2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/net_namespace.h>
95 #include <net/protocol.h>
97 #include <net/route.h>
98 #include <net/inetpeer.h>
100 #include <net/ip_fib.h>
103 #include <net/icmp.h>
104 #include <net/xfrm.h>
105 #include <net/netevent.h>
106 #include <net/rtnetlink.h>
108 #include <linux/sysctl.h>
109 #include <linux/kmemleak.h>
111 #include <net/secure_seq.h>
113 #define RT_FL_TOS(oldflp4) \
114 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
116 #define IP_MAX_MTU 0xFFF0
118 #define RT_GC_TIMEOUT (300*HZ)
120 static int ip_rt_max_size;
121 static int ip_rt_redirect_number __read_mostly = 9;
122 static int ip_rt_redirect_load __read_mostly = HZ / 50;
123 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
124 static int ip_rt_error_cost __read_mostly = HZ;
125 static int ip_rt_error_burst __read_mostly = 5 * HZ;
126 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
127 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
128 static int ip_rt_min_advmss __read_mostly = 256;
131 * Interface to generic destination cache.
134 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
135 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
136 static unsigned int ipv4_mtu(const struct dst_entry *dst);
137 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
138 static void ipv4_link_failure(struct sk_buff *skb);
139 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
140 struct sk_buff *skb, u32 mtu);
141 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb);
143 static void ipv4_dst_destroy(struct dst_entry *dst);
145 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
150 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
156 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
160 static struct dst_ops ipv4_dst_ops = {
162 .protocol = cpu_to_be16(ETH_P_IP),
163 .check = ipv4_dst_check,
164 .default_advmss = ipv4_default_advmss,
166 .cow_metrics = ipv4_cow_metrics,
167 .destroy = ipv4_dst_destroy,
168 .ifdown = ipv4_dst_ifdown,
169 .negative_advice = ipv4_negative_advice,
170 .link_failure = ipv4_link_failure,
171 .update_pmtu = ip_rt_update_pmtu,
172 .redirect = ip_do_redirect,
173 .local_out = __ip_local_out,
174 .neigh_lookup = ipv4_neigh_lookup,
177 #define ECN_OR_COST(class) TC_PRIO_##class
179 const __u8 ip_tos2prio[16] = {
181 ECN_OR_COST(BESTEFFORT),
183 ECN_OR_COST(BESTEFFORT),
189 ECN_OR_COST(INTERACTIVE),
191 ECN_OR_COST(INTERACTIVE),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK),
194 TC_PRIO_INTERACTIVE_BULK,
195 ECN_OR_COST(INTERACTIVE_BULK)
197 EXPORT_SYMBOL(ip_tos2prio);
199 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
200 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
202 #ifdef CONFIG_PROC_FS
203 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
207 return SEQ_START_TOKEN;
210 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
216 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
220 static int rt_cache_seq_show(struct seq_file *seq, void *v)
222 if (v == SEQ_START_TOKEN)
223 seq_printf(seq, "%-127s\n",
224 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
225 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
230 static const struct seq_operations rt_cache_seq_ops = {
231 .start = rt_cache_seq_start,
232 .next = rt_cache_seq_next,
233 .stop = rt_cache_seq_stop,
234 .show = rt_cache_seq_show,
237 static int rt_cache_seq_open(struct inode *inode, struct file *file)
239 return seq_open(file, &rt_cache_seq_ops);
242 static const struct file_operations rt_cache_seq_fops = {
243 .owner = THIS_MODULE,
244 .open = rt_cache_seq_open,
247 .release = seq_release,
251 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
256 return SEQ_START_TOKEN;
258 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
259 if (!cpu_possible(cpu))
262 return &per_cpu(rt_cache_stat, cpu);
267 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
271 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
272 if (!cpu_possible(cpu))
275 return &per_cpu(rt_cache_stat, cpu);
281 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
286 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
288 struct rt_cache_stat *st = v;
290 if (v == SEQ_START_TOKEN) {
291 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
295 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
296 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
297 dst_entries_get_slow(&ipv4_dst_ops),
320 static const struct seq_operations rt_cpu_seq_ops = {
321 .start = rt_cpu_seq_start,
322 .next = rt_cpu_seq_next,
323 .stop = rt_cpu_seq_stop,
324 .show = rt_cpu_seq_show,
328 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
330 return seq_open(file, &rt_cpu_seq_ops);
333 static const struct file_operations rt_cpu_seq_fops = {
334 .owner = THIS_MODULE,
335 .open = rt_cpu_seq_open,
338 .release = seq_release,
341 #ifdef CONFIG_IP_ROUTE_CLASSID
342 static int rt_acct_proc_show(struct seq_file *m, void *v)
344 struct ip_rt_acct *dst, *src;
347 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
351 for_each_possible_cpu(i) {
352 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
353 for (j = 0; j < 256; j++) {
354 dst[j].o_bytes += src[j].o_bytes;
355 dst[j].o_packets += src[j].o_packets;
356 dst[j].i_bytes += src[j].i_bytes;
357 dst[j].i_packets += src[j].i_packets;
361 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
366 static int rt_acct_proc_open(struct inode *inode, struct file *file)
368 return single_open(file, rt_acct_proc_show, NULL);
371 static const struct file_operations rt_acct_proc_fops = {
372 .owner = THIS_MODULE,
373 .open = rt_acct_proc_open,
376 .release = single_release,
380 static int __net_init ip_rt_do_proc_init(struct net *net)
382 struct proc_dir_entry *pde;
384 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
389 pde = proc_create("rt_cache", S_IRUGO,
390 net->proc_net_stat, &rt_cpu_seq_fops);
394 #ifdef CONFIG_IP_ROUTE_CLASSID
395 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
401 #ifdef CONFIG_IP_ROUTE_CLASSID
403 remove_proc_entry("rt_cache", net->proc_net_stat);
406 remove_proc_entry("rt_cache", net->proc_net);
411 static void __net_exit ip_rt_do_proc_exit(struct net *net)
413 remove_proc_entry("rt_cache", net->proc_net_stat);
414 remove_proc_entry("rt_cache", net->proc_net);
415 #ifdef CONFIG_IP_ROUTE_CLASSID
416 remove_proc_entry("rt_acct", net->proc_net);
420 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
421 .init = ip_rt_do_proc_init,
422 .exit = ip_rt_do_proc_exit,
425 static int __init ip_rt_proc_init(void)
427 return register_pernet_subsys(&ip_rt_proc_ops);
431 static inline int ip_rt_proc_init(void)
435 #endif /* CONFIG_PROC_FS */
437 static inline bool rt_is_expired(const struct rtable *rth)
439 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
442 void rt_cache_flush(struct net *net)
447 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
451 struct net_device *dev = dst->dev;
452 const __be32 *pkey = daddr;
453 const struct rtable *rt;
456 rt = (const struct rtable *) dst;
458 pkey = (const __be32 *) &rt->rt_gateway;
460 pkey = &ip_hdr(skb)->daddr;
462 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
465 return neigh_create(&arp_tbl, pkey, dev);
468 #define IP_IDENTS_SZ 2048u
469 struct ip_ident_bucket {
474 static struct ip_ident_bucket *ip_idents __read_mostly;
476 /* In order to protect privacy, we add a perturbation to identifiers
477 * if one generator is seldom used. This makes hard for an attacker
478 * to infer how many packets were sent between two points in time.
480 u32 ip_idents_reserve(u32 hash, int segs)
482 struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ;
483 u32 old = ACCESS_ONCE(bucket->stamp32);
484 u32 now = (u32)jiffies;
487 if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) {
488 u64 x = prandom_u32();
491 delta = (u32)(x >> 32);
494 return atomic_add_return(segs + delta, &bucket->id) - segs;
496 EXPORT_SYMBOL(ip_idents_reserve);
498 void __ip_select_ident(struct iphdr *iph, int segs)
500 static u32 ip_idents_hashrnd __read_mostly;
501 static bool hashrnd_initialized = false;
504 if (unlikely(!hashrnd_initialized)) {
505 hashrnd_initialized = true;
506 get_random_bytes(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
509 hash = jhash_3words((__force u32)iph->daddr,
510 (__force u32)iph->saddr,
513 id = ip_idents_reserve(hash, segs);
516 EXPORT_SYMBOL(__ip_select_ident);
518 static void __build_flow_key(struct flowi4 *fl4, struct sock *sk,
519 const struct iphdr *iph,
521 u8 prot, u32 mark, int flow_flags)
524 const struct inet_sock *inet = inet_sk(sk);
526 oif = sk->sk_bound_dev_if;
528 tos = RT_CONN_FLAGS(sk);
529 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
531 flowi4_init_output(fl4, oif, mark, tos,
532 RT_SCOPE_UNIVERSE, prot,
534 iph->daddr, iph->saddr, 0, 0,
535 sk ? sock_i_uid(sk) : 0);
538 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
541 const struct iphdr *iph = ip_hdr(skb);
542 int oif = skb->dev->ifindex;
543 u8 tos = RT_TOS(iph->tos);
544 u8 prot = iph->protocol;
545 u32 mark = skb->mark;
547 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
550 static void build_sk_flow_key(struct flowi4 *fl4, struct sock *sk)
552 const struct inet_sock *inet = inet_sk(sk);
553 const struct ip_options_rcu *inet_opt;
554 __be32 daddr = inet->inet_daddr;
557 inet_opt = rcu_dereference(inet->inet_opt);
558 if (inet_opt && inet_opt->opt.srr)
559 daddr = inet_opt->opt.faddr;
560 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
561 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
562 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
563 inet_sk_flowi_flags(sk),
564 daddr, inet->inet_saddr, 0, 0,
569 static void ip_rt_build_flow_key(struct flowi4 *fl4, struct sock *sk,
570 const struct sk_buff *skb)
573 build_skb_flow_key(fl4, skb, sk);
575 build_sk_flow_key(fl4, sk);
578 static inline void rt_free(struct rtable *rt)
580 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
583 static DEFINE_SPINLOCK(fnhe_lock);
585 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
587 struct fib_nh_exception *fnhe, *oldest;
590 oldest = rcu_dereference(hash->chain);
591 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
592 fnhe = rcu_dereference(fnhe->fnhe_next)) {
593 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
596 orig = rcu_dereference(oldest->fnhe_rth);
598 RCU_INIT_POINTER(oldest->fnhe_rth, NULL);
604 static inline u32 fnhe_hashfun(__be32 daddr)
608 hval = (__force u32) daddr;
609 hval ^= (hval >> 11) ^ (hval >> 22);
611 return hval & (FNHE_HASH_SIZE - 1);
614 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
615 u32 pmtu, unsigned long expires)
617 struct fnhe_hash_bucket *hash;
618 struct fib_nh_exception *fnhe;
620 u32 hval = fnhe_hashfun(daddr);
622 spin_lock_bh(&fnhe_lock);
624 hash = nh->nh_exceptions;
626 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
629 nh->nh_exceptions = hash;
635 for (fnhe = rcu_dereference(hash->chain); fnhe;
636 fnhe = rcu_dereference(fnhe->fnhe_next)) {
637 if (fnhe->fnhe_daddr == daddr)
646 fnhe->fnhe_pmtu = pmtu;
647 fnhe->fnhe_expires = expires;
650 if (depth > FNHE_RECLAIM_DEPTH)
651 fnhe = fnhe_oldest(hash);
653 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
657 fnhe->fnhe_next = hash->chain;
658 rcu_assign_pointer(hash->chain, fnhe);
660 fnhe->fnhe_daddr = daddr;
662 fnhe->fnhe_pmtu = pmtu;
663 fnhe->fnhe_expires = expires;
666 fnhe->fnhe_stamp = jiffies;
669 spin_unlock_bh(&fnhe_lock);
673 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
676 __be32 new_gw = icmp_hdr(skb)->un.gateway;
677 __be32 old_gw = ip_hdr(skb)->saddr;
678 struct net_device *dev = skb->dev;
679 struct in_device *in_dev;
680 struct fib_result res;
684 switch (icmp_hdr(skb)->code & 7) {
686 case ICMP_REDIR_NETTOS:
687 case ICMP_REDIR_HOST:
688 case ICMP_REDIR_HOSTTOS:
695 if (rt->rt_gateway != old_gw)
698 in_dev = __in_dev_get_rcu(dev);
703 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
704 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
705 ipv4_is_zeronet(new_gw))
706 goto reject_redirect;
708 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
709 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
710 goto reject_redirect;
711 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
712 goto reject_redirect;
714 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
715 goto reject_redirect;
718 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
720 if (!(n->nud_state & NUD_VALID)) {
721 neigh_event_send(n, NULL);
723 if (fib_lookup(net, fl4, &res) == 0) {
724 struct fib_nh *nh = &FIB_RES_NH(res);
726 update_or_create_fnhe(nh, fl4->daddr, new_gw,
730 rt->dst.obsolete = DST_OBSOLETE_KILL;
731 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
738 #ifdef CONFIG_IP_ROUTE_VERBOSE
739 if (IN_DEV_LOG_MARTIANS(in_dev)) {
740 const struct iphdr *iph = (const struct iphdr *) skb->data;
741 __be32 daddr = iph->daddr;
742 __be32 saddr = iph->saddr;
744 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
745 " Advised path = %pI4 -> %pI4\n",
746 &old_gw, dev->name, &new_gw,
753 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
757 const struct iphdr *iph = (const struct iphdr *) skb->data;
758 int oif = skb->dev->ifindex;
759 u8 tos = RT_TOS(iph->tos);
760 u8 prot = iph->protocol;
761 u32 mark = skb->mark;
763 rt = (struct rtable *) dst;
765 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
766 __ip_do_redirect(rt, skb, &fl4, true);
769 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
771 struct rtable *rt = (struct rtable *)dst;
772 struct dst_entry *ret = dst;
775 if (dst->obsolete > 0) {
778 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
789 * 1. The first ip_rt_redirect_number redirects are sent
790 * with exponential backoff, then we stop sending them at all,
791 * assuming that the host ignores our redirects.
792 * 2. If we did not see packets requiring redirects
793 * during ip_rt_redirect_silence, we assume that the host
794 * forgot redirected route and start to send redirects again.
796 * This algorithm is much cheaper and more intelligent than dumb load limiting
799 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
800 * and "frag. need" (breaks PMTU discovery) in icmp.c.
803 void ip_rt_send_redirect(struct sk_buff *skb)
805 struct rtable *rt = skb_rtable(skb);
806 struct in_device *in_dev;
807 struct inet_peer *peer;
812 in_dev = __in_dev_get_rcu(rt->dst.dev);
813 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
817 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
820 net = dev_net(rt->dst.dev);
821 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
823 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
824 rt_nexthop(rt, ip_hdr(skb)->daddr));
828 /* No redirected packets during ip_rt_redirect_silence;
829 * reset the algorithm.
831 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
832 peer->rate_tokens = 0;
834 /* Too many ignored redirects; do not send anything
835 * set dst.rate_last to the last seen redirected packet.
837 if (peer->rate_tokens >= ip_rt_redirect_number) {
838 peer->rate_last = jiffies;
842 /* Check for load limit; set rate_last to the latest sent
845 if (peer->rate_tokens == 0 ||
848 (ip_rt_redirect_load << peer->rate_tokens)))) {
849 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
851 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
852 peer->rate_last = jiffies;
854 #ifdef CONFIG_IP_ROUTE_VERBOSE
856 peer->rate_tokens == ip_rt_redirect_number)
857 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
858 &ip_hdr(skb)->saddr, inet_iif(skb),
859 &ip_hdr(skb)->daddr, &gw);
866 static int ip_error(struct sk_buff *skb)
868 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
869 struct rtable *rt = skb_rtable(skb);
870 struct inet_peer *peer;
876 net = dev_net(rt->dst.dev);
877 if (!IN_DEV_FORWARD(in_dev)) {
878 switch (rt->dst.error) {
880 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
884 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
890 switch (rt->dst.error) {
895 code = ICMP_HOST_UNREACH;
898 code = ICMP_NET_UNREACH;
899 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
902 code = ICMP_PKT_FILTERED;
906 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
911 peer->rate_tokens += now - peer->rate_last;
912 if (peer->rate_tokens > ip_rt_error_burst)
913 peer->rate_tokens = ip_rt_error_burst;
914 peer->rate_last = now;
915 if (peer->rate_tokens >= ip_rt_error_cost)
916 peer->rate_tokens -= ip_rt_error_cost;
922 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
928 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
930 struct dst_entry *dst = &rt->dst;
931 struct fib_result res;
933 if (dst_metric_locked(dst, RTAX_MTU))
936 if (dst->dev->mtu < mtu)
939 if (mtu < ip_rt_min_pmtu)
940 mtu = ip_rt_min_pmtu;
943 dst->obsolete = DST_OBSOLETE_KILL;
946 dst->expires = max(1UL, jiffies + ip_rt_mtu_expires);
950 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
951 struct fib_nh *nh = &FIB_RES_NH(res);
953 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
954 jiffies + ip_rt_mtu_expires);
959 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
960 struct sk_buff *skb, u32 mtu)
962 struct rtable *rt = (struct rtable *) dst;
965 ip_rt_build_flow_key(&fl4, sk, skb);
966 __ip_rt_update_pmtu(rt, &fl4, mtu);
969 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
970 int oif, u32 mark, u8 protocol, int flow_flags)
972 const struct iphdr *iph = (const struct iphdr *) skb->data;
977 mark = IP4_REPLY_MARK(net, skb->mark);
979 __build_flow_key(&fl4, NULL, iph, oif,
980 RT_TOS(iph->tos), protocol, mark, flow_flags);
981 rt = __ip_route_output_key(net, &fl4);
983 __ip_rt_update_pmtu(rt, &fl4, mtu);
987 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
989 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
991 const struct iphdr *iph = (const struct iphdr *) skb->data;
995 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
997 if (!fl4.flowi4_mark)
998 fl4.flowi4_mark = IP4_REPLY_MARK(sock_net(sk), skb->mark);
1000 rt = __ip_route_output_key(sock_net(sk), &fl4);
1002 __ip_rt_update_pmtu(rt, &fl4, mtu);
1007 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1009 const struct iphdr *iph = (const struct iphdr *) skb->data;
1012 struct dst_entry *odst = NULL;
1016 odst = sk_dst_get(sk);
1018 if (sock_owned_by_user(sk) || !odst) {
1019 __ipv4_sk_update_pmtu(skb, sk, mtu);
1023 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1025 rt = (struct rtable *)odst;
1026 if (odst->obsolete && odst->ops->check(odst, 0) == NULL) {
1027 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1034 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1036 if (!dst_check(&rt->dst, 0)) {
1038 dst_release(&rt->dst);
1040 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1048 sk_dst_set(sk, &rt->dst);
1054 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1056 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1057 int oif, u32 mark, u8 protocol, int flow_flags)
1059 const struct iphdr *iph = (const struct iphdr *) skb->data;
1063 __build_flow_key(&fl4, NULL, iph, oif,
1064 RT_TOS(iph->tos), protocol, mark, flow_flags);
1065 rt = __ip_route_output_key(net, &fl4);
1067 __ip_do_redirect(rt, skb, &fl4, false);
1071 EXPORT_SYMBOL_GPL(ipv4_redirect);
1073 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1075 const struct iphdr *iph = (const struct iphdr *) skb->data;
1079 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1080 rt = __ip_route_output_key(sock_net(sk), &fl4);
1082 __ip_do_redirect(rt, skb, &fl4, false);
1086 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1088 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1090 struct rtable *rt = (struct rtable *) dst;
1092 /* All IPV4 dsts are created with ->obsolete set to the value
1093 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1094 * into this function always.
1096 * When a PMTU/redirect information update invalidates a
1097 * route, this is indicated by setting obsolete to
1098 * DST_OBSOLETE_KILL.
1100 if (dst->obsolete == DST_OBSOLETE_KILL || rt_is_expired(rt))
1105 static void ipv4_link_failure(struct sk_buff *skb)
1109 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1111 rt = skb_rtable(skb);
1113 dst_set_expires(&rt->dst, 0);
1116 static int ip_rt_bug(struct sk_buff *skb)
1118 pr_debug("%s: %pI4 -> %pI4, %s\n",
1119 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1120 skb->dev ? skb->dev->name : "?");
1127 We do not cache source address of outgoing interface,
1128 because it is used only by IP RR, TS and SRR options,
1129 so that it out of fast path.
1131 BTW remember: "addr" is allowed to be not aligned
1135 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1139 if (rt_is_output_route(rt))
1140 src = ip_hdr(skb)->saddr;
1142 struct fib_result res;
1148 memset(&fl4, 0, sizeof(fl4));
1149 fl4.daddr = iph->daddr;
1150 fl4.saddr = iph->saddr;
1151 fl4.flowi4_tos = RT_TOS(iph->tos);
1152 fl4.flowi4_oif = rt->dst.dev->ifindex;
1153 fl4.flowi4_iif = skb->dev->ifindex;
1154 fl4.flowi4_mark = skb->mark;
1157 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1158 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1160 src = inet_select_addr(rt->dst.dev,
1161 rt_nexthop(rt, iph->daddr),
1165 memcpy(addr, &src, 4);
1168 #ifdef CONFIG_IP_ROUTE_CLASSID
1169 static void set_class_tag(struct rtable *rt, u32 tag)
1171 if (!(rt->dst.tclassid & 0xFFFF))
1172 rt->dst.tclassid |= tag & 0xFFFF;
1173 if (!(rt->dst.tclassid & 0xFFFF0000))
1174 rt->dst.tclassid |= tag & 0xFFFF0000;
1178 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1180 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1183 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1185 if (advmss > 65535 - 40)
1186 advmss = 65535 - 40;
1191 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1193 const struct rtable *rt = (const struct rtable *) dst;
1194 unsigned int mtu = rt->rt_pmtu;
1196 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1197 mtu = dst_metric_raw(dst, RTAX_MTU);
1202 mtu = dst->dev->mtu;
1204 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1205 if (rt->rt_uses_gateway && mtu > 576)
1209 if (mtu > IP_MAX_MTU)
1215 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1217 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1218 struct fib_nh_exception *fnhe;
1224 hval = fnhe_hashfun(daddr);
1226 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1227 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1228 if (fnhe->fnhe_daddr == daddr)
1234 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1239 spin_lock_bh(&fnhe_lock);
1241 if (daddr == fnhe->fnhe_daddr) {
1242 struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
1243 if (orig && rt_is_expired(orig)) {
1245 fnhe->fnhe_pmtu = 0;
1246 fnhe->fnhe_expires = 0;
1248 if (fnhe->fnhe_pmtu) {
1249 unsigned long expires = fnhe->fnhe_expires;
1250 unsigned long diff = expires - jiffies;
1252 if (time_before(jiffies, expires)) {
1253 rt->rt_pmtu = fnhe->fnhe_pmtu;
1254 dst_set_expires(&rt->dst, diff);
1257 if (fnhe->fnhe_gw) {
1258 rt->rt_flags |= RTCF_REDIRECTED;
1259 rt->rt_gateway = fnhe->fnhe_gw;
1260 rt->rt_uses_gateway = 1;
1261 } else if (!rt->rt_gateway)
1262 rt->rt_gateway = daddr;
1264 rcu_assign_pointer(fnhe->fnhe_rth, rt);
1268 fnhe->fnhe_stamp = jiffies;
1271 spin_unlock_bh(&fnhe_lock);
1276 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1278 struct rtable *orig, *prev, **p;
1281 if (rt_is_input_route(rt)) {
1282 p = (struct rtable **)&nh->nh_rth_input;
1284 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1288 prev = cmpxchg(p, orig, rt);
1298 static DEFINE_SPINLOCK(rt_uncached_lock);
1299 static LIST_HEAD(rt_uncached_list);
1301 static void rt_add_uncached_list(struct rtable *rt)
1303 spin_lock_bh(&rt_uncached_lock);
1304 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1305 spin_unlock_bh(&rt_uncached_lock);
1308 static void ipv4_dst_destroy(struct dst_entry *dst)
1310 struct rtable *rt = (struct rtable *) dst;
1312 if (!list_empty(&rt->rt_uncached)) {
1313 spin_lock_bh(&rt_uncached_lock);
1314 list_del(&rt->rt_uncached);
1315 spin_unlock_bh(&rt_uncached_lock);
1319 void rt_flush_dev(struct net_device *dev)
1321 if (!list_empty(&rt_uncached_list)) {
1322 struct net *net = dev_net(dev);
1325 spin_lock_bh(&rt_uncached_lock);
1326 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1327 if (rt->dst.dev != dev)
1329 rt->dst.dev = net->loopback_dev;
1330 dev_hold(rt->dst.dev);
1333 spin_unlock_bh(&rt_uncached_lock);
1337 static bool rt_cache_valid(const struct rtable *rt)
1340 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1344 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1345 const struct fib_result *res,
1346 struct fib_nh_exception *fnhe,
1347 struct fib_info *fi, u16 type, u32 itag)
1349 bool cached = false;
1352 struct fib_nh *nh = &FIB_RES_NH(*res);
1354 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1355 rt->rt_gateway = nh->nh_gw;
1356 rt->rt_uses_gateway = 1;
1358 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1359 #ifdef CONFIG_IP_ROUTE_CLASSID
1360 rt->dst.tclassid = nh->nh_tclassid;
1363 cached = rt_bind_exception(rt, fnhe, daddr);
1364 else if (!(rt->dst.flags & DST_NOCACHE))
1365 cached = rt_cache_route(nh, rt);
1366 if (unlikely(!cached)) {
1367 /* Routes we intend to cache in nexthop exception or
1368 * FIB nexthop have the DST_NOCACHE bit clear.
1369 * However, if we are unsuccessful at storing this
1370 * route into the cache we really need to set it.
1372 rt->dst.flags |= DST_NOCACHE;
1373 if (!rt->rt_gateway)
1374 rt->rt_gateway = daddr;
1375 rt_add_uncached_list(rt);
1378 rt_add_uncached_list(rt);
1380 #ifdef CONFIG_IP_ROUTE_CLASSID
1381 #ifdef CONFIG_IP_MULTIPLE_TABLES
1382 set_class_tag(rt, res->tclassid);
1384 set_class_tag(rt, itag);
1388 static struct rtable *rt_dst_alloc(struct net_device *dev,
1389 bool nopolicy, bool noxfrm, bool will_cache)
1391 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1392 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1393 (nopolicy ? DST_NOPOLICY : 0) |
1394 (noxfrm ? DST_NOXFRM : 0));
1397 /* called in rcu_read_lock() section */
1398 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1399 u8 tos, struct net_device *dev, int our)
1402 struct in_device *in_dev = __in_dev_get_rcu(dev);
1406 /* Primary sanity checks. */
1411 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1412 skb->protocol != htons(ETH_P_IP))
1415 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1416 if (ipv4_is_loopback(saddr))
1419 if (ipv4_is_zeronet(saddr)) {
1420 if (!ipv4_is_local_multicast(daddr))
1423 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1428 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1429 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1433 #ifdef CONFIG_IP_ROUTE_CLASSID
1434 rth->dst.tclassid = itag;
1436 rth->dst.output = ip_rt_bug;
1438 rth->rt_genid = rt_genid(dev_net(dev));
1439 rth->rt_flags = RTCF_MULTICAST;
1440 rth->rt_type = RTN_MULTICAST;
1441 rth->rt_is_input= 1;
1444 rth->rt_gateway = 0;
1445 rth->rt_uses_gateway = 0;
1446 INIT_LIST_HEAD(&rth->rt_uncached);
1448 rth->dst.input= ip_local_deliver;
1449 rth->rt_flags |= RTCF_LOCAL;
1452 #ifdef CONFIG_IP_MROUTE
1453 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1454 rth->dst.input = ip_mr_input;
1456 RT_CACHE_STAT_INC(in_slow_mc);
1458 skb_dst_set(skb, &rth->dst);
1470 static void ip_handle_martian_source(struct net_device *dev,
1471 struct in_device *in_dev,
1472 struct sk_buff *skb,
1476 RT_CACHE_STAT_INC(in_martian_src);
1477 #ifdef CONFIG_IP_ROUTE_VERBOSE
1478 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1480 * RFC1812 recommendation, if source is martian,
1481 * the only hint is MAC header.
1483 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1484 &daddr, &saddr, dev->name);
1485 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1486 print_hex_dump(KERN_WARNING, "ll header: ",
1487 DUMP_PREFIX_OFFSET, 16, 1,
1488 skb_mac_header(skb),
1489 dev->hard_header_len, true);
1495 /* called in rcu_read_lock() section */
1496 static int __mkroute_input(struct sk_buff *skb,
1497 const struct fib_result *res,
1498 struct in_device *in_dev,
1499 __be32 daddr, __be32 saddr, u32 tos)
1503 struct in_device *out_dev;
1504 unsigned int flags = 0;
1508 /* get a working reference to the output device */
1509 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1510 if (out_dev == NULL) {
1511 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1515 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1516 in_dev->dev, in_dev, &itag);
1518 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1524 do_cache = res->fi && !itag;
1525 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1526 (IN_DEV_SHARED_MEDIA(out_dev) ||
1527 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
1528 flags |= RTCF_DOREDIRECT;
1532 if (skb->protocol != htons(ETH_P_IP)) {
1533 /* Not IP (i.e. ARP). Do not create route, if it is
1534 * invalid for proxy arp. DNAT routes are always valid.
1536 * Proxy arp feature have been extended to allow, ARP
1537 * replies back to the same interface, to support
1538 * Private VLAN switch technologies. See arp.c.
1540 if (out_dev == in_dev &&
1541 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1548 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1549 if (rt_cache_valid(rth)) {
1550 skb_dst_set_noref(skb, &rth->dst);
1555 rth = rt_dst_alloc(out_dev->dev,
1556 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1557 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1563 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
1564 rth->rt_flags = flags;
1565 rth->rt_type = res->type;
1566 rth->rt_is_input = 1;
1569 rth->rt_gateway = 0;
1570 rth->rt_uses_gateway = 0;
1571 INIT_LIST_HEAD(&rth->rt_uncached);
1572 RT_CACHE_STAT_INC(in_slow_tot);
1574 rth->dst.input = ip_forward;
1575 rth->dst.output = ip_output;
1577 rt_set_nexthop(rth, daddr, res, NULL, res->fi, res->type, itag);
1578 skb_dst_set(skb, &rth->dst);
1585 static int ip_mkroute_input(struct sk_buff *skb,
1586 struct fib_result *res,
1587 const struct flowi4 *fl4,
1588 struct in_device *in_dev,
1589 __be32 daddr, __be32 saddr, u32 tos)
1591 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1592 if (res->fi && res->fi->fib_nhs > 1)
1593 fib_select_multipath(res);
1596 /* create a routing cache entry */
1597 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1601 * NOTE. We drop all the packets that has local source
1602 * addresses, because every properly looped back packet
1603 * must have correct destination already attached by output routine.
1605 * Such approach solves two big problems:
1606 * 1. Not simplex devices are handled properly.
1607 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1608 * called with rcu_read_lock()
1611 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1612 u8 tos, struct net_device *dev)
1614 struct fib_result res;
1615 struct in_device *in_dev = __in_dev_get_rcu(dev);
1617 unsigned int flags = 0;
1621 struct net *net = dev_net(dev);
1624 /* IP on this device is disabled. */
1629 /* Check for the most weird martians, which can be not detected
1633 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1634 goto martian_source;
1637 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1640 /* Accept zero addresses only to limited broadcast;
1641 * I even do not know to fix it or not. Waiting for complains :-)
1643 if (ipv4_is_zeronet(saddr))
1644 goto martian_source;
1646 if (ipv4_is_zeronet(daddr))
1647 goto martian_destination;
1649 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1650 * and call it once if daddr or/and saddr are loopback addresses
1652 if (ipv4_is_loopback(daddr)) {
1653 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1654 goto martian_destination;
1655 } else if (ipv4_is_loopback(saddr)) {
1656 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1657 goto martian_source;
1661 * Now we are ready to route packet.
1664 fl4.flowi4_iif = dev->ifindex;
1665 fl4.flowi4_mark = skb->mark;
1666 fl4.flowi4_tos = tos;
1667 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1670 err = fib_lookup(net, &fl4, &res);
1674 if (res.type == RTN_BROADCAST)
1677 if (res.type == RTN_LOCAL) {
1678 err = fib_validate_source(skb, saddr, daddr, tos,
1680 dev, in_dev, &itag);
1682 goto martian_source_keep_err;
1686 if (!IN_DEV_FORWARD(in_dev))
1688 if (res.type != RTN_UNICAST)
1689 goto martian_destination;
1691 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1695 if (skb->protocol != htons(ETH_P_IP))
1698 if (!ipv4_is_zeronet(saddr)) {
1699 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1702 goto martian_source_keep_err;
1704 flags |= RTCF_BROADCAST;
1705 res.type = RTN_BROADCAST;
1706 RT_CACHE_STAT_INC(in_brd);
1712 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1713 if (rt_cache_valid(rth)) {
1714 skb_dst_set_noref(skb, &rth->dst);
1722 rth = rt_dst_alloc(net->loopback_dev,
1723 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1727 rth->dst.input= ip_local_deliver;
1728 rth->dst.output= ip_rt_bug;
1729 #ifdef CONFIG_IP_ROUTE_CLASSID
1730 rth->dst.tclassid = itag;
1733 rth->rt_genid = rt_genid(net);
1734 rth->rt_flags = flags|RTCF_LOCAL;
1735 rth->rt_type = res.type;
1736 rth->rt_is_input = 1;
1739 rth->rt_gateway = 0;
1740 rth->rt_uses_gateway = 0;
1741 INIT_LIST_HEAD(&rth->rt_uncached);
1742 RT_CACHE_STAT_INC(in_slow_tot);
1743 if (res.type == RTN_UNREACHABLE) {
1744 rth->dst.input= ip_error;
1745 rth->dst.error= -err;
1746 rth->rt_flags &= ~RTCF_LOCAL;
1749 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1750 rth->dst.flags |= DST_NOCACHE;
1751 rt_add_uncached_list(rth);
1754 skb_dst_set(skb, &rth->dst);
1759 RT_CACHE_STAT_INC(in_no_route);
1760 res.type = RTN_UNREACHABLE;
1766 * Do not cache martian addresses: they should be logged (RFC1812)
1768 martian_destination:
1769 RT_CACHE_STAT_INC(in_martian_dst);
1770 #ifdef CONFIG_IP_ROUTE_VERBOSE
1771 if (IN_DEV_LOG_MARTIANS(in_dev))
1772 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1773 &daddr, &saddr, dev->name);
1786 martian_source_keep_err:
1787 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1791 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1792 u8 tos, struct net_device *dev)
1798 /* Multicast recognition logic is moved from route cache to here.
1799 The problem was that too many Ethernet cards have broken/missing
1800 hardware multicast filters :-( As result the host on multicasting
1801 network acquires a lot of useless route cache entries, sort of
1802 SDR messages from all the world. Now we try to get rid of them.
1803 Really, provided software IP multicast filter is organized
1804 reasonably (at least, hashed), it does not result in a slowdown
1805 comparing with route cache reject entries.
1806 Note, that multicast routers are not affected, because
1807 route cache entry is created eventually.
1809 if (ipv4_is_multicast(daddr)) {
1810 struct in_device *in_dev = __in_dev_get_rcu(dev);
1813 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1814 ip_hdr(skb)->protocol);
1816 #ifdef CONFIG_IP_MROUTE
1818 (!ipv4_is_local_multicast(daddr) &&
1819 IN_DEV_MFORWARD(in_dev))
1822 int res = ip_route_input_mc(skb, daddr, saddr,
1831 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1835 EXPORT_SYMBOL(ip_route_input_noref);
1837 /* called with rcu_read_lock() */
1838 static struct rtable *__mkroute_output(const struct fib_result *res,
1839 const struct flowi4 *fl4, int orig_oif,
1840 struct net_device *dev_out,
1843 struct fib_info *fi = res->fi;
1844 struct fib_nh_exception *fnhe;
1845 struct in_device *in_dev;
1846 u16 type = res->type;
1850 in_dev = __in_dev_get_rcu(dev_out);
1852 return ERR_PTR(-EINVAL);
1854 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1855 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1856 return ERR_PTR(-EINVAL);
1858 if (ipv4_is_lbcast(fl4->daddr))
1859 type = RTN_BROADCAST;
1860 else if (ipv4_is_multicast(fl4->daddr))
1861 type = RTN_MULTICAST;
1862 else if (ipv4_is_zeronet(fl4->daddr))
1863 return ERR_PTR(-EINVAL);
1865 if (dev_out->flags & IFF_LOOPBACK)
1866 flags |= RTCF_LOCAL;
1869 if (type == RTN_BROADCAST) {
1870 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1872 } else if (type == RTN_MULTICAST) {
1873 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1874 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1876 flags &= ~RTCF_LOCAL;
1879 /* If multicast route do not exist use
1880 * default one, but do not gateway in this case.
1883 if (fi && res->prefixlen < 4)
1888 do_cache &= fi != NULL;
1890 struct rtable __rcu **prth;
1891 struct fib_nh *nh = &FIB_RES_NH(*res);
1893 fnhe = find_exception(nh, fl4->daddr);
1895 prth = &fnhe->fnhe_rth;
1897 if (unlikely(fl4->flowi4_flags &
1898 FLOWI_FLAG_KNOWN_NH &&
1900 nh->nh_scope == RT_SCOPE_LINK))) {
1904 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1906 rth = rcu_dereference(*prth);
1907 if (rt_cache_valid(rth)) {
1908 dst_hold(&rth->dst);
1914 rth = rt_dst_alloc(dev_out,
1915 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1916 IN_DEV_CONF_GET(in_dev, NOXFRM),
1919 return ERR_PTR(-ENOBUFS);
1921 rth->dst.output = ip_output;
1923 rth->rt_genid = rt_genid(dev_net(dev_out));
1924 rth->rt_flags = flags;
1925 rth->rt_type = type;
1926 rth->rt_is_input = 0;
1927 rth->rt_iif = orig_oif ? : 0;
1929 rth->rt_gateway = 0;
1930 rth->rt_uses_gateway = 0;
1931 INIT_LIST_HEAD(&rth->rt_uncached);
1933 RT_CACHE_STAT_INC(out_slow_tot);
1935 if (flags & RTCF_LOCAL)
1936 rth->dst.input = ip_local_deliver;
1937 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1938 if (flags & RTCF_LOCAL &&
1939 !(dev_out->flags & IFF_LOOPBACK)) {
1940 rth->dst.output = ip_mc_output;
1941 RT_CACHE_STAT_INC(out_slow_mc);
1943 #ifdef CONFIG_IP_MROUTE
1944 if (type == RTN_MULTICAST) {
1945 if (IN_DEV_MFORWARD(in_dev) &&
1946 !ipv4_is_local_multicast(fl4->daddr)) {
1947 rth->dst.input = ip_mr_input;
1948 rth->dst.output = ip_mc_output;
1954 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1960 * Major route resolver routine.
1963 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1965 struct net_device *dev_out = NULL;
1966 __u8 tos = RT_FL_TOS(fl4);
1967 unsigned int flags = 0;
1968 struct fib_result res;
1976 orig_oif = fl4->flowi4_oif;
1978 fl4->flowi4_iif = LOOPBACK_IFINDEX;
1979 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
1980 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
1981 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
1985 rth = ERR_PTR(-EINVAL);
1986 if (ipv4_is_multicast(fl4->saddr) ||
1987 ipv4_is_lbcast(fl4->saddr) ||
1988 ipv4_is_zeronet(fl4->saddr))
1991 /* I removed check for oif == dev_out->oif here.
1992 It was wrong for two reasons:
1993 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
1994 is assigned to multiple interfaces.
1995 2. Moreover, we are allowed to send packets with saddr
1996 of another iface. --ANK
1999 if (fl4->flowi4_oif == 0 &&
2000 (ipv4_is_multicast(fl4->daddr) ||
2001 ipv4_is_lbcast(fl4->daddr))) {
2002 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2003 dev_out = __ip_dev_find(net, fl4->saddr, false);
2004 if (dev_out == NULL)
2007 /* Special hack: user can direct multicasts
2008 and limited broadcast via necessary interface
2009 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2010 This hack is not just for fun, it allows
2011 vic,vat and friends to work.
2012 They bind socket to loopback, set ttl to zero
2013 and expect that it will work.
2014 From the viewpoint of routing cache they are broken,
2015 because we are not allowed to build multicast path
2016 with loopback source addr (look, routing cache
2017 cannot know, that ttl is zero, so that packet
2018 will not leave this host and route is valid).
2019 Luckily, this hack is good workaround.
2022 fl4->flowi4_oif = dev_out->ifindex;
2026 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2027 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2028 if (!__ip_dev_find(net, fl4->saddr, false))
2034 if (fl4->flowi4_oif) {
2035 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2036 rth = ERR_PTR(-ENODEV);
2037 if (dev_out == NULL)
2040 /* RACE: Check return value of inet_select_addr instead. */
2041 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2042 rth = ERR_PTR(-ENETUNREACH);
2045 if (ipv4_is_local_multicast(fl4->daddr) ||
2046 ipv4_is_lbcast(fl4->daddr)) {
2048 fl4->saddr = inet_select_addr(dev_out, 0,
2053 if (ipv4_is_multicast(fl4->daddr))
2054 fl4->saddr = inet_select_addr(dev_out, 0,
2056 else if (!fl4->daddr)
2057 fl4->saddr = inet_select_addr(dev_out, 0,
2063 fl4->daddr = fl4->saddr;
2065 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2066 dev_out = net->loopback_dev;
2067 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2068 res.type = RTN_LOCAL;
2069 flags |= RTCF_LOCAL;
2073 if (fib_lookup(net, fl4, &res)) {
2076 if (fl4->flowi4_oif) {
2077 /* Apparently, routing tables are wrong. Assume,
2078 that the destination is on link.
2081 Because we are allowed to send to iface
2082 even if it has NO routes and NO assigned
2083 addresses. When oif is specified, routing
2084 tables are looked up with only one purpose:
2085 to catch if destination is gatewayed, rather than
2086 direct. Moreover, if MSG_DONTROUTE is set,
2087 we send packet, ignoring both routing tables
2088 and ifaddr state. --ANK
2091 We could make it even if oif is unknown,
2092 likely IPv6, but we do not.
2095 if (fl4->saddr == 0)
2096 fl4->saddr = inet_select_addr(dev_out, 0,
2098 res.type = RTN_UNICAST;
2101 rth = ERR_PTR(-ENETUNREACH);
2105 if (res.type == RTN_LOCAL) {
2107 if (res.fi->fib_prefsrc)
2108 fl4->saddr = res.fi->fib_prefsrc;
2110 fl4->saddr = fl4->daddr;
2112 dev_out = net->loopback_dev;
2113 fl4->flowi4_oif = dev_out->ifindex;
2114 flags |= RTCF_LOCAL;
2118 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2119 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2120 fib_select_multipath(&res);
2123 if (!res.prefixlen &&
2124 res.table->tb_num_default > 1 &&
2125 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2126 fib_select_default(&res);
2129 fl4->saddr = FIB_RES_PREFSRC(net, res);
2131 dev_out = FIB_RES_DEV(res);
2132 fl4->flowi4_oif = dev_out->ifindex;
2136 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2142 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2144 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2149 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2151 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2153 return mtu ? : dst->dev->mtu;
2156 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2157 struct sk_buff *skb, u32 mtu)
2161 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2162 struct sk_buff *skb)
2166 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2172 static struct dst_ops ipv4_dst_blackhole_ops = {
2174 .protocol = cpu_to_be16(ETH_P_IP),
2175 .check = ipv4_blackhole_dst_check,
2176 .mtu = ipv4_blackhole_mtu,
2177 .default_advmss = ipv4_default_advmss,
2178 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2179 .redirect = ipv4_rt_blackhole_redirect,
2180 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2181 .neigh_lookup = ipv4_neigh_lookup,
2184 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2186 struct rtable *ort = (struct rtable *) dst_orig;
2189 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2191 struct dst_entry *new = &rt->dst;
2194 new->input = dst_discard;
2195 new->output = dst_discard;
2197 new->dev = ort->dst.dev;
2201 rt->rt_is_input = ort->rt_is_input;
2202 rt->rt_iif = ort->rt_iif;
2203 rt->rt_pmtu = ort->rt_pmtu;
2205 rt->rt_genid = rt_genid(net);
2206 rt->rt_flags = ort->rt_flags;
2207 rt->rt_type = ort->rt_type;
2208 rt->rt_gateway = ort->rt_gateway;
2209 rt->rt_uses_gateway = ort->rt_uses_gateway;
2211 INIT_LIST_HEAD(&rt->rt_uncached);
2216 dst_release(dst_orig);
2218 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2221 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2224 struct rtable *rt = __ip_route_output_key(net, flp4);
2229 if (flp4->flowi4_proto)
2230 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2231 flowi4_to_flowi(flp4),
2236 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2238 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2239 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2240 u32 seq, int event, int nowait, unsigned int flags)
2242 struct rtable *rt = skb_rtable(skb);
2244 struct nlmsghdr *nlh;
2245 unsigned long expires = 0;
2247 u32 metrics[RTAX_MAX];
2249 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2253 r = nlmsg_data(nlh);
2254 r->rtm_family = AF_INET;
2255 r->rtm_dst_len = 32;
2257 r->rtm_tos = fl4->flowi4_tos;
2258 r->rtm_table = RT_TABLE_MAIN;
2259 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2260 goto nla_put_failure;
2261 r->rtm_type = rt->rt_type;
2262 r->rtm_scope = RT_SCOPE_UNIVERSE;
2263 r->rtm_protocol = RTPROT_UNSPEC;
2264 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2265 if (rt->rt_flags & RTCF_NOTIFY)
2266 r->rtm_flags |= RTM_F_NOTIFY;
2268 if (nla_put_be32(skb, RTA_DST, dst))
2269 goto nla_put_failure;
2271 r->rtm_src_len = 32;
2272 if (nla_put_be32(skb, RTA_SRC, src))
2273 goto nla_put_failure;
2276 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2277 goto nla_put_failure;
2278 #ifdef CONFIG_IP_ROUTE_CLASSID
2279 if (rt->dst.tclassid &&
2280 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2281 goto nla_put_failure;
2283 if (!rt_is_input_route(rt) &&
2284 fl4->saddr != src) {
2285 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2286 goto nla_put_failure;
2288 if (rt->rt_uses_gateway &&
2289 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2290 goto nla_put_failure;
2292 expires = rt->dst.expires;
2294 unsigned long now = jiffies;
2296 if (time_before(now, expires))
2302 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2303 if (rt->rt_pmtu && expires)
2304 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2305 if (rtnetlink_put_metrics(skb, metrics) < 0)
2306 goto nla_put_failure;
2308 if (fl4->flowi4_mark &&
2309 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2310 goto nla_put_failure;
2312 if (!uid_eq(fl4->flowi4_uid, INVALID_UID) &&
2313 nla_put_u32(skb, RTA_UID,
2314 from_kuid_munged(current_user_ns(), fl4->flowi4_uid)))
2315 goto nla_put_failure;
2317 error = rt->dst.error;
2319 if (rt_is_input_route(rt)) {
2320 #ifdef CONFIG_IP_MROUTE
2321 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2322 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2323 int err = ipmr_get_route(net, skb,
2324 fl4->saddr, fl4->daddr,
2330 goto nla_put_failure;
2332 if (err == -EMSGSIZE)
2333 goto nla_put_failure;
2339 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2340 goto nla_put_failure;
2343 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2344 goto nla_put_failure;
2346 return nlmsg_end(skb, nlh);
2349 nlmsg_cancel(skb, nlh);
2353 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2355 struct net *net = sock_net(in_skb->sk);
2357 struct nlattr *tb[RTA_MAX+1];
2358 struct rtable *rt = NULL;
2365 struct sk_buff *skb;
2368 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2372 rtm = nlmsg_data(nlh);
2374 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2380 /* Reserve room for dummy headers, this skb can pass
2381 through good chunk of routing engine.
2383 skb_reset_mac_header(skb);
2384 skb_reset_network_header(skb);
2386 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2387 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2388 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2390 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2391 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2392 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2393 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2395 uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID]));
2397 uid = (iif ? INVALID_UID : current_uid());
2399 memset(&fl4, 0, sizeof(fl4));
2402 fl4.flowi4_tos = rtm->rtm_tos;
2403 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2404 fl4.flowi4_mark = mark;
2405 fl4.flowi4_uid = uid;
2408 struct net_device *dev;
2410 dev = __dev_get_by_index(net, iif);
2416 skb->protocol = htons(ETH_P_IP);
2420 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2423 rt = skb_rtable(skb);
2424 if (err == 0 && rt->dst.error)
2425 err = -rt->dst.error;
2427 rt = ip_route_output_key(net, &fl4);
2437 skb_dst_set(skb, &rt->dst);
2438 if (rtm->rtm_flags & RTM_F_NOTIFY)
2439 rt->rt_flags |= RTCF_NOTIFY;
2441 err = rt_fill_info(net, dst, src, &fl4, skb,
2442 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2443 RTM_NEWROUTE, 0, 0);
2447 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2456 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2461 void ip_rt_multicast_event(struct in_device *in_dev)
2463 rt_cache_flush(dev_net(in_dev->dev));
2466 #ifdef CONFIG_SYSCTL
2467 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2468 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2469 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2470 static int ip_rt_gc_elasticity __read_mostly = 8;
2472 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2473 void __user *buffer,
2474 size_t *lenp, loff_t *ppos)
2477 rt_cache_flush((struct net *)__ctl->extra1);
2484 static ctl_table ipv4_route_table[] = {
2486 .procname = "gc_thresh",
2487 .data = &ipv4_dst_ops.gc_thresh,
2488 .maxlen = sizeof(int),
2490 .proc_handler = proc_dointvec,
2493 .procname = "max_size",
2494 .data = &ip_rt_max_size,
2495 .maxlen = sizeof(int),
2497 .proc_handler = proc_dointvec,
2500 /* Deprecated. Use gc_min_interval_ms */
2502 .procname = "gc_min_interval",
2503 .data = &ip_rt_gc_min_interval,
2504 .maxlen = sizeof(int),
2506 .proc_handler = proc_dointvec_jiffies,
2509 .procname = "gc_min_interval_ms",
2510 .data = &ip_rt_gc_min_interval,
2511 .maxlen = sizeof(int),
2513 .proc_handler = proc_dointvec_ms_jiffies,
2516 .procname = "gc_timeout",
2517 .data = &ip_rt_gc_timeout,
2518 .maxlen = sizeof(int),
2520 .proc_handler = proc_dointvec_jiffies,
2523 .procname = "gc_interval",
2524 .data = &ip_rt_gc_interval,
2525 .maxlen = sizeof(int),
2527 .proc_handler = proc_dointvec_jiffies,
2530 .procname = "redirect_load",
2531 .data = &ip_rt_redirect_load,
2532 .maxlen = sizeof(int),
2534 .proc_handler = proc_dointvec,
2537 .procname = "redirect_number",
2538 .data = &ip_rt_redirect_number,
2539 .maxlen = sizeof(int),
2541 .proc_handler = proc_dointvec,
2544 .procname = "redirect_silence",
2545 .data = &ip_rt_redirect_silence,
2546 .maxlen = sizeof(int),
2548 .proc_handler = proc_dointvec,
2551 .procname = "error_cost",
2552 .data = &ip_rt_error_cost,
2553 .maxlen = sizeof(int),
2555 .proc_handler = proc_dointvec,
2558 .procname = "error_burst",
2559 .data = &ip_rt_error_burst,
2560 .maxlen = sizeof(int),
2562 .proc_handler = proc_dointvec,
2565 .procname = "gc_elasticity",
2566 .data = &ip_rt_gc_elasticity,
2567 .maxlen = sizeof(int),
2569 .proc_handler = proc_dointvec,
2572 .procname = "mtu_expires",
2573 .data = &ip_rt_mtu_expires,
2574 .maxlen = sizeof(int),
2576 .proc_handler = proc_dointvec_jiffies,
2579 .procname = "min_pmtu",
2580 .data = &ip_rt_min_pmtu,
2581 .maxlen = sizeof(int),
2583 .proc_handler = proc_dointvec,
2586 .procname = "min_adv_mss",
2587 .data = &ip_rt_min_advmss,
2588 .maxlen = sizeof(int),
2590 .proc_handler = proc_dointvec,
2595 static struct ctl_table ipv4_route_flush_table[] = {
2597 .procname = "flush",
2598 .maxlen = sizeof(int),
2600 .proc_handler = ipv4_sysctl_rtcache_flush,
2605 static __net_init int sysctl_route_net_init(struct net *net)
2607 struct ctl_table *tbl;
2609 tbl = ipv4_route_flush_table;
2610 if (!net_eq(net, &init_net)) {
2611 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2615 /* Don't export sysctls to unprivileged users */
2616 if (net->user_ns != &init_user_ns)
2617 tbl[0].procname = NULL;
2619 tbl[0].extra1 = net;
2621 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2622 if (net->ipv4.route_hdr == NULL)
2627 if (tbl != ipv4_route_flush_table)
2633 static __net_exit void sysctl_route_net_exit(struct net *net)
2635 struct ctl_table *tbl;
2637 tbl = net->ipv4.route_hdr->ctl_table_arg;
2638 unregister_net_sysctl_table(net->ipv4.route_hdr);
2639 BUG_ON(tbl == ipv4_route_flush_table);
2643 static __net_initdata struct pernet_operations sysctl_route_ops = {
2644 .init = sysctl_route_net_init,
2645 .exit = sysctl_route_net_exit,
2649 static __net_init int rt_genid_init(struct net *net)
2651 atomic_set(&net->rt_genid, 0);
2652 get_random_bytes(&net->ipv4.dev_addr_genid,
2653 sizeof(net->ipv4.dev_addr_genid));
2657 static __net_initdata struct pernet_operations rt_genid_ops = {
2658 .init = rt_genid_init,
2661 static int __net_init ipv4_inetpeer_init(struct net *net)
2663 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2667 inet_peer_base_init(bp);
2668 net->ipv4.peers = bp;
2672 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2674 struct inet_peer_base *bp = net->ipv4.peers;
2676 net->ipv4.peers = NULL;
2677 inetpeer_invalidate_tree(bp);
2681 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2682 .init = ipv4_inetpeer_init,
2683 .exit = ipv4_inetpeer_exit,
2686 #ifdef CONFIG_IP_ROUTE_CLASSID
2687 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2688 #endif /* CONFIG_IP_ROUTE_CLASSID */
2690 int __init ip_rt_init(void)
2694 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2696 panic("IP: failed to allocate ip_idents\n");
2698 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2700 #ifdef CONFIG_IP_ROUTE_CLASSID
2701 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2703 panic("IP: failed to allocate ip_rt_acct\n");
2706 ipv4_dst_ops.kmem_cachep =
2707 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2708 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2710 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2712 if (dst_entries_init(&ipv4_dst_ops) < 0)
2713 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2715 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2716 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2718 ipv4_dst_ops.gc_thresh = ~0;
2719 ip_rt_max_size = INT_MAX;
2724 if (ip_rt_proc_init())
2725 pr_err("Unable to create route proc files\n");
2730 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2732 #ifdef CONFIG_SYSCTL
2733 register_pernet_subsys(&sysctl_route_ops);
2735 register_pernet_subsys(&rt_genid_ops);
2736 register_pernet_subsys(&ipv4_inetpeer_ops);
2740 #ifdef CONFIG_SYSCTL
2742 * We really need to sanitize the damn ipv4 init order, then all
2743 * this nonsense will go away.
2745 void __init ip_static_sysctl_init(void)
2747 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);
projects / firefly-linux-kernel-4.4.55.git / blob