xref: /openbmc/linux/net/ipv6/route.c (revision bc5aa3a0)
1 /*
2  *	Linux INET6 implementation
3  *	FIB front-end.
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	This program is free software; you can redistribute it and/or
9  *      modify it under the terms of the GNU General Public License
10  *      as published by the Free Software Foundation; either version
11  *      2 of the License, or (at your option) any later version.
12  */
13 
14 /*	Changes:
15  *
16  *	YOSHIFUJI Hideaki @USAGI
17  *		reworked default router selection.
18  *		- respect outgoing interface
19  *		- select from (probably) reachable routers (i.e.
20  *		routers in REACHABLE, STALE, DELAY or PROBE states).
21  *		- always select the same router if it is (probably)
22  *		reachable.  otherwise, round-robin the list.
23  *	Ville Nuorvala
24  *		Fixed routing subtrees.
25  */
26 
27 #define pr_fmt(fmt) "IPv6: " fmt
28 
29 #include <linux/capability.h>
30 #include <linux/errno.h>
31 #include <linux/export.h>
32 #include <linux/types.h>
33 #include <linux/times.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/net.h>
37 #include <linux/route.h>
38 #include <linux/netdevice.h>
39 #include <linux/in6.h>
40 #include <linux/mroute6.h>
41 #include <linux/init.h>
42 #include <linux/if_arp.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <linux/nsproxy.h>
46 #include <linux/slab.h>
47 #include <net/net_namespace.h>
48 #include <net/snmp.h>
49 #include <net/ipv6.h>
50 #include <net/ip6_fib.h>
51 #include <net/ip6_route.h>
52 #include <net/ndisc.h>
53 #include <net/addrconf.h>
54 #include <net/tcp.h>
55 #include <linux/rtnetlink.h>
56 #include <net/dst.h>
57 #include <net/dst_metadata.h>
58 #include <net/xfrm.h>
59 #include <net/netevent.h>
60 #include <net/netlink.h>
61 #include <net/nexthop.h>
62 #include <net/lwtunnel.h>
63 #include <net/ip_tunnels.h>
64 #include <net/l3mdev.h>
65 #include <trace/events/fib6.h>
66 
67 #include <asm/uaccess.h>
68 
69 #ifdef CONFIG_SYSCTL
70 #include <linux/sysctl.h>
71 #endif
72 
73 enum rt6_nud_state {
74 	RT6_NUD_FAIL_HARD = -3,
75 	RT6_NUD_FAIL_PROBE = -2,
76 	RT6_NUD_FAIL_DO_RR = -1,
77 	RT6_NUD_SUCCEED = 1
78 };
79 
80 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort);
81 static struct dst_entry	*ip6_dst_check(struct dst_entry *dst, u32 cookie);
82 static unsigned int	 ip6_default_advmss(const struct dst_entry *dst);
83 static unsigned int	 ip6_mtu(const struct dst_entry *dst);
84 static struct dst_entry *ip6_negative_advice(struct dst_entry *);
85 static void		ip6_dst_destroy(struct dst_entry *);
86 static void		ip6_dst_ifdown(struct dst_entry *,
87 				       struct net_device *dev, int how);
88 static int		 ip6_dst_gc(struct dst_ops *ops);
89 
90 static int		ip6_pkt_discard(struct sk_buff *skb);
91 static int		ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
92 static int		ip6_pkt_prohibit(struct sk_buff *skb);
93 static int		ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
94 static void		ip6_link_failure(struct sk_buff *skb);
95 static void		ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
96 					   struct sk_buff *skb, u32 mtu);
97 static void		rt6_do_redirect(struct dst_entry *dst, struct sock *sk,
98 					struct sk_buff *skb);
99 static void		rt6_dst_from_metrics_check(struct rt6_info *rt);
100 static int rt6_score_route(struct rt6_info *rt, int oif, int strict);
101 
102 #ifdef CONFIG_IPV6_ROUTE_INFO
103 static struct rt6_info *rt6_add_route_info(struct net *net,
104 					   const struct in6_addr *prefix, int prefixlen,
105 					   const struct in6_addr *gwaddr, int ifindex,
106 					   unsigned int pref);
107 static struct rt6_info *rt6_get_route_info(struct net *net,
108 					   const struct in6_addr *prefix, int prefixlen,
109 					   const struct in6_addr *gwaddr, int ifindex);
110 #endif
111 
112 struct uncached_list {
113 	spinlock_t		lock;
114 	struct list_head	head;
115 };
116 
117 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list);
118 
119 static void rt6_uncached_list_add(struct rt6_info *rt)
120 {
121 	struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list);
122 
123 	rt->dst.flags |= DST_NOCACHE;
124 	rt->rt6i_uncached_list = ul;
125 
126 	spin_lock_bh(&ul->lock);
127 	list_add_tail(&rt->rt6i_uncached, &ul->head);
128 	spin_unlock_bh(&ul->lock);
129 }
130 
131 static void rt6_uncached_list_del(struct rt6_info *rt)
132 {
133 	if (!list_empty(&rt->rt6i_uncached)) {
134 		struct uncached_list *ul = rt->rt6i_uncached_list;
135 
136 		spin_lock_bh(&ul->lock);
137 		list_del(&rt->rt6i_uncached);
138 		spin_unlock_bh(&ul->lock);
139 	}
140 }
141 
142 static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
143 {
144 	struct net_device *loopback_dev = net->loopback_dev;
145 	int cpu;
146 
147 	if (dev == loopback_dev)
148 		return;
149 
150 	for_each_possible_cpu(cpu) {
151 		struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
152 		struct rt6_info *rt;
153 
154 		spin_lock_bh(&ul->lock);
155 		list_for_each_entry(rt, &ul->head, rt6i_uncached) {
156 			struct inet6_dev *rt_idev = rt->rt6i_idev;
157 			struct net_device *rt_dev = rt->dst.dev;
158 
159 			if (rt_idev->dev == dev) {
160 				rt->rt6i_idev = in6_dev_get(loopback_dev);
161 				in6_dev_put(rt_idev);
162 			}
163 
164 			if (rt_dev == dev) {
165 				rt->dst.dev = loopback_dev;
166 				dev_hold(rt->dst.dev);
167 				dev_put(rt_dev);
168 			}
169 		}
170 		spin_unlock_bh(&ul->lock);
171 	}
172 }
173 
174 static u32 *rt6_pcpu_cow_metrics(struct rt6_info *rt)
175 {
176 	return dst_metrics_write_ptr(rt->dst.from);
177 }
178 
179 static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old)
180 {
181 	struct rt6_info *rt = (struct rt6_info *)dst;
182 
183 	if (rt->rt6i_flags & RTF_PCPU)
184 		return rt6_pcpu_cow_metrics(rt);
185 	else if (rt->rt6i_flags & RTF_CACHE)
186 		return NULL;
187 	else
188 		return dst_cow_metrics_generic(dst, old);
189 }
190 
191 static inline const void *choose_neigh_daddr(struct rt6_info *rt,
192 					     struct sk_buff *skb,
193 					     const void *daddr)
194 {
195 	struct in6_addr *p = &rt->rt6i_gateway;
196 
197 	if (!ipv6_addr_any(p))
198 		return (const void *) p;
199 	else if (skb)
200 		return &ipv6_hdr(skb)->daddr;
201 	return daddr;
202 }
203 
204 static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst,
205 					  struct sk_buff *skb,
206 					  const void *daddr)
207 {
208 	struct rt6_info *rt = (struct rt6_info *) dst;
209 	struct neighbour *n;
210 
211 	daddr = choose_neigh_daddr(rt, skb, daddr);
212 	n = __ipv6_neigh_lookup(dst->dev, daddr);
213 	if (n)
214 		return n;
215 	return neigh_create(&nd_tbl, daddr, dst->dev);
216 }
217 
218 static struct dst_ops ip6_dst_ops_template = {
219 	.family			=	AF_INET6,
220 	.gc			=	ip6_dst_gc,
221 	.gc_thresh		=	1024,
222 	.check			=	ip6_dst_check,
223 	.default_advmss		=	ip6_default_advmss,
224 	.mtu			=	ip6_mtu,
225 	.cow_metrics		=	ipv6_cow_metrics,
226 	.destroy		=	ip6_dst_destroy,
227 	.ifdown			=	ip6_dst_ifdown,
228 	.negative_advice	=	ip6_negative_advice,
229 	.link_failure		=	ip6_link_failure,
230 	.update_pmtu		=	ip6_rt_update_pmtu,
231 	.redirect		=	rt6_do_redirect,
232 	.local_out		=	__ip6_local_out,
233 	.neigh_lookup		=	ip6_neigh_lookup,
234 };
235 
236 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst)
237 {
238 	unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
239 
240 	return mtu ? : dst->dev->mtu;
241 }
242 
243 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
244 					 struct sk_buff *skb, u32 mtu)
245 {
246 }
247 
248 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
249 				      struct sk_buff *skb)
250 {
251 }
252 
253 static struct dst_ops ip6_dst_blackhole_ops = {
254 	.family			=	AF_INET6,
255 	.destroy		=	ip6_dst_destroy,
256 	.check			=	ip6_dst_check,
257 	.mtu			=	ip6_blackhole_mtu,
258 	.default_advmss		=	ip6_default_advmss,
259 	.update_pmtu		=	ip6_rt_blackhole_update_pmtu,
260 	.redirect		=	ip6_rt_blackhole_redirect,
261 	.cow_metrics		=	dst_cow_metrics_generic,
262 	.neigh_lookup		=	ip6_neigh_lookup,
263 };
264 
265 static const u32 ip6_template_metrics[RTAX_MAX] = {
266 	[RTAX_HOPLIMIT - 1] = 0,
267 };
268 
269 static const struct rt6_info ip6_null_entry_template = {
270 	.dst = {
271 		.__refcnt	= ATOMIC_INIT(1),
272 		.__use		= 1,
273 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
274 		.error		= -ENETUNREACH,
275 		.input		= ip6_pkt_discard,
276 		.output		= ip6_pkt_discard_out,
277 	},
278 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
279 	.rt6i_protocol  = RTPROT_KERNEL,
280 	.rt6i_metric	= ~(u32) 0,
281 	.rt6i_ref	= ATOMIC_INIT(1),
282 };
283 
284 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
285 
286 static const struct rt6_info ip6_prohibit_entry_template = {
287 	.dst = {
288 		.__refcnt	= ATOMIC_INIT(1),
289 		.__use		= 1,
290 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
291 		.error		= -EACCES,
292 		.input		= ip6_pkt_prohibit,
293 		.output		= ip6_pkt_prohibit_out,
294 	},
295 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
296 	.rt6i_protocol  = RTPROT_KERNEL,
297 	.rt6i_metric	= ~(u32) 0,
298 	.rt6i_ref	= ATOMIC_INIT(1),
299 };
300 
301 static const struct rt6_info ip6_blk_hole_entry_template = {
302 	.dst = {
303 		.__refcnt	= ATOMIC_INIT(1),
304 		.__use		= 1,
305 		.obsolete	= DST_OBSOLETE_FORCE_CHK,
306 		.error		= -EINVAL,
307 		.input		= dst_discard,
308 		.output		= dst_discard_out,
309 	},
310 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
311 	.rt6i_protocol  = RTPROT_KERNEL,
312 	.rt6i_metric	= ~(u32) 0,
313 	.rt6i_ref	= ATOMIC_INIT(1),
314 };
315 
316 #endif
317 
318 static void rt6_info_init(struct rt6_info *rt)
319 {
320 	struct dst_entry *dst = &rt->dst;
321 
322 	memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
323 	INIT_LIST_HEAD(&rt->rt6i_siblings);
324 	INIT_LIST_HEAD(&rt->rt6i_uncached);
325 }
326 
327 /* allocate dst with ip6_dst_ops */
328 static struct rt6_info *__ip6_dst_alloc(struct net *net,
329 					struct net_device *dev,
330 					int flags)
331 {
332 	struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
333 					0, DST_OBSOLETE_FORCE_CHK, flags);
334 
335 	if (rt)
336 		rt6_info_init(rt);
337 
338 	return rt;
339 }
340 
341 struct rt6_info *ip6_dst_alloc(struct net *net,
342 			       struct net_device *dev,
343 			       int flags)
344 {
345 	struct rt6_info *rt = __ip6_dst_alloc(net, dev, flags);
346 
347 	if (rt) {
348 		rt->rt6i_pcpu = alloc_percpu_gfp(struct rt6_info *, GFP_ATOMIC);
349 		if (rt->rt6i_pcpu) {
350 			int cpu;
351 
352 			for_each_possible_cpu(cpu) {
353 				struct rt6_info **p;
354 
355 				p = per_cpu_ptr(rt->rt6i_pcpu, cpu);
356 				/* no one shares rt */
357 				*p =  NULL;
358 			}
359 		} else {
360 			dst_destroy((struct dst_entry *)rt);
361 			return NULL;
362 		}
363 	}
364 
365 	return rt;
366 }
367 EXPORT_SYMBOL(ip6_dst_alloc);
368 
369 static void ip6_dst_destroy(struct dst_entry *dst)
370 {
371 	struct rt6_info *rt = (struct rt6_info *)dst;
372 	struct dst_entry *from = dst->from;
373 	struct inet6_dev *idev;
374 
375 	dst_destroy_metrics_generic(dst);
376 	free_percpu(rt->rt6i_pcpu);
377 	rt6_uncached_list_del(rt);
378 
379 	idev = rt->rt6i_idev;
380 	if (idev) {
381 		rt->rt6i_idev = NULL;
382 		in6_dev_put(idev);
383 	}
384 
385 	dst->from = NULL;
386 	dst_release(from);
387 }
388 
389 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
390 			   int how)
391 {
392 	struct rt6_info *rt = (struct rt6_info *)dst;
393 	struct inet6_dev *idev = rt->rt6i_idev;
394 	struct net_device *loopback_dev =
395 		dev_net(dev)->loopback_dev;
396 
397 	if (dev != loopback_dev) {
398 		if (idev && idev->dev == dev) {
399 			struct inet6_dev *loopback_idev =
400 				in6_dev_get(loopback_dev);
401 			if (loopback_idev) {
402 				rt->rt6i_idev = loopback_idev;
403 				in6_dev_put(idev);
404 			}
405 		}
406 	}
407 }
408 
409 static bool __rt6_check_expired(const struct rt6_info *rt)
410 {
411 	if (rt->rt6i_flags & RTF_EXPIRES)
412 		return time_after(jiffies, rt->dst.expires);
413 	else
414 		return false;
415 }
416 
417 static bool rt6_check_expired(const struct rt6_info *rt)
418 {
419 	if (rt->rt6i_flags & RTF_EXPIRES) {
420 		if (time_after(jiffies, rt->dst.expires))
421 			return true;
422 	} else if (rt->dst.from) {
423 		return rt6_check_expired((struct rt6_info *) rt->dst.from);
424 	}
425 	return false;
426 }
427 
428 /* Multipath route selection:
429  *   Hash based function using packet header and flowlabel.
430  * Adapted from fib_info_hashfn()
431  */
432 static int rt6_info_hash_nhsfn(unsigned int candidate_count,
433 			       const struct flowi6 *fl6)
434 {
435 	return get_hash_from_flowi6(fl6) % candidate_count;
436 }
437 
438 static struct rt6_info *rt6_multipath_select(struct rt6_info *match,
439 					     struct flowi6 *fl6, int oif,
440 					     int strict)
441 {
442 	struct rt6_info *sibling, *next_sibling;
443 	int route_choosen;
444 
445 	route_choosen = rt6_info_hash_nhsfn(match->rt6i_nsiblings + 1, fl6);
446 	/* Don't change the route, if route_choosen == 0
447 	 * (siblings does not include ourself)
448 	 */
449 	if (route_choosen)
450 		list_for_each_entry_safe(sibling, next_sibling,
451 				&match->rt6i_siblings, rt6i_siblings) {
452 			route_choosen--;
453 			if (route_choosen == 0) {
454 				if (rt6_score_route(sibling, oif, strict) < 0)
455 					break;
456 				match = sibling;
457 				break;
458 			}
459 		}
460 	return match;
461 }
462 
463 /*
464  *	Route lookup. Any table->tb6_lock is implied.
465  */
466 
467 static inline struct rt6_info *rt6_device_match(struct net *net,
468 						    struct rt6_info *rt,
469 						    const struct in6_addr *saddr,
470 						    int oif,
471 						    int flags)
472 {
473 	struct rt6_info *local = NULL;
474 	struct rt6_info *sprt;
475 
476 	if (!oif && ipv6_addr_any(saddr))
477 		goto out;
478 
479 	for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) {
480 		struct net_device *dev = sprt->dst.dev;
481 
482 		if (oif) {
483 			if (dev->ifindex == oif)
484 				return sprt;
485 			if (dev->flags & IFF_LOOPBACK) {
486 				if (!sprt->rt6i_idev ||
487 				    sprt->rt6i_idev->dev->ifindex != oif) {
488 					if (flags & RT6_LOOKUP_F_IFACE)
489 						continue;
490 					if (local &&
491 					    local->rt6i_idev->dev->ifindex == oif)
492 						continue;
493 				}
494 				local = sprt;
495 			}
496 		} else {
497 			if (ipv6_chk_addr(net, saddr, dev,
498 					  flags & RT6_LOOKUP_F_IFACE))
499 				return sprt;
500 		}
501 	}
502 
503 	if (oif) {
504 		if (local)
505 			return local;
506 
507 		if (flags & RT6_LOOKUP_F_IFACE)
508 			return net->ipv6.ip6_null_entry;
509 	}
510 out:
511 	return rt;
512 }
513 
514 #ifdef CONFIG_IPV6_ROUTER_PREF
515 struct __rt6_probe_work {
516 	struct work_struct work;
517 	struct in6_addr target;
518 	struct net_device *dev;
519 };
520 
521 static void rt6_probe_deferred(struct work_struct *w)
522 {
523 	struct in6_addr mcaddr;
524 	struct __rt6_probe_work *work =
525 		container_of(w, struct __rt6_probe_work, work);
526 
527 	addrconf_addr_solict_mult(&work->target, &mcaddr);
528 	ndisc_send_ns(work->dev, &work->target, &mcaddr, NULL);
529 	dev_put(work->dev);
530 	kfree(work);
531 }
532 
533 static void rt6_probe(struct rt6_info *rt)
534 {
535 	struct __rt6_probe_work *work;
536 	struct neighbour *neigh;
537 	/*
538 	 * Okay, this does not seem to be appropriate
539 	 * for now, however, we need to check if it
540 	 * is really so; aka Router Reachability Probing.
541 	 *
542 	 * Router Reachability Probe MUST be rate-limited
543 	 * to no more than one per minute.
544 	 */
545 	if (!rt || !(rt->rt6i_flags & RTF_GATEWAY))
546 		return;
547 	rcu_read_lock_bh();
548 	neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
549 	if (neigh) {
550 		if (neigh->nud_state & NUD_VALID)
551 			goto out;
552 
553 		work = NULL;
554 		write_lock(&neigh->lock);
555 		if (!(neigh->nud_state & NUD_VALID) &&
556 		    time_after(jiffies,
557 			       neigh->updated +
558 			       rt->rt6i_idev->cnf.rtr_probe_interval)) {
559 			work = kmalloc(sizeof(*work), GFP_ATOMIC);
560 			if (work)
561 				__neigh_set_probe_once(neigh);
562 		}
563 		write_unlock(&neigh->lock);
564 	} else {
565 		work = kmalloc(sizeof(*work), GFP_ATOMIC);
566 	}
567 
568 	if (work) {
569 		INIT_WORK(&work->work, rt6_probe_deferred);
570 		work->target = rt->rt6i_gateway;
571 		dev_hold(rt->dst.dev);
572 		work->dev = rt->dst.dev;
573 		schedule_work(&work->work);
574 	}
575 
576 out:
577 	rcu_read_unlock_bh();
578 }
579 #else
580 static inline void rt6_probe(struct rt6_info *rt)
581 {
582 }
583 #endif
584 
585 /*
586  * Default Router Selection (RFC 2461 6.3.6)
587  */
588 static inline int rt6_check_dev(struct rt6_info *rt, int oif)
589 {
590 	struct net_device *dev = rt->dst.dev;
591 	if (!oif || dev->ifindex == oif)
592 		return 2;
593 	if ((dev->flags & IFF_LOOPBACK) &&
594 	    rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif)
595 		return 1;
596 	return 0;
597 }
598 
599 static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt)
600 {
601 	struct neighbour *neigh;
602 	enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
603 
604 	if (rt->rt6i_flags & RTF_NONEXTHOP ||
605 	    !(rt->rt6i_flags & RTF_GATEWAY))
606 		return RT6_NUD_SUCCEED;
607 
608 	rcu_read_lock_bh();
609 	neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
610 	if (neigh) {
611 		read_lock(&neigh->lock);
612 		if (neigh->nud_state & NUD_VALID)
613 			ret = RT6_NUD_SUCCEED;
614 #ifdef CONFIG_IPV6_ROUTER_PREF
615 		else if (!(neigh->nud_state & NUD_FAILED))
616 			ret = RT6_NUD_SUCCEED;
617 		else
618 			ret = RT6_NUD_FAIL_PROBE;
619 #endif
620 		read_unlock(&neigh->lock);
621 	} else {
622 		ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ?
623 		      RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR;
624 	}
625 	rcu_read_unlock_bh();
626 
627 	return ret;
628 }
629 
630 static int rt6_score_route(struct rt6_info *rt, int oif,
631 			   int strict)
632 {
633 	int m;
634 
635 	m = rt6_check_dev(rt, oif);
636 	if (!m && (strict & RT6_LOOKUP_F_IFACE))
637 		return RT6_NUD_FAIL_HARD;
638 #ifdef CONFIG_IPV6_ROUTER_PREF
639 	m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
640 #endif
641 	if (strict & RT6_LOOKUP_F_REACHABLE) {
642 		int n = rt6_check_neigh(rt);
643 		if (n < 0)
644 			return n;
645 	}
646 	return m;
647 }
648 
649 static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict,
650 				   int *mpri, struct rt6_info *match,
651 				   bool *do_rr)
652 {
653 	int m;
654 	bool match_do_rr = false;
655 	struct inet6_dev *idev = rt->rt6i_idev;
656 	struct net_device *dev = rt->dst.dev;
657 
658 	if (dev && !netif_carrier_ok(dev) &&
659 	    idev->cnf.ignore_routes_with_linkdown)
660 		goto out;
661 
662 	if (rt6_check_expired(rt))
663 		goto out;
664 
665 	m = rt6_score_route(rt, oif, strict);
666 	if (m == RT6_NUD_FAIL_DO_RR) {
667 		match_do_rr = true;
668 		m = 0; /* lowest valid score */
669 	} else if (m == RT6_NUD_FAIL_HARD) {
670 		goto out;
671 	}
672 
673 	if (strict & RT6_LOOKUP_F_REACHABLE)
674 		rt6_probe(rt);
675 
676 	/* note that m can be RT6_NUD_FAIL_PROBE at this point */
677 	if (m > *mpri) {
678 		*do_rr = match_do_rr;
679 		*mpri = m;
680 		match = rt;
681 	}
682 out:
683 	return match;
684 }
685 
686 static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
687 				     struct rt6_info *rr_head,
688 				     u32 metric, int oif, int strict,
689 				     bool *do_rr)
690 {
691 	struct rt6_info *rt, *match, *cont;
692 	int mpri = -1;
693 
694 	match = NULL;
695 	cont = NULL;
696 	for (rt = rr_head; rt; rt = rt->dst.rt6_next) {
697 		if (rt->rt6i_metric != metric) {
698 			cont = rt;
699 			break;
700 		}
701 
702 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
703 	}
704 
705 	for (rt = fn->leaf; rt && rt != rr_head; rt = rt->dst.rt6_next) {
706 		if (rt->rt6i_metric != metric) {
707 			cont = rt;
708 			break;
709 		}
710 
711 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
712 	}
713 
714 	if (match || !cont)
715 		return match;
716 
717 	for (rt = cont; rt; rt = rt->dst.rt6_next)
718 		match = find_match(rt, oif, strict, &mpri, match, do_rr);
719 
720 	return match;
721 }
722 
723 static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
724 {
725 	struct rt6_info *match, *rt0;
726 	struct net *net;
727 	bool do_rr = false;
728 
729 	rt0 = fn->rr_ptr;
730 	if (!rt0)
731 		fn->rr_ptr = rt0 = fn->leaf;
732 
733 	match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict,
734 			     &do_rr);
735 
736 	if (do_rr) {
737 		struct rt6_info *next = rt0->dst.rt6_next;
738 
739 		/* no entries matched; do round-robin */
740 		if (!next || next->rt6i_metric != rt0->rt6i_metric)
741 			next = fn->leaf;
742 
743 		if (next != rt0)
744 			fn->rr_ptr = next;
745 	}
746 
747 	net = dev_net(rt0->dst.dev);
748 	return match ? match : net->ipv6.ip6_null_entry;
749 }
750 
751 static bool rt6_is_gw_or_nonexthop(const struct rt6_info *rt)
752 {
753 	return (rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY));
754 }
755 
756 #ifdef CONFIG_IPV6_ROUTE_INFO
757 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
758 		  const struct in6_addr *gwaddr)
759 {
760 	struct net *net = dev_net(dev);
761 	struct route_info *rinfo = (struct route_info *) opt;
762 	struct in6_addr prefix_buf, *prefix;
763 	unsigned int pref;
764 	unsigned long lifetime;
765 	struct rt6_info *rt;
766 
767 	if (len < sizeof(struct route_info)) {
768 		return -EINVAL;
769 	}
770 
771 	/* Sanity check for prefix_len and length */
772 	if (rinfo->length > 3) {
773 		return -EINVAL;
774 	} else if (rinfo->prefix_len > 128) {
775 		return -EINVAL;
776 	} else if (rinfo->prefix_len > 64) {
777 		if (rinfo->length < 2) {
778 			return -EINVAL;
779 		}
780 	} else if (rinfo->prefix_len > 0) {
781 		if (rinfo->length < 1) {
782 			return -EINVAL;
783 		}
784 	}
785 
786 	pref = rinfo->route_pref;
787 	if (pref == ICMPV6_ROUTER_PREF_INVALID)
788 		return -EINVAL;
789 
790 	lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ);
791 
792 	if (rinfo->length == 3)
793 		prefix = (struct in6_addr *)rinfo->prefix;
794 	else {
795 		/* this function is safe */
796 		ipv6_addr_prefix(&prefix_buf,
797 				 (struct in6_addr *)rinfo->prefix,
798 				 rinfo->prefix_len);
799 		prefix = &prefix_buf;
800 	}
801 
802 	if (rinfo->prefix_len == 0)
803 		rt = rt6_get_dflt_router(gwaddr, dev);
804 	else
805 		rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
806 					gwaddr, dev->ifindex);
807 
808 	if (rt && !lifetime) {
809 		ip6_del_rt(rt);
810 		rt = NULL;
811 	}
812 
813 	if (!rt && lifetime)
814 		rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, dev->ifindex,
815 					pref);
816 	else if (rt)
817 		rt->rt6i_flags = RTF_ROUTEINFO |
818 				 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
819 
820 	if (rt) {
821 		if (!addrconf_finite_timeout(lifetime))
822 			rt6_clean_expires(rt);
823 		else
824 			rt6_set_expires(rt, jiffies + HZ * lifetime);
825 
826 		ip6_rt_put(rt);
827 	}
828 	return 0;
829 }
830 #endif
831 
832 static struct fib6_node* fib6_backtrack(struct fib6_node *fn,
833 					struct in6_addr *saddr)
834 {
835 	struct fib6_node *pn;
836 	while (1) {
837 		if (fn->fn_flags & RTN_TL_ROOT)
838 			return NULL;
839 		pn = fn->parent;
840 		if (FIB6_SUBTREE(pn) && FIB6_SUBTREE(pn) != fn)
841 			fn = fib6_lookup(FIB6_SUBTREE(pn), NULL, saddr);
842 		else
843 			fn = pn;
844 		if (fn->fn_flags & RTN_RTINFO)
845 			return fn;
846 	}
847 }
848 
849 static struct rt6_info *ip6_pol_route_lookup(struct net *net,
850 					     struct fib6_table *table,
851 					     struct flowi6 *fl6, int flags)
852 {
853 	struct fib6_node *fn;
854 	struct rt6_info *rt;
855 
856 	read_lock_bh(&table->tb6_lock);
857 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
858 restart:
859 	rt = fn->leaf;
860 	rt = rt6_device_match(net, rt, &fl6->saddr, fl6->flowi6_oif, flags);
861 	if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0)
862 		rt = rt6_multipath_select(rt, fl6, fl6->flowi6_oif, flags);
863 	if (rt == net->ipv6.ip6_null_entry) {
864 		fn = fib6_backtrack(fn, &fl6->saddr);
865 		if (fn)
866 			goto restart;
867 	}
868 	dst_use(&rt->dst, jiffies);
869 	read_unlock_bh(&table->tb6_lock);
870 
871 	trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
872 
873 	return rt;
874 
875 }
876 
877 struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6,
878 				    int flags)
879 {
880 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup);
881 }
882 EXPORT_SYMBOL_GPL(ip6_route_lookup);
883 
884 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
885 			    const struct in6_addr *saddr, int oif, int strict)
886 {
887 	struct flowi6 fl6 = {
888 		.flowi6_oif = oif,
889 		.daddr = *daddr,
890 	};
891 	struct dst_entry *dst;
892 	int flags = strict ? RT6_LOOKUP_F_IFACE : 0;
893 
894 	if (saddr) {
895 		memcpy(&fl6.saddr, saddr, sizeof(*saddr));
896 		flags |= RT6_LOOKUP_F_HAS_SADDR;
897 	}
898 
899 	dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup);
900 	if (dst->error == 0)
901 		return (struct rt6_info *) dst;
902 
903 	dst_release(dst);
904 
905 	return NULL;
906 }
907 EXPORT_SYMBOL(rt6_lookup);
908 
909 /* ip6_ins_rt is called with FREE table->tb6_lock.
910    It takes new route entry, the addition fails by any reason the
911    route is freed. In any case, if caller does not hold it, it may
912    be destroyed.
913  */
914 
915 static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info,
916 			struct mx6_config *mxc)
917 {
918 	int err;
919 	struct fib6_table *table;
920 
921 	table = rt->rt6i_table;
922 	write_lock_bh(&table->tb6_lock);
923 	err = fib6_add(&table->tb6_root, rt, info, mxc);
924 	write_unlock_bh(&table->tb6_lock);
925 
926 	return err;
927 }
928 
929 int ip6_ins_rt(struct rt6_info *rt)
930 {
931 	struct nl_info info = {	.nl_net = dev_net(rt->dst.dev), };
932 	struct mx6_config mxc = { .mx = NULL, };
933 
934 	return __ip6_ins_rt(rt, &info, &mxc);
935 }
936 
937 static struct rt6_info *ip6_rt_cache_alloc(struct rt6_info *ort,
938 					   const struct in6_addr *daddr,
939 					   const struct in6_addr *saddr)
940 {
941 	struct rt6_info *rt;
942 
943 	/*
944 	 *	Clone the route.
945 	 */
946 
947 	if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU))
948 		ort = (struct rt6_info *)ort->dst.from;
949 
950 	rt = __ip6_dst_alloc(dev_net(ort->dst.dev), ort->dst.dev, 0);
951 
952 	if (!rt)
953 		return NULL;
954 
955 	ip6_rt_copy_init(rt, ort);
956 	rt->rt6i_flags |= RTF_CACHE;
957 	rt->rt6i_metric = 0;
958 	rt->dst.flags |= DST_HOST;
959 	rt->rt6i_dst.addr = *daddr;
960 	rt->rt6i_dst.plen = 128;
961 
962 	if (!rt6_is_gw_or_nonexthop(ort)) {
963 		if (ort->rt6i_dst.plen != 128 &&
964 		    ipv6_addr_equal(&ort->rt6i_dst.addr, daddr))
965 			rt->rt6i_flags |= RTF_ANYCAST;
966 #ifdef CONFIG_IPV6_SUBTREES
967 		if (rt->rt6i_src.plen && saddr) {
968 			rt->rt6i_src.addr = *saddr;
969 			rt->rt6i_src.plen = 128;
970 		}
971 #endif
972 	}
973 
974 	return rt;
975 }
976 
977 static struct rt6_info *ip6_rt_pcpu_alloc(struct rt6_info *rt)
978 {
979 	struct rt6_info *pcpu_rt;
980 
981 	pcpu_rt = __ip6_dst_alloc(dev_net(rt->dst.dev),
982 				  rt->dst.dev, rt->dst.flags);
983 
984 	if (!pcpu_rt)
985 		return NULL;
986 	ip6_rt_copy_init(pcpu_rt, rt);
987 	pcpu_rt->rt6i_protocol = rt->rt6i_protocol;
988 	pcpu_rt->rt6i_flags |= RTF_PCPU;
989 	return pcpu_rt;
990 }
991 
992 /* It should be called with read_lock_bh(&tb6_lock) acquired */
993 static struct rt6_info *rt6_get_pcpu_route(struct rt6_info *rt)
994 {
995 	struct rt6_info *pcpu_rt, **p;
996 
997 	p = this_cpu_ptr(rt->rt6i_pcpu);
998 	pcpu_rt = *p;
999 
1000 	if (pcpu_rt) {
1001 		dst_hold(&pcpu_rt->dst);
1002 		rt6_dst_from_metrics_check(pcpu_rt);
1003 	}
1004 	return pcpu_rt;
1005 }
1006 
1007 static struct rt6_info *rt6_make_pcpu_route(struct rt6_info *rt)
1008 {
1009 	struct fib6_table *table = rt->rt6i_table;
1010 	struct rt6_info *pcpu_rt, *prev, **p;
1011 
1012 	pcpu_rt = ip6_rt_pcpu_alloc(rt);
1013 	if (!pcpu_rt) {
1014 		struct net *net = dev_net(rt->dst.dev);
1015 
1016 		dst_hold(&net->ipv6.ip6_null_entry->dst);
1017 		return net->ipv6.ip6_null_entry;
1018 	}
1019 
1020 	read_lock_bh(&table->tb6_lock);
1021 	if (rt->rt6i_pcpu) {
1022 		p = this_cpu_ptr(rt->rt6i_pcpu);
1023 		prev = cmpxchg(p, NULL, pcpu_rt);
1024 		if (prev) {
1025 			/* If someone did it before us, return prev instead */
1026 			dst_destroy(&pcpu_rt->dst);
1027 			pcpu_rt = prev;
1028 		}
1029 	} else {
1030 		/* rt has been removed from the fib6 tree
1031 		 * before we have a chance to acquire the read_lock.
1032 		 * In this case, don't brother to create a pcpu rt
1033 		 * since rt is going away anyway.  The next
1034 		 * dst_check() will trigger a re-lookup.
1035 		 */
1036 		dst_destroy(&pcpu_rt->dst);
1037 		pcpu_rt = rt;
1038 	}
1039 	dst_hold(&pcpu_rt->dst);
1040 	rt6_dst_from_metrics_check(pcpu_rt);
1041 	read_unlock_bh(&table->tb6_lock);
1042 	return pcpu_rt;
1043 }
1044 
1045 struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
1046 			       int oif, struct flowi6 *fl6, int flags)
1047 {
1048 	struct fib6_node *fn, *saved_fn;
1049 	struct rt6_info *rt;
1050 	int strict = 0;
1051 
1052 	strict |= flags & RT6_LOOKUP_F_IFACE;
1053 	if (net->ipv6.devconf_all->forwarding == 0)
1054 		strict |= RT6_LOOKUP_F_REACHABLE;
1055 
1056 	read_lock_bh(&table->tb6_lock);
1057 
1058 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1059 	saved_fn = fn;
1060 
1061 	if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
1062 		oif = 0;
1063 
1064 redo_rt6_select:
1065 	rt = rt6_select(fn, oif, strict);
1066 	if (rt->rt6i_nsiblings)
1067 		rt = rt6_multipath_select(rt, fl6, oif, strict);
1068 	if (rt == net->ipv6.ip6_null_entry) {
1069 		fn = fib6_backtrack(fn, &fl6->saddr);
1070 		if (fn)
1071 			goto redo_rt6_select;
1072 		else if (strict & RT6_LOOKUP_F_REACHABLE) {
1073 			/* also consider unreachable route */
1074 			strict &= ~RT6_LOOKUP_F_REACHABLE;
1075 			fn = saved_fn;
1076 			goto redo_rt6_select;
1077 		}
1078 	}
1079 
1080 
1081 	if (rt == net->ipv6.ip6_null_entry || (rt->rt6i_flags & RTF_CACHE)) {
1082 		dst_use(&rt->dst, jiffies);
1083 		read_unlock_bh(&table->tb6_lock);
1084 
1085 		rt6_dst_from_metrics_check(rt);
1086 
1087 		trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
1088 		return rt;
1089 	} else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) &&
1090 			    !(rt->rt6i_flags & RTF_GATEWAY))) {
1091 		/* Create a RTF_CACHE clone which will not be
1092 		 * owned by the fib6 tree.  It is for the special case where
1093 		 * the daddr in the skb during the neighbor look-up is different
1094 		 * from the fl6->daddr used to look-up route here.
1095 		 */
1096 
1097 		struct rt6_info *uncached_rt;
1098 
1099 		dst_use(&rt->dst, jiffies);
1100 		read_unlock_bh(&table->tb6_lock);
1101 
1102 		uncached_rt = ip6_rt_cache_alloc(rt, &fl6->daddr, NULL);
1103 		dst_release(&rt->dst);
1104 
1105 		if (uncached_rt)
1106 			rt6_uncached_list_add(uncached_rt);
1107 		else
1108 			uncached_rt = net->ipv6.ip6_null_entry;
1109 
1110 		dst_hold(&uncached_rt->dst);
1111 
1112 		trace_fib6_table_lookup(net, uncached_rt, table->tb6_id, fl6);
1113 		return uncached_rt;
1114 
1115 	} else {
1116 		/* Get a percpu copy */
1117 
1118 		struct rt6_info *pcpu_rt;
1119 
1120 		rt->dst.lastuse = jiffies;
1121 		rt->dst.__use++;
1122 		pcpu_rt = rt6_get_pcpu_route(rt);
1123 
1124 		if (pcpu_rt) {
1125 			read_unlock_bh(&table->tb6_lock);
1126 		} else {
1127 			/* We have to do the read_unlock first
1128 			 * because rt6_make_pcpu_route() may trigger
1129 			 * ip6_dst_gc() which will take the write_lock.
1130 			 */
1131 			dst_hold(&rt->dst);
1132 			read_unlock_bh(&table->tb6_lock);
1133 			pcpu_rt = rt6_make_pcpu_route(rt);
1134 			dst_release(&rt->dst);
1135 		}
1136 
1137 		trace_fib6_table_lookup(net, pcpu_rt, table->tb6_id, fl6);
1138 		return pcpu_rt;
1139 
1140 	}
1141 }
1142 EXPORT_SYMBOL_GPL(ip6_pol_route);
1143 
1144 static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
1145 					    struct flowi6 *fl6, int flags)
1146 {
1147 	return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags);
1148 }
1149 
1150 static struct dst_entry *ip6_route_input_lookup(struct net *net,
1151 						struct net_device *dev,
1152 						struct flowi6 *fl6, int flags)
1153 {
1154 	if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG)
1155 		flags |= RT6_LOOKUP_F_IFACE;
1156 
1157 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input);
1158 }
1159 
1160 void ip6_route_input(struct sk_buff *skb)
1161 {
1162 	const struct ipv6hdr *iph = ipv6_hdr(skb);
1163 	struct net *net = dev_net(skb->dev);
1164 	int flags = RT6_LOOKUP_F_HAS_SADDR;
1165 	struct ip_tunnel_info *tun_info;
1166 	struct flowi6 fl6 = {
1167 		.flowi6_iif = l3mdev_fib_oif(skb->dev),
1168 		.daddr = iph->daddr,
1169 		.saddr = iph->saddr,
1170 		.flowlabel = ip6_flowinfo(iph),
1171 		.flowi6_mark = skb->mark,
1172 		.flowi6_proto = iph->nexthdr,
1173 	};
1174 
1175 	tun_info = skb_tunnel_info(skb);
1176 	if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1177 		fl6.flowi6_tun_key.tun_id = tun_info->key.tun_id;
1178 	skb_dst_drop(skb);
1179 	skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags));
1180 }
1181 
1182 static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
1183 					     struct flowi6 *fl6, int flags)
1184 {
1185 	return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
1186 }
1187 
1188 struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk,
1189 					 struct flowi6 *fl6, int flags)
1190 {
1191 	struct dst_entry *dst;
1192 	bool any_src;
1193 
1194 	dst = l3mdev_get_rt6_dst(net, fl6);
1195 	if (dst)
1196 		return dst;
1197 
1198 	fl6->flowi6_iif = LOOPBACK_IFINDEX;
1199 
1200 	any_src = ipv6_addr_any(&fl6->saddr);
1201 	if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr) ||
1202 	    (fl6->flowi6_oif && any_src))
1203 		flags |= RT6_LOOKUP_F_IFACE;
1204 
1205 	if (!any_src)
1206 		flags |= RT6_LOOKUP_F_HAS_SADDR;
1207 	else if (sk)
1208 		flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs);
1209 
1210 	return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output);
1211 }
1212 EXPORT_SYMBOL_GPL(ip6_route_output_flags);
1213 
1214 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
1215 {
1216 	struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig;
1217 	struct dst_entry *new = NULL;
1218 
1219 	rt = dst_alloc(&ip6_dst_blackhole_ops, ort->dst.dev, 1, DST_OBSOLETE_NONE, 0);
1220 	if (rt) {
1221 		rt6_info_init(rt);
1222 
1223 		new = &rt->dst;
1224 		new->__use = 1;
1225 		new->input = dst_discard;
1226 		new->output = dst_discard_out;
1227 
1228 		dst_copy_metrics(new, &ort->dst);
1229 		rt->rt6i_idev = ort->rt6i_idev;
1230 		if (rt->rt6i_idev)
1231 			in6_dev_hold(rt->rt6i_idev);
1232 
1233 		rt->rt6i_gateway = ort->rt6i_gateway;
1234 		rt->rt6i_flags = ort->rt6i_flags & ~RTF_PCPU;
1235 		rt->rt6i_metric = 0;
1236 
1237 		memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key));
1238 #ifdef CONFIG_IPV6_SUBTREES
1239 		memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key));
1240 #endif
1241 
1242 		dst_free(new);
1243 	}
1244 
1245 	dst_release(dst_orig);
1246 	return new ? new : ERR_PTR(-ENOMEM);
1247 }
1248 
1249 /*
1250  *	Destination cache support functions
1251  */
1252 
1253 static void rt6_dst_from_metrics_check(struct rt6_info *rt)
1254 {
1255 	if (rt->dst.from &&
1256 	    dst_metrics_ptr(&rt->dst) != dst_metrics_ptr(rt->dst.from))
1257 		dst_init_metrics(&rt->dst, dst_metrics_ptr(rt->dst.from), true);
1258 }
1259 
1260 static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie)
1261 {
1262 	if (!rt->rt6i_node || (rt->rt6i_node->fn_sernum != cookie))
1263 		return NULL;
1264 
1265 	if (rt6_check_expired(rt))
1266 		return NULL;
1267 
1268 	return &rt->dst;
1269 }
1270 
1271 static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie)
1272 {
1273 	if (!__rt6_check_expired(rt) &&
1274 	    rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1275 	    rt6_check((struct rt6_info *)(rt->dst.from), cookie))
1276 		return &rt->dst;
1277 	else
1278 		return NULL;
1279 }
1280 
1281 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
1282 {
1283 	struct rt6_info *rt;
1284 
1285 	rt = (struct rt6_info *) dst;
1286 
1287 	/* All IPV6 dsts are created with ->obsolete set to the value
1288 	 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1289 	 * into this function always.
1290 	 */
1291 
1292 	rt6_dst_from_metrics_check(rt);
1293 
1294 	if (rt->rt6i_flags & RTF_PCPU ||
1295 	    (unlikely(dst->flags & DST_NOCACHE) && rt->dst.from))
1296 		return rt6_dst_from_check(rt, cookie);
1297 	else
1298 		return rt6_check(rt, cookie);
1299 }
1300 
1301 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
1302 {
1303 	struct rt6_info *rt = (struct rt6_info *) dst;
1304 
1305 	if (rt) {
1306 		if (rt->rt6i_flags & RTF_CACHE) {
1307 			if (rt6_check_expired(rt)) {
1308 				ip6_del_rt(rt);
1309 				dst = NULL;
1310 			}
1311 		} else {
1312 			dst_release(dst);
1313 			dst = NULL;
1314 		}
1315 	}
1316 	return dst;
1317 }
1318 
1319 static void ip6_link_failure(struct sk_buff *skb)
1320 {
1321 	struct rt6_info *rt;
1322 
1323 	icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
1324 
1325 	rt = (struct rt6_info *) skb_dst(skb);
1326 	if (rt) {
1327 		if (rt->rt6i_flags & RTF_CACHE) {
1328 			dst_hold(&rt->dst);
1329 			ip6_del_rt(rt);
1330 		} else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) {
1331 			rt->rt6i_node->fn_sernum = -1;
1332 		}
1333 	}
1334 }
1335 
1336 static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
1337 {
1338 	struct net *net = dev_net(rt->dst.dev);
1339 
1340 	rt->rt6i_flags |= RTF_MODIFIED;
1341 	rt->rt6i_pmtu = mtu;
1342 	rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
1343 }
1344 
1345 static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
1346 {
1347 	return !(rt->rt6i_flags & RTF_CACHE) &&
1348 		(rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
1349 }
1350 
1351 static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
1352 				 const struct ipv6hdr *iph, u32 mtu)
1353 {
1354 	struct rt6_info *rt6 = (struct rt6_info *)dst;
1355 
1356 	if (rt6->rt6i_flags & RTF_LOCAL)
1357 		return;
1358 
1359 	dst_confirm(dst);
1360 	mtu = max_t(u32, mtu, IPV6_MIN_MTU);
1361 	if (mtu >= dst_mtu(dst))
1362 		return;
1363 
1364 	if (!rt6_cache_allowed_for_pmtu(rt6)) {
1365 		rt6_do_update_pmtu(rt6, mtu);
1366 	} else {
1367 		const struct in6_addr *daddr, *saddr;
1368 		struct rt6_info *nrt6;
1369 
1370 		if (iph) {
1371 			daddr = &iph->daddr;
1372 			saddr = &iph->saddr;
1373 		} else if (sk) {
1374 			daddr = &sk->sk_v6_daddr;
1375 			saddr = &inet6_sk(sk)->saddr;
1376 		} else {
1377 			return;
1378 		}
1379 		nrt6 = ip6_rt_cache_alloc(rt6, daddr, saddr);
1380 		if (nrt6) {
1381 			rt6_do_update_pmtu(nrt6, mtu);
1382 
1383 			/* ip6_ins_rt(nrt6) will bump the
1384 			 * rt6->rt6i_node->fn_sernum
1385 			 * which will fail the next rt6_check() and
1386 			 * invalidate the sk->sk_dst_cache.
1387 			 */
1388 			ip6_ins_rt(nrt6);
1389 		}
1390 	}
1391 }
1392 
1393 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1394 			       struct sk_buff *skb, u32 mtu)
1395 {
1396 	__ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu);
1397 }
1398 
1399 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu,
1400 		     int oif, u32 mark)
1401 {
1402 	const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1403 	struct dst_entry *dst;
1404 	struct flowi6 fl6;
1405 
1406 	memset(&fl6, 0, sizeof(fl6));
1407 	fl6.flowi6_oif = oif;
1408 	fl6.flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark);
1409 	fl6.daddr = iph->daddr;
1410 	fl6.saddr = iph->saddr;
1411 	fl6.flowlabel = ip6_flowinfo(iph);
1412 
1413 	dst = ip6_route_output(net, NULL, &fl6);
1414 	if (!dst->error)
1415 		__ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu));
1416 	dst_release(dst);
1417 }
1418 EXPORT_SYMBOL_GPL(ip6_update_pmtu);
1419 
1420 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu)
1421 {
1422 	struct dst_entry *dst;
1423 
1424 	ip6_update_pmtu(skb, sock_net(sk), mtu,
1425 			sk->sk_bound_dev_if, sk->sk_mark);
1426 
1427 	dst = __sk_dst_get(sk);
1428 	if (!dst || !dst->obsolete ||
1429 	    dst->ops->check(dst, inet6_sk(sk)->dst_cookie))
1430 		return;
1431 
1432 	bh_lock_sock(sk);
1433 	if (!sock_owned_by_user(sk) && !ipv6_addr_v4mapped(&sk->sk_v6_daddr))
1434 		ip6_datagram_dst_update(sk, false);
1435 	bh_unlock_sock(sk);
1436 }
1437 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu);
1438 
1439 /* Handle redirects */
1440 struct ip6rd_flowi {
1441 	struct flowi6 fl6;
1442 	struct in6_addr gateway;
1443 };
1444 
1445 static struct rt6_info *__ip6_route_redirect(struct net *net,
1446 					     struct fib6_table *table,
1447 					     struct flowi6 *fl6,
1448 					     int flags)
1449 {
1450 	struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6;
1451 	struct rt6_info *rt;
1452 	struct fib6_node *fn;
1453 
1454 	/* Get the "current" route for this destination and
1455 	 * check if the redirect has come from approriate router.
1456 	 *
1457 	 * RFC 4861 specifies that redirects should only be
1458 	 * accepted if they come from the nexthop to the target.
1459 	 * Due to the way the routes are chosen, this notion
1460 	 * is a bit fuzzy and one might need to check all possible
1461 	 * routes.
1462 	 */
1463 
1464 	read_lock_bh(&table->tb6_lock);
1465 	fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1466 restart:
1467 	for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
1468 		if (rt6_check_expired(rt))
1469 			continue;
1470 		if (rt->dst.error)
1471 			break;
1472 		if (!(rt->rt6i_flags & RTF_GATEWAY))
1473 			continue;
1474 		if (fl6->flowi6_oif != rt->dst.dev->ifindex)
1475 			continue;
1476 		if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway))
1477 			continue;
1478 		break;
1479 	}
1480 
1481 	if (!rt)
1482 		rt = net->ipv6.ip6_null_entry;
1483 	else if (rt->dst.error) {
1484 		rt = net->ipv6.ip6_null_entry;
1485 		goto out;
1486 	}
1487 
1488 	if (rt == net->ipv6.ip6_null_entry) {
1489 		fn = fib6_backtrack(fn, &fl6->saddr);
1490 		if (fn)
1491 			goto restart;
1492 	}
1493 
1494 out:
1495 	dst_hold(&rt->dst);
1496 
1497 	read_unlock_bh(&table->tb6_lock);
1498 
1499 	trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
1500 	return rt;
1501 };
1502 
1503 static struct dst_entry *ip6_route_redirect(struct net *net,
1504 					const struct flowi6 *fl6,
1505 					const struct in6_addr *gateway)
1506 {
1507 	int flags = RT6_LOOKUP_F_HAS_SADDR;
1508 	struct ip6rd_flowi rdfl;
1509 
1510 	rdfl.fl6 = *fl6;
1511 	rdfl.gateway = *gateway;
1512 
1513 	return fib6_rule_lookup(net, &rdfl.fl6,
1514 				flags, __ip6_route_redirect);
1515 }
1516 
1517 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark)
1518 {
1519 	const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1520 	struct dst_entry *dst;
1521 	struct flowi6 fl6;
1522 
1523 	memset(&fl6, 0, sizeof(fl6));
1524 	fl6.flowi6_iif = LOOPBACK_IFINDEX;
1525 	fl6.flowi6_oif = oif;
1526 	fl6.flowi6_mark = mark;
1527 	fl6.daddr = iph->daddr;
1528 	fl6.saddr = iph->saddr;
1529 	fl6.flowlabel = ip6_flowinfo(iph);
1530 
1531 	dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr);
1532 	rt6_do_redirect(dst, NULL, skb);
1533 	dst_release(dst);
1534 }
1535 EXPORT_SYMBOL_GPL(ip6_redirect);
1536 
1537 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
1538 			    u32 mark)
1539 {
1540 	const struct ipv6hdr *iph = ipv6_hdr(skb);
1541 	const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb);
1542 	struct dst_entry *dst;
1543 	struct flowi6 fl6;
1544 
1545 	memset(&fl6, 0, sizeof(fl6));
1546 	fl6.flowi6_iif = LOOPBACK_IFINDEX;
1547 	fl6.flowi6_oif = oif;
1548 	fl6.flowi6_mark = mark;
1549 	fl6.daddr = msg->dest;
1550 	fl6.saddr = iph->daddr;
1551 
1552 	dst = ip6_route_redirect(net, &fl6, &iph->saddr);
1553 	rt6_do_redirect(dst, NULL, skb);
1554 	dst_release(dst);
1555 }
1556 
1557 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk)
1558 {
1559 	ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark);
1560 }
1561 EXPORT_SYMBOL_GPL(ip6_sk_redirect);
1562 
1563 static unsigned int ip6_default_advmss(const struct dst_entry *dst)
1564 {
1565 	struct net_device *dev = dst->dev;
1566 	unsigned int mtu = dst_mtu(dst);
1567 	struct net *net = dev_net(dev);
1568 
1569 	mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
1570 
1571 	if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
1572 		mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
1573 
1574 	/*
1575 	 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
1576 	 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size.
1577 	 * IPV6_MAXPLEN is also valid and means: "any MSS,
1578 	 * rely only on pmtu discovery"
1579 	 */
1580 	if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr))
1581 		mtu = IPV6_MAXPLEN;
1582 	return mtu;
1583 }
1584 
1585 static unsigned int ip6_mtu(const struct dst_entry *dst)
1586 {
1587 	const struct rt6_info *rt = (const struct rt6_info *)dst;
1588 	unsigned int mtu = rt->rt6i_pmtu;
1589 	struct inet6_dev *idev;
1590 
1591 	if (mtu)
1592 		goto out;
1593 
1594 	mtu = dst_metric_raw(dst, RTAX_MTU);
1595 	if (mtu)
1596 		goto out;
1597 
1598 	mtu = IPV6_MIN_MTU;
1599 
1600 	rcu_read_lock();
1601 	idev = __in6_dev_get(dst->dev);
1602 	if (idev)
1603 		mtu = idev->cnf.mtu6;
1604 	rcu_read_unlock();
1605 
1606 out:
1607 	return min_t(unsigned int, mtu, IP6_MAX_MTU);
1608 }
1609 
1610 static struct dst_entry *icmp6_dst_gc_list;
1611 static DEFINE_SPINLOCK(icmp6_dst_lock);
1612 
1613 struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
1614 				  struct flowi6 *fl6)
1615 {
1616 	struct dst_entry *dst;
1617 	struct rt6_info *rt;
1618 	struct inet6_dev *idev = in6_dev_get(dev);
1619 	struct net *net = dev_net(dev);
1620 
1621 	if (unlikely(!idev))
1622 		return ERR_PTR(-ENODEV);
1623 
1624 	rt = ip6_dst_alloc(net, dev, 0);
1625 	if (unlikely(!rt)) {
1626 		in6_dev_put(idev);
1627 		dst = ERR_PTR(-ENOMEM);
1628 		goto out;
1629 	}
1630 
1631 	rt->dst.flags |= DST_HOST;
1632 	rt->dst.output  = ip6_output;
1633 	atomic_set(&rt->dst.__refcnt, 1);
1634 	rt->rt6i_gateway  = fl6->daddr;
1635 	rt->rt6i_dst.addr = fl6->daddr;
1636 	rt->rt6i_dst.plen = 128;
1637 	rt->rt6i_idev     = idev;
1638 	dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0);
1639 
1640 	spin_lock_bh(&icmp6_dst_lock);
1641 	rt->dst.next = icmp6_dst_gc_list;
1642 	icmp6_dst_gc_list = &rt->dst;
1643 	spin_unlock_bh(&icmp6_dst_lock);
1644 
1645 	fib6_force_start_gc(net);
1646 
1647 	dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0);
1648 
1649 out:
1650 	return dst;
1651 }
1652 
1653 int icmp6_dst_gc(void)
1654 {
1655 	struct dst_entry *dst, **pprev;
1656 	int more = 0;
1657 
1658 	spin_lock_bh(&icmp6_dst_lock);
1659 	pprev = &icmp6_dst_gc_list;
1660 
1661 	while ((dst = *pprev) != NULL) {
1662 		if (!atomic_read(&dst->__refcnt)) {
1663 			*pprev = dst->next;
1664 			dst_free(dst);
1665 		} else {
1666 			pprev = &dst->next;
1667 			++more;
1668 		}
1669 	}
1670 
1671 	spin_unlock_bh(&icmp6_dst_lock);
1672 
1673 	return more;
1674 }
1675 
1676 static void icmp6_clean_all(int (*func)(struct rt6_info *rt, void *arg),
1677 			    void *arg)
1678 {
1679 	struct dst_entry *dst, **pprev;
1680 
1681 	spin_lock_bh(&icmp6_dst_lock);
1682 	pprev = &icmp6_dst_gc_list;
1683 	while ((dst = *pprev) != NULL) {
1684 		struct rt6_info *rt = (struct rt6_info *) dst;
1685 		if (func(rt, arg)) {
1686 			*pprev = dst->next;
1687 			dst_free(dst);
1688 		} else {
1689 			pprev = &dst->next;
1690 		}
1691 	}
1692 	spin_unlock_bh(&icmp6_dst_lock);
1693 }
1694 
1695 static int ip6_dst_gc(struct dst_ops *ops)
1696 {
1697 	struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
1698 	int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
1699 	int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
1700 	int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
1701 	int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
1702 	unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
1703 	int entries;
1704 
1705 	entries = dst_entries_get_fast(ops);
1706 	if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
1707 	    entries <= rt_max_size)
1708 		goto out;
1709 
1710 	net->ipv6.ip6_rt_gc_expire++;
1711 	fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true);
1712 	entries = dst_entries_get_slow(ops);
1713 	if (entries < ops->gc_thresh)
1714 		net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
1715 out:
1716 	net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
1717 	return entries > rt_max_size;
1718 }
1719 
1720 static int ip6_convert_metrics(struct mx6_config *mxc,
1721 			       const struct fib6_config *cfg)
1722 {
1723 	bool ecn_ca = false;
1724 	struct nlattr *nla;
1725 	int remaining;
1726 	u32 *mp;
1727 
1728 	if (!cfg->fc_mx)
1729 		return 0;
1730 
1731 	mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
1732 	if (unlikely(!mp))
1733 		return -ENOMEM;
1734 
1735 	nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) {
1736 		int type = nla_type(nla);
1737 		u32 val;
1738 
1739 		if (!type)
1740 			continue;
1741 		if (unlikely(type > RTAX_MAX))
1742 			goto err;
1743 
1744 		if (type == RTAX_CC_ALGO) {
1745 			char tmp[TCP_CA_NAME_MAX];
1746 
1747 			nla_strlcpy(tmp, nla, sizeof(tmp));
1748 			val = tcp_ca_get_key_by_name(tmp, &ecn_ca);
1749 			if (val == TCP_CA_UNSPEC)
1750 				goto err;
1751 		} else {
1752 			val = nla_get_u32(nla);
1753 		}
1754 		if (type == RTAX_HOPLIMIT && val > 255)
1755 			val = 255;
1756 		if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
1757 			goto err;
1758 
1759 		mp[type - 1] = val;
1760 		__set_bit(type - 1, mxc->mx_valid);
1761 	}
1762 
1763 	if (ecn_ca) {
1764 		__set_bit(RTAX_FEATURES - 1, mxc->mx_valid);
1765 		mp[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA;
1766 	}
1767 
1768 	mxc->mx = mp;
1769 	return 0;
1770  err:
1771 	kfree(mp);
1772 	return -EINVAL;
1773 }
1774 
1775 static struct rt6_info *ip6_nh_lookup_table(struct net *net,
1776 					    struct fib6_config *cfg,
1777 					    const struct in6_addr *gw_addr)
1778 {
1779 	struct flowi6 fl6 = {
1780 		.flowi6_oif = cfg->fc_ifindex,
1781 		.daddr = *gw_addr,
1782 		.saddr = cfg->fc_prefsrc,
1783 	};
1784 	struct fib6_table *table;
1785 	struct rt6_info *rt;
1786 	int flags = RT6_LOOKUP_F_IFACE;
1787 
1788 	table = fib6_get_table(net, cfg->fc_table);
1789 	if (!table)
1790 		return NULL;
1791 
1792 	if (!ipv6_addr_any(&cfg->fc_prefsrc))
1793 		flags |= RT6_LOOKUP_F_HAS_SADDR;
1794 
1795 	rt = ip6_pol_route(net, table, cfg->fc_ifindex, &fl6, flags);
1796 
1797 	/* if table lookup failed, fall back to full lookup */
1798 	if (rt == net->ipv6.ip6_null_entry) {
1799 		ip6_rt_put(rt);
1800 		rt = NULL;
1801 	}
1802 
1803 	return rt;
1804 }
1805 
1806 static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg)
1807 {
1808 	struct net *net = cfg->fc_nlinfo.nl_net;
1809 	struct rt6_info *rt = NULL;
1810 	struct net_device *dev = NULL;
1811 	struct inet6_dev *idev = NULL;
1812 	struct fib6_table *table;
1813 	int addr_type;
1814 	int err = -EINVAL;
1815 
1816 	if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128)
1817 		goto out;
1818 #ifndef CONFIG_IPV6_SUBTREES
1819 	if (cfg->fc_src_len)
1820 		goto out;
1821 #endif
1822 	if (cfg->fc_ifindex) {
1823 		err = -ENODEV;
1824 		dev = dev_get_by_index(net, cfg->fc_ifindex);
1825 		if (!dev)
1826 			goto out;
1827 		idev = in6_dev_get(dev);
1828 		if (!idev)
1829 			goto out;
1830 	}
1831 
1832 	if (cfg->fc_metric == 0)
1833 		cfg->fc_metric = IP6_RT_PRIO_USER;
1834 
1835 	err = -ENOBUFS;
1836 	if (cfg->fc_nlinfo.nlh &&
1837 	    !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) {
1838 		table = fib6_get_table(net, cfg->fc_table);
1839 		if (!table) {
1840 			pr_warn("NLM_F_CREATE should be specified when creating new route\n");
1841 			table = fib6_new_table(net, cfg->fc_table);
1842 		}
1843 	} else {
1844 		table = fib6_new_table(net, cfg->fc_table);
1845 	}
1846 
1847 	if (!table)
1848 		goto out;
1849 
1850 	rt = ip6_dst_alloc(net, NULL,
1851 			   (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT);
1852 
1853 	if (!rt) {
1854 		err = -ENOMEM;
1855 		goto out;
1856 	}
1857 
1858 	if (cfg->fc_flags & RTF_EXPIRES)
1859 		rt6_set_expires(rt, jiffies +
1860 				clock_t_to_jiffies(cfg->fc_expires));
1861 	else
1862 		rt6_clean_expires(rt);
1863 
1864 	if (cfg->fc_protocol == RTPROT_UNSPEC)
1865 		cfg->fc_protocol = RTPROT_BOOT;
1866 	rt->rt6i_protocol = cfg->fc_protocol;
1867 
1868 	addr_type = ipv6_addr_type(&cfg->fc_dst);
1869 
1870 	if (addr_type & IPV6_ADDR_MULTICAST)
1871 		rt->dst.input = ip6_mc_input;
1872 	else if (cfg->fc_flags & RTF_LOCAL)
1873 		rt->dst.input = ip6_input;
1874 	else
1875 		rt->dst.input = ip6_forward;
1876 
1877 	rt->dst.output = ip6_output;
1878 
1879 	if (cfg->fc_encap) {
1880 		struct lwtunnel_state *lwtstate;
1881 
1882 		err = lwtunnel_build_state(dev, cfg->fc_encap_type,
1883 					   cfg->fc_encap, AF_INET6, cfg,
1884 					   &lwtstate);
1885 		if (err)
1886 			goto out;
1887 		rt->dst.lwtstate = lwtstate_get(lwtstate);
1888 		if (lwtunnel_output_redirect(rt->dst.lwtstate)) {
1889 			rt->dst.lwtstate->orig_output = rt->dst.output;
1890 			rt->dst.output = lwtunnel_output;
1891 		}
1892 		if (lwtunnel_input_redirect(rt->dst.lwtstate)) {
1893 			rt->dst.lwtstate->orig_input = rt->dst.input;
1894 			rt->dst.input = lwtunnel_input;
1895 		}
1896 	}
1897 
1898 	ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len);
1899 	rt->rt6i_dst.plen = cfg->fc_dst_len;
1900 	if (rt->rt6i_dst.plen == 128)
1901 		rt->dst.flags |= DST_HOST;
1902 
1903 #ifdef CONFIG_IPV6_SUBTREES
1904 	ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len);
1905 	rt->rt6i_src.plen = cfg->fc_src_len;
1906 #endif
1907 
1908 	rt->rt6i_metric = cfg->fc_metric;
1909 
1910 	/* We cannot add true routes via loopback here,
1911 	   they would result in kernel looping; promote them to reject routes
1912 	 */
1913 	if ((cfg->fc_flags & RTF_REJECT) ||
1914 	    (dev && (dev->flags & IFF_LOOPBACK) &&
1915 	     !(addr_type & IPV6_ADDR_LOOPBACK) &&
1916 	     !(cfg->fc_flags & RTF_LOCAL))) {
1917 		/* hold loopback dev/idev if we haven't done so. */
1918 		if (dev != net->loopback_dev) {
1919 			if (dev) {
1920 				dev_put(dev);
1921 				in6_dev_put(idev);
1922 			}
1923 			dev = net->loopback_dev;
1924 			dev_hold(dev);
1925 			idev = in6_dev_get(dev);
1926 			if (!idev) {
1927 				err = -ENODEV;
1928 				goto out;
1929 			}
1930 		}
1931 		rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP;
1932 		switch (cfg->fc_type) {
1933 		case RTN_BLACKHOLE:
1934 			rt->dst.error = -EINVAL;
1935 			rt->dst.output = dst_discard_out;
1936 			rt->dst.input = dst_discard;
1937 			break;
1938 		case RTN_PROHIBIT:
1939 			rt->dst.error = -EACCES;
1940 			rt->dst.output = ip6_pkt_prohibit_out;
1941 			rt->dst.input = ip6_pkt_prohibit;
1942 			break;
1943 		case RTN_THROW:
1944 		case RTN_UNREACHABLE:
1945 		default:
1946 			rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN
1947 					: (cfg->fc_type == RTN_UNREACHABLE)
1948 					? -EHOSTUNREACH : -ENETUNREACH;
1949 			rt->dst.output = ip6_pkt_discard_out;
1950 			rt->dst.input = ip6_pkt_discard;
1951 			break;
1952 		}
1953 		goto install_route;
1954 	}
1955 
1956 	if (cfg->fc_flags & RTF_GATEWAY) {
1957 		const struct in6_addr *gw_addr;
1958 		int gwa_type;
1959 
1960 		gw_addr = &cfg->fc_gateway;
1961 		gwa_type = ipv6_addr_type(gw_addr);
1962 
1963 		/* if gw_addr is local we will fail to detect this in case
1964 		 * address is still TENTATIVE (DAD in progress). rt6_lookup()
1965 		 * will return already-added prefix route via interface that
1966 		 * prefix route was assigned to, which might be non-loopback.
1967 		 */
1968 		err = -EINVAL;
1969 		if (ipv6_chk_addr_and_flags(net, gw_addr,
1970 					    gwa_type & IPV6_ADDR_LINKLOCAL ?
1971 					    dev : NULL, 0, 0))
1972 			goto out;
1973 
1974 		rt->rt6i_gateway = *gw_addr;
1975 
1976 		if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) {
1977 			struct rt6_info *grt = NULL;
1978 
1979 			/* IPv6 strictly inhibits using not link-local
1980 			   addresses as nexthop address.
1981 			   Otherwise, router will not able to send redirects.
1982 			   It is very good, but in some (rare!) circumstances
1983 			   (SIT, PtP, NBMA NOARP links) it is handy to allow
1984 			   some exceptions. --ANK
1985 			 */
1986 			if (!(gwa_type & IPV6_ADDR_UNICAST))
1987 				goto out;
1988 
1989 			if (cfg->fc_table)
1990 				grt = ip6_nh_lookup_table(net, cfg, gw_addr);
1991 
1992 			if (!grt)
1993 				grt = rt6_lookup(net, gw_addr, NULL,
1994 						 cfg->fc_ifindex, 1);
1995 
1996 			err = -EHOSTUNREACH;
1997 			if (!grt)
1998 				goto out;
1999 			if (dev) {
2000 				if (dev != grt->dst.dev) {
2001 					ip6_rt_put(grt);
2002 					goto out;
2003 				}
2004 			} else {
2005 				dev = grt->dst.dev;
2006 				idev = grt->rt6i_idev;
2007 				dev_hold(dev);
2008 				in6_dev_hold(grt->rt6i_idev);
2009 			}
2010 			if (!(grt->rt6i_flags & RTF_GATEWAY))
2011 				err = 0;
2012 			ip6_rt_put(grt);
2013 
2014 			if (err)
2015 				goto out;
2016 		}
2017 		err = -EINVAL;
2018 		if (!dev || (dev->flags & IFF_LOOPBACK))
2019 			goto out;
2020 	}
2021 
2022 	err = -ENODEV;
2023 	if (!dev)
2024 		goto out;
2025 
2026 	if (!ipv6_addr_any(&cfg->fc_prefsrc)) {
2027 		if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) {
2028 			err = -EINVAL;
2029 			goto out;
2030 		}
2031 		rt->rt6i_prefsrc.addr = cfg->fc_prefsrc;
2032 		rt->rt6i_prefsrc.plen = 128;
2033 	} else
2034 		rt->rt6i_prefsrc.plen = 0;
2035 
2036 	rt->rt6i_flags = cfg->fc_flags;
2037 
2038 install_route:
2039 	rt->dst.dev = dev;
2040 	rt->rt6i_idev = idev;
2041 	rt->rt6i_table = table;
2042 
2043 	cfg->fc_nlinfo.nl_net = dev_net(dev);
2044 
2045 	return rt;
2046 out:
2047 	if (dev)
2048 		dev_put(dev);
2049 	if (idev)
2050 		in6_dev_put(idev);
2051 	if (rt)
2052 		dst_free(&rt->dst);
2053 
2054 	return ERR_PTR(err);
2055 }
2056 
2057 int ip6_route_add(struct fib6_config *cfg)
2058 {
2059 	struct mx6_config mxc = { .mx = NULL, };
2060 	struct rt6_info *rt;
2061 	int err;
2062 
2063 	rt = ip6_route_info_create(cfg);
2064 	if (IS_ERR(rt)) {
2065 		err = PTR_ERR(rt);
2066 		rt = NULL;
2067 		goto out;
2068 	}
2069 
2070 	err = ip6_convert_metrics(&mxc, cfg);
2071 	if (err)
2072 		goto out;
2073 
2074 	err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, &mxc);
2075 
2076 	kfree(mxc.mx);
2077 
2078 	return err;
2079 out:
2080 	if (rt)
2081 		dst_free(&rt->dst);
2082 
2083 	return err;
2084 }
2085 
2086 static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
2087 {
2088 	int err;
2089 	struct fib6_table *table;
2090 	struct net *net = dev_net(rt->dst.dev);
2091 
2092 	if (rt == net->ipv6.ip6_null_entry ||
2093 	    rt->dst.flags & DST_NOCACHE) {
2094 		err = -ENOENT;
2095 		goto out;
2096 	}
2097 
2098 	table = rt->rt6i_table;
2099 	write_lock_bh(&table->tb6_lock);
2100 	err = fib6_del(rt, info);
2101 	write_unlock_bh(&table->tb6_lock);
2102 
2103 out:
2104 	ip6_rt_put(rt);
2105 	return err;
2106 }
2107 
2108 int ip6_del_rt(struct rt6_info *rt)
2109 {
2110 	struct nl_info info = {
2111 		.nl_net = dev_net(rt->dst.dev),
2112 	};
2113 	return __ip6_del_rt(rt, &info);
2114 }
2115 
2116 static int ip6_route_del(struct fib6_config *cfg)
2117 {
2118 	struct fib6_table *table;
2119 	struct fib6_node *fn;
2120 	struct rt6_info *rt;
2121 	int err = -ESRCH;
2122 
2123 	table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table);
2124 	if (!table)
2125 		return err;
2126 
2127 	read_lock_bh(&table->tb6_lock);
2128 
2129 	fn = fib6_locate(&table->tb6_root,
2130 			 &cfg->fc_dst, cfg->fc_dst_len,
2131 			 &cfg->fc_src, cfg->fc_src_len);
2132 
2133 	if (fn) {
2134 		for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2135 			if ((rt->rt6i_flags & RTF_CACHE) &&
2136 			    !(cfg->fc_flags & RTF_CACHE))
2137 				continue;
2138 			if (cfg->fc_ifindex &&
2139 			    (!rt->dst.dev ||
2140 			     rt->dst.dev->ifindex != cfg->fc_ifindex))
2141 				continue;
2142 			if (cfg->fc_flags & RTF_GATEWAY &&
2143 			    !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway))
2144 				continue;
2145 			if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric)
2146 				continue;
2147 			dst_hold(&rt->dst);
2148 			read_unlock_bh(&table->tb6_lock);
2149 
2150 			return __ip6_del_rt(rt, &cfg->fc_nlinfo);
2151 		}
2152 	}
2153 	read_unlock_bh(&table->tb6_lock);
2154 
2155 	return err;
2156 }
2157 
2158 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
2159 {
2160 	struct netevent_redirect netevent;
2161 	struct rt6_info *rt, *nrt = NULL;
2162 	struct ndisc_options ndopts;
2163 	struct inet6_dev *in6_dev;
2164 	struct neighbour *neigh;
2165 	struct rd_msg *msg;
2166 	int optlen, on_link;
2167 	u8 *lladdr;
2168 
2169 	optlen = skb_tail_pointer(skb) - skb_transport_header(skb);
2170 	optlen -= sizeof(*msg);
2171 
2172 	if (optlen < 0) {
2173 		net_dbg_ratelimited("rt6_do_redirect: packet too short\n");
2174 		return;
2175 	}
2176 
2177 	msg = (struct rd_msg *)icmp6_hdr(skb);
2178 
2179 	if (ipv6_addr_is_multicast(&msg->dest)) {
2180 		net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n");
2181 		return;
2182 	}
2183 
2184 	on_link = 0;
2185 	if (ipv6_addr_equal(&msg->dest, &msg->target)) {
2186 		on_link = 1;
2187 	} else if (ipv6_addr_type(&msg->target) !=
2188 		   (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
2189 		net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n");
2190 		return;
2191 	}
2192 
2193 	in6_dev = __in6_dev_get(skb->dev);
2194 	if (!in6_dev)
2195 		return;
2196 	if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
2197 		return;
2198 
2199 	/* RFC2461 8.1:
2200 	 *	The IP source address of the Redirect MUST be the same as the current
2201 	 *	first-hop router for the specified ICMP Destination Address.
2202 	 */
2203 
2204 	if (!ndisc_parse_options(skb->dev, msg->opt, optlen, &ndopts)) {
2205 		net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
2206 		return;
2207 	}
2208 
2209 	lladdr = NULL;
2210 	if (ndopts.nd_opts_tgt_lladdr) {
2211 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
2212 					     skb->dev);
2213 		if (!lladdr) {
2214 			net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n");
2215 			return;
2216 		}
2217 	}
2218 
2219 	rt = (struct rt6_info *) dst;
2220 	if (rt->rt6i_flags & RTF_REJECT) {
2221 		net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
2222 		return;
2223 	}
2224 
2225 	/* Redirect received -> path was valid.
2226 	 * Look, redirects are sent only in response to data packets,
2227 	 * so that this nexthop apparently is reachable. --ANK
2228 	 */
2229 	dst_confirm(&rt->dst);
2230 
2231 	neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1);
2232 	if (!neigh)
2233 		return;
2234 
2235 	/*
2236 	 *	We have finally decided to accept it.
2237 	 */
2238 
2239 	ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
2240 		     NEIGH_UPDATE_F_WEAK_OVERRIDE|
2241 		     NEIGH_UPDATE_F_OVERRIDE|
2242 		     (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
2243 				     NEIGH_UPDATE_F_ISROUTER)),
2244 		     NDISC_REDIRECT, &ndopts);
2245 
2246 	nrt = ip6_rt_cache_alloc(rt, &msg->dest, NULL);
2247 	if (!nrt)
2248 		goto out;
2249 
2250 	nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE;
2251 	if (on_link)
2252 		nrt->rt6i_flags &= ~RTF_GATEWAY;
2253 
2254 	nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key;
2255 
2256 	if (ip6_ins_rt(nrt))
2257 		goto out;
2258 
2259 	netevent.old = &rt->dst;
2260 	netevent.new = &nrt->dst;
2261 	netevent.daddr = &msg->dest;
2262 	netevent.neigh = neigh;
2263 	call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
2264 
2265 	if (rt->rt6i_flags & RTF_CACHE) {
2266 		rt = (struct rt6_info *) dst_clone(&rt->dst);
2267 		ip6_del_rt(rt);
2268 	}
2269 
2270 out:
2271 	neigh_release(neigh);
2272 }
2273 
2274 /*
2275  *	Misc support functions
2276  */
2277 
2278 static void rt6_set_from(struct rt6_info *rt, struct rt6_info *from)
2279 {
2280 	BUG_ON(from->dst.from);
2281 
2282 	rt->rt6i_flags &= ~RTF_EXPIRES;
2283 	dst_hold(&from->dst);
2284 	rt->dst.from = &from->dst;
2285 	dst_init_metrics(&rt->dst, dst_metrics_ptr(&from->dst), true);
2286 }
2287 
2288 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort)
2289 {
2290 	rt->dst.input = ort->dst.input;
2291 	rt->dst.output = ort->dst.output;
2292 	rt->rt6i_dst = ort->rt6i_dst;
2293 	rt->dst.error = ort->dst.error;
2294 	rt->rt6i_idev = ort->rt6i_idev;
2295 	if (rt->rt6i_idev)
2296 		in6_dev_hold(rt->rt6i_idev);
2297 	rt->dst.lastuse = jiffies;
2298 	rt->rt6i_gateway = ort->rt6i_gateway;
2299 	rt->rt6i_flags = ort->rt6i_flags;
2300 	rt6_set_from(rt, ort);
2301 	rt->rt6i_metric = ort->rt6i_metric;
2302 #ifdef CONFIG_IPV6_SUBTREES
2303 	rt->rt6i_src = ort->rt6i_src;
2304 #endif
2305 	rt->rt6i_prefsrc = ort->rt6i_prefsrc;
2306 	rt->rt6i_table = ort->rt6i_table;
2307 	rt->dst.lwtstate = lwtstate_get(ort->dst.lwtstate);
2308 }
2309 
2310 #ifdef CONFIG_IPV6_ROUTE_INFO
2311 static struct rt6_info *rt6_get_route_info(struct net *net,
2312 					   const struct in6_addr *prefix, int prefixlen,
2313 					   const struct in6_addr *gwaddr, int ifindex)
2314 {
2315 	struct fib6_node *fn;
2316 	struct rt6_info *rt = NULL;
2317 	struct fib6_table *table;
2318 
2319 	table = fib6_get_table(net, RT6_TABLE_INFO);
2320 	if (!table)
2321 		return NULL;
2322 
2323 	read_lock_bh(&table->tb6_lock);
2324 	fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0);
2325 	if (!fn)
2326 		goto out;
2327 
2328 	for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2329 		if (rt->dst.dev->ifindex != ifindex)
2330 			continue;
2331 		if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
2332 			continue;
2333 		if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr))
2334 			continue;
2335 		dst_hold(&rt->dst);
2336 		break;
2337 	}
2338 out:
2339 	read_unlock_bh(&table->tb6_lock);
2340 	return rt;
2341 }
2342 
2343 static struct rt6_info *rt6_add_route_info(struct net *net,
2344 					   const struct in6_addr *prefix, int prefixlen,
2345 					   const struct in6_addr *gwaddr, int ifindex,
2346 					   unsigned int pref)
2347 {
2348 	struct fib6_config cfg = {
2349 		.fc_metric	= IP6_RT_PRIO_USER,
2350 		.fc_ifindex	= ifindex,
2351 		.fc_dst_len	= prefixlen,
2352 		.fc_flags	= RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO |
2353 				  RTF_UP | RTF_PREF(pref),
2354 		.fc_nlinfo.portid = 0,
2355 		.fc_nlinfo.nlh = NULL,
2356 		.fc_nlinfo.nl_net = net,
2357 	};
2358 
2359 	cfg.fc_table = l3mdev_fib_table_by_index(net, ifindex) ? : RT6_TABLE_INFO;
2360 	cfg.fc_dst = *prefix;
2361 	cfg.fc_gateway = *gwaddr;
2362 
2363 	/* We should treat it as a default route if prefix length is 0. */
2364 	if (!prefixlen)
2365 		cfg.fc_flags |= RTF_DEFAULT;
2366 
2367 	ip6_route_add(&cfg);
2368 
2369 	return rt6_get_route_info(net, prefix, prefixlen, gwaddr, ifindex);
2370 }
2371 #endif
2372 
2373 struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev)
2374 {
2375 	struct rt6_info *rt;
2376 	struct fib6_table *table;
2377 
2378 	table = fib6_get_table(dev_net(dev), RT6_TABLE_DFLT);
2379 	if (!table)
2380 		return NULL;
2381 
2382 	read_lock_bh(&table->tb6_lock);
2383 	for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2384 		if (dev == rt->dst.dev &&
2385 		    ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) &&
2386 		    ipv6_addr_equal(&rt->rt6i_gateway, addr))
2387 			break;
2388 	}
2389 	if (rt)
2390 		dst_hold(&rt->dst);
2391 	read_unlock_bh(&table->tb6_lock);
2392 	return rt;
2393 }
2394 
2395 struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr,
2396 				     struct net_device *dev,
2397 				     unsigned int pref)
2398 {
2399 	struct fib6_config cfg = {
2400 		.fc_table	= l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
2401 		.fc_metric	= IP6_RT_PRIO_USER,
2402 		.fc_ifindex	= dev->ifindex,
2403 		.fc_flags	= RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
2404 				  RTF_UP | RTF_EXPIRES | RTF_PREF(pref),
2405 		.fc_nlinfo.portid = 0,
2406 		.fc_nlinfo.nlh = NULL,
2407 		.fc_nlinfo.nl_net = dev_net(dev),
2408 	};
2409 
2410 	cfg.fc_gateway = *gwaddr;
2411 
2412 	ip6_route_add(&cfg);
2413 
2414 	return rt6_get_dflt_router(gwaddr, dev);
2415 }
2416 
2417 void rt6_purge_dflt_routers(struct net *net)
2418 {
2419 	struct rt6_info *rt;
2420 	struct fib6_table *table;
2421 
2422 	/* NOTE: Keep consistent with rt6_get_dflt_router */
2423 	table = fib6_get_table(net, RT6_TABLE_DFLT);
2424 	if (!table)
2425 		return;
2426 
2427 restart:
2428 	read_lock_bh(&table->tb6_lock);
2429 	for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2430 		if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
2431 		    (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) {
2432 			dst_hold(&rt->dst);
2433 			read_unlock_bh(&table->tb6_lock);
2434 			ip6_del_rt(rt);
2435 			goto restart;
2436 		}
2437 	}
2438 	read_unlock_bh(&table->tb6_lock);
2439 }
2440 
2441 static void rtmsg_to_fib6_config(struct net *net,
2442 				 struct in6_rtmsg *rtmsg,
2443 				 struct fib6_config *cfg)
2444 {
2445 	memset(cfg, 0, sizeof(*cfg));
2446 
2447 	cfg->fc_table = l3mdev_fib_table_by_index(net, rtmsg->rtmsg_ifindex) ?
2448 			 : RT6_TABLE_MAIN;
2449 	cfg->fc_ifindex = rtmsg->rtmsg_ifindex;
2450 	cfg->fc_metric = rtmsg->rtmsg_metric;
2451 	cfg->fc_expires = rtmsg->rtmsg_info;
2452 	cfg->fc_dst_len = rtmsg->rtmsg_dst_len;
2453 	cfg->fc_src_len = rtmsg->rtmsg_src_len;
2454 	cfg->fc_flags = rtmsg->rtmsg_flags;
2455 
2456 	cfg->fc_nlinfo.nl_net = net;
2457 
2458 	cfg->fc_dst = rtmsg->rtmsg_dst;
2459 	cfg->fc_src = rtmsg->rtmsg_src;
2460 	cfg->fc_gateway = rtmsg->rtmsg_gateway;
2461 }
2462 
2463 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
2464 {
2465 	struct fib6_config cfg;
2466 	struct in6_rtmsg rtmsg;
2467 	int err;
2468 
2469 	switch (cmd) {
2470 	case SIOCADDRT:		/* Add a route */
2471 	case SIOCDELRT:		/* Delete a route */
2472 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2473 			return -EPERM;
2474 		err = copy_from_user(&rtmsg, arg,
2475 				     sizeof(struct in6_rtmsg));
2476 		if (err)
2477 			return -EFAULT;
2478 
2479 		rtmsg_to_fib6_config(net, &rtmsg, &cfg);
2480 
2481 		rtnl_lock();
2482 		switch (cmd) {
2483 		case SIOCADDRT:
2484 			err = ip6_route_add(&cfg);
2485 			break;
2486 		case SIOCDELRT:
2487 			err = ip6_route_del(&cfg);
2488 			break;
2489 		default:
2490 			err = -EINVAL;
2491 		}
2492 		rtnl_unlock();
2493 
2494 		return err;
2495 	}
2496 
2497 	return -EINVAL;
2498 }
2499 
2500 /*
2501  *	Drop the packet on the floor
2502  */
2503 
2504 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
2505 {
2506 	int type;
2507 	struct dst_entry *dst = skb_dst(skb);
2508 	switch (ipstats_mib_noroutes) {
2509 	case IPSTATS_MIB_INNOROUTES:
2510 		type = ipv6_addr_type(&ipv6_hdr(skb)->daddr);
2511 		if (type == IPV6_ADDR_ANY) {
2512 			IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2513 				      IPSTATS_MIB_INADDRERRORS);
2514 			break;
2515 		}
2516 		/* FALLTHROUGH */
2517 	case IPSTATS_MIB_OUTNOROUTES:
2518 		IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2519 			      ipstats_mib_noroutes);
2520 		break;
2521 	}
2522 	icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0);
2523 	kfree_skb(skb);
2524 	return 0;
2525 }
2526 
2527 static int ip6_pkt_discard(struct sk_buff *skb)
2528 {
2529 	return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES);
2530 }
2531 
2532 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2533 {
2534 	skb->dev = skb_dst(skb)->dev;
2535 	return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES);
2536 }
2537 
2538 static int ip6_pkt_prohibit(struct sk_buff *skb)
2539 {
2540 	return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES);
2541 }
2542 
2543 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2544 {
2545 	skb->dev = skb_dst(skb)->dev;
2546 	return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
2547 }
2548 
2549 /*
2550  *	Allocate a dst for local (unicast / anycast) address.
2551  */
2552 
2553 struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2554 				    const struct in6_addr *addr,
2555 				    bool anycast)
2556 {
2557 	u32 tb_id;
2558 	struct net *net = dev_net(idev->dev);
2559 	struct rt6_info *rt = ip6_dst_alloc(net, net->loopback_dev,
2560 					    DST_NOCOUNT);
2561 	if (!rt)
2562 		return ERR_PTR(-ENOMEM);
2563 
2564 	in6_dev_hold(idev);
2565 
2566 	rt->dst.flags |= DST_HOST;
2567 	rt->dst.input = ip6_input;
2568 	rt->dst.output = ip6_output;
2569 	rt->rt6i_idev = idev;
2570 
2571 	rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
2572 	if (anycast)
2573 		rt->rt6i_flags |= RTF_ANYCAST;
2574 	else
2575 		rt->rt6i_flags |= RTF_LOCAL;
2576 
2577 	rt->rt6i_gateway  = *addr;
2578 	rt->rt6i_dst.addr = *addr;
2579 	rt->rt6i_dst.plen = 128;
2580 	tb_id = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL;
2581 	rt->rt6i_table = fib6_get_table(net, tb_id);
2582 	rt->dst.flags |= DST_NOCACHE;
2583 
2584 	atomic_set(&rt->dst.__refcnt, 1);
2585 
2586 	return rt;
2587 }
2588 
2589 /* remove deleted ip from prefsrc entries */
2590 struct arg_dev_net_ip {
2591 	struct net_device *dev;
2592 	struct net *net;
2593 	struct in6_addr *addr;
2594 };
2595 
2596 static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg)
2597 {
2598 	struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev;
2599 	struct net *net = ((struct arg_dev_net_ip *)arg)->net;
2600 	struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr;
2601 
2602 	if (((void *)rt->dst.dev == dev || !dev) &&
2603 	    rt != net->ipv6.ip6_null_entry &&
2604 	    ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) {
2605 		/* remove prefsrc entry */
2606 		rt->rt6i_prefsrc.plen = 0;
2607 	}
2608 	return 0;
2609 }
2610 
2611 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp)
2612 {
2613 	struct net *net = dev_net(ifp->idev->dev);
2614 	struct arg_dev_net_ip adni = {
2615 		.dev = ifp->idev->dev,
2616 		.net = net,
2617 		.addr = &ifp->addr,
2618 	};
2619 	fib6_clean_all(net, fib6_remove_prefsrc, &adni);
2620 }
2621 
2622 #define RTF_RA_ROUTER		(RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY)
2623 #define RTF_CACHE_GATEWAY	(RTF_GATEWAY | RTF_CACHE)
2624 
2625 /* Remove routers and update dst entries when gateway turn into host. */
2626 static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
2627 {
2628 	struct in6_addr *gateway = (struct in6_addr *)arg;
2629 
2630 	if ((((rt->rt6i_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) ||
2631 	     ((rt->rt6i_flags & RTF_CACHE_GATEWAY) == RTF_CACHE_GATEWAY)) &&
2632 	     ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
2633 		return -1;
2634 	}
2635 	return 0;
2636 }
2637 
2638 void rt6_clean_tohost(struct net *net, struct in6_addr *gateway)
2639 {
2640 	fib6_clean_all(net, fib6_clean_tohost, gateway);
2641 }
2642 
2643 struct arg_dev_net {
2644 	struct net_device *dev;
2645 	struct net *net;
2646 };
2647 
2648 static int fib6_ifdown(struct rt6_info *rt, void *arg)
2649 {
2650 	const struct arg_dev_net *adn = arg;
2651 	const struct net_device *dev = adn->dev;
2652 
2653 	if ((rt->dst.dev == dev || !dev) &&
2654 	    rt != adn->net->ipv6.ip6_null_entry)
2655 		return -1;
2656 
2657 	return 0;
2658 }
2659 
2660 void rt6_ifdown(struct net *net, struct net_device *dev)
2661 {
2662 	struct arg_dev_net adn = {
2663 		.dev = dev,
2664 		.net = net,
2665 	};
2666 
2667 	fib6_clean_all(net, fib6_ifdown, &adn);
2668 	icmp6_clean_all(fib6_ifdown, &adn);
2669 	if (dev)
2670 		rt6_uncached_list_flush_dev(net, dev);
2671 }
2672 
2673 struct rt6_mtu_change_arg {
2674 	struct net_device *dev;
2675 	unsigned int mtu;
2676 };
2677 
2678 static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg)
2679 {
2680 	struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg;
2681 	struct inet6_dev *idev;
2682 
2683 	/* In IPv6 pmtu discovery is not optional,
2684 	   so that RTAX_MTU lock cannot disable it.
2685 	   We still use this lock to block changes
2686 	   caused by addrconf/ndisc.
2687 	*/
2688 
2689 	idev = __in6_dev_get(arg->dev);
2690 	if (!idev)
2691 		return 0;
2692 
2693 	/* For administrative MTU increase, there is no way to discover
2694 	   IPv6 PMTU increase, so PMTU increase should be updated here.
2695 	   Since RFC 1981 doesn't include administrative MTU increase
2696 	   update PMTU increase is a MUST. (i.e. jumbo frame)
2697 	 */
2698 	/*
2699 	   If new MTU is less than route PMTU, this new MTU will be the
2700 	   lowest MTU in the path, update the route PMTU to reflect PMTU
2701 	   decreases; if new MTU is greater than route PMTU, and the
2702 	   old MTU is the lowest MTU in the path, update the route PMTU
2703 	   to reflect the increase. In this case if the other nodes' MTU
2704 	   also have the lowest MTU, TOO BIG MESSAGE will be lead to
2705 	   PMTU discouvery.
2706 	 */
2707 	if (rt->dst.dev == arg->dev &&
2708 	    !dst_metric_locked(&rt->dst, RTAX_MTU)) {
2709 		if (rt->rt6i_flags & RTF_CACHE) {
2710 			/* For RTF_CACHE with rt6i_pmtu == 0
2711 			 * (i.e. a redirected route),
2712 			 * the metrics of its rt->dst.from has already
2713 			 * been updated.
2714 			 */
2715 			if (rt->rt6i_pmtu && rt->rt6i_pmtu > arg->mtu)
2716 				rt->rt6i_pmtu = arg->mtu;
2717 		} else if (dst_mtu(&rt->dst) >= arg->mtu ||
2718 			   (dst_mtu(&rt->dst) < arg->mtu &&
2719 			    dst_mtu(&rt->dst) == idev->cnf.mtu6)) {
2720 			dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu);
2721 		}
2722 	}
2723 	return 0;
2724 }
2725 
2726 void rt6_mtu_change(struct net_device *dev, unsigned int mtu)
2727 {
2728 	struct rt6_mtu_change_arg arg = {
2729 		.dev = dev,
2730 		.mtu = mtu,
2731 	};
2732 
2733 	fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg);
2734 }
2735 
2736 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
2737 	[RTA_GATEWAY]           = { .len = sizeof(struct in6_addr) },
2738 	[RTA_OIF]               = { .type = NLA_U32 },
2739 	[RTA_IIF]		= { .type = NLA_U32 },
2740 	[RTA_PRIORITY]          = { .type = NLA_U32 },
2741 	[RTA_METRICS]           = { .type = NLA_NESTED },
2742 	[RTA_MULTIPATH]		= { .len = sizeof(struct rtnexthop) },
2743 	[RTA_PREF]              = { .type = NLA_U8 },
2744 	[RTA_ENCAP_TYPE]	= { .type = NLA_U16 },
2745 	[RTA_ENCAP]		= { .type = NLA_NESTED },
2746 	[RTA_EXPIRES]		= { .type = NLA_U32 },
2747 };
2748 
2749 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
2750 			      struct fib6_config *cfg)
2751 {
2752 	struct rtmsg *rtm;
2753 	struct nlattr *tb[RTA_MAX+1];
2754 	unsigned int pref;
2755 	int err;
2756 
2757 	err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy);
2758 	if (err < 0)
2759 		goto errout;
2760 
2761 	err = -EINVAL;
2762 	rtm = nlmsg_data(nlh);
2763 	memset(cfg, 0, sizeof(*cfg));
2764 
2765 	cfg->fc_table = rtm->rtm_table;
2766 	cfg->fc_dst_len = rtm->rtm_dst_len;
2767 	cfg->fc_src_len = rtm->rtm_src_len;
2768 	cfg->fc_flags = RTF_UP;
2769 	cfg->fc_protocol = rtm->rtm_protocol;
2770 	cfg->fc_type = rtm->rtm_type;
2771 
2772 	if (rtm->rtm_type == RTN_UNREACHABLE ||
2773 	    rtm->rtm_type == RTN_BLACKHOLE ||
2774 	    rtm->rtm_type == RTN_PROHIBIT ||
2775 	    rtm->rtm_type == RTN_THROW)
2776 		cfg->fc_flags |= RTF_REJECT;
2777 
2778 	if (rtm->rtm_type == RTN_LOCAL)
2779 		cfg->fc_flags |= RTF_LOCAL;
2780 
2781 	if (rtm->rtm_flags & RTM_F_CLONED)
2782 		cfg->fc_flags |= RTF_CACHE;
2783 
2784 	cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid;
2785 	cfg->fc_nlinfo.nlh = nlh;
2786 	cfg->fc_nlinfo.nl_net = sock_net(skb->sk);
2787 
2788 	if (tb[RTA_GATEWAY]) {
2789 		cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]);
2790 		cfg->fc_flags |= RTF_GATEWAY;
2791 	}
2792 
2793 	if (tb[RTA_DST]) {
2794 		int plen = (rtm->rtm_dst_len + 7) >> 3;
2795 
2796 		if (nla_len(tb[RTA_DST]) < plen)
2797 			goto errout;
2798 
2799 		nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen);
2800 	}
2801 
2802 	if (tb[RTA_SRC]) {
2803 		int plen = (rtm->rtm_src_len + 7) >> 3;
2804 
2805 		if (nla_len(tb[RTA_SRC]) < plen)
2806 			goto errout;
2807 
2808 		nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen);
2809 	}
2810 
2811 	if (tb[RTA_PREFSRC])
2812 		cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]);
2813 
2814 	if (tb[RTA_OIF])
2815 		cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]);
2816 
2817 	if (tb[RTA_PRIORITY])
2818 		cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]);
2819 
2820 	if (tb[RTA_METRICS]) {
2821 		cfg->fc_mx = nla_data(tb[RTA_METRICS]);
2822 		cfg->fc_mx_len = nla_len(tb[RTA_METRICS]);
2823 	}
2824 
2825 	if (tb[RTA_TABLE])
2826 		cfg->fc_table = nla_get_u32(tb[RTA_TABLE]);
2827 
2828 	if (tb[RTA_MULTIPATH]) {
2829 		cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
2830 		cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
2831 	}
2832 
2833 	if (tb[RTA_PREF]) {
2834 		pref = nla_get_u8(tb[RTA_PREF]);
2835 		if (pref != ICMPV6_ROUTER_PREF_LOW &&
2836 		    pref != ICMPV6_ROUTER_PREF_HIGH)
2837 			pref = ICMPV6_ROUTER_PREF_MEDIUM;
2838 		cfg->fc_flags |= RTF_PREF(pref);
2839 	}
2840 
2841 	if (tb[RTA_ENCAP])
2842 		cfg->fc_encap = tb[RTA_ENCAP];
2843 
2844 	if (tb[RTA_ENCAP_TYPE])
2845 		cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
2846 
2847 	if (tb[RTA_EXPIRES]) {
2848 		unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ);
2849 
2850 		if (addrconf_finite_timeout(timeout)) {
2851 			cfg->fc_expires = jiffies_to_clock_t(timeout * HZ);
2852 			cfg->fc_flags |= RTF_EXPIRES;
2853 		}
2854 	}
2855 
2856 	err = 0;
2857 errout:
2858 	return err;
2859 }
2860 
2861 struct rt6_nh {
2862 	struct rt6_info *rt6_info;
2863 	struct fib6_config r_cfg;
2864 	struct mx6_config mxc;
2865 	struct list_head next;
2866 };
2867 
2868 static void ip6_print_replace_route_err(struct list_head *rt6_nh_list)
2869 {
2870 	struct rt6_nh *nh;
2871 
2872 	list_for_each_entry(nh, rt6_nh_list, next) {
2873 		pr_warn("IPV6: multipath route replace failed (check consistency of installed routes): %pI6 nexthop %pI6 ifi %d\n",
2874 		        &nh->r_cfg.fc_dst, &nh->r_cfg.fc_gateway,
2875 		        nh->r_cfg.fc_ifindex);
2876 	}
2877 }
2878 
2879 static int ip6_route_info_append(struct list_head *rt6_nh_list,
2880 				 struct rt6_info *rt, struct fib6_config *r_cfg)
2881 {
2882 	struct rt6_nh *nh;
2883 	struct rt6_info *rtnh;
2884 	int err = -EEXIST;
2885 
2886 	list_for_each_entry(nh, rt6_nh_list, next) {
2887 		/* check if rt6_info already exists */
2888 		rtnh = nh->rt6_info;
2889 
2890 		if (rtnh->dst.dev == rt->dst.dev &&
2891 		    rtnh->rt6i_idev == rt->rt6i_idev &&
2892 		    ipv6_addr_equal(&rtnh->rt6i_gateway,
2893 				    &rt->rt6i_gateway))
2894 			return err;
2895 	}
2896 
2897 	nh = kzalloc(sizeof(*nh), GFP_KERNEL);
2898 	if (!nh)
2899 		return -ENOMEM;
2900 	nh->rt6_info = rt;
2901 	err = ip6_convert_metrics(&nh->mxc, r_cfg);
2902 	if (err) {
2903 		kfree(nh);
2904 		return err;
2905 	}
2906 	memcpy(&nh->r_cfg, r_cfg, sizeof(*r_cfg));
2907 	list_add_tail(&nh->next, rt6_nh_list);
2908 
2909 	return 0;
2910 }
2911 
2912 static int ip6_route_multipath_add(struct fib6_config *cfg)
2913 {
2914 	struct fib6_config r_cfg;
2915 	struct rtnexthop *rtnh;
2916 	struct rt6_info *rt;
2917 	struct rt6_nh *err_nh;
2918 	struct rt6_nh *nh, *nh_safe;
2919 	int remaining;
2920 	int attrlen;
2921 	int err = 1;
2922 	int nhn = 0;
2923 	int replace = (cfg->fc_nlinfo.nlh &&
2924 		       (cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_REPLACE));
2925 	LIST_HEAD(rt6_nh_list);
2926 
2927 	remaining = cfg->fc_mp_len;
2928 	rtnh = (struct rtnexthop *)cfg->fc_mp;
2929 
2930 	/* Parse a Multipath Entry and build a list (rt6_nh_list) of
2931 	 * rt6_info structs per nexthop
2932 	 */
2933 	while (rtnh_ok(rtnh, remaining)) {
2934 		memcpy(&r_cfg, cfg, sizeof(*cfg));
2935 		if (rtnh->rtnh_ifindex)
2936 			r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
2937 
2938 		attrlen = rtnh_attrlen(rtnh);
2939 		if (attrlen > 0) {
2940 			struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
2941 
2942 			nla = nla_find(attrs, attrlen, RTA_GATEWAY);
2943 			if (nla) {
2944 				r_cfg.fc_gateway = nla_get_in6_addr(nla);
2945 				r_cfg.fc_flags |= RTF_GATEWAY;
2946 			}
2947 			r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
2948 			nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
2949 			if (nla)
2950 				r_cfg.fc_encap_type = nla_get_u16(nla);
2951 		}
2952 
2953 		rt = ip6_route_info_create(&r_cfg);
2954 		if (IS_ERR(rt)) {
2955 			err = PTR_ERR(rt);
2956 			rt = NULL;
2957 			goto cleanup;
2958 		}
2959 
2960 		err = ip6_route_info_append(&rt6_nh_list, rt, &r_cfg);
2961 		if (err) {
2962 			dst_free(&rt->dst);
2963 			goto cleanup;
2964 		}
2965 
2966 		rtnh = rtnh_next(rtnh, &remaining);
2967 	}
2968 
2969 	err_nh = NULL;
2970 	list_for_each_entry(nh, &rt6_nh_list, next) {
2971 		err = __ip6_ins_rt(nh->rt6_info, &cfg->fc_nlinfo, &nh->mxc);
2972 		/* nh->rt6_info is used or freed at this point, reset to NULL*/
2973 		nh->rt6_info = NULL;
2974 		if (err) {
2975 			if (replace && nhn)
2976 				ip6_print_replace_route_err(&rt6_nh_list);
2977 			err_nh = nh;
2978 			goto add_errout;
2979 		}
2980 
2981 		/* Because each route is added like a single route we remove
2982 		 * these flags after the first nexthop: if there is a collision,
2983 		 * we have already failed to add the first nexthop:
2984 		 * fib6_add_rt2node() has rejected it; when replacing, old
2985 		 * nexthops have been replaced by first new, the rest should
2986 		 * be added to it.
2987 		 */
2988 		cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
2989 						     NLM_F_REPLACE);
2990 		nhn++;
2991 	}
2992 
2993 	goto cleanup;
2994 
2995 add_errout:
2996 	/* Delete routes that were already added */
2997 	list_for_each_entry(nh, &rt6_nh_list, next) {
2998 		if (err_nh == nh)
2999 			break;
3000 		ip6_route_del(&nh->r_cfg);
3001 	}
3002 
3003 cleanup:
3004 	list_for_each_entry_safe(nh, nh_safe, &rt6_nh_list, next) {
3005 		if (nh->rt6_info)
3006 			dst_free(&nh->rt6_info->dst);
3007 		kfree(nh->mxc.mx);
3008 		list_del(&nh->next);
3009 		kfree(nh);
3010 	}
3011 
3012 	return err;
3013 }
3014 
3015 static int ip6_route_multipath_del(struct fib6_config *cfg)
3016 {
3017 	struct fib6_config r_cfg;
3018 	struct rtnexthop *rtnh;
3019 	int remaining;
3020 	int attrlen;
3021 	int err = 1, last_err = 0;
3022 
3023 	remaining = cfg->fc_mp_len;
3024 	rtnh = (struct rtnexthop *)cfg->fc_mp;
3025 
3026 	/* Parse a Multipath Entry */
3027 	while (rtnh_ok(rtnh, remaining)) {
3028 		memcpy(&r_cfg, cfg, sizeof(*cfg));
3029 		if (rtnh->rtnh_ifindex)
3030 			r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
3031 
3032 		attrlen = rtnh_attrlen(rtnh);
3033 		if (attrlen > 0) {
3034 			struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
3035 
3036 			nla = nla_find(attrs, attrlen, RTA_GATEWAY);
3037 			if (nla) {
3038 				nla_memcpy(&r_cfg.fc_gateway, nla, 16);
3039 				r_cfg.fc_flags |= RTF_GATEWAY;
3040 			}
3041 		}
3042 		err = ip6_route_del(&r_cfg);
3043 		if (err)
3044 			last_err = err;
3045 
3046 		rtnh = rtnh_next(rtnh, &remaining);
3047 	}
3048 
3049 	return last_err;
3050 }
3051 
3052 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
3053 {
3054 	struct fib6_config cfg;
3055 	int err;
3056 
3057 	err = rtm_to_fib6_config(skb, nlh, &cfg);
3058 	if (err < 0)
3059 		return err;
3060 
3061 	if (cfg.fc_mp)
3062 		return ip6_route_multipath_del(&cfg);
3063 	else
3064 		return ip6_route_del(&cfg);
3065 }
3066 
3067 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
3068 {
3069 	struct fib6_config cfg;
3070 	int err;
3071 
3072 	err = rtm_to_fib6_config(skb, nlh, &cfg);
3073 	if (err < 0)
3074 		return err;
3075 
3076 	if (cfg.fc_mp)
3077 		return ip6_route_multipath_add(&cfg);
3078 	else
3079 		return ip6_route_add(&cfg);
3080 }
3081 
3082 static inline size_t rt6_nlmsg_size(struct rt6_info *rt)
3083 {
3084 	return NLMSG_ALIGN(sizeof(struct rtmsg))
3085 	       + nla_total_size(16) /* RTA_SRC */
3086 	       + nla_total_size(16) /* RTA_DST */
3087 	       + nla_total_size(16) /* RTA_GATEWAY */
3088 	       + nla_total_size(16) /* RTA_PREFSRC */
3089 	       + nla_total_size(4) /* RTA_TABLE */
3090 	       + nla_total_size(4) /* RTA_IIF */
3091 	       + nla_total_size(4) /* RTA_OIF */
3092 	       + nla_total_size(4) /* RTA_PRIORITY */
3093 	       + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */
3094 	       + nla_total_size(sizeof(struct rta_cacheinfo))
3095 	       + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */
3096 	       + nla_total_size(1) /* RTA_PREF */
3097 	       + lwtunnel_get_encap_size(rt->dst.lwtstate);
3098 }
3099 
3100 static int rt6_fill_node(struct net *net,
3101 			 struct sk_buff *skb, struct rt6_info *rt,
3102 			 struct in6_addr *dst, struct in6_addr *src,
3103 			 int iif, int type, u32 portid, u32 seq,
3104 			 int prefix, int nowait, unsigned int flags)
3105 {
3106 	u32 metrics[RTAX_MAX];
3107 	struct rtmsg *rtm;
3108 	struct nlmsghdr *nlh;
3109 	long expires;
3110 	u32 table;
3111 
3112 	if (prefix) {	/* user wants prefix routes only */
3113 		if (!(rt->rt6i_flags & RTF_PREFIX_RT)) {
3114 			/* success since this is not a prefix route */
3115 			return 1;
3116 		}
3117 	}
3118 
3119 	nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags);
3120 	if (!nlh)
3121 		return -EMSGSIZE;
3122 
3123 	rtm = nlmsg_data(nlh);
3124 	rtm->rtm_family = AF_INET6;
3125 	rtm->rtm_dst_len = rt->rt6i_dst.plen;
3126 	rtm->rtm_src_len = rt->rt6i_src.plen;
3127 	rtm->rtm_tos = 0;
3128 	if (rt->rt6i_table)
3129 		table = rt->rt6i_table->tb6_id;
3130 	else
3131 		table = RT6_TABLE_UNSPEC;
3132 	rtm->rtm_table = table;
3133 	if (nla_put_u32(skb, RTA_TABLE, table))
3134 		goto nla_put_failure;
3135 	if (rt->rt6i_flags & RTF_REJECT) {
3136 		switch (rt->dst.error) {
3137 		case -EINVAL:
3138 			rtm->rtm_type = RTN_BLACKHOLE;
3139 			break;
3140 		case -EACCES:
3141 			rtm->rtm_type = RTN_PROHIBIT;
3142 			break;
3143 		case -EAGAIN:
3144 			rtm->rtm_type = RTN_THROW;
3145 			break;
3146 		default:
3147 			rtm->rtm_type = RTN_UNREACHABLE;
3148 			break;
3149 		}
3150 	}
3151 	else if (rt->rt6i_flags & RTF_LOCAL)
3152 		rtm->rtm_type = RTN_LOCAL;
3153 	else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK))
3154 		rtm->rtm_type = RTN_LOCAL;
3155 	else
3156 		rtm->rtm_type = RTN_UNICAST;
3157 	rtm->rtm_flags = 0;
3158 	if (!netif_carrier_ok(rt->dst.dev)) {
3159 		rtm->rtm_flags |= RTNH_F_LINKDOWN;
3160 		if (rt->rt6i_idev->cnf.ignore_routes_with_linkdown)
3161 			rtm->rtm_flags |= RTNH_F_DEAD;
3162 	}
3163 	rtm->rtm_scope = RT_SCOPE_UNIVERSE;
3164 	rtm->rtm_protocol = rt->rt6i_protocol;
3165 	if (rt->rt6i_flags & RTF_DYNAMIC)
3166 		rtm->rtm_protocol = RTPROT_REDIRECT;
3167 	else if (rt->rt6i_flags & RTF_ADDRCONF) {
3168 		if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ROUTEINFO))
3169 			rtm->rtm_protocol = RTPROT_RA;
3170 		else
3171 			rtm->rtm_protocol = RTPROT_KERNEL;
3172 	}
3173 
3174 	if (rt->rt6i_flags & RTF_CACHE)
3175 		rtm->rtm_flags |= RTM_F_CLONED;
3176 
3177 	if (dst) {
3178 		if (nla_put_in6_addr(skb, RTA_DST, dst))
3179 			goto nla_put_failure;
3180 		rtm->rtm_dst_len = 128;
3181 	} else if (rtm->rtm_dst_len)
3182 		if (nla_put_in6_addr(skb, RTA_DST, &rt->rt6i_dst.addr))
3183 			goto nla_put_failure;
3184 #ifdef CONFIG_IPV6_SUBTREES
3185 	if (src) {
3186 		if (nla_put_in6_addr(skb, RTA_SRC, src))
3187 			goto nla_put_failure;
3188 		rtm->rtm_src_len = 128;
3189 	} else if (rtm->rtm_src_len &&
3190 		   nla_put_in6_addr(skb, RTA_SRC, &rt->rt6i_src.addr))
3191 		goto nla_put_failure;
3192 #endif
3193 	if (iif) {
3194 #ifdef CONFIG_IPV6_MROUTE
3195 		if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) {
3196 			int err = ip6mr_get_route(net, skb, rtm, nowait);
3197 			if (err <= 0) {
3198 				if (!nowait) {
3199 					if (err == 0)
3200 						return 0;
3201 					goto nla_put_failure;
3202 				} else {
3203 					if (err == -EMSGSIZE)
3204 						goto nla_put_failure;
3205 				}
3206 			}
3207 		} else
3208 #endif
3209 			if (nla_put_u32(skb, RTA_IIF, iif))
3210 				goto nla_put_failure;
3211 	} else if (dst) {
3212 		struct in6_addr saddr_buf;
3213 		if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 &&
3214 		    nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3215 			goto nla_put_failure;
3216 	}
3217 
3218 	if (rt->rt6i_prefsrc.plen) {
3219 		struct in6_addr saddr_buf;
3220 		saddr_buf = rt->rt6i_prefsrc.addr;
3221 		if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3222 			goto nla_put_failure;
3223 	}
3224 
3225 	memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
3226 	if (rt->rt6i_pmtu)
3227 		metrics[RTAX_MTU - 1] = rt->rt6i_pmtu;
3228 	if (rtnetlink_put_metrics(skb, metrics) < 0)
3229 		goto nla_put_failure;
3230 
3231 	if (rt->rt6i_flags & RTF_GATEWAY) {
3232 		if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->rt6i_gateway) < 0)
3233 			goto nla_put_failure;
3234 	}
3235 
3236 	if (rt->dst.dev &&
3237 	    nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
3238 		goto nla_put_failure;
3239 	if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric))
3240 		goto nla_put_failure;
3241 
3242 	expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0;
3243 
3244 	if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0)
3245 		goto nla_put_failure;
3246 
3247 	if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags)))
3248 		goto nla_put_failure;
3249 
3250 	lwtunnel_fill_encap(skb, rt->dst.lwtstate);
3251 
3252 	nlmsg_end(skb, nlh);
3253 	return 0;
3254 
3255 nla_put_failure:
3256 	nlmsg_cancel(skb, nlh);
3257 	return -EMSGSIZE;
3258 }
3259 
3260 int rt6_dump_route(struct rt6_info *rt, void *p_arg)
3261 {
3262 	struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
3263 	int prefix;
3264 
3265 	if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) {
3266 		struct rtmsg *rtm = nlmsg_data(arg->cb->nlh);
3267 		prefix = (rtm->rtm_flags & RTM_F_PREFIX) != 0;
3268 	} else
3269 		prefix = 0;
3270 
3271 	return rt6_fill_node(arg->net,
3272 		     arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE,
3273 		     NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq,
3274 		     prefix, 0, NLM_F_MULTI);
3275 }
3276 
3277 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
3278 {
3279 	struct net *net = sock_net(in_skb->sk);
3280 	struct nlattr *tb[RTA_MAX+1];
3281 	struct rt6_info *rt;
3282 	struct sk_buff *skb;
3283 	struct rtmsg *rtm;
3284 	struct flowi6 fl6;
3285 	int err, iif = 0, oif = 0;
3286 
3287 	err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy);
3288 	if (err < 0)
3289 		goto errout;
3290 
3291 	err = -EINVAL;
3292 	memset(&fl6, 0, sizeof(fl6));
3293 	rtm = nlmsg_data(nlh);
3294 	fl6.flowlabel = ip6_make_flowinfo(rtm->rtm_tos, 0);
3295 
3296 	if (tb[RTA_SRC]) {
3297 		if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr))
3298 			goto errout;
3299 
3300 		fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]);
3301 	}
3302 
3303 	if (tb[RTA_DST]) {
3304 		if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr))
3305 			goto errout;
3306 
3307 		fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]);
3308 	}
3309 
3310 	if (tb[RTA_IIF])
3311 		iif = nla_get_u32(tb[RTA_IIF]);
3312 
3313 	if (tb[RTA_OIF])
3314 		oif = nla_get_u32(tb[RTA_OIF]);
3315 
3316 	if (tb[RTA_MARK])
3317 		fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]);
3318 
3319 	if (iif) {
3320 		struct net_device *dev;
3321 		int flags = 0;
3322 
3323 		dev = __dev_get_by_index(net, iif);
3324 		if (!dev) {
3325 			err = -ENODEV;
3326 			goto errout;
3327 		}
3328 
3329 		fl6.flowi6_iif = iif;
3330 
3331 		if (!ipv6_addr_any(&fl6.saddr))
3332 			flags |= RT6_LOOKUP_F_HAS_SADDR;
3333 
3334 		rt = (struct rt6_info *)ip6_route_input_lookup(net, dev, &fl6,
3335 							       flags);
3336 	} else {
3337 		fl6.flowi6_oif = oif;
3338 
3339 		if (netif_index_is_l3_master(net, oif)) {
3340 			fl6.flowi6_flags = FLOWI_FLAG_L3MDEV_SRC |
3341 					   FLOWI_FLAG_SKIP_NH_OIF;
3342 		}
3343 
3344 		rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6);
3345 	}
3346 
3347 	skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3348 	if (!skb) {
3349 		ip6_rt_put(rt);
3350 		err = -ENOBUFS;
3351 		goto errout;
3352 	}
3353 
3354 	/* Reserve room for dummy headers, this skb can pass
3355 	   through good chunk of routing engine.
3356 	 */
3357 	skb_reset_mac_header(skb);
3358 	skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr));
3359 
3360 	skb_dst_set(skb, &rt->dst);
3361 
3362 	err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif,
3363 			    RTM_NEWROUTE, NETLINK_CB(in_skb).portid,
3364 			    nlh->nlmsg_seq, 0, 0, 0);
3365 	if (err < 0) {
3366 		kfree_skb(skb);
3367 		goto errout;
3368 	}
3369 
3370 	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3371 errout:
3372 	return err;
3373 }
3374 
3375 void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info,
3376 		     unsigned int nlm_flags)
3377 {
3378 	struct sk_buff *skb;
3379 	struct net *net = info->nl_net;
3380 	u32 seq;
3381 	int err;
3382 
3383 	err = -ENOBUFS;
3384 	seq = info->nlh ? info->nlh->nlmsg_seq : 0;
3385 
3386 	skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
3387 	if (!skb)
3388 		goto errout;
3389 
3390 	err = rt6_fill_node(net, skb, rt, NULL, NULL, 0,
3391 				event, info->portid, seq, 0, 0, nlm_flags);
3392 	if (err < 0) {
3393 		/* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
3394 		WARN_ON(err == -EMSGSIZE);
3395 		kfree_skb(skb);
3396 		goto errout;
3397 	}
3398 	rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
3399 		    info->nlh, gfp_any());
3400 	return;
3401 errout:
3402 	if (err < 0)
3403 		rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
3404 }
3405 
3406 static int ip6_route_dev_notify(struct notifier_block *this,
3407 				unsigned long event, void *ptr)
3408 {
3409 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3410 	struct net *net = dev_net(dev);
3411 
3412 	if (event == NETDEV_REGISTER && (dev->flags & IFF_LOOPBACK)) {
3413 		net->ipv6.ip6_null_entry->dst.dev = dev;
3414 		net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev);
3415 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3416 		net->ipv6.ip6_prohibit_entry->dst.dev = dev;
3417 		net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
3418 		net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
3419 		net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
3420 #endif
3421 	}
3422 
3423 	return NOTIFY_OK;
3424 }
3425 
3426 /*
3427  *	/proc
3428  */
3429 
3430 #ifdef CONFIG_PROC_FS
3431 
3432 static const struct file_operations ipv6_route_proc_fops = {
3433 	.owner		= THIS_MODULE,
3434 	.open		= ipv6_route_open,
3435 	.read		= seq_read,
3436 	.llseek		= seq_lseek,
3437 	.release	= seq_release_net,
3438 };
3439 
3440 static int rt6_stats_seq_show(struct seq_file *seq, void *v)
3441 {
3442 	struct net *net = (struct net *)seq->private;
3443 	seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n",
3444 		   net->ipv6.rt6_stats->fib_nodes,
3445 		   net->ipv6.rt6_stats->fib_route_nodes,
3446 		   net->ipv6.rt6_stats->fib_rt_alloc,
3447 		   net->ipv6.rt6_stats->fib_rt_entries,
3448 		   net->ipv6.rt6_stats->fib_rt_cache,
3449 		   dst_entries_get_slow(&net->ipv6.ip6_dst_ops),
3450 		   net->ipv6.rt6_stats->fib_discarded_routes);
3451 
3452 	return 0;
3453 }
3454 
3455 static int rt6_stats_seq_open(struct inode *inode, struct file *file)
3456 {
3457 	return single_open_net(inode, file, rt6_stats_seq_show);
3458 }
3459 
3460 static const struct file_operations rt6_stats_seq_fops = {
3461 	.owner	 = THIS_MODULE,
3462 	.open	 = rt6_stats_seq_open,
3463 	.read	 = seq_read,
3464 	.llseek	 = seq_lseek,
3465 	.release = single_release_net,
3466 };
3467 #endif	/* CONFIG_PROC_FS */
3468 
3469 #ifdef CONFIG_SYSCTL
3470 
3471 static
3472 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
3473 			      void __user *buffer, size_t *lenp, loff_t *ppos)
3474 {
3475 	struct net *net;
3476 	int delay;
3477 	if (!write)
3478 		return -EINVAL;
3479 
3480 	net = (struct net *)ctl->extra1;
3481 	delay = net->ipv6.sysctl.flush_delay;
3482 	proc_dointvec(ctl, write, buffer, lenp, ppos);
3483 	fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0);
3484 	return 0;
3485 }
3486 
3487 struct ctl_table ipv6_route_table_template[] = {
3488 	{
3489 		.procname	=	"flush",
3490 		.data		=	&init_net.ipv6.sysctl.flush_delay,
3491 		.maxlen		=	sizeof(int),
3492 		.mode		=	0200,
3493 		.proc_handler	=	ipv6_sysctl_rtcache_flush
3494 	},
3495 	{
3496 		.procname	=	"gc_thresh",
3497 		.data		=	&ip6_dst_ops_template.gc_thresh,
3498 		.maxlen		=	sizeof(int),
3499 		.mode		=	0644,
3500 		.proc_handler	=	proc_dointvec,
3501 	},
3502 	{
3503 		.procname	=	"max_size",
3504 		.data		=	&init_net.ipv6.sysctl.ip6_rt_max_size,
3505 		.maxlen		=	sizeof(int),
3506 		.mode		=	0644,
3507 		.proc_handler	=	proc_dointvec,
3508 	},
3509 	{
3510 		.procname	=	"gc_min_interval",
3511 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3512 		.maxlen		=	sizeof(int),
3513 		.mode		=	0644,
3514 		.proc_handler	=	proc_dointvec_jiffies,
3515 	},
3516 	{
3517 		.procname	=	"gc_timeout",
3518 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_timeout,
3519 		.maxlen		=	sizeof(int),
3520 		.mode		=	0644,
3521 		.proc_handler	=	proc_dointvec_jiffies,
3522 	},
3523 	{
3524 		.procname	=	"gc_interval",
3525 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_interval,
3526 		.maxlen		=	sizeof(int),
3527 		.mode		=	0644,
3528 		.proc_handler	=	proc_dointvec_jiffies,
3529 	},
3530 	{
3531 		.procname	=	"gc_elasticity",
3532 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_elasticity,
3533 		.maxlen		=	sizeof(int),
3534 		.mode		=	0644,
3535 		.proc_handler	=	proc_dointvec,
3536 	},
3537 	{
3538 		.procname	=	"mtu_expires",
3539 		.data		=	&init_net.ipv6.sysctl.ip6_rt_mtu_expires,
3540 		.maxlen		=	sizeof(int),
3541 		.mode		=	0644,
3542 		.proc_handler	=	proc_dointvec_jiffies,
3543 	},
3544 	{
3545 		.procname	=	"min_adv_mss",
3546 		.data		=	&init_net.ipv6.sysctl.ip6_rt_min_advmss,
3547 		.maxlen		=	sizeof(int),
3548 		.mode		=	0644,
3549 		.proc_handler	=	proc_dointvec,
3550 	},
3551 	{
3552 		.procname	=	"gc_min_interval_ms",
3553 		.data		=	&init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3554 		.maxlen		=	sizeof(int),
3555 		.mode		=	0644,
3556 		.proc_handler	=	proc_dointvec_ms_jiffies,
3557 	},
3558 	{ }
3559 };
3560 
3561 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
3562 {
3563 	struct ctl_table *table;
3564 
3565 	table = kmemdup(ipv6_route_table_template,
3566 			sizeof(ipv6_route_table_template),
3567 			GFP_KERNEL);
3568 
3569 	if (table) {
3570 		table[0].data = &net->ipv6.sysctl.flush_delay;
3571 		table[0].extra1 = net;
3572 		table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh;
3573 		table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
3574 		table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3575 		table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
3576 		table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
3577 		table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
3578 		table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
3579 		table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
3580 		table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3581 
3582 		/* Don't export sysctls to unprivileged users */
3583 		if (net->user_ns != &init_user_ns)
3584 			table[0].procname = NULL;
3585 	}
3586 
3587 	return table;
3588 }
3589 #endif
3590 
3591 static int __net_init ip6_route_net_init(struct net *net)
3592 {
3593 	int ret = -ENOMEM;
3594 
3595 	memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template,
3596 	       sizeof(net->ipv6.ip6_dst_ops));
3597 
3598 	if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0)
3599 		goto out_ip6_dst_ops;
3600 
3601 	net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template,
3602 					   sizeof(*net->ipv6.ip6_null_entry),
3603 					   GFP_KERNEL);
3604 	if (!net->ipv6.ip6_null_entry)
3605 		goto out_ip6_dst_entries;
3606 	net->ipv6.ip6_null_entry->dst.path =
3607 		(struct dst_entry *)net->ipv6.ip6_null_entry;
3608 	net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3609 	dst_init_metrics(&net->ipv6.ip6_null_entry->dst,
3610 			 ip6_template_metrics, true);
3611 
3612 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3613 	net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
3614 					       sizeof(*net->ipv6.ip6_prohibit_entry),
3615 					       GFP_KERNEL);
3616 	if (!net->ipv6.ip6_prohibit_entry)
3617 		goto out_ip6_null_entry;
3618 	net->ipv6.ip6_prohibit_entry->dst.path =
3619 		(struct dst_entry *)net->ipv6.ip6_prohibit_entry;
3620 	net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3621 	dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst,
3622 			 ip6_template_metrics, true);
3623 
3624 	net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
3625 					       sizeof(*net->ipv6.ip6_blk_hole_entry),
3626 					       GFP_KERNEL);
3627 	if (!net->ipv6.ip6_blk_hole_entry)
3628 		goto out_ip6_prohibit_entry;
3629 	net->ipv6.ip6_blk_hole_entry->dst.path =
3630 		(struct dst_entry *)net->ipv6.ip6_blk_hole_entry;
3631 	net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
3632 	dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
3633 			 ip6_template_metrics, true);
3634 #endif
3635 
3636 	net->ipv6.sysctl.flush_delay = 0;
3637 	net->ipv6.sysctl.ip6_rt_max_size = 4096;
3638 	net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
3639 	net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;
3640 	net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ;
3641 	net->ipv6.sysctl.ip6_rt_gc_elasticity = 9;
3642 	net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
3643 	net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
3644 
3645 	net->ipv6.ip6_rt_gc_expire = 30*HZ;
3646 
3647 	ret = 0;
3648 out:
3649 	return ret;
3650 
3651 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3652 out_ip6_prohibit_entry:
3653 	kfree(net->ipv6.ip6_prohibit_entry);
3654 out_ip6_null_entry:
3655 	kfree(net->ipv6.ip6_null_entry);
3656 #endif
3657 out_ip6_dst_entries:
3658 	dst_entries_destroy(&net->ipv6.ip6_dst_ops);
3659 out_ip6_dst_ops:
3660 	goto out;
3661 }
3662 
3663 static void __net_exit ip6_route_net_exit(struct net *net)
3664 {
3665 	kfree(net->ipv6.ip6_null_entry);
3666 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3667 	kfree(net->ipv6.ip6_prohibit_entry);
3668 	kfree(net->ipv6.ip6_blk_hole_entry);
3669 #endif
3670 	dst_entries_destroy(&net->ipv6.ip6_dst_ops);
3671 }
3672 
3673 static int __net_init ip6_route_net_init_late(struct net *net)
3674 {
3675 #ifdef CONFIG_PROC_FS
3676 	proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops);
3677 	proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops);
3678 #endif
3679 	return 0;
3680 }
3681 
3682 static void __net_exit ip6_route_net_exit_late(struct net *net)
3683 {
3684 #ifdef CONFIG_PROC_FS
3685 	remove_proc_entry("ipv6_route", net->proc_net);
3686 	remove_proc_entry("rt6_stats", net->proc_net);
3687 #endif
3688 }
3689 
3690 static struct pernet_operations ip6_route_net_ops = {
3691 	.init = ip6_route_net_init,
3692 	.exit = ip6_route_net_exit,
3693 };
3694 
3695 static int __net_init ipv6_inetpeer_init(struct net *net)
3696 {
3697 	struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
3698 
3699 	if (!bp)
3700 		return -ENOMEM;
3701 	inet_peer_base_init(bp);
3702 	net->ipv6.peers = bp;
3703 	return 0;
3704 }
3705 
3706 static void __net_exit ipv6_inetpeer_exit(struct net *net)
3707 {
3708 	struct inet_peer_base *bp = net->ipv6.peers;
3709 
3710 	net->ipv6.peers = NULL;
3711 	inetpeer_invalidate_tree(bp);
3712 	kfree(bp);
3713 }
3714 
3715 static struct pernet_operations ipv6_inetpeer_ops = {
3716 	.init	=	ipv6_inetpeer_init,
3717 	.exit	=	ipv6_inetpeer_exit,
3718 };
3719 
3720 static struct pernet_operations ip6_route_net_late_ops = {
3721 	.init = ip6_route_net_init_late,
3722 	.exit = ip6_route_net_exit_late,
3723 };
3724 
3725 static struct notifier_block ip6_route_dev_notifier = {
3726 	.notifier_call = ip6_route_dev_notify,
3727 	.priority = 0,
3728 };
3729 
3730 int __init ip6_route_init(void)
3731 {
3732 	int ret;
3733 	int cpu;
3734 
3735 	ret = -ENOMEM;
3736 	ip6_dst_ops_template.kmem_cachep =
3737 		kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0,
3738 				  SLAB_HWCACHE_ALIGN, NULL);
3739 	if (!ip6_dst_ops_template.kmem_cachep)
3740 		goto out;
3741 
3742 	ret = dst_entries_init(&ip6_dst_blackhole_ops);
3743 	if (ret)
3744 		goto out_kmem_cache;
3745 
3746 	ret = register_pernet_subsys(&ipv6_inetpeer_ops);
3747 	if (ret)
3748 		goto out_dst_entries;
3749 
3750 	ret = register_pernet_subsys(&ip6_route_net_ops);
3751 	if (ret)
3752 		goto out_register_inetpeer;
3753 
3754 	ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep;
3755 
3756 	/* Registering of the loopback is done before this portion of code,
3757 	 * the loopback reference in rt6_info will not be taken, do it
3758 	 * manually for init_net */
3759 	init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev;
3760 	init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3761   #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3762 	init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev;
3763 	init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3764 	init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
3765 	init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
3766   #endif
3767 	ret = fib6_init();
3768 	if (ret)
3769 		goto out_register_subsys;
3770 
3771 	ret = xfrm6_init();
3772 	if (ret)
3773 		goto out_fib6_init;
3774 
3775 	ret = fib6_rules_init();
3776 	if (ret)
3777 		goto xfrm6_init;
3778 
3779 	ret = register_pernet_subsys(&ip6_route_net_late_ops);
3780 	if (ret)
3781 		goto fib6_rules_init;
3782 
3783 	ret = -ENOBUFS;
3784 	if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, NULL) ||
3785 	    __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, NULL) ||
3786 	    __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL, NULL))
3787 		goto out_register_late_subsys;
3788 
3789 	ret = register_netdevice_notifier(&ip6_route_dev_notifier);
3790 	if (ret)
3791 		goto out_register_late_subsys;
3792 
3793 	for_each_possible_cpu(cpu) {
3794 		struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
3795 
3796 		INIT_LIST_HEAD(&ul->head);
3797 		spin_lock_init(&ul->lock);
3798 	}
3799 
3800 out:
3801 	return ret;
3802 
3803 out_register_late_subsys:
3804 	unregister_pernet_subsys(&ip6_route_net_late_ops);
3805 fib6_rules_init:
3806 	fib6_rules_cleanup();
3807 xfrm6_init:
3808 	xfrm6_fini();
3809 out_fib6_init:
3810 	fib6_gc_cleanup();
3811 out_register_subsys:
3812 	unregister_pernet_subsys(&ip6_route_net_ops);
3813 out_register_inetpeer:
3814 	unregister_pernet_subsys(&ipv6_inetpeer_ops);
3815 out_dst_entries:
3816 	dst_entries_destroy(&ip6_dst_blackhole_ops);
3817 out_kmem_cache:
3818 	kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
3819 	goto out;
3820 }
3821 
3822 void ip6_route_cleanup(void)
3823 {
3824 	unregister_netdevice_notifier(&ip6_route_dev_notifier);
3825 	unregister_pernet_subsys(&ip6_route_net_late_ops);
3826 	fib6_rules_cleanup();
3827 	xfrm6_fini();
3828 	fib6_gc_cleanup();
3829 	unregister_pernet_subsys(&ipv6_inetpeer_ops);
3830 	unregister_pernet_subsys(&ip6_route_net_ops);
3831 	dst_entries_destroy(&ip6_dst_blackhole_ops);
3832 	kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
3833 }
3834