2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * ROUTE - implementation of the IP router.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
11 * Linus Torvalds, <Linus.Torvalds@helsinki.fi>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alan Cox : Verify area fixes.
16 * Alan Cox : cli() protects routing changes
17 * Rui Oliveira : ICMP routing table updates
18 * (rco@di.uminho.pt) Routing table insertion and update
19 * Linus Torvalds : Rewrote bits to be sensible
20 * Alan Cox : Added BSD route gw semantics
21 * Alan Cox : Super /proc >4K
22 * Alan Cox : MTU in route table
23 * Alan Cox : MSS actually. Also added the window
25 * Sam Lantinga : Fixed route matching in rt_del()
26 * Alan Cox : Routing cache support.
27 * Alan Cox : Removed compatibility cruft.
28 * Alan Cox : RTF_REJECT support.
29 * Alan Cox : TCP irtt support.
30 * Jonathan Naylor : Added Metric support.
31 * Miquel van Smoorenburg : BSD API fixes.
32 * Miquel van Smoorenburg : Metrics.
33 * Alan Cox : Use __u32 properly
34 * Alan Cox : Aligned routing errors more closely with BSD
35 * our system is still very different.
36 * Alan Cox : Faster /proc handling
37 * Alexey Kuznetsov : Massive rework to support tree based routing,
38 * routing caches and better behaviour.
40 * Olaf Erb : irtt wasn't being copied right.
41 * Bjorn Ekwall : Kerneld route support.
42 * Alan Cox : Multicast fixed (I hope)
43 * Pavel Krauz : Limited broadcast fixed
44 * Mike McLagan : Routing by source
45 * Alexey Kuznetsov : End of old history. Split to fib.c and
46 * route.c and rewritten from scratch.
47 * Andi Kleen : Load-limit warning messages.
48 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
49 * Vitaly E. Lavrov : Race condition in ip_route_input_slow.
50 * Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
51 * Vladimir V. Ivanov : IP rule info (flowid) is really useful.
52 * Marc Boucher : routing by fwmark
53 * Robert Olsson : Added rt_cache statistics
54 * Arnaldo C. Melo : Convert proc stuff to seq_file
55 * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
56 * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
57 * Ilia Sotnikov : Removed TOS from hash calculations
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version
62 * 2 of the License, or (at your option) any later version.
65 #define pr_fmt(fmt) "IPv4: " fmt
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <linux/bitops.h>
70 #include <linux/types.h>
71 #include <linux/kernel.h>
73 #include <linux/string.h>
74 #include <linux/socket.h>
75 #include <linux/sockios.h>
76 #include <linux/errno.h>
78 #include <linux/inet.h>
79 #include <linux/netdevice.h>
80 #include <linux/proc_fs.h>
81 #include <linux/init.h>
82 #include <linux/skbuff.h>
83 #include <linux/inetdevice.h>
84 #include <linux/igmp.h>
85 #include <linux/pkt_sched.h>
86 #include <linux/mroute.h>
87 #include <linux/netfilter_ipv4.h>
88 #include <linux/random.h>
89 #include <linux/rcupdate.h>
90 #include <linux/times.h>
91 #include <linux/slab.h>
92 #include <linux/jhash.h>
94 #include <net/net_namespace.h>
95 #include <net/protocol.h>
97 #include <net/route.h>
98 #include <net/inetpeer.h>
100 #include <net/ip_fib.h>
103 #include <net/icmp.h>
104 #include <net/xfrm.h>
105 #include <net/netevent.h>
106 #include <net/rtnetlink.h>
108 #include <linux/sysctl.h>
109 #include <linux/kmemleak.h>
111 #include <net/secure_seq.h>
113 #define RT_FL_TOS(oldflp4) \
114 ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))
116 #define IP_MAX_MTU 0xFFF0
118 #define RT_GC_TIMEOUT (300*HZ)
120 static int ip_rt_max_size;
121 static int ip_rt_redirect_number __read_mostly = 9;
122 static int ip_rt_redirect_load __read_mostly = HZ / 50;
123 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
124 static int ip_rt_error_cost __read_mostly = HZ;
125 static int ip_rt_error_burst __read_mostly = 5 * HZ;
126 static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ;
127 static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20;
128 static int ip_rt_min_advmss __read_mostly = 256;
131 * Interface to generic destination cache.
134 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
135 static unsigned int ipv4_default_advmss(const struct dst_entry *dst);
136 static unsigned int ipv4_mtu(const struct dst_entry *dst);
137 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
138 static void ipv4_link_failure(struct sk_buff *skb);
139 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
140 struct sk_buff *skb, u32 mtu);
141 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk,
142 struct sk_buff *skb);
143 static void ipv4_dst_destroy(struct dst_entry *dst);
145 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
150 static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
156 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
160 static struct dst_ops ipv4_dst_ops = {
162 .protocol = cpu_to_be16(ETH_P_IP),
163 .check = ipv4_dst_check,
164 .default_advmss = ipv4_default_advmss,
166 .cow_metrics = ipv4_cow_metrics,
167 .destroy = ipv4_dst_destroy,
168 .ifdown = ipv4_dst_ifdown,
169 .negative_advice = ipv4_negative_advice,
170 .link_failure = ipv4_link_failure,
171 .update_pmtu = ip_rt_update_pmtu,
172 .redirect = ip_do_redirect,
173 .local_out = __ip_local_out,
174 .neigh_lookup = ipv4_neigh_lookup,
177 #define ECN_OR_COST(class) TC_PRIO_##class
179 const __u8 ip_tos2prio[16] = {
181 ECN_OR_COST(BESTEFFORT),
183 ECN_OR_COST(BESTEFFORT),
189 ECN_OR_COST(INTERACTIVE),
191 ECN_OR_COST(INTERACTIVE),
192 TC_PRIO_INTERACTIVE_BULK,
193 ECN_OR_COST(INTERACTIVE_BULK),
194 TC_PRIO_INTERACTIVE_BULK,
195 ECN_OR_COST(INTERACTIVE_BULK)
197 EXPORT_SYMBOL(ip_tos2prio);
199 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
200 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
202 #ifdef CONFIG_PROC_FS
203 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
207 return SEQ_START_TOKEN;
210 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
216 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
220 static int rt_cache_seq_show(struct seq_file *seq, void *v)
222 if (v == SEQ_START_TOKEN)
223 seq_printf(seq, "%-127s\n",
224 "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
225 "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
230 static const struct seq_operations rt_cache_seq_ops = {
231 .start = rt_cache_seq_start,
232 .next = rt_cache_seq_next,
233 .stop = rt_cache_seq_stop,
234 .show = rt_cache_seq_show,
237 static int rt_cache_seq_open(struct inode *inode, struct file *file)
239 return seq_open(file, &rt_cache_seq_ops);
242 static const struct file_operations rt_cache_seq_fops = {
243 .owner = THIS_MODULE,
244 .open = rt_cache_seq_open,
247 .release = seq_release,
251 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
256 return SEQ_START_TOKEN;
258 for (cpu = *pos-1; cpu < nr_cpu_ids; ++cpu) {
259 if (!cpu_possible(cpu))
262 return &per_cpu(rt_cache_stat, cpu);
267 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
271 for (cpu = *pos; cpu < nr_cpu_ids; ++cpu) {
272 if (!cpu_possible(cpu))
275 return &per_cpu(rt_cache_stat, cpu);
281 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
286 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
288 struct rt_cache_stat *st = v;
290 if (v == SEQ_START_TOKEN) {
291 seq_printf(seq, "entries in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src out_hit out_slow_tot out_slow_mc gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
295 seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x "
296 " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
297 dst_entries_get_slow(&ipv4_dst_ops),
320 static const struct seq_operations rt_cpu_seq_ops = {
321 .start = rt_cpu_seq_start,
322 .next = rt_cpu_seq_next,
323 .stop = rt_cpu_seq_stop,
324 .show = rt_cpu_seq_show,
328 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
330 return seq_open(file, &rt_cpu_seq_ops);
333 static const struct file_operations rt_cpu_seq_fops = {
334 .owner = THIS_MODULE,
335 .open = rt_cpu_seq_open,
338 .release = seq_release,
341 #ifdef CONFIG_IP_ROUTE_CLASSID
342 static int rt_acct_proc_show(struct seq_file *m, void *v)
344 struct ip_rt_acct *dst, *src;
347 dst = kcalloc(256, sizeof(struct ip_rt_acct), GFP_KERNEL);
351 for_each_possible_cpu(i) {
352 src = (struct ip_rt_acct *)per_cpu_ptr(ip_rt_acct, i);
353 for (j = 0; j < 256; j++) {
354 dst[j].o_bytes += src[j].o_bytes;
355 dst[j].o_packets += src[j].o_packets;
356 dst[j].i_bytes += src[j].i_bytes;
357 dst[j].i_packets += src[j].i_packets;
361 seq_write(m, dst, 256 * sizeof(struct ip_rt_acct));
366 static int rt_acct_proc_open(struct inode *inode, struct file *file)
368 return single_open(file, rt_acct_proc_show, NULL);
371 static const struct file_operations rt_acct_proc_fops = {
372 .owner = THIS_MODULE,
373 .open = rt_acct_proc_open,
376 .release = single_release,
380 static int __net_init ip_rt_do_proc_init(struct net *net)
382 struct proc_dir_entry *pde;
384 pde = proc_create("rt_cache", S_IRUGO, net->proc_net,
389 pde = proc_create("rt_cache", S_IRUGO,
390 net->proc_net_stat, &rt_cpu_seq_fops);
394 #ifdef CONFIG_IP_ROUTE_CLASSID
395 pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
401 #ifdef CONFIG_IP_ROUTE_CLASSID
403 remove_proc_entry("rt_cache", net->proc_net_stat);
406 remove_proc_entry("rt_cache", net->proc_net);
411 static void __net_exit ip_rt_do_proc_exit(struct net *net)
413 remove_proc_entry("rt_cache", net->proc_net_stat);
414 remove_proc_entry("rt_cache", net->proc_net);
415 #ifdef CONFIG_IP_ROUTE_CLASSID
416 remove_proc_entry("rt_acct", net->proc_net);
420 static struct pernet_operations ip_rt_proc_ops __net_initdata = {
421 .init = ip_rt_do_proc_init,
422 .exit = ip_rt_do_proc_exit,
425 static int __init ip_rt_proc_init(void)
427 return register_pernet_subsys(&ip_rt_proc_ops);
431 static inline int ip_rt_proc_init(void)
435 #endif /* CONFIG_PROC_FS */
437 static inline bool rt_is_expired(const struct rtable *rth)
439 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
442 void rt_cache_flush(struct net *net)
447 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
451 struct net_device *dev = dst->dev;
452 const __be32 *pkey = daddr;
453 const struct rtable *rt;
456 rt = (const struct rtable *) dst;
458 pkey = (const __be32 *) &rt->rt_gateway;
460 pkey = &ip_hdr(skb)->daddr;
462 n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
465 return neigh_create(&arp_tbl, pkey, dev);
468 #define IP_IDENTS_SZ 2048u
469 struct ip_ident_bucket {
474 static struct ip_ident_bucket *ip_idents __read_mostly;
476 /* In order to protect privacy, we add a perturbation to identifiers
477 * if one generator is seldom used. This makes hard for an attacker
478 * to infer how many packets were sent between two points in time.
480 u32 ip_idents_reserve(u32 hash, int segs)
482 struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ;
483 u32 old = ACCESS_ONCE(bucket->stamp32);
484 u32 now = (u32)jiffies;
487 if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) {
488 u64 x = prandom_u32();
491 delta = (u32)(x >> 32);
494 return atomic_add_return(segs + delta, &bucket->id) - segs;
496 EXPORT_SYMBOL(ip_idents_reserve);
498 void __ip_select_ident(struct iphdr *iph, int segs)
500 static u32 ip_idents_hashrnd __read_mostly;
501 static bool hashrnd_initialized = false;
504 if (unlikely(!hashrnd_initialized)) {
505 hashrnd_initialized = true;
506 get_random_bytes(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
509 hash = jhash_3words((__force u32)iph->daddr,
510 (__force u32)iph->saddr,
513 id = ip_idents_reserve(hash, segs);
516 EXPORT_SYMBOL(__ip_select_ident);
518 static void __build_flow_key(struct flowi4 *fl4, const struct sock *sk,
519 const struct iphdr *iph,
521 u8 prot, u32 mark, int flow_flags)
524 const struct inet_sock *inet = inet_sk(sk);
526 oif = sk->sk_bound_dev_if;
528 tos = RT_CONN_FLAGS(sk);
529 prot = inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol;
531 flowi4_init_output(fl4, oif, mark, tos,
532 RT_SCOPE_UNIVERSE, prot,
534 iph->daddr, iph->saddr, 0, 0);
537 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
538 const struct sock *sk)
540 const struct iphdr *iph = ip_hdr(skb);
541 int oif = skb->dev->ifindex;
542 u8 tos = RT_TOS(iph->tos);
543 u8 prot = iph->protocol;
544 u32 mark = skb->mark;
546 __build_flow_key(fl4, sk, iph, oif, tos, prot, mark, 0);
549 static void build_sk_flow_key(struct flowi4 *fl4, const struct sock *sk)
551 const struct inet_sock *inet = inet_sk(sk);
552 const struct ip_options_rcu *inet_opt;
553 __be32 daddr = inet->inet_daddr;
556 inet_opt = rcu_dereference(inet->inet_opt);
557 if (inet_opt && inet_opt->opt.srr)
558 daddr = inet_opt->opt.faddr;
559 flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
560 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
561 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
562 inet_sk_flowi_flags(sk),
563 daddr, inet->inet_saddr, 0, 0);
567 static void ip_rt_build_flow_key(struct flowi4 *fl4, const struct sock *sk,
568 const struct sk_buff *skb)
571 build_skb_flow_key(fl4, skb, sk);
573 build_sk_flow_key(fl4, sk);
576 static inline void rt_free(struct rtable *rt)
578 call_rcu(&rt->dst.rcu_head, dst_rcu_free);
581 static DEFINE_SPINLOCK(fnhe_lock);
583 static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
585 struct fib_nh_exception *fnhe, *oldest;
588 oldest = rcu_dereference(hash->chain);
589 for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe;
590 fnhe = rcu_dereference(fnhe->fnhe_next)) {
591 if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp))
594 orig = rcu_dereference(oldest->fnhe_rth);
596 RCU_INIT_POINTER(oldest->fnhe_rth, NULL);
602 static inline u32 fnhe_hashfun(__be32 daddr)
606 hval = (__force u32) daddr;
607 hval ^= (hval >> 11) ^ (hval >> 22);
609 return hval & (FNHE_HASH_SIZE - 1);
612 static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
613 u32 pmtu, unsigned long expires)
615 struct fnhe_hash_bucket *hash;
616 struct fib_nh_exception *fnhe;
618 u32 hval = fnhe_hashfun(daddr);
620 spin_lock_bh(&fnhe_lock);
622 hash = nh->nh_exceptions;
624 hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
627 nh->nh_exceptions = hash;
633 for (fnhe = rcu_dereference(hash->chain); fnhe;
634 fnhe = rcu_dereference(fnhe->fnhe_next)) {
635 if (fnhe->fnhe_daddr == daddr)
644 fnhe->fnhe_pmtu = pmtu;
645 fnhe->fnhe_expires = expires;
648 if (depth > FNHE_RECLAIM_DEPTH)
649 fnhe = fnhe_oldest(hash);
651 fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC);
655 fnhe->fnhe_next = hash->chain;
656 rcu_assign_pointer(hash->chain, fnhe);
658 fnhe->fnhe_daddr = daddr;
660 fnhe->fnhe_pmtu = pmtu;
661 fnhe->fnhe_expires = expires;
664 fnhe->fnhe_stamp = jiffies;
667 spin_unlock_bh(&fnhe_lock);
671 static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flowi4 *fl4,
674 __be32 new_gw = icmp_hdr(skb)->un.gateway;
675 __be32 old_gw = ip_hdr(skb)->saddr;
676 struct net_device *dev = skb->dev;
677 struct in_device *in_dev;
678 struct fib_result res;
682 switch (icmp_hdr(skb)->code & 7) {
684 case ICMP_REDIR_NETTOS:
685 case ICMP_REDIR_HOST:
686 case ICMP_REDIR_HOSTTOS:
693 if (rt->rt_gateway != old_gw)
696 in_dev = __in_dev_get_rcu(dev);
701 if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev) ||
702 ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw) ||
703 ipv4_is_zeronet(new_gw))
704 goto reject_redirect;
706 if (!IN_DEV_SHARED_MEDIA(in_dev)) {
707 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
708 goto reject_redirect;
709 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
710 goto reject_redirect;
712 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
713 goto reject_redirect;
716 n = ipv4_neigh_lookup(&rt->dst, NULL, &new_gw);
718 if (!(n->nud_state & NUD_VALID)) {
719 neigh_event_send(n, NULL);
721 if (fib_lookup(net, fl4, &res) == 0) {
722 struct fib_nh *nh = &FIB_RES_NH(res);
724 update_or_create_fnhe(nh, fl4->daddr, new_gw,
728 rt->dst.obsolete = DST_OBSOLETE_KILL;
729 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
736 #ifdef CONFIG_IP_ROUTE_VERBOSE
737 if (IN_DEV_LOG_MARTIANS(in_dev)) {
738 const struct iphdr *iph = (const struct iphdr *) skb->data;
739 __be32 daddr = iph->daddr;
740 __be32 saddr = iph->saddr;
742 net_info_ratelimited("Redirect from %pI4 on %s about %pI4 ignored\n"
743 " Advised path = %pI4 -> %pI4\n",
744 &old_gw, dev->name, &new_gw,
751 static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
755 const struct iphdr *iph = (const struct iphdr *) skb->data;
756 int oif = skb->dev->ifindex;
757 u8 tos = RT_TOS(iph->tos);
758 u8 prot = iph->protocol;
759 u32 mark = skb->mark;
761 rt = (struct rtable *) dst;
763 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
764 __ip_do_redirect(rt, skb, &fl4, true);
767 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
769 struct rtable *rt = (struct rtable *)dst;
770 struct dst_entry *ret = dst;
773 if (dst->obsolete > 0) {
776 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
787 * 1. The first ip_rt_redirect_number redirects are sent
788 * with exponential backoff, then we stop sending them at all,
789 * assuming that the host ignores our redirects.
790 * 2. If we did not see packets requiring redirects
791 * during ip_rt_redirect_silence, we assume that the host
792 * forgot redirected route and start to send redirects again.
794 * This algorithm is much cheaper and more intelligent than dumb load limiting
797 * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
798 * and "frag. need" (breaks PMTU discovery) in icmp.c.
801 void ip_rt_send_redirect(struct sk_buff *skb)
803 struct rtable *rt = skb_rtable(skb);
804 struct in_device *in_dev;
805 struct inet_peer *peer;
810 in_dev = __in_dev_get_rcu(rt->dst.dev);
811 if (!in_dev || !IN_DEV_TX_REDIRECTS(in_dev)) {
815 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
818 net = dev_net(rt->dst.dev);
819 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
821 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
822 rt_nexthop(rt, ip_hdr(skb)->daddr));
826 /* No redirected packets during ip_rt_redirect_silence;
827 * reset the algorithm.
829 if (time_after(jiffies, peer->rate_last + ip_rt_redirect_silence))
830 peer->rate_tokens = 0;
832 /* Too many ignored redirects; do not send anything
833 * set dst.rate_last to the last seen redirected packet.
835 if (peer->rate_tokens >= ip_rt_redirect_number) {
836 peer->rate_last = jiffies;
840 /* Check for load limit; set rate_last to the latest sent
843 if (peer->rate_tokens == 0 ||
846 (ip_rt_redirect_load << peer->rate_tokens)))) {
847 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
849 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
850 peer->rate_last = jiffies;
852 #ifdef CONFIG_IP_ROUTE_VERBOSE
854 peer->rate_tokens == ip_rt_redirect_number)
855 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
856 &ip_hdr(skb)->saddr, inet_iif(skb),
857 &ip_hdr(skb)->daddr, &gw);
864 static int ip_error(struct sk_buff *skb)
866 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
867 struct rtable *rt = skb_rtable(skb);
868 struct inet_peer *peer;
874 /* IP on this device is disabled. */
878 net = dev_net(rt->dst.dev);
879 if (!IN_DEV_FORWARD(in_dev)) {
880 switch (rt->dst.error) {
882 IP_INC_STATS_BH(net, IPSTATS_MIB_INADDRERRORS);
886 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
892 switch (rt->dst.error) {
897 code = ICMP_HOST_UNREACH;
900 code = ICMP_NET_UNREACH;
901 IP_INC_STATS_BH(net, IPSTATS_MIB_INNOROUTES);
904 code = ICMP_PKT_FILTERED;
908 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
913 peer->rate_tokens += now - peer->rate_last;
914 if (peer->rate_tokens > ip_rt_error_burst)
915 peer->rate_tokens = ip_rt_error_burst;
916 peer->rate_last = now;
917 if (peer->rate_tokens >= ip_rt_error_cost)
918 peer->rate_tokens -= ip_rt_error_cost;
924 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
930 static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
932 struct dst_entry *dst = &rt->dst;
933 struct fib_result res;
935 if (dst_metric_locked(dst, RTAX_MTU))
938 if (dst->dev->mtu < mtu)
941 if (mtu < ip_rt_min_pmtu)
942 mtu = ip_rt_min_pmtu;
945 dst->obsolete = DST_OBSOLETE_KILL;
948 dst->expires = max(1UL, jiffies + ip_rt_mtu_expires);
952 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
953 struct fib_nh *nh = &FIB_RES_NH(res);
955 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
956 jiffies + ip_rt_mtu_expires);
961 static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
962 struct sk_buff *skb, u32 mtu)
964 struct rtable *rt = (struct rtable *) dst;
967 ip_rt_build_flow_key(&fl4, sk, skb);
968 __ip_rt_update_pmtu(rt, &fl4, mtu);
971 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
972 int oif, u32 mark, u8 protocol, int flow_flags)
974 const struct iphdr *iph = (const struct iphdr *) skb->data;
978 __build_flow_key(&fl4, NULL, iph, oif,
979 RT_TOS(iph->tos), protocol, mark, flow_flags);
980 rt = __ip_route_output_key(net, &fl4);
982 __ip_rt_update_pmtu(rt, &fl4, mtu);
986 EXPORT_SYMBOL_GPL(ipv4_update_pmtu);
988 static void __ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
990 const struct iphdr *iph = (const struct iphdr *) skb->data;
994 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
995 rt = __ip_route_output_key(sock_net(sk), &fl4);
997 __ip_rt_update_pmtu(rt, &fl4, mtu);
1002 void ipv4_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, u32 mtu)
1004 const struct iphdr *iph = (const struct iphdr *) skb->data;
1007 struct dst_entry *odst = NULL;
1011 odst = sk_dst_get(sk);
1013 if (sock_owned_by_user(sk) || !odst) {
1014 __ipv4_sk_update_pmtu(skb, sk, mtu);
1018 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1020 rt = (struct rtable *)odst;
1021 if (odst->obsolete && odst->ops->check(odst, 0) == NULL) {
1022 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1029 __ip_rt_update_pmtu((struct rtable *) rt->dst.path, &fl4, mtu);
1031 if (!dst_check(&rt->dst, 0)) {
1033 dst_release(&rt->dst);
1035 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
1043 sk_dst_set(sk, &rt->dst);
1049 EXPORT_SYMBOL_GPL(ipv4_sk_update_pmtu);
1051 void ipv4_redirect(struct sk_buff *skb, struct net *net,
1052 int oif, u32 mark, u8 protocol, int flow_flags)
1054 const struct iphdr *iph = (const struct iphdr *) skb->data;
1058 __build_flow_key(&fl4, NULL, iph, oif,
1059 RT_TOS(iph->tos), protocol, mark, flow_flags);
1060 rt = __ip_route_output_key(net, &fl4);
1062 __ip_do_redirect(rt, skb, &fl4, false);
1066 EXPORT_SYMBOL_GPL(ipv4_redirect);
1068 void ipv4_sk_redirect(struct sk_buff *skb, struct sock *sk)
1070 const struct iphdr *iph = (const struct iphdr *) skb->data;
1074 __build_flow_key(&fl4, sk, iph, 0, 0, 0, 0, 0);
1075 rt = __ip_route_output_key(sock_net(sk), &fl4);
1077 __ip_do_redirect(rt, skb, &fl4, false);
1081 EXPORT_SYMBOL_GPL(ipv4_sk_redirect);
1083 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1085 struct rtable *rt = (struct rtable *) dst;
1087 /* All IPV4 dsts are created with ->obsolete set to the value
1088 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1089 * into this function always.
1091 * When a PMTU/redirect information update invalidates a
1092 * route, this is indicated by setting obsolete to
1093 * DST_OBSOLETE_KILL.
1095 if (dst->obsolete == DST_OBSOLETE_KILL || rt_is_expired(rt))
1100 static void ipv4_link_failure(struct sk_buff *skb)
1104 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1106 rt = skb_rtable(skb);
1108 dst_set_expires(&rt->dst, 0);
1111 static int ip_rt_bug(struct sk_buff *skb)
1113 pr_debug("%s: %pI4 -> %pI4, %s\n",
1114 __func__, &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
1115 skb->dev ? skb->dev->name : "?");
1122 We do not cache source address of outgoing interface,
1123 because it is used only by IP RR, TS and SRR options,
1124 so that it out of fast path.
1126 BTW remember: "addr" is allowed to be not aligned
1130 void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt)
1134 if (rt_is_output_route(rt))
1135 src = ip_hdr(skb)->saddr;
1137 struct fib_result res;
1143 memset(&fl4, 0, sizeof(fl4));
1144 fl4.daddr = iph->daddr;
1145 fl4.saddr = iph->saddr;
1146 fl4.flowi4_tos = RT_TOS(iph->tos);
1147 fl4.flowi4_oif = rt->dst.dev->ifindex;
1148 fl4.flowi4_iif = skb->dev->ifindex;
1149 fl4.flowi4_mark = skb->mark;
1152 if (fib_lookup(dev_net(rt->dst.dev), &fl4, &res) == 0)
1153 src = FIB_RES_PREFSRC(dev_net(rt->dst.dev), res);
1155 src = inet_select_addr(rt->dst.dev,
1156 rt_nexthop(rt, iph->daddr),
1160 memcpy(addr, &src, 4);
1163 #ifdef CONFIG_IP_ROUTE_CLASSID
1164 static void set_class_tag(struct rtable *rt, u32 tag)
1166 if (!(rt->dst.tclassid & 0xFFFF))
1167 rt->dst.tclassid |= tag & 0xFFFF;
1168 if (!(rt->dst.tclassid & 0xFFFF0000))
1169 rt->dst.tclassid |= tag & 0xFFFF0000;
1173 static unsigned int ipv4_default_advmss(const struct dst_entry *dst)
1175 unsigned int advmss = dst_metric_raw(dst, RTAX_ADVMSS);
1178 advmss = max_t(unsigned int, dst->dev->mtu - 40,
1180 if (advmss > 65535 - 40)
1181 advmss = 65535 - 40;
1186 static unsigned int ipv4_mtu(const struct dst_entry *dst)
1188 const struct rtable *rt = (const struct rtable *) dst;
1189 unsigned int mtu = rt->rt_pmtu;
1191 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1192 mtu = dst_metric_raw(dst, RTAX_MTU);
1197 mtu = dst->dev->mtu;
1199 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1200 if (rt->rt_uses_gateway && mtu > 576)
1204 if (mtu > IP_MAX_MTU)
1210 static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
1212 struct fnhe_hash_bucket *hash = nh->nh_exceptions;
1213 struct fib_nh_exception *fnhe;
1219 hval = fnhe_hashfun(daddr);
1221 for (fnhe = rcu_dereference(hash[hval].chain); fnhe;
1222 fnhe = rcu_dereference(fnhe->fnhe_next)) {
1223 if (fnhe->fnhe_daddr == daddr)
1229 static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1234 spin_lock_bh(&fnhe_lock);
1236 if (daddr == fnhe->fnhe_daddr) {
1237 struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
1238 if (orig && rt_is_expired(orig)) {
1240 fnhe->fnhe_pmtu = 0;
1241 fnhe->fnhe_expires = 0;
1243 if (fnhe->fnhe_pmtu) {
1244 unsigned long expires = fnhe->fnhe_expires;
1245 unsigned long diff = expires - jiffies;
1247 if (time_before(jiffies, expires)) {
1248 rt->rt_pmtu = fnhe->fnhe_pmtu;
1249 dst_set_expires(&rt->dst, diff);
1252 if (fnhe->fnhe_gw) {
1253 rt->rt_flags |= RTCF_REDIRECTED;
1254 rt->rt_gateway = fnhe->fnhe_gw;
1255 rt->rt_uses_gateway = 1;
1256 } else if (!rt->rt_gateway)
1257 rt->rt_gateway = daddr;
1259 rcu_assign_pointer(fnhe->fnhe_rth, rt);
1263 fnhe->fnhe_stamp = jiffies;
1266 spin_unlock_bh(&fnhe_lock);
1271 static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1273 struct rtable *orig, *prev, **p;
1276 if (rt_is_input_route(rt)) {
1277 p = (struct rtable **)&nh->nh_rth_input;
1279 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1283 prev = cmpxchg(p, orig, rt);
1293 static DEFINE_SPINLOCK(rt_uncached_lock);
1294 static LIST_HEAD(rt_uncached_list);
1296 static void rt_add_uncached_list(struct rtable *rt)
1298 spin_lock_bh(&rt_uncached_lock);
1299 list_add_tail(&rt->rt_uncached, &rt_uncached_list);
1300 spin_unlock_bh(&rt_uncached_lock);
1303 static void ipv4_dst_destroy(struct dst_entry *dst)
1305 struct rtable *rt = (struct rtable *) dst;
1307 if (!list_empty(&rt->rt_uncached)) {
1308 spin_lock_bh(&rt_uncached_lock);
1309 list_del(&rt->rt_uncached);
1310 spin_unlock_bh(&rt_uncached_lock);
1314 void rt_flush_dev(struct net_device *dev)
1316 if (!list_empty(&rt_uncached_list)) {
1317 struct net *net = dev_net(dev);
1320 spin_lock_bh(&rt_uncached_lock);
1321 list_for_each_entry(rt, &rt_uncached_list, rt_uncached) {
1322 if (rt->dst.dev != dev)
1324 rt->dst.dev = net->loopback_dev;
1325 dev_hold(rt->dst.dev);
1328 spin_unlock_bh(&rt_uncached_lock);
1332 static bool rt_cache_valid(const struct rtable *rt)
1335 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1339 static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1340 const struct fib_result *res,
1341 struct fib_nh_exception *fnhe,
1342 struct fib_info *fi, u16 type, u32 itag)
1344 bool cached = false;
1347 struct fib_nh *nh = &FIB_RES_NH(*res);
1349 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1350 rt->rt_gateway = nh->nh_gw;
1351 rt->rt_uses_gateway = 1;
1353 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1354 #ifdef CONFIG_IP_ROUTE_CLASSID
1355 rt->dst.tclassid = nh->nh_tclassid;
1358 cached = rt_bind_exception(rt, fnhe, daddr);
1359 else if (!(rt->dst.flags & DST_NOCACHE))
1360 cached = rt_cache_route(nh, rt);
1361 if (unlikely(!cached)) {
1362 /* Routes we intend to cache in nexthop exception or
1363 * FIB nexthop have the DST_NOCACHE bit clear.
1364 * However, if we are unsuccessful at storing this
1365 * route into the cache we really need to set it.
1367 rt->dst.flags |= DST_NOCACHE;
1368 if (!rt->rt_gateway)
1369 rt->rt_gateway = daddr;
1370 rt_add_uncached_list(rt);
1373 rt_add_uncached_list(rt);
1375 #ifdef CONFIG_IP_ROUTE_CLASSID
1376 #ifdef CONFIG_IP_MULTIPLE_TABLES
1377 set_class_tag(rt, res->tclassid);
1379 set_class_tag(rt, itag);
1383 static struct rtable *rt_dst_alloc(struct net_device *dev,
1384 bool nopolicy, bool noxfrm, bool will_cache)
1386 return dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
1387 (will_cache ? 0 : (DST_HOST | DST_NOCACHE)) |
1388 (nopolicy ? DST_NOPOLICY : 0) |
1389 (noxfrm ? DST_NOXFRM : 0));
1392 /* called in rcu_read_lock() section */
1393 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1394 u8 tos, struct net_device *dev, int our)
1397 struct in_device *in_dev = __in_dev_get_rcu(dev);
1401 /* Primary sanity checks. */
1406 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1407 skb->protocol != htons(ETH_P_IP))
1410 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1411 if (ipv4_is_loopback(saddr))
1414 if (ipv4_is_zeronet(saddr)) {
1415 if (!ipv4_is_local_multicast(daddr))
1418 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1423 rth = rt_dst_alloc(dev_net(dev)->loopback_dev,
1424 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, false);
1428 #ifdef CONFIG_IP_ROUTE_CLASSID
1429 rth->dst.tclassid = itag;
1431 rth->dst.output = ip_rt_bug;
1433 rth->rt_genid = rt_genid(dev_net(dev));
1434 rth->rt_flags = RTCF_MULTICAST;
1435 rth->rt_type = RTN_MULTICAST;
1436 rth->rt_is_input= 1;
1439 rth->rt_gateway = 0;
1440 rth->rt_uses_gateway = 0;
1441 INIT_LIST_HEAD(&rth->rt_uncached);
1443 rth->dst.input= ip_local_deliver;
1444 rth->rt_flags |= RTCF_LOCAL;
1447 #ifdef CONFIG_IP_MROUTE
1448 if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1449 rth->dst.input = ip_mr_input;
1451 RT_CACHE_STAT_INC(in_slow_mc);
1453 skb_dst_set(skb, &rth->dst);
1465 static void ip_handle_martian_source(struct net_device *dev,
1466 struct in_device *in_dev,
1467 struct sk_buff *skb,
1471 RT_CACHE_STAT_INC(in_martian_src);
1472 #ifdef CONFIG_IP_ROUTE_VERBOSE
1473 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1475 * RFC1812 recommendation, if source is martian,
1476 * the only hint is MAC header.
1478 pr_warn("martian source %pI4 from %pI4, on dev %s\n",
1479 &daddr, &saddr, dev->name);
1480 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1481 print_hex_dump(KERN_WARNING, "ll header: ",
1482 DUMP_PREFIX_OFFSET, 16, 1,
1483 skb_mac_header(skb),
1484 dev->hard_header_len, true);
1490 /* called in rcu_read_lock() section */
1491 static int __mkroute_input(struct sk_buff *skb,
1492 const struct fib_result *res,
1493 struct in_device *in_dev,
1494 __be32 daddr, __be32 saddr, u32 tos)
1498 struct in_device *out_dev;
1499 unsigned int flags = 0;
1503 /* get a working reference to the output device */
1504 out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res));
1505 if (out_dev == NULL) {
1506 net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n");
1510 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1511 in_dev->dev, in_dev, &itag);
1513 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1519 do_cache = res->fi && !itag;
1520 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1521 skb->protocol == htons(ETH_P_IP) &&
1522 (IN_DEV_SHARED_MEDIA(out_dev) ||
1523 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1524 IPCB(skb)->flags |= IPSKB_DOREDIRECT;
1526 if (skb->protocol != htons(ETH_P_IP)) {
1527 /* Not IP (i.e. ARP). Do not create route, if it is
1528 * invalid for proxy arp. DNAT routes are always valid.
1530 * Proxy arp feature have been extended to allow, ARP
1531 * replies back to the same interface, to support
1532 * Private VLAN switch technologies. See arp.c.
1534 if (out_dev == in_dev &&
1535 IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
1542 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1543 if (rt_cache_valid(rth)) {
1544 skb_dst_set_noref(skb, &rth->dst);
1549 rth = rt_dst_alloc(out_dev->dev,
1550 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1551 IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache);
1557 rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
1558 rth->rt_flags = flags;
1559 rth->rt_type = res->type;
1560 rth->rt_is_input = 1;
1563 rth->rt_gateway = 0;
1564 rth->rt_uses_gateway = 0;
1565 INIT_LIST_HEAD(&rth->rt_uncached);
1566 RT_CACHE_STAT_INC(in_slow_tot);
1568 rth->dst.input = ip_forward;
1569 rth->dst.output = ip_output;
1571 rt_set_nexthop(rth, daddr, res, NULL, res->fi, res->type, itag);
1572 skb_dst_set(skb, &rth->dst);
1579 static int ip_mkroute_input(struct sk_buff *skb,
1580 struct fib_result *res,
1581 const struct flowi4 *fl4,
1582 struct in_device *in_dev,
1583 __be32 daddr, __be32 saddr, u32 tos)
1585 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1586 if (res->fi && res->fi->fib_nhs > 1)
1587 fib_select_multipath(res);
1590 /* create a routing cache entry */
1591 return __mkroute_input(skb, res, in_dev, daddr, saddr, tos);
1595 * NOTE. We drop all the packets that has local source
1596 * addresses, because every properly looped back packet
1597 * must have correct destination already attached by output routine.
1599 * Such approach solves two big problems:
1600 * 1. Not simplex devices are handled properly.
1601 * 2. IP spoofing attempts are filtered with 100% of guarantee.
1602 * called with rcu_read_lock()
1605 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1606 u8 tos, struct net_device *dev)
1608 struct fib_result res;
1609 struct in_device *in_dev = __in_dev_get_rcu(dev);
1611 unsigned int flags = 0;
1615 struct net *net = dev_net(dev);
1618 /* IP on this device is disabled. */
1623 /* Check for the most weird martians, which can be not detected
1627 if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
1628 goto martian_source;
1631 if (ipv4_is_lbcast(daddr) || (saddr == 0 && daddr == 0))
1634 /* Accept zero addresses only to limited broadcast;
1635 * I even do not know to fix it or not. Waiting for complains :-)
1637 if (ipv4_is_zeronet(saddr))
1638 goto martian_source;
1640 if (ipv4_is_zeronet(daddr))
1641 goto martian_destination;
1643 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
1644 * and call it once if daddr or/and saddr are loopback addresses
1646 if (ipv4_is_loopback(daddr)) {
1647 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1648 goto martian_destination;
1649 } else if (ipv4_is_loopback(saddr)) {
1650 if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
1651 goto martian_source;
1655 * Now we are ready to route packet.
1658 fl4.flowi4_iif = dev->ifindex;
1659 fl4.flowi4_mark = skb->mark;
1660 fl4.flowi4_tos = tos;
1661 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
1664 err = fib_lookup(net, &fl4, &res);
1668 if (res.type == RTN_BROADCAST)
1671 if (res.type == RTN_LOCAL) {
1672 err = fib_validate_source(skb, saddr, daddr, tos,
1674 dev, in_dev, &itag);
1676 goto martian_source_keep_err;
1680 if (!IN_DEV_FORWARD(in_dev))
1682 if (res.type != RTN_UNICAST)
1683 goto martian_destination;
1685 err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
1689 if (skb->protocol != htons(ETH_P_IP))
1692 if (!ipv4_is_zeronet(saddr)) {
1693 err = fib_validate_source(skb, saddr, 0, tos, 0, dev,
1696 goto martian_source_keep_err;
1698 flags |= RTCF_BROADCAST;
1699 res.type = RTN_BROADCAST;
1700 RT_CACHE_STAT_INC(in_brd);
1706 rth = rcu_dereference(FIB_RES_NH(res).nh_rth_input);
1707 if (rt_cache_valid(rth)) {
1708 skb_dst_set_noref(skb, &rth->dst);
1716 rth = rt_dst_alloc(net->loopback_dev,
1717 IN_DEV_CONF_GET(in_dev, NOPOLICY), false, do_cache);
1721 rth->dst.input= ip_local_deliver;
1722 rth->dst.output= ip_rt_bug;
1723 #ifdef CONFIG_IP_ROUTE_CLASSID
1724 rth->dst.tclassid = itag;
1727 rth->rt_genid = rt_genid(net);
1728 rth->rt_flags = flags|RTCF_LOCAL;
1729 rth->rt_type = res.type;
1730 rth->rt_is_input = 1;
1733 rth->rt_gateway = 0;
1734 rth->rt_uses_gateway = 0;
1735 INIT_LIST_HEAD(&rth->rt_uncached);
1736 RT_CACHE_STAT_INC(in_slow_tot);
1737 if (res.type == RTN_UNREACHABLE) {
1738 rth->dst.input= ip_error;
1739 rth->dst.error= -err;
1740 rth->rt_flags &= ~RTCF_LOCAL;
1743 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1744 rth->dst.flags |= DST_NOCACHE;
1745 rt_add_uncached_list(rth);
1748 skb_dst_set(skb, &rth->dst);
1753 RT_CACHE_STAT_INC(in_no_route);
1754 res.type = RTN_UNREACHABLE;
1760 * Do not cache martian addresses: they should be logged (RFC1812)
1762 martian_destination:
1763 RT_CACHE_STAT_INC(in_martian_dst);
1764 #ifdef CONFIG_IP_ROUTE_VERBOSE
1765 if (IN_DEV_LOG_MARTIANS(in_dev))
1766 net_warn_ratelimited("martian destination %pI4 from %pI4, dev %s\n",
1767 &daddr, &saddr, dev->name);
1780 martian_source_keep_err:
1781 ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
1785 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1786 u8 tos, struct net_device *dev)
1792 /* Multicast recognition logic is moved from route cache to here.
1793 The problem was that too many Ethernet cards have broken/missing
1794 hardware multicast filters :-( As result the host on multicasting
1795 network acquires a lot of useless route cache entries, sort of
1796 SDR messages from all the world. Now we try to get rid of them.
1797 Really, provided software IP multicast filter is organized
1798 reasonably (at least, hashed), it does not result in a slowdown
1799 comparing with route cache reject entries.
1800 Note, that multicast routers are not affected, because
1801 route cache entry is created eventually.
1803 if (ipv4_is_multicast(daddr)) {
1804 struct in_device *in_dev = __in_dev_get_rcu(dev);
1807 int our = ip_check_mc_rcu(in_dev, daddr, saddr,
1808 ip_hdr(skb)->protocol);
1810 #ifdef CONFIG_IP_MROUTE
1812 (!ipv4_is_local_multicast(daddr) &&
1813 IN_DEV_MFORWARD(in_dev))
1816 int res = ip_route_input_mc(skb, daddr, saddr,
1825 res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
1829 EXPORT_SYMBOL(ip_route_input_noref);
1831 /* called with rcu_read_lock() */
1832 static struct rtable *__mkroute_output(const struct fib_result *res,
1833 const struct flowi4 *fl4, int orig_oif,
1834 struct net_device *dev_out,
1837 struct fib_info *fi = res->fi;
1838 struct fib_nh_exception *fnhe;
1839 struct in_device *in_dev;
1840 u16 type = res->type;
1844 in_dev = __in_dev_get_rcu(dev_out);
1846 return ERR_PTR(-EINVAL);
1848 if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
1849 if (ipv4_is_loopback(fl4->saddr) && !(dev_out->flags & IFF_LOOPBACK))
1850 return ERR_PTR(-EINVAL);
1852 if (ipv4_is_lbcast(fl4->daddr))
1853 type = RTN_BROADCAST;
1854 else if (ipv4_is_multicast(fl4->daddr))
1855 type = RTN_MULTICAST;
1856 else if (ipv4_is_zeronet(fl4->daddr))
1857 return ERR_PTR(-EINVAL);
1859 if (dev_out->flags & IFF_LOOPBACK)
1860 flags |= RTCF_LOCAL;
1863 if (type == RTN_BROADCAST) {
1864 flags |= RTCF_BROADCAST | RTCF_LOCAL;
1866 } else if (type == RTN_MULTICAST) {
1867 flags |= RTCF_MULTICAST | RTCF_LOCAL;
1868 if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
1870 flags &= ~RTCF_LOCAL;
1873 /* If multicast route do not exist use
1874 * default one, but do not gateway in this case.
1877 if (fi && res->prefixlen < 4)
1882 do_cache &= fi != NULL;
1884 struct rtable __rcu **prth;
1885 struct fib_nh *nh = &FIB_RES_NH(*res);
1887 fnhe = find_exception(nh, fl4->daddr);
1889 prth = &fnhe->fnhe_rth;
1891 if (unlikely(fl4->flowi4_flags &
1892 FLOWI_FLAG_KNOWN_NH &&
1894 nh->nh_scope == RT_SCOPE_LINK))) {
1898 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1900 rth = rcu_dereference(*prth);
1901 if (rt_cache_valid(rth)) {
1902 dst_hold(&rth->dst);
1908 rth = rt_dst_alloc(dev_out,
1909 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1910 IN_DEV_CONF_GET(in_dev, NOXFRM),
1913 return ERR_PTR(-ENOBUFS);
1915 rth->dst.output = ip_output;
1917 rth->rt_genid = rt_genid(dev_net(dev_out));
1918 rth->rt_flags = flags;
1919 rth->rt_type = type;
1920 rth->rt_is_input = 0;
1921 rth->rt_iif = orig_oif ? : 0;
1923 rth->rt_gateway = 0;
1924 rth->rt_uses_gateway = 0;
1925 INIT_LIST_HEAD(&rth->rt_uncached);
1927 RT_CACHE_STAT_INC(out_slow_tot);
1929 if (flags & RTCF_LOCAL)
1930 rth->dst.input = ip_local_deliver;
1931 if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1932 if (flags & RTCF_LOCAL &&
1933 !(dev_out->flags & IFF_LOOPBACK)) {
1934 rth->dst.output = ip_mc_output;
1935 RT_CACHE_STAT_INC(out_slow_mc);
1937 #ifdef CONFIG_IP_MROUTE
1938 if (type == RTN_MULTICAST) {
1939 if (IN_DEV_MFORWARD(in_dev) &&
1940 !ipv4_is_local_multicast(fl4->daddr)) {
1941 rth->dst.input = ip_mr_input;
1942 rth->dst.output = ip_mc_output;
1948 rt_set_nexthop(rth, fl4->daddr, res, fnhe, fi, type, 0);
1954 * Major route resolver routine.
1957 struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
1959 struct net_device *dev_out = NULL;
1960 __u8 tos = RT_FL_TOS(fl4);
1961 unsigned int flags = 0;
1962 struct fib_result res;
1970 orig_oif = fl4->flowi4_oif;
1972 fl4->flowi4_iif = LOOPBACK_IFINDEX;
1973 fl4->flowi4_tos = tos & IPTOS_RT_MASK;
1974 fl4->flowi4_scope = ((tos & RTO_ONLINK) ?
1975 RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
1979 rth = ERR_PTR(-EINVAL);
1980 if (ipv4_is_multicast(fl4->saddr) ||
1981 ipv4_is_lbcast(fl4->saddr) ||
1982 ipv4_is_zeronet(fl4->saddr))
1985 /* I removed check for oif == dev_out->oif here.
1986 It was wrong for two reasons:
1987 1. ip_dev_find(net, saddr) can return wrong iface, if saddr
1988 is assigned to multiple interfaces.
1989 2. Moreover, we are allowed to send packets with saddr
1990 of another iface. --ANK
1993 if (fl4->flowi4_oif == 0 &&
1994 (ipv4_is_multicast(fl4->daddr) ||
1995 ipv4_is_lbcast(fl4->daddr))) {
1996 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
1997 dev_out = __ip_dev_find(net, fl4->saddr, false);
1998 if (dev_out == NULL)
2001 /* Special hack: user can direct multicasts
2002 and limited broadcast via necessary interface
2003 without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2004 This hack is not just for fun, it allows
2005 vic,vat and friends to work.
2006 They bind socket to loopback, set ttl to zero
2007 and expect that it will work.
2008 From the viewpoint of routing cache they are broken,
2009 because we are not allowed to build multicast path
2010 with loopback source addr (look, routing cache
2011 cannot know, that ttl is zero, so that packet
2012 will not leave this host and route is valid).
2013 Luckily, this hack is good workaround.
2016 fl4->flowi4_oif = dev_out->ifindex;
2020 if (!(fl4->flowi4_flags & FLOWI_FLAG_ANYSRC)) {
2021 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2022 if (!__ip_dev_find(net, fl4->saddr, false))
2028 if (fl4->flowi4_oif) {
2029 dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
2030 rth = ERR_PTR(-ENODEV);
2031 if (dev_out == NULL)
2034 /* RACE: Check return value of inet_select_addr instead. */
2035 if (!(dev_out->flags & IFF_UP) || !__in_dev_get_rcu(dev_out)) {
2036 rth = ERR_PTR(-ENETUNREACH);
2039 if (ipv4_is_local_multicast(fl4->daddr) ||
2040 ipv4_is_lbcast(fl4->daddr)) {
2042 fl4->saddr = inet_select_addr(dev_out, 0,
2047 if (ipv4_is_multicast(fl4->daddr))
2048 fl4->saddr = inet_select_addr(dev_out, 0,
2050 else if (!fl4->daddr)
2051 fl4->saddr = inet_select_addr(dev_out, 0,
2057 fl4->daddr = fl4->saddr;
2059 fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
2060 dev_out = net->loopback_dev;
2061 fl4->flowi4_oif = LOOPBACK_IFINDEX;
2062 res.type = RTN_LOCAL;
2063 flags |= RTCF_LOCAL;
2067 if (fib_lookup(net, fl4, &res)) {
2070 if (fl4->flowi4_oif) {
2071 /* Apparently, routing tables are wrong. Assume,
2072 that the destination is on link.
2075 Because we are allowed to send to iface
2076 even if it has NO routes and NO assigned
2077 addresses. When oif is specified, routing
2078 tables are looked up with only one purpose:
2079 to catch if destination is gatewayed, rather than
2080 direct. Moreover, if MSG_DONTROUTE is set,
2081 we send packet, ignoring both routing tables
2082 and ifaddr state. --ANK
2085 We could make it even if oif is unknown,
2086 likely IPv6, but we do not.
2089 if (fl4->saddr == 0)
2090 fl4->saddr = inet_select_addr(dev_out, 0,
2092 res.type = RTN_UNICAST;
2095 rth = ERR_PTR(-ENETUNREACH);
2099 if (res.type == RTN_LOCAL) {
2101 if (res.fi->fib_prefsrc)
2102 fl4->saddr = res.fi->fib_prefsrc;
2104 fl4->saddr = fl4->daddr;
2106 dev_out = net->loopback_dev;
2107 fl4->flowi4_oif = dev_out->ifindex;
2108 flags |= RTCF_LOCAL;
2112 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2113 if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
2114 fib_select_multipath(&res);
2117 if (!res.prefixlen &&
2118 res.table->tb_num_default > 1 &&
2119 res.type == RTN_UNICAST && !fl4->flowi4_oif)
2120 fib_select_default(&res);
2123 fl4->saddr = FIB_RES_PREFSRC(net, res);
2125 dev_out = FIB_RES_DEV(res);
2126 fl4->flowi4_oif = dev_out->ifindex;
2130 rth = __mkroute_output(&res, fl4, orig_oif, dev_out, flags);
2136 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2138 static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
2143 static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
2145 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
2147 return mtu ? : dst->dev->mtu;
2150 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
2151 struct sk_buff *skb, u32 mtu)
2155 static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
2156 struct sk_buff *skb)
2160 static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2166 static struct dst_ops ipv4_dst_blackhole_ops = {
2168 .protocol = cpu_to_be16(ETH_P_IP),
2169 .check = ipv4_blackhole_dst_check,
2170 .mtu = ipv4_blackhole_mtu,
2171 .default_advmss = ipv4_default_advmss,
2172 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2173 .redirect = ipv4_rt_blackhole_redirect,
2174 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2175 .neigh_lookup = ipv4_neigh_lookup,
2178 struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
2180 struct rtable *ort = (struct rtable *) dst_orig;
2183 rt = dst_alloc(&ipv4_dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE, 0);
2185 struct dst_entry *new = &rt->dst;
2188 new->input = dst_discard;
2189 new->output = dst_discard;
2191 new->dev = ort->dst.dev;
2195 rt->rt_is_input = ort->rt_is_input;
2196 rt->rt_iif = ort->rt_iif;
2197 rt->rt_pmtu = ort->rt_pmtu;
2199 rt->rt_genid = rt_genid(net);
2200 rt->rt_flags = ort->rt_flags;
2201 rt->rt_type = ort->rt_type;
2202 rt->rt_gateway = ort->rt_gateway;
2203 rt->rt_uses_gateway = ort->rt_uses_gateway;
2205 INIT_LIST_HEAD(&rt->rt_uncached);
2210 dst_release(dst_orig);
2212 return rt ? &rt->dst : ERR_PTR(-ENOMEM);
2215 struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
2218 struct rtable *rt = __ip_route_output_key(net, flp4);
2223 if (flp4->flowi4_proto)
2224 rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
2225 flowi4_to_flowi(flp4),
2230 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2232 static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2233 struct flowi4 *fl4, struct sk_buff *skb, u32 portid,
2234 u32 seq, int event, int nowait, unsigned int flags)
2236 struct rtable *rt = skb_rtable(skb);
2238 struct nlmsghdr *nlh;
2239 unsigned long expires = 0;
2241 u32 metrics[RTAX_MAX];
2243 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*r), flags);
2247 r = nlmsg_data(nlh);
2248 r->rtm_family = AF_INET;
2249 r->rtm_dst_len = 32;
2251 r->rtm_tos = fl4->flowi4_tos;
2252 r->rtm_table = RT_TABLE_MAIN;
2253 if (nla_put_u32(skb, RTA_TABLE, RT_TABLE_MAIN))
2254 goto nla_put_failure;
2255 r->rtm_type = rt->rt_type;
2256 r->rtm_scope = RT_SCOPE_UNIVERSE;
2257 r->rtm_protocol = RTPROT_UNSPEC;
2258 r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2259 if (rt->rt_flags & RTCF_NOTIFY)
2260 r->rtm_flags |= RTM_F_NOTIFY;
2261 if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
2262 r->rtm_flags |= RTCF_DOREDIRECT;
2264 if (nla_put_be32(skb, RTA_DST, dst))
2265 goto nla_put_failure;
2267 r->rtm_src_len = 32;
2268 if (nla_put_be32(skb, RTA_SRC, src))
2269 goto nla_put_failure;
2272 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
2273 goto nla_put_failure;
2274 #ifdef CONFIG_IP_ROUTE_CLASSID
2275 if (rt->dst.tclassid &&
2276 nla_put_u32(skb, RTA_FLOW, rt->dst.tclassid))
2277 goto nla_put_failure;
2279 if (!rt_is_input_route(rt) &&
2280 fl4->saddr != src) {
2281 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2282 goto nla_put_failure;
2284 if (rt->rt_uses_gateway &&
2285 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2286 goto nla_put_failure;
2288 expires = rt->dst.expires;
2290 unsigned long now = jiffies;
2292 if (time_before(now, expires))
2298 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2299 if (rt->rt_pmtu && expires)
2300 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2301 if (rtnetlink_put_metrics(skb, metrics) < 0)
2302 goto nla_put_failure;
2304 if (fl4->flowi4_mark &&
2305 nla_put_u32(skb, RTA_MARK, fl4->flowi4_mark))
2306 goto nla_put_failure;
2308 error = rt->dst.error;
2310 if (rt_is_input_route(rt)) {
2311 #ifdef CONFIG_IP_MROUTE
2312 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2313 IPV4_DEVCONF_ALL(net, MC_FORWARDING)) {
2314 int err = ipmr_get_route(net, skb,
2315 fl4->saddr, fl4->daddr,
2321 goto nla_put_failure;
2323 if (err == -EMSGSIZE)
2324 goto nla_put_failure;
2330 if (nla_put_u32(skb, RTA_IIF, skb->dev->ifindex))
2331 goto nla_put_failure;
2334 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, error) < 0)
2335 goto nla_put_failure;
2337 return nlmsg_end(skb, nlh);
2340 nlmsg_cancel(skb, nlh);
2344 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
2346 struct net *net = sock_net(in_skb->sk);
2348 struct nlattr *tb[RTA_MAX+1];
2349 struct rtable *rt = NULL;
2356 struct sk_buff *skb;
2358 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2362 rtm = nlmsg_data(nlh);
2364 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2370 /* Reserve room for dummy headers, this skb can pass
2371 through good chunk of routing engine.
2373 skb_reset_mac_header(skb);
2374 skb_reset_network_header(skb);
2376 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2377 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2378 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2380 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2381 dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2382 iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2383 mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0;
2385 memset(&fl4, 0, sizeof(fl4));
2388 fl4.flowi4_tos = rtm->rtm_tos;
2389 fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
2390 fl4.flowi4_mark = mark;
2393 struct net_device *dev;
2395 dev = __dev_get_by_index(net, iif);
2401 skb->protocol = htons(ETH_P_IP);
2405 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2408 rt = skb_rtable(skb);
2409 if (err == 0 && rt->dst.error)
2410 err = -rt->dst.error;
2412 rt = ip_route_output_key(net, &fl4);
2422 skb_dst_set(skb, &rt->dst);
2423 if (rtm->rtm_flags & RTM_F_NOTIFY)
2424 rt->rt_flags |= RTCF_NOTIFY;
2426 err = rt_fill_info(net, dst, src, &fl4, skb,
2427 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
2428 RTM_NEWROUTE, 0, 0);
2432 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2441 int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2446 void ip_rt_multicast_event(struct in_device *in_dev)
2448 rt_cache_flush(dev_net(in_dev->dev));
2451 #ifdef CONFIG_SYSCTL
2452 static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
2453 static int ip_rt_gc_interval __read_mostly = 60 * HZ;
2454 static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
2455 static int ip_rt_gc_elasticity __read_mostly = 8;
2457 static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2458 void __user *buffer,
2459 size_t *lenp, loff_t *ppos)
2462 rt_cache_flush((struct net *)__ctl->extra1);
2469 static ctl_table ipv4_route_table[] = {
2471 .procname = "gc_thresh",
2472 .data = &ipv4_dst_ops.gc_thresh,
2473 .maxlen = sizeof(int),
2475 .proc_handler = proc_dointvec,
2478 .procname = "max_size",
2479 .data = &ip_rt_max_size,
2480 .maxlen = sizeof(int),
2482 .proc_handler = proc_dointvec,
2485 /* Deprecated. Use gc_min_interval_ms */
2487 .procname = "gc_min_interval",
2488 .data = &ip_rt_gc_min_interval,
2489 .maxlen = sizeof(int),
2491 .proc_handler = proc_dointvec_jiffies,
2494 .procname = "gc_min_interval_ms",
2495 .data = &ip_rt_gc_min_interval,
2496 .maxlen = sizeof(int),
2498 .proc_handler = proc_dointvec_ms_jiffies,
2501 .procname = "gc_timeout",
2502 .data = &ip_rt_gc_timeout,
2503 .maxlen = sizeof(int),
2505 .proc_handler = proc_dointvec_jiffies,
2508 .procname = "gc_interval",
2509 .data = &ip_rt_gc_interval,
2510 .maxlen = sizeof(int),
2512 .proc_handler = proc_dointvec_jiffies,
2515 .procname = "redirect_load",
2516 .data = &ip_rt_redirect_load,
2517 .maxlen = sizeof(int),
2519 .proc_handler = proc_dointvec,
2522 .procname = "redirect_number",
2523 .data = &ip_rt_redirect_number,
2524 .maxlen = sizeof(int),
2526 .proc_handler = proc_dointvec,
2529 .procname = "redirect_silence",
2530 .data = &ip_rt_redirect_silence,
2531 .maxlen = sizeof(int),
2533 .proc_handler = proc_dointvec,
2536 .procname = "error_cost",
2537 .data = &ip_rt_error_cost,
2538 .maxlen = sizeof(int),
2540 .proc_handler = proc_dointvec,
2543 .procname = "error_burst",
2544 .data = &ip_rt_error_burst,
2545 .maxlen = sizeof(int),
2547 .proc_handler = proc_dointvec,
2550 .procname = "gc_elasticity",
2551 .data = &ip_rt_gc_elasticity,
2552 .maxlen = sizeof(int),
2554 .proc_handler = proc_dointvec,
2557 .procname = "mtu_expires",
2558 .data = &ip_rt_mtu_expires,
2559 .maxlen = sizeof(int),
2561 .proc_handler = proc_dointvec_jiffies,
2564 .procname = "min_pmtu",
2565 .data = &ip_rt_min_pmtu,
2566 .maxlen = sizeof(int),
2568 .proc_handler = proc_dointvec,
2571 .procname = "min_adv_mss",
2572 .data = &ip_rt_min_advmss,
2573 .maxlen = sizeof(int),
2575 .proc_handler = proc_dointvec,
2580 static struct ctl_table ipv4_route_flush_table[] = {
2582 .procname = "flush",
2583 .maxlen = sizeof(int),
2585 .proc_handler = ipv4_sysctl_rtcache_flush,
2590 static __net_init int sysctl_route_net_init(struct net *net)
2592 struct ctl_table *tbl;
2594 tbl = ipv4_route_flush_table;
2595 if (!net_eq(net, &init_net)) {
2596 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
2600 /* Don't export sysctls to unprivileged users */
2601 if (net->user_ns != &init_user_ns)
2602 tbl[0].procname = NULL;
2604 tbl[0].extra1 = net;
2606 net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
2607 if (net->ipv4.route_hdr == NULL)
2612 if (tbl != ipv4_route_flush_table)
2618 static __net_exit void sysctl_route_net_exit(struct net *net)
2620 struct ctl_table *tbl;
2622 tbl = net->ipv4.route_hdr->ctl_table_arg;
2623 unregister_net_sysctl_table(net->ipv4.route_hdr);
2624 BUG_ON(tbl == ipv4_route_flush_table);
2628 static __net_initdata struct pernet_operations sysctl_route_ops = {
2629 .init = sysctl_route_net_init,
2630 .exit = sysctl_route_net_exit,
2634 static __net_init int rt_genid_init(struct net *net)
2636 atomic_set(&net->rt_genid, 0);
2637 get_random_bytes(&net->ipv4.dev_addr_genid,
2638 sizeof(net->ipv4.dev_addr_genid));
2642 static __net_initdata struct pernet_operations rt_genid_ops = {
2643 .init = rt_genid_init,
2646 static int __net_init ipv4_inetpeer_init(struct net *net)
2648 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
2652 inet_peer_base_init(bp);
2653 net->ipv4.peers = bp;
2657 static void __net_exit ipv4_inetpeer_exit(struct net *net)
2659 struct inet_peer_base *bp = net->ipv4.peers;
2661 net->ipv4.peers = NULL;
2662 inetpeer_invalidate_tree(bp);
2666 static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
2667 .init = ipv4_inetpeer_init,
2668 .exit = ipv4_inetpeer_exit,
2671 #ifdef CONFIG_IP_ROUTE_CLASSID
2672 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
2673 #endif /* CONFIG_IP_ROUTE_CLASSID */
2675 int __init ip_rt_init(void)
2679 ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
2681 panic("IP: failed to allocate ip_idents\n");
2683 prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
2685 #ifdef CONFIG_IP_ROUTE_CLASSID
2686 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
2688 panic("IP: failed to allocate ip_rt_acct\n");
2691 ipv4_dst_ops.kmem_cachep =
2692 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
2693 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
2695 ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
2697 if (dst_entries_init(&ipv4_dst_ops) < 0)
2698 panic("IP: failed to allocate ipv4_dst_ops counter\n");
2700 if (dst_entries_init(&ipv4_dst_blackhole_ops) < 0)
2701 panic("IP: failed to allocate ipv4_dst_blackhole_ops counter\n");
2703 ipv4_dst_ops.gc_thresh = ~0;
2704 ip_rt_max_size = INT_MAX;
2709 if (ip_rt_proc_init())
2710 pr_err("Unable to create route proc files\n");
2715 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
2717 #ifdef CONFIG_SYSCTL
2718 register_pernet_subsys(&sysctl_route_ops);
2720 register_pernet_subsys(&rt_genid_ops);
2721 register_pernet_subsys(&ipv4_inetpeer_ops);
2725 #ifdef CONFIG_SYSCTL
2727 * We really need to sanitize the damn ipv4 init order, then all
2728 * this nonsense will go away.
2730 void __init ip_static_sysctl_init(void)
2732 register_net_sysctl(&init_net, "net/ipv4/route", ipv4_route_table);