2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/dst_metadata.h>
95 #include <net/net_namespace.h>
96 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/inetpeer.h>
100 #include <net/sock.h>
101 #include <net/ip_fib.h>
104 #include <net/icmp.h>
105 #include <net/xfrm.h>
106 #include <net/lwtunnel.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
110 #include <linux/sysctl.h>
111 #include <linux/kmemleak.h>
113 #include <net/secure_seq.h>
114 #include <net/ip_tunnels.h>
115 #include <net/l3mdev.h>
117 #define RT_FL_TOS(oldflp4) \
118 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
120 #define RT_GC_TIMEOUT (300*HZ)
122 static int ip_rt_max_size;
123 static int ip_rt_redirect_number __read_mostly = 9;
124 static int ip_rt_redirect_load __read_mostly = HZ / 50;
125 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
126 static int ip_rt_error_cost __read_mostly = HZ;
127 static int ip_rt_error_burst __read_mostly = 5 * HZ;
128 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
129 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
130 static int ip_rt_min_advmss __read_mostly = 256;
132 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
134 * Interface to generic destination cache.
137 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
138 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
139 static unsigned int ipv4_mtu(const struct dst_entry *dst);
140 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
141 static void ipv4_link_failure(struct sk_buff *skb);
142 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
143 struct sk_buff *skb, u32 mtu);
144 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb);
146 static void ipv4_dst_destroy(struct dst_entry *dst);
148 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
154 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
158 static struct dst_ops ipv4_dst_ops = {
160 .check = ipv4_dst_check,
161 .default_advmss = ipv4_default_advmss,
163 .cow_metrics = ipv4_cow_metrics,
164 .destroy = ipv4_dst_destroy,
165 .negative_advice = ipv4_negative_advice,
166 .link_failure = ipv4_link_failure,
167 .update_pmtu = ip_rt_update_pmtu,
168 .redirect = ip_do_redirect,
169 .local_out = __ip_local_out,
170 .neigh_lookup = ipv4_neigh_lookup,
173 #define ECN_OR_COST(class) TC_PRIO_##class
175 const __u8 ip_tos2prio[16] = {
177 ECN_OR_COST(BESTEFFORT),
179 ECN_OR_COST(BESTEFFORT),
185 ECN_OR_COST(INTERACTIVE),
187 ECN_OR_COST(INTERACTIVE),
188 TC_PRIO_INTERACTIVE_BULK,
189 ECN_OR_COST(INTERACTIVE_BULK),
190 TC_PRIO_INTERACTIVE_BULK,
191 ECN_OR_COST(INTERACTIVE_BULK)
193 EXPORT_SYMBOL(ip_tos2prio);
195 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
196 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
198 #ifdef CONFIG_PROC_FS
199 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
203 return SEQ_START_TOKEN;
206 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
212 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
216 static int rt_cache_seq_show(struct seq_file *seq, void *v)
218 if (v == SEQ_START_TOKEN)
219 seq_printf(seq, "%-127s\n",
220 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
221 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
226 static const struct seq_operations rt_cache_seq_ops = {
227 .start = rt_cache_seq_start,
228 .next = rt_cache_seq_next,
229 .stop = rt_cache_seq_stop,
230 .show = rt_cache_seq_show,
233 static int rt_cache_seq_open(struct inode *inode, struct file *file)
235 return seq_open(file, &rt_cache_seq_ops);
238 static const struct file_operations rt_cache_seq_fops = {
239 .owner = THIS_MODULE,
240 .open = rt_cache_seq_open,
243 .release = seq_release,
247 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
252 return SEQ_START_TOKEN;
254 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
255 if (!cpu_possible(cpu))
258 return &per_cpu(rt_cache_stat, cpu);
263 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
267 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
268 if (!cpu_possible(cpu))
271 return &per_cpu(rt_cache_stat, cpu);
277 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
282 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
284 struct rt_cache_stat *st = v;
286 if (v == SEQ_START_TOKEN) {
287 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
291 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
292 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
293 dst_entries_get_slow(&ipv4_dst_ops),
306 0, /* st->gc_total */
307 0, /* st->gc_ignored */
308 0, /* st->gc_goal_miss */
309 0, /* st->gc_dst_overflow */
310 0, /* st->in_hlist_search */
311 0 /* st->out_hlist_search */
316 static const struct seq_operations rt_cpu_seq_ops = {
317 .start = rt_cpu_seq_start,
318 .next = rt_cpu_seq_next,
319 .stop = rt_cpu_seq_stop,
320 .show = rt_cpu_seq_show,
324 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
326 return seq_open(file, &rt_cpu_seq_ops);
329 static const struct file_operations rt_cpu_seq_fops = {
330 .owner = THIS_MODULE,
331 .open = rt_cpu_seq_open,
334 .release = seq_release,
337 #ifdef CONFIG_IP_ROUTE_CLASSID
338 static int rt_acct_proc_show(struct seq_file *m, void *v)
340 struct ip_rt_acct *dst, *src;
343 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
347 for_each_possible_cpu(i) {
348 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
349 for (j = 0; j < 256; j++) {
350 dst[j].o_bytes += src[j].o_bytes;
351 dst[j].o_packets += src[j].o_packets;
352 dst[j].i_bytes += src[j].i_bytes;
353 dst[j].i_packets += src[j].i_packets;
357 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
362 static int rt_acct_proc_open(struct inode *inode, struct file *file)
364 return single_open(file, rt_acct_proc_show, NULL);
367 static const struct file_operations rt_acct_proc_fops = {
368 .owner = THIS_MODULE,
369 .open = rt_acct_proc_open,
372 .release = single_release,
376 static int __net_init ip_rt_do_proc_init(struct net *net)
378 struct proc_dir_entry *pde;
380 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
385 pde = proc_create("rt_cache", S_IRUGO,
386 net->proc_net_stat, &rt_cpu_seq_fops);
390 #ifdef CONFIG_IP_ROUTE_CLASSID
391 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
397 #ifdef CONFIG_IP_ROUTE_CLASSID
399 remove_proc_entry("rt_cache", net->proc_net_stat);
402 remove_proc_entry("rt_cache", net->proc_net);
407 static void __net_exit ip_rt_do_proc_exit(struct net *net)
409 remove_proc_entry("rt_cache", net->proc_net_stat);
410 remove_proc_entry("rt_cache", net->proc_net);
411 #ifdef CONFIG_IP_ROUTE_CLASSID
412 remove_proc_entry("rt_acct", net->proc_net);
416 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
417 .init = ip_rt_do_proc_init,
418 .exit = ip_rt_do_proc_exit,
421 static int __init ip_rt_proc_init(void)
423 return register_pernet_subsys(&ip_rt_proc_ops);
427 static inline int ip_rt_proc_init(void)
431 #endif /* CONFIG_PROC_FS */
433 static inline bool rt_is_expired(const struct rtable *rth)
435 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
438 void rt_cache_flush(struct net *net)
440 rt_genid_bump_ipv4(net);
443 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
447 struct net_device *dev = dst->dev;
448 const __be32 *pkey = daddr;
449 const struct rtable *rt;
452 rt = (const struct rtable *) dst;
454 pkey = (const __be32 *) &rt->rt_gateway;
456 pkey = &ip_hdr(skb)->daddr;
458 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
461 return neigh_create(&arp_tbl, pkey, dev);
464 #define IP_IDENTS_SZ 2048u
466 static atomic_t *ip_idents __read_mostly;
467 static u32 *ip_tstamps __read_mostly;
469 /* In order to protect privacy, we add a perturbation to identifiers
470 * if one generator is seldom used. This makes hard for an attacker
471 * to infer how many packets were sent between two points in time.
473 u32 ip_idents_reserve(u32 hash, int segs)
475 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
476 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
477 u32 old = ACCESS_ONCE(*p_tstamp);
478 u32 now = (u32)jiffies;
481 if (old != now && cmpxchg(p_tstamp, old, now) == old)
482 delta = prandom_u32_max(now - old);
484 /* Do not use atomic_add_return() as it makes UBSAN unhappy */
486 old = (u32)atomic_read(p_id);
487 new = old + delta + segs;
488 } while (atomic_cmpxchg(p_id, old, new) != old);
492 EXPORT_SYMBOL(ip_idents_reserve);
494 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
496 static u32 ip_idents_hashrnd __read_mostly;
499 net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
501 hash = jhash_3words((__force u32)iph->daddr,
502 (__force u32)iph->saddr,
503 iph->protocol ^ net_hash_mix(net),
505 id = ip_idents_reserve(hash, segs);
508 EXPORT_SYMBOL(__ip_select_ident);
510 static void __build_flow_key(const struct net *net, struct flowi4 *fl4,
511 const struct sock *sk,
512 const struct iphdr *iph,
514 u8 prot, u32 mark, int flow_flags)
517 const struct inet_sock *inet = inet_sk(sk);
519 oif = sk->sk_bound_dev_if;
521 tos = RT_CONN_FLAGS(sk);
522 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
524 flowi4_init_output(fl4, oif, mark, tos,
525 RT_SCOPE_UNIVERSE, prot,
527 iph->daddr, iph->saddr, 0, 0,
528 sock_net_uid(net, sk));
531 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
532 const struct sock *sk)
534 const struct iphdr *iph = ip_hdr(skb);
535 int oif = skb->dev->ifindex;
536 u8 tos = RT_TOS(iph->tos);
537 u8 prot = iph->protocol;
538 u32 mark = skb->mark;
540 __build_flow_key(sock_net(sk), fl4, sk, iph, oif, tos, prot, mark, 0);
543 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
545 const struct inet_sock *inet = inet_sk(sk);
546 const struct ip_options_rcu *inet_opt;
547 __be32 daddr = inet->inet_daddr;
550 inet_opt = rcu_dereference(inet->inet_opt);
551 if (inet_opt && inet_opt->opt.srr)
552 daddr = inet_opt->opt.faddr;
553 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
554 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
555 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
556 inet_sk_flowi_flags(sk),
557 daddr, inet->inet_saddr, 0, 0, sk->sk_uid);
561 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
562 const struct sk_buff *skb)
565 build_skb_flow_key(fl4, skb, sk);
567 build_sk_flow_key(fl4, sk);
570 static inline void rt_free(struct rtable *rt)
572 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
575 static DEFINE_SPINLOCK(fnhe_lock);
577 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
581 rt = rcu_dereference(fnhe->fnhe_rth_input);
583 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
586 rt = rcu_dereference(fnhe->fnhe_rth_output);
588 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
593 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
595 struct fib_nh_exception *fnhe, *oldest;
597 oldest = rcu_dereference(hash->chain);
598 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
599 fnhe = rcu_dereference(fnhe->fnhe_next)) {
600 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
603 fnhe_flush_routes(oldest);
607 static inline u32 fnhe_hashfun(__be32 daddr)
609 static u32 fnhe_hashrnd __read_mostly;
612 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
613 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
614 return hash_32(hval, FNHE_HASH_SHIFT);
617 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
619 rt->rt_pmtu = fnhe->fnhe_pmtu;
620 rt->dst.expires = fnhe->fnhe_expires;
623 rt->rt_flags |= RTCF_REDIRECTED;
624 rt->rt_gateway = fnhe->fnhe_gw;
625 rt->rt_uses_gateway = 1;
629 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
630 u32 pmtu, unsigned long expires)
632 struct fnhe_hash_bucket *hash;
633 struct fib_nh_exception *fnhe;
637 u32 hval = fnhe_hashfun(daddr);
639 spin_lock_bh(&fnhe_lock);
641 hash = rcu_dereference(nh->nh_exceptions);
643 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
646 rcu_assign_pointer(nh->nh_exceptions, hash);
652 for (fnhe = rcu_dereference(hash->chain); fnhe;
653 fnhe = rcu_dereference(fnhe->fnhe_next)) {
654 if (fnhe->fnhe_daddr == daddr)
663 fnhe->fnhe_pmtu = pmtu;
664 fnhe->fnhe_expires = max(1UL, expires);
666 /* Update all cached dsts too */
667 rt = rcu_dereference(fnhe->fnhe_rth_input);
669 fill_route_from_fnhe(rt, fnhe);
670 rt = rcu_dereference(fnhe->fnhe_rth_output);
672 fill_route_from_fnhe(rt, fnhe);
674 if (depth > FNHE_RECLAIM_DEPTH)
675 fnhe = fnhe_oldest(hash);
677 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
681 fnhe->fnhe_next = hash->chain;
682 rcu_assign_pointer(hash->chain, fnhe);
684 fnhe->fnhe_genid = fnhe_genid(dev_net(nh->nh_dev));
685 fnhe->fnhe_daddr = daddr;
687 fnhe->fnhe_pmtu = pmtu;
688 fnhe->fnhe_expires = expires;
690 /* Exception created; mark the cached routes for the nexthop
691 * stale, so anyone caching it rechecks if this exception
694 rt = rcu_dereference(nh->nh_rth_input);
696 rt->dst.obsolete = DST_OBSOLETE_KILL;
698 for_each_possible_cpu(i) {
699 struct rtable __rcu **prt;
700 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
701 rt = rcu_dereference(*prt);
703 rt->dst.obsolete = DST_OBSOLETE_KILL;
707 fnhe->fnhe_stamp = jiffies;
710 spin_unlock_bh(&fnhe_lock);
713 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
716 __be32 new_gw = icmp_hdr(skb)->un.gateway;
717 __be32 old_gw = ip_hdr(skb)->saddr;
718 struct net_device *dev = skb->dev;
719 struct in_device *in_dev;
720 struct fib_result res;
724 switch (icmp_hdr(skb)->code & 7) {
726 case ICMP_REDIR_NETTOS:
727 case ICMP_REDIR_HOST:
728 case ICMP_REDIR_HOSTTOS:
735 if (rt->rt_gateway != old_gw)
738 in_dev = __in_dev_get_rcu(dev);
743 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
744 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
745 ipv4_is_zeronet(new_gw))
746 goto reject_redirect;
748 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
749 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
750 goto reject_redirect;
751 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
752 goto reject_redirect;
754 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
755 goto reject_redirect;
758 n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
760 n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
762 if (!(n->nud_state & NUD_VALID)) {
763 neigh_event_send(n, NULL);
765 if (fib_lookup(net, fl4, &res, 0) == 0) {
766 struct fib_nh *nh = &FIB_RES_NH(res);
768 update_or_create_fnhe(nh, fl4->daddr, new_gw,
769 0, jiffies + ip_rt_gc_timeout);
772 rt->dst.obsolete = DST_OBSOLETE_KILL;
773 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
780 #ifdef CONFIG_IP_ROUTE_VERBOSE
781 if (IN_DEV_LOG_MARTIANS(in_dev)) {
782 const struct iphdr *iph = (const struct iphdr *) skb->data;
783 __be32 daddr = iph->daddr;
784 __be32 saddr = iph->saddr;
786 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
787 " Advised path = %pI4 -> %pI4\n",
788 &old_gw, dev->name, &new_gw,
795 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
799 const struct iphdr *iph = (const struct iphdr *) skb->data;
800 int oif = skb->dev->ifindex;
801 u8 tos = RT_TOS(iph->tos);
802 u8 prot = iph->protocol;
803 u32 mark = skb->mark;
805 rt = (struct rtable *) dst;
807 __build_flow_key(sock_net(sk), &fl4, sk, iph, oif, tos, prot, mark, 0);
808 __ip_do_redirect(rt, skb, &fl4, true);
811 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
813 struct rtable *rt = (struct rtable *)dst;
814 struct dst_entry *ret = dst;
817 if (dst->obsolete > 0) {
820 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
831 * 1. The first ip_rt_redirect_number redirects are sent
832 * with exponential backoff, then we stop sending them at all,
833 * assuming that the host ignores our redirects.
834 * 2. If we did not see packets requiring redirects
835 * during ip_rt_redirect_silence, we assume that the host
836 * forgot redirected route and start to send redirects again.
838 * This algorithm is much cheaper and more intelligent than dumb load limiting
841 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
842 * and "frag. need" (breaks PMTU discovery) in icmp.c.
845 void ip_rt_send_redirect(struct sk_buff *skb)
847 struct rtable *rt = skb_rtable(skb);
848 struct in_device *in_dev;
849 struct inet_peer *peer;
855 in_dev = __in_dev_get_rcu(rt->dst.dev);
856 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
860 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
861 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
864 net = dev_net(rt->dst.dev);
865 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
867 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
868 rt_nexthop(rt, ip_hdr(skb)->daddr));
872 /* No redirected packets during ip_rt_redirect_silence;
873 * reset the algorithm.
875 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
876 peer->rate_tokens = 0;
878 /* Too many ignored redirects; do not send anything
879 * set dst.rate_last to the last seen redirected packet.
881 if (peer->rate_tokens >= ip_rt_redirect_number) {
882 peer->rate_last = jiffies;
886 /* Check for load limit; set rate_last to the latest sent
889 if (peer->rate_tokens == 0 ||
892 (ip_rt_redirect_load << peer->rate_tokens)))) {
893 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
895 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
896 peer->rate_last = jiffies;
898 #ifdef CONFIG_IP_ROUTE_VERBOSE
900 peer->rate_tokens == ip_rt_redirect_number)
901 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
902 &ip_hdr(skb)->saddr, inet_iif(skb),
903 &ip_hdr(skb)->daddr, &gw);
910 static int ip_error(struct sk_buff *skb)
912 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
913 struct rtable *rt = skb_rtable(skb);
914 struct inet_peer *peer;
920 /* IP on this device is disabled. */
924 net = dev_net(rt->dst.dev);
925 if (!IN_DEV_FORWARD(in_dev)) {
926 switch (rt->dst.error) {
928 __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
932 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
938 switch (rt->dst.error) {
943 code = ICMP_HOST_UNREACH;
946 code = ICMP_NET_UNREACH;
947 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
950 code = ICMP_PKT_FILTERED;
954 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
955 l3mdev_master_ifindex(skb->dev), 1);
960 peer->rate_tokens += now - peer->rate_last;
961 if (peer->rate_tokens > ip_rt_error_burst)
962 peer->rate_tokens = ip_rt_error_burst;
963 peer->rate_last = now;
964 if (peer->rate_tokens >= ip_rt_error_cost)
965 peer->rate_tokens -= ip_rt_error_cost;
971 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
977 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
979 struct dst_entry *dst = &rt->dst;
980 struct fib_result res;
982 if (dst_metric_locked(dst, RTAX_MTU))
985 if (ipv4_mtu(dst) < mtu)
988 if (mtu < ip_rt_min_pmtu)
989 mtu = ip_rt_min_pmtu;
991 if (rt->rt_pmtu == mtu &&
992 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
996 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
997 struct fib_nh *nh = &FIB_RES_NH(res);
999 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
1000 jiffies + ip_rt_mtu_expires);
1005 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1006 struct sk_buff *skb, u32 mtu)
1008 struct rtable *rt = (struct rtable *) dst;
1011 ip_rt_build_flow_key(&fl4, sk, skb);
1012 __ip_rt_update_pmtu(rt, &fl4, mtu);
1015 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1016 int oif, u32 mark, u8 protocol, int flow_flags)
1018 const struct iphdr *iph = (const struct iphdr *) skb->data;
1023 mark = IP4_REPLY_MARK(net, skb->mark);
1025 __build_flow_key(net, &fl4, NULL, iph, oif,
1026 RT_TOS(iph->tos), protocol, mark, flow_flags);
1027 rt = __ip_route_output_key(net, &fl4);
1029 __ip_rt_update_pmtu(rt, &fl4, mtu);
1033 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1035 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1037 const struct iphdr *iph = (const struct iphdr *) skb->data;
1041 __build_flow_key(sock_net(sk), &fl4, sk, iph, 0, 0, 0, 0, 0);
1043 if (!fl4.flowi4_mark)
1044 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1046 rt = __ip_route_output_key(sock_net(sk), &fl4);
1048 __ip_rt_update_pmtu(rt, &fl4, mtu);
1053 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1055 const struct iphdr *iph = (const struct iphdr *) skb->data;
1058 struct dst_entry *odst = NULL;
1060 struct net *net = sock_net(sk);
1064 if (!ip_sk_accept_pmtu(sk))
1067 odst = sk_dst_get(sk);
1069 if (sock_owned_by_user(sk) || !odst) {
1070 __ipv4_sk_update_pmtu(skb, sk, mtu);
1074 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1076 rt = (struct rtable *)odst;
1077 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1078 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1085 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1087 if (!dst_check(&rt->dst, 0)) {
1089 dst_release(&rt->dst);
1091 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1099 sk_dst_set(sk, &rt->dst);
1105 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1107 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1108 int oif, u32 mark, u8 protocol, int flow_flags)
1110 const struct iphdr *iph = (const struct iphdr *) skb->data;
1114 __build_flow_key(net, &fl4, NULL, iph, oif,
1115 RT_TOS(iph->tos), protocol, mark, flow_flags);
1116 rt = __ip_route_output_key(net, &fl4);
1118 __ip_do_redirect(rt, skb, &fl4, false);
1122 EXPORT_SYMBOL_GPL(ipv4_redirect);
1124 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1126 const struct iphdr *iph = (const struct iphdr *) skb->data;
1129 struct net *net = sock_net(sk);
1131 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1132 rt = __ip_route_output_key(net, &fl4);
1134 __ip_do_redirect(rt, skb, &fl4, false);
1138 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1140 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1142 struct rtable *rt = (struct rtable *) dst;
1144 /* All IPV4 dsts are created with ->obsolete set to the value
1145 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1146 * into this function always.
1148 * When a PMTU/redirect information update invalidates a route,
1149 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1150 * DST_OBSOLETE_DEAD by dst_free().
1152 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1157 static void ipv4_link_failure(struct sk_buff *skb)
1161 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1163 rt = skb_rtable(skb);
1165 dst_set_expires(&rt->dst, 0);
1168 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1170 pr_debug("%s: %pI4 -> %pI4, %s\n",
1171 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1172 skb->dev ? skb->dev->name : "?");
1179 We do not cache source address of outgoing interface,
1180 because it is used only by IP RR, TS and SRR options,
1181 so that it out of fast path.
1183 BTW remember: "addr" is allowed to be not aligned
1187 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1191 if (rt_is_output_route(rt))
1192 src = ip_hdr(skb)->saddr;
1194 struct fib_result res;
1200 memset(&fl4, 0, sizeof(fl4));
1201 fl4.daddr = iph->daddr;
1202 fl4.saddr = iph->saddr;
1203 fl4.flowi4_tos = RT_TOS(iph->tos);
1204 fl4.flowi4_oif = rt->dst.dev->ifindex;
1205 fl4.flowi4_iif = skb->dev->ifindex;
1206 fl4.flowi4_mark = skb->mark;
1209 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1210 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1212 src = inet_select_addr(rt->dst.dev,
1213 rt_nexthop(rt, iph->daddr),
1217 memcpy(addr, &src, 4);
1220 #ifdef CONFIG_IP_ROUTE_CLASSID
1221 static void set_class_tag(struct rtable *rt, u32 tag)
1223 if (!(rt->dst.tclassid & 0xFFFF))
1224 rt->dst.tclassid |= tag & 0xFFFF;
1225 if (!(rt->dst.tclassid & 0xFFFF0000))
1226 rt->dst.tclassid |= tag & 0xFFFF0000;
1230 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1232 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1235 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1237 if (advmss > 65535 - 40)
1238 advmss = 65535 - 40;
1243 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1245 const struct rtable *rt = (const struct rtable *) dst;
1246 unsigned int mtu = rt->rt_pmtu;
1248 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1249 mtu = dst_metric_raw(dst, RTAX_MTU);
1254 mtu = dst->dev->mtu;
1256 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1257 if (rt->rt_uses_gateway && mtu > 576)
1261 mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
1263 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1266 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1268 struct fnhe_hash_bucket *hash = rcu_dereference(nh->nh_exceptions);
1269 struct fib_nh_exception *fnhe;
1275 hval = fnhe_hashfun(daddr);
1277 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1278 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1279 if (fnhe->fnhe_daddr == daddr)
1285 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1290 spin_lock_bh(&fnhe_lock);
1292 if (daddr == fnhe->fnhe_daddr) {
1293 struct rtable __rcu **porig;
1294 struct rtable *orig;
1295 int genid = fnhe_genid(dev_net(rt->dst.dev));
1297 if (rt_is_input_route(rt))
1298 porig = &fnhe->fnhe_rth_input;
1300 porig = &fnhe->fnhe_rth_output;
1301 orig = rcu_dereference(*porig);
1303 if (fnhe->fnhe_genid != genid) {
1304 fnhe->fnhe_genid = genid;
1306 fnhe->fnhe_pmtu = 0;
1307 fnhe->fnhe_expires = 0;
1308 fnhe_flush_routes(fnhe);
1311 fill_route_from_fnhe(rt, fnhe);
1312 if (!rt->rt_gateway)
1313 rt->rt_gateway = daddr;
1315 if (!(rt->dst.flags & DST_NOCACHE)) {
1316 rcu_assign_pointer(*porig, rt);
1322 fnhe->fnhe_stamp = jiffies;
1324 spin_unlock_bh(&fnhe_lock);
1329 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1331 struct rtable *orig, *prev, **p;
1334 if (rt_is_input_route(rt)) {
1335 p = (struct rtable **)&nh->nh_rth_input;
1337 p = (struct rtable **)raw_cpu_ptr(nh->nh_pcpu_rth_output);
1341 prev = cmpxchg(p, orig, rt);
1351 struct uncached_list {
1353 struct list_head head;
1356 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1358 static void rt_add_uncached_list(struct rtable *rt)
1360 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1362 rt->rt_uncached_list = ul;
1364 spin_lock_bh(&ul->lock);
1365 list_add_tail(&rt->rt_uncached, &ul->head);
1366 spin_unlock_bh(&ul->lock);
1369 static void ipv4_dst_destroy(struct dst_entry *dst)
1371 struct rtable *rt = (struct rtable *) dst;
1373 if (!list_empty(&rt->rt_uncached)) {
1374 struct uncached_list *ul = rt->rt_uncached_list;
1376 spin_lock_bh(&ul->lock);
1377 list_del(&rt->rt_uncached);
1378 spin_unlock_bh(&ul->lock);
1382 void rt_flush_dev(struct net_device *dev)
1384 struct net *net = dev_net(dev);
1388 for_each_possible_cpu(cpu) {
1389 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1391 spin_lock_bh(&ul->lock);
1392 list_for_each_entry(rt, &ul->head, rt_uncached) {
1393 if (rt->dst.dev != dev)
1395 rt->dst.dev = net->loopback_dev;
1396 dev_hold(rt->dst.dev);
1399 spin_unlock_bh(&ul->lock);
1403 static bool rt_cache_valid(const struct rtable *rt)
1406 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1410 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1411 const struct fib_result *res,
1412 struct fib_nh_exception *fnhe,
1413 struct fib_info *fi, u16 type, u32 itag)
1415 bool cached = false;
1418 struct fib_nh *nh = &FIB_RES_NH(*res);
1420 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1421 rt->rt_gateway = nh->nh_gw;
1422 rt->rt_uses_gateway = 1;
1424 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1425 #ifdef CONFIG_IP_ROUTE_CLASSID
1426 rt->dst.tclassid = nh->nh_tclassid;
1428 rt->dst.lwtstate = lwtstate_get(nh->nh_lwtstate);
1430 cached = rt_bind_exception(rt, fnhe, daddr);
1431 else if (!(rt->dst.flags & DST_NOCACHE))
1432 cached = rt_cache_route(nh, rt);
1433 if (unlikely(!cached)) {
1434 /* Routes we intend to cache in nexthop exception or
1435 * FIB nexthop have the DST_NOCACHE bit clear.
1436 * However, if we are unsuccessful at storing this
1437 * route into the cache we really need to set it.
1439 rt->dst.flags |= DST_NOCACHE;
1440 if (!rt->rt_gateway)
1441 rt->rt_gateway = daddr;
1442 rt_add_uncached_list(rt);
1445 rt_add_uncached_list(rt);
1447 #ifdef CONFIG_IP_ROUTE_CLASSID
1448 #ifdef CONFIG_IP_MULTIPLE_TABLES
1449 set_class_tag(rt, res->tclassid);
1451 set_class_tag(rt, itag);
1455 struct rtable *rt_dst_alloc(struct net_device *dev,
1456 unsigned int flags, u16 type,
1457 bool nopolicy, bool noxfrm, bool will_cache)
1461 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1462 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1463 (nopolicy ? DST_NOPOLICY : 0) |
1464 (noxfrm ? DST_NOXFRM : 0));
1467 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1468 rt->rt_flags = flags;
1470 rt->rt_is_input = 0;
1474 rt->rt_uses_gateway = 0;
1475 rt->rt_table_id = 0;
1476 INIT_LIST_HEAD(&rt->rt_uncached);
1478 rt->dst.output = ip_output;
1479 if (flags & RTCF_LOCAL)
1480 rt->dst.input = ip_local_deliver;
1485 EXPORT_SYMBOL(rt_dst_alloc);
1487 /* called in rcu_read_lock() section */
1488 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1489 u8 tos, struct net_device *dev, int our)
1492 struct in_device *in_dev = __in_dev_get_rcu(dev);
1493 unsigned int flags = RTCF_MULTICAST;
1497 /* Primary sanity checks. */
1502 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1503 skb->protocol != htons(ETH_P_IP))
1506 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1509 if (ipv4_is_zeronet(saddr)) {
1510 if (!ipv4_is_local_multicast(daddr))
1513 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1519 flags |= RTCF_LOCAL;
1521 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1522 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1526 #ifdef CONFIG_IP_ROUTE_CLASSID
1527 rth->dst.tclassid = itag;
1529 rth->dst.output = ip_rt_bug;
1530 rth->rt_is_input= 1;
1532 #ifdef CONFIG_IP_MROUTE
1533 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1534 rth->dst.input = ip_mr_input;
1536 RT_CACHE_STAT_INC(in_slow_mc);
1538 skb_dst_set(skb, &rth->dst);
1550 static void ip_handle_martian_source(struct net_device *dev,
1551 struct in_device *in_dev,
1552 struct sk_buff *skb,
1556 RT_CACHE_STAT_INC(in_martian_src);
1557 #ifdef CONFIG_IP_ROUTE_VERBOSE
1558 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1560 * RFC1812 recommendation, if source is martian,
1561 * the only hint is MAC header.
1563 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1564 &daddr, &saddr, dev->name);
1565 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1566 print_hex_dump(KERN_WARNING, "ll header: ",
1567 DUMP_PREFIX_OFFSET, 16, 1,
1568 skb_mac_header(skb),
1569 dev->hard_header_len, true);
1575 static void ip_del_fnhe(struct fib_nh *nh, __be32 daddr)
1577 struct fnhe_hash_bucket *hash;
1578 struct fib_nh_exception *fnhe, __rcu **fnhe_p;
1579 u32 hval = fnhe_hashfun(daddr);
1581 spin_lock_bh(&fnhe_lock);
1583 hash = rcu_dereference_protected(nh->nh_exceptions,
1584 lockdep_is_held(&fnhe_lock));
1587 fnhe_p = &hash->chain;
1588 fnhe = rcu_dereference_protected(*fnhe_p, lockdep_is_held(&fnhe_lock));
1590 if (fnhe->fnhe_daddr == daddr) {
1591 rcu_assign_pointer(*fnhe_p, rcu_dereference_protected(
1592 fnhe->fnhe_next, lockdep_is_held(&fnhe_lock)));
1593 fnhe_flush_routes(fnhe);
1594 kfree_rcu(fnhe, rcu);
1597 fnhe_p = &fnhe->fnhe_next;
1598 fnhe = rcu_dereference_protected(fnhe->fnhe_next,
1599 lockdep_is_held(&fnhe_lock));
1602 spin_unlock_bh(&fnhe_lock);
1605 /* called in rcu_read_lock() section */
1606 static int __mkroute_input(struct sk_buff *skb,
1607 const struct fib_result *res,
1608 struct in_device *in_dev,
1609 __be32 daddr, __be32 saddr, u32 tos)
1611 struct fib_nh_exception *fnhe;
1614 struct in_device *out_dev;
1618 /* get a working reference to the output device */
1619 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1621 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1625 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1626 in_dev->dev, in_dev, &itag);
1628 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1634 do_cache = res->fi && !itag;
1635 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1636 skb->protocol == htons(ETH_P_IP) &&
1637 (IN_DEV_SHARED_MEDIA(out_dev) ||
1638 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1639 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1641 if (skb->protocol != htons(ETH_P_IP)) {
1642 /* Not IP (i.e. ARP). Do not create route, if it is
1643 * invalid for proxy arp. DNAT routes are always valid.
1645 * Proxy arp feature have been extended to allow, ARP
1646 * replies back to the same interface, to support
1647 * Private VLAN switch technologies. See arp.c.
1649 if (out_dev == in_dev &&
1650 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1656 fnhe = find_exception(&FIB_RES_NH(*res), daddr);
1659 rth = rcu_dereference(fnhe->fnhe_rth_input);
1660 if (rth && rth->dst.expires &&
1661 time_after(jiffies, rth->dst.expires)) {
1662 ip_del_fnhe(&FIB_RES_NH(*res), daddr);
1669 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1672 if (rt_cache_valid(rth)) {
1673 skb_dst_set_noref(skb, &rth->dst);
1678 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1679 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1680 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1686 rth->rt_is_input = 1;
1688 rth->rt_table_id = res->table->tb_id;
1689 RT_CACHE_STAT_INC(in_slow_tot);
1691 rth->dst.input = ip_forward;
1693 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag);
1694 if (lwtunnel_output_redirect(rth->dst.lwtstate)) {
1695 rth->dst.lwtstate->orig_output = rth->dst.output;
1696 rth->dst.output = lwtunnel_output;
1698 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
1699 rth->dst.lwtstate->orig_input = rth->dst.input;
1700 rth->dst.input = lwtunnel_input;
1702 skb_dst_set(skb, &rth->dst);
1709 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1711 /* To make ICMP packets follow the right flow, the multipath hash is
1712 * calculated from the inner IP addresses in reverse order.
1714 static int ip_multipath_icmp_hash(struct sk_buff *skb)
1716 const struct iphdr *outer_iph = ip_hdr(skb);
1717 struct icmphdr _icmph;
1718 const struct icmphdr *icmph;
1719 struct iphdr _inner_iph;
1720 const struct iphdr *inner_iph;
1722 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1725 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1730 if (icmph->type != ICMP_DEST_UNREACH &&
1731 icmph->type != ICMP_REDIRECT &&
1732 icmph->type != ICMP_TIME_EXCEEDED &&
1733 icmph->type != ICMP_PARAMETERPROB) {
1737 inner_iph = skb_header_pointer(skb,
1738 outer_iph->ihl * 4 + sizeof(_icmph),
1739 sizeof(_inner_iph), &_inner_iph);
1743 return fib_multipath_hash(inner_iph->daddr, inner_iph->saddr);
1746 return fib_multipath_hash(outer_iph->saddr, outer_iph->daddr);
1749 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
1751 static int ip_mkroute_input(struct sk_buff *skb,
1752 struct fib_result *res,
1753 const struct flowi4 *fl4,
1754 struct in_device *in_dev,
1755 __be32 daddr, __be32 saddr, u32 tos)
1757 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1758 if (res->fi && res->fi->fib_nhs > 1) {
1761 if (unlikely(ip_hdr(skb)->protocol == IPPROTO_ICMP))
1762 h = ip_multipath_icmp_hash(skb);
1764 h = fib_multipath_hash(saddr, daddr);
1765 fib_select_multipath(res, h);
1769 /* create a routing cache entry */
1770 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1774 * NOTE. We drop all the packets that has local source
1775 * addresses, because every properly looped back packet
1776 * must have correct destination already attached by output routine.
1778 * Such approach solves two big problems:
1779 * 1. Not simplex devices are handled properly.
1780 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1781 * called with rcu_read_lock()
1784 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1785 u8 tos, struct net_device *dev)
1787 struct fib_result res;
1788 struct in_device *in_dev = __in_dev_get_rcu(dev);
1789 struct ip_tunnel_info *tun_info;
1791 unsigned int flags = 0;
1795 struct net *net = dev_net(dev);
1798 /* IP on this device is disabled. */
1803 /* Check for the most weird martians, which can be not detected
1807 tun_info = skb_tunnel_info(skb);
1808 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1809 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
1811 fl4.flowi4_tun_key.tun_id = 0;
1814 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1815 goto martian_source;
1819 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1822 /* Accept zero addresses only to limited broadcast;
1823 * I even do not know to fix it or not. Waiting for complains :-)
1825 if (ipv4_is_zeronet(saddr))
1826 goto martian_source;
1828 if (ipv4_is_zeronet(daddr))
1829 goto martian_destination;
1831 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1832 * and call it once if daddr or/and saddr are loopback addresses
1834 if (ipv4_is_loopback(daddr)) {
1835 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1836 goto martian_destination;
1837 } else if (ipv4_is_loopback(saddr)) {
1838 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1839 goto martian_source;
1843 * Now we are ready to route packet.
1846 fl4.flowi4_iif = dev->ifindex;
1847 fl4.flowi4_mark = skb->mark;
1848 fl4.flowi4_tos = tos;
1849 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1850 fl4.flowi4_flags = 0;
1853 err = fib_lookup(net, &fl4, &res, 0);
1855 if (!IN_DEV_FORWARD(in_dev))
1856 err = -EHOSTUNREACH;
1860 if (res.type == RTN_BROADCAST)
1863 if (res.type == RTN_LOCAL) {
1864 err = fib_validate_source(skb, saddr, daddr, tos,
1865 0, dev, in_dev, &itag);
1867 goto martian_source;
1871 if (!IN_DEV_FORWARD(in_dev)) {
1872 err = -EHOSTUNREACH;
1875 if (res.type != RTN_UNICAST)
1876 goto martian_destination;
1878 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1882 if (skb->protocol != htons(ETH_P_IP))
1885 if (!ipv4_is_zeronet(saddr)) {
1886 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1889 goto martian_source;
1891 flags |= RTCF_BROADCAST;
1892 res.type = RTN_BROADCAST;
1893 RT_CACHE_STAT_INC(in_brd);
1899 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1900 if (rt_cache_valid(rth)) {
1901 skb_dst_set_noref(skb, &rth->dst);
1909 rth = rt_dst_alloc(net->loopback_dev, flags | RTCF_LOCAL, res.type,
1910 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1914 rth->dst.output= ip_rt_bug;
1915 #ifdef CONFIG_IP_ROUTE_CLASSID
1916 rth->dst.tclassid = itag;
1918 rth->rt_is_input = 1;
1920 rth->rt_table_id = res.table->tb_id;
1922 RT_CACHE_STAT_INC(in_slow_tot);
1923 if (res.type == RTN_UNREACHABLE) {
1924 rth->dst.input= ip_error;
1925 rth->dst.error= -err;
1926 rth->rt_flags &= ~RTCF_LOCAL;
1929 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1930 rth->dst.flags |= DST_NOCACHE;
1931 rt_add_uncached_list(rth);
1934 skb_dst_set(skb, &rth->dst);
1939 RT_CACHE_STAT_INC(in_no_route);
1940 res.type = RTN_UNREACHABLE;
1946 * Do not cache martian addresses: they should be logged (RFC1812)
1948 martian_destination:
1949 RT_CACHE_STAT_INC(in_martian_dst);
1950 #ifdef CONFIG_IP_ROUTE_VERBOSE
1951 if (IN_DEV_LOG_MARTIANS(in_dev))
1952 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1953 &daddr, &saddr, dev->name);
1965 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1969 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1970 u8 tos, struct net_device *dev)
1976 /* Multicast recognition logic is moved from route cache to here.
1977 The problem was that too many Ethernet cards have broken/missing
1978 hardware multicast filters :-( As result the host on multicasting
1979 network acquires a lot of useless route cache entries, sort of
1980 SDR messages from all the world. Now we try to get rid of them.
1981 Really, provided software IP multicast filter is organized
1982 reasonably (at least, hashed), it does not result in a slowdown
1983 comparing with route cache reject entries.
1984 Note, that multicast routers are not affected, because
1985 route cache entry is created eventually.
1987 if (ipv4_is_multicast(daddr)) {
1988 struct in_device *in_dev = __in_dev_get_rcu(dev);
1992 our = ip_check_mc_rcu(in_dev, daddr, saddr,
1993 ip_hdr(skb)->protocol);
1995 /* check l3 master if no match yet */
1996 if ((!in_dev || !our) && netif_is_l3_slave(dev)) {
1997 struct in_device *l3_in_dev;
1999 l3_in_dev = __in_dev_get_rcu(skb->dev);
2001 our = ip_check_mc_rcu(l3_in_dev, daddr, saddr,
2002 ip_hdr(skb)->protocol);
2007 #ifdef CONFIG_IP_MROUTE
2009 (!ipv4_is_local_multicast(daddr) &&
2010 IN_DEV_MFORWARD(in_dev))
2013 res = ip_route_input_mc(skb, daddr, saddr,
2019 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
2023 EXPORT_SYMBOL(ip_route_input_noref);
2025 /* called with rcu_read_lock() */
2026 static struct rtable *__mkroute_output(const struct fib_result *res,
2027 const struct flowi4 *fl4, int orig_oif,
2028 struct net_device *dev_out,
2031 struct fib_info *fi = res->fi;
2032 struct fib_nh_exception *fnhe;
2033 struct in_device *in_dev;
2034 u16 type = res->type;
2038 in_dev = __in_dev_get_rcu(dev_out);
2040 return ERR_PTR(-EINVAL);
2042 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
2043 if (ipv4_is_loopback(fl4->saddr) &&
2044 !(dev_out->flags & IFF_LOOPBACK) &&
2045 !netif_is_l3_master(dev_out))
2046 return ERR_PTR(-EINVAL);
2048 if (ipv4_is_lbcast(fl4->daddr))
2049 type = RTN_BROADCAST;
2050 else if (ipv4_is_multicast(fl4->daddr))
2051 type = RTN_MULTICAST;
2052 else if (ipv4_is_zeronet(fl4->daddr))
2053 return ERR_PTR(-EINVAL);
2055 if (dev_out->flags & IFF_LOOPBACK)
2056 flags |= RTCF_LOCAL;
2059 if (type == RTN_BROADCAST) {
2060 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2062 } else if (type == RTN_MULTICAST) {
2063 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2064 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2066 flags &= ~RTCF_LOCAL;
2069 /* If multicast route do not exist use
2070 * default one, but do not gateway in this case.
2073 if (fi && res->prefixlen < 4)
2075 } else if ((type == RTN_LOCAL) && (orig_oif != 0) &&
2076 (orig_oif != dev_out->ifindex)) {
2077 /* For local routes that require a particular output interface
2078 * we do not want to cache the result. Caching the result
2079 * causes incorrect behaviour when there are multiple source
2080 * addresses on the interface, the end result being that if the
2081 * intended recipient is waiting on that interface for the
2082 * packet he won't receive it because it will be delivered on
2083 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2084 * be set to the loopback interface as well.
2090 do_cache &= fi != NULL;
2092 struct rtable __rcu **prth;
2093 struct fib_nh *nh = &FIB_RES_NH(*res);
2095 fnhe = find_exception(nh, fl4->daddr);
2097 prth = &fnhe->fnhe_rth_output;
2098 rth = rcu_dereference(*prth);
2099 if (rth && rth->dst.expires &&
2100 time_after(jiffies, rth->dst.expires)) {
2101 ip_del_fnhe(nh, fl4->daddr);
2108 if (unlikely(fl4->flowi4_flags &
2109 FLOWI_FLAG_KNOWN_NH &&
2111 nh->nh_scope == RT_SCOPE_LINK))) {
2115 prth = raw_cpu_ptr(nh->nh_pcpu_rth_output);
2116 rth = rcu_dereference(*prth);
2119 if (rt_cache_valid(rth)) {
2120 dst_hold(&rth->dst);
2126 rth = rt_dst_alloc(dev_out, flags, type,
2127 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2128 IN_DEV_CONF_GET(in_dev, NOXFRM),
2131 return ERR_PTR(-ENOBUFS);
2133 rth->rt_iif = orig_oif ? : 0;
2135 rth->rt_table_id = res->table->tb_id;
2137 RT_CACHE_STAT_INC(out_slow_tot);
2139 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2140 if (flags & RTCF_LOCAL &&
2141 !(dev_out->flags & IFF_LOOPBACK)) {
2142 rth->dst.output = ip_mc_output;
2143 RT_CACHE_STAT_INC(out_slow_mc);
2145 #ifdef CONFIG_IP_MROUTE
2146 if (type == RTN_MULTICAST) {
2147 if (IN_DEV_MFORWARD(in_dev) &&
2148 !ipv4_is_local_multicast(fl4->daddr)) {
2149 rth->dst.input = ip_mr_input;
2150 rth->dst.output = ip_mc_output;
2156 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
2157 if (lwtunnel_output_redirect(rth->dst.lwtstate))
2158 rth->dst.output = lwtunnel_output;
2164 * Major route resolver routine.
2167 struct rtable *__ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2170 struct net_device *dev_out = NULL;
2171 __u8 tos = RT_FL_TOS(fl4);
2172 unsigned int flags = 0;
2173 struct fib_result res;
2176 int err = -ENETUNREACH;
2182 orig_oif = fl4->flowi4_oif;
2184 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2185 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2186 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2187 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2191 rth = ERR_PTR(-EINVAL);
2192 if (ipv4_is_multicast(fl4->saddr) ||
2193 ipv4_is_lbcast(fl4->saddr) ||
2194 ipv4_is_zeronet(fl4->saddr))
2197 /* I removed check for oif == dev_out->oif here.
2198 It was wrong for two reasons:
2199 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2200 is assigned to multiple interfaces.
2201 2. Moreover, we are allowed to send packets with saddr
2202 of another iface. --ANK
2205 if (fl4->flowi4_oif == 0 &&
2206 (ipv4_is_multicast(fl4->daddr) ||
2207 ipv4_is_lbcast(fl4->daddr))) {
2208 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2209 dev_out = __ip_dev_find(net, fl4->saddr, false);
2213 /* Special hack: user can direct multicasts
2214 and limited broadcast via necessary interface
2215 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2216 This hack is not just for fun, it allows
2217 vic,vat and friends to work.
2218 They bind socket to loopback, set ttl to zero
2219 and expect that it will work.
2220 From the viewpoint of routing cache they are broken,
2221 because we are not allowed to build multicast path
2222 with loopback source addr (look, routing cache
2223 cannot know, that ttl is zero, so that packet
2224 will not leave this host and route is valid).
2225 Luckily, this hack is good workaround.
2228 fl4->flowi4_oif = dev_out->ifindex;
2232 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2233 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2234 if (!__ip_dev_find(net, fl4->saddr, false))
2240 if (fl4->flowi4_oif) {
2241 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2242 rth = ERR_PTR(-ENODEV);
2246 /* RACE: Check return value of inet_select_addr instead. */
2247 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2248 rth = ERR_PTR(-ENETUNREACH);
2251 if (ipv4_is_local_multicast(fl4->daddr) ||
2252 ipv4_is_lbcast(fl4->daddr) ||
2253 fl4->flowi4_proto == IPPROTO_IGMP) {
2255 fl4->saddr = inet_select_addr(dev_out, 0,
2260 if (ipv4_is_multicast(fl4->daddr))
2261 fl4->saddr = inet_select_addr(dev_out, 0,
2263 else if (!fl4->daddr)
2264 fl4->saddr = inet_select_addr(dev_out, 0,
2270 fl4->daddr = fl4->saddr;
2272 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2273 dev_out = net->loopback_dev;
2274 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2275 res.type = RTN_LOCAL;
2276 flags |= RTCF_LOCAL;
2280 err = fib_lookup(net, fl4, &res, 0);
2284 if (fl4->flowi4_oif &&
2285 (ipv4_is_multicast(fl4->daddr) ||
2286 !netif_index_is_l3_master(net, fl4->flowi4_oif))) {
2287 /* Apparently, routing tables are wrong. Assume,
2288 that the destination is on link.
2291 Because we are allowed to send to iface
2292 even if it has NO routes and NO assigned
2293 addresses. When oif is specified, routing
2294 tables are looked up with only one purpose:
2295 to catch if destination is gatewayed, rather than
2296 direct. Moreover, if MSG_DONTROUTE is set,
2297 we send packet, ignoring both routing tables
2298 and ifaddr state. --ANK
2301 We could make it even if oif is unknown,
2302 likely IPv6, but we do not.
2305 if (fl4->saddr == 0)
2306 fl4->saddr = inet_select_addr(dev_out, 0,
2308 res.type = RTN_UNICAST;
2315 if (res.type == RTN_LOCAL) {
2317 if (res.fi->fib_prefsrc)
2318 fl4->saddr = res.fi->fib_prefsrc;
2320 fl4->saddr = fl4->daddr;
2323 /* L3 master device is the loopback for that domain */
2324 dev_out = l3mdev_master_dev_rcu(dev_out) ? : net->loopback_dev;
2325 fl4->flowi4_oif = dev_out->ifindex;
2326 flags |= RTCF_LOCAL;
2330 fib_select_path(net, &res, fl4, mp_hash);
2332 dev_out = FIB_RES_DEV(res);
2333 fl4->flowi4_oif = dev_out->ifindex;
2337 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2343 EXPORT_SYMBOL_GPL(__ip_route_output_key_hash);
2345 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2350 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2352 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2354 return mtu ? : dst->dev->mtu;
2357 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2358 struct sk_buff *skb, u32 mtu)
2362 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2363 struct sk_buff *skb)
2367 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2373 static struct dst_ops ipv4_dst_blackhole_ops = {
2375 .check = ipv4_blackhole_dst_check,
2376 .mtu = ipv4_blackhole_mtu,
2377 .default_advmss = ipv4_default_advmss,
2378 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2379 .redirect = ipv4_rt_blackhole_redirect,
2380 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2381 .neigh_lookup = ipv4_neigh_lookup,
2384 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2386 struct rtable *ort = (struct rtable *) dst_orig;
2389 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2391 struct dst_entry *new = &rt->dst;
2394 new->input = dst_discard;
2395 new->output = dst_discard_out;
2397 new->dev = ort->dst.dev;
2401 rt->rt_is_input = ort->rt_is_input;
2402 rt->rt_iif = ort->rt_iif;
2403 rt->rt_pmtu = ort->rt_pmtu;
2405 rt->rt_genid = rt_genid_ipv4(net);
2406 rt->rt_flags = ort->rt_flags;
2407 rt->rt_type = ort->rt_type;
2408 rt->rt_gateway = ort->rt_gateway;
2409 rt->rt_uses_gateway = ort->rt_uses_gateway;
2411 INIT_LIST_HEAD(&rt->rt_uncached);
2415 dst_release(dst_orig);
2417 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2420 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2421 const struct sock *sk)
2423 struct rtable *rt = __ip_route_output_key(net, flp4);
2428 if (flp4->flowi4_proto)
2429 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2430 flowi4_to_flowi(flp4),
2435 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2437 static int rt_fill_info(struct net *net, __be32 dst, __be32 src, u32 table_id,
2438 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2439 u32 seq, int event, int nowait, unsigned int flags)
2441 struct rtable *rt = skb_rtable(skb);
2443 struct nlmsghdr *nlh;
2444 unsigned long expires = 0;
2446 u32 metrics[RTAX_MAX];
2448 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2452 r = nlmsg_data(nlh);
2453 r->rtm_family = AF_INET;
2454 r->rtm_dst_len = 32;
2456 r->rtm_tos = fl4->flowi4_tos;
2457 r->rtm_table = table_id;
2458 if (nla_put_u32(skb, RTA_TABLE, table_id))
2459 goto nla_put_failure;
2460 r->rtm_type = rt->rt_type;
2461 r->rtm_scope = RT_SCOPE_UNIVERSE;
2462 r->rtm_protocol = RTPROT_UNSPEC;
2463 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2464 if (rt->rt_flags & RTCF_NOTIFY)
2465 r->rtm_flags |= RTM_F_NOTIFY;
2466 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2467 r->rtm_flags |= RTCF_DOREDIRECT;
2469 if (nla_put_in_addr(skb, RTA_DST, dst))
2470 goto nla_put_failure;
2472 r->rtm_src_len = 32;
2473 if (nla_put_in_addr(skb, RTA_SRC, src))
2474 goto nla_put_failure;
2477 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2478 goto nla_put_failure;
2479 #ifdef CONFIG_IP_ROUTE_CLASSID
2480 if (rt->dst.tclassid &&
2481 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2482 goto nla_put_failure;
2484 if (!rt_is_input_route(rt) &&
2485 fl4->saddr != src) {
2486 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2487 goto nla_put_failure;
2489 if (rt->rt_uses_gateway &&
2490 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gateway))
2491 goto nla_put_failure;
2493 expires = rt->dst.expires;
2495 unsigned long now = jiffies;
2497 if (time_before(now, expires))
2503 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2504 if (rt->rt_pmtu && expires)
2505 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2506 if (rtnetlink_put_metrics(skb, metrics) < 0)
2507 goto nla_put_failure;
2509 if (fl4->flowi4_mark &&
2510 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2511 goto nla_put_failure;
2513 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2514 nla_put_u32(skb, RTA_UID,
2515 from_kuid_munged(current_user_ns(), fl4->flowi4_uid)))
2516 goto nla_put_failure;
2518 error = rt->dst.error;
2520 if (rt_is_input_route(rt)) {
2521 #ifdef CONFIG_IP_MROUTE
2522 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2523 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2524 int err = ipmr_get_route(net, skb,
2525 fl4->saddr, fl4->daddr,
2532 goto nla_put_failure;
2534 if (err == -EMSGSIZE)
2535 goto nla_put_failure;
2541 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2542 goto nla_put_failure;
2545 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2546 goto nla_put_failure;
2548 nlmsg_end(skb, nlh);
2552 nlmsg_cancel(skb, nlh);
2556 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2558 struct net *net = sock_net(in_skb->sk);
2560 struct nlattr *tb[RTA_MAX+1];
2561 struct rtable *rt = NULL;
2568 struct sk_buff *skb;
2569 u32 table_id = RT_TABLE_MAIN;
2572 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2576 rtm = nlmsg_data(nlh);
2578 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2584 /* Reserve room for dummy headers, this skb can pass
2585 through good chunk of routing engine.
2587 skb_reset_mac_header(skb);
2588 skb_reset_network_header(skb);
2590 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2591 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2592 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2594 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
2595 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
2596 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2597 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2599 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
2601 uid = (iif ? INVALID_UID : current_uid());
2603 memset(&fl4, 0, sizeof(fl4));
2606 fl4.flowi4_tos = rtm->rtm_tos;
2607 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2608 fl4.flowi4_mark = mark;
2609 fl4.flowi4_uid = uid;
2612 struct net_device *dev;
2614 dev = __dev_get_by_index(net, iif);
2620 skb->protocol = htons(ETH_P_IP);
2624 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2627 rt = skb_rtable(skb);
2628 if (err == 0 && rt->dst.error)
2629 err = -rt->dst.error;
2631 rt = ip_route_output_key(net, &fl4);
2641 skb_dst_set(skb, &rt->dst);
2642 if (rtm->rtm_flags & RTM_F_NOTIFY)
2643 rt->rt_flags |= RTCF_NOTIFY;
2645 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
2646 table_id = rt->rt_table_id;
2648 err = rt_fill_info(net, dst, src, table_id, &fl4, skb,
2649 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2650 RTM_NEWROUTE, 0, 0);
2654 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2663 void ip_rt_multicast_event(struct in_device *in_dev)
2665 rt_cache_flush(dev_net(in_dev->dev));
2668 #ifdef CONFIG_SYSCTL
2669 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2670 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2671 static int ip_rt_gc_elasticity __read_mostly = 8;
2673 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
2674 void __user *buffer,
2675 size_t *lenp, loff_t *ppos)
2677 struct net *net = (struct net *)__ctl->extra1;
2680 rt_cache_flush(net);
2681 fnhe_genid_bump(net);
2688 static struct ctl_table ipv4_route_table[] = {
2690 .procname = "gc_thresh",
2691 .data = &ipv4_dst_ops.gc_thresh,
2692 .maxlen = sizeof(int),
2694 .proc_handler = proc_dointvec,
2697 .procname = "max_size",
2698 .data = &ip_rt_max_size,
2699 .maxlen = sizeof(int),
2701 .proc_handler = proc_dointvec,
2704 /* Deprecated. Use gc_min_interval_ms */
2706 .procname = "gc_min_interval",
2707 .data = &ip_rt_gc_min_interval,
2708 .maxlen = sizeof(int),
2710 .proc_handler = proc_dointvec_jiffies,
2713 .procname = "gc_min_interval_ms",
2714 .data = &ip_rt_gc_min_interval,
2715 .maxlen = sizeof(int),
2717 .proc_handler = proc_dointvec_ms_jiffies,
2720 .procname = "gc_timeout",
2721 .data = &ip_rt_gc_timeout,
2722 .maxlen = sizeof(int),
2724 .proc_handler = proc_dointvec_jiffies,
2727 .procname = "gc_interval",
2728 .data = &ip_rt_gc_interval,
2729 .maxlen = sizeof(int),
2731 .proc_handler = proc_dointvec_jiffies,
2734 .procname = "redirect_load",
2735 .data = &ip_rt_redirect_load,
2736 .maxlen = sizeof(int),
2738 .proc_handler = proc_dointvec,
2741 .procname = "redirect_number",
2742 .data = &ip_rt_redirect_number,
2743 .maxlen = sizeof(int),
2745 .proc_handler = proc_dointvec,
2748 .procname = "redirect_silence",
2749 .data = &ip_rt_redirect_silence,
2750 .maxlen = sizeof(int),
2752 .proc_handler = proc_dointvec,
2755 .procname = "error_cost",
2756 .data = &ip_rt_error_cost,
2757 .maxlen = sizeof(int),
2759 .proc_handler = proc_dointvec,
2762 .procname = "error_burst",
2763 .data = &ip_rt_error_burst,
2764 .maxlen = sizeof(int),
2766 .proc_handler = proc_dointvec,
2769 .procname = "gc_elasticity",
2770 .data = &ip_rt_gc_elasticity,
2771 .maxlen = sizeof(int),
2773 .proc_handler = proc_dointvec,
2776 .procname = "mtu_expires",
2777 .data = &ip_rt_mtu_expires,
2778 .maxlen = sizeof(int),
2780 .proc_handler = proc_dointvec_jiffies,
2783 .procname = "min_pmtu",
2784 .data = &ip_rt_min_pmtu,
2785 .maxlen = sizeof(int),
2787 .proc_handler = proc_dointvec,
2790 .procname = "min_adv_mss",
2791 .data = &ip_rt_min_advmss,
2792 .maxlen = sizeof(int),
2794 .proc_handler = proc_dointvec,
2799 static struct ctl_table ipv4_route_flush_table[] = {
2801 .procname = "flush",
2802 .maxlen = sizeof(int),
2804 .proc_handler = ipv4_sysctl_rtcache_flush,
2809 static __net_init int sysctl_route_net_init(struct net *net)
2811 struct ctl_table *tbl;
2813 tbl = ipv4_route_flush_table;
2814 if (!net_eq(net, &init_net)) {
2815 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2819 /* Don't export sysctls to unprivileged users */
2820 if (net->user_ns != &init_user_ns)
2821 tbl[0].procname = NULL;
2823 tbl[0].extra1 = net;
2825 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2826 if (!net->ipv4.route_hdr)
2831 if (tbl != ipv4_route_flush_table)
2837 static __net_exit void sysctl_route_net_exit(struct net *net)
2839 struct ctl_table *tbl;
2841 tbl = net->ipv4.route_hdr->ctl_table_arg;
2842 unregister_net_sysctl_table(net->ipv4.route_hdr);
2843 BUG_ON(tbl == ipv4_route_flush_table);
2847 static __net_initdata struct pernet_operations sysctl_route_ops = {
2848 .init = sysctl_route_net_init,
2849 .exit = sysctl_route_net_exit,
2853 static __net_init int rt_genid_init(struct net *net)
2855 atomic_set(&net->ipv4.rt_genid, 0);
2856 atomic_set(&net->fnhe_genid, 0);
2857 get_random_bytes(&net->ipv4.dev_addr_genid,
2858 sizeof(net->ipv4.dev_addr_genid));
2862 static __net_initdata struct pernet_operations rt_genid_ops = {
2863 .init = rt_genid_init,
2866 static int __net_init ipv4_inetpeer_init(struct net *net)
2868 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2872 inet_peer_base_init(bp);
2873 net->ipv4.peers = bp;
2877 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2879 struct inet_peer_base *bp = net->ipv4.peers;
2881 net->ipv4.peers = NULL;
2882 inetpeer_invalidate_tree(bp);
2886 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2887 .init = ipv4_inetpeer_init,
2888 .exit = ipv4_inetpeer_exit,
2891 #ifdef CONFIG_IP_ROUTE_CLASSID
2892 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2893 #endif /* CONFIG_IP_ROUTE_CLASSID */
2895 int __init ip_rt_init(void)
2900 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2902 panic("IP: failed to allocate ip_idents\n");
2904 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2906 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
2908 panic("IP: failed to allocate ip_tstamps\n");
2910 for_each_possible_cpu(cpu) {
2911 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
2913 INIT_LIST_HEAD(&ul->head);
2914 spin_lock_init(&ul->lock);
2916 #ifdef CONFIG_IP_ROUTE_CLASSID
2917 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2919 panic("IP: failed to allocate ip_rt_acct\n");
2922 ipv4_dst_ops.kmem_cachep =
2923 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2924 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2926 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2928 if (dst_entries_init(&ipv4_dst_ops) < 0)
2929 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2931 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2932 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2934 ipv4_dst_ops.gc_thresh = ~0;
2935 ip_rt_max_size = INT_MAX;
2940 if (ip_rt_proc_init())
2941 pr_err("Unable to create route proc files\n");
2946 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2948 #ifdef CONFIG_SYSCTL
2949 register_pernet_subsys(&sysctl_route_ops);
2951 register_pernet_subsys(&rt_genid_ops);
2952 register_pernet_subsys(&ipv4_inetpeer_ops);
2956 #ifdef CONFIG_SYSCTL
2958 * We really need to sanitize the damn ipv4 init order, then all
2959 * this nonsense will go away.
2961 void __init ip_static_sysctl_init(void)
2963 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / linux.git / blob