2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
93 #include <net/net_namespace.h>
94 #include <net/protocol.h>
96 #include <net/route.h>
97 #include <net/inetpeer.h>
99 #include <net/ip_fib.h>
102 #include <net/icmp.h>
103 #include <net/xfrm.h>
104 #include <net/netevent.h>
105 #include <net/rtnetlink.h>
107 #include <linux/sysctl.h>
108 #include <linux/kmemleak.h>
110 #include <net/secure_seq.h>
112 #define RT_FL_TOS(oldflp4) \
113 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
115 #define RT_GC_TIMEOUT (300*HZ)
117 static int ip_rt_max_size;
118 static int ip_rt_redirect_number __read_mostly = 9;
119 static int ip_rt_redirect_load __read_mostly = HZ / 50;
120 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
121 static int ip_rt_error_cost __read_mostly = HZ;
122 static int ip_rt_error_burst __read_mostly = 5 * HZ;
123 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
124 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
125 static int ip_rt_min_advmss __read_mostly = 256;
128 * Interface to generic destination cache.
131 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
132 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
133 static unsigned int ipv4_mtu(const struct dst_entry *dst);
134 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
135 static void ipv4_link_failure(struct sk_buff *skb);
136 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
137 struct sk_buff *skb, u32 mtu);
138 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
139 struct sk_buff *skb);
140 static void ipv4_dst_destroy(struct dst_entry *dst);
142 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
148 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
152 static struct dst_ops ipv4_dst_ops = {
154 .protocol = cpu_to_be16(ETH_P_IP),
155 .check = ipv4_dst_check,
156 .default_advmss = ipv4_default_advmss,
158 .cow_metrics = ipv4_cow_metrics,
159 .destroy = ipv4_dst_destroy,
160 .negative_advice = ipv4_negative_advice,
161 .link_failure = ipv4_link_failure,
162 .update_pmtu = ip_rt_update_pmtu,
163 .redirect = ip_do_redirect,
164 .local_out = __ip_local_out,
165 .neigh_lookup = ipv4_neigh_lookup,
168 #define ECN_OR_COST(class) TC_PRIO_##class
170 const __u8 ip_tos2prio[16] = {
172 ECN_OR_COST(BESTEFFORT),
174 ECN_OR_COST(BESTEFFORT),
180 ECN_OR_COST(INTERACTIVE),
182 ECN_OR_COST(INTERACTIVE),
183 TC_PRIO_INTERACTIVE_BULK,
184 ECN_OR_COST(INTERACTIVE_BULK),
185 TC_PRIO_INTERACTIVE_BULK,
186 ECN_OR_COST(INTERACTIVE_BULK)
188 EXPORT_SYMBOL(ip_tos2prio);
190 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
191 #define RT_CACHE_STAT_INC(field) raw_cpu_inc(rt_cache_stat.field)
193 #ifdef CONFIG_PROC_FS
194 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
198 return SEQ_START_TOKEN;
201 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
207 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
211 static int rt_cache_seq_show(struct seq_file *seq, void *v)
213 if (v == SEQ_START_TOKEN)
214 seq_printf(seq, "%-127s\n",
215 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
216 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
221 static const struct seq_operations rt_cache_seq_ops = {
222 .start = rt_cache_seq_start,
223 .next = rt_cache_seq_next,
224 .stop = rt_cache_seq_stop,
225 .show = rt_cache_seq_show,
228 static int rt_cache_seq_open(struct inode *inode, struct file *file)
230 return seq_open(file, &rt_cache_seq_ops);
233 static const struct file_operations rt_cache_seq_fops = {
234 .owner = THIS_MODULE,
235 .open = rt_cache_seq_open,
238 .release = seq_release,
242 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
247 return SEQ_START_TOKEN;
249 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
250 if (!cpu_possible(cpu))
253 return &per_cpu(rt_cache_stat, cpu);
258 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
262 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
263 if (!cpu_possible(cpu))
266 return &per_cpu(rt_cache_stat, cpu);
272 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
277 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
279 struct rt_cache_stat *st = v;
281 if (v == SEQ_START_TOKEN) {
282 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
286 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
287 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
288 dst_entries_get_slow(&ipv4_dst_ops),
301 0, /* st->gc_total */
302 0, /* st->gc_ignored */
303 0, /* st->gc_goal_miss */
304 0, /* st->gc_dst_overflow */
305 0, /* st->in_hlist_search */
306 0 /* st->out_hlist_search */
311 static const struct seq_operations rt_cpu_seq_ops = {
312 .start = rt_cpu_seq_start,
313 .next = rt_cpu_seq_next,
314 .stop = rt_cpu_seq_stop,
315 .show = rt_cpu_seq_show,
319 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
321 return seq_open(file, &rt_cpu_seq_ops);
324 static const struct file_operations rt_cpu_seq_fops = {
325 .owner = THIS_MODULE,
326 .open = rt_cpu_seq_open,
329 .release = seq_release,
332 #ifdef CONFIG_IP_ROUTE_CLASSID
333 static int rt_acct_proc_show(struct seq_file *m, void *v)
335 struct ip_rt_acct *dst, *src;
338 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
342 for_each_possible_cpu(i) {
343 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
344 for (j = 0; j < 256; j++) {
345 dst[j].o_bytes += src[j].o_bytes;
346 dst[j].o_packets += src[j].o_packets;
347 dst[j].i_bytes += src[j].i_bytes;
348 dst[j].i_packets += src[j].i_packets;
352 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
357 static int rt_acct_proc_open(struct inode *inode, struct file *file)
359 return single_open(file, rt_acct_proc_show, NULL);
362 static const struct file_operations rt_acct_proc_fops = {
363 .owner = THIS_MODULE,
364 .open = rt_acct_proc_open,
367 .release = single_release,
371 static int __net_init ip_rt_do_proc_init(struct net *net)
373 struct proc_dir_entry *pde;
375 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
380 pde = proc_create("rt_cache", S_IRUGO,
381 net->proc_net_stat, &rt_cpu_seq_fops);
385 #ifdef CONFIG_IP_ROUTE_CLASSID
386 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
392 #ifdef CONFIG_IP_ROUTE_CLASSID
394 remove_proc_entry("rt_cache", net->proc_net_stat);
397 remove_proc_entry("rt_cache", net->proc_net);
402 static void __net_exit ip_rt_do_proc_exit(struct net *net)
404 remove_proc_entry("rt_cache", net->proc_net_stat);
405 remove_proc_entry("rt_cache", net->proc_net);
406 #ifdef CONFIG_IP_ROUTE_CLASSID
407 remove_proc_entry("rt_acct", net->proc_net);
411 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
412 .init = ip_rt_do_proc_init,
413 .exit = ip_rt_do_proc_exit,
416 static int __init ip_rt_proc_init(void)
418 return register_pernet_subsys(&ip_rt_proc_ops);
422 static inline int ip_rt_proc_init(void)
426 #endif /* CONFIG_PROC_FS */
428 static inline bool rt_is_expired(const struct rtable *rth)
430 return rth->rt_genid != rt_genid_ipv4(dev_net(rth->dst.dev));
433 void rt_cache_flush(struct net *net)
435 rt_genid_bump_ipv4(net);
438 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
442 struct net_device *dev = dst->dev;
443 const __be32 *pkey = daddr;
444 const struct rtable *rt;
447 rt = (const struct rtable *) dst;
449 pkey = (const __be32 *) &rt->rt_gateway;
451 pkey = &ip_hdr(skb)->daddr;
453 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
456 return neigh_create(&arp_tbl, pkey, dev);
460 * Peer allocation may fail only in serious out-of-memory conditions. However
461 * we still can generate some output.
462 * Random ID selection looks a bit dangerous because we have no chances to
463 * select ID being unique in a reasonable period of time.
464 * But broken packet identifier may be better than no packet at all.
466 static void ip_select_fb_ident(struct iphdr *iph)
468 static DEFINE_SPINLOCK(ip_fb_id_lock);
469 static u32 ip_fallback_id;
472 spin_lock_bh(&ip_fb_id_lock);
473 salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
474 iph->id = htons(salt & 0xFFFF);
475 ip_fallback_id = salt;
476 spin_unlock_bh(&ip_fb_id_lock);
479 void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
481 struct net *net = dev_net(dst->dev);
482 struct inet_peer *peer;
484 peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1);
486 iph->id = htons(inet_getid(peer, more));
491 ip_select_fb_ident(iph);
493 EXPORT_SYMBOL(__ip_select_ident);
495 static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk,
496 const struct iphdr *iph,
498 u8 prot, u32 mark, int flow_flags)
501 const struct inet_sock *inet = inet_sk(sk);
503 oif = sk->sk_bound_dev_if;
505 tos = RT_CONN_FLAGS(sk);
506 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
508 flowi4_init_output(fl4, oif, mark, tos,
509 RT_SCOPE_UNIVERSE, prot,
511 iph->daddr, iph->saddr, 0, 0);
514 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
515 const struct sock *sk)
517 const struct iphdr *iph = ip_hdr(skb);
518 int oif = skb->dev->ifindex;
519 u8 tos = RT_TOS(iph->tos);
520 u8 prot = iph->protocol;
521 u32 mark = skb->mark;
523 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
526 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
528 const struct inet_sock *inet = inet_sk(sk);
529 const struct ip_options_rcu *inet_opt;
530 __be32 daddr = inet->inet_daddr;
533 inet_opt = rcu_dereference(inet->inet_opt);
534 if (inet_opt && inet_opt->opt.srr)
535 daddr = inet_opt->opt.faddr;
536 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
537 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
538 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
539 inet_sk_flowi_flags(sk),
540 daddr, inet->inet_saddr, 0, 0);
544 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
545 const struct sk_buff *skb)
548 build_skb_flow_key(fl4, skb, sk);
550 build_sk_flow_key(fl4, sk);
553 static inline void rt_free(struct rtable *rt)
555 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
558 static DEFINE_SPINLOCK(fnhe_lock);
560 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
564 rt = rcu_dereference(fnhe->fnhe_rth_input);
566 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
569 rt = rcu_dereference(fnhe->fnhe_rth_output);
571 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
576 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
578 struct fib_nh_exception *fnhe, *oldest;
580 oldest = rcu_dereference(hash->chain);
581 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
582 fnhe = rcu_dereference(fnhe->fnhe_next)) {
583 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
586 fnhe_flush_routes(oldest);
590 static inline u32 fnhe_hashfun(__be32 daddr)
594 hval = (__force u32) daddr;
595 hval ^= (hval >> 11) ^ (hval >> 22);
597 return hval & (FNHE_HASH_SIZE - 1);
600 static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
602 rt->rt_pmtu = fnhe->fnhe_pmtu;
603 rt->dst.expires = fnhe->fnhe_expires;
606 rt->rt_flags |= RTCF_REDIRECTED;
607 rt->rt_gateway = fnhe->fnhe_gw;
608 rt->rt_uses_gateway = 1;
612 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
613 u32 pmtu, unsigned long expires)
615 struct fnhe_hash_bucket *hash;
616 struct fib_nh_exception *fnhe;
620 u32 hval = fnhe_hashfun(daddr);
622 spin_lock_bh(&fnhe_lock);
624 hash = nh->nh_exceptions;
626 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
629 nh->nh_exceptions = hash;
635 for (fnhe = rcu_dereference(hash->chain); fnhe;
636 fnhe = rcu_dereference(fnhe->fnhe_next)) {
637 if (fnhe->fnhe_daddr == daddr)
646 fnhe->fnhe_pmtu = pmtu;
647 fnhe->fnhe_expires = max(1UL, expires);
649 /* Update all cached dsts too */
650 rt = rcu_dereference(fnhe->fnhe_rth_input);
652 fill_route_from_fnhe(rt, fnhe);
653 rt = rcu_dereference(fnhe->fnhe_rth_output);
655 fill_route_from_fnhe(rt, fnhe);
657 if (depth > FNHE_RECLAIM_DEPTH)
658 fnhe = fnhe_oldest(hash);
660 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
664 fnhe->fnhe_next = hash->chain;
665 rcu_assign_pointer(hash->chain, fnhe);
667 fnhe->fnhe_genid = fnhe_genid(dev_net(nh->nh_dev));
668 fnhe->fnhe_daddr = daddr;
670 fnhe->fnhe_pmtu = pmtu;
671 fnhe->fnhe_expires = expires;
673 /* Exception created; mark the cached routes for the nexthop
674 * stale, so anyone caching it rechecks if this exception
677 rt = rcu_dereference(nh->nh_rth_input);
679 rt->dst.obsolete = DST_OBSOLETE_KILL;
681 for_each_possible_cpu(i) {
682 struct rtable __rcu **prt;
683 prt = per_cpu_ptr(nh->nh_pcpu_rth_output, i);
684 rt = rcu_dereference(*prt);
686 rt->dst.obsolete = DST_OBSOLETE_KILL;
690 fnhe->fnhe_stamp = jiffies;
693 spin_unlock_bh(&fnhe_lock);
696 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
699 __be32 new_gw = icmp_hdr(skb)->un.gateway;
700 __be32 old_gw = ip_hdr(skb)->saddr;
701 struct net_device *dev = skb->dev;
702 struct in_device *in_dev;
703 struct fib_result res;
707 switch (icmp_hdr(skb)->code & 7) {
709 case ICMP_REDIR_NETTOS:
710 case ICMP_REDIR_HOST:
711 case ICMP_REDIR_HOSTTOS:
718 if (rt->rt_gateway != old_gw)
721 in_dev = __in_dev_get_rcu(dev);
726 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
727 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
728 ipv4_is_zeronet(new_gw))
729 goto reject_redirect;
731 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
732 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
733 goto reject_redirect;
734 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
735 goto reject_redirect;
737 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
738 goto reject_redirect;
741 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
743 if (!(n->nud_state & NUD_VALID)) {
744 neigh_event_send(n, NULL);
746 if (fib_lookup(net, fl4, &res) == 0) {
747 struct fib_nh *nh = &FIB_RES_NH(res);
749 update_or_create_fnhe(nh, fl4->daddr, new_gw,
753 rt->dst.obsolete = DST_OBSOLETE_KILL;
754 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
761 #ifdef CONFIG_IP_ROUTE_VERBOSE
762 if (IN_DEV_LOG_MARTIANS(in_dev)) {
763 const struct iphdr *iph = (const struct iphdr *) skb->data;
764 __be32 daddr = iph->daddr;
765 __be32 saddr = iph->saddr;
767 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
768 " Advised path = %pI4 -> %pI4\n",
769 &old_gw, dev->name, &new_gw,
776 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
780 const struct iphdr *iph = (const struct iphdr *) skb->data;
781 int oif = skb->dev->ifindex;
782 u8 tos = RT_TOS(iph->tos);
783 u8 prot = iph->protocol;
784 u32 mark = skb->mark;
786 rt = (struct rtable *) dst;
788 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
789 __ip_do_redirect(rt, skb, &fl4, true);
792 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
794 struct rtable *rt = (struct rtable *)dst;
795 struct dst_entry *ret = dst;
798 if (dst->obsolete > 0) {
801 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
812 * 1. The first ip_rt_redirect_number redirects are sent
813 * with exponential backoff, then we stop sending them at all,
814 * assuming that the host ignores our redirects.
815 * 2. If we did not see packets requiring redirects
816 * during ip_rt_redirect_silence, we assume that the host
817 * forgot redirected route and start to send redirects again.
819 * This algorithm is much cheaper and more intelligent than dumb load limiting
822 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
823 * and "frag. need" (breaks PMTU discovery) in icmp.c.
826 void ip_rt_send_redirect(struct sk_buff *skb)
828 struct rtable *rt = skb_rtable(skb);
829 struct in_device *in_dev;
830 struct inet_peer *peer;
835 in_dev = __in_dev_get_rcu(rt->dst.dev);
836 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
840 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
843 net = dev_net(rt->dst.dev);
844 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
846 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
847 rt_nexthop(rt, ip_hdr(skb)->daddr));
851 /* No redirected packets during ip_rt_redirect_silence;
852 * reset the algorithm.
854 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
855 peer->rate_tokens = 0;
857 /* Too many ignored redirects; do not send anything
858 * set dst.rate_last to the last seen redirected packet.
860 if (peer->rate_tokens >= ip_rt_redirect_number) {
861 peer->rate_last = jiffies;
865 /* Check for load limit; set rate_last to the latest sent
868 if (peer->rate_tokens == 0 ||
871 (ip_rt_redirect_load << peer->rate_tokens)))) {
872 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
874 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
875 peer->rate_last = jiffies;
877 #ifdef CONFIG_IP_ROUTE_VERBOSE
879 peer->rate_tokens == ip_rt_redirect_number)
880 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
881 &ip_hdr(skb)->saddr, inet_iif(skb),
882 &ip_hdr(skb)->daddr, &gw);
889 static int ip_error(struct sk_buff *skb)
891 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
892 struct rtable *rt = skb_rtable(skb);
893 struct inet_peer *peer;
899 net = dev_net(rt->dst.dev);
900 if (!IN_DEV_FORWARD(in_dev)) {
901 switch (rt->dst.error) {
903 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
907 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
913 switch (rt->dst.error) {
918 code = ICMP_HOST_UNREACH;
921 code = ICMP_NET_UNREACH;
922 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
925 code = ICMP_PKT_FILTERED;
929 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
934 peer->rate_tokens += now - peer->rate_last;
935 if (peer->rate_tokens > ip_rt_error_burst)
936 peer->rate_tokens = ip_rt_error_burst;
937 peer->rate_last = now;
938 if (peer->rate_tokens >= ip_rt_error_cost)
939 peer->rate_tokens -= ip_rt_error_cost;
945 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
951 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
953 struct dst_entry *dst = &rt->dst;
954 struct fib_result res;
956 if (dst_metric_locked(dst, RTAX_MTU))
959 if (dst->dev->mtu < mtu)
962 if (mtu < ip_rt_min_pmtu)
963 mtu = ip_rt_min_pmtu;
965 if (rt->rt_pmtu == mtu &&
966 time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
970 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
971 struct fib_nh *nh = &FIB_RES_NH(res);
973 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
974 jiffies + ip_rt_mtu_expires);
979 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
980 struct sk_buff *skb, u32 mtu)
982 struct rtable *rt = (struct rtable *) dst;
985 ip_rt_build_flow_key(&fl4, sk, skb);
986 __ip_rt_update_pmtu(rt, &fl4, mtu);
989 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
990 int oif, u32 mark, u8 protocol, int flow_flags)
992 const struct iphdr *iph = (const struct iphdr *) skb->data;
996 __build_flow_key(&fl4, NULL, iph, oif,
997 RT_TOS(iph->tos), protocol, mark, flow_flags);
998 rt = __ip_route_output_key(net, &fl4);
1000 __ip_rt_update_pmtu(rt, &fl4, mtu);
1004 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
1006 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1008 const struct iphdr *iph = (const struct iphdr *) skb->data;
1012 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1013 rt = __ip_route_output_key(sock_net(sk), &fl4);
1015 __ip_rt_update_pmtu(rt, &fl4, mtu);
1020 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1022 const struct iphdr *iph = (const struct iphdr *) skb->data;
1025 struct dst_entry *dst;
1030 if (!ip_sk_accept_pmtu(sk))
1033 rt = (struct rtable *) __sk_dst_get(sk);
1035 if (sock_owned_by_user(sk) || !rt) {
1036 __ipv4_sk_update_pmtu(skb, sk, mtu);
1040 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1042 if (!__sk_dst_check(sk, 0)) {
1043 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1050 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1052 dst = dst_check(&rt->dst, 0);
1055 dst_release(&rt->dst);
1057 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1065 __sk_dst_set(sk, &rt->dst);
1070 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1072 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1073 int oif, u32 mark, u8 protocol, int flow_flags)
1075 const struct iphdr *iph = (const struct iphdr *) skb->data;
1079 __build_flow_key(&fl4, NULL, iph, oif,
1080 RT_TOS(iph->tos), protocol, mark, flow_flags);
1081 rt = __ip_route_output_key(net, &fl4);
1083 __ip_do_redirect(rt, skb, &fl4, false);
1087 EXPORT_SYMBOL_GPL(ipv4_redirect);
1089 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1091 const struct iphdr *iph = (const struct iphdr *) skb->data;
1095 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1096 rt = __ip_route_output_key(sock_net(sk), &fl4);
1098 __ip_do_redirect(rt, skb, &fl4, false);
1102 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1104 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1106 struct rtable *rt = (struct rtable *) dst;
1108 /* All IPV4 dsts are created with ->obsolete set to the value
1109 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1110 * into this function always.
1112 * When a PMTU/redirect information update invalidates a route,
1113 * this is indicated by setting obsolete to DST_OBSOLETE_KILL or
1114 * DST_OBSOLETE_DEAD by dst_free().
1116 if (dst->obsolete != DST_OBSOLETE_FORCE_CHK || rt_is_expired(rt))
1121 static void ipv4_link_failure(struct sk_buff *skb)
1125 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1127 rt = skb_rtable(skb);
1129 dst_set_expires(&rt->dst, 0);
1132 static int ip_rt_bug(struct sock *sk, struct sk_buff *skb)
1134 pr_debug("%s: %pI4 -> %pI4, %s\n",
1135 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1136 skb->dev ? skb->dev->name : "?");
1143 We do not cache source address of outgoing interface,
1144 because it is used only by IP RR, TS and SRR options,
1145 so that it out of fast path.
1147 BTW remember: "addr" is allowed to be not aligned
1151 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1155 if (rt_is_output_route(rt))
1156 src = ip_hdr(skb)->saddr;
1158 struct fib_result res;
1164 memset(&fl4, 0, sizeof(fl4));
1165 fl4.daddr = iph->daddr;
1166 fl4.saddr = iph->saddr;
1167 fl4.flowi4_tos = RT_TOS(iph->tos);
1168 fl4.flowi4_oif = rt->dst.dev->ifindex;
1169 fl4.flowi4_iif = skb->dev->ifindex;
1170 fl4.flowi4_mark = skb->mark;
1173 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1174 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1176 src = inet_select_addr(rt->dst.dev,
1177 rt_nexthop(rt, iph->daddr),
1181 memcpy(addr, &src, 4);
1184 #ifdef CONFIG_IP_ROUTE_CLASSID
1185 static void set_class_tag(struct rtable *rt, u32 tag)
1187 if (!(rt->dst.tclassid & 0xFFFF))
1188 rt->dst.tclassid |= tag & 0xFFFF;
1189 if (!(rt->dst.tclassid & 0xFFFF0000))
1190 rt->dst.tclassid |= tag & 0xFFFF0000;
1194 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1196 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1199 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1201 if (advmss > 65535 - 40)
1202 advmss = 65535 - 40;
1207 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1209 const struct rtable *rt = (const struct rtable *) dst;
1210 unsigned int mtu = rt->rt_pmtu;
1212 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1213 mtu = dst_metric_raw(dst, RTAX_MTU);
1218 mtu = dst->dev->mtu;
1220 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1221 if (rt->rt_uses_gateway && mtu > 576)
1225 return min_t(unsigned int, mtu, IP_MAX_MTU);
1228 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1230 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1231 struct fib_nh_exception *fnhe;
1237 hval = fnhe_hashfun(daddr);
1239 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1240 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1241 if (fnhe->fnhe_daddr == daddr)
1247 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1252 spin_lock_bh(&fnhe_lock);
1254 if (daddr == fnhe->fnhe_daddr) {
1255 struct rtable __rcu **porig;
1256 struct rtable *orig;
1257 int genid = fnhe_genid(dev_net(rt->dst.dev));
1259 if (rt_is_input_route(rt))
1260 porig = &fnhe->fnhe_rth_input;
1262 porig = &fnhe->fnhe_rth_output;
1263 orig = rcu_dereference(*porig);
1265 if (fnhe->fnhe_genid != genid) {
1266 fnhe->fnhe_genid = genid;
1268 fnhe->fnhe_pmtu = 0;
1269 fnhe->fnhe_expires = 0;
1270 fnhe_flush_routes(fnhe);
1273 fill_route_from_fnhe(rt, fnhe);
1274 if (!rt->rt_gateway)
1275 rt->rt_gateway = daddr;
1277 if (!(rt->dst.flags & DST_NOCACHE)) {
1278 rcu_assign_pointer(*porig, rt);
1284 fnhe->fnhe_stamp = jiffies;
1286 spin_unlock_bh(&fnhe_lock);
1291 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1293 struct rtable *orig, *prev, **p;
1296 if (rt_is_input_route(rt)) {
1297 p = (struct rtable **)&nh->nh_rth_input;
1299 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1303 prev = cmpxchg(p, orig, rt);
1313 static DEFINE_SPINLOCK(rt_uncached_lock);
1314 static LIST_HEAD(rt_uncached_list);
1316 static void rt_add_uncached_list(struct rtable *rt)
1318 spin_lock_bh(&rt_uncached_lock);
1319 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1320 spin_unlock_bh(&rt_uncached_lock);
1323 static void ipv4_dst_destroy(struct dst_entry *dst)
1325 struct rtable *rt = (struct rtable *) dst;
1327 if (!list_empty(&rt->rt_uncached)) {
1328 spin_lock_bh(&rt_uncached_lock);
1329 list_del(&rt->rt_uncached);
1330 spin_unlock_bh(&rt_uncached_lock);
1334 void rt_flush_dev(struct net_device *dev)
1336 if (!list_empty(&rt_uncached_list)) {
1337 struct net *net = dev_net(dev);
1340 spin_lock_bh(&rt_uncached_lock);
1341 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1342 if (rt->dst.dev != dev)
1344 rt->dst.dev = net->loopback_dev;
1345 dev_hold(rt->dst.dev);
1348 spin_unlock_bh(&rt_uncached_lock);
1352 static bool rt_cache_valid(const struct rtable *rt)
1355 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1359 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1360 const struct fib_result *res,
1361 struct fib_nh_exception *fnhe,
1362 struct fib_info *fi, u16 type, u32 itag)
1364 bool cached = false;
1367 struct fib_nh *nh = &FIB_RES_NH(*res);
1369 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1370 rt->rt_gateway = nh->nh_gw;
1371 rt->rt_uses_gateway = 1;
1373 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1374 #ifdef CONFIG_IP_ROUTE_CLASSID
1375 rt->dst.tclassid = nh->nh_tclassid;
1378 cached = rt_bind_exception(rt, fnhe, daddr);
1379 else if (!(rt->dst.flags & DST_NOCACHE))
1380 cached = rt_cache_route(nh, rt);
1381 if (unlikely(!cached)) {
1382 /* Routes we intend to cache in nexthop exception or
1383 * FIB nexthop have the DST_NOCACHE bit clear.
1384 * However, if we are unsuccessful at storing this
1385 * route into the cache we really need to set it.
1387 rt->dst.flags |= DST_NOCACHE;
1388 if (!rt->rt_gateway)
1389 rt->rt_gateway = daddr;
1390 rt_add_uncached_list(rt);
1393 rt_add_uncached_list(rt);
1395 #ifdef CONFIG_IP_ROUTE_CLASSID
1396 #ifdef CONFIG_IP_MULTIPLE_TABLES
1397 set_class_tag(rt, res->tclassid);
1399 set_class_tag(rt, itag);
1403 static struct rtable *rt_dst_alloc(struct net_device *dev,
1404 bool nopolicy, bool noxfrm, bool will_cache)
1406 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1407 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1408 (nopolicy ? DST_NOPOLICY : 0) |
1409 (noxfrm ? DST_NOXFRM : 0));
1412 /* called in rcu_read_lock() section */
1413 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1414 u8 tos, struct net_device *dev, int our)
1417 struct in_device *in_dev = __in_dev_get_rcu(dev);
1421 /* Primary sanity checks. */
1426 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1427 skb->protocol != htons(ETH_P_IP))
1430 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1431 if (ipv4_is_loopback(saddr))
1434 if (ipv4_is_zeronet(saddr)) {
1435 if (!ipv4_is_local_multicast(daddr))
1438 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1443 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1444 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1448 #ifdef CONFIG_IP_ROUTE_CLASSID
1449 rth->dst.tclassid = itag;
1451 rth->dst.output = ip_rt_bug;
1453 rth->rt_genid = rt_genid_ipv4(dev_net(dev));
1454 rth->rt_flags = RTCF_MULTICAST;
1455 rth->rt_type = RTN_MULTICAST;
1456 rth->rt_is_input= 1;
1459 rth->rt_gateway = 0;
1460 rth->rt_uses_gateway = 0;
1461 INIT_LIST_HEAD(&rth->rt_uncached);
1463 rth->dst.input= ip_local_deliver;
1464 rth->rt_flags |= RTCF_LOCAL;
1467 #ifdef CONFIG_IP_MROUTE
1468 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1469 rth->dst.input = ip_mr_input;
1471 RT_CACHE_STAT_INC(in_slow_mc);
1473 skb_dst_set(skb, &rth->dst);
1485 static void ip_handle_martian_source(struct net_device *dev,
1486 struct in_device *in_dev,
1487 struct sk_buff *skb,
1491 RT_CACHE_STAT_INC(in_martian_src);
1492 #ifdef CONFIG_IP_ROUTE_VERBOSE
1493 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1495 * RFC1812 recommendation, if source is martian,
1496 * the only hint is MAC header.
1498 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1499 &daddr, &saddr, dev->name);
1500 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1501 print_hex_dump(KERN_WARNING, "ll header: ",
1502 DUMP_PREFIX_OFFSET, 16, 1,
1503 skb_mac_header(skb),
1504 dev->hard_header_len, true);
1510 /* called in rcu_read_lock() section */
1511 static int __mkroute_input(struct sk_buff *skb,
1512 const struct fib_result *res,
1513 struct in_device *in_dev,
1514 __be32 daddr, __be32 saddr, u32 tos)
1516 struct fib_nh_exception *fnhe;
1519 struct in_device *out_dev;
1520 unsigned int flags = 0;
1524 /* get a working reference to the output device */
1525 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1526 if (out_dev == NULL) {
1527 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1531 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1532 in_dev->dev, in_dev, &itag);
1534 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1540 do_cache = res->fi && !itag;
1541 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1542 (IN_DEV_SHARED_MEDIA(out_dev) ||
1543 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
1544 flags |= RTCF_DOREDIRECT;
1548 if (skb->protocol != htons(ETH_P_IP)) {
1549 /* Not IP (i.e. ARP). Do not create route, if it is
1550 * invalid for proxy arp. DNAT routes are always valid.
1552 * Proxy arp feature have been extended to allow, ARP
1553 * replies back to the same interface, to support
1554 * Private VLAN switch technologies. See arp.c.
1556 if (out_dev == in_dev &&
1557 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1563 fnhe = find_exception(&FIB_RES_NH(*res), daddr);
1566 rth = rcu_dereference(fnhe->fnhe_rth_input);
1568 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1570 if (rt_cache_valid(rth)) {
1571 skb_dst_set_noref(skb, &rth->dst);
1576 rth = rt_dst_alloc(out_dev->dev,
1577 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1578 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1584 rth->rt_genid = rt_genid_ipv4(dev_net(rth->dst.dev));
1585 rth->rt_flags = flags;
1586 rth->rt_type = res->type;
1587 rth->rt_is_input = 1;
1590 rth->rt_gateway = 0;
1591 rth->rt_uses_gateway = 0;
1592 INIT_LIST_HEAD(&rth->rt_uncached);
1593 RT_CACHE_STAT_INC(in_slow_tot);
1595 rth->dst.input = ip_forward;
1596 rth->dst.output = ip_output;
1598 rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag);
1599 skb_dst_set(skb, &rth->dst);
1606 static int ip_mkroute_input(struct sk_buff *skb,
1607 struct fib_result *res,
1608 const struct flowi4 *fl4,
1609 struct in_device *in_dev,
1610 __be32 daddr, __be32 saddr, u32 tos)
1612 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1613 if (res->fi && res->fi->fib_nhs > 1)
1614 fib_select_multipath(res);
1617 /* create a routing cache entry */
1618 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1622 * NOTE. We drop all the packets that has local source
1623 * addresses, because every properly looped back packet
1624 * must have correct destination already attached by output routine.
1626 * Such approach solves two big problems:
1627 * 1. Not simplex devices are handled properly.
1628 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1629 * called with rcu_read_lock()
1632 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1633 u8 tos, struct net_device *dev)
1635 struct fib_result res;
1636 struct in_device *in_dev = __in_dev_get_rcu(dev);
1638 unsigned int flags = 0;
1642 struct net *net = dev_net(dev);
1645 /* IP on this device is disabled. */
1650 /* Check for the most weird martians, which can be not detected
1654 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1655 goto martian_source;
1658 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1661 /* Accept zero addresses only to limited broadcast;
1662 * I even do not know to fix it or not. Waiting for complains :-)
1664 if (ipv4_is_zeronet(saddr))
1665 goto martian_source;
1667 if (ipv4_is_zeronet(daddr))
1668 goto martian_destination;
1670 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1671 * and call it once if daddr or/and saddr are loopback addresses
1673 if (ipv4_is_loopback(daddr)) {
1674 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1675 goto martian_destination;
1676 } else if (ipv4_is_loopback(saddr)) {
1677 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1678 goto martian_source;
1682 * Now we are ready to route packet.
1685 fl4.flowi4_iif = dev->ifindex;
1686 fl4.flowi4_mark = skb->mark;
1687 fl4.flowi4_tos = tos;
1688 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1691 err = fib_lookup(net, &fl4, &res);
1693 if (!IN_DEV_FORWARD(in_dev))
1694 err = -EHOSTUNREACH;
1698 if (res.type == RTN_BROADCAST)
1701 if (res.type == RTN_LOCAL) {
1702 err = fib_validate_source(skb, saddr, daddr, tos,
1704 dev, in_dev, &itag);
1706 goto martian_source_keep_err;
1710 if (!IN_DEV_FORWARD(in_dev)) {
1711 err = -EHOSTUNREACH;
1714 if (res.type != RTN_UNICAST)
1715 goto martian_destination;
1717 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1721 if (skb->protocol != htons(ETH_P_IP))
1724 if (!ipv4_is_zeronet(saddr)) {
1725 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1728 goto martian_source_keep_err;
1730 flags |= RTCF_BROADCAST;
1731 res.type = RTN_BROADCAST;
1732 RT_CACHE_STAT_INC(in_brd);
1738 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1739 if (rt_cache_valid(rth)) {
1740 skb_dst_set_noref(skb, &rth->dst);
1748 rth = rt_dst_alloc(net->loopback_dev,
1749 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1753 rth->dst.input= ip_local_deliver;
1754 rth->dst.output= ip_rt_bug;
1755 #ifdef CONFIG_IP_ROUTE_CLASSID
1756 rth->dst.tclassid = itag;
1759 rth->rt_genid = rt_genid_ipv4(net);
1760 rth->rt_flags = flags|RTCF_LOCAL;
1761 rth->rt_type = res.type;
1762 rth->rt_is_input = 1;
1765 rth->rt_gateway = 0;
1766 rth->rt_uses_gateway = 0;
1767 INIT_LIST_HEAD(&rth->rt_uncached);
1768 RT_CACHE_STAT_INC(in_slow_tot);
1769 if (res.type == RTN_UNREACHABLE) {
1770 rth->dst.input= ip_error;
1771 rth->dst.error= -err;
1772 rth->rt_flags &= ~RTCF_LOCAL;
1775 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1776 rth->dst.flags |= DST_NOCACHE;
1777 rt_add_uncached_list(rth);
1780 skb_dst_set(skb, &rth->dst);
1785 RT_CACHE_STAT_INC(in_no_route);
1786 res.type = RTN_UNREACHABLE;
1792 * Do not cache martian addresses: they should be logged (RFC1812)
1794 martian_destination:
1795 RT_CACHE_STAT_INC(in_martian_dst);
1796 #ifdef CONFIG_IP_ROUTE_VERBOSE
1797 if (IN_DEV_LOG_MARTIANS(in_dev))
1798 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1799 &daddr, &saddr, dev->name);
1812 martian_source_keep_err:
1813 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1817 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1818 u8 tos, struct net_device *dev)
1824 /* Multicast recognition logic is moved from route cache to here.
1825 The problem was that too many Ethernet cards have broken/missing
1826 hardware multicast filters :-( As result the host on multicasting
1827 network acquires a lot of useless route cache entries, sort of
1828 SDR messages from all the world. Now we try to get rid of them.
1829 Really, provided software IP multicast filter is organized
1830 reasonably (at least, hashed), it does not result in a slowdown
1831 comparing with route cache reject entries.
1832 Note, that multicast routers are not affected, because
1833 route cache entry is created eventually.
1835 if (ipv4_is_multicast(daddr)) {
1836 struct in_device *in_dev = __in_dev_get_rcu(dev);
1839 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1840 ip_hdr(skb)->protocol);
1842 #ifdef CONFIG_IP_MROUTE
1844 (!ipv4_is_local_multicast(daddr) &&
1845 IN_DEV_MFORWARD(in_dev))
1848 int res = ip_route_input_mc(skb, daddr, saddr,
1857 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1861 EXPORT_SYMBOL(ip_route_input_noref);
1863 /* called with rcu_read_lock() */
1864 static struct rtable *__mkroute_output(const struct fib_result *res,
1865 const struct flowi4 *fl4, int orig_oif,
1866 struct net_device *dev_out,
1869 struct fib_info *fi = res->fi;
1870 struct fib_nh_exception *fnhe;
1871 struct in_device *in_dev;
1872 u16 type = res->type;
1876 in_dev = __in_dev_get_rcu(dev_out);
1878 return ERR_PTR(-EINVAL);
1880 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1881 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1882 return ERR_PTR(-EINVAL);
1884 if (ipv4_is_lbcast(fl4->daddr))
1885 type = RTN_BROADCAST;
1886 else if (ipv4_is_multicast(fl4->daddr))
1887 type = RTN_MULTICAST;
1888 else if (ipv4_is_zeronet(fl4->daddr))
1889 return ERR_PTR(-EINVAL);
1891 if (dev_out->flags & IFF_LOOPBACK)
1892 flags |= RTCF_LOCAL;
1895 if (type == RTN_BROADCAST) {
1896 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1898 } else if (type == RTN_MULTICAST) {
1899 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1900 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1902 flags &= ~RTCF_LOCAL;
1905 /* If multicast route do not exist use
1906 * default one, but do not gateway in this case.
1909 if (fi && res->prefixlen < 4)
1914 do_cache &= fi != NULL;
1916 struct rtable __rcu **prth;
1917 struct fib_nh *nh = &FIB_RES_NH(*res);
1919 fnhe = find_exception(nh, fl4->daddr);
1921 prth = &fnhe->fnhe_rth_output;
1923 if (unlikely(fl4->flowi4_flags &
1924 FLOWI_FLAG_KNOWN_NH &&
1926 nh->nh_scope == RT_SCOPE_LINK))) {
1930 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1932 rth = rcu_dereference(*prth);
1933 if (rt_cache_valid(rth)) {
1934 dst_hold(&rth->dst);
1940 rth = rt_dst_alloc(dev_out,
1941 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1942 IN_DEV_CONF_GET(in_dev, NOXFRM),
1945 return ERR_PTR(-ENOBUFS);
1947 rth->dst.output = ip_output;
1949 rth->rt_genid = rt_genid_ipv4(dev_net(dev_out));
1950 rth->rt_flags = flags;
1951 rth->rt_type = type;
1952 rth->rt_is_input = 0;
1953 rth->rt_iif = orig_oif ? : 0;
1955 rth->rt_gateway = 0;
1956 rth->rt_uses_gateway = 0;
1957 INIT_LIST_HEAD(&rth->rt_uncached);
1959 RT_CACHE_STAT_INC(out_slow_tot);
1961 if (flags & RTCF_LOCAL)
1962 rth->dst.input = ip_local_deliver;
1963 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1964 if (flags & RTCF_LOCAL &&
1965 !(dev_out->flags & IFF_LOOPBACK)) {
1966 rth->dst.output = ip_mc_output;
1967 RT_CACHE_STAT_INC(out_slow_mc);
1969 #ifdef CONFIG_IP_MROUTE
1970 if (type == RTN_MULTICAST) {
1971 if (IN_DEV_MFORWARD(in_dev) &&
1972 !ipv4_is_local_multicast(fl4->daddr)) {
1973 rth->dst.input = ip_mr_input;
1974 rth->dst.output = ip_mc_output;
1980 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1986 * Major route resolver routine.
1989 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1991 struct net_device *dev_out = NULL;
1992 __u8 tos = RT_FL_TOS(fl4);
1993 unsigned int flags = 0;
1994 struct fib_result res;
2002 orig_oif = fl4->flowi4_oif;
2004 fl4->flowi4_iif = LOOPBACK_IFINDEX;
2005 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
2006 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
2007 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
2011 rth = ERR_PTR(-EINVAL);
2012 if (ipv4_is_multicast(fl4->saddr) ||
2013 ipv4_is_lbcast(fl4->saddr) ||
2014 ipv4_is_zeronet(fl4->saddr))
2017 /* I removed check for oif == dev_out->oif here.
2018 It was wrong for two reasons:
2019 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2020 is assigned to multiple interfaces.
2021 2. Moreover, we are allowed to send packets with saddr
2022 of another iface. --ANK
2025 if (fl4->flowi4_oif == 0 &&
2026 (ipv4_is_multicast(fl4->daddr) ||
2027 ipv4_is_lbcast(fl4->daddr))) {
2028 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2029 dev_out = __ip_dev_find(net, fl4->saddr, false);
2030 if (dev_out == NULL)
2033 /* Special hack: user can direct multicasts
2034 and limited broadcast via necessary interface
2035 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2036 This hack is not just for fun, it allows
2037 vic,vat and friends to work.
2038 They bind socket to loopback, set ttl to zero
2039 and expect that it will work.
2040 From the viewpoint of routing cache they are broken,
2041 because we are not allowed to build multicast path
2042 with loopback source addr (look, routing cache
2043 cannot know, that ttl is zero, so that packet
2044 will not leave this host and route is valid).
2045 Luckily, this hack is good workaround.
2048 fl4->flowi4_oif = dev_out->ifindex;
2052 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2053 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2054 if (!__ip_dev_find(net, fl4->saddr, false))
2060 if (fl4->flowi4_oif) {
2061 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2062 rth = ERR_PTR(-ENODEV);
2063 if (dev_out == NULL)
2066 /* RACE: Check return value of inet_select_addr instead. */
2067 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2068 rth = ERR_PTR(-ENETUNREACH);
2071 if (ipv4_is_local_multicast(fl4->daddr) ||
2072 ipv4_is_lbcast(fl4->daddr)) {
2074 fl4->saddr = inet_select_addr(dev_out, 0,
2079 if (ipv4_is_multicast(fl4->daddr))
2080 fl4->saddr = inet_select_addr(dev_out, 0,
2082 else if (!fl4->daddr)
2083 fl4->saddr = inet_select_addr(dev_out, 0,
2089 fl4->daddr = fl4->saddr;
2091 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2092 dev_out = net->loopback_dev;
2093 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2094 res.type = RTN_LOCAL;
2095 flags |= RTCF_LOCAL;
2099 if (fib_lookup(net, fl4, &res)) {
2102 if (fl4->flowi4_oif) {
2103 /* Apparently, routing tables are wrong. Assume,
2104 that the destination is on link.
2107 Because we are allowed to send to iface
2108 even if it has NO routes and NO assigned
2109 addresses. When oif is specified, routing
2110 tables are looked up with only one purpose:
2111 to catch if destination is gatewayed, rather than
2112 direct. Moreover, if MSG_DONTROUTE is set,
2113 we send packet, ignoring both routing tables
2114 and ifaddr state. --ANK
2117 We could make it even if oif is unknown,
2118 likely IPv6, but we do not.
2121 if (fl4->saddr == 0)
2122 fl4->saddr = inet_select_addr(dev_out, 0,
2124 res.type = RTN_UNICAST;
2127 rth = ERR_PTR(-ENETUNREACH);
2131 if (res.type == RTN_LOCAL) {
2133 if (res.fi->fib_prefsrc)
2134 fl4->saddr = res.fi->fib_prefsrc;
2136 fl4->saddr = fl4->daddr;
2138 dev_out = net->loopback_dev;
2139 fl4->flowi4_oif = dev_out->ifindex;
2140 flags |= RTCF_LOCAL;
2144 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2145 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2146 fib_select_multipath(&res);
2149 if (!res.prefixlen &&
2150 res.table->tb_num_default > 1 &&
2151 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2152 fib_select_default(&res);
2155 fl4->saddr = FIB_RES_PREFSRC(net, res);
2157 dev_out = FIB_RES_DEV(res);
2158 fl4->flowi4_oif = dev_out->ifindex;
2162 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2168 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2170 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2175 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2177 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2179 return mtu ? : dst->dev->mtu;
2182 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2183 struct sk_buff *skb, u32 mtu)
2187 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2188 struct sk_buff *skb)
2192 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2198 static struct dst_ops ipv4_dst_blackhole_ops = {
2200 .protocol = cpu_to_be16(ETH_P_IP),
2201 .check = ipv4_blackhole_dst_check,
2202 .mtu = ipv4_blackhole_mtu,
2203 .default_advmss = ipv4_default_advmss,
2204 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2205 .redirect = ipv4_rt_blackhole_redirect,
2206 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2207 .neigh_lookup = ipv4_neigh_lookup,
2210 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2212 struct rtable *ort = (struct rtable *) dst_orig;
2215 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2217 struct dst_entry *new = &rt->dst;
2220 new->input = dst_discard;
2221 new->output = dst_discard_sk;
2223 new->dev = ort->dst.dev;
2227 rt->rt_is_input = ort->rt_is_input;
2228 rt->rt_iif = ort->rt_iif;
2229 rt->rt_pmtu = ort->rt_pmtu;
2231 rt->rt_genid = rt_genid_ipv4(net);
2232 rt->rt_flags = ort->rt_flags;
2233 rt->rt_type = ort->rt_type;
2234 rt->rt_gateway = ort->rt_gateway;
2235 rt->rt_uses_gateway = ort->rt_uses_gateway;
2237 INIT_LIST_HEAD(&rt->rt_uncached);
2242 dst_release(dst_orig);
2244 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2247 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2250 struct rtable *rt = __ip_route_output_key(net, flp4);
2255 if (flp4->flowi4_proto)
2256 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2257 flowi4_to_flowi(flp4),
2262 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2264 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2265 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2266 u32 seq, int event, int nowait, unsigned int flags)
2268 struct rtable *rt = skb_rtable(skb);
2270 struct nlmsghdr *nlh;
2271 unsigned long expires = 0;
2273 u32 metrics[RTAX_MAX];
2275 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2279 r = nlmsg_data(nlh);
2280 r->rtm_family = AF_INET;
2281 r->rtm_dst_len = 32;
2283 r->rtm_tos = fl4->flowi4_tos;
2284 r->rtm_table = RT_TABLE_MAIN;
2285 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2286 goto nla_put_failure;
2287 r->rtm_type = rt->rt_type;
2288 r->rtm_scope = RT_SCOPE_UNIVERSE;
2289 r->rtm_protocol = RTPROT_UNSPEC;
2290 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2291 if (rt->rt_flags & RTCF_NOTIFY)
2292 r->rtm_flags |= RTM_F_NOTIFY;
2294 if (nla_put_be32(skb, RTA_DST, dst))
2295 goto nla_put_failure;
2297 r->rtm_src_len = 32;
2298 if (nla_put_be32(skb, RTA_SRC, src))
2299 goto nla_put_failure;
2302 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2303 goto nla_put_failure;
2304 #ifdef CONFIG_IP_ROUTE_CLASSID
2305 if (rt->dst.tclassid &&
2306 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2307 goto nla_put_failure;
2309 if (!rt_is_input_route(rt) &&
2310 fl4->saddr != src) {
2311 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2312 goto nla_put_failure;
2314 if (rt->rt_uses_gateway &&
2315 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2316 goto nla_put_failure;
2318 expires = rt->dst.expires;
2320 unsigned long now = jiffies;
2322 if (time_before(now, expires))
2328 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2329 if (rt->rt_pmtu && expires)
2330 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2331 if (rtnetlink_put_metrics(skb, metrics) < 0)
2332 goto nla_put_failure;
2334 if (fl4->flowi4_mark &&
2335 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2336 goto nla_put_failure;
2338 error = rt->dst.error;
2340 if (rt_is_input_route(rt)) {
2341 #ifdef CONFIG_IP_MROUTE
2342 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2343 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2344 int err = ipmr_get_route(net, skb,
2345 fl4->saddr, fl4->daddr,
2351 goto nla_put_failure;
2353 if (err == -EMSGSIZE)
2354 goto nla_put_failure;
2360 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2361 goto nla_put_failure;
2364 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2365 goto nla_put_failure;
2367 return nlmsg_end(skb, nlh);
2370 nlmsg_cancel(skb, nlh);
2374 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2376 struct net *net = sock_net(in_skb->sk);
2378 struct nlattr *tb[RTA_MAX+1];
2379 struct rtable *rt = NULL;
2386 struct sk_buff *skb;
2388 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2392 rtm = nlmsg_data(nlh);
2394 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2400 /* Reserve room for dummy headers, this skb can pass
2401 through good chunk of routing engine.
2403 skb_reset_mac_header(skb);
2404 skb_reset_network_header(skb);
2406 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2407 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2408 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2410 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2411 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2412 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2413 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2415 memset(&fl4, 0, sizeof(fl4));
2418 fl4.flowi4_tos = rtm->rtm_tos;
2419 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2420 fl4.flowi4_mark = mark;
2423 struct net_device *dev;
2425 dev = __dev_get_by_index(net, iif);
2431 skb->protocol = htons(ETH_P_IP);
2435 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2438 rt = skb_rtable(skb);
2439 if (err == 0 && rt->dst.error)
2440 err = -rt->dst.error;
2442 rt = ip_route_output_key(net, &fl4);
2452 skb_dst_set(skb, &rt->dst);
2453 if (rtm->rtm_flags & RTM_F_NOTIFY)
2454 rt->rt_flags |= RTCF_NOTIFY;
2456 err = rt_fill_info(net, dst, src, &fl4, skb,
2457 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2458 RTM_NEWROUTE, 0, 0);
2462 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2471 void ip_rt_multicast_event(struct in_device *in_dev)
2473 rt_cache_flush(dev_net(in_dev->dev));
2476 #ifdef CONFIG_SYSCTL
2477 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2478 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2479 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2480 static int ip_rt_gc_elasticity __read_mostly = 8;
2482 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
2483 void __user *buffer,
2484 size_t *lenp, loff_t *ppos)
2486 struct net *net = (struct net *)__ctl->extra1;
2489 rt_cache_flush(net);
2490 fnhe_genid_bump(net);
2497 static struct ctl_table ipv4_route_table[] = {
2499 .procname = "gc_thresh",
2500 .data = &ipv4_dst_ops.gc_thresh,
2501 .maxlen = sizeof(int),
2503 .proc_handler = proc_dointvec,
2506 .procname = "max_size",
2507 .data = &ip_rt_max_size,
2508 .maxlen = sizeof(int),
2510 .proc_handler = proc_dointvec,
2513 /* Deprecated. Use gc_min_interval_ms */
2515 .procname = "gc_min_interval",
2516 .data = &ip_rt_gc_min_interval,
2517 .maxlen = sizeof(int),
2519 .proc_handler = proc_dointvec_jiffies,
2522 .procname = "gc_min_interval_ms",
2523 .data = &ip_rt_gc_min_interval,
2524 .maxlen = sizeof(int),
2526 .proc_handler = proc_dointvec_ms_jiffies,
2529 .procname = "gc_timeout",
2530 .data = &ip_rt_gc_timeout,
2531 .maxlen = sizeof(int),
2533 .proc_handler = proc_dointvec_jiffies,
2536 .procname = "gc_interval",
2537 .data = &ip_rt_gc_interval,
2538 .maxlen = sizeof(int),
2540 .proc_handler = proc_dointvec_jiffies,
2543 .procname = "redirect_load",
2544 .data = &ip_rt_redirect_load,
2545 .maxlen = sizeof(int),
2547 .proc_handler = proc_dointvec,
2550 .procname = "redirect_number",
2551 .data = &ip_rt_redirect_number,
2552 .maxlen = sizeof(int),
2554 .proc_handler = proc_dointvec,
2557 .procname = "redirect_silence",
2558 .data = &ip_rt_redirect_silence,
2559 .maxlen = sizeof(int),
2561 .proc_handler = proc_dointvec,
2564 .procname = "error_cost",
2565 .data = &ip_rt_error_cost,
2566 .maxlen = sizeof(int),
2568 .proc_handler = proc_dointvec,
2571 .procname = "error_burst",
2572 .data = &ip_rt_error_burst,
2573 .maxlen = sizeof(int),
2575 .proc_handler = proc_dointvec,
2578 .procname = "gc_elasticity",
2579 .data = &ip_rt_gc_elasticity,
2580 .maxlen = sizeof(int),
2582 .proc_handler = proc_dointvec,
2585 .procname = "mtu_expires",
2586 .data = &ip_rt_mtu_expires,
2587 .maxlen = sizeof(int),
2589 .proc_handler = proc_dointvec_jiffies,
2592 .procname = "min_pmtu",
2593 .data = &ip_rt_min_pmtu,
2594 .maxlen = sizeof(int),
2596 .proc_handler = proc_dointvec,
2599 .procname = "min_adv_mss",
2600 .data = &ip_rt_min_advmss,
2601 .maxlen = sizeof(int),
2603 .proc_handler = proc_dointvec,
2608 static struct ctl_table ipv4_route_flush_table[] = {
2610 .procname = "flush",
2611 .maxlen = sizeof(int),
2613 .proc_handler = ipv4_sysctl_rtcache_flush,
2618 static __net_init int sysctl_route_net_init(struct net *net)
2620 struct ctl_table *tbl;
2622 tbl = ipv4_route_flush_table;
2623 if (!net_eq(net, &init_net)) {
2624 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2628 /* Don't export sysctls to unprivileged users */
2629 if (net->user_ns != &init_user_ns)
2630 tbl[0].procname = NULL;
2632 tbl[0].extra1 = net;
2634 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2635 if (net->ipv4.route_hdr == NULL)
2640 if (tbl != ipv4_route_flush_table)
2646 static __net_exit void sysctl_route_net_exit(struct net *net)
2648 struct ctl_table *tbl;
2650 tbl = net->ipv4.route_hdr->ctl_table_arg;
2651 unregister_net_sysctl_table(net->ipv4.route_hdr);
2652 BUG_ON(tbl == ipv4_route_flush_table);
2656 static __net_initdata struct pernet_operations sysctl_route_ops = {
2657 .init = sysctl_route_net_init,
2658 .exit = sysctl_route_net_exit,
2662 static __net_init int rt_genid_init(struct net *net)
2664 atomic_set(&net->ipv4.rt_genid, 0);
2665 atomic_set(&net->fnhe_genid, 0);
2666 get_random_bytes(&net->ipv4.dev_addr_genid,
2667 sizeof(net->ipv4.dev_addr_genid));
2671 static __net_initdata struct pernet_operations rt_genid_ops = {
2672 .init = rt_genid_init,
2675 static int __net_init ipv4_inetpeer_init(struct net *net)
2677 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2681 inet_peer_base_init(bp);
2682 net->ipv4.peers = bp;
2686 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2688 struct inet_peer_base *bp = net->ipv4.peers;
2690 net->ipv4.peers = NULL;
2691 inetpeer_invalidate_tree(bp);
2695 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2696 .init = ipv4_inetpeer_init,
2697 .exit = ipv4_inetpeer_exit,
2700 #ifdef CONFIG_IP_ROUTE_CLASSID
2701 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2702 #endif /* CONFIG_IP_ROUTE_CLASSID */
2704 int __init ip_rt_init(void)
2708 #ifdef CONFIG_IP_ROUTE_CLASSID
2709 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2711 panic("IP: failed to allocate ip_rt_acct\n");
2714 ipv4_dst_ops.kmem_cachep =
2715 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2716 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2718 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2720 if (dst_entries_init(&ipv4_dst_ops) < 0)
2721 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2723 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2724 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2726 ipv4_dst_ops.gc_thresh = ~0;
2727 ip_rt_max_size = INT_MAX;
2732 if (ip_rt_proc_init())
2733 pr_err("Unable to create route proc files\n");
2738 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2740 #ifdef CONFIG_SYSCTL
2741 register_pernet_subsys(&sysctl_route_ops);
2743 register_pernet_subsys(&rt_genid_ops);
2744 register_pernet_subsys(&ipv4_inetpeer_ops);
2748 #ifdef CONFIG_SYSCTL
2750 * We really need to sanitize the damn ipv4 init order, then all
2751 * this nonsense will go away.
2753 void __init ip_static_sysctl_init(void)
2755 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
git.samba.org / sfrench / cifs-2.6.git / blob