2 * Linux INET6 implementation
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
16 * YOSHIFUJI Hideaki @USAGI
17 * reworked default router selection.
18 * - respect outgoing interface
19 * - select from (probably) reachable routers (i.e.
20 * routers in REACHABLE, STALE, DELAY or PROBE states).
21 * - always select the same router if it is (probably)
22 * reachable. otherwise, round-robin the list.
24 * Fixed routing subtrees.
27 #define pr_fmt(fmt) "IPv6: " fmt
29 #include <linux/capability.h>
30 #include <linux/errno.h>
31 #include <linux/export.h>
32 #include <linux/types.h>
33 #include <linux/times.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/net.h>
37 #include <linux/route.h>
38 #include <linux/netdevice.h>
39 #include <linux/in6.h>
40 #include <linux/mroute6.h>
41 #include <linux/init.h>
42 #include <linux/if_arp.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <linux/nsproxy.h>
46 #include <linux/slab.h>
47 #include <linux/jhash.h>
48 #include <net/net_namespace.h>
51 #include <net/ip6_fib.h>
52 #include <net/ip6_route.h>
53 #include <net/ndisc.h>
54 #include <net/addrconf.h>
56 #include <linux/rtnetlink.h>
58 #include <net/dst_metadata.h>
60 #include <net/netevent.h>
61 #include <net/netlink.h>
62 #include <net/nexthop.h>
63 #include <net/lwtunnel.h>
64 #include <net/ip_tunnels.h>
65 #include <net/l3mdev.h>
67 #include <linux/uaccess.h>
70 #include <linux/sysctl.h>
73 static int ip6_rt_type_to_error(u8 fib6_type);
75 #define CREATE_TRACE_POINTS
76 #include <trace/events/fib6.h>
77 EXPORT_TRACEPOINT_SYMBOL_GPL(fib6_table_lookup);
78 #undef CREATE_TRACE_POINTS
81 RT6_NUD_FAIL_HARD = -3,
82 RT6_NUD_FAIL_PROBE = -2,
83 RT6_NUD_FAIL_DO_RR = -1,
87 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie);
88 static unsigned int ip6_default_advmss(const struct dst_entry *dst);
89 static unsigned int ip6_mtu(const struct dst_entry *dst);
90 static struct dst_entry *ip6_negative_advice(struct dst_entry *);
91 static void ip6_dst_destroy(struct dst_entry *);
92 static void ip6_dst_ifdown(struct dst_entry *,
93 struct net_device *dev, int how);
94 static int ip6_dst_gc(struct dst_ops *ops);
96 static int ip6_pkt_discard(struct sk_buff *skb);
97 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
98 static int ip6_pkt_prohibit(struct sk_buff *skb);
99 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
100 static void ip6_link_failure(struct sk_buff *skb);
101 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
102 struct sk_buff *skb, u32 mtu);
103 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk,
104 struct sk_buff *skb);
105 static int rt6_score_route(struct fib6_info *rt, int oif, int strict);
106 static size_t rt6_nlmsg_size(struct fib6_info *rt);
107 static int rt6_fill_node(struct net *net, struct sk_buff *skb,
108 struct fib6_info *rt, struct dst_entry *dst,
109 struct in6_addr *dest, struct in6_addr *src,
110 int iif, int type, u32 portid, u32 seq,
112 static struct rt6_info *rt6_find_cached_rt(struct fib6_info *rt,
113 struct in6_addr *daddr,
114 struct in6_addr *saddr);
116 #ifdef CONFIG_IPV6_ROUTE_INFO
117 static struct fib6_info *rt6_add_route_info(struct net *net,
118 const struct in6_addr *prefix, int prefixlen,
119 const struct in6_addr *gwaddr,
120 struct net_device *dev,
122 static struct fib6_info *rt6_get_route_info(struct net *net,
123 const struct in6_addr *prefix, int prefixlen,
124 const struct in6_addr *gwaddr,
125 struct net_device *dev);
128 struct uncached_list {
130 struct list_head head;
133 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list);
135 void rt6_uncached_list_add(struct rt6_info *rt)
137 struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list);
139 rt->rt6i_uncached_list = ul;
141 spin_lock_bh(&ul->lock);
142 list_add_tail(&rt->rt6i_uncached, &ul->head);
143 spin_unlock_bh(&ul->lock);
146 void rt6_uncached_list_del(struct rt6_info *rt)
148 if (!list_empty(&rt->rt6i_uncached)) {
149 struct uncached_list *ul = rt->rt6i_uncached_list;
150 struct net *net = dev_net(rt->dst.dev);
152 spin_lock_bh(&ul->lock);
153 list_del(&rt->rt6i_uncached);
154 atomic_dec(&net->ipv6.rt6_stats->fib_rt_uncache);
155 spin_unlock_bh(&ul->lock);
159 static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
161 struct net_device *loopback_dev = net->loopback_dev;
164 if (dev == loopback_dev)
167 for_each_possible_cpu(cpu) {
168 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
171 spin_lock_bh(&ul->lock);
172 list_for_each_entry(rt, &ul->head, rt6i_uncached) {
173 struct inet6_dev *rt_idev = rt->rt6i_idev;
174 struct net_device *rt_dev = rt->dst.dev;
176 if (rt_idev->dev == dev) {
177 rt->rt6i_idev = in6_dev_get(loopback_dev);
178 in6_dev_put(rt_idev);
182 rt->dst.dev = loopback_dev;
183 dev_hold(rt->dst.dev);
187 spin_unlock_bh(&ul->lock);
191 static inline const void *choose_neigh_daddr(const struct in6_addr *p,
195 if (!ipv6_addr_any(p))
196 return (const void *) p;
198 return &ipv6_hdr(skb)->daddr;
202 struct neighbour *ip6_neigh_lookup(const struct in6_addr *gw,
203 struct net_device *dev,
209 daddr = choose_neigh_daddr(gw, skb, daddr);
210 n = __ipv6_neigh_lookup(dev, daddr);
214 n = neigh_create(&nd_tbl, daddr, dev);
215 return IS_ERR(n) ? NULL : n;
218 static struct neighbour *ip6_dst_neigh_lookup(const struct dst_entry *dst,
222 const struct rt6_info *rt = container_of(dst, struct rt6_info, dst);
224 return ip6_neigh_lookup(&rt->rt6i_gateway, dst->dev, skb, daddr);
227 static void ip6_confirm_neigh(const struct dst_entry *dst, const void *daddr)
229 struct net_device *dev = dst->dev;
230 struct rt6_info *rt = (struct rt6_info *)dst;
232 daddr = choose_neigh_daddr(&rt->rt6i_gateway, NULL, daddr);
235 if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))
237 if (ipv6_addr_is_multicast((const struct in6_addr *)daddr))
239 __ipv6_confirm_neigh(dev, daddr);
242 static struct dst_ops ip6_dst_ops_template = {
246 .check = ip6_dst_check,
247 .default_advmss = ip6_default_advmss,
249 .cow_metrics = dst_cow_metrics_generic,
250 .destroy = ip6_dst_destroy,
251 .ifdown = ip6_dst_ifdown,
252 .negative_advice = ip6_negative_advice,
253 .link_failure = ip6_link_failure,
254 .update_pmtu = ip6_rt_update_pmtu,
255 .redirect = rt6_do_redirect,
256 .local_out = __ip6_local_out,
257 .neigh_lookup = ip6_dst_neigh_lookup,
258 .confirm_neigh = ip6_confirm_neigh,
261 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst)
263 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
265 return mtu ? : dst->dev->mtu;
268 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
269 struct sk_buff *skb, u32 mtu)
273 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
278 static struct dst_ops ip6_dst_blackhole_ops = {
280 .destroy = ip6_dst_destroy,
281 .check = ip6_dst_check,
282 .mtu = ip6_blackhole_mtu,
283 .default_advmss = ip6_default_advmss,
284 .update_pmtu = ip6_rt_blackhole_update_pmtu,
285 .redirect = ip6_rt_blackhole_redirect,
286 .cow_metrics = dst_cow_metrics_generic,
287 .neigh_lookup = ip6_dst_neigh_lookup,
290 static const u32 ip6_template_metrics[RTAX_MAX] = {
291 [RTAX_HOPLIMIT - 1] = 0,
294 static const struct fib6_info fib6_null_entry_template = {
295 .fib6_flags = (RTF_REJECT | RTF_NONEXTHOP),
296 .fib6_protocol = RTPROT_KERNEL,
297 .fib6_metric = ~(u32)0,
298 .fib6_ref = ATOMIC_INIT(1),
299 .fib6_type = RTN_UNREACHABLE,
300 .fib6_metrics = (struct dst_metrics *)&dst_default_metrics,
303 static const struct rt6_info ip6_null_entry_template = {
305 .__refcnt = ATOMIC_INIT(1),
307 .obsolete = DST_OBSOLETE_FORCE_CHK,
308 .error = -ENETUNREACH,
309 .input = ip6_pkt_discard,
310 .output = ip6_pkt_discard_out,
312 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
315 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
317 static const struct rt6_info ip6_prohibit_entry_template = {
319 .__refcnt = ATOMIC_INIT(1),
321 .obsolete = DST_OBSOLETE_FORCE_CHK,
323 .input = ip6_pkt_prohibit,
324 .output = ip6_pkt_prohibit_out,
326 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
329 static const struct rt6_info ip6_blk_hole_entry_template = {
331 .__refcnt = ATOMIC_INIT(1),
333 .obsolete = DST_OBSOLETE_FORCE_CHK,
335 .input = dst_discard,
336 .output = dst_discard_out,
338 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
343 static void rt6_info_init(struct rt6_info *rt)
345 struct dst_entry *dst = &rt->dst;
347 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
348 INIT_LIST_HEAD(&rt->rt6i_uncached);
351 /* allocate dst with ip6_dst_ops */
352 struct rt6_info *ip6_dst_alloc(struct net *net, struct net_device *dev,
355 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
356 1, DST_OBSOLETE_FORCE_CHK, flags);
360 atomic_inc(&net->ipv6.rt6_stats->fib_rt_alloc);
365 EXPORT_SYMBOL(ip6_dst_alloc);
367 static void ip6_dst_destroy(struct dst_entry *dst)
369 struct rt6_info *rt = (struct rt6_info *)dst;
370 struct fib6_info *from;
371 struct inet6_dev *idev;
373 ip_dst_metrics_put(dst);
374 rt6_uncached_list_del(rt);
376 idev = rt->rt6i_idev;
378 rt->rt6i_idev = NULL;
383 from = rcu_dereference(rt->from);
384 rcu_assign_pointer(rt->from, NULL);
385 fib6_info_release(from);
389 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
392 struct rt6_info *rt = (struct rt6_info *)dst;
393 struct inet6_dev *idev = rt->rt6i_idev;
394 struct net_device *loopback_dev =
395 dev_net(dev)->loopback_dev;
397 if (idev && idev->dev != loopback_dev) {
398 struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev);
400 rt->rt6i_idev = loopback_idev;
406 static bool __rt6_check_expired(const struct rt6_info *rt)
408 if (rt->rt6i_flags & RTF_EXPIRES)
409 return time_after(jiffies, rt->dst.expires);
414 static bool rt6_check_expired(const struct rt6_info *rt)
416 struct fib6_info *from;
418 from = rcu_dereference(rt->from);
420 if (rt->rt6i_flags & RTF_EXPIRES) {
421 if (time_after(jiffies, rt->dst.expires))
424 return rt->dst.obsolete != DST_OBSOLETE_FORCE_CHK ||
425 fib6_check_expired(from);
430 struct fib6_info *fib6_multipath_select(const struct net *net,
431 struct fib6_info *match,
432 struct flowi6 *fl6, int oif,
433 const struct sk_buff *skb,
436 struct fib6_info *sibling, *next_sibling;
438 /* We might have already computed the hash for ICMPv6 errors. In such
439 * case it will always be non-zero. Otherwise now is the time to do it.
442 fl6->mp_hash = rt6_multipath_hash(net, fl6, skb, NULL);
444 if (fl6->mp_hash <= atomic_read(&match->fib6_nh.nh_upper_bound))
447 list_for_each_entry_safe(sibling, next_sibling, &match->fib6_siblings,
451 nh_upper_bound = atomic_read(&sibling->fib6_nh.nh_upper_bound);
452 if (fl6->mp_hash > nh_upper_bound)
454 if (rt6_score_route(sibling, oif, strict) < 0)
464 * Route lookup. rcu_read_lock() should be held.
467 static inline struct fib6_info *rt6_device_match(struct net *net,
468 struct fib6_info *rt,
469 const struct in6_addr *saddr,
473 struct fib6_info *sprt;
475 if (!oif && ipv6_addr_any(saddr) &&
476 !(rt->fib6_nh.nh_flags & RTNH_F_DEAD))
479 for (sprt = rt; sprt; sprt = rcu_dereference(sprt->fib6_next)) {
480 const struct net_device *dev = sprt->fib6_nh.nh_dev;
482 if (sprt->fib6_nh.nh_flags & RTNH_F_DEAD)
486 if (dev->ifindex == oif)
489 if (ipv6_chk_addr(net, saddr, dev,
490 flags & RT6_LOOKUP_F_IFACE))
495 if (oif && flags & RT6_LOOKUP_F_IFACE)
496 return net->ipv6.fib6_null_entry;
498 return rt->fib6_nh.nh_flags & RTNH_F_DEAD ? net->ipv6.fib6_null_entry : rt;
501 #ifdef CONFIG_IPV6_ROUTER_PREF
502 struct __rt6_probe_work {
503 struct work_struct work;
504 struct in6_addr target;
505 struct net_device *dev;
508 static void rt6_probe_deferred(struct work_struct *w)
510 struct in6_addr mcaddr;
511 struct __rt6_probe_work *work =
512 container_of(w, struct __rt6_probe_work, work);
514 addrconf_addr_solict_mult(&work->target, &mcaddr);
515 ndisc_send_ns(work->dev, &work->target, &mcaddr, NULL, 0);
520 static void rt6_probe(struct fib6_info *rt)
522 struct __rt6_probe_work *work = NULL;
523 const struct in6_addr *nh_gw;
524 struct neighbour *neigh;
525 struct net_device *dev;
526 struct inet6_dev *idev;
529 * Okay, this does not seem to be appropriate
530 * for now, however, we need to check if it
531 * is really so; aka Router Reachability Probing.
533 * Router Reachability Probe MUST be rate-limited
534 * to no more than one per minute.
536 if (!rt || !(rt->fib6_flags & RTF_GATEWAY))
539 nh_gw = &rt->fib6_nh.nh_gw;
540 dev = rt->fib6_nh.nh_dev;
542 idev = __in6_dev_get(dev);
543 neigh = __ipv6_neigh_lookup_noref(dev, nh_gw);
545 if (neigh->nud_state & NUD_VALID)
548 write_lock(&neigh->lock);
549 if (!(neigh->nud_state & NUD_VALID) &&
551 neigh->updated + idev->cnf.rtr_probe_interval)) {
552 work = kmalloc(sizeof(*work), GFP_ATOMIC);
554 __neigh_set_probe_once(neigh);
556 write_unlock(&neigh->lock);
557 } else if (time_after(jiffies, rt->last_probe +
558 idev->cnf.rtr_probe_interval)) {
559 work = kmalloc(sizeof(*work), GFP_ATOMIC);
563 rt->last_probe = jiffies;
564 INIT_WORK(&work->work, rt6_probe_deferred);
565 work->target = *nh_gw;
568 schedule_work(&work->work);
572 rcu_read_unlock_bh();
575 static inline void rt6_probe(struct fib6_info *rt)
581 * Default Router Selection (RFC 2461 6.3.6)
583 static inline int rt6_check_dev(struct fib6_info *rt, int oif)
585 const struct net_device *dev = rt->fib6_nh.nh_dev;
587 if (!oif || dev->ifindex == oif)
592 static inline enum rt6_nud_state rt6_check_neigh(struct fib6_info *rt)
594 enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
595 struct neighbour *neigh;
597 if (rt->fib6_flags & RTF_NONEXTHOP ||
598 !(rt->fib6_flags & RTF_GATEWAY))
599 return RT6_NUD_SUCCEED;
602 neigh = __ipv6_neigh_lookup_noref(rt->fib6_nh.nh_dev,
605 read_lock(&neigh->lock);
606 if (neigh->nud_state & NUD_VALID)
607 ret = RT6_NUD_SUCCEED;
608 #ifdef CONFIG_IPV6_ROUTER_PREF
609 else if (!(neigh->nud_state & NUD_FAILED))
610 ret = RT6_NUD_SUCCEED;
612 ret = RT6_NUD_FAIL_PROBE;
614 read_unlock(&neigh->lock);
616 ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ?
617 RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR;
619 rcu_read_unlock_bh();
624 static int rt6_score_route(struct fib6_info *rt, int oif, int strict)
628 m = rt6_check_dev(rt, oif);
629 if (!m && (strict & RT6_LOOKUP_F_IFACE))
630 return RT6_NUD_FAIL_HARD;
631 #ifdef CONFIG_IPV6_ROUTER_PREF
632 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->fib6_flags)) << 2;
634 if (strict & RT6_LOOKUP_F_REACHABLE) {
635 int n = rt6_check_neigh(rt);
642 /* called with rc_read_lock held */
643 static inline bool fib6_ignore_linkdown(const struct fib6_info *f6i)
645 const struct net_device *dev = fib6_info_nh_dev(f6i);
649 const struct inet6_dev *idev = __in6_dev_get(dev);
651 rc = !!idev->cnf.ignore_routes_with_linkdown;
657 static struct fib6_info *find_match(struct fib6_info *rt, int oif, int strict,
658 int *mpri, struct fib6_info *match,
662 bool match_do_rr = false;
664 if (rt->fib6_nh.nh_flags & RTNH_F_DEAD)
667 if (fib6_ignore_linkdown(rt) &&
668 rt->fib6_nh.nh_flags & RTNH_F_LINKDOWN &&
669 !(strict & RT6_LOOKUP_F_IGNORE_LINKSTATE))
672 if (fib6_check_expired(rt))
675 m = rt6_score_route(rt, oif, strict);
676 if (m == RT6_NUD_FAIL_DO_RR) {
678 m = 0; /* lowest valid score */
679 } else if (m == RT6_NUD_FAIL_HARD) {
683 if (strict & RT6_LOOKUP_F_REACHABLE)
686 /* note that m can be RT6_NUD_FAIL_PROBE at this point */
688 *do_rr = match_do_rr;
696 static struct fib6_info *find_rr_leaf(struct fib6_node *fn,
697 struct fib6_info *leaf,
698 struct fib6_info *rr_head,
699 u32 metric, int oif, int strict,
702 struct fib6_info *rt, *match, *cont;
707 for (rt = rr_head; rt; rt = rcu_dereference(rt->fib6_next)) {
708 if (rt->fib6_metric != metric) {
713 match = find_match(rt, oif, strict, &mpri, match, do_rr);
716 for (rt = leaf; rt && rt != rr_head;
717 rt = rcu_dereference(rt->fib6_next)) {
718 if (rt->fib6_metric != metric) {
723 match = find_match(rt, oif, strict, &mpri, match, do_rr);
729 for (rt = cont; rt; rt = rcu_dereference(rt->fib6_next))
730 match = find_match(rt, oif, strict, &mpri, match, do_rr);
735 static struct fib6_info *rt6_select(struct net *net, struct fib6_node *fn,
738 struct fib6_info *leaf = rcu_dereference(fn->leaf);
739 struct fib6_info *match, *rt0;
743 if (!leaf || leaf == net->ipv6.fib6_null_entry)
744 return net->ipv6.fib6_null_entry;
746 rt0 = rcu_dereference(fn->rr_ptr);
750 /* Double check to make sure fn is not an intermediate node
751 * and fn->leaf does not points to its child's leaf
752 * (This might happen if all routes under fn are deleted from
753 * the tree and fib6_repair_tree() is called on the node.)
755 key_plen = rt0->fib6_dst.plen;
756 #ifdef CONFIG_IPV6_SUBTREES
757 if (rt0->fib6_src.plen)
758 key_plen = rt0->fib6_src.plen;
760 if (fn->fn_bit != key_plen)
761 return net->ipv6.fib6_null_entry;
763 match = find_rr_leaf(fn, leaf, rt0, rt0->fib6_metric, oif, strict,
767 struct fib6_info *next = rcu_dereference(rt0->fib6_next);
769 /* no entries matched; do round-robin */
770 if (!next || next->fib6_metric != rt0->fib6_metric)
774 spin_lock_bh(&leaf->fib6_table->tb6_lock);
775 /* make sure next is not being deleted from the tree */
777 rcu_assign_pointer(fn->rr_ptr, next);
778 spin_unlock_bh(&leaf->fib6_table->tb6_lock);
782 return match ? match : net->ipv6.fib6_null_entry;
785 static bool rt6_is_gw_or_nonexthop(const struct fib6_info *rt)
787 return (rt->fib6_flags & (RTF_NONEXTHOP | RTF_GATEWAY));
790 #ifdef CONFIG_IPV6_ROUTE_INFO
791 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
792 const struct in6_addr *gwaddr)
794 struct net *net = dev_net(dev);
795 struct route_info *rinfo = (struct route_info *) opt;
796 struct in6_addr prefix_buf, *prefix;
798 unsigned long lifetime;
799 struct fib6_info *rt;
801 if (len < sizeof(struct route_info)) {
805 /* Sanity check for prefix_len and length */
806 if (rinfo->length > 3) {
808 } else if (rinfo->prefix_len > 128) {
810 } else if (rinfo->prefix_len > 64) {
811 if (rinfo->length < 2) {
814 } else if (rinfo->prefix_len > 0) {
815 if (rinfo->length < 1) {
820 pref = rinfo->route_pref;
821 if (pref == ICMPV6_ROUTER_PREF_INVALID)
824 lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ);
826 if (rinfo->length == 3)
827 prefix = (struct in6_addr *)rinfo->prefix;
829 /* this function is safe */
830 ipv6_addr_prefix(&prefix_buf,
831 (struct in6_addr *)rinfo->prefix,
833 prefix = &prefix_buf;
836 if (rinfo->prefix_len == 0)
837 rt = rt6_get_dflt_router(net, gwaddr, dev);
839 rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
842 if (rt && !lifetime) {
848 rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr,
851 rt->fib6_flags = RTF_ROUTEINFO |
852 (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
855 if (!addrconf_finite_timeout(lifetime))
856 fib6_clean_expires(rt);
858 fib6_set_expires(rt, jiffies + HZ * lifetime);
860 fib6_info_release(rt);
867 * Misc support functions
870 /* called with rcu_lock held */
871 static struct net_device *ip6_rt_get_dev_rcu(struct fib6_info *rt)
873 struct net_device *dev = rt->fib6_nh.nh_dev;
875 if (rt->fib6_flags & (RTF_LOCAL | RTF_ANYCAST)) {
876 /* for copies of local routes, dst->dev needs to be the
877 * device if it is a master device, the master device if
878 * device is enslaved, and the loopback as the default
880 if (netif_is_l3_slave(dev) &&
881 !rt6_need_strict(&rt->fib6_dst.addr))
882 dev = l3mdev_master_dev_rcu(dev);
883 else if (!netif_is_l3_master(dev))
884 dev = dev_net(dev)->loopback_dev;
885 /* last case is netif_is_l3_master(dev) is true in which
886 * case we want dev returned to be dev
893 static const int fib6_prop[RTN_MAX + 1] = {
900 [RTN_BLACKHOLE] = -EINVAL,
901 [RTN_UNREACHABLE] = -EHOSTUNREACH,
902 [RTN_PROHIBIT] = -EACCES,
903 [RTN_THROW] = -EAGAIN,
905 [RTN_XRESOLVE] = -EINVAL,
908 static int ip6_rt_type_to_error(u8 fib6_type)
910 return fib6_prop[fib6_type];
913 static unsigned short fib6_info_dst_flags(struct fib6_info *rt)
915 unsigned short flags = 0;
918 flags |= DST_NOCOUNT;
919 if (rt->dst_nopolicy)
920 flags |= DST_NOPOLICY;
927 static void ip6_rt_init_dst_reject(struct rt6_info *rt, struct fib6_info *ort)
929 rt->dst.error = ip6_rt_type_to_error(ort->fib6_type);
931 switch (ort->fib6_type) {
933 rt->dst.output = dst_discard_out;
934 rt->dst.input = dst_discard;
937 rt->dst.output = ip6_pkt_prohibit_out;
938 rt->dst.input = ip6_pkt_prohibit;
941 case RTN_UNREACHABLE:
943 rt->dst.output = ip6_pkt_discard_out;
944 rt->dst.input = ip6_pkt_discard;
949 static void ip6_rt_init_dst(struct rt6_info *rt, struct fib6_info *ort)
951 if (ort->fib6_flags & RTF_REJECT) {
952 ip6_rt_init_dst_reject(rt, ort);
957 rt->dst.output = ip6_output;
959 if (ort->fib6_type == RTN_LOCAL || ort->fib6_type == RTN_ANYCAST) {
960 rt->dst.input = ip6_input;
961 } else if (ipv6_addr_type(&ort->fib6_dst.addr) & IPV6_ADDR_MULTICAST) {
962 rt->dst.input = ip6_mc_input;
964 rt->dst.input = ip6_forward;
967 if (ort->fib6_nh.nh_lwtstate) {
968 rt->dst.lwtstate = lwtstate_get(ort->fib6_nh.nh_lwtstate);
969 lwtunnel_set_redirect(&rt->dst);
972 rt->dst.lastuse = jiffies;
975 /* Caller must already hold reference to @from */
976 static void rt6_set_from(struct rt6_info *rt, struct fib6_info *from)
978 rt->rt6i_flags &= ~RTF_EXPIRES;
979 rcu_assign_pointer(rt->from, from);
980 ip_dst_init_metrics(&rt->dst, from->fib6_metrics);
983 /* Caller must already hold reference to @ort */
984 static void ip6_rt_copy_init(struct rt6_info *rt, struct fib6_info *ort)
986 struct net_device *dev = fib6_info_nh_dev(ort);
988 ip6_rt_init_dst(rt, ort);
990 rt->rt6i_dst = ort->fib6_dst;
991 rt->rt6i_idev = dev ? in6_dev_get(dev) : NULL;
992 rt->rt6i_gateway = ort->fib6_nh.nh_gw;
993 rt->rt6i_flags = ort->fib6_flags;
994 rt6_set_from(rt, ort);
995 #ifdef CONFIG_IPV6_SUBTREES
996 rt->rt6i_src = ort->fib6_src;
1000 static struct fib6_node* fib6_backtrack(struct fib6_node *fn,
1001 struct in6_addr *saddr)
1003 struct fib6_node *pn, *sn;
1005 if (fn->fn_flags & RTN_TL_ROOT)
1007 pn = rcu_dereference(fn->parent);
1008 sn = FIB6_SUBTREE(pn);
1010 fn = fib6_node_lookup(sn, NULL, saddr);
1013 if (fn->fn_flags & RTN_RTINFO)
1018 static bool ip6_hold_safe(struct net *net, struct rt6_info **prt,
1021 struct rt6_info *rt = *prt;
1023 if (dst_hold_safe(&rt->dst))
1025 if (null_fallback) {
1026 rt = net->ipv6.ip6_null_entry;
1035 /* called with rcu_lock held */
1036 static struct rt6_info *ip6_create_rt_rcu(struct fib6_info *rt)
1038 unsigned short flags = fib6_info_dst_flags(rt);
1039 struct net_device *dev = rt->fib6_nh.nh_dev;
1040 struct rt6_info *nrt;
1042 if (!fib6_info_hold_safe(rt))
1045 nrt = ip6_dst_alloc(dev_net(dev), dev, flags);
1047 ip6_rt_copy_init(nrt, rt);
1049 fib6_info_release(rt);
1054 static struct rt6_info *ip6_pol_route_lookup(struct net *net,
1055 struct fib6_table *table,
1057 const struct sk_buff *skb,
1060 struct fib6_info *f6i;
1061 struct fib6_node *fn;
1062 struct rt6_info *rt;
1064 if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
1065 flags &= ~RT6_LOOKUP_F_IFACE;
1068 fn = fib6_node_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1070 f6i = rcu_dereference(fn->leaf);
1072 f6i = net->ipv6.fib6_null_entry;
1074 f6i = rt6_device_match(net, f6i, &fl6->saddr,
1075 fl6->flowi6_oif, flags);
1076 if (f6i->fib6_nsiblings && fl6->flowi6_oif == 0)
1077 f6i = fib6_multipath_select(net, f6i, fl6,
1078 fl6->flowi6_oif, skb,
1081 if (f6i == net->ipv6.fib6_null_entry) {
1082 fn = fib6_backtrack(fn, &fl6->saddr);
1087 trace_fib6_table_lookup(net, f6i, table, fl6);
1089 /* Search through exception table */
1090 rt = rt6_find_cached_rt(f6i, &fl6->daddr, &fl6->saddr);
1092 if (ip6_hold_safe(net, &rt, true))
1093 dst_use_noref(&rt->dst, jiffies);
1094 } else if (f6i == net->ipv6.fib6_null_entry) {
1095 rt = net->ipv6.ip6_null_entry;
1098 rt = ip6_create_rt_rcu(f6i);
1100 rt = net->ipv6.ip6_null_entry;
1110 struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6,
1111 const struct sk_buff *skb, int flags)
1113 return fib6_rule_lookup(net, fl6, skb, flags, ip6_pol_route_lookup);
1115 EXPORT_SYMBOL_GPL(ip6_route_lookup);
1117 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
1118 const struct in6_addr *saddr, int oif,
1119 const struct sk_buff *skb, int strict)
1121 struct flowi6 fl6 = {
1125 struct dst_entry *dst;
1126 int flags = strict ? RT6_LOOKUP_F_IFACE : 0;
1129 memcpy(&fl6.saddr, saddr, sizeof(*saddr));
1130 flags |= RT6_LOOKUP_F_HAS_SADDR;
1133 dst = fib6_rule_lookup(net, &fl6, skb, flags, ip6_pol_route_lookup);
1134 if (dst->error == 0)
1135 return (struct rt6_info *) dst;
1141 EXPORT_SYMBOL(rt6_lookup);
1143 /* ip6_ins_rt is called with FREE table->tb6_lock.
1144 * It takes new route entry, the addition fails by any reason the
1145 * route is released.
1146 * Caller must hold dst before calling it.
1149 static int __ip6_ins_rt(struct fib6_info *rt, struct nl_info *info,
1150 struct netlink_ext_ack *extack)
1153 struct fib6_table *table;
1155 table = rt->fib6_table;
1156 spin_lock_bh(&table->tb6_lock);
1157 err = fib6_add(&table->tb6_root, rt, info, extack);
1158 spin_unlock_bh(&table->tb6_lock);
1163 int ip6_ins_rt(struct net *net, struct fib6_info *rt)
1165 struct nl_info info = { .nl_net = net, };
1167 return __ip6_ins_rt(rt, &info, NULL);
1170 static struct rt6_info *ip6_rt_cache_alloc(struct fib6_info *ort,
1171 const struct in6_addr *daddr,
1172 const struct in6_addr *saddr)
1174 struct net_device *dev;
1175 struct rt6_info *rt;
1181 if (!fib6_info_hold_safe(ort))
1184 dev = ip6_rt_get_dev_rcu(ort);
1185 rt = ip6_dst_alloc(dev_net(dev), dev, 0);
1187 fib6_info_release(ort);
1191 ip6_rt_copy_init(rt, ort);
1192 rt->rt6i_flags |= RTF_CACHE;
1193 rt->dst.flags |= DST_HOST;
1194 rt->rt6i_dst.addr = *daddr;
1195 rt->rt6i_dst.plen = 128;
1197 if (!rt6_is_gw_or_nonexthop(ort)) {
1198 if (ort->fib6_dst.plen != 128 &&
1199 ipv6_addr_equal(&ort->fib6_dst.addr, daddr))
1200 rt->rt6i_flags |= RTF_ANYCAST;
1201 #ifdef CONFIG_IPV6_SUBTREES
1202 if (rt->rt6i_src.plen && saddr) {
1203 rt->rt6i_src.addr = *saddr;
1204 rt->rt6i_src.plen = 128;
1212 static struct rt6_info *ip6_rt_pcpu_alloc(struct fib6_info *rt)
1214 unsigned short flags = fib6_info_dst_flags(rt);
1215 struct net_device *dev;
1216 struct rt6_info *pcpu_rt;
1218 if (!fib6_info_hold_safe(rt))
1222 dev = ip6_rt_get_dev_rcu(rt);
1223 pcpu_rt = ip6_dst_alloc(dev_net(dev), dev, flags);
1226 fib6_info_release(rt);
1229 ip6_rt_copy_init(pcpu_rt, rt);
1230 pcpu_rt->rt6i_flags |= RTF_PCPU;
1234 /* It should be called with rcu_read_lock() acquired */
1235 static struct rt6_info *rt6_get_pcpu_route(struct fib6_info *rt)
1237 struct rt6_info *pcpu_rt, **p;
1239 p = this_cpu_ptr(rt->rt6i_pcpu);
1243 ip6_hold_safe(NULL, &pcpu_rt, false);
1248 static struct rt6_info *rt6_make_pcpu_route(struct net *net,
1249 struct fib6_info *rt)
1251 struct rt6_info *pcpu_rt, *prev, **p;
1253 pcpu_rt = ip6_rt_pcpu_alloc(rt);
1255 dst_hold(&net->ipv6.ip6_null_entry->dst);
1256 return net->ipv6.ip6_null_entry;
1259 dst_hold(&pcpu_rt->dst);
1260 p = this_cpu_ptr(rt->rt6i_pcpu);
1261 prev = cmpxchg(p, NULL, pcpu_rt);
1267 /* exception hash table implementation
1269 static DEFINE_SPINLOCK(rt6_exception_lock);
1271 /* Remove rt6_ex from hash table and free the memory
1272 * Caller must hold rt6_exception_lock
1274 static void rt6_remove_exception(struct rt6_exception_bucket *bucket,
1275 struct rt6_exception *rt6_ex)
1279 if (!bucket || !rt6_ex)
1282 net = dev_net(rt6_ex->rt6i->dst.dev);
1283 hlist_del_rcu(&rt6_ex->hlist);
1284 dst_release(&rt6_ex->rt6i->dst);
1285 kfree_rcu(rt6_ex, rcu);
1286 WARN_ON_ONCE(!bucket->depth);
1288 net->ipv6.rt6_stats->fib_rt_cache--;
1291 /* Remove oldest rt6_ex in bucket and free the memory
1292 * Caller must hold rt6_exception_lock
1294 static void rt6_exception_remove_oldest(struct rt6_exception_bucket *bucket)
1296 struct rt6_exception *rt6_ex, *oldest = NULL;
1301 hlist_for_each_entry(rt6_ex, &bucket->chain, hlist) {
1302 if (!oldest || time_before(rt6_ex->stamp, oldest->stamp))
1305 rt6_remove_exception(bucket, oldest);
1308 static u32 rt6_exception_hash(const struct in6_addr *dst,
1309 const struct in6_addr *src)
1311 static u32 seed __read_mostly;
1314 net_get_random_once(&seed, sizeof(seed));
1315 val = jhash(dst, sizeof(*dst), seed);
1317 #ifdef CONFIG_IPV6_SUBTREES
1319 val = jhash(src, sizeof(*src), val);
1321 return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT);
1324 /* Helper function to find the cached rt in the hash table
1325 * and update bucket pointer to point to the bucket for this
1326 * (daddr, saddr) pair
1327 * Caller must hold rt6_exception_lock
1329 static struct rt6_exception *
1330 __rt6_find_exception_spinlock(struct rt6_exception_bucket **bucket,
1331 const struct in6_addr *daddr,
1332 const struct in6_addr *saddr)
1334 struct rt6_exception *rt6_ex;
1337 if (!(*bucket) || !daddr)
1340 hval = rt6_exception_hash(daddr, saddr);
1343 hlist_for_each_entry(rt6_ex, &(*bucket)->chain, hlist) {
1344 struct rt6_info *rt6 = rt6_ex->rt6i;
1345 bool matched = ipv6_addr_equal(daddr, &rt6->rt6i_dst.addr);
1347 #ifdef CONFIG_IPV6_SUBTREES
1348 if (matched && saddr)
1349 matched = ipv6_addr_equal(saddr, &rt6->rt6i_src.addr);
1357 /* Helper function to find the cached rt in the hash table
1358 * and update bucket pointer to point to the bucket for this
1359 * (daddr, saddr) pair
1360 * Caller must hold rcu_read_lock()
1362 static struct rt6_exception *
1363 __rt6_find_exception_rcu(struct rt6_exception_bucket **bucket,
1364 const struct in6_addr *daddr,
1365 const struct in6_addr *saddr)
1367 struct rt6_exception *rt6_ex;
1370 WARN_ON_ONCE(!rcu_read_lock_held());
1372 if (!(*bucket) || !daddr)
1375 hval = rt6_exception_hash(daddr, saddr);
1378 hlist_for_each_entry_rcu(rt6_ex, &(*bucket)->chain, hlist) {
1379 struct rt6_info *rt6 = rt6_ex->rt6i;
1380 bool matched = ipv6_addr_equal(daddr, &rt6->rt6i_dst.addr);
1382 #ifdef CONFIG_IPV6_SUBTREES
1383 if (matched && saddr)
1384 matched = ipv6_addr_equal(saddr, &rt6->rt6i_src.addr);
1392 static unsigned int fib6_mtu(const struct fib6_info *rt)
1396 if (rt->fib6_pmtu) {
1397 mtu = rt->fib6_pmtu;
1399 struct net_device *dev = fib6_info_nh_dev(rt);
1400 struct inet6_dev *idev;
1403 idev = __in6_dev_get(dev);
1404 mtu = idev->cnf.mtu6;
1408 mtu = min_t(unsigned int, mtu, IP6_MAX_MTU);
1410 return mtu - lwtunnel_headroom(rt->fib6_nh.nh_lwtstate, mtu);
1413 static int rt6_insert_exception(struct rt6_info *nrt,
1414 struct fib6_info *ort)
1416 struct net *net = dev_net(nrt->dst.dev);
1417 struct rt6_exception_bucket *bucket;
1418 struct in6_addr *src_key = NULL;
1419 struct rt6_exception *rt6_ex;
1422 spin_lock_bh(&rt6_exception_lock);
1424 if (ort->exception_bucket_flushed) {
1429 bucket = rcu_dereference_protected(ort->rt6i_exception_bucket,
1430 lockdep_is_held(&rt6_exception_lock));
1432 bucket = kcalloc(FIB6_EXCEPTION_BUCKET_SIZE, sizeof(*bucket),
1438 rcu_assign_pointer(ort->rt6i_exception_bucket, bucket);
1441 #ifdef CONFIG_IPV6_SUBTREES
1442 /* rt6i_src.plen != 0 indicates ort is in subtree
1443 * and exception table is indexed by a hash of
1444 * both rt6i_dst and rt6i_src.
1445 * Otherwise, the exception table is indexed by
1446 * a hash of only rt6i_dst.
1448 if (ort->fib6_src.plen)
1449 src_key = &nrt->rt6i_src.addr;
1451 /* rt6_mtu_change() might lower mtu on ort.
1452 * Only insert this exception route if its mtu
1453 * is less than ort's mtu value.
1455 if (dst_metric_raw(&nrt->dst, RTAX_MTU) >= fib6_mtu(ort)) {
1460 rt6_ex = __rt6_find_exception_spinlock(&bucket, &nrt->rt6i_dst.addr,
1463 rt6_remove_exception(bucket, rt6_ex);
1465 rt6_ex = kzalloc(sizeof(*rt6_ex), GFP_ATOMIC);
1471 rt6_ex->stamp = jiffies;
1472 hlist_add_head_rcu(&rt6_ex->hlist, &bucket->chain);
1474 net->ipv6.rt6_stats->fib_rt_cache++;
1476 if (bucket->depth > FIB6_MAX_DEPTH)
1477 rt6_exception_remove_oldest(bucket);
1480 spin_unlock_bh(&rt6_exception_lock);
1482 /* Update fn->fn_sernum to invalidate all cached dst */
1484 spin_lock_bh(&ort->fib6_table->tb6_lock);
1485 fib6_update_sernum(net, ort);
1486 spin_unlock_bh(&ort->fib6_table->tb6_lock);
1487 fib6_force_start_gc(net);
1493 void rt6_flush_exceptions(struct fib6_info *rt)
1495 struct rt6_exception_bucket *bucket;
1496 struct rt6_exception *rt6_ex;
1497 struct hlist_node *tmp;
1500 spin_lock_bh(&rt6_exception_lock);
1501 /* Prevent rt6_insert_exception() to recreate the bucket list */
1502 rt->exception_bucket_flushed = 1;
1504 bucket = rcu_dereference_protected(rt->rt6i_exception_bucket,
1505 lockdep_is_held(&rt6_exception_lock));
1509 for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) {
1510 hlist_for_each_entry_safe(rt6_ex, tmp, &bucket->chain, hlist)
1511 rt6_remove_exception(bucket, rt6_ex);
1512 WARN_ON_ONCE(bucket->depth);
1517 spin_unlock_bh(&rt6_exception_lock);
1520 /* Find cached rt in the hash table inside passed in rt
1521 * Caller has to hold rcu_read_lock()
1523 static struct rt6_info *rt6_find_cached_rt(struct fib6_info *rt,
1524 struct in6_addr *daddr,
1525 struct in6_addr *saddr)
1527 struct rt6_exception_bucket *bucket;
1528 struct in6_addr *src_key = NULL;
1529 struct rt6_exception *rt6_ex;
1530 struct rt6_info *res = NULL;
1532 bucket = rcu_dereference(rt->rt6i_exception_bucket);
1534 #ifdef CONFIG_IPV6_SUBTREES
1535 /* rt6i_src.plen != 0 indicates rt is in subtree
1536 * and exception table is indexed by a hash of
1537 * both rt6i_dst and rt6i_src.
1538 * Otherwise, the exception table is indexed by
1539 * a hash of only rt6i_dst.
1541 if (rt->fib6_src.plen)
1544 rt6_ex = __rt6_find_exception_rcu(&bucket, daddr, src_key);
1546 if (rt6_ex && !rt6_check_expired(rt6_ex->rt6i))
1552 /* Remove the passed in cached rt from the hash table that contains it */
1553 static int rt6_remove_exception_rt(struct rt6_info *rt)
1555 struct rt6_exception_bucket *bucket;
1556 struct in6_addr *src_key = NULL;
1557 struct rt6_exception *rt6_ex;
1558 struct fib6_info *from;
1561 from = rcu_dereference(rt->from);
1563 !(rt->rt6i_flags & RTF_CACHE))
1566 if (!rcu_access_pointer(from->rt6i_exception_bucket))
1569 spin_lock_bh(&rt6_exception_lock);
1570 bucket = rcu_dereference_protected(from->rt6i_exception_bucket,
1571 lockdep_is_held(&rt6_exception_lock));
1572 #ifdef CONFIG_IPV6_SUBTREES
1573 /* rt6i_src.plen != 0 indicates 'from' is in subtree
1574 * and exception table is indexed by a hash of
1575 * both rt6i_dst and rt6i_src.
1576 * Otherwise, the exception table is indexed by
1577 * a hash of only rt6i_dst.
1579 if (from->fib6_src.plen)
1580 src_key = &rt->rt6i_src.addr;
1582 rt6_ex = __rt6_find_exception_spinlock(&bucket,
1586 rt6_remove_exception(bucket, rt6_ex);
1592 spin_unlock_bh(&rt6_exception_lock);
1596 /* Find rt6_ex which contains the passed in rt cache and
1599 static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
1601 struct rt6_exception_bucket *bucket;
1602 struct fib6_info *from = rt->from;
1603 struct in6_addr *src_key = NULL;
1604 struct rt6_exception *rt6_ex;
1607 !(rt->rt6i_flags & RTF_CACHE))
1611 bucket = rcu_dereference(from->rt6i_exception_bucket);
1613 #ifdef CONFIG_IPV6_SUBTREES
1614 /* rt6i_src.plen != 0 indicates 'from' is in subtree
1615 * and exception table is indexed by a hash of
1616 * both rt6i_dst and rt6i_src.
1617 * Otherwise, the exception table is indexed by
1618 * a hash of only rt6i_dst.
1620 if (from->fib6_src.plen)
1621 src_key = &rt->rt6i_src.addr;
1623 rt6_ex = __rt6_find_exception_rcu(&bucket,
1627 rt6_ex->stamp = jiffies;
1632 static bool rt6_mtu_change_route_allowed(struct inet6_dev *idev,
1633 struct rt6_info *rt, int mtu)
1635 /* If the new MTU is lower than the route PMTU, this new MTU will be the
1636 * lowest MTU in the path: always allow updating the route PMTU to
1637 * reflect PMTU decreases.
1639 * If the new MTU is higher, and the route PMTU is equal to the local
1640 * MTU, this means the old MTU is the lowest in the path, so allow
1641 * updating it: if other nodes now have lower MTUs, PMTU discovery will
1645 if (dst_mtu(&rt->dst) >= mtu)
1648 if (dst_mtu(&rt->dst) == idev->cnf.mtu6)
1654 static void rt6_exceptions_update_pmtu(struct inet6_dev *idev,
1655 struct fib6_info *rt, int mtu)
1657 struct rt6_exception_bucket *bucket;
1658 struct rt6_exception *rt6_ex;
1661 bucket = rcu_dereference_protected(rt->rt6i_exception_bucket,
1662 lockdep_is_held(&rt6_exception_lock));
1667 for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) {
1668 hlist_for_each_entry(rt6_ex, &bucket->chain, hlist) {
1669 struct rt6_info *entry = rt6_ex->rt6i;
1671 /* For RTF_CACHE with rt6i_pmtu == 0 (i.e. a redirected
1672 * route), the metrics of its rt->from have already
1675 if (dst_metric_raw(&entry->dst, RTAX_MTU) &&
1676 rt6_mtu_change_route_allowed(idev, entry, mtu))
1677 dst_metric_set(&entry->dst, RTAX_MTU, mtu);
1683 #define RTF_CACHE_GATEWAY (RTF_GATEWAY | RTF_CACHE)
1685 static void rt6_exceptions_clean_tohost(struct fib6_info *rt,
1686 struct in6_addr *gateway)
1688 struct rt6_exception_bucket *bucket;
1689 struct rt6_exception *rt6_ex;
1690 struct hlist_node *tmp;
1693 if (!rcu_access_pointer(rt->rt6i_exception_bucket))
1696 spin_lock_bh(&rt6_exception_lock);
1697 bucket = rcu_dereference_protected(rt->rt6i_exception_bucket,
1698 lockdep_is_held(&rt6_exception_lock));
1701 for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) {
1702 hlist_for_each_entry_safe(rt6_ex, tmp,
1703 &bucket->chain, hlist) {
1704 struct rt6_info *entry = rt6_ex->rt6i;
1706 if ((entry->rt6i_flags & RTF_CACHE_GATEWAY) ==
1707 RTF_CACHE_GATEWAY &&
1708 ipv6_addr_equal(gateway,
1709 &entry->rt6i_gateway)) {
1710 rt6_remove_exception(bucket, rt6_ex);
1717 spin_unlock_bh(&rt6_exception_lock);
1720 static void rt6_age_examine_exception(struct rt6_exception_bucket *bucket,
1721 struct rt6_exception *rt6_ex,
1722 struct fib6_gc_args *gc_args,
1725 struct rt6_info *rt = rt6_ex->rt6i;
1727 /* we are pruning and obsoleting aged-out and non gateway exceptions
1728 * even if others have still references to them, so that on next
1729 * dst_check() such references can be dropped.
1730 * EXPIRES exceptions - e.g. pmtu-generated ones are pruned when
1731 * expired, independently from their aging, as per RFC 8201 section 4
1733 if (!(rt->rt6i_flags & RTF_EXPIRES)) {
1734 if (time_after_eq(now, rt->dst.lastuse + gc_args->timeout)) {
1735 RT6_TRACE("aging clone %p\n", rt);
1736 rt6_remove_exception(bucket, rt6_ex);
1739 } else if (time_after(jiffies, rt->dst.expires)) {
1740 RT6_TRACE("purging expired route %p\n", rt);
1741 rt6_remove_exception(bucket, rt6_ex);
1745 if (rt->rt6i_flags & RTF_GATEWAY) {
1746 struct neighbour *neigh;
1747 __u8 neigh_flags = 0;
1749 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
1751 neigh_flags = neigh->flags;
1753 if (!(neigh_flags & NTF_ROUTER)) {
1754 RT6_TRACE("purging route %p via non-router but gateway\n",
1756 rt6_remove_exception(bucket, rt6_ex);
1764 void rt6_age_exceptions(struct fib6_info *rt,
1765 struct fib6_gc_args *gc_args,
1768 struct rt6_exception_bucket *bucket;
1769 struct rt6_exception *rt6_ex;
1770 struct hlist_node *tmp;
1773 if (!rcu_access_pointer(rt->rt6i_exception_bucket))
1777 spin_lock(&rt6_exception_lock);
1778 bucket = rcu_dereference_protected(rt->rt6i_exception_bucket,
1779 lockdep_is_held(&rt6_exception_lock));
1782 for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) {
1783 hlist_for_each_entry_safe(rt6_ex, tmp,
1784 &bucket->chain, hlist) {
1785 rt6_age_examine_exception(bucket, rt6_ex,
1791 spin_unlock(&rt6_exception_lock);
1792 rcu_read_unlock_bh();
1795 /* must be called with rcu lock held */
1796 struct fib6_info *fib6_table_lookup(struct net *net, struct fib6_table *table,
1797 int oif, struct flowi6 *fl6, int strict)
1799 struct fib6_node *fn, *saved_fn;
1800 struct fib6_info *f6i;
1802 fn = fib6_node_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1805 if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
1809 f6i = rt6_select(net, fn, oif, strict);
1810 if (f6i == net->ipv6.fib6_null_entry) {
1811 fn = fib6_backtrack(fn, &fl6->saddr);
1813 goto redo_rt6_select;
1814 else if (strict & RT6_LOOKUP_F_REACHABLE) {
1815 /* also consider unreachable route */
1816 strict &= ~RT6_LOOKUP_F_REACHABLE;
1818 goto redo_rt6_select;
1822 trace_fib6_table_lookup(net, f6i, table, fl6);
1827 struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
1828 int oif, struct flowi6 *fl6,
1829 const struct sk_buff *skb, int flags)
1831 struct fib6_info *f6i;
1832 struct rt6_info *rt;
1835 strict |= flags & RT6_LOOKUP_F_IFACE;
1836 strict |= flags & RT6_LOOKUP_F_IGNORE_LINKSTATE;
1837 if (net->ipv6.devconf_all->forwarding == 0)
1838 strict |= RT6_LOOKUP_F_REACHABLE;
1842 f6i = fib6_table_lookup(net, table, oif, fl6, strict);
1843 if (f6i->fib6_nsiblings)
1844 f6i = fib6_multipath_select(net, f6i, fl6, oif, skb, strict);
1846 if (f6i == net->ipv6.fib6_null_entry) {
1847 rt = net->ipv6.ip6_null_entry;
1853 /*Search through exception table */
1854 rt = rt6_find_cached_rt(f6i, &fl6->daddr, &fl6->saddr);
1856 if (ip6_hold_safe(net, &rt, true))
1857 dst_use_noref(&rt->dst, jiffies);
1861 } else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) &&
1862 !(f6i->fib6_flags & RTF_GATEWAY))) {
1863 /* Create a RTF_CACHE clone which will not be
1864 * owned by the fib6 tree. It is for the special case where
1865 * the daddr in the skb during the neighbor look-up is different
1866 * from the fl6->daddr used to look-up route here.
1868 struct rt6_info *uncached_rt;
1870 uncached_rt = ip6_rt_cache_alloc(f6i, &fl6->daddr, NULL);
1875 /* Uncached_rt's refcnt is taken during ip6_rt_cache_alloc()
1876 * No need for another dst_hold()
1878 rt6_uncached_list_add(uncached_rt);
1879 atomic_inc(&net->ipv6.rt6_stats->fib_rt_uncache);
1881 uncached_rt = net->ipv6.ip6_null_entry;
1882 dst_hold(&uncached_rt->dst);
1887 /* Get a percpu copy */
1889 struct rt6_info *pcpu_rt;
1892 pcpu_rt = rt6_get_pcpu_route(f6i);
1895 pcpu_rt = rt6_make_pcpu_route(net, f6i);
1903 EXPORT_SYMBOL_GPL(ip6_pol_route);
1905 static struct rt6_info *ip6_pol_route_input(struct net *net,
1906 struct fib6_table *table,
1908 const struct sk_buff *skb,
1911 return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, skb, flags);
1914 struct dst_entry *ip6_route_input_lookup(struct net *net,
1915 struct net_device *dev,
1917 const struct sk_buff *skb,
1920 if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG)
1921 flags |= RT6_LOOKUP_F_IFACE;
1923 return fib6_rule_lookup(net, fl6, skb, flags, ip6_pol_route_input);
1925 EXPORT_SYMBOL_GPL(ip6_route_input_lookup);
1927 static void ip6_multipath_l3_keys(const struct sk_buff *skb,
1928 struct flow_keys *keys,
1929 struct flow_keys *flkeys)
1931 const struct ipv6hdr *outer_iph = ipv6_hdr(skb);
1932 const struct ipv6hdr *key_iph = outer_iph;
1933 struct flow_keys *_flkeys = flkeys;
1934 const struct ipv6hdr *inner_iph;
1935 const struct icmp6hdr *icmph;
1936 struct ipv6hdr _inner_iph;
1937 struct icmp6hdr _icmph;
1939 if (likely(outer_iph->nexthdr != IPPROTO_ICMPV6))
1942 icmph = skb_header_pointer(skb, skb_transport_offset(skb),
1943 sizeof(_icmph), &_icmph);
1947 if (icmph->icmp6_type != ICMPV6_DEST_UNREACH &&
1948 icmph->icmp6_type != ICMPV6_PKT_TOOBIG &&
1949 icmph->icmp6_type != ICMPV6_TIME_EXCEED &&
1950 icmph->icmp6_type != ICMPV6_PARAMPROB)
1953 inner_iph = skb_header_pointer(skb,
1954 skb_transport_offset(skb) + sizeof(*icmph),
1955 sizeof(_inner_iph), &_inner_iph);
1959 key_iph = inner_iph;
1963 keys->addrs.v6addrs.src = _flkeys->addrs.v6addrs.src;
1964 keys->addrs.v6addrs.dst = _flkeys->addrs.v6addrs.dst;
1965 keys->tags.flow_label = _flkeys->tags.flow_label;
1966 keys->basic.ip_proto = _flkeys->basic.ip_proto;
1968 keys->addrs.v6addrs.src = key_iph->saddr;
1969 keys->addrs.v6addrs.dst = key_iph->daddr;
1970 keys->tags.flow_label = ip6_flowlabel(key_iph);
1971 keys->basic.ip_proto = key_iph->nexthdr;
1975 /* if skb is set it will be used and fl6 can be NULL */
1976 u32 rt6_multipath_hash(const struct net *net, const struct flowi6 *fl6,
1977 const struct sk_buff *skb, struct flow_keys *flkeys)
1979 struct flow_keys hash_keys;
1982 switch (ip6_multipath_hash_policy(net)) {
1984 memset(&hash_keys, 0, sizeof(hash_keys));
1985 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1987 ip6_multipath_l3_keys(skb, &hash_keys, flkeys);
1989 hash_keys.addrs.v6addrs.src = fl6->saddr;
1990 hash_keys.addrs.v6addrs.dst = fl6->daddr;
1991 hash_keys.tags.flow_label = (__force u32)flowi6_get_flowlabel(fl6);
1992 hash_keys.basic.ip_proto = fl6->flowi6_proto;
1997 unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;
1998 struct flow_keys keys;
2000 /* short-circuit if we already have L4 hash present */
2002 return skb_get_hash_raw(skb) >> 1;
2004 memset(&hash_keys, 0, sizeof(hash_keys));
2007 skb_flow_dissect_flow_keys(skb, &keys, flag);
2010 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
2011 hash_keys.addrs.v6addrs.src = flkeys->addrs.v6addrs.src;
2012 hash_keys.addrs.v6addrs.dst = flkeys->addrs.v6addrs.dst;
2013 hash_keys.ports.src = flkeys->ports.src;
2014 hash_keys.ports.dst = flkeys->ports.dst;
2015 hash_keys.basic.ip_proto = flkeys->basic.ip_proto;
2017 memset(&hash_keys, 0, sizeof(hash_keys));
2018 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
2019 hash_keys.addrs.v6addrs.src = fl6->saddr;
2020 hash_keys.addrs.v6addrs.dst = fl6->daddr;
2021 hash_keys.ports.src = fl6->fl6_sport;
2022 hash_keys.ports.dst = fl6->fl6_dport;
2023 hash_keys.basic.ip_proto = fl6->flowi6_proto;
2027 mhash = flow_hash_from_keys(&hash_keys);
2032 void ip6_route_input(struct sk_buff *skb)
2034 const struct ipv6hdr *iph = ipv6_hdr(skb);
2035 struct net *net = dev_net(skb->dev);
2036 int flags = RT6_LOOKUP_F_HAS_SADDR;
2037 struct ip_tunnel_info *tun_info;
2038 struct flowi6 fl6 = {
2039 .flowi6_iif = skb->dev->ifindex,
2040 .daddr = iph->daddr,
2041 .saddr = iph->saddr,
2042 .flowlabel = ip6_flowinfo(iph),
2043 .flowi6_mark = skb->mark,
2044 .flowi6_proto = iph->nexthdr,
2046 struct flow_keys *flkeys = NULL, _flkeys;
2048 tun_info = skb_tunnel_info(skb);
2049 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
2050 fl6.flowi6_tun_key.tun_id = tun_info->key.tun_id;
2052 if (fib6_rules_early_flow_dissect(net, skb, &fl6, &_flkeys))
2055 if (unlikely(fl6.flowi6_proto == IPPROTO_ICMPV6))
2056 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, flkeys);
2059 ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags));
2062 static struct rt6_info *ip6_pol_route_output(struct net *net,
2063 struct fib6_table *table,
2065 const struct sk_buff *skb,
2068 return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, skb, flags);
2071 struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk,
2072 struct flowi6 *fl6, int flags)
2076 if (ipv6_addr_type(&fl6->daddr) &
2077 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL)) {
2078 struct dst_entry *dst;
2080 dst = l3mdev_link_scope_lookup(net, fl6);
2085 fl6->flowi6_iif = LOOPBACK_IFINDEX;
2087 any_src = ipv6_addr_any(&fl6->saddr);
2088 if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr) ||
2089 (fl6->flowi6_oif && any_src))
2090 flags |= RT6_LOOKUP_F_IFACE;
2093 flags |= RT6_LOOKUP_F_HAS_SADDR;
2095 flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs);
2097 return fib6_rule_lookup(net, fl6, NULL, flags, ip6_pol_route_output);
2099 EXPORT_SYMBOL_GPL(ip6_route_output_flags);
2101 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2103 struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig;
2104 struct net_device *loopback_dev = net->loopback_dev;
2105 struct dst_entry *new = NULL;
2107 rt = dst_alloc(&ip6_dst_blackhole_ops, loopback_dev, 1,
2108 DST_OBSOLETE_DEAD, 0);
2111 atomic_inc(&net->ipv6.rt6_stats->fib_rt_alloc);
2115 new->input = dst_discard;
2116 new->output = dst_discard_out;
2118 dst_copy_metrics(new, &ort->dst);
2120 rt->rt6i_idev = in6_dev_get(loopback_dev);
2121 rt->rt6i_gateway = ort->rt6i_gateway;
2122 rt->rt6i_flags = ort->rt6i_flags & ~RTF_PCPU;
2124 memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key));
2125 #ifdef CONFIG_IPV6_SUBTREES
2126 memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key));
2130 dst_release(dst_orig);
2131 return new ? new : ERR_PTR(-ENOMEM);
2135 * Destination cache support functions
2138 static bool fib6_check(struct fib6_info *f6i, u32 cookie)
2142 if (!fib6_get_cookie_safe(f6i, &rt_cookie) || rt_cookie != cookie)
2145 if (fib6_check_expired(f6i))
2151 static struct dst_entry *rt6_check(struct rt6_info *rt,
2152 struct fib6_info *from,
2157 if ((from && !fib6_get_cookie_safe(from, &rt_cookie)) ||
2158 rt_cookie != cookie)
2161 if (rt6_check_expired(rt))
2167 static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt,
2168 struct fib6_info *from,
2171 if (!__rt6_check_expired(rt) &&
2172 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
2173 fib6_check(from, cookie))
2179 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
2181 struct dst_entry *dst_ret;
2182 struct fib6_info *from;
2183 struct rt6_info *rt;
2185 rt = container_of(dst, struct rt6_info, dst);
2189 /* All IPV6 dsts are created with ->obsolete set to the value
2190 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
2191 * into this function always.
2194 from = rcu_dereference(rt->from);
2196 if (from && (rt->rt6i_flags & RTF_PCPU ||
2197 unlikely(!list_empty(&rt->rt6i_uncached))))
2198 dst_ret = rt6_dst_from_check(rt, from, cookie);
2200 dst_ret = rt6_check(rt, from, cookie);
2207 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
2209 struct rt6_info *rt = (struct rt6_info *) dst;
2212 if (rt->rt6i_flags & RTF_CACHE) {
2214 if (rt6_check_expired(rt)) {
2215 rt6_remove_exception_rt(rt);
2227 static void ip6_link_failure(struct sk_buff *skb)
2229 struct rt6_info *rt;
2231 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
2233 rt = (struct rt6_info *) skb_dst(skb);
2236 if (rt->rt6i_flags & RTF_CACHE) {
2237 rt6_remove_exception_rt(rt);
2239 struct fib6_info *from;
2240 struct fib6_node *fn;
2242 from = rcu_dereference(rt->from);
2244 fn = rcu_dereference(from->fib6_node);
2245 if (fn && (rt->rt6i_flags & RTF_DEFAULT))
2253 static void rt6_update_expires(struct rt6_info *rt0, int timeout)
2255 if (!(rt0->rt6i_flags & RTF_EXPIRES)) {
2256 struct fib6_info *from;
2259 from = rcu_dereference(rt0->from);
2261 rt0->dst.expires = from->expires;
2265 dst_set_expires(&rt0->dst, timeout);
2266 rt0->rt6i_flags |= RTF_EXPIRES;
2269 static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
2271 struct net *net = dev_net(rt->dst.dev);
2273 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
2274 rt->rt6i_flags |= RTF_MODIFIED;
2275 rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
2278 static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
2283 from_set = !!rcu_dereference(rt->from);
2286 return !(rt->rt6i_flags & RTF_CACHE) &&
2287 (rt->rt6i_flags & RTF_PCPU || from_set);
2290 static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
2291 const struct ipv6hdr *iph, u32 mtu)
2293 const struct in6_addr *daddr, *saddr;
2294 struct rt6_info *rt6 = (struct rt6_info *)dst;
2296 if (dst_metric_locked(dst, RTAX_MTU))
2300 daddr = &iph->daddr;
2301 saddr = &iph->saddr;
2303 daddr = &sk->sk_v6_daddr;
2304 saddr = &inet6_sk(sk)->saddr;
2309 dst_confirm_neigh(dst, daddr);
2310 mtu = max_t(u32, mtu, IPV6_MIN_MTU);
2311 if (mtu >= dst_mtu(dst))
2314 if (!rt6_cache_allowed_for_pmtu(rt6)) {
2315 rt6_do_update_pmtu(rt6, mtu);
2316 /* update rt6_ex->stamp for cache */
2317 if (rt6->rt6i_flags & RTF_CACHE)
2318 rt6_update_exception_stamp_rt(rt6);
2320 struct fib6_info *from;
2321 struct rt6_info *nrt6;
2324 from = rcu_dereference(rt6->from);
2325 nrt6 = ip6_rt_cache_alloc(from, daddr, saddr);
2327 rt6_do_update_pmtu(nrt6, mtu);
2328 if (rt6_insert_exception(nrt6, from))
2329 dst_release_immediate(&nrt6->dst);
2335 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
2336 struct sk_buff *skb, u32 mtu)
2338 __ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu);
2341 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu,
2342 int oif, u32 mark, kuid_t uid)
2344 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
2345 struct dst_entry *dst;
2346 struct flowi6 fl6 = {
2348 .flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark),
2349 .daddr = iph->daddr,
2350 .saddr = iph->saddr,
2351 .flowlabel = ip6_flowinfo(iph),
2355 dst = ip6_route_output(net, NULL, &fl6);
2357 __ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu));
2360 EXPORT_SYMBOL_GPL(ip6_update_pmtu);
2362 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu)
2364 int oif = sk->sk_bound_dev_if;
2365 struct dst_entry *dst;
2367 if (!oif && skb->dev)
2368 oif = l3mdev_master_ifindex(skb->dev);
2370 ip6_update_pmtu(skb, sock_net(sk), mtu, oif, sk->sk_mark, sk->sk_uid);
2372 dst = __sk_dst_get(sk);
2373 if (!dst || !dst->obsolete ||
2374 dst->ops->check(dst, inet6_sk(sk)->dst_cookie))
2378 if (!sock_owned_by_user(sk) && !ipv6_addr_v4mapped(&sk->sk_v6_daddr))
2379 ip6_datagram_dst_update(sk, false);
2382 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu);
2384 void ip6_sk_dst_store_flow(struct sock *sk, struct dst_entry *dst,
2385 const struct flowi6 *fl6)
2387 #ifdef CONFIG_IPV6_SUBTREES
2388 struct ipv6_pinfo *np = inet6_sk(sk);
2391 ip6_dst_store(sk, dst,
2392 ipv6_addr_equal(&fl6->daddr, &sk->sk_v6_daddr) ?
2393 &sk->sk_v6_daddr : NULL,
2394 #ifdef CONFIG_IPV6_SUBTREES
2395 ipv6_addr_equal(&fl6->saddr, &np->saddr) ?
2401 /* Handle redirects */
2402 struct ip6rd_flowi {
2404 struct in6_addr gateway;
2407 static struct rt6_info *__ip6_route_redirect(struct net *net,
2408 struct fib6_table *table,
2410 const struct sk_buff *skb,
2413 struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6;
2414 struct rt6_info *ret = NULL, *rt_cache;
2415 struct fib6_info *rt;
2416 struct fib6_node *fn;
2418 /* Get the "current" route for this destination and
2419 * check if the redirect has come from appropriate router.
2421 * RFC 4861 specifies that redirects should only be
2422 * accepted if they come from the nexthop to the target.
2423 * Due to the way the routes are chosen, this notion
2424 * is a bit fuzzy and one might need to check all possible
2429 fn = fib6_node_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
2431 for_each_fib6_node_rt_rcu(fn) {
2432 if (rt->fib6_nh.nh_flags & RTNH_F_DEAD)
2434 if (fib6_check_expired(rt))
2436 if (rt->fib6_flags & RTF_REJECT)
2438 if (!(rt->fib6_flags & RTF_GATEWAY))
2440 if (fl6->flowi6_oif != rt->fib6_nh.nh_dev->ifindex)
2442 /* rt_cache's gateway might be different from its 'parent'
2443 * in the case of an ip redirect.
2444 * So we keep searching in the exception table if the gateway
2447 if (!ipv6_addr_equal(&rdfl->gateway, &rt->fib6_nh.nh_gw)) {
2448 rt_cache = rt6_find_cached_rt(rt,
2452 ipv6_addr_equal(&rdfl->gateway,
2453 &rt_cache->rt6i_gateway)) {
2463 rt = net->ipv6.fib6_null_entry;
2464 else if (rt->fib6_flags & RTF_REJECT) {
2465 ret = net->ipv6.ip6_null_entry;
2469 if (rt == net->ipv6.fib6_null_entry) {
2470 fn = fib6_backtrack(fn, &fl6->saddr);
2477 ip6_hold_safe(net, &ret, true);
2479 ret = ip6_create_rt_rcu(rt);
2483 trace_fib6_table_lookup(net, rt, table, fl6);
2487 static struct dst_entry *ip6_route_redirect(struct net *net,
2488 const struct flowi6 *fl6,
2489 const struct sk_buff *skb,
2490 const struct in6_addr *gateway)
2492 int flags = RT6_LOOKUP_F_HAS_SADDR;
2493 struct ip6rd_flowi rdfl;
2496 rdfl.gateway = *gateway;
2498 return fib6_rule_lookup(net, &rdfl.fl6, skb,
2499 flags, __ip6_route_redirect);
2502 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark,
2505 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
2506 struct dst_entry *dst;
2507 struct flowi6 fl6 = {
2508 .flowi6_iif = LOOPBACK_IFINDEX,
2510 .flowi6_mark = mark,
2511 .daddr = iph->daddr,
2512 .saddr = iph->saddr,
2513 .flowlabel = ip6_flowinfo(iph),
2517 dst = ip6_route_redirect(net, &fl6, skb, &ipv6_hdr(skb)->saddr);
2518 rt6_do_redirect(dst, NULL, skb);
2521 EXPORT_SYMBOL_GPL(ip6_redirect);
2523 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif)
2525 const struct ipv6hdr *iph = ipv6_hdr(skb);
2526 const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb);
2527 struct dst_entry *dst;
2528 struct flowi6 fl6 = {
2529 .flowi6_iif = LOOPBACK_IFINDEX,
2532 .saddr = iph->daddr,
2533 .flowi6_uid = sock_net_uid(net, NULL),
2536 dst = ip6_route_redirect(net, &fl6, skb, &iph->saddr);
2537 rt6_do_redirect(dst, NULL, skb);
2541 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk)
2543 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark,
2546 EXPORT_SYMBOL_GPL(ip6_sk_redirect);
2548 static unsigned int ip6_default_advmss(const struct dst_entry *dst)
2550 struct net_device *dev = dst->dev;
2551 unsigned int mtu = dst_mtu(dst);
2552 struct net *net = dev_net(dev);
2554 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
2556 if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
2557 mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
2560 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
2561 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size.
2562 * IPV6_MAXPLEN is also valid and means: "any MSS,
2563 * rely only on pmtu discovery"
2565 if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr))
2570 static unsigned int ip6_mtu(const struct dst_entry *dst)
2572 struct inet6_dev *idev;
2575 mtu = dst_metric_raw(dst, RTAX_MTU);
2582 idev = __in6_dev_get(dst->dev);
2584 mtu = idev->cnf.mtu6;
2588 mtu = min_t(unsigned int, mtu, IP6_MAX_MTU);
2590 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
2594 * 1. mtu on route is locked - use it
2595 * 2. mtu from nexthop exception
2596 * 3. mtu from egress device
2598 * based on ip6_dst_mtu_forward and exception logic of
2599 * rt6_find_cached_rt; called with rcu_read_lock
2601 u32 ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr,
2602 struct in6_addr *saddr)
2604 struct rt6_exception_bucket *bucket;
2605 struct rt6_exception *rt6_ex;
2606 struct in6_addr *src_key;
2607 struct inet6_dev *idev;
2610 if (unlikely(fib6_metric_locked(f6i, RTAX_MTU))) {
2611 mtu = f6i->fib6_pmtu;
2617 #ifdef CONFIG_IPV6_SUBTREES
2618 if (f6i->fib6_src.plen)
2622 bucket = rcu_dereference(f6i->rt6i_exception_bucket);
2623 rt6_ex = __rt6_find_exception_rcu(&bucket, daddr, src_key);
2624 if (rt6_ex && !rt6_check_expired(rt6_ex->rt6i))
2625 mtu = dst_metric_raw(&rt6_ex->rt6i->dst, RTAX_MTU);
2628 struct net_device *dev = fib6_info_nh_dev(f6i);
2631 idev = __in6_dev_get(dev);
2632 if (idev && idev->cnf.mtu6 > mtu)
2633 mtu = idev->cnf.mtu6;
2636 mtu = min_t(unsigned int, mtu, IP6_MAX_MTU);
2638 return mtu - lwtunnel_headroom(fib6_info_nh_lwt(f6i), mtu);
2641 struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
2644 struct dst_entry *dst;
2645 struct rt6_info *rt;
2646 struct inet6_dev *idev = in6_dev_get(dev);
2647 struct net *net = dev_net(dev);
2649 if (unlikely(!idev))
2650 return ERR_PTR(-ENODEV);
2652 rt = ip6_dst_alloc(net, dev, 0);
2653 if (unlikely(!rt)) {
2655 dst = ERR_PTR(-ENOMEM);
2659 rt->dst.flags |= DST_HOST;
2660 rt->dst.input = ip6_input;
2661 rt->dst.output = ip6_output;
2662 rt->rt6i_gateway = fl6->daddr;
2663 rt->rt6i_dst.addr = fl6->daddr;
2664 rt->rt6i_dst.plen = 128;
2665 rt->rt6i_idev = idev;
2666 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0);
2668 /* Add this dst into uncached_list so that rt6_disable_ip() can
2669 * do proper release of the net_device
2671 rt6_uncached_list_add(rt);
2672 atomic_inc(&net->ipv6.rt6_stats->fib_rt_uncache);
2674 dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0);
2680 static int ip6_dst_gc(struct dst_ops *ops)
2682 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
2683 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
2684 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
2685 int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
2686 int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
2687 unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
2690 entries = dst_entries_get_fast(ops);
2691 if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
2692 entries <= rt_max_size)
2695 net->ipv6.ip6_rt_gc_expire++;
2696 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true);
2697 entries = dst_entries_get_slow(ops);
2698 if (entries < ops->gc_thresh)
2699 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
2701 net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
2702 return entries > rt_max_size;
2705 static struct rt6_info *ip6_nh_lookup_table(struct net *net,
2706 struct fib6_config *cfg,
2707 const struct in6_addr *gw_addr,
2708 u32 tbid, int flags)
2710 struct flowi6 fl6 = {
2711 .flowi6_oif = cfg->fc_ifindex,
2713 .saddr = cfg->fc_prefsrc,
2715 struct fib6_table *table;
2716 struct rt6_info *rt;
2718 table = fib6_get_table(net, tbid);
2722 if (!ipv6_addr_any(&cfg->fc_prefsrc))
2723 flags |= RT6_LOOKUP_F_HAS_SADDR;
2725 flags |= RT6_LOOKUP_F_IGNORE_LINKSTATE;
2726 rt = ip6_pol_route(net, table, cfg->fc_ifindex, &fl6, NULL, flags);
2728 /* if table lookup failed, fall back to full lookup */
2729 if (rt == net->ipv6.ip6_null_entry) {
2737 static int ip6_route_check_nh_onlink(struct net *net,
2738 struct fib6_config *cfg,
2739 const struct net_device *dev,
2740 struct netlink_ext_ack *extack)
2742 u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
2743 const struct in6_addr *gw_addr = &cfg->fc_gateway;
2744 u32 flags = RTF_LOCAL | RTF_ANYCAST | RTF_REJECT;
2745 struct rt6_info *grt;
2749 grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
2751 if (!grt->dst.error &&
2752 /* ignore match if it is the default route */
2753 grt->from && !ipv6_addr_any(&grt->from->fib6_dst.addr) &&
2754 (grt->rt6i_flags & flags || dev != grt->dst.dev)) {
2755 NL_SET_ERR_MSG(extack,
2756 "Nexthop has invalid gateway or device mismatch");
2766 static int ip6_route_check_nh(struct net *net,
2767 struct fib6_config *cfg,
2768 struct net_device **_dev,
2769 struct inet6_dev **idev)
2771 const struct in6_addr *gw_addr = &cfg->fc_gateway;
2772 struct net_device *dev = _dev ? *_dev : NULL;
2773 struct rt6_info *grt = NULL;
2774 int err = -EHOSTUNREACH;
2776 if (cfg->fc_table) {
2777 int flags = RT6_LOOKUP_F_IFACE;
2779 grt = ip6_nh_lookup_table(net, cfg, gw_addr,
2780 cfg->fc_table, flags);
2782 if (grt->rt6i_flags & RTF_GATEWAY ||
2783 (dev && dev != grt->dst.dev)) {
2791 grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, NULL, 1);
2797 if (dev != grt->dst.dev) {
2802 *_dev = dev = grt->dst.dev;
2803 *idev = grt->rt6i_idev;
2805 in6_dev_hold(grt->rt6i_idev);
2808 if (!(grt->rt6i_flags & RTF_GATEWAY))
2817 static int ip6_validate_gw(struct net *net, struct fib6_config *cfg,
2818 struct net_device **_dev, struct inet6_dev **idev,
2819 struct netlink_ext_ack *extack)
2821 const struct in6_addr *gw_addr = &cfg->fc_gateway;
2822 int gwa_type = ipv6_addr_type(gw_addr);
2823 bool skip_dev = gwa_type & IPV6_ADDR_LINKLOCAL ? false : true;
2824 const struct net_device *dev = *_dev;
2825 bool need_addr_check = !dev;
2828 /* if gw_addr is local we will fail to detect this in case
2829 * address is still TENTATIVE (DAD in progress). rt6_lookup()
2830 * will return already-added prefix route via interface that
2831 * prefix route was assigned to, which might be non-loopback.
2834 ipv6_chk_addr_and_flags(net, gw_addr, dev, skip_dev, 0, 0)) {
2835 NL_SET_ERR_MSG(extack, "Gateway can not be a local address");
2839 if (gwa_type != (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_UNICAST)) {
2840 /* IPv6 strictly inhibits using not link-local
2841 * addresses as nexthop address.
2842 * Otherwise, router will not able to send redirects.
2843 * It is very good, but in some (rare!) circumstances
2844 * (SIT, PtP, NBMA NOARP links) it is handy to allow
2845 * some exceptions. --ANK
2846 * We allow IPv4-mapped nexthops to support RFC4798-type
2849 if (!(gwa_type & (IPV6_ADDR_UNICAST | IPV6_ADDR_MAPPED))) {
2850 NL_SET_ERR_MSG(extack, "Invalid gateway address");
2854 if (cfg->fc_flags & RTNH_F_ONLINK)
2855 err = ip6_route_check_nh_onlink(net, cfg, dev, extack);
2857 err = ip6_route_check_nh(net, cfg, _dev, idev);
2863 /* reload in case device was changed */
2868 NL_SET_ERR_MSG(extack, "Egress device not specified");
2870 } else if (dev->flags & IFF_LOOPBACK) {
2871 NL_SET_ERR_MSG(extack,
2872 "Egress device can not be loopback device for this route");
2876 /* if we did not check gw_addr above, do so now that the
2877 * egress device has been resolved.
2879 if (need_addr_check &&
2880 ipv6_chk_addr_and_flags(net, gw_addr, dev, skip_dev, 0, 0)) {
2881 NL_SET_ERR_MSG(extack, "Gateway can not be a local address");
2890 static struct fib6_info *ip6_route_info_create(struct fib6_config *cfg,
2892 struct netlink_ext_ack *extack)
2894 struct net *net = cfg->fc_nlinfo.nl_net;
2895 struct fib6_info *rt = NULL;
2896 struct net_device *dev = NULL;
2897 struct inet6_dev *idev = NULL;
2898 struct fib6_table *table;
2902 /* RTF_PCPU is an internal flag; can not be set by userspace */
2903 if (cfg->fc_flags & RTF_PCPU) {
2904 NL_SET_ERR_MSG(extack, "Userspace can not set RTF_PCPU");
2908 /* RTF_CACHE is an internal flag; can not be set by userspace */
2909 if (cfg->fc_flags & RTF_CACHE) {
2910 NL_SET_ERR_MSG(extack, "Userspace can not set RTF_CACHE");
2914 if (cfg->fc_type > RTN_MAX) {
2915 NL_SET_ERR_MSG(extack, "Invalid route type");
2919 if (cfg->fc_dst_len > 128) {
2920 NL_SET_ERR_MSG(extack, "Invalid prefix length");
2923 if (cfg->fc_src_len > 128) {
2924 NL_SET_ERR_MSG(extack, "Invalid source address length");
2927 #ifndef CONFIG_IPV6_SUBTREES
2928 if (cfg->fc_src_len) {
2929 NL_SET_ERR_MSG(extack,
2930 "Specifying source address requires IPV6_SUBTREES to be enabled");
2934 if (cfg->fc_ifindex) {
2936 dev = dev_get_by_index(net, cfg->fc_ifindex);
2939 idev = in6_dev_get(dev);
2944 if (cfg->fc_metric == 0)
2945 cfg->fc_metric = IP6_RT_PRIO_USER;
2947 if (cfg->fc_flags & RTNH_F_ONLINK) {
2949 NL_SET_ERR_MSG(extack,
2950 "Nexthop device required for onlink");
2955 if (!(dev->flags & IFF_UP)) {
2956 NL_SET_ERR_MSG(extack, "Nexthop device is not up");
2963 if (cfg->fc_nlinfo.nlh &&
2964 !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) {
2965 table = fib6_get_table(net, cfg->fc_table);
2967 pr_warn("NLM_F_CREATE should be specified when creating new route\n");
2968 table = fib6_new_table(net, cfg->fc_table);
2971 table = fib6_new_table(net, cfg->fc_table);
2978 rt = fib6_info_alloc(gfp_flags);
2982 rt->fib6_metrics = ip_fib_metrics_init(net, cfg->fc_mx, cfg->fc_mx_len,
2984 if (IS_ERR(rt->fib6_metrics)) {
2985 err = PTR_ERR(rt->fib6_metrics);
2986 /* Do not leave garbage there. */
2987 rt->fib6_metrics = (struct dst_metrics *)&dst_default_metrics;
2991 if (cfg->fc_flags & RTF_ADDRCONF)
2992 rt->dst_nocount = true;
2994 if (cfg->fc_flags & RTF_EXPIRES)
2995 fib6_set_expires(rt, jiffies +
2996 clock_t_to_jiffies(cfg->fc_expires));
2998 fib6_clean_expires(rt);
3000 if (cfg->fc_protocol == RTPROT_UNSPEC)
3001 cfg->fc_protocol = RTPROT_BOOT;
3002 rt->fib6_protocol = cfg->fc_protocol;
3004 addr_type = ipv6_addr_type(&cfg->fc_dst);
3006 if (cfg->fc_encap) {
3007 struct lwtunnel_state *lwtstate;
3009 err = lwtunnel_build_state(cfg->fc_encap_type,
3010 cfg->fc_encap, AF_INET6, cfg,
3014 rt->fib6_nh.nh_lwtstate = lwtstate_get(lwtstate);
3017 ipv6_addr_prefix(&rt->fib6_dst.addr, &cfg->fc_dst, cfg->fc_dst_len);
3018 rt->fib6_dst.plen = cfg->fc_dst_len;
3019 if (rt->fib6_dst.plen == 128)
3020 rt->dst_host = true;
3022 #ifdef CONFIG_IPV6_SUBTREES
3023 ipv6_addr_prefix(&rt->fib6_src.addr, &cfg->fc_src, cfg->fc_src_len);
3024 rt->fib6_src.plen = cfg->fc_src_len;
3027 rt->fib6_metric = cfg->fc_metric;
3028 rt->fib6_nh.nh_weight = 1;
3030 rt->fib6_type = cfg->fc_type;
3032 /* We cannot add true routes via loopback here,
3033 they would result in kernel looping; promote them to reject routes
3035 if ((cfg->fc_flags & RTF_REJECT) ||
3036 (dev && (dev->flags & IFF_LOOPBACK) &&
3037 !(addr_type & IPV6_ADDR_LOOPBACK) &&
3038 !(cfg->fc_flags & RTF_LOCAL))) {
3039 /* hold loopback dev/idev if we haven't done so. */
3040 if (dev != net->loopback_dev) {
3045 dev = net->loopback_dev;
3047 idev = in6_dev_get(dev);
3053 rt->fib6_flags = RTF_REJECT|RTF_NONEXTHOP;
3057 if (cfg->fc_flags & RTF_GATEWAY) {
3058 err = ip6_validate_gw(net, cfg, &dev, &idev, extack);
3062 rt->fib6_nh.nh_gw = cfg->fc_gateway;
3069 if (idev->cnf.disable_ipv6) {
3070 NL_SET_ERR_MSG(extack, "IPv6 is disabled on nexthop device");
3075 if (!(dev->flags & IFF_UP)) {
3076 NL_SET_ERR_MSG(extack, "Nexthop device is not up");
3081 if (!ipv6_addr_any(&cfg->fc_prefsrc)) {
3082 if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) {
3083 NL_SET_ERR_MSG(extack, "Invalid source address");
3087 rt->fib6_prefsrc.addr = cfg->fc_prefsrc;
3088 rt->fib6_prefsrc.plen = 128;
3090 rt->fib6_prefsrc.plen = 0;
3092 rt->fib6_flags = cfg->fc_flags;
3095 if (!(rt->fib6_flags & (RTF_LOCAL | RTF_ANYCAST)) &&
3096 !netif_carrier_ok(dev))
3097 rt->fib6_nh.nh_flags |= RTNH_F_LINKDOWN;
3098 rt->fib6_nh.nh_flags |= (cfg->fc_flags & RTNH_F_ONLINK);
3099 rt->fib6_nh.nh_dev = dev;
3100 rt->fib6_table = table;
3112 fib6_info_release(rt);
3113 return ERR_PTR(err);
3116 int ip6_route_add(struct fib6_config *cfg, gfp_t gfp_flags,
3117 struct netlink_ext_ack *extack)
3119 struct fib6_info *rt;
3122 rt = ip6_route_info_create(cfg, gfp_flags, extack);
3126 err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, extack);
3127 fib6_info_release(rt);
3132 static int __ip6_del_rt(struct fib6_info *rt, struct nl_info *info)
3134 struct net *net = info->nl_net;
3135 struct fib6_table *table;
3138 if (rt == net->ipv6.fib6_null_entry) {
3143 table = rt->fib6_table;
3144 spin_lock_bh(&table->tb6_lock);
3145 err = fib6_del(rt, info);
3146 spin_unlock_bh(&table->tb6_lock);
3149 fib6_info_release(rt);
3153 int ip6_del_rt(struct net *net, struct fib6_info *rt)
3155 struct nl_info info = { .nl_net = net };
3157 return __ip6_del_rt(rt, &info);
3160 static int __ip6_del_rt_siblings(struct fib6_info *rt, struct fib6_config *cfg)
3162 struct nl_info *info = &cfg->fc_nlinfo;
3163 struct net *net = info->nl_net;
3164 struct sk_buff *skb = NULL;
3165 struct fib6_table *table;
3168 if (rt == net->ipv6.fib6_null_entry)
3170 table = rt->fib6_table;
3171 spin_lock_bh(&table->tb6_lock);
3173 if (rt->fib6_nsiblings && cfg->fc_delete_all_nh) {
3174 struct fib6_info *sibling, *next_sibling;
3176 /* prefer to send a single notification with all hops */
3177 skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
3179 u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0;
3181 if (rt6_fill_node(net, skb, rt, NULL,
3182 NULL, NULL, 0, RTM_DELROUTE,
3183 info->portid, seq, 0) < 0) {
3187 info->skip_notify = 1;
3190 list_for_each_entry_safe(sibling, next_sibling,
3193 err = fib6_del(sibling, info);
3199 err = fib6_del(rt, info);
3201 spin_unlock_bh(&table->tb6_lock);
3203 fib6_info_release(rt);
3206 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
3207 info->nlh, gfp_any());
3212 static int ip6_del_cached_rt(struct rt6_info *rt, struct fib6_config *cfg)
3216 if (cfg->fc_ifindex && rt->dst.dev->ifindex != cfg->fc_ifindex)
3219 if (cfg->fc_flags & RTF_GATEWAY &&
3220 !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway))
3223 rc = rt6_remove_exception_rt(rt);
3228 static int ip6_route_del(struct fib6_config *cfg,
3229 struct netlink_ext_ack *extack)
3231 struct rt6_info *rt_cache;
3232 struct fib6_table *table;
3233 struct fib6_info *rt;
3234 struct fib6_node *fn;
3237 table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table);
3239 NL_SET_ERR_MSG(extack, "FIB table does not exist");
3245 fn = fib6_locate(&table->tb6_root,
3246 &cfg->fc_dst, cfg->fc_dst_len,
3247 &cfg->fc_src, cfg->fc_src_len,
3248 !(cfg->fc_flags & RTF_CACHE));
3251 for_each_fib6_node_rt_rcu(fn) {
3252 if (cfg->fc_flags & RTF_CACHE) {
3255 rt_cache = rt6_find_cached_rt(rt, &cfg->fc_dst,
3258 rc = ip6_del_cached_rt(rt_cache, cfg);
3266 if (cfg->fc_ifindex &&
3267 (!rt->fib6_nh.nh_dev ||
3268 rt->fib6_nh.nh_dev->ifindex != cfg->fc_ifindex))
3270 if (cfg->fc_flags & RTF_GATEWAY &&
3271 !ipv6_addr_equal(&cfg->fc_gateway, &rt->fib6_nh.nh_gw))
3273 if (cfg->fc_metric && cfg->fc_metric != rt->fib6_metric)
3275 if (cfg->fc_protocol && cfg->fc_protocol != rt->fib6_protocol)
3277 if (!fib6_info_hold_safe(rt))
3281 /* if gateway was specified only delete the one hop */
3282 if (cfg->fc_flags & RTF_GATEWAY)
3283 return __ip6_del_rt(rt, &cfg->fc_nlinfo);
3285 return __ip6_del_rt_siblings(rt, cfg);
3293 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
3295 struct netevent_redirect netevent;
3296 struct rt6_info *rt, *nrt = NULL;
3297 struct ndisc_options ndopts;
3298 struct inet6_dev *in6_dev;
3299 struct neighbour *neigh;
3300 struct fib6_info *from;
3302 int optlen, on_link;
3305 optlen = skb_tail_pointer(skb) - skb_transport_header(skb);
3306 optlen -= sizeof(*msg);
3309 net_dbg_ratelimited("rt6_do_redirect: packet too short\n");
3313 msg = (struct rd_msg *)icmp6_hdr(skb);
3315 if (ipv6_addr_is_multicast(&msg->dest)) {
3316 net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n");
3321 if (ipv6_addr_equal(&msg->dest, &msg->target)) {
3323 } else if (ipv6_addr_type(&msg->target) !=
3324 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
3325 net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n");
3329 in6_dev = __in6_dev_get(skb->dev);
3332 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
3336 * The IP source address of the Redirect MUST be the same as the current
3337 * first-hop router for the specified ICMP Destination Address.
3340 if (!ndisc_parse_options(skb->dev, msg->opt, optlen, &ndopts)) {
3341 net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
3346 if (ndopts.nd_opts_tgt_lladdr) {
3347 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
3350 net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n");
3355 rt = (struct rt6_info *) dst;
3356 if (rt->rt6i_flags & RTF_REJECT) {
3357 net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
3361 /* Redirect received -> path was valid.
3362 * Look, redirects are sent only in response to data packets,
3363 * so that this nexthop apparently is reachable. --ANK
3365 dst_confirm_neigh(&rt->dst, &ipv6_hdr(skb)->saddr);
3367 neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1);
3372 * We have finally decided to accept it.
3375 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
3376 NEIGH_UPDATE_F_WEAK_OVERRIDE|
3377 NEIGH_UPDATE_F_OVERRIDE|
3378 (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
3379 NEIGH_UPDATE_F_ISROUTER)),
3380 NDISC_REDIRECT, &ndopts);
3383 from = rcu_dereference(rt->from);
3384 /* This fib6_info_hold() is safe here because we hold reference to rt
3385 * and rt already holds reference to fib6_info.
3387 fib6_info_hold(from);
3390 nrt = ip6_rt_cache_alloc(from, &msg->dest, NULL);
3394 nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE;
3396 nrt->rt6i_flags &= ~RTF_GATEWAY;
3398 nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key;
3400 /* No need to remove rt from the exception table if rt is
3401 * a cached route because rt6_insert_exception() will
3404 if (rt6_insert_exception(nrt, from)) {
3405 dst_release_immediate(&nrt->dst);
3409 netevent.old = &rt->dst;
3410 netevent.new = &nrt->dst;
3411 netevent.daddr = &msg->dest;
3412 netevent.neigh = neigh;
3413 call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
3416 fib6_info_release(from);
3417 neigh_release(neigh);
3420 #ifdef CONFIG_IPV6_ROUTE_INFO
3421 static struct fib6_info *rt6_get_route_info(struct net *net,
3422 const struct in6_addr *prefix, int prefixlen,
3423 const struct in6_addr *gwaddr,
3424 struct net_device *dev)
3426 u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO;
3427 int ifindex = dev->ifindex;
3428 struct fib6_node *fn;
3429 struct fib6_info *rt = NULL;
3430 struct fib6_table *table;
3432 table = fib6_get_table(net, tb_id);
3437 fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0, true);
3441 for_each_fib6_node_rt_rcu(fn) {
3442 if (rt->fib6_nh.nh_dev->ifindex != ifindex)
3444 if ((rt->fib6_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
3446 if (!ipv6_addr_equal(&rt->fib6_nh.nh_gw, gwaddr))
3448 if (!fib6_info_hold_safe(rt))
3457 static struct fib6_info *rt6_add_route_info(struct net *net,
3458 const struct in6_addr *prefix, int prefixlen,
3459 const struct in6_addr *gwaddr,
3460 struct net_device *dev,
3463 struct fib6_config cfg = {
3464 .fc_metric = IP6_RT_PRIO_USER,
3465 .fc_ifindex = dev->ifindex,
3466 .fc_dst_len = prefixlen,
3467 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO |
3468 RTF_UP | RTF_PREF(pref),
3469 .fc_protocol = RTPROT_RA,
3470 .fc_type = RTN_UNICAST,
3471 .fc_nlinfo.portid = 0,
3472 .fc_nlinfo.nlh = NULL,
3473 .fc_nlinfo.nl_net = net,
3476 cfg.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO,
3477 cfg.fc_dst = *prefix;
3478 cfg.fc_gateway = *gwaddr;
3480 /* We should treat it as a default route if prefix length is 0. */
3482 cfg.fc_flags |= RTF_DEFAULT;
3484 ip6_route_add(&cfg, GFP_ATOMIC, NULL);
3486 return rt6_get_route_info(net, prefix, prefixlen, gwaddr, dev);
3490 struct fib6_info *rt6_get_dflt_router(struct net *net,
3491 const struct in6_addr *addr,
3492 struct net_device *dev)
3494 u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT;
3495 struct fib6_info *rt;
3496 struct fib6_table *table;
3498 table = fib6_get_table(net, tb_id);
3503 for_each_fib6_node_rt_rcu(&table->tb6_root) {
3504 if (dev == rt->fib6_nh.nh_dev &&
3505 ((rt->fib6_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) &&
3506 ipv6_addr_equal(&rt->fib6_nh.nh_gw, addr))
3509 if (rt && !fib6_info_hold_safe(rt))
3515 struct fib6_info *rt6_add_dflt_router(struct net *net,
3516 const struct in6_addr *gwaddr,
3517 struct net_device *dev,
3520 struct fib6_config cfg = {
3521 .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
3522 .fc_metric = IP6_RT_PRIO_USER,
3523 .fc_ifindex = dev->ifindex,
3524 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
3525 RTF_UP | RTF_EXPIRES | RTF_PREF(pref),
3526 .fc_protocol = RTPROT_RA,
3527 .fc_type = RTN_UNICAST,
3528 .fc_nlinfo.portid = 0,
3529 .fc_nlinfo.nlh = NULL,
3530 .fc_nlinfo.nl_net = net,
3533 cfg.fc_gateway = *gwaddr;
3535 if (!ip6_route_add(&cfg, GFP_ATOMIC, NULL)) {
3536 struct fib6_table *table;
3538 table = fib6_get_table(dev_net(dev), cfg.fc_table);
3540 table->flags |= RT6_TABLE_HAS_DFLT_ROUTER;
3543 return rt6_get_dflt_router(net, gwaddr, dev);
3546 static void __rt6_purge_dflt_routers(struct net *net,
3547 struct fib6_table *table)
3549 struct fib6_info *rt;
3553 for_each_fib6_node_rt_rcu(&table->tb6_root) {
3554 struct net_device *dev = fib6_info_nh_dev(rt);
3555 struct inet6_dev *idev = dev ? __in6_dev_get(dev) : NULL;
3557 if (rt->fib6_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
3558 (!idev || idev->cnf.accept_ra != 2) &&
3559 fib6_info_hold_safe(rt)) {
3561 ip6_del_rt(net, rt);
3567 table->flags &= ~RT6_TABLE_HAS_DFLT_ROUTER;
3570 void rt6_purge_dflt_routers(struct net *net)
3572 struct fib6_table *table;
3573 struct hlist_head *head;
3578 for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
3579 head = &net->ipv6.fib_table_hash[h];
3580 hlist_for_each_entry_rcu(table, head, tb6_hlist) {
3581 if (table->flags & RT6_TABLE_HAS_DFLT_ROUTER)
3582 __rt6_purge_dflt_routers(net, table);
3589 static void rtmsg_to_fib6_config(struct net *net,
3590 struct in6_rtmsg *rtmsg,
3591 struct fib6_config *cfg)
3593 *cfg = (struct fib6_config){
3594 .fc_table = l3mdev_fib_table_by_index(net, rtmsg->rtmsg_ifindex) ?
3596 .fc_ifindex = rtmsg->rtmsg_ifindex,
3597 .fc_metric = rtmsg->rtmsg_metric,
3598 .fc_expires = rtmsg->rtmsg_info,
3599 .fc_dst_len = rtmsg->rtmsg_dst_len,
3600 .fc_src_len = rtmsg->rtmsg_src_len,
3601 .fc_flags = rtmsg->rtmsg_flags,
3602 .fc_type = rtmsg->rtmsg_type,
3604 .fc_nlinfo.nl_net = net,
3606 .fc_dst = rtmsg->rtmsg_dst,
3607 .fc_src = rtmsg->rtmsg_src,
3608 .fc_gateway = rtmsg->rtmsg_gateway,
3612 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
3614 struct fib6_config cfg;
3615 struct in6_rtmsg rtmsg;
3619 case SIOCADDRT: /* Add a route */
3620 case SIOCDELRT: /* Delete a route */
3621 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
3623 err = copy_from_user(&rtmsg, arg,
3624 sizeof(struct in6_rtmsg));
3628 rtmsg_to_fib6_config(net, &rtmsg, &cfg);
3633 err = ip6_route_add(&cfg, GFP_KERNEL, NULL);
3636 err = ip6_route_del(&cfg, NULL);
3650 * Drop the packet on the floor
3653 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
3656 struct dst_entry *dst = skb_dst(skb);
3657 switch (ipstats_mib_noroutes) {
3658 case IPSTATS_MIB_INNOROUTES:
3659 type = ipv6_addr_type(&ipv6_hdr(skb)->daddr);
3660 if (type == IPV6_ADDR_ANY) {
3661 IP6_INC_STATS(dev_net(dst->dev),
3662 __in6_dev_get_safely(skb->dev),
3663 IPSTATS_MIB_INADDRERRORS);
3667 case IPSTATS_MIB_OUTNOROUTES:
3668 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
3669 ipstats_mib_noroutes);
3672 icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0);
3677 static int ip6_pkt_discard(struct sk_buff *skb)
3679 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES);
3682 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb)
3684 skb->dev = skb_dst(skb)->dev;
3685 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES);
3688 static int ip6_pkt_prohibit(struct sk_buff *skb)
3690 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES);
3693 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb)
3695 skb->dev = skb_dst(skb)->dev;
3696 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
3700 * Allocate a dst for local (unicast / anycast) address.
3703 struct fib6_info *addrconf_f6i_alloc(struct net *net,
3704 struct inet6_dev *idev,
3705 const struct in6_addr *addr,
3706 bool anycast, gfp_t gfp_flags)
3709 struct net_device *dev = idev->dev;
3710 struct fib6_info *f6i;
3712 f6i = fib6_info_alloc(gfp_flags);
3714 return ERR_PTR(-ENOMEM);
3716 f6i->fib6_metrics = ip_fib_metrics_init(net, NULL, 0, NULL);
3717 f6i->dst_nocount = true;
3718 f6i->dst_host = true;
3719 f6i->fib6_protocol = RTPROT_KERNEL;
3720 f6i->fib6_flags = RTF_UP | RTF_NONEXTHOP;
3722 f6i->fib6_type = RTN_ANYCAST;
3723 f6i->fib6_flags |= RTF_ANYCAST;
3725 f6i->fib6_type = RTN_LOCAL;
3726 f6i->fib6_flags |= RTF_LOCAL;
3729 f6i->fib6_nh.nh_gw = *addr;
3731 f6i->fib6_nh.nh_dev = dev;
3732 f6i->fib6_dst.addr = *addr;
3733 f6i->fib6_dst.plen = 128;
3734 tb_id = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL;
3735 f6i->fib6_table = fib6_get_table(net, tb_id);
3740 /* remove deleted ip from prefsrc entries */
3741 struct arg_dev_net_ip {
3742 struct net_device *dev;
3744 struct in6_addr *addr;
3747 static int fib6_remove_prefsrc(struct fib6_info *rt, void *arg)
3749 struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev;
3750 struct net *net = ((struct arg_dev_net_ip *)arg)->net;
3751 struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr;
3753 if (((void *)rt->fib6_nh.nh_dev == dev || !dev) &&
3754 rt != net->ipv6.fib6_null_entry &&
3755 ipv6_addr_equal(addr, &rt->fib6_prefsrc.addr)) {
3756 spin_lock_bh(&rt6_exception_lock);
3757 /* remove prefsrc entry */
3758 rt->fib6_prefsrc.plen = 0;
3759 spin_unlock_bh(&rt6_exception_lock);
3764 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp)
3766 struct net *net = dev_net(ifp->idev->dev);
3767 struct arg_dev_net_ip adni = {
3768 .dev = ifp->idev->dev,
3772 fib6_clean_all(net, fib6_remove_prefsrc, &adni);
3775 #define RTF_RA_ROUTER (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY)
3777 /* Remove routers and update dst entries when gateway turn into host. */
3778 static int fib6_clean_tohost(struct fib6_info *rt, void *arg)
3780 struct in6_addr *gateway = (struct in6_addr *)arg;
3782 if (((rt->fib6_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) &&
3783 ipv6_addr_equal(gateway, &rt->fib6_nh.nh_gw)) {
3787 /* Further clean up cached routes in exception table.
3788 * This is needed because cached route may have a different
3789 * gateway than its 'parent' in the case of an ip redirect.
3791 rt6_exceptions_clean_tohost(rt, gateway);
3796 void rt6_clean_tohost(struct net *net, struct in6_addr *gateway)
3798 fib6_clean_all(net, fib6_clean_tohost, gateway);
3801 struct arg_netdev_event {
3802 const struct net_device *dev;
3804 unsigned int nh_flags;
3805 unsigned long event;
3809 static struct fib6_info *rt6_multipath_first_sibling(const struct fib6_info *rt)
3811 struct fib6_info *iter;
3812 struct fib6_node *fn;
3814 fn = rcu_dereference_protected(rt->fib6_node,
3815 lockdep_is_held(&rt->fib6_table->tb6_lock));
3816 iter = rcu_dereference_protected(fn->leaf,
3817 lockdep_is_held(&rt->fib6_table->tb6_lock));
3819 if (iter->fib6_metric == rt->fib6_metric &&
3820 rt6_qualify_for_ecmp(iter))
3822 iter = rcu_dereference_protected(iter->fib6_next,
3823 lockdep_is_held(&rt->fib6_table->tb6_lock));
3829 static bool rt6_is_dead(const struct fib6_info *rt)
3831 if (rt->fib6_nh.nh_flags & RTNH_F_DEAD ||
3832 (rt->fib6_nh.nh_flags & RTNH_F_LINKDOWN &&
3833 fib6_ignore_linkdown(rt)))
3839 static int rt6_multipath_total_weight(const struct fib6_info *rt)
3841 struct fib6_info *iter;
3844 if (!rt6_is_dead(rt))
3845 total += rt->fib6_nh.nh_weight;
3847 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings) {
3848 if (!rt6_is_dead(iter))
3849 total += iter->fib6_nh.nh_weight;
3855 static void rt6_upper_bound_set(struct fib6_info *rt, int *weight, int total)
3857 int upper_bound = -1;
3859 if (!rt6_is_dead(rt)) {
3860 *weight += rt->fib6_nh.nh_weight;
3861 upper_bound = DIV_ROUND_CLOSEST_ULL((u64) (*weight) << 31,
3864 atomic_set(&rt->fib6_nh.nh_upper_bound, upper_bound);
3867 static void rt6_multipath_upper_bound_set(struct fib6_info *rt, int total)
3869 struct fib6_info *iter;
3872 rt6_upper_bound_set(rt, &weight, total);
3874 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings)
3875 rt6_upper_bound_set(iter, &weight, total);
3878 void rt6_multipath_rebalance(struct fib6_info *rt)
3880 struct fib6_info *first;
3883 /* In case the entire multipath route was marked for flushing,
3884 * then there is no need to rebalance upon the removal of every
3887 if (!rt->fib6_nsiblings || rt->should_flush)
3890 /* During lookup routes are evaluated in order, so we need to
3891 * make sure upper bounds are assigned from the first sibling
3894 first = rt6_multipath_first_sibling(rt);
3895 if (WARN_ON_ONCE(!first))
3898 total = rt6_multipath_total_weight(first);
3899 rt6_multipath_upper_bound_set(first, total);
3902 static int fib6_ifup(struct fib6_info *rt, void *p_arg)
3904 const struct arg_netdev_event *arg = p_arg;
3905 struct net *net = dev_net(arg->dev);
3907 if (rt != net->ipv6.fib6_null_entry && rt->fib6_nh.nh_dev == arg->dev) {
3908 rt->fib6_nh.nh_flags &= ~arg->nh_flags;
3909 fib6_update_sernum_upto_root(net, rt);
3910 rt6_multipath_rebalance(rt);
3916 void rt6_sync_up(struct net_device *dev, unsigned int nh_flags)
3918 struct arg_netdev_event arg = {
3921 .nh_flags = nh_flags,
3925 if (nh_flags & RTNH_F_DEAD && netif_carrier_ok(dev))
3926 arg.nh_flags |= RTNH_F_LINKDOWN;
3928 fib6_clean_all(dev_net(dev), fib6_ifup, &arg);
3931 static bool rt6_multipath_uses_dev(const struct fib6_info *rt,
3932 const struct net_device *dev)
3934 struct fib6_info *iter;
3936 if (rt->fib6_nh.nh_dev == dev)
3938 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings)
3939 if (iter->fib6_nh.nh_dev == dev)
3945 static void rt6_multipath_flush(struct fib6_info *rt)
3947 struct fib6_info *iter;
3949 rt->should_flush = 1;
3950 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings)
3951 iter->should_flush = 1;
3954 static unsigned int rt6_multipath_dead_count(const struct fib6_info *rt,
3955 const struct net_device *down_dev)
3957 struct fib6_info *iter;
3958 unsigned int dead = 0;
3960 if (rt->fib6_nh.nh_dev == down_dev ||
3961 rt->fib6_nh.nh_flags & RTNH_F_DEAD)
3963 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings)
3964 if (iter->fib6_nh.nh_dev == down_dev ||
3965 iter->fib6_nh.nh_flags & RTNH_F_DEAD)
3971 static void rt6_multipath_nh_flags_set(struct fib6_info *rt,
3972 const struct net_device *dev,
3973 unsigned int nh_flags)
3975 struct fib6_info *iter;
3977 if (rt->fib6_nh.nh_dev == dev)
3978 rt->fib6_nh.nh_flags |= nh_flags;
3979 list_for_each_entry(iter, &rt->fib6_siblings, fib6_siblings)
3980 if (iter->fib6_nh.nh_dev == dev)
3981 iter->fib6_nh.nh_flags |= nh_flags;
3984 /* called with write lock held for table with rt */
3985 static int fib6_ifdown(struct fib6_info *rt, void *p_arg)
3987 const struct arg_netdev_event *arg = p_arg;
3988 const struct net_device *dev = arg->dev;
3989 struct net *net = dev_net(dev);
3991 if (rt == net->ipv6.fib6_null_entry)
3994 switch (arg->event) {
3995 case NETDEV_UNREGISTER:
3996 return rt->fib6_nh.nh_dev == dev ? -1 : 0;
3998 if (rt->should_flush)
4000 if (!rt->fib6_nsiblings)
4001 return rt->fib6_nh.nh_dev == dev ? -1 : 0;
4002 if (rt6_multipath_uses_dev(rt, dev)) {
4005 count = rt6_multipath_dead_count(rt, dev);
4006 if (rt->fib6_nsiblings + 1 == count) {
4007 rt6_multipath_flush(rt);
4010 rt6_multipath_nh_flags_set(rt, dev, RTNH_F_DEAD |
4012 fib6_update_sernum(net, rt);
4013 rt6_multipath_rebalance(rt);
4017 if (rt->fib6_nh.nh_dev != dev ||
4018 rt->fib6_flags & (RTF_LOCAL | RTF_ANYCAST))
4020 rt->fib6_nh.nh_flags |= RTNH_F_LINKDOWN;
4021 rt6_multipath_rebalance(rt);
4028 void rt6_sync_down_dev(struct net_device *dev, unsigned long event)
4030 struct arg_netdev_event arg = {
4036 struct net *net = dev_net(dev);
4038 if (net->ipv6.sysctl.skip_notify_on_dev_down)
4039 fib6_clean_all_skip_notify(net, fib6_ifdown, &arg);
4041 fib6_clean_all(net, fib6_ifdown, &arg);
4044 void rt6_disable_ip(struct net_device *dev, unsigned long event)
4046 rt6_sync_down_dev(dev, event);
4047 rt6_uncached_list_flush_dev(dev_net(dev), dev);
4048 neigh_ifdown(&nd_tbl, dev);
4051 struct rt6_mtu_change_arg {
4052 struct net_device *dev;
4056 static int rt6_mtu_change_route(struct fib6_info *rt, void *p_arg)
4058 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg;
4059 struct inet6_dev *idev;
4061 /* In IPv6 pmtu discovery is not optional,
4062 so that RTAX_MTU lock cannot disable it.
4063 We still use this lock to block changes
4064 caused by addrconf/ndisc.
4067 idev = __in6_dev_get(arg->dev);
4071 /* For administrative MTU increase, there is no way to discover
4072 IPv6 PMTU increase, so PMTU increase should be updated here.
4073 Since RFC 1981 doesn't include administrative MTU increase
4074 update PMTU increase is a MUST. (i.e. jumbo frame)
4076 if (rt->fib6_nh.nh_dev == arg->dev &&
4077 !fib6_metric_locked(rt, RTAX_MTU)) {
4078 u32 mtu = rt->fib6_pmtu;
4080 if (mtu >= arg->mtu ||
4081 (mtu < arg->mtu && mtu == idev->cnf.mtu6))
4082 fib6_metric_set(rt, RTAX_MTU, arg->mtu);
4084 spin_lock_bh(&rt6_exception_lock);
4085 rt6_exceptions_update_pmtu(idev, rt, arg->mtu);
4086 spin_unlock_bh(&rt6_exception_lock);
4091 void rt6_mtu_change(struct net_device *dev, unsigned int mtu)
4093 struct rt6_mtu_change_arg arg = {
4098 fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg);
4101 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
4102 [RTA_GATEWAY] = { .len = sizeof(struct in6_addr) },
4103 [RTA_PREFSRC] = { .len = sizeof(struct in6_addr) },
4104 [RTA_OIF] = { .type = NLA_U32 },
4105 [RTA_IIF] = { .type = NLA_U32 },
4106 [RTA_PRIORITY] = { .type = NLA_U32 },
4107 [RTA_METRICS] = { .type = NLA_NESTED },
4108 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) },
4109 [RTA_PREF] = { .type = NLA_U8 },
4110 [RTA_ENCAP_TYPE] = { .type = NLA_U16 },
4111 [RTA_ENCAP] = { .type = NLA_NESTED },
4112 [RTA_EXPIRES] = { .type = NLA_U32 },
4113 [RTA_UID] = { .type = NLA_U32 },
4114 [RTA_MARK] = { .type = NLA_U32 },
4115 [RTA_TABLE] = { .type = NLA_U32 },
4116 [RTA_IP_PROTO] = { .type = NLA_U8 },
4117 [RTA_SPORT] = { .type = NLA_U16 },
4118 [RTA_DPORT] = { .type = NLA_U16 },
4121 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
4122 struct fib6_config *cfg,
4123 struct netlink_ext_ack *extack)
4126 struct nlattr *tb[RTA_MAX+1];
4130 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy,
4136 rtm = nlmsg_data(nlh);
4138 *cfg = (struct fib6_config){
4139 .fc_table = rtm->rtm_table,
4140 .fc_dst_len = rtm->rtm_dst_len,
4141 .fc_src_len = rtm->rtm_src_len,
4143 .fc_protocol = rtm->rtm_protocol,
4144 .fc_type = rtm->rtm_type,
4146 .fc_nlinfo.portid = NETLINK_CB(skb).portid,
4147 .fc_nlinfo.nlh = nlh,
4148 .fc_nlinfo.nl_net = sock_net(skb->sk),
4151 if (rtm->rtm_type == RTN_UNREACHABLE ||
4152 rtm->rtm_type == RTN_BLACKHOLE ||
4153 rtm->rtm_type == RTN_PROHIBIT ||
4154 rtm->rtm_type == RTN_THROW)
4155 cfg->fc_flags |= RTF_REJECT;
4157 if (rtm->rtm_type == RTN_LOCAL)
4158 cfg->fc_flags |= RTF_LOCAL;
4160 if (rtm->rtm_flags & RTM_F_CLONED)
4161 cfg->fc_flags |= RTF_CACHE;
4163 cfg->fc_flags |= (rtm->rtm_flags & RTNH_F_ONLINK);
4165 if (tb[RTA_GATEWAY]) {
4166 cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]);
4167 cfg->fc_flags |= RTF_GATEWAY;
4171 int plen = (rtm->rtm_dst_len + 7) >> 3;
4173 if (nla_len(tb[RTA_DST]) < plen)
4176 nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen);
4180 int plen = (rtm->rtm_src_len + 7) >> 3;
4182 if (nla_len(tb[RTA_SRC]) < plen)
4185 nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen);
4188 if (tb[RTA_PREFSRC])
4189 cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]);
4192 cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]);
4194 if (tb[RTA_PRIORITY])
4195 cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]);
4197 if (tb[RTA_METRICS]) {
4198 cfg->fc_mx = nla_data(tb[RTA_METRICS]);
4199 cfg->fc_mx_len = nla_len(tb[RTA_METRICS]);
4203 cfg->fc_table = nla_get_u32(tb[RTA_TABLE]);
4205 if (tb[RTA_MULTIPATH]) {
4206 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
4207 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
4209 err = lwtunnel_valid_encap_type_attr(cfg->fc_mp,
4210 cfg->fc_mp_len, extack);
4216 pref = nla_get_u8(tb[RTA_PREF]);
4217 if (pref != ICMPV6_ROUTER_PREF_LOW &&
4218 pref != ICMPV6_ROUTER_PREF_HIGH)
4219 pref = ICMPV6_ROUTER_PREF_MEDIUM;
4220 cfg->fc_flags |= RTF_PREF(pref);
4224 cfg->fc_encap = tb[RTA_ENCAP];
4226 if (tb[RTA_ENCAP_TYPE]) {
4227 cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
4229 err = lwtunnel_valid_encap_type(cfg->fc_encap_type, extack);
4234 if (tb[RTA_EXPIRES]) {
4235 unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ);
4237 if (addrconf_finite_timeout(timeout)) {
4238 cfg->fc_expires = jiffies_to_clock_t(timeout * HZ);
4239 cfg->fc_flags |= RTF_EXPIRES;
4249 struct fib6_info *fib6_info;
4250 struct fib6_config r_cfg;
4251 struct list_head next;
4254 static void ip6_print_replace_route_err(struct list_head *rt6_nh_list)
4258 list_for_each_entry(nh, rt6_nh_list, next) {
4259 pr_warn("IPV6: multipath route replace failed (check consistency of installed routes): %pI6c nexthop %pI6c ifi %d\n",
4260 &nh->r_cfg.fc_dst, &nh->r_cfg.fc_gateway,
4261 nh->r_cfg.fc_ifindex);
4265 static int ip6_route_info_append(struct net *net,
4266 struct list_head *rt6_nh_list,
4267 struct fib6_info *rt,
4268 struct fib6_config *r_cfg)
4273 list_for_each_entry(nh, rt6_nh_list, next) {
4274 /* check if fib6_info already exists */
4275 if (rt6_duplicate_nexthop(nh->fib6_info, rt))
4279 nh = kzalloc(sizeof(*nh), GFP_KERNEL);
4283 memcpy(&nh->r_cfg, r_cfg, sizeof(*r_cfg));
4284 list_add_tail(&nh->next, rt6_nh_list);
4289 static void ip6_route_mpath_notify(struct fib6_info *rt,
4290 struct fib6_info *rt_last,
4291 struct nl_info *info,
4294 /* if this is an APPEND route, then rt points to the first route
4295 * inserted and rt_last points to last route inserted. Userspace
4296 * wants a consistent dump of the route which starts at the first
4297 * nexthop. Since sibling routes are always added at the end of
4298 * the list, find the first sibling of the last route appended
4300 if ((nlflags & NLM_F_APPEND) && rt_last && rt_last->fib6_nsiblings) {
4301 rt = list_first_entry(&rt_last->fib6_siblings,
4307 inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags);
4310 static int ip6_route_multipath_add(struct fib6_config *cfg,
4311 struct netlink_ext_ack *extack)
4313 struct fib6_info *rt_notif = NULL, *rt_last = NULL;
4314 struct nl_info *info = &cfg->fc_nlinfo;
4315 struct fib6_config r_cfg;
4316 struct rtnexthop *rtnh;
4317 struct fib6_info *rt;
4318 struct rt6_nh *err_nh;
4319 struct rt6_nh *nh, *nh_safe;
4325 int replace = (cfg->fc_nlinfo.nlh &&
4326 (cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_REPLACE));
4327 LIST_HEAD(rt6_nh_list);
4329 nlflags = replace ? NLM_F_REPLACE : NLM_F_CREATE;
4330 if (info->nlh && info->nlh->nlmsg_flags & NLM_F_APPEND)
4331 nlflags |= NLM_F_APPEND;
4333 remaining = cfg->fc_mp_len;
4334 rtnh = (struct rtnexthop *)cfg->fc_mp;
4336 /* Parse a Multipath Entry and build a list (rt6_nh_list) of
4337 * fib6_info structs per nexthop
4339 while (rtnh_ok(rtnh, remaining)) {
4340 memcpy(&r_cfg, cfg, sizeof(*cfg));
4341 if (rtnh->rtnh_ifindex)
4342 r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
4344 attrlen = rtnh_attrlen(rtnh);
4346 struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
4348 nla = nla_find(attrs, attrlen, RTA_GATEWAY);
4350 r_cfg.fc_gateway = nla_get_in6_addr(nla);
4351 r_cfg.fc_flags |= RTF_GATEWAY;
4353 r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
4354 nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
4356 r_cfg.fc_encap_type = nla_get_u16(nla);
4359 r_cfg.fc_flags |= (rtnh->rtnh_flags & RTNH_F_ONLINK);
4360 rt = ip6_route_info_create(&r_cfg, GFP_KERNEL, extack);
4366 if (!rt6_qualify_for_ecmp(rt)) {
4368 NL_SET_ERR_MSG(extack,
4369 "Device only routes can not be added for IPv6 using the multipath API.");
4370 fib6_info_release(rt);
4374 rt->fib6_nh.nh_weight = rtnh->rtnh_hops + 1;
4376 err = ip6_route_info_append(info->nl_net, &rt6_nh_list,
4379 fib6_info_release(rt);
4383 rtnh = rtnh_next(rtnh, &remaining);
4386 /* for add and replace send one notification with all nexthops.
4387 * Skip the notification in fib6_add_rt2node and send one with
4388 * the full route when done
4390 info->skip_notify = 1;
4393 list_for_each_entry(nh, &rt6_nh_list, next) {
4394 err = __ip6_ins_rt(nh->fib6_info, info, extack);
4395 fib6_info_release(nh->fib6_info);
4398 /* save reference to last route successfully inserted */
4399 rt_last = nh->fib6_info;
4401 /* save reference to first route for notification */
4403 rt_notif = nh->fib6_info;
4406 /* nh->fib6_info is used or freed at this point, reset to NULL*/
4407 nh->fib6_info = NULL;
4410 ip6_print_replace_route_err(&rt6_nh_list);
4415 /* Because each route is added like a single route we remove
4416 * these flags after the first nexthop: if there is a collision,
4417 * we have already failed to add the first nexthop:
4418 * fib6_add_rt2node() has rejected it; when replacing, old
4419 * nexthops have been replaced by first new, the rest should
4422 cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
4427 /* success ... tell user about new route */
4428 ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags);
4432 /* send notification for routes that were added so that
4433 * the delete notifications sent by ip6_route_del are
4437 ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags);
4439 /* Delete routes that were already added */
4440 list_for_each_entry(nh, &rt6_nh_list, next) {
4443 ip6_route_del(&nh->r_cfg, extack);
4447 list_for_each_entry_safe(nh, nh_safe, &rt6_nh_list, next) {
4449 fib6_info_release(nh->fib6_info);
4450 list_del(&nh->next);
4457 static int ip6_route_multipath_del(struct fib6_config *cfg,
4458 struct netlink_ext_ack *extack)
4460 struct fib6_config r_cfg;
4461 struct rtnexthop *rtnh;
4464 int err = 1, last_err = 0;
4466 remaining = cfg->fc_mp_len;
4467 rtnh = (struct rtnexthop *)cfg->fc_mp;
4469 /* Parse a Multipath Entry */
4470 while (rtnh_ok(rtnh, remaining)) {
4471 memcpy(&r_cfg, cfg, sizeof(*cfg));
4472 if (rtnh->rtnh_ifindex)
4473 r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
4475 attrlen = rtnh_attrlen(rtnh);
4477 struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
4479 nla = nla_find(attrs, attrlen, RTA_GATEWAY);
4481 nla_memcpy(&r_cfg.fc_gateway, nla, 16);
4482 r_cfg.fc_flags |= RTF_GATEWAY;
4485 err = ip6_route_del(&r_cfg, extack);
4489 rtnh = rtnh_next(rtnh, &remaining);
4495 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
4496 struct netlink_ext_ack *extack)
4498 struct fib6_config cfg;
4501 err = rtm_to_fib6_config(skb, nlh, &cfg, extack);
4506 return ip6_route_multipath_del(&cfg, extack);
4508 cfg.fc_delete_all_nh = 1;
4509 return ip6_route_del(&cfg, extack);
4513 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
4514 struct netlink_ext_ack *extack)
4516 struct fib6_config cfg;
4519 err = rtm_to_fib6_config(skb, nlh, &cfg, extack);
4524 return ip6_route_multipath_add(&cfg, extack);
4526 return ip6_route_add(&cfg, GFP_KERNEL, extack);
4529 static size_t rt6_nlmsg_size(struct fib6_info *rt)
4531 int nexthop_len = 0;
4533 if (rt->fib6_nsiblings) {
4534 nexthop_len = nla_total_size(0) /* RTA_MULTIPATH */
4535 + NLA_ALIGN(sizeof(struct rtnexthop))
4536 + nla_total_size(16) /* RTA_GATEWAY */
4537 + lwtunnel_get_encap_size(rt->fib6_nh.nh_lwtstate);
4539 nexthop_len *= rt->fib6_nsiblings;
4542 return NLMSG_ALIGN(sizeof(struct rtmsg))
4543 + nla_total_size(16) /* RTA_SRC */
4544 + nla_total_size(16) /* RTA_DST */
4545 + nla_total_size(16) /* RTA_GATEWAY */
4546 + nla_total_size(16) /* RTA_PREFSRC */
4547 + nla_total_size(4) /* RTA_TABLE */
4548 + nla_total_size(4) /* RTA_IIF */
4549 + nla_total_size(4) /* RTA_OIF */
4550 + nla_total_size(4) /* RTA_PRIORITY */
4551 + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */
4552 + nla_total_size(sizeof(struct rta_cacheinfo))
4553 + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */
4554 + nla_total_size(1) /* RTA_PREF */
4555 + lwtunnel_get_encap_size(rt->fib6_nh.nh_lwtstate)
4559 static int rt6_nexthop_info(struct sk_buff *skb, struct fib6_info *rt,
4560 unsigned int *flags, bool skip_oif)
4562 if (rt->fib6_nh.nh_flags & RTNH_F_DEAD)
4563 *flags |= RTNH_F_DEAD;
4565 if (rt->fib6_nh.nh_flags & RTNH_F_LINKDOWN) {
4566 *flags |= RTNH_F_LINKDOWN;
4569 if (fib6_ignore_linkdown(rt))
4570 *flags |= RTNH_F_DEAD;
4574 if (rt->fib6_flags & RTF_GATEWAY) {
4575 if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->fib6_nh.nh_gw) < 0)
4576 goto nla_put_failure;
4579 *flags |= (rt->fib6_nh.nh_flags & RTNH_F_ONLINK);
4580 if (rt->fib6_nh.nh_flags & RTNH_F_OFFLOAD)
4581 *flags |= RTNH_F_OFFLOAD;
4583 /* not needed for multipath encoding b/c it has a rtnexthop struct */
4584 if (!skip_oif && rt->fib6_nh.nh_dev &&
4585 nla_put_u32(skb, RTA_OIF, rt->fib6_nh.nh_dev->ifindex))
4586 goto nla_put_failure;
4588 if (rt->fib6_nh.nh_lwtstate &&
4589 lwtunnel_fill_encap(skb, rt->fib6_nh.nh_lwtstate) < 0)
4590 goto nla_put_failure;
4598 /* add multipath next hop */
4599 static int rt6_add_nexthop(struct sk_buff *skb, struct fib6_info *rt)
4601 const struct net_device *dev = rt->fib6_nh.nh_dev;
4602 struct rtnexthop *rtnh;
4603 unsigned int flags = 0;
4605 rtnh = nla_reserve_nohdr(skb, sizeof(*rtnh));
4607 goto nla_put_failure;
4609 rtnh->rtnh_hops = rt->fib6_nh.nh_weight - 1;
4610 rtnh->rtnh_ifindex = dev ? dev->ifindex : 0;
4612 if (rt6_nexthop_info(skb, rt, &flags, true) < 0)
4613 goto nla_put_failure;
4615 rtnh->rtnh_flags = flags;
4617 /* length of rtnetlink header + attributes */
4618 rtnh->rtnh_len = nlmsg_get_pos(skb) - (void *)rtnh;
4626 static int rt6_fill_node(struct net *net, struct sk_buff *skb,
4627 struct fib6_info *rt, struct dst_entry *dst,
4628 struct in6_addr *dest, struct in6_addr *src,
4629 int iif, int type, u32 portid, u32 seq,
4632 struct rt6_info *rt6 = (struct rt6_info *)dst;
4633 struct rt6key *rt6_dst, *rt6_src;
4634 u32 *pmetrics, table, rt6_flags;
4635 struct nlmsghdr *nlh;
4639 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags);
4644 rt6_dst = &rt6->rt6i_dst;
4645 rt6_src = &rt6->rt6i_src;
4646 rt6_flags = rt6->rt6i_flags;
4648 rt6_dst = &rt->fib6_dst;
4649 rt6_src = &rt->fib6_src;
4650 rt6_flags = rt->fib6_flags;
4653 rtm = nlmsg_data(nlh);
4654 rtm->rtm_family = AF_INET6;
4655 rtm->rtm_dst_len = rt6_dst->plen;
4656 rtm->rtm_src_len = rt6_src->plen;
4659 table = rt->fib6_table->tb6_id;
4661 table = RT6_TABLE_UNSPEC;
4662 rtm->rtm_table = table;
4663 if (nla_put_u32(skb, RTA_TABLE, table))
4664 goto nla_put_failure;
4666 rtm->rtm_type = rt->fib6_type;
4668 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
4669 rtm->rtm_protocol = rt->fib6_protocol;
4671 if (rt6_flags & RTF_CACHE)
4672 rtm->rtm_flags |= RTM_F_CLONED;
4675 if (nla_put_in6_addr(skb, RTA_DST, dest))
4676 goto nla_put_failure;
4677 rtm->rtm_dst_len = 128;
4678 } else if (rtm->rtm_dst_len)
4679 if (nla_put_in6_addr(skb, RTA_DST, &rt6_dst->addr))
4680 goto nla_put_failure;
4681 #ifdef CONFIG_IPV6_SUBTREES
4683 if (nla_put_in6_addr(skb, RTA_SRC, src))
4684 goto nla_put_failure;
4685 rtm->rtm_src_len = 128;
4686 } else if (rtm->rtm_src_len &&
4687 nla_put_in6_addr(skb, RTA_SRC, &rt6_src->addr))
4688 goto nla_put_failure;
4691 #ifdef CONFIG_IPV6_MROUTE
4692 if (ipv6_addr_is_multicast(&rt6_dst->addr)) {
4693 int err = ip6mr_get_route(net, skb, rtm, portid);
4698 goto nla_put_failure;
4701 if (nla_put_u32(skb, RTA_IIF, iif))
4702 goto nla_put_failure;
4704 struct in6_addr saddr_buf;
4705 if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 &&
4706 nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
4707 goto nla_put_failure;
4710 if (rt->fib6_prefsrc.plen) {
4711 struct in6_addr saddr_buf;
4712 saddr_buf = rt->fib6_prefsrc.addr;
4713 if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
4714 goto nla_put_failure;
4717 pmetrics = dst ? dst_metrics_ptr(dst) : rt->fib6_metrics->metrics;
4718 if (rtnetlink_put_metrics(skb, pmetrics) < 0)
4719 goto nla_put_failure;
4721 if (nla_put_u32(skb, RTA_PRIORITY, rt->fib6_metric))
4722 goto nla_put_failure;
4724 /* For multipath routes, walk the siblings list and add
4725 * each as a nexthop within RTA_MULTIPATH.
4728 if (rt6_flags & RTF_GATEWAY &&
4729 nla_put_in6_addr(skb, RTA_GATEWAY, &rt6->rt6i_gateway))
4730 goto nla_put_failure;
4732 if (dst->dev && nla_put_u32(skb, RTA_OIF, dst->dev->ifindex))
4733 goto nla_put_failure;
4734 } else if (rt->fib6_nsiblings) {
4735 struct fib6_info *sibling, *next_sibling;
4738 mp = nla_nest_start(skb, RTA_MULTIPATH);
4740 goto nla_put_failure;
4742 if (rt6_add_nexthop(skb, rt) < 0)
4743 goto nla_put_failure;
4745 list_for_each_entry_safe(sibling, next_sibling,
4746 &rt->fib6_siblings, fib6_siblings) {
4747 if (rt6_add_nexthop(skb, sibling) < 0)
4748 goto nla_put_failure;
4751 nla_nest_end(skb, mp);
4753 if (rt6_nexthop_info(skb, rt, &rtm->rtm_flags, false) < 0)
4754 goto nla_put_failure;
4757 if (rt6_flags & RTF_EXPIRES) {
4758 expires = dst ? dst->expires : rt->expires;
4762 if (rtnl_put_cacheinfo(skb, dst, 0, expires, dst ? dst->error : 0) < 0)
4763 goto nla_put_failure;
4765 if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt6_flags)))
4766 goto nla_put_failure;
4769 nlmsg_end(skb, nlh);
4773 nlmsg_cancel(skb, nlh);
4777 static bool fib6_info_uses_dev(const struct fib6_info *f6i,
4778 const struct net_device *dev)
4780 if (f6i->fib6_nh.nh_dev == dev)
4783 if (f6i->fib6_nsiblings) {
4784 struct fib6_info *sibling, *next_sibling;
4786 list_for_each_entry_safe(sibling, next_sibling,
4787 &f6i->fib6_siblings, fib6_siblings) {
4788 if (sibling->fib6_nh.nh_dev == dev)
4796 int rt6_dump_route(struct fib6_info *rt, void *p_arg)
4798 struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
4799 struct fib_dump_filter *filter = &arg->filter;
4800 unsigned int flags = NLM_F_MULTI;
4801 struct net *net = arg->net;
4803 if (rt == net->ipv6.fib6_null_entry)
4806 if ((filter->flags & RTM_F_PREFIX) &&
4807 !(rt->fib6_flags & RTF_PREFIX_RT)) {
4808 /* success since this is not a prefix route */
4811 if (filter->filter_set) {
4812 if ((filter->rt_type && rt->fib6_type != filter->rt_type) ||
4813 (filter->dev && !fib6_info_uses_dev(rt, filter->dev)) ||
4814 (filter->protocol && rt->fib6_protocol != filter->protocol)) {
4817 flags |= NLM_F_DUMP_FILTERED;
4820 return rt6_fill_node(net, arg->skb, rt, NULL, NULL, NULL, 0,
4821 RTM_NEWROUTE, NETLINK_CB(arg->cb->skb).portid,
4822 arg->cb->nlh->nlmsg_seq, flags);
4825 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
4826 struct netlink_ext_ack *extack)
4828 struct net *net = sock_net(in_skb->sk);
4829 struct nlattr *tb[RTA_MAX+1];
4830 int err, iif = 0, oif = 0;
4831 struct fib6_info *from;
4832 struct dst_entry *dst;
4833 struct rt6_info *rt;
4834 struct sk_buff *skb;
4836 struct flowi6 fl6 = {};
4839 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy,
4845 rtm = nlmsg_data(nlh);
4846 fl6.flowlabel = ip6_make_flowinfo(rtm->rtm_tos, 0);
4847 fibmatch = !!(rtm->rtm_flags & RTM_F_FIB_MATCH);
4850 if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr))
4853 fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]);
4857 if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr))
4860 fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]);
4864 iif = nla_get_u32(tb[RTA_IIF]);
4867 oif = nla_get_u32(tb[RTA_OIF]);
4870 fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]);
4873 fl6.flowi6_uid = make_kuid(current_user_ns(),
4874 nla_get_u32(tb[RTA_UID]));
4876 fl6.flowi6_uid = iif ? INVALID_UID : current_uid();
4879 fl6.fl6_sport = nla_get_be16(tb[RTA_SPORT]);
4882 fl6.fl6_dport = nla_get_be16(tb[RTA_DPORT]);
4884 if (tb[RTA_IP_PROTO]) {
4885 err = rtm_getroute_parse_ip_proto(tb[RTA_IP_PROTO],
4886 &fl6.flowi6_proto, extack);
4892 struct net_device *dev;
4897 dev = dev_get_by_index_rcu(net, iif);
4904 fl6.flowi6_iif = iif;
4906 if (!ipv6_addr_any(&fl6.saddr))
4907 flags |= RT6_LOOKUP_F_HAS_SADDR;
4909 dst = ip6_route_input_lookup(net, dev, &fl6, NULL, flags);
4913 fl6.flowi6_oif = oif;
4915 dst = ip6_route_output(net, NULL, &fl6);
4919 rt = container_of(dst, struct rt6_info, dst);
4920 if (rt->dst.error) {
4921 err = rt->dst.error;
4926 if (rt == net->ipv6.ip6_null_entry) {
4927 err = rt->dst.error;
4932 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
4939 skb_dst_set(skb, &rt->dst);
4942 from = rcu_dereference(rt->from);
4945 err = rt6_fill_node(net, skb, from, NULL, NULL, NULL, iif,
4946 RTM_NEWROUTE, NETLINK_CB(in_skb).portid,
4949 err = rt6_fill_node(net, skb, from, dst, &fl6.daddr,
4950 &fl6.saddr, iif, RTM_NEWROUTE,
4951 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
4960 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
4965 void inet6_rt_notify(int event, struct fib6_info *rt, struct nl_info *info,
4966 unsigned int nlm_flags)
4968 struct sk_buff *skb;
4969 struct net *net = info->nl_net;
4974 seq = info->nlh ? info->nlh->nlmsg_seq : 0;
4976 skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
4980 err = rt6_fill_node(net, skb, rt, NULL, NULL, NULL, 0,
4981 event, info->portid, seq, nlm_flags);
4983 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
4984 WARN_ON(err == -EMSGSIZE);
4988 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
4989 info->nlh, gfp_any());
4993 rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
4996 static int ip6_route_dev_notify(struct notifier_block *this,
4997 unsigned long event, void *ptr)
4999 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
5000 struct net *net = dev_net(dev);
5002 if (!(dev->flags & IFF_LOOPBACK))
5005 if (event == NETDEV_REGISTER) {
5006 net->ipv6.fib6_null_entry->fib6_nh.nh_dev = dev;
5007 net->ipv6.ip6_null_entry->dst.dev = dev;
5008 net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev);
5009 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5010 net->ipv6.ip6_prohibit_entry->dst.dev = dev;
5011 net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
5012 net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
5013 net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
5015 } else if (event == NETDEV_UNREGISTER &&
5016 dev->reg_state != NETREG_UNREGISTERED) {
5017 /* NETDEV_UNREGISTER could be fired for multiple times by
5018 * netdev_wait_allrefs(). Make sure we only call this once.
5020 in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
5021 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5022 in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
5023 in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
5034 #ifdef CONFIG_PROC_FS
5035 static int rt6_stats_seq_show(struct seq_file *seq, void *v)
5037 struct net *net = (struct net *)seq->private;
5038 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n",
5039 net->ipv6.rt6_stats->fib_nodes,
5040 net->ipv6.rt6_stats->fib_route_nodes,
5041 atomic_read(&net->ipv6.rt6_stats->fib_rt_alloc),
5042 net->ipv6.rt6_stats->fib_rt_entries,
5043 net->ipv6.rt6_stats->fib_rt_cache,
5044 dst_entries_get_slow(&net->ipv6.ip6_dst_ops),
5045 net->ipv6.rt6_stats->fib_discarded_routes);
5049 #endif /* CONFIG_PROC_FS */
5051 #ifdef CONFIG_SYSCTL
5054 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
5055 void __user *buffer, size_t *lenp, loff_t *ppos)
5063 net = (struct net *)ctl->extra1;
5064 delay = net->ipv6.sysctl.flush_delay;
5065 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
5069 fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0);
5076 static struct ctl_table ipv6_route_table_template[] = {
5078 .procname = "flush",
5079 .data = &init_net.ipv6.sysctl.flush_delay,
5080 .maxlen = sizeof(int),
5082 .proc_handler = ipv6_sysctl_rtcache_flush
5085 .procname = "gc_thresh",
5086 .data = &ip6_dst_ops_template.gc_thresh,
5087 .maxlen = sizeof(int),
5089 .proc_handler = proc_dointvec,
5092 .procname = "max_size",
5093 .data = &init_net.ipv6.sysctl.ip6_rt_max_size,
5094 .maxlen = sizeof(int),
5096 .proc_handler = proc_dointvec,
5099 .procname = "gc_min_interval",
5100 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
5101 .maxlen = sizeof(int),
5103 .proc_handler = proc_dointvec_jiffies,
5106 .procname = "gc_timeout",
5107 .data = &init_net.ipv6.sysctl.ip6_rt_gc_timeout,
5108 .maxlen = sizeof(int),
5110 .proc_handler = proc_dointvec_jiffies,
5113 .procname = "gc_interval",
5114 .data = &init_net.ipv6.sysctl.ip6_rt_gc_interval,
5115 .maxlen = sizeof(int),
5117 .proc_handler = proc_dointvec_jiffies,
5120 .procname = "gc_elasticity",
5121 .data = &init_net.ipv6.sysctl.ip6_rt_gc_elasticity,
5122 .maxlen = sizeof(int),
5124 .proc_handler = proc_dointvec,
5127 .procname = "mtu_expires",
5128 .data = &init_net.ipv6.sysctl.ip6_rt_mtu_expires,
5129 .maxlen = sizeof(int),
5131 .proc_handler = proc_dointvec_jiffies,
5134 .procname = "min_adv_mss",
5135 .data = &init_net.ipv6.sysctl.ip6_rt_min_advmss,
5136 .maxlen = sizeof(int),
5138 .proc_handler = proc_dointvec,
5141 .procname = "gc_min_interval_ms",
5142 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
5143 .maxlen = sizeof(int),
5145 .proc_handler = proc_dointvec_ms_jiffies,
5148 .procname = "skip_notify_on_dev_down",
5149 .data = &init_net.ipv6.sysctl.skip_notify_on_dev_down,
5150 .maxlen = sizeof(int),
5152 .proc_handler = proc_dointvec,
5159 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
5161 struct ctl_table *table;
5163 table = kmemdup(ipv6_route_table_template,
5164 sizeof(ipv6_route_table_template),
5168 table[0].data = &net->ipv6.sysctl.flush_delay;
5169 table[0].extra1 = net;
5170 table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh;
5171 table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
5172 table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
5173 table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
5174 table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
5175 table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
5176 table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
5177 table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
5178 table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
5179 table[10].data = &net->ipv6.sysctl.skip_notify_on_dev_down;
5181 /* Don't export sysctls to unprivileged users */
5182 if (net->user_ns != &init_user_ns)
5183 table[0].procname = NULL;
5190 static int __net_init ip6_route_net_init(struct net *net)
5194 memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template,
5195 sizeof(net->ipv6.ip6_dst_ops));
5197 if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0)
5198 goto out_ip6_dst_ops;
5200 net->ipv6.fib6_null_entry = kmemdup(&fib6_null_entry_template,
5201 sizeof(*net->ipv6.fib6_null_entry),
5203 if (!net->ipv6.fib6_null_entry)
5204 goto out_ip6_dst_entries;
5206 net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template,
5207 sizeof(*net->ipv6.ip6_null_entry),
5209 if (!net->ipv6.ip6_null_entry)
5210 goto out_fib6_null_entry;
5211 net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops;
5212 dst_init_metrics(&net->ipv6.ip6_null_entry->dst,
5213 ip6_template_metrics, true);
5215 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5216 net->ipv6.fib6_has_custom_rules = false;
5217 net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
5218 sizeof(*net->ipv6.ip6_prohibit_entry),
5220 if (!net->ipv6.ip6_prohibit_entry)
5221 goto out_ip6_null_entry;
5222 net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops;
5223 dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst,
5224 ip6_template_metrics, true);
5226 net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
5227 sizeof(*net->ipv6.ip6_blk_hole_entry),
5229 if (!net->ipv6.ip6_blk_hole_entry)
5230 goto out_ip6_prohibit_entry;
5231 net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
5232 dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
5233 ip6_template_metrics, true);
5236 net->ipv6.sysctl.flush_delay = 0;
5237 net->ipv6.sysctl.ip6_rt_max_size = 4096;
5238 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
5239 net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;
5240 net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ;
5241 net->ipv6.sysctl.ip6_rt_gc_elasticity = 9;
5242 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
5243 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
5244 net->ipv6.sysctl.skip_notify_on_dev_down = 0;
5246 net->ipv6.ip6_rt_gc_expire = 30*HZ;
5252 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5253 out_ip6_prohibit_entry:
5254 kfree(net->ipv6.ip6_prohibit_entry);
5256 kfree(net->ipv6.ip6_null_entry);
5258 out_fib6_null_entry:
5259 kfree(net->ipv6.fib6_null_entry);
5260 out_ip6_dst_entries:
5261 dst_entries_destroy(&net->ipv6.ip6_dst_ops);
5266 static void __net_exit ip6_route_net_exit(struct net *net)
5268 kfree(net->ipv6.fib6_null_entry);
5269 kfree(net->ipv6.ip6_null_entry);
5270 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5271 kfree(net->ipv6.ip6_prohibit_entry);
5272 kfree(net->ipv6.ip6_blk_hole_entry);
5274 dst_entries_destroy(&net->ipv6.ip6_dst_ops);
5277 static int __net_init ip6_route_net_init_late(struct net *net)
5279 #ifdef CONFIG_PROC_FS
5280 proc_create_net("ipv6_route", 0, net->proc_net, &ipv6_route_seq_ops,
5281 sizeof(struct ipv6_route_iter));
5282 proc_create_net_single("rt6_stats", 0444, net->proc_net,
5283 rt6_stats_seq_show, NULL);
5288 static void __net_exit ip6_route_net_exit_late(struct net *net)
5290 #ifdef CONFIG_PROC_FS
5291 remove_proc_entry("ipv6_route", net->proc_net);
5292 remove_proc_entry("rt6_stats", net->proc_net);
5296 static struct pernet_operations ip6_route_net_ops = {
5297 .init = ip6_route_net_init,
5298 .exit = ip6_route_net_exit,
5301 static int __net_init ipv6_inetpeer_init(struct net *net)
5303 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
5307 inet_peer_base_init(bp);
5308 net->ipv6.peers = bp;
5312 static void __net_exit ipv6_inetpeer_exit(struct net *net)
5314 struct inet_peer_base *bp = net->ipv6.peers;
5316 net->ipv6.peers = NULL;
5317 inetpeer_invalidate_tree(bp);
5321 static struct pernet_operations ipv6_inetpeer_ops = {
5322 .init = ipv6_inetpeer_init,
5323 .exit = ipv6_inetpeer_exit,
5326 static struct pernet_operations ip6_route_net_late_ops = {
5327 .init = ip6_route_net_init_late,
5328 .exit = ip6_route_net_exit_late,
5331 static struct notifier_block ip6_route_dev_notifier = {
5332 .notifier_call = ip6_route_dev_notify,
5333 .priority = ADDRCONF_NOTIFY_PRIORITY - 10,
5336 void __init ip6_route_init_special_entries(void)
5338 /* Registering of the loopback is done before this portion of code,
5339 * the loopback reference in rt6_info will not be taken, do it
5340 * manually for init_net */
5341 init_net.ipv6.fib6_null_entry->fib6_nh.nh_dev = init_net.loopback_dev;
5342 init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev;
5343 init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
5344 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
5345 init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev;
5346 init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
5347 init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
5348 init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
5352 int __init ip6_route_init(void)
5358 ip6_dst_ops_template.kmem_cachep =
5359 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0,
5360 SLAB_HWCACHE_ALIGN, NULL);
5361 if (!ip6_dst_ops_template.kmem_cachep)
5364 ret = dst_entries_init(&ip6_dst_blackhole_ops);
5366 goto out_kmem_cache;
5368 ret = register_pernet_subsys(&ipv6_inetpeer_ops);
5370 goto out_dst_entries;
5372 ret = register_pernet_subsys(&ip6_route_net_ops);
5374 goto out_register_inetpeer;
5376 ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep;
5380 goto out_register_subsys;
5386 ret = fib6_rules_init();
5390 ret = register_pernet_subsys(&ip6_route_net_late_ops);
5392 goto fib6_rules_init;
5394 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_NEWROUTE,
5395 inet6_rtm_newroute, NULL, 0);
5397 goto out_register_late_subsys;
5399 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_DELROUTE,
5400 inet6_rtm_delroute, NULL, 0);
5402 goto out_register_late_subsys;
5404 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETROUTE,
5405 inet6_rtm_getroute, NULL,
5406 RTNL_FLAG_DOIT_UNLOCKED);
5408 goto out_register_late_subsys;
5410 ret = register_netdevice_notifier(&ip6_route_dev_notifier);
5412 goto out_register_late_subsys;
5414 for_each_possible_cpu(cpu) {
5415 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
5417 INIT_LIST_HEAD(&ul->head);
5418 spin_lock_init(&ul->lock);
5424 out_register_late_subsys:
5425 rtnl_unregister_all(PF_INET6);
5426 unregister_pernet_subsys(&ip6_route_net_late_ops);
5428 fib6_rules_cleanup();
5433 out_register_subsys:
5434 unregister_pernet_subsys(&ip6_route_net_ops);
5435 out_register_inetpeer:
5436 unregister_pernet_subsys(&ipv6_inetpeer_ops);
5438 dst_entries_destroy(&ip6_dst_blackhole_ops);
5440 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
5444 void ip6_route_cleanup(void)
5446 unregister_netdevice_notifier(&ip6_route_dev_notifier);
5447 unregister_pernet_subsys(&ip6_route_net_late_ops);
5448 fib6_rules_cleanup();
5451 unregister_pernet_subsys(&ipv6_inetpeer_ops);
5452 unregister_pernet_subsys(&ip6_route_net_ops);
5453 dst_entries_destroy(&ip6_dst_blackhole_ops);
5454 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
projects / linux.git / blob