proto, sport, dport);
3213 fl4.flowi4_tos = rtm->rtm_tos;
3214 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
3215 fl4.flowi4_mark = mark;
3216 fl4.flowi4_uid = uid;
3218 fl4.fl4_sport = sport;
3220 fl4.fl4_dport = dport;
3221 fl4.flowi4_proto = ip_proto;
3226 struct net_device *dev;
3228 dev = dev_get_by_index_rcu(net, iif);
3234 fl4.flowi4_iif = iif; /* for rt_fill_info */
3237 err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos,
3240 rt = skb_rtable(skb);
3241 if (err == 0 && rt->dst.error)
3242 err = -rt->dst.error;
3244 fl4.flowi4_iif = LOOPBACK_IFINDEX;
3245 skb->dev = net->loopback_dev;
3246 rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb);
3251 skb_dst_set(skb, &rt->dst);
3257 if (rtm->rtm_flags & RTM_F_NOTIFY)
3258 rt->rt_flags |= RTCF_NOTIFY;
3260 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
3261 table_id = res.table ? res.table->tb_id : 0;
3263 /* reset skb for netlink reply msg */
3265 skb_reset_network_header(skb);
3266 skb_reset_transport_header(skb);
3267 skb_reset_mac_header(skb);
3269 if (rtm->rtm_flags & RTM_F_FIB_MATCH) {
3270 struct fib_rt_info fri;
3273 err = fib_props[res.type].error;
3275 err = -EHOSTUNREACH;
3279 fri.tb_id = table_id;
3280 fri.dst = res.prefix;
3281 fri.dst_len = res.prefixlen;
3282 fri.tos = fl4.flowi4_tos;
3283 fri.type = rt->rt_type;
3287 struct fib_alias *fa;
3289 hlist_for_each_entry_rcu(fa, res.fa_head, fa_list) {
3290 u8 slen = 32 - fri.dst_len;
3292 if (fa->fa_slen == slen &&
3293 fa->tb_id == fri.tb_id &&
3294 fa->fa_tos == fri.tos &&
3295 fa->fa_info == res.fi &&
3296 fa->fa_type == fri.type) {
3297 fri.offload = fa->offload;
3298 fri.trap = fa->trap;
3303 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid,
3304 nlh->nlmsg_seq, RTM_NEWROUTE, &fri, 0);
3306 err = rt_fill_info(net, dst, src, rt, table_id, &fl4, skb,
3307 NETLINK_CB(in_skb).portid,
3315 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3325 void ip_rt_multicast_event(struct in_device *in_dev)
3327 rt_cache_flush(dev_net(in_dev->dev));
3330 #ifdef CONFIG_SYSCTL
3331 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
3332 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
3333 static int ip_rt_gc_elasticity __read_mostly = 8;
3334 static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU;
3336 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
3337 void *buffer, size_t *lenp, loff_t *ppos)
3339 struct net *net = (struct net *)__ctl->extra1;
3342 rt_cache_flush(net);
3343 fnhe_genid_bump(net);
3350 static struct ctl_table ipv4_route_table[] = {
3352 .procname = "gc_thresh",
3353 .data = &ipv4_dst_ops.gc_thresh,
3354 .maxlen = sizeof(int),
3356 .proc_handler = proc_dointvec,
3359 .procname = "max_size",
3360 .data = &ip_rt_max_size,
3361 .maxlen = sizeof(int),
3363 .proc_handler = proc_dointvec,
3366 /* Deprecated. Use gc_min_interval_ms */
3368 .procname = "gc_min_interval",
3369 .data = &ip_rt_gc_min_interval,
3370 .maxlen = sizeof(int),
3372 .proc_handler = proc_dointvec_jiffies,
3375 .procname = "gc_min_interval_ms",
3376 .data = &ip_rt_gc_min_interval,
3377 .maxlen = sizeof(int),
3379 .proc_handler = proc_dointvec_ms_jiffies,
3382 .procname = "gc_timeout",
3383 .data = &ip_rt_gc_timeout,
3384 .maxlen = sizeof(int),
3386 .proc_handler = proc_dointvec_jiffies,
3389 .procname = "gc_interval",
3390 .data = &ip_rt_gc_interval,
3391 .maxlen = sizeof(int),
3393 .proc_handler = proc_dointvec_jiffies,
3396 .procname = "redirect_load",
3397 .data = &ip_rt_redirect_load,
3398 .maxlen = sizeof(int),
3400 .proc_handler = proc_dointvec,
3403 .procname = "redirect_number",
3404 .data = &ip_rt_redirect_number,
3405 .maxlen = sizeof(int),
3407 .proc_handler = proc_dointvec,
3410 .procname = "redirect_silence",
3411 .data = &ip_rt_redirect_silence,
3412 .maxlen = sizeof(int),
3414 .proc_handler = proc_dointvec,
3417 .procname = "error_cost",
3418 .data = &ip_rt_error_cost,
3419 .maxlen = sizeof(int),
3421 .proc_handler = proc_dointvec,
3424 .procname = "error_burst",
3425 .data = &ip_rt_error_burst,
3426 .maxlen = sizeof(int),
3428 .proc_handler = proc_dointvec,
3431 .procname = "gc_elasticity",
3432 .data = &ip_rt_gc_elasticity,
3433 .maxlen = sizeof(int),
3435 .proc_handler = proc_dointvec,
3438 .procname = "mtu_expires",
3439 .data = &ip_rt_mtu_expires,
3440 .maxlen = sizeof(int),
3442 .proc_handler = proc_dointvec_jiffies,
3445 .procname = "min_pmtu",
3446 .data = &ip_rt_min_pmtu,
3447 .maxlen = sizeof(int),
3449 .proc_handler = proc_dointvec_minmax,
3450 .extra1 = &ip_min_valid_pmtu,
3453 .procname = "min_adv_mss",
3454 .data = &ip_rt_min_advmss,
3455 .maxlen = sizeof(int),
3457 .proc_handler = proc_dointvec,
3462 static const char ipv4_route_flush_procname[] = "flush";
3464 static struct ctl_table ipv4_route_flush_table[] = {
3466 .procname = ipv4_route_flush_procname,
3467 .maxlen = sizeof(int),
3469 .proc_handler = ipv4_sysctl_rtcache_flush,
3474 static __net_init int sysctl_route_net_init(struct net *net)
3476 struct ctl_table *tbl;
3478 tbl = ipv4_route_flush_table;
3479 if (!net_eq(net, &init_net)) {
3480 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3484 /* Don't export non-whitelisted sysctls to unprivileged users */
3485 if (net->user_ns != &init_user_ns) {
3486 if (tbl[0].procname != ipv4_route_flush_procname)
3487 tbl[0].procname = NULL;
3490 tbl[0].extra1 = net;
3492 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
3493 if (!net->ipv4.route_hdr)
3498 if (tbl != ipv4_route_flush_table)
3504 static __net_exit void sysctl_route_net_exit(struct net *net)
3506 struct ctl_table *tbl;
3508 tbl = net->ipv4.route_hdr->ctl_table_arg;
3509 unregister_net_sysctl_table(net->ipv4.route_hdr);
3510 BUG_ON(tbl == ipv4_route_flush_table);
3514 static __net_initdata struct pernet_operations sysctl_route_ops = {
3515 .init = sysctl_route_net_init,
3516 .exit = sysctl_route_net_exit,
3520 static __net_init int rt_genid_init(struct net *net)
3522 atomic_set(&net->ipv4.rt_genid, 0);
3523 atomic_set(&net->fnhe_genid, 0);
3524 atomic_set(&net->ipv4.dev_addr_genid, get_random_int());
3528 static __net_initdata struct pernet_operations rt_genid_ops = {
3529 .init = rt_genid_init,
3532 static int __net_init ipv4_inetpeer_init(struct net *net)
3534 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3538 inet_peer_base_init(bp);
3539 net->ipv4.peers = bp;
3543 static void __net_exit ipv4_inetpeer_exit(struct net *net)
3545 struct inet_peer_base *bp = net->ipv4.peers;
3547 net->ipv4.peers = NULL;
3548 inetpeer_invalidate_tree(bp);
3552 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
3553 .init = ipv4_inetpeer_init,
3554 .exit = ipv4_inetpeer_exit,
3557 #ifdef CONFIG_IP_ROUTE_CLASSID
3558 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3559 #endif /* CONFIG_IP_ROUTE_CLASSID */
3561 int __init ip_rt_init(void)
3565 ip_idents = kmalloc_array(IP_IDENTS_SZ, sizeof(*ip_idents),
3568 panic("IP: failed to allocate ip_idents\n");
3570 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
3572 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
3574 panic("IP: failed to allocate ip_tstamps\n");
3576 for_each_possible_cpu(cpu) {
3577 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
3579 INIT_LIST_HEAD(&ul->head);
3580 spin_lock_init(&ul->lock);
3582 #ifdef CONFIG_IP_ROUTE_CLASSID
3583 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3585 panic("IP: failed to allocate ip_rt_acct\n");
3588 ipv4_dst_ops.kmem_cachep =
3589 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3590 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3592 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3594 if (dst_entries_init(&ipv4_dst_ops) < 0)
3595 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3597 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3598 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3600 ipv4_dst_ops.gc_thresh = ~0;
3601 ip_rt_max_size = INT_MAX;
3606 if (ip_rt_proc_init())
3607 pr_err("Unable to create route proc files\n");
3612 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL,
3613 RTNL_FLAG_DOIT_UNLOCKED);
3615 #ifdef CONFIG_SYSCTL
3616 register_pernet_subsys(&sysctl_route_ops);
3618 register_pernet_subsys(&rt_genid_ops);
3619 register_pernet_subsys(&ipv4_inetpeer_ops);
3623 #ifdef CONFIG_SYSCTL
3625 * We really need to sanitize the damn ipv4 init order, then all
3626 * this nonsense will go away.
3628 void __init ip_static_sysctl_init(void)
3630 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / linux-2.6-microblaze.git / blob