1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
7 * ROUTE - implementation of the IP router.
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
13 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
16 * Alan Cox : Verify area fixes.
17 * Alan Cox : cli() protects routing changes
18 * Rui Oliveira : ICMP routing table updates
19 * (rco@di.uminho.pt) Routing table insertion and update
20 * Linus Torvalds : Rewrote bits to be sensible
21 * Alan Cox : Added BSD route gw semantics
22 * Alan Cox : Super /proc >4K
23 * Alan Cox : MTU in route table
24 * Alan Cox : MSS actually. Also added the window
26 * Sam Lantinga : Fixed route matching in rt_del()
27 * Alan Cox : Routing cache support.
28 * Alan Cox : Removed compatibility cruft.
29 * Alan Cox : RTF_REJECT support.
30 * Alan Cox : TCP irtt support.
31 * Jonathan Naylor : Added Metric support.
32 * Miquel van Smoorenburg : BSD API fixes.
33 * Miquel van Smoorenburg : Metrics.
34 * Alan Cox : Use __u32 properly
35 * Alan Cox : Aligned routing errors more closely with BSD
36 * our system is still very different.
37 * Alan Cox : Faster /proc handling
38 * Alexey Kuznetsov : Massive rework to support tree based routing,
39 * routing caches and better behaviour.
41 * Olaf Erb : irtt wasn't being copied right.
42 * Bjorn Ekwall : Kerneld route support.
43 * Alan Cox : Multicast fixed (I hope)
44 * Pavel Krauz : Limited broadcast fixed
45 * Mike McLagan : Routing by source
46 * Alexey Kuznetsov : End of old history. Split to fib.c and
47 * route.c and rewritten from scratch.
48 * Andi Kleen : Load-limit warning messages.
49 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
50 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
51 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
52 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
53 * Marc Boucher : routing by fwmark
54 * Robert Olsson : Added rt_cache statistics
55 * Arnaldo C. Melo : Convert proc stuff to seq_file
56 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
57 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
58 * Ilia Sotnikov : Removed TOS from hash calculations
61 #define pr_fmt(fmt) "IPv4: " fmt
63 #include <linux/module.h>
64 #include <linux/uaccess.h>
65 #include <linux/bitops.h>
66 #include <linux/types.h>
67 #include <linux/kernel.h>
69 #include <linux/string.h>
70 #include <linux/socket.h>
71 #include <linux/sockios.h>
72 #include <linux/errno.h>
74 #include <linux/inet.h>
75 #include <linux/netdevice.h>
76 #include <linux/proc_fs.h>
77 #include <linux/init.h>
78 #include <linux/skbuff.h>
79 #include <linux/inetdevice.h>
80 #include <linux/igmp.h>
81 #include <linux/pkt_sched.h>
82 #include <linux/mroute.h>
83 #include <linux/netfilter_ipv4.h>
84 #include <linux/random.h>
85 #include <linux/rcupdate.h>
86 #include <linux/times.h>
87 #include <linux/slab.h>
88 #include <linux/jhash.h>
90 #include <net/dst_metadata.h>
91 #include <net/net_namespace.h>
92 #include <net/protocol.h>
94 #include <net/route.h>
95 #include <net/inetpeer.h>
97 #include <net/ip_fib.h>
98 #include <net/nexthop.h>
101 #include <net/icmp.h>
102 #include <net/xfrm.h>
103 #include <net/lwtunnel.h>
104 #include <net/netevent.h>
105 #include <net/rtnetlink.h>
107 #include <linux/sysctl.h>
109 #include <net/secure_seq.h>
110 #include <net/ip_tunnels.h>
111 #include <net/l3mdev.h>
113 #include "fib_lookup.h"
115 #define RT_FL_TOS(oldflp4) \
116 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
118 #define RT_GC_TIMEOUT (300*HZ)
120 static int ip_rt_max_size;
121 static int ip_rt_redirect_number __read_mostly = 9;
122 static int ip_rt_redirect_load __read_mostly = HZ / 50;
123 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
124 static int ip_rt_error_cost __read_mostly = HZ;
125 static int ip_rt_error_burst __read_mostly = 5 * HZ;
126 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
127 static u32 ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
128 static int ip_rt_min_advmss __read_mostly = 256;
130 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
133 * Interface to generic destination cache.
136 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
137 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
138 static unsigned int ipv4_mtu(const struct dst_entry *dst);
139 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
140 static void ipv4_link_failure(struct sk_buff *skb);
141 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb, u32 mtu,
144 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb);
146 static void ipv4_dst_destroy(struct dst_entry *dst);
148 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
154 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
157 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr);
159 static struct dst_ops ipv4_dst_ops = {
161 .check = ipv4_dst_check,
162 .default_advmss = ipv4_default_advmss,
164 .cow_metrics = ipv4_cow_metrics,
165 .destroy = ipv4_dst_destroy,
166 .negative_advice = ipv4_negative_advice,
167 .link_failure = ipv4_link_failure,
168 .update_pmtu = ip_rt_update_pmtu,
169 .redirect = ip_do_redirect,
170 .local_out = __ip_local_out,
171 .neigh_lookup = ipv4_neigh_lookup,
172 .confirm_neigh = ipv4_confirm_neigh,
175 #define ECN_OR_COST(class) TC_PRIO_##class
177 const __u8 ip_tos2prio[16] = {
179 ECN_OR_COST(BESTEFFORT),
181 ECN_OR_COST(BESTEFFORT),
187 ECN_OR_COST(INTERACTIVE),
189 ECN_OR_COST(INTERACTIVE),
190 TC_PRIO_INTERACTIVE_BULK,
191 ECN_OR_COST(INTERACTIVE_BULK),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK)
195 EXPORT_SYMBOL(ip_tos2prio);
197 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
198 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
200 #ifdef CONFIG_PROC_FS
201 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
205 return SEQ_START_TOKEN;
208 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
214 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
218 static int rt_cache_seq_show(struct seq_file *seq, void *v)
220 if (v == SEQ_START_TOKEN)
221 seq_printf(seq, "%-127s\n",
222 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
223 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
228 static const struct seq_operations rt_cache_seq_ops = {
229 .start = rt_cache_seq_start,
230 .next = rt_cache_seq_next,
231 .stop = rt_cache_seq_stop,
232 .show = rt_cache_seq_show,
235 static int rt_cache_seq_open(struct inode *inode, struct file *file)
237 return seq_open(file, &rt_cache_seq_ops);
240 static const struct proc_ops rt_cache_proc_ops = {
241 .proc_open = rt_cache_seq_open,
242 .proc_read = seq_read,
243 .proc_lseek = seq_lseek,
244 .proc_release = seq_release,
248 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
253 return SEQ_START_TOKEN;
255 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
256 if (!cpu_possible(cpu))
259 return &per_cpu(rt_cache_stat, cpu);
264 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
268 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
269 if (!cpu_possible(cpu))
272 return &per_cpu(rt_cache_stat, cpu);
279 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
284 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
286 struct rt_cache_stat *st = v;
288 if (v == SEQ_START_TOKEN) {
289 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
293 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
294 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
295 dst_entries_get_slow(&ipv4_dst_ops),
308 0, /* st->gc_total */
309 0, /* st->gc_ignored */
310 0, /* st->gc_goal_miss */
311 0, /* st->gc_dst_overflow */
312 0, /* st->in_hlist_search */
313 0 /* st->out_hlist_search */
318 static const struct seq_operations rt_cpu_seq_ops = {
319 .start = rt_cpu_seq_start,
320 .next = rt_cpu_seq_next,
321 .stop = rt_cpu_seq_stop,
322 .show = rt_cpu_seq_show,
326 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
328 return seq_open(file, &rt_cpu_seq_ops);
331 static const struct proc_ops rt_cpu_proc_ops = {
332 .proc_open = rt_cpu_seq_open,
333 .proc_read = seq_read,
334 .proc_lseek = seq_lseek,
335 .proc_release = seq_release,
338 #ifdef CONFIG_IP_ROUTE_CLASSID
339 static int rt_acct_proc_show(struct seq_file *m, void *v)
341 struct ip_rt_acct *dst, *src;
344 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
348 for_each_possible_cpu(i) {
349 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
350 for (j = 0; j < 256; j++) {
351 dst[j].o_bytes += src[j].o_bytes;
352 dst[j].o_packets += src[j].o_packets;
353 dst[j].i_bytes += src[j].i_bytes;
354 dst[j].i_packets += src[j].i_packets;
358 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
364 static int __net_init ip_rt_do_proc_init(struct net *net)
366 struct proc_dir_entry *pde;
368 pde = proc_create("rt_cache", 0444, net->proc_net,
373 pde = proc_create("rt_cache", 0444,
374 net->proc_net_stat, &rt_cpu_proc_ops);
378 #ifdef CONFIG_IP_ROUTE_CLASSID
379 pde = proc_create_single("rt_acct", 0, net->proc_net,
386 #ifdef CONFIG_IP_ROUTE_CLASSID
388 remove_proc_entry("rt_cache", net->proc_net_stat);
391 remove_proc_entry("rt_cache", net->proc_net);
396 static void __net_exit ip_rt_do_proc_exit(struct net *net)
398 remove_proc_entry("rt_cache", net->proc_net_stat);
399 remove_proc_entry("rt_cache", net->proc_net);
400 #ifdef CONFIG_IP_ROUTE_CLASSID
401 remove_proc_entry("rt_acct", net->proc_net);
405 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
406 .init = ip_rt_do_proc_init,
407 .exit = ip_rt_do_proc_exit,
410 static int __init ip_rt_proc_init(void)
412 return register_pernet_subsys(&ip_rt_proc_ops);
416 static inline int ip_rt_proc_init(void)
420 #endif /* CONFIG_PROC_FS */
422 static inline bool rt_is_expired(const struct rtable *rth)
424 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
427 void rt_cache_flush(struct net *net)
429 rt_genid_bump_ipv4(net);
432 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
436 const struct rtable *rt = container_of(dst, struct rtable, dst);
437 struct net_device *dev = dst->dev;
442 if (likely(rt->rt_gw_family == AF_INET)) {
443 n = ip_neigh_gw4(dev, rt->rt_gw4);
444 } else if (rt->rt_gw_family == AF_INET6) {
445 n = ip_neigh_gw6(dev, &rt->rt_gw6);
449 pkey = skb ? ip_hdr(skb)->daddr : *((__be32 *) daddr);
450 n = ip_neigh_gw4(dev, pkey);
453 if (!IS_ERR(n) && !refcount_inc_not_zero(&n->refcnt))
456 rcu_read_unlock_bh();
461 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr)
463 const struct rtable *rt = container_of(dst, struct rtable, dst);
464 struct net_device *dev = dst->dev;
465 const __be32 *pkey = daddr;
467 if (rt->rt_gw_family == AF_INET) {
468 pkey = (const __be32 *)&rt->rt_gw4;
469 } else if (rt->rt_gw_family == AF_INET6) {
470 return __ipv6_confirm_neigh_stub(dev, &rt->rt_gw6);
473 (RTCF_MULTICAST | RTCF_BROADCAST | RTCF_LOCAL))) {
476 __ipv4_confirm_neigh(dev, *(__force u32 *)pkey);
479 #define IP_IDENTS_SZ 2048u
481 static atomic_t *ip_idents __read_mostly;
482 static u32 *ip_tstamps __read_mostly;
484 /* In order to protect privacy, we add a perturbation to identifiers
485 * if one generator is seldom used. This makes hard for an attacker
486 * to infer how many packets were sent between two points in time.
488 u32 ip_idents_reserve(u32 hash, int segs)
490 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
491 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
492 u32 old = READ_ONCE(*p_tstamp);
493 u32 now = (u32)jiffies;
496 if (old != now && cmpxchg(p_tstamp, old, now) == old)
497 delta = prandom_u32_max(now - old);
499 /* Do not use atomic_add_return() as it makes UBSAN unhappy */
501 old = (u32)atomic_read(p_id);
502 new = old + delta + segs;
503 } while (atomic_cmpxchg(p_id, old, new) != old);
507 EXPORT_SYMBOL(ip_idents_reserve);
509 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
513 /* Note the following code is not safe, but this is okay. */
514 if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
515 get_random_bytes(&net->ipv4.ip_id_key,
516 sizeof(net->ipv4.ip_id_key));
518 hash = siphash_3u32((__force u32)iph->daddr,
519 (__force u32)iph->saddr,
521 &net->ipv4.ip_id_key);
522 id = ip_idents_reserve(hash, segs);
525 EXPORT_SYMBOL(__ip_select_ident);
527 static void __build_flow_key(const struct net *net, struct flowi4 *fl4,
528 const struct sock *sk,
529 const struct iphdr *iph,
531 u8 prot, u32 mark, int flow_flags)
534 const struct inet_sock *inet = inet_sk(sk);
536 oif = sk->sk_bound_dev_if;
538 tos = RT_CONN_FLAGS(sk);
539 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
541 flowi4_init_output(fl4, oif, mark, tos,
542 RT_SCOPE_UNIVERSE, prot,
544 iph->daddr, iph->saddr, 0, 0,
545 sock_net_uid(net, sk));
548 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
549 const struct sock *sk)
551 const struct net *net = dev_net(skb->dev);
552 const struct iphdr *iph = ip_hdr(skb);
553 int oif = skb->dev->ifindex;
554 u8 tos = RT_TOS(iph->tos);
555 u8 prot = iph->protocol;
556 u32 mark = skb->mark;
558 __build_flow_key(net, fl4, sk, iph, oif, tos, prot, mark, 0);
561 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
563 const struct inet_sock *inet = inet_sk(sk);
564 const struct ip_options_rcu *inet_opt;
565 __be32 daddr = inet->inet_daddr;
568 inet_opt = rcu_dereference(inet->inet_opt);
569 if (inet_opt && inet_opt->opt.srr)
570 daddr = inet_opt->opt.faddr;
571 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
572 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
573 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
574 inet_sk_flowi_flags(sk),
575 daddr, inet->inet_saddr, 0, 0, sk->sk_uid);
579 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
580 const struct sk_buff *skb)
583 build_skb_flow_key(fl4, skb, sk);
585 build_sk_flow_key(fl4, sk);
588 static DEFINE_SPINLOCK(fnhe_lock);
590 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
594 rt = rcu_dereference(fnhe->fnhe_rth_input);
596 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
597 dst_dev_put(&rt->dst);
598 dst_release(&rt->dst);
600 rt = rcu_dereference(fnhe->fnhe_rth_output);
602 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
603 dst_dev_put(&rt->dst);
604 dst_release(&rt->dst);
608 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
610 struct fib_nh_exception *fnhe, *oldest;
612 oldest = rcu_dereference(hash->chain);
613 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
614 fnhe = rcu_dereference(fnhe->fnhe_next)) {
615 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
618 fnhe_flush_routes(oldest);
622 static inline u32 fnhe_hashfun(__be32 daddr)
624 static u32 fnhe_hashrnd __read_mostly;
627 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
628 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
629 return hash_32(hval, FNHE_HASH_SHIFT);
632 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
634 rt->rt_pmtu = fnhe->fnhe_pmtu;
635 rt->rt_mtu_locked = fnhe->fnhe_mtu_locked;
636 rt->dst.expires = fnhe->fnhe_expires;
639 rt->rt_flags |= RTCF_REDIRECTED;
640 rt->rt_uses_gateway = 1;
641 rt->rt_gw_family = AF_INET;
642 rt->rt_gw4 = fnhe->fnhe_gw;
646 static void update_or_create_fnhe(struct fib_nh_common *nhc, __be32 daddr,
647 __be32 gw, u32 pmtu, bool lock,
648 unsigned long expires)
650 struct fnhe_hash_bucket *hash;
651 struct fib_nh_exception *fnhe;
657 genid = fnhe_genid(dev_net(nhc->nhc_dev));
658 hval = fnhe_hashfun(daddr);
660 spin_lock_bh(&fnhe_lock);
662 hash = rcu_dereference(nhc->nhc_exceptions);
664 hash = kcalloc(FNHE_HASH_SIZE, sizeof(*hash), GFP_ATOMIC);
667 rcu_assign_pointer(nhc->nhc_exceptions, hash);
673 for (fnhe = rcu_dereference(hash->chain); fnhe;
674 fnhe = rcu_dereference(fnhe->fnhe_next)) {
675 if (fnhe->fnhe_daddr == daddr)
681 if (fnhe->fnhe_genid != genid)
682 fnhe->fnhe_genid = genid;
686 fnhe->fnhe_pmtu = pmtu;
687 fnhe->fnhe_mtu_locked = lock;
689 fnhe->fnhe_expires = max(1UL, expires);
690 /* Update all cached dsts too */
691 rt = rcu_dereference(fnhe->fnhe_rth_input);
693 fill_route_from_fnhe(rt, fnhe);
694 rt = rcu_dereference(fnhe->fnhe_rth_output);
696 fill_route_from_fnhe(rt, fnhe);
698 if (depth > FNHE_RECLAIM_DEPTH)
699 fnhe = fnhe_oldest(hash);
701 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
705 fnhe->fnhe_next = hash->chain;
706 rcu_assign_pointer(hash->chain, fnhe);
708 fnhe->fnhe_genid = genid;
709 fnhe->fnhe_daddr = daddr;
711 fnhe->fnhe_pmtu = pmtu;
712 fnhe->fnhe_mtu_locked = lock;
713 fnhe->fnhe_expires = max(1UL, expires);
715 /* Exception created; mark the cached routes for the nexthop
716 * stale, so anyone caching it rechecks if this exception
719 rt = rcu_dereference(nhc->nhc_rth_input);
721 rt->dst.obsolete = DST_OBSOLETE_KILL;
723 for_each_possible_cpu(i) {
724 struct rtable __rcu **prt;
725 prt = per_cpu_ptr(nhc->nhc_pcpu_rth_output, i);
726 rt = rcu_dereference(*prt);
728 rt->dst.obsolete = DST_OBSOLETE_KILL;
732 fnhe->fnhe_stamp = jiffies;
735 spin_unlock_bh(&fnhe_lock);
738 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
741 __be32 new_gw = icmp_hdr(skb)->un.gateway;
742 __be32 old_gw = ip_hdr(skb)->saddr;
743 struct net_device *dev = skb->dev;
744 struct in_device *in_dev;
745 struct fib_result res;
749 switch (icmp_hdr(skb)->code & 7) {
751 case ICMP_REDIR_NETTOS:
752 case ICMP_REDIR_HOST:
753 case ICMP_REDIR_HOSTTOS:
760 if (rt->rt_gw_family != AF_INET || rt->rt_gw4 != old_gw)
763 in_dev = __in_dev_get_rcu(dev);
768 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
769 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
770 ipv4_is_zeronet(new_gw))
771 goto reject_redirect;
773 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
774 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
775 goto reject_redirect;
776 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
777 goto reject_redirect;
779 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
780 goto reject_redirect;
783 n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
785 n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
787 if (!(n->nud_state & NUD_VALID)) {
788 neigh_event_send(n, NULL);
790 if (fib_lookup(net, fl4, &res, 0) == 0) {
791 struct fib_nh_common *nhc = FIB_RES_NHC(res);
793 update_or_create_fnhe(nhc, fl4->daddr, new_gw,
795 jiffies + ip_rt_gc_timeout);
798 rt->dst.obsolete = DST_OBSOLETE_KILL;
799 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
806 #ifdef CONFIG_IP_ROUTE_VERBOSE
807 if (IN_DEV_LOG_MARTIANS(in_dev)) {
808 const struct iphdr *iph = (const struct iphdr *) skb->data;
809 __be32 daddr = iph->daddr;
810 __be32 saddr = iph->saddr;
812 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
813 " Advised path = %pI4 -> %pI4\n",
814 &old_gw, dev->name, &new_gw,
821 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
825 const struct iphdr *iph = (const struct iphdr *) skb->data;
826 struct net *net = dev_net(skb->dev);
827 int oif = skb->dev->ifindex;
828 u8 tos = RT_TOS(iph->tos);
829 u8 prot = iph->protocol;
830 u32 mark = skb->mark;
832 rt = (struct rtable *) dst;
834 __build_flow_key(net, &fl4, sk, iph, oif, tos, prot, mark, 0);
835 __ip_do_redirect(rt, skb, &fl4, true);
838 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
840 struct rtable *rt = (struct rtable *)dst;
841 struct dst_entry *ret = dst;
844 if (dst->obsolete > 0) {
847 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
858 * 1. The first ip_rt_redirect_number redirects are sent
859 * with exponential backoff, then we stop sending them at all,
860 * assuming that the host ignores our redirects.
861 * 2. If we did not see packets requiring redirects
862 * during ip_rt_redirect_silence, we assume that the host
863 * forgot redirected route and start to send redirects again.
865 * This algorithm is much cheaper and more intelligent than dumb load limiting
868 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
869 * and "frag. need" (breaks PMTU discovery) in icmp.c.
872 void ip_rt_send_redirect(struct sk_buff *skb)
874 struct rtable *rt = skb_rtable(skb);
875 struct in_device *in_dev;
876 struct inet_peer *peer;
882 in_dev = __in_dev_get_rcu(rt->dst.dev);
883 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
887 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
888 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
891 net = dev_net(rt->dst.dev);
892 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
894 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
895 rt_nexthop(rt, ip_hdr(skb)->daddr));
899 /* No redirected packets during ip_rt_redirect_silence;
900 * reset the algorithm.
902 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence)) {
903 peer->rate_tokens = 0;
904 peer->n_redirects = 0;
907 /* Too many ignored redirects; do not send anything
908 * set dst.rate_last to the last seen redirected packet.
910 if (peer->n_redirects >= ip_rt_redirect_number) {
911 peer->rate_last = jiffies;
915 /* Check for load limit; set rate_last to the latest sent
918 if (peer->rate_tokens == 0 ||
921 (ip_rt_redirect_load << peer->n_redirects)))) {
922 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
924 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
925 peer->rate_last = jiffies;
927 #ifdef CONFIG_IP_ROUTE_VERBOSE
929 peer->n_redirects == ip_rt_redirect_number)
930 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
931 &ip_hdr(skb)->saddr, inet_iif(skb),
932 &ip_hdr(skb)->daddr, &gw);
939 static int ip_error(struct sk_buff *skb)
941 struct rtable *rt = skb_rtable(skb);
942 struct net_device *dev = skb->dev;
943 struct in_device *in_dev;
944 struct inet_peer *peer;
950 if (netif_is_l3_master(skb->dev)) {
951 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
956 in_dev = __in_dev_get_rcu(dev);
958 /* IP on this device is disabled. */
962 net = dev_net(rt->dst.dev);
963 if (!IN_DEV_FORWARD(in_dev)) {
964 switch (rt->dst.error) {
966 __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
970 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
976 switch (rt->dst.error) {
981 code = ICMP_HOST_UNREACH;
984 code = ICMP_NET_UNREACH;
985 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
988 code = ICMP_PKT_FILTERED;
992 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
993 l3mdev_master_ifindex(skb->dev), 1);
998 peer->rate_tokens += now - peer->rate_last;
999 if (peer->rate_tokens > ip_rt_error_burst)
1000 peer->rate_tokens = ip_rt_error_burst;
1001 peer->rate_last = now;
1002 if (peer->rate_tokens >= ip_rt_error_cost)
1003 peer->rate_tokens -= ip_rt_error_cost;
1009 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1011 out: kfree_skb(skb);
1015 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
1017 struct dst_entry *dst = &rt->dst;
1018 u32 old_mtu = ipv4_mtu(dst);
1019 struct fib_result res;
1022 if (ip_mtu_locked(dst))
1028 if (mtu < ip_rt_min_pmtu) {
1030 mtu = min(old_mtu, ip_rt_min_pmtu);
1033 if (rt->rt_pmtu == mtu && !lock &&
1034 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
1038 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
1039 struct fib_nh_common *nhc = FIB_RES_NHC(res);
1041 update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock,
1042 jiffies + ip_rt_mtu_expires);
1047 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1048 struct sk_buff *skb, u32 mtu,
1051 struct rtable *rt = (struct rtable *) dst;
1054 ip_rt_build_flow_key(&fl4, sk, skb);
1055 __ip_rt_update_pmtu(rt, &fl4, mtu);
1058 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1059 int oif, u8 protocol)
1061 const struct iphdr *iph = (const struct iphdr *) skb->data;
1064 u32 mark = IP4_REPLY_MARK(net, skb->mark);
1066 __build_flow_key(net, &fl4, NULL, iph, oif,
1067 RT_TOS(iph->tos), protocol, mark, 0);
1068 rt = __ip_route_output_key(net, &fl4);
1070 __ip_rt_update_pmtu(rt, &fl4, mtu);
1074 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1076 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1078 const struct iphdr *iph = (const struct iphdr *) skb->data;
1082 __build_flow_key(sock_net(sk), &fl4, sk, iph, 0, 0, 0, 0, 0);
1084 if (!fl4.flowi4_mark)
1085 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1087 rt = __ip_route_output_key(sock_net(sk), &fl4);
1089 __ip_rt_update_pmtu(rt, &fl4, mtu);
1094 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1096 const struct iphdr *iph = (const struct iphdr *) skb->data;
1099 struct dst_entry *odst = NULL;
1101 struct net *net = sock_net(sk);
1105 if (!ip_sk_accept_pmtu(sk))
1108 odst = sk_dst_get(sk);
1110 if (sock_owned_by_user(sk) || !odst) {
1111 __ipv4_sk_update_pmtu(skb, sk, mtu);
1115 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1117 rt = (struct rtable *)odst;
1118 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1119 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1126 __ip_rt_update_pmtu((struct rtable *) xfrm_dst_path(&rt->dst), &fl4, mtu);
1128 if (!dst_check(&rt->dst, 0)) {
1130 dst_release(&rt->dst);
1132 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1140 sk_dst_set(sk, &rt->dst);
1146 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1148 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1149 int oif, u8 protocol)
1151 const struct iphdr *iph = (const struct iphdr *) skb->data;
1155 __build_flow_key(net, &fl4, NULL, iph, oif,
1156 RT_TOS(iph->tos), protocol, 0, 0);
1157 rt = __ip_route_output_key(net, &fl4);
1159 __ip_do_redirect(rt, skb, &fl4, false);
1163 EXPORT_SYMBOL_GPL(ipv4_redirect);
1165 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1167 const struct iphdr *iph = (const struct iphdr *) skb->data;
1170 struct net *net = sock_net(sk);
1172 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1173 rt = __ip_route_output_key(net, &fl4);
1175 __ip_do_redirect(rt, skb, &fl4, false);
1179 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1181 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1183 struct rtable *rt = (struct rtable *) dst;
1185 /* All IPV4 dsts are created with ->obsolete set to the value
1186 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1187 * into this function always.
1189 * When a PMTU/redirect information update invalidates a route,
1190 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1191 * DST_OBSOLETE_DEAD.
1193 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1198 static void ipv4_send_dest_unreach(struct sk_buff *skb)
1200 struct ip_options opt;
1203 /* Recompile ip options since IPCB may not be valid anymore.
1204 * Also check we have a reasonable ipv4 header.
1206 if (!pskb_network_may_pull(skb, sizeof(struct iphdr)) ||
1207 ip_hdr(skb)->version != 4 || ip_hdr(skb)->ihl < 5)
1210 memset(&opt, 0, sizeof(opt));
1211 if (ip_hdr(skb)->ihl > 5) {
1212 if (!pskb_network_may_pull(skb, ip_hdr(skb)->ihl * 4))
1214 opt.optlen = ip_hdr(skb)->ihl * 4 - sizeof(struct iphdr);
1217 res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL);
1223 __icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0, &opt);
1226 static void ipv4_link_failure(struct sk_buff *skb)
1230 ipv4_send_dest_unreach(skb);
1232 rt = skb_rtable(skb);
1234 dst_set_expires(&rt->dst, 0);
1237 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1239 pr_debug("%s: %pI4 -> %pI4, %s\n",
1240 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1241 skb->dev ? skb->dev->name : "?");
1248 We do not cache source address of outgoing interface,
1249 because it is used only by IP RR, TS and SRR options,
1250 so that it out of fast path.
1252 BTW remember: "addr" is allowed to be not aligned
1256 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1260 if (rt_is_output_route(rt))
1261 src = ip_hdr(skb)->saddr;
1263 struct fib_result res;
1264 struct iphdr *iph = ip_hdr(skb);
1265 struct flowi4 fl4 = {
1266 .daddr = iph->daddr,
1267 .saddr = iph->saddr,
1268 .flowi4_tos = RT_TOS(iph->tos),
1269 .flowi4_oif = rt->dst.dev->ifindex,
1270 .flowi4_iif = skb->dev->ifindex,
1271 .flowi4_mark = skb->mark,
1275 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1276 src = fib_result_prefsrc(dev_net(rt->dst.dev), &res);
1278 src = inet_select_addr(rt->dst.dev,
1279 rt_nexthop(rt, iph->daddr),
1283 memcpy(addr, &src, 4);
1286 #ifdef CONFIG_IP_ROUTE_CLASSID
1287 static void set_class_tag(struct rtable *rt, u32 tag)
1289 if (!(rt->dst.tclassid & 0xFFFF))
1290 rt->dst.tclassid |= tag & 0xFFFF;
1291 if (!(rt->dst.tclassid & 0xFFFF0000))
1292 rt->dst.tclassid |= tag & 0xFFFF0000;
1296 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1298 unsigned int header_size = sizeof(struct tcphdr) + sizeof(struct iphdr);
1299 unsigned int advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
1302 return min(advmss, IPV4_MAX_PMTU - header_size);
1305 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1307 const struct rtable *rt = (const struct rtable *) dst;
1308 unsigned int mtu = rt->rt_pmtu;
1310 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1311 mtu = dst_metric_raw(dst, RTAX_MTU);
1316 mtu = READ_ONCE(dst->dev->mtu);
1318 if (unlikely(ip_mtu_locked(dst))) {
1319 if (rt->rt_uses_gateway && mtu > 576)
1323 mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
1325 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1328 static void ip_del_fnhe(struct fib_nh_common *nhc, __be32 daddr)
1330 struct fnhe_hash_bucket *hash;
1331 struct fib_nh_exception *fnhe, __rcu **fnhe_p;
1332 u32 hval = fnhe_hashfun(daddr);
1334 spin_lock_bh(&fnhe_lock);
1336 hash = rcu_dereference_protected(nhc->nhc_exceptions,
1337 lockdep_is_held(&fnhe_lock));
1340 fnhe_p = &hash->chain;
1341 fnhe = rcu_dereference_protected(*fnhe_p, lockdep_is_held(&fnhe_lock));
1343 if (fnhe->fnhe_daddr == daddr) {
1344 rcu_assign_pointer(*fnhe_p, rcu_dereference_protected(
1345 fnhe->fnhe_next, lockdep_is_held(&fnhe_lock)));
1346 /* set fnhe_daddr to 0 to ensure it won't bind with
1347 * new dsts in rt_bind_exception().
1349 fnhe->fnhe_daddr = 0;
1350 fnhe_flush_routes(fnhe);
1351 kfree_rcu(fnhe, rcu);
1354 fnhe_p = &fnhe->fnhe_next;
1355 fnhe = rcu_dereference_protected(fnhe->fnhe_next,
1356 lockdep_is_held(&fnhe_lock));
1359 spin_unlock_bh(&fnhe_lock);
1362 static struct fib_nh_exception *find_exception(struct fib_nh_common *nhc,
1365 struct fnhe_hash_bucket *hash = rcu_dereference(nhc->nhc_exceptions);
1366 struct fib_nh_exception *fnhe;
1372 hval = fnhe_hashfun(daddr);
1374 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1375 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1376 if (fnhe->fnhe_daddr == daddr) {
1377 if (fnhe->fnhe_expires &&
1378 time_after(jiffies, fnhe->fnhe_expires)) {
1379 ip_del_fnhe(nhc, daddr);
1389 * 1. mtu on route is locked - use it
1390 * 2. mtu from nexthop exception
1391 * 3. mtu from egress device
1394 u32 ip_mtu_from_fib_result(struct fib_result *res, __be32 daddr)
1396 struct fib_nh_common *nhc = res->nhc;
1397 struct net_device *dev = nhc->nhc_dev;
1398 struct fib_info *fi = res->fi;
1401 if (dev_net(dev)->ipv4.sysctl_ip_fwd_use_pmtu ||
1402 fi->fib_metrics->metrics[RTAX_LOCK - 1] & (1 << RTAX_MTU))
1406 struct fib_nh_exception *fnhe;
1408 fnhe = find_exception(nhc, daddr);
1409 if (fnhe && !time_after_eq(jiffies, fnhe->fnhe_expires))
1410 mtu = fnhe->fnhe_pmtu;
1414 mtu = min(READ_ONCE(dev->mtu), IP_MAX_MTU);
1416 return mtu - lwtunnel_headroom(nhc->nhc_lwtstate, mtu);
1419 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1420 __be32 daddr, const bool do_cache)
1424 spin_lock_bh(&fnhe_lock);
1426 if (daddr == fnhe->fnhe_daddr) {
1427 struct rtable __rcu **porig;
1428 struct rtable *orig;
1429 int genid = fnhe_genid(dev_net(rt->dst.dev));
1431 if (rt_is_input_route(rt))
1432 porig = &fnhe->fnhe_rth_input;
1434 porig = &fnhe->fnhe_rth_output;
1435 orig = rcu_dereference(*porig);
1437 if (fnhe->fnhe_genid != genid) {
1438 fnhe->fnhe_genid = genid;
1440 fnhe->fnhe_pmtu = 0;
1441 fnhe->fnhe_expires = 0;
1442 fnhe->fnhe_mtu_locked = false;
1443 fnhe_flush_routes(fnhe);
1446 fill_route_from_fnhe(rt, fnhe);
1449 rt->rt_gw_family = AF_INET;
1454 rcu_assign_pointer(*porig, rt);
1456 dst_dev_put(&orig->dst);
1457 dst_release(&orig->dst);
1462 fnhe->fnhe_stamp = jiffies;
1464 spin_unlock_bh(&fnhe_lock);
1469 static bool rt_cache_route(struct fib_nh_common *nhc, struct rtable *rt)
1471 struct rtable *orig, *prev, **p;
1474 if (rt_is_input_route(rt)) {
1475 p = (struct rtable **)&nhc->nhc_rth_input;
1477 p = (struct rtable **)raw_cpu_ptr(nhc->nhc_pcpu_rth_output);
1481 /* hold dst before doing cmpxchg() to avoid race condition
1485 prev = cmpxchg(p, orig, rt);
1488 rt_add_uncached_list(orig);
1489 dst_release(&orig->dst);
1492 dst_release(&rt->dst);
1499 struct uncached_list {
1501 struct list_head head;
1504 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1506 void rt_add_uncached_list(struct rtable *rt)
1508 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1510 rt->rt_uncached_list = ul;
1512 spin_lock_bh(&ul->lock);
1513 list_add_tail(&rt->rt_uncached, &ul->head);
1514 spin_unlock_bh(&ul->lock);
1517 void rt_del_uncached_list(struct rtable *rt)
1519 if (!list_empty(&rt->rt_uncached)) {
1520 struct uncached_list *ul = rt->rt_uncached_list;
1522 spin_lock_bh(&ul->lock);
1523 list_del(&rt->rt_uncached);
1524 spin_unlock_bh(&ul->lock);
1528 static void ipv4_dst_destroy(struct dst_entry *dst)
1530 struct rtable *rt = (struct rtable *)dst;
1532 ip_dst_metrics_put(dst);
1533 rt_del_uncached_list(rt);
1536 void rt_flush_dev(struct net_device *dev)
1541 for_each_possible_cpu(cpu) {
1542 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1544 spin_lock_bh(&ul->lock);
1545 list_for_each_entry(rt, &ul->head, rt_uncached) {
1546 if (rt->dst.dev != dev)
1548 rt->dst.dev = blackhole_netdev;
1549 dev_hold(rt->dst.dev);
1552 spin_unlock_bh(&ul->lock);
1556 static bool rt_cache_valid(const struct rtable *rt)
1559 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1563 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1564 const struct fib_result *res,
1565 struct fib_nh_exception *fnhe,
1566 struct fib_info *fi, u16 type, u32 itag,
1567 const bool do_cache)
1569 bool cached = false;
1572 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1574 if (nhc->nhc_gw_family && nhc->nhc_scope == RT_SCOPE_LINK) {
1575 rt->rt_uses_gateway = 1;
1576 rt->rt_gw_family = nhc->nhc_gw_family;
1577 /* only INET and INET6 are supported */
1578 if (likely(nhc->nhc_gw_family == AF_INET))
1579 rt->rt_gw4 = nhc->nhc_gw.ipv4;
1581 rt->rt_gw6 = nhc->nhc_gw.ipv6;
1584 ip_dst_init_metrics(&rt->dst, fi->fib_metrics);
1586 #ifdef CONFIG_IP_ROUTE_CLASSID
1587 if (nhc->nhc_family == AF_INET) {
1590 nh = container_of(nhc, struct fib_nh, nh_common);
1591 rt->dst.tclassid = nh->nh_tclassid;
1594 rt->dst.lwtstate = lwtstate_get(nhc->nhc_lwtstate);
1596 cached = rt_bind_exception(rt, fnhe, daddr, do_cache);
1598 cached = rt_cache_route(nhc, rt);
1599 if (unlikely(!cached)) {
1600 /* Routes we intend to cache in nexthop exception or
1601 * FIB nexthop have the DST_NOCACHE bit clear.
1602 * However, if we are unsuccessful at storing this
1603 * route into the cache we really need to set it.
1606 rt->rt_gw_family = AF_INET;
1609 rt_add_uncached_list(rt);
1612 rt_add_uncached_list(rt);
1614 #ifdef CONFIG_IP_ROUTE_CLASSID
1615 #ifdef CONFIG_IP_MULTIPLE_TABLES
1616 set_class_tag(rt, res->tclassid);
1618 set_class_tag(rt, itag);
1622 struct rtable *rt_dst_alloc(struct net_device *dev,
1623 unsigned int flags, u16 type,
1624 bool nopolicy, bool noxfrm, bool will_cache)
1628 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1629 (will_cache ? 0 : DST_HOST) |
1630 (nopolicy ? DST_NOPOLICY : 0) |
1631 (noxfrm ? DST_NOXFRM : 0));
1634 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1635 rt->rt_flags = flags;
1637 rt->rt_is_input = 0;
1640 rt->rt_mtu_locked = 0;
1641 rt->rt_uses_gateway = 0;
1642 rt->rt_gw_family = 0;
1644 INIT_LIST_HEAD(&rt->rt_uncached);
1646 rt->dst.output = ip_output;
1647 if (flags & RTCF_LOCAL)
1648 rt->dst.input = ip_local_deliver;
1653 EXPORT_SYMBOL(rt_dst_alloc);
1655 struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt)
1657 struct rtable *new_rt;
1659 new_rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1663 new_rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1664 new_rt->rt_flags = rt->rt_flags;
1665 new_rt->rt_type = rt->rt_type;
1666 new_rt->rt_is_input = rt->rt_is_input;
1667 new_rt->rt_iif = rt->rt_iif;
1668 new_rt->rt_pmtu = rt->rt_pmtu;
1669 new_rt->rt_mtu_locked = rt->rt_mtu_locked;
1670 new_rt->rt_gw_family = rt->rt_gw_family;
1671 if (rt->rt_gw_family == AF_INET)
1672 new_rt->rt_gw4 = rt->rt_gw4;
1673 else if (rt->rt_gw_family == AF_INET6)
1674 new_rt->rt_gw6 = rt->rt_gw6;
1675 INIT_LIST_HEAD(&new_rt->rt_uncached);
1677 new_rt->dst.flags |= DST_HOST;
1678 new_rt->dst.input = rt->dst.input;
1679 new_rt->dst.output = rt->dst.output;
1680 new_rt->dst.error = rt->dst.error;
1681 new_rt->dst.lastuse = jiffies;
1682 new_rt->dst.lwtstate = lwtstate_get(rt->dst.lwtstate);
1686 EXPORT_SYMBOL(rt_dst_clone);
1688 /* called in rcu_read_lock() section */
1689 int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1690 u8 tos, struct net_device *dev,
1691 struct in_device *in_dev, u32 *itag)
1695 /* Primary sanity checks. */
1699 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1700 skb->protocol != htons(ETH_P_IP))
1703 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1706 if (ipv4_is_zeronet(saddr)) {
1707 if (!ipv4_is_local_multicast(daddr) &&
1708 ip_hdr(skb)->protocol != IPPROTO_IGMP)
1711 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1719 /* called in rcu_read_lock() section */
1720 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1721 u8 tos, struct net_device *dev, int our)
1723 struct in_device *in_dev = __in_dev_get_rcu(dev);
1724 unsigned int flags = RTCF_MULTICAST;
1729 err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag);
1734 flags |= RTCF_LOCAL;
1736 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1737 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1741 #ifdef CONFIG_IP_ROUTE_CLASSID
1742 rth->dst.tclassid = itag;
1744 rth->dst.output = ip_rt_bug;
1745 rth->rt_is_input= 1;
1747 #ifdef CONFIG_IP_MROUTE
1748 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1749 rth->dst.input = ip_mr_input;
1751 RT_CACHE_STAT_INC(in_slow_mc);
1753 skb_dst_set(skb, &rth->dst);
1758 static void ip_handle_martian_source(struct net_device *dev,
1759 struct in_device *in_dev,
1760 struct sk_buff *skb,
1764 RT_CACHE_STAT_INC(in_martian_src);
1765 #ifdef CONFIG_IP_ROUTE_VERBOSE
1766 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1768 * RFC1812 recommendation, if source is martian,
1769 * the only hint is MAC header.
1771 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1772 &daddr, &saddr, dev->name);
1773 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1774 print_hex_dump(KERN_WARNING, "ll header: ",
1775 DUMP_PREFIX_OFFSET, 16, 1,
1776 skb_mac_header(skb),
1777 dev->hard_header_len, false);
1783 /* called in rcu_read_lock() section */
1784 static int __mkroute_input(struct sk_buff *skb,
1785 const struct fib_result *res,
1786 struct in_device *in_dev,
1787 __be32 daddr, __be32 saddr, u32 tos)
1789 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1790 struct net_device *dev = nhc->nhc_dev;
1791 struct fib_nh_exception *fnhe;
1794 struct in_device *out_dev;
1798 /* get a working reference to the output device */
1799 out_dev = __in_dev_get_rcu(dev);
1801 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1805 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1806 in_dev->dev, in_dev, &itag);
1808 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1814 do_cache = res->fi && !itag;
1815 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1816 skb->protocol == htons(ETH_P_IP)) {
1819 gw = nhc->nhc_gw_family == AF_INET ? nhc->nhc_gw.ipv4 : 0;
1820 if (IN_DEV_SHARED_MEDIA(out_dev) ||
1821 inet_addr_onlink(out_dev, saddr, gw))
1822 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1825 if (skb->protocol != htons(ETH_P_IP)) {
1826 /* Not IP (i.e. ARP). Do not create route, if it is
1827 * invalid for proxy arp. DNAT routes are always valid.
1829 * Proxy arp feature have been extended to allow, ARP
1830 * replies back to the same interface, to support
1831 * Private VLAN switch technologies. See arp.c.
1833 if (out_dev == in_dev &&
1834 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1840 fnhe = find_exception(nhc, daddr);
1843 rth = rcu_dereference(fnhe->fnhe_rth_input);
1845 rth = rcu_dereference(nhc->nhc_rth_input);
1846 if (rt_cache_valid(rth)) {
1847 skb_dst_set_noref(skb, &rth->dst);
1852 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1853 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1854 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1860 rth->rt_is_input = 1;
1861 RT_CACHE_STAT_INC(in_slow_tot);
1863 rth->dst.input = ip_forward;
1865 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag,
1867 lwtunnel_set_redirect(&rth->dst);
1868 skb_dst_set(skb, &rth->dst);
1875 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1876 /* To make ICMP packets follow the right flow, the multipath hash is
1877 * calculated from the inner IP addresses.
1879 static void ip_multipath_l3_keys(const struct sk_buff *skb,
1880 struct flow_keys *hash_keys)
1882 const struct iphdr *outer_iph = ip_hdr(skb);
1883 const struct iphdr *key_iph = outer_iph;
1884 const struct iphdr *inner_iph;
1885 const struct icmphdr *icmph;
1886 struct iphdr _inner_iph;
1887 struct icmphdr _icmph;
1889 if (likely(outer_iph->protocol != IPPROTO_ICMP))
1892 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1895 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1900 if (!icmp_is_err(icmph->type))
1903 inner_iph = skb_header_pointer(skb,
1904 outer_iph->ihl * 4 + sizeof(_icmph),
1905 sizeof(_inner_iph), &_inner_iph);
1909 key_iph = inner_iph;
1911 hash_keys->addrs.v4addrs.src = key_iph->saddr;
1912 hash_keys->addrs.v4addrs.dst = key_iph->daddr;
1915 /* if skb is set it will be used and fl4 can be NULL */
1916 int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4,
1917 const struct sk_buff *skb, struct flow_keys *flkeys)
1919 u32 multipath_hash = fl4 ? fl4->flowi4_multipath_hash : 0;
1920 struct flow_keys hash_keys;
1923 switch (net->ipv4.sysctl_fib_multipath_hash_policy) {
1925 memset(&hash_keys, 0, sizeof(hash_keys));
1926 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1928 ip_multipath_l3_keys(skb, &hash_keys);
1930 hash_keys.addrs.v4addrs.src = fl4->saddr;
1931 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1935 /* skb is currently provided only when forwarding */
1937 unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;
1938 struct flow_keys keys;
1940 /* short-circuit if we already have L4 hash present */
1942 return skb_get_hash_raw(skb) >> 1;
1944 memset(&hash_keys, 0, sizeof(hash_keys));
1947 skb_flow_dissect_flow_keys(skb, &keys, flag);
1951 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1952 hash_keys.addrs.v4addrs.src = flkeys->addrs.v4addrs.src;
1953 hash_keys.addrs.v4addrs.dst = flkeys->addrs.v4addrs.dst;
1954 hash_keys.ports.src = flkeys->ports.src;
1955 hash_keys.ports.dst = flkeys->ports.dst;
1956 hash_keys.basic.ip_proto = flkeys->basic.ip_proto;
1958 memset(&hash_keys, 0, sizeof(hash_keys));
1959 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1960 hash_keys.addrs.v4addrs.src = fl4->saddr;
1961 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1962 hash_keys.ports.src = fl4->fl4_sport;
1963 hash_keys.ports.dst = fl4->fl4_dport;
1964 hash_keys.basic.ip_proto = fl4->flowi4_proto;
1968 memset(&hash_keys, 0, sizeof(hash_keys));
1969 /* skb is currently provided only when forwarding */
1971 struct flow_keys keys;
1973 skb_flow_dissect_flow_keys(skb, &keys, 0);
1974 /* Inner can be v4 or v6 */
1975 if (keys.control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1976 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1977 hash_keys.addrs.v4addrs.src = keys.addrs.v4addrs.src;
1978 hash_keys.addrs.v4addrs.dst = keys.addrs.v4addrs.dst;
1979 } else if (keys.control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1980 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1981 hash_keys.addrs.v6addrs.src = keys.addrs.v6addrs.src;
1982 hash_keys.addrs.v6addrs.dst = keys.addrs.v6addrs.dst;
1983 hash_keys.tags.flow_label = keys.tags.flow_label;
1984 hash_keys.basic.ip_proto = keys.basic.ip_proto;
1986 /* Same as case 0 */
1987 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1988 ip_multipath_l3_keys(skb, &hash_keys);
1991 /* Same as case 0 */
1992 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1993 hash_keys.addrs.v4addrs.src = fl4->saddr;
1994 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1998 mhash = flow_hash_from_keys(&hash_keys);
2001 mhash = jhash_2words(mhash, multipath_hash, 0);
2005 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
2007 static int ip_mkroute_input(struct sk_buff *skb,
2008 struct fib_result *res,
2009 struct in_device *in_dev,
2010 __be32 daddr, __be32 saddr, u32 tos,
2011 struct flow_keys *hkeys)
2013 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2014 if (res->fi && fib_info_num_path(res->fi) > 1) {
2015 int h = fib_multipath_hash(res->fi->fib_net, NULL, skb, hkeys);
2017 fib_select_multipath(res, h);
2021 /* create a routing cache entry */
2022 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
2025 /* Implements all the saddr-related checks as ip_route_input_slow(),
2026 * assuming daddr is valid and the destination is not a local broadcast one.
2027 * Uses the provided hint instead of performing a route lookup.
2029 int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2030 u8 tos, struct net_device *dev,
2031 const struct sk_buff *hint)
2033 struct in_device *in_dev = __in_dev_get_rcu(dev);
2034 struct rtable *rt = (struct rtable *)hint;
2035 struct net *net = dev_net(dev);
2039 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
2040 goto martian_source;
2042 if (ipv4_is_zeronet(saddr))
2043 goto martian_source;
2045 if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2046 goto martian_source;
2048 if (rt->rt_type != RTN_LOCAL)
2049 goto skip_validate_source;
2051 tos &= IPTOS_RT_MASK;
2052 err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag);
2054 goto martian_source;
2056 skip_validate_source:
2057 skb_dst_copy(skb, hint);
2061 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2066 * NOTE. We drop all the packets that has local source
2067 * addresses, because every properly looped back packet
2068 * must have correct destination already attached by output routine.
2069 * Changes in the enforced policies must be applied also to
2070 * ip_route_use_hint().
2072 * Such approach solves two big problems:
2073 * 1. Not simplex devices are handled properly.
2074 * 2. IP spoofing attempts are filtered with 100% of guarantee.
2075 * called with rcu_read_lock()
2078 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2079 u8 tos, struct net_device *dev,
2080 struct fib_result *res)
2082 struct in_device *in_dev = __in_dev_get_rcu(dev);
2083 struct flow_keys *flkeys = NULL, _flkeys;
2084 struct net *net = dev_net(dev);
2085 struct ip_tunnel_info *tun_info;
2087 unsigned int flags = 0;
2091 bool do_cache = true;
2093 /* IP on this device is disabled. */
2098 /* Check for the most weird martians, which can be not detected
2102 tun_info = skb_tunnel_info(skb);
2103 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
2104 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
2106 fl4.flowi4_tun_key.tun_id = 0;
2109 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
2110 goto martian_source;
2114 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
2117 /* Accept zero addresses only to limited broadcast;
2118 * I even do not know to fix it or not. Waiting for complains :-)
2120 if (ipv4_is_zeronet(saddr))
2121 goto martian_source;
2123 if (ipv4_is_zeronet(daddr))
2124 goto martian_destination;
2126 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
2127 * and call it once if daddr or/and saddr are loopback addresses
2129 if (ipv4_is_loopback(daddr)) {
2130 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2131 goto martian_destination;
2132 } else if (ipv4_is_loopback(saddr)) {
2133 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2134 goto martian_source;
2138 * Now we are ready to route packet.
2141 fl4.flowi4_iif = dev->ifindex;
2142 fl4.flowi4_mark = skb->mark;
2143 fl4.flowi4_tos = tos;
2144 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
2145 fl4.flowi4_flags = 0;
2148 fl4.flowi4_uid = sock_net_uid(net, NULL);
2150 if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
2153 fl4.flowi4_proto = 0;
2158 err = fib_lookup(net, &fl4, res, 0);
2160 if (!IN_DEV_FORWARD(in_dev))
2161 err = -EHOSTUNREACH;
2165 if (res->type == RTN_BROADCAST) {
2166 if (IN_DEV_BFORWARD(in_dev))
2168 /* not do cache if bc_forwarding is enabled */
2169 if (IPV4_DEVCONF_ALL(net, BC_FORWARDING))
2174 if (res->type == RTN_LOCAL) {
2175 err = fib_validate_source(skb, saddr, daddr, tos,
2176 0, dev, in_dev, &itag);
2178 goto martian_source;
2182 if (!IN_DEV_FORWARD(in_dev)) {
2183 err = -EHOSTUNREACH;
2186 if (res->type != RTN_UNICAST)
2187 goto martian_destination;
2190 err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys);
2194 if (skb->protocol != htons(ETH_P_IP))
2197 if (!ipv4_is_zeronet(saddr)) {
2198 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
2201 goto martian_source;
2203 flags |= RTCF_BROADCAST;
2204 res->type = RTN_BROADCAST;
2205 RT_CACHE_STAT_INC(in_brd);
2208 do_cache &= res->fi && !itag;
2210 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2212 rth = rcu_dereference(nhc->nhc_rth_input);
2213 if (rt_cache_valid(rth)) {
2214 skb_dst_set_noref(skb, &rth->dst);
2220 rth = rt_dst_alloc(l3mdev_master_dev_rcu(dev) ? : net->loopback_dev,
2221 flags | RTCF_LOCAL, res->type,
2222 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
2226 rth->dst.output= ip_rt_bug;
2227 #ifdef CONFIG_IP_ROUTE_CLASSID
2228 rth->dst.tclassid = itag;
2230 rth->rt_is_input = 1;
2232 RT_CACHE_STAT_INC(in_slow_tot);
2233 if (res->type == RTN_UNREACHABLE) {
2234 rth->dst.input= ip_error;
2235 rth->dst.error= -err;
2236 rth->rt_flags &= ~RTCF_LOCAL;
2240 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2242 rth->dst.lwtstate = lwtstate_get(nhc->nhc_lwtstate);
2243 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
2244 WARN_ON(rth->dst.input == lwtunnel_input);
2245 rth->dst.lwtstate->orig_input = rth->dst.input;
2246 rth->dst.input = lwtunnel_input;
2249 if (unlikely(!rt_cache_route(nhc, rth)))
2250 rt_add_uncached_list(rth);
2252 skb_dst_set(skb, &rth->dst);
2257 RT_CACHE_STAT_INC(in_no_route);
2258 res->type = RTN_UNREACHABLE;
2264 * Do not cache martian addresses: they should be logged (RFC1812)
2266 martian_destination:
2267 RT_CACHE_STAT_INC(in_martian_dst);
2268 #ifdef CONFIG_IP_ROUTE_VERBOSE
2269 if (IN_DEV_LOG_MARTIANS(in_dev))
2270 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2271 &daddr, &saddr, dev->name);
2283 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2287 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2288 u8 tos, struct net_device *dev)
2290 struct fib_result res;
2293 tos &= IPTOS_RT_MASK;
2295 err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res);
2300 EXPORT_SYMBOL(ip_route_input_noref);
2302 /* called with rcu_read_lock held */
2303 int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2304 u8 tos, struct net_device *dev, struct fib_result *res)
2306 /* Multicast recognition logic is moved from route cache to here.
2307 The problem was that too many Ethernet cards have broken/missing
2308 hardware multicast filters :-( As result the host on multicasting
2309 network acquires a lot of useless route cache entries, sort of
2310 SDR messages from all the world. Now we try to get rid of them.
2311 Really, provided software IP multicast filter is organized
2312 reasonably (at least, hashed), it does not result in a slowdown
2313 comparing with route cache reject entries.
2314 Note, that multicast routers are not affected, because
2315 route cache entry is created eventually.
2317 if (ipv4_is_multicast(daddr)) {
2318 struct in_device *in_dev = __in_dev_get_rcu(dev);
2324 our = ip_check_mc_rcu(in_dev, daddr, saddr,
2325 ip_hdr(skb)->protocol);
2327 /* check l3 master if no match yet */
2328 if (!our && netif_is_l3_slave(dev)) {
2329 struct in_device *l3_in_dev;
2331 l3_in_dev = __in_dev_get_rcu(skb->dev);
2333 our = ip_check_mc_rcu(l3_in_dev, daddr, saddr,
2334 ip_hdr(skb)->protocol);
2338 #ifdef CONFIG_IP_MROUTE
2340 (!ipv4_is_local_multicast(daddr) &&
2341 IN_DEV_MFORWARD(in_dev))
2344 err = ip_route_input_mc(skb, daddr, saddr,
2350 return ip_route_input_slow(skb, daddr, saddr, tos, dev, res);
2353 /* called with rcu_read_lock() */
2354 static struct rtable *__mkroute_output(const struct fib_result *res,
2355 const struct flowi4 *fl4, int orig_oif,
2356 struct net_device *dev_out,
2359 struct fib_info *fi = res->fi;
2360 struct fib_nh_exception *fnhe;
2361 struct in_device *in_dev;
2362 u16 type = res->type;
2366 in_dev = __in_dev_get_rcu(dev_out);
2368 return ERR_PTR(-EINVAL);
2370 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
2371 if (ipv4_is_loopback(fl4->saddr) &&
2372 !(dev_out->flags & IFF_LOOPBACK) &&
2373 !netif_is_l3_master(dev_out))
2374 return ERR_PTR(-EINVAL);
2376 if (ipv4_is_lbcast(fl4->daddr))
2377 type = RTN_BROADCAST;
2378 else if (ipv4_is_multicast(fl4->daddr))
2379 type = RTN_MULTICAST;
2380 else if (ipv4_is_zeronet(fl4->daddr))
2381 return ERR_PTR(-EINVAL);
2383 if (dev_out->flags & IFF_LOOPBACK)
2384 flags |= RTCF_LOCAL;
2387 if (type == RTN_BROADCAST) {
2388 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2390 } else if (type == RTN_MULTICAST) {
2391 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2392 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2394 flags &= ~RTCF_LOCAL;
2397 /* If multicast route do not exist use
2398 * default one, but do not gateway in this case.
2401 if (fi && res->prefixlen < 4)
2403 } else if ((type == RTN_LOCAL) && (orig_oif != 0) &&
2404 (orig_oif != dev_out->ifindex)) {
2405 /* For local routes that require a particular output interface
2406 * we do not want to cache the result. Caching the result
2407 * causes incorrect behaviour when there are multiple source
2408 * addresses on the interface, the end result being that if the
2409 * intended recipient is waiting on that interface for the
2410 * packet he won't receive it because it will be delivered on
2411 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2412 * be set to the loopback interface as well.
2418 do_cache &= fi != NULL;
2420 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2421 struct rtable __rcu **prth;
2423 fnhe = find_exception(nhc, fl4->daddr);
2427 prth = &fnhe->fnhe_rth_output;
2429 if (unlikely(fl4->flowi4_flags &
2430 FLOWI_FLAG_KNOWN_NH &&
2431 !(nhc->nhc_gw_family &&
2432 nhc->nhc_scope == RT_SCOPE_LINK))) {
2436 prth = raw_cpu_ptr(nhc->nhc_pcpu_rth_output);
2438 rth = rcu_dereference(*prth);
2439 if (rt_cache_valid(rth) && dst_hold_safe(&rth->dst))
2444 rth = rt_dst_alloc(dev_out, flags, type,
2445 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2446 IN_DEV_CONF_GET(in_dev, NOXFRM),
2449 return ERR_PTR(-ENOBUFS);
2451 rth->rt_iif = orig_oif;
2453 RT_CACHE_STAT_INC(out_slow_tot);
2455 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2456 if (flags & RTCF_LOCAL &&
2457 !(dev_out->flags & IFF_LOOPBACK)) {
2458 rth->dst.output = ip_mc_output;
2459 RT_CACHE_STAT_INC(out_slow_mc);
2461 #ifdef CONFIG_IP_MROUTE
2462 if (type == RTN_MULTICAST) {
2463 if (IN_DEV_MFORWARD(in_dev) &&
2464 !ipv4_is_local_multicast(fl4->daddr)) {
2465 rth->dst.input = ip_mr_input;
2466 rth->dst.output = ip_mc_output;
2472 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0, do_cache);
2473 lwtunnel_set_redirect(&rth->dst);
2479 * Major route resolver routine.
2482 struct rtable *ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2483 const struct sk_buff *skb)
2485 __u8 tos = RT_FL_TOS(fl4);
2486 struct fib_result res = {
2494 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2495 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2496 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2497 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2500 rth = ip_route_output_key_hash_rcu(net, fl4, &res, skb);
2505 EXPORT_SYMBOL_GPL(ip_route_output_key_hash);
2507 struct rtable *ip_route_output_key_hash_rcu(struct net *net, struct flowi4 *fl4,
2508 struct fib_result *res,
2509 const struct sk_buff *skb)
2511 struct net_device *dev_out = NULL;
2512 int orig_oif = fl4->flowi4_oif;
2513 unsigned int flags = 0;
2518 if (ipv4_is_multicast(fl4->saddr) ||
2519 ipv4_is_lbcast(fl4->saddr) ||
2520 ipv4_is_zeronet(fl4->saddr)) {
2521 rth = ERR_PTR(-EINVAL);
2525 rth = ERR_PTR(-ENETUNREACH);
2527 /* I removed check for oif == dev_out->oif here.
2528 It was wrong for two reasons:
2529 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2530 is assigned to multiple interfaces.
2531 2. Moreover, we are allowed to send packets with saddr
2532 of another iface. --ANK
2535 if (fl4->flowi4_oif == 0 &&
2536 (ipv4_is_multicast(fl4->daddr) ||
2537 ipv4_is_lbcast(fl4->daddr))) {
2538 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2539 dev_out = __ip_dev_find(net, fl4->saddr, false);
2543 /* Special hack: user can direct multicasts
2544 and limited broadcast via necessary interface
2545 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2546 This hack is not just for fun, it allows
2547 vic,vat and friends to work.
2548 They bind socket to loopback, set ttl to zero
2549 and expect that it will work.
2550 From the viewpoint of routing cache they are broken,
2551 because we are not allowed to build multicast path
2552 with loopback source addr (look, routing cache
2553 cannot know, that ttl is zero, so that packet
2554 will not leave this host and route is valid).
2555 Luckily, this hack is good workaround.
2558 fl4->flowi4_oif = dev_out->ifindex;
2562 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2563 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2564 if (!__ip_dev_find(net, fl4->saddr, false))
2570 if (fl4->flowi4_oif) {
2571 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2572 rth = ERR_PTR(-ENODEV);
2576 /* RACE: Check return value of inet_select_addr instead. */
2577 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2578 rth = ERR_PTR(-ENETUNREACH);
2581 if (ipv4_is_local_multicast(fl4->daddr) ||
2582 ipv4_is_lbcast(fl4->daddr) ||
2583 fl4->flowi4_proto == IPPROTO_IGMP) {
2585 fl4->saddr = inet_select_addr(dev_out, 0,
2590 if (ipv4_is_multicast(fl4->daddr))
2591 fl4->saddr = inet_select_addr(dev_out, 0,
2593 else if (!fl4->daddr)
2594 fl4->saddr = inet_select_addr(dev_out, 0,
2600 fl4->daddr = fl4->saddr;
2602 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2603 dev_out = net->loopback_dev;
2604 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2605 res->type = RTN_LOCAL;
2606 flags |= RTCF_LOCAL;
2610 err = fib_lookup(net, fl4, res, 0);
2614 if (fl4->flowi4_oif &&
2615 (ipv4_is_multicast(fl4->daddr) ||
2616 !netif_index_is_l3_master(net, fl4->flowi4_oif))) {
2617 /* Apparently, routing tables are wrong. Assume,
2618 that the destination is on link.
2621 Because we are allowed to send to iface
2622 even if it has NO routes and NO assigned
2623 addresses. When oif is specified, routing
2624 tables are looked up with only one purpose:
2625 to catch if destination is gatewayed, rather than
2626 direct. Moreover, if MSG_DONTROUTE is set,
2627 we send packet, ignoring both routing tables
2628 and ifaddr state. --ANK
2631 We could make it even if oif is unknown,
2632 likely IPv6, but we do not.
2635 if (fl4->saddr == 0)
2636 fl4->saddr = inet_select_addr(dev_out, 0,
2638 res->type = RTN_UNICAST;
2645 if (res->type == RTN_LOCAL) {
2647 if (res->fi->fib_prefsrc)
2648 fl4->saddr = res->fi->fib_prefsrc;
2650 fl4->saddr = fl4->daddr;
2653 /* L3 master device is the loopback for that domain */
2654 dev_out = l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) ? :
2657 /* make sure orig_oif points to fib result device even
2658 * though packet rx/tx happens over loopback or l3mdev
2660 orig_oif = FIB_RES_OIF(*res);
2662 fl4->flowi4_oif = dev_out->ifindex;
2663 flags |= RTCF_LOCAL;
2667 fib_select_path(net, res, fl4, skb);
2669 dev_out = FIB_RES_DEV(*res);
2670 fl4->flowi4_oif = dev_out->ifindex;
2674 rth = __mkroute_output(res, fl4, orig_oif, dev_out, flags);
2680 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2685 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2687 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2689 return mtu ? : dst->dev->mtu;
2692 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2693 struct sk_buff *skb, u32 mtu,
2698 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2699 struct sk_buff *skb)
2703 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2709 static struct dst_ops ipv4_dst_blackhole_ops = {
2711 .check = ipv4_blackhole_dst_check,
2712 .mtu = ipv4_blackhole_mtu,
2713 .default_advmss = ipv4_default_advmss,
2714 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2715 .redirect = ipv4_rt_blackhole_redirect,
2716 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2717 .neigh_lookup = ipv4_neigh_lookup,
2720 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2722 struct rtable *ort = (struct rtable *) dst_orig;
2725 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_DEAD, 0);
2727 struct dst_entry *new = &rt->dst;
2730 new->input = dst_discard;
2731 new->output = dst_discard_out;
2733 new->dev = net->loopback_dev;
2737 rt->rt_is_input = ort->rt_is_input;
2738 rt->rt_iif = ort->rt_iif;
2739 rt->rt_pmtu = ort->rt_pmtu;
2740 rt->rt_mtu_locked = ort->rt_mtu_locked;
2742 rt->rt_genid = rt_genid_ipv4(net);
2743 rt->rt_flags = ort->rt_flags;
2744 rt->rt_type = ort->rt_type;
2745 rt->rt_uses_gateway = ort->rt_uses_gateway;
2746 rt->rt_gw_family = ort->rt_gw_family;
2747 if (rt->rt_gw_family == AF_INET)
2748 rt->rt_gw4 = ort->rt_gw4;
2749 else if (rt->rt_gw_family == AF_INET6)
2750 rt->rt_gw6 = ort->rt_gw6;
2752 INIT_LIST_HEAD(&rt->rt_uncached);
2755 dst_release(dst_orig);
2757 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2760 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2761 const struct sock *sk)
2763 struct rtable *rt = __ip_route_output_key(net, flp4);
2768 if (flp4->flowi4_proto)
2769 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2770 flowi4_to_flowi(flp4),
2775 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2777 /* called with rcu_read_lock held */
2778 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2779 struct rtable *rt, u32 table_id, struct flowi4 *fl4,
2780 struct sk_buff *skb, u32 portid, u32 seq,
2784 struct nlmsghdr *nlh;
2785 unsigned long expires = 0;
2787 u32 metrics[RTAX_MAX];
2789 nlh = nlmsg_put(skb, portid, seq, RTM_NEWROUTE, sizeof(*r), flags);
2793 r = nlmsg_data(nlh);
2794 r->rtm_family = AF_INET;
2795 r->rtm_dst_len = 32;
2797 r->rtm_tos = fl4 ? fl4->flowi4_tos : 0;
2798 r->rtm_table = table_id < 256 ? table_id : RT_TABLE_COMPAT;
2799 if (nla_put_u32(skb, RTA_TABLE, table_id))
2800 goto nla_put_failure;
2801 r->rtm_type = rt->rt_type;
2802 r->rtm_scope = RT_SCOPE_UNIVERSE;
2803 r->rtm_protocol = RTPROT_UNSPEC;
2804 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2805 if (rt->rt_flags & RTCF_NOTIFY)
2806 r->rtm_flags |= RTM_F_NOTIFY;
2807 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2808 r->rtm_flags |= RTCF_DOREDIRECT;
2810 if (nla_put_in_addr(skb, RTA_DST, dst))
2811 goto nla_put_failure;
2813 r->rtm_src_len = 32;
2814 if (nla_put_in_addr(skb, RTA_SRC, src))
2815 goto nla_put_failure;
2818 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2819 goto nla_put_failure;
2820 #ifdef CONFIG_IP_ROUTE_CLASSID
2821 if (rt->dst.tclassid &&
2822 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2823 goto nla_put_failure;
2825 if (fl4 && !rt_is_input_route(rt) &&
2826 fl4->saddr != src) {
2827 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2828 goto nla_put_failure;
2830 if (rt->rt_uses_gateway) {
2831 if (rt->rt_gw_family == AF_INET &&
2832 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gw4)) {
2833 goto nla_put_failure;
2834 } else if (rt->rt_gw_family == AF_INET6) {
2835 int alen = sizeof(struct in6_addr);
2839 nla = nla_reserve(skb, RTA_VIA, alen + 2);
2841 goto nla_put_failure;
2843 via = nla_data(nla);
2844 via->rtvia_family = AF_INET6;
2845 memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
2849 expires = rt->dst.expires;
2851 unsigned long now = jiffies;
2853 if (time_before(now, expires))
2859 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2860 if (rt->rt_pmtu && expires)
2861 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2862 if (rt->rt_mtu_locked && expires)
2863 metrics[RTAX_LOCK - 1] |= BIT(RTAX_MTU);
2864 if (rtnetlink_put_metrics(skb, metrics) < 0)
2865 goto nla_put_failure;
2868 if (fl4->flowi4_mark &&
2869 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2870 goto nla_put_failure;
2872 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2873 nla_put_u32(skb, RTA_UID,
2874 from_kuid_munged(current_user_ns(),
2876 goto nla_put_failure;
2878 if (rt_is_input_route(rt)) {
2879 #ifdef CONFIG_IP_MROUTE
2880 if (ipv4_is_multicast(dst) &&
2881 !ipv4_is_local_multicast(dst) &&
2882 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2883 int err = ipmr_get_route(net, skb,
2884 fl4->saddr, fl4->daddr,
2890 goto nla_put_failure;
2894 if (nla_put_u32(skb, RTA_IIF, fl4->flowi4_iif))
2895 goto nla_put_failure;
2899 error = rt->dst.error;
2901 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2902 goto nla_put_failure;
2904 nlmsg_end(skb, nlh);
2908 nlmsg_cancel(skb, nlh);
2912 static int fnhe_dump_bucket(struct net *net, struct sk_buff *skb,
2913 struct netlink_callback *cb, u32 table_id,
2914 struct fnhe_hash_bucket *bucket, int genid,
2915 int *fa_index, int fa_start, unsigned int flags)
2919 for (i = 0; i < FNHE_HASH_SIZE; i++) {
2920 struct fib_nh_exception *fnhe;
2922 for (fnhe = rcu_dereference(bucket[i].chain); fnhe;
2923 fnhe = rcu_dereference(fnhe->fnhe_next)) {
2927 if (*fa_index < fa_start)
2930 if (fnhe->fnhe_genid != genid)
2933 if (fnhe->fnhe_expires &&
2934 time_after(jiffies, fnhe->fnhe_expires))
2937 rt = rcu_dereference(fnhe->fnhe_rth_input);
2939 rt = rcu_dereference(fnhe->fnhe_rth_output);
2943 err = rt_fill_info(net, fnhe->fnhe_daddr, 0, rt,
2944 table_id, NULL, skb,
2945 NETLINK_CB(cb->skb).portid,
2946 cb->nlh->nlmsg_seq, flags);
2957 int fib_dump_info_fnhe(struct sk_buff *skb, struct netlink_callback *cb,
2958 u32 table_id, struct fib_info *fi,
2959 int *fa_index, int fa_start, unsigned int flags)
2961 struct net *net = sock_net(cb->skb->sk);
2962 int nhsel, genid = fnhe_genid(net);
2964 for (nhsel = 0; nhsel < fib_info_num_path(fi); nhsel++) {
2965 struct fib_nh_common *nhc = fib_info_nhc(fi, nhsel);
2966 struct fnhe_hash_bucket *bucket;
2969 if (nhc->nhc_flags & RTNH_F_DEAD)
2973 bucket = rcu_dereference(nhc->nhc_exceptions);
2976 err = fnhe_dump_bucket(net, skb, cb, table_id, bucket,
2977 genid, fa_index, fa_start,
2987 static struct sk_buff *inet_rtm_getroute_build_skb(__be32 src, __be32 dst,
2988 u8 ip_proto, __be16 sport,
2991 struct sk_buff *skb;
2994 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2998 /* Reserve room for dummy headers, this skb can pass
2999 * through good chunk of routing engine.
3001 skb_reset_mac_header(skb);
3002 skb_reset_network_header(skb);
3003 skb->protocol = htons(ETH_P_IP);
3004 iph = skb_put(skb, sizeof(struct iphdr));
3005 iph->protocol = ip_proto;
3011 skb_set_transport_header(skb, skb->len);
3013 switch (iph->protocol) {
3015 struct udphdr *udph;
3017 udph = skb_put_zero(skb, sizeof(struct udphdr));
3018 udph->source = sport;
3020 udph->len = sizeof(struct udphdr);
3025 struct tcphdr *tcph;
3027 tcph = skb_put_zero(skb, sizeof(struct tcphdr));
3028 tcph->source = sport;
3030 tcph->doff = sizeof(struct tcphdr) / 4;
3032 tcph->check = ~tcp_v4_check(sizeof(struct tcphdr),
3036 case IPPROTO_ICMP: {
3037 struct icmphdr *icmph;
3039 icmph = skb_put_zero(skb, sizeof(struct icmphdr));
3040 icmph->type = ICMP_ECHO;
3048 static int inet_rtm_valid_getroute_req(struct sk_buff *skb,
3049 const struct nlmsghdr *nlh,
3051 struct netlink_ext_ack *extack)
3056 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
3057 NL_SET_ERR_MSG(extack,
3058 "ipv4: Invalid header for route get request");
3062 if (!netlink_strict_get_check(skb))
3063 return nlmsg_parse_deprecated(nlh, sizeof(*rtm), tb, RTA_MAX,
3064 rtm_ipv4_policy, extack);
3066 rtm = nlmsg_data(nlh);
3067 if ((rtm->rtm_src_len && rtm->rtm_src_len != 32) ||
3068 (rtm->rtm_dst_len && rtm->rtm_dst_len != 32) ||
3069 rtm->rtm_table || rtm->rtm_protocol ||
3070 rtm->rtm_scope || rtm->rtm_type) {
3071 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for route get request");
3075 if (rtm->rtm_flags & ~(RTM_F_NOTIFY |
3076 RTM_F_LOOKUP_TABLE |
3078 NL_SET_ERR_MSG(extack, "ipv4: Unsupported rtm_flags for route get request");
3082 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
3083 rtm_ipv4_policy, extack);
3087 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
3088 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
3089 NL_SET_ERR_MSG(extack, "ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4");
3093 for (i = 0; i <= RTA_MAX; i++) {
3109 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in route get request");
3117 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3118 struct netlink_ext_ack *extack)
3120 struct net *net = sock_net(in_skb->sk);
3121 struct nlattr *tb[RTA_MAX+1];
3122 u32 table_id = RT_TABLE_MAIN;
3123 __be16 sport = 0, dport = 0;
3124 struct fib_result res = {};
3125 u8 ip_proto = IPPROTO_UDP;
3126 struct rtable *rt = NULL;
3127 struct sk_buff *skb;
3129 struct flowi4 fl4 = {};
3137 err = inet_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
3141 rtm = nlmsg_data(nlh);
3142 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
3143 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
3144 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
3145 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
3147 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
3149 uid = (iif ? INVALID_UID : current_uid());
3151 if (tb[RTA_IP_PROTO]) {
3152 err = rtm_getroute_parse_ip_proto(tb[RTA_IP_PROTO],
3153 &ip_proto, AF_INET, extack);
3159 sport = nla_get_be16(tb[RTA_SPORT]);
3162 dport = nla_get_be16(tb[RTA_DPORT]);
3164 skb = inet_rtm_getroute_build_skb(src, dst, ip_proto, sport, dport);
3170 fl4.flowi4_tos = rtm->rtm_tos;
3171 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
3172 fl4.flowi4_mark = mark;
3173 fl4.flowi4_uid = uid;
3175 fl4.fl4_sport = sport;
3177 fl4.fl4_dport = dport;
3178 fl4.flowi4_proto = ip_proto;
3183 struct net_device *dev;
3185 dev = dev_get_by_index_rcu(net, iif);
3191 fl4.flowi4_iif = iif; /* for rt_fill_info */
3194 err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos,
3197 rt = skb_rtable(skb);
3198 if (err == 0 && rt->dst.error)
3199 err = -rt->dst.error;
3201 fl4.flowi4_iif = LOOPBACK_IFINDEX;
3202 skb->dev = net->loopback_dev;
3203 rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb);
3208 skb_dst_set(skb, &rt->dst);
3214 if (rtm->rtm_flags & RTM_F_NOTIFY)
3215 rt->rt_flags |= RTCF_NOTIFY;
3217 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
3218 table_id = res.table ? res.table->tb_id : 0;
3220 /* reset skb for netlink reply msg */
3222 skb_reset_network_header(skb);
3223 skb_reset_transport_header(skb);
3224 skb_reset_mac_header(skb);
3226 if (rtm->rtm_flags & RTM_F_FIB_MATCH) {
3227 struct fib_rt_info fri;
3230 err = fib_props[res.type].error;
3232 err = -EHOSTUNREACH;
3236 fri.tb_id = table_id;
3237 fri.dst = res.prefix;
3238 fri.dst_len = res.prefixlen;
3239 fri.tos = fl4.flowi4_tos;
3240 fri.type = rt->rt_type;
3244 struct fib_alias *fa;
3246 hlist_for_each_entry_rcu(fa, res.fa_head, fa_list) {
3247 u8 slen = 32 - fri.dst_len;
3249 if (fa->fa_slen == slen &&
3250 fa->tb_id == fri.tb_id &&
3251 fa->fa_tos == fri.tos &&
3252 fa->fa_info == res.fi &&
3253 fa->fa_type == fri.type) {
3254 fri.offload = fa->offload;
3255 fri.trap = fa->trap;
3260 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid,
3261 nlh->nlmsg_seq, RTM_NEWROUTE, &fri, 0);
3263 err = rt_fill_info(net, dst, src, rt, table_id, &fl4, skb,
3264 NETLINK_CB(in_skb).portid,
3272 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3282 void ip_rt_multicast_event(struct in_device *in_dev)
3284 rt_cache_flush(dev_net(in_dev->dev));
3287 #ifdef CONFIG_SYSCTL
3288 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
3289 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
3290 static int ip_rt_gc_elasticity __read_mostly = 8;
3291 static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU;
3293 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
3294 void __user *buffer,
3295 size_t *lenp, loff_t *ppos)
3297 struct net *net = (struct net *)__ctl->extra1;
3300 rt_cache_flush(net);
3301 fnhe_genid_bump(net);
3308 static struct ctl_table ipv4_route_table[] = {
3310 .procname = "gc_thresh",
3311 .data = &ipv4_dst_ops.gc_thresh,
3312 .maxlen = sizeof(int),
3314 .proc_handler = proc_dointvec,
3317 .procname = "max_size",
3318 .data = &ip_rt_max_size,
3319 .maxlen = sizeof(int),
3321 .proc_handler = proc_dointvec,
3324 /* Deprecated. Use gc_min_interval_ms */
3326 .procname = "gc_min_interval",
3327 .data = &ip_rt_gc_min_interval,
3328 .maxlen = sizeof(int),
3330 .proc_handler = proc_dointvec_jiffies,
3333 .procname = "gc_min_interval_ms",
3334 .data = &ip_rt_gc_min_interval,
3335 .maxlen = sizeof(int),
3337 .proc_handler = proc_dointvec_ms_jiffies,
3340 .procname = "gc_timeout",
3341 .data = &ip_rt_gc_timeout,
3342 .maxlen = sizeof(int),
3344 .proc_handler = proc_dointvec_jiffies,
3347 .procname = "gc_interval",
3348 .data = &ip_rt_gc_interval,
3349 .maxlen = sizeof(int),
3351 .proc_handler = proc_dointvec_jiffies,
3354 .procname = "redirect_load",
3355 .data = &ip_rt_redirect_load,
3356 .maxlen = sizeof(int),
3358 .proc_handler = proc_dointvec,
3361 .procname = "redirect_number",
3362 .data = &ip_rt_redirect_number,
3363 .maxlen = sizeof(int),
3365 .proc_handler = proc_dointvec,
3368 .procname = "redirect_silence",
3369 .data = &ip_rt_redirect_silence,
3370 .maxlen = sizeof(int),
3372 .proc_handler = proc_dointvec,
3375 .procname = "error_cost",
3376 .data = &ip_rt_error_cost,
3377 .maxlen = sizeof(int),
3379 .proc_handler = proc_dointvec,
3382 .procname = "error_burst",
3383 .data = &ip_rt_error_burst,
3384 .maxlen = sizeof(int),
3386 .proc_handler = proc_dointvec,
3389 .procname = "gc_elasticity",
3390 .data = &ip_rt_gc_elasticity,
3391 .maxlen = sizeof(int),
3393 .proc_handler = proc_dointvec,
3396 .procname = "mtu_expires",
3397 .data = &ip_rt_mtu_expires,
3398 .maxlen = sizeof(int),
3400 .proc_handler = proc_dointvec_jiffies,
3403 .procname = "min_pmtu",
3404 .data = &ip_rt_min_pmtu,
3405 .maxlen = sizeof(int),
3407 .proc_handler = proc_dointvec_minmax,
3408 .extra1 = &ip_min_valid_pmtu,
3411 .procname = "min_adv_mss",
3412 .data = &ip_rt_min_advmss,
3413 .maxlen = sizeof(int),
3415 .proc_handler = proc_dointvec,
3420 static const char ipv4_route_flush_procname[] = "flush";
3422 static struct ctl_table ipv4_route_flush_table[] = {
3424 .procname = ipv4_route_flush_procname,
3425 .maxlen = sizeof(int),
3427 .proc_handler = ipv4_sysctl_rtcache_flush,
3432 static __net_init int sysctl_route_net_init(struct net *net)
3434 struct ctl_table *tbl;
3436 tbl = ipv4_route_flush_table;
3437 if (!net_eq(net, &init_net)) {
3438 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3442 /* Don't export non-whitelisted sysctls to unprivileged users */
3443 if (net->user_ns != &init_user_ns) {
3444 if (tbl[0].procname != ipv4_route_flush_procname)
3445 tbl[0].procname = NULL;
3448 tbl[0].extra1 = net;
3450 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
3451 if (!net->ipv4.route_hdr)
3456 if (tbl != ipv4_route_flush_table)
3462 static __net_exit void sysctl_route_net_exit(struct net *net)
3464 struct ctl_table *tbl;
3466 tbl = net->ipv4.route_hdr->ctl_table_arg;
3467 unregister_net_sysctl_table(net->ipv4.route_hdr);
3468 BUG_ON(tbl == ipv4_route_flush_table);
3472 static __net_initdata struct pernet_operations sysctl_route_ops = {
3473 .init = sysctl_route_net_init,
3474 .exit = sysctl_route_net_exit,
3478 static __net_init int rt_genid_init(struct net *net)
3480 atomic_set(&net->ipv4.rt_genid, 0);
3481 atomic_set(&net->fnhe_genid, 0);
3482 atomic_set(&net->ipv4.dev_addr_genid, get_random_int());
3486 static __net_initdata struct pernet_operations rt_genid_ops = {
3487 .init = rt_genid_init,
3490 static int __net_init ipv4_inetpeer_init(struct net *net)
3492 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3496 inet_peer_base_init(bp);
3497 net->ipv4.peers = bp;
3501 static void __net_exit ipv4_inetpeer_exit(struct net *net)
3503 struct inet_peer_base *bp = net->ipv4.peers;
3505 net->ipv4.peers = NULL;
3506 inetpeer_invalidate_tree(bp);
3510 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
3511 .init = ipv4_inetpeer_init,
3512 .exit = ipv4_inetpeer_exit,
3515 #ifdef CONFIG_IP_ROUTE_CLASSID
3516 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3517 #endif /* CONFIG_IP_ROUTE_CLASSID */
3519 int __init ip_rt_init(void)
3523 ip_idents = kmalloc_array(IP_IDENTS_SZ, sizeof(*ip_idents),
3526 panic("IP: failed to allocate ip_idents\n");
3528 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
3530 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
3532 panic("IP: failed to allocate ip_tstamps\n");
3534 for_each_possible_cpu(cpu) {
3535 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
3537 INIT_LIST_HEAD(&ul->head);
3538 spin_lock_init(&ul->lock);
3540 #ifdef CONFIG_IP_ROUTE_CLASSID
3541 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3543 panic("IP: failed to allocate ip_rt_acct\n");
3546 ipv4_dst_ops.kmem_cachep =
3547 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3548 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3550 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3552 if (dst_entries_init(&ipv4_dst_ops) < 0)
3553 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3555 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3556 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3558 ipv4_dst_ops.gc_thresh = ~0;
3559 ip_rt_max_size = INT_MAX;
3564 if (ip_rt_proc_init())
3565 pr_err("Unable to create route proc files\n");
3570 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL,
3571 RTNL_FLAG_DOIT_UNLOCKED);
3573 #ifdef CONFIG_SYSCTL
3574 register_pernet_subsys(&sysctl_route_ops);
3576 register_pernet_subsys(&rt_genid_ops);
3577 register_pernet_subsys(&ipv4_inetpeer_ops);
3581 #ifdef CONFIG_SYSCTL
3583 * We really need to sanitize the damn ipv4 init order, then all
3584 * this nonsense will go away.
3586 void __init ip_static_sysctl_init(void)
3588 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / linux-2.6-microblaze.git / blob