2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
93 #include <net/net_namespace.h>
94 #include <net/protocol.h>
96 #include <net/route.h>
97 #include <net/inetpeer.h>
99 #include <net/ip_fib.h>
102 #include <net/icmp.h>
103 #include <net/xfrm.h>
104 #include <net/netevent.h>
105 #include <net/rtnetlink.h>
107 #include <linux/sysctl.h>
108 #include <linux/kmemleak.h>
110 #include <net/secure_seq.h>
112 #define RT_FL_TOS(oldflp4) \
113 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
115 #define IP_MAX_MTU 0xFFF0
117 #define RT_GC_TIMEOUT (300*HZ)
119 static int ip_rt_max_size;
120 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
121 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
122 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
123 static int ip_rt_redirect_number __read_mostly = 9;
124 static int ip_rt_redirect_load __read_mostly = HZ / 50;
125 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
126 static int ip_rt_error_cost __read_mostly = HZ;
127 static int ip_rt_error_burst __read_mostly = 5 * HZ;
128 static int ip_rt_gc_elasticity __read_mostly = 8;
129 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
130 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
131 static int ip_rt_min_advmss __read_mostly = 256;
134 * Interface to generic destination cache.
137 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
138 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
139 static unsigned int ipv4_mtu(const struct dst_entry *dst);
140 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
141 static void ipv4_link_failure(struct sk_buff *skb);
142 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
143 struct sk_buff *skb, u32 mtu);
144 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
145 struct sk_buff *skb);
146 static void ipv4_dst_destroy(struct dst_entry *dst);
148 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
153 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
159 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
163 static struct dst_ops ipv4_dst_ops = {
165 .protocol = cpu_to_be16(ETH_P_IP),
166 .check = ipv4_dst_check,
167 .default_advmss = ipv4_default_advmss,
169 .cow_metrics = ipv4_cow_metrics,
170 .destroy = ipv4_dst_destroy,
171 .ifdown = ipv4_dst_ifdown,
172 .negative_advice = ipv4_negative_advice,
173 .link_failure = ipv4_link_failure,
174 .update_pmtu = ip_rt_update_pmtu,
175 .redirect = ip_do_redirect,
176 .local_out = __ip_local_out,
177 .neigh_lookup = ipv4_neigh_lookup,
180 #define ECN_OR_COST(class) TC_PRIO_##class
182 const __u8 ip_tos2prio[16] = {
184 ECN_OR_COST(BESTEFFORT),
186 ECN_OR_COST(BESTEFFORT),
192 ECN_OR_COST(INTERACTIVE),
194 ECN_OR_COST(INTERACTIVE),
195 TC_PRIO_INTERACTIVE_BULK,
196 ECN_OR_COST(INTERACTIVE_BULK),
197 TC_PRIO_INTERACTIVE_BULK,
198 ECN_OR_COST(INTERACTIVE_BULK)
200 EXPORT_SYMBOL(ip_tos2prio);
202 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
203 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
205 #ifdef CONFIG_PROC_FS
206 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
210 return SEQ_START_TOKEN;
213 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
219 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
223 static int rt_cache_seq_show(struct seq_file *seq, void *v)
225 if (v == SEQ_START_TOKEN)
226 seq_printf(seq, "%-127s\n",
227 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
228 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
233 static const struct seq_operations rt_cache_seq_ops = {
234 .start = rt_cache_seq_start,
235 .next = rt_cache_seq_next,
236 .stop = rt_cache_seq_stop,
237 .show = rt_cache_seq_show,
240 static int rt_cache_seq_open(struct inode *inode, struct file *file)
242 return seq_open(file, &rt_cache_seq_ops);
245 static const struct file_operations rt_cache_seq_fops = {
246 .owner = THIS_MODULE,
247 .open = rt_cache_seq_open,
250 .release = seq_release,
254 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
259 return SEQ_START_TOKEN;
261 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
262 if (!cpu_possible(cpu))
265 return &per_cpu(rt_cache_stat, cpu);
270 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
274 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
275 if (!cpu_possible(cpu))
278 return &per_cpu(rt_cache_stat, cpu);
284 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
289 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
291 struct rt_cache_stat *st = v;
293 if (v == SEQ_START_TOKEN) {
294 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
298 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
299 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
300 dst_entries_get_slow(&ipv4_dst_ops),
323 static const struct seq_operations rt_cpu_seq_ops = {
324 .start = rt_cpu_seq_start,
325 .next = rt_cpu_seq_next,
326 .stop = rt_cpu_seq_stop,
327 .show = rt_cpu_seq_show,
331 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
333 return seq_open(file, &rt_cpu_seq_ops);
336 static const struct file_operations rt_cpu_seq_fops = {
337 .owner = THIS_MODULE,
338 .open = rt_cpu_seq_open,
341 .release = seq_release,
344 #ifdef CONFIG_IP_ROUTE_CLASSID
345 static int rt_acct_proc_show(struct seq_file *m, void *v)
347 struct ip_rt_acct *dst, *src;
350 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
354 for_each_possible_cpu(i) {
355 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
356 for (j = 0; j < 256; j++) {
357 dst[j].o_bytes += src[j].o_bytes;
358 dst[j].o_packets += src[j].o_packets;
359 dst[j].i_bytes += src[j].i_bytes;
360 dst[j].i_packets += src[j].i_packets;
364 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
369 static int rt_acct_proc_open(struct inode *inode, struct file *file)
371 return single_open(file, rt_acct_proc_show, NULL);
374 static const struct file_operations rt_acct_proc_fops = {
375 .owner = THIS_MODULE,
376 .open = rt_acct_proc_open,
379 .release = single_release,
383 static int __net_init ip_rt_do_proc_init(struct net *net)
385 struct proc_dir_entry *pde;
387 pde = proc_net_fops_create(net, "rt_cache", S_IRUGO,
392 pde = proc_create("rt_cache", S_IRUGO,
393 net->proc_net_stat, &rt_cpu_seq_fops);
397 #ifdef CONFIG_IP_ROUTE_CLASSID
398 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
404 #ifdef CONFIG_IP_ROUTE_CLASSID
406 remove_proc_entry("rt_cache", net->proc_net_stat);
409 remove_proc_entry("rt_cache", net->proc_net);
414 static void __net_exit ip_rt_do_proc_exit(struct net *net)
416 remove_proc_entry("rt_cache", net->proc_net_stat);
417 remove_proc_entry("rt_cache", net->proc_net);
418 #ifdef CONFIG_IP_ROUTE_CLASSID
419 remove_proc_entry("rt_acct", net->proc_net);
423 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
424 .init = ip_rt_do_proc_init,
425 .exit = ip_rt_do_proc_exit,
428 static int __init ip_rt_proc_init(void)
430 return register_pernet_subsys(&ip_rt_proc_ops);
434 static inline int ip_rt_proc_init(void)
438 #endif /* CONFIG_PROC_FS */
440 static inline bool rt_is_expired(const struct rtable *rth)
442 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
445 void rt_cache_flush(struct net *net)
450 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
454 struct net_device *dev = dst->dev;
455 const __be32 *pkey = daddr;
456 const struct rtable *rt;
459 rt = (const struct rtable *) dst;
461 pkey = (const __be32 *) &rt->rt_gateway;
463 pkey = &ip_hdr(skb)->daddr;
465 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
468 return neigh_create(&arp_tbl, pkey, dev);
472 * Peer allocation may fail only in serious out-of-memory conditions. However
473 * we still can generate some output.
474 * Random ID selection looks a bit dangerous because we have no chances to
475 * select ID being unique in a reasonable period of time.
476 * But broken packet identifier may be better than no packet at all.
478 static void ip_select_fb_ident(struct iphdr *iph)
480 static DEFINE_SPINLOCK(ip_fb_id_lock);
481 static u32 ip_fallback_id;
484 spin_lock_bh(&ip_fb_id_lock);
485 salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
486 iph->id = htons(salt & 0xFFFF);
487 ip_fallback_id = salt;
488 spin_unlock_bh(&ip_fb_id_lock);
491 void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
493 struct net *net = dev_net(dst->dev);
494 struct inet_peer *peer;
496 peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1);
498 iph->id = htons(inet_getid(peer, more));
503 ip_select_fb_ident(iph);
505 EXPORT_SYMBOL(__ip_select_ident);
507 static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk,
508 const struct iphdr *iph,
510 u8 prot, u32 mark, int flow_flags)
513 const struct inet_sock *inet = inet_sk(sk);
515 oif = sk->sk_bound_dev_if;
517 tos = RT_CONN_FLAGS(sk);
518 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
520 flowi4_init_output(fl4, oif, mark, tos,
521 RT_SCOPE_UNIVERSE, prot,
523 iph->daddr, iph->saddr, 0, 0);
526 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
527 const struct sock *sk)
529 const struct iphdr *iph = ip_hdr(skb);
530 int oif = skb->dev->ifindex;
531 u8 tos = RT_TOS(iph->tos);
532 u8 prot = iph->protocol;
533 u32 mark = skb->mark;
535 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
538 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
540 const struct inet_sock *inet = inet_sk(sk);
541 const struct ip_options_rcu *inet_opt;
542 __be32 daddr = inet->inet_daddr;
545 inet_opt = rcu_dereference(inet->inet_opt);
546 if (inet_opt && inet_opt->opt.srr)
547 daddr = inet_opt->opt.faddr;
548 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
549 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
550 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
551 inet_sk_flowi_flags(sk),
552 daddr, inet->inet_saddr, 0, 0);
556 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
557 const struct sk_buff *skb)
560 build_skb_flow_key(fl4, skb, sk);
562 build_sk_flow_key(fl4, sk);
565 static inline void rt_free(struct rtable *rt)
567 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
570 static DEFINE_SPINLOCK(fnhe_lock);
572 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
574 struct fib_nh_exception *fnhe, *oldest;
577 oldest = rcu_dereference(hash->chain);
578 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
579 fnhe = rcu_dereference(fnhe->fnhe_next)) {
580 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
583 orig = rcu_dereference(oldest->fnhe_rth);
585 RCU_INIT_POINTER(oldest->fnhe_rth, NULL);
591 static inline u32 fnhe_hashfun(__be32 daddr)
595 hval = (__force u32) daddr;
596 hval ^= (hval >> 11) ^ (hval >> 22);
598 return hval & (FNHE_HASH_SIZE - 1);
601 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
602 u32 pmtu, unsigned long expires)
604 struct fnhe_hash_bucket *hash;
605 struct fib_nh_exception *fnhe;
607 u32 hval = fnhe_hashfun(daddr);
609 spin_lock_bh(&fnhe_lock);
611 hash = nh->nh_exceptions;
613 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
616 nh->nh_exceptions = hash;
622 for (fnhe = rcu_dereference(hash->chain); fnhe;
623 fnhe = rcu_dereference(fnhe->fnhe_next)) {
624 if (fnhe->fnhe_daddr == daddr)
633 fnhe->fnhe_pmtu = pmtu;
634 fnhe->fnhe_expires = expires;
637 if (depth > FNHE_RECLAIM_DEPTH)
638 fnhe = fnhe_oldest(hash);
640 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
644 fnhe->fnhe_next = hash->chain;
645 rcu_assign_pointer(hash->chain, fnhe);
647 fnhe->fnhe_daddr = daddr;
649 fnhe->fnhe_pmtu = pmtu;
650 fnhe->fnhe_expires = expires;
653 fnhe->fnhe_stamp = jiffies;
656 spin_unlock_bh(&fnhe_lock);
660 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
663 __be32 new_gw = icmp_hdr(skb)->un.gateway;
664 __be32 old_gw = ip_hdr(skb)->saddr;
665 struct net_device *dev = skb->dev;
666 struct in_device *in_dev;
667 struct fib_result res;
671 switch (icmp_hdr(skb)->code & 7) {
673 case ICMP_REDIR_NETTOS:
674 case ICMP_REDIR_HOST:
675 case ICMP_REDIR_HOSTTOS:
682 if (rt->rt_gateway != old_gw)
685 in_dev = __in_dev_get_rcu(dev);
690 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
691 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
692 ipv4_is_zeronet(new_gw))
693 goto reject_redirect;
695 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
696 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
697 goto reject_redirect;
698 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
699 goto reject_redirect;
701 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
702 goto reject_redirect;
705 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
707 if (!(n->nud_state & NUD_VALID)) {
708 neigh_event_send(n, NULL);
710 if (fib_lookup(net, fl4, &res) == 0) {
711 struct fib_nh *nh = &FIB_RES_NH(res);
713 update_or_create_fnhe(nh, fl4->daddr, new_gw,
717 rt->dst.obsolete = DST_OBSOLETE_KILL;
718 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
725 #ifdef CONFIG_IP_ROUTE_VERBOSE
726 if (IN_DEV_LOG_MARTIANS(in_dev)) {
727 const struct iphdr *iph = (const struct iphdr *) skb->data;
728 __be32 daddr = iph->daddr;
729 __be32 saddr = iph->saddr;
731 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
732 " Advised path = %pI4 -> %pI4\n",
733 &old_gw, dev->name, &new_gw,
740 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
745 rt = (struct rtable *) dst;
747 ip_rt_build_flow_key(&fl4, sk, skb);
748 __ip_do_redirect(rt, skb, &fl4, true);
751 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
753 struct rtable *rt = (struct rtable *)dst;
754 struct dst_entry *ret = dst;
757 if (dst->obsolete > 0) {
760 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
771 * 1. The first ip_rt_redirect_number redirects are sent
772 * with exponential backoff, then we stop sending them at all,
773 * assuming that the host ignores our redirects.
774 * 2. If we did not see packets requiring redirects
775 * during ip_rt_redirect_silence, we assume that the host
776 * forgot redirected route and start to send redirects again.
778 * This algorithm is much cheaper and more intelligent than dumb load limiting
781 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
782 * and "frag. need" (breaks PMTU discovery) in icmp.c.
785 void ip_rt_send_redirect(struct sk_buff *skb)
787 struct rtable *rt = skb_rtable(skb);
788 struct in_device *in_dev;
789 struct inet_peer *peer;
794 in_dev = __in_dev_get_rcu(rt->dst.dev);
795 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
799 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
802 net = dev_net(rt->dst.dev);
803 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
805 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
806 rt_nexthop(rt, ip_hdr(skb)->daddr));
810 /* No redirected packets during ip_rt_redirect_silence;
811 * reset the algorithm.
813 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
814 peer->rate_tokens = 0;
816 /* Too many ignored redirects; do not send anything
817 * set dst.rate_last to the last seen redirected packet.
819 if (peer->rate_tokens >= ip_rt_redirect_number) {
820 peer->rate_last = jiffies;
824 /* Check for load limit; set rate_last to the latest sent
827 if (peer->rate_tokens == 0 ||
830 (ip_rt_redirect_load << peer->rate_tokens)))) {
831 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
833 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
834 peer->rate_last = jiffies;
836 #ifdef CONFIG_IP_ROUTE_VERBOSE
838 peer->rate_tokens == ip_rt_redirect_number)
839 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
840 &ip_hdr(skb)->saddr, inet_iif(skb),
841 &ip_hdr(skb)->daddr, &gw);
848 static int ip_error(struct sk_buff *skb)
850 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
851 struct rtable *rt = skb_rtable(skb);
852 struct inet_peer *peer;
858 net = dev_net(rt->dst.dev);
859 if (!IN_DEV_FORWARD(in_dev)) {
860 switch (rt->dst.error) {
862 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
866 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
872 switch (rt->dst.error) {
877 code = ICMP_HOST_UNREACH;
880 code = ICMP_NET_UNREACH;
881 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
884 code = ICMP_PKT_FILTERED;
888 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
893 peer->rate_tokens += now - peer->rate_last;
894 if (peer->rate_tokens > ip_rt_error_burst)
895 peer->rate_tokens = ip_rt_error_burst;
896 peer->rate_last = now;
897 if (peer->rate_tokens >= ip_rt_error_cost)
898 peer->rate_tokens -= ip_rt_error_cost;
904 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
910 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
912 struct dst_entry *dst = &rt->dst;
913 struct fib_result res;
915 if (dst_metric_locked(dst, RTAX_MTU))
918 if (dst->dev->mtu < mtu)
921 if (mtu < ip_rt_min_pmtu)
922 mtu = ip_rt_min_pmtu;
925 dst->obsolete = DST_OBSOLETE_KILL;
928 dst->expires = max(1UL, jiffies + ip_rt_mtu_expires);
932 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
933 struct fib_nh *nh = &FIB_RES_NH(res);
935 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
936 jiffies + ip_rt_mtu_expires);
941 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
942 struct sk_buff *skb, u32 mtu)
944 struct rtable *rt = (struct rtable *) dst;
947 ip_rt_build_flow_key(&fl4, sk, skb);
948 __ip_rt_update_pmtu(rt, &fl4, mtu);
951 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
952 int oif, u32 mark, u8 protocol, int flow_flags)
954 const struct iphdr *iph = (const struct iphdr *) skb->data;
958 __build_flow_key(&fl4, NULL, iph, oif,
959 RT_TOS(iph->tos), protocol, mark, flow_flags);
960 rt = __ip_route_output_key(net, &fl4);
962 __ip_rt_update_pmtu(rt, &fl4, mtu);
966 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
968 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
970 const struct iphdr *iph = (const struct iphdr *) skb->data;
974 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
975 rt = __ip_route_output_key(sock_net(sk), &fl4);
977 __ip_rt_update_pmtu(rt, &fl4, mtu);
982 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
984 const struct iphdr *iph = (const struct iphdr *) skb->data;
987 struct dst_entry *dst;
991 rt = (struct rtable *) __sk_dst_get(sk);
993 if (sock_owned_by_user(sk) || !rt) {
994 __ipv4_sk_update_pmtu(skb, sk, mtu);
998 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1000 if (!__sk_dst_check(sk, 0)) {
1001 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1008 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1010 dst = dst_check(&rt->dst, 0);
1013 dst_release(&rt->dst);
1015 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1023 __sk_dst_set(sk, &rt->dst);
1028 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1030 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1031 int oif, u32 mark, u8 protocol, int flow_flags)
1033 const struct iphdr *iph = (const struct iphdr *) skb->data;
1037 __build_flow_key(&fl4, NULL, iph, oif,
1038 RT_TOS(iph->tos), protocol, mark, flow_flags);
1039 rt = __ip_route_output_key(net, &fl4);
1041 __ip_do_redirect(rt, skb, &fl4, false);
1045 EXPORT_SYMBOL_GPL(ipv4_redirect);
1047 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1049 const struct iphdr *iph = (const struct iphdr *) skb->data;
1053 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1054 rt = __ip_route_output_key(sock_net(sk), &fl4);
1056 __ip_do_redirect(rt, skb, &fl4, false);
1060 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1062 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1064 struct rtable *rt = (struct rtable *) dst;
1066 /* All IPV4 dsts are created with ->obsolete set to the value
1067 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1068 * into this function always.
1070 * When a PMTU/redirect information update invalidates a
1071 * route, this is indicated by setting obsolete to
1072 * DST_OBSOLETE_KILL.
1074 if (dst->obsolete == DST_OBSOLETE_KILL || rt_is_expired(rt))
1079 static void ipv4_link_failure(struct sk_buff *skb)
1083 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1085 rt = skb_rtable(skb);
1087 dst_set_expires(&rt->dst, 0);
1090 static int ip_rt_bug(struct sk_buff *skb)
1092 pr_debug("%s: %pI4 -> %pI4, %s\n",
1093 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1094 skb->dev ? skb->dev->name : "?");
1101 We do not cache source address of outgoing interface,
1102 because it is used only by IP RR, TS and SRR options,
1103 so that it out of fast path.
1105 BTW remember: "addr" is allowed to be not aligned
1109 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1113 if (rt_is_output_route(rt))
1114 src = ip_hdr(skb)->saddr;
1116 struct fib_result res;
1122 memset(&fl4, 0, sizeof(fl4));
1123 fl4.daddr = iph->daddr;
1124 fl4.saddr = iph->saddr;
1125 fl4.flowi4_tos = RT_TOS(iph->tos);
1126 fl4.flowi4_oif = rt->dst.dev->ifindex;
1127 fl4.flowi4_iif = skb->dev->ifindex;
1128 fl4.flowi4_mark = skb->mark;
1131 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1132 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1134 src = inet_select_addr(rt->dst.dev,
1135 rt_nexthop(rt, iph->daddr),
1139 memcpy(addr, &src, 4);
1142 #ifdef CONFIG_IP_ROUTE_CLASSID
1143 static void set_class_tag(struct rtable *rt, u32 tag)
1145 if (!(rt->dst.tclassid & 0xFFFF))
1146 rt->dst.tclassid |= tag & 0xFFFF;
1147 if (!(rt->dst.tclassid & 0xFFFF0000))
1148 rt->dst.tclassid |= tag & 0xFFFF0000;
1152 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1154 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1157 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1159 if (advmss > 65535 - 40)
1160 advmss = 65535 - 40;
1165 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1167 const struct rtable *rt = (const struct rtable *) dst;
1168 unsigned int mtu = rt->rt_pmtu;
1170 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1171 mtu = dst_metric_raw(dst, RTAX_MTU);
1176 mtu = dst->dev->mtu;
1178 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1179 if (rt->rt_uses_gateway && mtu > 576)
1183 if (mtu > IP_MAX_MTU)
1189 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1191 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1192 struct fib_nh_exception *fnhe;
1198 hval = fnhe_hashfun(daddr);
1200 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1201 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1202 if (fnhe->fnhe_daddr == daddr)
1208 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1213 spin_lock_bh(&fnhe_lock);
1215 if (daddr == fnhe->fnhe_daddr) {
1216 struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
1217 if (orig && rt_is_expired(orig)) {
1219 fnhe->fnhe_pmtu = 0;
1220 fnhe->fnhe_expires = 0;
1222 if (fnhe->fnhe_pmtu) {
1223 unsigned long expires = fnhe->fnhe_expires;
1224 unsigned long diff = expires - jiffies;
1226 if (time_before(jiffies, expires)) {
1227 rt->rt_pmtu = fnhe->fnhe_pmtu;
1228 dst_set_expires(&rt->dst, diff);
1231 if (fnhe->fnhe_gw) {
1232 rt->rt_flags |= RTCF_REDIRECTED;
1233 rt->rt_gateway = fnhe->fnhe_gw;
1234 rt->rt_uses_gateway = 1;
1235 } else if (!rt->rt_gateway)
1236 rt->rt_gateway = daddr;
1238 rcu_assign_pointer(fnhe->fnhe_rth, rt);
1242 fnhe->fnhe_stamp = jiffies;
1245 spin_unlock_bh(&fnhe_lock);
1250 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1252 struct rtable *orig, *prev, **p;
1255 if (rt_is_input_route(rt)) {
1256 p = (struct rtable **)&nh->nh_rth_input;
1258 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1262 prev = cmpxchg(p, orig, rt);
1272 static DEFINE_SPINLOCK(rt_uncached_lock);
1273 static LIST_HEAD(rt_uncached_list);
1275 static void rt_add_uncached_list(struct rtable *rt)
1277 spin_lock_bh(&rt_uncached_lock);
1278 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1279 spin_unlock_bh(&rt_uncached_lock);
1282 static void ipv4_dst_destroy(struct dst_entry *dst)
1284 struct rtable *rt = (struct rtable *) dst;
1286 if (!list_empty(&rt->rt_uncached)) {
1287 spin_lock_bh(&rt_uncached_lock);
1288 list_del(&rt->rt_uncached);
1289 spin_unlock_bh(&rt_uncached_lock);
1293 void rt_flush_dev(struct net_device *dev)
1295 if (!list_empty(&rt_uncached_list)) {
1296 struct net *net = dev_net(dev);
1299 spin_lock_bh(&rt_uncached_lock);
1300 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1301 if (rt->dst.dev != dev)
1303 rt->dst.dev = net->loopback_dev;
1304 dev_hold(rt->dst.dev);
1307 spin_unlock_bh(&rt_uncached_lock);
1311 static bool rt_cache_valid(const struct rtable *rt)
1314 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1318 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1319 const struct fib_result *res,
1320 struct fib_nh_exception *fnhe,
1321 struct fib_info *fi, u16 type, u32 itag)
1323 bool cached = false;
1326 struct fib_nh *nh = &FIB_RES_NH(*res);
1328 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1329 rt->rt_gateway = nh->nh_gw;
1330 rt->rt_uses_gateway = 1;
1332 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1333 #ifdef CONFIG_IP_ROUTE_CLASSID
1334 rt->dst.tclassid = nh->nh_tclassid;
1337 cached = rt_bind_exception(rt, fnhe, daddr);
1338 else if (!(rt->dst.flags & DST_NOCACHE))
1339 cached = rt_cache_route(nh, rt);
1340 if (unlikely(!cached)) {
1341 /* Routes we intend to cache in nexthop exception or
1342 * FIB nexthop have the DST_NOCACHE bit clear.
1343 * However, if we are unsuccessful at storing this
1344 * route into the cache we really need to set it.
1346 rt->dst.flags |= DST_NOCACHE;
1347 if (!rt->rt_gateway)
1348 rt->rt_gateway = daddr;
1349 rt_add_uncached_list(rt);
1352 rt_add_uncached_list(rt);
1354 #ifdef CONFIG_IP_ROUTE_CLASSID
1355 #ifdef CONFIG_IP_MULTIPLE_TABLES
1356 set_class_tag(rt, res->tclassid);
1358 set_class_tag(rt, itag);
1362 static struct rtable *rt_dst_alloc(struct net_device *dev,
1363 bool nopolicy, bool noxfrm, bool will_cache)
1365 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1366 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1367 (nopolicy ? DST_NOPOLICY : 0) |
1368 (noxfrm ? DST_NOXFRM : 0));
1371 /* called in rcu_read_lock() section */
1372 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1373 u8 tos, struct net_device *dev, int our)
1376 struct in_device *in_dev = __in_dev_get_rcu(dev);
1380 /* Primary sanity checks. */
1385 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1386 skb->protocol != htons(ETH_P_IP))
1389 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1390 if (ipv4_is_loopback(saddr))
1393 if (ipv4_is_zeronet(saddr)) {
1394 if (!ipv4_is_local_multicast(daddr))
1397 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1402 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1403 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1407 #ifdef CONFIG_IP_ROUTE_CLASSID
1408 rth->dst.tclassid = itag;
1410 rth->dst.output = ip_rt_bug;
1412 rth->rt_genid = rt_genid(dev_net(dev));
1413 rth->rt_flags = RTCF_MULTICAST;
1414 rth->rt_type = RTN_MULTICAST;
1415 rth->rt_is_input= 1;
1418 rth->rt_gateway = 0;
1419 rth->rt_uses_gateway = 0;
1420 INIT_LIST_HEAD(&rth->rt_uncached);
1422 rth->dst.input= ip_local_deliver;
1423 rth->rt_flags |= RTCF_LOCAL;
1426 #ifdef CONFIG_IP_MROUTE
1427 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1428 rth->dst.input = ip_mr_input;
1430 RT_CACHE_STAT_INC(in_slow_mc);
1432 skb_dst_set(skb, &rth->dst);
1444 static void ip_handle_martian_source(struct net_device *dev,
1445 struct in_device *in_dev,
1446 struct sk_buff *skb,
1450 RT_CACHE_STAT_INC(in_martian_src);
1451 #ifdef CONFIG_IP_ROUTE_VERBOSE
1452 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1454 * RFC1812 recommendation, if source is martian,
1455 * the only hint is MAC header.
1457 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1458 &daddr, &saddr, dev->name);
1459 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1460 print_hex_dump(KERN_WARNING, "ll header: ",
1461 DUMP_PREFIX_OFFSET, 16, 1,
1462 skb_mac_header(skb),
1463 dev->hard_header_len, true);
1469 /* called in rcu_read_lock() section */
1470 static int __mkroute_input(struct sk_buff *skb,
1471 const struct fib_result *res,
1472 struct in_device *in_dev,
1473 __be32 daddr, __be32 saddr, u32 tos)
1477 struct in_device *out_dev;
1478 unsigned int flags = 0;
1482 /* get a working reference to the output device */
1483 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1484 if (out_dev == NULL) {
1485 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1489 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1490 in_dev->dev, in_dev, &itag);
1492 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1498 do_cache = res->fi && !itag;
1499 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1500 (IN_DEV_SHARED_MEDIA(out_dev) ||
1501 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
1502 flags |= RTCF_DOREDIRECT;
1506 if (skb->protocol != htons(ETH_P_IP)) {
1507 /* Not IP (i.e. ARP). Do not create route, if it is
1508 * invalid for proxy arp. DNAT routes are always valid.
1510 * Proxy arp feature have been extended to allow, ARP
1511 * replies back to the same interface, to support
1512 * Private VLAN switch technologies. See arp.c.
1514 if (out_dev == in_dev &&
1515 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1522 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1523 if (rt_cache_valid(rth)) {
1524 skb_dst_set_noref(skb, &rth->dst);
1529 rth = rt_dst_alloc(out_dev->dev,
1530 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1531 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1537 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
1538 rth->rt_flags = flags;
1539 rth->rt_type = res->type;
1540 rth->rt_is_input = 1;
1543 rth->rt_gateway = 0;
1544 rth->rt_uses_gateway = 0;
1545 INIT_LIST_HEAD(&rth->rt_uncached);
1547 rth->dst.input = ip_forward;
1548 rth->dst.output = ip_output;
1550 rt_set_nexthop(rth, daddr, res, NULL, res->fi, res->type, itag);
1551 skb_dst_set(skb, &rth->dst);
1558 static int ip_mkroute_input(struct sk_buff *skb,
1559 struct fib_result *res,
1560 const struct flowi4 *fl4,
1561 struct in_device *in_dev,
1562 __be32 daddr, __be32 saddr, u32 tos)
1564 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1565 if (res->fi && res->fi->fib_nhs > 1)
1566 fib_select_multipath(res);
1569 /* create a routing cache entry */
1570 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1574 * NOTE. We drop all the packets that has local source
1575 * addresses, because every properly looped back packet
1576 * must have correct destination already attached by output routine.
1578 * Such approach solves two big problems:
1579 * 1. Not simplex devices are handled properly.
1580 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1581 * called with rcu_read_lock()
1584 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1585 u8 tos, struct net_device *dev)
1587 struct fib_result res;
1588 struct in_device *in_dev = __in_dev_get_rcu(dev);
1590 unsigned int flags = 0;
1594 struct net *net = dev_net(dev);
1597 /* IP on this device is disabled. */
1602 /* Check for the most weird martians, which can be not detected
1606 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1607 goto martian_source;
1610 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1613 /* Accept zero addresses only to limited broadcast;
1614 * I even do not know to fix it or not. Waiting for complains :-)
1616 if (ipv4_is_zeronet(saddr))
1617 goto martian_source;
1619 if (ipv4_is_zeronet(daddr))
1620 goto martian_destination;
1622 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1623 * and call it once if daddr or/and saddr are loopback addresses
1625 if (ipv4_is_loopback(daddr)) {
1626 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1627 goto martian_destination;
1628 } else if (ipv4_is_loopback(saddr)) {
1629 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1630 goto martian_source;
1634 * Now we are ready to route packet.
1637 fl4.flowi4_iif = dev->ifindex;
1638 fl4.flowi4_mark = skb->mark;
1639 fl4.flowi4_tos = tos;
1640 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1643 err = fib_lookup(net, &fl4, &res);
1647 RT_CACHE_STAT_INC(in_slow_tot);
1649 if (res.type == RTN_BROADCAST)
1652 if (res.type == RTN_LOCAL) {
1653 err = fib_validate_source(skb, saddr, daddr, tos,
1655 dev, in_dev, &itag);
1657 goto martian_source_keep_err;
1661 if (!IN_DEV_FORWARD(in_dev))
1663 if (res.type != RTN_UNICAST)
1664 goto martian_destination;
1666 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1670 if (skb->protocol != htons(ETH_P_IP))
1673 if (!ipv4_is_zeronet(saddr)) {
1674 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1677 goto martian_source_keep_err;
1679 flags |= RTCF_BROADCAST;
1680 res.type = RTN_BROADCAST;
1681 RT_CACHE_STAT_INC(in_brd);
1687 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1688 if (rt_cache_valid(rth)) {
1689 skb_dst_set_noref(skb, &rth->dst);
1697 rth = rt_dst_alloc(net->loopback_dev,
1698 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1702 rth->dst.input= ip_local_deliver;
1703 rth->dst.output= ip_rt_bug;
1704 #ifdef CONFIG_IP_ROUTE_CLASSID
1705 rth->dst.tclassid = itag;
1708 rth->rt_genid = rt_genid(net);
1709 rth->rt_flags = flags|RTCF_LOCAL;
1710 rth->rt_type = res.type;
1711 rth->rt_is_input = 1;
1714 rth->rt_gateway = 0;
1715 rth->rt_uses_gateway = 0;
1716 INIT_LIST_HEAD(&rth->rt_uncached);
1717 if (res.type == RTN_UNREACHABLE) {
1718 rth->dst.input= ip_error;
1719 rth->dst.error= -err;
1720 rth->rt_flags &= ~RTCF_LOCAL;
1723 rt_cache_route(&FIB_RES_NH(res), rth);
1724 skb_dst_set(skb, &rth->dst);
1729 RT_CACHE_STAT_INC(in_no_route);
1730 res.type = RTN_UNREACHABLE;
1736 * Do not cache martian addresses: they should be logged (RFC1812)
1738 martian_destination:
1739 RT_CACHE_STAT_INC(in_martian_dst);
1740 #ifdef CONFIG_IP_ROUTE_VERBOSE
1741 if (IN_DEV_LOG_MARTIANS(in_dev))
1742 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1743 &daddr, &saddr, dev->name);
1756 martian_source_keep_err:
1757 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1761 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1762 u8 tos, struct net_device *dev)
1768 /* Multicast recognition logic is moved from route cache to here.
1769 The problem was that too many Ethernet cards have broken/missing
1770 hardware multicast filters :-( As result the host on multicasting
1771 network acquires a lot of useless route cache entries, sort of
1772 SDR messages from all the world. Now we try to get rid of them.
1773 Really, provided software IP multicast filter is organized
1774 reasonably (at least, hashed), it does not result in a slowdown
1775 comparing with route cache reject entries.
1776 Note, that multicast routers are not affected, because
1777 route cache entry is created eventually.
1779 if (ipv4_is_multicast(daddr)) {
1780 struct in_device *in_dev = __in_dev_get_rcu(dev);
1783 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1784 ip_hdr(skb)->protocol);
1786 #ifdef CONFIG_IP_MROUTE
1788 (!ipv4_is_local_multicast(daddr) &&
1789 IN_DEV_MFORWARD(in_dev))
1792 int res = ip_route_input_mc(skb, daddr, saddr,
1801 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1805 EXPORT_SYMBOL(ip_route_input_noref);
1807 /* called with rcu_read_lock() */
1808 static struct rtable *__mkroute_output(const struct fib_result *res,
1809 const struct flowi4 *fl4, int orig_oif,
1810 struct net_device *dev_out,
1813 struct fib_info *fi = res->fi;
1814 struct fib_nh_exception *fnhe;
1815 struct in_device *in_dev;
1816 u16 type = res->type;
1820 in_dev = __in_dev_get_rcu(dev_out);
1822 return ERR_PTR(-EINVAL);
1824 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1825 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1826 return ERR_PTR(-EINVAL);
1828 if (ipv4_is_lbcast(fl4->daddr))
1829 type = RTN_BROADCAST;
1830 else if (ipv4_is_multicast(fl4->daddr))
1831 type = RTN_MULTICAST;
1832 else if (ipv4_is_zeronet(fl4->daddr))
1833 return ERR_PTR(-EINVAL);
1835 if (dev_out->flags & IFF_LOOPBACK)
1836 flags |= RTCF_LOCAL;
1839 if (type == RTN_BROADCAST) {
1840 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1842 } else if (type == RTN_MULTICAST) {
1843 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1844 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1846 flags &= ~RTCF_LOCAL;
1849 /* If multicast route do not exist use
1850 * default one, but do not gateway in this case.
1853 if (fi && res->prefixlen < 4)
1858 do_cache &= fi != NULL;
1860 struct rtable __rcu **prth;
1861 struct fib_nh *nh = &FIB_RES_NH(*res);
1863 fnhe = find_exception(nh, fl4->daddr);
1865 prth = &fnhe->fnhe_rth;
1867 if (unlikely(fl4->flowi4_flags &
1868 FLOWI_FLAG_KNOWN_NH &&
1870 nh->nh_scope == RT_SCOPE_LINK))) {
1874 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1876 rth = rcu_dereference(*prth);
1877 if (rt_cache_valid(rth)) {
1878 dst_hold(&rth->dst);
1884 rth = rt_dst_alloc(dev_out,
1885 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1886 IN_DEV_CONF_GET(in_dev, NOXFRM),
1889 return ERR_PTR(-ENOBUFS);
1891 rth->dst.output = ip_output;
1893 rth->rt_genid = rt_genid(dev_net(dev_out));
1894 rth->rt_flags = flags;
1895 rth->rt_type = type;
1896 rth->rt_is_input = 0;
1897 rth->rt_iif = orig_oif ? : 0;
1899 rth->rt_gateway = 0;
1900 rth->rt_uses_gateway = 0;
1901 INIT_LIST_HEAD(&rth->rt_uncached);
1903 RT_CACHE_STAT_INC(out_slow_tot);
1905 if (flags & RTCF_LOCAL)
1906 rth->dst.input = ip_local_deliver;
1907 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1908 if (flags & RTCF_LOCAL &&
1909 !(dev_out->flags & IFF_LOOPBACK)) {
1910 rth->dst.output = ip_mc_output;
1911 RT_CACHE_STAT_INC(out_slow_mc);
1913 #ifdef CONFIG_IP_MROUTE
1914 if (type == RTN_MULTICAST) {
1915 if (IN_DEV_MFORWARD(in_dev) &&
1916 !ipv4_is_local_multicast(fl4->daddr)) {
1917 rth->dst.input = ip_mr_input;
1918 rth->dst.output = ip_mc_output;
1924 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1930 * Major route resolver routine.
1933 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1935 struct net_device *dev_out = NULL;
1936 __u8 tos = RT_FL_TOS(fl4);
1937 unsigned int flags = 0;
1938 struct fib_result res;
1946 orig_oif = fl4->flowi4_oif;
1948 fl4->flowi4_iif = LOOPBACK_IFINDEX;
1949 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
1950 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
1951 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
1955 rth = ERR_PTR(-EINVAL);
1956 if (ipv4_is_multicast(fl4->saddr) ||
1957 ipv4_is_lbcast(fl4->saddr) ||
1958 ipv4_is_zeronet(fl4->saddr))
1961 /* I removed check for oif == dev_out->oif here.
1962 It was wrong for two reasons:
1963 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
1964 is assigned to multiple interfaces.
1965 2. Moreover, we are allowed to send packets with saddr
1966 of another iface. --ANK
1969 if (fl4->flowi4_oif == 0 &&
1970 (ipv4_is_multicast(fl4->daddr) ||
1971 ipv4_is_lbcast(fl4->daddr))) {
1972 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
1973 dev_out = __ip_dev_find(net, fl4->saddr, false);
1974 if (dev_out == NULL)
1977 /* Special hack: user can direct multicasts
1978 and limited broadcast via necessary interface
1979 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
1980 This hack is not just for fun, it allows
1981 vic,vat and friends to work.
1982 They bind socket to loopback, set ttl to zero
1983 and expect that it will work.
1984 From the viewpoint of routing cache they are broken,
1985 because we are not allowed to build multicast path
1986 with loopback source addr (look, routing cache
1987 cannot know, that ttl is zero, so that packet
1988 will not leave this host and route is valid).
1989 Luckily, this hack is good workaround.
1992 fl4->flowi4_oif = dev_out->ifindex;
1996 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
1997 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
1998 if (!__ip_dev_find(net, fl4->saddr, false))
2004 if (fl4->flowi4_oif) {
2005 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2006 rth = ERR_PTR(-ENODEV);
2007 if (dev_out == NULL)
2010 /* RACE: Check return value of inet_select_addr instead. */
2011 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2012 rth = ERR_PTR(-ENETUNREACH);
2015 if (ipv4_is_local_multicast(fl4->daddr) ||
2016 ipv4_is_lbcast(fl4->daddr)) {
2018 fl4->saddr = inet_select_addr(dev_out, 0,
2023 if (ipv4_is_multicast(fl4->daddr))
2024 fl4->saddr = inet_select_addr(dev_out, 0,
2026 else if (!fl4->daddr)
2027 fl4->saddr = inet_select_addr(dev_out, 0,
2033 fl4->daddr = fl4->saddr;
2035 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2036 dev_out = net->loopback_dev;
2037 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2038 res.type = RTN_LOCAL;
2039 flags |= RTCF_LOCAL;
2043 if (fib_lookup(net, fl4, &res)) {
2046 if (fl4->flowi4_oif) {
2047 /* Apparently, routing tables are wrong. Assume,
2048 that the destination is on link.
2051 Because we are allowed to send to iface
2052 even if it has NO routes and NO assigned
2053 addresses. When oif is specified, routing
2054 tables are looked up with only one purpose:
2055 to catch if destination is gatewayed, rather than
2056 direct. Moreover, if MSG_DONTROUTE is set,
2057 we send packet, ignoring both routing tables
2058 and ifaddr state. --ANK
2061 We could make it even if oif is unknown,
2062 likely IPv6, but we do not.
2065 if (fl4->saddr == 0)
2066 fl4->saddr = inet_select_addr(dev_out, 0,
2068 res.type = RTN_UNICAST;
2071 rth = ERR_PTR(-ENETUNREACH);
2075 if (res.type == RTN_LOCAL) {
2077 if (res.fi->fib_prefsrc)
2078 fl4->saddr = res.fi->fib_prefsrc;
2080 fl4->saddr = fl4->daddr;
2082 dev_out = net->loopback_dev;
2083 fl4->flowi4_oif = dev_out->ifindex;
2084 flags |= RTCF_LOCAL;
2088 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2089 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2090 fib_select_multipath(&res);
2093 if (!res.prefixlen &&
2094 res.table->tb_num_default > 1 &&
2095 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2096 fib_select_default(&res);
2099 fl4->saddr = FIB_RES_PREFSRC(net, res);
2101 dev_out = FIB_RES_DEV(res);
2102 fl4->flowi4_oif = dev_out->ifindex;
2106 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2112 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2114 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2119 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2121 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2123 return mtu ? : dst->dev->mtu;
2126 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2127 struct sk_buff *skb, u32 mtu)
2131 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2132 struct sk_buff *skb)
2136 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2142 static struct dst_ops ipv4_dst_blackhole_ops = {
2144 .protocol = cpu_to_be16(ETH_P_IP),
2145 .check = ipv4_blackhole_dst_check,
2146 .mtu = ipv4_blackhole_mtu,
2147 .default_advmss = ipv4_default_advmss,
2148 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2149 .redirect = ipv4_rt_blackhole_redirect,
2150 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2151 .neigh_lookup = ipv4_neigh_lookup,
2154 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2156 struct rtable *ort = (struct rtable *) dst_orig;
2159 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2161 struct dst_entry *new = &rt->dst;
2164 new->input = dst_discard;
2165 new->output = dst_discard;
2167 new->dev = ort->dst.dev;
2171 rt->rt_is_input = ort->rt_is_input;
2172 rt->rt_iif = ort->rt_iif;
2173 rt->rt_pmtu = ort->rt_pmtu;
2175 rt->rt_genid = rt_genid(net);
2176 rt->rt_flags = ort->rt_flags;
2177 rt->rt_type = ort->rt_type;
2178 rt->rt_gateway = ort->rt_gateway;
2179 rt->rt_uses_gateway = ort->rt_uses_gateway;
2181 INIT_LIST_HEAD(&rt->rt_uncached);
2186 dst_release(dst_orig);
2188 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2191 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2194 struct rtable *rt = __ip_route_output_key(net, flp4);
2199 if (flp4->flowi4_proto)
2200 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2201 flowi4_to_flowi(flp4),
2206 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2208 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2209 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2210 u32 seq, int event, int nowait, unsigned int flags)
2212 struct rtable *rt = skb_rtable(skb);
2214 struct nlmsghdr *nlh;
2215 unsigned long expires = 0;
2217 u32 metrics[RTAX_MAX];
2219 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2223 r = nlmsg_data(nlh);
2224 r->rtm_family = AF_INET;
2225 r->rtm_dst_len = 32;
2227 r->rtm_tos = fl4->flowi4_tos;
2228 r->rtm_table = RT_TABLE_MAIN;
2229 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2230 goto nla_put_failure;
2231 r->rtm_type = rt->rt_type;
2232 r->rtm_scope = RT_SCOPE_UNIVERSE;
2233 r->rtm_protocol = RTPROT_UNSPEC;
2234 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2235 if (rt->rt_flags & RTCF_NOTIFY)
2236 r->rtm_flags |= RTM_F_NOTIFY;
2238 if (nla_put_be32(skb, RTA_DST, dst))
2239 goto nla_put_failure;
2241 r->rtm_src_len = 32;
2242 if (nla_put_be32(skb, RTA_SRC, src))
2243 goto nla_put_failure;
2246 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2247 goto nla_put_failure;
2248 #ifdef CONFIG_IP_ROUTE_CLASSID
2249 if (rt->dst.tclassid &&
2250 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2251 goto nla_put_failure;
2253 if (!rt_is_input_route(rt) &&
2254 fl4->saddr != src) {
2255 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2256 goto nla_put_failure;
2258 if (rt->rt_uses_gateway &&
2259 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2260 goto nla_put_failure;
2262 expires = rt->dst.expires;
2264 unsigned long now = jiffies;
2266 if (time_before(now, expires))
2272 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2273 if (rt->rt_pmtu && expires)
2274 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2275 if (rtnetlink_put_metrics(skb, metrics) < 0)
2276 goto nla_put_failure;
2278 if (fl4->flowi4_mark &&
2279 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2280 goto nla_put_failure;
2282 error = rt->dst.error;
2284 if (rt_is_input_route(rt)) {
2285 #ifdef CONFIG_IP_MROUTE
2286 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2287 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2288 int err = ipmr_get_route(net, skb,
2289 fl4->saddr, fl4->daddr,
2295 goto nla_put_failure;
2297 if (err == -EMSGSIZE)
2298 goto nla_put_failure;
2304 if (nla_put_u32(skb, RTA_IIF, rt->rt_iif))
2305 goto nla_put_failure;
2308 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2309 goto nla_put_failure;
2311 return nlmsg_end(skb, nlh);
2314 nlmsg_cancel(skb, nlh);
2318 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void *arg)
2320 struct net *net = sock_net(in_skb->sk);
2322 struct nlattr *tb[RTA_MAX+1];
2323 struct rtable *rt = NULL;
2330 struct sk_buff *skb;
2332 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2336 rtm = nlmsg_data(nlh);
2338 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2344 /* Reserve room for dummy headers, this skb can pass
2345 through good chunk of routing engine.
2347 skb_reset_mac_header(skb);
2348 skb_reset_network_header(skb);
2350 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2351 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2352 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2354 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2355 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2356 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2357 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2359 memset(&fl4, 0, sizeof(fl4));
2362 fl4.flowi4_tos = rtm->rtm_tos;
2363 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2364 fl4.flowi4_mark = mark;
2367 struct net_device *dev;
2369 dev = __dev_get_by_index(net, iif);
2375 skb->protocol = htons(ETH_P_IP);
2379 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2382 rt = skb_rtable(skb);
2383 if (err == 0 && rt->dst.error)
2384 err = -rt->dst.error;
2386 rt = ip_route_output_key(net, &fl4);
2396 skb_dst_set(skb, &rt->dst);
2397 if (rtm->rtm_flags & RTM_F_NOTIFY)
2398 rt->rt_flags |= RTCF_NOTIFY;
2400 err = rt_fill_info(net, dst, src, &fl4, skb,
2401 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2402 RTM_NEWROUTE, 0, 0);
2406 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2415 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2420 void ip_rt_multicast_event(struct in_device *in_dev)
2422 rt_cache_flush(dev_net(in_dev->dev));
2425 #ifdef CONFIG_SYSCTL
2426 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2427 void __user *buffer,
2428 size_t *lenp, loff_t *ppos)
2431 rt_cache_flush((struct net *)__ctl->extra1);
2438 static ctl_table ipv4_route_table[] = {
2440 .procname = "gc_thresh",
2441 .data = &ipv4_dst_ops.gc_thresh,
2442 .maxlen = sizeof(int),
2444 .proc_handler = proc_dointvec,
2447 .procname = "max_size",
2448 .data = &ip_rt_max_size,
2449 .maxlen = sizeof(int),
2451 .proc_handler = proc_dointvec,
2454 /* Deprecated. Use gc_min_interval_ms */
2456 .procname = "gc_min_interval",
2457 .data = &ip_rt_gc_min_interval,
2458 .maxlen = sizeof(int),
2460 .proc_handler = proc_dointvec_jiffies,
2463 .procname = "gc_min_interval_ms",
2464 .data = &ip_rt_gc_min_interval,
2465 .maxlen = sizeof(int),
2467 .proc_handler = proc_dointvec_ms_jiffies,
2470 .procname = "gc_timeout",
2471 .data = &ip_rt_gc_timeout,
2472 .maxlen = sizeof(int),
2474 .proc_handler = proc_dointvec_jiffies,
2477 .procname = "gc_interval",
2478 .data = &ip_rt_gc_interval,
2479 .maxlen = sizeof(int),
2481 .proc_handler = proc_dointvec_jiffies,
2484 .procname = "redirect_load",
2485 .data = &ip_rt_redirect_load,
2486 .maxlen = sizeof(int),
2488 .proc_handler = proc_dointvec,
2491 .procname = "redirect_number",
2492 .data = &ip_rt_redirect_number,
2493 .maxlen = sizeof(int),
2495 .proc_handler = proc_dointvec,
2498 .procname = "redirect_silence",
2499 .data = &ip_rt_redirect_silence,
2500 .maxlen = sizeof(int),
2502 .proc_handler = proc_dointvec,
2505 .procname = "error_cost",
2506 .data = &ip_rt_error_cost,
2507 .maxlen = sizeof(int),
2509 .proc_handler = proc_dointvec,
2512 .procname = "error_burst",
2513 .data = &ip_rt_error_burst,
2514 .maxlen = sizeof(int),
2516 .proc_handler = proc_dointvec,
2519 .procname = "gc_elasticity",
2520 .data = &ip_rt_gc_elasticity,
2521 .maxlen = sizeof(int),
2523 .proc_handler = proc_dointvec,
2526 .procname = "mtu_expires",
2527 .data = &ip_rt_mtu_expires,
2528 .maxlen = sizeof(int),
2530 .proc_handler = proc_dointvec_jiffies,
2533 .procname = "min_pmtu",
2534 .data = &ip_rt_min_pmtu,
2535 .maxlen = sizeof(int),
2537 .proc_handler = proc_dointvec,
2540 .procname = "min_adv_mss",
2541 .data = &ip_rt_min_advmss,
2542 .maxlen = sizeof(int),
2544 .proc_handler = proc_dointvec,
2549 static struct ctl_table ipv4_route_flush_table[] = {
2551 .procname = "flush",
2552 .maxlen = sizeof(int),
2554 .proc_handler = ipv4_sysctl_rtcache_flush,
2559 static __net_init int sysctl_route_net_init(struct net *net)
2561 struct ctl_table *tbl;
2563 tbl = ipv4_route_flush_table;
2564 if (!net_eq(net, &init_net)) {
2565 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2569 /* Don't export sysctls to unprivileged users */
2570 if (net->user_ns != &init_user_ns)
2571 tbl[0].procname = NULL;
2573 tbl[0].extra1 = net;
2575 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2576 if (net->ipv4.route_hdr == NULL)
2581 if (tbl != ipv4_route_flush_table)
2587 static __net_exit void sysctl_route_net_exit(struct net *net)
2589 struct ctl_table *tbl;
2591 tbl = net->ipv4.route_hdr->ctl_table_arg;
2592 unregister_net_sysctl_table(net->ipv4.route_hdr);
2593 BUG_ON(tbl == ipv4_route_flush_table);
2597 static __net_initdata struct pernet_operations sysctl_route_ops = {
2598 .init = sysctl_route_net_init,
2599 .exit = sysctl_route_net_exit,
2603 static __net_init int rt_genid_init(struct net *net)
2605 atomic_set(&net->rt_genid, 0);
2606 get_random_bytes(&net->ipv4.dev_addr_genid,
2607 sizeof(net->ipv4.dev_addr_genid));
2611 static __net_initdata struct pernet_operations rt_genid_ops = {
2612 .init = rt_genid_init,
2615 static int __net_init ipv4_inetpeer_init(struct net *net)
2617 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2621 inet_peer_base_init(bp);
2622 net->ipv4.peers = bp;
2626 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2628 struct inet_peer_base *bp = net->ipv4.peers;
2630 net->ipv4.peers = NULL;
2631 inetpeer_invalidate_tree(bp);
2635 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2636 .init = ipv4_inetpeer_init,
2637 .exit = ipv4_inetpeer_exit,
2640 #ifdef CONFIG_IP_ROUTE_CLASSID
2641 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2642 #endif /* CONFIG_IP_ROUTE_CLASSID */
2644 int __init ip_rt_init(void)
2648 #ifdef CONFIG_IP_ROUTE_CLASSID
2649 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2651 panic("IP: failed to allocate ip_rt_acct\n");
2654 ipv4_dst_ops.kmem_cachep =
2655 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2656 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2658 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2660 if (dst_entries_init(&ipv4_dst_ops) < 0)
2661 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2663 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2664 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2666 ipv4_dst_ops.gc_thresh = ~0;
2667 ip_rt_max_size = INT_MAX;
2672 if (ip_rt_proc_init())
2673 pr_err("Unable to create route proc files\n");
2678 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2680 #ifdef CONFIG_SYSCTL
2681 register_pernet_subsys(&sysctl_route_ops);
2683 register_pernet_subsys(&rt_genid_ops);
2684 register_pernet_subsys(&ipv4_inetpeer_ops);
2688 #ifdef CONFIG_SYSCTL
2690 * We really need to sanitize the damn ipv4 init order, then all
2691 * this nonsense will go away.
2693 void __init ip_static_sysctl_init(void)
2695 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
git.openpandora.org / pandora-kernel.git / blob