2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <linux/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/dst_metadata.h>
95 #include <net/net_namespace.h>
96 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/inetpeer.h>
100 #include <net/sock.h>
101 #include <net/ip_fib.h>
104 #include <net/icmp.h>
105 #include <net/xfrm.h>
106 #include <net/lwtunnel.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
110 #include <linux/sysctl.h>
112 #include <net/secure_seq.h>
113 #include <net/ip_tunnels.h>
114 #include <net/l3mdev.h>
116 #include "fib_lookup.h"
118 #define RT_FL_TOS(oldflp4) \
119 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
121 #define RT_GC_TIMEOUT (300*HZ)
123 static int ip_rt_max_size;
124 static int ip_rt_redirect_number __read_mostly = 9;
125 static int ip_rt_redirect_load __read_mostly = HZ / 50;
126 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
127 static int ip_rt_error_cost __read_mostly = HZ;
128 static int ip_rt_error_burst __read_mostly = 5 * HZ;
129 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
130 static u32 ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
131 static int ip_rt_min_advmss __read_mostly = 256;
133 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
136 * Interface to generic destination cache.
139 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
140 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
141 static unsigned int ipv4_mtu(const struct dst_entry *dst);
142 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
143 static void ipv4_link_failure(struct sk_buff *skb);
144 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb, u32 mtu);
146 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
147 struct sk_buff *skb);
148 static void ipv4_dst_destroy(struct dst_entry *dst);
150 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
156 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
159 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr);
161 static struct dst_ops ipv4_dst_ops = {
163 .check = ipv4_dst_check,
164 .default_advmss = ipv4_default_advmss,
166 .cow_metrics = ipv4_cow_metrics,
167 .destroy = ipv4_dst_destroy,
168 .negative_advice = ipv4_negative_advice,
169 .link_failure = ipv4_link_failure,
170 .update_pmtu = ip_rt_update_pmtu,
171 .redirect = ip_do_redirect,
172 .local_out = __ip_local_out,
173 .neigh_lookup = ipv4_neigh_lookup,
174 .confirm_neigh = ipv4_confirm_neigh,
177 #define ECN_OR_COST(class) TC_PRIO_##class
179 const __u8 ip_tos2prio[16] = {
181 ECN_OR_COST(BESTEFFORT),
183 ECN_OR_COST(BESTEFFORT),
189 ECN_OR_COST(INTERACTIVE),
191 ECN_OR_COST(INTERACTIVE),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK),
194 TC_PRIO_INTERACTIVE_BULK,
195 ECN_OR_COST(INTERACTIVE_BULK)
197 EXPORT_SYMBOL(ip_tos2prio);
199 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
200 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
202 #ifdef CONFIG_PROC_FS
203 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
207 return SEQ_START_TOKEN;
210 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
216 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
220 static int rt_cache_seq_show(struct seq_file *seq, void *v)
222 if (v == SEQ_START_TOKEN)
223 seq_printf(seq, "%-127s\n",
224 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
225 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
230 static const struct seq_operations rt_cache_seq_ops = {
231 .start = rt_cache_seq_start,
232 .next = rt_cache_seq_next,
233 .stop = rt_cache_seq_stop,
234 .show = rt_cache_seq_show,
237 static int rt_cache_seq_open(struct inode *inode, struct file *file)
239 return seq_open(file, &rt_cache_seq_ops);
242 static const struct file_operations rt_cache_seq_fops = {
243 .open = rt_cache_seq_open,
246 .release = seq_release,
250 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
255 return SEQ_START_TOKEN;
257 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
258 if (!cpu_possible(cpu))
261 return &per_cpu(rt_cache_stat, cpu);
266 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
270 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
271 if (!cpu_possible(cpu))
274 return &per_cpu(rt_cache_stat, cpu);
280 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
285 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
287 struct rt_cache_stat *st = v;
289 if (v == SEQ_START_TOKEN) {
290 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
294 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
295 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
296 dst_entries_get_slow(&ipv4_dst_ops),
309 0, /* st->gc_total */
310 0, /* st->gc_ignored */
311 0, /* st->gc_goal_miss */
312 0, /* st->gc_dst_overflow */
313 0, /* st->in_hlist_search */
314 0 /* st->out_hlist_search */
319 static const struct seq_operations rt_cpu_seq_ops = {
320 .start = rt_cpu_seq_start,
321 .next = rt_cpu_seq_next,
322 .stop = rt_cpu_seq_stop,
323 .show = rt_cpu_seq_show,
327 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
329 return seq_open(file, &rt_cpu_seq_ops);
332 static const struct file_operations rt_cpu_seq_fops = {
333 .open = rt_cpu_seq_open,
336 .release = seq_release,
339 #ifdef CONFIG_IP_ROUTE_CLASSID
340 static int rt_acct_proc_show(struct seq_file *m, void *v)
342 struct ip_rt_acct *dst, *src;
345 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
349 for_each_possible_cpu(i) {
350 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
351 for (j = 0; j < 256; j++) {
352 dst[j].o_bytes += src[j].o_bytes;
353 dst[j].o_packets += src[j].o_packets;
354 dst[j].i_bytes += src[j].i_bytes;
355 dst[j].i_packets += src[j].i_packets;
359 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
365 static int __net_init ip_rt_do_proc_init(struct net *net)
367 struct proc_dir_entry *pde;
369 pde = proc_create("rt_cache", 0444, net->proc_net,
374 pde = proc_create("rt_cache", 0444,
375 net->proc_net_stat, &rt_cpu_seq_fops);
379 #ifdef CONFIG_IP_ROUTE_CLASSID
380 pde = proc_create_single("rt_acct", 0, net->proc_net,
387 #ifdef CONFIG_IP_ROUTE_CLASSID
389 remove_proc_entry("rt_cache", net->proc_net_stat);
392 remove_proc_entry("rt_cache", net->proc_net);
397 static void __net_exit ip_rt_do_proc_exit(struct net *net)
399 remove_proc_entry("rt_cache", net->proc_net_stat);
400 remove_proc_entry("rt_cache", net->proc_net);
401 #ifdef CONFIG_IP_ROUTE_CLASSID
402 remove_proc_entry("rt_acct", net->proc_net);
406 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
407 .init = ip_rt_do_proc_init,
408 .exit = ip_rt_do_proc_exit,
411 static int __init ip_rt_proc_init(void)
413 return register_pernet_subsys(&ip_rt_proc_ops);
417 static inline int ip_rt_proc_init(void)
421 #endif /* CONFIG_PROC_FS */
423 static inline bool rt_is_expired(const struct rtable *rth)
425 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
428 void rt_cache_flush(struct net *net)
430 rt_genid_bump_ipv4(net);
433 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
437 struct net_device *dev = dst->dev;
438 const __be32 *pkey = daddr;
439 const struct rtable *rt;
442 rt = (const struct rtable *) dst;
444 pkey = (const __be32 *) &rt->rt_gateway;
446 pkey = &ip_hdr(skb)->daddr;
448 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
451 return neigh_create(&arp_tbl, pkey, dev);
454 static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr)
456 struct net_device *dev = dst->dev;
457 const __be32 *pkey = daddr;
458 const struct rtable *rt;
460 rt = (const struct rtable *)dst;
462 pkey = (const __be32 *)&rt->rt_gateway;
465 (RTCF_MULTICAST | RTCF_BROADCAST | RTCF_LOCAL)))
468 __ipv4_confirm_neigh(dev, *(__force u32 *)pkey);
471 #define IP_IDENTS_SZ 2048u
473 static atomic_t *ip_idents __read_mostly;
474 static u32 *ip_tstamps __read_mostly;
476 /* In order to protect privacy, we add a perturbation to identifiers
477 * if one generator is seldom used. This makes hard for an attacker
478 * to infer how many packets were sent between two points in time.
480 u32 ip_idents_reserve(u32 hash, int segs)
482 u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
483 atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
484 u32 old = READ_ONCE(*p_tstamp);
485 u32 now = (u32)jiffies;
488 if (old != now && cmpxchg(p_tstamp, old, now) == old)
489 delta = prandom_u32_max(now - old);
491 /* Do not use atomic_add_return() as it makes UBSAN unhappy */
493 old = (u32)atomic_read(p_id);
494 new = old + delta + segs;
495 } while (atomic_cmpxchg(p_id, old, new) != old);
499 EXPORT_SYMBOL(ip_idents_reserve);
501 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
505 /* Note the following code is not safe, but this is okay. */
506 if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
507 get_random_bytes(&net->ipv4.ip_id_key,
508 sizeof(net->ipv4.ip_id_key));
510 hash = siphash_3u32((__force u32)iph->daddr,
511 (__force u32)iph->saddr,
513 &net->ipv4.ip_id_key);
514 id = ip_idents_reserve(hash, segs);
517 EXPORT_SYMBOL(__ip_select_ident);
519 static void __build_flow_key(const struct net *net, struct flowi4 *fl4,
520 const struct sock *sk,
521 const struct iphdr *iph,
523 u8 prot, u32 mark, int flow_flags)
526 const struct inet_sock *inet = inet_sk(sk);
528 oif = sk->sk_bound_dev_if;
530 tos = RT_CONN_FLAGS(sk);
531 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
533 flowi4_init_output(fl4, oif, mark, tos,
534 RT_SCOPE_UNIVERSE, prot,
536 iph->daddr, iph->saddr, 0, 0,
537 sock_net_uid(net, sk));
540 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
541 const struct sock *sk)
543 const struct net *net = dev_net(skb->dev);
544 const struct iphdr *iph = ip_hdr(skb);
545 int oif = skb->dev->ifindex;
546 u8 tos = RT_TOS(iph->tos);
547 u8 prot = iph->protocol;
548 u32 mark = skb->mark;
550 __build_flow_key(net, fl4, sk, iph, oif, tos, prot, mark, 0);
553 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
555 const struct inet_sock *inet = inet_sk(sk);
556 const struct ip_options_rcu *inet_opt;
557 __be32 daddr = inet->inet_daddr;
560 inet_opt = rcu_dereference(inet->inet_opt);
561 if (inet_opt && inet_opt->opt.srr)
562 daddr = inet_opt->opt.faddr;
563 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
564 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
565 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
566 inet_sk_flowi_flags(sk),
567 daddr, inet->inet_saddr, 0, 0, sk->sk_uid);
571 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
572 const struct sk_buff *skb)
575 build_skb_flow_key(fl4, skb, sk);
577 build_sk_flow_key(fl4, sk);
580 static DEFINE_SPINLOCK(fnhe_lock);
582 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
586 rt = rcu_dereference(fnhe->fnhe_rth_input);
588 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
589 dst_dev_put(&rt->dst);
590 dst_release(&rt->dst);
592 rt = rcu_dereference(fnhe->fnhe_rth_output);
594 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
595 dst_dev_put(&rt->dst);
596 dst_release(&rt->dst);
600 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
602 struct fib_nh_exception *fnhe, *oldest;
604 oldest = rcu_dereference(hash->chain);
605 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
606 fnhe = rcu_dereference(fnhe->fnhe_next)) {
607 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
610 fnhe_flush_routes(oldest);
614 static inline u32 fnhe_hashfun(__be32 daddr)
616 static u32 fnhe_hashrnd __read_mostly;
619 net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
620 hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
621 return hash_32(hval, FNHE_HASH_SHIFT);
624 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
626 rt->rt_pmtu = fnhe->fnhe_pmtu;
627 rt->rt_mtu_locked = fnhe->fnhe_mtu_locked;
628 rt->dst.expires = fnhe->fnhe_expires;
631 rt->rt_flags |= RTCF_REDIRECTED;
632 rt->rt_gateway = fnhe->fnhe_gw;
633 rt->rt_uses_gateway = 1;
637 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
638 u32 pmtu, bool lock, unsigned long expires)
640 struct fnhe_hash_bucket *hash;
641 struct fib_nh_exception *fnhe;
647 genid = fnhe_genid(dev_net(nh->nh_dev));
648 hval = fnhe_hashfun(daddr);
650 spin_lock_bh(&fnhe_lock);
652 hash = rcu_dereference(nh->nh_exceptions);
654 hash = kcalloc(FNHE_HASH_SIZE, sizeof(*hash), GFP_ATOMIC);
657 rcu_assign_pointer(nh->nh_exceptions, hash);
663 for (fnhe = rcu_dereference(hash->chain); fnhe;
664 fnhe = rcu_dereference(fnhe->fnhe_next)) {
665 if (fnhe->fnhe_daddr == daddr)
671 if (fnhe->fnhe_genid != genid)
672 fnhe->fnhe_genid = genid;
676 fnhe->fnhe_pmtu = pmtu;
677 fnhe->fnhe_mtu_locked = lock;
679 fnhe->fnhe_expires = max(1UL, expires);
680 /* Update all cached dsts too */
681 rt = rcu_dereference(fnhe->fnhe_rth_input);
683 fill_route_from_fnhe(rt, fnhe);
684 rt = rcu_dereference(fnhe->fnhe_rth_output);
686 fill_route_from_fnhe(rt, fnhe);
688 if (depth > FNHE_RECLAIM_DEPTH)
689 fnhe = fnhe_oldest(hash);
691 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
695 fnhe->fnhe_next = hash->chain;
696 rcu_assign_pointer(hash->chain, fnhe);
698 fnhe->fnhe_genid = genid;
699 fnhe->fnhe_daddr = daddr;
701 fnhe->fnhe_pmtu = pmtu;
702 fnhe->fnhe_mtu_locked = lock;
703 fnhe->fnhe_expires = max(1UL, expires);
705 /* Exception created; mark the cached routes for the nexthop
706 * stale, so anyone caching it rechecks if this exception
709 rt = rcu_dereference(nh->nh_rth_input);
711 rt->dst.obsolete = DST_OBSOLETE_KILL;
713 for_each_possible_cpu(i) {
714 struct rtable __rcu **prt;
715 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
716 rt = rcu_dereference(*prt);
718 rt->dst.obsolete = DST_OBSOLETE_KILL;
722 fnhe->fnhe_stamp = jiffies;
725 spin_unlock_bh(&fnhe_lock);
728 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
731 __be32 new_gw = icmp_hdr(skb)->un.gateway;
732 __be32 old_gw = ip_hdr(skb)->saddr;
733 struct net_device *dev = skb->dev;
734 struct in_device *in_dev;
735 struct fib_result res;
739 switch (icmp_hdr(skb)->code & 7) {
741 case ICMP_REDIR_NETTOS:
742 case ICMP_REDIR_HOST:
743 case ICMP_REDIR_HOSTTOS:
750 if (rt->rt_gateway != old_gw)
753 in_dev = __in_dev_get_rcu(dev);
758 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
759 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
760 ipv4_is_zeronet(new_gw))
761 goto reject_redirect;
763 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
764 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
765 goto reject_redirect;
766 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
767 goto reject_redirect;
769 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
770 goto reject_redirect;
773 n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
775 n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
777 if (!(n->nud_state & NUD_VALID)) {
778 neigh_event_send(n, NULL);
780 if (fib_lookup(net, fl4, &res, 0) == 0) {
781 struct fib_nh *nh = &FIB_RES_NH(res);
783 update_or_create_fnhe(nh, fl4->daddr, new_gw,
785 jiffies + ip_rt_gc_timeout);
788 rt->dst.obsolete = DST_OBSOLETE_KILL;
789 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
796 #ifdef CONFIG_IP_ROUTE_VERBOSE
797 if (IN_DEV_LOG_MARTIANS(in_dev)) {
798 const struct iphdr *iph = (const struct iphdr *) skb->data;
799 __be32 daddr = iph->daddr;
800 __be32 saddr = iph->saddr;
802 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
803 " Advised path = %pI4 -> %pI4\n",
804 &old_gw, dev->name, &new_gw,
811 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
815 const struct iphdr *iph = (const struct iphdr *) skb->data;
816 struct net *net = dev_net(skb->dev);
817 int oif = skb->dev->ifindex;
818 u8 tos = RT_TOS(iph->tos);
819 u8 prot = iph->protocol;
820 u32 mark = skb->mark;
822 rt = (struct rtable *) dst;
824 __build_flow_key(net, &fl4, sk, iph, oif, tos, prot, mark, 0);
825 __ip_do_redirect(rt, skb, &fl4, true);
828 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
830 struct rtable *rt = (struct rtable *)dst;
831 struct dst_entry *ret = dst;
834 if (dst->obsolete > 0) {
837 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
848 * 1. The first ip_rt_redirect_number redirects are sent
849 * with exponential backoff, then we stop sending them at all,
850 * assuming that the host ignores our redirects.
851 * 2. If we did not see packets requiring redirects
852 * during ip_rt_redirect_silence, we assume that the host
853 * forgot redirected route and start to send redirects again.
855 * This algorithm is much cheaper and more intelligent than dumb load limiting
858 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
859 * and "frag. need" (breaks PMTU discovery) in icmp.c.
862 void ip_rt_send_redirect(struct sk_buff *skb)
864 struct rtable *rt = skb_rtable(skb);
865 struct in_device *in_dev;
866 struct inet_peer *peer;
872 in_dev = __in_dev_get_rcu(rt->dst.dev);
873 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
877 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
878 vif = l3mdev_master_ifindex_rcu(rt->dst.dev);
881 net = dev_net(rt->dst.dev);
882 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, vif, 1);
884 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
885 rt_nexthop(rt, ip_hdr(skb)->daddr));
889 /* No redirected packets during ip_rt_redirect_silence;
890 * reset the algorithm.
892 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence)) {
893 peer->rate_tokens = 0;
894 peer->n_redirects = 0;
897 /* Too many ignored redirects; do not send anything
898 * set dst.rate_last to the last seen redirected packet.
900 if (peer->n_redirects >= ip_rt_redirect_number) {
901 peer->rate_last = jiffies;
905 /* Check for load limit; set rate_last to the latest sent
908 if (peer->rate_tokens == 0 ||
911 (ip_rt_redirect_load << peer->rate_tokens)))) {
912 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
914 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
915 peer->rate_last = jiffies;
918 #ifdef CONFIG_IP_ROUTE_VERBOSE
920 peer->rate_tokens == ip_rt_redirect_number)
921 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
922 &ip_hdr(skb)->saddr, inet_iif(skb),
923 &ip_hdr(skb)->daddr, &gw);
930 static int ip_error(struct sk_buff *skb)
932 struct rtable *rt = skb_rtable(skb);
933 struct net_device *dev = skb->dev;
934 struct in_device *in_dev;
935 struct inet_peer *peer;
941 if (netif_is_l3_master(skb->dev)) {
942 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
947 in_dev = __in_dev_get_rcu(dev);
949 /* IP on this device is disabled. */
953 net = dev_net(rt->dst.dev);
954 if (!IN_DEV_FORWARD(in_dev)) {
955 switch (rt->dst.error) {
957 __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
961 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
967 switch (rt->dst.error) {
972 code = ICMP_HOST_UNREACH;
975 code = ICMP_NET_UNREACH;
976 __IP_INC_STATS(net, IPSTATS_MIB_INNOROUTES);
979 code = ICMP_PKT_FILTERED;
983 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr,
984 l3mdev_master_ifindex(skb->dev), 1);
989 peer->rate_tokens += now - peer->rate_last;
990 if (peer->rate_tokens > ip_rt_error_burst)
991 peer->rate_tokens = ip_rt_error_burst;
992 peer->rate_last = now;
993 if (peer->rate_tokens >= ip_rt_error_cost)
994 peer->rate_tokens -= ip_rt_error_cost;
1000 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1002 out: kfree_skb(skb);
1006 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
1008 struct dst_entry *dst = &rt->dst;
1009 u32 old_mtu = ipv4_mtu(dst);
1010 struct fib_result res;
1013 if (ip_mtu_locked(dst))
1019 if (mtu < ip_rt_min_pmtu) {
1021 mtu = min(old_mtu, ip_rt_min_pmtu);
1024 if (rt->rt_pmtu == mtu && !lock &&
1025 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
1029 if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
1030 struct fib_nh *nh = &FIB_RES_NH(res);
1032 update_or_create_fnhe(nh, fl4->daddr, 0, mtu, lock,
1033 jiffies + ip_rt_mtu_expires);
1038 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1039 struct sk_buff *skb, u32 mtu)
1041 struct rtable *rt = (struct rtable *) dst;
1044 ip_rt_build_flow_key(&fl4, sk, skb);
1045 __ip_rt_update_pmtu(rt, &fl4, mtu);
1048 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
1049 int oif, u8 protocol)
1051 const struct iphdr *iph = (const struct iphdr *) skb->data;
1054 u32 mark = IP4_REPLY_MARK(net, skb->mark);
1056 __build_flow_key(net, &fl4, NULL, iph, oif,
1057 RT_TOS(iph->tos), protocol, mark, 0);
1058 rt = __ip_route_output_key(net, &fl4);
1060 __ip_rt_update_pmtu(rt, &fl4, mtu);
1064 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1066 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1068 const struct iphdr *iph = (const struct iphdr *) skb->data;
1072 __build_flow_key(sock_net(sk), &fl4, sk, iph, 0, 0, 0, 0, 0);
1074 if (!fl4.flowi4_mark)
1075 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1077 rt = __ip_route_output_key(sock_net(sk), &fl4);
1079 __ip_rt_update_pmtu(rt, &fl4, mtu);
1084 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1086 const struct iphdr *iph = (const struct iphdr *) skb->data;
1089 struct dst_entry *odst = NULL;
1091 struct net *net = sock_net(sk);
1095 if (!ip_sk_accept_pmtu(sk))
1098 odst = sk_dst_get(sk);
1100 if (sock_owned_by_user(sk) || !odst) {
1101 __ipv4_sk_update_pmtu(skb, sk, mtu);
1105 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1107 rt = (struct rtable *)odst;
1108 if (odst->obsolete && !odst->ops->check(odst, 0)) {
1109 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1116 __ip_rt_update_pmtu((struct rtable *) xfrm_dst_path(&rt->dst), &fl4, mtu);
1118 if (!dst_check(&rt->dst, 0)) {
1120 dst_release(&rt->dst);
1122 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1130 sk_dst_set(sk, &rt->dst);
1136 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1138 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1139 int oif, u8 protocol)
1141 const struct iphdr *iph = (const struct iphdr *) skb->data;
1145 __build_flow_key(net, &fl4, NULL, iph, oif,
1146 RT_TOS(iph->tos), protocol, 0, 0);
1147 rt = __ip_route_output_key(net, &fl4);
1149 __ip_do_redirect(rt, skb, &fl4, false);
1153 EXPORT_SYMBOL_GPL(ipv4_redirect);
1155 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1157 const struct iphdr *iph = (const struct iphdr *) skb->data;
1160 struct net *net = sock_net(sk);
1162 __build_flow_key(net, &fl4, sk, iph, 0, 0, 0, 0, 0);
1163 rt = __ip_route_output_key(net, &fl4);
1165 __ip_do_redirect(rt, skb, &fl4, false);
1169 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1171 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1173 struct rtable *rt = (struct rtable *) dst;
1175 /* All IPV4 dsts are created with ->obsolete set to the value
1176 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1177 * into this function always.
1179 * When a PMTU/redirect information update invalidates a route,
1180 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1181 * DST_OBSOLETE_DEAD.
1183 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1188 static void ipv4_link_failure(struct sk_buff *skb)
1192 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1194 rt = skb_rtable(skb);
1196 dst_set_expires(&rt->dst, 0);
1199 static int ip_rt_bug(struct net *net, struct sock *sk, struct sk_buff *skb)
1201 pr_debug("%s: %pI4 -> %pI4, %s\n",
1202 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1203 skb->dev ? skb->dev->name : "?");
1210 We do not cache source address of outgoing interface,
1211 because it is used only by IP RR, TS and SRR options,
1212 so that it out of fast path.
1214 BTW remember: "addr" is allowed to be not aligned
1218 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1222 if (rt_is_output_route(rt))
1223 src = ip_hdr(skb)->saddr;
1225 struct fib_result res;
1226 struct iphdr *iph = ip_hdr(skb);
1227 struct flowi4 fl4 = {
1228 .daddr = iph->daddr,
1229 .saddr = iph->saddr,
1230 .flowi4_tos = RT_TOS(iph->tos),
1231 .flowi4_oif = rt->dst.dev->ifindex,
1232 .flowi4_iif = skb->dev->ifindex,
1233 .flowi4_mark = skb->mark,
1237 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res, 0) == 0)
1238 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1240 src = inet_select_addr(rt->dst.dev,
1241 rt_nexthop(rt, iph->daddr),
1245 memcpy(addr, &src, 4);
1248 #ifdef CONFIG_IP_ROUTE_CLASSID
1249 static void set_class_tag(struct rtable *rt, u32 tag)
1251 if (!(rt->dst.tclassid & 0xFFFF))
1252 rt->dst.tclassid |= tag & 0xFFFF;
1253 if (!(rt->dst.tclassid & 0xFFFF0000))
1254 rt->dst.tclassid |= tag & 0xFFFF0000;
1258 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1260 unsigned int header_size = sizeof(struct tcphdr) + sizeof(struct iphdr);
1261 unsigned int advmss = max_t(unsigned int, ipv4_mtu(dst) - header_size,
1264 return min(advmss, IPV4_MAX_PMTU - header_size);
1267 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1269 const struct rtable *rt = (const struct rtable *) dst;
1270 unsigned int mtu = rt->rt_pmtu;
1272 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1273 mtu = dst_metric_raw(dst, RTAX_MTU);
1278 mtu = READ_ONCE(dst->dev->mtu);
1280 if (unlikely(ip_mtu_locked(dst))) {
1281 if (rt->rt_uses_gateway && mtu > 576)
1285 mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
1287 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1290 static void ip_del_fnhe(struct fib_nh *nh, __be32 daddr)
1292 struct fnhe_hash_bucket *hash;
1293 struct fib_nh_exception *fnhe, __rcu **fnhe_p;
1294 u32 hval = fnhe_hashfun(daddr);
1296 spin_lock_bh(&fnhe_lock);
1298 hash = rcu_dereference_protected(nh->nh_exceptions,
1299 lockdep_is_held(&fnhe_lock));
1302 fnhe_p = &hash->chain;
1303 fnhe = rcu_dereference_protected(*fnhe_p, lockdep_is_held(&fnhe_lock));
1305 if (fnhe->fnhe_daddr == daddr) {
1306 rcu_assign_pointer(*fnhe_p, rcu_dereference_protected(
1307 fnhe->fnhe_next, lockdep_is_held(&fnhe_lock)));
1308 /* set fnhe_daddr to 0 to ensure it won't bind with
1309 * new dsts in rt_bind_exception().
1311 fnhe->fnhe_daddr = 0;
1312 fnhe_flush_routes(fnhe);
1313 kfree_rcu(fnhe, rcu);
1316 fnhe_p = &fnhe->fnhe_next;
1317 fnhe = rcu_dereference_protected(fnhe->fnhe_next,
1318 lockdep_is_held(&fnhe_lock));
1321 spin_unlock_bh(&fnhe_lock);
1324 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1326 struct fnhe_hash_bucket *hash = rcu_dereference(nh->nh_exceptions);
1327 struct fib_nh_exception *fnhe;
1333 hval = fnhe_hashfun(daddr);
1335 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1336 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1337 if (fnhe->fnhe_daddr == daddr) {
1338 if (fnhe->fnhe_expires &&
1339 time_after(jiffies, fnhe->fnhe_expires)) {
1340 ip_del_fnhe(nh, daddr);
1350 * 1. mtu on route is locked - use it
1351 * 2. mtu from nexthop exception
1352 * 3. mtu from egress device
1355 u32 ip_mtu_from_fib_result(struct fib_result *res, __be32 daddr)
1357 struct fib_info *fi = res->fi;
1358 struct fib_nh *nh = &fi->fib_nh[res->nh_sel];
1359 struct net_device *dev = nh->nh_dev;
1362 if (dev_net(dev)->ipv4.sysctl_ip_fwd_use_pmtu ||
1363 fi->fib_metrics->metrics[RTAX_LOCK - 1] & (1 << RTAX_MTU))
1367 struct fib_nh_exception *fnhe;
1369 fnhe = find_exception(nh, daddr);
1370 if (fnhe && !time_after_eq(jiffies, fnhe->fnhe_expires))
1371 mtu = fnhe->fnhe_pmtu;
1375 mtu = min(READ_ONCE(dev->mtu), IP_MAX_MTU);
1377 return mtu - lwtunnel_headroom(nh->nh_lwtstate, mtu);
1380 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1381 __be32 daddr, const bool do_cache)
1385 spin_lock_bh(&fnhe_lock);
1387 if (daddr == fnhe->fnhe_daddr) {
1388 struct rtable __rcu **porig;
1389 struct rtable *orig;
1390 int genid = fnhe_genid(dev_net(rt->dst.dev));
1392 if (rt_is_input_route(rt))
1393 porig = &fnhe->fnhe_rth_input;
1395 porig = &fnhe->fnhe_rth_output;
1396 orig = rcu_dereference(*porig);
1398 if (fnhe->fnhe_genid != genid) {
1399 fnhe->fnhe_genid = genid;
1401 fnhe->fnhe_pmtu = 0;
1402 fnhe->fnhe_expires = 0;
1403 fnhe->fnhe_mtu_locked = false;
1404 fnhe_flush_routes(fnhe);
1407 fill_route_from_fnhe(rt, fnhe);
1408 if (!rt->rt_gateway)
1409 rt->rt_gateway = daddr;
1413 rcu_assign_pointer(*porig, rt);
1415 dst_dev_put(&orig->dst);
1416 dst_release(&orig->dst);
1421 fnhe->fnhe_stamp = jiffies;
1423 spin_unlock_bh(&fnhe_lock);
1428 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1430 struct rtable *orig, *prev, **p;
1433 if (rt_is_input_route(rt)) {
1434 p = (struct rtable **)&nh->nh_rth_input;
1436 p = (struct rtable **)raw_cpu_ptr(nh->nh_pcpu_rth_output);
1440 /* hold dst before doing cmpxchg() to avoid race condition
1444 prev = cmpxchg(p, orig, rt);
1447 dst_dev_put(&orig->dst);
1448 dst_release(&orig->dst);
1451 dst_release(&rt->dst);
1458 struct uncached_list {
1460 struct list_head head;
1463 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt_uncached_list);
1465 void rt_add_uncached_list(struct rtable *rt)
1467 struct uncached_list *ul = raw_cpu_ptr(&rt_uncached_list);
1469 rt->rt_uncached_list = ul;
1471 spin_lock_bh(&ul->lock);
1472 list_add_tail(&rt->rt_uncached, &ul->head);
1473 spin_unlock_bh(&ul->lock);
1476 void rt_del_uncached_list(struct rtable *rt)
1478 if (!list_empty(&rt->rt_uncached)) {
1479 struct uncached_list *ul = rt->rt_uncached_list;
1481 spin_lock_bh(&ul->lock);
1482 list_del(&rt->rt_uncached);
1483 spin_unlock_bh(&ul->lock);
1487 static void ipv4_dst_destroy(struct dst_entry *dst)
1489 struct rtable *rt = (struct rtable *)dst;
1491 ip_dst_metrics_put(dst);
1492 rt_del_uncached_list(rt);
1495 void rt_flush_dev(struct net_device *dev)
1497 struct net *net = dev_net(dev);
1501 for_each_possible_cpu(cpu) {
1502 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
1504 spin_lock_bh(&ul->lock);
1505 list_for_each_entry(rt, &ul->head, rt_uncached) {
1506 if (rt->dst.dev != dev)
1508 rt->dst.dev = net->loopback_dev;
1509 dev_hold(rt->dst.dev);
1512 spin_unlock_bh(&ul->lock);
1516 static bool rt_cache_valid(const struct rtable *rt)
1519 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1523 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1524 const struct fib_result *res,
1525 struct fib_nh_exception *fnhe,
1526 struct fib_info *fi, u16 type, u32 itag,
1527 const bool do_cache)
1529 bool cached = false;
1532 struct fib_nh *nh = &FIB_RES_NH(*res);
1534 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1535 rt->rt_gateway = nh->nh_gw;
1536 rt->rt_uses_gateway = 1;
1538 ip_dst_init_metrics(&rt->dst, fi->fib_metrics);
1540 #ifdef CONFIG_IP_ROUTE_CLASSID
1541 rt->dst.tclassid = nh->nh_tclassid;
1543 rt->dst.lwtstate = lwtstate_get(nh->nh_lwtstate);
1545 cached = rt_bind_exception(rt, fnhe, daddr, do_cache);
1547 cached = rt_cache_route(nh, rt);
1548 if (unlikely(!cached)) {
1549 /* Routes we intend to cache in nexthop exception or
1550 * FIB nexthop have the DST_NOCACHE bit clear.
1551 * However, if we are unsuccessful at storing this
1552 * route into the cache we really need to set it.
1554 if (!rt->rt_gateway)
1555 rt->rt_gateway = daddr;
1556 rt_add_uncached_list(rt);
1559 rt_add_uncached_list(rt);
1561 #ifdef CONFIG_IP_ROUTE_CLASSID
1562 #ifdef CONFIG_IP_MULTIPLE_TABLES
1563 set_class_tag(rt, res->tclassid);
1565 set_class_tag(rt, itag);
1569 struct rtable *rt_dst_alloc(struct net_device *dev,
1570 unsigned int flags, u16 type,
1571 bool nopolicy, bool noxfrm, bool will_cache)
1575 rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1576 (will_cache ? 0 : DST_HOST) |
1577 (nopolicy ? DST_NOPOLICY : 0) |
1578 (noxfrm ? DST_NOXFRM : 0));
1581 rt->rt_genid = rt_genid_ipv4(dev_net(dev));
1582 rt->rt_flags = flags;
1584 rt->rt_is_input = 0;
1587 rt->rt_mtu_locked = 0;
1589 rt->rt_uses_gateway = 0;
1590 INIT_LIST_HEAD(&rt->rt_uncached);
1592 rt->dst.output = ip_output;
1593 if (flags & RTCF_LOCAL)
1594 rt->dst.input = ip_local_deliver;
1599 EXPORT_SYMBOL(rt_dst_alloc);
1601 /* called in rcu_read_lock() section */
1602 int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1603 u8 tos, struct net_device *dev,
1604 struct in_device *in_dev, u32 *itag)
1608 /* Primary sanity checks. */
1612 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1613 skb->protocol != htons(ETH_P_IP))
1616 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev))
1619 if (ipv4_is_zeronet(saddr)) {
1620 if (!ipv4_is_local_multicast(daddr) &&
1621 ip_hdr(skb)->protocol != IPPROTO_IGMP)
1624 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1632 /* called in rcu_read_lock() section */
1633 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1634 u8 tos, struct net_device *dev, int our)
1636 struct in_device *in_dev = __in_dev_get_rcu(dev);
1637 unsigned int flags = RTCF_MULTICAST;
1642 err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag);
1647 flags |= RTCF_LOCAL;
1649 rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
1650 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1654 #ifdef CONFIG_IP_ROUTE_CLASSID
1655 rth->dst.tclassid = itag;
1657 rth->dst.output = ip_rt_bug;
1658 rth->rt_is_input= 1;
1660 #ifdef CONFIG_IP_MROUTE
1661 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1662 rth->dst.input = ip_mr_input;
1664 RT_CACHE_STAT_INC(in_slow_mc);
1666 skb_dst_set(skb, &rth->dst);
1671 static void ip_handle_martian_source(struct net_device *dev,
1672 struct in_device *in_dev,
1673 struct sk_buff *skb,
1677 RT_CACHE_STAT_INC(in_martian_src);
1678 #ifdef CONFIG_IP_ROUTE_VERBOSE
1679 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1681 * RFC1812 recommendation, if source is martian,
1682 * the only hint is MAC header.
1684 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1685 &daddr, &saddr, dev->name);
1686 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1687 print_hex_dump(KERN_WARNING, "ll header: ",
1688 DUMP_PREFIX_OFFSET, 16, 1,
1689 skb_mac_header(skb),
1690 dev->hard_header_len, false);
1696 /* called in rcu_read_lock() section */
1697 static int __mkroute_input(struct sk_buff *skb,
1698 const struct fib_result *res,
1699 struct in_device *in_dev,
1700 __be32 daddr, __be32 saddr, u32 tos)
1702 struct fib_nh_exception *fnhe;
1705 struct in_device *out_dev;
1709 /* get a working reference to the output device */
1710 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1712 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1716 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1717 in_dev->dev, in_dev, &itag);
1719 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1725 do_cache = res->fi && !itag;
1726 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1727 skb->protocol == htons(ETH_P_IP) &&
1728 (IN_DEV_SHARED_MEDIA(out_dev) ||
1729 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1730 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1732 if (skb->protocol != htons(ETH_P_IP)) {
1733 /* Not IP (i.e. ARP). Do not create route, if it is
1734 * invalid for proxy arp. DNAT routes are always valid.
1736 * Proxy arp feature have been extended to allow, ARP
1737 * replies back to the same interface, to support
1738 * Private VLAN switch technologies. See arp.c.
1740 if (out_dev == in_dev &&
1741 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1747 fnhe = find_exception(&FIB_RES_NH(*res), daddr);
1750 rth = rcu_dereference(fnhe->fnhe_rth_input);
1752 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1753 if (rt_cache_valid(rth)) {
1754 skb_dst_set_noref(skb, &rth->dst);
1759 rth = rt_dst_alloc(out_dev->dev, 0, res->type,
1760 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1761 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1767 rth->rt_is_input = 1;
1768 RT_CACHE_STAT_INC(in_slow_tot);
1770 rth->dst.input = ip_forward;
1772 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag,
1774 lwtunnel_set_redirect(&rth->dst);
1775 skb_dst_set(skb, &rth->dst);
1782 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1783 /* To make ICMP packets follow the right flow, the multipath hash is
1784 * calculated from the inner IP addresses.
1786 static void ip_multipath_l3_keys(const struct sk_buff *skb,
1787 struct flow_keys *hash_keys)
1789 const struct iphdr *outer_iph = ip_hdr(skb);
1790 const struct iphdr *key_iph = outer_iph;
1791 const struct iphdr *inner_iph;
1792 const struct icmphdr *icmph;
1793 struct iphdr _inner_iph;
1794 struct icmphdr _icmph;
1796 if (likely(outer_iph->protocol != IPPROTO_ICMP))
1799 if (unlikely((outer_iph->frag_off & htons(IP_OFFSET)) != 0))
1802 icmph = skb_header_pointer(skb, outer_iph->ihl * 4, sizeof(_icmph),
1807 if (icmph->type != ICMP_DEST_UNREACH &&
1808 icmph->type != ICMP_REDIRECT &&
1809 icmph->type != ICMP_TIME_EXCEEDED &&
1810 icmph->type != ICMP_PARAMETERPROB)
1813 inner_iph = skb_header_pointer(skb,
1814 outer_iph->ihl * 4 + sizeof(_icmph),
1815 sizeof(_inner_iph), &_inner_iph);
1819 key_iph = inner_iph;
1821 hash_keys->addrs.v4addrs.src = key_iph->saddr;
1822 hash_keys->addrs.v4addrs.dst = key_iph->daddr;
1825 /* if skb is set it will be used and fl4 can be NULL */
1826 int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4,
1827 const struct sk_buff *skb, struct flow_keys *flkeys)
1829 u32 multipath_hash = fl4 ? fl4->flowi4_multipath_hash : 0;
1830 struct flow_keys hash_keys;
1833 switch (net->ipv4.sysctl_fib_multipath_hash_policy) {
1835 memset(&hash_keys, 0, sizeof(hash_keys));
1836 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1838 ip_multipath_l3_keys(skb, &hash_keys);
1840 hash_keys.addrs.v4addrs.src = fl4->saddr;
1841 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1845 /* skb is currently provided only when forwarding */
1847 unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;
1848 struct flow_keys keys;
1850 /* short-circuit if we already have L4 hash present */
1852 return skb_get_hash_raw(skb) >> 1;
1854 memset(&hash_keys, 0, sizeof(hash_keys));
1857 skb_flow_dissect_flow_keys(skb, &keys, flag);
1861 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1862 hash_keys.addrs.v4addrs.src = flkeys->addrs.v4addrs.src;
1863 hash_keys.addrs.v4addrs.dst = flkeys->addrs.v4addrs.dst;
1864 hash_keys.ports.src = flkeys->ports.src;
1865 hash_keys.ports.dst = flkeys->ports.dst;
1866 hash_keys.basic.ip_proto = flkeys->basic.ip_proto;
1868 memset(&hash_keys, 0, sizeof(hash_keys));
1869 hash_keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1870 hash_keys.addrs.v4addrs.src = fl4->saddr;
1871 hash_keys.addrs.v4addrs.dst = fl4->daddr;
1872 hash_keys.ports.src = fl4->fl4_sport;
1873 hash_keys.ports.dst = fl4->fl4_dport;
1874 hash_keys.basic.ip_proto = fl4->flowi4_proto;
1878 mhash = flow_hash_from_keys(&hash_keys);
1881 mhash = jhash_2words(mhash, multipath_hash, 0);
1885 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
1887 static int ip_mkroute_input(struct sk_buff *skb,
1888 struct fib_result *res,
1889 struct in_device *in_dev,
1890 __be32 daddr, __be32 saddr, u32 tos,
1891 struct flow_keys *hkeys)
1893 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1894 if (res->fi && res->fi->fib_nhs > 1) {
1895 int h = fib_multipath_hash(res->fi->fib_net, NULL, skb, hkeys);
1897 fib_select_multipath(res, h);
1901 /* create a routing cache entry */
1902 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1906 * NOTE. We drop all the packets that has local source
1907 * addresses, because every properly looped back packet
1908 * must have correct destination already attached by output routine.
1910 * Such approach solves two big problems:
1911 * 1. Not simplex devices are handled properly.
1912 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1913 * called with rcu_read_lock()
1916 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1917 u8 tos, struct net_device *dev,
1918 struct fib_result *res)
1920 struct in_device *in_dev = __in_dev_get_rcu(dev);
1921 struct flow_keys *flkeys = NULL, _flkeys;
1922 struct net *net = dev_net(dev);
1923 struct ip_tunnel_info *tun_info;
1925 unsigned int flags = 0;
1931 /* IP on this device is disabled. */
1936 /* Check for the most weird martians, which can be not detected
1940 tun_info = skb_tunnel_info(skb);
1941 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1942 fl4.flowi4_tun_key.tun_id = tun_info->key.tun_id;
1944 fl4.flowi4_tun_key.tun_id = 0;
1947 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1948 goto martian_source;
1952 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1955 /* Accept zero addresses only to limited broadcast;
1956 * I even do not know to fix it or not. Waiting for complains :-)
1958 if (ipv4_is_zeronet(saddr))
1959 goto martian_source;
1961 if (ipv4_is_zeronet(daddr))
1962 goto martian_destination;
1964 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1965 * and call it once if daddr or/and saddr are loopback addresses
1967 if (ipv4_is_loopback(daddr)) {
1968 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1969 goto martian_destination;
1970 } else if (ipv4_is_loopback(saddr)) {
1971 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1972 goto martian_source;
1976 * Now we are ready to route packet.
1979 fl4.flowi4_iif = dev->ifindex;
1980 fl4.flowi4_mark = skb->mark;
1981 fl4.flowi4_tos = tos;
1982 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1983 fl4.flowi4_flags = 0;
1986 fl4.flowi4_uid = sock_net_uid(net, NULL);
1988 if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
1991 fl4.flowi4_proto = 0;
1996 err = fib_lookup(net, &fl4, res, 0);
1998 if (!IN_DEV_FORWARD(in_dev))
1999 err = -EHOSTUNREACH;
2003 if (res->type == RTN_BROADCAST) {
2004 if (IN_DEV_BFORWARD(in_dev))
2009 if (res->type == RTN_LOCAL) {
2010 err = fib_validate_source(skb, saddr, daddr, tos,
2011 0, dev, in_dev, &itag);
2013 goto martian_source;
2017 if (!IN_DEV_FORWARD(in_dev)) {
2018 err = -EHOSTUNREACH;
2021 if (res->type != RTN_UNICAST)
2022 goto martian_destination;
2025 err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys);
2029 if (skb->protocol != htons(ETH_P_IP))
2032 if (!ipv4_is_zeronet(saddr)) {
2033 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
2036 goto martian_source;
2038 flags |= RTCF_BROADCAST;
2039 res->type = RTN_BROADCAST;
2040 RT_CACHE_STAT_INC(in_brd);
2046 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
2047 if (rt_cache_valid(rth)) {
2048 skb_dst_set_noref(skb, &rth->dst);
2056 rth = rt_dst_alloc(l3mdev_master_dev_rcu(dev) ? : net->loopback_dev,
2057 flags | RTCF_LOCAL, res->type,
2058 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
2062 rth->dst.output= ip_rt_bug;
2063 #ifdef CONFIG_IP_ROUTE_CLASSID
2064 rth->dst.tclassid = itag;
2066 rth->rt_is_input = 1;
2068 RT_CACHE_STAT_INC(in_slow_tot);
2069 if (res->type == RTN_UNREACHABLE) {
2070 rth->dst.input= ip_error;
2071 rth->dst.error= -err;
2072 rth->rt_flags &= ~RTCF_LOCAL;
2076 struct fib_nh *nh = &FIB_RES_NH(*res);
2078 rth->dst.lwtstate = lwtstate_get(nh->nh_lwtstate);
2079 if (lwtunnel_input_redirect(rth->dst.lwtstate)) {
2080 WARN_ON(rth->dst.input == lwtunnel_input);
2081 rth->dst.lwtstate->orig_input = rth->dst.input;
2082 rth->dst.input = lwtunnel_input;
2085 if (unlikely(!rt_cache_route(nh, rth)))
2086 rt_add_uncached_list(rth);
2088 skb_dst_set(skb, &rth->dst);
2093 RT_CACHE_STAT_INC(in_no_route);
2094 res->type = RTN_UNREACHABLE;
2100 * Do not cache martian addresses: they should be logged (RFC1812)
2102 martian_destination:
2103 RT_CACHE_STAT_INC(in_martian_dst);
2104 #ifdef CONFIG_IP_ROUTE_VERBOSE
2105 if (IN_DEV_LOG_MARTIANS(in_dev))
2106 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
2107 &daddr, &saddr, dev->name);
2119 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2123 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2124 u8 tos, struct net_device *dev)
2126 struct fib_result res;
2129 tos &= IPTOS_RT_MASK;
2131 err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res);
2136 EXPORT_SYMBOL(ip_route_input_noref);
2138 /* called with rcu_read_lock held */
2139 int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2140 u8 tos, struct net_device *dev, struct fib_result *res)
2142 /* Multicast recognition logic is moved from route cache to here.
2143 The problem was that too many Ethernet cards have broken/missing
2144 hardware multicast filters :-( As result the host on multicasting
2145 network acquires a lot of useless route cache entries, sort of
2146 SDR messages from all the world. Now we try to get rid of them.
2147 Really, provided software IP multicast filter is organized
2148 reasonably (at least, hashed), it does not result in a slowdown
2149 comparing with route cache reject entries.
2150 Note, that multicast routers are not affected, because
2151 route cache entry is created eventually.
2153 if (ipv4_is_multicast(daddr)) {
2154 struct in_device *in_dev = __in_dev_get_rcu(dev);
2160 our = ip_check_mc_rcu(in_dev, daddr, saddr,
2161 ip_hdr(skb)->protocol);
2163 /* check l3 master if no match yet */
2164 if (!our && netif_is_l3_slave(dev)) {
2165 struct in_device *l3_in_dev;
2167 l3_in_dev = __in_dev_get_rcu(skb->dev);
2169 our = ip_check_mc_rcu(l3_in_dev, daddr, saddr,
2170 ip_hdr(skb)->protocol);
2174 #ifdef CONFIG_IP_MROUTE
2176 (!ipv4_is_local_multicast(daddr) &&
2177 IN_DEV_MFORWARD(in_dev))
2180 err = ip_route_input_mc(skb, daddr, saddr,
2186 return ip_route_input_slow(skb, daddr, saddr, tos, dev, res);
2189 /* called with rcu_read_lock() */
2190 static struct rtable *__mkroute_output(const struct fib_result *res,
2191 const struct flowi4 *fl4, int orig_oif,
2192 struct net_device *dev_out,
2195 struct fib_info *fi = res->fi;
2196 struct fib_nh_exception *fnhe;
2197 struct in_device *in_dev;
2198 u16 type = res->type;
2202 in_dev = __in_dev_get_rcu(dev_out);
2204 return ERR_PTR(-EINVAL);
2206 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
2207 if (ipv4_is_loopback(fl4->saddr) &&
2208 !(dev_out->flags & IFF_LOOPBACK) &&
2209 !netif_is_l3_master(dev_out))
2210 return ERR_PTR(-EINVAL);
2212 if (ipv4_is_lbcast(fl4->daddr))
2213 type = RTN_BROADCAST;
2214 else if (ipv4_is_multicast(fl4->daddr))
2215 type = RTN_MULTICAST;
2216 else if (ipv4_is_zeronet(fl4->daddr))
2217 return ERR_PTR(-EINVAL);
2219 if (dev_out->flags & IFF_LOOPBACK)
2220 flags |= RTCF_LOCAL;
2223 if (type == RTN_BROADCAST) {
2224 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2226 } else if (type == RTN_MULTICAST) {
2227 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2228 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2230 flags &= ~RTCF_LOCAL;
2233 /* If multicast route do not exist use
2234 * default one, but do not gateway in this case.
2237 if (fi && res->prefixlen < 4)
2239 } else if ((type == RTN_LOCAL) && (orig_oif != 0) &&
2240 (orig_oif != dev_out->ifindex)) {
2241 /* For local routes that require a particular output interface
2242 * we do not want to cache the result. Caching the result
2243 * causes incorrect behaviour when there are multiple source
2244 * addresses on the interface, the end result being that if the
2245 * intended recipient is waiting on that interface for the
2246 * packet he won't receive it because it will be delivered on
2247 * the loopback interface and the IP_PKTINFO ipi_ifindex will
2248 * be set to the loopback interface as well.
2254 do_cache &= fi != NULL;
2256 struct rtable __rcu **prth;
2257 struct fib_nh *nh = &FIB_RES_NH(*res);
2259 fnhe = find_exception(nh, fl4->daddr);
2263 prth = &fnhe->fnhe_rth_output;
2265 if (unlikely(fl4->flowi4_flags &
2266 FLOWI_FLAG_KNOWN_NH &&
2268 nh->nh_scope == RT_SCOPE_LINK))) {
2272 prth = raw_cpu_ptr(nh->nh_pcpu_rth_output);
2274 rth = rcu_dereference(*prth);
2275 if (rt_cache_valid(rth) && dst_hold_safe(&rth->dst))
2280 rth = rt_dst_alloc(dev_out, flags, type,
2281 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2282 IN_DEV_CONF_GET(in_dev, NOXFRM),
2285 return ERR_PTR(-ENOBUFS);
2287 rth->rt_iif = orig_oif;
2289 RT_CACHE_STAT_INC(out_slow_tot);
2291 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2292 if (flags & RTCF_LOCAL &&
2293 !(dev_out->flags & IFF_LOOPBACK)) {
2294 rth->dst.output = ip_mc_output;
2295 RT_CACHE_STAT_INC(out_slow_mc);
2297 #ifdef CONFIG_IP_MROUTE
2298 if (type == RTN_MULTICAST) {
2299 if (IN_DEV_MFORWARD(in_dev) &&
2300 !ipv4_is_local_multicast(fl4->daddr)) {
2301 rth->dst.input = ip_mr_input;
2302 rth->dst.output = ip_mc_output;
2308 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0, do_cache);
2309 lwtunnel_set_redirect(&rth->dst);
2315 * Major route resolver routine.
2318 struct rtable *ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
2319 const struct sk_buff *skb)
2321 __u8 tos = RT_FL_TOS(fl4);
2322 struct fib_result res = {
2330 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2331 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2332 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2333 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2336 rth = ip_route_output_key_hash_rcu(net, fl4, &res, skb);
2341 EXPORT_SYMBOL_GPL(ip_route_output_key_hash);
2343 struct rtable *ip_route_output_key_hash_rcu(struct net *net, struct flowi4 *fl4,
2344 struct fib_result *res,
2345 const struct sk_buff *skb)
2347 struct net_device *dev_out = NULL;
2348 int orig_oif = fl4->flowi4_oif;
2349 unsigned int flags = 0;
2351 int err = -ENETUNREACH;
2354 rth = ERR_PTR(-EINVAL);
2355 if (ipv4_is_multicast(fl4->saddr) ||
2356 ipv4_is_lbcast(fl4->saddr) ||
2357 ipv4_is_zeronet(fl4->saddr))
2360 /* I removed check for oif == dev_out->oif here.
2361 It was wrong for two reasons:
2362 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2363 is assigned to multiple interfaces.
2364 2. Moreover, we are allowed to send packets with saddr
2365 of another iface. --ANK
2368 if (fl4->flowi4_oif == 0 &&
2369 (ipv4_is_multicast(fl4->daddr) ||
2370 ipv4_is_lbcast(fl4->daddr))) {
2371 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2372 dev_out = __ip_dev_find(net, fl4->saddr, false);
2376 /* Special hack: user can direct multicasts
2377 and limited broadcast via necessary interface
2378 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2379 This hack is not just for fun, it allows
2380 vic,vat and friends to work.
2381 They bind socket to loopback, set ttl to zero
2382 and expect that it will work.
2383 From the viewpoint of routing cache they are broken,
2384 because we are not allowed to build multicast path
2385 with loopback source addr (look, routing cache
2386 cannot know, that ttl is zero, so that packet
2387 will not leave this host and route is valid).
2388 Luckily, this hack is good workaround.
2391 fl4->flowi4_oif = dev_out->ifindex;
2395 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2396 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2397 if (!__ip_dev_find(net, fl4->saddr, false))
2403 if (fl4->flowi4_oif) {
2404 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2405 rth = ERR_PTR(-ENODEV);
2409 /* RACE: Check return value of inet_select_addr instead. */
2410 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2411 rth = ERR_PTR(-ENETUNREACH);
2414 if (ipv4_is_local_multicast(fl4->daddr) ||
2415 ipv4_is_lbcast(fl4->daddr) ||
2416 fl4->flowi4_proto == IPPROTO_IGMP) {
2418 fl4->saddr = inet_select_addr(dev_out, 0,
2423 if (ipv4_is_multicast(fl4->daddr))
2424 fl4->saddr = inet_select_addr(dev_out, 0,
2426 else if (!fl4->daddr)
2427 fl4->saddr = inet_select_addr(dev_out, 0,
2433 fl4->daddr = fl4->saddr;
2435 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2436 dev_out = net->loopback_dev;
2437 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2438 res->type = RTN_LOCAL;
2439 flags |= RTCF_LOCAL;
2443 err = fib_lookup(net, fl4, res, 0);
2447 if (fl4->flowi4_oif &&
2448 (ipv4_is_multicast(fl4->daddr) ||
2449 !netif_index_is_l3_master(net, fl4->flowi4_oif))) {
2450 /* Apparently, routing tables are wrong. Assume,
2451 that the destination is on link.
2454 Because we are allowed to send to iface
2455 even if it has NO routes and NO assigned
2456 addresses. When oif is specified, routing
2457 tables are looked up with only one purpose:
2458 to catch if destination is gatewayed, rather than
2459 direct. Moreover, if MSG_DONTROUTE is set,
2460 we send packet, ignoring both routing tables
2461 and ifaddr state. --ANK
2464 We could make it even if oif is unknown,
2465 likely IPv6, but we do not.
2468 if (fl4->saddr == 0)
2469 fl4->saddr = inet_select_addr(dev_out, 0,
2471 res->type = RTN_UNICAST;
2478 if (res->type == RTN_LOCAL) {
2480 if (res->fi->fib_prefsrc)
2481 fl4->saddr = res->fi->fib_prefsrc;
2483 fl4->saddr = fl4->daddr;
2486 /* L3 master device is the loopback for that domain */
2487 dev_out = l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) ? :
2490 /* make sure orig_oif points to fib result device even
2491 * though packet rx/tx happens over loopback or l3mdev
2493 orig_oif = FIB_RES_OIF(*res);
2495 fl4->flowi4_oif = dev_out->ifindex;
2496 flags |= RTCF_LOCAL;
2500 fib_select_path(net, res, fl4, skb);
2502 dev_out = FIB_RES_DEV(*res);
2503 fl4->flowi4_oif = dev_out->ifindex;
2507 rth = __mkroute_output(res, fl4, orig_oif, dev_out, flags);
2513 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2518 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2520 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2522 return mtu ? : dst->dev->mtu;
2525 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2526 struct sk_buff *skb, u32 mtu)
2530 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2531 struct sk_buff *skb)
2535 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2541 static struct dst_ops ipv4_dst_blackhole_ops = {
2543 .check = ipv4_blackhole_dst_check,
2544 .mtu = ipv4_blackhole_mtu,
2545 .default_advmss = ipv4_default_advmss,
2546 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2547 .redirect = ipv4_rt_blackhole_redirect,
2548 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2549 .neigh_lookup = ipv4_neigh_lookup,
2552 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2554 struct rtable *ort = (struct rtable *) dst_orig;
2557 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_DEAD, 0);
2559 struct dst_entry *new = &rt->dst;
2562 new->input = dst_discard;
2563 new->output = dst_discard_out;
2565 new->dev = net->loopback_dev;
2569 rt->rt_is_input = ort->rt_is_input;
2570 rt->rt_iif = ort->rt_iif;
2571 rt->rt_pmtu = ort->rt_pmtu;
2572 rt->rt_mtu_locked = ort->rt_mtu_locked;
2574 rt->rt_genid = rt_genid_ipv4(net);
2575 rt->rt_flags = ort->rt_flags;
2576 rt->rt_type = ort->rt_type;
2577 rt->rt_gateway = ort->rt_gateway;
2578 rt->rt_uses_gateway = ort->rt_uses_gateway;
2580 INIT_LIST_HEAD(&rt->rt_uncached);
2583 dst_release(dst_orig);
2585 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2588 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2589 const struct sock *sk)
2591 struct rtable *rt = __ip_route_output_key(net, flp4);
2596 if (flp4->flowi4_proto)
2597 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
2598 flowi4_to_flowi(flp4),
2603 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2605 /* called with rcu_read_lock held */
2606 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2607 struct rtable *rt, u32 table_id, struct flowi4 *fl4,
2608 struct sk_buff *skb, u32 portid, u32 seq)
2611 struct nlmsghdr *nlh;
2612 unsigned long expires = 0;
2614 u32 metrics[RTAX_MAX];
2616 nlh = nlmsg_put(skb, portid, seq, RTM_NEWROUTE, sizeof(*r), 0);
2620 r = nlmsg_data(nlh);
2621 r->rtm_family = AF_INET;
2622 r->rtm_dst_len = 32;
2624 r->rtm_tos = fl4->flowi4_tos;
2625 r->rtm_table = table_id < 256 ? table_id : RT_TABLE_COMPAT;
2626 if (nla_put_u32(skb, RTA_TABLE, table_id))
2627 goto nla_put_failure;
2628 r->rtm_type = rt->rt_type;
2629 r->rtm_scope = RT_SCOPE_UNIVERSE;
2630 r->rtm_protocol = RTPROT_UNSPEC;
2631 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2632 if (rt->rt_flags & RTCF_NOTIFY)
2633 r->rtm_flags |= RTM_F_NOTIFY;
2634 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2635 r->rtm_flags |= RTCF_DOREDIRECT;
2637 if (nla_put_in_addr(skb, RTA_DST, dst))
2638 goto nla_put_failure;
2640 r->rtm_src_len = 32;
2641 if (nla_put_in_addr(skb, RTA_SRC, src))
2642 goto nla_put_failure;
2645 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2646 goto nla_put_failure;
2647 #ifdef CONFIG_IP_ROUTE_CLASSID
2648 if (rt->dst.tclassid &&
2649 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2650 goto nla_put_failure;
2652 if (!rt_is_input_route(rt) &&
2653 fl4->saddr != src) {
2654 if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
2655 goto nla_put_failure;
2657 if (rt->rt_uses_gateway &&
2658 nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gateway))
2659 goto nla_put_failure;
2661 expires = rt->dst.expires;
2663 unsigned long now = jiffies;
2665 if (time_before(now, expires))
2671 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2672 if (rt->rt_pmtu && expires)
2673 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2674 if (rt->rt_mtu_locked && expires)
2675 metrics[RTAX_LOCK - 1] |= BIT(RTAX_MTU);
2676 if (rtnetlink_put_metrics(skb, metrics) < 0)
2677 goto nla_put_failure;
2679 if (fl4->flowi4_mark &&
2680 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2681 goto nla_put_failure;
2683 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2684 nla_put_u32(skb, RTA_UID,
2685 from_kuid_munged(current_user_ns(), fl4->flowi4_uid)))
2686 goto nla_put_failure;
2688 error = rt->dst.error;
2690 if (rt_is_input_route(rt)) {
2691 #ifdef CONFIG_IP_MROUTE
2692 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2693 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2694 int err = ipmr_get_route(net, skb,
2695 fl4->saddr, fl4->daddr,
2701 goto nla_put_failure;
2705 if (nla_put_u32(skb, RTA_IIF, fl4->flowi4_iif))
2706 goto nla_put_failure;
2709 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2710 goto nla_put_failure;
2712 nlmsg_end(skb, nlh);
2716 nlmsg_cancel(skb, nlh);
2720 static struct sk_buff *inet_rtm_getroute_build_skb(__be32 src, __be32 dst,
2721 u8 ip_proto, __be16 sport,
2724 struct sk_buff *skb;
2727 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2731 /* Reserve room for dummy headers, this skb can pass
2732 * through good chunk of routing engine.
2734 skb_reset_mac_header(skb);
2735 skb_reset_network_header(skb);
2736 skb->protocol = htons(ETH_P_IP);
2737 iph = skb_put(skb, sizeof(struct iphdr));
2738 iph->protocol = ip_proto;
2744 skb_set_transport_header(skb, skb->len);
2746 switch (iph->protocol) {
2748 struct udphdr *udph;
2750 udph = skb_put_zero(skb, sizeof(struct udphdr));
2751 udph->source = sport;
2753 udph->len = sizeof(struct udphdr);
2758 struct tcphdr *tcph;
2760 tcph = skb_put_zero(skb, sizeof(struct tcphdr));
2761 tcph->source = sport;
2763 tcph->doff = sizeof(struct tcphdr) / 4;
2765 tcph->check = ~tcp_v4_check(sizeof(struct tcphdr),
2769 case IPPROTO_ICMP: {
2770 struct icmphdr *icmph;
2772 icmph = skb_put_zero(skb, sizeof(struct icmphdr));
2773 icmph->type = ICMP_ECHO;
2781 static int inet_rtm_valid_getroute_req(struct sk_buff *skb,
2782 const struct nlmsghdr *nlh,
2784 struct netlink_ext_ack *extack)
2789 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
2790 NL_SET_ERR_MSG(extack,
2791 "ipv4: Invalid header for route get request");
2795 if (!netlink_strict_get_check(skb))
2796 return nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
2797 rtm_ipv4_policy, extack);
2799 rtm = nlmsg_data(nlh);
2800 if ((rtm->rtm_src_len && rtm->rtm_src_len != 32) ||
2801 (rtm->rtm_dst_len && rtm->rtm_dst_len != 32) ||
2802 rtm->rtm_table || rtm->rtm_protocol ||
2803 rtm->rtm_scope || rtm->rtm_type) {
2804 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for route get request");
2808 if (rtm->rtm_flags & ~(RTM_F_NOTIFY |
2809 RTM_F_LOOKUP_TABLE |
2811 NL_SET_ERR_MSG(extack, "ipv4: Unsupported rtm_flags for route get request");
2815 err = nlmsg_parse_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
2816 rtm_ipv4_policy, extack);
2820 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
2821 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
2822 NL_SET_ERR_MSG(extack, "ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4");
2826 for (i = 0; i <= RTA_MAX; i++) {
2842 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in route get request");
2850 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2851 struct netlink_ext_ack *extack)
2853 struct net *net = sock_net(in_skb->sk);
2854 struct nlattr *tb[RTA_MAX+1];
2855 u32 table_id = RT_TABLE_MAIN;
2856 __be16 sport = 0, dport = 0;
2857 struct fib_result res = {};
2858 u8 ip_proto = IPPROTO_UDP;
2859 struct rtable *rt = NULL;
2860 struct sk_buff *skb;
2862 struct flowi4 fl4 = {};
2870 err = inet_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
2874 rtm = nlmsg_data(nlh);
2875 src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
2876 dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
2877 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2878 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2880 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
2882 uid = (iif ? INVALID_UID : current_uid());
2884 if (tb[RTA_IP_PROTO]) {
2885 err = rtm_getroute_parse_ip_proto(tb[RTA_IP_PROTO],
2886 &ip_proto, AF_INET, extack);
2892 sport = nla_get_be16(tb[RTA_SPORT]);
2895 dport = nla_get_be16(tb[RTA_DPORT]);
2897 skb = inet_rtm_getroute_build_skb(src, dst, ip_proto, sport, dport);
2903 fl4.flowi4_tos = rtm->rtm_tos;
2904 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2905 fl4.flowi4_mark = mark;
2906 fl4.flowi4_uid = uid;
2908 fl4.fl4_sport = sport;
2910 fl4.fl4_dport = dport;
2911 fl4.flowi4_proto = ip_proto;
2916 struct net_device *dev;
2918 dev = dev_get_by_index_rcu(net, iif);
2924 fl4.flowi4_iif = iif; /* for rt_fill_info */
2927 err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos,
2930 rt = skb_rtable(skb);
2931 if (err == 0 && rt->dst.error)
2932 err = -rt->dst.error;
2934 fl4.flowi4_iif = LOOPBACK_IFINDEX;
2935 skb->dev = net->loopback_dev;
2936 rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb);
2941 skb_dst_set(skb, &rt->dst);
2947 if (rtm->rtm_flags & RTM_F_NOTIFY)
2948 rt->rt_flags |= RTCF_NOTIFY;
2950 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
2951 table_id = res.table ? res.table->tb_id : 0;
2953 /* reset skb for netlink reply msg */
2955 skb_reset_network_header(skb);
2956 skb_reset_transport_header(skb);
2957 skb_reset_mac_header(skb);
2959 if (rtm->rtm_flags & RTM_F_FIB_MATCH) {
2961 err = fib_props[res.type].error;
2963 err = -EHOSTUNREACH;
2966 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid,
2967 nlh->nlmsg_seq, RTM_NEWROUTE, table_id,
2968 rt->rt_type, res.prefix, res.prefixlen,
2969 fl4.flowi4_tos, res.fi, 0);
2971 err = rt_fill_info(net, dst, src, rt, table_id, &fl4, skb,
2972 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq);
2979 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2989 void ip_rt_multicast_event(struct in_device *in_dev)
2991 rt_cache_flush(dev_net(in_dev->dev));
2994 #ifdef CONFIG_SYSCTL
2995 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2996 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2997 static int ip_rt_gc_elasticity __read_mostly = 8;
2998 static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU;
3000 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
3001 void __user *buffer,
3002 size_t *lenp, loff_t *ppos)
3004 struct net *net = (struct net *)__ctl->extra1;
3007 rt_cache_flush(net);
3008 fnhe_genid_bump(net);
3015 static struct ctl_table ipv4_route_table[] = {
3017 .procname = "gc_thresh",
3018 .data = &ipv4_dst_ops.gc_thresh,
3019 .maxlen = sizeof(int),
3021 .proc_handler = proc_dointvec,
3024 .procname = "max_size",
3025 .data = &ip_rt_max_size,
3026 .maxlen = sizeof(int),
3028 .proc_handler = proc_dointvec,
3031 /* Deprecated. Use gc_min_interval_ms */
3033 .procname = "gc_min_interval",
3034 .data = &ip_rt_gc_min_interval,
3035 .maxlen = sizeof(int),
3037 .proc_handler = proc_dointvec_jiffies,
3040 .procname = "gc_min_interval_ms",
3041 .data = &ip_rt_gc_min_interval,
3042 .maxlen = sizeof(int),
3044 .proc_handler = proc_dointvec_ms_jiffies,
3047 .procname = "gc_timeout",
3048 .data = &ip_rt_gc_timeout,
3049 .maxlen = sizeof(int),
3051 .proc_handler = proc_dointvec_jiffies,
3054 .procname = "gc_interval",
3055 .data = &ip_rt_gc_interval,
3056 .maxlen = sizeof(int),
3058 .proc_handler = proc_dointvec_jiffies,
3061 .procname = "redirect_load",
3062 .data = &ip_rt_redirect_load,
3063 .maxlen = sizeof(int),
3065 .proc_handler = proc_dointvec,
3068 .procname = "redirect_number",
3069 .data = &ip_rt_redirect_number,
3070 .maxlen = sizeof(int),
3072 .proc_handler = proc_dointvec,
3075 .procname = "redirect_silence",
3076 .data = &ip_rt_redirect_silence,
3077 .maxlen = sizeof(int),
3079 .proc_handler = proc_dointvec,
3082 .procname = "error_cost",
3083 .data = &ip_rt_error_cost,
3084 .maxlen = sizeof(int),
3086 .proc_handler = proc_dointvec,
3089 .procname = "error_burst",
3090 .data = &ip_rt_error_burst,
3091 .maxlen = sizeof(int),
3093 .proc_handler = proc_dointvec,
3096 .procname = "gc_elasticity",
3097 .data = &ip_rt_gc_elasticity,
3098 .maxlen = sizeof(int),
3100 .proc_handler = proc_dointvec,
3103 .procname = "mtu_expires",
3104 .data = &ip_rt_mtu_expires,
3105 .maxlen = sizeof(int),
3107 .proc_handler = proc_dointvec_jiffies,
3110 .procname = "min_pmtu",
3111 .data = &ip_rt_min_pmtu,
3112 .maxlen = sizeof(int),
3114 .proc_handler = proc_dointvec_minmax,
3115 .extra1 = &ip_min_valid_pmtu,
3118 .procname = "min_adv_mss",
3119 .data = &ip_rt_min_advmss,
3120 .maxlen = sizeof(int),
3122 .proc_handler = proc_dointvec,
3127 static struct ctl_table ipv4_route_flush_table[] = {
3129 .procname = "flush",
3130 .maxlen = sizeof(int),
3132 .proc_handler = ipv4_sysctl_rtcache_flush,
3137 static __net_init int sysctl_route_net_init(struct net *net)
3139 struct ctl_table *tbl;
3141 tbl = ipv4_route_flush_table;
3142 if (!net_eq(net, &init_net)) {
3143 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3147 /* Don't export sysctls to unprivileged users */
3148 if (net->user_ns != &init_user_ns)
3149 tbl[0].procname = NULL;
3151 tbl[0].extra1 = net;
3153 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
3154 if (!net->ipv4.route_hdr)
3159 if (tbl != ipv4_route_flush_table)
3165 static __net_exit void sysctl_route_net_exit(struct net *net)
3167 struct ctl_table *tbl;
3169 tbl = net->ipv4.route_hdr->ctl_table_arg;
3170 unregister_net_sysctl_table(net->ipv4.route_hdr);
3171 BUG_ON(tbl == ipv4_route_flush_table);
3175 static __net_initdata struct pernet_operations sysctl_route_ops = {
3176 .init = sysctl_route_net_init,
3177 .exit = sysctl_route_net_exit,
3181 static __net_init int rt_genid_init(struct net *net)
3183 atomic_set(&net->ipv4.rt_genid, 0);
3184 atomic_set(&net->fnhe_genid, 0);
3185 atomic_set(&net->ipv4.dev_addr_genid, get_random_int());
3189 static __net_initdata struct pernet_operations rt_genid_ops = {
3190 .init = rt_genid_init,
3193 static int __net_init ipv4_inetpeer_init(struct net *net)
3195 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3199 inet_peer_base_init(bp);
3200 net->ipv4.peers = bp;
3204 static void __net_exit ipv4_inetpeer_exit(struct net *net)
3206 struct inet_peer_base *bp = net->ipv4.peers;
3208 net->ipv4.peers = NULL;
3209 inetpeer_invalidate_tree(bp);
3213 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
3214 .init = ipv4_inetpeer_init,
3215 .exit = ipv4_inetpeer_exit,
3218 #ifdef CONFIG_IP_ROUTE_CLASSID
3219 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3220 #endif /* CONFIG_IP_ROUTE_CLASSID */
3222 int __init ip_rt_init(void)
3226 ip_idents = kmalloc_array(IP_IDENTS_SZ, sizeof(*ip_idents),
3229 panic("IP: failed to allocate ip_idents\n");
3231 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
3233 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
3235 panic("IP: failed to allocate ip_tstamps\n");
3237 for_each_possible_cpu(cpu) {
3238 struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
3240 INIT_LIST_HEAD(&ul->head);
3241 spin_lock_init(&ul->lock);
3243 #ifdef CONFIG_IP_ROUTE_CLASSID
3244 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3246 panic("IP: failed to allocate ip_rt_acct\n");
3249 ipv4_dst_ops.kmem_cachep =
3250 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3251 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3253 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3255 if (dst_entries_init(&ipv4_dst_ops) < 0)
3256 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3258 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3259 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3261 ipv4_dst_ops.gc_thresh = ~0;
3262 ip_rt_max_size = INT_MAX;
3267 if (ip_rt_proc_init())
3268 pr_err("Unable to create route proc files\n");
3273 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL,
3274 RTNL_FLAG_DOIT_UNLOCKED);
3276 #ifdef CONFIG_SYSCTL
3277 register_pernet_subsys(&sysctl_route_ops);
3279 register_pernet_subsys(&rt_genid_ops);
3280 register_pernet_subsys(&ipv4_inetpeer_ops);
3284 #ifdef CONFIG_SYSCTL
3286 * We really need to sanitize the damn ipv4 init order, then all
3287 * this nonsense will go away.
3289 void __init ip_static_sysctl_init(void)
3291 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / linux.git / blob