2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <asm/system.h>
70 #include <linux/bitops.h>
71 #include <linux/types.h>
72 #include <linux/kernel.h>
74 #include <linux/bootmem.h>
75 #include <linux/string.h>
76 #include <linux/socket.h>
77 #include <linux/sockios.h>
78 #include <linux/errno.h>
80 #include <linux/inet.h>
81 #include <linux/netdevice.h>
82 #include <linux/proc_fs.h>
83 #include <linux/init.h>
84 #include <linux/workqueue.h>
85 #include <linux/skbuff.h>
86 #include <linux/inetdevice.h>
87 #include <linux/igmp.h>
88 #include <linux/pkt_sched.h>
89 #include <linux/mroute.h>
90 #include <linux/netfilter_ipv4.h>
91 #include <linux/random.h>
92 #include <linux/jhash.h>
93 #include <linux/rcupdate.h>
94 #include <linux/times.h>
95 #include <linux/slab.h>
96 #include <linux/prefetch.h>
98 #include <net/net_namespace.h>
99 #include <net/protocol.h>
101 #include <net/route.h>
102 #include <net/inetpeer.h>
103 #include <net/sock.h>
104 #include <net/ip_fib.h>
107 #include <net/icmp.h>
108 #include <net/xfrm.h>
109 #include <net/netevent.h>
110 #include <net/rtnetlink.h>
112 #include <linux/sysctl.h>
114 #include <net/secure_seq.h>
116 #define RT_FL_TOS(oldflp4) \
117 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
119 #define IP_MAX_MTU 0xFFF0
121 #define RT_GC_TIMEOUT (300*HZ)
123 static int ip_rt_max_size;
124 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
125 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
126 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
127 static int ip_rt_redirect_number __read_mostly = 9;
128 static int ip_rt_redirect_load __read_mostly = HZ / 50;
129 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
130 static int ip_rt_error_cost __read_mostly = HZ;
131 static int ip_rt_error_burst __read_mostly = 5 * HZ;
132 static int ip_rt_gc_elasticity __read_mostly = 8;
133 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
134 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
135 static int ip_rt_min_advmss __read_mostly = 256;
136 static int rt_chain_length_max __read_mostly = 20;
138 static struct delayed_work expires_work;
139 static unsigned long expires_ljiffies;
142 * Interface to generic destination cache.
145 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
146 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
147 static unsigned int ipv4_mtu(const struct dst_entry *dst);
148 static void ipv4_dst_destroy(struct dst_entry *dst);
149 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
150 static void ipv4_link_failure(struct sk_buff *skb);
151 static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
152 static int rt_garbage_collect(struct dst_ops *ops);
154 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
159 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
161 struct rtable *rt = (struct rtable *) dst;
162 struct inet_peer *peer;
166 rt_bind_peer(rt, rt->rt_dst, 1);
170 u32 *old_p = __DST_METRICS_PTR(old);
171 unsigned long prev, new;
174 if (inet_metrics_new(peer))
175 memcpy(p, old_p, sizeof(u32) * RTAX_MAX);
177 new = (unsigned long) p;
178 prev = cmpxchg(&dst->_metrics, old, new);
181 p = __DST_METRICS_PTR(prev);
182 if (prev & DST_METRICS_READ_ONLY)
186 fib_info_put(rt->fi);
194 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr);
196 static struct dst_ops ipv4_dst_ops = {
198 .protocol = cpu_to_be16(ETH_P_IP),
199 .gc = rt_garbage_collect,
200 .check = ipv4_dst_check,
201 .default_advmss = ipv4_default_advmss,
203 .cow_metrics = ipv4_cow_metrics,
204 .destroy = ipv4_dst_destroy,
205 .ifdown = ipv4_dst_ifdown,
206 .negative_advice = ipv4_negative_advice,
207 .link_failure = ipv4_link_failure,
208 .update_pmtu = ip_rt_update_pmtu,
209 .local_out = __ip_local_out,
210 .neigh_lookup = ipv4_neigh_lookup,
213 #define ECN_OR_COST(class) TC_PRIO_##class
215 const __u8 ip_tos2prio[16] = {
217 ECN_OR_COST(BESTEFFORT),
219 ECN_OR_COST(BESTEFFORT),
225 ECN_OR_COST(INTERACTIVE),
227 ECN_OR_COST(INTERACTIVE),
228 TC_PRIO_INTERACTIVE_BULK,
229 ECN_OR_COST(INTERACTIVE_BULK),
230 TC_PRIO_INTERACTIVE_BULK,
231 ECN_OR_COST(INTERACTIVE_BULK)
239 /* The locking scheme is rather straight forward:
241 * 1) Read-Copy Update protects the buckets of the central route hash.
242 * 2) Only writers remove entries, and they hold the lock
243 * as they look at rtable reference counts.
244 * 3) Only readers acquire references to rtable entries,
245 * they do so with atomic increments and with the
249 struct rt_hash_bucket {
250 struct rtable __rcu *chain;
253 #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) || \
254 defined(CONFIG_PROVE_LOCKING)
256 * Instead of using one spinlock for each rt_hash_bucket, we use a table of spinlocks
257 * The size of this table is a power of two and depends on the number of CPUS.
258 * (on lockdep we have a quite big spinlock_t, so keep the size down there)
260 #ifdef CONFIG_LOCKDEP
261 # define RT_HASH_LOCK_SZ 256
264 # define RT_HASH_LOCK_SZ 4096
266 # define RT_HASH_LOCK_SZ 2048
268 # define RT_HASH_LOCK_SZ 1024
270 # define RT_HASH_LOCK_SZ 512
272 # define RT_HASH_LOCK_SZ 256
276 static spinlock_t *rt_hash_locks;
277 # define rt_hash_lock_addr(slot) &rt_hash_locks[(slot) & (RT_HASH_LOCK_SZ - 1)]
279 static __init void rt_hash_lock_init(void)
283 rt_hash_locks = kmalloc(sizeof(spinlock_t) * RT_HASH_LOCK_SZ,
286 panic("IP: failed to allocate rt_hash_locks\n");
288 for (i = 0; i < RT_HASH_LOCK_SZ; i++)
289 spin_lock_init(&rt_hash_locks[i]);
292 # define rt_hash_lock_addr(slot) NULL
294 static inline void rt_hash_lock_init(void)
299 static struct rt_hash_bucket *rt_hash_table __read_mostly;
300 static unsigned rt_hash_mask __read_mostly;
301 static unsigned int rt_hash_log __read_mostly;
303 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
304 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
306 static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
309 return jhash_3words((__force u32)daddr, (__force u32)saddr,
314 static inline int rt_genid(struct net *net)
316 return atomic_read(&net->ipv4.rt_genid);
319 #ifdef CONFIG_PROC_FS
320 struct rt_cache_iter_state {
321 struct seq_net_private p;
326 static struct rtable *rt_cache_get_first(struct seq_file *seq)
328 struct rt_cache_iter_state *st = seq->private;
329 struct rtable *r = NULL;
331 for (st->bucket = rt_hash_mask; st->bucket >= 0; --st->bucket) {
332 if (!rcu_access_pointer(rt_hash_table[st->bucket].chain))
335 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
337 if (dev_net(r->dst.dev) == seq_file_net(seq) &&
338 r->rt_genid == st->genid)
340 r = rcu_dereference_bh(r->dst.rt_next);
342 rcu_read_unlock_bh();
347 static struct rtable *__rt_cache_get_next(struct seq_file *seq,
350 struct rt_cache_iter_state *st = seq->private;
352 r = rcu_dereference_bh(r->dst.rt_next);
354 rcu_read_unlock_bh();
356 if (--st->bucket < 0)
358 } while (!rcu_access_pointer(rt_hash_table[st->bucket].chain));
360 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
365 static struct rtable *rt_cache_get_next(struct seq_file *seq,
368 struct rt_cache_iter_state *st = seq->private;
369 while ((r = __rt_cache_get_next(seq, r)) != NULL) {
370 if (dev_net(r->dst.dev) != seq_file_net(seq))
372 if (r->rt_genid == st->genid)
378 static struct rtable *rt_cache_get_idx(struct seq_file *seq, loff_t pos)
380 struct rtable *r = rt_cache_get_first(seq);
383 while (pos && (r = rt_cache_get_next(seq, r)))
385 return pos ? NULL : r;
388 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
390 struct rt_cache_iter_state *st = seq->private;
392 return rt_cache_get_idx(seq, *pos - 1);
393 st->genid = rt_genid(seq_file_net(seq));
394 return SEQ_START_TOKEN;
397 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
401 if (v == SEQ_START_TOKEN)
402 r = rt_cache_get_first(seq);
404 r = rt_cache_get_next(seq, v);
409 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
411 if (v && v != SEQ_START_TOKEN)
412 rcu_read_unlock_bh();
415 static int rt_cache_seq_show(struct seq_file *seq, void *v)
417 if (v == SEQ_START_TOKEN)
418 seq_printf(seq, "%-127s\n",
419 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
420 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
423 struct rtable *r = v;
428 n = dst_get_neighbour_noref(&r->dst);
429 HHUptod = (n && (n->nud_state & NUD_CONNECTED)) ? 1 : 0;
432 seq_printf(seq, "%s\t%08X\t%08X\t%8X\t%d\t%u\t%d\t"
433 "%08X\t%d\t%u\t%u\t%02X\t%d\t%1d\t%08X%n",
434 r->dst.dev ? r->dst.dev->name : "*",
435 (__force u32)r->rt_dst,
436 (__force u32)r->rt_gateway,
437 r->rt_flags, atomic_read(&r->dst.__refcnt),
438 r->dst.__use, 0, (__force u32)r->rt_src,
439 dst_metric_advmss(&r->dst) + 40,
440 dst_metric(&r->dst, RTAX_WINDOW),
441 (int)((dst_metric(&r->dst, RTAX_RTT) >> 3) +
442 dst_metric(&r->dst, RTAX_RTTVAR)),
446 r->rt_spec_dst, &len);
448 seq_printf(seq, "%*s\n", 127 - len, "");
453 static const struct seq_operations rt_cache_seq_ops = {
454 .start = rt_cache_seq_start,
455 .next = rt_cache_seq_next,
456 .stop = rt_cache_seq_stop,
457 .show = rt_cache_seq_show,
460 static int rt_cache_seq_open(struct inode *inode, struct file *file)
462 return seq_open_net(inode, file, &rt_cache_seq_ops,
463 sizeof(struct rt_cache_iter_state));
466 static const struct file_operations rt_cache_seq_fops = {
467 .owner = THIS_MODULE,
468 .open = rt_cache_seq_open,
471 .release = seq_release_net,
475 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
480 return SEQ_START_TOKEN;
482 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
483 if (!cpu_possible(cpu))
486 return &per_cpu(rt_cache_stat, cpu);
491 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
495 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
496 if (!cpu_possible(cpu))
499 return &per_cpu(rt_cache_stat, cpu);
505 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
510 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
512 struct rt_cache_stat *st = v;
514 if (v == SEQ_START_TOKEN) {
515 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
519 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
520 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
521 dst_entries_get_slow(&ipv4_dst_ops),
544 static const struct seq_operations rt_cpu_seq_ops = {
545 .start = rt_cpu_seq_start,
546 .next = rt_cpu_seq_next,
547 .stop = rt_cpu_seq_stop,
548 .show = rt_cpu_seq_show,
552 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
554 return seq_open(file, &rt_cpu_seq_ops);
557 static const struct file_operations rt_cpu_seq_fops = {
558 .owner = THIS_MODULE,
559 .open = rt_cpu_seq_open,
562 .release = seq_release,
565 #ifdef CONFIG_IP_ROUTE_CLASSID
566 static int rt_acct_proc_show(struct seq_file *m, void *v)
568 struct ip_rt_acct *dst, *src;
571 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
575 for_each_possible_cpu(i) {
576 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
577 for (j = 0; j < 256; j++) {
578 dst[j].o_bytes += src[j].o_bytes;
579 dst[j].o_packets += src[j].o_packets;
580 dst[j].i_bytes += src[j].i_bytes;
581 dst[j].i_packets += src[j].i_packets;
585 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
590 static int rt_acct_proc_open(struct inode *inode, struct file *file)
592 return single_open(file, rt_acct_proc_show, NULL);
595 static const struct file_operations rt_acct_proc_fops = {
596 .owner = THIS_MODULE,
597 .open = rt_acct_proc_open,
600 .release = single_release,
604 static int __net_init ip_rt_do_proc_init(struct net *net)
606 struct proc_dir_entry *pde;
608 pde = proc_net_fops_create(net, "rt_cache", S_IRUGO,
613 pde = proc_create("rt_cache", S_IRUGO,
614 net->proc_net_stat, &rt_cpu_seq_fops);
618 #ifdef CONFIG_IP_ROUTE_CLASSID
619 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
625 #ifdef CONFIG_IP_ROUTE_CLASSID
627 remove_proc_entry("rt_cache", net->proc_net_stat);
630 remove_proc_entry("rt_cache", net->proc_net);
635 static void __net_exit ip_rt_do_proc_exit(struct net *net)
637 remove_proc_entry("rt_cache", net->proc_net_stat);
638 remove_proc_entry("rt_cache", net->proc_net);
639 #ifdef CONFIG_IP_ROUTE_CLASSID
640 remove_proc_entry("rt_acct", net->proc_net);
644 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
645 .init = ip_rt_do_proc_init,
646 .exit = ip_rt_do_proc_exit,
649 static int __init ip_rt_proc_init(void)
651 return register_pernet_subsys(&ip_rt_proc_ops);
655 static inline int ip_rt_proc_init(void)
659 #endif /* CONFIG_PROC_FS */
661 static inline void rt_free(struct rtable *rt)
663 call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
666 static inline void rt_drop(struct rtable *rt)
669 call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
672 static inline int rt_fast_clean(struct rtable *rth)
674 /* Kill broadcast/multicast entries very aggresively, if they
675 collide in hash table with more useful entries */
676 return (rth->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) &&
677 rt_is_input_route(rth) && rth->dst.rt_next;
680 static inline int rt_valuable(struct rtable *rth)
682 return (rth->rt_flags & (RTCF_REDIRECTED | RTCF_NOTIFY)) ||
683 (rth->peer && rth->peer->pmtu_expires);
686 static int rt_may_expire(struct rtable *rth, unsigned long tmo1, unsigned long tmo2)
691 if (atomic_read(&rth->dst.__refcnt))
694 age = jiffies - rth->dst.lastuse;
695 if ((age <= tmo1 && !rt_fast_clean(rth)) ||
696 (age <= tmo2 && rt_valuable(rth)))
702 /* Bits of score are:
704 * 30: not quite useless
705 * 29..0: usage counter
707 static inline u32 rt_score(struct rtable *rt)
709 u32 score = jiffies - rt->dst.lastuse;
711 score = ~score & ~(3<<30);
716 if (rt_is_output_route(rt) ||
717 !(rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL)))
723 static inline bool rt_caching(const struct net *net)
725 return net->ipv4.current_rt_cache_rebuild_count <=
726 net->ipv4.sysctl_rt_cache_rebuild_count;
729 static inline bool compare_hash_inputs(const struct rtable *rt1,
730 const struct rtable *rt2)
732 return ((((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
733 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
734 (rt1->rt_route_iif ^ rt2->rt_route_iif)) == 0);
737 static inline int compare_keys(struct rtable *rt1, struct rtable *rt2)
739 return (((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
740 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
741 (rt1->rt_mark ^ rt2->rt_mark) |
742 (rt1->rt_key_tos ^ rt2->rt_key_tos) |
743 (rt1->rt_route_iif ^ rt2->rt_route_iif) |
744 (rt1->rt_oif ^ rt2->rt_oif)) == 0;
747 static inline int compare_netns(struct rtable *rt1, struct rtable *rt2)
749 return net_eq(dev_net(rt1->dst.dev), dev_net(rt2->dst.dev));
752 static inline int rt_is_expired(struct rtable *rth)
754 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
758 * Perform a full scan of hash table and free all entries.
759 * Can be called by a softirq or a process.
760 * In the later case, we want to be reschedule if necessary
762 static void rt_do_flush(struct net *net, int process_context)
765 struct rtable *rth, *next;
767 for (i = 0; i <= rt_hash_mask; i++) {
768 struct rtable __rcu **pprev;
771 if (process_context && need_resched())
773 rth = rcu_access_pointer(rt_hash_table[i].chain);
777 spin_lock_bh(rt_hash_lock_addr(i));
780 pprev = &rt_hash_table[i].chain;
781 rth = rcu_dereference_protected(*pprev,
782 lockdep_is_held(rt_hash_lock_addr(i)));
785 next = rcu_dereference_protected(rth->dst.rt_next,
786 lockdep_is_held(rt_hash_lock_addr(i)));
789 net_eq(dev_net(rth->dst.dev), net)) {
790 rcu_assign_pointer(*pprev, next);
791 rcu_assign_pointer(rth->dst.rt_next, list);
794 pprev = &rth->dst.rt_next;
799 spin_unlock_bh(rt_hash_lock_addr(i));
801 for (; list; list = next) {
802 next = rcu_dereference_protected(list->dst.rt_next, 1);
809 * While freeing expired entries, we compute average chain length
810 * and standard deviation, using fixed-point arithmetic.
811 * This to have an estimation of rt_chain_length_max
812 * rt_chain_length_max = max(elasticity, AVG + 4*SD)
813 * We use 3 bits for frational part, and 29 (or 61) for magnitude.
817 #define ONE (1UL << FRACT_BITS)
820 * Given a hash chain and an item in this hash chain,
821 * find if a previous entry has the same hash_inputs
822 * (but differs on tos, mark or oif)
823 * Returns 0 if an alias is found.
824 * Returns ONE if rth has no alias before itself.
826 static int has_noalias(const struct rtable *head, const struct rtable *rth)
828 const struct rtable *aux = head;
831 if (compare_hash_inputs(aux, rth))
833 aux = rcu_dereference_protected(aux->dst.rt_next, 1);
838 static void rt_check_expire(void)
840 static unsigned int rover;
841 unsigned int i = rover, goal;
843 struct rtable __rcu **rthp;
844 unsigned long samples = 0;
845 unsigned long sum = 0, sum2 = 0;
849 delta = jiffies - expires_ljiffies;
850 expires_ljiffies = jiffies;
851 mult = ((u64)delta) << rt_hash_log;
852 if (ip_rt_gc_timeout > 1)
853 do_div(mult, ip_rt_gc_timeout);
854 goal = (unsigned int)mult;
855 if (goal > rt_hash_mask)
856 goal = rt_hash_mask + 1;
857 for (; goal > 0; goal--) {
858 unsigned long tmo = ip_rt_gc_timeout;
859 unsigned long length;
861 i = (i + 1) & rt_hash_mask;
862 rthp = &rt_hash_table[i].chain;
869 if (rcu_dereference_raw(*rthp) == NULL)
872 spin_lock_bh(rt_hash_lock_addr(i));
873 while ((rth = rcu_dereference_protected(*rthp,
874 lockdep_is_held(rt_hash_lock_addr(i)))) != NULL) {
875 prefetch(rth->dst.rt_next);
876 if (rt_is_expired(rth)) {
877 *rthp = rth->dst.rt_next;
881 if (rth->dst.expires) {
882 /* Entry is expired even if it is in use */
883 if (time_before_eq(jiffies, rth->dst.expires)) {
886 rthp = &rth->dst.rt_next;
888 * We only count entries on
889 * a chain with equal hash inputs once
890 * so that entries for different QOS
891 * levels, and other non-hash input
892 * attributes don't unfairly skew
893 * the length computation
895 length += has_noalias(rt_hash_table[i].chain, rth);
898 } else if (!rt_may_expire(rth, tmo, ip_rt_gc_timeout))
901 /* Cleanup aged off entries. */
902 *rthp = rth->dst.rt_next;
905 spin_unlock_bh(rt_hash_lock_addr(i));
907 sum2 += length*length;
910 unsigned long avg = sum / samples;
911 unsigned long sd = int_sqrt(sum2 / samples - avg*avg);
912 rt_chain_length_max = max_t(unsigned long,
914 (avg + 4*sd) >> FRACT_BITS);
920 * rt_worker_func() is run in process context.
921 * we call rt_check_expire() to scan part of the hash table
923 static void rt_worker_func(struct work_struct *work)
926 schedule_delayed_work(&expires_work, ip_rt_gc_interval);
930 * Perturbation of rt_genid by a small quantity [1..256]
931 * Using 8 bits of shuffling ensure we can call rt_cache_invalidate()
932 * many times (2^24) without giving recent rt_genid.
933 * Jenkins hash is strong enough that litle changes of rt_genid are OK.
935 static void rt_cache_invalidate(struct net *net)
937 unsigned char shuffle;
939 get_random_bytes(&shuffle, sizeof(shuffle));
940 atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
941 inetpeer_invalidate_tree(AF_INET);
945 * delay < 0 : invalidate cache (fast : entries will be deleted later)
946 * delay >= 0 : invalidate & flush cache (can be long)
948 void rt_cache_flush(struct net *net, int delay)
950 rt_cache_invalidate(net);
952 rt_do_flush(net, !in_softirq());
955 /* Flush previous cache invalidated entries from the cache */
956 void rt_cache_flush_batch(struct net *net)
958 rt_do_flush(net, !in_softirq());
961 static void rt_emergency_hash_rebuild(struct net *net)
964 pr_warn("Route hash chain too long!\n");
965 rt_cache_invalidate(net);
969 Short description of GC goals.
971 We want to build algorithm, which will keep routing cache
972 at some equilibrium point, when number of aged off entries
973 is kept approximately equal to newly generated ones.
975 Current expiration strength is variable "expire".
976 We try to adjust it dynamically, so that if networking
977 is idle expires is large enough to keep enough of warm entries,
978 and when load increases it reduces to limit cache size.
981 static int rt_garbage_collect(struct dst_ops *ops)
983 static unsigned long expire = RT_GC_TIMEOUT;
984 static unsigned long last_gc;
986 static int equilibrium;
988 struct rtable __rcu **rthp;
989 unsigned long now = jiffies;
991 int entries = dst_entries_get_fast(&ipv4_dst_ops);
994 * Garbage collection is pretty expensive,
995 * do not make it too frequently.
998 RT_CACHE_STAT_INC(gc_total);
1000 if (now - last_gc < ip_rt_gc_min_interval &&
1001 entries < ip_rt_max_size) {
1002 RT_CACHE_STAT_INC(gc_ignored);
1006 entries = dst_entries_get_slow(&ipv4_dst_ops);
1007 /* Calculate number of entries, which we want to expire now. */
1008 goal = entries - (ip_rt_gc_elasticity << rt_hash_log);
1010 if (equilibrium < ipv4_dst_ops.gc_thresh)
1011 equilibrium = ipv4_dst_ops.gc_thresh;
1012 goal = entries - equilibrium;
1014 equilibrium += min_t(unsigned int, goal >> 1, rt_hash_mask + 1);
1015 goal = entries - equilibrium;
1018 /* We are in dangerous area. Try to reduce cache really
1021 goal = max_t(unsigned int, goal >> 1, rt_hash_mask + 1);
1022 equilibrium = entries - goal;
1025 if (now - last_gc >= ip_rt_gc_min_interval)
1029 equilibrium += goal;
1036 for (i = rt_hash_mask, k = rover; i >= 0; i--) {
1037 unsigned long tmo = expire;
1039 k = (k + 1) & rt_hash_mask;
1040 rthp = &rt_hash_table[k].chain;
1041 spin_lock_bh(rt_hash_lock_addr(k));
1042 while ((rth = rcu_dereference_protected(*rthp,
1043 lockdep_is_held(rt_hash_lock_addr(k)))) != NULL) {
1044 if (!rt_is_expired(rth) &&
1045 !rt_may_expire(rth, tmo, expire)) {
1047 rthp = &rth->dst.rt_next;
1050 *rthp = rth->dst.rt_next;
1054 spin_unlock_bh(rt_hash_lock_addr(k));
1063 /* Goal is not achieved. We stop process if:
1065 - if expire reduced to zero. Otherwise, expire is halfed.
1066 - if table is not full.
1067 - if we are called from interrupt.
1068 - jiffies check is just fallback/debug loop breaker.
1069 We will not spin here for long time in any case.
1072 RT_CACHE_STAT_INC(gc_goal_miss);
1079 if (dst_entries_get_fast(&ipv4_dst_ops) < ip_rt_max_size)
1081 } while (!in_softirq() && time_before_eq(jiffies, now));
1083 if (dst_entries_get_fast(&ipv4_dst_ops) < ip_rt_max_size)
1085 if (dst_entries_get_slow(&ipv4_dst_ops) < ip_rt_max_size)
1087 if (net_ratelimit())
1088 pr_warn("dst cache overflow\n");
1089 RT_CACHE_STAT_INC(gc_dst_overflow);
1093 expire += ip_rt_gc_min_interval;
1094 if (expire > ip_rt_gc_timeout ||
1095 dst_entries_get_fast(&ipv4_dst_ops) < ipv4_dst_ops.gc_thresh ||
1096 dst_entries_get_slow(&ipv4_dst_ops) < ipv4_dst_ops.gc_thresh)
1097 expire = ip_rt_gc_timeout;
1102 * Returns number of entries in a hash chain that have different hash_inputs
1104 static int slow_chain_length(const struct rtable *head)
1107 const struct rtable *rth = head;
1110 length += has_noalias(head, rth);
1111 rth = rcu_dereference_protected(rth->dst.rt_next, 1);
1113 return length >> FRACT_BITS;
1116 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr)
1118 static const __be32 inaddr_any = 0;
1119 struct net_device *dev = dst->dev;
1120 const __be32 *pkey = daddr;
1121 const struct rtable *rt;
1122 struct neighbour *n;
1124 rt = (const struct rtable *) dst;
1126 if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))
1128 else if (rt->rt_gateway)
1129 pkey = (const __be32 *) &rt->rt_gateway;
1131 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
1134 return neigh_create(&arp_tbl, pkey, dev);
1137 static int rt_bind_neighbour(struct rtable *rt)
1139 struct neighbour *n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1142 dst_set_neighbour(&rt->dst, n);
1147 static struct rtable *rt_intern_hash(unsigned hash, struct rtable *rt,
1148 struct sk_buff *skb, int ifindex)
1150 struct rtable *rth, *cand;
1151 struct rtable __rcu **rthp, **candp;
1155 int attempts = !in_softirq();
1159 min_score = ~(u32)0;
1164 if (!rt_caching(dev_net(rt->dst.dev))) {
1166 * If we're not caching, just tell the caller we
1167 * were successful and don't touch the route. The
1168 * caller hold the sole reference to the cache entry, and
1169 * it will be released when the caller is done with it.
1170 * If we drop it here, the callers have no way to resolve routes
1171 * when we're not caching. Instead, just point *rp at rt, so
1172 * the caller gets a single use out of the route
1173 * Note that we do rt_free on this new route entry, so that
1174 * once its refcount hits zero, we are still able to reap it
1176 * Note: To avoid expensive rcu stuff for this uncached dst,
1177 * we set DST_NOCACHE so that dst_release() can free dst without
1178 * waiting a grace period.
1181 rt->dst.flags |= DST_NOCACHE;
1182 if (rt->rt_type == RTN_UNICAST || rt_is_output_route(rt)) {
1183 int err = rt_bind_neighbour(rt);
1185 if (net_ratelimit())
1186 pr_warn("Neighbour table failure & not caching routes\n");
1188 return ERR_PTR(err);
1195 rthp = &rt_hash_table[hash].chain;
1197 spin_lock_bh(rt_hash_lock_addr(hash));
1198 while ((rth = rcu_dereference_protected(*rthp,
1199 lockdep_is_held(rt_hash_lock_addr(hash)))) != NULL) {
1200 if (rt_is_expired(rth)) {
1201 *rthp = rth->dst.rt_next;
1205 if (compare_keys(rth, rt) && compare_netns(rth, rt)) {
1207 *rthp = rth->dst.rt_next;
1209 * Since lookup is lockfree, the deletion
1210 * must be visible to another weakly ordered CPU before
1211 * the insertion at the start of the hash chain.
1213 rcu_assign_pointer(rth->dst.rt_next,
1214 rt_hash_table[hash].chain);
1216 * Since lookup is lockfree, the update writes
1217 * must be ordered for consistency on SMP.
1219 rcu_assign_pointer(rt_hash_table[hash].chain, rth);
1221 dst_use(&rth->dst, now);
1222 spin_unlock_bh(rt_hash_lock_addr(hash));
1226 skb_dst_set(skb, &rth->dst);
1230 if (!atomic_read(&rth->dst.__refcnt)) {
1231 u32 score = rt_score(rth);
1233 if (score <= min_score) {
1242 rthp = &rth->dst.rt_next;
1246 /* ip_rt_gc_elasticity used to be average length of chain
1247 * length, when exceeded gc becomes really aggressive.
1249 * The second limit is less certain. At the moment it allows
1250 * only 2 entries per bucket. We will see.
1252 if (chain_length > ip_rt_gc_elasticity) {
1253 *candp = cand->dst.rt_next;
1257 if (chain_length > rt_chain_length_max &&
1258 slow_chain_length(rt_hash_table[hash].chain) > rt_chain_length_max) {
1259 struct net *net = dev_net(rt->dst.dev);
1260 int num = ++net->ipv4.current_rt_cache_rebuild_count;
1261 if (!rt_caching(net)) {
1262 pr_warn("%s: %d rebuilds is over limit, route caching disabled\n",
1263 rt->dst.dev->name, num);
1265 rt_emergency_hash_rebuild(net);
1266 spin_unlock_bh(rt_hash_lock_addr(hash));
1268 hash = rt_hash(rt->rt_key_dst, rt->rt_key_src,
1269 ifindex, rt_genid(net));
1274 /* Try to bind route to arp only if it is output
1275 route or unicast forwarding path.
1277 if (rt->rt_type == RTN_UNICAST || rt_is_output_route(rt)) {
1278 int err = rt_bind_neighbour(rt);
1280 spin_unlock_bh(rt_hash_lock_addr(hash));
1282 if (err != -ENOBUFS) {
1284 return ERR_PTR(err);
1287 /* Neighbour tables are full and nothing
1288 can be released. Try to shrink route cache,
1289 it is most likely it holds some neighbour records.
1291 if (attempts-- > 0) {
1292 int saved_elasticity = ip_rt_gc_elasticity;
1293 int saved_int = ip_rt_gc_min_interval;
1294 ip_rt_gc_elasticity = 1;
1295 ip_rt_gc_min_interval = 0;
1296 rt_garbage_collect(&ipv4_dst_ops);
1297 ip_rt_gc_min_interval = saved_int;
1298 ip_rt_gc_elasticity = saved_elasticity;
1302 if (net_ratelimit())
1303 pr_warn("Neighbour table overflow\n");
1305 return ERR_PTR(-ENOBUFS);
1309 rt->dst.rt_next = rt_hash_table[hash].chain;
1312 * Since lookup is lockfree, we must make sure
1313 * previous writes to rt are committed to memory
1314 * before making rt visible to other CPUS.
1316 rcu_assign_pointer(rt_hash_table[hash].chain, rt);
1318 spin_unlock_bh(rt_hash_lock_addr(hash));
1322 skb_dst_set(skb, &rt->dst);
1326 static atomic_t __rt_peer_genid = ATOMIC_INIT(0);
1328 static u32 rt_peer_genid(void)
1330 return atomic_read(&__rt_peer_genid);
1333 void rt_bind_peer(struct rtable *rt, __be32 daddr, int create)
1335 struct inet_peer *peer;
1337 peer = inet_getpeer_v4(daddr, create);
1339 if (peer && cmpxchg(&rt->peer, NULL, peer) != NULL)
1342 rt->rt_peer_genid = rt_peer_genid();
1346 * Peer allocation may fail only in serious out-of-memory conditions. However
1347 * we still can generate some output.
1348 * Random ID selection looks a bit dangerous because we have no chances to
1349 * select ID being unique in a reasonable period of time.
1350 * But broken packet identifier may be better than no packet at all.
1352 static void ip_select_fb_ident(struct iphdr *iph)
1354 static DEFINE_SPINLOCK(ip_fb_id_lock);
1355 static u32 ip_fallback_id;
1358 spin_lock_bh(&ip_fb_id_lock);
1359 salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
1360 iph->id = htons(salt & 0xFFFF);
1361 ip_fallback_id = salt;
1362 spin_unlock_bh(&ip_fb_id_lock);
1365 void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1367 struct rtable *rt = (struct rtable *) dst;
1369 if (rt && !(rt->dst.flags & DST_NOPEER)) {
1370 if (rt->peer == NULL)
1371 rt_bind_peer(rt, rt->rt_dst, 1);
1373 /* If peer is attached to destination, it is never detached,
1374 so that we need not to grab a lock to dereference it.
1377 iph->id = htons(inet_getid(rt->peer, more));
1381 printk(KERN_DEBUG "rt_bind_peer(0) @%p\n",
1382 __builtin_return_address(0));
1384 ip_select_fb_ident(iph);
1386 EXPORT_SYMBOL(__ip_select_ident);
1388 static void rt_del(unsigned hash, struct rtable *rt)
1390 struct rtable __rcu **rthp;
1393 rthp = &rt_hash_table[hash].chain;
1394 spin_lock_bh(rt_hash_lock_addr(hash));
1396 while ((aux = rcu_dereference_protected(*rthp,
1397 lockdep_is_held(rt_hash_lock_addr(hash)))) != NULL) {
1398 if (aux == rt || rt_is_expired(aux)) {
1399 *rthp = aux->dst.rt_next;
1403 rthp = &aux->dst.rt_next;
1405 spin_unlock_bh(rt_hash_lock_addr(hash));
1408 static void check_peer_redir(struct dst_entry *dst, struct inet_peer *peer)
1410 struct rtable *rt = (struct rtable *) dst;
1411 __be32 orig_gw = rt->rt_gateway;
1412 struct neighbour *n, *old_n;
1414 dst_confirm(&rt->dst);
1416 rt->rt_gateway = peer->redirect_learned.a4;
1418 n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1420 rt->rt_gateway = orig_gw;
1423 old_n = xchg(&rt->dst._neighbour, n);
1425 neigh_release(old_n);
1426 if (!(n->nud_state & NUD_VALID)) {
1427 neigh_event_send(n, NULL);
1429 rt->rt_flags |= RTCF_REDIRECTED;
1430 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
1434 /* called in rcu_read_lock() section */
1435 void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1436 __be32 saddr, struct net_device *dev)
1439 struct in_device *in_dev = __in_dev_get_rcu(dev);
1440 __be32 skeys[2] = { saddr, 0 };
1441 int ikeys[2] = { dev->ifindex, 0 };
1442 struct inet_peer *peer;
1449 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
1450 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
1451 ipv4_is_zeronet(new_gw))
1452 goto reject_redirect;
1454 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
1455 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
1456 goto reject_redirect;
1457 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
1458 goto reject_redirect;
1460 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
1461 goto reject_redirect;
1464 for (s = 0; s < 2; s++) {
1465 for (i = 0; i < 2; i++) {
1467 struct rtable __rcu **rthp;
1470 hash = rt_hash(daddr, skeys[s], ikeys[i], rt_genid(net));
1472 rthp = &rt_hash_table[hash].chain;
1474 while ((rt = rcu_dereference(*rthp)) != NULL) {
1475 rthp = &rt->dst.rt_next;
1477 if (rt->rt_key_dst != daddr ||
1478 rt->rt_key_src != skeys[s] ||
1479 rt->rt_oif != ikeys[i] ||
1480 rt_is_input_route(rt) ||
1481 rt_is_expired(rt) ||
1482 !net_eq(dev_net(rt->dst.dev), net) ||
1484 rt->dst.dev != dev ||
1485 rt->rt_gateway != old_gw)
1489 rt_bind_peer(rt, rt->rt_dst, 1);
1493 if (peer->redirect_learned.a4 != new_gw) {
1494 peer->redirect_learned.a4 = new_gw;
1495 atomic_inc(&__rt_peer_genid);
1497 check_peer_redir(&rt->dst, peer);
1505 #ifdef CONFIG_IP_ROUTE_VERBOSE
1506 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
1507 pr_info("Redirect from %pI4 on %s about %pI4 ignored\n"
1508 " Advised path = %pI4 -> %pI4\n",
1509 &old_gw, dev->name, &new_gw,
1515 static bool peer_pmtu_expired(struct inet_peer *peer)
1517 unsigned long orig = ACCESS_ONCE(peer->pmtu_expires);
1520 time_after_eq(jiffies, orig) &&
1521 cmpxchg(&peer->pmtu_expires, orig, 0) == orig;
1524 static bool peer_pmtu_cleaned(struct inet_peer *peer)
1526 unsigned long orig = ACCESS_ONCE(peer->pmtu_expires);
1529 cmpxchg(&peer->pmtu_expires, orig, 0) == orig;
1532 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
1534 struct rtable *rt = (struct rtable *)dst;
1535 struct dst_entry *ret = dst;
1538 if (dst->obsolete > 0) {
1541 } else if (rt->rt_flags & RTCF_REDIRECTED) {
1542 unsigned hash = rt_hash(rt->rt_key_dst, rt->rt_key_src,
1544 rt_genid(dev_net(dst->dev)));
1547 } else if (rt->peer && peer_pmtu_expired(rt->peer)) {
1548 dst_metric_set(dst, RTAX_MTU, rt->peer->pmtu_orig);
1556 * 1. The first ip_rt_redirect_number redirects are sent
1557 * with exponential backoff, then we stop sending them at all,
1558 * assuming that the host ignores our redirects.
1559 * 2. If we did not see packets requiring redirects
1560 * during ip_rt_redirect_silence, we assume that the host
1561 * forgot redirected route and start to send redirects again.
1563 * This algorithm is much cheaper and more intelligent than dumb load limiting
1566 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
1567 * and "frag. need" (breaks PMTU discovery) in icmp.c.
1570 void ip_rt_send_redirect(struct sk_buff *skb)
1572 struct rtable *rt = skb_rtable(skb);
1573 struct in_device *in_dev;
1574 struct inet_peer *peer;
1578 in_dev = __in_dev_get_rcu(rt->dst.dev);
1579 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
1583 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
1587 rt_bind_peer(rt, rt->rt_dst, 1);
1590 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1594 /* No redirected packets during ip_rt_redirect_silence;
1595 * reset the algorithm.
1597 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
1598 peer->rate_tokens = 0;
1600 /* Too many ignored redirects; do not send anything
1601 * set dst.rate_last to the last seen redirected packet.
1603 if (peer->rate_tokens >= ip_rt_redirect_number) {
1604 peer->rate_last = jiffies;
1608 /* Check for load limit; set rate_last to the latest sent
1611 if (peer->rate_tokens == 0 ||
1614 (ip_rt_redirect_load << peer->rate_tokens)))) {
1615 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1616 peer->rate_last = jiffies;
1617 ++peer->rate_tokens;
1618 #ifdef CONFIG_IP_ROUTE_VERBOSE
1620 peer->rate_tokens == ip_rt_redirect_number &&
1622 pr_warn("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
1623 &ip_hdr(skb)->saddr, rt->rt_iif,
1624 &rt->rt_dst, &rt->rt_gateway);
1629 static int ip_error(struct sk_buff *skb)
1631 struct rtable *rt = skb_rtable(skb);
1632 struct inet_peer *peer;
1637 switch (rt->dst.error) {
1642 code = ICMP_HOST_UNREACH;
1645 code = ICMP_NET_UNREACH;
1646 IP_INC_STATS_BH(dev_net(rt->dst.dev),
1647 IPSTATS_MIB_INNOROUTES);
1650 code = ICMP_PKT_FILTERED;
1655 rt_bind_peer(rt, rt->rt_dst, 1);
1661 peer->rate_tokens += now - peer->rate_last;
1662 if (peer->rate_tokens > ip_rt_error_burst)
1663 peer->rate_tokens = ip_rt_error_burst;
1664 peer->rate_last = now;
1665 if (peer->rate_tokens >= ip_rt_error_cost)
1666 peer->rate_tokens -= ip_rt_error_cost;
1671 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1673 out: kfree_skb(skb);
1678 * The last two values are not from the RFC but
1679 * are needed for AMPRnet AX.25 paths.
1682 static const unsigned short mtu_plateau[] =
1683 {32000, 17914, 8166, 4352, 2002, 1492, 576, 296, 216, 128 };
1685 static inline unsigned short guess_mtu(unsigned short old_mtu)
1689 for (i = 0; i < ARRAY_SIZE(mtu_plateau); i++)
1690 if (old_mtu > mtu_plateau[i])
1691 return mtu_plateau[i];
1695 unsigned short ip_rt_frag_needed(struct net *net, const struct iphdr *iph,
1696 unsigned short new_mtu,
1697 struct net_device *dev)
1699 unsigned short old_mtu = ntohs(iph->tot_len);
1700 unsigned short est_mtu = 0;
1701 struct inet_peer *peer;
1703 peer = inet_getpeer_v4(iph->daddr, 1);
1705 unsigned short mtu = new_mtu;
1707 if (new_mtu < 68 || new_mtu >= old_mtu) {
1708 /* BSD 4.2 derived systems incorrectly adjust
1709 * tot_len by the IP header length, and report
1710 * a zero MTU in the ICMP message.
1713 old_mtu >= 68 + (iph->ihl << 2))
1714 old_mtu -= iph->ihl << 2;
1715 mtu = guess_mtu(old_mtu);
1718 if (mtu < ip_rt_min_pmtu)
1719 mtu = ip_rt_min_pmtu;
1720 if (!peer->pmtu_expires || mtu < peer->pmtu_learned) {
1721 unsigned long pmtu_expires;
1723 pmtu_expires = jiffies + ip_rt_mtu_expires;
1728 peer->pmtu_learned = mtu;
1729 peer->pmtu_expires = pmtu_expires;
1730 atomic_inc(&__rt_peer_genid);
1735 return est_mtu ? : new_mtu;
1738 static void check_peer_pmtu(struct dst_entry *dst, struct inet_peer *peer)
1740 unsigned long expires = ACCESS_ONCE(peer->pmtu_expires);
1744 if (time_before(jiffies, expires)) {
1745 u32 orig_dst_mtu = dst_mtu(dst);
1746 if (peer->pmtu_learned < orig_dst_mtu) {
1747 if (!peer->pmtu_orig)
1748 peer->pmtu_orig = dst_metric_raw(dst, RTAX_MTU);
1749 dst_metric_set(dst, RTAX_MTU, peer->pmtu_learned);
1751 } else if (cmpxchg(&peer->pmtu_expires, expires, 0) == expires)
1752 dst_metric_set(dst, RTAX_MTU, peer->pmtu_orig);
1755 static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1757 struct rtable *rt = (struct rtable *) dst;
1758 struct inet_peer *peer;
1763 rt_bind_peer(rt, rt->rt_dst, 1);
1766 unsigned long pmtu_expires = ACCESS_ONCE(peer->pmtu_expires);
1768 if (mtu < ip_rt_min_pmtu)
1769 mtu = ip_rt_min_pmtu;
1770 if (!pmtu_expires || mtu < peer->pmtu_learned) {
1772 pmtu_expires = jiffies + ip_rt_mtu_expires;
1776 peer->pmtu_learned = mtu;
1777 peer->pmtu_expires = pmtu_expires;
1779 atomic_inc(&__rt_peer_genid);
1780 rt->rt_peer_genid = rt_peer_genid();
1782 check_peer_pmtu(dst, peer);
1787 static void ipv4_validate_peer(struct rtable *rt)
1789 if (rt->rt_peer_genid != rt_peer_genid()) {
1790 struct inet_peer *peer;
1793 rt_bind_peer(rt, rt->rt_dst, 0);
1797 check_peer_pmtu(&rt->dst, peer);
1799 if (peer->redirect_learned.a4 &&
1800 peer->redirect_learned.a4 != rt->rt_gateway)
1801 check_peer_redir(&rt->dst, peer);
1804 rt->rt_peer_genid = rt_peer_genid();
1808 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1810 struct rtable *rt = (struct rtable *) dst;
1812 if (rt_is_expired(rt))
1814 ipv4_validate_peer(rt);
1818 static void ipv4_dst_destroy(struct dst_entry *dst)
1820 struct rtable *rt = (struct rtable *) dst;
1821 struct inet_peer *peer = rt->peer;
1824 fib_info_put(rt->fi);
1834 static void ipv4_link_failure(struct sk_buff *skb)
1838 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1840 rt = skb_rtable(skb);
1841 if (rt && rt->peer && peer_pmtu_cleaned(rt->peer))
1842 dst_metric_set(&rt->dst, RTAX_MTU, rt->peer->pmtu_orig);
1845 static int ip_rt_bug(struct sk_buff *skb)
1847 printk(KERN_DEBUG "ip_rt_bug: %pI4 -> %pI4, %s\n",
1848 &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1849 skb->dev ? skb->dev->name : "?");
1856 We do not cache source address of outgoing interface,
1857 because it is used only by IP RR, TS and SRR options,
1858 so that it out of fast path.
1860 BTW remember: "addr" is allowed to be not aligned
1864 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1868 if (rt_is_output_route(rt))
1869 src = ip_hdr(skb)->saddr;
1871 struct fib_result res;
1877 memset(&fl4, 0, sizeof(fl4));
1878 fl4.daddr = iph->daddr;
1879 fl4.saddr = iph->saddr;
1880 fl4.flowi4_tos = RT_TOS(iph->tos);
1881 fl4.flowi4_oif = rt->dst.dev->ifindex;
1882 fl4.flowi4_iif = skb->dev->ifindex;
1883 fl4.flowi4_mark = skb->mark;
1886 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1887 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1889 src = inet_select_addr(rt->dst.dev, rt->rt_gateway,
1893 memcpy(addr, &src, 4);
1896 #ifdef CONFIG_IP_ROUTE_CLASSID
1897 static void set_class_tag(struct rtable *rt, u32 tag)
1899 if (!(rt->dst.tclassid & 0xFFFF))
1900 rt->dst.tclassid |= tag & 0xFFFF;
1901 if (!(rt->dst.tclassid & 0xFFFF0000))
1902 rt->dst.tclassid |= tag & 0xFFFF0000;
1906 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1908 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1911 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1913 if (advmss > 65535 - 40)
1914 advmss = 65535 - 40;
1919 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1921 const struct rtable *rt = (const struct rtable *) dst;
1922 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
1924 if (mtu && rt_is_output_route(rt))
1927 mtu = dst->dev->mtu;
1929 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1931 if (rt->rt_gateway != rt->rt_dst && mtu > 576)
1935 if (mtu > IP_MAX_MTU)
1941 static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4,
1942 struct fib_info *fi)
1944 struct inet_peer *peer;
1947 /* If a peer entry exists for this destination, we must hook
1948 * it up in order to get at cached metrics.
1950 if (fl4 && (fl4->flowi4_flags & FLOWI_FLAG_PRECOW_METRICS))
1953 rt->peer = peer = inet_getpeer_v4(rt->rt_dst, create);
1955 rt->rt_peer_genid = rt_peer_genid();
1956 if (inet_metrics_new(peer))
1957 memcpy(peer->metrics, fi->fib_metrics,
1958 sizeof(u32) * RTAX_MAX);
1959 dst_init_metrics(&rt->dst, peer->metrics, false);
1961 check_peer_pmtu(&rt->dst, peer);
1963 if (peer->redirect_learned.a4 &&
1964 peer->redirect_learned.a4 != rt->rt_gateway) {
1965 rt->rt_gateway = peer->redirect_learned.a4;
1966 rt->rt_flags |= RTCF_REDIRECTED;
1969 if (fi->fib_metrics != (u32 *) dst_default_metrics) {
1971 atomic_inc(&fi->fib_clntref);
1973 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1977 static void rt_set_nexthop(struct rtable *rt, const struct flowi4 *fl4,
1978 const struct fib_result *res,
1979 struct fib_info *fi, u16 type, u32 itag)
1981 struct dst_entry *dst = &rt->dst;
1984 if (FIB_RES_GW(*res) &&
1985 FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
1986 rt->rt_gateway = FIB_RES_GW(*res);
1987 rt_init_metrics(rt, fl4, fi);
1988 #ifdef CONFIG_IP_ROUTE_CLASSID
1989 dst->tclassid = FIB_RES_NH(*res).nh_tclassid;
1993 if (dst_mtu(dst) > IP_MAX_MTU)
1994 dst_metric_set(dst, RTAX_MTU, IP_MAX_MTU);
1995 if (dst_metric_raw(dst, RTAX_ADVMSS) > 65535 - 40)
1996 dst_metric_set(dst, RTAX_ADVMSS, 65535 - 40);
1998 #ifdef CONFIG_IP_ROUTE_CLASSID
1999 #ifdef CONFIG_IP_MULTIPLE_TABLES
2000 set_class_tag(rt, fib_rules_tclass(res));
2002 set_class_tag(rt, itag);
2006 static struct rtable *rt_dst_alloc(struct net_device *dev,
2007 bool nopolicy, bool noxfrm)
2009 return dst_alloc(&ipv4_dst_ops, dev, 1, -1,
2011 (nopolicy ? DST_NOPOLICY : 0) |
2012 (noxfrm ? DST_NOXFRM : 0));
2015 /* called in rcu_read_lock() section */
2016 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2017 u8 tos, struct net_device *dev, int our)
2022 struct in_device *in_dev = __in_dev_get_rcu(dev);
2026 /* Primary sanity checks. */
2031 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
2032 ipv4_is_loopback(saddr) || skb->protocol != htons(ETH_P_IP))
2035 if (ipv4_is_zeronet(saddr)) {
2036 if (!ipv4_is_local_multicast(daddr))
2038 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
2040 err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
2045 rth = rt_dst_alloc(init_net.loopback_dev,
2046 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
2050 #ifdef CONFIG_IP_ROUTE_CLASSID
2051 rth->dst.tclassid = itag;
2053 rth->dst.output = ip_rt_bug;
2055 rth->rt_key_dst = daddr;
2056 rth->rt_key_src = saddr;
2057 rth->rt_genid = rt_genid(dev_net(dev));
2058 rth->rt_flags = RTCF_MULTICAST;
2059 rth->rt_type = RTN_MULTICAST;
2060 rth->rt_key_tos = tos;
2061 rth->rt_dst = daddr;
2062 rth->rt_src = saddr;
2063 rth->rt_route_iif = dev->ifindex;
2064 rth->rt_iif = dev->ifindex;
2066 rth->rt_mark = skb->mark;
2067 rth->rt_gateway = daddr;
2068 rth->rt_spec_dst= spec_dst;
2069 rth->rt_peer_genid = 0;
2073 rth->dst.input= ip_local_deliver;
2074 rth->rt_flags |= RTCF_LOCAL;
2077 #ifdef CONFIG_IP_MROUTE
2078 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
2079 rth->dst.input = ip_mr_input;
2081 RT_CACHE_STAT_INC(in_slow_mc);
2083 hash = rt_hash(daddr, saddr, dev->ifindex, rt_genid(dev_net(dev)));
2084 rth = rt_intern_hash(hash, rth, skb, dev->ifindex);
2085 return IS_ERR(rth) ? PTR_ERR(rth) : 0;
2096 static void ip_handle_martian_source(struct net_device *dev,
2097 struct in_device *in_dev,
2098 struct sk_buff *skb,
2102 RT_CACHE_STAT_INC(in_martian_src);
2103 #ifdef CONFIG_IP_ROUTE_VERBOSE
2104 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
2106 * RFC1812 recommendation, if source is martian,
2107 * the only hint is MAC header.
2109 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
2110 &daddr, &saddr, dev->name);
2111 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
2112 print_hex_dump(KERN_WARNING, "ll header: ",
2113 DUMP_PREFIX_OFFSET, 16, 1,
2114 skb_mac_header(skb),
2115 dev->hard_header_len, true);
2121 /* called in rcu_read_lock() section */
2122 static int __mkroute_input(struct sk_buff *skb,
2123 const struct fib_result *res,
2124 struct in_device *in_dev,
2125 __be32 daddr, __be32 saddr, u32 tos,
2126 struct rtable **result)
2130 struct in_device *out_dev;
2131 unsigned int flags = 0;
2135 /* get a working reference to the output device */
2136 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
2137 if (out_dev == NULL) {
2138 if (net_ratelimit())
2139 pr_crit("Bug in ip_route_input_slow(). Please report.\n");
2144 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
2145 in_dev->dev, &spec_dst, &itag);
2147 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
2154 flags |= RTCF_DIRECTSRC;
2156 if (out_dev == in_dev && err &&
2157 (IN_DEV_SHARED_MEDIA(out_dev) ||
2158 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
2159 flags |= RTCF_DOREDIRECT;
2161 if (skb->protocol != htons(ETH_P_IP)) {
2162 /* Not IP (i.e. ARP). Do not create route, if it is
2163 * invalid for proxy arp. DNAT routes are always valid.
2165 * Proxy arp feature have been extended to allow, ARP
2166 * replies back to the same interface, to support
2167 * Private VLAN switch technologies. See arp.c.
2169 if (out_dev == in_dev &&
2170 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
2176 rth = rt_dst_alloc(out_dev->dev,
2177 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2178 IN_DEV_CONF_GET(out_dev, NOXFRM));
2184 rth->rt_key_dst = daddr;
2185 rth->rt_key_src = saddr;
2186 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
2187 rth->rt_flags = flags;
2188 rth->rt_type = res->type;
2189 rth->rt_key_tos = tos;
2190 rth->rt_dst = daddr;
2191 rth->rt_src = saddr;
2192 rth->rt_route_iif = in_dev->dev->ifindex;
2193 rth->rt_iif = in_dev->dev->ifindex;
2195 rth->rt_mark = skb->mark;
2196 rth->rt_gateway = daddr;
2197 rth->rt_spec_dst= spec_dst;
2198 rth->rt_peer_genid = 0;
2202 rth->dst.input = ip_forward;
2203 rth->dst.output = ip_output;
2205 rt_set_nexthop(rth, NULL, res, res->fi, res->type, itag);
2213 static int ip_mkroute_input(struct sk_buff *skb,
2214 struct fib_result *res,
2215 const struct flowi4 *fl4,
2216 struct in_device *in_dev,
2217 __be32 daddr, __be32 saddr, u32 tos)
2219 struct rtable* rth = NULL;
2223 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2224 if (res->fi && res->fi->fib_nhs > 1)
2225 fib_select_multipath(res);
2228 /* create a routing cache entry */
2229 err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
2233 /* put it into the cache */
2234 hash = rt_hash(daddr, saddr, fl4->flowi4_iif,
2235 rt_genid(dev_net(rth->dst.dev)));
2236 rth = rt_intern_hash(hash, rth, skb, fl4->flowi4_iif);
2238 return PTR_ERR(rth);
2243 * NOTE. We drop all the packets that has local source
2244 * addresses, because every properly looped back packet
2245 * must have correct destination already attached by output routine.
2247 * Such approach solves two big problems:
2248 * 1. Not simplex devices are handled properly.
2249 * 2. IP spoofing attempts are filtered with 100% of guarantee.
2250 * called with rcu_read_lock()
2253 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2254 u8 tos, struct net_device *dev)
2256 struct fib_result res;
2257 struct in_device *in_dev = __in_dev_get_rcu(dev);
2261 struct rtable * rth;
2265 struct net * net = dev_net(dev);
2267 /* IP on this device is disabled. */
2272 /* Check for the most weird martians, which can be not detected
2276 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
2277 ipv4_is_loopback(saddr))
2278 goto martian_source;
2280 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
2283 /* Accept zero addresses only to limited broadcast;
2284 * I even do not know to fix it or not. Waiting for complains :-)
2286 if (ipv4_is_zeronet(saddr))
2287 goto martian_source;
2289 if (ipv4_is_zeronet(daddr) || ipv4_is_loopback(daddr))
2290 goto martian_destination;
2293 * Now we are ready to route packet.
2296 fl4.flowi4_iif = dev->ifindex;
2297 fl4.flowi4_mark = skb->mark;
2298 fl4.flowi4_tos = tos;
2299 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
2302 err = fib_lookup(net, &fl4, &res);
2304 if (!IN_DEV_FORWARD(in_dev))
2309 RT_CACHE_STAT_INC(in_slow_tot);
2311 if (res.type == RTN_BROADCAST)
2314 if (res.type == RTN_LOCAL) {
2315 err = fib_validate_source(skb, saddr, daddr, tos,
2316 net->loopback_dev->ifindex,
2317 dev, &spec_dst, &itag);
2319 goto martian_source_keep_err;
2321 flags |= RTCF_DIRECTSRC;
2326 if (!IN_DEV_FORWARD(in_dev))
2328 if (res.type != RTN_UNICAST)
2329 goto martian_destination;
2331 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
2335 if (skb->protocol != htons(ETH_P_IP))
2338 if (ipv4_is_zeronet(saddr))
2339 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
2341 err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
2344 goto martian_source_keep_err;
2346 flags |= RTCF_DIRECTSRC;
2348 flags |= RTCF_BROADCAST;
2349 res.type = RTN_BROADCAST;
2350 RT_CACHE_STAT_INC(in_brd);
2353 rth = rt_dst_alloc(net->loopback_dev,
2354 IN_DEV_CONF_GET(in_dev, NOPOLICY), false);
2358 rth->dst.input= ip_local_deliver;
2359 rth->dst.output= ip_rt_bug;
2360 #ifdef CONFIG_IP_ROUTE_CLASSID
2361 rth->dst.tclassid = itag;
2364 rth->rt_key_dst = daddr;
2365 rth->rt_key_src = saddr;
2366 rth->rt_genid = rt_genid(net);
2367 rth->rt_flags = flags|RTCF_LOCAL;
2368 rth->rt_type = res.type;
2369 rth->rt_key_tos = tos;
2370 rth->rt_dst = daddr;
2371 rth->rt_src = saddr;
2372 #ifdef CONFIG_IP_ROUTE_CLASSID
2373 rth->dst.tclassid = itag;
2375 rth->rt_route_iif = dev->ifindex;
2376 rth->rt_iif = dev->ifindex;
2378 rth->rt_mark = skb->mark;
2379 rth->rt_gateway = daddr;
2380 rth->rt_spec_dst= spec_dst;
2381 rth->rt_peer_genid = 0;
2384 if (res.type == RTN_UNREACHABLE) {
2385 rth->dst.input= ip_error;
2386 rth->dst.error= -err;
2387 rth->rt_flags &= ~RTCF_LOCAL;
2389 hash = rt_hash(daddr, saddr, fl4.flowi4_iif, rt_genid(net));
2390 rth = rt_intern_hash(hash, rth, skb, fl4.flowi4_iif);
2397 RT_CACHE_STAT_INC(in_no_route);
2398 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
2399 res.type = RTN_UNREACHABLE;
2405 * Do not cache martian addresses: they should be logged (RFC1812)
2407 martian_destination:
2408 RT_CACHE_STAT_INC(in_martian_dst);
2409 #ifdef CONFIG_IP_ROUTE_VERBOSE
2410 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
2411 pr_warn("martian destination %pI4 from %pI4, dev %s\n",
2412 &daddr, &saddr, dev->name);
2416 err = -EHOSTUNREACH;
2429 martian_source_keep_err:
2430 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2434 int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2435 u8 tos, struct net_device *dev, bool noref)
2437 struct rtable * rth;
2439 int iif = dev->ifindex;
2447 if (!rt_caching(net))
2450 tos &= IPTOS_RT_MASK;
2451 hash = rt_hash(daddr, saddr, iif, rt_genid(net));
2453 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
2454 rth = rcu_dereference(rth->dst.rt_next)) {
2455 if ((((__force u32)rth->rt_key_dst ^ (__force u32)daddr) |
2456 ((__force u32)rth->rt_key_src ^ (__force u32)saddr) |
2457 (rth->rt_route_iif ^ iif) |
2458 (rth->rt_key_tos ^ tos)) == 0 &&
2459 rth->rt_mark == skb->mark &&
2460 net_eq(dev_net(rth->dst.dev), net) &&
2461 !rt_is_expired(rth)) {
2462 ipv4_validate_peer(rth);
2464 dst_use_noref(&rth->dst, jiffies);
2465 skb_dst_set_noref(skb, &rth->dst);
2467 dst_use(&rth->dst, jiffies);
2468 skb_dst_set(skb, &rth->dst);
2470 RT_CACHE_STAT_INC(in_hit);
2474 RT_CACHE_STAT_INC(in_hlist_search);
2478 /* Multicast recognition logic is moved from route cache to here.
2479 The problem was that too many Ethernet cards have broken/missing
2480 hardware multicast filters :-( As result the host on multicasting
2481 network acquires a lot of useless route cache entries, sort of
2482 SDR messages from all the world. Now we try to get rid of them.
2483 Really, provided software IP multicast filter is organized
2484 reasonably (at least, hashed), it does not result in a slowdown
2485 comparing with route cache reject entries.
2486 Note, that multicast routers are not affected, because
2487 route cache entry is created eventually.
2489 if (ipv4_is_multicast(daddr)) {
2490 struct in_device *in_dev = __in_dev_get_rcu(dev);
2493 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
2494 ip_hdr(skb)->protocol);
2496 #ifdef CONFIG_IP_MROUTE
2498 (!ipv4_is_local_multicast(daddr) &&
2499 IN_DEV_MFORWARD(in_dev))
2502 int res = ip_route_input_mc(skb, daddr, saddr,
2511 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
2515 EXPORT_SYMBOL(ip_route_input_common);
2517 /* called with rcu_read_lock() */
2518 static struct rtable *__mkroute_output(const struct fib_result *res,
2519 const struct flowi4 *fl4,
2520 __be32 orig_daddr, __be32 orig_saddr,
2521 int orig_oif, __u8 orig_rtos,
2522 struct net_device *dev_out,
2525 struct fib_info *fi = res->fi;
2526 struct in_device *in_dev;
2527 u16 type = res->type;
2530 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
2531 return ERR_PTR(-EINVAL);
2533 if (ipv4_is_lbcast(fl4->daddr))
2534 type = RTN_BROADCAST;
2535 else if (ipv4_is_multicast(fl4->daddr))
2536 type = RTN_MULTICAST;
2537 else if (ipv4_is_zeronet(fl4->daddr))
2538 return ERR_PTR(-EINVAL);
2540 if (dev_out->flags & IFF_LOOPBACK)
2541 flags |= RTCF_LOCAL;
2543 in_dev = __in_dev_get_rcu(dev_out);
2545 return ERR_PTR(-EINVAL);
2547 if (type == RTN_BROADCAST) {
2548 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2550 } else if (type == RTN_MULTICAST) {
2551 flags |= RTCF_MULTICAST | RTCF_LOCAL;
2552 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
2554 flags &= ~RTCF_LOCAL;
2555 /* If multicast route do not exist use
2556 * default one, but do not gateway in this case.
2559 if (fi && res->prefixlen < 4)
2563 rth = rt_dst_alloc(dev_out,
2564 IN_DEV_CONF_GET(in_dev, NOPOLICY),
2565 IN_DEV_CONF_GET(in_dev, NOXFRM));
2567 return ERR_PTR(-ENOBUFS);
2569 rth->dst.output = ip_output;
2571 rth->rt_key_dst = orig_daddr;
2572 rth->rt_key_src = orig_saddr;
2573 rth->rt_genid = rt_genid(dev_net(dev_out));
2574 rth->rt_flags = flags;
2575 rth->rt_type = type;
2576 rth->rt_key_tos = orig_rtos;
2577 rth->rt_dst = fl4->daddr;
2578 rth->rt_src = fl4->saddr;
2579 rth->rt_route_iif = 0;
2580 rth->rt_iif = orig_oif ? : dev_out->ifindex;
2581 rth->rt_oif = orig_oif;
2582 rth->rt_mark = fl4->flowi4_mark;
2583 rth->rt_gateway = fl4->daddr;
2584 rth->rt_spec_dst= fl4->saddr;
2585 rth->rt_peer_genid = 0;
2589 RT_CACHE_STAT_INC(out_slow_tot);
2591 if (flags & RTCF_LOCAL) {
2592 rth->dst.input = ip_local_deliver;
2593 rth->rt_spec_dst = fl4->daddr;
2595 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2596 rth->rt_spec_dst = fl4->saddr;
2597 if (flags & RTCF_LOCAL &&
2598 !(dev_out->flags & IFF_LOOPBACK)) {
2599 rth->dst.output = ip_mc_output;
2600 RT_CACHE_STAT_INC(out_slow_mc);
2602 #ifdef CONFIG_IP_MROUTE
2603 if (type == RTN_MULTICAST) {
2604 if (IN_DEV_MFORWARD(in_dev) &&
2605 !ipv4_is_local_multicast(fl4->daddr)) {
2606 rth->dst.input = ip_mr_input;
2607 rth->dst.output = ip_mc_output;
2613 rt_set_nexthop(rth, fl4, res, fi, type, 0);
2619 * Major route resolver routine.
2620 * called with rcu_read_lock();
2623 static struct rtable *ip_route_output_slow(struct net *net, struct flowi4 *fl4)
2625 struct net_device *dev_out = NULL;
2626 __u8 tos = RT_FL_TOS(fl4);
2627 unsigned int flags = 0;
2628 struct fib_result res;
2635 #ifdef CONFIG_IP_MULTIPLE_TABLES
2639 orig_daddr = fl4->daddr;
2640 orig_saddr = fl4->saddr;
2641 orig_oif = fl4->flowi4_oif;
2643 fl4->flowi4_iif = net->loopback_dev->ifindex;
2644 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2645 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2646 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2650 rth = ERR_PTR(-EINVAL);
2651 if (ipv4_is_multicast(fl4->saddr) ||
2652 ipv4_is_lbcast(fl4->saddr) ||
2653 ipv4_is_zeronet(fl4->saddr))
2656 /* I removed check for oif == dev_out->oif here.
2657 It was wrong for two reasons:
2658 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2659 is assigned to multiple interfaces.
2660 2. Moreover, we are allowed to send packets with saddr
2661 of another iface. --ANK
2664 if (fl4->flowi4_oif == 0 &&
2665 (ipv4_is_multicast(fl4->daddr) ||
2666 ipv4_is_lbcast(fl4->daddr))) {
2667 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2668 dev_out = __ip_dev_find(net, fl4->saddr, false);
2669 if (dev_out == NULL)
2672 /* Special hack: user can direct multicasts
2673 and limited broadcast via necessary interface
2674 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2675 This hack is not just for fun, it allows
2676 vic,vat and friends to work.
2677 They bind socket to loopback, set ttl to zero
2678 and expect that it will work.
2679 From the viewpoint of routing cache they are broken,
2680 because we are not allowed to build multicast path
2681 with loopback source addr (look, routing cache
2682 cannot know, that ttl is zero, so that packet
2683 will not leave this host and route is valid).
2684 Luckily, this hack is good workaround.
2687 fl4->flowi4_oif = dev_out->ifindex;
2691 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2692 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2693 if (!__ip_dev_find(net, fl4->saddr, false))
2699 if (fl4->flowi4_oif) {
2700 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2701 rth = ERR_PTR(-ENODEV);
2702 if (dev_out == NULL)
2705 /* RACE: Check return value of inet_select_addr instead. */
2706 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2707 rth = ERR_PTR(-ENETUNREACH);
2710 if (ipv4_is_local_multicast(fl4->daddr) ||
2711 ipv4_is_lbcast(fl4->daddr)) {
2713 fl4->saddr = inet_select_addr(dev_out, 0,
2718 if (ipv4_is_multicast(fl4->daddr))
2719 fl4->saddr = inet_select_addr(dev_out, 0,
2721 else if (!fl4->daddr)
2722 fl4->saddr = inet_select_addr(dev_out, 0,
2728 fl4->daddr = fl4->saddr;
2730 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2731 dev_out = net->loopback_dev;
2732 fl4->flowi4_oif = net->loopback_dev->ifindex;
2733 res.type = RTN_LOCAL;
2734 flags |= RTCF_LOCAL;
2738 if (fib_lookup(net, fl4, &res)) {
2740 if (fl4->flowi4_oif) {
2741 /* Apparently, routing tables are wrong. Assume,
2742 that the destination is on link.
2745 Because we are allowed to send to iface
2746 even if it has NO routes and NO assigned
2747 addresses. When oif is specified, routing
2748 tables are looked up with only one purpose:
2749 to catch if destination is gatewayed, rather than
2750 direct. Moreover, if MSG_DONTROUTE is set,
2751 we send packet, ignoring both routing tables
2752 and ifaddr state. --ANK
2755 We could make it even if oif is unknown,
2756 likely IPv6, but we do not.
2759 if (fl4->saddr == 0)
2760 fl4->saddr = inet_select_addr(dev_out, 0,
2762 res.type = RTN_UNICAST;
2765 rth = ERR_PTR(-ENETUNREACH);
2769 if (res.type == RTN_LOCAL) {
2771 if (res.fi->fib_prefsrc)
2772 fl4->saddr = res.fi->fib_prefsrc;
2774 fl4->saddr = fl4->daddr;
2776 dev_out = net->loopback_dev;
2777 fl4->flowi4_oif = dev_out->ifindex;
2779 flags |= RTCF_LOCAL;
2783 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2784 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2785 fib_select_multipath(&res);
2788 if (!res.prefixlen &&
2789 res.table->tb_num_default > 1 &&
2790 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2791 fib_select_default(&res);
2794 fl4->saddr = FIB_RES_PREFSRC(net, res);
2796 dev_out = FIB_RES_DEV(res);
2797 fl4->flowi4_oif = dev_out->ifindex;
2801 rth = __mkroute_output(&res, fl4, orig_daddr, orig_saddr, orig_oif,
2802 tos, dev_out, flags);
2806 hash = rt_hash(orig_daddr, orig_saddr, orig_oif,
2807 rt_genid(dev_net(dev_out)));
2808 rth = rt_intern_hash(hash, rth, NULL, orig_oif);
2816 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *flp4)
2821 if (!rt_caching(net))
2824 hash = rt_hash(flp4->daddr, flp4->saddr, flp4->flowi4_oif, rt_genid(net));
2827 for (rth = rcu_dereference_bh(rt_hash_table[hash].chain); rth;
2828 rth = rcu_dereference_bh(rth->dst.rt_next)) {
2829 if (rth->rt_key_dst == flp4->daddr &&
2830 rth->rt_key_src == flp4->saddr &&
2831 rt_is_output_route(rth) &&
2832 rth->rt_oif == flp4->flowi4_oif &&
2833 rth->rt_mark == flp4->flowi4_mark &&
2834 !((rth->rt_key_tos ^ flp4->flowi4_tos) &
2835 (IPTOS_RT_MASK | RTO_ONLINK)) &&
2836 net_eq(dev_net(rth->dst.dev), net) &&
2837 !rt_is_expired(rth)) {
2838 ipv4_validate_peer(rth);
2839 dst_use(&rth->dst, jiffies);
2840 RT_CACHE_STAT_INC(out_hit);
2841 rcu_read_unlock_bh();
2843 flp4->saddr = rth->rt_src;
2845 flp4->daddr = rth->rt_dst;
2848 RT_CACHE_STAT_INC(out_hlist_search);
2850 rcu_read_unlock_bh();
2853 return ip_route_output_slow(net, flp4);
2855 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2857 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2862 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2864 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2866 return mtu ? : dst->dev->mtu;
2869 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2873 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2879 static struct dst_ops ipv4_dst_blackhole_ops = {
2881 .protocol = cpu_to_be16(ETH_P_IP),
2882 .destroy = ipv4_dst_destroy,
2883 .check = ipv4_blackhole_dst_check,
2884 .mtu = ipv4_blackhole_mtu,
2885 .default_advmss = ipv4_default_advmss,
2886 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2887 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2888 .neigh_lookup = ipv4_neigh_lookup,
2891 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2893 struct rtable *rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, 0, 0);
2894 struct rtable *ort = (struct rtable *) dst_orig;
2897 struct dst_entry *new = &rt->dst;
2900 new->input = dst_discard;
2901 new->output = dst_discard;
2902 dst_copy_metrics(new, &ort->dst);
2904 new->dev = ort->dst.dev;
2908 rt->rt_key_dst = ort->rt_key_dst;
2909 rt->rt_key_src = ort->rt_key_src;
2910 rt->rt_key_tos = ort->rt_key_tos;
2911 rt->rt_route_iif = ort->rt_route_iif;
2912 rt->rt_iif = ort->rt_iif;
2913 rt->rt_oif = ort->rt_oif;
2914 rt->rt_mark = ort->rt_mark;
2916 rt->rt_genid = rt_genid(net);
2917 rt->rt_flags = ort->rt_flags;
2918 rt->rt_type = ort->rt_type;
2919 rt->rt_dst = ort->rt_dst;
2920 rt->rt_src = ort->rt_src;
2921 rt->rt_gateway = ort->rt_gateway;
2922 rt->rt_spec_dst = ort->rt_spec_dst;
2923 rt->peer = ort->peer;
2925 atomic_inc(&rt->peer->refcnt);
2928 atomic_inc(&rt->fi->fib_clntref);
2933 dst_release(dst_orig);
2935 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2938 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2941 struct rtable *rt = __ip_route_output_key(net, flp4);
2946 if (flp4->flowi4_proto)
2947 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2948 flowi4_to_flowi(flp4),
2953 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2955 static int rt_fill_info(struct net *net,
2956 struct sk_buff *skb, u32 pid, u32 seq, int event,
2957 int nowait, unsigned int flags)
2959 struct rtable *rt = skb_rtable(skb);
2961 struct nlmsghdr *nlh;
2962 unsigned long expires = 0;
2963 const struct inet_peer *peer = rt->peer;
2964 u32 id = 0, ts = 0, tsage = 0, error;
2966 nlh = nlmsg_put(skb, pid, seq, event, sizeof(*r), flags);
2970 r = nlmsg_data(nlh);
2971 r->rtm_family = AF_INET;
2972 r->rtm_dst_len = 32;
2974 r->rtm_tos = rt->rt_key_tos;
2975 r->rtm_table = RT_TABLE_MAIN;
2976 NLA_PUT_U32(skb, RTA_TABLE, RT_TABLE_MAIN);
2977 r->rtm_type = rt->rt_type;
2978 r->rtm_scope = RT_SCOPE_UNIVERSE;
2979 r->rtm_protocol = RTPROT_UNSPEC;
2980 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2981 if (rt->rt_flags & RTCF_NOTIFY)
2982 r->rtm_flags |= RTM_F_NOTIFY;
2984 NLA_PUT_BE32(skb, RTA_DST, rt->rt_dst);
2986 if (rt->rt_key_src) {
2987 r->rtm_src_len = 32;
2988 NLA_PUT_BE32(skb, RTA_SRC, rt->rt_key_src);
2991 NLA_PUT_U32(skb, RTA_OIF, rt->dst.dev->ifindex);
2992 #ifdef CONFIG_IP_ROUTE_CLASSID
2993 if (rt->dst.tclassid)
2994 NLA_PUT_U32(skb, RTA_FLOW, rt->dst.tclassid);
2996 if (rt_is_input_route(rt))
2997 NLA_PUT_BE32(skb, RTA_PREFSRC, rt->rt_spec_dst);
2998 else if (rt->rt_src != rt->rt_key_src)
2999 NLA_PUT_BE32(skb, RTA_PREFSRC, rt->rt_src);
3001 if (rt->rt_dst != rt->rt_gateway)
3002 NLA_PUT_BE32(skb, RTA_GATEWAY, rt->rt_gateway);
3004 if (rtnetlink_put_metrics(skb, dst_metrics_ptr(&rt->dst)) < 0)
3005 goto nla_put_failure;
3008 NLA_PUT_BE32(skb, RTA_MARK, rt->rt_mark);
3010 error = rt->dst.error;
3012 inet_peer_refcheck(rt->peer);
3013 id = atomic_read(&peer->ip_id_count) & 0xffff;
3014 if (peer->tcp_ts_stamp) {
3016 tsage = get_seconds() - peer->tcp_ts_stamp;
3018 expires = ACCESS_ONCE(peer->pmtu_expires);
3020 if (time_before(jiffies, expires))
3027 if (rt_is_input_route(rt)) {
3028 #ifdef CONFIG_IP_MROUTE
3029 __be32 dst = rt->rt_dst;
3031 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
3032 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
3033 int err = ipmr_get_route(net, skb,
3034 rt->rt_src, rt->rt_dst,
3040 goto nla_put_failure;
3042 if (err == -EMSGSIZE)
3043 goto nla_put_failure;
3049 NLA_PUT_U32(skb, RTA_IIF, rt->rt_iif);
3052 if (rtnl_put_cacheinfo(skb, &rt->dst, id, ts, tsage,
3053 expires, error) < 0)
3054 goto nla_put_failure;
3056 return nlmsg_end(skb, nlh);
3059 nlmsg_cancel(skb, nlh);
3063 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
3065 struct net *net = sock_net(in_skb->sk);
3067 struct nlattr *tb[RTA_MAX+1];
3068 struct rtable *rt = NULL;
3074 struct sk_buff *skb;
3076 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
3080 rtm = nlmsg_data(nlh);
3082 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3088 /* Reserve room for dummy headers, this skb can pass
3089 through good chunk of routing engine.
3091 skb_reset_mac_header(skb);
3092 skb_reset_network_header(skb);
3094 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
3095 ip_hdr(skb)->protocol = IPPROTO_ICMP;
3096 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
3098 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
3099 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
3100 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
3101 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
3104 struct net_device *dev;
3106 dev = __dev_get_by_index(net, iif);
3112 skb->protocol = htons(ETH_P_IP);
3116 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
3119 rt = skb_rtable(skb);
3120 if (err == 0 && rt->dst.error)
3121 err = -rt->dst.error;
3123 struct flowi4 fl4 = {
3126 .flowi4_tos = rtm->rtm_tos,
3127 .flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0,
3128 .flowi4_mark = mark,
3130 rt = ip_route_output_key(net, &fl4);
3140 skb_dst_set(skb, &rt->dst);
3141 if (rtm->rtm_flags & RTM_F_NOTIFY)
3142 rt->rt_flags |= RTCF_NOTIFY;
3144 err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
3145 RTM_NEWROUTE, 0, 0);
3149 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
3158 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
3165 net = sock_net(skb->sk);
3170 s_idx = idx = cb->args[1];
3171 for (h = s_h; h <= rt_hash_mask; h++, s_idx = 0) {
3172 if (!rt_hash_table[h].chain)
3175 for (rt = rcu_dereference_bh(rt_hash_table[h].chain), idx = 0; rt;
3176 rt = rcu_dereference_bh(rt->dst.rt_next), idx++) {
3177 if (!net_eq(dev_net(rt->dst.dev), net) || idx < s_idx)
3179 if (rt_is_expired(rt))
3181 skb_dst_set_noref(skb, &rt->dst);
3182 if (rt_fill_info(net, skb, NETLINK_CB(cb->skb).pid,
3183 cb->nlh->nlmsg_seq, RTM_NEWROUTE,
3184 1, NLM_F_MULTI) <= 0) {
3186 rcu_read_unlock_bh();
3191 rcu_read_unlock_bh();
3200 void ip_rt_multicast_event(struct in_device *in_dev)
3202 rt_cache_flush(dev_net(in_dev->dev), 0);
3205 #ifdef CONFIG_SYSCTL
3206 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
3207 void __user *buffer,
3208 size_t *lenp, loff_t *ppos)
3215 memcpy(&ctl, __ctl, sizeof(ctl));
3216 ctl.data = &flush_delay;
3217 proc_dointvec(&ctl, write, buffer, lenp, ppos);
3219 net = (struct net *)__ctl->extra1;
3220 rt_cache_flush(net, flush_delay);
3227 static ctl_table ipv4_route_table[] = {
3229 .procname = "gc_thresh",
3230 .data = &ipv4_dst_ops.gc_thresh,
3231 .maxlen = sizeof(int),
3233 .proc_handler = proc_dointvec,
3236 .procname = "max_size",
3237 .data = &ip_rt_max_size,
3238 .maxlen = sizeof(int),
3240 .proc_handler = proc_dointvec,
3243 /* Deprecated. Use gc_min_interval_ms */
3245 .procname = "gc_min_interval",
3246 .data = &ip_rt_gc_min_interval,
3247 .maxlen = sizeof(int),
3249 .proc_handler = proc_dointvec_jiffies,
3252 .procname = "gc_min_interval_ms",
3253 .data = &ip_rt_gc_min_interval,
3254 .maxlen = sizeof(int),
3256 .proc_handler = proc_dointvec_ms_jiffies,
3259 .procname = "gc_timeout",
3260 .data = &ip_rt_gc_timeout,
3261 .maxlen = sizeof(int),
3263 .proc_handler = proc_dointvec_jiffies,
3266 .procname = "gc_interval",
3267 .data = &ip_rt_gc_interval,
3268 .maxlen = sizeof(int),
3270 .proc_handler = proc_dointvec_jiffies,
3273 .procname = "redirect_load",
3274 .data = &ip_rt_redirect_load,
3275 .maxlen = sizeof(int),
3277 .proc_handler = proc_dointvec,
3280 .procname = "redirect_number",
3281 .data = &ip_rt_redirect_number,
3282 .maxlen = sizeof(int),
3284 .proc_handler = proc_dointvec,
3287 .procname = "redirect_silence",
3288 .data = &ip_rt_redirect_silence,
3289 .maxlen = sizeof(int),
3291 .proc_handler = proc_dointvec,
3294 .procname = "error_cost",
3295 .data = &ip_rt_error_cost,
3296 .maxlen = sizeof(int),
3298 .proc_handler = proc_dointvec,
3301 .procname = "error_burst",
3302 .data = &ip_rt_error_burst,
3303 .maxlen = sizeof(int),
3305 .proc_handler = proc_dointvec,
3308 .procname = "gc_elasticity",
3309 .data = &ip_rt_gc_elasticity,
3310 .maxlen = sizeof(int),
3312 .proc_handler = proc_dointvec,
3315 .procname = "mtu_expires",
3316 .data = &ip_rt_mtu_expires,
3317 .maxlen = sizeof(int),
3319 .proc_handler = proc_dointvec_jiffies,
3322 .procname = "min_pmtu",
3323 .data = &ip_rt_min_pmtu,
3324 .maxlen = sizeof(int),
3326 .proc_handler = proc_dointvec,
3329 .procname = "min_adv_mss",
3330 .data = &ip_rt_min_advmss,
3331 .maxlen = sizeof(int),
3333 .proc_handler = proc_dointvec,
3338 static struct ctl_table empty[1];
3340 static struct ctl_table ipv4_skeleton[] =
3342 { .procname = "route",
3343 .mode = 0555, .child = ipv4_route_table},
3344 { .procname = "neigh",
3345 .mode = 0555, .child = empty},
3349 static __net_initdata struct ctl_path ipv4_path[] = {
3350 { .procname = "net", },
3351 { .procname = "ipv4", },
3355 static struct ctl_table ipv4_route_flush_table[] = {
3357 .procname = "flush",
3358 .maxlen = sizeof(int),
3360 .proc_handler = ipv4_sysctl_rtcache_flush,
3365 static __net_initdata struct ctl_path ipv4_route_path[] = {
3366 { .procname = "net", },
3367 { .procname = "ipv4", },
3368 { .procname = "route", },
3372 static __net_init int sysctl_route_net_init(struct net *net)
3374 struct ctl_table *tbl;
3376 tbl = ipv4_route_flush_table;
3377 if (!net_eq(net, &init_net)) {
3378 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3382 tbl[0].extra1 = net;
3384 net->ipv4.route_hdr =
3385 register_net_sysctl_table(net, ipv4_route_path, tbl);
3386 if (net->ipv4.route_hdr == NULL)
3391 if (tbl != ipv4_route_flush_table)
3397 static __net_exit void sysctl_route_net_exit(struct net *net)
3399 struct ctl_table *tbl;
3401 tbl = net->ipv4.route_hdr->ctl_table_arg;
3402 unregister_net_sysctl_table(net->ipv4.route_hdr);
3403 BUG_ON(tbl == ipv4_route_flush_table);
3407 static __net_initdata struct pernet_operations sysctl_route_ops = {
3408 .init = sysctl_route_net_init,
3409 .exit = sysctl_route_net_exit,
3413 static __net_init int rt_genid_init(struct net *net)
3415 get_random_bytes(&net->ipv4.rt_genid,
3416 sizeof(net->ipv4.rt_genid));
3417 get_random_bytes(&net->ipv4.dev_addr_genid,
3418 sizeof(net->ipv4.dev_addr_genid));
3422 static __net_initdata struct pernet_operations rt_genid_ops = {
3423 .init = rt_genid_init,
3427 #ifdef CONFIG_IP_ROUTE_CLASSID
3428 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
3429 #endif /* CONFIG_IP_ROUTE_CLASSID */
3431 static __initdata unsigned long rhash_entries;
3432 static int __init set_rhash_entries(char *str)
3436 rhash_entries = simple_strtoul(str, &str, 0);
3439 __setup("rhash_entries=", set_rhash_entries);
3441 int __init ip_rt_init(void)
3445 #ifdef CONFIG_IP_ROUTE_CLASSID
3446 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
3448 panic("IP: failed to allocate ip_rt_acct\n");
3451 ipv4_dst_ops.kmem_cachep =
3452 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3453 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3455 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3457 if (dst_entries_init(&ipv4_dst_ops) < 0)
3458 panic("IP: failed to allocate ipv4_dst_ops counter\n");
3460 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
3461 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
3463 rt_hash_table = (struct rt_hash_bucket *)
3464 alloc_large_system_hash("IP route cache",
3465 sizeof(struct rt_hash_bucket),
3467 (totalram_pages >= 128 * 1024) ?
3472 rhash_entries ? 0 : 512 * 1024);
3473 memset(rt_hash_table, 0, (rt_hash_mask + 1) * sizeof(struct rt_hash_bucket));
3474 rt_hash_lock_init();
3476 ipv4_dst_ops.gc_thresh = (rt_hash_mask + 1);
3477 ip_rt_max_size = (rt_hash_mask + 1) * 16;
3482 INIT_DELAYED_WORK_DEFERRABLE(&expires_work, rt_worker_func);
3483 expires_ljiffies = jiffies;
3484 schedule_delayed_work(&expires_work,
3485 net_random() % ip_rt_gc_interval + ip_rt_gc_interval);
3487 if (ip_rt_proc_init())
3488 pr_err("Unable to create route proc files\n");
3491 xfrm4_init(ip_rt_max_size);
3493 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
3495 #ifdef CONFIG_SYSCTL
3496 register_pernet_subsys(&sysctl_route_ops);
3498 register_pernet_subsys(&rt_genid_ops);
3502 #ifdef CONFIG_SYSCTL
3504 * We really need to sanitize the damn ipv4 init order, then all
3505 * this nonsense will go away.
3507 void __init ip_static_sysctl_init(void)
3509 register_sysctl_paths(ipv4_path, ipv4_skeleton);
git.openpandora.org / pandora-kernel.git / blob