Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-linus
[linux-2.6] / net / ipv4 / route.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              ROUTE - implementation of the IP router.
7  *
8  * Version:     $Id: route.c,v 1.103 2002/01/12 07:44:09 davem Exp $
9  *
10  * Authors:     Ross Biro
11  *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12  *              Alan Cox, <gw4pts@gw4pts.ampr.org>
13  *              Linus Torvalds, <Linus.Torvalds@helsinki.fi>
14  *              Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15  *
16  * Fixes:
17  *              Alan Cox        :       Verify area fixes.
18  *              Alan Cox        :       cli() protects routing changes
19  *              Rui Oliveira    :       ICMP routing table updates
20  *              (rco@di.uminho.pt)      Routing table insertion and update
21  *              Linus Torvalds  :       Rewrote bits to be sensible
22  *              Alan Cox        :       Added BSD route gw semantics
23  *              Alan Cox        :       Super /proc >4K
24  *              Alan Cox        :       MTU in route table
25  *              Alan Cox        :       MSS actually. Also added the window
26  *                                      clamper.
27  *              Sam Lantinga    :       Fixed route matching in rt_del()
28  *              Alan Cox        :       Routing cache support.
29  *              Alan Cox        :       Removed compatibility cruft.
30  *              Alan Cox        :       RTF_REJECT support.
31  *              Alan Cox        :       TCP irtt support.
32  *              Jonathan Naylor :       Added Metric support.
33  *      Miquel van Smoorenburg  :       BSD API fixes.
34  *      Miquel van Smoorenburg  :       Metrics.
35  *              Alan Cox        :       Use __u32 properly
36  *              Alan Cox        :       Aligned routing errors more closely with BSD
37  *                                      our system is still very different.
38  *              Alan Cox        :       Faster /proc handling
39  *      Alexey Kuznetsov        :       Massive rework to support tree based routing,
40  *                                      routing caches and better behaviour.
41  *
42  *              Olaf Erb        :       irtt wasn't being copied right.
43  *              Bjorn Ekwall    :       Kerneld route support.
44  *              Alan Cox        :       Multicast fixed (I hope)
45  *              Pavel Krauz     :       Limited broadcast fixed
46  *              Mike McLagan    :       Routing by source
47  *      Alexey Kuznetsov        :       End of old history. Split to fib.c and
48  *                                      route.c and rewritten from scratch.
49  *              Andi Kleen      :       Load-limit warning messages.
50  *      Vitaly E. Lavrov        :       Transparent proxy revived after year coma.
51  *      Vitaly E. Lavrov        :       Race condition in ip_route_input_slow.
52  *      Tobias Ringstrom        :       Uninitialized res.type in ip_route_output_slow.
53  *      Vladimir V. Ivanov      :       IP rule info (flowid) is really useful.
54  *              Marc Boucher    :       routing by fwmark
55  *      Robert Olsson           :       Added rt_cache statistics
56  *      Arnaldo C. Melo         :       Convert proc stuff to seq_file
57  *      Eric Dumazet            :       hashed spinlocks and rt_check_expire() fixes.
58  *      Ilia Sotnikov           :       Ignore TOS on PMTUD and Redirect
59  *      Ilia Sotnikov           :       Removed TOS from hash calculations
60  *
61  *              This program is free software; you can redistribute it and/or
62  *              modify it under the terms of the GNU General Public License
63  *              as published by the Free Software Foundation; either version
64  *              2 of the License, or (at your option) any later version.
65  */
66
67 #include <linux/module.h>
68 #include <asm/uaccess.h>
69 #include <asm/system.h>
70 #include <linux/bitops.h>
71 #include <linux/types.h>
72 #include <linux/kernel.h>
73 #include <linux/mm.h>
74 #include <linux/bootmem.h>
75 #include <linux/string.h>
76 #include <linux/socket.h>
77 #include <linux/sockios.h>
78 #include <linux/errno.h>
79 #include <linux/in.h>
80 #include <linux/inet.h>
81 #include <linux/netdevice.h>
82 #include <linux/proc_fs.h>
83 #include <linux/init.h>
84 #include <linux/workqueue.h>
85 #include <linux/skbuff.h>
86 #include <linux/inetdevice.h>
87 #include <linux/igmp.h>
88 #include <linux/pkt_sched.h>
89 #include <linux/mroute.h>
90 #include <linux/netfilter_ipv4.h>
91 #include <linux/random.h>
92 #include <linux/jhash.h>
93 #include <linux/rcupdate.h>
94 #include <linux/times.h>
95 #include <net/dst.h>
96 #include <net/net_namespace.h>
97 #include <net/protocol.h>
98 #include <net/ip.h>
99 #include <net/route.h>
100 #include <net/inetpeer.h>
101 #include <net/sock.h>
102 #include <net/ip_fib.h>
103 #include <net/arp.h>
104 #include <net/tcp.h>
105 #include <net/icmp.h>
106 #include <net/xfrm.h>
107 #include <net/netevent.h>
108 #include <net/rtnetlink.h>
109 #ifdef CONFIG_SYSCTL
110 #include <linux/sysctl.h>
111 #endif
112
113 #define RT_FL_TOS(oldflp) \
114     ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK)))
115
116 #define IP_MAX_MTU      0xFFF0
117
118 #define RT_GC_TIMEOUT (300*HZ)
119
120 static int ip_rt_max_size;
121 static int ip_rt_gc_timeout __read_mostly       = RT_GC_TIMEOUT;
122 static int ip_rt_gc_interval __read_mostly      = 60 * HZ;
123 static int ip_rt_gc_min_interval __read_mostly  = HZ / 2;
124 static int ip_rt_redirect_number __read_mostly  = 9;
125 static int ip_rt_redirect_load __read_mostly    = HZ / 50;
126 static int ip_rt_redirect_silence __read_mostly = ((HZ / 50) << (9 + 1));
127 static int ip_rt_error_cost __read_mostly       = HZ;
128 static int ip_rt_error_burst __read_mostly      = 5 * HZ;
129 static int ip_rt_gc_elasticity __read_mostly    = 8;
130 static int ip_rt_mtu_expires __read_mostly      = 10 * 60 * HZ;
131 static int ip_rt_min_pmtu __read_mostly         = 512 + 20 + 20;
132 static int ip_rt_min_advmss __read_mostly       = 256;
133 static int ip_rt_secret_interval __read_mostly  = 10 * 60 * HZ;
134
135 static void rt_worker_func(struct work_struct *work);
136 static DECLARE_DELAYED_WORK(expires_work, rt_worker_func);
137 static struct timer_list rt_secret_timer;
138
139 /*
140  *      Interface to generic destination cache.
141  */
142
143 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie);
144 static void              ipv4_dst_destroy(struct dst_entry *dst);
145 static void              ipv4_dst_ifdown(struct dst_entry *dst,
146                                          struct net_device *dev, int how);
147 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst);
148 static void              ipv4_link_failure(struct sk_buff *skb);
149 static void              ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
150 static int rt_garbage_collect(struct dst_ops *ops);
151
152
153 static struct dst_ops ipv4_dst_ops = {
154         .family =               AF_INET,
155         .protocol =             __constant_htons(ETH_P_IP),
156         .gc =                   rt_garbage_collect,
157         .check =                ipv4_dst_check,
158         .destroy =              ipv4_dst_destroy,
159         .ifdown =               ipv4_dst_ifdown,
160         .negative_advice =      ipv4_negative_advice,
161         .link_failure =         ipv4_link_failure,
162         .update_pmtu =          ip_rt_update_pmtu,
163         .local_out =            ip_local_out,
164         .entry_size =           sizeof(struct rtable),
165         .entries =              ATOMIC_INIT(0),
166 };
167
168 #define ECN_OR_COST(class)      TC_PRIO_##class
169
170 const __u8 ip_tos2prio[16] = {
171         TC_PRIO_BESTEFFORT,
172         ECN_OR_COST(FILLER),
173         TC_PRIO_BESTEFFORT,
174         ECN_OR_COST(BESTEFFORT),
175         TC_PRIO_BULK,
176         ECN_OR_COST(BULK),
177         TC_PRIO_BULK,
178         ECN_OR_COST(BULK),
179         TC_PRIO_INTERACTIVE,
180         ECN_OR_COST(INTERACTIVE),
181         TC_PRIO_INTERACTIVE,
182         ECN_OR_COST(INTERACTIVE),
183         TC_PRIO_INTERACTIVE_BULK,
184         ECN_OR_COST(INTERACTIVE_BULK),
185         TC_PRIO_INTERACTIVE_BULK,
186         ECN_OR_COST(INTERACTIVE_BULK)
187 };
188
189
190 /*
191  * Route cache.
192  */
193
194 /* The locking scheme is rather straight forward:
195  *
196  * 1) Read-Copy Update protects the buckets of the central route hash.
197  * 2) Only writers remove entries, and they hold the lock
198  *    as they look at rtable reference counts.
199  * 3) Only readers acquire references to rtable entries,
200  *    they do so with atomic increments and with the
201  *    lock held.
202  */
203
204 struct rt_hash_bucket {
205         struct rtable   *chain;
206 };
207 #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) || \
208         defined(CONFIG_PROVE_LOCKING)
209 /*
210  * Instead of using one spinlock for each rt_hash_bucket, we use a table of spinlocks
211  * The size of this table is a power of two and depends on the number of CPUS.
212  * (on lockdep we have a quite big spinlock_t, so keep the size down there)
213  */
214 #ifdef CONFIG_LOCKDEP
215 # define RT_HASH_LOCK_SZ        256
216 #else
217 # if NR_CPUS >= 32
218 #  define RT_HASH_LOCK_SZ       4096
219 # elif NR_CPUS >= 16
220 #  define RT_HASH_LOCK_SZ       2048
221 # elif NR_CPUS >= 8
222 #  define RT_HASH_LOCK_SZ       1024
223 # elif NR_CPUS >= 4
224 #  define RT_HASH_LOCK_SZ       512
225 # else
226 #  define RT_HASH_LOCK_SZ       256
227 # endif
228 #endif
229
230 static spinlock_t       *rt_hash_locks;
231 # define rt_hash_lock_addr(slot) &rt_hash_locks[(slot) & (RT_HASH_LOCK_SZ - 1)]
232
233 static __init void rt_hash_lock_init(void)
234 {
235         int i;
236
237         rt_hash_locks = kmalloc(sizeof(spinlock_t) * RT_HASH_LOCK_SZ,
238                         GFP_KERNEL);
239         if (!rt_hash_locks)
240                 panic("IP: failed to allocate rt_hash_locks\n");
241
242         for (i = 0; i < RT_HASH_LOCK_SZ; i++)
243                 spin_lock_init(&rt_hash_locks[i]);
244 }
245 #else
246 # define rt_hash_lock_addr(slot) NULL
247
248 static inline void rt_hash_lock_init(void)
249 {
250 }
251 #endif
252
253 static struct rt_hash_bucket    *rt_hash_table __read_mostly;
254 static unsigned                 rt_hash_mask __read_mostly;
255 static unsigned int             rt_hash_log  __read_mostly;
256 static atomic_t                 rt_genid __read_mostly;
257
258 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
259 #define RT_CACHE_STAT_INC(field) \
260         (__raw_get_cpu_var(rt_cache_stat).field++)
261
262 static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx)
263 {
264         return jhash_3words((__force u32)(__be32)(daddr),
265                             (__force u32)(__be32)(saddr),
266                             idx, atomic_read(&rt_genid))
267                 & rt_hash_mask;
268 }
269
270 #ifdef CONFIG_PROC_FS
271 struct rt_cache_iter_state {
272         struct seq_net_private p;
273         int bucket;
274         int genid;
275 };
276
277 static struct rtable *rt_cache_get_first(struct seq_file *seq)
278 {
279         struct rt_cache_iter_state *st = seq->private;
280         struct rtable *r = NULL;
281
282         for (st->bucket = rt_hash_mask; st->bucket >= 0; --st->bucket) {
283                 rcu_read_lock_bh();
284                 r = rcu_dereference(rt_hash_table[st->bucket].chain);
285                 while (r) {
286                         if (dev_net(r->u.dst.dev) == seq_file_net(seq) &&
287                             r->rt_genid == st->genid)
288                                 return r;
289                         r = rcu_dereference(r->u.dst.rt_next);
290                 }
291                 rcu_read_unlock_bh();
292         }
293         return r;
294 }
295
296 static struct rtable *__rt_cache_get_next(struct seq_file *seq,
297                                           struct rtable *r)
298 {
299         struct rt_cache_iter_state *st = seq->private;
300         r = r->u.dst.rt_next;
301         while (!r) {
302                 rcu_read_unlock_bh();
303                 if (--st->bucket < 0)
304                         break;
305                 rcu_read_lock_bh();
306                 r = rt_hash_table[st->bucket].chain;
307         }
308         return rcu_dereference(r);
309 }
310
311 static struct rtable *rt_cache_get_next(struct seq_file *seq,
312                                         struct rtable *r)
313 {
314         struct rt_cache_iter_state *st = seq->private;
315         while ((r = __rt_cache_get_next(seq, r)) != NULL) {
316                 if (dev_net(r->u.dst.dev) != seq_file_net(seq))
317                         continue;
318                 if (r->rt_genid == st->genid)
319                         break;
320         }
321         return r;
322 }
323
324 static struct rtable *rt_cache_get_idx(struct seq_file *seq, loff_t pos)
325 {
326         struct rtable *r = rt_cache_get_first(seq);
327
328         if (r)
329                 while (pos && (r = rt_cache_get_next(seq, r)))
330                         --pos;
331         return pos ? NULL : r;
332 }
333
334 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
335 {
336         struct rt_cache_iter_state *st = seq->private;
337         if (*pos)
338                 return rt_cache_get_idx(seq, *pos - 1);
339         st->genid = atomic_read(&rt_genid);
340         return SEQ_START_TOKEN;
341 }
342
343 static void *rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
344 {
345         struct rtable *r;
346
347         if (v == SEQ_START_TOKEN)
348                 r = rt_cache_get_first(seq);
349         else
350                 r = rt_cache_get_next(seq, v);
351         ++*pos;
352         return r;
353 }
354
355 static void rt_cache_seq_stop(struct seq_file *seq, void *v)
356 {
357         if (v && v != SEQ_START_TOKEN)
358                 rcu_read_unlock_bh();
359 }
360
361 static int rt_cache_seq_show(struct seq_file *seq, void *v)
362 {
363         if (v == SEQ_START_TOKEN)
364                 seq_printf(seq, "%-127s\n",
365                            "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t"
366                            "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
367                            "HHUptod\tSpecDst");
368         else {
369                 struct rtable *r = v;
370                 int len;
371
372                 seq_printf(seq, "%s\t%08lX\t%08lX\t%8X\t%d\t%u\t%d\t"
373                               "%08lX\t%d\t%u\t%u\t%02X\t%d\t%1d\t%08X%n",
374                         r->u.dst.dev ? r->u.dst.dev->name : "*",
375                         (unsigned long)r->rt_dst, (unsigned long)r->rt_gateway,
376                         r->rt_flags, atomic_read(&r->u.dst.__refcnt),
377                         r->u.dst.__use, 0, (unsigned long)r->rt_src,
378                         (dst_metric(&r->u.dst, RTAX_ADVMSS) ?
379                              (int)dst_metric(&r->u.dst, RTAX_ADVMSS) + 40 : 0),
380                         dst_metric(&r->u.dst, RTAX_WINDOW),
381                         (int)((dst_metric(&r->u.dst, RTAX_RTT) >> 3) +
382                               dst_metric(&r->u.dst, RTAX_RTTVAR)),
383                         r->fl.fl4_tos,
384                         r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1,
385                         r->u.dst.hh ? (r->u.dst.hh->hh_output ==
386                                        dev_queue_xmit) : 0,
387                         r->rt_spec_dst, &len);
388
389                 seq_printf(seq, "%*s\n", 127 - len, "");
390         }
391         return 0;
392 }
393
394 static const struct seq_operations rt_cache_seq_ops = {
395         .start  = rt_cache_seq_start,
396         .next   = rt_cache_seq_next,
397         .stop   = rt_cache_seq_stop,
398         .show   = rt_cache_seq_show,
399 };
400
401 static int rt_cache_seq_open(struct inode *inode, struct file *file)
402 {
403         return seq_open_net(inode, file, &rt_cache_seq_ops,
404                         sizeof(struct rt_cache_iter_state));
405 }
406
407 static const struct file_operations rt_cache_seq_fops = {
408         .owner   = THIS_MODULE,
409         .open    = rt_cache_seq_open,
410         .read    = seq_read,
411         .llseek  = seq_lseek,
412         .release = seq_release_net,
413 };
414
415
416 static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos)
417 {
418         int cpu;
419
420         if (*pos == 0)
421                 return SEQ_START_TOKEN;
422
423         for (cpu = *pos-1; cpu < NR_CPUS; ++cpu) {
424                 if (!cpu_possible(cpu))
425                         continue;
426                 *pos = cpu+1;
427                 return &per_cpu(rt_cache_stat, cpu);
428         }
429         return NULL;
430 }
431
432 static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
433 {
434         int cpu;
435
436         for (cpu = *pos; cpu < NR_CPUS; ++cpu) {
437                 if (!cpu_possible(cpu))
438                         continue;
439                 *pos = cpu+1;
440                 return &per_cpu(rt_cache_stat, cpu);
441         }
442         return NULL;
443
444 }
445
446 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
447 {
448
449 }
450
451 static int rt_cpu_seq_show(struct seq_file *seq, void *v)
452 {
453         struct rt_cache_stat *st = v;
454
455         if (v == SEQ_START_TOKEN) {
456                 seq_printf(seq, "entries  in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src  out_hit out_slow_tot out_slow_mc  gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
457                 return 0;
458         }
459
460         seq_printf(seq,"%08x  %08x %08x %08x %08x %08x %08x %08x "
461                    " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
462                    atomic_read(&ipv4_dst_ops.entries),
463                    st->in_hit,
464                    st->in_slow_tot,
465                    st->in_slow_mc,
466                    st->in_no_route,
467                    st->in_brd,
468                    st->in_martian_dst,
469                    st->in_martian_src,
470
471                    st->out_hit,
472                    st->out_slow_tot,
473                    st->out_slow_mc,
474
475                    st->gc_total,
476                    st->gc_ignored,
477                    st->gc_goal_miss,
478                    st->gc_dst_overflow,
479                    st->in_hlist_search,
480                    st->out_hlist_search
481                 );
482         return 0;
483 }
484
485 static const struct seq_operations rt_cpu_seq_ops = {
486         .start  = rt_cpu_seq_start,
487         .next   = rt_cpu_seq_next,
488         .stop   = rt_cpu_seq_stop,
489         .show   = rt_cpu_seq_show,
490 };
491
492
493 static int rt_cpu_seq_open(struct inode *inode, struct file *file)
494 {
495         return seq_open(file, &rt_cpu_seq_ops);
496 }
497
498 static const struct file_operations rt_cpu_seq_fops = {
499         .owner   = THIS_MODULE,
500         .open    = rt_cpu_seq_open,
501         .read    = seq_read,
502         .llseek  = seq_lseek,
503         .release = seq_release,
504 };
505
506 #ifdef CONFIG_NET_CLS_ROUTE
507 static int ip_rt_acct_read(char *buffer, char **start, off_t offset,
508                            int length, int *eof, void *data)
509 {
510         unsigned int i;
511
512         if ((offset & 3) || (length & 3))
513                 return -EIO;
514
515         if (offset >= sizeof(struct ip_rt_acct) * 256) {
516                 *eof = 1;
517                 return 0;
518         }
519
520         if (offset + length >= sizeof(struct ip_rt_acct) * 256) {
521                 length = sizeof(struct ip_rt_acct) * 256 - offset;
522                 *eof = 1;
523         }
524
525         offset /= sizeof(u32);
526
527         if (length > 0) {
528                 u32 *dst = (u32 *) buffer;
529
530                 *start = buffer;
531                 memset(dst, 0, length);
532
533                 for_each_possible_cpu(i) {
534                         unsigned int j;
535                         u32 *src;
536
537                         src = ((u32 *) per_cpu_ptr(ip_rt_acct, i)) + offset;
538                         for (j = 0; j < length/4; j++)
539                                 dst[j] += src[j];
540                 }
541         }
542         return length;
543 }
544 #endif
545
546 static int __net_init ip_rt_do_proc_init(struct net *net)
547 {
548         struct proc_dir_entry *pde;
549
550         pde = proc_net_fops_create(net, "rt_cache", S_IRUGO,
551                         &rt_cache_seq_fops);
552         if (!pde)
553                 goto err1;
554
555         pde = proc_create("rt_cache", S_IRUGO,
556                           net->proc_net_stat, &rt_cpu_seq_fops);
557         if (!pde)
558                 goto err2;
559
560 #ifdef CONFIG_NET_CLS_ROUTE
561         pde = create_proc_read_entry("rt_acct", 0, net->proc_net,
562                         ip_rt_acct_read, NULL);
563         if (!pde)
564                 goto err3;
565 #endif
566         return 0;
567
568 #ifdef CONFIG_NET_CLS_ROUTE
569 err3:
570         remove_proc_entry("rt_cache", net->proc_net_stat);
571 #endif
572 err2:
573         remove_proc_entry("rt_cache", net->proc_net);
574 err1:
575         return -ENOMEM;
576 }
577
578 static void __net_exit ip_rt_do_proc_exit(struct net *net)
579 {
580         remove_proc_entry("rt_cache", net->proc_net_stat);
581         remove_proc_entry("rt_cache", net->proc_net);
582         remove_proc_entry("rt_acct", net->proc_net);
583 }
584
585 static struct pernet_operations ip_rt_proc_ops __net_initdata =  {
586         .init = ip_rt_do_proc_init,
587         .exit = ip_rt_do_proc_exit,
588 };
589
590 static int __init ip_rt_proc_init(void)
591 {
592         return register_pernet_subsys(&ip_rt_proc_ops);
593 }
594
595 #else
596 static inline int ip_rt_proc_init(void)
597 {
598         return 0;
599 }
600 #endif /* CONFIG_PROC_FS */
601
602 static inline void rt_free(struct rtable *rt)
603 {
604         call_rcu_bh(&rt->u.dst.rcu_head, dst_rcu_free);
605 }
606
607 static inline void rt_drop(struct rtable *rt)
608 {
609         ip_rt_put(rt);
610         call_rcu_bh(&rt->u.dst.rcu_head, dst_rcu_free);
611 }
612
613 static inline int rt_fast_clean(struct rtable *rth)
614 {
615         /* Kill broadcast/multicast entries very aggresively, if they
616            collide in hash table with more useful entries */
617         return (rth->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) &&
618                 rth->fl.iif && rth->u.dst.rt_next;
619 }
620
621 static inline int rt_valuable(struct rtable *rth)
622 {
623         return (rth->rt_flags & (RTCF_REDIRECTED | RTCF_NOTIFY)) ||
624                 rth->u.dst.expires;
625 }
626
627 static int rt_may_expire(struct rtable *rth, unsigned long tmo1, unsigned long tmo2)
628 {
629         unsigned long age;
630         int ret = 0;
631
632         if (atomic_read(&rth->u.dst.__refcnt))
633                 goto out;
634
635         ret = 1;
636         if (rth->u.dst.expires &&
637             time_after_eq(jiffies, rth->u.dst.expires))
638                 goto out;
639
640         age = jiffies - rth->u.dst.lastuse;
641         ret = 0;
642         if ((age <= tmo1 && !rt_fast_clean(rth)) ||
643             (age <= tmo2 && rt_valuable(rth)))
644                 goto out;
645         ret = 1;
646 out:    return ret;
647 }
648
649 /* Bits of score are:
650  * 31: very valuable
651  * 30: not quite useless
652  * 29..0: usage counter
653  */
654 static inline u32 rt_score(struct rtable *rt)
655 {
656         u32 score = jiffies - rt->u.dst.lastuse;
657
658         score = ~score & ~(3<<30);
659
660         if (rt_valuable(rt))
661                 score |= (1<<31);
662
663         if (!rt->fl.iif ||
664             !(rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL)))
665                 score |= (1<<30);
666
667         return score;
668 }
669
670 static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
671 {
672         return ((__force u32)((fl1->nl_u.ip4_u.daddr ^ fl2->nl_u.ip4_u.daddr) |
673                 (fl1->nl_u.ip4_u.saddr ^ fl2->nl_u.ip4_u.saddr)) |
674                 (fl1->mark ^ fl2->mark) |
675                 (*(u16 *)&fl1->nl_u.ip4_u.tos ^
676                  *(u16 *)&fl2->nl_u.ip4_u.tos) |
677                 (fl1->oif ^ fl2->oif) |
678                 (fl1->iif ^ fl2->iif)) == 0;
679 }
680
681 static inline int compare_netns(struct rtable *rt1, struct rtable *rt2)
682 {
683         return dev_net(rt1->u.dst.dev) == dev_net(rt2->u.dst.dev);
684 }
685
686 /*
687  * Perform a full scan of hash table and free all entries.
688  * Can be called by a softirq or a process.
689  * In the later case, we want to be reschedule if necessary
690  */
691 static void rt_do_flush(int process_context)
692 {
693         unsigned int i;
694         struct rtable *rth, *next;
695
696         for (i = 0; i <= rt_hash_mask; i++) {
697                 if (process_context && need_resched())
698                         cond_resched();
699                 rth = rt_hash_table[i].chain;
700                 if (!rth)
701                         continue;
702
703                 spin_lock_bh(rt_hash_lock_addr(i));
704                 rth = rt_hash_table[i].chain;
705                 rt_hash_table[i].chain = NULL;
706                 spin_unlock_bh(rt_hash_lock_addr(i));
707
708                 for (; rth; rth = next) {
709                         next = rth->u.dst.rt_next;
710                         rt_free(rth);
711                 }
712         }
713 }
714
715 static void rt_check_expire(void)
716 {
717         static unsigned int rover;
718         unsigned int i = rover, goal;
719         struct rtable *rth, **rthp;
720         u64 mult;
721
722         mult = ((u64)ip_rt_gc_interval) << rt_hash_log;
723         if (ip_rt_gc_timeout > 1)
724                 do_div(mult, ip_rt_gc_timeout);
725         goal = (unsigned int)mult;
726         if (goal > rt_hash_mask)
727                 goal = rt_hash_mask + 1;
728         for (; goal > 0; goal--) {
729                 unsigned long tmo = ip_rt_gc_timeout;
730
731                 i = (i + 1) & rt_hash_mask;
732                 rthp = &rt_hash_table[i].chain;
733
734                 if (need_resched())
735                         cond_resched();
736
737                 if (*rthp == NULL)
738                         continue;
739                 spin_lock_bh(rt_hash_lock_addr(i));
740                 while ((rth = *rthp) != NULL) {
741                         if (rth->rt_genid != atomic_read(&rt_genid)) {
742                                 *rthp = rth->u.dst.rt_next;
743                                 rt_free(rth);
744                                 continue;
745                         }
746                         if (rth->u.dst.expires) {
747                                 /* Entry is expired even if it is in use */
748                                 if (time_before_eq(jiffies, rth->u.dst.expires)) {
749                                         tmo >>= 1;
750                                         rthp = &rth->u.dst.rt_next;
751                                         continue;
752                                 }
753                         } else if (!rt_may_expire(rth, tmo, ip_rt_gc_timeout)) {
754                                 tmo >>= 1;
755                                 rthp = &rth->u.dst.rt_next;
756                                 continue;
757                         }
758
759                         /* Cleanup aged off entries. */
760                         *rthp = rth->u.dst.rt_next;
761                         rt_free(rth);
762                 }
763                 spin_unlock_bh(rt_hash_lock_addr(i));
764         }
765         rover = i;
766 }
767
768 /*
769  * rt_worker_func() is run in process context.
770  * we call rt_check_expire() to scan part of the hash table
771  */
772 static void rt_worker_func(struct work_struct *work)
773 {
774         rt_check_expire();
775         schedule_delayed_work(&expires_work, ip_rt_gc_interval);
776 }
777
778 /*
779  * Pertubation of rt_genid by a small quantity [1..256]
780  * Using 8 bits of shuffling ensure we can call rt_cache_invalidate()
781  * many times (2^24) without giving recent rt_genid.
782  * Jenkins hash is strong enough that litle changes of rt_genid are OK.
783  */
784 static void rt_cache_invalidate(void)
785 {
786         unsigned char shuffle;
787
788         get_random_bytes(&shuffle, sizeof(shuffle));
789         atomic_add(shuffle + 1U, &rt_genid);
790 }
791
792 /*
793  * delay < 0  : invalidate cache (fast : entries will be deleted later)
794  * delay >= 0 : invalidate & flush cache (can be long)
795  */
796 void rt_cache_flush(int delay)
797 {
798         rt_cache_invalidate();
799         if (delay >= 0)
800                 rt_do_flush(!in_softirq());
801 }
802
803 /*
804  * We change rt_genid and let gc do the cleanup
805  */
806 static void rt_secret_rebuild(unsigned long dummy)
807 {
808         rt_cache_invalidate();
809         mod_timer(&rt_secret_timer, jiffies + ip_rt_secret_interval);
810 }
811
812 /*
813    Short description of GC goals.
814
815    We want to build algorithm, which will keep routing cache
816    at some equilibrium point, when number of aged off entries
817    is kept approximately equal to newly generated ones.
818
819    Current expiration strength is variable "expire".
820    We try to adjust it dynamically, so that if networking
821    is idle expires is large enough to keep enough of warm entries,
822    and when load increases it reduces to limit cache size.
823  */
824
825 static int rt_garbage_collect(struct dst_ops *ops)
826 {
827         static unsigned long expire = RT_GC_TIMEOUT;
828         static unsigned long last_gc;
829         static int rover;
830         static int equilibrium;
831         struct rtable *rth, **rthp;
832         unsigned long now = jiffies;
833         int goal;
834
835         /*
836          * Garbage collection is pretty expensive,
837          * do not make it too frequently.
838          */
839
840         RT_CACHE_STAT_INC(gc_total);
841
842         if (now - last_gc < ip_rt_gc_min_interval &&
843             atomic_read(&ipv4_dst_ops.entries) < ip_rt_max_size) {
844                 RT_CACHE_STAT_INC(gc_ignored);
845                 goto out;
846         }
847
848         /* Calculate number of entries, which we want to expire now. */
849         goal = atomic_read(&ipv4_dst_ops.entries) -
850                 (ip_rt_gc_elasticity << rt_hash_log);
851         if (goal <= 0) {
852                 if (equilibrium < ipv4_dst_ops.gc_thresh)
853                         equilibrium = ipv4_dst_ops.gc_thresh;
854                 goal = atomic_read(&ipv4_dst_ops.entries) - equilibrium;
855                 if (goal > 0) {
856                         equilibrium += min_t(unsigned int, goal >> 1, rt_hash_mask + 1);
857                         goal = atomic_read(&ipv4_dst_ops.entries) - equilibrium;
858                 }
859         } else {
860                 /* We are in dangerous area. Try to reduce cache really
861                  * aggressively.
862                  */
863                 goal = max_t(unsigned int, goal >> 1, rt_hash_mask + 1);
864                 equilibrium = atomic_read(&ipv4_dst_ops.entries) - goal;
865         }
866
867         if (now - last_gc >= ip_rt_gc_min_interval)
868                 last_gc = now;
869
870         if (goal <= 0) {
871                 equilibrium += goal;
872                 goto work_done;
873         }
874
875         do {
876                 int i, k;
877
878                 for (i = rt_hash_mask, k = rover; i >= 0; i--) {
879                         unsigned long tmo = expire;
880
881                         k = (k + 1) & rt_hash_mask;
882                         rthp = &rt_hash_table[k].chain;
883                         spin_lock_bh(rt_hash_lock_addr(k));
884                         while ((rth = *rthp) != NULL) {
885                                 if (rth->rt_genid == atomic_read(&rt_genid) &&
886                                         !rt_may_expire(rth, tmo, expire)) {
887                                         tmo >>= 1;
888                                         rthp = &rth->u.dst.rt_next;
889                                         continue;
890                                 }
891                                 *rthp = rth->u.dst.rt_next;
892                                 rt_free(rth);
893                                 goal--;
894                         }
895                         spin_unlock_bh(rt_hash_lock_addr(k));
896                         if (goal <= 0)
897                                 break;
898                 }
899                 rover = k;
900
901                 if (goal <= 0)
902                         goto work_done;
903
904                 /* Goal is not achieved. We stop process if:
905
906                    - if expire reduced to zero. Otherwise, expire is halfed.
907                    - if table is not full.
908                    - if we are called from interrupt.
909                    - jiffies check is just fallback/debug loop breaker.
910                      We will not spin here for long time in any case.
911                  */
912
913                 RT_CACHE_STAT_INC(gc_goal_miss);
914
915                 if (expire == 0)
916                         break;
917
918                 expire >>= 1;
919 #if RT_CACHE_DEBUG >= 2
920                 printk(KERN_DEBUG "expire>> %u %d %d %d\n", expire,
921                                 atomic_read(&ipv4_dst_ops.entries), goal, i);
922 #endif
923
924                 if (atomic_read(&ipv4_dst_ops.entries) < ip_rt_max_size)
925                         goto out;
926         } while (!in_softirq() && time_before_eq(jiffies, now));
927
928         if (atomic_read(&ipv4_dst_ops.entries) < ip_rt_max_size)
929                 goto out;
930         if (net_ratelimit())
931                 printk(KERN_WARNING "dst cache overflow\n");
932         RT_CACHE_STAT_INC(gc_dst_overflow);
933         return 1;
934
935 work_done:
936         expire += ip_rt_gc_min_interval;
937         if (expire > ip_rt_gc_timeout ||
938             atomic_read(&ipv4_dst_ops.entries) < ipv4_dst_ops.gc_thresh)
939                 expire = ip_rt_gc_timeout;
940 #if RT_CACHE_DEBUG >= 2
941         printk(KERN_DEBUG "expire++ %u %d %d %d\n", expire,
942                         atomic_read(&ipv4_dst_ops.entries), goal, rover);
943 #endif
944 out:    return 0;
945 }
946
947 static int rt_intern_hash(unsigned hash, struct rtable *rt, struct rtable **rp)
948 {
949         struct rtable   *rth, **rthp;
950         unsigned long   now;
951         struct rtable *cand, **candp;
952         u32             min_score;
953         int             chain_length;
954         int attempts = !in_softirq();
955
956 restart:
957         chain_length = 0;
958         min_score = ~(u32)0;
959         cand = NULL;
960         candp = NULL;
961         now = jiffies;
962
963         rthp = &rt_hash_table[hash].chain;
964
965         spin_lock_bh(rt_hash_lock_addr(hash));
966         while ((rth = *rthp) != NULL) {
967                 if (rth->rt_genid != atomic_read(&rt_genid)) {
968                         *rthp = rth->u.dst.rt_next;
969                         rt_free(rth);
970                         continue;
971                 }
972                 if (compare_keys(&rth->fl, &rt->fl) && compare_netns(rth, rt)) {
973                         /* Put it first */
974                         *rthp = rth->u.dst.rt_next;
975                         /*
976                          * Since lookup is lockfree, the deletion
977                          * must be visible to another weakly ordered CPU before
978                          * the insertion at the start of the hash chain.
979                          */
980                         rcu_assign_pointer(rth->u.dst.rt_next,
981                                            rt_hash_table[hash].chain);
982                         /*
983                          * Since lookup is lockfree, the update writes
984                          * must be ordered for consistency on SMP.
985                          */
986                         rcu_assign_pointer(rt_hash_table[hash].chain, rth);
987
988                         dst_use(&rth->u.dst, now);
989                         spin_unlock_bh(rt_hash_lock_addr(hash));
990
991                         rt_drop(rt);
992                         *rp = rth;
993                         return 0;
994                 }
995
996                 if (!atomic_read(&rth->u.dst.__refcnt)) {
997                         u32 score = rt_score(rth);
998
999                         if (score <= min_score) {
1000                                 cand = rth;
1001                                 candp = rthp;
1002                                 min_score = score;
1003                         }
1004                 }
1005
1006                 chain_length++;
1007
1008                 rthp = &rth->u.dst.rt_next;
1009         }
1010
1011         if (cand) {
1012                 /* ip_rt_gc_elasticity used to be average length of chain
1013                  * length, when exceeded gc becomes really aggressive.
1014                  *
1015                  * The second limit is less certain. At the moment it allows
1016                  * only 2 entries per bucket. We will see.
1017                  */
1018                 if (chain_length > ip_rt_gc_elasticity) {
1019                         *candp = cand->u.dst.rt_next;
1020                         rt_free(cand);
1021                 }
1022         }
1023
1024         /* Try to bind route to arp only if it is output
1025            route or unicast forwarding path.
1026          */
1027         if (rt->rt_type == RTN_UNICAST || rt->fl.iif == 0) {
1028                 int err = arp_bind_neighbour(&rt->u.dst);
1029                 if (err) {
1030                         spin_unlock_bh(rt_hash_lock_addr(hash));
1031
1032                         if (err != -ENOBUFS) {
1033                                 rt_drop(rt);
1034                                 return err;
1035                         }
1036
1037                         /* Neighbour tables are full and nothing
1038                            can be released. Try to shrink route cache,
1039                            it is most likely it holds some neighbour records.
1040                          */
1041                         if (attempts-- > 0) {
1042                                 int saved_elasticity = ip_rt_gc_elasticity;
1043                                 int saved_int = ip_rt_gc_min_interval;
1044                                 ip_rt_gc_elasticity     = 1;
1045                                 ip_rt_gc_min_interval   = 0;
1046                                 rt_garbage_collect(&ipv4_dst_ops);
1047                                 ip_rt_gc_min_interval   = saved_int;
1048                                 ip_rt_gc_elasticity     = saved_elasticity;
1049                                 goto restart;
1050                         }
1051
1052                         if (net_ratelimit())
1053                                 printk(KERN_WARNING "Neighbour table overflow.\n");
1054                         rt_drop(rt);
1055                         return -ENOBUFS;
1056                 }
1057         }
1058
1059         rt->u.dst.rt_next = rt_hash_table[hash].chain;
1060 #if RT_CACHE_DEBUG >= 2
1061         if (rt->u.dst.rt_next) {
1062                 struct rtable *trt;
1063                 printk(KERN_DEBUG "rt_cache @%02x: " NIPQUAD_FMT, hash,
1064                        NIPQUAD(rt->rt_dst));
1065                 for (trt = rt->u.dst.rt_next; trt; trt = trt->u.dst.rt_next)
1066                         printk(" . " NIPQUAD_FMT, NIPQUAD(trt->rt_dst));
1067                 printk("\n");
1068         }
1069 #endif
1070         rt_hash_table[hash].chain = rt;
1071         spin_unlock_bh(rt_hash_lock_addr(hash));
1072         *rp = rt;
1073         return 0;
1074 }
1075
1076 void rt_bind_peer(struct rtable *rt, int create)
1077 {
1078         static DEFINE_SPINLOCK(rt_peer_lock);
1079         struct inet_peer *peer;
1080
1081         peer = inet_getpeer(rt->rt_dst, create);
1082
1083         spin_lock_bh(&rt_peer_lock);
1084         if (rt->peer == NULL) {
1085                 rt->peer = peer;
1086                 peer = NULL;
1087         }
1088         spin_unlock_bh(&rt_peer_lock);
1089         if (peer)
1090                 inet_putpeer(peer);
1091 }
1092
1093 /*
1094  * Peer allocation may fail only in serious out-of-memory conditions.  However
1095  * we still can generate some output.
1096  * Random ID selection looks a bit dangerous because we have no chances to
1097  * select ID being unique in a reasonable period of time.
1098  * But broken packet identifier may be better than no packet at all.
1099  */
1100 static void ip_select_fb_ident(struct iphdr *iph)
1101 {
1102         static DEFINE_SPINLOCK(ip_fb_id_lock);
1103         static u32 ip_fallback_id;
1104         u32 salt;
1105
1106         spin_lock_bh(&ip_fb_id_lock);
1107         salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
1108         iph->id = htons(salt & 0xFFFF);
1109         ip_fallback_id = salt;
1110         spin_unlock_bh(&ip_fb_id_lock);
1111 }
1112
1113 void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1114 {
1115         struct rtable *rt = (struct rtable *) dst;
1116
1117         if (rt) {
1118                 if (rt->peer == NULL)
1119                         rt_bind_peer(rt, 1);
1120
1121                 /* If peer is attached to destination, it is never detached,
1122                    so that we need not to grab a lock to dereference it.
1123                  */
1124                 if (rt->peer) {
1125                         iph->id = htons(inet_getid(rt->peer, more));
1126                         return;
1127                 }
1128         } else
1129                 printk(KERN_DEBUG "rt_bind_peer(0) @%p\n",
1130                        __builtin_return_address(0));
1131
1132         ip_select_fb_ident(iph);
1133 }
1134
1135 static void rt_del(unsigned hash, struct rtable *rt)
1136 {
1137         struct rtable **rthp, *aux;
1138
1139         rthp = &rt_hash_table[hash].chain;
1140         spin_lock_bh(rt_hash_lock_addr(hash));
1141         ip_rt_put(rt);
1142         while ((aux = *rthp) != NULL) {
1143                 if (aux == rt || (aux->rt_genid != atomic_read(&rt_genid))) {
1144                         *rthp = aux->u.dst.rt_next;
1145                         rt_free(aux);
1146                         continue;
1147                 }
1148                 rthp = &aux->u.dst.rt_next;
1149         }
1150         spin_unlock_bh(rt_hash_lock_addr(hash));
1151 }
1152
1153 void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1154                     __be32 saddr, struct net_device *dev)
1155 {
1156         int i, k;
1157         struct in_device *in_dev = in_dev_get(dev);
1158         struct rtable *rth, **rthp;
1159         __be32  skeys[2] = { saddr, 0 };
1160         int  ikeys[2] = { dev->ifindex, 0 };
1161         struct netevent_redirect netevent;
1162         struct net *net;
1163
1164         if (!in_dev)
1165                 return;
1166
1167         net = dev_net(dev);
1168         if (new_gw == old_gw || !IN_DEV_RX_REDIRECTS(in_dev)
1169             || ipv4_is_multicast(new_gw) || ipv4_is_lbcast(new_gw)
1170             || ipv4_is_zeronet(new_gw))
1171                 goto reject_redirect;
1172
1173         if (!IN_DEV_SHARED_MEDIA(in_dev)) {
1174                 if (!inet_addr_onlink(in_dev, new_gw, old_gw))
1175                         goto reject_redirect;
1176                 if (IN_DEV_SEC_REDIRECTS(in_dev) && ip_fib_check_default(new_gw, dev))
1177                         goto reject_redirect;
1178         } else {
1179                 if (inet_addr_type(net, new_gw) != RTN_UNICAST)
1180                         goto reject_redirect;
1181         }
1182
1183         for (i = 0; i < 2; i++) {
1184                 for (k = 0; k < 2; k++) {
1185                         unsigned hash = rt_hash(daddr, skeys[i], ikeys[k]);
1186
1187                         rthp=&rt_hash_table[hash].chain;
1188
1189                         rcu_read_lock();
1190                         while ((rth = rcu_dereference(*rthp)) != NULL) {
1191                                 struct rtable *rt;
1192
1193                                 if (rth->fl.fl4_dst != daddr ||
1194                                     rth->fl.fl4_src != skeys[i] ||
1195                                     rth->fl.oif != ikeys[k] ||
1196                                     rth->fl.iif != 0 ||
1197                                     rth->rt_genid != atomic_read(&rt_genid) ||
1198                                     !net_eq(dev_net(rth->u.dst.dev), net)) {
1199                                         rthp = &rth->u.dst.rt_next;
1200                                         continue;
1201                                 }
1202
1203                                 if (rth->rt_dst != daddr ||
1204                                     rth->rt_src != saddr ||
1205                                     rth->u.dst.error ||
1206                                     rth->rt_gateway != old_gw ||
1207                                     rth->u.dst.dev != dev)
1208                                         break;
1209
1210                                 dst_hold(&rth->u.dst);
1211                                 rcu_read_unlock();
1212
1213                                 rt = dst_alloc(&ipv4_dst_ops);
1214                                 if (rt == NULL) {
1215                                         ip_rt_put(rth);
1216                                         in_dev_put(in_dev);
1217                                         return;
1218                                 }
1219
1220                                 /* Copy all the information. */
1221                                 *rt = *rth;
1222                                 INIT_RCU_HEAD(&rt->u.dst.rcu_head);
1223                                 rt->u.dst.__use         = 1;
1224                                 atomic_set(&rt->u.dst.__refcnt, 1);
1225                                 rt->u.dst.child         = NULL;
1226                                 if (rt->u.dst.dev)
1227                                         dev_hold(rt->u.dst.dev);
1228                                 if (rt->idev)
1229                                         in_dev_hold(rt->idev);
1230                                 rt->u.dst.obsolete      = 0;
1231                                 rt->u.dst.lastuse       = jiffies;
1232                                 rt->u.dst.path          = &rt->u.dst;
1233                                 rt->u.dst.neighbour     = NULL;
1234                                 rt->u.dst.hh            = NULL;
1235                                 rt->u.dst.xfrm          = NULL;
1236                                 rt->rt_genid            = atomic_read(&rt_genid);
1237                                 rt->rt_flags            |= RTCF_REDIRECTED;
1238
1239                                 /* Gateway is different ... */
1240                                 rt->rt_gateway          = new_gw;
1241
1242                                 /* Redirect received -> path was valid */
1243                                 dst_confirm(&rth->u.dst);
1244
1245                                 if (rt->peer)
1246                                         atomic_inc(&rt->peer->refcnt);
1247
1248                                 if (arp_bind_neighbour(&rt->u.dst) ||
1249                                     !(rt->u.dst.neighbour->nud_state &
1250                                             NUD_VALID)) {
1251                                         if (rt->u.dst.neighbour)
1252                                                 neigh_event_send(rt->u.dst.neighbour, NULL);
1253                                         ip_rt_put(rth);
1254                                         rt_drop(rt);
1255                                         goto do_next;
1256                                 }
1257
1258                                 netevent.old = &rth->u.dst;
1259                                 netevent.new = &rt->u.dst;
1260                                 call_netevent_notifiers(NETEVENT_REDIRECT,
1261                                                         &netevent);
1262
1263                                 rt_del(hash, rth);
1264                                 if (!rt_intern_hash(hash, rt, &rt))
1265                                         ip_rt_put(rt);
1266                                 goto do_next;
1267                         }
1268                         rcu_read_unlock();
1269                 do_next:
1270                         ;
1271                 }
1272         }
1273         in_dev_put(in_dev);
1274         return;
1275
1276 reject_redirect:
1277 #ifdef CONFIG_IP_ROUTE_VERBOSE
1278         if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
1279                 printk(KERN_INFO "Redirect from " NIPQUAD_FMT " on %s about "
1280                         NIPQUAD_FMT " ignored.\n"
1281                         "  Advised path = " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n",
1282                        NIPQUAD(old_gw), dev->name, NIPQUAD(new_gw),
1283                        NIPQUAD(saddr), NIPQUAD(daddr));
1284 #endif
1285         in_dev_put(in_dev);
1286 }
1287
1288 static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
1289 {
1290         struct rtable *rt = (struct rtable *)dst;
1291         struct dst_entry *ret = dst;
1292
1293         if (rt) {
1294                 if (dst->obsolete) {
1295                         ip_rt_put(rt);
1296                         ret = NULL;
1297                 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
1298                            rt->u.dst.expires) {
1299                         unsigned hash = rt_hash(rt->fl.fl4_dst, rt->fl.fl4_src,
1300                                                 rt->fl.oif);
1301 #if RT_CACHE_DEBUG >= 1
1302                         printk(KERN_DEBUG "ipv4_negative_advice: redirect to "
1303                                           NIPQUAD_FMT "/%02x dropped\n",
1304                                 NIPQUAD(rt->rt_dst), rt->fl.fl4_tos);
1305 #endif
1306                         rt_del(hash, rt);
1307                         ret = NULL;
1308                 }
1309         }
1310         return ret;
1311 }
1312
1313 /*
1314  * Algorithm:
1315  *      1. The first ip_rt_redirect_number redirects are sent
1316  *         with exponential backoff, then we stop sending them at all,
1317  *         assuming that the host ignores our redirects.
1318  *      2. If we did not see packets requiring redirects
1319  *         during ip_rt_redirect_silence, we assume that the host
1320  *         forgot redirected route and start to send redirects again.
1321  *
1322  * This algorithm is much cheaper and more intelligent than dumb load limiting
1323  * in icmp.c.
1324  *
1325  * NOTE. Do not forget to inhibit load limiting for redirects (redundant)
1326  * and "frag. need" (breaks PMTU discovery) in icmp.c.
1327  */
1328
1329 void ip_rt_send_redirect(struct sk_buff *skb)
1330 {
1331         struct rtable *rt = skb->rtable;
1332         struct in_device *in_dev = in_dev_get(rt->u.dst.dev);
1333
1334         if (!in_dev)
1335                 return;
1336
1337         if (!IN_DEV_TX_REDIRECTS(in_dev))
1338                 goto out;
1339
1340         /* No redirected packets during ip_rt_redirect_silence;
1341          * reset the algorithm.
1342          */
1343         if (time_after(jiffies, rt->u.dst.rate_last + ip_rt_redirect_silence))
1344                 rt->u.dst.rate_tokens = 0;
1345
1346         /* Too many ignored redirects; do not send anything
1347          * set u.dst.rate_last to the last seen redirected packet.
1348          */
1349         if (rt->u.dst.rate_tokens >= ip_rt_redirect_number) {
1350                 rt->u.dst.rate_last = jiffies;
1351                 goto out;
1352         }
1353
1354         /* Check for load limit; set rate_last to the latest sent
1355          * redirect.
1356          */
1357         if (rt->u.dst.rate_tokens == 0 ||
1358             time_after(jiffies,
1359                        (rt->u.dst.rate_last +
1360                         (ip_rt_redirect_load << rt->u.dst.rate_tokens)))) {
1361                 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1362                 rt->u.dst.rate_last = jiffies;
1363                 ++rt->u.dst.rate_tokens;
1364 #ifdef CONFIG_IP_ROUTE_VERBOSE
1365                 if (IN_DEV_LOG_MARTIANS(in_dev) &&
1366                     rt->u.dst.rate_tokens == ip_rt_redirect_number &&
1367                     net_ratelimit())
1368                         printk(KERN_WARNING "host " NIPQUAD_FMT "/if%d ignores "
1369                                 "redirects for " NIPQUAD_FMT " to " NIPQUAD_FMT ".\n",
1370                                 NIPQUAD(rt->rt_src), rt->rt_iif,
1371                                 NIPQUAD(rt->rt_dst), NIPQUAD(rt->rt_gateway));
1372 #endif
1373         }
1374 out:
1375         in_dev_put(in_dev);
1376 }
1377
1378 static int ip_error(struct sk_buff *skb)
1379 {
1380         struct rtable *rt = skb->rtable;
1381         unsigned long now;
1382         int code;
1383
1384         switch (rt->u.dst.error) {
1385                 case EINVAL:
1386                 default:
1387                         goto out;
1388                 case EHOSTUNREACH:
1389                         code = ICMP_HOST_UNREACH;
1390                         break;
1391                 case ENETUNREACH:
1392                         code = ICMP_NET_UNREACH;
1393                         IP_INC_STATS_BH(IPSTATS_MIB_INNOROUTES);
1394                         break;
1395                 case EACCES:
1396                         code = ICMP_PKT_FILTERED;
1397                         break;
1398         }
1399
1400         now = jiffies;
1401         rt->u.dst.rate_tokens += now - rt->u.dst.rate_last;
1402         if (rt->u.dst.rate_tokens > ip_rt_error_burst)
1403                 rt->u.dst.rate_tokens = ip_rt_error_burst;
1404         rt->u.dst.rate_last = now;
1405         if (rt->u.dst.rate_tokens >= ip_rt_error_cost) {
1406                 rt->u.dst.rate_tokens -= ip_rt_error_cost;
1407                 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
1408         }
1409
1410 out:    kfree_skb(skb);
1411         return 0;
1412 }
1413
1414 /*
1415  *      The last two values are not from the RFC but
1416  *      are needed for AMPRnet AX.25 paths.
1417  */
1418
1419 static const unsigned short mtu_plateau[] =
1420 {32000, 17914, 8166, 4352, 2002, 1492, 576, 296, 216, 128 };
1421
1422 static inline unsigned short guess_mtu(unsigned short old_mtu)
1423 {
1424         int i;
1425
1426         for (i = 0; i < ARRAY_SIZE(mtu_plateau); i++)
1427                 if (old_mtu > mtu_plateau[i])
1428                         return mtu_plateau[i];
1429         return 68;
1430 }
1431
1432 unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1433                                  unsigned short new_mtu,
1434                                  struct net_device *dev)
1435 {
1436         int i, k;
1437         unsigned short old_mtu = ntohs(iph->tot_len);
1438         struct rtable *rth;
1439         int  ikeys[2] = { dev->ifindex, 0 };
1440         __be32  skeys[2] = { iph->saddr, 0, };
1441         __be32  daddr = iph->daddr;
1442         unsigned short est_mtu = 0;
1443
1444         if (ipv4_config.no_pmtu_disc)
1445                 return 0;
1446
1447         for (k = 0; k < 2; k++) {
1448                 for (i = 0; i < 2; i++) {
1449                         unsigned hash = rt_hash(daddr, skeys[i], ikeys[k]);
1450
1451                         rcu_read_lock();
1452                         for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
1453                              rth = rcu_dereference(rth->u.dst.rt_next)) {
1454                                 unsigned short mtu = new_mtu;
1455
1456                                 if (rth->fl.fl4_dst != daddr ||
1457                                     rth->fl.fl4_src != skeys[i] ||
1458                                     rth->rt_dst != daddr ||
1459                                     rth->rt_src != iph->saddr ||
1460                                     rth->fl.oif != ikeys[k] ||
1461                                     rth->fl.iif != 0 ||
1462                                     dst_metric_locked(&rth->u.dst, RTAX_MTU) ||
1463                                     !net_eq(dev_net(rth->u.dst.dev), net) ||
1464                                     rth->rt_genid != atomic_read(&rt_genid))
1465                                         continue;
1466
1467                                 if (new_mtu < 68 || new_mtu >= old_mtu) {
1468
1469                                         /* BSD 4.2 compatibility hack :-( */
1470                                         if (mtu == 0 &&
1471                                             old_mtu >= rth->u.dst.metrics[RTAX_MTU-1] &&
1472                                             old_mtu >= 68 + (iph->ihl << 2))
1473                                                 old_mtu -= iph->ihl << 2;
1474
1475                                         mtu = guess_mtu(old_mtu);
1476                                 }
1477                                 if (mtu <= rth->u.dst.metrics[RTAX_MTU-1]) {
1478                                         if (mtu < rth->u.dst.metrics[RTAX_MTU-1]) {
1479                                                 dst_confirm(&rth->u.dst);
1480                                                 if (mtu < ip_rt_min_pmtu) {
1481                                                         mtu = ip_rt_min_pmtu;
1482                                                         rth->u.dst.metrics[RTAX_LOCK-1] |=
1483                                                                 (1 << RTAX_MTU);
1484                                                 }
1485                                                 rth->u.dst.metrics[RTAX_MTU-1] = mtu;
1486                                                 dst_set_expires(&rth->u.dst,
1487                                                         ip_rt_mtu_expires);
1488                                         }
1489                                         est_mtu = mtu;
1490                                 }
1491                         }
1492                         rcu_read_unlock();
1493                 }
1494         }
1495         return est_mtu ? : new_mtu;
1496 }
1497
1498 static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1499 {
1500         if (dst->metrics[RTAX_MTU-1] > mtu && mtu >= 68 &&
1501             !(dst_metric_locked(dst, RTAX_MTU))) {
1502                 if (mtu < ip_rt_min_pmtu) {
1503                         mtu = ip_rt_min_pmtu;
1504                         dst->metrics[RTAX_LOCK-1] |= (1 << RTAX_MTU);
1505                 }
1506                 dst->metrics[RTAX_MTU-1] = mtu;
1507                 dst_set_expires(dst, ip_rt_mtu_expires);
1508                 call_netevent_notifiers(NETEVENT_PMTU_UPDATE, dst);
1509         }
1510 }
1511
1512 static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1513 {
1514         return NULL;
1515 }
1516
1517 static void ipv4_dst_destroy(struct dst_entry *dst)
1518 {
1519         struct rtable *rt = (struct rtable *) dst;
1520         struct inet_peer *peer = rt->peer;
1521         struct in_device *idev = rt->idev;
1522
1523         if (peer) {
1524                 rt->peer = NULL;
1525                 inet_putpeer(peer);
1526         }
1527
1528         if (idev) {
1529                 rt->idev = NULL;
1530                 in_dev_put(idev);
1531         }
1532 }
1533
1534 static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
1535                             int how)
1536 {
1537         struct rtable *rt = (struct rtable *) dst;
1538         struct in_device *idev = rt->idev;
1539         if (dev != dev_net(dev)->loopback_dev && idev && idev->dev == dev) {
1540                 struct in_device *loopback_idev =
1541                         in_dev_get(dev_net(dev)->loopback_dev);
1542                 if (loopback_idev) {
1543                         rt->idev = loopback_idev;
1544                         in_dev_put(idev);
1545                 }
1546         }
1547 }
1548
1549 static void ipv4_link_failure(struct sk_buff *skb)
1550 {
1551         struct rtable *rt;
1552
1553         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1554
1555         rt = skb->rtable;
1556         if (rt)
1557                 dst_set_expires(&rt->u.dst, 0);
1558 }
1559
1560 static int ip_rt_bug(struct sk_buff *skb)
1561 {
1562         printk(KERN_DEBUG "ip_rt_bug: " NIPQUAD_FMT " -> " NIPQUAD_FMT ", %s\n",
1563                 NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr),
1564                 skb->dev ? skb->dev->name : "?");
1565         kfree_skb(skb);
1566         return 0;
1567 }
1568
1569 /*
1570    We do not cache source address of outgoing interface,
1571    because it is used only by IP RR, TS and SRR options,
1572    so that it out of fast path.
1573
1574    BTW remember: "addr" is allowed to be not aligned
1575    in IP options!
1576  */
1577
1578 void ip_rt_get_source(u8 *addr, struct rtable *rt)
1579 {
1580         __be32 src;
1581         struct fib_result res;
1582
1583         if (rt->fl.iif == 0)
1584                 src = rt->rt_src;
1585         else if (fib_lookup(dev_net(rt->u.dst.dev), &rt->fl, &res) == 0) {
1586                 src = FIB_RES_PREFSRC(res);
1587                 fib_res_put(&res);
1588         } else
1589                 src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
1590                                         RT_SCOPE_UNIVERSE);
1591         memcpy(addr, &src, 4);
1592 }
1593
1594 #ifdef CONFIG_NET_CLS_ROUTE
1595 static void set_class_tag(struct rtable *rt, u32 tag)
1596 {
1597         if (!(rt->u.dst.tclassid & 0xFFFF))
1598                 rt->u.dst.tclassid |= tag & 0xFFFF;
1599         if (!(rt->u.dst.tclassid & 0xFFFF0000))
1600                 rt->u.dst.tclassid |= tag & 0xFFFF0000;
1601 }
1602 #endif
1603
1604 static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
1605 {
1606         struct fib_info *fi = res->fi;
1607
1608         if (fi) {
1609                 if (FIB_RES_GW(*res) &&
1610                     FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
1611                         rt->rt_gateway = FIB_RES_GW(*res);
1612                 memcpy(rt->u.dst.metrics, fi->fib_metrics,
1613                        sizeof(rt->u.dst.metrics));
1614                 if (fi->fib_mtu == 0) {
1615                         rt->u.dst.metrics[RTAX_MTU-1] = rt->u.dst.dev->mtu;
1616                         if (rt->u.dst.metrics[RTAX_LOCK-1] & (1 << RTAX_MTU) &&
1617                             rt->rt_gateway != rt->rt_dst &&
1618                             rt->u.dst.dev->mtu > 576)
1619                                 rt->u.dst.metrics[RTAX_MTU-1] = 576;
1620                 }
1621 #ifdef CONFIG_NET_CLS_ROUTE
1622                 rt->u.dst.tclassid = FIB_RES_NH(*res).nh_tclassid;
1623 #endif
1624         } else
1625                 rt->u.dst.metrics[RTAX_MTU-1]= rt->u.dst.dev->mtu;
1626
1627         if (rt->u.dst.metrics[RTAX_HOPLIMIT-1] == 0)
1628                 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = sysctl_ip_default_ttl;
1629         if (rt->u.dst.metrics[RTAX_MTU-1] > IP_MAX_MTU)
1630                 rt->u.dst.metrics[RTAX_MTU-1] = IP_MAX_MTU;
1631         if (rt->u.dst.metrics[RTAX_ADVMSS-1] == 0)
1632                 rt->u.dst.metrics[RTAX_ADVMSS-1] = max_t(unsigned int, rt->u.dst.dev->mtu - 40,
1633                                        ip_rt_min_advmss);
1634         if (rt->u.dst.metrics[RTAX_ADVMSS-1] > 65535 - 40)
1635                 rt->u.dst.metrics[RTAX_ADVMSS-1] = 65535 - 40;
1636
1637 #ifdef CONFIG_NET_CLS_ROUTE
1638 #ifdef CONFIG_IP_MULTIPLE_TABLES
1639         set_class_tag(rt, fib_rules_tclass(res));
1640 #endif
1641         set_class_tag(rt, itag);
1642 #endif
1643         rt->rt_type = res->type;
1644 }
1645
1646 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1647                                 u8 tos, struct net_device *dev, int our)
1648 {
1649         unsigned hash;
1650         struct rtable *rth;
1651         __be32 spec_dst;
1652         struct in_device *in_dev = in_dev_get(dev);
1653         u32 itag = 0;
1654
1655         /* Primary sanity checks. */
1656
1657         if (in_dev == NULL)
1658                 return -EINVAL;
1659
1660         if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1661             ipv4_is_loopback(saddr) || skb->protocol != htons(ETH_P_IP))
1662                 goto e_inval;
1663
1664         if (ipv4_is_zeronet(saddr)) {
1665                 if (!ipv4_is_local_multicast(daddr))
1666                         goto e_inval;
1667                 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
1668         } else if (fib_validate_source(saddr, 0, tos, 0,
1669                                         dev, &spec_dst, &itag) < 0)
1670                 goto e_inval;
1671
1672         rth = dst_alloc(&ipv4_dst_ops);
1673         if (!rth)
1674                 goto e_nobufs;
1675
1676         rth->u.dst.output= ip_rt_bug;
1677
1678         atomic_set(&rth->u.dst.__refcnt, 1);
1679         rth->u.dst.flags= DST_HOST;
1680         if (IN_DEV_CONF_GET(in_dev, NOPOLICY))
1681                 rth->u.dst.flags |= DST_NOPOLICY;
1682         rth->fl.fl4_dst = daddr;
1683         rth->rt_dst     = daddr;
1684         rth->fl.fl4_tos = tos;
1685         rth->fl.mark    = skb->mark;
1686         rth->fl.fl4_src = saddr;
1687         rth->rt_src     = saddr;
1688 #ifdef CONFIG_NET_CLS_ROUTE
1689         rth->u.dst.tclassid = itag;
1690 #endif
1691         rth->rt_iif     =
1692         rth->fl.iif     = dev->ifindex;
1693         rth->u.dst.dev  = init_net.loopback_dev;
1694         dev_hold(rth->u.dst.dev);
1695         rth->idev       = in_dev_get(rth->u.dst.dev);
1696         rth->fl.oif     = 0;
1697         rth->rt_gateway = daddr;
1698         rth->rt_spec_dst= spec_dst;
1699         rth->rt_genid   = atomic_read(&rt_genid);
1700         rth->rt_flags   = RTCF_MULTICAST;
1701         rth->rt_type    = RTN_MULTICAST;
1702         if (our) {
1703                 rth->u.dst.input= ip_local_deliver;
1704                 rth->rt_flags |= RTCF_LOCAL;
1705         }
1706
1707 #ifdef CONFIG_IP_MROUTE
1708         if (!ipv4_is_local_multicast(daddr) && IN_DEV_MFORWARD(in_dev))
1709                 rth->u.dst.input = ip_mr_input;
1710 #endif
1711         RT_CACHE_STAT_INC(in_slow_mc);
1712
1713         in_dev_put(in_dev);
1714         hash = rt_hash(daddr, saddr, dev->ifindex);
1715         return rt_intern_hash(hash, rth, &skb->rtable);
1716
1717 e_nobufs:
1718         in_dev_put(in_dev);
1719         return -ENOBUFS;
1720
1721 e_inval:
1722         in_dev_put(in_dev);
1723         return -EINVAL;
1724 }
1725
1726
1727 static void ip_handle_martian_source(struct net_device *dev,
1728                                      struct in_device *in_dev,
1729                                      struct sk_buff *skb,
1730                                      __be32 daddr,
1731                                      __be32 saddr)
1732 {
1733         RT_CACHE_STAT_INC(in_martian_src);
1734 #ifdef CONFIG_IP_ROUTE_VERBOSE
1735         if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) {
1736                 /*
1737                  *      RFC1812 recommendation, if source is martian,
1738                  *      the only hint is MAC header.
1739                  */
1740                 printk(KERN_WARNING "martian source " NIPQUAD_FMT " from "
1741                         NIPQUAD_FMT", on dev %s\n",
1742                         NIPQUAD(daddr), NIPQUAD(saddr), dev->name);
1743                 if (dev->hard_header_len && skb_mac_header_was_set(skb)) {
1744                         int i;
1745                         const unsigned char *p = skb_mac_header(skb);
1746                         printk(KERN_WARNING "ll header: ");
1747                         for (i = 0; i < dev->hard_header_len; i++, p++) {
1748                                 printk("%02x", *p);
1749                                 if (i < (dev->hard_header_len - 1))
1750                                         printk(":");
1751                         }
1752                         printk("\n");
1753                 }
1754         }
1755 #endif
1756 }
1757
1758 static int __mkroute_input(struct sk_buff *skb,
1759                            struct fib_result *res,
1760                            struct in_device *in_dev,
1761                            __be32 daddr, __be32 saddr, u32 tos,
1762                            struct rtable **result)
1763 {
1764
1765         struct rtable *rth;
1766         int err;
1767         struct in_device *out_dev;
1768         unsigned flags = 0;
1769         __be32 spec_dst;
1770         u32 itag;
1771
1772         /* get a working reference to the output device */
1773         out_dev = in_dev_get(FIB_RES_DEV(*res));
1774         if (out_dev == NULL) {
1775                 if (net_ratelimit())
1776                         printk(KERN_CRIT "Bug in ip_route_input" \
1777                                "_slow(). Please, report\n");
1778                 return -EINVAL;
1779         }
1780
1781
1782         err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res),
1783                                   in_dev->dev, &spec_dst, &itag);
1784         if (err < 0) {
1785                 ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
1786                                          saddr);
1787
1788                 err = -EINVAL;
1789                 goto cleanup;
1790         }
1791
1792         if (err)
1793                 flags |= RTCF_DIRECTSRC;
1794
1795         if (out_dev == in_dev && err && !(flags & RTCF_MASQ) &&
1796             (IN_DEV_SHARED_MEDIA(out_dev) ||
1797              inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1798                 flags |= RTCF_DOREDIRECT;
1799
1800         if (skb->protocol != htons(ETH_P_IP)) {
1801                 /* Not IP (i.e. ARP). Do not create route, if it is
1802                  * invalid for proxy arp. DNAT routes are always valid.
1803                  */
1804                 if (out_dev == in_dev) {
1805                         err = -EINVAL;
1806                         goto cleanup;
1807                 }
1808         }
1809
1810
1811         rth = dst_alloc(&ipv4_dst_ops);
1812         if (!rth) {
1813                 err = -ENOBUFS;
1814                 goto cleanup;
1815         }
1816
1817         atomic_set(&rth->u.dst.__refcnt, 1);
1818         rth->u.dst.flags= DST_HOST;
1819         if (IN_DEV_CONF_GET(in_dev, NOPOLICY))
1820                 rth->u.dst.flags |= DST_NOPOLICY;
1821         if (IN_DEV_CONF_GET(out_dev, NOXFRM))
1822                 rth->u.dst.flags |= DST_NOXFRM;
1823         rth->fl.fl4_dst = daddr;
1824         rth->rt_dst     = daddr;
1825         rth->fl.fl4_tos = tos;
1826         rth->fl.mark    = skb->mark;
1827         rth->fl.fl4_src = saddr;
1828         rth->rt_src     = saddr;
1829         rth->rt_gateway = daddr;
1830         rth->rt_iif     =
1831                 rth->fl.iif     = in_dev->dev->ifindex;
1832         rth->u.dst.dev  = (out_dev)->dev;
1833         dev_hold(rth->u.dst.dev);
1834         rth->idev       = in_dev_get(rth->u.dst.dev);
1835         rth->fl.oif     = 0;
1836         rth->rt_spec_dst= spec_dst;
1837
1838         rth->u.dst.input = ip_forward;
1839         rth->u.dst.output = ip_output;
1840         rth->rt_genid = atomic_read(&rt_genid);
1841
1842         rt_set_nexthop(rth, res, itag);
1843
1844         rth->rt_flags = flags;
1845
1846         *result = rth;
1847         err = 0;
1848  cleanup:
1849         /* release the working reference to the output device */
1850         in_dev_put(out_dev);
1851         return err;
1852 }
1853
1854 static int ip_mkroute_input(struct sk_buff *skb,
1855                             struct fib_result *res,
1856                             const struct flowi *fl,
1857                             struct in_device *in_dev,
1858                             __be32 daddr, __be32 saddr, u32 tos)
1859 {
1860         struct rtable* rth = NULL;
1861         int err;
1862         unsigned hash;
1863
1864 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1865         if (res->fi && res->fi->fib_nhs > 1 && fl->oif == 0)
1866                 fib_select_multipath(fl, res);
1867 #endif
1868
1869         /* create a routing cache entry */
1870         err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
1871         if (err)
1872                 return err;
1873
1874         /* put it into the cache */
1875         hash = rt_hash(daddr, saddr, fl->iif);
1876         return rt_intern_hash(hash, rth, &skb->rtable);
1877 }
1878
1879 /*
1880  *      NOTE. We drop all the packets that has local source
1881  *      addresses, because every properly looped back packet
1882  *      must have correct destination already attached by output routine.
1883  *
1884  *      Such approach solves two big problems:
1885  *      1. Not simplex devices are handled properly.
1886  *      2. IP spoofing attempts are filtered with 100% of guarantee.
1887  */
1888
1889 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1890                                u8 tos, struct net_device *dev)
1891 {
1892         struct fib_result res;
1893         struct in_device *in_dev = in_dev_get(dev);
1894         struct flowi fl = { .nl_u = { .ip4_u =
1895                                       { .daddr = daddr,
1896                                         .saddr = saddr,
1897                                         .tos = tos,
1898                                         .scope = RT_SCOPE_UNIVERSE,
1899                                       } },
1900                             .mark = skb->mark,
1901                             .iif = dev->ifindex };
1902         unsigned        flags = 0;
1903         u32             itag = 0;
1904         struct rtable * rth;
1905         unsigned        hash;
1906         __be32          spec_dst;
1907         int             err = -EINVAL;
1908         int             free_res = 0;
1909         struct net    * net = dev_net(dev);
1910
1911         /* IP on this device is disabled. */
1912
1913         if (!in_dev)
1914                 goto out;
1915
1916         /* Check for the most weird martians, which can be not detected
1917            by fib_lookup.
1918          */
1919
1920         if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) ||
1921             ipv4_is_loopback(saddr))
1922                 goto martian_source;
1923
1924         if (daddr == htonl(0xFFFFFFFF) || (saddr == 0 && daddr == 0))
1925                 goto brd_input;
1926
1927         /* Accept zero addresses only to limited broadcast;
1928          * I even do not know to fix it or not. Waiting for complains :-)
1929          */
1930         if (ipv4_is_zeronet(saddr))
1931                 goto martian_source;
1932
1933         if (ipv4_is_lbcast(daddr) || ipv4_is_zeronet(daddr) ||
1934             ipv4_is_loopback(daddr))
1935                 goto martian_destination;
1936
1937         /*
1938          *      Now we are ready to route packet.
1939          */
1940         if ((err = fib_lookup(net, &fl, &res)) != 0) {
1941                 if (!IN_DEV_FORWARD(in_dev))
1942                         goto e_hostunreach;
1943                 goto no_route;
1944         }
1945         free_res = 1;
1946
1947         RT_CACHE_STAT_INC(in_slow_tot);
1948
1949         if (res.type == RTN_BROADCAST)
1950                 goto brd_input;
1951
1952         if (res.type == RTN_LOCAL) {
1953                 int result;
1954                 result = fib_validate_source(saddr, daddr, tos,
1955                                              net->loopback_dev->ifindex,
1956                                              dev, &spec_dst, &itag);
1957                 if (result < 0)
1958                         goto martian_source;
1959                 if (result)
1960                         flags |= RTCF_DIRECTSRC;
1961                 spec_dst = daddr;
1962                 goto local_input;
1963         }
1964
1965         if (!IN_DEV_FORWARD(in_dev))
1966                 goto e_hostunreach;
1967         if (res.type != RTN_UNICAST)
1968                 goto martian_destination;
1969
1970         err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos);
1971 done:
1972         in_dev_put(in_dev);
1973         if (free_res)
1974                 fib_res_put(&res);
1975 out:    return err;
1976
1977 brd_input:
1978         if (skb->protocol != htons(ETH_P_IP))
1979                 goto e_inval;
1980
1981         if (ipv4_is_zeronet(saddr))
1982                 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
1983         else {
1984                 err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst,
1985                                           &itag);
1986                 if (err < 0)
1987                         goto martian_source;
1988                 if (err)
1989                         flags |= RTCF_DIRECTSRC;
1990         }
1991         flags |= RTCF_BROADCAST;
1992         res.type = RTN_BROADCAST;
1993         RT_CACHE_STAT_INC(in_brd);
1994
1995 local_input:
1996         rth = dst_alloc(&ipv4_dst_ops);
1997         if (!rth)
1998                 goto e_nobufs;
1999
2000         rth->u.dst.output= ip_rt_bug;
2001         rth->rt_genid = atomic_read(&rt_genid);
2002
2003         atomic_set(&rth->u.dst.__refcnt, 1);
2004         rth->u.dst.flags= DST_HOST;
2005         if (IN_DEV_CONF_GET(in_dev, NOPOLICY))
2006                 rth->u.dst.flags |= DST_NOPOLICY;
2007         rth->fl.fl4_dst = daddr;
2008         rth->rt_dst     = daddr;
2009         rth->fl.fl4_tos = tos;
2010         rth->fl.mark    = skb->mark;
2011         rth->fl.fl4_src = saddr;
2012         rth->rt_src     = saddr;
2013 #ifdef CONFIG_NET_CLS_ROUTE
2014         rth->u.dst.tclassid = itag;
2015 #endif
2016         rth->rt_iif     =
2017         rth->fl.iif     = dev->ifindex;
2018         rth->u.dst.dev  = net->loopback_dev;
2019         dev_hold(rth->u.dst.dev);
2020         rth->idev       = in_dev_get(rth->u.dst.dev);
2021         rth->rt_gateway = daddr;
2022         rth->rt_spec_dst= spec_dst;
2023         rth->u.dst.input= ip_local_deliver;
2024         rth->rt_flags   = flags|RTCF_LOCAL;
2025         if (res.type == RTN_UNREACHABLE) {
2026                 rth->u.dst.input= ip_error;
2027                 rth->u.dst.error= -err;
2028                 rth->rt_flags   &= ~RTCF_LOCAL;
2029         }
2030         rth->rt_type    = res.type;
2031         hash = rt_hash(daddr, saddr, fl.iif);
2032         err = rt_intern_hash(hash, rth, &skb->rtable);
2033         goto done;
2034
2035 no_route:
2036         RT_CACHE_STAT_INC(in_no_route);
2037         spec_dst = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
2038         res.type = RTN_UNREACHABLE;
2039         if (err == -ESRCH)
2040                 err = -ENETUNREACH;
2041         goto local_input;
2042
2043         /*
2044          *      Do not cache martian addresses: they should be logged (RFC1812)
2045          */
2046 martian_destination:
2047         RT_CACHE_STAT_INC(in_martian_dst);
2048 #ifdef CONFIG_IP_ROUTE_VERBOSE
2049         if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
2050                 printk(KERN_WARNING "martian destination " NIPQUAD_FMT " from "
2051                         NIPQUAD_FMT ", dev %s\n",
2052                         NIPQUAD(daddr), NIPQUAD(saddr), dev->name);
2053 #endif
2054
2055 e_hostunreach:
2056         err = -EHOSTUNREACH;
2057         goto done;
2058
2059 e_inval:
2060         err = -EINVAL;
2061         goto done;
2062
2063 e_nobufs:
2064         err = -ENOBUFS;
2065         goto done;
2066
2067 martian_source:
2068         ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
2069         goto e_inval;
2070 }
2071
2072 int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2073                    u8 tos, struct net_device *dev)
2074 {
2075         struct rtable * rth;
2076         unsigned        hash;
2077         int iif = dev->ifindex;
2078         struct net *net;
2079
2080         net = dev_net(dev);
2081         tos &= IPTOS_RT_MASK;
2082         hash = rt_hash(daddr, saddr, iif);
2083
2084         rcu_read_lock();
2085         for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
2086              rth = rcu_dereference(rth->u.dst.rt_next)) {
2087                 if (((rth->fl.fl4_dst ^ daddr) |
2088                      (rth->fl.fl4_src ^ saddr) |
2089                      (rth->fl.iif ^ iif) |
2090                      rth->fl.oif |
2091                      (rth->fl.fl4_tos ^ tos)) == 0 &&
2092                     rth->fl.mark == skb->mark &&
2093                     net_eq(dev_net(rth->u.dst.dev), net) &&
2094                     rth->rt_genid == atomic_read(&rt_genid)) {
2095                         dst_use(&rth->u.dst, jiffies);
2096                         RT_CACHE_STAT_INC(in_hit);
2097                         rcu_read_unlock();
2098                         skb->rtable = rth;
2099                         return 0;
2100                 }
2101                 RT_CACHE_STAT_INC(in_hlist_search);
2102         }
2103         rcu_read_unlock();
2104
2105         /* Multicast recognition logic is moved from route cache to here.
2106            The problem was that too many Ethernet cards have broken/missing
2107            hardware multicast filters :-( As result the host on multicasting
2108            network acquires a lot of useless route cache entries, sort of
2109            SDR messages from all the world. Now we try to get rid of them.
2110            Really, provided software IP multicast filter is organized
2111            reasonably (at least, hashed), it does not result in a slowdown
2112            comparing with route cache reject entries.
2113            Note, that multicast routers are not affected, because
2114            route cache entry is created eventually.
2115          */
2116         if (ipv4_is_multicast(daddr)) {
2117                 struct in_device *in_dev;
2118
2119                 rcu_read_lock();
2120                 if ((in_dev = __in_dev_get_rcu(dev)) != NULL) {
2121                         int our = ip_check_mc(in_dev, daddr, saddr,
2122                                 ip_hdr(skb)->protocol);
2123                         if (our
2124 #ifdef CONFIG_IP_MROUTE
2125                             || (!ipv4_is_local_multicast(daddr) &&
2126                                 IN_DEV_MFORWARD(in_dev))
2127 #endif
2128                             ) {
2129                                 rcu_read_unlock();
2130                                 return ip_route_input_mc(skb, daddr, saddr,
2131                                                          tos, dev, our);
2132                         }
2133                 }
2134                 rcu_read_unlock();
2135                 return -EINVAL;
2136         }
2137         return ip_route_input_slow(skb, daddr, saddr, tos, dev);
2138 }
2139
2140 static int __mkroute_output(struct rtable **result,
2141                             struct fib_result *res,
2142                             const struct flowi *fl,
2143                             const struct flowi *oldflp,
2144                             struct net_device *dev_out,
2145                             unsigned flags)
2146 {
2147         struct rtable *rth;
2148         struct in_device *in_dev;
2149         u32 tos = RT_FL_TOS(oldflp);
2150         int err = 0;
2151
2152         if (ipv4_is_loopback(fl->fl4_src) && !(dev_out->flags&IFF_LOOPBACK))
2153                 return -EINVAL;
2154
2155         if (fl->fl4_dst == htonl(0xFFFFFFFF))
2156                 res->type = RTN_BROADCAST;
2157         else if (ipv4_is_multicast(fl->fl4_dst))
2158                 res->type = RTN_MULTICAST;
2159         else if (ipv4_is_lbcast(fl->fl4_dst) || ipv4_is_zeronet(fl->fl4_dst))
2160                 return -EINVAL;
2161
2162         if (dev_out->flags & IFF_LOOPBACK)
2163                 flags |= RTCF_LOCAL;
2164
2165         /* get work reference to inet device */
2166         in_dev = in_dev_get(dev_out);
2167         if (!in_dev)
2168                 return -EINVAL;
2169
2170         if (res->type == RTN_BROADCAST) {
2171                 flags |= RTCF_BROADCAST | RTCF_LOCAL;
2172                 if (res->fi) {
2173                         fib_info_put(res->fi);
2174                         res->fi = NULL;
2175                 }
2176         } else if (res->type == RTN_MULTICAST) {
2177                 flags |= RTCF_MULTICAST|RTCF_LOCAL;
2178                 if (!ip_check_mc(in_dev, oldflp->fl4_dst, oldflp->fl4_src,
2179                                  oldflp->proto))
2180                         flags &= ~RTCF_LOCAL;
2181                 /* If multicast route do not exist use
2182                    default one, but do not gateway in this case.
2183                    Yes, it is hack.
2184                  */
2185                 if (res->fi && res->prefixlen < 4) {
2186                         fib_info_put(res->fi);
2187                         res->fi = NULL;
2188                 }
2189         }
2190
2191
2192         rth = dst_alloc(&ipv4_dst_ops);
2193         if (!rth) {
2194                 err = -ENOBUFS;
2195                 goto cleanup;
2196         }
2197
2198         atomic_set(&rth->u.dst.__refcnt, 1);
2199         rth->u.dst.flags= DST_HOST;
2200         if (IN_DEV_CONF_GET(in_dev, NOXFRM))
2201                 rth->u.dst.flags |= DST_NOXFRM;
2202         if (IN_DEV_CONF_GET(in_dev, NOPOLICY))
2203                 rth->u.dst.flags |= DST_NOPOLICY;
2204
2205         rth->fl.fl4_dst = oldflp->fl4_dst;
2206         rth->fl.fl4_tos = tos;
2207         rth->fl.fl4_src = oldflp->fl4_src;
2208         rth->fl.oif     = oldflp->oif;
2209         rth->fl.mark    = oldflp->mark;
2210         rth->rt_dst     = fl->fl4_dst;
2211         rth->rt_src     = fl->fl4_src;
2212         rth->rt_iif     = oldflp->oif ? : dev_out->ifindex;
2213         /* get references to the devices that are to be hold by the routing
2214            cache entry */
2215         rth->u.dst.dev  = dev_out;
2216         dev_hold(dev_out);
2217         rth->idev       = in_dev_get(dev_out);
2218         rth->rt_gateway = fl->fl4_dst;
2219         rth->rt_spec_dst= fl->fl4_src;
2220
2221         rth->u.dst.output=ip_output;
2222         rth->rt_genid = atomic_read(&rt_genid);
2223
2224         RT_CACHE_STAT_INC(out_slow_tot);
2225
2226         if (flags & RTCF_LOCAL) {
2227                 rth->u.dst.input = ip_local_deliver;
2228                 rth->rt_spec_dst = fl->fl4_dst;
2229         }
2230         if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
2231                 rth->rt_spec_dst = fl->fl4_src;
2232                 if (flags & RTCF_LOCAL &&
2233                     !(dev_out->flags & IFF_LOOPBACK)) {
2234                         rth->u.dst.output = ip_mc_output;
2235                         RT_CACHE_STAT_INC(out_slow_mc);
2236                 }
2237 #ifdef CONFIG_IP_MROUTE
2238                 if (res->type == RTN_MULTICAST) {
2239                         if (IN_DEV_MFORWARD(in_dev) &&
2240                             !ipv4_is_local_multicast(oldflp->fl4_dst)) {
2241                                 rth->u.dst.input = ip_mr_input;
2242                                 rth->u.dst.output = ip_mc_output;
2243                         }
2244                 }
2245 #endif
2246         }
2247
2248         rt_set_nexthop(rth, res, 0);
2249
2250         rth->rt_flags = flags;
2251
2252         *result = rth;
2253  cleanup:
2254         /* release work reference to inet device */
2255         in_dev_put(in_dev);
2256
2257         return err;
2258 }
2259
2260 static int ip_mkroute_output(struct rtable **rp,
2261                              struct fib_result *res,
2262                              const struct flowi *fl,
2263                              const struct flowi *oldflp,
2264                              struct net_device *dev_out,
2265                              unsigned flags)
2266 {
2267         struct rtable *rth = NULL;
2268         int err = __mkroute_output(&rth, res, fl, oldflp, dev_out, flags);
2269         unsigned hash;
2270         if (err == 0) {
2271                 hash = rt_hash(oldflp->fl4_dst, oldflp->fl4_src, oldflp->oif);
2272                 err = rt_intern_hash(hash, rth, rp);
2273         }
2274
2275         return err;
2276 }
2277
2278 /*
2279  * Major route resolver routine.
2280  */
2281
2282 static int ip_route_output_slow(struct net *net, struct rtable **rp,
2283                                 const struct flowi *oldflp)
2284 {
2285         u32 tos = RT_FL_TOS(oldflp);
2286         struct flowi fl = { .nl_u = { .ip4_u =
2287                                       { .daddr = oldflp->fl4_dst,
2288                                         .saddr = oldflp->fl4_src,
2289                                         .tos = tos & IPTOS_RT_MASK,
2290                                         .scope = ((tos & RTO_ONLINK) ?
2291                                                   RT_SCOPE_LINK :
2292                                                   RT_SCOPE_UNIVERSE),
2293                                       } },
2294                             .mark = oldflp->mark,
2295                             .iif = net->loopback_dev->ifindex,
2296                             .oif = oldflp->oif };
2297         struct fib_result res;
2298         unsigned flags = 0;
2299         struct net_device *dev_out = NULL;
2300         int free_res = 0;
2301         int err;
2302
2303
2304         res.fi          = NULL;
2305 #ifdef CONFIG_IP_MULTIPLE_TABLES
2306         res.r           = NULL;
2307 #endif
2308
2309         if (oldflp->fl4_src) {
2310                 err = -EINVAL;
2311                 if (ipv4_is_multicast(oldflp->fl4_src) ||
2312                     ipv4_is_lbcast(oldflp->fl4_src) ||
2313                     ipv4_is_zeronet(oldflp->fl4_src))
2314                         goto out;
2315
2316                 /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
2317                 dev_out = ip_dev_find(net, oldflp->fl4_src);
2318                 if (dev_out == NULL)
2319                         goto out;
2320
2321                 /* I removed check for oif == dev_out->oif here.
2322                    It was wrong for two reasons:
2323                    1. ip_dev_find(net, saddr) can return wrong iface, if saddr
2324                       is assigned to multiple interfaces.
2325                    2. Moreover, we are allowed to send packets with saddr
2326                       of another iface. --ANK
2327                  */
2328
2329                 if (oldflp->oif == 0
2330                     && (ipv4_is_multicast(oldflp->fl4_dst) ||
2331                         oldflp->fl4_dst == htonl(0xFFFFFFFF))) {
2332                         /* Special hack: user can direct multicasts
2333                            and limited broadcast via necessary interface
2334                            without fiddling with IP_MULTICAST_IF or IP_PKTINFO.
2335                            This hack is not just for fun, it allows
2336                            vic,vat and friends to work.
2337                            They bind socket to loopback, set ttl to zero
2338                            and expect that it will work.
2339                            From the viewpoint of routing cache they are broken,
2340                            because we are not allowed to build multicast path
2341                            with loopback source addr (look, routing cache
2342                            cannot know, that ttl is zero, so that packet
2343                            will not leave this host and route is valid).
2344                            Luckily, this hack is good workaround.
2345                          */
2346
2347                         fl.oif = dev_out->ifindex;
2348                         goto make_route;
2349                 }
2350                 if (dev_out)
2351                         dev_put(dev_out);
2352                 dev_out = NULL;
2353         }
2354
2355
2356         if (oldflp->oif) {
2357                 dev_out = dev_get_by_index(net, oldflp->oif);
2358                 err = -ENODEV;
2359                 if (dev_out == NULL)
2360                         goto out;
2361
2362                 /* RACE: Check return value of inet_select_addr instead. */
2363                 if (__in_dev_get_rtnl(dev_out) == NULL) {
2364                         dev_put(dev_out);
2365                         goto out;       /* Wrong error code */
2366                 }
2367
2368                 if (ipv4_is_local_multicast(oldflp->fl4_dst) ||
2369                     oldflp->fl4_dst == htonl(0xFFFFFFFF)) {
2370                         if (!fl.fl4_src)
2371                                 fl.fl4_src = inet_select_addr(dev_out, 0,
2372                                                               RT_SCOPE_LINK);
2373                         goto make_route;
2374                 }
2375                 if (!fl.fl4_src) {
2376                         if (ipv4_is_multicast(oldflp->fl4_dst))
2377                                 fl.fl4_src = inet_select_addr(dev_out, 0,
2378                                                               fl.fl4_scope);
2379                         else if (!oldflp->fl4_dst)
2380                                 fl.fl4_src = inet_select_addr(dev_out, 0,
2381                                                               RT_SCOPE_HOST);
2382                 }
2383         }
2384
2385         if (!fl.fl4_dst) {
2386                 fl.fl4_dst = fl.fl4_src;
2387                 if (!fl.fl4_dst)
2388                         fl.fl4_dst = fl.fl4_src = htonl(INADDR_LOOPBACK);
2389                 if (dev_out)
2390                         dev_put(dev_out);
2391                 dev_out = net->loopback_dev;
2392                 dev_hold(dev_out);
2393                 fl.oif = net->loopback_dev->ifindex;
2394                 res.type = RTN_LOCAL;
2395                 flags |= RTCF_LOCAL;
2396                 goto make_route;
2397         }
2398
2399         if (fib_lookup(net, &fl, &res)) {
2400                 res.fi = NULL;
2401                 if (oldflp->oif) {
2402                         /* Apparently, routing tables are wrong. Assume,
2403                            that the destination is on link.
2404
2405                            WHY? DW.
2406                            Because we are allowed to send to iface
2407                            even if it has NO routes and NO assigned
2408                            addresses. When oif is specified, routing
2409                            tables are looked up with only one purpose:
2410                            to catch if destination is gatewayed, rather than
2411                            direct. Moreover, if MSG_DONTROUTE is set,
2412                            we send packet, ignoring both routing tables
2413                            and ifaddr state. --ANK
2414
2415
2416                            We could make it even if oif is unknown,
2417                            likely IPv6, but we do not.
2418                          */
2419
2420                         if (fl.fl4_src == 0)
2421                                 fl.fl4_src = inet_select_addr(dev_out, 0,
2422                                                               RT_SCOPE_LINK);
2423                         res.type = RTN_UNICAST;
2424                         goto make_route;
2425                 }
2426                 if (dev_out)
2427                         dev_put(dev_out);
2428                 err = -ENETUNREACH;
2429                 goto out;
2430         }
2431         free_res = 1;
2432
2433         if (res.type == RTN_LOCAL) {
2434                 if (!fl.fl4_src)
2435                         fl.fl4_src = fl.fl4_dst;
2436                 if (dev_out)
2437                         dev_put(dev_out);
2438                 dev_out = net->loopback_dev;
2439                 dev_hold(dev_out);
2440                 fl.oif = dev_out->ifindex;
2441                 if (res.fi)
2442                         fib_info_put(res.fi);
2443                 res.fi = NULL;
2444                 flags |= RTCF_LOCAL;
2445                 goto make_route;
2446         }
2447
2448 #ifdef CONFIG_IP_ROUTE_MULTIPATH
2449         if (res.fi->fib_nhs > 1 && fl.oif == 0)
2450                 fib_select_multipath(&fl, &res);
2451         else
2452 #endif
2453         if (!res.prefixlen && res.type == RTN_UNICAST && !fl.oif)
2454                 fib_select_default(net, &fl, &res);
2455
2456         if (!fl.fl4_src)
2457                 fl.fl4_src = FIB_RES_PREFSRC(res);
2458
2459         if (dev_out)
2460                 dev_put(dev_out);
2461         dev_out = FIB_RES_DEV(res);
2462         dev_hold(dev_out);
2463         fl.oif = dev_out->ifindex;
2464
2465
2466 make_route:
2467         err = ip_mkroute_output(rp, &res, &fl, oldflp, dev_out, flags);
2468
2469
2470         if (free_res)
2471                 fib_res_put(&res);
2472         if (dev_out)
2473                 dev_put(dev_out);
2474 out:    return err;
2475 }
2476
2477 int __ip_route_output_key(struct net *net, struct rtable **rp,
2478                           const struct flowi *flp)
2479 {
2480         unsigned hash;
2481         struct rtable *rth;
2482
2483         hash = rt_hash(flp->fl4_dst, flp->fl4_src, flp->oif);
2484
2485         rcu_read_lock_bh();
2486         for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
2487                 rth = rcu_dereference(rth->u.dst.rt_next)) {
2488                 if (rth->fl.fl4_dst == flp->fl4_dst &&
2489                     rth->fl.fl4_src == flp->fl4_src &&
2490                     rth->fl.iif == 0 &&
2491                     rth->fl.oif == flp->oif &&
2492                     rth->fl.mark == flp->mark &&
2493                     !((rth->fl.fl4_tos ^ flp->fl4_tos) &
2494                             (IPTOS_RT_MASK | RTO_ONLINK)) &&
2495                     net_eq(dev_net(rth->u.dst.dev), net) &&
2496                     rth->rt_genid == atomic_read(&rt_genid)) {
2497                         dst_use(&rth->u.dst, jiffies);
2498                         RT_CACHE_STAT_INC(out_hit);
2499                         rcu_read_unlock_bh();
2500                         *rp = rth;
2501                         return 0;
2502                 }
2503                 RT_CACHE_STAT_INC(out_hlist_search);
2504         }
2505         rcu_read_unlock_bh();
2506
2507         return ip_route_output_slow(net, rp, flp);
2508 }
2509
2510 EXPORT_SYMBOL_GPL(__ip_route_output_key);
2511
2512 static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2513 {
2514 }
2515
2516 static struct dst_ops ipv4_dst_blackhole_ops = {
2517         .family                 =       AF_INET,
2518         .protocol               =       __constant_htons(ETH_P_IP),
2519         .destroy                =       ipv4_dst_destroy,
2520         .check                  =       ipv4_dst_check,
2521         .update_pmtu            =       ipv4_rt_blackhole_update_pmtu,
2522         .entry_size             =       sizeof(struct rtable),
2523         .entries                =       ATOMIC_INIT(0),
2524 };
2525
2526
2527 static int ipv4_dst_blackhole(struct rtable **rp, struct flowi *flp)
2528 {
2529         struct rtable *ort = *rp;
2530         struct rtable *rt = (struct rtable *)
2531                 dst_alloc(&ipv4_dst_blackhole_ops);
2532
2533         if (rt) {
2534                 struct dst_entry *new = &rt->u.dst;
2535
2536                 atomic_set(&new->__refcnt, 1);
2537                 new->__use = 1;
2538                 new->input = dst_discard;
2539                 new->output = dst_discard;
2540                 memcpy(new->metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32));
2541
2542                 new->dev = ort->u.dst.dev;
2543                 if (new->dev)
2544                         dev_hold(new->dev);
2545
2546                 rt->fl = ort->fl;
2547
2548                 rt->idev = ort->idev;
2549                 if (rt->idev)
2550                         in_dev_hold(rt->idev);
2551                 rt->rt_genid = atomic_read(&rt_genid);
2552                 rt->rt_flags = ort->rt_flags;
2553                 rt->rt_type = ort->rt_type;
2554                 rt->rt_dst = ort->rt_dst;
2555                 rt->rt_src = ort->rt_src;
2556                 rt->rt_iif = ort->rt_iif;
2557                 rt->rt_gateway = ort->rt_gateway;
2558                 rt->rt_spec_dst = ort->rt_spec_dst;
2559                 rt->peer = ort->peer;
2560                 if (rt->peer)
2561                         atomic_inc(&rt->peer->refcnt);
2562
2563                 dst_free(new);
2564         }
2565
2566         dst_release(&(*rp)->u.dst);
2567         *rp = rt;
2568         return (rt ? 0 : -ENOMEM);
2569 }
2570
2571 int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp,
2572                          struct sock *sk, int flags)
2573 {
2574         int err;
2575
2576         if ((err = __ip_route_output_key(net, rp, flp)) != 0)
2577                 return err;
2578
2579         if (flp->proto) {
2580                 if (!flp->fl4_src)
2581                         flp->fl4_src = (*rp)->rt_src;
2582                 if (!flp->fl4_dst)
2583                         flp->fl4_dst = (*rp)->rt_dst;
2584                 err = __xfrm_lookup((struct dst_entry **)rp, flp, sk,
2585                                     flags ? XFRM_LOOKUP_WAIT : 0);
2586                 if (err == -EREMOTE)
2587                         err = ipv4_dst_blackhole(rp, flp);
2588
2589                 return err;
2590         }
2591
2592         return 0;
2593 }
2594
2595 EXPORT_SYMBOL_GPL(ip_route_output_flow);
2596
2597 int ip_route_output_key(struct net *net, struct rtable **rp, struct flowi *flp)
2598 {
2599         return ip_route_output_flow(net, rp, flp, NULL, 0);
2600 }
2601
2602 static int rt_fill_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
2603                         int nowait, unsigned int flags)
2604 {
2605         struct rtable *rt = skb->rtable;
2606         struct rtmsg *r;
2607         struct nlmsghdr *nlh;
2608         long expires;
2609         u32 id = 0, ts = 0, tsage = 0, error;
2610
2611         nlh = nlmsg_put(skb, pid, seq, event, sizeof(*r), flags);
2612         if (nlh == NULL)
2613                 return -EMSGSIZE;
2614
2615         r = nlmsg_data(nlh);
2616         r->rtm_family    = AF_INET;
2617         r->rtm_dst_len  = 32;
2618         r->rtm_src_len  = 0;
2619         r->rtm_tos      = rt->fl.fl4_tos;
2620         r->rtm_table    = RT_TABLE_MAIN;
2621         NLA_PUT_U32(skb, RTA_TABLE, RT_TABLE_MAIN);
2622         r->rtm_type     = rt->rt_type;
2623         r->rtm_scope    = RT_SCOPE_UNIVERSE;
2624         r->rtm_protocol = RTPROT_UNSPEC;
2625         r->rtm_flags    = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
2626         if (rt->rt_flags & RTCF_NOTIFY)
2627                 r->rtm_flags |= RTM_F_NOTIFY;
2628
2629         NLA_PUT_BE32(skb, RTA_DST, rt->rt_dst);
2630
2631         if (rt->fl.fl4_src) {
2632                 r->rtm_src_len = 32;
2633                 NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src);
2634         }
2635         if (rt->u.dst.dev)
2636                 NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex);
2637 #ifdef CONFIG_NET_CLS_ROUTE
2638         if (rt->u.dst.tclassid)
2639                 NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid);
2640 #endif
2641         if (rt->fl.iif)
2642                 NLA_PUT_BE32(skb, RTA_PREFSRC, rt->rt_spec_dst);
2643         else if (rt->rt_src != rt->fl.fl4_src)
2644                 NLA_PUT_BE32(skb, RTA_PREFSRC, rt->rt_src);
2645
2646         if (rt->rt_dst != rt->rt_gateway)
2647                 NLA_PUT_BE32(skb, RTA_GATEWAY, rt->rt_gateway);
2648
2649         if (rtnetlink_put_metrics(skb, rt->u.dst.metrics) < 0)
2650                 goto nla_put_failure;
2651
2652         error = rt->u.dst.error;
2653         expires = rt->u.dst.expires ? rt->u.dst.expires - jiffies : 0;
2654         if (rt->peer) {
2655                 id = rt->peer->ip_id_count;
2656                 if (rt->peer->tcp_ts_stamp) {
2657                         ts = rt->peer->tcp_ts;
2658                         tsage = get_seconds() - rt->peer->tcp_ts_stamp;
2659                 }
2660         }
2661
2662         if (rt->fl.iif) {
2663 #ifdef CONFIG_IP_MROUTE
2664                 __be32 dst = rt->rt_dst;
2665
2666                 if (ipv4_is_multicast(dst) && !ipv4_is_local_multicast(dst) &&
2667                     IPV4_DEVCONF_ALL(&init_net, MC_FORWARDING)) {
2668                         int err = ipmr_get_route(skb, r, nowait);
2669                         if (err <= 0) {
2670                                 if (!nowait) {
2671                                         if (err == 0)
2672                                                 return 0;
2673                                         goto nla_put_failure;
2674                                 } else {
2675                                         if (err == -EMSGSIZE)
2676                                                 goto nla_put_failure;
2677                                         error = err;
2678                                 }
2679                         }
2680                 } else
2681 #endif
2682                         NLA_PUT_U32(skb, RTA_IIF, rt->fl.iif);
2683         }
2684
2685         if (rtnl_put_cacheinfo(skb, &rt->u.dst, id, ts, tsage,
2686                                expires, error) < 0)
2687                 goto nla_put_failure;
2688
2689         return nlmsg_end(skb, nlh);
2690
2691 nla_put_failure:
2692         nlmsg_cancel(skb, nlh);
2693         return -EMSGSIZE;
2694 }
2695
2696 static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2697 {
2698         struct net *net = sock_net(in_skb->sk);
2699         struct rtmsg *rtm;
2700         struct nlattr *tb[RTA_MAX+1];
2701         struct rtable *rt = NULL;
2702         __be32 dst = 0;
2703         __be32 src = 0;
2704         u32 iif;
2705         int err;
2706         struct sk_buff *skb;
2707
2708         err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy);
2709         if (err < 0)
2710                 goto errout;
2711
2712         rtm = nlmsg_data(nlh);
2713
2714         skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
2715         if (skb == NULL) {
2716                 err = -ENOBUFS;
2717                 goto errout;
2718         }
2719
2720         /* Reserve room for dummy headers, this skb can pass
2721            through good chunk of routing engine.
2722          */
2723         skb_reset_mac_header(skb);
2724         skb_reset_network_header(skb);
2725
2726         /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2727         ip_hdr(skb)->protocol = IPPROTO_ICMP;
2728         skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2729
2730         src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
2731         dst = tb[RTA_DST] ? nla_get_be32(tb[RTA_DST]) : 0;
2732         iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0;
2733
2734         if (iif) {
2735                 struct net_device *dev;
2736
2737                 dev = __dev_get_by_index(net, iif);
2738                 if (dev == NULL) {
2739                         err = -ENODEV;
2740                         goto errout_free;
2741                 }
2742
2743                 skb->protocol   = htons(ETH_P_IP);
2744                 skb->dev        = dev;
2745                 local_bh_disable();
2746                 err = ip_route_input(skb, dst, src, rtm->rtm_tos, dev);
2747                 local_bh_enable();
2748
2749                 rt = skb->rtable;
2750                 if (err == 0 && rt->u.dst.error)
2751                         err = -rt->u.dst.error;
2752         } else {
2753                 struct flowi fl = {
2754                         .nl_u = {
2755                                 .ip4_u = {
2756                                         .daddr = dst,
2757                                         .saddr = src,
2758                                         .tos = rtm->rtm_tos,
2759                                 },
2760                         },
2761                         .oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0,
2762                 };
2763                 err = ip_route_output_key(net, &rt, &fl);
2764         }
2765
2766         if (err)
2767                 goto errout_free;
2768
2769         skb->rtable = rt;
2770         if (rtm->rtm_flags & RTM_F_NOTIFY)
2771                 rt->rt_flags |= RTCF_NOTIFY;
2772
2773         err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
2774                            RTM_NEWROUTE, 0, 0);
2775         if (err <= 0)
2776                 goto errout_free;
2777
2778         err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
2779 errout:
2780         return err;
2781
2782 errout_free:
2783         kfree_skb(skb);
2784         goto errout;
2785 }
2786
2787 int ip_rt_dump(struct sk_buff *skb,  struct netlink_callback *cb)
2788 {
2789         struct rtable *rt;
2790         int h, s_h;
2791         int idx, s_idx;
2792         struct net *net;
2793
2794         net = sock_net(skb->sk);
2795
2796         s_h = cb->args[0];
2797         if (s_h < 0)
2798                 s_h = 0;
2799         s_idx = idx = cb->args[1];
2800         for (h = s_h; h <= rt_hash_mask; h++) {
2801                 rcu_read_lock_bh();
2802                 for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
2803                      rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
2804                         if (!net_eq(dev_net(rt->u.dst.dev), net) || idx < s_idx)
2805                                 continue;
2806                         if (rt->rt_genid != atomic_read(&rt_genid))
2807                                 continue;
2808                         skb->dst = dst_clone(&rt->u.dst);
2809                         if (rt_fill_info(skb, NETLINK_CB(cb->skb).pid,
2810                                          cb->nlh->nlmsg_seq, RTM_NEWROUTE,
2811                                          1, NLM_F_MULTI) <= 0) {
2812                                 dst_release(xchg(&skb->dst, NULL));
2813                                 rcu_read_unlock_bh();
2814                                 goto done;
2815                         }
2816                         dst_release(xchg(&skb->dst, NULL));
2817                 }
2818                 rcu_read_unlock_bh();
2819                 s_idx = 0;
2820         }
2821
2822 done:
2823         cb->args[0] = h;
2824         cb->args[1] = idx;
2825         return skb->len;
2826 }
2827
2828 void ip_rt_multicast_event(struct in_device *in_dev)
2829 {
2830         rt_cache_flush(0);
2831 }
2832
2833 #ifdef CONFIG_SYSCTL
2834 static int flush_delay;
2835
2836 static int ipv4_sysctl_rtcache_flush(ctl_table *ctl, int write,
2837                                         struct file *filp, void __user *buffer,
2838                                         size_t *lenp, loff_t *ppos)
2839 {
2840         if (write) {
2841                 proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
2842                 rt_cache_flush(flush_delay);
2843                 return 0;
2844         }
2845
2846         return -EINVAL;
2847 }
2848
2849 static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
2850                                                 int __user *name,
2851                                                 int nlen,
2852                                                 void __user *oldval,
2853                                                 size_t __user *oldlenp,
2854                                                 void __user *newval,
2855                                                 size_t newlen)
2856 {
2857         int delay;
2858         if (newlen != sizeof(int))
2859                 return -EINVAL;
2860         if (get_user(delay, (int __user *)newval))
2861                 return -EFAULT;
2862         rt_cache_flush(delay);
2863         return 0;
2864 }
2865
2866 ctl_table ipv4_route_table[] = {
2867         {
2868                 .ctl_name       = NET_IPV4_ROUTE_FLUSH,
2869                 .procname       = "flush",
2870                 .data           = &flush_delay,
2871                 .maxlen         = sizeof(int),
2872                 .mode           = 0200,
2873                 .proc_handler   = &ipv4_sysctl_rtcache_flush,
2874                 .strategy       = &ipv4_sysctl_rtcache_flush_strategy,
2875         },
2876         {
2877                 .ctl_name       = NET_IPV4_ROUTE_GC_THRESH,
2878                 .procname       = "gc_thresh",
2879                 .data           = &ipv4_dst_ops.gc_thresh,
2880                 .maxlen         = sizeof(int),
2881                 .mode           = 0644,
2882                 .proc_handler   = &proc_dointvec,
2883         },
2884         {
2885                 .ctl_name       = NET_IPV4_ROUTE_MAX_SIZE,
2886                 .procname       = "max_size",
2887                 .data           = &ip_rt_max_size,
2888                 .maxlen         = sizeof(int),
2889                 .mode           = 0644,
2890                 .proc_handler   = &proc_dointvec,
2891         },
2892         {
2893                 /*  Deprecated. Use gc_min_interval_ms */
2894
2895                 .ctl_name       = NET_IPV4_ROUTE_GC_MIN_INTERVAL,
2896                 .procname       = "gc_min_interval",
2897                 .data           = &ip_rt_gc_min_interval,
2898                 .maxlen         = sizeof(int),
2899                 .mode           = 0644,
2900                 .proc_handler   = &proc_dointvec_jiffies,
2901                 .strategy       = &sysctl_jiffies,
2902         },
2903         {
2904                 .ctl_name       = NET_IPV4_ROUTE_GC_MIN_INTERVAL_MS,
2905                 .procname       = "gc_min_interval_ms",
2906                 .data           = &ip_rt_gc_min_interval,
2907                 .maxlen         = sizeof(int),
2908                 .mode           = 0644,
2909                 .proc_handler   = &proc_dointvec_ms_jiffies,
2910                 .strategy       = &sysctl_ms_jiffies,
2911         },
2912         {
2913                 .ctl_name       = NET_IPV4_ROUTE_GC_TIMEOUT,
2914                 .procname       = "gc_timeout",
2915                 .data           = &ip_rt_gc_timeout,
2916                 .maxlen         = sizeof(int),
2917                 .mode           = 0644,
2918                 .proc_handler   = &proc_dointvec_jiffies,
2919                 .strategy       = &sysctl_jiffies,
2920         },
2921         {
2922                 .ctl_name       = NET_IPV4_ROUTE_GC_INTERVAL,
2923                 .procname       = "gc_interval",
2924                 .data           = &ip_rt_gc_interval,
2925                 .maxlen         = sizeof(int),
2926                 .mode           = 0644,
2927                 .proc_handler   = &proc_dointvec_jiffies,
2928                 .strategy       = &sysctl_jiffies,
2929         },
2930         {
2931                 .ctl_name       = NET_IPV4_ROUTE_REDIRECT_LOAD,
2932                 .procname       = "redirect_load",
2933                 .data           = &ip_rt_redirect_load,
2934                 .maxlen         = sizeof(int),
2935                 .mode           = 0644,
2936                 .proc_handler   = &proc_dointvec,
2937         },
2938         {
2939                 .ctl_name       = NET_IPV4_ROUTE_REDIRECT_NUMBER,
2940                 .procname       = "redirect_number",
2941                 .data           = &ip_rt_redirect_number,
2942                 .maxlen         = sizeof(int),
2943                 .mode           = 0644,
2944                 .proc_handler   = &proc_dointvec,
2945         },
2946         {
2947                 .ctl_name       = NET_IPV4_ROUTE_REDIRECT_SILENCE,
2948                 .procname       = "redirect_silence",
2949                 .data           = &ip_rt_redirect_silence,
2950                 .maxlen         = sizeof(int),
2951                 .mode           = 0644,
2952                 .proc_handler   = &proc_dointvec,
2953         },
2954         {
2955                 .ctl_name       = NET_IPV4_ROUTE_ERROR_COST,
2956                 .procname       = "error_cost",
2957                 .data           = &ip_rt_error_cost,
2958                 .maxlen         = sizeof(int),
2959                 .mode           = 0644,
2960                 .proc_handler   = &proc_dointvec,
2961         },
2962         {
2963                 .ctl_name       = NET_IPV4_ROUTE_ERROR_BURST,
2964                 .procname       = "error_burst",
2965                 .data           = &ip_rt_error_burst,
2966                 .maxlen         = sizeof(int),
2967                 .mode           = 0644,
2968                 .proc_handler   = &proc_dointvec,
2969         },
2970         {
2971                 .ctl_name       = NET_IPV4_ROUTE_GC_ELASTICITY,
2972                 .procname       = "gc_elasticity",
2973                 .data           = &ip_rt_gc_elasticity,
2974                 .maxlen         = sizeof(int),
2975                 .mode           = 0644,
2976                 .proc_handler   = &proc_dointvec,
2977         },
2978         {
2979                 .ctl_name       = NET_IPV4_ROUTE_MTU_EXPIRES,
2980                 .procname       = "mtu_expires",
2981                 .data           = &ip_rt_mtu_expires,
2982                 .maxlen         = sizeof(int),
2983                 .mode           = 0644,
2984                 .proc_handler   = &proc_dointvec_jiffies,
2985                 .strategy       = &sysctl_jiffies,
2986         },
2987         {
2988                 .ctl_name       = NET_IPV4_ROUTE_MIN_PMTU,
2989                 .procname       = "min_pmtu",
2990                 .data           = &ip_rt_min_pmtu,
2991                 .maxlen         = sizeof(int),
2992                 .mode           = 0644,
2993                 .proc_handler   = &proc_dointvec,
2994         },
2995         {
2996                 .ctl_name       = NET_IPV4_ROUTE_MIN_ADVMSS,
2997                 .procname       = "min_adv_mss",
2998                 .data           = &ip_rt_min_advmss,
2999                 .maxlen         = sizeof(int),
3000                 .mode           = 0644,
3001                 .proc_handler   = &proc_dointvec,
3002         },
3003         {
3004                 .ctl_name       = NET_IPV4_ROUTE_SECRET_INTERVAL,
3005                 .procname       = "secret_interval",
3006                 .data           = &ip_rt_secret_interval,
3007                 .maxlen         = sizeof(int),
3008                 .mode           = 0644,
3009                 .proc_handler   = &proc_dointvec_jiffies,
3010                 .strategy       = &sysctl_jiffies,
3011         },
3012         { .ctl_name = 0 }
3013 };
3014 #endif
3015
3016 #ifdef CONFIG_NET_CLS_ROUTE
3017 struct ip_rt_acct *ip_rt_acct __read_mostly;
3018 #endif /* CONFIG_NET_CLS_ROUTE */
3019
3020 static __initdata unsigned long rhash_entries;
3021 static int __init set_rhash_entries(char *str)
3022 {
3023         if (!str)
3024                 return 0;
3025         rhash_entries = simple_strtoul(str, &str, 0);
3026         return 1;
3027 }
3028 __setup("rhash_entries=", set_rhash_entries);
3029
3030 int __init ip_rt_init(void)
3031 {
3032         int rc = 0;
3033
3034         atomic_set(&rt_genid, (int) ((num_physpages ^ (num_physpages>>8)) ^
3035                              (jiffies ^ (jiffies >> 7))));
3036
3037 #ifdef CONFIG_NET_CLS_ROUTE
3038         ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct));
3039         if (!ip_rt_acct)
3040                 panic("IP: failed to allocate ip_rt_acct\n");
3041 #endif
3042
3043         ipv4_dst_ops.kmem_cachep =
3044                 kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0,
3045                                   SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3046
3047         ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep;
3048
3049         rt_hash_table = (struct rt_hash_bucket *)
3050                 alloc_large_system_hash("IP route cache",
3051                                         sizeof(struct rt_hash_bucket),
3052                                         rhash_entries,
3053                                         (num_physpages >= 128 * 1024) ?
3054                                         15 : 17,
3055                                         0,
3056                                         &rt_hash_log,
3057                                         &rt_hash_mask,
3058                                         0);
3059         memset(rt_hash_table, 0, (rt_hash_mask + 1) * sizeof(struct rt_hash_bucket));
3060         rt_hash_lock_init();
3061
3062         ipv4_dst_ops.gc_thresh = (rt_hash_mask + 1);
3063         ip_rt_max_size = (rt_hash_mask + 1) * 16;
3064
3065         devinet_init();
3066         ip_fib_init();
3067
3068         rt_secret_timer.function = rt_secret_rebuild;
3069         rt_secret_timer.data = 0;
3070         init_timer_deferrable(&rt_secret_timer);
3071
3072         /* All the timers, started at system startup tend
3073            to synchronize. Perturb it a bit.
3074          */
3075         schedule_delayed_work(&expires_work,
3076                 net_random() % ip_rt_gc_interval + ip_rt_gc_interval);
3077
3078         rt_secret_timer.expires = jiffies + net_random() % ip_rt_secret_interval +
3079                 ip_rt_secret_interval;
3080         add_timer(&rt_secret_timer);
3081
3082         if (ip_rt_proc_init())
3083                 printk(KERN_ERR "Unable to create route proc files\n");
3084 #ifdef CONFIG_XFRM
3085         xfrm_init();
3086         xfrm4_init();
3087 #endif
3088         rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL);
3089
3090         return rc;
3091 }
3092
3093 EXPORT_SYMBOL(__ip_select_ident);
3094 EXPORT_SYMBOL(ip_route_input);
3095 EXPORT_SYMBOL(ip_route_output_key);