2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <linux/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/dst_metadata.h>
95 #include <net/net_namespace.h>
96 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/inetpeer.h>
100 #include <net/sock.h>
101 #include <net/ip_fib.h>
104 #include <net/icmp.h>
105 #include <net/xfrm.h>
106 #include <net/lwtunnel.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
110 #include <linux/sysctl.h>
112 #include <net/secure_seq.h>
113 #include <net/ip_tunnels.h>
114 #include <net/l3mdev.h>
116 #include "fib_lookup.h"
118 #define RT_FL_TOS(oldflp4) \
119 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
121 #define RT_GC_TIMEOUT (300*HZ)
123 static int ip_rt_max_size;
124 static int ip_rt_redirect_number __read_mostly = 9;
125 static int ip_rt_redirect_load __read_mostly = HZ / 50;
126 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
127 static int ip_rt_error_cost __read_mostly = HZ;
128 static int ip_rt_error_burst __read_mostly = 5 * HZ;
129 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
130 static u32 ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
131 static int ip_rt_min_advmss __read_mostly = 256;
133 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
136 * Interface to generic destination cache.
139 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
140 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
141 static unsigned int ipv4_mtu(const struct dst_entry *dst);
142 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
143 static void ipv4_link_failure(struct sk_buff *skb);
144 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb, u32 mtu);
146 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
147 struct sk_buff *skb);
148 static void ipv4_dst_destroy(struct dst_entry *dst);
150 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
156 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
159 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr);
161 static struct dst_ops ipv4_dst_ops = {
163 .check = ipv4_dst_check,
164 .default_advmss = ipv4_default_advmss,
166 .cow_metrics = ipv4_cow_metrics,
167 .destroy = ipv4_dst_destroy,
168 .negative_advice = ipv4_negative_advice,
169 .link_failure = ipv4_link_failure,
170 .update_pmtu = ip_rt_update_pmtu,
171 .redirect = ip_do_redirect,
172 .local_out = __ip_local_out,
173 .neigh_lookup = ipv4_neigh_lookup,
174 .confirm_neigh = ipv4_confirm_neigh,
177 #define ECN_OR_COST(class) TC_PRIO_##class
179 const __u8 ip_tos2prio[16] = {
181 ECN_OR_COST(BESTEFFORT),
183 ECN_OR_COST(BESTEFFORT),
189 ECN_OR_COST(INTERACTIVE),
191 ECN_OR_COST(INTERACTIVE),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK),
194 TC_PRIO_INTERACTIVE_BULK,
195 ECN_OR_COST(INTERACTIVE_BULK)
197 EXPORT_SYMBOL(ip_tos2prio);
199 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
200 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
202 #ifdef CONFIG_PROC_FS
203 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
207 return SEQ_START_TOKEN;
210 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
216 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
220 static int rt_cache_seq_show(struct seq_file *seq, void *v)
222 if (v == SEQ_START_TOKEN)
223 seq_printf(seq, "%-127s\n",
224 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
225 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
230 static const struct seq_operations rt_cache_seq_ops = {
231 .start = rt_cache_seq_start,
232 .next = rt_cache_seq_next,
233 .stop = rt_cache_seq_stop,
234 .show = rt_cache_seq_show,
237 static int rt_cache_seq_open(struct inode *inode, struct file *file)
239 return seq_open(file, &rt_cache_seq_ops);
242 static const struct file_operations rt_cache_seq_fops = {
243 .open = rt_cache_seq_open,
246 .release = seq_release,
250 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
255 return SEQ_START_TOKEN;
257 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
258 if (!cpu_possible(cpu))
261 return &per_cpu(rt_cache_stat, cpu);
266 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
270 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
271 if (!cpu_possible(cpu))
274 return &per_cpu(rt_cache_stat, cpu);
280 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
285 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
287 struct rt_cache_stat *st = v;
289 if (v == SEQ_START_TOKEN) {
290 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
294 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
295 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
296 dst_entries_get_slow(&ipv4_dst_ops),
309 0, /* st->gc_total */
310 0, /* st->gc_ignored */
311 0, /* st->gc_goal_miss */
312 0, /* st->gc_dst_overflow */
313 0, /* st->in_hlist_search */
314 0 /* st->out_hlist_search */
319 static const struct seq_operations rt_cpu_seq_ops = {
320 .start = rt_cpu_seq_start,
321 .next = rt_cpu_seq_next,
322 .stop = rt_cpu_seq_stop,
323 .show = rt_cpu_seq_show,
327 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
329 return seq_open(file, &rt_cpu_seq_ops);
332 static const struct file_operations rt_cpu_seq_fops = {
333 .open = rt_cpu_seq_open,
336 .release = seq_release,
339 #ifdef CONFIG_IP_ROUTE_CLASSID
340 static int rt_acct_proc_show(struct seq_file *m, void *v)
342 struct ip_rt_acct *dst, *src;
345 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
349 for_each_possible_cpu(i) {
350 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
351 for (j = 0; j < 256; j++) {
352 dst[j].o_bytes += src[j].o_bytes;
353 dst[j].o_packets += src[j].o_packets;
354 dst[j].i_bytes += src[j].i_bytes;
355 dst[j].i_packets += src[j].i_packets;
359 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
365 static int __net_init ip_rt_do_proc_init(struct net *net)
367 struct proc_dir_entry *pde;
369 pde = proc_create("rt_cache", 0444, net->proc_net,
374 pde = proc_create("rt_cache", 0444,
375 net->proc_net_stat, &rt_cpu_seq_fops);
379 #ifdef CONFIG_IP_ROUTE_CLASSID
380 pde = proc_create_single("rt_acct", 0, net->proc_net,
387 #ifdef CONFIG_IP_ROUTE_CLASSID
389 remove_proc_entry("rt_cache", net->proc_net_stat);
392 remove_proc_entry("rt_cache", net->proc_net);
397 static void __net_exit ip_rt_do_proc_exit(struct net *net)
399 remove_proc_entry("rt_cache", net->proc_net_stat);
400 remove_proc_entry("rt_cache", net->proc_net);
401 #ifdef CONFIG_IP_ROUTE_CLASSID
402 remove_proc_entry("rt_acct", net->proc_net);
406 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
407 .init = ip_rt_do_proc_init,
408 .exit = ip_rt_do_proc_exit,
411 static int __init ip_rt_proc_init(void)
413 return register_pernet_subsys(&ip_rt_proc_ops);
417 static inline int ip_rt_proc_init(void)
421 #endif /* CONFIG_PROC_FS */
423 static inline bool rt_is_expired(const struct rtable *rth)
425 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
428 void rt_cache_flush(struct net *net)
430 rt_genid_bump_ipv4(net);
433 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
437 const struct rtable *rt = container_of(dst, struct rtable, dst);
438 struct net_device *dev = dst->dev;
443 if (likely(rt->rt_gw_family == AF_INET)) {
444 n = ip_neigh_gw4(dev, rt->rt_gw4);
445 } else if (rt->rt_gw_family == AF_INET6) {
446 n = ip_neigh_gw6(dev, &rt->rt_gw6);
450 pkey = skb ? ip_hdr(skb)->daddr : *((__be32 *) daddr);
451 n = ip_neigh_gw4(dev, pkey);
454 if (n && !refcount_inc_not_zero(&n->refcnt))
457 rcu_read_unlock_bh();
462 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr)
464 const struct rtable *rt = container_of(dst, struct rtable, dst);
465 struct net_device *dev = dst->dev;
466 const __be32 *pkey = daddr;
468 if (rt->rt_gw_family == AF_INET) {
469 pkey = (const __be32 *)&rt->rt_gw4;
470 } else if (rt->rt_gw_family == AF_INET6) {
471 return __ipv6_confirm_neigh_stub(dev, &rt->rt_gw6);
474 (RTCF_MULTICAST | RTCF_BROADCAST | RTCF_LOCAL))) {
477 __ipv4_confirm_neigh(dev, *(__force u32 *)pkey);
480 #define IP_IDENTS_SZ 2048u
482 static atomic_t *ip_idents __read_mostly;
483 static u32 *ip_tstamps __read_mostly;
485 /* In order to protect privacy, we add a perturbation to identifiers
486 * if one generator is seldom used. This makes hard for an attacker
487 * to infer how many packets were sent between two points in time.
489 u32 ip_idents_reserve(u32 hash, int segs)
491 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
492 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
493 u32 old = READ_ONCE(*p_tstamp);
494 u32 now = (u32)jiffies;
497 if (old != now && cmpxchg(p_tstamp, old, now) == old)
498 delta = prandom_u32_max(now - old);
500 /* Do not use atomic_add_return() as it makes UBSAN unhappy */
502 old = (u32)atomic_read(p_id);
503 new = old + delta + segs;
504 } while (atomic_cmpxchg(p_id, old, new) != old);
508 EXPORT_SYMBOL(ip_idents_reserve);
510 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
514 /* Note the following code is not safe, but this is okay. */
515 if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
516 get_random_bytes(&net->ipv4.ip_id_key,
517 sizeof(net->ipv4.ip_id_key));
519 hash = siphash_3u32((__force u32)iph->daddr,
520 (__force u32)iph->saddr,
522 &net->ipv4.ip_id_key);
523 id = ip_idents_reserve(hash, segs);
526 EXPORT_SYMBOL(__ip_select_ident);
528 static void __build_flow_key(const struct net *net, struct flowi4 *fl4,
529 const struct sock *sk,
530 const struct iphdr *iph,
532 u8 prot, u32 mark, int flow_flags)
535 const struct inet_sock *inet = inet_sk(sk);
537 oif = sk->sk_bound_dev_if;
539 tos = RT_CONN_FLAGS(sk);
540 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
542 flowi4_init_output(fl4, oif, mark, tos,
543 RT_SCOPE_UNIVERSE, prot,
545 iph->daddr, iph->saddr, 0, 0,
546 sock_net_uid(net, sk));
549 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
550 const struct sock *sk)
552 const struct net *net = dev_net(skb->dev);
553 const struct iphdr *iph = ip_hdr(skb);
554 int oif = skb->dev->ifindex;
555 u8 tos = RT_TOS(iph->tos);
556 u8 prot = iph->protocol;
557 u32 mark = skb->mark;
559 __build_flow_key(net, fl4, sk, iph, oif, tos, prot, mark, 0);
562 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
564 const struct inet_sock *inet = inet_sk(sk);
565 const struct ip_options_rcu *inet_opt;
566 __be32 daddr = inet->inet_daddr;
569 inet_opt = rcu_dereference(inet->inet_opt);
570 if (inet_opt && inet_opt->opt.srr)
571 daddr = inet_opt->opt.faddr;
572 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
573 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
574 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
575 inet_sk_flowi_flags(sk),
576 daddr, inet->inet_saddr, 0, 0, sk->sk_uid);
580 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
581 const struct sk_buff *skb)
584 build_skb_flow_key(fl4, skb, sk);
586 build_sk_flow_key(fl4, sk);
589 static DEFINE_SPINLOCK(fnhe_lock);
591 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
595 rt = rcu_dereference(fnhe->fnhe_rth_input);
597 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
598 dst_dev_put(&rt->dst);
599 dst_release(&rt->dst);
601 rt = rcu_dereference(fnhe->fnhe_rth_output);
603 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
604 dst_dev_put(&rt->dst);
605 dst_release(&rt->dst);
609 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
611 struct fib_nh_exception *fnhe, *oldest;
613 oldest = rcu_dereference(hash->chain);
614 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
615 fnhe = rcu_dereference(fnhe->fnhe_next)) {
616 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
619 fnhe_flush_routes(oldest);
623 static inline u32 fnhe_hashfun(__be32 daddr)
625 static u32 fnhe_hashrnd __read_mostly;
628 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
629 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
630 return hash_32(hval, FNHE_HASH_SHIFT);
633 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
635 rt->rt_pmtu = fnhe->fnhe_pmtu;
636 rt->rt_mtu_locked = fnhe->fnhe_mtu_locked;
637 rt->dst.expires = fnhe->fnhe_expires;
640 rt->rt_flags |= RTCF_REDIRECTED;
641 rt->rt_gw_family = AF_INET;
642 rt->rt_gw4 = fnhe->fnhe_gw;
646 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
647 u32 pmtu, bool lock, unsigned long expires)
649 struct fnhe_hash_bucket *hash;
650 struct fib_nh_exception *fnhe;
656 genid = fnhe_genid(dev_net(nh->fib_nh_dev));
657 hval = fnhe_hashfun(daddr);
659 spin_lock_bh(&fnhe_lock);
661 hash = rcu_dereference(nh->nh_exceptions);
663 hash = kcalloc(FNHE_HASH_SIZE, sizeof(*hash), GFP_ATOMIC);
666 rcu_assign_pointer(nh->nh_exceptions, hash);
672 for (fnhe = rcu_dereference(hash->chain); fnhe;
673 fnhe = rcu_dereference(fnhe->fnhe_next)) {
674 if (fnhe->fnhe_daddr == daddr)
680 if (fnhe->fnhe_genid != genid)
681 fnhe->fnhe_genid = genid;
685 fnhe->fnhe_pmtu = pmtu;
686 fnhe->fnhe_mtu_locked = lock;
688 fnhe->fnhe_expires = max(1UL, expires);
689 /* Update all cached dsts too */
690 rt = rcu_dereference(fnhe->fnhe_rth_input);
692 fill_route_from_fnhe(rt, fnhe);
693 rt = rcu_dereference(fnhe->fnhe_rth_output);
695 fill_route_from_fnhe(rt, fnhe);
697 if (depth > FNHE_RECLAIM_DEPTH)
698 fnhe = fnhe_oldest(hash);
700 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
704 fnhe->fnhe_next = hash->chain;
705 rcu_assign_pointer(hash->chain, fnhe);
707 fnhe->fnhe_genid = genid;
708 fnhe->fnhe_daddr = daddr;
710 fnhe->fnhe_pmtu = pmtu;
711 fnhe->fnhe_mtu_locked = lock;
712 fnhe->fnhe_expires = max(1UL, expires);
714 /* Exception created; mark the cached routes for the nexthop
715 * stale, so anyone caching it rechecks if this exception
718 rt = rcu_dereference(nh->nh_rth_input);
720 rt->dst.obsolete = DST_OBSOLETE_KILL;
722 for_each_possible_cpu(i) {
723 struct rtable __rcu **prt;
724 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
725 rt = rcu_dereference(*prt);
727 rt->dst.obsolete = DST_OBSOLETE_KILL;
731 fnhe->fnhe_stamp = jiffies;
734 spin_unlock_bh(&fnhe_lock);
737 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
740 __be32 new_gw = icmp_hdr(skb)->un.gateway;
741 __be32 old_gw = ip_hdr(skb)->saddr;
742 struct net_device *dev = skb->dev;
743 struct in_device *in_dev;
744 struct fib_result res;
748 switch (icmp_hdr(skb)->code & 7) {
750 case ICMP_REDIR_NETTOS:
751 case ICMP_REDIR_HOST:
752 case ICMP_REDIR_HOSTTOS:
759 if (rt->rt_gw_family != AF_INET || rt->rt_gw4 != old_gw)
762 in_dev = __in_dev_get_rcu(dev);
767 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
768 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
769 ipv4_is_zeronet(new_gw))
770 goto reject_redirect;
772 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
773 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
774 goto reject_redirect;
775 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
776 goto reject_redirect;
778 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
779 goto reject_redirect;
782 n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
784 n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
786 if (!(n->nud_state & NUD_VALID)) {
787 neigh_event_send(n, NULL);
789 if (fib_lookup(net, fl4, &res, 0) == 0) {
790 struct fib_nh_common *nhc = FIB_RES_NHC(res);
793 nh = container_of(nhc, struct fib_nh, nh_common);
794 update_or_create_fnhe(nh, fl4->daddr, new_gw,
796 jiffies + ip_rt_gc_timeout);
799 rt->dst.obsolete = DST_OBSOLETE_KILL;
800 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
807 #ifdef CONFIG_IP_ROUTE_VERBOSE
808 if (IN_DEV_LOG_MARTIANS(in_dev)) {
809 const struct iphdr *iph = (const struct iphdr *) skb->data;
810 __be32 daddr = iph->daddr;
811 __be32 saddr = iph->saddr;
813 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
814 " Advised path = %pI4 -> %pI4\n",
815 &old_gw, dev->name, &new_gw,
822 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
826 const struct iphdr *iph = (const struct iphdr *) skb->data;
827 struct net *net = dev_net(skb->dev);
828 int oif = skb->dev->ifindex;
829 u8 tos = RT_TOS(iph->tos);
830 u8 prot = iph->protocol;
831 u32 mark = skb->mark;
833 rt = (struct rtable *) dst;
835 __build_flow_key(net, &fl4, sk, iph, oif, tos, prot, mark, 0);
836 __ip_do_redirect(rt, skb, &fl4, true);
839 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
841 struct rtable *rt = (struct rtable *)dst;
842 struct dst_entry *ret = dst;
845 if (dst->obsolete > 0) {
848 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
859 * 1. The first ip_rt_redirect_number redirects are sent
860 * with exponential backoff, then we stop sending them at all,
861 * assuming that the host ignores our redirects.
862 * 2. If we did not see packets requiring redirects
863 * during ip_rt_redirect_silence, we assume that the host
864 * forgot redirected route and start to send redirects again.
866 * This algorithm is much cheaper and more intelligent than dumb load limiting
869 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
870 * and "frag. need" (breaks PMTU discovery) in icmp.c.
873 void ip_rt_send_redirect(struct sk_buff *skb)
875 struct rtable *rt = skb_rtable(skb);
876 struct in_device *in_dev;
877 struct inet_peer *peer;
883 in_dev = __in_dev_get_rcu(rt->dst.dev);
884 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
888 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
889 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
892 net = dev_net(rt->dst.dev);
893 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
895 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
896 rt_nexthop(rt, ip_hdr(skb)->daddr));
900 /* No redirected packets during ip_rt_redirect_silence;
901 * reset the algorithm.
903 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence)) {
904 peer->rate_tokens = 0;
905 peer->n_redirects = 0;
908 /* Too many ignored redirects; do not send anything
909 * set dst.rate_last to the last seen redirected packet.
911 if (peer->n_redirects >= ip_rt_redirect_number) {
912 peer->rate_last = jiffies;
916 /* Check for load limit; set rate_last to the latest sent
919 if (peer->rate_tokens == 0 ||
922 (ip_rt_redirect_load << peer->rate_tokens)))) {
923 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
925 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
926 peer->rate_last = jiffies;
929 #ifdef CONFIG_IP_ROUTE_VERBOSE
931 peer->rate_tokens == ip_rt_redirect_number)
932 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
933 &ip_hdr(skb)->saddr, inet_iif(skb),
934 &ip_hdr(skb)->daddr, &gw);
941 static int ip_error(struct sk_buff *skb)
943 struct rtable *rt = skb_rtable(skb);
944 struct net_device *dev = skb->dev;
945 struct in_device *in_dev;
946 struct inet_peer *peer;
952 if (netif_is_l3_master(skb->dev)) {
953 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
958 in_dev = __in_dev_get_rcu(dev);
960 /* IP on this device is disabled. */
964 net = dev_net(rt->dst.dev);
965 if (!IN_DEV_FORWARD(in_dev)) {
966 switch (rt->dst.error) {
968 __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
972 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
978 switch (rt->dst.error) {
983 code = ICMP_HOST_UNREACH;
986 code = ICMP_NET_UNREACH;
987 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
990 code = ICMP_PKT_FILTERED;
994 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
995 l3mdev_master_ifindex(skb->dev), 1);
1000 peer->rate_tokens += now - peer->rate_last;
1001 if (peer->rate_tokens > ip_rt_error_burst)
1002 peer->rate_tokens = ip_rt_error_burst;
1003 peer->rate_last = now;
1004 if (peer->rate_tokens >= ip_rt_error_cost)
1005 peer->rate_tokens -= ip_rt_error_cost;
1011 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1013 out: kfree_skb(skb);
1017 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
1019 struct dst_entry *dst = &rt->dst;
1020 u32 old_mtu = ipv4_mtu(dst);
1021 struct fib_result res;
1024 if (ip_mtu_locked(dst))
1030 if (mtu < ip_rt_min_pmtu) {
1032 mtu = min(old_mtu, ip_rt_min_pmtu);
1035 if (rt->rt_pmtu == mtu && !lock &&
1036 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
1040 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
1041 struct fib_nh_common *nhc = FIB_RES_NHC(res);
1044 nh = container_of(nhc, struct fib_nh, nh_common);
1045 update_or_create_fnhe(nh, fl4->daddr, 0, mtu, lock,
1046 jiffies + ip_rt_mtu_expires);
1051 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1052 struct sk_buff *skb, u32 mtu)
1054 struct rtable *rt = (struct rtable *) dst;
1057 ip_rt_build_flow_key(&fl4, sk, skb);
1058 __ip_rt_update_pmtu(rt, &fl4, mtu);
1061 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1062 int oif, u8 protocol)
1064 const struct iphdr *iph = (const struct iphdr *) skb->data;
1067 u32 mark = IP4_REPLY_MARK(net, skb->mark);
1069 __build_flow_key(net, &fl4, NULL, iph, oif,
1070 RT_TOS(iph->tos), protocol, mark, 0);
1071 rt = __ip_route_output_key(net, &fl4);
1073 __ip_rt_update_pmtu(rt, &fl4, mtu);
1077 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1079 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1081 const struct iphdr *iph = (const struct iphdr *) skb->data;
1085 __build_flow_key(sock_net(sk), &fl4, sk, iph, 0, 0, 0, 0, 0);
1087 if (!fl4.flowi4_mark)
1088 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1090 rt = __ip_route_output_key(sock_net(sk), &fl4);
1092 __ip_rt_update_pmtu(rt, &fl4, mtu);
1097 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1099 const struct iphdr *iph = (const struct iphdr *) skb->data;
1102 struct dst_entry *odst = NULL;
1104 struct net *net = sock_net(sk);
1108 if (!ip_sk_accept_pmtu(sk))
1111 odst = sk_dst_get(sk);
1113 if (sock_owned_by_user(sk) || !odst) {
1114 __ipv4_sk_update_pmtu(skb, sk, mtu);
1118 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1120 rt = (struct rtable *)odst;
1121 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1122 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1129 __ip_rt_update_pmtu((struct rtable *) xfrm_dst_path(&rt->dst), &fl4, mtu);
1131 if (!dst_check(&rt->dst, 0)) {
1133 dst_release(&rt->dst);
1135 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1143 sk_dst_set(sk, &rt->dst);
1149 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1151 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1152 int oif, u8 protocol)
1154 const struct iphdr *iph = (const struct iphdr *) skb->data;
1158 __build_flow_key(net, &fl4, NULL, iph, oif,
1159 RT_TOS(iph->tos), protocol, 0, 0);
1160 rt = __ip_route_output_key(net, &fl4);
1162 __ip_do_redirect(rt, skb, &fl4, false);
1166 EXPORT_SYMBOL_GPL(ipv4_redirect);
1168 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1170 const struct iphdr *iph = (const struct iphdr *) skb->data;
1173 struct net *net = sock_net(sk);
1175 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1176 rt = __ip_route_output_key(net, &fl4);
1178 __ip_do_redirect(rt, skb, &fl4, false);
1182 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1184 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1186 struct rtable *rt = (struct rtable *) dst;
1188 /* All IPV4 dsts are created with ->obsolete set to the value
1189 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1190 * into this function always.
1192 * When a PMTU/redirect information update invalidates a route,
1193 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1194 * DST_OBSOLETE_DEAD.
1196 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1201 static void ipv4_link_failure(struct sk_buff *skb)
1205 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1207 rt = skb_rtable(skb);
1209 dst_set_expires(&rt->dst, 0);
1212 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1214 pr_debug("%s: %pI4 -> %pI4, %s\n",
1215 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1216 skb->dev ? skb->dev->name : "?");
1223 We do not cache source address of outgoing interface,
1224 because it is used only by IP RR, TS and SRR options,
1225 so that it out of fast path.
1227 BTW remember: "addr" is allowed to be not aligned
1231 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1235 if (rt_is_output_route(rt))
1236 src = ip_hdr(skb)->saddr;
1238 struct fib_result res;
1239 struct iphdr *iph = ip_hdr(skb);
1240 struct flowi4 fl4 = {
1241 .daddr = iph->daddr,
1242 .saddr = iph->saddr,
1243 .flowi4_tos = RT_TOS(iph->tos),
1244 .flowi4_oif = rt->dst.dev->ifindex,
1245 .flowi4_iif = skb->dev->ifindex,
1246 .flowi4_mark = skb->mark,
1250 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1251 src = fib_result_prefsrc(dev_net(rt->dst.dev), &res);
1253 src = inet_select_addr(rt->dst.dev,
1254 rt_nexthop(rt, iph->daddr),
1258 memcpy(addr, &src, 4);
1261 #ifdef CONFIG_IP_ROUTE_CLASSID
1262 static void set_class_tag(struct rtable *rt, u32 tag)
1264 if (!(rt->dst.tclassid & 0xFFFF))
1265 rt->dst.tclassid |= tag & 0xFFFF;
1266 if (!(rt->dst.tclassid & 0xFFFF0000))
1267 rt->dst.tclassid |= tag & 0xFFFF0000;
1271 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1273 unsigned int header_size = sizeof(struct tcphdr) + sizeof(struct iphdr);
1274 unsigned int advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
1277 return min(advmss, IPV4_MAX_PMTU - header_size);
1280 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1282 const struct rtable *rt = (const struct rtable *) dst;
1283 unsigned int mtu = rt->rt_pmtu;
1285 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1286 mtu = dst_metric_raw(dst, RTAX_MTU);
1291 mtu = READ_ONCE(dst->dev->mtu);
1293 if (unlikely(ip_mtu_locked(dst))) {
1294 if (rt->rt_gw_family && mtu > 576)
1298 mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
1300 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1303 static void ip_del_fnhe(struct fib_nh *nh, __be32 daddr)
1305 struct fnhe_hash_bucket *hash;
1306 struct fib_nh_exception *fnhe, __rcu **fnhe_p;
1307 u32 hval = fnhe_hashfun(daddr);
1309 spin_lock_bh(&fnhe_lock);
1311 hash = rcu_dereference_protected(nh->nh_exceptions,
1312 lockdep_is_held(&fnhe_lock));
1315 fnhe_p = &hash->chain;
1316 fnhe = rcu_dereference_protected(*fnhe_p, lockdep_is_held(&fnhe_lock));
1318 if (fnhe->fnhe_daddr == daddr) {
1319 rcu_assign_pointer(*fnhe_p, rcu_dereference_protected(
1320 fnhe->fnhe_next, lockdep_is_held(&fnhe_lock)));
1321 /* set fnhe_daddr to 0 to ensure it won't bind with
1322 * new dsts in rt_bind_exception().
1324 fnhe->fnhe_daddr = 0;
1325 fnhe_flush_routes(fnhe);
1326 kfree_rcu(fnhe, rcu);
1329 fnhe_p = &fnhe->fnhe_next;
1330 fnhe = rcu_dereference_protected(fnhe->fnhe_next,
1331 lockdep_is_held(&fnhe_lock));
1334 spin_unlock_bh(&fnhe_lock);
1337 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1339 struct fnhe_hash_bucket *hash = rcu_dereference(nh->nh_exceptions);
1340 struct fib_nh_exception *fnhe;
1346 hval = fnhe_hashfun(daddr);
1348 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1349 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1350 if (fnhe->fnhe_daddr == daddr) {
1351 if (fnhe->fnhe_expires &&
1352 time_after(jiffies, fnhe->fnhe_expires)) {
1353 ip_del_fnhe(nh, daddr);
1363 * 1. mtu on route is locked - use it
1364 * 2. mtu from nexthop exception
1365 * 3. mtu from egress device
1368 u32 ip_mtu_from_fib_result(struct fib_result *res, __be32 daddr)
1370 struct fib_nh_common *nhc = res->nhc;
1371 struct net_device *dev = nhc->nhc_dev;
1372 struct fib_info *fi = res->fi;
1375 if (dev_net(dev)->ipv4.sysctl_ip_fwd_use_pmtu ||
1376 fi->fib_metrics->metrics[RTAX_LOCK - 1] & (1 << RTAX_MTU))
1380 struct fib_nh *nh = container_of(nhc, struct fib_nh, nh_common);
1381 struct fib_nh_exception *fnhe;
1383 fnhe = find_exception(nh, daddr);
1384 if (fnhe && !time_after_eq(jiffies, fnhe->fnhe_expires))
1385 mtu = fnhe->fnhe_pmtu;
1389 mtu = min(READ_ONCE(dev->mtu), IP_MAX_MTU);
1391 return mtu - lwtunnel_headroom(nhc->nhc_lwtstate, mtu);
1394 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1395 __be32 daddr, const bool do_cache)
1399 spin_lock_bh(&fnhe_lock);
1401 if (daddr == fnhe->fnhe_daddr) {
1402 struct rtable __rcu **porig;
1403 struct rtable *orig;
1404 int genid = fnhe_genid(dev_net(rt->dst.dev));
1406 if (rt_is_input_route(rt))
1407 porig = &fnhe->fnhe_rth_input;
1409 porig = &fnhe->fnhe_rth_output;
1410 orig = rcu_dereference(*porig);
1412 if (fnhe->fnhe_genid != genid) {
1413 fnhe->fnhe_genid = genid;
1415 fnhe->fnhe_pmtu = 0;
1416 fnhe->fnhe_expires = 0;
1417 fnhe->fnhe_mtu_locked = false;
1418 fnhe_flush_routes(fnhe);
1421 fill_route_from_fnhe(rt, fnhe);
1424 rt->rt_gw_family = AF_INET;
1429 rcu_assign_pointer(*porig, rt);
1431 dst_dev_put(&orig->dst);
1432 dst_release(&orig->dst);
1437 fnhe->fnhe_stamp = jiffies;
1439 spin_unlock_bh(&fnhe_lock);
1444 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1446 struct rtable *orig, *prev, **p;
1449 if (rt_is_input_route(rt)) {
1450 p = (struct rtable **)&nh->nh_rth_input;
1452 p = (struct rtable **)raw_cpu_ptr(nh->nh_pcpu_rth_output);
1456 /* hold dst before doing cmpxchg() to avoid race condition
1460 prev = cmpxchg(p, orig, rt);
1463 dst_dev_put(&orig->dst);
1464 dst_release(&orig->dst);
1467 dst_release(&rt->dst);
1474 struct uncached_list {
1476 struct list_head head;
1479 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1481 void rt_add_uncached_list(struct rtable *rt)
1483 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1485 rt->rt_uncached_list = ul;
1487 spin_lock_bh(&ul->lock);
1488 list_add_tail(&rt->rt_uncached, &ul->head);
1489 spin_unlock_bh(&ul->lock);
1492 void rt_del_uncached_list(struct rtable *rt)
1494 if (!list_empty(&rt->rt_uncached)) {
1495 struct uncached_list *ul = rt->rt_uncached_list;
1497 spin_lock_bh(&ul->lock);
1498 list_del(&rt->rt_uncached);
1499 spin_unlock_bh(&ul->lock);
1503 static void ipv4_dst_destroy(struct dst_entry *dst)
1505 struct rtable *rt = (struct rtable *)dst;
1507 ip_dst_metrics_put(dst);
1508 rt_del_uncached_list(rt);
1511 void rt_flush_dev(struct net_device *dev)
1513 struct net *net = dev_net(dev);
1517 for_each_possible_cpu(cpu) {
1518 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1520 spin_lock_bh(&ul->lock);
1521 list_for_each_entry(rt, &ul->head, rt_uncached) {
1522 if (rt->dst.dev != dev)
1524 rt->dst.dev = net->loopback_dev;
1525 dev_hold(rt->dst.dev);
1528 spin_unlock_bh(&ul->lock);
1532 static bool rt_cache_valid(const struct rtable *rt)
1535 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1539 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1540 const struct fib_result *res,
1541 struct fib_nh_exception *fnhe,
1542 struct fib_info *fi, u16 type, u32 itag,
1543 const bool do_cache)
1545 bool cached = false;
1548 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1551 if (nhc->nhc_gw_family && nhc->nhc_scope == RT_SCOPE_LINK) {
1552 rt->rt_gw_family = nhc->nhc_gw_family;
1553 /* only INET and INET6 are supported */
1554 if (likely(nhc->nhc_gw_family == AF_INET))
1555 rt->rt_gw4 = nhc->nhc_gw.ipv4;
1557 rt->rt_gw6 = nhc->nhc_gw.ipv6;
1560 ip_dst_init_metrics(&rt->dst, fi->fib_metrics);
1562 nh = container_of(nhc, struct fib_nh, nh_common);
1563 #ifdef CONFIG_IP_ROUTE_CLASSID
1564 rt->dst.tclassid = nh->nh_tclassid;
1566 rt->dst.lwtstate = lwtstate_get(nh->fib_nh_lws);
1568 cached = rt_bind_exception(rt, fnhe, daddr, do_cache);
1570 cached = rt_cache_route(nh, rt);
1571 if (unlikely(!cached)) {
1572 /* Routes we intend to cache in nexthop exception or
1573 * FIB nexthop have the DST_NOCACHE bit clear.
1574 * However, if we are unsuccessful at storing this
1575 * route into the cache we really need to set it.
1578 rt->rt_gw_family = AF_INET;
1581 rt_add_uncached_list(rt);
1584 rt_add_uncached_list(rt);
1586 #ifdef CONFIG_IP_ROUTE_CLASSID
1587 #ifdef CONFIG_IP_MULTIPLE_TABLES
1588 set_class_tag(rt, res->tclassid);
1590 set_class_tag(rt, itag);
1594 struct rtable *rt_dst_alloc(struct net_device *dev,
1595 unsigned int flags, u16 type,
1596 bool nopolicy, bool noxfrm, bool will_cache)
1600 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1601 (will_cache ? 0 : DST_HOST) |
1602 (nopolicy ? DST_NOPOLICY : 0) |
1603 (noxfrm ? DST_NOXFRM : 0));
1606 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1607 rt->rt_flags = flags;
1609 rt->rt_is_input = 0;
1612 rt->rt_mtu_locked = 0;
1613 rt->rt_gw_family = 0;
1615 INIT_LIST_HEAD(&rt->rt_uncached);
1617 rt->dst.output = ip_output;
1618 if (flags & RTCF_LOCAL)
1619 rt->dst.input = ip_local_deliver;
1624 EXPORT_SYMBOL(rt_dst_alloc);
1626 /* called in rcu_read_lock() section */
1627 int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1628 u8 tos, struct net_device *dev,
1629 struct in_device *in_dev, u32 *itag)
1633 /* Primary sanity checks. */
1637 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1638 skb->protocol != htons(ETH_P_IP))
1641 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1644 if (ipv4_is_zeronet(saddr)) {
1645 if (!ipv4_is_local_multicast(daddr) &&
1646 ip_hdr(skb)->protocol != IPPROTO_IGMP)
1649 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1657 /* called in rcu_read_lock() section */
1658 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1659 u8 tos, struct net_device *dev, int our)
1661 struct in_device *in_dev = __in_dev_get_rcu(dev);
1662 unsigned int flags = RTCF_MULTICAST;
1667 err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag);
1672 flags |= RTCF_LOCAL;
1674 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1675 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1679 #ifdef CONFIG_IP_ROUTE_CLASSID
1680 rth->dst.tclassid = itag;
1682 rth->dst.output = ip_rt_bug;
1683 rth->rt_is_input= 1;
1685 #ifdef CONFIG_IP_MROUTE
1686 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1687 rth->dst.input = ip_mr_input;
1689 RT_CACHE_STAT_INC(in_slow_mc);
1691 skb_dst_set(skb, &rth->dst);
1696 static void ip_handle_martian_source(struct net_device *dev,
1697 struct in_device *in_dev,
1698 struct sk_buff *skb,
1702 RT_CACHE_STAT_INC(in_martian_src);
1703 #ifdef CONFIG_IP_ROUTE_VERBOSE
1704 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1706 * RFC1812 recommendation, if source is martian,
1707 * the only hint is MAC header.
1709 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1710 &daddr, &saddr, dev->name);
1711 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1712 print_hex_dump(KERN_WARNING, "ll header: ",
1713 DUMP_PREFIX_OFFSET, 16, 1,
1714 skb_mac_header(skb),
1715 dev->hard_header_len, false);
1721 /* called in rcu_read_lock() section */
1722 static int __mkroute_input(struct sk_buff *skb,
1723 const struct fib_result *res,
1724 struct in_device *in_dev,
1725 __be32 daddr, __be32 saddr, u32 tos)
1727 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
1728 struct net_device *dev = nhc->nhc_dev;
1729 struct fib_nh_exception *fnhe;
1733 struct in_device *out_dev;
1737 /* get a working reference to the output device */
1738 out_dev = __in_dev_get_rcu(dev);
1740 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1744 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1745 in_dev->dev, in_dev, &itag);
1747 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1753 do_cache = res->fi && !itag;
1754 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1755 skb->protocol == htons(ETH_P_IP)) {
1758 gw = nhc->nhc_gw_family == AF_INET ? nhc->nhc_gw.ipv4 : 0;
1759 if (IN_DEV_SHARED_MEDIA(out_dev) ||
1760 inet_addr_onlink(out_dev, saddr, gw))
1761 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1764 if (skb->protocol != htons(ETH_P_IP)) {
1765 /* Not IP (i.e. ARP). Do not create route, if it is
1766 * invalid for proxy arp. DNAT routes are always valid.
1768 * Proxy arp feature have been extended to allow, ARP
1769 * replies back to the same interface, to support
1770 * Private VLAN switch technologies. See arp.c.
1772 if (out_dev == in_dev &&
1773 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1779 nh = container_of(nhc, struct fib_nh, nh_common);
1780 fnhe = find_exception(nh, daddr);
1783 rth = rcu_dereference(fnhe->fnhe_rth_input);
1785 rth = rcu_dereference(nh->nh_rth_input);
1786 if (rt_cache_valid(rth)) {
1787 skb_dst_set_noref(skb, &rth->dst);
1792 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1793 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1794 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1800 rth->rt_is_input = 1;
1801 RT_CACHE_STAT_INC(in_slow_tot);
1803 rth->dst.input = ip_forward;
1805 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag,
1807 lwtunnel_set_redirect(&rth->dst);
1808 skb_dst_set(skb, &rth->dst);
1815 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1816 /* To make ICMP packets follow the right flow, the multipath hash is
1817 * calculated from the inner IP addresses.
1819 static void ip_multipath_l3_keys(const struct sk_buff *skb,
1820 struct flow_keys *hash_keys)
1822 const struct iphdr *outer_iph = ip_hdr(skb);
1823 const struct iphdr *key_iph = outer_iph;
1824 const struct iphdr *inner_iph;
1825 const struct icmphdr *icmph;
1826 struct iphdr _inner_iph;
1827 struct icmphdr _icmph;
1829 if (likely(outer_iph->protocol != IPPROTO_ICMP))
1832 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1835 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1840 if (icmph->type != ICMP_DEST_UNREACH &&
1841 icmph->type != ICMP_REDIRECT &&
1842 icmph->type != ICMP_TIME_EXCEEDED &&
1843 icmph->type != ICMP_PARAMETERPROB)
1846 inner_iph = skb_header_pointer(skb,
1847 outer_iph->ihl * 4 + sizeof(_icmph),
1848 sizeof(_inner_iph), &_inner_iph);
1852 key_iph = inner_iph;
1854 hash_keys->addrs.v4addrs.src = key_iph->saddr;
1855 hash_keys->addrs.v4addrs.dst = key_iph->daddr;
1858 /* if skb is set it will be used and fl4 can be NULL */
1859 int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4,
1860 const struct sk_buff *skb, struct flow_keys *flkeys)
1862 u32 multipath_hash = fl4 ? fl4->flowi4_multipath_hash : 0;
1863 struct flow_keys hash_keys;
1866 switch (net->ipv4.sysctl_fib_multipath_hash_policy) {
1868 memset(&hash_keys, 0, sizeof(hash_keys));
1869 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1871 ip_multipath_l3_keys(skb, &hash_keys);
1873 hash_keys.addrs.v4addrs.src = fl4->saddr;
1874 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1878 /* skb is currently provided only when forwarding */
1880 unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;
1881 struct flow_keys keys;
1883 /* short-circuit if we already have L4 hash present */
1885 return skb_get_hash_raw(skb) >> 1;
1887 memset(&hash_keys, 0, sizeof(hash_keys));
1890 skb_flow_dissect_flow_keys(skb, &keys, flag);
1894 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1895 hash_keys.addrs.v4addrs.src = flkeys->addrs.v4addrs.src;
1896 hash_keys.addrs.v4addrs.dst = flkeys->addrs.v4addrs.dst;
1897 hash_keys.ports.src = flkeys->ports.src;
1898 hash_keys.ports.dst = flkeys->ports.dst;
1899 hash_keys.basic.ip_proto = flkeys->basic.ip_proto;
1901 memset(&hash_keys, 0, sizeof(hash_keys));
1902 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1903 hash_keys.addrs.v4addrs.src = fl4->saddr;
1904 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1905 hash_keys.ports.src = fl4->fl4_sport;
1906 hash_keys.ports.dst = fl4->fl4_dport;
1907 hash_keys.basic.ip_proto = fl4->flowi4_proto;
1911 mhash = flow_hash_from_keys(&hash_keys);
1914 mhash = jhash_2words(mhash, multipath_hash, 0);
1918 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
1920 static int ip_mkroute_input(struct sk_buff *skb,
1921 struct fib_result *res,
1922 struct in_device *in_dev,
1923 __be32 daddr, __be32 saddr, u32 tos,
1924 struct flow_keys *hkeys)
1926 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1927 if (res->fi && res->fi->fib_nhs > 1) {
1928 int h = fib_multipath_hash(res->fi->fib_net, NULL, skb, hkeys);
1930 fib_select_multipath(res, h);
1934 /* create a routing cache entry */
1935 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1939 * NOTE. We drop all the packets that has local source
1940 * addresses, because every properly looped back packet
1941 * must have correct destination already attached by output routine.
1943 * Such approach solves two big problems:
1944 * 1. Not simplex devices are handled properly.
1945 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1946 * called with rcu_read_lock()
1949 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1950 u8 tos, struct net_device *dev,
1951 struct fib_result *res)
1953 struct in_device *in_dev = __in_dev_get_rcu(dev);
1954 struct flow_keys *flkeys = NULL, _flkeys;
1955 struct net *net = dev_net(dev);
1956 struct ip_tunnel_info *tun_info;
1958 unsigned int flags = 0;
1964 /* IP on this device is disabled. */
1969 /* Check for the most weird martians, which can be not detected
1973 tun_info = skb_tunnel_info(skb);
1974 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1975 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
1977 fl4.flowi4_tun_key.tun_id = 0;
1980 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1981 goto martian_source;
1985 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1988 /* Accept zero addresses only to limited broadcast;
1989 * I even do not know to fix it or not. Waiting for complains :-)
1991 if (ipv4_is_zeronet(saddr))
1992 goto martian_source;
1994 if (ipv4_is_zeronet(daddr))
1995 goto martian_destination;
1997 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1998 * and call it once if daddr or/and saddr are loopback addresses
2000 if (ipv4_is_loopback(daddr)) {
2001 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2002 goto martian_destination;
2003 } else if (ipv4_is_loopback(saddr)) {
2004 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
2005 goto martian_source;
2009 * Now we are ready to route packet.
2012 fl4.flowi4_iif = dev->ifindex;
2013 fl4.flowi4_mark = skb->mark;
2014 fl4.flowi4_tos = tos;
2015 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
2016 fl4.flowi4_flags = 0;
2019 fl4.flowi4_uid = sock_net_uid(net, NULL);
2021 if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
2024 fl4.flowi4_proto = 0;
2029 err = fib_lookup(net, &fl4, res, 0);
2031 if (!IN_DEV_FORWARD(in_dev))
2032 err = -EHOSTUNREACH;
2036 if (res->type == RTN_BROADCAST) {
2037 if (IN_DEV_BFORWARD(in_dev))
2042 if (res->type == RTN_LOCAL) {
2043 err = fib_validate_source(skb, saddr, daddr, tos,
2044 0, dev, in_dev, &itag);
2046 goto martian_source;
2050 if (!IN_DEV_FORWARD(in_dev)) {
2051 err = -EHOSTUNREACH;
2054 if (res->type != RTN_UNICAST)
2055 goto martian_destination;
2058 err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys);
2062 if (skb->protocol != htons(ETH_P_IP))
2065 if (!ipv4_is_zeronet(saddr)) {
2066 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
2069 goto martian_source;
2071 flags |= RTCF_BROADCAST;
2072 res->type = RTN_BROADCAST;
2073 RT_CACHE_STAT_INC(in_brd);
2079 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2082 nh = container_of(nhc, struct fib_nh, nh_common);
2083 rth = rcu_dereference(nh->nh_rth_input);
2084 if (rt_cache_valid(rth)) {
2085 skb_dst_set_noref(skb, &rth->dst);
2093 rth = rt_dst_alloc(l3mdev_master_dev_rcu(dev) ? : net->loopback_dev,
2094 flags | RTCF_LOCAL, res->type,
2095 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
2099 rth->dst.output= ip_rt_bug;
2100 #ifdef CONFIG_IP_ROUTE_CLASSID
2101 rth->dst.tclassid = itag;
2103 rth->rt_is_input = 1;
2105 RT_CACHE_STAT_INC(in_slow_tot);
2106 if (res->type == RTN_UNREACHABLE) {
2107 rth->dst.input= ip_error;
2108 rth->dst.error= -err;
2109 rth->rt_flags &= ~RTCF_LOCAL;
2113 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2116 rth->dst.lwtstate = lwtstate_get(nhc->nhc_lwtstate);
2117 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
2118 WARN_ON(rth->dst.input == lwtunnel_input);
2119 rth->dst.lwtstate->orig_input = rth->dst.input;
2120 rth->dst.input = lwtunnel_input;
2123 nh = container_of(nhc, struct fib_nh, nh_common);
2124 if (unlikely(!rt_cache_route(nh, rth)))
2125 rt_add_uncached_list(rth);
2127 skb_dst_set(skb, &rth->dst);
2132 RT_CACHE_STAT_INC(in_no_route);
2133 res->type = RTN_UNREACHABLE;
2139 * Do not cache martian addresses: they should be logged (RFC1812)
2141 martian_destination:
2142 RT_CACHE_STAT_INC(in_martian_dst);
2143 #ifdef CONFIG_IP_ROUTE_VERBOSE
2144 if (IN_DEV_LOG_MARTIANS(in_dev))
2145 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2146 &daddr, &saddr, dev->name);
2158 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2162 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2163 u8 tos, struct net_device *dev)
2165 struct fib_result res;
2168 tos &= IPTOS_RT_MASK;
2170 err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res);
2175 EXPORT_SYMBOL(ip_route_input_noref);
2177 /* called with rcu_read_lock held */
2178 int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2179 u8 tos, struct net_device *dev, struct fib_result *res)
2181 /* Multicast recognition logic is moved from route cache to here.
2182 The problem was that too many Ethernet cards have broken/missing
2183 hardware multicast filters :-( As result the host on multicasting
2184 network acquires a lot of useless route cache entries, sort of
2185 SDR messages from all the world. Now we try to get rid of them.
2186 Really, provided software IP multicast filter is organized
2187 reasonably (at least, hashed), it does not result in a slowdown
2188 comparing with route cache reject entries.
2189 Note, that multicast routers are not affected, because
2190 route cache entry is created eventually.
2192 if (ipv4_is_multicast(daddr)) {
2193 struct in_device *in_dev = __in_dev_get_rcu(dev);
2199 our = ip_check_mc_rcu(in_dev, daddr, saddr,
2200 ip_hdr(skb)->protocol);
2202 /* check l3 master if no match yet */
2203 if (!our && netif_is_l3_slave(dev)) {
2204 struct in_device *l3_in_dev;
2206 l3_in_dev = __in_dev_get_rcu(skb->dev);
2208 our = ip_check_mc_rcu(l3_in_dev, daddr, saddr,
2209 ip_hdr(skb)->protocol);
2213 #ifdef CONFIG_IP_MROUTE
2215 (!ipv4_is_local_multicast(daddr) &&
2216 IN_DEV_MFORWARD(in_dev))
2219 err = ip_route_input_mc(skb, daddr, saddr,
2225 return ip_route_input_slow(skb, daddr, saddr, tos, dev, res);
2228 /* called with rcu_read_lock() */
2229 static struct rtable *__mkroute_output(const struct fib_result *res,
2230 const struct flowi4 *fl4, int orig_oif,
2231 struct net_device *dev_out,
2234 struct fib_info *fi = res->fi;
2235 struct fib_nh_exception *fnhe;
2236 struct in_device *in_dev;
2237 u16 type = res->type;
2241 in_dev = __in_dev_get_rcu(dev_out);
2243 return ERR_PTR(-EINVAL);
2245 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
2246 if (ipv4_is_loopback(fl4->saddr) &&
2247 !(dev_out->flags & IFF_LOOPBACK) &&
2248 !netif_is_l3_master(dev_out))
2249 return ERR_PTR(-EINVAL);
2251 if (ipv4_is_lbcast(fl4->daddr))
2252 type = RTN_BROADCAST;
2253 else if (ipv4_is_multicast(fl4->daddr))
2254 type = RTN_MULTICAST;
2255 else if (ipv4_is_zeronet(fl4->daddr))
2256 return ERR_PTR(-EINVAL);
2258 if (dev_out->flags & IFF_LOOPBACK)
2259 flags |= RTCF_LOCAL;
2262 if (type == RTN_BROADCAST) {
2263 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2265 } else if (type == RTN_MULTICAST) {
2266 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2267 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2269 flags &= ~RTCF_LOCAL;
2272 /* If multicast route do not exist use
2273 * default one, but do not gateway in this case.
2276 if (fi && res->prefixlen < 4)
2278 } else if ((type == RTN_LOCAL) && (orig_oif != 0) &&
2279 (orig_oif != dev_out->ifindex)) {
2280 /* For local routes that require a particular output interface
2281 * we do not want to cache the result. Caching the result
2282 * causes incorrect behaviour when there are multiple source
2283 * addresses on the interface, the end result being that if the
2284 * intended recipient is waiting on that interface for the
2285 * packet he won't receive it because it will be delivered on
2286 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2287 * be set to the loopback interface as well.
2293 do_cache &= fi != NULL;
2295 struct fib_nh_common *nhc = FIB_RES_NHC(*res);
2296 struct fib_nh *nh = container_of(nhc, struct fib_nh, nh_common);
2297 struct rtable __rcu **prth;
2299 fnhe = find_exception(nh, fl4->daddr);
2303 prth = &fnhe->fnhe_rth_output;
2305 if (unlikely(fl4->flowi4_flags &
2306 FLOWI_FLAG_KNOWN_NH &&
2307 !(nhc->nhc_gw_family &&
2308 nhc->nhc_scope == RT_SCOPE_LINK))) {
2312 prth = raw_cpu_ptr(nh->nh_pcpu_rth_output);
2314 rth = rcu_dereference(*prth);
2315 if (rt_cache_valid(rth) && dst_hold_safe(&rth->dst))
2320 rth = rt_dst_alloc(dev_out, flags, type,
2321 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2322 IN_DEV_CONF_GET(in_dev, NOXFRM),
2325 return ERR_PTR(-ENOBUFS);
2327 rth->rt_iif = orig_oif;
2329 RT_CACHE_STAT_INC(out_slow_tot);
2331 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2332 if (flags & RTCF_LOCAL &&
2333 !(dev_out->flags & IFF_LOOPBACK)) {
2334 rth->dst.output = ip_mc_output;
2335 RT_CACHE_STAT_INC(out_slow_mc);
2337 #ifdef CONFIG_IP_MROUTE
2338 if (type == RTN_MULTICAST) {
2339 if (IN_DEV_MFORWARD(in_dev) &&
2340 !ipv4_is_local_multicast(fl4->daddr)) {
2341 rth->dst.input = ip_mr_input;
2342 rth->dst.output = ip_mc_output;
2348 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0, do_cache);
2349 lwtunnel_set_redirect(&rth->dst);
2355 * Major route resolver routine.
2358 struct rtable *ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2359 const struct sk_buff *skb)
2361 __u8 tos = RT_FL_TOS(fl4);
2362 struct fib_result res = {
2370 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2371 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2372 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2373 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2376 rth = ip_route_output_key_hash_rcu(net, fl4, &res, skb);
2381 EXPORT_SYMBOL_GPL(ip_route_output_key_hash);
2383 struct rtable *ip_route_output_key_hash_rcu(struct net *net, struct flowi4 *fl4,
2384 struct fib_result *res,
2385 const struct sk_buff *skb)
2387 struct net_device *dev_out = NULL;
2388 int orig_oif = fl4->flowi4_oif;
2389 unsigned int flags = 0;
2391 int err = -ENETUNREACH;
2394 rth = ERR_PTR(-EINVAL);
2395 if (ipv4_is_multicast(fl4->saddr) ||
2396 ipv4_is_lbcast(fl4->saddr) ||
2397 ipv4_is_zeronet(fl4->saddr))
2400 /* I removed check for oif == dev_out->oif here.
2401 It was wrong for two reasons:
2402 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2403 is assigned to multiple interfaces.
2404 2. Moreover, we are allowed to send packets with saddr
2405 of another iface. --ANK
2408 if (fl4->flowi4_oif == 0 &&
2409 (ipv4_is_multicast(fl4->daddr) ||
2410 ipv4_is_lbcast(fl4->daddr))) {
2411 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2412 dev_out = __ip_dev_find(net, fl4->saddr, false);
2416 /* Special hack: user can direct multicasts
2417 and limited broadcast via necessary interface
2418 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2419 This hack is not just for fun, it allows
2420 vic,vat and friends to work.
2421 They bind socket to loopback, set ttl to zero
2422 and expect that it will work.
2423 From the viewpoint of routing cache they are broken,
2424 because we are not allowed to build multicast path
2425 with loopback source addr (look, routing cache
2426 cannot know, that ttl is zero, so that packet
2427 will not leave this host and route is valid).
2428 Luckily, this hack is good workaround.
2431 fl4->flowi4_oif = dev_out->ifindex;
2435 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2436 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2437 if (!__ip_dev_find(net, fl4->saddr, false))
2443 if (fl4->flowi4_oif) {
2444 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2445 rth = ERR_PTR(-ENODEV);
2449 /* RACE: Check return value of inet_select_addr instead. */
2450 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2451 rth = ERR_PTR(-ENETUNREACH);
2454 if (ipv4_is_local_multicast(fl4->daddr) ||
2455 ipv4_is_lbcast(fl4->daddr) ||
2456 fl4->flowi4_proto == IPPROTO_IGMP) {
2458 fl4->saddr = inet_select_addr(dev_out, 0,
2463 if (ipv4_is_multicast(fl4->daddr))
2464 fl4->saddr = inet_select_addr(dev_out, 0,
2466 else if (!fl4->daddr)
2467 fl4->saddr = inet_select_addr(dev_out, 0,
2473 fl4->daddr = fl4->saddr;
2475 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2476 dev_out = net->loopback_dev;
2477 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2478 res->type = RTN_LOCAL;
2479 flags |= RTCF_LOCAL;
2483 err = fib_lookup(net, fl4, res, 0);
2487 if (fl4->flowi4_oif &&
2488 (ipv4_is_multicast(fl4->daddr) ||
2489 !netif_index_is_l3_master(net, fl4->flowi4_oif))) {
2490 /* Apparently, routing tables are wrong. Assume,
2491 that the destination is on link.
2494 Because we are allowed to send to iface
2495 even if it has NO routes and NO assigned
2496 addresses. When oif is specified, routing
2497 tables are looked up with only one purpose:
2498 to catch if destination is gatewayed, rather than
2499 direct. Moreover, if MSG_DONTROUTE is set,
2500 we send packet, ignoring both routing tables
2501 and ifaddr state. --ANK
2504 We could make it even if oif is unknown,
2505 likely IPv6, but we do not.
2508 if (fl4->saddr == 0)
2509 fl4->saddr = inet_select_addr(dev_out, 0,
2511 res->type = RTN_UNICAST;
2518 if (res->type == RTN_LOCAL) {
2520 if (res->fi->fib_prefsrc)
2521 fl4->saddr = res->fi->fib_prefsrc;
2523 fl4->saddr = fl4->daddr;
2526 /* L3 master device is the loopback for that domain */
2527 dev_out = l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) ? :
2530 /* make sure orig_oif points to fib result device even
2531 * though packet rx/tx happens over loopback or l3mdev
2533 orig_oif = FIB_RES_OIF(*res);
2535 fl4->flowi4_oif = dev_out->ifindex;
2536 flags |= RTCF_LOCAL;
2540 fib_select_path(net, res, fl4, skb);
2542 dev_out = FIB_RES_DEV(*res);
2543 fl4->flowi4_oif = dev_out->ifindex;
2547 rth = __mkroute_output(res, fl4, orig_oif, dev_out, flags);
2553 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2558 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2560 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2562 return mtu ? : dst->dev->mtu;
2565 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2566 struct sk_buff *skb, u32 mtu)
2570 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2571 struct sk_buff *skb)
2575 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2581 static struct dst_ops ipv4_dst_blackhole_ops = {
2583 .check = ipv4_blackhole_dst_check,
2584 .mtu = ipv4_blackhole_mtu,
2585 .default_advmss = ipv4_default_advmss,
2586 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2587 .redirect = ipv4_rt_blackhole_redirect,
2588 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2589 .neigh_lookup = ipv4_neigh_lookup,
2592 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2594 struct rtable *ort = (struct rtable *) dst_orig;
2597 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_DEAD, 0);
2599 struct dst_entry *new = &rt->dst;
2602 new->input = dst_discard;
2603 new->output = dst_discard_out;
2605 new->dev = net->loopback_dev;
2609 rt->rt_is_input = ort->rt_is_input;
2610 rt->rt_iif = ort->rt_iif;
2611 rt->rt_pmtu = ort->rt_pmtu;
2612 rt->rt_mtu_locked = ort->rt_mtu_locked;
2614 rt->rt_genid = rt_genid_ipv4(net);
2615 rt->rt_flags = ort->rt_flags;
2616 rt->rt_type = ort->rt_type;
2617 rt->rt_gw_family = ort->rt_gw_family;
2618 if (rt->rt_gw_family == AF_INET)
2619 rt->rt_gw4 = ort->rt_gw4;
2620 else if (rt->rt_gw_family == AF_INET6)
2621 rt->rt_gw6 = ort->rt_gw6;
2623 INIT_LIST_HEAD(&rt->rt_uncached);
2626 dst_release(dst_orig);
2628 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2631 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2632 const struct sock *sk)
2634 struct rtable *rt = __ip_route_output_key(net, flp4);
2639 if (flp4->flowi4_proto)
2640 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2641 flowi4_to_flowi(flp4),
2646 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2648 /* called with rcu_read_lock held */
2649 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2650 struct rtable *rt, u32 table_id, struct flowi4 *fl4,
2651 struct sk_buff *skb, u32 portid, u32 seq)
2654 struct nlmsghdr *nlh;
2655 unsigned long expires = 0;
2657 u32 metrics[RTAX_MAX];
2659 nlh = nlmsg_put(skb, portid, seq, RTM_NEWROUTE, sizeof(*r), 0);
2663 r = nlmsg_data(nlh);
2664 r->rtm_family = AF_INET;
2665 r->rtm_dst_len = 32;
2667 r->rtm_tos = fl4->flowi4_tos;
2668 r->rtm_table = table_id < 256 ? table_id : RT_TABLE_COMPAT;
2669 if (nla_put_u32(skb, RTA_TABLE, table_id))
2670 goto nla_put_failure;
2671 r->rtm_type = rt->rt_type;
2672 r->rtm_scope = RT_SCOPE_UNIVERSE;
2673 r->rtm_protocol = RTPROT_UNSPEC;
2674 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2675 if (rt->rt_flags & RTCF_NOTIFY)
2676 r->rtm_flags |= RTM_F_NOTIFY;
2677 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2678 r->rtm_flags |= RTCF_DOREDIRECT;
2680 if (nla_put_in_addr(skb, RTA_DST, dst))
2681 goto nla_put_failure;
2683 r->rtm_src_len = 32;
2684 if (nla_put_in_addr(skb, RTA_SRC, src))
2685 goto nla_put_failure;
2688 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2689 goto nla_put_failure;
2690 #ifdef CONFIG_IP_ROUTE_CLASSID
2691 if (rt->dst.tclassid &&
2692 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2693 goto nla_put_failure;
2695 if (!rt_is_input_route(rt) &&
2696 fl4->saddr != src) {
2697 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2698 goto nla_put_failure;
2700 if (rt->rt_gw_family == AF_INET &&
2701 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gw4)) {
2702 goto nla_put_failure;
2703 } else if (rt->rt_gw_family == AF_INET6) {
2704 int alen = sizeof(struct in6_addr);
2708 nla = nla_reserve(skb, RTA_VIA, alen + 2);
2710 goto nla_put_failure;
2712 via = nla_data(nla);
2713 via->rtvia_family = AF_INET6;
2714 memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
2717 expires = rt->dst.expires;
2719 unsigned long now = jiffies;
2721 if (time_before(now, expires))
2727 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2728 if (rt->rt_pmtu && expires)
2729 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2730 if (rt->rt_mtu_locked && expires)
2731 metrics[RTAX_LOCK - 1] |= BIT(RTAX_MTU);
2732 if (rtnetlink_put_metrics(skb, metrics) < 0)
2733 goto nla_put_failure;
2735 if (fl4->flowi4_mark &&
2736 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2737 goto nla_put_failure;
2739 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2740 nla_put_u32(skb, RTA_UID,
2741 from_kuid_munged(current_user_ns(), fl4->flowi4_uid)))
2742 goto nla_put_failure;
2744 error = rt->dst.error;
2746 if (rt_is_input_route(rt)) {
2747 #ifdef CONFIG_IP_MROUTE
2748 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2749 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2750 int err = ipmr_get_route(net, skb,
2751 fl4->saddr, fl4->daddr,
2757 goto nla_put_failure;
2761 if (nla_put_u32(skb, RTA_IIF, fl4->flowi4_iif))
2762 goto nla_put_failure;
2765 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2766 goto nla_put_failure;
2768 nlmsg_end(skb, nlh);
2772 nlmsg_cancel(skb, nlh);
2776 static struct sk_buff *inet_rtm_getroute_build_skb(__be32 src, __be32 dst,
2777 u8 ip_proto, __be16 sport,
2780 struct sk_buff *skb;
2783 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2787 /* Reserve room for dummy headers, this skb can pass
2788 * through good chunk of routing engine.
2790 skb_reset_mac_header(skb);
2791 skb_reset_network_header(skb);
2792 skb->protocol = htons(ETH_P_IP);
2793 iph = skb_put(skb, sizeof(struct iphdr));
2794 iph->protocol = ip_proto;
2800 skb_set_transport_header(skb, skb->len);
2802 switch (iph->protocol) {
2804 struct udphdr *udph;
2806 udph = skb_put_zero(skb, sizeof(struct udphdr));
2807 udph->source = sport;
2809 udph->len = sizeof(struct udphdr);
2814 struct tcphdr *tcph;
2816 tcph = skb_put_zero(skb, sizeof(struct tcphdr));
2817 tcph->source = sport;
2819 tcph->doff = sizeof(struct tcphdr) / 4;
2821 tcph->check = ~tcp_v4_check(sizeof(struct tcphdr),
2825 case IPPROTO_ICMP: {
2826 struct icmphdr *icmph;
2828 icmph = skb_put_zero(skb, sizeof(struct icmphdr));
2829 icmph->type = ICMP_ECHO;
2837 static int inet_rtm_valid_getroute_req(struct sk_buff *skb,
2838 const struct nlmsghdr *nlh,
2840 struct netlink_ext_ack *extack)
2845 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
2846 NL_SET_ERR_MSG(extack,
2847 "ipv4: Invalid header for route get request");
2851 if (!netlink_strict_get_check(skb))
2852 return nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
2853 rtm_ipv4_policy, extack);
2855 rtm = nlmsg_data(nlh);
2856 if ((rtm->rtm_src_len && rtm->rtm_src_len != 32) ||
2857 (rtm->rtm_dst_len && rtm->rtm_dst_len != 32) ||
2858 rtm->rtm_table || rtm->rtm_protocol ||
2859 rtm->rtm_scope || rtm->rtm_type) {
2860 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for route get request");
2864 if (rtm->rtm_flags & ~(RTM_F_NOTIFY |
2865 RTM_F_LOOKUP_TABLE |
2867 NL_SET_ERR_MSG(extack, "ipv4: Unsupported rtm_flags for route get request");
2871 err = nlmsg_parse_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
2872 rtm_ipv4_policy, extack);
2876 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
2877 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
2878 NL_SET_ERR_MSG(extack, "ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4");
2882 for (i = 0; i <= RTA_MAX; i++) {
2898 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in route get request");
2906 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2907 struct netlink_ext_ack *extack)
2909 struct net *net = sock_net(in_skb->sk);
2910 struct nlattr *tb[RTA_MAX+1];
2911 u32 table_id = RT_TABLE_MAIN;
2912 __be16 sport = 0, dport = 0;
2913 struct fib_result res = {};
2914 u8 ip_proto = IPPROTO_UDP;
2915 struct rtable *rt = NULL;
2916 struct sk_buff *skb;
2918 struct flowi4 fl4 = {};
2926 err = inet_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
2930 rtm = nlmsg_data(nlh);
2931 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
2932 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
2933 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2934 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2936 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
2938 uid = (iif ? INVALID_UID : current_uid());
2940 if (tb[RTA_IP_PROTO]) {
2941 err = rtm_getroute_parse_ip_proto(tb[RTA_IP_PROTO],
2942 &ip_proto, AF_INET, extack);
2948 sport = nla_get_be16(tb[RTA_SPORT]);
2951 dport = nla_get_be16(tb[RTA_DPORT]);
2953 skb = inet_rtm_getroute_build_skb(src, dst, ip_proto, sport, dport);
2959 fl4.flowi4_tos = rtm->rtm_tos;
2960 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2961 fl4.flowi4_mark = mark;
2962 fl4.flowi4_uid = uid;
2964 fl4.fl4_sport = sport;
2966 fl4.fl4_dport = dport;
2967 fl4.flowi4_proto = ip_proto;
2972 struct net_device *dev;
2974 dev = dev_get_by_index_rcu(net, iif);
2980 fl4.flowi4_iif = iif; /* for rt_fill_info */
2983 err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos,
2986 rt = skb_rtable(skb);
2987 if (err == 0 && rt->dst.error)
2988 err = -rt->dst.error;
2990 fl4.flowi4_iif = LOOPBACK_IFINDEX;
2991 skb->dev = net->loopback_dev;
2992 rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb);
2997 skb_dst_set(skb, &rt->dst);
3003 if (rtm->rtm_flags & RTM_F_NOTIFY)
3004 rt->rt_flags |= RTCF_NOTIFY;
3006 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
3007 table_id = res.table ? res.table->tb_id : 0;
3009 /* reset skb for netlink reply msg */
3011 skb_reset_network_header(skb);
3012 skb_reset_transport_header(skb);
3013 skb_reset_mac_header(skb);
3015 if (rtm->rtm_flags & RTM_F_FIB_MATCH) {
3017 err = fib_props[res.type].error;
3019 err = -EHOSTUNREACH;
3022 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid,
3023 nlh->nlmsg_seq, RTM_NEWROUTE, table_id,
3024 rt->rt_type, res.prefix, res.prefixlen,
3025 fl4.flowi4_tos, res.fi, 0);
3027 err = rt_fill_info(net, dst, src, rt, table_id, &fl4, skb,
3028 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq);
3035 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3045 void ip_rt_multicast_event(struct in_device *in_dev)
3047 rt_cache_flush(dev_net(in_dev->dev));
3050 #ifdef CONFIG_SYSCTL
3051 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
3052 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
3053 static int ip_rt_gc_elasticity __read_mostly = 8;
3054 static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU;
3056 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
3057 void __user *buffer,
3058 size_t *lenp, loff_t *ppos)
3060 struct net *net = (struct net *)__ctl->extra1;
3063 rt_cache_flush(net);
3064 fnhe_genid_bump(net);
3071 static struct ctl_table ipv4_route_table[] = {
3073 .procname = "gc_thresh",
3074 .data = &ipv4_dst_ops.gc_thresh,
3075 .maxlen = sizeof(int),
3077 .proc_handler = proc_dointvec,
3080 .procname = "max_size",
3081 .data = &ip_rt_max_size,
3082 .maxlen = sizeof(int),
3084 .proc_handler = proc_dointvec,
3087 /* Deprecated. Use gc_min_interval_ms */
3089 .procname = "gc_min_interval",
3090 .data = &ip_rt_gc_min_interval,
3091 .maxlen = sizeof(int),
3093 .proc_handler = proc_dointvec_jiffies,
3096 .procname = "gc_min_interval_ms",
3097 .data = &ip_rt_gc_min_interval,
3098 .maxlen = sizeof(int),
3100 .proc_handler = proc_dointvec_ms_jiffies,
3103 .procname = "gc_timeout",
3104 .data = &ip_rt_gc_timeout,
3105 .maxlen = sizeof(int),
3107 .proc_handler = proc_dointvec_jiffies,
3110 .procname = "gc_interval",
3111 .data = &ip_rt_gc_interval,
3112 .maxlen = sizeof(int),
3114 .proc_handler = proc_dointvec_jiffies,
3117 .procname = "redirect_load",
3118 .data = &ip_rt_redirect_load,
3119 .maxlen = sizeof(int),
3121 .proc_handler = proc_dointvec,
3124 .procname = "redirect_number",
3125 .data = &ip_rt_redirect_number,
3126 .maxlen = sizeof(int),
3128 .proc_handler = proc_dointvec,
3131 .procname = "redirect_silence",
3132 .data = &ip_rt_redirect_silence,
3133 .maxlen = sizeof(int),
3135 .proc_handler = proc_dointvec,
3138 .procname = "error_cost",
3139 .data = &ip_rt_error_cost,
3140 .maxlen = sizeof(int),
3142 .proc_handler = proc_dointvec,
3145 .procname = "error_burst",
3146 .data = &ip_rt_error_burst,
3147 .maxlen = sizeof(int),
3149 .proc_handler = proc_dointvec,
3152 .procname = "gc_elasticity",
3153 .data = &ip_rt_gc_elasticity,
3154 .maxlen = sizeof(int),
3156 .proc_handler = proc_dointvec,
3159 .procname = "mtu_expires",
3160 .data = &ip_rt_mtu_expires,
3161 .maxlen = sizeof(int),
3163 .proc_handler = proc_dointvec_jiffies,
3166 .procname = "min_pmtu",
3167 .data = &ip_rt_min_pmtu,
3168 .maxlen = sizeof(int),
3170 .proc_handler = proc_dointvec_minmax,
3171 .extra1 = &ip_min_valid_pmtu,
3174 .procname = "min_adv_mss",
3175 .data = &ip_rt_min_advmss,
3176 .maxlen = sizeof(int),
3178 .proc_handler = proc_dointvec,
3183 static struct ctl_table ipv4_route_flush_table[] = {
3185 .procname = "flush",
3186 .maxlen = sizeof(int),
3188 .proc_handler = ipv4_sysctl_rtcache_flush,
3193 static __net_init int sysctl_route_net_init(struct net *net)
3195 struct ctl_table *tbl;
3197 tbl = ipv4_route_flush_table;
3198 if (!net_eq(net, &init_net)) {
3199 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3203 /* Don't export sysctls to unprivileged users */
3204 if (net->user_ns != &init_user_ns)
3205 tbl[0].procname = NULL;
3207 tbl[0].extra1 = net;
3209 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
3210 if (!net->ipv4.route_hdr)
3215 if (tbl != ipv4_route_flush_table)
3221 static __net_exit void sysctl_route_net_exit(struct net *net)
3223 struct ctl_table *tbl;
3225 tbl = net->ipv4.route_hdr->ctl_table_arg;
3226 unregister_net_sysctl_table(net->ipv4.route_hdr);
3227 BUG_ON(tbl == ipv4_route_flush_table);
3231 static __net_initdata struct pernet_operations sysctl_route_ops = {
3232 .init = sysctl_route_net_init,
3233 .exit = sysctl_route_net_exit,
3237 static __net_init int rt_genid_init(struct net *net)
3239 atomic_set(&net->ipv4.rt_genid, 0);
3240 atomic_set(&net->fnhe_genid, 0);
3241 atomic_set(&net->ipv4.dev_addr_genid, get_random_int());
3245 static __net_initdata struct pernet_operations rt_genid_ops = {
3246 .init = rt_genid_init,
3249 static int __net_init ipv4_inetpeer_init(struct net *net)
3251 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3255 inet_peer_base_init(bp);
3256 net->ipv4.peers = bp;
3260 static void __net_exit ipv4_inetpeer_exit(struct net *net)
3262 struct inet_peer_base *bp = net->ipv4.peers;
3264 net->ipv4.peers = NULL;
3265 inetpeer_invalidate_tree(bp);
3269 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
3270 .init = ipv4_inetpeer_init,
3271 .exit = ipv4_inetpeer_exit,
3274 #ifdef CONFIG_IP_ROUTE_CLASSID
3275 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3276 #endif /* CONFIG_IP_ROUTE_CLASSID */
3278 int __init ip_rt_init(void)
3282 ip_idents = kmalloc_array(IP_IDENTS_SZ, sizeof(*ip_idents),
3285 panic("IP: failed to allocate ip_idents\n");
3287 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
3289 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
3291 panic("IP: failed to allocate ip_tstamps\n");
3293 for_each_possible_cpu(cpu) {
3294 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
3296 INIT_LIST_HEAD(&ul->head);
3297 spin_lock_init(&ul->lock);
3299 #ifdef CONFIG_IP_ROUTE_CLASSID
3300 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3302 panic("IP: failed to allocate ip_rt_acct\n");
3305 ipv4_dst_ops.kmem_cachep =
3306 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3307 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3309 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3311 if (dst_entries_init(&ipv4_dst_ops) < 0)
3312 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3314 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3315 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3317 ipv4_dst_ops.gc_thresh = ~0;
3318 ip_rt_max_size = INT_MAX;
3323 if (ip_rt_proc_init())
3324 pr_err("Unable to create route proc files\n");
3329 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL,
3330 RTNL_FLAG_DOIT_UNLOCKED);
3332 #ifdef CONFIG_SYSCTL
3333 register_pernet_subsys(&sysctl_route_ops);
3335 register_pernet_subsys(&rt_genid_ops);
3336 register_pernet_subsys(&ipv4_inetpeer_ops);
3340 #ifdef CONFIG_SYSCTL
3342 * We really need to sanitize the damn ipv4 init order, then all
3343 * this nonsense will go away.
3345 void __init ip_static_sysctl_init(void)
3347 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);