1 /* 2 * Linux INET6 implementation 3 * FIB front-end. 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 */ 13 14 /* Changes: 15 * 16 * YOSHIFUJI Hideaki @USAGI 17 * reworked default router selection. 18 * - respect outgoing interface 19 * - select from (probably) reachable routers (i.e. 20 * routers in REACHABLE, STALE, DELAY or PROBE states). 21 * - always select the same router if it is (probably) 22 * reachable. otherwise, round-robin the list. 23 * Ville Nuorvala 24 * Fixed routing subtrees. 25 */ 26 27 #define pr_fmt(fmt) "IPv6: " fmt 28 29 #include <linux/capability.h> 30 #include <linux/errno.h> 31 #include <linux/export.h> 32 #include <linux/types.h> 33 #include <linux/times.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/net.h> 37 #include <linux/route.h> 38 #include <linux/netdevice.h> 39 #include <linux/in6.h> 40 #include <linux/mroute6.h> 41 #include <linux/init.h> 42 #include <linux/if_arp.h> 43 #include <linux/proc_fs.h> 44 #include <linux/seq_file.h> 45 #include <linux/nsproxy.h> 46 #include <linux/slab.h> 47 #include <net/net_namespace.h> 48 #include <net/snmp.h> 49 #include <net/ipv6.h> 50 #include <net/ip6_fib.h> 51 #include <net/ip6_route.h> 52 #include <net/ndisc.h> 53 #include <net/addrconf.h> 54 #include <net/tcp.h> 55 #include <linux/rtnetlink.h> 56 #include <net/dst.h> 57 #include <net/xfrm.h> 58 #include <net/netevent.h> 59 #include <net/netlink.h> 60 #include <net/nexthop.h> 61 62 #include <asm/uaccess.h> 63 64 #ifdef CONFIG_SYSCTL 65 #include <linux/sysctl.h> 66 #endif 67 68 enum rt6_nud_state { 69 RT6_NUD_FAIL_HARD = -3, 70 RT6_NUD_FAIL_PROBE = -2, 71 RT6_NUD_FAIL_DO_RR = -1, 72 RT6_NUD_SUCCEED = 1 73 }; 74 75 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort); 76 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie); 77 static unsigned int ip6_default_advmss(const struct dst_entry *dst); 78 static unsigned int ip6_mtu(const struct dst_entry *dst); 79 static struct dst_entry *ip6_negative_advice(struct dst_entry *); 80 static void ip6_dst_destroy(struct dst_entry *); 81 static void ip6_dst_ifdown(struct dst_entry *, 82 struct net_device *dev, int how); 83 static int ip6_dst_gc(struct dst_ops *ops); 84 85 static int ip6_pkt_discard(struct sk_buff *skb); 86 static int ip6_pkt_discard_out(struct sock *sk, struct sk_buff *skb); 87 static int ip6_pkt_prohibit(struct sk_buff *skb); 88 static int ip6_pkt_prohibit_out(struct sock *sk, struct sk_buff *skb); 89 static void ip6_link_failure(struct sk_buff *skb); 90 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, 91 struct sk_buff *skb, u32 mtu); 92 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, 93 struct sk_buff *skb); 94 static void rt6_dst_from_metrics_check(struct rt6_info *rt); 95 static int rt6_score_route(struct rt6_info *rt, int oif, int strict); 96 97 #ifdef CONFIG_IPV6_ROUTE_INFO 98 static struct rt6_info *rt6_add_route_info(struct net *net, 99 const struct in6_addr *prefix, int prefixlen, 100 const struct in6_addr *gwaddr, int ifindex, 101 unsigned int pref); 102 static struct rt6_info *rt6_get_route_info(struct net *net, 103 const struct in6_addr *prefix, int prefixlen, 104 const struct in6_addr *gwaddr, int ifindex); 105 #endif 106 107 struct uncached_list { 108 spinlock_t lock; 109 struct list_head head; 110 }; 111 112 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list); 113 114 static void rt6_uncached_list_add(struct rt6_info *rt) 115 { 116 struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list); 117 118 rt->dst.flags |= DST_NOCACHE; 119 rt->rt6i_uncached_list = ul; 120 121 spin_lock_bh(&ul->lock); 122 list_add_tail(&rt->rt6i_uncached, &ul->head); 123 spin_unlock_bh(&ul->lock); 124 } 125 126 static void rt6_uncached_list_del(struct rt6_info *rt) 127 { 128 if (!list_empty(&rt->rt6i_uncached)) { 129 struct uncached_list *ul = rt->rt6i_uncached_list; 130 131 spin_lock_bh(&ul->lock); 132 list_del(&rt->rt6i_uncached); 133 spin_unlock_bh(&ul->lock); 134 } 135 } 136 137 static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev) 138 { 139 struct net_device *loopback_dev = net->loopback_dev; 140 int cpu; 141 142 for_each_possible_cpu(cpu) { 143 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu); 144 struct rt6_info *rt; 145 146 spin_lock_bh(&ul->lock); 147 list_for_each_entry(rt, &ul->head, rt6i_uncached) { 148 struct inet6_dev *rt_idev = rt->rt6i_idev; 149 struct net_device *rt_dev = rt->dst.dev; 150 151 if (rt_idev && (rt_idev->dev == dev || !dev) && 152 rt_idev->dev != loopback_dev) { 153 rt->rt6i_idev = in6_dev_get(loopback_dev); 154 in6_dev_put(rt_idev); 155 } 156 157 if (rt_dev && (rt_dev == dev || !dev) && 158 rt_dev != loopback_dev) { 159 rt->dst.dev = loopback_dev; 160 dev_hold(rt->dst.dev); 161 dev_put(rt_dev); 162 } 163 } 164 spin_unlock_bh(&ul->lock); 165 } 166 } 167 168 static u32 *rt6_pcpu_cow_metrics(struct rt6_info *rt) 169 { 170 return dst_metrics_write_ptr(rt->dst.from); 171 } 172 173 static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old) 174 { 175 struct rt6_info *rt = (struct rt6_info *)dst; 176 177 if (rt->rt6i_flags & RTF_PCPU) 178 return rt6_pcpu_cow_metrics(rt); 179 else if (rt->rt6i_flags & RTF_CACHE) 180 return NULL; 181 else 182 return dst_cow_metrics_generic(dst, old); 183 } 184 185 static inline const void *choose_neigh_daddr(struct rt6_info *rt, 186 struct sk_buff *skb, 187 const void *daddr) 188 { 189 struct in6_addr *p = &rt->rt6i_gateway; 190 191 if (!ipv6_addr_any(p)) 192 return (const void *) p; 193 else if (skb) 194 return &ipv6_hdr(skb)->daddr; 195 return daddr; 196 } 197 198 static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst, 199 struct sk_buff *skb, 200 const void *daddr) 201 { 202 struct rt6_info *rt = (struct rt6_info *) dst; 203 struct neighbour *n; 204 205 daddr = choose_neigh_daddr(rt, skb, daddr); 206 n = __ipv6_neigh_lookup(dst->dev, daddr); 207 if (n) 208 return n; 209 return neigh_create(&nd_tbl, daddr, dst->dev); 210 } 211 212 static struct dst_ops ip6_dst_ops_template = { 213 .family = AF_INET6, 214 .gc = ip6_dst_gc, 215 .gc_thresh = 1024, 216 .check = ip6_dst_check, 217 .default_advmss = ip6_default_advmss, 218 .mtu = ip6_mtu, 219 .cow_metrics = ipv6_cow_metrics, 220 .destroy = ip6_dst_destroy, 221 .ifdown = ip6_dst_ifdown, 222 .negative_advice = ip6_negative_advice, 223 .link_failure = ip6_link_failure, 224 .update_pmtu = ip6_rt_update_pmtu, 225 .redirect = rt6_do_redirect, 226 .local_out = __ip6_local_out, 227 .neigh_lookup = ip6_neigh_lookup, 228 }; 229 230 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst) 231 { 232 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); 233 234 return mtu ? : dst->dev->mtu; 235 } 236 237 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk, 238 struct sk_buff *skb, u32 mtu) 239 { 240 } 241 242 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk, 243 struct sk_buff *skb) 244 { 245 } 246 247 static u32 *ip6_rt_blackhole_cow_metrics(struct dst_entry *dst, 248 unsigned long old) 249 { 250 return NULL; 251 } 252 253 static struct dst_ops ip6_dst_blackhole_ops = { 254 .family = AF_INET6, 255 .destroy = ip6_dst_destroy, 256 .check = ip6_dst_check, 257 .mtu = ip6_blackhole_mtu, 258 .default_advmss = ip6_default_advmss, 259 .update_pmtu = ip6_rt_blackhole_update_pmtu, 260 .redirect = ip6_rt_blackhole_redirect, 261 .cow_metrics = ip6_rt_blackhole_cow_metrics, 262 .neigh_lookup = ip6_neigh_lookup, 263 }; 264 265 static const u32 ip6_template_metrics[RTAX_MAX] = { 266 [RTAX_HOPLIMIT - 1] = 0, 267 }; 268 269 static const struct rt6_info ip6_null_entry_template = { 270 .dst = { 271 .__refcnt = ATOMIC_INIT(1), 272 .__use = 1, 273 .obsolete = DST_OBSOLETE_FORCE_CHK, 274 .error = -ENETUNREACH, 275 .input = ip6_pkt_discard, 276 .output = ip6_pkt_discard_out, 277 }, 278 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 279 .rt6i_protocol = RTPROT_KERNEL, 280 .rt6i_metric = ~(u32) 0, 281 .rt6i_ref = ATOMIC_INIT(1), 282 }; 283 284 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 285 286 static const struct rt6_info ip6_prohibit_entry_template = { 287 .dst = { 288 .__refcnt = ATOMIC_INIT(1), 289 .__use = 1, 290 .obsolete = DST_OBSOLETE_FORCE_CHK, 291 .error = -EACCES, 292 .input = ip6_pkt_prohibit, 293 .output = ip6_pkt_prohibit_out, 294 }, 295 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 296 .rt6i_protocol = RTPROT_KERNEL, 297 .rt6i_metric = ~(u32) 0, 298 .rt6i_ref = ATOMIC_INIT(1), 299 }; 300 301 static const struct rt6_info ip6_blk_hole_entry_template = { 302 .dst = { 303 .__refcnt = ATOMIC_INIT(1), 304 .__use = 1, 305 .obsolete = DST_OBSOLETE_FORCE_CHK, 306 .error = -EINVAL, 307 .input = dst_discard, 308 .output = dst_discard_sk, 309 }, 310 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 311 .rt6i_protocol = RTPROT_KERNEL, 312 .rt6i_metric = ~(u32) 0, 313 .rt6i_ref = ATOMIC_INIT(1), 314 }; 315 316 #endif 317 318 /* allocate dst with ip6_dst_ops */ 319 static struct rt6_info *__ip6_dst_alloc(struct net *net, 320 struct net_device *dev, 321 int flags, 322 struct fib6_table *table) 323 { 324 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, 325 0, DST_OBSOLETE_FORCE_CHK, flags); 326 327 if (rt) { 328 struct dst_entry *dst = &rt->dst; 329 330 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); 331 INIT_LIST_HEAD(&rt->rt6i_siblings); 332 INIT_LIST_HEAD(&rt->rt6i_uncached); 333 } 334 return rt; 335 } 336 337 static struct rt6_info *ip6_dst_alloc(struct net *net, 338 struct net_device *dev, 339 int flags, 340 struct fib6_table *table) 341 { 342 struct rt6_info *rt = __ip6_dst_alloc(net, dev, flags, table); 343 344 if (rt) { 345 rt->rt6i_pcpu = alloc_percpu_gfp(struct rt6_info *, GFP_ATOMIC); 346 if (rt->rt6i_pcpu) { 347 int cpu; 348 349 for_each_possible_cpu(cpu) { 350 struct rt6_info **p; 351 352 p = per_cpu_ptr(rt->rt6i_pcpu, cpu); 353 /* no one shares rt */ 354 *p = NULL; 355 } 356 } else { 357 dst_destroy((struct dst_entry *)rt); 358 return NULL; 359 } 360 } 361 362 return rt; 363 } 364 365 static void ip6_dst_destroy(struct dst_entry *dst) 366 { 367 struct rt6_info *rt = (struct rt6_info *)dst; 368 struct dst_entry *from = dst->from; 369 struct inet6_dev *idev; 370 371 dst_destroy_metrics_generic(dst); 372 373 if (rt->rt6i_pcpu) 374 free_percpu(rt->rt6i_pcpu); 375 376 rt6_uncached_list_del(rt); 377 378 idev = rt->rt6i_idev; 379 if (idev) { 380 rt->rt6i_idev = NULL; 381 in6_dev_put(idev); 382 } 383 384 dst->from = NULL; 385 dst_release(from); 386 } 387 388 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev, 389 int how) 390 { 391 struct rt6_info *rt = (struct rt6_info *)dst; 392 struct inet6_dev *idev = rt->rt6i_idev; 393 struct net_device *loopback_dev = 394 dev_net(dev)->loopback_dev; 395 396 if (dev != loopback_dev) { 397 if (idev && idev->dev == dev) { 398 struct inet6_dev *loopback_idev = 399 in6_dev_get(loopback_dev); 400 if (loopback_idev) { 401 rt->rt6i_idev = loopback_idev; 402 in6_dev_put(idev); 403 } 404 } 405 } 406 } 407 408 static bool rt6_check_expired(const struct rt6_info *rt) 409 { 410 if (rt->rt6i_flags & RTF_EXPIRES) { 411 if (time_after(jiffies, rt->dst.expires)) 412 return true; 413 } else if (rt->dst.from) { 414 return rt6_check_expired((struct rt6_info *) rt->dst.from); 415 } 416 return false; 417 } 418 419 /* Multipath route selection: 420 * Hash based function using packet header and flowlabel. 421 * Adapted from fib_info_hashfn() 422 */ 423 static int rt6_info_hash_nhsfn(unsigned int candidate_count, 424 const struct flowi6 *fl6) 425 { 426 unsigned int val = fl6->flowi6_proto; 427 428 val ^= ipv6_addr_hash(&fl6->daddr); 429 val ^= ipv6_addr_hash(&fl6->saddr); 430 431 /* Work only if this not encapsulated */ 432 switch (fl6->flowi6_proto) { 433 case IPPROTO_UDP: 434 case IPPROTO_TCP: 435 case IPPROTO_SCTP: 436 val ^= (__force u16)fl6->fl6_sport; 437 val ^= (__force u16)fl6->fl6_dport; 438 break; 439 440 case IPPROTO_ICMPV6: 441 val ^= (__force u16)fl6->fl6_icmp_type; 442 val ^= (__force u16)fl6->fl6_icmp_code; 443 break; 444 } 445 /* RFC6438 recommands to use flowlabel */ 446 val ^= (__force u32)fl6->flowlabel; 447 448 /* Perhaps, we need to tune, this function? */ 449 val = val ^ (val >> 7) ^ (val >> 12); 450 return val % candidate_count; 451 } 452 453 static struct rt6_info *rt6_multipath_select(struct rt6_info *match, 454 struct flowi6 *fl6, int oif, 455 int strict) 456 { 457 struct rt6_info *sibling, *next_sibling; 458 int route_choosen; 459 460 route_choosen = rt6_info_hash_nhsfn(match->rt6i_nsiblings + 1, fl6); 461 /* Don't change the route, if route_choosen == 0 462 * (siblings does not include ourself) 463 */ 464 if (route_choosen) 465 list_for_each_entry_safe(sibling, next_sibling, 466 &match->rt6i_siblings, rt6i_siblings) { 467 route_choosen--; 468 if (route_choosen == 0) { 469 if (rt6_score_route(sibling, oif, strict) < 0) 470 break; 471 match = sibling; 472 break; 473 } 474 } 475 return match; 476 } 477 478 /* 479 * Route lookup. Any table->tb6_lock is implied. 480 */ 481 482 static inline struct rt6_info *rt6_device_match(struct net *net, 483 struct rt6_info *rt, 484 const struct in6_addr *saddr, 485 int oif, 486 int flags) 487 { 488 struct rt6_info *local = NULL; 489 struct rt6_info *sprt; 490 491 if (!oif && ipv6_addr_any(saddr)) 492 goto out; 493 494 for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) { 495 struct net_device *dev = sprt->dst.dev; 496 497 if (oif) { 498 if (dev->ifindex == oif) 499 return sprt; 500 if (dev->flags & IFF_LOOPBACK) { 501 if (!sprt->rt6i_idev || 502 sprt->rt6i_idev->dev->ifindex != oif) { 503 if (flags & RT6_LOOKUP_F_IFACE && oif) 504 continue; 505 if (local && (!oif || 506 local->rt6i_idev->dev->ifindex == oif)) 507 continue; 508 } 509 local = sprt; 510 } 511 } else { 512 if (ipv6_chk_addr(net, saddr, dev, 513 flags & RT6_LOOKUP_F_IFACE)) 514 return sprt; 515 } 516 } 517 518 if (oif) { 519 if (local) 520 return local; 521 522 if (flags & RT6_LOOKUP_F_IFACE) 523 return net->ipv6.ip6_null_entry; 524 } 525 out: 526 return rt; 527 } 528 529 #ifdef CONFIG_IPV6_ROUTER_PREF 530 struct __rt6_probe_work { 531 struct work_struct work; 532 struct in6_addr target; 533 struct net_device *dev; 534 }; 535 536 static void rt6_probe_deferred(struct work_struct *w) 537 { 538 struct in6_addr mcaddr; 539 struct __rt6_probe_work *work = 540 container_of(w, struct __rt6_probe_work, work); 541 542 addrconf_addr_solict_mult(&work->target, &mcaddr); 543 ndisc_send_ns(work->dev, NULL, &work->target, &mcaddr, NULL); 544 dev_put(work->dev); 545 kfree(work); 546 } 547 548 static void rt6_probe(struct rt6_info *rt) 549 { 550 struct neighbour *neigh; 551 /* 552 * Okay, this does not seem to be appropriate 553 * for now, however, we need to check if it 554 * is really so; aka Router Reachability Probing. 555 * 556 * Router Reachability Probe MUST be rate-limited 557 * to no more than one per minute. 558 */ 559 if (!rt || !(rt->rt6i_flags & RTF_GATEWAY)) 560 return; 561 rcu_read_lock_bh(); 562 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); 563 if (neigh) { 564 write_lock(&neigh->lock); 565 if (neigh->nud_state & NUD_VALID) 566 goto out; 567 } 568 569 if (!neigh || 570 time_after(jiffies, neigh->updated + rt->rt6i_idev->cnf.rtr_probe_interval)) { 571 struct __rt6_probe_work *work; 572 573 work = kmalloc(sizeof(*work), GFP_ATOMIC); 574 575 if (neigh && work) 576 __neigh_set_probe_once(neigh); 577 578 if (neigh) 579 write_unlock(&neigh->lock); 580 581 if (work) { 582 INIT_WORK(&work->work, rt6_probe_deferred); 583 work->target = rt->rt6i_gateway; 584 dev_hold(rt->dst.dev); 585 work->dev = rt->dst.dev; 586 schedule_work(&work->work); 587 } 588 } else { 589 out: 590 write_unlock(&neigh->lock); 591 } 592 rcu_read_unlock_bh(); 593 } 594 #else 595 static inline void rt6_probe(struct rt6_info *rt) 596 { 597 } 598 #endif 599 600 /* 601 * Default Router Selection (RFC 2461 6.3.6) 602 */ 603 static inline int rt6_check_dev(struct rt6_info *rt, int oif) 604 { 605 struct net_device *dev = rt->dst.dev; 606 if (!oif || dev->ifindex == oif) 607 return 2; 608 if ((dev->flags & IFF_LOOPBACK) && 609 rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif) 610 return 1; 611 return 0; 612 } 613 614 static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt) 615 { 616 struct neighbour *neigh; 617 enum rt6_nud_state ret = RT6_NUD_FAIL_HARD; 618 619 if (rt->rt6i_flags & RTF_NONEXTHOP || 620 !(rt->rt6i_flags & RTF_GATEWAY)) 621 return RT6_NUD_SUCCEED; 622 623 rcu_read_lock_bh(); 624 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); 625 if (neigh) { 626 read_lock(&neigh->lock); 627 if (neigh->nud_state & NUD_VALID) 628 ret = RT6_NUD_SUCCEED; 629 #ifdef CONFIG_IPV6_ROUTER_PREF 630 else if (!(neigh->nud_state & NUD_FAILED)) 631 ret = RT6_NUD_SUCCEED; 632 else 633 ret = RT6_NUD_FAIL_PROBE; 634 #endif 635 read_unlock(&neigh->lock); 636 } else { 637 ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ? 638 RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR; 639 } 640 rcu_read_unlock_bh(); 641 642 return ret; 643 } 644 645 static int rt6_score_route(struct rt6_info *rt, int oif, 646 int strict) 647 { 648 int m; 649 650 m = rt6_check_dev(rt, oif); 651 if (!m && (strict & RT6_LOOKUP_F_IFACE)) 652 return RT6_NUD_FAIL_HARD; 653 #ifdef CONFIG_IPV6_ROUTER_PREF 654 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2; 655 #endif 656 if (strict & RT6_LOOKUP_F_REACHABLE) { 657 int n = rt6_check_neigh(rt); 658 if (n < 0) 659 return n; 660 } 661 return m; 662 } 663 664 static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict, 665 int *mpri, struct rt6_info *match, 666 bool *do_rr) 667 { 668 int m; 669 bool match_do_rr = false; 670 671 if (rt6_check_expired(rt)) 672 goto out; 673 674 m = rt6_score_route(rt, oif, strict); 675 if (m == RT6_NUD_FAIL_DO_RR) { 676 match_do_rr = true; 677 m = 0; /* lowest valid score */ 678 } else if (m == RT6_NUD_FAIL_HARD) { 679 goto out; 680 } 681 682 if (strict & RT6_LOOKUP_F_REACHABLE) 683 rt6_probe(rt); 684 685 /* note that m can be RT6_NUD_FAIL_PROBE at this point */ 686 if (m > *mpri) { 687 *do_rr = match_do_rr; 688 *mpri = m; 689 match = rt; 690 } 691 out: 692 return match; 693 } 694 695 static struct rt6_info *find_rr_leaf(struct fib6_node *fn, 696 struct rt6_info *rr_head, 697 u32 metric, int oif, int strict, 698 bool *do_rr) 699 { 700 struct rt6_info *rt, *match, *cont; 701 int mpri = -1; 702 703 match = NULL; 704 cont = NULL; 705 for (rt = rr_head; rt; rt = rt->dst.rt6_next) { 706 if (rt->rt6i_metric != metric) { 707 cont = rt; 708 break; 709 } 710 711 match = find_match(rt, oif, strict, &mpri, match, do_rr); 712 } 713 714 for (rt = fn->leaf; rt && rt != rr_head; rt = rt->dst.rt6_next) { 715 if (rt->rt6i_metric != metric) { 716 cont = rt; 717 break; 718 } 719 720 match = find_match(rt, oif, strict, &mpri, match, do_rr); 721 } 722 723 if (match || !cont) 724 return match; 725 726 for (rt = cont; rt; rt = rt->dst.rt6_next) 727 match = find_match(rt, oif, strict, &mpri, match, do_rr); 728 729 return match; 730 } 731 732 static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict) 733 { 734 struct rt6_info *match, *rt0; 735 struct net *net; 736 bool do_rr = false; 737 738 rt0 = fn->rr_ptr; 739 if (!rt0) 740 fn->rr_ptr = rt0 = fn->leaf; 741 742 match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict, 743 &do_rr); 744 745 if (do_rr) { 746 struct rt6_info *next = rt0->dst.rt6_next; 747 748 /* no entries matched; do round-robin */ 749 if (!next || next->rt6i_metric != rt0->rt6i_metric) 750 next = fn->leaf; 751 752 if (next != rt0) 753 fn->rr_ptr = next; 754 } 755 756 net = dev_net(rt0->dst.dev); 757 return match ? match : net->ipv6.ip6_null_entry; 758 } 759 760 static bool rt6_is_gw_or_nonexthop(const struct rt6_info *rt) 761 { 762 return (rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY)); 763 } 764 765 #ifdef CONFIG_IPV6_ROUTE_INFO 766 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len, 767 const struct in6_addr *gwaddr) 768 { 769 struct net *net = dev_net(dev); 770 struct route_info *rinfo = (struct route_info *) opt; 771 struct in6_addr prefix_buf, *prefix; 772 unsigned int pref; 773 unsigned long lifetime; 774 struct rt6_info *rt; 775 776 if (len < sizeof(struct route_info)) { 777 return -EINVAL; 778 } 779 780 /* Sanity check for prefix_len and length */ 781 if (rinfo->length > 3) { 782 return -EINVAL; 783 } else if (rinfo->prefix_len > 128) { 784 return -EINVAL; 785 } else if (rinfo->prefix_len > 64) { 786 if (rinfo->length < 2) { 787 return -EINVAL; 788 } 789 } else if (rinfo->prefix_len > 0) { 790 if (rinfo->length < 1) { 791 return -EINVAL; 792 } 793 } 794 795 pref = rinfo->route_pref; 796 if (pref == ICMPV6_ROUTER_PREF_INVALID) 797 return -EINVAL; 798 799 lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ); 800 801 if (rinfo->length == 3) 802 prefix = (struct in6_addr *)rinfo->prefix; 803 else { 804 /* this function is safe */ 805 ipv6_addr_prefix(&prefix_buf, 806 (struct in6_addr *)rinfo->prefix, 807 rinfo->prefix_len); 808 prefix = &prefix_buf; 809 } 810 811 if (rinfo->prefix_len == 0) 812 rt = rt6_get_dflt_router(gwaddr, dev); 813 else 814 rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, 815 gwaddr, dev->ifindex); 816 817 if (rt && !lifetime) { 818 ip6_del_rt(rt); 819 rt = NULL; 820 } 821 822 if (!rt && lifetime) 823 rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, dev->ifindex, 824 pref); 825 else if (rt) 826 rt->rt6i_flags = RTF_ROUTEINFO | 827 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 828 829 if (rt) { 830 if (!addrconf_finite_timeout(lifetime)) 831 rt6_clean_expires(rt); 832 else 833 rt6_set_expires(rt, jiffies + HZ * lifetime); 834 835 ip6_rt_put(rt); 836 } 837 return 0; 838 } 839 #endif 840 841 static struct fib6_node* fib6_backtrack(struct fib6_node *fn, 842 struct in6_addr *saddr) 843 { 844 struct fib6_node *pn; 845 while (1) { 846 if (fn->fn_flags & RTN_TL_ROOT) 847 return NULL; 848 pn = fn->parent; 849 if (FIB6_SUBTREE(pn) && FIB6_SUBTREE(pn) != fn) 850 fn = fib6_lookup(FIB6_SUBTREE(pn), NULL, saddr); 851 else 852 fn = pn; 853 if (fn->fn_flags & RTN_RTINFO) 854 return fn; 855 } 856 } 857 858 static struct rt6_info *ip6_pol_route_lookup(struct net *net, 859 struct fib6_table *table, 860 struct flowi6 *fl6, int flags) 861 { 862 struct fib6_node *fn; 863 struct rt6_info *rt; 864 865 read_lock_bh(&table->tb6_lock); 866 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 867 restart: 868 rt = fn->leaf; 869 rt = rt6_device_match(net, rt, &fl6->saddr, fl6->flowi6_oif, flags); 870 if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0) 871 rt = rt6_multipath_select(rt, fl6, fl6->flowi6_oif, flags); 872 if (rt == net->ipv6.ip6_null_entry) { 873 fn = fib6_backtrack(fn, &fl6->saddr); 874 if (fn) 875 goto restart; 876 } 877 dst_use(&rt->dst, jiffies); 878 read_unlock_bh(&table->tb6_lock); 879 return rt; 880 881 } 882 883 struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6, 884 int flags) 885 { 886 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup); 887 } 888 EXPORT_SYMBOL_GPL(ip6_route_lookup); 889 890 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr, 891 const struct in6_addr *saddr, int oif, int strict) 892 { 893 struct flowi6 fl6 = { 894 .flowi6_oif = oif, 895 .daddr = *daddr, 896 }; 897 struct dst_entry *dst; 898 int flags = strict ? RT6_LOOKUP_F_IFACE : 0; 899 900 if (saddr) { 901 memcpy(&fl6.saddr, saddr, sizeof(*saddr)); 902 flags |= RT6_LOOKUP_F_HAS_SADDR; 903 } 904 905 dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup); 906 if (dst->error == 0) 907 return (struct rt6_info *) dst; 908 909 dst_release(dst); 910 911 return NULL; 912 } 913 EXPORT_SYMBOL(rt6_lookup); 914 915 /* ip6_ins_rt is called with FREE table->tb6_lock. 916 It takes new route entry, the addition fails by any reason the 917 route is freed. In any case, if caller does not hold it, it may 918 be destroyed. 919 */ 920 921 static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info, 922 struct mx6_config *mxc) 923 { 924 int err; 925 struct fib6_table *table; 926 927 table = rt->rt6i_table; 928 write_lock_bh(&table->tb6_lock); 929 err = fib6_add(&table->tb6_root, rt, info, mxc); 930 write_unlock_bh(&table->tb6_lock); 931 932 return err; 933 } 934 935 int ip6_ins_rt(struct rt6_info *rt) 936 { 937 struct nl_info info = { .nl_net = dev_net(rt->dst.dev), }; 938 struct mx6_config mxc = { .mx = NULL, }; 939 940 return __ip6_ins_rt(rt, &info, &mxc); 941 } 942 943 static struct rt6_info *ip6_rt_cache_alloc(struct rt6_info *ort, 944 const struct in6_addr *daddr, 945 const struct in6_addr *saddr) 946 { 947 struct rt6_info *rt; 948 949 /* 950 * Clone the route. 951 */ 952 953 if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU)) 954 ort = (struct rt6_info *)ort->dst.from; 955 956 rt = __ip6_dst_alloc(dev_net(ort->dst.dev), ort->dst.dev, 957 0, ort->rt6i_table); 958 959 if (!rt) 960 return NULL; 961 962 ip6_rt_copy_init(rt, ort); 963 rt->rt6i_flags |= RTF_CACHE; 964 rt->rt6i_metric = 0; 965 rt->dst.flags |= DST_HOST; 966 rt->rt6i_dst.addr = *daddr; 967 rt->rt6i_dst.plen = 128; 968 969 if (!rt6_is_gw_or_nonexthop(ort)) { 970 if (ort->rt6i_dst.plen != 128 && 971 ipv6_addr_equal(&ort->rt6i_dst.addr, daddr)) 972 rt->rt6i_flags |= RTF_ANYCAST; 973 #ifdef CONFIG_IPV6_SUBTREES 974 if (rt->rt6i_src.plen && saddr) { 975 rt->rt6i_src.addr = *saddr; 976 rt->rt6i_src.plen = 128; 977 } 978 #endif 979 } 980 981 return rt; 982 } 983 984 static struct rt6_info *ip6_rt_pcpu_alloc(struct rt6_info *rt) 985 { 986 struct rt6_info *pcpu_rt; 987 988 pcpu_rt = __ip6_dst_alloc(dev_net(rt->dst.dev), 989 rt->dst.dev, rt->dst.flags, 990 rt->rt6i_table); 991 992 if (!pcpu_rt) 993 return NULL; 994 ip6_rt_copy_init(pcpu_rt, rt); 995 pcpu_rt->rt6i_protocol = rt->rt6i_protocol; 996 pcpu_rt->rt6i_flags |= RTF_PCPU; 997 return pcpu_rt; 998 } 999 1000 /* It should be called with read_lock_bh(&tb6_lock) acquired */ 1001 static struct rt6_info *rt6_get_pcpu_route(struct rt6_info *rt) 1002 { 1003 struct rt6_info *pcpu_rt, *prev, **p; 1004 1005 p = this_cpu_ptr(rt->rt6i_pcpu); 1006 pcpu_rt = *p; 1007 1008 if (pcpu_rt) 1009 goto done; 1010 1011 pcpu_rt = ip6_rt_pcpu_alloc(rt); 1012 if (!pcpu_rt) { 1013 struct net *net = dev_net(rt->dst.dev); 1014 1015 pcpu_rt = net->ipv6.ip6_null_entry; 1016 goto done; 1017 } 1018 1019 prev = cmpxchg(p, NULL, pcpu_rt); 1020 if (prev) { 1021 /* If someone did it before us, return prev instead */ 1022 dst_destroy(&pcpu_rt->dst); 1023 pcpu_rt = prev; 1024 } 1025 1026 done: 1027 dst_hold(&pcpu_rt->dst); 1028 rt6_dst_from_metrics_check(pcpu_rt); 1029 return pcpu_rt; 1030 } 1031 1032 static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif, 1033 struct flowi6 *fl6, int flags) 1034 { 1035 struct fib6_node *fn, *saved_fn; 1036 struct rt6_info *rt; 1037 int strict = 0; 1038 1039 strict |= flags & RT6_LOOKUP_F_IFACE; 1040 if (net->ipv6.devconf_all->forwarding == 0) 1041 strict |= RT6_LOOKUP_F_REACHABLE; 1042 1043 read_lock_bh(&table->tb6_lock); 1044 1045 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 1046 saved_fn = fn; 1047 1048 redo_rt6_select: 1049 rt = rt6_select(fn, oif, strict); 1050 if (rt->rt6i_nsiblings) 1051 rt = rt6_multipath_select(rt, fl6, oif, strict); 1052 if (rt == net->ipv6.ip6_null_entry) { 1053 fn = fib6_backtrack(fn, &fl6->saddr); 1054 if (fn) 1055 goto redo_rt6_select; 1056 else if (strict & RT6_LOOKUP_F_REACHABLE) { 1057 /* also consider unreachable route */ 1058 strict &= ~RT6_LOOKUP_F_REACHABLE; 1059 fn = saved_fn; 1060 goto redo_rt6_select; 1061 } 1062 } 1063 1064 1065 if (rt == net->ipv6.ip6_null_entry || (rt->rt6i_flags & RTF_CACHE)) { 1066 dst_use(&rt->dst, jiffies); 1067 read_unlock_bh(&table->tb6_lock); 1068 1069 rt6_dst_from_metrics_check(rt); 1070 return rt; 1071 } else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) && 1072 !(rt->rt6i_flags & RTF_GATEWAY))) { 1073 /* Create a RTF_CACHE clone which will not be 1074 * owned by the fib6 tree. It is for the special case where 1075 * the daddr in the skb during the neighbor look-up is different 1076 * from the fl6->daddr used to look-up route here. 1077 */ 1078 1079 struct rt6_info *uncached_rt; 1080 1081 dst_use(&rt->dst, jiffies); 1082 read_unlock_bh(&table->tb6_lock); 1083 1084 uncached_rt = ip6_rt_cache_alloc(rt, &fl6->daddr, NULL); 1085 dst_release(&rt->dst); 1086 1087 if (uncached_rt) 1088 rt6_uncached_list_add(uncached_rt); 1089 else 1090 uncached_rt = net->ipv6.ip6_null_entry; 1091 1092 dst_hold(&uncached_rt->dst); 1093 return uncached_rt; 1094 1095 } else { 1096 /* Get a percpu copy */ 1097 1098 struct rt6_info *pcpu_rt; 1099 1100 rt->dst.lastuse = jiffies; 1101 rt->dst.__use++; 1102 pcpu_rt = rt6_get_pcpu_route(rt); 1103 read_unlock_bh(&table->tb6_lock); 1104 1105 return pcpu_rt; 1106 } 1107 } 1108 1109 static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, 1110 struct flowi6 *fl6, int flags) 1111 { 1112 return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); 1113 } 1114 1115 static struct dst_entry *ip6_route_input_lookup(struct net *net, 1116 struct net_device *dev, 1117 struct flowi6 *fl6, int flags) 1118 { 1119 if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG) 1120 flags |= RT6_LOOKUP_F_IFACE; 1121 1122 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input); 1123 } 1124 1125 void ip6_route_input(struct sk_buff *skb) 1126 { 1127 const struct ipv6hdr *iph = ipv6_hdr(skb); 1128 struct net *net = dev_net(skb->dev); 1129 int flags = RT6_LOOKUP_F_HAS_SADDR; 1130 struct flowi6 fl6 = { 1131 .flowi6_iif = skb->dev->ifindex, 1132 .daddr = iph->daddr, 1133 .saddr = iph->saddr, 1134 .flowlabel = ip6_flowinfo(iph), 1135 .flowi6_mark = skb->mark, 1136 .flowi6_proto = iph->nexthdr, 1137 }; 1138 1139 skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags)); 1140 } 1141 1142 static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, 1143 struct flowi6 *fl6, int flags) 1144 { 1145 return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); 1146 } 1147 1148 struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk, 1149 struct flowi6 *fl6) 1150 { 1151 int flags = 0; 1152 1153 fl6->flowi6_iif = LOOPBACK_IFINDEX; 1154 1155 if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr)) 1156 flags |= RT6_LOOKUP_F_IFACE; 1157 1158 if (!ipv6_addr_any(&fl6->saddr)) 1159 flags |= RT6_LOOKUP_F_HAS_SADDR; 1160 else if (sk) 1161 flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs); 1162 1163 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output); 1164 } 1165 EXPORT_SYMBOL(ip6_route_output); 1166 1167 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig) 1168 { 1169 struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig; 1170 struct dst_entry *new = NULL; 1171 1172 rt = dst_alloc(&ip6_dst_blackhole_ops, ort->dst.dev, 1, DST_OBSOLETE_NONE, 0); 1173 if (rt) { 1174 new = &rt->dst; 1175 1176 memset(new + 1, 0, sizeof(*rt) - sizeof(*new)); 1177 1178 new->__use = 1; 1179 new->input = dst_discard; 1180 new->output = dst_discard_sk; 1181 1182 if (dst_metrics_read_only(&ort->dst)) 1183 new->_metrics = ort->dst._metrics; 1184 else 1185 dst_copy_metrics(new, &ort->dst); 1186 rt->rt6i_idev = ort->rt6i_idev; 1187 if (rt->rt6i_idev) 1188 in6_dev_hold(rt->rt6i_idev); 1189 1190 rt->rt6i_gateway = ort->rt6i_gateway; 1191 rt->rt6i_flags = ort->rt6i_flags; 1192 rt->rt6i_metric = 0; 1193 1194 memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key)); 1195 #ifdef CONFIG_IPV6_SUBTREES 1196 memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); 1197 #endif 1198 1199 dst_free(new); 1200 } 1201 1202 dst_release(dst_orig); 1203 return new ? new : ERR_PTR(-ENOMEM); 1204 } 1205 1206 /* 1207 * Destination cache support functions 1208 */ 1209 1210 static void rt6_dst_from_metrics_check(struct rt6_info *rt) 1211 { 1212 if (rt->dst.from && 1213 dst_metrics_ptr(&rt->dst) != dst_metrics_ptr(rt->dst.from)) 1214 dst_init_metrics(&rt->dst, dst_metrics_ptr(rt->dst.from), true); 1215 } 1216 1217 static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie) 1218 { 1219 if (!rt->rt6i_node || (rt->rt6i_node->fn_sernum != cookie)) 1220 return NULL; 1221 1222 if (rt6_check_expired(rt)) 1223 return NULL; 1224 1225 return &rt->dst; 1226 } 1227 1228 static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie) 1229 { 1230 if (rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK && 1231 rt6_check((struct rt6_info *)(rt->dst.from), cookie)) 1232 return &rt->dst; 1233 else 1234 return NULL; 1235 } 1236 1237 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie) 1238 { 1239 struct rt6_info *rt; 1240 1241 rt = (struct rt6_info *) dst; 1242 1243 /* All IPV6 dsts are created with ->obsolete set to the value 1244 * DST_OBSOLETE_FORCE_CHK which forces validation calls down 1245 * into this function always. 1246 */ 1247 1248 rt6_dst_from_metrics_check(rt); 1249 1250 if ((rt->rt6i_flags & RTF_PCPU) || unlikely(dst->flags & DST_NOCACHE)) 1251 return rt6_dst_from_check(rt, cookie); 1252 else 1253 return rt6_check(rt, cookie); 1254 } 1255 1256 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst) 1257 { 1258 struct rt6_info *rt = (struct rt6_info *) dst; 1259 1260 if (rt) { 1261 if (rt->rt6i_flags & RTF_CACHE) { 1262 if (rt6_check_expired(rt)) { 1263 ip6_del_rt(rt); 1264 dst = NULL; 1265 } 1266 } else { 1267 dst_release(dst); 1268 dst = NULL; 1269 } 1270 } 1271 return dst; 1272 } 1273 1274 static void ip6_link_failure(struct sk_buff *skb) 1275 { 1276 struct rt6_info *rt; 1277 1278 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); 1279 1280 rt = (struct rt6_info *) skb_dst(skb); 1281 if (rt) { 1282 if (rt->rt6i_flags & RTF_CACHE) { 1283 dst_hold(&rt->dst); 1284 if (ip6_del_rt(rt)) 1285 dst_free(&rt->dst); 1286 } else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) { 1287 rt->rt6i_node->fn_sernum = -1; 1288 } 1289 } 1290 } 1291 1292 static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu) 1293 { 1294 struct net *net = dev_net(rt->dst.dev); 1295 1296 rt->rt6i_flags |= RTF_MODIFIED; 1297 rt->rt6i_pmtu = mtu; 1298 rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires); 1299 } 1300 1301 static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk, 1302 const struct ipv6hdr *iph, u32 mtu) 1303 { 1304 struct rt6_info *rt6 = (struct rt6_info *)dst; 1305 1306 if (rt6->rt6i_flags & RTF_LOCAL) 1307 return; 1308 1309 dst_confirm(dst); 1310 mtu = max_t(u32, mtu, IPV6_MIN_MTU); 1311 if (mtu >= dst_mtu(dst)) 1312 return; 1313 1314 if (rt6->rt6i_flags & RTF_CACHE) { 1315 rt6_do_update_pmtu(rt6, mtu); 1316 } else { 1317 const struct in6_addr *daddr, *saddr; 1318 struct rt6_info *nrt6; 1319 1320 if (iph) { 1321 daddr = &iph->daddr; 1322 saddr = &iph->saddr; 1323 } else if (sk) { 1324 daddr = &sk->sk_v6_daddr; 1325 saddr = &inet6_sk(sk)->saddr; 1326 } else { 1327 return; 1328 } 1329 nrt6 = ip6_rt_cache_alloc(rt6, daddr, saddr); 1330 if (nrt6) { 1331 rt6_do_update_pmtu(nrt6, mtu); 1332 1333 /* ip6_ins_rt(nrt6) will bump the 1334 * rt6->rt6i_node->fn_sernum 1335 * which will fail the next rt6_check() and 1336 * invalidate the sk->sk_dst_cache. 1337 */ 1338 ip6_ins_rt(nrt6); 1339 } 1340 } 1341 } 1342 1343 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, 1344 struct sk_buff *skb, u32 mtu) 1345 { 1346 __ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu); 1347 } 1348 1349 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu, 1350 int oif, u32 mark) 1351 { 1352 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; 1353 struct dst_entry *dst; 1354 struct flowi6 fl6; 1355 1356 memset(&fl6, 0, sizeof(fl6)); 1357 fl6.flowi6_oif = oif; 1358 fl6.flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark); 1359 fl6.daddr = iph->daddr; 1360 fl6.saddr = iph->saddr; 1361 fl6.flowlabel = ip6_flowinfo(iph); 1362 1363 dst = ip6_route_output(net, NULL, &fl6); 1364 if (!dst->error) 1365 __ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu)); 1366 dst_release(dst); 1367 } 1368 EXPORT_SYMBOL_GPL(ip6_update_pmtu); 1369 1370 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu) 1371 { 1372 ip6_update_pmtu(skb, sock_net(sk), mtu, 1373 sk->sk_bound_dev_if, sk->sk_mark); 1374 } 1375 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu); 1376 1377 /* Handle redirects */ 1378 struct ip6rd_flowi { 1379 struct flowi6 fl6; 1380 struct in6_addr gateway; 1381 }; 1382 1383 static struct rt6_info *__ip6_route_redirect(struct net *net, 1384 struct fib6_table *table, 1385 struct flowi6 *fl6, 1386 int flags) 1387 { 1388 struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6; 1389 struct rt6_info *rt; 1390 struct fib6_node *fn; 1391 1392 /* Get the "current" route for this destination and 1393 * check if the redirect has come from approriate router. 1394 * 1395 * RFC 4861 specifies that redirects should only be 1396 * accepted if they come from the nexthop to the target. 1397 * Due to the way the routes are chosen, this notion 1398 * is a bit fuzzy and one might need to check all possible 1399 * routes. 1400 */ 1401 1402 read_lock_bh(&table->tb6_lock); 1403 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 1404 restart: 1405 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 1406 if (rt6_check_expired(rt)) 1407 continue; 1408 if (rt->dst.error) 1409 break; 1410 if (!(rt->rt6i_flags & RTF_GATEWAY)) 1411 continue; 1412 if (fl6->flowi6_oif != rt->dst.dev->ifindex) 1413 continue; 1414 if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway)) 1415 continue; 1416 break; 1417 } 1418 1419 if (!rt) 1420 rt = net->ipv6.ip6_null_entry; 1421 else if (rt->dst.error) { 1422 rt = net->ipv6.ip6_null_entry; 1423 goto out; 1424 } 1425 1426 if (rt == net->ipv6.ip6_null_entry) { 1427 fn = fib6_backtrack(fn, &fl6->saddr); 1428 if (fn) 1429 goto restart; 1430 } 1431 1432 out: 1433 dst_hold(&rt->dst); 1434 1435 read_unlock_bh(&table->tb6_lock); 1436 1437 return rt; 1438 }; 1439 1440 static struct dst_entry *ip6_route_redirect(struct net *net, 1441 const struct flowi6 *fl6, 1442 const struct in6_addr *gateway) 1443 { 1444 int flags = RT6_LOOKUP_F_HAS_SADDR; 1445 struct ip6rd_flowi rdfl; 1446 1447 rdfl.fl6 = *fl6; 1448 rdfl.gateway = *gateway; 1449 1450 return fib6_rule_lookup(net, &rdfl.fl6, 1451 flags, __ip6_route_redirect); 1452 } 1453 1454 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark) 1455 { 1456 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; 1457 struct dst_entry *dst; 1458 struct flowi6 fl6; 1459 1460 memset(&fl6, 0, sizeof(fl6)); 1461 fl6.flowi6_iif = LOOPBACK_IFINDEX; 1462 fl6.flowi6_oif = oif; 1463 fl6.flowi6_mark = mark; 1464 fl6.daddr = iph->daddr; 1465 fl6.saddr = iph->saddr; 1466 fl6.flowlabel = ip6_flowinfo(iph); 1467 1468 dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr); 1469 rt6_do_redirect(dst, NULL, skb); 1470 dst_release(dst); 1471 } 1472 EXPORT_SYMBOL_GPL(ip6_redirect); 1473 1474 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif, 1475 u32 mark) 1476 { 1477 const struct ipv6hdr *iph = ipv6_hdr(skb); 1478 const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb); 1479 struct dst_entry *dst; 1480 struct flowi6 fl6; 1481 1482 memset(&fl6, 0, sizeof(fl6)); 1483 fl6.flowi6_iif = LOOPBACK_IFINDEX; 1484 fl6.flowi6_oif = oif; 1485 fl6.flowi6_mark = mark; 1486 fl6.daddr = msg->dest; 1487 fl6.saddr = iph->daddr; 1488 1489 dst = ip6_route_redirect(net, &fl6, &iph->saddr); 1490 rt6_do_redirect(dst, NULL, skb); 1491 dst_release(dst); 1492 } 1493 1494 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk) 1495 { 1496 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark); 1497 } 1498 EXPORT_SYMBOL_GPL(ip6_sk_redirect); 1499 1500 static unsigned int ip6_default_advmss(const struct dst_entry *dst) 1501 { 1502 struct net_device *dev = dst->dev; 1503 unsigned int mtu = dst_mtu(dst); 1504 struct net *net = dev_net(dev); 1505 1506 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr); 1507 1508 if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss) 1509 mtu = net->ipv6.sysctl.ip6_rt_min_advmss; 1510 1511 /* 1512 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and 1513 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size. 1514 * IPV6_MAXPLEN is also valid and means: "any MSS, 1515 * rely only on pmtu discovery" 1516 */ 1517 if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr)) 1518 mtu = IPV6_MAXPLEN; 1519 return mtu; 1520 } 1521 1522 static unsigned int ip6_mtu(const struct dst_entry *dst) 1523 { 1524 const struct rt6_info *rt = (const struct rt6_info *)dst; 1525 unsigned int mtu = rt->rt6i_pmtu; 1526 struct inet6_dev *idev; 1527 1528 if (mtu) 1529 goto out; 1530 1531 mtu = dst_metric_raw(dst, RTAX_MTU); 1532 if (mtu) 1533 goto out; 1534 1535 mtu = IPV6_MIN_MTU; 1536 1537 rcu_read_lock(); 1538 idev = __in6_dev_get(dst->dev); 1539 if (idev) 1540 mtu = idev->cnf.mtu6; 1541 rcu_read_unlock(); 1542 1543 out: 1544 return min_t(unsigned int, mtu, IP6_MAX_MTU); 1545 } 1546 1547 static struct dst_entry *icmp6_dst_gc_list; 1548 static DEFINE_SPINLOCK(icmp6_dst_lock); 1549 1550 struct dst_entry *icmp6_dst_alloc(struct net_device *dev, 1551 struct flowi6 *fl6) 1552 { 1553 struct dst_entry *dst; 1554 struct rt6_info *rt; 1555 struct inet6_dev *idev = in6_dev_get(dev); 1556 struct net *net = dev_net(dev); 1557 1558 if (unlikely(!idev)) 1559 return ERR_PTR(-ENODEV); 1560 1561 rt = ip6_dst_alloc(net, dev, 0, NULL); 1562 if (unlikely(!rt)) { 1563 in6_dev_put(idev); 1564 dst = ERR_PTR(-ENOMEM); 1565 goto out; 1566 } 1567 1568 rt->dst.flags |= DST_HOST; 1569 rt->dst.output = ip6_output; 1570 atomic_set(&rt->dst.__refcnt, 1); 1571 rt->rt6i_gateway = fl6->daddr; 1572 rt->rt6i_dst.addr = fl6->daddr; 1573 rt->rt6i_dst.plen = 128; 1574 rt->rt6i_idev = idev; 1575 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0); 1576 1577 spin_lock_bh(&icmp6_dst_lock); 1578 rt->dst.next = icmp6_dst_gc_list; 1579 icmp6_dst_gc_list = &rt->dst; 1580 spin_unlock_bh(&icmp6_dst_lock); 1581 1582 fib6_force_start_gc(net); 1583 1584 dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0); 1585 1586 out: 1587 return dst; 1588 } 1589 1590 int icmp6_dst_gc(void) 1591 { 1592 struct dst_entry *dst, **pprev; 1593 int more = 0; 1594 1595 spin_lock_bh(&icmp6_dst_lock); 1596 pprev = &icmp6_dst_gc_list; 1597 1598 while ((dst = *pprev) != NULL) { 1599 if (!atomic_read(&dst->__refcnt)) { 1600 *pprev = dst->next; 1601 dst_free(dst); 1602 } else { 1603 pprev = &dst->next; 1604 ++more; 1605 } 1606 } 1607 1608 spin_unlock_bh(&icmp6_dst_lock); 1609 1610 return more; 1611 } 1612 1613 static void icmp6_clean_all(int (*func)(struct rt6_info *rt, void *arg), 1614 void *arg) 1615 { 1616 struct dst_entry *dst, **pprev; 1617 1618 spin_lock_bh(&icmp6_dst_lock); 1619 pprev = &icmp6_dst_gc_list; 1620 while ((dst = *pprev) != NULL) { 1621 struct rt6_info *rt = (struct rt6_info *) dst; 1622 if (func(rt, arg)) { 1623 *pprev = dst->next; 1624 dst_free(dst); 1625 } else { 1626 pprev = &dst->next; 1627 } 1628 } 1629 spin_unlock_bh(&icmp6_dst_lock); 1630 } 1631 1632 static int ip6_dst_gc(struct dst_ops *ops) 1633 { 1634 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops); 1635 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval; 1636 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size; 1637 int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity; 1638 int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout; 1639 unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc; 1640 int entries; 1641 1642 entries = dst_entries_get_fast(ops); 1643 if (time_after(rt_last_gc + rt_min_interval, jiffies) && 1644 entries <= rt_max_size) 1645 goto out; 1646 1647 net->ipv6.ip6_rt_gc_expire++; 1648 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true); 1649 entries = dst_entries_get_slow(ops); 1650 if (entries < ops->gc_thresh) 1651 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1; 1652 out: 1653 net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity; 1654 return entries > rt_max_size; 1655 } 1656 1657 static int ip6_convert_metrics(struct mx6_config *mxc, 1658 const struct fib6_config *cfg) 1659 { 1660 struct nlattr *nla; 1661 int remaining; 1662 u32 *mp; 1663 1664 if (!cfg->fc_mx) 1665 return 0; 1666 1667 mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL); 1668 if (unlikely(!mp)) 1669 return -ENOMEM; 1670 1671 nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) { 1672 int type = nla_type(nla); 1673 1674 if (type) { 1675 u32 val; 1676 1677 if (unlikely(type > RTAX_MAX)) 1678 goto err; 1679 if (type == RTAX_CC_ALGO) { 1680 char tmp[TCP_CA_NAME_MAX]; 1681 1682 nla_strlcpy(tmp, nla, sizeof(tmp)); 1683 val = tcp_ca_get_key_by_name(tmp); 1684 if (val == TCP_CA_UNSPEC) 1685 goto err; 1686 } else { 1687 val = nla_get_u32(nla); 1688 } 1689 1690 mp[type - 1] = val; 1691 __set_bit(type - 1, mxc->mx_valid); 1692 } 1693 } 1694 1695 mxc->mx = mp; 1696 1697 return 0; 1698 err: 1699 kfree(mp); 1700 return -EINVAL; 1701 } 1702 1703 int ip6_route_add(struct fib6_config *cfg) 1704 { 1705 int err; 1706 struct net *net = cfg->fc_nlinfo.nl_net; 1707 struct rt6_info *rt = NULL; 1708 struct net_device *dev = NULL; 1709 struct inet6_dev *idev = NULL; 1710 struct fib6_table *table; 1711 struct mx6_config mxc = { .mx = NULL, }; 1712 int addr_type; 1713 1714 if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128) 1715 return -EINVAL; 1716 #ifndef CONFIG_IPV6_SUBTREES 1717 if (cfg->fc_src_len) 1718 return -EINVAL; 1719 #endif 1720 if (cfg->fc_ifindex) { 1721 err = -ENODEV; 1722 dev = dev_get_by_index(net, cfg->fc_ifindex); 1723 if (!dev) 1724 goto out; 1725 idev = in6_dev_get(dev); 1726 if (!idev) 1727 goto out; 1728 } 1729 1730 if (cfg->fc_metric == 0) 1731 cfg->fc_metric = IP6_RT_PRIO_USER; 1732 1733 err = -ENOBUFS; 1734 if (cfg->fc_nlinfo.nlh && 1735 !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) { 1736 table = fib6_get_table(net, cfg->fc_table); 1737 if (!table) { 1738 pr_warn("NLM_F_CREATE should be specified when creating new route\n"); 1739 table = fib6_new_table(net, cfg->fc_table); 1740 } 1741 } else { 1742 table = fib6_new_table(net, cfg->fc_table); 1743 } 1744 1745 if (!table) 1746 goto out; 1747 1748 rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table); 1749 1750 if (!rt) { 1751 err = -ENOMEM; 1752 goto out; 1753 } 1754 1755 if (cfg->fc_flags & RTF_EXPIRES) 1756 rt6_set_expires(rt, jiffies + 1757 clock_t_to_jiffies(cfg->fc_expires)); 1758 else 1759 rt6_clean_expires(rt); 1760 1761 if (cfg->fc_protocol == RTPROT_UNSPEC) 1762 cfg->fc_protocol = RTPROT_BOOT; 1763 rt->rt6i_protocol = cfg->fc_protocol; 1764 1765 addr_type = ipv6_addr_type(&cfg->fc_dst); 1766 1767 if (addr_type & IPV6_ADDR_MULTICAST) 1768 rt->dst.input = ip6_mc_input; 1769 else if (cfg->fc_flags & RTF_LOCAL) 1770 rt->dst.input = ip6_input; 1771 else 1772 rt->dst.input = ip6_forward; 1773 1774 rt->dst.output = ip6_output; 1775 1776 ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len); 1777 rt->rt6i_dst.plen = cfg->fc_dst_len; 1778 if (rt->rt6i_dst.plen == 128) 1779 rt->dst.flags |= DST_HOST; 1780 1781 #ifdef CONFIG_IPV6_SUBTREES 1782 ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len); 1783 rt->rt6i_src.plen = cfg->fc_src_len; 1784 #endif 1785 1786 rt->rt6i_metric = cfg->fc_metric; 1787 1788 /* We cannot add true routes via loopback here, 1789 they would result in kernel looping; promote them to reject routes 1790 */ 1791 if ((cfg->fc_flags & RTF_REJECT) || 1792 (dev && (dev->flags & IFF_LOOPBACK) && 1793 !(addr_type & IPV6_ADDR_LOOPBACK) && 1794 !(cfg->fc_flags & RTF_LOCAL))) { 1795 /* hold loopback dev/idev if we haven't done so. */ 1796 if (dev != net->loopback_dev) { 1797 if (dev) { 1798 dev_put(dev); 1799 in6_dev_put(idev); 1800 } 1801 dev = net->loopback_dev; 1802 dev_hold(dev); 1803 idev = in6_dev_get(dev); 1804 if (!idev) { 1805 err = -ENODEV; 1806 goto out; 1807 } 1808 } 1809 rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP; 1810 switch (cfg->fc_type) { 1811 case RTN_BLACKHOLE: 1812 rt->dst.error = -EINVAL; 1813 rt->dst.output = dst_discard_sk; 1814 rt->dst.input = dst_discard; 1815 break; 1816 case RTN_PROHIBIT: 1817 rt->dst.error = -EACCES; 1818 rt->dst.output = ip6_pkt_prohibit_out; 1819 rt->dst.input = ip6_pkt_prohibit; 1820 break; 1821 case RTN_THROW: 1822 default: 1823 rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN 1824 : -ENETUNREACH; 1825 rt->dst.output = ip6_pkt_discard_out; 1826 rt->dst.input = ip6_pkt_discard; 1827 break; 1828 } 1829 goto install_route; 1830 } 1831 1832 if (cfg->fc_flags & RTF_GATEWAY) { 1833 const struct in6_addr *gw_addr; 1834 int gwa_type; 1835 1836 gw_addr = &cfg->fc_gateway; 1837 1838 /* if gw_addr is local we will fail to detect this in case 1839 * address is still TENTATIVE (DAD in progress). rt6_lookup() 1840 * will return already-added prefix route via interface that 1841 * prefix route was assigned to, which might be non-loopback. 1842 */ 1843 err = -EINVAL; 1844 if (ipv6_chk_addr_and_flags(net, gw_addr, NULL, 0, 0)) 1845 goto out; 1846 1847 rt->rt6i_gateway = *gw_addr; 1848 gwa_type = ipv6_addr_type(gw_addr); 1849 1850 if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) { 1851 struct rt6_info *grt; 1852 1853 /* IPv6 strictly inhibits using not link-local 1854 addresses as nexthop address. 1855 Otherwise, router will not able to send redirects. 1856 It is very good, but in some (rare!) circumstances 1857 (SIT, PtP, NBMA NOARP links) it is handy to allow 1858 some exceptions. --ANK 1859 */ 1860 if (!(gwa_type & IPV6_ADDR_UNICAST)) 1861 goto out; 1862 1863 grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, 1); 1864 1865 err = -EHOSTUNREACH; 1866 if (!grt) 1867 goto out; 1868 if (dev) { 1869 if (dev != grt->dst.dev) { 1870 ip6_rt_put(grt); 1871 goto out; 1872 } 1873 } else { 1874 dev = grt->dst.dev; 1875 idev = grt->rt6i_idev; 1876 dev_hold(dev); 1877 in6_dev_hold(grt->rt6i_idev); 1878 } 1879 if (!(grt->rt6i_flags & RTF_GATEWAY)) 1880 err = 0; 1881 ip6_rt_put(grt); 1882 1883 if (err) 1884 goto out; 1885 } 1886 err = -EINVAL; 1887 if (!dev || (dev->flags & IFF_LOOPBACK)) 1888 goto out; 1889 } 1890 1891 err = -ENODEV; 1892 if (!dev) 1893 goto out; 1894 1895 if (!ipv6_addr_any(&cfg->fc_prefsrc)) { 1896 if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) { 1897 err = -EINVAL; 1898 goto out; 1899 } 1900 rt->rt6i_prefsrc.addr = cfg->fc_prefsrc; 1901 rt->rt6i_prefsrc.plen = 128; 1902 } else 1903 rt->rt6i_prefsrc.plen = 0; 1904 1905 rt->rt6i_flags = cfg->fc_flags; 1906 1907 install_route: 1908 rt->dst.dev = dev; 1909 rt->rt6i_idev = idev; 1910 rt->rt6i_table = table; 1911 1912 cfg->fc_nlinfo.nl_net = dev_net(dev); 1913 1914 err = ip6_convert_metrics(&mxc, cfg); 1915 if (err) 1916 goto out; 1917 1918 err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, &mxc); 1919 1920 kfree(mxc.mx); 1921 return err; 1922 out: 1923 if (dev) 1924 dev_put(dev); 1925 if (idev) 1926 in6_dev_put(idev); 1927 if (rt) 1928 dst_free(&rt->dst); 1929 return err; 1930 } 1931 1932 static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info) 1933 { 1934 int err; 1935 struct fib6_table *table; 1936 struct net *net = dev_net(rt->dst.dev); 1937 1938 if (rt == net->ipv6.ip6_null_entry) { 1939 err = -ENOENT; 1940 goto out; 1941 } 1942 1943 table = rt->rt6i_table; 1944 write_lock_bh(&table->tb6_lock); 1945 err = fib6_del(rt, info); 1946 write_unlock_bh(&table->tb6_lock); 1947 1948 out: 1949 ip6_rt_put(rt); 1950 return err; 1951 } 1952 1953 int ip6_del_rt(struct rt6_info *rt) 1954 { 1955 struct nl_info info = { 1956 .nl_net = dev_net(rt->dst.dev), 1957 }; 1958 return __ip6_del_rt(rt, &info); 1959 } 1960 1961 static int ip6_route_del(struct fib6_config *cfg) 1962 { 1963 struct fib6_table *table; 1964 struct fib6_node *fn; 1965 struct rt6_info *rt; 1966 int err = -ESRCH; 1967 1968 table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table); 1969 if (!table) 1970 return err; 1971 1972 read_lock_bh(&table->tb6_lock); 1973 1974 fn = fib6_locate(&table->tb6_root, 1975 &cfg->fc_dst, cfg->fc_dst_len, 1976 &cfg->fc_src, cfg->fc_src_len); 1977 1978 if (fn) { 1979 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 1980 if ((rt->rt6i_flags & RTF_CACHE) && 1981 !(cfg->fc_flags & RTF_CACHE)) 1982 continue; 1983 if (cfg->fc_ifindex && 1984 (!rt->dst.dev || 1985 rt->dst.dev->ifindex != cfg->fc_ifindex)) 1986 continue; 1987 if (cfg->fc_flags & RTF_GATEWAY && 1988 !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway)) 1989 continue; 1990 if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric) 1991 continue; 1992 dst_hold(&rt->dst); 1993 read_unlock_bh(&table->tb6_lock); 1994 1995 return __ip6_del_rt(rt, &cfg->fc_nlinfo); 1996 } 1997 } 1998 read_unlock_bh(&table->tb6_lock); 1999 2000 return err; 2001 } 2002 2003 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb) 2004 { 2005 struct net *net = dev_net(skb->dev); 2006 struct netevent_redirect netevent; 2007 struct rt6_info *rt, *nrt = NULL; 2008 struct ndisc_options ndopts; 2009 struct inet6_dev *in6_dev; 2010 struct neighbour *neigh; 2011 struct rd_msg *msg; 2012 int optlen, on_link; 2013 u8 *lladdr; 2014 2015 optlen = skb_tail_pointer(skb) - skb_transport_header(skb); 2016 optlen -= sizeof(*msg); 2017 2018 if (optlen < 0) { 2019 net_dbg_ratelimited("rt6_do_redirect: packet too short\n"); 2020 return; 2021 } 2022 2023 msg = (struct rd_msg *)icmp6_hdr(skb); 2024 2025 if (ipv6_addr_is_multicast(&msg->dest)) { 2026 net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n"); 2027 return; 2028 } 2029 2030 on_link = 0; 2031 if (ipv6_addr_equal(&msg->dest, &msg->target)) { 2032 on_link = 1; 2033 } else if (ipv6_addr_type(&msg->target) != 2034 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 2035 net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n"); 2036 return; 2037 } 2038 2039 in6_dev = __in6_dev_get(skb->dev); 2040 if (!in6_dev) 2041 return; 2042 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) 2043 return; 2044 2045 /* RFC2461 8.1: 2046 * The IP source address of the Redirect MUST be the same as the current 2047 * first-hop router for the specified ICMP Destination Address. 2048 */ 2049 2050 if (!ndisc_parse_options(msg->opt, optlen, &ndopts)) { 2051 net_dbg_ratelimited("rt6_redirect: invalid ND options\n"); 2052 return; 2053 } 2054 2055 lladdr = NULL; 2056 if (ndopts.nd_opts_tgt_lladdr) { 2057 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 2058 skb->dev); 2059 if (!lladdr) { 2060 net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n"); 2061 return; 2062 } 2063 } 2064 2065 rt = (struct rt6_info *) dst; 2066 if (rt == net->ipv6.ip6_null_entry) { 2067 net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n"); 2068 return; 2069 } 2070 2071 /* Redirect received -> path was valid. 2072 * Look, redirects are sent only in response to data packets, 2073 * so that this nexthop apparently is reachable. --ANK 2074 */ 2075 dst_confirm(&rt->dst); 2076 2077 neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1); 2078 if (!neigh) 2079 return; 2080 2081 /* 2082 * We have finally decided to accept it. 2083 */ 2084 2085 neigh_update(neigh, lladdr, NUD_STALE, 2086 NEIGH_UPDATE_F_WEAK_OVERRIDE| 2087 NEIGH_UPDATE_F_OVERRIDE| 2088 (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 2089 NEIGH_UPDATE_F_ISROUTER)) 2090 ); 2091 2092 nrt = ip6_rt_cache_alloc(rt, &msg->dest, NULL); 2093 if (!nrt) 2094 goto out; 2095 2096 nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE; 2097 if (on_link) 2098 nrt->rt6i_flags &= ~RTF_GATEWAY; 2099 2100 nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key; 2101 2102 if (ip6_ins_rt(nrt)) 2103 goto out; 2104 2105 netevent.old = &rt->dst; 2106 netevent.new = &nrt->dst; 2107 netevent.daddr = &msg->dest; 2108 netevent.neigh = neigh; 2109 call_netevent_notifiers(NETEVENT_REDIRECT, &netevent); 2110 2111 if (rt->rt6i_flags & RTF_CACHE) { 2112 rt = (struct rt6_info *) dst_clone(&rt->dst); 2113 ip6_del_rt(rt); 2114 } 2115 2116 out: 2117 neigh_release(neigh); 2118 } 2119 2120 /* 2121 * Misc support functions 2122 */ 2123 2124 static void rt6_set_from(struct rt6_info *rt, struct rt6_info *from) 2125 { 2126 BUG_ON(from->dst.from); 2127 2128 rt->rt6i_flags &= ~RTF_EXPIRES; 2129 dst_hold(&from->dst); 2130 rt->dst.from = &from->dst; 2131 dst_init_metrics(&rt->dst, dst_metrics_ptr(&from->dst), true); 2132 } 2133 2134 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort) 2135 { 2136 rt->dst.input = ort->dst.input; 2137 rt->dst.output = ort->dst.output; 2138 rt->rt6i_dst = ort->rt6i_dst; 2139 rt->dst.error = ort->dst.error; 2140 rt->rt6i_idev = ort->rt6i_idev; 2141 if (rt->rt6i_idev) 2142 in6_dev_hold(rt->rt6i_idev); 2143 rt->dst.lastuse = jiffies; 2144 rt->rt6i_gateway = ort->rt6i_gateway; 2145 rt->rt6i_flags = ort->rt6i_flags; 2146 rt6_set_from(rt, ort); 2147 rt->rt6i_metric = ort->rt6i_metric; 2148 #ifdef CONFIG_IPV6_SUBTREES 2149 rt->rt6i_src = ort->rt6i_src; 2150 #endif 2151 rt->rt6i_prefsrc = ort->rt6i_prefsrc; 2152 rt->rt6i_table = ort->rt6i_table; 2153 } 2154 2155 #ifdef CONFIG_IPV6_ROUTE_INFO 2156 static struct rt6_info *rt6_get_route_info(struct net *net, 2157 const struct in6_addr *prefix, int prefixlen, 2158 const struct in6_addr *gwaddr, int ifindex) 2159 { 2160 struct fib6_node *fn; 2161 struct rt6_info *rt = NULL; 2162 struct fib6_table *table; 2163 2164 table = fib6_get_table(net, RT6_TABLE_INFO); 2165 if (!table) 2166 return NULL; 2167 2168 read_lock_bh(&table->tb6_lock); 2169 fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0); 2170 if (!fn) 2171 goto out; 2172 2173 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 2174 if (rt->dst.dev->ifindex != ifindex) 2175 continue; 2176 if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY)) 2177 continue; 2178 if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr)) 2179 continue; 2180 dst_hold(&rt->dst); 2181 break; 2182 } 2183 out: 2184 read_unlock_bh(&table->tb6_lock); 2185 return rt; 2186 } 2187 2188 static struct rt6_info *rt6_add_route_info(struct net *net, 2189 const struct in6_addr *prefix, int prefixlen, 2190 const struct in6_addr *gwaddr, int ifindex, 2191 unsigned int pref) 2192 { 2193 struct fib6_config cfg = { 2194 .fc_table = RT6_TABLE_INFO, 2195 .fc_metric = IP6_RT_PRIO_USER, 2196 .fc_ifindex = ifindex, 2197 .fc_dst_len = prefixlen, 2198 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO | 2199 RTF_UP | RTF_PREF(pref), 2200 .fc_nlinfo.portid = 0, 2201 .fc_nlinfo.nlh = NULL, 2202 .fc_nlinfo.nl_net = net, 2203 }; 2204 2205 cfg.fc_dst = *prefix; 2206 cfg.fc_gateway = *gwaddr; 2207 2208 /* We should treat it as a default route if prefix length is 0. */ 2209 if (!prefixlen) 2210 cfg.fc_flags |= RTF_DEFAULT; 2211 2212 ip6_route_add(&cfg); 2213 2214 return rt6_get_route_info(net, prefix, prefixlen, gwaddr, ifindex); 2215 } 2216 #endif 2217 2218 struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev) 2219 { 2220 struct rt6_info *rt; 2221 struct fib6_table *table; 2222 2223 table = fib6_get_table(dev_net(dev), RT6_TABLE_DFLT); 2224 if (!table) 2225 return NULL; 2226 2227 read_lock_bh(&table->tb6_lock); 2228 for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) { 2229 if (dev == rt->dst.dev && 2230 ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) && 2231 ipv6_addr_equal(&rt->rt6i_gateway, addr)) 2232 break; 2233 } 2234 if (rt) 2235 dst_hold(&rt->dst); 2236 read_unlock_bh(&table->tb6_lock); 2237 return rt; 2238 } 2239 2240 struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr, 2241 struct net_device *dev, 2242 unsigned int pref) 2243 { 2244 struct fib6_config cfg = { 2245 .fc_table = RT6_TABLE_DFLT, 2246 .fc_metric = IP6_RT_PRIO_USER, 2247 .fc_ifindex = dev->ifindex, 2248 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | 2249 RTF_UP | RTF_EXPIRES | RTF_PREF(pref), 2250 .fc_nlinfo.portid = 0, 2251 .fc_nlinfo.nlh = NULL, 2252 .fc_nlinfo.nl_net = dev_net(dev), 2253 }; 2254 2255 cfg.fc_gateway = *gwaddr; 2256 2257 ip6_route_add(&cfg); 2258 2259 return rt6_get_dflt_router(gwaddr, dev); 2260 } 2261 2262 void rt6_purge_dflt_routers(struct net *net) 2263 { 2264 struct rt6_info *rt; 2265 struct fib6_table *table; 2266 2267 /* NOTE: Keep consistent with rt6_get_dflt_router */ 2268 table = fib6_get_table(net, RT6_TABLE_DFLT); 2269 if (!table) 2270 return; 2271 2272 restart: 2273 read_lock_bh(&table->tb6_lock); 2274 for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) { 2275 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) && 2276 (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) { 2277 dst_hold(&rt->dst); 2278 read_unlock_bh(&table->tb6_lock); 2279 ip6_del_rt(rt); 2280 goto restart; 2281 } 2282 } 2283 read_unlock_bh(&table->tb6_lock); 2284 } 2285 2286 static void rtmsg_to_fib6_config(struct net *net, 2287 struct in6_rtmsg *rtmsg, 2288 struct fib6_config *cfg) 2289 { 2290 memset(cfg, 0, sizeof(*cfg)); 2291 2292 cfg->fc_table = RT6_TABLE_MAIN; 2293 cfg->fc_ifindex = rtmsg->rtmsg_ifindex; 2294 cfg->fc_metric = rtmsg->rtmsg_metric; 2295 cfg->fc_expires = rtmsg->rtmsg_info; 2296 cfg->fc_dst_len = rtmsg->rtmsg_dst_len; 2297 cfg->fc_src_len = rtmsg->rtmsg_src_len; 2298 cfg->fc_flags = rtmsg->rtmsg_flags; 2299 2300 cfg->fc_nlinfo.nl_net = net; 2301 2302 cfg->fc_dst = rtmsg->rtmsg_dst; 2303 cfg->fc_src = rtmsg->rtmsg_src; 2304 cfg->fc_gateway = rtmsg->rtmsg_gateway; 2305 } 2306 2307 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg) 2308 { 2309 struct fib6_config cfg; 2310 struct in6_rtmsg rtmsg; 2311 int err; 2312 2313 switch (cmd) { 2314 case SIOCADDRT: /* Add a route */ 2315 case SIOCDELRT: /* Delete a route */ 2316 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 2317 return -EPERM; 2318 err = copy_from_user(&rtmsg, arg, 2319 sizeof(struct in6_rtmsg)); 2320 if (err) 2321 return -EFAULT; 2322 2323 rtmsg_to_fib6_config(net, &rtmsg, &cfg); 2324 2325 rtnl_lock(); 2326 switch (cmd) { 2327 case SIOCADDRT: 2328 err = ip6_route_add(&cfg); 2329 break; 2330 case SIOCDELRT: 2331 err = ip6_route_del(&cfg); 2332 break; 2333 default: 2334 err = -EINVAL; 2335 } 2336 rtnl_unlock(); 2337 2338 return err; 2339 } 2340 2341 return -EINVAL; 2342 } 2343 2344 /* 2345 * Drop the packet on the floor 2346 */ 2347 2348 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes) 2349 { 2350 int type; 2351 struct dst_entry *dst = skb_dst(skb); 2352 switch (ipstats_mib_noroutes) { 2353 case IPSTATS_MIB_INNOROUTES: 2354 type = ipv6_addr_type(&ipv6_hdr(skb)->daddr); 2355 if (type == IPV6_ADDR_ANY) { 2356 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), 2357 IPSTATS_MIB_INADDRERRORS); 2358 break; 2359 } 2360 /* FALLTHROUGH */ 2361 case IPSTATS_MIB_OUTNOROUTES: 2362 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), 2363 ipstats_mib_noroutes); 2364 break; 2365 } 2366 icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0); 2367 kfree_skb(skb); 2368 return 0; 2369 } 2370 2371 static int ip6_pkt_discard(struct sk_buff *skb) 2372 { 2373 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES); 2374 } 2375 2376 static int ip6_pkt_discard_out(struct sock *sk, struct sk_buff *skb) 2377 { 2378 skb->dev = skb_dst(skb)->dev; 2379 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES); 2380 } 2381 2382 static int ip6_pkt_prohibit(struct sk_buff *skb) 2383 { 2384 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES); 2385 } 2386 2387 static int ip6_pkt_prohibit_out(struct sock *sk, struct sk_buff *skb) 2388 { 2389 skb->dev = skb_dst(skb)->dev; 2390 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); 2391 } 2392 2393 /* 2394 * Allocate a dst for local (unicast / anycast) address. 2395 */ 2396 2397 struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev, 2398 const struct in6_addr *addr, 2399 bool anycast) 2400 { 2401 struct net *net = dev_net(idev->dev); 2402 struct rt6_info *rt = ip6_dst_alloc(net, net->loopback_dev, 2403 DST_NOCOUNT, NULL); 2404 if (!rt) 2405 return ERR_PTR(-ENOMEM); 2406 2407 in6_dev_hold(idev); 2408 2409 rt->dst.flags |= DST_HOST; 2410 rt->dst.input = ip6_input; 2411 rt->dst.output = ip6_output; 2412 rt->rt6i_idev = idev; 2413 2414 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2415 if (anycast) 2416 rt->rt6i_flags |= RTF_ANYCAST; 2417 else 2418 rt->rt6i_flags |= RTF_LOCAL; 2419 2420 rt->rt6i_gateway = *addr; 2421 rt->rt6i_dst.addr = *addr; 2422 rt->rt6i_dst.plen = 128; 2423 rt->rt6i_table = fib6_get_table(net, RT6_TABLE_LOCAL); 2424 2425 atomic_set(&rt->dst.__refcnt, 1); 2426 2427 return rt; 2428 } 2429 2430 int ip6_route_get_saddr(struct net *net, 2431 struct rt6_info *rt, 2432 const struct in6_addr *daddr, 2433 unsigned int prefs, 2434 struct in6_addr *saddr) 2435 { 2436 struct inet6_dev *idev = 2437 rt ? ip6_dst_idev((struct dst_entry *)rt) : NULL; 2438 int err = 0; 2439 if (rt && rt->rt6i_prefsrc.plen) 2440 *saddr = rt->rt6i_prefsrc.addr; 2441 else 2442 err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL, 2443 daddr, prefs, saddr); 2444 return err; 2445 } 2446 2447 /* remove deleted ip from prefsrc entries */ 2448 struct arg_dev_net_ip { 2449 struct net_device *dev; 2450 struct net *net; 2451 struct in6_addr *addr; 2452 }; 2453 2454 static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg) 2455 { 2456 struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev; 2457 struct net *net = ((struct arg_dev_net_ip *)arg)->net; 2458 struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr; 2459 2460 if (((void *)rt->dst.dev == dev || !dev) && 2461 rt != net->ipv6.ip6_null_entry && 2462 ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) { 2463 /* remove prefsrc entry */ 2464 rt->rt6i_prefsrc.plen = 0; 2465 } 2466 return 0; 2467 } 2468 2469 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp) 2470 { 2471 struct net *net = dev_net(ifp->idev->dev); 2472 struct arg_dev_net_ip adni = { 2473 .dev = ifp->idev->dev, 2474 .net = net, 2475 .addr = &ifp->addr, 2476 }; 2477 fib6_clean_all(net, fib6_remove_prefsrc, &adni); 2478 } 2479 2480 #define RTF_RA_ROUTER (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY) 2481 #define RTF_CACHE_GATEWAY (RTF_GATEWAY | RTF_CACHE) 2482 2483 /* Remove routers and update dst entries when gateway turn into host. */ 2484 static int fib6_clean_tohost(struct rt6_info *rt, void *arg) 2485 { 2486 struct in6_addr *gateway = (struct in6_addr *)arg; 2487 2488 if ((((rt->rt6i_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) || 2489 ((rt->rt6i_flags & RTF_CACHE_GATEWAY) == RTF_CACHE_GATEWAY)) && 2490 ipv6_addr_equal(gateway, &rt->rt6i_gateway)) { 2491 return -1; 2492 } 2493 return 0; 2494 } 2495 2496 void rt6_clean_tohost(struct net *net, struct in6_addr *gateway) 2497 { 2498 fib6_clean_all(net, fib6_clean_tohost, gateway); 2499 } 2500 2501 struct arg_dev_net { 2502 struct net_device *dev; 2503 struct net *net; 2504 }; 2505 2506 static int fib6_ifdown(struct rt6_info *rt, void *arg) 2507 { 2508 const struct arg_dev_net *adn = arg; 2509 const struct net_device *dev = adn->dev; 2510 2511 if ((rt->dst.dev == dev || !dev) && 2512 rt != adn->net->ipv6.ip6_null_entry) 2513 return -1; 2514 2515 return 0; 2516 } 2517 2518 void rt6_ifdown(struct net *net, struct net_device *dev) 2519 { 2520 struct arg_dev_net adn = { 2521 .dev = dev, 2522 .net = net, 2523 }; 2524 2525 fib6_clean_all(net, fib6_ifdown, &adn); 2526 icmp6_clean_all(fib6_ifdown, &adn); 2527 rt6_uncached_list_flush_dev(net, dev); 2528 } 2529 2530 struct rt6_mtu_change_arg { 2531 struct net_device *dev; 2532 unsigned int mtu; 2533 }; 2534 2535 static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg) 2536 { 2537 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg; 2538 struct inet6_dev *idev; 2539 2540 /* In IPv6 pmtu discovery is not optional, 2541 so that RTAX_MTU lock cannot disable it. 2542 We still use this lock to block changes 2543 caused by addrconf/ndisc. 2544 */ 2545 2546 idev = __in6_dev_get(arg->dev); 2547 if (!idev) 2548 return 0; 2549 2550 /* For administrative MTU increase, there is no way to discover 2551 IPv6 PMTU increase, so PMTU increase should be updated here. 2552 Since RFC 1981 doesn't include administrative MTU increase 2553 update PMTU increase is a MUST. (i.e. jumbo frame) 2554 */ 2555 /* 2556 If new MTU is less than route PMTU, this new MTU will be the 2557 lowest MTU in the path, update the route PMTU to reflect PMTU 2558 decreases; if new MTU is greater than route PMTU, and the 2559 old MTU is the lowest MTU in the path, update the route PMTU 2560 to reflect the increase. In this case if the other nodes' MTU 2561 also have the lowest MTU, TOO BIG MESSAGE will be lead to 2562 PMTU discouvery. 2563 */ 2564 if (rt->dst.dev == arg->dev && 2565 !dst_metric_locked(&rt->dst, RTAX_MTU)) { 2566 if (rt->rt6i_flags & RTF_CACHE) { 2567 /* For RTF_CACHE with rt6i_pmtu == 0 2568 * (i.e. a redirected route), 2569 * the metrics of its rt->dst.from has already 2570 * been updated. 2571 */ 2572 if (rt->rt6i_pmtu && rt->rt6i_pmtu > arg->mtu) 2573 rt->rt6i_pmtu = arg->mtu; 2574 } else if (dst_mtu(&rt->dst) >= arg->mtu || 2575 (dst_mtu(&rt->dst) < arg->mtu && 2576 dst_mtu(&rt->dst) == idev->cnf.mtu6)) { 2577 dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu); 2578 } 2579 } 2580 return 0; 2581 } 2582 2583 void rt6_mtu_change(struct net_device *dev, unsigned int mtu) 2584 { 2585 struct rt6_mtu_change_arg arg = { 2586 .dev = dev, 2587 .mtu = mtu, 2588 }; 2589 2590 fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg); 2591 } 2592 2593 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = { 2594 [RTA_GATEWAY] = { .len = sizeof(struct in6_addr) }, 2595 [RTA_OIF] = { .type = NLA_U32 }, 2596 [RTA_IIF] = { .type = NLA_U32 }, 2597 [RTA_PRIORITY] = { .type = NLA_U32 }, 2598 [RTA_METRICS] = { .type = NLA_NESTED }, 2599 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, 2600 [RTA_PREF] = { .type = NLA_U8 }, 2601 }; 2602 2603 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh, 2604 struct fib6_config *cfg) 2605 { 2606 struct rtmsg *rtm; 2607 struct nlattr *tb[RTA_MAX+1]; 2608 unsigned int pref; 2609 int err; 2610 2611 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); 2612 if (err < 0) 2613 goto errout; 2614 2615 err = -EINVAL; 2616 rtm = nlmsg_data(nlh); 2617 memset(cfg, 0, sizeof(*cfg)); 2618 2619 cfg->fc_table = rtm->rtm_table; 2620 cfg->fc_dst_len = rtm->rtm_dst_len; 2621 cfg->fc_src_len = rtm->rtm_src_len; 2622 cfg->fc_flags = RTF_UP; 2623 cfg->fc_protocol = rtm->rtm_protocol; 2624 cfg->fc_type = rtm->rtm_type; 2625 2626 if (rtm->rtm_type == RTN_UNREACHABLE || 2627 rtm->rtm_type == RTN_BLACKHOLE || 2628 rtm->rtm_type == RTN_PROHIBIT || 2629 rtm->rtm_type == RTN_THROW) 2630 cfg->fc_flags |= RTF_REJECT; 2631 2632 if (rtm->rtm_type == RTN_LOCAL) 2633 cfg->fc_flags |= RTF_LOCAL; 2634 2635 if (rtm->rtm_flags & RTM_F_CLONED) 2636 cfg->fc_flags |= RTF_CACHE; 2637 2638 cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid; 2639 cfg->fc_nlinfo.nlh = nlh; 2640 cfg->fc_nlinfo.nl_net = sock_net(skb->sk); 2641 2642 if (tb[RTA_GATEWAY]) { 2643 cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]); 2644 cfg->fc_flags |= RTF_GATEWAY; 2645 } 2646 2647 if (tb[RTA_DST]) { 2648 int plen = (rtm->rtm_dst_len + 7) >> 3; 2649 2650 if (nla_len(tb[RTA_DST]) < plen) 2651 goto errout; 2652 2653 nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen); 2654 } 2655 2656 if (tb[RTA_SRC]) { 2657 int plen = (rtm->rtm_src_len + 7) >> 3; 2658 2659 if (nla_len(tb[RTA_SRC]) < plen) 2660 goto errout; 2661 2662 nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen); 2663 } 2664 2665 if (tb[RTA_PREFSRC]) 2666 cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]); 2667 2668 if (tb[RTA_OIF]) 2669 cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]); 2670 2671 if (tb[RTA_PRIORITY]) 2672 cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]); 2673 2674 if (tb[RTA_METRICS]) { 2675 cfg->fc_mx = nla_data(tb[RTA_METRICS]); 2676 cfg->fc_mx_len = nla_len(tb[RTA_METRICS]); 2677 } 2678 2679 if (tb[RTA_TABLE]) 2680 cfg->fc_table = nla_get_u32(tb[RTA_TABLE]); 2681 2682 if (tb[RTA_MULTIPATH]) { 2683 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]); 2684 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]); 2685 } 2686 2687 if (tb[RTA_PREF]) { 2688 pref = nla_get_u8(tb[RTA_PREF]); 2689 if (pref != ICMPV6_ROUTER_PREF_LOW && 2690 pref != ICMPV6_ROUTER_PREF_HIGH) 2691 pref = ICMPV6_ROUTER_PREF_MEDIUM; 2692 cfg->fc_flags |= RTF_PREF(pref); 2693 } 2694 2695 err = 0; 2696 errout: 2697 return err; 2698 } 2699 2700 static int ip6_route_multipath(struct fib6_config *cfg, int add) 2701 { 2702 struct fib6_config r_cfg; 2703 struct rtnexthop *rtnh; 2704 int remaining; 2705 int attrlen; 2706 int err = 0, last_err = 0; 2707 2708 remaining = cfg->fc_mp_len; 2709 beginning: 2710 rtnh = (struct rtnexthop *)cfg->fc_mp; 2711 2712 /* Parse a Multipath Entry */ 2713 while (rtnh_ok(rtnh, remaining)) { 2714 memcpy(&r_cfg, cfg, sizeof(*cfg)); 2715 if (rtnh->rtnh_ifindex) 2716 r_cfg.fc_ifindex = rtnh->rtnh_ifindex; 2717 2718 attrlen = rtnh_attrlen(rtnh); 2719 if (attrlen > 0) { 2720 struct nlattr *nla, *attrs = rtnh_attrs(rtnh); 2721 2722 nla = nla_find(attrs, attrlen, RTA_GATEWAY); 2723 if (nla) { 2724 r_cfg.fc_gateway = nla_get_in6_addr(nla); 2725 r_cfg.fc_flags |= RTF_GATEWAY; 2726 } 2727 } 2728 err = add ? ip6_route_add(&r_cfg) : ip6_route_del(&r_cfg); 2729 if (err) { 2730 last_err = err; 2731 /* If we are trying to remove a route, do not stop the 2732 * loop when ip6_route_del() fails (because next hop is 2733 * already gone), we should try to remove all next hops. 2734 */ 2735 if (add) { 2736 /* If add fails, we should try to delete all 2737 * next hops that have been already added. 2738 */ 2739 add = 0; 2740 remaining = cfg->fc_mp_len - remaining; 2741 goto beginning; 2742 } 2743 } 2744 /* Because each route is added like a single route we remove 2745 * these flags after the first nexthop: if there is a collision, 2746 * we have already failed to add the first nexthop: 2747 * fib6_add_rt2node() has rejected it; when replacing, old 2748 * nexthops have been replaced by first new, the rest should 2749 * be added to it. 2750 */ 2751 cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | 2752 NLM_F_REPLACE); 2753 rtnh = rtnh_next(rtnh, &remaining); 2754 } 2755 2756 return last_err; 2757 } 2758 2759 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh) 2760 { 2761 struct fib6_config cfg; 2762 int err; 2763 2764 err = rtm_to_fib6_config(skb, nlh, &cfg); 2765 if (err < 0) 2766 return err; 2767 2768 if (cfg.fc_mp) 2769 return ip6_route_multipath(&cfg, 0); 2770 else 2771 return ip6_route_del(&cfg); 2772 } 2773 2774 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh) 2775 { 2776 struct fib6_config cfg; 2777 int err; 2778 2779 err = rtm_to_fib6_config(skb, nlh, &cfg); 2780 if (err < 0) 2781 return err; 2782 2783 if (cfg.fc_mp) 2784 return ip6_route_multipath(&cfg, 1); 2785 else 2786 return ip6_route_add(&cfg); 2787 } 2788 2789 static inline size_t rt6_nlmsg_size(void) 2790 { 2791 return NLMSG_ALIGN(sizeof(struct rtmsg)) 2792 + nla_total_size(16) /* RTA_SRC */ 2793 + nla_total_size(16) /* RTA_DST */ 2794 + nla_total_size(16) /* RTA_GATEWAY */ 2795 + nla_total_size(16) /* RTA_PREFSRC */ 2796 + nla_total_size(4) /* RTA_TABLE */ 2797 + nla_total_size(4) /* RTA_IIF */ 2798 + nla_total_size(4) /* RTA_OIF */ 2799 + nla_total_size(4) /* RTA_PRIORITY */ 2800 + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */ 2801 + nla_total_size(sizeof(struct rta_cacheinfo)) 2802 + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */ 2803 + nla_total_size(1); /* RTA_PREF */ 2804 } 2805 2806 static int rt6_fill_node(struct net *net, 2807 struct sk_buff *skb, struct rt6_info *rt, 2808 struct in6_addr *dst, struct in6_addr *src, 2809 int iif, int type, u32 portid, u32 seq, 2810 int prefix, int nowait, unsigned int flags) 2811 { 2812 u32 metrics[RTAX_MAX]; 2813 struct rtmsg *rtm; 2814 struct nlmsghdr *nlh; 2815 long expires; 2816 u32 table; 2817 2818 if (prefix) { /* user wants prefix routes only */ 2819 if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { 2820 /* success since this is not a prefix route */ 2821 return 1; 2822 } 2823 } 2824 2825 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags); 2826 if (!nlh) 2827 return -EMSGSIZE; 2828 2829 rtm = nlmsg_data(nlh); 2830 rtm->rtm_family = AF_INET6; 2831 rtm->rtm_dst_len = rt->rt6i_dst.plen; 2832 rtm->rtm_src_len = rt->rt6i_src.plen; 2833 rtm->rtm_tos = 0; 2834 if (rt->rt6i_table) 2835 table = rt->rt6i_table->tb6_id; 2836 else 2837 table = RT6_TABLE_UNSPEC; 2838 rtm->rtm_table = table; 2839 if (nla_put_u32(skb, RTA_TABLE, table)) 2840 goto nla_put_failure; 2841 if (rt->rt6i_flags & RTF_REJECT) { 2842 switch (rt->dst.error) { 2843 case -EINVAL: 2844 rtm->rtm_type = RTN_BLACKHOLE; 2845 break; 2846 case -EACCES: 2847 rtm->rtm_type = RTN_PROHIBIT; 2848 break; 2849 case -EAGAIN: 2850 rtm->rtm_type = RTN_THROW; 2851 break; 2852 default: 2853 rtm->rtm_type = RTN_UNREACHABLE; 2854 break; 2855 } 2856 } 2857 else if (rt->rt6i_flags & RTF_LOCAL) 2858 rtm->rtm_type = RTN_LOCAL; 2859 else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK)) 2860 rtm->rtm_type = RTN_LOCAL; 2861 else 2862 rtm->rtm_type = RTN_UNICAST; 2863 rtm->rtm_flags = 0; 2864 rtm->rtm_scope = RT_SCOPE_UNIVERSE; 2865 rtm->rtm_protocol = rt->rt6i_protocol; 2866 if (rt->rt6i_flags & RTF_DYNAMIC) 2867 rtm->rtm_protocol = RTPROT_REDIRECT; 2868 else if (rt->rt6i_flags & RTF_ADDRCONF) { 2869 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ROUTEINFO)) 2870 rtm->rtm_protocol = RTPROT_RA; 2871 else 2872 rtm->rtm_protocol = RTPROT_KERNEL; 2873 } 2874 2875 if (rt->rt6i_flags & RTF_CACHE) 2876 rtm->rtm_flags |= RTM_F_CLONED; 2877 2878 if (dst) { 2879 if (nla_put_in6_addr(skb, RTA_DST, dst)) 2880 goto nla_put_failure; 2881 rtm->rtm_dst_len = 128; 2882 } else if (rtm->rtm_dst_len) 2883 if (nla_put_in6_addr(skb, RTA_DST, &rt->rt6i_dst.addr)) 2884 goto nla_put_failure; 2885 #ifdef CONFIG_IPV6_SUBTREES 2886 if (src) { 2887 if (nla_put_in6_addr(skb, RTA_SRC, src)) 2888 goto nla_put_failure; 2889 rtm->rtm_src_len = 128; 2890 } else if (rtm->rtm_src_len && 2891 nla_put_in6_addr(skb, RTA_SRC, &rt->rt6i_src.addr)) 2892 goto nla_put_failure; 2893 #endif 2894 if (iif) { 2895 #ifdef CONFIG_IPV6_MROUTE 2896 if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) { 2897 int err = ip6mr_get_route(net, skb, rtm, nowait); 2898 if (err <= 0) { 2899 if (!nowait) { 2900 if (err == 0) 2901 return 0; 2902 goto nla_put_failure; 2903 } else { 2904 if (err == -EMSGSIZE) 2905 goto nla_put_failure; 2906 } 2907 } 2908 } else 2909 #endif 2910 if (nla_put_u32(skb, RTA_IIF, iif)) 2911 goto nla_put_failure; 2912 } else if (dst) { 2913 struct in6_addr saddr_buf; 2914 if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 && 2915 nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) 2916 goto nla_put_failure; 2917 } 2918 2919 if (rt->rt6i_prefsrc.plen) { 2920 struct in6_addr saddr_buf; 2921 saddr_buf = rt->rt6i_prefsrc.addr; 2922 if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) 2923 goto nla_put_failure; 2924 } 2925 2926 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics)); 2927 if (rt->rt6i_pmtu) 2928 metrics[RTAX_MTU - 1] = rt->rt6i_pmtu; 2929 if (rtnetlink_put_metrics(skb, metrics) < 0) 2930 goto nla_put_failure; 2931 2932 if (rt->rt6i_flags & RTF_GATEWAY) { 2933 if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->rt6i_gateway) < 0) 2934 goto nla_put_failure; 2935 } 2936 2937 if (rt->dst.dev && 2938 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex)) 2939 goto nla_put_failure; 2940 if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric)) 2941 goto nla_put_failure; 2942 2943 expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0; 2944 2945 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0) 2946 goto nla_put_failure; 2947 2948 if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags))) 2949 goto nla_put_failure; 2950 2951 nlmsg_end(skb, nlh); 2952 return 0; 2953 2954 nla_put_failure: 2955 nlmsg_cancel(skb, nlh); 2956 return -EMSGSIZE; 2957 } 2958 2959 int rt6_dump_route(struct rt6_info *rt, void *p_arg) 2960 { 2961 struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; 2962 int prefix; 2963 2964 if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { 2965 struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); 2966 prefix = (rtm->rtm_flags & RTM_F_PREFIX) != 0; 2967 } else 2968 prefix = 0; 2969 2970 return rt6_fill_node(arg->net, 2971 arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE, 2972 NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq, 2973 prefix, 0, NLM_F_MULTI); 2974 } 2975 2976 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh) 2977 { 2978 struct net *net = sock_net(in_skb->sk); 2979 struct nlattr *tb[RTA_MAX+1]; 2980 struct rt6_info *rt; 2981 struct sk_buff *skb; 2982 struct rtmsg *rtm; 2983 struct flowi6 fl6; 2984 int err, iif = 0, oif = 0; 2985 2986 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); 2987 if (err < 0) 2988 goto errout; 2989 2990 err = -EINVAL; 2991 memset(&fl6, 0, sizeof(fl6)); 2992 2993 if (tb[RTA_SRC]) { 2994 if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr)) 2995 goto errout; 2996 2997 fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]); 2998 } 2999 3000 if (tb[RTA_DST]) { 3001 if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr)) 3002 goto errout; 3003 3004 fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]); 3005 } 3006 3007 if (tb[RTA_IIF]) 3008 iif = nla_get_u32(tb[RTA_IIF]); 3009 3010 if (tb[RTA_OIF]) 3011 oif = nla_get_u32(tb[RTA_OIF]); 3012 3013 if (tb[RTA_MARK]) 3014 fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]); 3015 3016 if (iif) { 3017 struct net_device *dev; 3018 int flags = 0; 3019 3020 dev = __dev_get_by_index(net, iif); 3021 if (!dev) { 3022 err = -ENODEV; 3023 goto errout; 3024 } 3025 3026 fl6.flowi6_iif = iif; 3027 3028 if (!ipv6_addr_any(&fl6.saddr)) 3029 flags |= RT6_LOOKUP_F_HAS_SADDR; 3030 3031 rt = (struct rt6_info *)ip6_route_input_lookup(net, dev, &fl6, 3032 flags); 3033 } else { 3034 fl6.flowi6_oif = oif; 3035 3036 rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6); 3037 } 3038 3039 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 3040 if (!skb) { 3041 ip6_rt_put(rt); 3042 err = -ENOBUFS; 3043 goto errout; 3044 } 3045 3046 /* Reserve room for dummy headers, this skb can pass 3047 through good chunk of routing engine. 3048 */ 3049 skb_reset_mac_header(skb); 3050 skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr)); 3051 3052 skb_dst_set(skb, &rt->dst); 3053 3054 err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif, 3055 RTM_NEWROUTE, NETLINK_CB(in_skb).portid, 3056 nlh->nlmsg_seq, 0, 0, 0); 3057 if (err < 0) { 3058 kfree_skb(skb); 3059 goto errout; 3060 } 3061 3062 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 3063 errout: 3064 return err; 3065 } 3066 3067 void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info) 3068 { 3069 struct sk_buff *skb; 3070 struct net *net = info->nl_net; 3071 u32 seq; 3072 int err; 3073 3074 err = -ENOBUFS; 3075 seq = info->nlh ? info->nlh->nlmsg_seq : 0; 3076 3077 skb = nlmsg_new(rt6_nlmsg_size(), gfp_any()); 3078 if (!skb) 3079 goto errout; 3080 3081 err = rt6_fill_node(net, skb, rt, NULL, NULL, 0, 3082 event, info->portid, seq, 0, 0, 0); 3083 if (err < 0) { 3084 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */ 3085 WARN_ON(err == -EMSGSIZE); 3086 kfree_skb(skb); 3087 goto errout; 3088 } 3089 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE, 3090 info->nlh, gfp_any()); 3091 return; 3092 errout: 3093 if (err < 0) 3094 rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err); 3095 } 3096 3097 static int ip6_route_dev_notify(struct notifier_block *this, 3098 unsigned long event, void *ptr) 3099 { 3100 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3101 struct net *net = dev_net(dev); 3102 3103 if (event == NETDEV_REGISTER && (dev->flags & IFF_LOOPBACK)) { 3104 net->ipv6.ip6_null_entry->dst.dev = dev; 3105 net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev); 3106 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3107 net->ipv6.ip6_prohibit_entry->dst.dev = dev; 3108 net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); 3109 net->ipv6.ip6_blk_hole_entry->dst.dev = dev; 3110 net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); 3111 #endif 3112 } 3113 3114 return NOTIFY_OK; 3115 } 3116 3117 /* 3118 * /proc 3119 */ 3120 3121 #ifdef CONFIG_PROC_FS 3122 3123 static const struct file_operations ipv6_route_proc_fops = { 3124 .owner = THIS_MODULE, 3125 .open = ipv6_route_open, 3126 .read = seq_read, 3127 .llseek = seq_lseek, 3128 .release = seq_release_net, 3129 }; 3130 3131 static int rt6_stats_seq_show(struct seq_file *seq, void *v) 3132 { 3133 struct net *net = (struct net *)seq->private; 3134 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n", 3135 net->ipv6.rt6_stats->fib_nodes, 3136 net->ipv6.rt6_stats->fib_route_nodes, 3137 net->ipv6.rt6_stats->fib_rt_alloc, 3138 net->ipv6.rt6_stats->fib_rt_entries, 3139 net->ipv6.rt6_stats->fib_rt_cache, 3140 dst_entries_get_slow(&net->ipv6.ip6_dst_ops), 3141 net->ipv6.rt6_stats->fib_discarded_routes); 3142 3143 return 0; 3144 } 3145 3146 static int rt6_stats_seq_open(struct inode *inode, struct file *file) 3147 { 3148 return single_open_net(inode, file, rt6_stats_seq_show); 3149 } 3150 3151 static const struct file_operations rt6_stats_seq_fops = { 3152 .owner = THIS_MODULE, 3153 .open = rt6_stats_seq_open, 3154 .read = seq_read, 3155 .llseek = seq_lseek, 3156 .release = single_release_net, 3157 }; 3158 #endif /* CONFIG_PROC_FS */ 3159 3160 #ifdef CONFIG_SYSCTL 3161 3162 static 3163 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write, 3164 void __user *buffer, size_t *lenp, loff_t *ppos) 3165 { 3166 struct net *net; 3167 int delay; 3168 if (!write) 3169 return -EINVAL; 3170 3171 net = (struct net *)ctl->extra1; 3172 delay = net->ipv6.sysctl.flush_delay; 3173 proc_dointvec(ctl, write, buffer, lenp, ppos); 3174 fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0); 3175 return 0; 3176 } 3177 3178 struct ctl_table ipv6_route_table_template[] = { 3179 { 3180 .procname = "flush", 3181 .data = &init_net.ipv6.sysctl.flush_delay, 3182 .maxlen = sizeof(int), 3183 .mode = 0200, 3184 .proc_handler = ipv6_sysctl_rtcache_flush 3185 }, 3186 { 3187 .procname = "gc_thresh", 3188 .data = &ip6_dst_ops_template.gc_thresh, 3189 .maxlen = sizeof(int), 3190 .mode = 0644, 3191 .proc_handler = proc_dointvec, 3192 }, 3193 { 3194 .procname = "max_size", 3195 .data = &init_net.ipv6.sysctl.ip6_rt_max_size, 3196 .maxlen = sizeof(int), 3197 .mode = 0644, 3198 .proc_handler = proc_dointvec, 3199 }, 3200 { 3201 .procname = "gc_min_interval", 3202 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, 3203 .maxlen = sizeof(int), 3204 .mode = 0644, 3205 .proc_handler = proc_dointvec_jiffies, 3206 }, 3207 { 3208 .procname = "gc_timeout", 3209 .data = &init_net.ipv6.sysctl.ip6_rt_gc_timeout, 3210 .maxlen = sizeof(int), 3211 .mode = 0644, 3212 .proc_handler = proc_dointvec_jiffies, 3213 }, 3214 { 3215 .procname = "gc_interval", 3216 .data = &init_net.ipv6.sysctl.ip6_rt_gc_interval, 3217 .maxlen = sizeof(int), 3218 .mode = 0644, 3219 .proc_handler = proc_dointvec_jiffies, 3220 }, 3221 { 3222 .procname = "gc_elasticity", 3223 .data = &init_net.ipv6.sysctl.ip6_rt_gc_elasticity, 3224 .maxlen = sizeof(int), 3225 .mode = 0644, 3226 .proc_handler = proc_dointvec, 3227 }, 3228 { 3229 .procname = "mtu_expires", 3230 .data = &init_net.ipv6.sysctl.ip6_rt_mtu_expires, 3231 .maxlen = sizeof(int), 3232 .mode = 0644, 3233 .proc_handler = proc_dointvec_jiffies, 3234 }, 3235 { 3236 .procname = "min_adv_mss", 3237 .data = &init_net.ipv6.sysctl.ip6_rt_min_advmss, 3238 .maxlen = sizeof(int), 3239 .mode = 0644, 3240 .proc_handler = proc_dointvec, 3241 }, 3242 { 3243 .procname = "gc_min_interval_ms", 3244 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, 3245 .maxlen = sizeof(int), 3246 .mode = 0644, 3247 .proc_handler = proc_dointvec_ms_jiffies, 3248 }, 3249 { } 3250 }; 3251 3252 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) 3253 { 3254 struct ctl_table *table; 3255 3256 table = kmemdup(ipv6_route_table_template, 3257 sizeof(ipv6_route_table_template), 3258 GFP_KERNEL); 3259 3260 if (table) { 3261 table[0].data = &net->ipv6.sysctl.flush_delay; 3262 table[0].extra1 = net; 3263 table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh; 3264 table[2].data = &net->ipv6.sysctl.ip6_rt_max_size; 3265 table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; 3266 table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout; 3267 table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval; 3268 table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity; 3269 table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires; 3270 table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss; 3271 table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; 3272 3273 /* Don't export sysctls to unprivileged users */ 3274 if (net->user_ns != &init_user_ns) 3275 table[0].procname = NULL; 3276 } 3277 3278 return table; 3279 } 3280 #endif 3281 3282 static int __net_init ip6_route_net_init(struct net *net) 3283 { 3284 int ret = -ENOMEM; 3285 3286 memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template, 3287 sizeof(net->ipv6.ip6_dst_ops)); 3288 3289 if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0) 3290 goto out_ip6_dst_ops; 3291 3292 net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template, 3293 sizeof(*net->ipv6.ip6_null_entry), 3294 GFP_KERNEL); 3295 if (!net->ipv6.ip6_null_entry) 3296 goto out_ip6_dst_entries; 3297 net->ipv6.ip6_null_entry->dst.path = 3298 (struct dst_entry *)net->ipv6.ip6_null_entry; 3299 net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops; 3300 dst_init_metrics(&net->ipv6.ip6_null_entry->dst, 3301 ip6_template_metrics, true); 3302 3303 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3304 net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template, 3305 sizeof(*net->ipv6.ip6_prohibit_entry), 3306 GFP_KERNEL); 3307 if (!net->ipv6.ip6_prohibit_entry) 3308 goto out_ip6_null_entry; 3309 net->ipv6.ip6_prohibit_entry->dst.path = 3310 (struct dst_entry *)net->ipv6.ip6_prohibit_entry; 3311 net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops; 3312 dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst, 3313 ip6_template_metrics, true); 3314 3315 net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template, 3316 sizeof(*net->ipv6.ip6_blk_hole_entry), 3317 GFP_KERNEL); 3318 if (!net->ipv6.ip6_blk_hole_entry) 3319 goto out_ip6_prohibit_entry; 3320 net->ipv6.ip6_blk_hole_entry->dst.path = 3321 (struct dst_entry *)net->ipv6.ip6_blk_hole_entry; 3322 net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; 3323 dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, 3324 ip6_template_metrics, true); 3325 #endif 3326 3327 net->ipv6.sysctl.flush_delay = 0; 3328 net->ipv6.sysctl.ip6_rt_max_size = 4096; 3329 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2; 3330 net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ; 3331 net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ; 3332 net->ipv6.sysctl.ip6_rt_gc_elasticity = 9; 3333 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ; 3334 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40; 3335 3336 net->ipv6.ip6_rt_gc_expire = 30*HZ; 3337 3338 ret = 0; 3339 out: 3340 return ret; 3341 3342 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3343 out_ip6_prohibit_entry: 3344 kfree(net->ipv6.ip6_prohibit_entry); 3345 out_ip6_null_entry: 3346 kfree(net->ipv6.ip6_null_entry); 3347 #endif 3348 out_ip6_dst_entries: 3349 dst_entries_destroy(&net->ipv6.ip6_dst_ops); 3350 out_ip6_dst_ops: 3351 goto out; 3352 } 3353 3354 static void __net_exit ip6_route_net_exit(struct net *net) 3355 { 3356 kfree(net->ipv6.ip6_null_entry); 3357 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3358 kfree(net->ipv6.ip6_prohibit_entry); 3359 kfree(net->ipv6.ip6_blk_hole_entry); 3360 #endif 3361 dst_entries_destroy(&net->ipv6.ip6_dst_ops); 3362 } 3363 3364 static int __net_init ip6_route_net_init_late(struct net *net) 3365 { 3366 #ifdef CONFIG_PROC_FS 3367 proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops); 3368 proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops); 3369 #endif 3370 return 0; 3371 } 3372 3373 static void __net_exit ip6_route_net_exit_late(struct net *net) 3374 { 3375 #ifdef CONFIG_PROC_FS 3376 remove_proc_entry("ipv6_route", net->proc_net); 3377 remove_proc_entry("rt6_stats", net->proc_net); 3378 #endif 3379 } 3380 3381 static struct pernet_operations ip6_route_net_ops = { 3382 .init = ip6_route_net_init, 3383 .exit = ip6_route_net_exit, 3384 }; 3385 3386 static int __net_init ipv6_inetpeer_init(struct net *net) 3387 { 3388 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL); 3389 3390 if (!bp) 3391 return -ENOMEM; 3392 inet_peer_base_init(bp); 3393 net->ipv6.peers = bp; 3394 return 0; 3395 } 3396 3397 static void __net_exit ipv6_inetpeer_exit(struct net *net) 3398 { 3399 struct inet_peer_base *bp = net->ipv6.peers; 3400 3401 net->ipv6.peers = NULL; 3402 inetpeer_invalidate_tree(bp); 3403 kfree(bp); 3404 } 3405 3406 static struct pernet_operations ipv6_inetpeer_ops = { 3407 .init = ipv6_inetpeer_init, 3408 .exit = ipv6_inetpeer_exit, 3409 }; 3410 3411 static struct pernet_operations ip6_route_net_late_ops = { 3412 .init = ip6_route_net_init_late, 3413 .exit = ip6_route_net_exit_late, 3414 }; 3415 3416 static struct notifier_block ip6_route_dev_notifier = { 3417 .notifier_call = ip6_route_dev_notify, 3418 .priority = 0, 3419 }; 3420 3421 int __init ip6_route_init(void) 3422 { 3423 int ret; 3424 int cpu; 3425 3426 ret = -ENOMEM; 3427 ip6_dst_ops_template.kmem_cachep = 3428 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, 3429 SLAB_HWCACHE_ALIGN, NULL); 3430 if (!ip6_dst_ops_template.kmem_cachep) 3431 goto out; 3432 3433 ret = dst_entries_init(&ip6_dst_blackhole_ops); 3434 if (ret) 3435 goto out_kmem_cache; 3436 3437 ret = register_pernet_subsys(&ipv6_inetpeer_ops); 3438 if (ret) 3439 goto out_dst_entries; 3440 3441 ret = register_pernet_subsys(&ip6_route_net_ops); 3442 if (ret) 3443 goto out_register_inetpeer; 3444 3445 ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep; 3446 3447 /* Registering of the loopback is done before this portion of code, 3448 * the loopback reference in rt6_info will not be taken, do it 3449 * manually for init_net */ 3450 init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev; 3451 init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3452 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3453 init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev; 3454 init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3455 init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; 3456 init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3457 #endif 3458 ret = fib6_init(); 3459 if (ret) 3460 goto out_register_subsys; 3461 3462 ret = xfrm6_init(); 3463 if (ret) 3464 goto out_fib6_init; 3465 3466 ret = fib6_rules_init(); 3467 if (ret) 3468 goto xfrm6_init; 3469 3470 ret = register_pernet_subsys(&ip6_route_net_late_ops); 3471 if (ret) 3472 goto fib6_rules_init; 3473 3474 ret = -ENOBUFS; 3475 if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, NULL) || 3476 __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, NULL) || 3477 __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL, NULL)) 3478 goto out_register_late_subsys; 3479 3480 ret = register_netdevice_notifier(&ip6_route_dev_notifier); 3481 if (ret) 3482 goto out_register_late_subsys; 3483 3484 for_each_possible_cpu(cpu) { 3485 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu); 3486 3487 INIT_LIST_HEAD(&ul->head); 3488 spin_lock_init(&ul->lock); 3489 } 3490 3491 out: 3492 return ret; 3493 3494 out_register_late_subsys: 3495 unregister_pernet_subsys(&ip6_route_net_late_ops); 3496 fib6_rules_init: 3497 fib6_rules_cleanup(); 3498 xfrm6_init: 3499 xfrm6_fini(); 3500 out_fib6_init: 3501 fib6_gc_cleanup(); 3502 out_register_subsys: 3503 unregister_pernet_subsys(&ip6_route_net_ops); 3504 out_register_inetpeer: 3505 unregister_pernet_subsys(&ipv6_inetpeer_ops); 3506 out_dst_entries: 3507 dst_entries_destroy(&ip6_dst_blackhole_ops); 3508 out_kmem_cache: 3509 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); 3510 goto out; 3511 } 3512 3513 void ip6_route_cleanup(void) 3514 { 3515 unregister_netdevice_notifier(&ip6_route_dev_notifier); 3516 unregister_pernet_subsys(&ip6_route_net_late_ops); 3517 fib6_rules_cleanup(); 3518 xfrm6_fini(); 3519 fib6_gc_cleanup(); 3520 unregister_pernet_subsys(&ipv6_inetpeer_ops); 3521 unregister_pernet_subsys(&ip6_route_net_ops); 3522 dst_entries_destroy(&ip6_dst_blackhole_ops); 3523 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); 3524 } 3525