xref: /openbmc/linux/net/ipv6/route.c (revision abfbd895)
1 /*
2  *	Linux INET6 implementation
3  *	FIB front-end.
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	This program is free software; you can redistribute it and/or
9  *      modify it under the terms of the GNU General Public License
10  *      as published by the Free Software Foundation; either version
11  *      2 of the License, or (at your option) any later version.
12  */
13 
14 /*	Changes:
15  *
16  *	YOSHIFUJI Hideaki @USAGI
17  *		reworked default router selection.
18  *		- respect outgoing interface
19  *		- select from (probably) reachable routers (i.e.
20  *		routers in REACHABLE, STALE, DELAY or PROBE states).
21  *		- always select the same router if it is (probably)
22  *		reachable.  otherwise, round-robin the list.
23  *	Ville Nuorvala
24  *		Fixed routing subtrees.
25  */
26 
27 #define pr_fmt(fmt) "IPv6: " fmt
28 
29 #include <linux/capability.h>
30 #include <linux/errno.h>
31 #include <linux/export.h>
32 #include <linux/types.h>
33 #include <linux/times.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/net.h>
37 #include <linux/route.h>
38 #include <linux/netdevice.h>
39 #include <linux/in6.h>
40 #include <linux/mroute6.h>
41 #include <linux/init.h>
42 #include <linux/if_arp.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <linux/nsproxy.h>
46 #include <linux/slab.h>
47 #include <net/net_namespace.h>
48 #include <net/snmp.h>
49 #include <net/ipv6.h>
50 #include <net/ip6_fib.h>
51 #include <net/ip6_route.h>
52 #include <net/ndisc.h>
53 #include <net/addrconf.h>
54 #include <net/tcp.h>
55 #include <linux/rtnetlink.h>
56 #include <net/dst.h>
57 #include <net/dst_metadata.h>
58 #include <net/xfrm.h>
59 #include <net/netevent.h>
60 #include <net/netlink.h>
61 #include <net/nexthop.h>
62 #include <net/lwtunnel.h>
63 #include <net/ip_tunnels.h>
64 #include <net/l3mdev.h>
65 
66 #include <asm/uaccess.h>
67 
68 #ifdef CONFIG_SYSCTL
69 #include <linux/sysctl.h>
70 #endif
71 
72 enum rt6_nud_state {
73 	RT6_NUD_FAIL_HARD = -3,
74 	RT6_NUD_FAIL_PROBE = -2,
75 	RT6_NUD_FAIL_DO_RR = -1,
76 	RT6_NUD_SUCCEED = 1
77 };
78 
79 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort);
80 static struct dst_entry	*ip6_dst_check(struct dst_entry *dst, u32 cookie);
81 static unsigned int	 ip6_default_advmss(const struct dst_entry *dst);
82 static unsigned int	 ip6_mtu(const struct dst_entry *dst);
83 static struct dst_entry *ip6_negative_advice(struct dst_entry *);
84 static void		ip6_dst_destroy(struct dst_entry *);
85 static void		ip6_dst_ifdown(struct dst_entry *,
86 				       struct net_device *dev, int how);
87 static int		 ip6_dst_gc(struct dst_ops *ops);
88 
89 static int		ip6_pkt_discard(struct sk_buff *skb);
90 static int		ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
91 static int		ip6_pkt_prohibit(struct sk_buff *skb);
92 static int		ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
93 static void		ip6_link_failure(struct sk_buff *skb);
94 static void		ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
95 					   struct sk_buff *skb, u32 mtu);
96 static void		rt6_do_redirect(struct dst_entry *dst, struct sock *sk,
97 					struct sk_buff *skb);
98 static void		rt6_dst_from_metrics_check(struct rt6_info *rt);
99 static int rt6_score_route(struct rt6_info *rt, int oif, int strict);
100 
101 #ifdef CONFIG_IPV6_ROUTE_INFO
102 static struct rt6_info *rt6_add_route_info(struct net *net,
103 					   const struct in6_addr *prefix, int prefixlen,
104 					   const struct in6_addr *gwaddr, int ifindex,
105 					   unsigned int pref);
106 static struct rt6_info *rt6_get_route_info(struct net *net,
107 					   const struct in6_addr *prefix, int prefixlen,
108 					   const struct in6_addr *gwaddr, int ifindex);
109 #endif
110 
111 struct uncached_list {
112 	spinlock_t		lock;
113 	struct list_head	head;
114 };
115 
116 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list);
117 
118 static void rt6_uncached_list_add(struct rt6_info *rt)
119 {
120 	struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list);
121 
122 	rt->dst.flags |= DST_NOCACHE;
123 	rt->rt6i_uncached_list = ul;
124 
125 	spin_lock_bh(&ul->lock);
126 	list_add_tail(&rt->rt6i_uncached, &ul->head);
127 	spin_unlock_bh(&ul->lock);
128 }
129 
130 static void rt6_uncached_list_del(struct rt6_info *rt)
131 {
132 	if (!list_empty(&rt->rt6i_uncached)) {
133 		struct uncached_list *ul = rt->rt6i_uncached_list;
134 
135 		spin_lock_bh(&ul->lock);
136 		list_del(&rt->rt6i_uncached);
137 		spin_unlock_bh(&ul->lock);
138 	}
139 }
140 
141 static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
142 {
143 	struct net_device *loopback_dev = net->loopback_dev;
144 	int cpu;
145 
146 	if (dev == loopback_dev)
147 		return;
148 
149 	for_each_possible_cpu(cpu) {
150 		struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
151 		struct rt6_info *rt;
152 
153 		spin_lock_bh(&ul->lock);
154 		list_for_each_entry(rt, &ul->head, rt6i_uncached) {
155 			struct inet6_dev *rt_idev = rt->rt6i_idev;
156 			struct net_device *rt_dev = rt->dst.dev;
157 
158 			if (rt_idev->dev == dev) {
159 				rt->rt6i_idev = in6_dev_get(loopback_dev);
160 				in6_dev_put(rt_idev);
161 			}
162 
163 			if (rt_dev == dev) {
164 				rt->dst.dev = loopback_dev;
165 				dev_hold(rt->dst.dev);
166 				dev_put(rt_dev);
167 			}
168 		}
169 		spin_unlock_bh(&ul->lock);
170 	}
171 }
172 
173 static u32 *rt6_pcpu_cow_metrics(struct rt6_info *rt)
174 {
175 	return dst_metrics_write_ptr(rt->dst.from);
176 }
177 
178 static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old)
179 {
180 	struct rt6_info *rt = (struct rt6_info *)dst;
181 
182 	if (rt->rt6i_flags & RTF_PCPU)
183 		return rt6_pcpu_cow_metrics(rt);
184 	else if (rt->rt6i_flags & RTF_CACHE)
185 		return NULL;
186 	else
187 		return dst_cow_metrics_generic(dst, old);
188 }
189 
190 static inline const void *choose_neigh_daddr(struct rt6_info *rt,
191 					     struct sk_buff *skb,
192 					     const void *daddr)
193 {
194 	struct in6_addr *p = &rt->rt6i_gateway;
195 
196 	if (!ipv6_addr_any(p))
197 		return (const void *) p;
198 	else if (skb)
199 		return &ipv6_hdr(skb)->daddr;
200 	return daddr;
201 }
202 
203 static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst,
204 					  struct sk_buff *skb,
205 					  const void *daddr)
206 {
207 	struct rt6_info *rt = (struct rt6_info *) dst;
208 	struct neighbour *n;
209 
210 	daddr = choose_neigh_daddr(rt, skb, daddr);
211 	n = __ipv6_neigh_lookup(dst->dev, daddr);
212 	if (n)
213 		return n;
214 	return neigh_create(&nd_tbl, daddr, dst->dev);
215 }
216 
217 static struct dst_ops ip6_dst_ops_template = {
218 	.family			=	AF_INET6,
219 	.gc			=	ip6_dst_gc,
220 	.gc_thresh		=	1024,
221 	.check			=	ip6_dst_check,
222 	.default_advmss		=	ip6_default_advmss,
223 	.mtu			=	ip6_mtu,
224 	.cow_metrics		=	ipv6_cow_metrics,
225 	.destroy		=	ip6_dst_destroy,
226 	.ifdown			=	ip6_dst_ifdown,
227 	.negative_advice	=	ip6_negative_advice,
228 	.link_failure		=	ip6_link_failure,
229 	.update_pmtu		=	ip6_rt_update_pmtu,
230 	.redirect		=	rt6_do_redirect,
231 	.local_out		=	__ip6_local_out,
232 	.neigh_lookup		=	ip6_neigh_lookup,
233 };
234 
235 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst)
236 {
237 	unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
238 
239 	return mtu ? : dst->dev->mtu;
240 }
241 
242 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
243 					 struct sk_buff *skb, u32 mtu)
244 {
245 }
246 
247 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
248 				      struct sk_buff *skb)
249 {
250 }
251 
252 static struct dst_ops ip6_dst_blackhole_ops = {
253 	.family			=	AF_INET6,
254 	.destroy		=	ip6_dst_destroy,
255 	.check			=	ip6_dst_check,
256 	.mtu			=	ip6_blackhole_mtu,
257 	.default_advmss		=	ip6_default_advmss,
258 	.update_pmtu		=	ip6_rt_blackhole_update_pmtu,
259 	.redirect		=	ip6_rt_blackhole_redirect,
260 	.cow_metrics		=	dst_cow_metrics_generic,
261 	.neigh_lookup		=	ip6_neigh_lookup,
262 };
263 
264 static const u32 ip6_template_metrics[RTAX_MAX] = {
265 	[RTAX_HOPLIMIT - 1] = 0,
266 };
267 
268 static const struct rt6_info ip6_null_entry_template = {
269 	.dst = {
270 		.__refcnt	= ATOMIC_INIT(1),
271 		.__use		= 1,
272 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
273 		.error		= -ENETUNREACH,
274 		.input		= ip6_pkt_discard,
275 		.output		= ip6_pkt_discard_out,
276 	},
277 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
278 	.rt6i_protocol  = RTPROT_KERNEL,
279 	.rt6i_metric	= ~(u32) 0,
280 	.rt6i_ref	= ATOMIC_INIT(1),
281 };
282 
283 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
284 
285 static const struct rt6_info ip6_prohibit_entry_template = {
286 	.dst = {
287 		.__refcnt	= ATOMIC_INIT(1),
288 		.__use		= 1,
289 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
290 		.error		= -EACCES,
291 		.input		= ip6_pkt_prohibit,
292 		.output		= ip6_pkt_prohibit_out,
293 	},
294 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
295 	.rt6i_protocol  = RTPROT_KERNEL,
296 	.rt6i_metric	= ~(u32) 0,
297 	.rt6i_ref	= ATOMIC_INIT(1),
298 };
299 
300 static const struct rt6_info ip6_blk_hole_entry_template = {
301 	.dst = {
302 		.__refcnt	= ATOMIC_INIT(1),
303 		.__use		= 1,
304 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
305 		.error		= -EINVAL,
306 		.input		= dst_discard,
307 		.output		= dst_discard_out,
308 	},
309 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
310 	.rt6i_protocol  = RTPROT_KERNEL,
311 	.rt6i_metric	= ~(u32) 0,
312 	.rt6i_ref	= ATOMIC_INIT(1),
313 };
314 
315 #endif
316 
317 static void rt6_info_init(struct rt6_info *rt)
318 {
319 	struct dst_entry *dst = &rt->dst;
320 
321 	memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
322 	INIT_LIST_HEAD(&rt->rt6i_siblings);
323 	INIT_LIST_HEAD(&rt->rt6i_uncached);
324 }
325 
326 /* allocate dst with ip6_dst_ops */
327 static struct rt6_info *__ip6_dst_alloc(struct net *net,
328 					struct net_device *dev,
329 					int flags)
330 {
331 	struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
332 					0, DST_OBSOLETE_FORCE_CHK, flags);
333 
334 	if (rt)
335 		rt6_info_init(rt);
336 
337 	return rt;
338 }
339 
340 static struct rt6_info *ip6_dst_alloc(struct net *net,
341 				      struct net_device *dev,
342 				      int flags)
343 {
344 	struct rt6_info *rt = __ip6_dst_alloc(net, dev, flags);
345 
346 	if (rt) {
347 		rt->rt6i_pcpu = alloc_percpu_gfp(struct rt6_info *, GFP_ATOMIC);
348 		if (rt->rt6i_pcpu) {
349 			int cpu;
350 
351 			for_each_possible_cpu(cpu) {
352 				struct rt6_info **p;
353 
354 				p = per_cpu_ptr(rt->rt6i_pcpu, cpu);
355 				/* no one shares rt */
356 				*p =  NULL;
357 			}
358 		} else {
359 			dst_destroy((struct dst_entry *)rt);
360 			return NULL;
361 		}
362 	}
363 
364 	return rt;
365 }
366 
367 static void ip6_dst_destroy(struct dst_entry *dst)
368 {
369 	struct rt6_info *rt = (struct rt6_info *)dst;
370 	struct dst_entry *from = dst->from;
371 	struct inet6_dev *idev;
372 
373 	dst_destroy_metrics_generic(dst);
374 	free_percpu(rt->rt6i_pcpu);
375 	rt6_uncached_list_del(rt);
376 
377 	idev = rt->rt6i_idev;
378 	if (idev) {
379 		rt->rt6i_idev = NULL;
380 		in6_dev_put(idev);
381 	}
382 
383 	dst->from = NULL;
384 	dst_release(from);
385 }
386 
387 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
388 			   int how)
389 {
390 	struct rt6_info *rt = (struct rt6_info *)dst;
391 	struct inet6_dev *idev = rt->rt6i_idev;
392 	struct net_device *loopback_dev =
393 		dev_net(dev)->loopback_dev;
394 
395 	if (dev != loopback_dev) {
396 		if (idev && idev->dev == dev) {
397 			struct inet6_dev *loopback_idev =
398 				in6_dev_get(loopback_dev);
399 			if (loopback_idev) {
400 				rt->rt6i_idev = loopback_idev;
401 				in6_dev_put(idev);
402 			}
403 		}
404 	}
405 }
406 
407 static bool __rt6_check_expired(const struct rt6_info *rt)
408 {
409 	if (rt->rt6i_flags & RTF_EXPIRES)
410 		return time_after(jiffies, rt->dst.expires);
411 	else
412 		return false;
413 }
414 
415 static bool rt6_check_expired(const struct rt6_info *rt)
416 {
417 	if (rt->rt6i_flags & RTF_EXPIRES) {
418 		if (time_after(jiffies, rt->dst.expires))
419 			return true;
420 	} else if (rt->dst.from) {
421 		return rt6_check_expired((struct rt6_info *) rt->dst.from);
422 	}
423 	return false;
424 }
425 
426 /* Multipath route selection:
427  *   Hash based function using packet header and flowlabel.
428  * Adapted from fib_info_hashfn()
429  */
430 static int rt6_info_hash_nhsfn(unsigned int candidate_count,
431 			       const struct flowi6 *fl6)
432 {
433 	return get_hash_from_flowi6(fl6) % candidate_count;
434 }
435 
436 static struct rt6_info *rt6_multipath_select(struct rt6_info *match,
437 					     struct flowi6 *fl6, int oif,
438 					     int strict)
439 {
440 	struct rt6_info *sibling, *next_sibling;
441 	int route_choosen;
442 
443 	route_choosen = rt6_info_hash_nhsfn(match->rt6i_nsiblings + 1, fl6);
444 	/* Don't change the route, if route_choosen == 0
445 	 * (siblings does not include ourself)
446 	 */
447 	if (route_choosen)
448 		list_for_each_entry_safe(sibling, next_sibling,
449 				&match->rt6i_siblings, rt6i_siblings) {
450 			route_choosen--;
451 			if (route_choosen == 0) {
452 				if (rt6_score_route(sibling, oif, strict) < 0)
453 					break;
454 				match = sibling;
455 				break;
456 			}
457 		}
458 	return match;
459 }
460 
461 /*
462  *	Route lookup. Any table->tb6_lock is implied.
463  */
464 
465 static inline struct rt6_info *rt6_device_match(struct net *net,
466 						    struct rt6_info *rt,
467 						    const struct in6_addr *saddr,
468 						    int oif,
469 						    int flags)
470 {
471 	struct rt6_info *local = NULL;
472 	struct rt6_info *sprt;
473 
474 	if (!oif && ipv6_addr_any(saddr))
475 		goto out;
476 
477 	for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) {
478 		struct net_device *dev = sprt->dst.dev;
479 
480 		if (oif) {
481 			if (dev->ifindex == oif)
482 				return sprt;
483 			if (dev->flags & IFF_LOOPBACK) {
484 				if (!sprt->rt6i_idev ||
485 				    sprt->rt6i_idev->dev->ifindex != oif) {
486 					if (flags & RT6_LOOKUP_F_IFACE)
487 						continue;
488 					if (local &&
489 					    local->rt6i_idev->dev->ifindex == oif)
490 						continue;
491 				}
492 				local = sprt;
493 			}
494 		} else {
495 			if (ipv6_chk_addr(net, saddr, dev,
496 					  flags & RT6_LOOKUP_F_IFACE))
497 				return sprt;
498 		}
499 	}
500 
501 	if (oif) {
502 		if (local)
503 			return local;
504 
505 		if (flags & RT6_LOOKUP_F_IFACE)
506 			return net->ipv6.ip6_null_entry;
507 	}
508 out:
509 	return rt;
510 }
511 
512 #ifdef CONFIG_IPV6_ROUTER_PREF
513 struct __rt6_probe_work {
514 	struct work_struct work;
515 	struct in6_addr target;
516 	struct net_device *dev;
517 };
518 
519 static void rt6_probe_deferred(struct work_struct *w)
520 {
521 	struct in6_addr mcaddr;
522 	struct __rt6_probe_work *work =
523 		container_of(w, struct __rt6_probe_work, work);
524 
525 	addrconf_addr_solict_mult(&work->target, &mcaddr);
526 	ndisc_send_ns(work->dev, &work->target, &mcaddr, NULL);
527 	dev_put(work->dev);
528 	kfree(work);
529 }
530 
531 static void rt6_probe(struct rt6_info *rt)
532 {
533 	struct __rt6_probe_work *work;
534 	struct neighbour *neigh;
535 	/*
536 	 * Okay, this does not seem to be appropriate
537 	 * for now, however, we need to check if it
538 	 * is really so; aka Router Reachability Probing.
539 	 *
540 	 * Router Reachability Probe MUST be rate-limited
541 	 * to no more than one per minute.
542 	 */
543 	if (!rt || !(rt->rt6i_flags & RTF_GATEWAY))
544 		return;
545 	rcu_read_lock_bh();
546 	neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
547 	if (neigh) {
548 		if (neigh->nud_state & NUD_VALID)
549 			goto out;
550 
551 		work = NULL;
552 		write_lock(&neigh->lock);
553 		if (!(neigh->nud_state & NUD_VALID) &&
554 		    time_after(jiffies,
555 			       neigh->updated +
556 			       rt->rt6i_idev->cnf.rtr_probe_interval)) {
557 			work = kmalloc(sizeof(*work), GFP_ATOMIC);
558 			if (work)
559 				__neigh_set_probe_once(neigh);
560 		}
561 		write_unlock(&neigh->lock);
562 	} else {
563 		work = kmalloc(sizeof(*work), GFP_ATOMIC);
564 	}
565 
566 	if (work) {
567 		INIT_WORK(&work->work, rt6_probe_deferred);
568 		work->target = rt->rt6i_gateway;
569 		dev_hold(rt->dst.dev);
570 		work->dev = rt->dst.dev;
571 		schedule_work(&work->work);
572 	}
573 
574 out:
575 	rcu_read_unlock_bh();
576 }
577 #else
578 static inline void rt6_probe(struct rt6_info *rt)
579 {
580 }
581 #endif
582 
583 /*
584  * Default Router Selection (RFC 2461 6.3.6)
585  */
586 static inline int rt6_check_dev(struct rt6_info *rt, int oif)
587 {
588 	struct net_device *dev = rt->dst.dev;
589 	if (!oif || dev->ifindex == oif)
590 		return 2;
591 	if ((dev->flags & IFF_LOOPBACK) &&
592 	    rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif)
593 		return 1;
594 	return 0;
595 }
596 
597 static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt)
598 {
599 	struct neighbour *neigh;
600 	enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
601 
602 	if (rt->rt6i_flags & RTF_NONEXTHOP ||
603 	    !(rt->rt6i_flags & RTF_GATEWAY))
604 		return RT6_NUD_SUCCEED;
605 
606 	rcu_read_lock_bh();
607 	neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
608 	if (neigh) {
609 		read_lock(&neigh->lock);
610 		if (neigh->nud_state & NUD_VALID)
611 			ret = RT6_NUD_SUCCEED;
612 #ifdef CONFIG_IPV6_ROUTER_PREF
613 		else if (!(neigh->nud_state & NUD_FAILED))
614 			ret = RT6_NUD_SUCCEED;
615 		else
616 			ret = RT6_NUD_FAIL_PROBE;
617 #endif
618 		read_unlock(&neigh->lock);
619 	} else {
620 		ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ?
621 		      RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR;
622 	}
623 	rcu_read_unlock_bh();
624 
625 	return ret;
626 }
627 
628 static int rt6_score_route(struct rt6_info *rt, int oif,
629 			   int strict)
630 {
631 	int m;
632 
633 	m = rt6_check_dev(rt, oif);
634 	if (!m && (strict & RT6_LOOKUP_F_IFACE))
635 		return RT6_NUD_FAIL_HARD;
636 #ifdef CONFIG_IPV6_ROUTER_PREF
637 	m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
638 #endif
639 	if (strict & RT6_LOOKUP_F_REACHABLE) {
640 		int n = rt6_check_neigh(rt);
641 		if (n < 0)
642 			return n;
643 	}
644 	return m;
645 }
646 
647 static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict,
648 				   int *mpri, struct rt6_info *match,
649 				   bool *do_rr)
650 {
651 	int m;
652 	bool match_do_rr = false;
653 	struct inet6_dev *idev = rt->rt6i_idev;
654 	struct net_device *dev = rt->dst.dev;
655 
656 	if (dev && !netif_carrier_ok(dev) &&
657 	    idev->cnf.ignore_routes_with_linkdown)
658 		goto out;
659 
660 	if (rt6_check_expired(rt))
661 		goto out;
662 
663 	m = rt6_score_route(rt, oif, strict);
664 	if (m == RT6_NUD_FAIL_DO_RR) {
665 		match_do_rr = true;
666 		m = 0; /* lowest valid score */
667 	} else if (m == RT6_NUD_FAIL_HARD) {
668 		goto out;
669 	}
670 
671 	if (strict & RT6_LOOKUP_F_REACHABLE)
672 		rt6_probe(rt);
673 
674 	/* note that m can be RT6_NUD_FAIL_PROBE at this point */
675 	if (m > *mpri) {
676 		*do_rr = match_do_rr;
677 		*mpri = m;
678 		match = rt;
679 	}
680 out:
681 	return match;
682 }
683 
684 static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
685 				     struct rt6_info *rr_head,
686 				     u32 metric, int oif, int strict,
687 				     bool *do_rr)
688 {
689 	struct rt6_info *rt, *match, *cont;
690 	int mpri = -1;
691 
692 	match = NULL;
693 	cont = NULL;
694 	for (rt = rr_head; rt; rt = rt->dst.rt6_next) {
695 		if (rt->rt6i_metric != metric) {
696 			cont = rt;
697 			break;
698 		}
699 
700 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
701 	}
702 
703 	for (rt = fn->leaf; rt && rt != rr_head; rt = rt->dst.rt6_next) {
704 		if (rt->rt6i_metric != metric) {
705 			cont = rt;
706 			break;
707 		}
708 
709 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
710 	}
711 
712 	if (match || !cont)
713 		return match;
714 
715 	for (rt = cont; rt; rt = rt->dst.rt6_next)
716 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
717 
718 	return match;
719 }
720 
721 static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
722 {
723 	struct rt6_info *match, *rt0;
724 	struct net *net;
725 	bool do_rr = false;
726 
727 	rt0 = fn->rr_ptr;
728 	if (!rt0)
729 		fn->rr_ptr = rt0 = fn->leaf;
730 
731 	match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict,
732 			     &do_rr);
733 
734 	if (do_rr) {
735 		struct rt6_info *next = rt0->dst.rt6_next;
736 
737 		/* no entries matched; do round-robin */
738 		if (!next || next->rt6i_metric != rt0->rt6i_metric)
739 			next = fn->leaf;
740 
741 		if (next != rt0)
742 			fn->rr_ptr = next;
743 	}
744 
745 	net = dev_net(rt0->dst.dev);
746 	return match ? match : net->ipv6.ip6_null_entry;
747 }
748 
749 static bool rt6_is_gw_or_nonexthop(const struct rt6_info *rt)
750 {
751 	return (rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY));
752 }
753 
754 #ifdef CONFIG_IPV6_ROUTE_INFO
755 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
756 		  const struct in6_addr *gwaddr)
757 {
758 	struct net *net = dev_net(dev);
759 	struct route_info *rinfo = (struct route_info *) opt;
760 	struct in6_addr prefix_buf, *prefix;
761 	unsigned int pref;
762 	unsigned long lifetime;
763 	struct rt6_info *rt;
764 
765 	if (len < sizeof(struct route_info)) {
766 		return -EINVAL;
767 	}
768 
769 	/* Sanity check for prefix_len and length */
770 	if (rinfo->length > 3) {
771 		return -EINVAL;
772 	} else if (rinfo->prefix_len > 128) {
773 		return -EINVAL;
774 	} else if (rinfo->prefix_len > 64) {
775 		if (rinfo->length < 2) {
776 			return -EINVAL;
777 		}
778 	} else if (rinfo->prefix_len > 0) {
779 		if (rinfo->length < 1) {
780 			return -EINVAL;
781 		}
782 	}
783 
784 	pref = rinfo->route_pref;
785 	if (pref == ICMPV6_ROUTER_PREF_INVALID)
786 		return -EINVAL;
787 
788 	lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ);
789 
790 	if (rinfo->length == 3)
791 		prefix = (struct in6_addr *)rinfo->prefix;
792 	else {
793 		/* this function is safe */
794 		ipv6_addr_prefix(&prefix_buf,
795 				 (struct in6_addr *)rinfo->prefix,
796 				 rinfo->prefix_len);
797 		prefix = &prefix_buf;
798 	}
799 
800 	if (rinfo->prefix_len == 0)
801 		rt = rt6_get_dflt_router(gwaddr, dev);
802 	else
803 		rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
804 					gwaddr, dev->ifindex);
805 
806 	if (rt && !lifetime) {
807 		ip6_del_rt(rt);
808 		rt = NULL;
809 	}
810 
811 	if (!rt && lifetime)
812 		rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, dev->ifindex,
813 					pref);
814 	else if (rt)
815 		rt->rt6i_flags = RTF_ROUTEINFO |
816 				 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
817 
818 	if (rt) {
819 		if (!addrconf_finite_timeout(lifetime))
820 			rt6_clean_expires(rt);
821 		else
822 			rt6_set_expires(rt, jiffies + HZ * lifetime);
823 
824 		ip6_rt_put(rt);
825 	}
826 	return 0;
827 }
828 #endif
829 
830 static struct fib6_node* fib6_backtrack(struct fib6_node *fn,
831 					struct in6_addr *saddr)
832 {
833 	struct fib6_node *pn;
834 	while (1) {
835 		if (fn->fn_flags & RTN_TL_ROOT)
836 			return NULL;
837 		pn = fn->parent;
838 		if (FIB6_SUBTREE(pn) && FIB6_SUBTREE(pn) != fn)
839 			fn = fib6_lookup(FIB6_SUBTREE(pn), NULL, saddr);
840 		else
841 			fn = pn;
842 		if (fn->fn_flags & RTN_RTINFO)
843 			return fn;
844 	}
845 }
846 
847 static struct rt6_info *ip6_pol_route_lookup(struct net *net,
848 					     struct fib6_table *table,
849 					     struct flowi6 *fl6, int flags)
850 {
851 	struct fib6_node *fn;
852 	struct rt6_info *rt;
853 
854 	read_lock_bh(&table->tb6_lock);
855 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
856 restart:
857 	rt = fn->leaf;
858 	rt = rt6_device_match(net, rt, &fl6->saddr, fl6->flowi6_oif, flags);
859 	if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0)
860 		rt = rt6_multipath_select(rt, fl6, fl6->flowi6_oif, flags);
861 	if (rt == net->ipv6.ip6_null_entry) {
862 		fn = fib6_backtrack(fn, &fl6->saddr);
863 		if (fn)
864 			goto restart;
865 	}
866 	dst_use(&rt->dst, jiffies);
867 	read_unlock_bh(&table->tb6_lock);
868 	return rt;
869 
870 }
871 
872 struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6,
873 				    int flags)
874 {
875 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup);
876 }
877 EXPORT_SYMBOL_GPL(ip6_route_lookup);
878 
879 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
880 			    const struct in6_addr *saddr, int oif, int strict)
881 {
882 	struct flowi6 fl6 = {
883 		.flowi6_oif = oif,
884 		.daddr = *daddr,
885 	};
886 	struct dst_entry *dst;
887 	int flags = strict ? RT6_LOOKUP_F_IFACE : 0;
888 
889 	if (saddr) {
890 		memcpy(&fl6.saddr, saddr, sizeof(*saddr));
891 		flags |= RT6_LOOKUP_F_HAS_SADDR;
892 	}
893 
894 	dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup);
895 	if (dst->error == 0)
896 		return (struct rt6_info *) dst;
897 
898 	dst_release(dst);
899 
900 	return NULL;
901 }
902 EXPORT_SYMBOL(rt6_lookup);
903 
904 /* ip6_ins_rt is called with FREE table->tb6_lock.
905    It takes new route entry, the addition fails by any reason the
906    route is freed. In any case, if caller does not hold it, it may
907    be destroyed.
908  */
909 
910 static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info,
911 			struct mx6_config *mxc)
912 {
913 	int err;
914 	struct fib6_table *table;
915 
916 	table = rt->rt6i_table;
917 	write_lock_bh(&table->tb6_lock);
918 	err = fib6_add(&table->tb6_root, rt, info, mxc);
919 	write_unlock_bh(&table->tb6_lock);
920 
921 	return err;
922 }
923 
924 int ip6_ins_rt(struct rt6_info *rt)
925 {
926 	struct nl_info info = {	.nl_net = dev_net(rt->dst.dev), };
927 	struct mx6_config mxc = { .mx = NULL, };
928 
929 	return __ip6_ins_rt(rt, &info, &mxc);
930 }
931 
932 static struct rt6_info *ip6_rt_cache_alloc(struct rt6_info *ort,
933 					   const struct in6_addr *daddr,
934 					   const struct in6_addr *saddr)
935 {
936 	struct rt6_info *rt;
937 
938 	/*
939 	 *	Clone the route.
940 	 */
941 
942 	if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU))
943 		ort = (struct rt6_info *)ort->dst.from;
944 
945 	rt = __ip6_dst_alloc(dev_net(ort->dst.dev), ort->dst.dev, 0);
946 
947 	if (!rt)
948 		return NULL;
949 
950 	ip6_rt_copy_init(rt, ort);
951 	rt->rt6i_flags |= RTF_CACHE;
952 	rt->rt6i_metric = 0;
953 	rt->dst.flags |= DST_HOST;
954 	rt->rt6i_dst.addr = *daddr;
955 	rt->rt6i_dst.plen = 128;
956 
957 	if (!rt6_is_gw_or_nonexthop(ort)) {
958 		if (ort->rt6i_dst.plen != 128 &&
959 		    ipv6_addr_equal(&ort->rt6i_dst.addr, daddr))
960 			rt->rt6i_flags |= RTF_ANYCAST;
961 #ifdef CONFIG_IPV6_SUBTREES
962 		if (rt->rt6i_src.plen && saddr) {
963 			rt->rt6i_src.addr = *saddr;
964 			rt->rt6i_src.plen = 128;
965 		}
966 #endif
967 	}
968 
969 	return rt;
970 }
971 
972 static struct rt6_info *ip6_rt_pcpu_alloc(struct rt6_info *rt)
973 {
974 	struct rt6_info *pcpu_rt;
975 
976 	pcpu_rt = __ip6_dst_alloc(dev_net(rt->dst.dev),
977 				  rt->dst.dev, rt->dst.flags);
978 
979 	if (!pcpu_rt)
980 		return NULL;
981 	ip6_rt_copy_init(pcpu_rt, rt);
982 	pcpu_rt->rt6i_protocol = rt->rt6i_protocol;
983 	pcpu_rt->rt6i_flags |= RTF_PCPU;
984 	return pcpu_rt;
985 }
986 
987 /* It should be called with read_lock_bh(&tb6_lock) acquired */
988 static struct rt6_info *rt6_get_pcpu_route(struct rt6_info *rt)
989 {
990 	struct rt6_info *pcpu_rt, **p;
991 
992 	p = this_cpu_ptr(rt->rt6i_pcpu);
993 	pcpu_rt = *p;
994 
995 	if (pcpu_rt) {
996 		dst_hold(&pcpu_rt->dst);
997 		rt6_dst_from_metrics_check(pcpu_rt);
998 	}
999 	return pcpu_rt;
1000 }
1001 
1002 static struct rt6_info *rt6_make_pcpu_route(struct rt6_info *rt)
1003 {
1004 	struct fib6_table *table = rt->rt6i_table;
1005 	struct rt6_info *pcpu_rt, *prev, **p;
1006 
1007 	pcpu_rt = ip6_rt_pcpu_alloc(rt);
1008 	if (!pcpu_rt) {
1009 		struct net *net = dev_net(rt->dst.dev);
1010 
1011 		dst_hold(&net->ipv6.ip6_null_entry->dst);
1012 		return net->ipv6.ip6_null_entry;
1013 	}
1014 
1015 	read_lock_bh(&table->tb6_lock);
1016 	if (rt->rt6i_pcpu) {
1017 		p = this_cpu_ptr(rt->rt6i_pcpu);
1018 		prev = cmpxchg(p, NULL, pcpu_rt);
1019 		if (prev) {
1020 			/* If someone did it before us, return prev instead */
1021 			dst_destroy(&pcpu_rt->dst);
1022 			pcpu_rt = prev;
1023 		}
1024 	} else {
1025 		/* rt has been removed from the fib6 tree
1026 		 * before we have a chance to acquire the read_lock.
1027 		 * In this case, don't brother to create a pcpu rt
1028 		 * since rt is going away anyway.  The next
1029 		 * dst_check() will trigger a re-lookup.
1030 		 */
1031 		dst_destroy(&pcpu_rt->dst);
1032 		pcpu_rt = rt;
1033 	}
1034 	dst_hold(&pcpu_rt->dst);
1035 	rt6_dst_from_metrics_check(pcpu_rt);
1036 	read_unlock_bh(&table->tb6_lock);
1037 	return pcpu_rt;
1038 }
1039 
1040 static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif,
1041 				      struct flowi6 *fl6, int flags)
1042 {
1043 	struct fib6_node *fn, *saved_fn;
1044 	struct rt6_info *rt;
1045 	int strict = 0;
1046 
1047 	strict |= flags & RT6_LOOKUP_F_IFACE;
1048 	if (net->ipv6.devconf_all->forwarding == 0)
1049 		strict |= RT6_LOOKUP_F_REACHABLE;
1050 
1051 	read_lock_bh(&table->tb6_lock);
1052 
1053 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1054 	saved_fn = fn;
1055 
1056 	if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
1057 		oif = 0;
1058 
1059 redo_rt6_select:
1060 	rt = rt6_select(fn, oif, strict);
1061 	if (rt->rt6i_nsiblings)
1062 		rt = rt6_multipath_select(rt, fl6, oif, strict);
1063 	if (rt == net->ipv6.ip6_null_entry) {
1064 		fn = fib6_backtrack(fn, &fl6->saddr);
1065 		if (fn)
1066 			goto redo_rt6_select;
1067 		else if (strict & RT6_LOOKUP_F_REACHABLE) {
1068 			/* also consider unreachable route */
1069 			strict &= ~RT6_LOOKUP_F_REACHABLE;
1070 			fn = saved_fn;
1071 			goto redo_rt6_select;
1072 		}
1073 	}
1074 
1075 
1076 	if (rt == net->ipv6.ip6_null_entry || (rt->rt6i_flags & RTF_CACHE)) {
1077 		dst_use(&rt->dst, jiffies);
1078 		read_unlock_bh(&table->tb6_lock);
1079 
1080 		rt6_dst_from_metrics_check(rt);
1081 		return rt;
1082 	} else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) &&
1083 			    !(rt->rt6i_flags & RTF_GATEWAY))) {
1084 		/* Create a RTF_CACHE clone which will not be
1085 		 * owned by the fib6 tree.  It is for the special case where
1086 		 * the daddr in the skb during the neighbor look-up is different
1087 		 * from the fl6->daddr used to look-up route here.
1088 		 */
1089 
1090 		struct rt6_info *uncached_rt;
1091 
1092 		dst_use(&rt->dst, jiffies);
1093 		read_unlock_bh(&table->tb6_lock);
1094 
1095 		uncached_rt = ip6_rt_cache_alloc(rt, &fl6->daddr, NULL);
1096 		dst_release(&rt->dst);
1097 
1098 		if (uncached_rt)
1099 			rt6_uncached_list_add(uncached_rt);
1100 		else
1101 			uncached_rt = net->ipv6.ip6_null_entry;
1102 
1103 		dst_hold(&uncached_rt->dst);
1104 		return uncached_rt;
1105 
1106 	} else {
1107 		/* Get a percpu copy */
1108 
1109 		struct rt6_info *pcpu_rt;
1110 
1111 		rt->dst.lastuse = jiffies;
1112 		rt->dst.__use++;
1113 		pcpu_rt = rt6_get_pcpu_route(rt);
1114 
1115 		if (pcpu_rt) {
1116 			read_unlock_bh(&table->tb6_lock);
1117 		} else {
1118 			/* We have to do the read_unlock first
1119 			 * because rt6_make_pcpu_route() may trigger
1120 			 * ip6_dst_gc() which will take the write_lock.
1121 			 */
1122 			dst_hold(&rt->dst);
1123 			read_unlock_bh(&table->tb6_lock);
1124 			pcpu_rt = rt6_make_pcpu_route(rt);
1125 			dst_release(&rt->dst);
1126 		}
1127 
1128 		return pcpu_rt;
1129 
1130 	}
1131 }
1132 
1133 static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
1134 					    struct flowi6 *fl6, int flags)
1135 {
1136 	return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags);
1137 }
1138 
1139 static struct dst_entry *ip6_route_input_lookup(struct net *net,
1140 						struct net_device *dev,
1141 						struct flowi6 *fl6, int flags)
1142 {
1143 	if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG)
1144 		flags |= RT6_LOOKUP_F_IFACE;
1145 
1146 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input);
1147 }
1148 
1149 void ip6_route_input(struct sk_buff *skb)
1150 {
1151 	const struct ipv6hdr *iph = ipv6_hdr(skb);
1152 	struct net *net = dev_net(skb->dev);
1153 	int flags = RT6_LOOKUP_F_HAS_SADDR;
1154 	struct ip_tunnel_info *tun_info;
1155 	struct flowi6 fl6 = {
1156 		.flowi6_iif = l3mdev_fib_oif(skb->dev),
1157 		.daddr = iph->daddr,
1158 		.saddr = iph->saddr,
1159 		.flowlabel = ip6_flowinfo(iph),
1160 		.flowi6_mark = skb->mark,
1161 		.flowi6_proto = iph->nexthdr,
1162 	};
1163 
1164 	tun_info = skb_tunnel_info(skb);
1165 	if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1166 		fl6.flowi6_tun_key.tun_id = tun_info->key.tun_id;
1167 	skb_dst_drop(skb);
1168 	skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags));
1169 }
1170 
1171 static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
1172 					     struct flowi6 *fl6, int flags)
1173 {
1174 	return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
1175 }
1176 
1177 struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk,
1178 				    struct flowi6 *fl6)
1179 {
1180 	struct dst_entry *dst;
1181 	int flags = 0;
1182 	bool any_src;
1183 
1184 	dst = l3mdev_rt6_dst_by_oif(net, fl6);
1185 	if (dst)
1186 		return dst;
1187 
1188 	fl6->flowi6_iif = LOOPBACK_IFINDEX;
1189 
1190 	any_src = ipv6_addr_any(&fl6->saddr);
1191 	if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr) ||
1192 	    (fl6->flowi6_oif && any_src))
1193 		flags |= RT6_LOOKUP_F_IFACE;
1194 
1195 	if (!any_src)
1196 		flags |= RT6_LOOKUP_F_HAS_SADDR;
1197 	else if (sk)
1198 		flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs);
1199 
1200 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output);
1201 }
1202 EXPORT_SYMBOL(ip6_route_output);
1203 
1204 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
1205 {
1206 	struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig;
1207 	struct dst_entry *new = NULL;
1208 
1209 	rt = dst_alloc(&ip6_dst_blackhole_ops, ort->dst.dev, 1, DST_OBSOLETE_NONE, 0);
1210 	if (rt) {
1211 		rt6_info_init(rt);
1212 
1213 		new = &rt->dst;
1214 		new->__use = 1;
1215 		new->input = dst_discard;
1216 		new->output = dst_discard_out;
1217 
1218 		dst_copy_metrics(new, &ort->dst);
1219 		rt->rt6i_idev = ort->rt6i_idev;
1220 		if (rt->rt6i_idev)
1221 			in6_dev_hold(rt->rt6i_idev);
1222 
1223 		rt->rt6i_gateway = ort->rt6i_gateway;
1224 		rt->rt6i_flags = ort->rt6i_flags & ~RTF_PCPU;
1225 		rt->rt6i_metric = 0;
1226 
1227 		memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key));
1228 #ifdef CONFIG_IPV6_SUBTREES
1229 		memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key));
1230 #endif
1231 
1232 		dst_free(new);
1233 	}
1234 
1235 	dst_release(dst_orig);
1236 	return new ? new : ERR_PTR(-ENOMEM);
1237 }
1238 
1239 /*
1240  *	Destination cache support functions
1241  */
1242 
1243 static void rt6_dst_from_metrics_check(struct rt6_info *rt)
1244 {
1245 	if (rt->dst.from &&
1246 	    dst_metrics_ptr(&rt->dst) != dst_metrics_ptr(rt->dst.from))
1247 		dst_init_metrics(&rt->dst, dst_metrics_ptr(rt->dst.from), true);
1248 }
1249 
1250 static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie)
1251 {
1252 	if (!rt->rt6i_node || (rt->rt6i_node->fn_sernum != cookie))
1253 		return NULL;
1254 
1255 	if (rt6_check_expired(rt))
1256 		return NULL;
1257 
1258 	return &rt->dst;
1259 }
1260 
1261 static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie)
1262 {
1263 	if (!__rt6_check_expired(rt) &&
1264 	    rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1265 	    rt6_check((struct rt6_info *)(rt->dst.from), cookie))
1266 		return &rt->dst;
1267 	else
1268 		return NULL;
1269 }
1270 
1271 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
1272 {
1273 	struct rt6_info *rt;
1274 
1275 	rt = (struct rt6_info *) dst;
1276 
1277 	/* All IPV6 dsts are created with ->obsolete set to the value
1278 	 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1279 	 * into this function always.
1280 	 */
1281 
1282 	rt6_dst_from_metrics_check(rt);
1283 
1284 	if (rt->rt6i_flags & RTF_PCPU ||
1285 	    (unlikely(dst->flags & DST_NOCACHE) && rt->dst.from))
1286 		return rt6_dst_from_check(rt, cookie);
1287 	else
1288 		return rt6_check(rt, cookie);
1289 }
1290 
1291 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
1292 {
1293 	struct rt6_info *rt = (struct rt6_info *) dst;
1294 
1295 	if (rt) {
1296 		if (rt->rt6i_flags & RTF_CACHE) {
1297 			if (rt6_check_expired(rt)) {
1298 				ip6_del_rt(rt);
1299 				dst = NULL;
1300 			}
1301 		} else {
1302 			dst_release(dst);
1303 			dst = NULL;
1304 		}
1305 	}
1306 	return dst;
1307 }
1308 
1309 static void ip6_link_failure(struct sk_buff *skb)
1310 {
1311 	struct rt6_info *rt;
1312 
1313 	icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
1314 
1315 	rt = (struct rt6_info *) skb_dst(skb);
1316 	if (rt) {
1317 		if (rt->rt6i_flags & RTF_CACHE) {
1318 			dst_hold(&rt->dst);
1319 			ip6_del_rt(rt);
1320 		} else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) {
1321 			rt->rt6i_node->fn_sernum = -1;
1322 		}
1323 	}
1324 }
1325 
1326 static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
1327 {
1328 	struct net *net = dev_net(rt->dst.dev);
1329 
1330 	rt->rt6i_flags |= RTF_MODIFIED;
1331 	rt->rt6i_pmtu = mtu;
1332 	rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
1333 }
1334 
1335 static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
1336 {
1337 	return !(rt->rt6i_flags & RTF_CACHE) &&
1338 		(rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
1339 }
1340 
1341 static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
1342 				 const struct ipv6hdr *iph, u32 mtu)
1343 {
1344 	struct rt6_info *rt6 = (struct rt6_info *)dst;
1345 
1346 	if (rt6->rt6i_flags & RTF_LOCAL)
1347 		return;
1348 
1349 	dst_confirm(dst);
1350 	mtu = max_t(u32, mtu, IPV6_MIN_MTU);
1351 	if (mtu >= dst_mtu(dst))
1352 		return;
1353 
1354 	if (!rt6_cache_allowed_for_pmtu(rt6)) {
1355 		rt6_do_update_pmtu(rt6, mtu);
1356 	} else {
1357 		const struct in6_addr *daddr, *saddr;
1358 		struct rt6_info *nrt6;
1359 
1360 		if (iph) {
1361 			daddr = &iph->daddr;
1362 			saddr = &iph->saddr;
1363 		} else if (sk) {
1364 			daddr = &sk->sk_v6_daddr;
1365 			saddr = &inet6_sk(sk)->saddr;
1366 		} else {
1367 			return;
1368 		}
1369 		nrt6 = ip6_rt_cache_alloc(rt6, daddr, saddr);
1370 		if (nrt6) {
1371 			rt6_do_update_pmtu(nrt6, mtu);
1372 
1373 			/* ip6_ins_rt(nrt6) will bump the
1374 			 * rt6->rt6i_node->fn_sernum
1375 			 * which will fail the next rt6_check() and
1376 			 * invalidate the sk->sk_dst_cache.
1377 			 */
1378 			ip6_ins_rt(nrt6);
1379 		}
1380 	}
1381 }
1382 
1383 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1384 			       struct sk_buff *skb, u32 mtu)
1385 {
1386 	__ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu);
1387 }
1388 
1389 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu,
1390 		     int oif, u32 mark)
1391 {
1392 	const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1393 	struct dst_entry *dst;
1394 	struct flowi6 fl6;
1395 
1396 	memset(&fl6, 0, sizeof(fl6));
1397 	fl6.flowi6_oif = oif;
1398 	fl6.flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark);
1399 	fl6.daddr = iph->daddr;
1400 	fl6.saddr = iph->saddr;
1401 	fl6.flowlabel = ip6_flowinfo(iph);
1402 
1403 	dst = ip6_route_output(net, NULL, &fl6);
1404 	if (!dst->error)
1405 		__ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu));
1406 	dst_release(dst);
1407 }
1408 EXPORT_SYMBOL_GPL(ip6_update_pmtu);
1409 
1410 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu)
1411 {
1412 	ip6_update_pmtu(skb, sock_net(sk), mtu,
1413 			sk->sk_bound_dev_if, sk->sk_mark);
1414 }
1415 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu);
1416 
1417 /* Handle redirects */
1418 struct ip6rd_flowi {
1419 	struct flowi6 fl6;
1420 	struct in6_addr gateway;
1421 };
1422 
1423 static struct rt6_info *__ip6_route_redirect(struct net *net,
1424 					     struct fib6_table *table,
1425 					     struct flowi6 *fl6,
1426 					     int flags)
1427 {
1428 	struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6;
1429 	struct rt6_info *rt;
1430 	struct fib6_node *fn;
1431 
1432 	/* Get the "current" route for this destination and
1433 	 * check if the redirect has come from approriate router.
1434 	 *
1435 	 * RFC 4861 specifies that redirects should only be
1436 	 * accepted if they come from the nexthop to the target.
1437 	 * Due to the way the routes are chosen, this notion
1438 	 * is a bit fuzzy and one might need to check all possible
1439 	 * routes.
1440 	 */
1441 
1442 	read_lock_bh(&table->tb6_lock);
1443 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1444 restart:
1445 	for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
1446 		if (rt6_check_expired(rt))
1447 			continue;
1448 		if (rt->dst.error)
1449 			break;
1450 		if (!(rt->rt6i_flags & RTF_GATEWAY))
1451 			continue;
1452 		if (fl6->flowi6_oif != rt->dst.dev->ifindex)
1453 			continue;
1454 		if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway))
1455 			continue;
1456 		break;
1457 	}
1458 
1459 	if (!rt)
1460 		rt = net->ipv6.ip6_null_entry;
1461 	else if (rt->dst.error) {
1462 		rt = net->ipv6.ip6_null_entry;
1463 		goto out;
1464 	}
1465 
1466 	if (rt == net->ipv6.ip6_null_entry) {
1467 		fn = fib6_backtrack(fn, &fl6->saddr);
1468 		if (fn)
1469 			goto restart;
1470 	}
1471 
1472 out:
1473 	dst_hold(&rt->dst);
1474 
1475 	read_unlock_bh(&table->tb6_lock);
1476 
1477 	return rt;
1478 };
1479 
1480 static struct dst_entry *ip6_route_redirect(struct net *net,
1481 					const struct flowi6 *fl6,
1482 					const struct in6_addr *gateway)
1483 {
1484 	int flags = RT6_LOOKUP_F_HAS_SADDR;
1485 	struct ip6rd_flowi rdfl;
1486 
1487 	rdfl.fl6 = *fl6;
1488 	rdfl.gateway = *gateway;
1489 
1490 	return fib6_rule_lookup(net, &rdfl.fl6,
1491 				flags, __ip6_route_redirect);
1492 }
1493 
1494 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark)
1495 {
1496 	const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1497 	struct dst_entry *dst;
1498 	struct flowi6 fl6;
1499 
1500 	memset(&fl6, 0, sizeof(fl6));
1501 	fl6.flowi6_iif = LOOPBACK_IFINDEX;
1502 	fl6.flowi6_oif = oif;
1503 	fl6.flowi6_mark = mark;
1504 	fl6.daddr = iph->daddr;
1505 	fl6.saddr = iph->saddr;
1506 	fl6.flowlabel = ip6_flowinfo(iph);
1507 
1508 	dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr);
1509 	rt6_do_redirect(dst, NULL, skb);
1510 	dst_release(dst);
1511 }
1512 EXPORT_SYMBOL_GPL(ip6_redirect);
1513 
1514 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
1515 			    u32 mark)
1516 {
1517 	const struct ipv6hdr *iph = ipv6_hdr(skb);
1518 	const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb);
1519 	struct dst_entry *dst;
1520 	struct flowi6 fl6;
1521 
1522 	memset(&fl6, 0, sizeof(fl6));
1523 	fl6.flowi6_iif = LOOPBACK_IFINDEX;
1524 	fl6.flowi6_oif = oif;
1525 	fl6.flowi6_mark = mark;
1526 	fl6.daddr = msg->dest;
1527 	fl6.saddr = iph->daddr;
1528 
1529 	dst = ip6_route_redirect(net, &fl6, &iph->saddr);
1530 	rt6_do_redirect(dst, NULL, skb);
1531 	dst_release(dst);
1532 }
1533 
1534 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk)
1535 {
1536 	ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark);
1537 }
1538 EXPORT_SYMBOL_GPL(ip6_sk_redirect);
1539 
1540 static unsigned int ip6_default_advmss(const struct dst_entry *dst)
1541 {
1542 	struct net_device *dev = dst->dev;
1543 	unsigned int mtu = dst_mtu(dst);
1544 	struct net *net = dev_net(dev);
1545 
1546 	mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
1547 
1548 	if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
1549 		mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
1550 
1551 	/*
1552 	 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
1553 	 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size.
1554 	 * IPV6_MAXPLEN is also valid and means: "any MSS,
1555 	 * rely only on pmtu discovery"
1556 	 */
1557 	if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr))
1558 		mtu = IPV6_MAXPLEN;
1559 	return mtu;
1560 }
1561 
1562 static unsigned int ip6_mtu(const struct dst_entry *dst)
1563 {
1564 	const struct rt6_info *rt = (const struct rt6_info *)dst;
1565 	unsigned int mtu = rt->rt6i_pmtu;
1566 	struct inet6_dev *idev;
1567 
1568 	if (mtu)
1569 		goto out;
1570 
1571 	mtu = dst_metric_raw(dst, RTAX_MTU);
1572 	if (mtu)
1573 		goto out;
1574 
1575 	mtu = IPV6_MIN_MTU;
1576 
1577 	rcu_read_lock();
1578 	idev = __in6_dev_get(dst->dev);
1579 	if (idev)
1580 		mtu = idev->cnf.mtu6;
1581 	rcu_read_unlock();
1582 
1583 out:
1584 	return min_t(unsigned int, mtu, IP6_MAX_MTU);
1585 }
1586 
1587 static struct dst_entry *icmp6_dst_gc_list;
1588 static DEFINE_SPINLOCK(icmp6_dst_lock);
1589 
1590 struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
1591 				  struct flowi6 *fl6)
1592 {
1593 	struct dst_entry *dst;
1594 	struct rt6_info *rt;
1595 	struct inet6_dev *idev = in6_dev_get(dev);
1596 	struct net *net = dev_net(dev);
1597 
1598 	if (unlikely(!idev))
1599 		return ERR_PTR(-ENODEV);
1600 
1601 	rt = ip6_dst_alloc(net, dev, 0);
1602 	if (unlikely(!rt)) {
1603 		in6_dev_put(idev);
1604 		dst = ERR_PTR(-ENOMEM);
1605 		goto out;
1606 	}
1607 
1608 	rt->dst.flags |= DST_HOST;
1609 	rt->dst.output  = ip6_output;
1610 	atomic_set(&rt->dst.__refcnt, 1);
1611 	rt->rt6i_gateway  = fl6->daddr;
1612 	rt->rt6i_dst.addr = fl6->daddr;
1613 	rt->rt6i_dst.plen = 128;
1614 	rt->rt6i_idev     = idev;
1615 	dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0);
1616 
1617 	spin_lock_bh(&icmp6_dst_lock);
1618 	rt->dst.next = icmp6_dst_gc_list;
1619 	icmp6_dst_gc_list = &rt->dst;
1620 	spin_unlock_bh(&icmp6_dst_lock);
1621 
1622 	fib6_force_start_gc(net);
1623 
1624 	dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0);
1625 
1626 out:
1627 	return dst;
1628 }
1629 
1630 int icmp6_dst_gc(void)
1631 {
1632 	struct dst_entry *dst, **pprev;
1633 	int more = 0;
1634 
1635 	spin_lock_bh(&icmp6_dst_lock);
1636 	pprev = &icmp6_dst_gc_list;
1637 
1638 	while ((dst = *pprev) != NULL) {
1639 		if (!atomic_read(&dst->__refcnt)) {
1640 			*pprev = dst->next;
1641 			dst_free(dst);
1642 		} else {
1643 			pprev = &dst->next;
1644 			++more;
1645 		}
1646 	}
1647 
1648 	spin_unlock_bh(&icmp6_dst_lock);
1649 
1650 	return more;
1651 }
1652 
1653 static void icmp6_clean_all(int (*func)(struct rt6_info *rt, void *arg),
1654 			    void *arg)
1655 {
1656 	struct dst_entry *dst, **pprev;
1657 
1658 	spin_lock_bh(&icmp6_dst_lock);
1659 	pprev = &icmp6_dst_gc_list;
1660 	while ((dst = *pprev) != NULL) {
1661 		struct rt6_info *rt = (struct rt6_info *) dst;
1662 		if (func(rt, arg)) {
1663 			*pprev = dst->next;
1664 			dst_free(dst);
1665 		} else {
1666 			pprev = &dst->next;
1667 		}
1668 	}
1669 	spin_unlock_bh(&icmp6_dst_lock);
1670 }
1671 
1672 static int ip6_dst_gc(struct dst_ops *ops)
1673 {
1674 	struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
1675 	int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
1676 	int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
1677 	int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
1678 	int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
1679 	unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
1680 	int entries;
1681 
1682 	entries = dst_entries_get_fast(ops);
1683 	if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
1684 	    entries <= rt_max_size)
1685 		goto out;
1686 
1687 	net->ipv6.ip6_rt_gc_expire++;
1688 	fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true);
1689 	entries = dst_entries_get_slow(ops);
1690 	if (entries < ops->gc_thresh)
1691 		net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
1692 out:
1693 	net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
1694 	return entries > rt_max_size;
1695 }
1696 
1697 static int ip6_convert_metrics(struct mx6_config *mxc,
1698 			       const struct fib6_config *cfg)
1699 {
1700 	bool ecn_ca = false;
1701 	struct nlattr *nla;
1702 	int remaining;
1703 	u32 *mp;
1704 
1705 	if (!cfg->fc_mx)
1706 		return 0;
1707 
1708 	mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
1709 	if (unlikely(!mp))
1710 		return -ENOMEM;
1711 
1712 	nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) {
1713 		int type = nla_type(nla);
1714 		u32 val;
1715 
1716 		if (!type)
1717 			continue;
1718 		if (unlikely(type > RTAX_MAX))
1719 			goto err;
1720 
1721 		if (type == RTAX_CC_ALGO) {
1722 			char tmp[TCP_CA_NAME_MAX];
1723 
1724 			nla_strlcpy(tmp, nla, sizeof(tmp));
1725 			val = tcp_ca_get_key_by_name(tmp, &ecn_ca);
1726 			if (val == TCP_CA_UNSPEC)
1727 				goto err;
1728 		} else {
1729 			val = nla_get_u32(nla);
1730 		}
1731 		if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
1732 			goto err;
1733 
1734 		mp[type - 1] = val;
1735 		__set_bit(type - 1, mxc->mx_valid);
1736 	}
1737 
1738 	if (ecn_ca) {
1739 		__set_bit(RTAX_FEATURES - 1, mxc->mx_valid);
1740 		mp[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA;
1741 	}
1742 
1743 	mxc->mx = mp;
1744 	return 0;
1745  err:
1746 	kfree(mp);
1747 	return -EINVAL;
1748 }
1749 
1750 static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg)
1751 {
1752 	struct net *net = cfg->fc_nlinfo.nl_net;
1753 	struct rt6_info *rt = NULL;
1754 	struct net_device *dev = NULL;
1755 	struct inet6_dev *idev = NULL;
1756 	struct fib6_table *table;
1757 	int addr_type;
1758 	int err = -EINVAL;
1759 
1760 	if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128)
1761 		goto out;
1762 #ifndef CONFIG_IPV6_SUBTREES
1763 	if (cfg->fc_src_len)
1764 		goto out;
1765 #endif
1766 	if (cfg->fc_ifindex) {
1767 		err = -ENODEV;
1768 		dev = dev_get_by_index(net, cfg->fc_ifindex);
1769 		if (!dev)
1770 			goto out;
1771 		idev = in6_dev_get(dev);
1772 		if (!idev)
1773 			goto out;
1774 	}
1775 
1776 	if (cfg->fc_metric == 0)
1777 		cfg->fc_metric = IP6_RT_PRIO_USER;
1778 
1779 	err = -ENOBUFS;
1780 	if (cfg->fc_nlinfo.nlh &&
1781 	    !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) {
1782 		table = fib6_get_table(net, cfg->fc_table);
1783 		if (!table) {
1784 			pr_warn("NLM_F_CREATE should be specified when creating new route\n");
1785 			table = fib6_new_table(net, cfg->fc_table);
1786 		}
1787 	} else {
1788 		table = fib6_new_table(net, cfg->fc_table);
1789 	}
1790 
1791 	if (!table)
1792 		goto out;
1793 
1794 	rt = ip6_dst_alloc(net, NULL,
1795 			   (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT);
1796 
1797 	if (!rt) {
1798 		err = -ENOMEM;
1799 		goto out;
1800 	}
1801 
1802 	if (cfg->fc_flags & RTF_EXPIRES)
1803 		rt6_set_expires(rt, jiffies +
1804 				clock_t_to_jiffies(cfg->fc_expires));
1805 	else
1806 		rt6_clean_expires(rt);
1807 
1808 	if (cfg->fc_protocol == RTPROT_UNSPEC)
1809 		cfg->fc_protocol = RTPROT_BOOT;
1810 	rt->rt6i_protocol = cfg->fc_protocol;
1811 
1812 	addr_type = ipv6_addr_type(&cfg->fc_dst);
1813 
1814 	if (addr_type & IPV6_ADDR_MULTICAST)
1815 		rt->dst.input = ip6_mc_input;
1816 	else if (cfg->fc_flags & RTF_LOCAL)
1817 		rt->dst.input = ip6_input;
1818 	else
1819 		rt->dst.input = ip6_forward;
1820 
1821 	rt->dst.output = ip6_output;
1822 
1823 	if (cfg->fc_encap) {
1824 		struct lwtunnel_state *lwtstate;
1825 
1826 		err = lwtunnel_build_state(dev, cfg->fc_encap_type,
1827 					   cfg->fc_encap, AF_INET6, cfg,
1828 					   &lwtstate);
1829 		if (err)
1830 			goto out;
1831 		rt->dst.lwtstate = lwtstate_get(lwtstate);
1832 		if (lwtunnel_output_redirect(rt->dst.lwtstate)) {
1833 			rt->dst.lwtstate->orig_output = rt->dst.output;
1834 			rt->dst.output = lwtunnel_output;
1835 		}
1836 		if (lwtunnel_input_redirect(rt->dst.lwtstate)) {
1837 			rt->dst.lwtstate->orig_input = rt->dst.input;
1838 			rt->dst.input = lwtunnel_input;
1839 		}
1840 	}
1841 
1842 	ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len);
1843 	rt->rt6i_dst.plen = cfg->fc_dst_len;
1844 	if (rt->rt6i_dst.plen == 128)
1845 		rt->dst.flags |= DST_HOST;
1846 
1847 #ifdef CONFIG_IPV6_SUBTREES
1848 	ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len);
1849 	rt->rt6i_src.plen = cfg->fc_src_len;
1850 #endif
1851 
1852 	rt->rt6i_metric = cfg->fc_metric;
1853 
1854 	/* We cannot add true routes via loopback here,
1855 	   they would result in kernel looping; promote them to reject routes
1856 	 */
1857 	if ((cfg->fc_flags & RTF_REJECT) ||
1858 	    (dev && (dev->flags & IFF_LOOPBACK) &&
1859 	     !(addr_type & IPV6_ADDR_LOOPBACK) &&
1860 	     !(cfg->fc_flags & RTF_LOCAL))) {
1861 		/* hold loopback dev/idev if we haven't done so. */
1862 		if (dev != net->loopback_dev) {
1863 			if (dev) {
1864 				dev_put(dev);
1865 				in6_dev_put(idev);
1866 			}
1867 			dev = net->loopback_dev;
1868 			dev_hold(dev);
1869 			idev = in6_dev_get(dev);
1870 			if (!idev) {
1871 				err = -ENODEV;
1872 				goto out;
1873 			}
1874 		}
1875 		rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP;
1876 		switch (cfg->fc_type) {
1877 		case RTN_BLACKHOLE:
1878 			rt->dst.error = -EINVAL;
1879 			rt->dst.output = dst_discard_out;
1880 			rt->dst.input = dst_discard;
1881 			break;
1882 		case RTN_PROHIBIT:
1883 			rt->dst.error = -EACCES;
1884 			rt->dst.output = ip6_pkt_prohibit_out;
1885 			rt->dst.input = ip6_pkt_prohibit;
1886 			break;
1887 		case RTN_THROW:
1888 		case RTN_UNREACHABLE:
1889 		default:
1890 			rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN
1891 					: (cfg->fc_type == RTN_UNREACHABLE)
1892 					? -EHOSTUNREACH : -ENETUNREACH;
1893 			rt->dst.output = ip6_pkt_discard_out;
1894 			rt->dst.input = ip6_pkt_discard;
1895 			break;
1896 		}
1897 		goto install_route;
1898 	}
1899 
1900 	if (cfg->fc_flags & RTF_GATEWAY) {
1901 		const struct in6_addr *gw_addr;
1902 		int gwa_type;
1903 
1904 		gw_addr = &cfg->fc_gateway;
1905 		gwa_type = ipv6_addr_type(gw_addr);
1906 
1907 		/* if gw_addr is local we will fail to detect this in case
1908 		 * address is still TENTATIVE (DAD in progress). rt6_lookup()
1909 		 * will return already-added prefix route via interface that
1910 		 * prefix route was assigned to, which might be non-loopback.
1911 		 */
1912 		err = -EINVAL;
1913 		if (ipv6_chk_addr_and_flags(net, gw_addr,
1914 					    gwa_type & IPV6_ADDR_LINKLOCAL ?
1915 					    dev : NULL, 0, 0))
1916 			goto out;
1917 
1918 		rt->rt6i_gateway = *gw_addr;
1919 
1920 		if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) {
1921 			struct rt6_info *grt;
1922 
1923 			/* IPv6 strictly inhibits using not link-local
1924 			   addresses as nexthop address.
1925 			   Otherwise, router will not able to send redirects.
1926 			   It is very good, but in some (rare!) circumstances
1927 			   (SIT, PtP, NBMA NOARP links) it is handy to allow
1928 			   some exceptions. --ANK
1929 			 */
1930 			if (!(gwa_type & IPV6_ADDR_UNICAST))
1931 				goto out;
1932 
1933 			grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, 1);
1934 
1935 			err = -EHOSTUNREACH;
1936 			if (!grt)
1937 				goto out;
1938 			if (dev) {
1939 				if (dev != grt->dst.dev) {
1940 					ip6_rt_put(grt);
1941 					goto out;
1942 				}
1943 			} else {
1944 				dev = grt->dst.dev;
1945 				idev = grt->rt6i_idev;
1946 				dev_hold(dev);
1947 				in6_dev_hold(grt->rt6i_idev);
1948 			}
1949 			if (!(grt->rt6i_flags & RTF_GATEWAY))
1950 				err = 0;
1951 			ip6_rt_put(grt);
1952 
1953 			if (err)
1954 				goto out;
1955 		}
1956 		err = -EINVAL;
1957 		if (!dev || (dev->flags & IFF_LOOPBACK))
1958 			goto out;
1959 	}
1960 
1961 	err = -ENODEV;
1962 	if (!dev)
1963 		goto out;
1964 
1965 	if (!ipv6_addr_any(&cfg->fc_prefsrc)) {
1966 		if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) {
1967 			err = -EINVAL;
1968 			goto out;
1969 		}
1970 		rt->rt6i_prefsrc.addr = cfg->fc_prefsrc;
1971 		rt->rt6i_prefsrc.plen = 128;
1972 	} else
1973 		rt->rt6i_prefsrc.plen = 0;
1974 
1975 	rt->rt6i_flags = cfg->fc_flags;
1976 
1977 install_route:
1978 	rt->dst.dev = dev;
1979 	rt->rt6i_idev = idev;
1980 	rt->rt6i_table = table;
1981 
1982 	cfg->fc_nlinfo.nl_net = dev_net(dev);
1983 
1984 	return rt;
1985 out:
1986 	if (dev)
1987 		dev_put(dev);
1988 	if (idev)
1989 		in6_dev_put(idev);
1990 	if (rt)
1991 		dst_free(&rt->dst);
1992 
1993 	return ERR_PTR(err);
1994 }
1995 
1996 int ip6_route_add(struct fib6_config *cfg)
1997 {
1998 	struct mx6_config mxc = { .mx = NULL, };
1999 	struct rt6_info *rt;
2000 	int err;
2001 
2002 	rt = ip6_route_info_create(cfg);
2003 	if (IS_ERR(rt)) {
2004 		err = PTR_ERR(rt);
2005 		rt = NULL;
2006 		goto out;
2007 	}
2008 
2009 	err = ip6_convert_metrics(&mxc, cfg);
2010 	if (err)
2011 		goto out;
2012 
2013 	err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, &mxc);
2014 
2015 	kfree(mxc.mx);
2016 
2017 	return err;
2018 out:
2019 	if (rt)
2020 		dst_free(&rt->dst);
2021 
2022 	return err;
2023 }
2024 
2025 static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
2026 {
2027 	int err;
2028 	struct fib6_table *table;
2029 	struct net *net = dev_net(rt->dst.dev);
2030 
2031 	if (rt == net->ipv6.ip6_null_entry ||
2032 	    rt->dst.flags & DST_NOCACHE) {
2033 		err = -ENOENT;
2034 		goto out;
2035 	}
2036 
2037 	table = rt->rt6i_table;
2038 	write_lock_bh(&table->tb6_lock);
2039 	err = fib6_del(rt, info);
2040 	write_unlock_bh(&table->tb6_lock);
2041 
2042 out:
2043 	ip6_rt_put(rt);
2044 	return err;
2045 }
2046 
2047 int ip6_del_rt(struct rt6_info *rt)
2048 {
2049 	struct nl_info info = {
2050 		.nl_net = dev_net(rt->dst.dev),
2051 	};
2052 	return __ip6_del_rt(rt, &info);
2053 }
2054 
2055 static int ip6_route_del(struct fib6_config *cfg)
2056 {
2057 	struct fib6_table *table;
2058 	struct fib6_node *fn;
2059 	struct rt6_info *rt;
2060 	int err = -ESRCH;
2061 
2062 	table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table);
2063 	if (!table)
2064 		return err;
2065 
2066 	read_lock_bh(&table->tb6_lock);
2067 
2068 	fn = fib6_locate(&table->tb6_root,
2069 			 &cfg->fc_dst, cfg->fc_dst_len,
2070 			 &cfg->fc_src, cfg->fc_src_len);
2071 
2072 	if (fn) {
2073 		for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2074 			if ((rt->rt6i_flags & RTF_CACHE) &&
2075 			    !(cfg->fc_flags & RTF_CACHE))
2076 				continue;
2077 			if (cfg->fc_ifindex &&
2078 			    (!rt->dst.dev ||
2079 			     rt->dst.dev->ifindex != cfg->fc_ifindex))
2080 				continue;
2081 			if (cfg->fc_flags & RTF_GATEWAY &&
2082 			    !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway))
2083 				continue;
2084 			if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric)
2085 				continue;
2086 			dst_hold(&rt->dst);
2087 			read_unlock_bh(&table->tb6_lock);
2088 
2089 			return __ip6_del_rt(rt, &cfg->fc_nlinfo);
2090 		}
2091 	}
2092 	read_unlock_bh(&table->tb6_lock);
2093 
2094 	return err;
2095 }
2096 
2097 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
2098 {
2099 	struct netevent_redirect netevent;
2100 	struct rt6_info *rt, *nrt = NULL;
2101 	struct ndisc_options ndopts;
2102 	struct inet6_dev *in6_dev;
2103 	struct neighbour *neigh;
2104 	struct rd_msg *msg;
2105 	int optlen, on_link;
2106 	u8 *lladdr;
2107 
2108 	optlen = skb_tail_pointer(skb) - skb_transport_header(skb);
2109 	optlen -= sizeof(*msg);
2110 
2111 	if (optlen < 0) {
2112 		net_dbg_ratelimited("rt6_do_redirect: packet too short\n");
2113 		return;
2114 	}
2115 
2116 	msg = (struct rd_msg *)icmp6_hdr(skb);
2117 
2118 	if (ipv6_addr_is_multicast(&msg->dest)) {
2119 		net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n");
2120 		return;
2121 	}
2122 
2123 	on_link = 0;
2124 	if (ipv6_addr_equal(&msg->dest, &msg->target)) {
2125 		on_link = 1;
2126 	} else if (ipv6_addr_type(&msg->target) !=
2127 		   (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
2128 		net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n");
2129 		return;
2130 	}
2131 
2132 	in6_dev = __in6_dev_get(skb->dev);
2133 	if (!in6_dev)
2134 		return;
2135 	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
2136 		return;
2137 
2138 	/* RFC2461 8.1:
2139 	 *	The IP source address of the Redirect MUST be the same as the current
2140 	 *	first-hop router for the specified ICMP Destination Address.
2141 	 */
2142 
2143 	if (!ndisc_parse_options(msg->opt, optlen, &ndopts)) {
2144 		net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
2145 		return;
2146 	}
2147 
2148 	lladdr = NULL;
2149 	if (ndopts.nd_opts_tgt_lladdr) {
2150 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
2151 					     skb->dev);
2152 		if (!lladdr) {
2153 			net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n");
2154 			return;
2155 		}
2156 	}
2157 
2158 	rt = (struct rt6_info *) dst;
2159 	if (rt->rt6i_flags & RTF_REJECT) {
2160 		net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
2161 		return;
2162 	}
2163 
2164 	/* Redirect received -> path was valid.
2165 	 * Look, redirects are sent only in response to data packets,
2166 	 * so that this nexthop apparently is reachable. --ANK
2167 	 */
2168 	dst_confirm(&rt->dst);
2169 
2170 	neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1);
2171 	if (!neigh)
2172 		return;
2173 
2174 	/*
2175 	 *	We have finally decided to accept it.
2176 	 */
2177 
2178 	neigh_update(neigh, lladdr, NUD_STALE,
2179 		     NEIGH_UPDATE_F_WEAK_OVERRIDE|
2180 		     NEIGH_UPDATE_F_OVERRIDE|
2181 		     (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
2182 				     NEIGH_UPDATE_F_ISROUTER))
2183 		     );
2184 
2185 	nrt = ip6_rt_cache_alloc(rt, &msg->dest, NULL);
2186 	if (!nrt)
2187 		goto out;
2188 
2189 	nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE;
2190 	if (on_link)
2191 		nrt->rt6i_flags &= ~RTF_GATEWAY;
2192 
2193 	nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key;
2194 
2195 	if (ip6_ins_rt(nrt))
2196 		goto out;
2197 
2198 	netevent.old = &rt->dst;
2199 	netevent.new = &nrt->dst;
2200 	netevent.daddr = &msg->dest;
2201 	netevent.neigh = neigh;
2202 	call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
2203 
2204 	if (rt->rt6i_flags & RTF_CACHE) {
2205 		rt = (struct rt6_info *) dst_clone(&rt->dst);
2206 		ip6_del_rt(rt);
2207 	}
2208 
2209 out:
2210 	neigh_release(neigh);
2211 }
2212 
2213 /*
2214  *	Misc support functions
2215  */
2216 
2217 static void rt6_set_from(struct rt6_info *rt, struct rt6_info *from)
2218 {
2219 	BUG_ON(from->dst.from);
2220 
2221 	rt->rt6i_flags &= ~RTF_EXPIRES;
2222 	dst_hold(&from->dst);
2223 	rt->dst.from = &from->dst;
2224 	dst_init_metrics(&rt->dst, dst_metrics_ptr(&from->dst), true);
2225 }
2226 
2227 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort)
2228 {
2229 	rt->dst.input = ort->dst.input;
2230 	rt->dst.output = ort->dst.output;
2231 	rt->rt6i_dst = ort->rt6i_dst;
2232 	rt->dst.error = ort->dst.error;
2233 	rt->rt6i_idev = ort->rt6i_idev;
2234 	if (rt->rt6i_idev)
2235 		in6_dev_hold(rt->rt6i_idev);
2236 	rt->dst.lastuse = jiffies;
2237 	rt->rt6i_gateway = ort->rt6i_gateway;
2238 	rt->rt6i_flags = ort->rt6i_flags;
2239 	rt6_set_from(rt, ort);
2240 	rt->rt6i_metric = ort->rt6i_metric;
2241 #ifdef CONFIG_IPV6_SUBTREES
2242 	rt->rt6i_src = ort->rt6i_src;
2243 #endif
2244 	rt->rt6i_prefsrc = ort->rt6i_prefsrc;
2245 	rt->rt6i_table = ort->rt6i_table;
2246 	rt->dst.lwtstate = lwtstate_get(ort->dst.lwtstate);
2247 }
2248 
2249 #ifdef CONFIG_IPV6_ROUTE_INFO
2250 static struct rt6_info *rt6_get_route_info(struct net *net,
2251 					   const struct in6_addr *prefix, int prefixlen,
2252 					   const struct in6_addr *gwaddr, int ifindex)
2253 {
2254 	struct fib6_node *fn;
2255 	struct rt6_info *rt = NULL;
2256 	struct fib6_table *table;
2257 
2258 	table = fib6_get_table(net, RT6_TABLE_INFO);
2259 	if (!table)
2260 		return NULL;
2261 
2262 	read_lock_bh(&table->tb6_lock);
2263 	fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0);
2264 	if (!fn)
2265 		goto out;
2266 
2267 	for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2268 		if (rt->dst.dev->ifindex != ifindex)
2269 			continue;
2270 		if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
2271 			continue;
2272 		if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr))
2273 			continue;
2274 		dst_hold(&rt->dst);
2275 		break;
2276 	}
2277 out:
2278 	read_unlock_bh(&table->tb6_lock);
2279 	return rt;
2280 }
2281 
2282 static struct rt6_info *rt6_add_route_info(struct net *net,
2283 					   const struct in6_addr *prefix, int prefixlen,
2284 					   const struct in6_addr *gwaddr, int ifindex,
2285 					   unsigned int pref)
2286 {
2287 	struct fib6_config cfg = {
2288 		.fc_metric	= IP6_RT_PRIO_USER,
2289 		.fc_ifindex	= ifindex,
2290 		.fc_dst_len	= prefixlen,
2291 		.fc_flags	= RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO |
2292 				  RTF_UP | RTF_PREF(pref),
2293 		.fc_nlinfo.portid = 0,
2294 		.fc_nlinfo.nlh = NULL,
2295 		.fc_nlinfo.nl_net = net,
2296 	};
2297 
2298 	cfg.fc_table = l3mdev_fib_table_by_index(net, ifindex) ? : RT6_TABLE_INFO;
2299 	cfg.fc_dst = *prefix;
2300 	cfg.fc_gateway = *gwaddr;
2301 
2302 	/* We should treat it as a default route if prefix length is 0. */
2303 	if (!prefixlen)
2304 		cfg.fc_flags |= RTF_DEFAULT;
2305 
2306 	ip6_route_add(&cfg);
2307 
2308 	return rt6_get_route_info(net, prefix, prefixlen, gwaddr, ifindex);
2309 }
2310 #endif
2311 
2312 struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev)
2313 {
2314 	struct rt6_info *rt;
2315 	struct fib6_table *table;
2316 
2317 	table = fib6_get_table(dev_net(dev), RT6_TABLE_DFLT);
2318 	if (!table)
2319 		return NULL;
2320 
2321 	read_lock_bh(&table->tb6_lock);
2322 	for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2323 		if (dev == rt->dst.dev &&
2324 		    ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) &&
2325 		    ipv6_addr_equal(&rt->rt6i_gateway, addr))
2326 			break;
2327 	}
2328 	if (rt)
2329 		dst_hold(&rt->dst);
2330 	read_unlock_bh(&table->tb6_lock);
2331 	return rt;
2332 }
2333 
2334 struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr,
2335 				     struct net_device *dev,
2336 				     unsigned int pref)
2337 {
2338 	struct fib6_config cfg = {
2339 		.fc_table	= l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
2340 		.fc_metric	= IP6_RT_PRIO_USER,
2341 		.fc_ifindex	= dev->ifindex,
2342 		.fc_flags	= RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
2343 				  RTF_UP | RTF_EXPIRES | RTF_PREF(pref),
2344 		.fc_nlinfo.portid = 0,
2345 		.fc_nlinfo.nlh = NULL,
2346 		.fc_nlinfo.nl_net = dev_net(dev),
2347 	};
2348 
2349 	cfg.fc_gateway = *gwaddr;
2350 
2351 	ip6_route_add(&cfg);
2352 
2353 	return rt6_get_dflt_router(gwaddr, dev);
2354 }
2355 
2356 void rt6_purge_dflt_routers(struct net *net)
2357 {
2358 	struct rt6_info *rt;
2359 	struct fib6_table *table;
2360 
2361 	/* NOTE: Keep consistent with rt6_get_dflt_router */
2362 	table = fib6_get_table(net, RT6_TABLE_DFLT);
2363 	if (!table)
2364 		return;
2365 
2366 restart:
2367 	read_lock_bh(&table->tb6_lock);
2368 	for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2369 		if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
2370 		    (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) {
2371 			dst_hold(&rt->dst);
2372 			read_unlock_bh(&table->tb6_lock);
2373 			ip6_del_rt(rt);
2374 			goto restart;
2375 		}
2376 	}
2377 	read_unlock_bh(&table->tb6_lock);
2378 }
2379 
2380 static void rtmsg_to_fib6_config(struct net *net,
2381 				 struct in6_rtmsg *rtmsg,
2382 				 struct fib6_config *cfg)
2383 {
2384 	memset(cfg, 0, sizeof(*cfg));
2385 
2386 	cfg->fc_table = l3mdev_fib_table_by_index(net, rtmsg->rtmsg_ifindex) ?
2387 			 : RT6_TABLE_MAIN;
2388 	cfg->fc_ifindex = rtmsg->rtmsg_ifindex;
2389 	cfg->fc_metric = rtmsg->rtmsg_metric;
2390 	cfg->fc_expires = rtmsg->rtmsg_info;
2391 	cfg->fc_dst_len = rtmsg->rtmsg_dst_len;
2392 	cfg->fc_src_len = rtmsg->rtmsg_src_len;
2393 	cfg->fc_flags = rtmsg->rtmsg_flags;
2394 
2395 	cfg->fc_nlinfo.nl_net = net;
2396 
2397 	cfg->fc_dst = rtmsg->rtmsg_dst;
2398 	cfg->fc_src = rtmsg->rtmsg_src;
2399 	cfg->fc_gateway = rtmsg->rtmsg_gateway;
2400 }
2401 
2402 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
2403 {
2404 	struct fib6_config cfg;
2405 	struct in6_rtmsg rtmsg;
2406 	int err;
2407 
2408 	switch (cmd) {
2409 	case SIOCADDRT:		/* Add a route */
2410 	case SIOCDELRT:		/* Delete a route */
2411 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2412 			return -EPERM;
2413 		err = copy_from_user(&rtmsg, arg,
2414 				     sizeof(struct in6_rtmsg));
2415 		if (err)
2416 			return -EFAULT;
2417 
2418 		rtmsg_to_fib6_config(net, &rtmsg, &cfg);
2419 
2420 		rtnl_lock();
2421 		switch (cmd) {
2422 		case SIOCADDRT:
2423 			err = ip6_route_add(&cfg);
2424 			break;
2425 		case SIOCDELRT:
2426 			err = ip6_route_del(&cfg);
2427 			break;
2428 		default:
2429 			err = -EINVAL;
2430 		}
2431 		rtnl_unlock();
2432 
2433 		return err;
2434 	}
2435 
2436 	return -EINVAL;
2437 }
2438 
2439 /*
2440  *	Drop the packet on the floor
2441  */
2442 
2443 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
2444 {
2445 	int type;
2446 	struct dst_entry *dst = skb_dst(skb);
2447 	switch (ipstats_mib_noroutes) {
2448 	case IPSTATS_MIB_INNOROUTES:
2449 		type = ipv6_addr_type(&ipv6_hdr(skb)->daddr);
2450 		if (type == IPV6_ADDR_ANY) {
2451 			IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2452 				      IPSTATS_MIB_INADDRERRORS);
2453 			break;
2454 		}
2455 		/* FALLTHROUGH */
2456 	case IPSTATS_MIB_OUTNOROUTES:
2457 		IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2458 			      ipstats_mib_noroutes);
2459 		break;
2460 	}
2461 	icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0);
2462 	kfree_skb(skb);
2463 	return 0;
2464 }
2465 
2466 static int ip6_pkt_discard(struct sk_buff *skb)
2467 {
2468 	return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES);
2469 }
2470 
2471 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2472 {
2473 	skb->dev = skb_dst(skb)->dev;
2474 	return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES);
2475 }
2476 
2477 static int ip6_pkt_prohibit(struct sk_buff *skb)
2478 {
2479 	return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES);
2480 }
2481 
2482 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2483 {
2484 	skb->dev = skb_dst(skb)->dev;
2485 	return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
2486 }
2487 
2488 /*
2489  *	Allocate a dst for local (unicast / anycast) address.
2490  */
2491 
2492 struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2493 				    const struct in6_addr *addr,
2494 				    bool anycast)
2495 {
2496 	u32 tb_id;
2497 	struct net *net = dev_net(idev->dev);
2498 	struct rt6_info *rt = ip6_dst_alloc(net, net->loopback_dev,
2499 					    DST_NOCOUNT);
2500 	if (!rt)
2501 		return ERR_PTR(-ENOMEM);
2502 
2503 	in6_dev_hold(idev);
2504 
2505 	rt->dst.flags |= DST_HOST;
2506 	rt->dst.input = ip6_input;
2507 	rt->dst.output = ip6_output;
2508 	rt->rt6i_idev = idev;
2509 
2510 	rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
2511 	if (anycast)
2512 		rt->rt6i_flags |= RTF_ANYCAST;
2513 	else
2514 		rt->rt6i_flags |= RTF_LOCAL;
2515 
2516 	rt->rt6i_gateway  = *addr;
2517 	rt->rt6i_dst.addr = *addr;
2518 	rt->rt6i_dst.plen = 128;
2519 	tb_id = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL;
2520 	rt->rt6i_table = fib6_get_table(net, tb_id);
2521 	rt->dst.flags |= DST_NOCACHE;
2522 
2523 	atomic_set(&rt->dst.__refcnt, 1);
2524 
2525 	return rt;
2526 }
2527 
2528 int ip6_route_get_saddr(struct net *net,
2529 			struct rt6_info *rt,
2530 			const struct in6_addr *daddr,
2531 			unsigned int prefs,
2532 			struct in6_addr *saddr)
2533 {
2534 	struct inet6_dev *idev =
2535 		rt ? ip6_dst_idev((struct dst_entry *)rt) : NULL;
2536 	int err = 0;
2537 	if (rt && rt->rt6i_prefsrc.plen)
2538 		*saddr = rt->rt6i_prefsrc.addr;
2539 	else
2540 		err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
2541 					 daddr, prefs, saddr);
2542 	return err;
2543 }
2544 
2545 /* remove deleted ip from prefsrc entries */
2546 struct arg_dev_net_ip {
2547 	struct net_device *dev;
2548 	struct net *net;
2549 	struct in6_addr *addr;
2550 };
2551 
2552 static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg)
2553 {
2554 	struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev;
2555 	struct net *net = ((struct arg_dev_net_ip *)arg)->net;
2556 	struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr;
2557 
2558 	if (((void *)rt->dst.dev == dev || !dev) &&
2559 	    rt != net->ipv6.ip6_null_entry &&
2560 	    ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) {
2561 		/* remove prefsrc entry */
2562 		rt->rt6i_prefsrc.plen = 0;
2563 	}
2564 	return 0;
2565 }
2566 
2567 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp)
2568 {
2569 	struct net *net = dev_net(ifp->idev->dev);
2570 	struct arg_dev_net_ip adni = {
2571 		.dev = ifp->idev->dev,
2572 		.net = net,
2573 		.addr = &ifp->addr,
2574 	};
2575 	fib6_clean_all(net, fib6_remove_prefsrc, &adni);
2576 }
2577 
2578 #define RTF_RA_ROUTER		(RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY)
2579 #define RTF_CACHE_GATEWAY	(RTF_GATEWAY | RTF_CACHE)
2580 
2581 /* Remove routers and update dst entries when gateway turn into host. */
2582 static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
2583 {
2584 	struct in6_addr *gateway = (struct in6_addr *)arg;
2585 
2586 	if ((((rt->rt6i_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) ||
2587 	     ((rt->rt6i_flags & RTF_CACHE_GATEWAY) == RTF_CACHE_GATEWAY)) &&
2588 	     ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
2589 		return -1;
2590 	}
2591 	return 0;
2592 }
2593 
2594 void rt6_clean_tohost(struct net *net, struct in6_addr *gateway)
2595 {
2596 	fib6_clean_all(net, fib6_clean_tohost, gateway);
2597 }
2598 
2599 struct arg_dev_net {
2600 	struct net_device *dev;
2601 	struct net *net;
2602 };
2603 
2604 static int fib6_ifdown(struct rt6_info *rt, void *arg)
2605 {
2606 	const struct arg_dev_net *adn = arg;
2607 	const struct net_device *dev = adn->dev;
2608 
2609 	if ((rt->dst.dev == dev || !dev) &&
2610 	    rt != adn->net->ipv6.ip6_null_entry)
2611 		return -1;
2612 
2613 	return 0;
2614 }
2615 
2616 void rt6_ifdown(struct net *net, struct net_device *dev)
2617 {
2618 	struct arg_dev_net adn = {
2619 		.dev = dev,
2620 		.net = net,
2621 	};
2622 
2623 	fib6_clean_all(net, fib6_ifdown, &adn);
2624 	icmp6_clean_all(fib6_ifdown, &adn);
2625 	if (dev)
2626 		rt6_uncached_list_flush_dev(net, dev);
2627 }
2628 
2629 struct rt6_mtu_change_arg {
2630 	struct net_device *dev;
2631 	unsigned int mtu;
2632 };
2633 
2634 static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg)
2635 {
2636 	struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg;
2637 	struct inet6_dev *idev;
2638 
2639 	/* In IPv6 pmtu discovery is not optional,
2640 	   so that RTAX_MTU lock cannot disable it.
2641 	   We still use this lock to block changes
2642 	   caused by addrconf/ndisc.
2643 	*/
2644 
2645 	idev = __in6_dev_get(arg->dev);
2646 	if (!idev)
2647 		return 0;
2648 
2649 	/* For administrative MTU increase, there is no way to discover
2650 	   IPv6 PMTU increase, so PMTU increase should be updated here.
2651 	   Since RFC 1981 doesn't include administrative MTU increase
2652 	   update PMTU increase is a MUST. (i.e. jumbo frame)
2653 	 */
2654 	/*
2655 	   If new MTU is less than route PMTU, this new MTU will be the
2656 	   lowest MTU in the path, update the route PMTU to reflect PMTU
2657 	   decreases; if new MTU is greater than route PMTU, and the
2658 	   old MTU is the lowest MTU in the path, update the route PMTU
2659 	   to reflect the increase. In this case if the other nodes' MTU
2660 	   also have the lowest MTU, TOO BIG MESSAGE will be lead to
2661 	   PMTU discouvery.
2662 	 */
2663 	if (rt->dst.dev == arg->dev &&
2664 	    !dst_metric_locked(&rt->dst, RTAX_MTU)) {
2665 		if (rt->rt6i_flags & RTF_CACHE) {
2666 			/* For RTF_CACHE with rt6i_pmtu == 0
2667 			 * (i.e. a redirected route),
2668 			 * the metrics of its rt->dst.from has already
2669 			 * been updated.
2670 			 */
2671 			if (rt->rt6i_pmtu && rt->rt6i_pmtu > arg->mtu)
2672 				rt->rt6i_pmtu = arg->mtu;
2673 		} else if (dst_mtu(&rt->dst) >= arg->mtu ||
2674 			   (dst_mtu(&rt->dst) < arg->mtu &&
2675 			    dst_mtu(&rt->dst) == idev->cnf.mtu6)) {
2676 			dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu);
2677 		}
2678 	}
2679 	return 0;
2680 }
2681 
2682 void rt6_mtu_change(struct net_device *dev, unsigned int mtu)
2683 {
2684 	struct rt6_mtu_change_arg arg = {
2685 		.dev = dev,
2686 		.mtu = mtu,
2687 	};
2688 
2689 	fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg);
2690 }
2691 
2692 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
2693 	[RTA_GATEWAY]           = { .len = sizeof(struct in6_addr) },
2694 	[RTA_OIF]               = { .type = NLA_U32 },
2695 	[RTA_IIF]		= { .type = NLA_U32 },
2696 	[RTA_PRIORITY]          = { .type = NLA_U32 },
2697 	[RTA_METRICS]           = { .type = NLA_NESTED },
2698 	[RTA_MULTIPATH]		= { .len = sizeof(struct rtnexthop) },
2699 	[RTA_PREF]              = { .type = NLA_U8 },
2700 	[RTA_ENCAP_TYPE]	= { .type = NLA_U16 },
2701 	[RTA_ENCAP]		= { .type = NLA_NESTED },
2702 };
2703 
2704 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
2705 			      struct fib6_config *cfg)
2706 {
2707 	struct rtmsg *rtm;
2708 	struct nlattr *tb[RTA_MAX+1];
2709 	unsigned int pref;
2710 	int err;
2711 
2712 	err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy);
2713 	if (err < 0)
2714 		goto errout;
2715 
2716 	err = -EINVAL;
2717 	rtm = nlmsg_data(nlh);
2718 	memset(cfg, 0, sizeof(*cfg));
2719 
2720 	cfg->fc_table = rtm->rtm_table;
2721 	cfg->fc_dst_len = rtm->rtm_dst_len;
2722 	cfg->fc_src_len = rtm->rtm_src_len;
2723 	cfg->fc_flags = RTF_UP;
2724 	cfg->fc_protocol = rtm->rtm_protocol;
2725 	cfg->fc_type = rtm->rtm_type;
2726 
2727 	if (rtm->rtm_type == RTN_UNREACHABLE ||
2728 	    rtm->rtm_type == RTN_BLACKHOLE ||
2729 	    rtm->rtm_type == RTN_PROHIBIT ||
2730 	    rtm->rtm_type == RTN_THROW)
2731 		cfg->fc_flags |= RTF_REJECT;
2732 
2733 	if (rtm->rtm_type == RTN_LOCAL)
2734 		cfg->fc_flags |= RTF_LOCAL;
2735 
2736 	if (rtm->rtm_flags & RTM_F_CLONED)
2737 		cfg->fc_flags |= RTF_CACHE;
2738 
2739 	cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid;
2740 	cfg->fc_nlinfo.nlh = nlh;
2741 	cfg->fc_nlinfo.nl_net = sock_net(skb->sk);
2742 
2743 	if (tb[RTA_GATEWAY]) {
2744 		cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]);
2745 		cfg->fc_flags |= RTF_GATEWAY;
2746 	}
2747 
2748 	if (tb[RTA_DST]) {
2749 		int plen = (rtm->rtm_dst_len + 7) >> 3;
2750 
2751 		if (nla_len(tb[RTA_DST]) < plen)
2752 			goto errout;
2753 
2754 		nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen);
2755 	}
2756 
2757 	if (tb[RTA_SRC]) {
2758 		int plen = (rtm->rtm_src_len + 7) >> 3;
2759 
2760 		if (nla_len(tb[RTA_SRC]) < plen)
2761 			goto errout;
2762 
2763 		nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen);
2764 	}
2765 
2766 	if (tb[RTA_PREFSRC])
2767 		cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]);
2768 
2769 	if (tb[RTA_OIF])
2770 		cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]);
2771 
2772 	if (tb[RTA_PRIORITY])
2773 		cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]);
2774 
2775 	if (tb[RTA_METRICS]) {
2776 		cfg->fc_mx = nla_data(tb[RTA_METRICS]);
2777 		cfg->fc_mx_len = nla_len(tb[RTA_METRICS]);
2778 	}
2779 
2780 	if (tb[RTA_TABLE])
2781 		cfg->fc_table = nla_get_u32(tb[RTA_TABLE]);
2782 
2783 	if (tb[RTA_MULTIPATH]) {
2784 		cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
2785 		cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
2786 	}
2787 
2788 	if (tb[RTA_PREF]) {
2789 		pref = nla_get_u8(tb[RTA_PREF]);
2790 		if (pref != ICMPV6_ROUTER_PREF_LOW &&
2791 		    pref != ICMPV6_ROUTER_PREF_HIGH)
2792 			pref = ICMPV6_ROUTER_PREF_MEDIUM;
2793 		cfg->fc_flags |= RTF_PREF(pref);
2794 	}
2795 
2796 	if (tb[RTA_ENCAP])
2797 		cfg->fc_encap = tb[RTA_ENCAP];
2798 
2799 	if (tb[RTA_ENCAP_TYPE])
2800 		cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
2801 
2802 	err = 0;
2803 errout:
2804 	return err;
2805 }
2806 
2807 struct rt6_nh {
2808 	struct rt6_info *rt6_info;
2809 	struct fib6_config r_cfg;
2810 	struct mx6_config mxc;
2811 	struct list_head next;
2812 };
2813 
2814 static void ip6_print_replace_route_err(struct list_head *rt6_nh_list)
2815 {
2816 	struct rt6_nh *nh;
2817 
2818 	list_for_each_entry(nh, rt6_nh_list, next) {
2819 		pr_warn("IPV6: multipath route replace failed (check consistency of installed routes): %pI6 nexthop %pI6 ifi %d\n",
2820 		        &nh->r_cfg.fc_dst, &nh->r_cfg.fc_gateway,
2821 		        nh->r_cfg.fc_ifindex);
2822 	}
2823 }
2824 
2825 static int ip6_route_info_append(struct list_head *rt6_nh_list,
2826 				 struct rt6_info *rt, struct fib6_config *r_cfg)
2827 {
2828 	struct rt6_nh *nh;
2829 	struct rt6_info *rtnh;
2830 	int err = -EEXIST;
2831 
2832 	list_for_each_entry(nh, rt6_nh_list, next) {
2833 		/* check if rt6_info already exists */
2834 		rtnh = nh->rt6_info;
2835 
2836 		if (rtnh->dst.dev == rt->dst.dev &&
2837 		    rtnh->rt6i_idev == rt->rt6i_idev &&
2838 		    ipv6_addr_equal(&rtnh->rt6i_gateway,
2839 				    &rt->rt6i_gateway))
2840 			return err;
2841 	}
2842 
2843 	nh = kzalloc(sizeof(*nh), GFP_KERNEL);
2844 	if (!nh)
2845 		return -ENOMEM;
2846 	nh->rt6_info = rt;
2847 	err = ip6_convert_metrics(&nh->mxc, r_cfg);
2848 	if (err) {
2849 		kfree(nh);
2850 		return err;
2851 	}
2852 	memcpy(&nh->r_cfg, r_cfg, sizeof(*r_cfg));
2853 	list_add_tail(&nh->next, rt6_nh_list);
2854 
2855 	return 0;
2856 }
2857 
2858 static int ip6_route_multipath_add(struct fib6_config *cfg)
2859 {
2860 	struct fib6_config r_cfg;
2861 	struct rtnexthop *rtnh;
2862 	struct rt6_info *rt;
2863 	struct rt6_nh *err_nh;
2864 	struct rt6_nh *nh, *nh_safe;
2865 	int remaining;
2866 	int attrlen;
2867 	int err = 1;
2868 	int nhn = 0;
2869 	int replace = (cfg->fc_nlinfo.nlh &&
2870 		       (cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_REPLACE));
2871 	LIST_HEAD(rt6_nh_list);
2872 
2873 	remaining = cfg->fc_mp_len;
2874 	rtnh = (struct rtnexthop *)cfg->fc_mp;
2875 
2876 	/* Parse a Multipath Entry and build a list (rt6_nh_list) of
2877 	 * rt6_info structs per nexthop
2878 	 */
2879 	while (rtnh_ok(rtnh, remaining)) {
2880 		memcpy(&r_cfg, cfg, sizeof(*cfg));
2881 		if (rtnh->rtnh_ifindex)
2882 			r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
2883 
2884 		attrlen = rtnh_attrlen(rtnh);
2885 		if (attrlen > 0) {
2886 			struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
2887 
2888 			nla = nla_find(attrs, attrlen, RTA_GATEWAY);
2889 			if (nla) {
2890 				r_cfg.fc_gateway = nla_get_in6_addr(nla);
2891 				r_cfg.fc_flags |= RTF_GATEWAY;
2892 			}
2893 			r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
2894 			nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
2895 			if (nla)
2896 				r_cfg.fc_encap_type = nla_get_u16(nla);
2897 		}
2898 
2899 		rt = ip6_route_info_create(&r_cfg);
2900 		if (IS_ERR(rt)) {
2901 			err = PTR_ERR(rt);
2902 			rt = NULL;
2903 			goto cleanup;
2904 		}
2905 
2906 		err = ip6_route_info_append(&rt6_nh_list, rt, &r_cfg);
2907 		if (err) {
2908 			dst_free(&rt->dst);
2909 			goto cleanup;
2910 		}
2911 
2912 		rtnh = rtnh_next(rtnh, &remaining);
2913 	}
2914 
2915 	err_nh = NULL;
2916 	list_for_each_entry(nh, &rt6_nh_list, next) {
2917 		err = __ip6_ins_rt(nh->rt6_info, &cfg->fc_nlinfo, &nh->mxc);
2918 		/* nh->rt6_info is used or freed at this point, reset to NULL*/
2919 		nh->rt6_info = NULL;
2920 		if (err) {
2921 			if (replace && nhn)
2922 				ip6_print_replace_route_err(&rt6_nh_list);
2923 			err_nh = nh;
2924 			goto add_errout;
2925 		}
2926 
2927 		/* Because each route is added like a single route we remove
2928 		 * these flags after the first nexthop: if there is a collision,
2929 		 * we have already failed to add the first nexthop:
2930 		 * fib6_add_rt2node() has rejected it; when replacing, old
2931 		 * nexthops have been replaced by first new, the rest should
2932 		 * be added to it.
2933 		 */
2934 		cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
2935 						     NLM_F_REPLACE);
2936 		nhn++;
2937 	}
2938 
2939 	goto cleanup;
2940 
2941 add_errout:
2942 	/* Delete routes that were already added */
2943 	list_for_each_entry(nh, &rt6_nh_list, next) {
2944 		if (err_nh == nh)
2945 			break;
2946 		ip6_route_del(&nh->r_cfg);
2947 	}
2948 
2949 cleanup:
2950 	list_for_each_entry_safe(nh, nh_safe, &rt6_nh_list, next) {
2951 		if (nh->rt6_info)
2952 			dst_free(&nh->rt6_info->dst);
2953 		kfree(nh->mxc.mx);
2954 		list_del(&nh->next);
2955 		kfree(nh);
2956 	}
2957 
2958 	return err;
2959 }
2960 
2961 static int ip6_route_multipath_del(struct fib6_config *cfg)
2962 {
2963 	struct fib6_config r_cfg;
2964 	struct rtnexthop *rtnh;
2965 	int remaining;
2966 	int attrlen;
2967 	int err = 1, last_err = 0;
2968 
2969 	remaining = cfg->fc_mp_len;
2970 	rtnh = (struct rtnexthop *)cfg->fc_mp;
2971 
2972 	/* Parse a Multipath Entry */
2973 	while (rtnh_ok(rtnh, remaining)) {
2974 		memcpy(&r_cfg, cfg, sizeof(*cfg));
2975 		if (rtnh->rtnh_ifindex)
2976 			r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
2977 
2978 		attrlen = rtnh_attrlen(rtnh);
2979 		if (attrlen > 0) {
2980 			struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
2981 
2982 			nla = nla_find(attrs, attrlen, RTA_GATEWAY);
2983 			if (nla) {
2984 				nla_memcpy(&r_cfg.fc_gateway, nla, 16);
2985 				r_cfg.fc_flags |= RTF_GATEWAY;
2986 			}
2987 		}
2988 		err = ip6_route_del(&r_cfg);
2989 		if (err)
2990 			last_err = err;
2991 
2992 		rtnh = rtnh_next(rtnh, &remaining);
2993 	}
2994 
2995 	return last_err;
2996 }
2997 
2998 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
2999 {
3000 	struct fib6_config cfg;
3001 	int err;
3002 
3003 	err = rtm_to_fib6_config(skb, nlh, &cfg);
3004 	if (err < 0)
3005 		return err;
3006 
3007 	if (cfg.fc_mp)
3008 		return ip6_route_multipath_del(&cfg);
3009 	else
3010 		return ip6_route_del(&cfg);
3011 }
3012 
3013 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
3014 {
3015 	struct fib6_config cfg;
3016 	int err;
3017 
3018 	err = rtm_to_fib6_config(skb, nlh, &cfg);
3019 	if (err < 0)
3020 		return err;
3021 
3022 	if (cfg.fc_mp)
3023 		return ip6_route_multipath_add(&cfg);
3024 	else
3025 		return ip6_route_add(&cfg);
3026 }
3027 
3028 static inline size_t rt6_nlmsg_size(struct rt6_info *rt)
3029 {
3030 	return NLMSG_ALIGN(sizeof(struct rtmsg))
3031 	       + nla_total_size(16) /* RTA_SRC */
3032 	       + nla_total_size(16) /* RTA_DST */
3033 	       + nla_total_size(16) /* RTA_GATEWAY */
3034 	       + nla_total_size(16) /* RTA_PREFSRC */
3035 	       + nla_total_size(4) /* RTA_TABLE */
3036 	       + nla_total_size(4) /* RTA_IIF */
3037 	       + nla_total_size(4) /* RTA_OIF */
3038 	       + nla_total_size(4) /* RTA_PRIORITY */
3039 	       + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */
3040 	       + nla_total_size(sizeof(struct rta_cacheinfo))
3041 	       + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */
3042 	       + nla_total_size(1) /* RTA_PREF */
3043 	       + lwtunnel_get_encap_size(rt->dst.lwtstate);
3044 }
3045 
3046 static int rt6_fill_node(struct net *net,
3047 			 struct sk_buff *skb, struct rt6_info *rt,
3048 			 struct in6_addr *dst, struct in6_addr *src,
3049 			 int iif, int type, u32 portid, u32 seq,
3050 			 int prefix, int nowait, unsigned int flags)
3051 {
3052 	u32 metrics[RTAX_MAX];
3053 	struct rtmsg *rtm;
3054 	struct nlmsghdr *nlh;
3055 	long expires;
3056 	u32 table;
3057 
3058 	if (prefix) {	/* user wants prefix routes only */
3059 		if (!(rt->rt6i_flags & RTF_PREFIX_RT)) {
3060 			/* success since this is not a prefix route */
3061 			return 1;
3062 		}
3063 	}
3064 
3065 	nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags);
3066 	if (!nlh)
3067 		return -EMSGSIZE;
3068 
3069 	rtm = nlmsg_data(nlh);
3070 	rtm->rtm_family = AF_INET6;
3071 	rtm->rtm_dst_len = rt->rt6i_dst.plen;
3072 	rtm->rtm_src_len = rt->rt6i_src.plen;
3073 	rtm->rtm_tos = 0;
3074 	if (rt->rt6i_table)
3075 		table = rt->rt6i_table->tb6_id;
3076 	else
3077 		table = RT6_TABLE_UNSPEC;
3078 	rtm->rtm_table = table;
3079 	if (nla_put_u32(skb, RTA_TABLE, table))
3080 		goto nla_put_failure;
3081 	if (rt->rt6i_flags & RTF_REJECT) {
3082 		switch (rt->dst.error) {
3083 		case -EINVAL:
3084 			rtm->rtm_type = RTN_BLACKHOLE;
3085 			break;
3086 		case -EACCES:
3087 			rtm->rtm_type = RTN_PROHIBIT;
3088 			break;
3089 		case -EAGAIN:
3090 			rtm->rtm_type = RTN_THROW;
3091 			break;
3092 		default:
3093 			rtm->rtm_type = RTN_UNREACHABLE;
3094 			break;
3095 		}
3096 	}
3097 	else if (rt->rt6i_flags & RTF_LOCAL)
3098 		rtm->rtm_type = RTN_LOCAL;
3099 	else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK))
3100 		rtm->rtm_type = RTN_LOCAL;
3101 	else
3102 		rtm->rtm_type = RTN_UNICAST;
3103 	rtm->rtm_flags = 0;
3104 	if (!netif_carrier_ok(rt->dst.dev)) {
3105 		rtm->rtm_flags |= RTNH_F_LINKDOWN;
3106 		if (rt->rt6i_idev->cnf.ignore_routes_with_linkdown)
3107 			rtm->rtm_flags |= RTNH_F_DEAD;
3108 	}
3109 	rtm->rtm_scope = RT_SCOPE_UNIVERSE;
3110 	rtm->rtm_protocol = rt->rt6i_protocol;
3111 	if (rt->rt6i_flags & RTF_DYNAMIC)
3112 		rtm->rtm_protocol = RTPROT_REDIRECT;
3113 	else if (rt->rt6i_flags & RTF_ADDRCONF) {
3114 		if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ROUTEINFO))
3115 			rtm->rtm_protocol = RTPROT_RA;
3116 		else
3117 			rtm->rtm_protocol = RTPROT_KERNEL;
3118 	}
3119 
3120 	if (rt->rt6i_flags & RTF_CACHE)
3121 		rtm->rtm_flags |= RTM_F_CLONED;
3122 
3123 	if (dst) {
3124 		if (nla_put_in6_addr(skb, RTA_DST, dst))
3125 			goto nla_put_failure;
3126 		rtm->rtm_dst_len = 128;
3127 	} else if (rtm->rtm_dst_len)
3128 		if (nla_put_in6_addr(skb, RTA_DST, &rt->rt6i_dst.addr))
3129 			goto nla_put_failure;
3130 #ifdef CONFIG_IPV6_SUBTREES
3131 	if (src) {
3132 		if (nla_put_in6_addr(skb, RTA_SRC, src))
3133 			goto nla_put_failure;
3134 		rtm->rtm_src_len = 128;
3135 	} else if (rtm->rtm_src_len &&
3136 		   nla_put_in6_addr(skb, RTA_SRC, &rt->rt6i_src.addr))
3137 		goto nla_put_failure;
3138 #endif
3139 	if (iif) {
3140 #ifdef CONFIG_IPV6_MROUTE
3141 		if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) {
3142 			int err = ip6mr_get_route(net, skb, rtm, nowait);
3143 			if (err <= 0) {
3144 				if (!nowait) {
3145 					if (err == 0)
3146 						return 0;
3147 					goto nla_put_failure;
3148 				} else {
3149 					if (err == -EMSGSIZE)
3150 						goto nla_put_failure;
3151 				}
3152 			}
3153 		} else
3154 #endif
3155 			if (nla_put_u32(skb, RTA_IIF, iif))
3156 				goto nla_put_failure;
3157 	} else if (dst) {
3158 		struct in6_addr saddr_buf;
3159 		if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 &&
3160 		    nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3161 			goto nla_put_failure;
3162 	}
3163 
3164 	if (rt->rt6i_prefsrc.plen) {
3165 		struct in6_addr saddr_buf;
3166 		saddr_buf = rt->rt6i_prefsrc.addr;
3167 		if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3168 			goto nla_put_failure;
3169 	}
3170 
3171 	memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
3172 	if (rt->rt6i_pmtu)
3173 		metrics[RTAX_MTU - 1] = rt->rt6i_pmtu;
3174 	if (rtnetlink_put_metrics(skb, metrics) < 0)
3175 		goto nla_put_failure;
3176 
3177 	if (rt->rt6i_flags & RTF_GATEWAY) {
3178 		if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->rt6i_gateway) < 0)
3179 			goto nla_put_failure;
3180 	}
3181 
3182 	if (rt->dst.dev &&
3183 	    nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
3184 		goto nla_put_failure;
3185 	if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric))
3186 		goto nla_put_failure;
3187 
3188 	expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0;
3189 
3190 	if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0)
3191 		goto nla_put_failure;
3192 
3193 	if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags)))
3194 		goto nla_put_failure;
3195 
3196 	lwtunnel_fill_encap(skb, rt->dst.lwtstate);
3197 
3198 	nlmsg_end(skb, nlh);
3199 	return 0;
3200 
3201 nla_put_failure:
3202 	nlmsg_cancel(skb, nlh);
3203 	return -EMSGSIZE;
3204 }
3205 
3206 int rt6_dump_route(struct rt6_info *rt, void *p_arg)
3207 {
3208 	struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
3209 	int prefix;
3210 
3211 	if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) {
3212 		struct rtmsg *rtm = nlmsg_data(arg->cb->nlh);
3213 		prefix = (rtm->rtm_flags & RTM_F_PREFIX) != 0;
3214 	} else
3215 		prefix = 0;
3216 
3217 	return rt6_fill_node(arg->net,
3218 		     arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE,
3219 		     NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq,
3220 		     prefix, 0, NLM_F_MULTI);
3221 }
3222 
3223 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
3224 {
3225 	struct net *net = sock_net(in_skb->sk);
3226 	struct nlattr *tb[RTA_MAX+1];
3227 	struct rt6_info *rt;
3228 	struct sk_buff *skb;
3229 	struct rtmsg *rtm;
3230 	struct flowi6 fl6;
3231 	int err, iif = 0, oif = 0;
3232 
3233 	err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy);
3234 	if (err < 0)
3235 		goto errout;
3236 
3237 	err = -EINVAL;
3238 	memset(&fl6, 0, sizeof(fl6));
3239 
3240 	if (tb[RTA_SRC]) {
3241 		if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr))
3242 			goto errout;
3243 
3244 		fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]);
3245 	}
3246 
3247 	if (tb[RTA_DST]) {
3248 		if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr))
3249 			goto errout;
3250 
3251 		fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]);
3252 	}
3253 
3254 	if (tb[RTA_IIF])
3255 		iif = nla_get_u32(tb[RTA_IIF]);
3256 
3257 	if (tb[RTA_OIF])
3258 		oif = nla_get_u32(tb[RTA_OIF]);
3259 
3260 	if (tb[RTA_MARK])
3261 		fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]);
3262 
3263 	if (iif) {
3264 		struct net_device *dev;
3265 		int flags = 0;
3266 
3267 		dev = __dev_get_by_index(net, iif);
3268 		if (!dev) {
3269 			err = -ENODEV;
3270 			goto errout;
3271 		}
3272 
3273 		fl6.flowi6_iif = iif;
3274 
3275 		if (!ipv6_addr_any(&fl6.saddr))
3276 			flags |= RT6_LOOKUP_F_HAS_SADDR;
3277 
3278 		rt = (struct rt6_info *)ip6_route_input_lookup(net, dev, &fl6,
3279 							       flags);
3280 	} else {
3281 		fl6.flowi6_oif = oif;
3282 
3283 		if (netif_index_is_l3_master(net, oif)) {
3284 			fl6.flowi6_flags = FLOWI_FLAG_L3MDEV_SRC |
3285 					   FLOWI_FLAG_SKIP_NH_OIF;
3286 		}
3287 
3288 		rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6);
3289 	}
3290 
3291 	skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3292 	if (!skb) {
3293 		ip6_rt_put(rt);
3294 		err = -ENOBUFS;
3295 		goto errout;
3296 	}
3297 
3298 	/* Reserve room for dummy headers, this skb can pass
3299 	   through good chunk of routing engine.
3300 	 */
3301 	skb_reset_mac_header(skb);
3302 	skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr));
3303 
3304 	skb_dst_set(skb, &rt->dst);
3305 
3306 	err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif,
3307 			    RTM_NEWROUTE, NETLINK_CB(in_skb).portid,
3308 			    nlh->nlmsg_seq, 0, 0, 0);
3309 	if (err < 0) {
3310 		kfree_skb(skb);
3311 		goto errout;
3312 	}
3313 
3314 	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3315 errout:
3316 	return err;
3317 }
3318 
3319 void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info,
3320 		     unsigned int nlm_flags)
3321 {
3322 	struct sk_buff *skb;
3323 	struct net *net = info->nl_net;
3324 	u32 seq;
3325 	int err;
3326 
3327 	err = -ENOBUFS;
3328 	seq = info->nlh ? info->nlh->nlmsg_seq : 0;
3329 
3330 	skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
3331 	if (!skb)
3332 		goto errout;
3333 
3334 	err = rt6_fill_node(net, skb, rt, NULL, NULL, 0,
3335 				event, info->portid, seq, 0, 0, nlm_flags);
3336 	if (err < 0) {
3337 		/* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
3338 		WARN_ON(err == -EMSGSIZE);
3339 		kfree_skb(skb);
3340 		goto errout;
3341 	}
3342 	rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
3343 		    info->nlh, gfp_any());
3344 	return;
3345 errout:
3346 	if (err < 0)
3347 		rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
3348 }
3349 
3350 static int ip6_route_dev_notify(struct notifier_block *this,
3351 				unsigned long event, void *ptr)
3352 {
3353 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3354 	struct net *net = dev_net(dev);
3355 
3356 	if (event == NETDEV_REGISTER && (dev->flags & IFF_LOOPBACK)) {
3357 		net->ipv6.ip6_null_entry->dst.dev = dev;
3358 		net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev);
3359 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3360 		net->ipv6.ip6_prohibit_entry->dst.dev = dev;
3361 		net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
3362 		net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
3363 		net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
3364 #endif
3365 	}
3366 
3367 	return NOTIFY_OK;
3368 }
3369 
3370 /*
3371  *	/proc
3372  */
3373 
3374 #ifdef CONFIG_PROC_FS
3375 
3376 static const struct file_operations ipv6_route_proc_fops = {
3377 	.owner		= THIS_MODULE,
3378 	.open		= ipv6_route_open,
3379 	.read		= seq_read,
3380 	.llseek		= seq_lseek,
3381 	.release	= seq_release_net,
3382 };
3383 
3384 static int rt6_stats_seq_show(struct seq_file *seq, void *v)
3385 {
3386 	struct net *net = (struct net *)seq->private;
3387 	seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n",
3388 		   net->ipv6.rt6_stats->fib_nodes,
3389 		   net->ipv6.rt6_stats->fib_route_nodes,
3390 		   net->ipv6.rt6_stats->fib_rt_alloc,
3391 		   net->ipv6.rt6_stats->fib_rt_entries,
3392 		   net->ipv6.rt6_stats->fib_rt_cache,
3393 		   dst_entries_get_slow(&net->ipv6.ip6_dst_ops),
3394 		   net->ipv6.rt6_stats->fib_discarded_routes);
3395 
3396 	return 0;
3397 }
3398 
3399 static int rt6_stats_seq_open(struct inode *inode, struct file *file)
3400 {
3401 	return single_open_net(inode, file, rt6_stats_seq_show);
3402 }
3403 
3404 static const struct file_operations rt6_stats_seq_fops = {
3405 	.owner	 = THIS_MODULE,
3406 	.open	 = rt6_stats_seq_open,
3407 	.read	 = seq_read,
3408 	.llseek	 = seq_lseek,
3409 	.release = single_release_net,
3410 };
3411 #endif	/* CONFIG_PROC_FS */
3412 
3413 #ifdef CONFIG_SYSCTL
3414 
3415 static
3416 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
3417 			      void __user *buffer, size_t *lenp, loff_t *ppos)
3418 {
3419 	struct net *net;
3420 	int delay;
3421 	if (!write)
3422 		return -EINVAL;
3423 
3424 	net = (struct net *)ctl->extra1;
3425 	delay = net->ipv6.sysctl.flush_delay;
3426 	proc_dointvec(ctl, write, buffer, lenp, ppos);
3427 	fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0);
3428 	return 0;
3429 }
3430 
3431 struct ctl_table ipv6_route_table_template[] = {
3432 	{
3433 		.procname	=	"flush",
3434 		.data		=	&init_net.ipv6.sysctl.flush_delay,
3435 		.maxlen		=	sizeof(int),
3436 		.mode		=	0200,
3437 		.proc_handler	=	ipv6_sysctl_rtcache_flush
3438 	},
3439 	{
3440 		.procname	=	"gc_thresh",
3441 		.data		=	&ip6_dst_ops_template.gc_thresh,
3442 		.maxlen		=	sizeof(int),
3443 		.mode		=	0644,
3444 		.proc_handler	=	proc_dointvec,
3445 	},
3446 	{
3447 		.procname	=	"max_size",
3448 		.data		=	&init_net.ipv6.sysctl.ip6_rt_max_size,
3449 		.maxlen		=	sizeof(int),
3450 		.mode		=	0644,
3451 		.proc_handler	=	proc_dointvec,
3452 	},
3453 	{
3454 		.procname	=	"gc_min_interval",
3455 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3456 		.maxlen		=	sizeof(int),
3457 		.mode		=	0644,
3458 		.proc_handler	=	proc_dointvec_jiffies,
3459 	},
3460 	{
3461 		.procname	=	"gc_timeout",
3462 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_timeout,
3463 		.maxlen		=	sizeof(int),
3464 		.mode		=	0644,
3465 		.proc_handler	=	proc_dointvec_jiffies,
3466 	},
3467 	{
3468 		.procname	=	"gc_interval",
3469 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_interval,
3470 		.maxlen		=	sizeof(int),
3471 		.mode		=	0644,
3472 		.proc_handler	=	proc_dointvec_jiffies,
3473 	},
3474 	{
3475 		.procname	=	"gc_elasticity",
3476 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_elasticity,
3477 		.maxlen		=	sizeof(int),
3478 		.mode		=	0644,
3479 		.proc_handler	=	proc_dointvec,
3480 	},
3481 	{
3482 		.procname	=	"mtu_expires",
3483 		.data		=	&init_net.ipv6.sysctl.ip6_rt_mtu_expires,
3484 		.maxlen		=	sizeof(int),
3485 		.mode		=	0644,
3486 		.proc_handler	=	proc_dointvec_jiffies,
3487 	},
3488 	{
3489 		.procname	=	"min_adv_mss",
3490 		.data		=	&init_net.ipv6.sysctl.ip6_rt_min_advmss,
3491 		.maxlen		=	sizeof(int),
3492 		.mode		=	0644,
3493 		.proc_handler	=	proc_dointvec,
3494 	},
3495 	{
3496 		.procname	=	"gc_min_interval_ms",
3497 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3498 		.maxlen		=	sizeof(int),
3499 		.mode		=	0644,
3500 		.proc_handler	=	proc_dointvec_ms_jiffies,
3501 	},
3502 	{ }
3503 };
3504 
3505 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
3506 {
3507 	struct ctl_table *table;
3508 
3509 	table = kmemdup(ipv6_route_table_template,
3510 			sizeof(ipv6_route_table_template),
3511 			GFP_KERNEL);
3512 
3513 	if (table) {
3514 		table[0].data = &net->ipv6.sysctl.flush_delay;
3515 		table[0].extra1 = net;
3516 		table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh;
3517 		table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
3518 		table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3519 		table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
3520 		table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
3521 		table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
3522 		table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
3523 		table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
3524 		table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3525 
3526 		/* Don't export sysctls to unprivileged users */
3527 		if (net->user_ns != &init_user_ns)
3528 			table[0].procname = NULL;
3529 	}
3530 
3531 	return table;
3532 }
3533 #endif
3534 
3535 static int __net_init ip6_route_net_init(struct net *net)
3536 {
3537 	int ret = -ENOMEM;
3538 
3539 	memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template,
3540 	       sizeof(net->ipv6.ip6_dst_ops));
3541 
3542 	if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0)
3543 		goto out_ip6_dst_ops;
3544 
3545 	net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template,
3546 					   sizeof(*net->ipv6.ip6_null_entry),
3547 					   GFP_KERNEL);
3548 	if (!net->ipv6.ip6_null_entry)
3549 		goto out_ip6_dst_entries;
3550 	net->ipv6.ip6_null_entry->dst.path =
3551 		(struct dst_entry *)net->ipv6.ip6_null_entry;
3552 	net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3553 	dst_init_metrics(&net->ipv6.ip6_null_entry->dst,
3554 			 ip6_template_metrics, true);
3555 
3556 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3557 	net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
3558 					       sizeof(*net->ipv6.ip6_prohibit_entry),
3559 					       GFP_KERNEL);
3560 	if (!net->ipv6.ip6_prohibit_entry)
3561 		goto out_ip6_null_entry;
3562 	net->ipv6.ip6_prohibit_entry->dst.path =
3563 		(struct dst_entry *)net->ipv6.ip6_prohibit_entry;
3564 	net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3565 	dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst,
3566 			 ip6_template_metrics, true);
3567 
3568 	net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
3569 					       sizeof(*net->ipv6.ip6_blk_hole_entry),
3570 					       GFP_KERNEL);
3571 	if (!net->ipv6.ip6_blk_hole_entry)
3572 		goto out_ip6_prohibit_entry;
3573 	net->ipv6.ip6_blk_hole_entry->dst.path =
3574 		(struct dst_entry *)net->ipv6.ip6_blk_hole_entry;
3575 	net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3576 	dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
3577 			 ip6_template_metrics, true);
3578 #endif
3579 
3580 	net->ipv6.sysctl.flush_delay = 0;
3581 	net->ipv6.sysctl.ip6_rt_max_size = 4096;
3582 	net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
3583 	net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;
3584 	net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ;
3585 	net->ipv6.sysctl.ip6_rt_gc_elasticity = 9;
3586 	net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
3587 	net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
3588 
3589 	net->ipv6.ip6_rt_gc_expire = 30*HZ;
3590 
3591 	ret = 0;
3592 out:
3593 	return ret;
3594 
3595 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3596 out_ip6_prohibit_entry:
3597 	kfree(net->ipv6.ip6_prohibit_entry);
3598 out_ip6_null_entry:
3599 	kfree(net->ipv6.ip6_null_entry);
3600 #endif
3601 out_ip6_dst_entries:
3602 	dst_entries_destroy(&net->ipv6.ip6_dst_ops);
3603 out_ip6_dst_ops:
3604 	goto out;
3605 }
3606 
3607 static void __net_exit ip6_route_net_exit(struct net *net)
3608 {
3609 	kfree(net->ipv6.ip6_null_entry);
3610 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3611 	kfree(net->ipv6.ip6_prohibit_entry);
3612 	kfree(net->ipv6.ip6_blk_hole_entry);
3613 #endif
3614 	dst_entries_destroy(&net->ipv6.ip6_dst_ops);
3615 }
3616 
3617 static int __net_init ip6_route_net_init_late(struct net *net)
3618 {
3619 #ifdef CONFIG_PROC_FS
3620 	proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops);
3621 	proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops);
3622 #endif
3623 	return 0;
3624 }
3625 
3626 static void __net_exit ip6_route_net_exit_late(struct net *net)
3627 {
3628 #ifdef CONFIG_PROC_FS
3629 	remove_proc_entry("ipv6_route", net->proc_net);
3630 	remove_proc_entry("rt6_stats", net->proc_net);
3631 #endif
3632 }
3633 
3634 static struct pernet_operations ip6_route_net_ops = {
3635 	.init = ip6_route_net_init,
3636 	.exit = ip6_route_net_exit,
3637 };
3638 
3639 static int __net_init ipv6_inetpeer_init(struct net *net)
3640 {
3641 	struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3642 
3643 	if (!bp)
3644 		return -ENOMEM;
3645 	inet_peer_base_init(bp);
3646 	net->ipv6.peers = bp;
3647 	return 0;
3648 }
3649 
3650 static void __net_exit ipv6_inetpeer_exit(struct net *net)
3651 {
3652 	struct inet_peer_base *bp = net->ipv6.peers;
3653 
3654 	net->ipv6.peers = NULL;
3655 	inetpeer_invalidate_tree(bp);
3656 	kfree(bp);
3657 }
3658 
3659 static struct pernet_operations ipv6_inetpeer_ops = {
3660 	.init	=	ipv6_inetpeer_init,
3661 	.exit	=	ipv6_inetpeer_exit,
3662 };
3663 
3664 static struct pernet_operations ip6_route_net_late_ops = {
3665 	.init = ip6_route_net_init_late,
3666 	.exit = ip6_route_net_exit_late,
3667 };
3668 
3669 static struct notifier_block ip6_route_dev_notifier = {
3670 	.notifier_call = ip6_route_dev_notify,
3671 	.priority = 0,
3672 };
3673 
3674 int __init ip6_route_init(void)
3675 {
3676 	int ret;
3677 	int cpu;
3678 
3679 	ret = -ENOMEM;
3680 	ip6_dst_ops_template.kmem_cachep =
3681 		kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0,
3682 				  SLAB_HWCACHE_ALIGN, NULL);
3683 	if (!ip6_dst_ops_template.kmem_cachep)
3684 		goto out;
3685 
3686 	ret = dst_entries_init(&ip6_dst_blackhole_ops);
3687 	if (ret)
3688 		goto out_kmem_cache;
3689 
3690 	ret = register_pernet_subsys(&ipv6_inetpeer_ops);
3691 	if (ret)
3692 		goto out_dst_entries;
3693 
3694 	ret = register_pernet_subsys(&ip6_route_net_ops);
3695 	if (ret)
3696 		goto out_register_inetpeer;
3697 
3698 	ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep;
3699 
3700 	/* Registering of the loopback is done before this portion of code,
3701 	 * the loopback reference in rt6_info will not be taken, do it
3702 	 * manually for init_net */
3703 	init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev;
3704 	init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3705   #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3706 	init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev;
3707 	init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3708 	init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
3709 	init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3710   #endif
3711 	ret = fib6_init();
3712 	if (ret)
3713 		goto out_register_subsys;
3714 
3715 	ret = xfrm6_init();
3716 	if (ret)
3717 		goto out_fib6_init;
3718 
3719 	ret = fib6_rules_init();
3720 	if (ret)
3721 		goto xfrm6_init;
3722 
3723 	ret = register_pernet_subsys(&ip6_route_net_late_ops);
3724 	if (ret)
3725 		goto fib6_rules_init;
3726 
3727 	ret = -ENOBUFS;
3728 	if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, NULL) ||
3729 	    __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, NULL) ||
3730 	    __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL, NULL))
3731 		goto out_register_late_subsys;
3732 
3733 	ret = register_netdevice_notifier(&ip6_route_dev_notifier);
3734 	if (ret)
3735 		goto out_register_late_subsys;
3736 
3737 	for_each_possible_cpu(cpu) {
3738 		struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
3739 
3740 		INIT_LIST_HEAD(&ul->head);
3741 		spin_lock_init(&ul->lock);
3742 	}
3743 
3744 out:
3745 	return ret;
3746 
3747 out_register_late_subsys:
3748 	unregister_pernet_subsys(&ip6_route_net_late_ops);
3749 fib6_rules_init:
3750 	fib6_rules_cleanup();
3751 xfrm6_init:
3752 	xfrm6_fini();
3753 out_fib6_init:
3754 	fib6_gc_cleanup();
3755 out_register_subsys:
3756 	unregister_pernet_subsys(&ip6_route_net_ops);
3757 out_register_inetpeer:
3758 	unregister_pernet_subsys(&ipv6_inetpeer_ops);
3759 out_dst_entries:
3760 	dst_entries_destroy(&ip6_dst_blackhole_ops);
3761 out_kmem_cache:
3762 	kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
3763 	goto out;
3764 }
3765 
3766 void ip6_route_cleanup(void)
3767 {
3768 	unregister_netdevice_notifier(&ip6_route_dev_notifier);
3769 	unregister_pernet_subsys(&ip6_route_net_late_ops);
3770 	fib6_rules_cleanup();
3771 	xfrm6_fini();
3772 	fib6_gc_cleanup();
3773 	unregister_pernet_subsys(&ipv6_inetpeer_ops);
3774 	unregister_pernet_subsys(&ip6_route_net_ops);
3775 	dst_entries_destroy(&ip6_dst_blackhole_ops);
3776 	kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
3777 }
3778