2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/net_namespace.h>
95 #include <net/protocol.h>
97 #include <net/route.h>
98 #include <net/inetpeer.h>
100 #include <net/ip_fib.h>
103 #include <net/icmp.h>
104 #include <net/xfrm.h>
105 #include <net/netevent.h>
106 #include <net/rtnetlink.h>
108 #include <linux/sysctl.h>
109 #include <linux/kmemleak.h>
111 #include <net/secure_seq.h>
113 #define RT_FL_TOS(oldflp4) \
114 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
116 #define IP_MAX_MTU 0xFFF0
118 #define RT_GC_TIMEOUT (300*HZ)
120 static int ip_rt_max_size;
121 static int ip_rt_redirect_number __read_mostly = 9;
122 static int ip_rt_redirect_load __read_mostly = HZ / 50;
123 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
124 static int ip_rt_error_cost __read_mostly = HZ;
125 static int ip_rt_error_burst __read_mostly = 5 * HZ;
126 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
127 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
128 static int ip_rt_min_advmss __read_mostly = 256;
131 * Interface to generic destination cache.
134 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
135 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
136 static unsigned int ipv4_mtu(const struct dst_entry *dst);
137 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
138 static void ipv4_link_failure(struct sk_buff *skb);
139 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
140 struct sk_buff *skb, u32 mtu);
141 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb);
143 static void ipv4_dst_destroy(struct dst_entry *dst);
145 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
150 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
156 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
160 static struct dst_ops ipv4_dst_ops = {
162 .protocol = cpu_to_be16(ETH_P_IP),
163 .check = ipv4_dst_check,
164 .default_advmss = ipv4_default_advmss,
166 .cow_metrics = ipv4_cow_metrics,
167 .destroy = ipv4_dst_destroy,
168 .ifdown = ipv4_dst_ifdown,
169 .negative_advice = ipv4_negative_advice,
170 .link_failure = ipv4_link_failure,
171 .update_pmtu = ip_rt_update_pmtu,
172 .redirect = ip_do_redirect,
173 .local_out = __ip_local_out,
174 .neigh_lookup = ipv4_neigh_lookup,
177 #define ECN_OR_COST(class) TC_PRIO_##class
179 const __u8 ip_tos2prio[16] = {
181 ECN_OR_COST(BESTEFFORT),
183 ECN_OR_COST(BESTEFFORT),
189 ECN_OR_COST(INTERACTIVE),
191 ECN_OR_COST(INTERACTIVE),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK),
194 TC_PRIO_INTERACTIVE_BULK,
195 ECN_OR_COST(INTERACTIVE_BULK)
197 EXPORT_SYMBOL(ip_tos2prio);
199 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
200 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
202 #ifdef CONFIG_PROC_FS
203 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
207 return SEQ_START_TOKEN;
210 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
216 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
220 static int rt_cache_seq_show(struct seq_file *seq, void *v)
222 if (v == SEQ_START_TOKEN)
223 seq_printf(seq, "%-127s\n",
224 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
225 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
230 static const struct seq_operations rt_cache_seq_ops = {
231 .start = rt_cache_seq_start,
232 .next = rt_cache_seq_next,
233 .stop = rt_cache_seq_stop,
234 .show = rt_cache_seq_show,
237 static int rt_cache_seq_open(struct inode *inode, struct file *file)
239 return seq_open(file, &rt_cache_seq_ops);
242 static const struct file_operations rt_cache_seq_fops = {
243 .owner = THIS_MODULE,
244 .open = rt_cache_seq_open,
247 .release = seq_release,
251 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
256 return SEQ_START_TOKEN;
258 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
259 if (!cpu_possible(cpu))
262 return &per_cpu(rt_cache_stat, cpu);
267 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
271 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
272 if (!cpu_possible(cpu))
275 return &per_cpu(rt_cache_stat, cpu);
281 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
286 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
288 struct rt_cache_stat *st = v;
290 if (v == SEQ_START_TOKEN) {
291 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
295 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
296 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
297 dst_entries_get_slow(&ipv4_dst_ops),
320 static const struct seq_operations rt_cpu_seq_ops = {
321 .start = rt_cpu_seq_start,
322 .next = rt_cpu_seq_next,
323 .stop = rt_cpu_seq_stop,
324 .show = rt_cpu_seq_show,
328 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
330 return seq_open(file, &rt_cpu_seq_ops);
333 static const struct file_operations rt_cpu_seq_fops = {
334 .owner = THIS_MODULE,
335 .open = rt_cpu_seq_open,
338 .release = seq_release,
341 #ifdef CONFIG_IP_ROUTE_CLASSID
342 static int rt_acct_proc_show(struct seq_file *m, void *v)
344 struct ip_rt_acct *dst, *src;
347 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
351 for_each_possible_cpu(i) {
352 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
353 for (j = 0; j < 256; j++) {
354 dst[j].o_bytes += src[j].o_bytes;
355 dst[j].o_packets += src[j].o_packets;
356 dst[j].i_bytes += src[j].i_bytes;
357 dst[j].i_packets += src[j].i_packets;
361 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
366 static int rt_acct_proc_open(struct inode *inode, struct file *file)
368 return single_open(file, rt_acct_proc_show, NULL);
371 static const struct file_operations rt_acct_proc_fops = {
372 .owner = THIS_MODULE,
373 .open = rt_acct_proc_open,
376 .release = single_release,
380 static int __net_init ip_rt_do_proc_init(struct net *net)
382 struct proc_dir_entry *pde;
384 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
389 pde = proc_create("rt_cache", S_IRUGO,
390 net->proc_net_stat, &rt_cpu_seq_fops);
394 #ifdef CONFIG_IP_ROUTE_CLASSID
395 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
401 #ifdef CONFIG_IP_ROUTE_CLASSID
403 remove_proc_entry("rt_cache", net->proc_net_stat);
406 remove_proc_entry("rt_cache", net->proc_net);
411 static void __net_exit ip_rt_do_proc_exit(struct net *net)
413 remove_proc_entry("rt_cache", net->proc_net_stat);
414 remove_proc_entry("rt_cache", net->proc_net);
415 #ifdef CONFIG_IP_ROUTE_CLASSID
416 remove_proc_entry("rt_acct", net->proc_net);
420 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
421 .init = ip_rt_do_proc_init,
422 .exit = ip_rt_do_proc_exit,
425 static int __init ip_rt_proc_init(void)
427 return register_pernet_subsys(&ip_rt_proc_ops);
431 static inline int ip_rt_proc_init(void)
435 #endif /* CONFIG_PROC_FS */
437 static inline bool rt_is_expired(const struct rtable *rth)
439 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
442 void rt_cache_flush(struct net *net)
447 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
451 struct net_device *dev = dst->dev;
452 const __be32 *pkey = daddr;
453 const struct rtable *rt;
456 rt = (const struct rtable *) dst;
458 pkey = (const __be32 *) &rt->rt_gateway;
460 pkey = &ip_hdr(skb)->daddr;
462 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
465 return neigh_create(&arp_tbl, pkey, dev);
468 #define IP_IDENTS_SZ 2048u
469 struct ip_ident_bucket {
474 static struct ip_ident_bucket *ip_idents __read_mostly;
476 /* In order to protect privacy, we add a perturbation to identifiers
477 * if one generator is seldom used. This makes hard for an attacker
478 * to infer how many packets were sent between two points in time.
480 u32 ip_idents_reserve(u32 hash, int segs)
482 struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ;
483 u32 old = ACCESS_ONCE(bucket->stamp32);
484 u32 now = (u32)jiffies;
487 if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) {
488 u64 x = prandom_u32();
491 delta = (u32)(x >> 32);
494 return atomic_add_return(segs + delta, &bucket->id) - segs;
496 EXPORT_SYMBOL(ip_idents_reserve);
498 void __ip_select_ident(struct iphdr *iph, int segs)
500 static u32 ip_idents_hashrnd __read_mostly;
501 static bool hashrnd_initialized = false;
504 if (unlikely(!hashrnd_initialized)) {
505 hashrnd_initialized = true;
506 get_random_bytes(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
509 hash = jhash_3words((__force u32)iph->daddr,
510 (__force u32)iph->saddr,
513 id = ip_idents_reserve(hash, segs);
516 EXPORT_SYMBOL(__ip_select_ident);
518 static void __build_flow_key(struct flowi4 *fl4, struct sock *sk,
519 const struct iphdr *iph,
521 u8 prot, u32 mark, int flow_flags)
524 const struct inet_sock *inet = inet_sk(sk);
526 oif = sk->sk_bound_dev_if;
528 tos = RT_CONN_FLAGS(sk);
529 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
531 flowi4_init_output(fl4, oif, mark, tos,
532 RT_SCOPE_UNIVERSE, prot,
534 iph->daddr, iph->saddr, 0, 0,
535 sk ? sock_i_uid(sk) : 0);
538 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
541 const struct iphdr *iph = ip_hdr(skb);
542 int oif = skb->dev->ifindex;
543 u8 tos = RT_TOS(iph->tos);
544 u8 prot = iph->protocol;
545 u32 mark = skb->mark;
547 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
550 static void build_sk_flow_key(struct flowi4 *fl4, struct sock *sk)
552 const struct inet_sock *inet = inet_sk(sk);
553 const struct ip_options_rcu *inet_opt;
554 __be32 daddr = inet->inet_daddr;
557 inet_opt = rcu_dereference(inet->inet_opt);
558 if (inet_opt && inet_opt->opt.srr)
559 daddr = inet_opt->opt.faddr;
560 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
561 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
562 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
563 inet_sk_flowi_flags(sk),
564 daddr, inet->inet_saddr, 0, 0,
569 static void ip_rt_build_flow_key(struct flowi4 *fl4, struct sock *sk,
570 const struct sk_buff *skb)
573 build_skb_flow_key(fl4, skb, sk);
575 build_sk_flow_key(fl4, sk);
578 static inline void rt_free(struct rtable *rt)
580 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
583 static DEFINE_SPINLOCK(fnhe_lock);
585 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
587 struct fib_nh_exception *fnhe, *oldest;
590 oldest = rcu_dereference(hash->chain);
591 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
592 fnhe = rcu_dereference(fnhe->fnhe_next)) {
593 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
596 orig = rcu_dereference(oldest->fnhe_rth);
598 RCU_INIT_POINTER(oldest->fnhe_rth, NULL);
604 static inline u32 fnhe_hashfun(__be32 daddr)
608 hval = (__force u32) daddr;
609 hval ^= (hval >> 11) ^ (hval >> 22);
611 return hval & (FNHE_HASH_SIZE - 1);
614 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
615 u32 pmtu, unsigned long expires)
617 struct fnhe_hash_bucket *hash;
618 struct fib_nh_exception *fnhe;
620 u32 hval = fnhe_hashfun(daddr);
622 spin_lock_bh(&fnhe_lock);
624 hash = nh->nh_exceptions;
626 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
629 nh->nh_exceptions = hash;
635 for (fnhe = rcu_dereference(hash->chain); fnhe;
636 fnhe = rcu_dereference(fnhe->fnhe_next)) {
637 if (fnhe->fnhe_daddr == daddr)
646 fnhe->fnhe_pmtu = pmtu;
647 fnhe->fnhe_expires = expires;
650 if (depth > FNHE_RECLAIM_DEPTH)
651 fnhe = fnhe_oldest(hash);
653 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
657 fnhe->fnhe_next = hash->chain;
658 rcu_assign_pointer(hash->chain, fnhe);
660 fnhe->fnhe_daddr = daddr;
662 fnhe->fnhe_pmtu = pmtu;
663 fnhe->fnhe_expires = expires;
666 fnhe->fnhe_stamp = jiffies;
669 spin_unlock_bh(&fnhe_lock);
673 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
676 __be32 new_gw = icmp_hdr(skb)->un.gateway;
677 __be32 old_gw = ip_hdr(skb)->saddr;
678 struct net_device *dev = skb->dev;
679 struct in_device *in_dev;
680 struct fib_result res;
684 switch (icmp_hdr(skb)->code & 7) {
686 case ICMP_REDIR_NETTOS:
687 case ICMP_REDIR_HOST:
688 case ICMP_REDIR_HOSTTOS:
695 if (rt->rt_gateway != old_gw)
698 in_dev = __in_dev_get_rcu(dev);
703 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
704 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
705 ipv4_is_zeronet(new_gw))
706 goto reject_redirect;
708 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
709 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
710 goto reject_redirect;
711 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
712 goto reject_redirect;
714 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
715 goto reject_redirect;
718 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
720 if (!(n->nud_state & NUD_VALID)) {
721 neigh_event_send(n, NULL);
723 if (fib_lookup(net, fl4, &res) == 0) {
724 struct fib_nh *nh = &FIB_RES_NH(res);
726 update_or_create_fnhe(nh, fl4->daddr, new_gw,
730 rt->dst.obsolete = DST_OBSOLETE_KILL;
731 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
738 #ifdef CONFIG_IP_ROUTE_VERBOSE
739 if (IN_DEV_LOG_MARTIANS(in_dev)) {
740 const struct iphdr *iph = (const struct iphdr *) skb->data;
741 __be32 daddr = iph->daddr;
742 __be32 saddr = iph->saddr;
744 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
745 " Advised path = %pI4 -> %pI4\n",
746 &old_gw, dev->name, &new_gw,
753 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
757 const struct iphdr *iph = (const struct iphdr *) skb->data;
758 int oif = skb->dev->ifindex;
759 u8 tos = RT_TOS(iph->tos);
760 u8 prot = iph->protocol;
761 u32 mark = skb->mark;
763 rt = (struct rtable *) dst;
765 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
766 __ip_do_redirect(rt, skb, &fl4, true);
769 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
771 struct rtable *rt = (struct rtable *)dst;
772 struct dst_entry *ret = dst;
775 if (dst->obsolete > 0) {
778 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
789 * 1. The first ip_rt_redirect_number redirects are sent
790 * with exponential backoff, then we stop sending them at all,
791 * assuming that the host ignores our redirects.
792 * 2. If we did not see packets requiring redirects
793 * during ip_rt_redirect_silence, we assume that the host
794 * forgot redirected route and start to send redirects again.
796 * This algorithm is much cheaper and more intelligent than dumb load limiting
799 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
800 * and "frag. need" (breaks PMTU discovery) in icmp.c.
803 void ip_rt_send_redirect(struct sk_buff *skb)
805 struct rtable *rt = skb_rtable(skb);
806 struct in_device *in_dev;
807 struct inet_peer *peer;
812 in_dev = __in_dev_get_rcu(rt->dst.dev);
813 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
817 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
820 net = dev_net(rt->dst.dev);
821 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
823 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
824 rt_nexthop(rt, ip_hdr(skb)->daddr));
828 /* No redirected packets during ip_rt_redirect_silence;
829 * reset the algorithm.
831 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
832 peer->rate_tokens = 0;
834 /* Too many ignored redirects; do not send anything
835 * set dst.rate_last to the last seen redirected packet.
837 if (peer->rate_tokens >= ip_rt_redirect_number) {
838 peer->rate_last = jiffies;
842 /* Check for load limit; set rate_last to the latest sent
845 if (peer->rate_tokens == 0 ||
848 (ip_rt_redirect_load << peer->rate_tokens)))) {
849 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
851 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
852 peer->rate_last = jiffies;
854 #ifdef CONFIG_IP_ROUTE_VERBOSE
856 peer->rate_tokens == ip_rt_redirect_number)
857 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
858 &ip_hdr(skb)->saddr, inet_iif(skb),
859 &ip_hdr(skb)->daddr, &gw);
866 static int ip_error(struct sk_buff *skb)
868 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
869 struct rtable *rt = skb_rtable(skb);
870 struct inet_peer *peer;
876 /* IP on this device is disabled. */
880 net = dev_net(rt->dst.dev);
881 if (!IN_DEV_FORWARD(in_dev)) {
882 switch (rt->dst.error) {
884 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
888 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
894 switch (rt->dst.error) {
899 code = ICMP_HOST_UNREACH;
902 code = ICMP_NET_UNREACH;
903 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
906 code = ICMP_PKT_FILTERED;
910 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
915 peer->rate_tokens += now - peer->rate_last;
916 if (peer->rate_tokens > ip_rt_error_burst)
917 peer->rate_tokens = ip_rt_error_burst;
918 peer->rate_last = now;
919 if (peer->rate_tokens >= ip_rt_error_cost)
920 peer->rate_tokens -= ip_rt_error_cost;
926 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
932 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
934 struct dst_entry *dst = &rt->dst;
935 struct fib_result res;
937 if (dst_metric_locked(dst, RTAX_MTU))
940 if (dst->dev->mtu < mtu)
943 if (mtu < ip_rt_min_pmtu)
944 mtu = ip_rt_min_pmtu;
947 dst->obsolete = DST_OBSOLETE_KILL;
950 dst->expires = max(1UL, jiffies + ip_rt_mtu_expires);
954 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
955 struct fib_nh *nh = &FIB_RES_NH(res);
957 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
958 jiffies + ip_rt_mtu_expires);
963 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
964 struct sk_buff *skb, u32 mtu)
966 struct rtable *rt = (struct rtable *) dst;
969 ip_rt_build_flow_key(&fl4, sk, skb);
970 __ip_rt_update_pmtu(rt, &fl4, mtu);
973 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
974 int oif, u32 mark, u8 protocol, int flow_flags)
976 const struct iphdr *iph = (const struct iphdr *) skb->data;
981 mark = IP4_REPLY_MARK(net, skb->mark);
983 __build_flow_key(&fl4, NULL, iph, oif,
984 RT_TOS(iph->tos), protocol, mark, flow_flags);
985 rt = __ip_route_output_key(net, &fl4);
987 __ip_rt_update_pmtu(rt, &fl4, mtu);
991 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
993 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
995 const struct iphdr *iph = (const struct iphdr *) skb->data;
999 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1001 if (!fl4.flowi4_mark)
1002 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1004 rt = __ip_route_output_key(sock_net(sk), &fl4);
1006 __ip_rt_update_pmtu(rt, &fl4, mtu);
1011 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1013 const struct iphdr *iph = (const struct iphdr *) skb->data;
1016 struct dst_entry *odst = NULL;
1020 odst = sk_dst_get(sk);
1022 if (sock_owned_by_user(sk) || !odst) {
1023 __ipv4_sk_update_pmtu(skb, sk, mtu);
1027 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1029 rt = (struct rtable *)odst;
1030 if (odst->obsolete && odst->ops->check(odst, 0) == NULL) {
1031 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1038 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1040 if (!dst_check(&rt->dst, 0)) {
1042 dst_release(&rt->dst);
1044 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1052 sk_dst_set(sk, &rt->dst);
1058 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1060 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1061 int oif, u32 mark, u8 protocol, int flow_flags)
1063 const struct iphdr *iph = (const struct iphdr *) skb->data;
1067 __build_flow_key(&fl4, NULL, iph, oif,
1068 RT_TOS(iph->tos), protocol, mark, flow_flags);
1069 rt = __ip_route_output_key(net, &fl4);
1071 __ip_do_redirect(rt, skb, &fl4, false);
1075 EXPORT_SYMBOL_GPL(ipv4_redirect);
1077 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1079 const struct iphdr *iph = (const struct iphdr *) skb->data;
1083 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1084 rt = __ip_route_output_key(sock_net(sk), &fl4);
1086 __ip_do_redirect(rt, skb, &fl4, false);
1090 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1092 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1094 struct rtable *rt = (struct rtable *) dst;
1096 /* All IPV4 dsts are created with ->obsolete set to the value
1097 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1098 * into this function always.
1100 * When a PMTU/redirect information update invalidates a
1101 * route, this is indicated by setting obsolete to
1102 * DST_OBSOLETE_KILL.
1104 if (dst->obsolete == DST_OBSOLETE_KILL || rt_is_expired(rt))
1109 static void ipv4_link_failure(struct sk_buff *skb)
1113 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1115 rt = skb_rtable(skb);
1117 dst_set_expires(&rt->dst, 0);
1120 static int ip_rt_bug(struct sk_buff *skb)
1122 pr_debug("%s: %pI4 -> %pI4, %s\n",
1123 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1124 skb->dev ? skb->dev->name : "?");
1131 We do not cache source address of outgoing interface,
1132 because it is used only by IP RR, TS and SRR options,
1133 so that it out of fast path.
1135 BTW remember: "addr" is allowed to be not aligned
1139 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1143 if (rt_is_output_route(rt))
1144 src = ip_hdr(skb)->saddr;
1146 struct fib_result res;
1152 memset(&fl4, 0, sizeof(fl4));
1153 fl4.daddr = iph->daddr;
1154 fl4.saddr = iph->saddr;
1155 fl4.flowi4_tos = RT_TOS(iph->tos);
1156 fl4.flowi4_oif = rt->dst.dev->ifindex;
1157 fl4.flowi4_iif = skb->dev->ifindex;
1158 fl4.flowi4_mark = skb->mark;
1161 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1162 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1164 src = inet_select_addr(rt->dst.dev,
1165 rt_nexthop(rt, iph->daddr),
1169 memcpy(addr, &src, 4);
1172 #ifdef CONFIG_IP_ROUTE_CLASSID
1173 static void set_class_tag(struct rtable *rt, u32 tag)
1175 if (!(rt->dst.tclassid & 0xFFFF))
1176 rt->dst.tclassid |= tag & 0xFFFF;
1177 if (!(rt->dst.tclassid & 0xFFFF0000))
1178 rt->dst.tclassid |= tag & 0xFFFF0000;
1182 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1184 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1187 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1189 if (advmss > 65535 - 40)
1190 advmss = 65535 - 40;
1195 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1197 const struct rtable *rt = (const struct rtable *) dst;
1198 unsigned int mtu = rt->rt_pmtu;
1200 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1201 mtu = dst_metric_raw(dst, RTAX_MTU);
1206 mtu = dst->dev->mtu;
1208 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1209 if (rt->rt_uses_gateway && mtu > 576)
1213 if (mtu > IP_MAX_MTU)
1219 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1221 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1222 struct fib_nh_exception *fnhe;
1228 hval = fnhe_hashfun(daddr);
1230 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1231 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1232 if (fnhe->fnhe_daddr == daddr)
1238 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1243 spin_lock_bh(&fnhe_lock);
1245 if (daddr == fnhe->fnhe_daddr) {
1246 struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
1247 if (orig && rt_is_expired(orig)) {
1249 fnhe->fnhe_pmtu = 0;
1250 fnhe->fnhe_expires = 0;
1252 if (fnhe->fnhe_pmtu) {
1253 unsigned long expires = fnhe->fnhe_expires;
1254 unsigned long diff = expires - jiffies;
1256 if (time_before(jiffies, expires)) {
1257 rt->rt_pmtu = fnhe->fnhe_pmtu;
1258 dst_set_expires(&rt->dst, diff);
1261 if (fnhe->fnhe_gw) {
1262 rt->rt_flags |= RTCF_REDIRECTED;
1263 rt->rt_gateway = fnhe->fnhe_gw;
1264 rt->rt_uses_gateway = 1;
1265 } else if (!rt->rt_gateway)
1266 rt->rt_gateway = daddr;
1268 rcu_assign_pointer(fnhe->fnhe_rth, rt);
1272 fnhe->fnhe_stamp = jiffies;
1275 spin_unlock_bh(&fnhe_lock);
1280 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1282 struct rtable *orig, *prev, **p;
1285 if (rt_is_input_route(rt)) {
1286 p = (struct rtable **)&nh->nh_rth_input;
1288 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1292 prev = cmpxchg(p, orig, rt);
1302 static DEFINE_SPINLOCK(rt_uncached_lock);
1303 static LIST_HEAD(rt_uncached_list);
1305 static void rt_add_uncached_list(struct rtable *rt)
1307 spin_lock_bh(&rt_uncached_lock);
1308 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1309 spin_unlock_bh(&rt_uncached_lock);
1312 static void ipv4_dst_destroy(struct dst_entry *dst)
1314 struct rtable *rt = (struct rtable *) dst;
1316 if (!list_empty(&rt->rt_uncached)) {
1317 spin_lock_bh(&rt_uncached_lock);
1318 list_del(&rt->rt_uncached);
1319 spin_unlock_bh(&rt_uncached_lock);
1323 void rt_flush_dev(struct net_device *dev)
1325 if (!list_empty(&rt_uncached_list)) {
1326 struct net *net = dev_net(dev);
1329 spin_lock_bh(&rt_uncached_lock);
1330 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1331 if (rt->dst.dev != dev)
1333 rt->dst.dev = net->loopback_dev;
1334 dev_hold(rt->dst.dev);
1337 spin_unlock_bh(&rt_uncached_lock);
1341 static bool rt_cache_valid(const struct rtable *rt)
1344 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1348 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1349 const struct fib_result *res,
1350 struct fib_nh_exception *fnhe,
1351 struct fib_info *fi, u16 type, u32 itag)
1353 bool cached = false;
1356 struct fib_nh *nh = &FIB_RES_NH(*res);
1358 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1359 rt->rt_gateway = nh->nh_gw;
1360 rt->rt_uses_gateway = 1;
1362 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1363 #ifdef CONFIG_IP_ROUTE_CLASSID
1364 rt->dst.tclassid = nh->nh_tclassid;
1367 cached = rt_bind_exception(rt, fnhe, daddr);
1368 else if (!(rt->dst.flags & DST_NOCACHE))
1369 cached = rt_cache_route(nh, rt);
1370 if (unlikely(!cached)) {
1371 /* Routes we intend to cache in nexthop exception or
1372 * FIB nexthop have the DST_NOCACHE bit clear.
1373 * However, if we are unsuccessful at storing this
1374 * route into the cache we really need to set it.
1376 rt->dst.flags |= DST_NOCACHE;
1377 if (!rt->rt_gateway)
1378 rt->rt_gateway = daddr;
1379 rt_add_uncached_list(rt);
1382 rt_add_uncached_list(rt);
1384 #ifdef CONFIG_IP_ROUTE_CLASSID
1385 #ifdef CONFIG_IP_MULTIPLE_TABLES
1386 set_class_tag(rt, res->tclassid);
1388 set_class_tag(rt, itag);
1392 static struct rtable *rt_dst_alloc(struct net_device *dev,
1393 bool nopolicy, bool noxfrm, bool will_cache)
1395 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1396 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1397 (nopolicy ? DST_NOPOLICY : 0) |
1398 (noxfrm ? DST_NOXFRM : 0));
1401 /* called in rcu_read_lock() section */
1402 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1403 u8 tos, struct net_device *dev, int our)
1406 struct in_device *in_dev = __in_dev_get_rcu(dev);
1410 /* Primary sanity checks. */
1415 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1416 skb->protocol != htons(ETH_P_IP))
1419 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1420 if (ipv4_is_loopback(saddr))
1423 if (ipv4_is_zeronet(saddr)) {
1424 if (!ipv4_is_local_multicast(daddr))
1427 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1432 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1433 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1437 #ifdef CONFIG_IP_ROUTE_CLASSID
1438 rth->dst.tclassid = itag;
1440 rth->dst.output = ip_rt_bug;
1442 rth->rt_genid = rt_genid(dev_net(dev));
1443 rth->rt_flags = RTCF_MULTICAST;
1444 rth->rt_type = RTN_MULTICAST;
1445 rth->rt_is_input= 1;
1448 rth->rt_gateway = 0;
1449 rth->rt_uses_gateway = 0;
1450 INIT_LIST_HEAD(&rth->rt_uncached);
1452 rth->dst.input= ip_local_deliver;
1453 rth->rt_flags |= RTCF_LOCAL;
1456 #ifdef CONFIG_IP_MROUTE
1457 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1458 rth->dst.input = ip_mr_input;
1460 RT_CACHE_STAT_INC(in_slow_mc);
1462 skb_dst_set(skb, &rth->dst);
1474 static void ip_handle_martian_source(struct net_device *dev,
1475 struct in_device *in_dev,
1476 struct sk_buff *skb,
1480 RT_CACHE_STAT_INC(in_martian_src);
1481 #ifdef CONFIG_IP_ROUTE_VERBOSE
1482 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1484 * RFC1812 recommendation, if source is martian,
1485 * the only hint is MAC header.
1487 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1488 &daddr, &saddr, dev->name);
1489 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1490 print_hex_dump(KERN_WARNING, "ll header: ",
1491 DUMP_PREFIX_OFFSET, 16, 1,
1492 skb_mac_header(skb),
1493 dev->hard_header_len, true);
1499 /* called in rcu_read_lock() section */
1500 static int __mkroute_input(struct sk_buff *skb,
1501 const struct fib_result *res,
1502 struct in_device *in_dev,
1503 __be32 daddr, __be32 saddr, u32 tos)
1507 struct in_device *out_dev;
1508 unsigned int flags = 0;
1512 /* get a working reference to the output device */
1513 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1514 if (out_dev == NULL) {
1515 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1519 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1520 in_dev->dev, in_dev, &itag);
1522 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1528 do_cache = res->fi && !itag;
1529 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1530 skb->protocol == htons(ETH_P_IP) &&
1531 (IN_DEV_SHARED_MEDIA(out_dev) ||
1532 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1533 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1535 if (skb->protocol != htons(ETH_P_IP)) {
1536 /* Not IP (i.e. ARP). Do not create route, if it is
1537 * invalid for proxy arp. DNAT routes are always valid.
1539 * Proxy arp feature have been extended to allow, ARP
1540 * replies back to the same interface, to support
1541 * Private VLAN switch technologies. See arp.c.
1543 if (out_dev == in_dev &&
1544 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1551 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1552 if (rt_cache_valid(rth)) {
1553 skb_dst_set_noref(skb, &rth->dst);
1558 rth = rt_dst_alloc(out_dev->dev,
1559 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1560 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1566 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
1567 rth->rt_flags = flags;
1568 rth->rt_type = res->type;
1569 rth->rt_is_input = 1;
1572 rth->rt_gateway = 0;
1573 rth->rt_uses_gateway = 0;
1574 INIT_LIST_HEAD(&rth->rt_uncached);
1575 RT_CACHE_STAT_INC(in_slow_tot);
1577 rth->dst.input = ip_forward;
1578 rth->dst.output = ip_output;
1580 rt_set_nexthop(rth, daddr, res, NULL, res->fi, res->type, itag);
1581 skb_dst_set(skb, &rth->dst);
1588 static int ip_mkroute_input(struct sk_buff *skb,
1589 struct fib_result *res,
1590 const struct flowi4 *fl4,
1591 struct in_device *in_dev,
1592 __be32 daddr, __be32 saddr, u32 tos)
1594 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1595 if (res->fi && res->fi->fib_nhs > 1)
1596 fib_select_multipath(res);
1599 /* create a routing cache entry */
1600 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1604 * NOTE. We drop all the packets that has local source
1605 * addresses, because every properly looped back packet
1606 * must have correct destination already attached by output routine.
1608 * Such approach solves two big problems:
1609 * 1. Not simplex devices are handled properly.
1610 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1611 * called with rcu_read_lock()
1614 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1615 u8 tos, struct net_device *dev)
1617 struct fib_result res;
1618 struct in_device *in_dev = __in_dev_get_rcu(dev);
1620 unsigned int flags = 0;
1624 struct net *net = dev_net(dev);
1627 /* IP on this device is disabled. */
1632 /* Check for the most weird martians, which can be not detected
1636 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1637 goto martian_source;
1640 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1643 /* Accept zero addresses only to limited broadcast;
1644 * I even do not know to fix it or not. Waiting for complains :-)
1646 if (ipv4_is_zeronet(saddr))
1647 goto martian_source;
1649 if (ipv4_is_zeronet(daddr))
1650 goto martian_destination;
1652 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1653 * and call it once if daddr or/and saddr are loopback addresses
1655 if (ipv4_is_loopback(daddr)) {
1656 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1657 goto martian_destination;
1658 } else if (ipv4_is_loopback(saddr)) {
1659 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1660 goto martian_source;
1664 * Now we are ready to route packet.
1667 fl4.flowi4_iif = dev->ifindex;
1668 fl4.flowi4_mark = skb->mark;
1669 fl4.flowi4_tos = tos;
1670 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1673 err = fib_lookup(net, &fl4, &res);
1677 if (res.type == RTN_BROADCAST)
1680 if (res.type == RTN_LOCAL) {
1681 err = fib_validate_source(skb, saddr, daddr, tos,
1683 dev, in_dev, &itag);
1685 goto martian_source_keep_err;
1689 if (!IN_DEV_FORWARD(in_dev))
1691 if (res.type != RTN_UNICAST)
1692 goto martian_destination;
1694 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1698 if (skb->protocol != htons(ETH_P_IP))
1701 if (!ipv4_is_zeronet(saddr)) {
1702 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1705 goto martian_source_keep_err;
1707 flags |= RTCF_BROADCAST;
1708 res.type = RTN_BROADCAST;
1709 RT_CACHE_STAT_INC(in_brd);
1715 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1716 if (rt_cache_valid(rth)) {
1717 skb_dst_set_noref(skb, &rth->dst);
1725 rth = rt_dst_alloc(net->loopback_dev,
1726 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1730 rth->dst.input= ip_local_deliver;
1731 rth->dst.output= ip_rt_bug;
1732 #ifdef CONFIG_IP_ROUTE_CLASSID
1733 rth->dst.tclassid = itag;
1736 rth->rt_genid = rt_genid(net);
1737 rth->rt_flags = flags|RTCF_LOCAL;
1738 rth->rt_type = res.type;
1739 rth->rt_is_input = 1;
1742 rth->rt_gateway = 0;
1743 rth->rt_uses_gateway = 0;
1744 INIT_LIST_HEAD(&rth->rt_uncached);
1745 RT_CACHE_STAT_INC(in_slow_tot);
1746 if (res.type == RTN_UNREACHABLE) {
1747 rth->dst.input= ip_error;
1748 rth->dst.error= -err;
1749 rth->rt_flags &= ~RTCF_LOCAL;
1752 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1753 rth->dst.flags |= DST_NOCACHE;
1754 rt_add_uncached_list(rth);
1757 skb_dst_set(skb, &rth->dst);
1762 RT_CACHE_STAT_INC(in_no_route);
1763 res.type = RTN_UNREACHABLE;
1769 * Do not cache martian addresses: they should be logged (RFC1812)
1771 martian_destination:
1772 RT_CACHE_STAT_INC(in_martian_dst);
1773 #ifdef CONFIG_IP_ROUTE_VERBOSE
1774 if (IN_DEV_LOG_MARTIANS(in_dev))
1775 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1776 &daddr, &saddr, dev->name);
1789 martian_source_keep_err:
1790 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1794 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1795 u8 tos, struct net_device *dev)
1801 /* Multicast recognition logic is moved from route cache to here.
1802 The problem was that too many Ethernet cards have broken/missing
1803 hardware multicast filters :-( As result the host on multicasting
1804 network acquires a lot of useless route cache entries, sort of
1805 SDR messages from all the world. Now we try to get rid of them.
1806 Really, provided software IP multicast filter is organized
1807 reasonably (at least, hashed), it does not result in a slowdown
1808 comparing with route cache reject entries.
1809 Note, that multicast routers are not affected, because
1810 route cache entry is created eventually.
1812 if (ipv4_is_multicast(daddr)) {
1813 struct in_device *in_dev = __in_dev_get_rcu(dev);
1816 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1817 ip_hdr(skb)->protocol);
1819 #ifdef CONFIG_IP_MROUTE
1821 (!ipv4_is_local_multicast(daddr) &&
1822 IN_DEV_MFORWARD(in_dev))
1825 int res = ip_route_input_mc(skb, daddr, saddr,
1834 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1838 EXPORT_SYMBOL(ip_route_input_noref);
1840 /* called with rcu_read_lock() */
1841 static struct rtable *__mkroute_output(const struct fib_result *res,
1842 const struct flowi4 *fl4, int orig_oif,
1843 struct net_device *dev_out,
1846 struct fib_info *fi = res->fi;
1847 struct fib_nh_exception *fnhe;
1848 struct in_device *in_dev;
1849 u16 type = res->type;
1853 in_dev = __in_dev_get_rcu(dev_out);
1855 return ERR_PTR(-EINVAL);
1857 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1858 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1859 return ERR_PTR(-EINVAL);
1861 if (ipv4_is_lbcast(fl4->daddr))
1862 type = RTN_BROADCAST;
1863 else if (ipv4_is_multicast(fl4->daddr))
1864 type = RTN_MULTICAST;
1865 else if (ipv4_is_zeronet(fl4->daddr))
1866 return ERR_PTR(-EINVAL);
1868 if (dev_out->flags & IFF_LOOPBACK)
1869 flags |= RTCF_LOCAL;
1872 if (type == RTN_BROADCAST) {
1873 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1875 } else if (type == RTN_MULTICAST) {
1876 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1877 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1879 flags &= ~RTCF_LOCAL;
1882 /* If multicast route do not exist use
1883 * default one, but do not gateway in this case.
1886 if (fi && res->prefixlen < 4)
1891 do_cache &= fi != NULL;
1893 struct rtable __rcu **prth;
1894 struct fib_nh *nh = &FIB_RES_NH(*res);
1896 fnhe = find_exception(nh, fl4->daddr);
1898 prth = &fnhe->fnhe_rth;
1900 if (unlikely(fl4->flowi4_flags &
1901 FLOWI_FLAG_KNOWN_NH &&
1903 nh->nh_scope == RT_SCOPE_LINK))) {
1907 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1909 rth = rcu_dereference(*prth);
1910 if (rt_cache_valid(rth)) {
1911 dst_hold(&rth->dst);
1917 rth = rt_dst_alloc(dev_out,
1918 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1919 IN_DEV_CONF_GET(in_dev, NOXFRM),
1922 return ERR_PTR(-ENOBUFS);
1924 rth->dst.output = ip_output;
1926 rth->rt_genid = rt_genid(dev_net(dev_out));
1927 rth->rt_flags = flags;
1928 rth->rt_type = type;
1929 rth->rt_is_input = 0;
1930 rth->rt_iif = orig_oif ? : 0;
1932 rth->rt_gateway = 0;
1933 rth->rt_uses_gateway = 0;
1934 INIT_LIST_HEAD(&rth->rt_uncached);
1936 RT_CACHE_STAT_INC(out_slow_tot);
1938 if (flags & RTCF_LOCAL)
1939 rth->dst.input = ip_local_deliver;
1940 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1941 if (flags & RTCF_LOCAL &&
1942 !(dev_out->flags & IFF_LOOPBACK)) {
1943 rth->dst.output = ip_mc_output;
1944 RT_CACHE_STAT_INC(out_slow_mc);
1946 #ifdef CONFIG_IP_MROUTE
1947 if (type == RTN_MULTICAST) {
1948 if (IN_DEV_MFORWARD(in_dev) &&
1949 !ipv4_is_local_multicast(fl4->daddr)) {
1950 rth->dst.input = ip_mr_input;
1951 rth->dst.output = ip_mc_output;
1957 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1963 * Major route resolver routine.
1966 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1968 struct net_device *dev_out = NULL;
1969 __u8 tos = RT_FL_TOS(fl4);
1970 unsigned int flags = 0;
1971 struct fib_result res;
1979 orig_oif = fl4->flowi4_oif;
1981 fl4->flowi4_iif = LOOPBACK_IFINDEX;
1982 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
1983 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
1984 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
1988 rth = ERR_PTR(-EINVAL);
1989 if (ipv4_is_multicast(fl4->saddr) ||
1990 ipv4_is_lbcast(fl4->saddr) ||
1991 ipv4_is_zeronet(fl4->saddr))
1994 /* I removed check for oif == dev_out->oif here.
1995 It was wrong for two reasons:
1996 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
1997 is assigned to multiple interfaces.
1998 2. Moreover, we are allowed to send packets with saddr
1999 of another iface. --ANK
2002 if (fl4->flowi4_oif == 0 &&
2003 (ipv4_is_multicast(fl4->daddr) ||
2004 ipv4_is_lbcast(fl4->daddr))) {
2005 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2006 dev_out = __ip_dev_find(net, fl4->saddr, false);
2007 if (dev_out == NULL)
2010 /* Special hack: user can direct multicasts
2011 and limited broadcast via necessary interface
2012 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2013 This hack is not just for fun, it allows
2014 vic,vat and friends to work.
2015 They bind socket to loopback, set ttl to zero
2016 and expect that it will work.
2017 From the viewpoint of routing cache they are broken,
2018 because we are not allowed to build multicast path
2019 with loopback source addr (look, routing cache
2020 cannot know, that ttl is zero, so that packet
2021 will not leave this host and route is valid).
2022 Luckily, this hack is good workaround.
2025 fl4->flowi4_oif = dev_out->ifindex;
2029 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2030 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2031 if (!__ip_dev_find(net, fl4->saddr, false))
2037 if (fl4->flowi4_oif) {
2038 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2039 rth = ERR_PTR(-ENODEV);
2040 if (dev_out == NULL)
2043 /* RACE: Check return value of inet_select_addr instead. */
2044 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2045 rth = ERR_PTR(-ENETUNREACH);
2048 if (ipv4_is_local_multicast(fl4->daddr) ||
2049 ipv4_is_lbcast(fl4->daddr)) {
2051 fl4->saddr = inet_select_addr(dev_out, 0,
2056 if (ipv4_is_multicast(fl4->daddr))
2057 fl4->saddr = inet_select_addr(dev_out, 0,
2059 else if (!fl4->daddr)
2060 fl4->saddr = inet_select_addr(dev_out, 0,
2066 fl4->daddr = fl4->saddr;
2068 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2069 dev_out = net->loopback_dev;
2070 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2071 res.type = RTN_LOCAL;
2072 flags |= RTCF_LOCAL;
2076 if (fib_lookup(net, fl4, &res)) {
2079 if (fl4->flowi4_oif) {
2080 /* Apparently, routing tables are wrong. Assume,
2081 that the destination is on link.
2084 Because we are allowed to send to iface
2085 even if it has NO routes and NO assigned
2086 addresses. When oif is specified, routing
2087 tables are looked up with only one purpose:
2088 to catch if destination is gatewayed, rather than
2089 direct. Moreover, if MSG_DONTROUTE is set,
2090 we send packet, ignoring both routing tables
2091 and ifaddr state. --ANK
2094 We could make it even if oif is unknown,
2095 likely IPv6, but we do not.
2098 if (fl4->saddr == 0)
2099 fl4->saddr = inet_select_addr(dev_out, 0,
2101 res.type = RTN_UNICAST;
2104 rth = ERR_PTR(-ENETUNREACH);
2108 if (res.type == RTN_LOCAL) {
2110 if (res.fi->fib_prefsrc)
2111 fl4->saddr = res.fi->fib_prefsrc;
2113 fl4->saddr = fl4->daddr;
2115 dev_out = net->loopback_dev;
2116 fl4->flowi4_oif = dev_out->ifindex;
2117 flags |= RTCF_LOCAL;
2121 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2122 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2123 fib_select_multipath(&res);
2126 if (!res.prefixlen &&
2127 res.table->tb_num_default > 1 &&
2128 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2129 fib_select_default(&res);
2132 fl4->saddr = FIB_RES_PREFSRC(net, res);
2134 dev_out = FIB_RES_DEV(res);
2135 fl4->flowi4_oif = dev_out->ifindex;
2139 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2145 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2147 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2152 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2154 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2156 return mtu ? : dst->dev->mtu;
2159 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2160 struct sk_buff *skb, u32 mtu)
2164 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2165 struct sk_buff *skb)
2169 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2175 static struct dst_ops ipv4_dst_blackhole_ops = {
2177 .protocol = cpu_to_be16(ETH_P_IP),
2178 .check = ipv4_blackhole_dst_check,
2179 .mtu = ipv4_blackhole_mtu,
2180 .default_advmss = ipv4_default_advmss,
2181 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2182 .redirect = ipv4_rt_blackhole_redirect,
2183 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2184 .neigh_lookup = ipv4_neigh_lookup,
2187 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2189 struct rtable *ort = (struct rtable *) dst_orig;
2192 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2194 struct dst_entry *new = &rt->dst;
2197 new->input = dst_discard;
2198 new->output = dst_discard;
2200 new->dev = ort->dst.dev;
2204 rt->rt_is_input = ort->rt_is_input;
2205 rt->rt_iif = ort->rt_iif;
2206 rt->rt_pmtu = ort->rt_pmtu;
2208 rt->rt_genid = rt_genid(net);
2209 rt->rt_flags = ort->rt_flags;
2210 rt->rt_type = ort->rt_type;
2211 rt->rt_gateway = ort->rt_gateway;
2212 rt->rt_uses_gateway = ort->rt_uses_gateway;
2214 INIT_LIST_HEAD(&rt->rt_uncached);
2219 dst_release(dst_orig);
2221 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2224 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2227 struct rtable *rt = __ip_route_output_key(net, flp4);
2232 if (flp4->flowi4_proto)
2233 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2234 flowi4_to_flowi(flp4),
2239 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2241 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2242 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2243 u32 seq, int event, int nowait, unsigned int flags)
2245 struct rtable *rt = skb_rtable(skb);
2247 struct nlmsghdr *nlh;
2248 unsigned long expires = 0;
2250 u32 metrics[RTAX_MAX];
2252 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2256 r = nlmsg_data(nlh);
2257 r->rtm_family = AF_INET;
2258 r->rtm_dst_len = 32;
2260 r->rtm_tos = fl4->flowi4_tos;
2261 r->rtm_table = RT_TABLE_MAIN;
2262 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2263 goto nla_put_failure;
2264 r->rtm_type = rt->rt_type;
2265 r->rtm_scope = RT_SCOPE_UNIVERSE;
2266 r->rtm_protocol = RTPROT_UNSPEC;
2267 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2268 if (rt->rt_flags & RTCF_NOTIFY)
2269 r->rtm_flags |= RTM_F_NOTIFY;
2270 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2271 r->rtm_flags |= RTCF_DOREDIRECT;
2273 if (nla_put_be32(skb, RTA_DST, dst))
2274 goto nla_put_failure;
2276 r->rtm_src_len = 32;
2277 if (nla_put_be32(skb, RTA_SRC, src))
2278 goto nla_put_failure;
2281 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2282 goto nla_put_failure;
2283 #ifdef CONFIG_IP_ROUTE_CLASSID
2284 if (rt->dst.tclassid &&
2285 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2286 goto nla_put_failure;
2288 if (!rt_is_input_route(rt) &&
2289 fl4->saddr != src) {
2290 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2291 goto nla_put_failure;
2293 if (rt->rt_uses_gateway &&
2294 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2295 goto nla_put_failure;
2297 expires = rt->dst.expires;
2299 unsigned long now = jiffies;
2301 if (time_before(now, expires))
2307 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2308 if (rt->rt_pmtu && expires)
2309 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2310 if (rtnetlink_put_metrics(skb, metrics) < 0)
2311 goto nla_put_failure;
2313 if (fl4->flowi4_mark &&
2314 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2315 goto nla_put_failure;
2317 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2318 nla_put_u32(skb, RTA_UID,
2319 from_kuid_munged(current_user_ns(), fl4->flowi4_uid)))
2320 goto nla_put_failure;
2322 error = rt->dst.error;
2324 if (rt_is_input_route(rt)) {
2325 #ifdef CONFIG_IP_MROUTE
2326 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2327 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2328 int err = ipmr_get_route(net, skb,
2329 fl4->saddr, fl4->daddr,
2335 goto nla_put_failure;
2337 if (err == -EMSGSIZE)
2338 goto nla_put_failure;
2344 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2345 goto nla_put_failure;
2348 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2349 goto nla_put_failure;
2351 return nlmsg_end(skb, nlh);
2354 nlmsg_cancel(skb, nlh);
2358 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2360 struct net *net = sock_net(in_skb->sk);
2362 struct nlattr *tb[RTA_MAX+1];
2363 struct rtable *rt = NULL;
2370 struct sk_buff *skb;
2373 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2377 rtm = nlmsg_data(nlh);
2379 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2385 /* Reserve room for dummy headers, this skb can pass
2386 through good chunk of routing engine.
2388 skb_reset_mac_header(skb);
2389 skb_reset_network_header(skb);
2391 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2392 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2393 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2395 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2396 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2397 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2398 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2400 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
2402 uid = (iif ? INVALID_UID : current_uid());
2404 memset(&fl4, 0, sizeof(fl4));
2407 fl4.flowi4_tos = rtm->rtm_tos;
2408 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2409 fl4.flowi4_mark = mark;
2410 fl4.flowi4_uid = uid;
2413 struct net_device *dev;
2415 dev = __dev_get_by_index(net, iif);
2421 skb->protocol = htons(ETH_P_IP);
2425 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2428 rt = skb_rtable(skb);
2429 if (err == 0 && rt->dst.error)
2430 err = -rt->dst.error;
2432 rt = ip_route_output_key(net, &fl4);
2442 skb_dst_set(skb, &rt->dst);
2443 if (rtm->rtm_flags & RTM_F_NOTIFY)
2444 rt->rt_flags |= RTCF_NOTIFY;
2446 err = rt_fill_info(net, dst, src, &fl4, skb,
2447 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2448 RTM_NEWROUTE, 0, 0);
2452 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2461 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2466 void ip_rt_multicast_event(struct in_device *in_dev)
2468 rt_cache_flush(dev_net(in_dev->dev));
2471 #ifdef CONFIG_SYSCTL
2472 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2473 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2474 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2475 static int ip_rt_gc_elasticity __read_mostly = 8;
2477 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2478 void __user *buffer,
2479 size_t *lenp, loff_t *ppos)
2482 rt_cache_flush((struct net *)__ctl->extra1);
2489 static ctl_table ipv4_route_table[] = {
2491 .procname = "gc_thresh",
2492 .data = &ipv4_dst_ops.gc_thresh,
2493 .maxlen = sizeof(int),
2495 .proc_handler = proc_dointvec,
2498 .procname = "max_size",
2499 .data = &ip_rt_max_size,
2500 .maxlen = sizeof(int),
2502 .proc_handler = proc_dointvec,
2505 /* Deprecated. Use gc_min_interval_ms */
2507 .procname = "gc_min_interval",
2508 .data = &ip_rt_gc_min_interval,
2509 .maxlen = sizeof(int),
2511 .proc_handler = proc_dointvec_jiffies,
2514 .procname = "gc_min_interval_ms",
2515 .data = &ip_rt_gc_min_interval,
2516 .maxlen = sizeof(int),
2518 .proc_handler = proc_dointvec_ms_jiffies,
2521 .procname = "gc_timeout",
2522 .data = &ip_rt_gc_timeout,
2523 .maxlen = sizeof(int),
2525 .proc_handler = proc_dointvec_jiffies,
2528 .procname = "gc_interval",
2529 .data = &ip_rt_gc_interval,
2530 .maxlen = sizeof(int),
2532 .proc_handler = proc_dointvec_jiffies,
2535 .procname = "redirect_load",
2536 .data = &ip_rt_redirect_load,
2537 .maxlen = sizeof(int),
2539 .proc_handler = proc_dointvec,
2542 .procname = "redirect_number",
2543 .data = &ip_rt_redirect_number,
2544 .maxlen = sizeof(int),
2546 .proc_handler = proc_dointvec,
2549 .procname = "redirect_silence",
2550 .data = &ip_rt_redirect_silence,
2551 .maxlen = sizeof(int),
2553 .proc_handler = proc_dointvec,
2556 .procname = "error_cost",
2557 .data = &ip_rt_error_cost,
2558 .maxlen = sizeof(int),
2560 .proc_handler = proc_dointvec,
2563 .procname = "error_burst",
2564 .data = &ip_rt_error_burst,
2565 .maxlen = sizeof(int),
2567 .proc_handler = proc_dointvec,
2570 .procname = "gc_elasticity",
2571 .data = &ip_rt_gc_elasticity,
2572 .maxlen = sizeof(int),
2574 .proc_handler = proc_dointvec,
2577 .procname = "mtu_expires",
2578 .data = &ip_rt_mtu_expires,
2579 .maxlen = sizeof(int),
2581 .proc_handler = proc_dointvec_jiffies,
2584 .procname = "min_pmtu",
2585 .data = &ip_rt_min_pmtu,
2586 .maxlen = sizeof(int),
2588 .proc_handler = proc_dointvec,
2591 .procname = "min_adv_mss",
2592 .data = &ip_rt_min_advmss,
2593 .maxlen = sizeof(int),
2595 .proc_handler = proc_dointvec,
2600 static struct ctl_table ipv4_route_flush_table[] = {
2602 .procname = "flush",
2603 .maxlen = sizeof(int),
2605 .proc_handler = ipv4_sysctl_rtcache_flush,
2610 static __net_init int sysctl_route_net_init(struct net *net)
2612 struct ctl_table *tbl;
2614 tbl = ipv4_route_flush_table;
2615 if (!net_eq(net, &init_net)) {
2616 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2620 /* Don't export sysctls to unprivileged users */
2621 if (net->user_ns != &init_user_ns)
2622 tbl[0].procname = NULL;
2624 tbl[0].extra1 = net;
2626 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2627 if (net->ipv4.route_hdr == NULL)
2632 if (tbl != ipv4_route_flush_table)
2638 static __net_exit void sysctl_route_net_exit(struct net *net)
2640 struct ctl_table *tbl;
2642 tbl = net->ipv4.route_hdr->ctl_table_arg;
2643 unregister_net_sysctl_table(net->ipv4.route_hdr);
2644 BUG_ON(tbl == ipv4_route_flush_table);
2648 static __net_initdata struct pernet_operations sysctl_route_ops = {
2649 .init = sysctl_route_net_init,
2650 .exit = sysctl_route_net_exit,
2654 static __net_init int rt_genid_init(struct net *net)
2656 atomic_set(&net->rt_genid, 0);
2657 get_random_bytes(&net->ipv4.dev_addr_genid,
2658 sizeof(net->ipv4.dev_addr_genid));
2662 static __net_initdata struct pernet_operations rt_genid_ops = {
2663 .init = rt_genid_init,
2666 static int __net_init ipv4_inetpeer_init(struct net *net)
2668 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2672 inet_peer_base_init(bp);
2673 net->ipv4.peers = bp;
2677 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2679 struct inet_peer_base *bp = net->ipv4.peers;
2681 net->ipv4.peers = NULL;
2682 inetpeer_invalidate_tree(bp);
2686 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2687 .init = ipv4_inetpeer_init,
2688 .exit = ipv4_inetpeer_exit,
2691 #ifdef CONFIG_IP_ROUTE_CLASSID
2692 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2693 #endif /* CONFIG_IP_ROUTE_CLASSID */
2695 int __init ip_rt_init(void)
2699 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2701 panic("IP: failed to allocate ip_idents\n");
2703 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2705 #ifdef CONFIG_IP_ROUTE_CLASSID
2706 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2708 panic("IP: failed to allocate ip_rt_acct\n");
2711 ipv4_dst_ops.kmem_cachep =
2712 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2713 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2715 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2717 if (dst_entries_init(&ipv4_dst_ops) < 0)
2718 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2720 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2721 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2723 ipv4_dst_ops.gc_thresh = ~0;
2724 ip_rt_max_size = INT_MAX;
2729 if (ip_rt_proc_init())
2730 pr_err("Unable to create route proc files\n");
2735 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2737 #ifdef CONFIG_SYSCTL
2738 register_pernet_subsys(&sysctl_route_ops);
2740 register_pernet_subsys(&rt_genid_ops);
2741 register_pernet_subsys(&ipv4_inetpeer_ops);
2745 #ifdef CONFIG_SYSCTL
2747 * We really need to sanitize the damn ipv4 init order, then all
2748 * this nonsense will go away.
2750 void __init ip_static_sysctl_init(void)
2752 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / firefly-linux-kernel-4.4.55.git / blob