2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/net_namespace.h>
95 #include <net/protocol.h>
97 #include <net/route.h>
98 #include <net/inetpeer.h>
100 #include <net/ip_fib.h>
103 #include <net/icmp.h>
104 #include <net/xfrm.h>
105 #include <net/netevent.h>
106 #include <net/rtnetlink.h>
108 #include <linux/sysctl.h>
109 #include <linux/kmemleak.h>
111 #include <net/secure_seq.h>
113 #define RT_FL_TOS(oldflp4) \
114 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
116 #define RT_GC_TIMEOUT (300*HZ)
118 static int ip_rt_max_size;
119 static int ip_rt_redirect_number __read_mostly = 9;
120 static int ip_rt_redirect_load __read_mostly = HZ / 50;
121 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
122 static int ip_rt_error_cost __read_mostly = HZ;
123 static int ip_rt_error_burst __read_mostly = 5 * HZ;
124 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
125 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
126 static int ip_rt_min_advmss __read_mostly = 256;
129 * Interface to generic destination cache.
132 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
133 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
134 static unsigned int ipv4_mtu(const struct dst_entry *dst);
135 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
136 static void ipv4_link_failure(struct sk_buff *skb);
137 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
138 struct sk_buff *skb, u32 mtu);
139 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
140 struct sk_buff *skb);
141 static void ipv4_dst_destroy(struct dst_entry *dst);
143 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
149 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
153 static struct dst_ops ipv4_dst_ops = {
155 .protocol = cpu_to_be16(ETH_P_IP),
156 .check = ipv4_dst_check,
157 .default_advmss = ipv4_default_advmss,
159 .cow_metrics = ipv4_cow_metrics,
160 .destroy = ipv4_dst_destroy,
161 .negative_advice = ipv4_negative_advice,
162 .link_failure = ipv4_link_failure,
163 .update_pmtu = ip_rt_update_pmtu,
164 .redirect = ip_do_redirect,
165 .local_out = __ip_local_out,
166 .neigh_lookup = ipv4_neigh_lookup,
169 #define ECN_OR_COST(class) TC_PRIO_##class
171 const __u8 ip_tos2prio[16] = {
173 ECN_OR_COST(BESTEFFORT),
175 ECN_OR_COST(BESTEFFORT),
181 ECN_OR_COST(INTERACTIVE),
183 ECN_OR_COST(INTERACTIVE),
184 TC_PRIO_INTERACTIVE_BULK,
185 ECN_OR_COST(INTERACTIVE_BULK),
186 TC_PRIO_INTERACTIVE_BULK,
187 ECN_OR_COST(INTERACTIVE_BULK)
189 EXPORT_SYMBOL(ip_tos2prio);
191 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
192 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
194 #ifdef CONFIG_PROC_FS
195 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
199 return SEQ_START_TOKEN;
202 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
208 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
212 static int rt_cache_seq_show(struct seq_file *seq, void *v)
214 if (v == SEQ_START_TOKEN)
215 seq_printf(seq, "%-127s\n",
216 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
217 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
222 static const struct seq_operations rt_cache_seq_ops = {
223 .start = rt_cache_seq_start,
224 .next = rt_cache_seq_next,
225 .stop = rt_cache_seq_stop,
226 .show = rt_cache_seq_show,
229 static int rt_cache_seq_open(struct inode *inode, struct file *file)
231 return seq_open(file, &rt_cache_seq_ops);
234 static const struct file_operations rt_cache_seq_fops = {
235 .owner = THIS_MODULE,
236 .open = rt_cache_seq_open,
239 .release = seq_release,
243 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
248 return SEQ_START_TOKEN;
250 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
251 if (!cpu_possible(cpu))
254 return &per_cpu(rt_cache_stat, cpu);
259 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
263 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
264 if (!cpu_possible(cpu))
267 return &per_cpu(rt_cache_stat, cpu);
273 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
278 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
280 struct rt_cache_stat *st = v;
282 if (v == SEQ_START_TOKEN) {
283 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
287 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
288 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
289 dst_entries_get_slow(&ipv4_dst_ops),
302 0, /* st->gc_total */
303 0, /* st->gc_ignored */
304 0, /* st->gc_goal_miss */
305 0, /* st->gc_dst_overflow */
306 0, /* st->in_hlist_search */
307 0 /* st->out_hlist_search */
312 static const struct seq_operations rt_cpu_seq_ops = {
313 .start = rt_cpu_seq_start,
314 .next = rt_cpu_seq_next,
315 .stop = rt_cpu_seq_stop,
316 .show = rt_cpu_seq_show,
320 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
322 return seq_open(file, &rt_cpu_seq_ops);
325 static const struct file_operations rt_cpu_seq_fops = {
326 .owner = THIS_MODULE,
327 .open = rt_cpu_seq_open,
330 .release = seq_release,
333 #ifdef CONFIG_IP_ROUTE_CLASSID
334 static int rt_acct_proc_show(struct seq_file *m, void *v)
336 struct ip_rt_acct *dst, *src;
339 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
343 for_each_possible_cpu(i) {
344 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
345 for (j = 0; j < 256; j++) {
346 dst[j].o_bytes += src[j].o_bytes;
347 dst[j].o_packets += src[j].o_packets;
348 dst[j].i_bytes += src[j].i_bytes;
349 dst[j].i_packets += src[j].i_packets;
353 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
358 static int rt_acct_proc_open(struct inode *inode, struct file *file)
360 return single_open(file, rt_acct_proc_show, NULL);
363 static const struct file_operations rt_acct_proc_fops = {
364 .owner = THIS_MODULE,
365 .open = rt_acct_proc_open,
368 .release = single_release,
372 static int __net_init ip_rt_do_proc_init(struct net *net)
374 struct proc_dir_entry *pde;
376 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
381 pde = proc_create("rt_cache", S_IRUGO,
382 net->proc_net_stat, &rt_cpu_seq_fops);
386 #ifdef CONFIG_IP_ROUTE_CLASSID
387 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
393 #ifdef CONFIG_IP_ROUTE_CLASSID
395 remove_proc_entry("rt_cache", net->proc_net_stat);
398 remove_proc_entry("rt_cache", net->proc_net);
403 static void __net_exit ip_rt_do_proc_exit(struct net *net)
405 remove_proc_entry("rt_cache", net->proc_net_stat);
406 remove_proc_entry("rt_cache", net->proc_net);
407 #ifdef CONFIG_IP_ROUTE_CLASSID
408 remove_proc_entry("rt_acct", net->proc_net);
412 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
413 .init = ip_rt_do_proc_init,
414 .exit = ip_rt_do_proc_exit,
417 static int __init ip_rt_proc_init(void)
419 return register_pernet_subsys(&ip_rt_proc_ops);
423 static inline int ip_rt_proc_init(void)
427 #endif /* CONFIG_PROC_FS */
429 static inline bool rt_is_expired(const struct rtable *rth)
431 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
434 void rt_cache_flush(struct net *net)
436 rt_genid_bump_ipv4(net);
439 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
443 struct net_device *dev = dst->dev;
444 const __be32 *pkey = daddr;
445 const struct rtable *rt;
448 rt = (const struct rtable *) dst;
450 pkey = (const __be32 *) &rt->rt_gateway;
452 pkey = &ip_hdr(skb)->daddr;
454 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
457 return neigh_create(&arp_tbl, pkey, dev);
460 atomic_t *ip_idents __read_mostly;
461 EXPORT_SYMBOL(ip_idents);
463 void __ip_select_ident(struct iphdr *iph, int segs)
465 static u32 ip_idents_hashrnd __read_mostly;
468 net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
470 hash = jhash_1word((__force u32)iph->daddr, ip_idents_hashrnd);
471 id = ip_idents_reserve(hash, segs);
474 EXPORT_SYMBOL(__ip_select_ident);
476 static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk,
477 const struct iphdr *iph,
479 u8 prot, u32 mark, int flow_flags)
482 const struct inet_sock *inet = inet_sk(sk);
484 oif = sk->sk_bound_dev_if;
486 tos = RT_CONN_FLAGS(sk);
487 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
489 flowi4_init_output(fl4, oif, mark, tos,
490 RT_SCOPE_UNIVERSE, prot,
492 iph->daddr, iph->saddr, 0, 0);
495 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
496 const struct sock *sk)
498 const struct iphdr *iph = ip_hdr(skb);
499 int oif = skb->dev->ifindex;
500 u8 tos = RT_TOS(iph->tos);
501 u8 prot = iph->protocol;
502 u32 mark = skb->mark;
504 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
507 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
509 const struct inet_sock *inet = inet_sk(sk);
510 const struct ip_options_rcu *inet_opt;
511 __be32 daddr = inet->inet_daddr;
514 inet_opt = rcu_dereference(inet->inet_opt);
515 if (inet_opt && inet_opt->opt.srr)
516 daddr = inet_opt->opt.faddr;
517 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
518 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
519 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
520 inet_sk_flowi_flags(sk),
521 daddr, inet->inet_saddr, 0, 0);
525 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
526 const struct sk_buff *skb)
529 build_skb_flow_key(fl4, skb, sk);
531 build_sk_flow_key(fl4, sk);
534 static inline void rt_free(struct rtable *rt)
536 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
539 static DEFINE_SPINLOCK(fnhe_lock);
541 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
545 rt = rcu_dereference(fnhe->fnhe_rth_input);
547 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
550 rt = rcu_dereference(fnhe->fnhe_rth_output);
552 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
557 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
559 struct fib_nh_exception *fnhe, *oldest;
561 oldest = rcu_dereference(hash->chain);
562 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
563 fnhe = rcu_dereference(fnhe->fnhe_next)) {
564 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
567 fnhe_flush_routes(oldest);
571 static inline u32 fnhe_hashfun(__be32 daddr)
575 hval = (__force u32) daddr;
576 hval ^= (hval >> 11) ^ (hval >> 22);
578 return hval & (FNHE_HASH_SIZE - 1);
581 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
583 rt->rt_pmtu = fnhe->fnhe_pmtu;
584 rt->dst.expires = fnhe->fnhe_expires;
587 rt->rt_flags |= RTCF_REDIRECTED;
588 rt->rt_gateway = fnhe->fnhe_gw;
589 rt->rt_uses_gateway = 1;
593 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
594 u32 pmtu, unsigned long expires)
596 struct fnhe_hash_bucket *hash;
597 struct fib_nh_exception *fnhe;
601 u32 hval = fnhe_hashfun(daddr);
603 spin_lock_bh(&fnhe_lock);
605 hash = nh->nh_exceptions;
607 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
610 nh->nh_exceptions = hash;
616 for (fnhe = rcu_dereference(hash->chain); fnhe;
617 fnhe = rcu_dereference(fnhe->fnhe_next)) {
618 if (fnhe->fnhe_daddr == daddr)
627 fnhe->fnhe_pmtu = pmtu;
628 fnhe->fnhe_expires = max(1UL, expires);
630 /* Update all cached dsts too */
631 rt = rcu_dereference(fnhe->fnhe_rth_input);
633 fill_route_from_fnhe(rt, fnhe);
634 rt = rcu_dereference(fnhe->fnhe_rth_output);
636 fill_route_from_fnhe(rt, fnhe);
638 if (depth > FNHE_RECLAIM_DEPTH)
639 fnhe = fnhe_oldest(hash);
641 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
645 fnhe->fnhe_next = hash->chain;
646 rcu_assign_pointer(hash->chain, fnhe);
648 fnhe->fnhe_genid = fnhe_genid(dev_net(nh->nh_dev));
649 fnhe->fnhe_daddr = daddr;
651 fnhe->fnhe_pmtu = pmtu;
652 fnhe->fnhe_expires = expires;
654 /* Exception created; mark the cached routes for the nexthop
655 * stale, so anyone caching it rechecks if this exception
658 rt = rcu_dereference(nh->nh_rth_input);
660 rt->dst.obsolete = DST_OBSOLETE_KILL;
662 for_each_possible_cpu(i) {
663 struct rtable __rcu **prt;
664 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
665 rt = rcu_dereference(*prt);
667 rt->dst.obsolete = DST_OBSOLETE_KILL;
671 fnhe->fnhe_stamp = jiffies;
674 spin_unlock_bh(&fnhe_lock);
677 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
680 __be32 new_gw = icmp_hdr(skb)->un.gateway;
681 __be32 old_gw = ip_hdr(skb)->saddr;
682 struct net_device *dev = skb->dev;
683 struct in_device *in_dev;
684 struct fib_result res;
688 switch (icmp_hdr(skb)->code & 7) {
690 case ICMP_REDIR_NETTOS:
691 case ICMP_REDIR_HOST:
692 case ICMP_REDIR_HOSTTOS:
699 if (rt->rt_gateway != old_gw)
702 in_dev = __in_dev_get_rcu(dev);
707 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
708 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
709 ipv4_is_zeronet(new_gw))
710 goto reject_redirect;
712 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
713 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
714 goto reject_redirect;
715 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
716 goto reject_redirect;
718 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
719 goto reject_redirect;
722 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
724 if (!(n->nud_state & NUD_VALID)) {
725 neigh_event_send(n, NULL);
727 if (fib_lookup(net, fl4, &res) == 0) {
728 struct fib_nh *nh = &FIB_RES_NH(res);
730 update_or_create_fnhe(nh, fl4->daddr, new_gw,
734 rt->dst.obsolete = DST_OBSOLETE_KILL;
735 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
742 #ifdef CONFIG_IP_ROUTE_VERBOSE
743 if (IN_DEV_LOG_MARTIANS(in_dev)) {
744 const struct iphdr *iph = (const struct iphdr *) skb->data;
745 __be32 daddr = iph->daddr;
746 __be32 saddr = iph->saddr;
748 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
749 " Advised path = %pI4 -> %pI4\n",
750 &old_gw, dev->name, &new_gw,
757 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
761 const struct iphdr *iph = (const struct iphdr *) skb->data;
762 int oif = skb->dev->ifindex;
763 u8 tos = RT_TOS(iph->tos);
764 u8 prot = iph->protocol;
765 u32 mark = skb->mark;
767 rt = (struct rtable *) dst;
769 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
770 __ip_do_redirect(rt, skb, &fl4, true);
773 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
775 struct rtable *rt = (struct rtable *)dst;
776 struct dst_entry *ret = dst;
779 if (dst->obsolete > 0) {
782 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
793 * 1. The first ip_rt_redirect_number redirects are sent
794 * with exponential backoff, then we stop sending them at all,
795 * assuming that the host ignores our redirects.
796 * 2. If we did not see packets requiring redirects
797 * during ip_rt_redirect_silence, we assume that the host
798 * forgot redirected route and start to send redirects again.
800 * This algorithm is much cheaper and more intelligent than dumb load limiting
803 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
804 * and "frag. need" (breaks PMTU discovery) in icmp.c.
807 void ip_rt_send_redirect(struct sk_buff *skb)
809 struct rtable *rt = skb_rtable(skb);
810 struct in_device *in_dev;
811 struct inet_peer *peer;
816 in_dev = __in_dev_get_rcu(rt->dst.dev);
817 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
821 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
824 net = dev_net(rt->dst.dev);
825 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
827 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
828 rt_nexthop(rt, ip_hdr(skb)->daddr));
832 /* No redirected packets during ip_rt_redirect_silence;
833 * reset the algorithm.
835 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
836 peer->rate_tokens = 0;
838 /* Too many ignored redirects; do not send anything
839 * set dst.rate_last to the last seen redirected packet.
841 if (peer->rate_tokens >= ip_rt_redirect_number) {
842 peer->rate_last = jiffies;
846 /* Check for load limit; set rate_last to the latest sent
849 if (peer->rate_tokens == 0 ||
852 (ip_rt_redirect_load << peer->rate_tokens)))) {
853 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
855 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
856 peer->rate_last = jiffies;
858 #ifdef CONFIG_IP_ROUTE_VERBOSE
860 peer->rate_tokens == ip_rt_redirect_number)
861 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
862 &ip_hdr(skb)->saddr, inet_iif(skb),
863 &ip_hdr(skb)->daddr, &gw);
870 static int ip_error(struct sk_buff *skb)
872 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
873 struct rtable *rt = skb_rtable(skb);
874 struct inet_peer *peer;
880 net = dev_net(rt->dst.dev);
881 if (!IN_DEV_FORWARD(in_dev)) {
882 switch (rt->dst.error) {
884 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
888 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
894 switch (rt->dst.error) {
899 code = ICMP_HOST_UNREACH;
902 code = ICMP_NET_UNREACH;
903 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
906 code = ICMP_PKT_FILTERED;
910 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
915 peer->rate_tokens += now - peer->rate_last;
916 if (peer->rate_tokens > ip_rt_error_burst)
917 peer->rate_tokens = ip_rt_error_burst;
918 peer->rate_last = now;
919 if (peer->rate_tokens >= ip_rt_error_cost)
920 peer->rate_tokens -= ip_rt_error_cost;
926 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
932 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
934 struct dst_entry *dst = &rt->dst;
935 struct fib_result res;
937 if (dst_metric_locked(dst, RTAX_MTU))
940 if (dst->dev->mtu < mtu)
943 if (mtu < ip_rt_min_pmtu)
944 mtu = ip_rt_min_pmtu;
946 if (rt->rt_pmtu == mtu &&
947 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
951 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
952 struct fib_nh *nh = &FIB_RES_NH(res);
954 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
955 jiffies + ip_rt_mtu_expires);
960 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
961 struct sk_buff *skb, u32 mtu)
963 struct rtable *rt = (struct rtable *) dst;
966 ip_rt_build_flow_key(&fl4, sk, skb);
967 __ip_rt_update_pmtu(rt, &fl4, mtu);
970 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
971 int oif, u32 mark, u8 protocol, int flow_flags)
973 const struct iphdr *iph = (const struct iphdr *) skb->data;
978 mark = IP4_REPLY_MARK(net, skb->mark);
980 __build_flow_key(&fl4, NULL, iph, oif,
981 RT_TOS(iph->tos), protocol, mark, flow_flags);
982 rt = __ip_route_output_key(net, &fl4);
984 __ip_rt_update_pmtu(rt, &fl4, mtu);
988 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
990 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
992 const struct iphdr *iph = (const struct iphdr *) skb->data;
996 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
998 if (!fl4.flowi4_mark)
999 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1001 rt = __ip_route_output_key(sock_net(sk), &fl4);
1003 __ip_rt_update_pmtu(rt, &fl4, mtu);
1008 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1010 const struct iphdr *iph = (const struct iphdr *) skb->data;
1013 struct dst_entry *odst = NULL;
1018 if (!ip_sk_accept_pmtu(sk))
1021 odst = sk_dst_get(sk);
1023 if (sock_owned_by_user(sk) || !odst) {
1024 __ipv4_sk_update_pmtu(skb, sk, mtu);
1028 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1030 rt = (struct rtable *)odst;
1031 if (odst->obsolete && odst->ops->check(odst, 0) == NULL) {
1032 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1039 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1041 if (!dst_check(&rt->dst, 0)) {
1043 dst_release(&rt->dst);
1045 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1053 sk_dst_set(sk, &rt->dst);
1059 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1061 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1062 int oif, u32 mark, u8 protocol, int flow_flags)
1064 const struct iphdr *iph = (const struct iphdr *) skb->data;
1068 __build_flow_key(&fl4, NULL, iph, oif,
1069 RT_TOS(iph->tos), protocol, mark, flow_flags);
1070 rt = __ip_route_output_key(net, &fl4);
1072 __ip_do_redirect(rt, skb, &fl4, false);
1076 EXPORT_SYMBOL_GPL(ipv4_redirect);
1078 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1080 const struct iphdr *iph = (const struct iphdr *) skb->data;
1084 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1085 rt = __ip_route_output_key(sock_net(sk), &fl4);
1087 __ip_do_redirect(rt, skb, &fl4, false);
1091 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1093 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1095 struct rtable *rt = (struct rtable *) dst;
1097 /* All IPV4 dsts are created with ->obsolete set to the value
1098 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1099 * into this function always.
1101 * When a PMTU/redirect information update invalidates a route,
1102 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1103 * DST_OBSOLETE_DEAD by dst_free().
1105 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1110 static void ipv4_link_failure(struct sk_buff *skb)
1114 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1116 rt = skb_rtable(skb);
1118 dst_set_expires(&rt->dst, 0);
1121 static int ip_rt_bug(struct sock *sk, struct sk_buff *skb)
1123 pr_debug("%s: %pI4 -> %pI4, %s\n",
1124 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1125 skb->dev ? skb->dev->name : "?");
1132 We do not cache source address of outgoing interface,
1133 because it is used only by IP RR, TS and SRR options,
1134 so that it out of fast path.
1136 BTW remember: "addr" is allowed to be not aligned
1140 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1144 if (rt_is_output_route(rt))
1145 src = ip_hdr(skb)->saddr;
1147 struct fib_result res;
1153 memset(&fl4, 0, sizeof(fl4));
1154 fl4.daddr = iph->daddr;
1155 fl4.saddr = iph->saddr;
1156 fl4.flowi4_tos = RT_TOS(iph->tos);
1157 fl4.flowi4_oif = rt->dst.dev->ifindex;
1158 fl4.flowi4_iif = skb->dev->ifindex;
1159 fl4.flowi4_mark = skb->mark;
1162 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1163 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1165 src = inet_select_addr(rt->dst.dev,
1166 rt_nexthop(rt, iph->daddr),
1170 memcpy(addr, &src, 4);
1173 #ifdef CONFIG_IP_ROUTE_CLASSID
1174 static void set_class_tag(struct rtable *rt, u32 tag)
1176 if (!(rt->dst.tclassid & 0xFFFF))
1177 rt->dst.tclassid |= tag & 0xFFFF;
1178 if (!(rt->dst.tclassid & 0xFFFF0000))
1179 rt->dst.tclassid |= tag & 0xFFFF0000;
1183 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1185 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1188 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1190 if (advmss > 65535 - 40)
1191 advmss = 65535 - 40;
1196 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1198 const struct rtable *rt = (const struct rtable *) dst;
1199 unsigned int mtu = rt->rt_pmtu;
1201 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1202 mtu = dst_metric_raw(dst, RTAX_MTU);
1207 mtu = dst->dev->mtu;
1209 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1210 if (rt->rt_uses_gateway && mtu > 576)
1214 return min_t(unsigned int, mtu, IP_MAX_MTU);
1217 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1219 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1220 struct fib_nh_exception *fnhe;
1226 hval = fnhe_hashfun(daddr);
1228 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1229 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1230 if (fnhe->fnhe_daddr == daddr)
1236 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1241 spin_lock_bh(&fnhe_lock);
1243 if (daddr == fnhe->fnhe_daddr) {
1244 struct rtable __rcu **porig;
1245 struct rtable *orig;
1246 int genid = fnhe_genid(dev_net(rt->dst.dev));
1248 if (rt_is_input_route(rt))
1249 porig = &fnhe->fnhe_rth_input;
1251 porig = &fnhe->fnhe_rth_output;
1252 orig = rcu_dereference(*porig);
1254 if (fnhe->fnhe_genid != genid) {
1255 fnhe->fnhe_genid = genid;
1257 fnhe->fnhe_pmtu = 0;
1258 fnhe->fnhe_expires = 0;
1259 fnhe_flush_routes(fnhe);
1262 fill_route_from_fnhe(rt, fnhe);
1263 if (!rt->rt_gateway)
1264 rt->rt_gateway = daddr;
1266 if (!(rt->dst.flags & DST_NOCACHE)) {
1267 rcu_assign_pointer(*porig, rt);
1273 fnhe->fnhe_stamp = jiffies;
1275 spin_unlock_bh(&fnhe_lock);
1280 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1282 struct rtable *orig, *prev, **p;
1285 if (rt_is_input_route(rt)) {
1286 p = (struct rtable **)&nh->nh_rth_input;
1288 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1292 prev = cmpxchg(p, orig, rt);
1302 static DEFINE_SPINLOCK(rt_uncached_lock);
1303 static LIST_HEAD(rt_uncached_list);
1305 static void rt_add_uncached_list(struct rtable *rt)
1307 spin_lock_bh(&rt_uncached_lock);
1308 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1309 spin_unlock_bh(&rt_uncached_lock);
1312 static void ipv4_dst_destroy(struct dst_entry *dst)
1314 struct rtable *rt = (struct rtable *) dst;
1316 if (!list_empty(&rt->rt_uncached)) {
1317 spin_lock_bh(&rt_uncached_lock);
1318 list_del(&rt->rt_uncached);
1319 spin_unlock_bh(&rt_uncached_lock);
1323 void rt_flush_dev(struct net_device *dev)
1325 if (!list_empty(&rt_uncached_list)) {
1326 struct net *net = dev_net(dev);
1329 spin_lock_bh(&rt_uncached_lock);
1330 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1331 if (rt->dst.dev != dev)
1333 rt->dst.dev = net->loopback_dev;
1334 dev_hold(rt->dst.dev);
1337 spin_unlock_bh(&rt_uncached_lock);
1341 static bool rt_cache_valid(const struct rtable *rt)
1344 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1348 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1349 const struct fib_result *res,
1350 struct fib_nh_exception *fnhe,
1351 struct fib_info *fi, u16 type, u32 itag)
1353 bool cached = false;
1356 struct fib_nh *nh = &FIB_RES_NH(*res);
1358 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1359 rt->rt_gateway = nh->nh_gw;
1360 rt->rt_uses_gateway = 1;
1362 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1363 #ifdef CONFIG_IP_ROUTE_CLASSID
1364 rt->dst.tclassid = nh->nh_tclassid;
1367 cached = rt_bind_exception(rt, fnhe, daddr);
1368 else if (!(rt->dst.flags & DST_NOCACHE))
1369 cached = rt_cache_route(nh, rt);
1370 if (unlikely(!cached)) {
1371 /* Routes we intend to cache in nexthop exception or
1372 * FIB nexthop have the DST_NOCACHE bit clear.
1373 * However, if we are unsuccessful at storing this
1374 * route into the cache we really need to set it.
1376 rt->dst.flags |= DST_NOCACHE;
1377 if (!rt->rt_gateway)
1378 rt->rt_gateway = daddr;
1379 rt_add_uncached_list(rt);
1382 rt_add_uncached_list(rt);
1384 #ifdef CONFIG_IP_ROUTE_CLASSID
1385 #ifdef CONFIG_IP_MULTIPLE_TABLES
1386 set_class_tag(rt, res->tclassid);
1388 set_class_tag(rt, itag);
1392 static struct rtable *rt_dst_alloc(struct net_device *dev,
1393 bool nopolicy, bool noxfrm, bool will_cache)
1395 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1396 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1397 (nopolicy ? DST_NOPOLICY : 0) |
1398 (noxfrm ? DST_NOXFRM : 0));
1401 /* called in rcu_read_lock() section */
1402 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1403 u8 tos, struct net_device *dev, int our)
1406 struct in_device *in_dev = __in_dev_get_rcu(dev);
1410 /* Primary sanity checks. */
1415 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1416 skb->protocol != htons(ETH_P_IP))
1419 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1420 if (ipv4_is_loopback(saddr))
1423 if (ipv4_is_zeronet(saddr)) {
1424 if (!ipv4_is_local_multicast(daddr))
1427 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1432 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1433 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1437 #ifdef CONFIG_IP_ROUTE_CLASSID
1438 rth->dst.tclassid = itag;
1440 rth->dst.output = ip_rt_bug;
1442 rth->rt_genid = rt_genid_ipv4(dev_net(dev));
1443 rth->rt_flags = RTCF_MULTICAST;
1444 rth->rt_type = RTN_MULTICAST;
1445 rth->rt_is_input= 1;
1448 rth->rt_gateway = 0;
1449 rth->rt_uses_gateway = 0;
1450 INIT_LIST_HEAD(&rth->rt_uncached);
1452 rth->dst.input= ip_local_deliver;
1453 rth->rt_flags |= RTCF_LOCAL;
1456 #ifdef CONFIG_IP_MROUTE
1457 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1458 rth->dst.input = ip_mr_input;
1460 RT_CACHE_STAT_INC(in_slow_mc);
1462 skb_dst_set(skb, &rth->dst);
1474 static void ip_handle_martian_source(struct net_device *dev,
1475 struct in_device *in_dev,
1476 struct sk_buff *skb,
1480 RT_CACHE_STAT_INC(in_martian_src);
1481 #ifdef CONFIG_IP_ROUTE_VERBOSE
1482 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1484 * RFC1812 recommendation, if source is martian,
1485 * the only hint is MAC header.
1487 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1488 &daddr, &saddr, dev->name);
1489 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1490 print_hex_dump(KERN_WARNING, "ll header: ",
1491 DUMP_PREFIX_OFFSET, 16, 1,
1492 skb_mac_header(skb),
1493 dev->hard_header_len, true);
1499 /* called in rcu_read_lock() section */
1500 static int __mkroute_input(struct sk_buff *skb,
1501 const struct fib_result *res,
1502 struct in_device *in_dev,
1503 __be32 daddr, __be32 saddr, u32 tos)
1505 struct fib_nh_exception *fnhe;
1508 struct in_device *out_dev;
1509 unsigned int flags = 0;
1513 /* get a working reference to the output device */
1514 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1515 if (out_dev == NULL) {
1516 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1520 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1521 in_dev->dev, in_dev, &itag);
1523 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1529 do_cache = res->fi && !itag;
1530 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1531 (IN_DEV_SHARED_MEDIA(out_dev) ||
1532 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
1533 flags |= RTCF_DOREDIRECT;
1537 if (skb->protocol != htons(ETH_P_IP)) {
1538 /* Not IP (i.e. ARP). Do not create route, if it is
1539 * invalid for proxy arp. DNAT routes are always valid.
1541 * Proxy arp feature have been extended to allow, ARP
1542 * replies back to the same interface, to support
1543 * Private VLAN switch technologies. See arp.c.
1545 if (out_dev == in_dev &&
1546 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1552 fnhe = find_exception(&FIB_RES_NH(*res), daddr);
1555 rth = rcu_dereference(fnhe->fnhe_rth_input);
1557 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1559 if (rt_cache_valid(rth)) {
1560 skb_dst_set_noref(skb, &rth->dst);
1565 rth = rt_dst_alloc(out_dev->dev,
1566 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1567 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1573 rth->rt_genid = rt_genid_ipv4(dev_net(rth->dst.dev));
1574 rth->rt_flags = flags;
1575 rth->rt_type = res->type;
1576 rth->rt_is_input = 1;
1579 rth->rt_gateway = 0;
1580 rth->rt_uses_gateway = 0;
1581 INIT_LIST_HEAD(&rth->rt_uncached);
1582 RT_CACHE_STAT_INC(in_slow_tot);
1584 rth->dst.input = ip_forward;
1585 rth->dst.output = ip_output;
1587 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag);
1588 skb_dst_set(skb, &rth->dst);
1595 static int ip_mkroute_input(struct sk_buff *skb,
1596 struct fib_result *res,
1597 const struct flowi4 *fl4,
1598 struct in_device *in_dev,
1599 __be32 daddr, __be32 saddr, u32 tos)
1601 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1602 if (res->fi && res->fi->fib_nhs > 1)
1603 fib_select_multipath(res);
1606 /* create a routing cache entry */
1607 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1611 * NOTE. We drop all the packets that has local source
1612 * addresses, because every properly looped back packet
1613 * must have correct destination already attached by output routine.
1615 * Such approach solves two big problems:
1616 * 1. Not simplex devices are handled properly.
1617 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1618 * called with rcu_read_lock()
1621 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1622 u8 tos, struct net_device *dev)
1624 struct fib_result res;
1625 struct in_device *in_dev = __in_dev_get_rcu(dev);
1627 unsigned int flags = 0;
1631 struct net *net = dev_net(dev);
1634 /* IP on this device is disabled. */
1639 /* Check for the most weird martians, which can be not detected
1643 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1644 goto martian_source;
1647 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1650 /* Accept zero addresses only to limited broadcast;
1651 * I even do not know to fix it or not. Waiting for complains :-)
1653 if (ipv4_is_zeronet(saddr))
1654 goto martian_source;
1656 if (ipv4_is_zeronet(daddr))
1657 goto martian_destination;
1659 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1660 * and call it once if daddr or/and saddr are loopback addresses
1662 if (ipv4_is_loopback(daddr)) {
1663 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1664 goto martian_destination;
1665 } else if (ipv4_is_loopback(saddr)) {
1666 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1667 goto martian_source;
1671 * Now we are ready to route packet.
1674 fl4.flowi4_iif = dev->ifindex;
1675 fl4.flowi4_mark = skb->mark;
1676 fl4.flowi4_tos = tos;
1677 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1680 err = fib_lookup(net, &fl4, &res);
1682 if (!IN_DEV_FORWARD(in_dev))
1683 err = -EHOSTUNREACH;
1687 if (res.type == RTN_BROADCAST)
1690 if (res.type == RTN_LOCAL) {
1691 err = fib_validate_source(skb, saddr, daddr, tos,
1692 0, dev, in_dev, &itag);
1694 goto martian_source_keep_err;
1698 if (!IN_DEV_FORWARD(in_dev)) {
1699 err = -EHOSTUNREACH;
1702 if (res.type != RTN_UNICAST)
1703 goto martian_destination;
1705 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1709 if (skb->protocol != htons(ETH_P_IP))
1712 if (!ipv4_is_zeronet(saddr)) {
1713 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1716 goto martian_source_keep_err;
1718 flags |= RTCF_BROADCAST;
1719 res.type = RTN_BROADCAST;
1720 RT_CACHE_STAT_INC(in_brd);
1726 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1727 if (rt_cache_valid(rth)) {
1728 skb_dst_set_noref(skb, &rth->dst);
1736 rth = rt_dst_alloc(net->loopback_dev,
1737 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1741 rth->dst.input= ip_local_deliver;
1742 rth->dst.output= ip_rt_bug;
1743 #ifdef CONFIG_IP_ROUTE_CLASSID
1744 rth->dst.tclassid = itag;
1747 rth->rt_genid = rt_genid_ipv4(net);
1748 rth->rt_flags = flags|RTCF_LOCAL;
1749 rth->rt_type = res.type;
1750 rth->rt_is_input = 1;
1753 rth->rt_gateway = 0;
1754 rth->rt_uses_gateway = 0;
1755 INIT_LIST_HEAD(&rth->rt_uncached);
1756 RT_CACHE_STAT_INC(in_slow_tot);
1757 if (res.type == RTN_UNREACHABLE) {
1758 rth->dst.input= ip_error;
1759 rth->dst.error= -err;
1760 rth->rt_flags &= ~RTCF_LOCAL;
1763 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1764 rth->dst.flags |= DST_NOCACHE;
1765 rt_add_uncached_list(rth);
1768 skb_dst_set(skb, &rth->dst);
1773 RT_CACHE_STAT_INC(in_no_route);
1774 res.type = RTN_UNREACHABLE;
1780 * Do not cache martian addresses: they should be logged (RFC1812)
1782 martian_destination:
1783 RT_CACHE_STAT_INC(in_martian_dst);
1784 #ifdef CONFIG_IP_ROUTE_VERBOSE
1785 if (IN_DEV_LOG_MARTIANS(in_dev))
1786 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1787 &daddr, &saddr, dev->name);
1800 martian_source_keep_err:
1801 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1805 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1806 u8 tos, struct net_device *dev)
1812 /* Multicast recognition logic is moved from route cache to here.
1813 The problem was that too many Ethernet cards have broken/missing
1814 hardware multicast filters :-( As result the host on multicasting
1815 network acquires a lot of useless route cache entries, sort of
1816 SDR messages from all the world. Now we try to get rid of them.
1817 Really, provided software IP multicast filter is organized
1818 reasonably (at least, hashed), it does not result in a slowdown
1819 comparing with route cache reject entries.
1820 Note, that multicast routers are not affected, because
1821 route cache entry is created eventually.
1823 if (ipv4_is_multicast(daddr)) {
1824 struct in_device *in_dev = __in_dev_get_rcu(dev);
1827 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1828 ip_hdr(skb)->protocol);
1830 #ifdef CONFIG_IP_MROUTE
1832 (!ipv4_is_local_multicast(daddr) &&
1833 IN_DEV_MFORWARD(in_dev))
1836 int res = ip_route_input_mc(skb, daddr, saddr,
1845 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1849 EXPORT_SYMBOL(ip_route_input_noref);
1851 /* called with rcu_read_lock() */
1852 static struct rtable *__mkroute_output(const struct fib_result *res,
1853 const struct flowi4 *fl4, int orig_oif,
1854 struct net_device *dev_out,
1857 struct fib_info *fi = res->fi;
1858 struct fib_nh_exception *fnhe;
1859 struct in_device *in_dev;
1860 u16 type = res->type;
1864 in_dev = __in_dev_get_rcu(dev_out);
1866 return ERR_PTR(-EINVAL);
1868 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1869 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1870 return ERR_PTR(-EINVAL);
1872 if (ipv4_is_lbcast(fl4->daddr))
1873 type = RTN_BROADCAST;
1874 else if (ipv4_is_multicast(fl4->daddr))
1875 type = RTN_MULTICAST;
1876 else if (ipv4_is_zeronet(fl4->daddr))
1877 return ERR_PTR(-EINVAL);
1879 if (dev_out->flags & IFF_LOOPBACK)
1880 flags |= RTCF_LOCAL;
1883 if (type == RTN_BROADCAST) {
1884 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1886 } else if (type == RTN_MULTICAST) {
1887 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1888 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1890 flags &= ~RTCF_LOCAL;
1893 /* If multicast route do not exist use
1894 * default one, but do not gateway in this case.
1897 if (fi && res->prefixlen < 4)
1902 do_cache &= fi != NULL;
1904 struct rtable __rcu **prth;
1905 struct fib_nh *nh = &FIB_RES_NH(*res);
1907 fnhe = find_exception(nh, fl4->daddr);
1909 prth = &fnhe->fnhe_rth_output;
1911 if (unlikely(fl4->flowi4_flags &
1912 FLOWI_FLAG_KNOWN_NH &&
1914 nh->nh_scope == RT_SCOPE_LINK))) {
1918 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1920 rth = rcu_dereference(*prth);
1921 if (rt_cache_valid(rth)) {
1922 dst_hold(&rth->dst);
1928 rth = rt_dst_alloc(dev_out,
1929 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1930 IN_DEV_CONF_GET(in_dev, NOXFRM),
1933 return ERR_PTR(-ENOBUFS);
1935 rth->dst.output = ip_output;
1937 rth->rt_genid = rt_genid_ipv4(dev_net(dev_out));
1938 rth->rt_flags = flags;
1939 rth->rt_type = type;
1940 rth->rt_is_input = 0;
1941 rth->rt_iif = orig_oif ? : 0;
1943 rth->rt_gateway = 0;
1944 rth->rt_uses_gateway = 0;
1945 INIT_LIST_HEAD(&rth->rt_uncached);
1947 RT_CACHE_STAT_INC(out_slow_tot);
1949 if (flags & RTCF_LOCAL)
1950 rth->dst.input = ip_local_deliver;
1951 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1952 if (flags & RTCF_LOCAL &&
1953 !(dev_out->flags & IFF_LOOPBACK)) {
1954 rth->dst.output = ip_mc_output;
1955 RT_CACHE_STAT_INC(out_slow_mc);
1957 #ifdef CONFIG_IP_MROUTE
1958 if (type == RTN_MULTICAST) {
1959 if (IN_DEV_MFORWARD(in_dev) &&
1960 !ipv4_is_local_multicast(fl4->daddr)) {
1961 rth->dst.input = ip_mr_input;
1962 rth->dst.output = ip_mc_output;
1968 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1974 * Major route resolver routine.
1977 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1979 struct net_device *dev_out = NULL;
1980 __u8 tos = RT_FL_TOS(fl4);
1981 unsigned int flags = 0;
1982 struct fib_result res;
1990 orig_oif = fl4->flowi4_oif;
1992 fl4->flowi4_iif = LOOPBACK_IFINDEX;
1993 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
1994 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
1995 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
1999 rth = ERR_PTR(-EINVAL);
2000 if (ipv4_is_multicast(fl4->saddr) ||
2001 ipv4_is_lbcast(fl4->saddr) ||
2002 ipv4_is_zeronet(fl4->saddr))
2005 /* I removed check for oif == dev_out->oif here.
2006 It was wrong for two reasons:
2007 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2008 is assigned to multiple interfaces.
2009 2. Moreover, we are allowed to send packets with saddr
2010 of another iface. --ANK
2013 if (fl4->flowi4_oif == 0 &&
2014 (ipv4_is_multicast(fl4->daddr) ||
2015 ipv4_is_lbcast(fl4->daddr))) {
2016 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2017 dev_out = __ip_dev_find(net, fl4->saddr, false);
2018 if (dev_out == NULL)
2021 /* Special hack: user can direct multicasts
2022 and limited broadcast via necessary interface
2023 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2024 This hack is not just for fun, it allows
2025 vic,vat and friends to work.
2026 They bind socket to loopback, set ttl to zero
2027 and expect that it will work.
2028 From the viewpoint of routing cache they are broken,
2029 because we are not allowed to build multicast path
2030 with loopback source addr (look, routing cache
2031 cannot know, that ttl is zero, so that packet
2032 will not leave this host and route is valid).
2033 Luckily, this hack is good workaround.
2036 fl4->flowi4_oif = dev_out->ifindex;
2040 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2041 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2042 if (!__ip_dev_find(net, fl4->saddr, false))
2048 if (fl4->flowi4_oif) {
2049 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2050 rth = ERR_PTR(-ENODEV);
2051 if (dev_out == NULL)
2054 /* RACE: Check return value of inet_select_addr instead. */
2055 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2056 rth = ERR_PTR(-ENETUNREACH);
2059 if (ipv4_is_local_multicast(fl4->daddr) ||
2060 ipv4_is_lbcast(fl4->daddr)) {
2062 fl4->saddr = inet_select_addr(dev_out, 0,
2067 if (ipv4_is_multicast(fl4->daddr))
2068 fl4->saddr = inet_select_addr(dev_out, 0,
2070 else if (!fl4->daddr)
2071 fl4->saddr = inet_select_addr(dev_out, 0,
2077 fl4->daddr = fl4->saddr;
2079 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2080 dev_out = net->loopback_dev;
2081 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2082 res.type = RTN_LOCAL;
2083 flags |= RTCF_LOCAL;
2087 if (fib_lookup(net, fl4, &res)) {
2090 if (fl4->flowi4_oif) {
2091 /* Apparently, routing tables are wrong. Assume,
2092 that the destination is on link.
2095 Because we are allowed to send to iface
2096 even if it has NO routes and NO assigned
2097 addresses. When oif is specified, routing
2098 tables are looked up with only one purpose:
2099 to catch if destination is gatewayed, rather than
2100 direct. Moreover, if MSG_DONTROUTE is set,
2101 we send packet, ignoring both routing tables
2102 and ifaddr state. --ANK
2105 We could make it even if oif is unknown,
2106 likely IPv6, but we do not.
2109 if (fl4->saddr == 0)
2110 fl4->saddr = inet_select_addr(dev_out, 0,
2112 res.type = RTN_UNICAST;
2115 rth = ERR_PTR(-ENETUNREACH);
2119 if (res.type == RTN_LOCAL) {
2121 if (res.fi->fib_prefsrc)
2122 fl4->saddr = res.fi->fib_prefsrc;
2124 fl4->saddr = fl4->daddr;
2126 dev_out = net->loopback_dev;
2127 fl4->flowi4_oif = dev_out->ifindex;
2128 flags |= RTCF_LOCAL;
2132 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2133 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2134 fib_select_multipath(&res);
2137 if (!res.prefixlen &&
2138 res.table->tb_num_default > 1 &&
2139 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2140 fib_select_default(&res);
2143 fl4->saddr = FIB_RES_PREFSRC(net, res);
2145 dev_out = FIB_RES_DEV(res);
2146 fl4->flowi4_oif = dev_out->ifindex;
2150 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2156 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2158 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2163 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2165 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2167 return mtu ? : dst->dev->mtu;
2170 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2171 struct sk_buff *skb, u32 mtu)
2175 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2176 struct sk_buff *skb)
2180 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2186 static struct dst_ops ipv4_dst_blackhole_ops = {
2188 .protocol = cpu_to_be16(ETH_P_IP),
2189 .check = ipv4_blackhole_dst_check,
2190 .mtu = ipv4_blackhole_mtu,
2191 .default_advmss = ipv4_default_advmss,
2192 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2193 .redirect = ipv4_rt_blackhole_redirect,
2194 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2195 .neigh_lookup = ipv4_neigh_lookup,
2198 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2200 struct rtable *ort = (struct rtable *) dst_orig;
2203 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2205 struct dst_entry *new = &rt->dst;
2208 new->input = dst_discard;
2209 new->output = dst_discard_sk;
2211 new->dev = ort->dst.dev;
2215 rt->rt_is_input = ort->rt_is_input;
2216 rt->rt_iif = ort->rt_iif;
2217 rt->rt_pmtu = ort->rt_pmtu;
2219 rt->rt_genid = rt_genid_ipv4(net);
2220 rt->rt_flags = ort->rt_flags;
2221 rt->rt_type = ort->rt_type;
2222 rt->rt_gateway = ort->rt_gateway;
2223 rt->rt_uses_gateway = ort->rt_uses_gateway;
2225 INIT_LIST_HEAD(&rt->rt_uncached);
2230 dst_release(dst_orig);
2232 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2235 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2238 struct rtable *rt = __ip_route_output_key(net, flp4);
2243 if (flp4->flowi4_proto)
2244 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2245 flowi4_to_flowi(flp4),
2250 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2252 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2253 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2254 u32 seq, int event, int nowait, unsigned int flags)
2256 struct rtable *rt = skb_rtable(skb);
2258 struct nlmsghdr *nlh;
2259 unsigned long expires = 0;
2261 u32 metrics[RTAX_MAX];
2263 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2267 r = nlmsg_data(nlh);
2268 r->rtm_family = AF_INET;
2269 r->rtm_dst_len = 32;
2271 r->rtm_tos = fl4->flowi4_tos;
2272 r->rtm_table = RT_TABLE_MAIN;
2273 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2274 goto nla_put_failure;
2275 r->rtm_type = rt->rt_type;
2276 r->rtm_scope = RT_SCOPE_UNIVERSE;
2277 r->rtm_protocol = RTPROT_UNSPEC;
2278 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2279 if (rt->rt_flags & RTCF_NOTIFY)
2280 r->rtm_flags |= RTM_F_NOTIFY;
2282 if (nla_put_be32(skb, RTA_DST, dst))
2283 goto nla_put_failure;
2285 r->rtm_src_len = 32;
2286 if (nla_put_be32(skb, RTA_SRC, src))
2287 goto nla_put_failure;
2290 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2291 goto nla_put_failure;
2292 #ifdef CONFIG_IP_ROUTE_CLASSID
2293 if (rt->dst.tclassid &&
2294 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2295 goto nla_put_failure;
2297 if (!rt_is_input_route(rt) &&
2298 fl4->saddr != src) {
2299 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2300 goto nla_put_failure;
2302 if (rt->rt_uses_gateway &&
2303 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2304 goto nla_put_failure;
2306 expires = rt->dst.expires;
2308 unsigned long now = jiffies;
2310 if (time_before(now, expires))
2316 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2317 if (rt->rt_pmtu && expires)
2318 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2319 if (rtnetlink_put_metrics(skb, metrics) < 0)
2320 goto nla_put_failure;
2322 if (fl4->flowi4_mark &&
2323 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2324 goto nla_put_failure;
2326 error = rt->dst.error;
2328 if (rt_is_input_route(rt)) {
2329 #ifdef CONFIG_IP_MROUTE
2330 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2331 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2332 int err = ipmr_get_route(net, skb,
2333 fl4->saddr, fl4->daddr,
2339 goto nla_put_failure;
2341 if (err == -EMSGSIZE)
2342 goto nla_put_failure;
2348 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2349 goto nla_put_failure;
2352 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2353 goto nla_put_failure;
2355 return nlmsg_end(skb, nlh);
2358 nlmsg_cancel(skb, nlh);
2362 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2364 struct net *net = sock_net(in_skb->sk);
2366 struct nlattr *tb[RTA_MAX+1];
2367 struct rtable *rt = NULL;
2374 struct sk_buff *skb;
2376 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2380 rtm = nlmsg_data(nlh);
2382 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2388 /* Reserve room for dummy headers, this skb can pass
2389 through good chunk of routing engine.
2391 skb_reset_mac_header(skb);
2392 skb_reset_network_header(skb);
2394 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2395 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2396 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2398 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2399 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2400 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2401 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2403 memset(&fl4, 0, sizeof(fl4));
2406 fl4.flowi4_tos = rtm->rtm_tos;
2407 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2408 fl4.flowi4_mark = mark;
2411 struct net_device *dev;
2413 dev = __dev_get_by_index(net, iif);
2419 skb->protocol = htons(ETH_P_IP);
2423 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2426 rt = skb_rtable(skb);
2427 if (err == 0 && rt->dst.error)
2428 err = -rt->dst.error;
2430 rt = ip_route_output_key(net, &fl4);
2440 skb_dst_set(skb, &rt->dst);
2441 if (rtm->rtm_flags & RTM_F_NOTIFY)
2442 rt->rt_flags |= RTCF_NOTIFY;
2444 err = rt_fill_info(net, dst, src, &fl4, skb,
2445 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2446 RTM_NEWROUTE, 0, 0);
2450 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2459 void ip_rt_multicast_event(struct in_device *in_dev)
2461 rt_cache_flush(dev_net(in_dev->dev));
2464 #ifdef CONFIG_SYSCTL
2465 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2466 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2467 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2468 static int ip_rt_gc_elasticity __read_mostly = 8;
2470 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
2471 void __user *buffer,
2472 size_t *lenp, loff_t *ppos)
2474 struct net *net = (struct net *)__ctl->extra1;
2477 rt_cache_flush(net);
2478 fnhe_genid_bump(net);
2485 static struct ctl_table ipv4_route_table[] = {
2487 .procname = "gc_thresh",
2488 .data = &ipv4_dst_ops.gc_thresh,
2489 .maxlen = sizeof(int),
2491 .proc_handler = proc_dointvec,
2494 .procname = "max_size",
2495 .data = &ip_rt_max_size,
2496 .maxlen = sizeof(int),
2498 .proc_handler = proc_dointvec,
2501 /* Deprecated. Use gc_min_interval_ms */
2503 .procname = "gc_min_interval",
2504 .data = &ip_rt_gc_min_interval,
2505 .maxlen = sizeof(int),
2507 .proc_handler = proc_dointvec_jiffies,
2510 .procname = "gc_min_interval_ms",
2511 .data = &ip_rt_gc_min_interval,
2512 .maxlen = sizeof(int),
2514 .proc_handler = proc_dointvec_ms_jiffies,
2517 .procname = "gc_timeout",
2518 .data = &ip_rt_gc_timeout,
2519 .maxlen = sizeof(int),
2521 .proc_handler = proc_dointvec_jiffies,
2524 .procname = "gc_interval",
2525 .data = &ip_rt_gc_interval,
2526 .maxlen = sizeof(int),
2528 .proc_handler = proc_dointvec_jiffies,
2531 .procname = "redirect_load",
2532 .data = &ip_rt_redirect_load,
2533 .maxlen = sizeof(int),
2535 .proc_handler = proc_dointvec,
2538 .procname = "redirect_number",
2539 .data = &ip_rt_redirect_number,
2540 .maxlen = sizeof(int),
2542 .proc_handler = proc_dointvec,
2545 .procname = "redirect_silence",
2546 .data = &ip_rt_redirect_silence,
2547 .maxlen = sizeof(int),
2549 .proc_handler = proc_dointvec,
2552 .procname = "error_cost",
2553 .data = &ip_rt_error_cost,
2554 .maxlen = sizeof(int),
2556 .proc_handler = proc_dointvec,
2559 .procname = "error_burst",
2560 .data = &ip_rt_error_burst,
2561 .maxlen = sizeof(int),
2563 .proc_handler = proc_dointvec,
2566 .procname = "gc_elasticity",
2567 .data = &ip_rt_gc_elasticity,
2568 .maxlen = sizeof(int),
2570 .proc_handler = proc_dointvec,
2573 .procname = "mtu_expires",
2574 .data = &ip_rt_mtu_expires,
2575 .maxlen = sizeof(int),
2577 .proc_handler = proc_dointvec_jiffies,
2580 .procname = "min_pmtu",
2581 .data = &ip_rt_min_pmtu,
2582 .maxlen = sizeof(int),
2584 .proc_handler = proc_dointvec,
2587 .procname = "min_adv_mss",
2588 .data = &ip_rt_min_advmss,
2589 .maxlen = sizeof(int),
2591 .proc_handler = proc_dointvec,
2596 static struct ctl_table ipv4_route_flush_table[] = {
2598 .procname = "flush",
2599 .maxlen = sizeof(int),
2601 .proc_handler = ipv4_sysctl_rtcache_flush,
2606 static __net_init int sysctl_route_net_init(struct net *net)
2608 struct ctl_table *tbl;
2610 tbl = ipv4_route_flush_table;
2611 if (!net_eq(net, &init_net)) {
2612 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2616 /* Don't export sysctls to unprivileged users */
2617 if (net->user_ns != &init_user_ns)
2618 tbl[0].procname = NULL;
2620 tbl[0].extra1 = net;
2622 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2623 if (net->ipv4.route_hdr == NULL)
2628 if (tbl != ipv4_route_flush_table)
2634 static __net_exit void sysctl_route_net_exit(struct net *net)
2636 struct ctl_table *tbl;
2638 tbl = net->ipv4.route_hdr->ctl_table_arg;
2639 unregister_net_sysctl_table(net->ipv4.route_hdr);
2640 BUG_ON(tbl == ipv4_route_flush_table);
2644 static __net_initdata struct pernet_operations sysctl_route_ops = {
2645 .init = sysctl_route_net_init,
2646 .exit = sysctl_route_net_exit,
2650 static __net_init int rt_genid_init(struct net *net)
2652 atomic_set(&net->ipv4.rt_genid, 0);
2653 atomic_set(&net->fnhe_genid, 0);
2654 get_random_bytes(&net->ipv4.dev_addr_genid,
2655 sizeof(net->ipv4.dev_addr_genid));
2659 static __net_initdata struct pernet_operations rt_genid_ops = {
2660 .init = rt_genid_init,
2663 static int __net_init ipv4_inetpeer_init(struct net *net)
2665 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2669 inet_peer_base_init(bp);
2670 net->ipv4.peers = bp;
2674 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2676 struct inet_peer_base *bp = net->ipv4.peers;
2678 net->ipv4.peers = NULL;
2679 inetpeer_invalidate_tree(bp);
2683 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2684 .init = ipv4_inetpeer_init,
2685 .exit = ipv4_inetpeer_exit,
2688 #ifdef CONFIG_IP_ROUTE_CLASSID
2689 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2690 #endif /* CONFIG_IP_ROUTE_CLASSID */
2692 int __init ip_rt_init(void)
2696 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2698 panic("IP: failed to allocate ip_idents\n");
2700 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2702 #ifdef CONFIG_IP_ROUTE_CLASSID
2703 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2705 panic("IP: failed to allocate ip_rt_acct\n");
2708 ipv4_dst_ops.kmem_cachep =
2709 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2710 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2712 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2714 if (dst_entries_init(&ipv4_dst_ops) < 0)
2715 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2717 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2718 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2720 ipv4_dst_ops.gc_thresh = ~0;
2721 ip_rt_max_size = INT_MAX;
2726 if (ip_rt_proc_init())
2727 pr_err("Unable to create route proc files\n");
2732 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2734 #ifdef CONFIG_SYSCTL
2735 register_pernet_subsys(&sysctl_route_ops);
2737 register_pernet_subsys(&rt_genid_ops);
2738 register_pernet_subsys(&ipv4_inetpeer_ops);
2742 #ifdef CONFIG_SYSCTL
2744 * We really need to sanitize the damn ipv4 init order, then all
2745 * this nonsense will go away.
2747 void __init ip_static_sysctl_init(void)
2749 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / cascardo / linux.git / blob