| 1 | /* |
| 2 | * Linux INET6 implementation |
| 3 | * FIB front-end. |
| 4 | * |
| 5 | * Authors: |
| 6 | * Pedro Roque <roque@di.fc.ul.pt> |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public License |
| 10 | * as published by the Free Software Foundation; either version |
| 11 | * 2 of the License, or (at your option) any later version. |
| 12 | */ |
| 13 | |
| 14 | /* Changes: |
| 15 | * |
| 16 | * YOSHIFUJI Hideaki @USAGI |
| 17 | * reworked default router selection. |
| 18 | * - respect outgoing interface |
| 19 | * - select from (probably) reachable routers (i.e. |
| 20 | * routers in REACHABLE, STALE, DELAY or PROBE states). |
| 21 | * - always select the same router if it is (probably) |
| 22 | * reachable. otherwise, round-robin the list. |
| 23 | * Ville Nuorvala |
| 24 | * Fixed routing subtrees. |
| 25 | */ |
| 26 | |
| 27 | #define pr_fmt(fmt) "IPv6: " fmt |
| 28 | |
| 29 | #include <linux/capability.h> |
| 30 | #include <linux/errno.h> |
| 31 | #include <linux/export.h> |
| 32 | #include <linux/types.h> |
| 33 | #include <linux/times.h> |
| 34 | #include <linux/socket.h> |
| 35 | #include <linux/sockios.h> |
| 36 | #include <linux/net.h> |
| 37 | #include <linux/route.h> |
| 38 | #include <linux/netdevice.h> |
| 39 | #include <linux/in6.h> |
| 40 | #include <linux/mroute6.h> |
| 41 | #include <linux/init.h> |
| 42 | #include <linux/if_arp.h> |
| 43 | #include <linux/proc_fs.h> |
| 44 | #include <linux/seq_file.h> |
| 45 | #include <linux/nsproxy.h> |
| 46 | #include <linux/slab.h> |
| 47 | #include <linux/jhash.h> |
| 48 | #include <net/net_namespace.h> |
| 49 | #include <net/snmp.h> |
| 50 | #include <net/ipv6.h> |
| 51 | #include <net/ip6_fib.h> |
| 52 | #include <net/ip6_route.h> |
| 53 | #include <net/ndisc.h> |
| 54 | #include <net/addrconf.h> |
| 55 | #include <net/tcp.h> |
| 56 | #include <linux/rtnetlink.h> |
| 57 | #include <net/dst.h> |
| 58 | #include <net/dst_metadata.h> |
| 59 | #include <net/xfrm.h> |
| 60 | #include <net/netevent.h> |
| 61 | #include <net/netlink.h> |
| 62 | #include <net/nexthop.h> |
| 63 | #include <net/lwtunnel.h> |
| 64 | #include <net/ip_tunnels.h> |
| 65 | #include <net/l3mdev.h> |
| 66 | #include <trace/events/fib6.h> |
| 67 | |
| 68 | #include <linux/uaccess.h> |
| 69 | |
| 70 | #ifdef CONFIG_SYSCTL |
| 71 | #include <linux/sysctl.h> |
| 72 | #endif |
| 73 | |
| 74 | enum rt6_nud_state { |
| 75 | RT6_NUD_FAIL_HARD = -3, |
| 76 | RT6_NUD_FAIL_PROBE = -2, |
| 77 | RT6_NUD_FAIL_DO_RR = -1, |
| 78 | RT6_NUD_SUCCEED = 1 |
| 79 | }; |
| 80 | |
| 81 | static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort); |
| 82 | static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie); |
| 83 | static unsigned int ip6_default_advmss(const struct dst_entry *dst); |
| 84 | static unsigned int ip6_mtu(const struct dst_entry *dst); |
| 85 | static struct dst_entry *ip6_negative_advice(struct dst_entry *); |
| 86 | static void ip6_dst_destroy(struct dst_entry *); |
| 87 | static void ip6_dst_ifdown(struct dst_entry *, |
| 88 | struct net_device *dev, int how); |
| 89 | static int ip6_dst_gc(struct dst_ops *ops); |
| 90 | |
| 91 | static int ip6_pkt_discard(struct sk_buff *skb); |
| 92 | static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb); |
| 93 | static int ip6_pkt_prohibit(struct sk_buff *skb); |
| 94 | static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb); |
| 95 | static void ip6_link_failure(struct sk_buff *skb); |
| 96 | static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, |
| 97 | struct sk_buff *skb, u32 mtu); |
| 98 | static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, |
| 99 | struct sk_buff *skb); |
| 100 | static void rt6_dst_from_metrics_check(struct rt6_info *rt); |
| 101 | static int rt6_score_route(struct rt6_info *rt, int oif, int strict); |
| 102 | static size_t rt6_nlmsg_size(struct rt6_info *rt); |
| 103 | static int rt6_fill_node(struct net *net, |
| 104 | struct sk_buff *skb, struct rt6_info *rt, |
| 105 | struct in6_addr *dst, struct in6_addr *src, |
| 106 | int iif, int type, u32 portid, u32 seq, |
| 107 | unsigned int flags); |
| 108 | static struct rt6_info *rt6_find_cached_rt(struct rt6_info *rt, |
| 109 | struct in6_addr *daddr, |
| 110 | struct in6_addr *saddr); |
| 111 | |
| 112 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 113 | static struct rt6_info *rt6_add_route_info(struct net *net, |
| 114 | const struct in6_addr *prefix, int prefixlen, |
| 115 | const struct in6_addr *gwaddr, |
| 116 | struct net_device *dev, |
| 117 | unsigned int pref); |
| 118 | static struct rt6_info *rt6_get_route_info(struct net *net, |
| 119 | const struct in6_addr *prefix, int prefixlen, |
| 120 | const struct in6_addr *gwaddr, |
| 121 | struct net_device *dev); |
| 122 | #endif |
| 123 | |
| 124 | struct uncached_list { |
| 125 | spinlock_t lock; |
| 126 | struct list_head head; |
| 127 | }; |
| 128 | |
| 129 | static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list); |
| 130 | |
| 131 | void rt6_uncached_list_add(struct rt6_info *rt) |
| 132 | { |
| 133 | struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list); |
| 134 | |
| 135 | rt->rt6i_uncached_list = ul; |
| 136 | |
| 137 | spin_lock_bh(&ul->lock); |
| 138 | list_add_tail(&rt->rt6i_uncached, &ul->head); |
| 139 | spin_unlock_bh(&ul->lock); |
| 140 | } |
| 141 | |
| 142 | void rt6_uncached_list_del(struct rt6_info *rt) |
| 143 | { |
| 144 | if (!list_empty(&rt->rt6i_uncached)) { |
| 145 | struct uncached_list *ul = rt->rt6i_uncached_list; |
| 146 | struct net *net = dev_net(rt->dst.dev); |
| 147 | |
| 148 | spin_lock_bh(&ul->lock); |
| 149 | list_del(&rt->rt6i_uncached); |
| 150 | atomic_dec(&net->ipv6.rt6_stats->fib_rt_uncache); |
| 151 | spin_unlock_bh(&ul->lock); |
| 152 | } |
| 153 | } |
| 154 | |
| 155 | static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev) |
| 156 | { |
| 157 | struct net_device *loopback_dev = net->loopback_dev; |
| 158 | int cpu; |
| 159 | |
| 160 | if (dev == loopback_dev) |
| 161 | return; |
| 162 | |
| 163 | for_each_possible_cpu(cpu) { |
| 164 | struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu); |
| 165 | struct rt6_info *rt; |
| 166 | |
| 167 | spin_lock_bh(&ul->lock); |
| 168 | list_for_each_entry(rt, &ul->head, rt6i_uncached) { |
| 169 | struct inet6_dev *rt_idev = rt->rt6i_idev; |
| 170 | struct net_device *rt_dev = rt->dst.dev; |
| 171 | |
| 172 | if (rt_idev->dev == dev) { |
| 173 | rt->rt6i_idev = in6_dev_get(loopback_dev); |
| 174 | in6_dev_put(rt_idev); |
| 175 | } |
| 176 | |
| 177 | if (rt_dev == dev) { |
| 178 | rt->dst.dev = loopback_dev; |
| 179 | dev_hold(rt->dst.dev); |
| 180 | dev_put(rt_dev); |
| 181 | } |
| 182 | } |
| 183 | spin_unlock_bh(&ul->lock); |
| 184 | } |
| 185 | } |
| 186 | |
| 187 | static u32 *rt6_pcpu_cow_metrics(struct rt6_info *rt) |
| 188 | { |
| 189 | return dst_metrics_write_ptr(&rt->from->dst); |
| 190 | } |
| 191 | |
| 192 | static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old) |
| 193 | { |
| 194 | struct rt6_info *rt = (struct rt6_info *)dst; |
| 195 | |
| 196 | if (rt->rt6i_flags & RTF_PCPU) |
| 197 | return rt6_pcpu_cow_metrics(rt); |
| 198 | else if (rt->rt6i_flags & RTF_CACHE) |
| 199 | return NULL; |
| 200 | else |
| 201 | return dst_cow_metrics_generic(dst, old); |
| 202 | } |
| 203 | |
| 204 | static inline const void *choose_neigh_daddr(struct rt6_info *rt, |
| 205 | struct sk_buff *skb, |
| 206 | const void *daddr) |
| 207 | { |
| 208 | struct in6_addr *p = &rt->rt6i_gateway; |
| 209 | |
| 210 | if (!ipv6_addr_any(p)) |
| 211 | return (const void *) p; |
| 212 | else if (skb) |
| 213 | return &ipv6_hdr(skb)->daddr; |
| 214 | return daddr; |
| 215 | } |
| 216 | |
| 217 | static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst, |
| 218 | struct sk_buff *skb, |
| 219 | const void *daddr) |
| 220 | { |
| 221 | struct rt6_info *rt = (struct rt6_info *) dst; |
| 222 | struct neighbour *n; |
| 223 | |
| 224 | daddr = choose_neigh_daddr(rt, skb, daddr); |
| 225 | n = __ipv6_neigh_lookup(dst->dev, daddr); |
| 226 | if (n) |
| 227 | return n; |
| 228 | return neigh_create(&nd_tbl, daddr, dst->dev); |
| 229 | } |
| 230 | |
| 231 | static void ip6_confirm_neigh(const struct dst_entry *dst, const void *daddr) |
| 232 | { |
| 233 | struct net_device *dev = dst->dev; |
| 234 | struct rt6_info *rt = (struct rt6_info *)dst; |
| 235 | |
| 236 | daddr = choose_neigh_daddr(rt, NULL, daddr); |
| 237 | if (!daddr) |
| 238 | return; |
| 239 | if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) |
| 240 | return; |
| 241 | if (ipv6_addr_is_multicast((const struct in6_addr *)daddr)) |
| 242 | return; |
| 243 | __ipv6_confirm_neigh(dev, daddr); |
| 244 | } |
| 245 | |
| 246 | static struct dst_ops ip6_dst_ops_template = { |
| 247 | .family = AF_INET6, |
| 248 | .gc = ip6_dst_gc, |
| 249 | .gc_thresh = 1024, |
| 250 | .check = ip6_dst_check, |
| 251 | .default_advmss = ip6_default_advmss, |
| 252 | .mtu = ip6_mtu, |
| 253 | .cow_metrics = ipv6_cow_metrics, |
| 254 | .destroy = ip6_dst_destroy, |
| 255 | .ifdown = ip6_dst_ifdown, |
| 256 | .negative_advice = ip6_negative_advice, |
| 257 | .link_failure = ip6_link_failure, |
| 258 | .update_pmtu = ip6_rt_update_pmtu, |
| 259 | .redirect = rt6_do_redirect, |
| 260 | .local_out = __ip6_local_out, |
| 261 | .neigh_lookup = ip6_neigh_lookup, |
| 262 | .confirm_neigh = ip6_confirm_neigh, |
| 263 | }; |
| 264 | |
| 265 | static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst) |
| 266 | { |
| 267 | unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); |
| 268 | |
| 269 | return mtu ? : dst->dev->mtu; |
| 270 | } |
| 271 | |
| 272 | static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk, |
| 273 | struct sk_buff *skb, u32 mtu) |
| 274 | { |
| 275 | } |
| 276 | |
| 277 | static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk, |
| 278 | struct sk_buff *skb) |
| 279 | { |
| 280 | } |
| 281 | |
| 282 | static struct dst_ops ip6_dst_blackhole_ops = { |
| 283 | .family = AF_INET6, |
| 284 | .destroy = ip6_dst_destroy, |
| 285 | .check = ip6_dst_check, |
| 286 | .mtu = ip6_blackhole_mtu, |
| 287 | .default_advmss = ip6_default_advmss, |
| 288 | .update_pmtu = ip6_rt_blackhole_update_pmtu, |
| 289 | .redirect = ip6_rt_blackhole_redirect, |
| 290 | .cow_metrics = dst_cow_metrics_generic, |
| 291 | .neigh_lookup = ip6_neigh_lookup, |
| 292 | }; |
| 293 | |
| 294 | static const u32 ip6_template_metrics[RTAX_MAX] = { |
| 295 | [RTAX_HOPLIMIT - 1] = 0, |
| 296 | }; |
| 297 | |
| 298 | static const struct rt6_info ip6_null_entry_template = { |
| 299 | .dst = { |
| 300 | .__refcnt = ATOMIC_INIT(1), |
| 301 | .__use = 1, |
| 302 | .obsolete = DST_OBSOLETE_FORCE_CHK, |
| 303 | .error = -ENETUNREACH, |
| 304 | .input = ip6_pkt_discard, |
| 305 | .output = ip6_pkt_discard_out, |
| 306 | }, |
| 307 | .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), |
| 308 | .rt6i_protocol = RTPROT_KERNEL, |
| 309 | .rt6i_metric = ~(u32) 0, |
| 310 | .rt6i_ref = ATOMIC_INIT(1), |
| 311 | }; |
| 312 | |
| 313 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 314 | |
| 315 | static const struct rt6_info ip6_prohibit_entry_template = { |
| 316 | .dst = { |
| 317 | .__refcnt = ATOMIC_INIT(1), |
| 318 | .__use = 1, |
| 319 | .obsolete = DST_OBSOLETE_FORCE_CHK, |
| 320 | .error = -EACCES, |
| 321 | .input = ip6_pkt_prohibit, |
| 322 | .output = ip6_pkt_prohibit_out, |
| 323 | }, |
| 324 | .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), |
| 325 | .rt6i_protocol = RTPROT_KERNEL, |
| 326 | .rt6i_metric = ~(u32) 0, |
| 327 | .rt6i_ref = ATOMIC_INIT(1), |
| 328 | }; |
| 329 | |
| 330 | static const struct rt6_info ip6_blk_hole_entry_template = { |
| 331 | .dst = { |
| 332 | .__refcnt = ATOMIC_INIT(1), |
| 333 | .__use = 1, |
| 334 | .obsolete = DST_OBSOLETE_FORCE_CHK, |
| 335 | .error = -EINVAL, |
| 336 | .input = dst_discard, |
| 337 | .output = dst_discard_out, |
| 338 | }, |
| 339 | .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), |
| 340 | .rt6i_protocol = RTPROT_KERNEL, |
| 341 | .rt6i_metric = ~(u32) 0, |
| 342 | .rt6i_ref = ATOMIC_INIT(1), |
| 343 | }; |
| 344 | |
| 345 | #endif |
| 346 | |
| 347 | static void rt6_info_init(struct rt6_info *rt) |
| 348 | { |
| 349 | struct dst_entry *dst = &rt->dst; |
| 350 | |
| 351 | memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); |
| 352 | INIT_LIST_HEAD(&rt->rt6i_siblings); |
| 353 | INIT_LIST_HEAD(&rt->rt6i_uncached); |
| 354 | } |
| 355 | |
| 356 | /* allocate dst with ip6_dst_ops */ |
| 357 | static struct rt6_info *__ip6_dst_alloc(struct net *net, |
| 358 | struct net_device *dev, |
| 359 | int flags) |
| 360 | { |
| 361 | struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, |
| 362 | 1, DST_OBSOLETE_FORCE_CHK, flags); |
| 363 | |
| 364 | if (rt) { |
| 365 | rt6_info_init(rt); |
| 366 | atomic_inc(&net->ipv6.rt6_stats->fib_rt_alloc); |
| 367 | } |
| 368 | |
| 369 | return rt; |
| 370 | } |
| 371 | |
| 372 | struct rt6_info *ip6_dst_alloc(struct net *net, |
| 373 | struct net_device *dev, |
| 374 | int flags) |
| 375 | { |
| 376 | struct rt6_info *rt = __ip6_dst_alloc(net, dev, flags); |
| 377 | |
| 378 | if (rt) { |
| 379 | rt->rt6i_pcpu = alloc_percpu_gfp(struct rt6_info *, GFP_ATOMIC); |
| 380 | if (!rt->rt6i_pcpu) { |
| 381 | dst_release_immediate(&rt->dst); |
| 382 | return NULL; |
| 383 | } |
| 384 | } |
| 385 | |
| 386 | return rt; |
| 387 | } |
| 388 | EXPORT_SYMBOL(ip6_dst_alloc); |
| 389 | |
| 390 | static void ip6_dst_destroy(struct dst_entry *dst) |
| 391 | { |
| 392 | struct rt6_info *rt = (struct rt6_info *)dst; |
| 393 | struct rt6_exception_bucket *bucket; |
| 394 | struct rt6_info *from = rt->from; |
| 395 | struct inet6_dev *idev; |
| 396 | |
| 397 | dst_destroy_metrics_generic(dst); |
| 398 | free_percpu(rt->rt6i_pcpu); |
| 399 | rt6_uncached_list_del(rt); |
| 400 | |
| 401 | idev = rt->rt6i_idev; |
| 402 | if (idev) { |
| 403 | rt->rt6i_idev = NULL; |
| 404 | in6_dev_put(idev); |
| 405 | } |
| 406 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, 1); |
| 407 | if (bucket) { |
| 408 | rt->rt6i_exception_bucket = NULL; |
| 409 | kfree(bucket); |
| 410 | } |
| 411 | |
| 412 | rt->from = NULL; |
| 413 | dst_release(&from->dst); |
| 414 | } |
| 415 | |
| 416 | static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev, |
| 417 | int how) |
| 418 | { |
| 419 | struct rt6_info *rt = (struct rt6_info *)dst; |
| 420 | struct inet6_dev *idev = rt->rt6i_idev; |
| 421 | struct net_device *loopback_dev = |
| 422 | dev_net(dev)->loopback_dev; |
| 423 | |
| 424 | if (idev && idev->dev != loopback_dev) { |
| 425 | struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev); |
| 426 | if (loopback_idev) { |
| 427 | rt->rt6i_idev = loopback_idev; |
| 428 | in6_dev_put(idev); |
| 429 | } |
| 430 | } |
| 431 | } |
| 432 | |
| 433 | static bool __rt6_check_expired(const struct rt6_info *rt) |
| 434 | { |
| 435 | if (rt->rt6i_flags & RTF_EXPIRES) |
| 436 | return time_after(jiffies, rt->dst.expires); |
| 437 | else |
| 438 | return false; |
| 439 | } |
| 440 | |
| 441 | static bool rt6_check_expired(const struct rt6_info *rt) |
| 442 | { |
| 443 | if (rt->rt6i_flags & RTF_EXPIRES) { |
| 444 | if (time_after(jiffies, rt->dst.expires)) |
| 445 | return true; |
| 446 | } else if (rt->from) { |
| 447 | return rt->dst.obsolete != DST_OBSOLETE_FORCE_CHK || |
| 448 | rt6_check_expired(rt->from); |
| 449 | } |
| 450 | return false; |
| 451 | } |
| 452 | |
| 453 | static struct rt6_info *rt6_multipath_select(struct rt6_info *match, |
| 454 | struct flowi6 *fl6, int oif, |
| 455 | int strict) |
| 456 | { |
| 457 | struct rt6_info *sibling, *next_sibling; |
| 458 | |
| 459 | /* We might have already computed the hash for ICMPv6 errors. In such |
| 460 | * case it will always be non-zero. Otherwise now is the time to do it. |
| 461 | */ |
| 462 | if (!fl6->mp_hash) |
| 463 | fl6->mp_hash = rt6_multipath_hash(fl6, NULL); |
| 464 | |
| 465 | if (fl6->mp_hash <= atomic_read(&match->rt6i_nh_upper_bound)) |
| 466 | return match; |
| 467 | |
| 468 | list_for_each_entry_safe(sibling, next_sibling, &match->rt6i_siblings, |
| 469 | rt6i_siblings) { |
| 470 | if (fl6->mp_hash > atomic_read(&sibling->rt6i_nh_upper_bound)) |
| 471 | continue; |
| 472 | if (rt6_score_route(sibling, oif, strict) < 0) |
| 473 | break; |
| 474 | match = sibling; |
| 475 | break; |
| 476 | } |
| 477 | |
| 478 | return match; |
| 479 | } |
| 480 | |
| 481 | /* |
| 482 | * Route lookup. rcu_read_lock() should be held. |
| 483 | */ |
| 484 | |
| 485 | static inline struct rt6_info *rt6_device_match(struct net *net, |
| 486 | struct rt6_info *rt, |
| 487 | const struct in6_addr *saddr, |
| 488 | int oif, |
| 489 | int flags) |
| 490 | { |
| 491 | struct rt6_info *local = NULL; |
| 492 | struct rt6_info *sprt; |
| 493 | |
| 494 | if (!oif && ipv6_addr_any(saddr) && !(rt->rt6i_nh_flags & RTNH_F_DEAD)) |
| 495 | return rt; |
| 496 | |
| 497 | for (sprt = rt; sprt; sprt = rcu_dereference(sprt->rt6_next)) { |
| 498 | struct net_device *dev = sprt->dst.dev; |
| 499 | |
| 500 | if (sprt->rt6i_nh_flags & RTNH_F_DEAD) |
| 501 | continue; |
| 502 | |
| 503 | if (oif) { |
| 504 | if (dev->ifindex == oif) |
| 505 | return sprt; |
| 506 | if (dev->flags & IFF_LOOPBACK) { |
| 507 | if (!sprt->rt6i_idev || |
| 508 | sprt->rt6i_idev->dev->ifindex != oif) { |
| 509 | if (flags & RT6_LOOKUP_F_IFACE) |
| 510 | continue; |
| 511 | if (local && |
| 512 | local->rt6i_idev->dev->ifindex == oif) |
| 513 | continue; |
| 514 | } |
| 515 | local = sprt; |
| 516 | } |
| 517 | } else { |
| 518 | if (ipv6_chk_addr(net, saddr, dev, |
| 519 | flags & RT6_LOOKUP_F_IFACE)) |
| 520 | return sprt; |
| 521 | } |
| 522 | } |
| 523 | |
| 524 | if (oif) { |
| 525 | if (local) |
| 526 | return local; |
| 527 | |
| 528 | if (flags & RT6_LOOKUP_F_IFACE) |
| 529 | return net->ipv6.ip6_null_entry; |
| 530 | } |
| 531 | |
| 532 | return rt->rt6i_nh_flags & RTNH_F_DEAD ? net->ipv6.ip6_null_entry : rt; |
| 533 | } |
| 534 | |
| 535 | #ifdef CONFIG_IPV6_ROUTER_PREF |
| 536 | struct __rt6_probe_work { |
| 537 | struct work_struct work; |
| 538 | struct in6_addr target; |
| 539 | struct net_device *dev; |
| 540 | }; |
| 541 | |
| 542 | static void rt6_probe_deferred(struct work_struct *w) |
| 543 | { |
| 544 | struct in6_addr mcaddr; |
| 545 | struct __rt6_probe_work *work = |
| 546 | container_of(w, struct __rt6_probe_work, work); |
| 547 | |
| 548 | addrconf_addr_solict_mult(&work->target, &mcaddr); |
| 549 | ndisc_send_ns(work->dev, &work->target, &mcaddr, NULL, 0); |
| 550 | dev_put(work->dev); |
| 551 | kfree(work); |
| 552 | } |
| 553 | |
| 554 | static void rt6_probe(struct rt6_info *rt) |
| 555 | { |
| 556 | struct __rt6_probe_work *work; |
| 557 | struct neighbour *neigh; |
| 558 | /* |
| 559 | * Okay, this does not seem to be appropriate |
| 560 | * for now, however, we need to check if it |
| 561 | * is really so; aka Router Reachability Probing. |
| 562 | * |
| 563 | * Router Reachability Probe MUST be rate-limited |
| 564 | * to no more than one per minute. |
| 565 | */ |
| 566 | if (!rt || !(rt->rt6i_flags & RTF_GATEWAY)) |
| 567 | return; |
| 568 | rcu_read_lock_bh(); |
| 569 | neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); |
| 570 | if (neigh) { |
| 571 | if (neigh->nud_state & NUD_VALID) |
| 572 | goto out; |
| 573 | |
| 574 | work = NULL; |
| 575 | write_lock(&neigh->lock); |
| 576 | if (!(neigh->nud_state & NUD_VALID) && |
| 577 | time_after(jiffies, |
| 578 | neigh->updated + |
| 579 | rt->rt6i_idev->cnf.rtr_probe_interval)) { |
| 580 | work = kmalloc(sizeof(*work), GFP_ATOMIC); |
| 581 | if (work) |
| 582 | __neigh_set_probe_once(neigh); |
| 583 | } |
| 584 | write_unlock(&neigh->lock); |
| 585 | } else { |
| 586 | work = kmalloc(sizeof(*work), GFP_ATOMIC); |
| 587 | } |
| 588 | |
| 589 | if (work) { |
| 590 | INIT_WORK(&work->work, rt6_probe_deferred); |
| 591 | work->target = rt->rt6i_gateway; |
| 592 | dev_hold(rt->dst.dev); |
| 593 | work->dev = rt->dst.dev; |
| 594 | schedule_work(&work->work); |
| 595 | } |
| 596 | |
| 597 | out: |
| 598 | rcu_read_unlock_bh(); |
| 599 | } |
| 600 | #else |
| 601 | static inline void rt6_probe(struct rt6_info *rt) |
| 602 | { |
| 603 | } |
| 604 | #endif |
| 605 | |
| 606 | /* |
| 607 | * Default Router Selection (RFC 2461 6.3.6) |
| 608 | */ |
| 609 | static inline int rt6_check_dev(struct rt6_info *rt, int oif) |
| 610 | { |
| 611 | struct net_device *dev = rt->dst.dev; |
| 612 | if (!oif || dev->ifindex == oif) |
| 613 | return 2; |
| 614 | if ((dev->flags & IFF_LOOPBACK) && |
| 615 | rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif) |
| 616 | return 1; |
| 617 | return 0; |
| 618 | } |
| 619 | |
| 620 | static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt) |
| 621 | { |
| 622 | struct neighbour *neigh; |
| 623 | enum rt6_nud_state ret = RT6_NUD_FAIL_HARD; |
| 624 | |
| 625 | if (rt->rt6i_flags & RTF_NONEXTHOP || |
| 626 | !(rt->rt6i_flags & RTF_GATEWAY)) |
| 627 | return RT6_NUD_SUCCEED; |
| 628 | |
| 629 | rcu_read_lock_bh(); |
| 630 | neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); |
| 631 | if (neigh) { |
| 632 | read_lock(&neigh->lock); |
| 633 | if (neigh->nud_state & NUD_VALID) |
| 634 | ret = RT6_NUD_SUCCEED; |
| 635 | #ifdef CONFIG_IPV6_ROUTER_PREF |
| 636 | else if (!(neigh->nud_state & NUD_FAILED)) |
| 637 | ret = RT6_NUD_SUCCEED; |
| 638 | else |
| 639 | ret = RT6_NUD_FAIL_PROBE; |
| 640 | #endif |
| 641 | read_unlock(&neigh->lock); |
| 642 | } else { |
| 643 | ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ? |
| 644 | RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR; |
| 645 | } |
| 646 | rcu_read_unlock_bh(); |
| 647 | |
| 648 | return ret; |
| 649 | } |
| 650 | |
| 651 | static int rt6_score_route(struct rt6_info *rt, int oif, |
| 652 | int strict) |
| 653 | { |
| 654 | int m; |
| 655 | |
| 656 | m = rt6_check_dev(rt, oif); |
| 657 | if (!m && (strict & RT6_LOOKUP_F_IFACE)) |
| 658 | return RT6_NUD_FAIL_HARD; |
| 659 | #ifdef CONFIG_IPV6_ROUTER_PREF |
| 660 | m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2; |
| 661 | #endif |
| 662 | if (strict & RT6_LOOKUP_F_REACHABLE) { |
| 663 | int n = rt6_check_neigh(rt); |
| 664 | if (n < 0) |
| 665 | return n; |
| 666 | } |
| 667 | return m; |
| 668 | } |
| 669 | |
| 670 | static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict, |
| 671 | int *mpri, struct rt6_info *match, |
| 672 | bool *do_rr) |
| 673 | { |
| 674 | int m; |
| 675 | bool match_do_rr = false; |
| 676 | struct inet6_dev *idev = rt->rt6i_idev; |
| 677 | |
| 678 | if (rt->rt6i_nh_flags & RTNH_F_DEAD) |
| 679 | goto out; |
| 680 | |
| 681 | if (idev->cnf.ignore_routes_with_linkdown && |
| 682 | rt->rt6i_nh_flags & RTNH_F_LINKDOWN && |
| 683 | !(strict & RT6_LOOKUP_F_IGNORE_LINKSTATE)) |
| 684 | goto out; |
| 685 | |
| 686 | if (rt6_check_expired(rt)) |
| 687 | goto out; |
| 688 | |
| 689 | m = rt6_score_route(rt, oif, strict); |
| 690 | if (m == RT6_NUD_FAIL_DO_RR) { |
| 691 | match_do_rr = true; |
| 692 | m = 0; /* lowest valid score */ |
| 693 | } else if (m == RT6_NUD_FAIL_HARD) { |
| 694 | goto out; |
| 695 | } |
| 696 | |
| 697 | if (strict & RT6_LOOKUP_F_REACHABLE) |
| 698 | rt6_probe(rt); |
| 699 | |
| 700 | /* note that m can be RT6_NUD_FAIL_PROBE at this point */ |
| 701 | if (m > *mpri) { |
| 702 | *do_rr = match_do_rr; |
| 703 | *mpri = m; |
| 704 | match = rt; |
| 705 | } |
| 706 | out: |
| 707 | return match; |
| 708 | } |
| 709 | |
| 710 | static struct rt6_info *find_rr_leaf(struct fib6_node *fn, |
| 711 | struct rt6_info *leaf, |
| 712 | struct rt6_info *rr_head, |
| 713 | u32 metric, int oif, int strict, |
| 714 | bool *do_rr) |
| 715 | { |
| 716 | struct rt6_info *rt, *match, *cont; |
| 717 | int mpri = -1; |
| 718 | |
| 719 | match = NULL; |
| 720 | cont = NULL; |
| 721 | for (rt = rr_head; rt; rt = rcu_dereference(rt->rt6_next)) { |
| 722 | if (rt->rt6i_metric != metric) { |
| 723 | cont = rt; |
| 724 | break; |
| 725 | } |
| 726 | |
| 727 | match = find_match(rt, oif, strict, &mpri, match, do_rr); |
| 728 | } |
| 729 | |
| 730 | for (rt = leaf; rt && rt != rr_head; |
| 731 | rt = rcu_dereference(rt->rt6_next)) { |
| 732 | if (rt->rt6i_metric != metric) { |
| 733 | cont = rt; |
| 734 | break; |
| 735 | } |
| 736 | |
| 737 | match = find_match(rt, oif, strict, &mpri, match, do_rr); |
| 738 | } |
| 739 | |
| 740 | if (match || !cont) |
| 741 | return match; |
| 742 | |
| 743 | for (rt = cont; rt; rt = rcu_dereference(rt->rt6_next)) |
| 744 | match = find_match(rt, oif, strict, &mpri, match, do_rr); |
| 745 | |
| 746 | return match; |
| 747 | } |
| 748 | |
| 749 | static struct rt6_info *rt6_select(struct net *net, struct fib6_node *fn, |
| 750 | int oif, int strict) |
| 751 | { |
| 752 | struct rt6_info *leaf = rcu_dereference(fn->leaf); |
| 753 | struct rt6_info *match, *rt0; |
| 754 | bool do_rr = false; |
| 755 | int key_plen; |
| 756 | |
| 757 | if (!leaf || leaf == net->ipv6.ip6_null_entry) |
| 758 | return net->ipv6.ip6_null_entry; |
| 759 | |
| 760 | rt0 = rcu_dereference(fn->rr_ptr); |
| 761 | if (!rt0) |
| 762 | rt0 = leaf; |
| 763 | |
| 764 | /* Double check to make sure fn is not an intermediate node |
| 765 | * and fn->leaf does not points to its child's leaf |
| 766 | * (This might happen if all routes under fn are deleted from |
| 767 | * the tree and fib6_repair_tree() is called on the node.) |
| 768 | */ |
| 769 | key_plen = rt0->rt6i_dst.plen; |
| 770 | #ifdef CONFIG_IPV6_SUBTREES |
| 771 | if (rt0->rt6i_src.plen) |
| 772 | key_plen = rt0->rt6i_src.plen; |
| 773 | #endif |
| 774 | if (fn->fn_bit != key_plen) |
| 775 | return net->ipv6.ip6_null_entry; |
| 776 | |
| 777 | match = find_rr_leaf(fn, leaf, rt0, rt0->rt6i_metric, oif, strict, |
| 778 | &do_rr); |
| 779 | |
| 780 | if (do_rr) { |
| 781 | struct rt6_info *next = rcu_dereference(rt0->rt6_next); |
| 782 | |
| 783 | /* no entries matched; do round-robin */ |
| 784 | if (!next || next->rt6i_metric != rt0->rt6i_metric) |
| 785 | next = leaf; |
| 786 | |
| 787 | if (next != rt0) { |
| 788 | spin_lock_bh(&leaf->rt6i_table->tb6_lock); |
| 789 | /* make sure next is not being deleted from the tree */ |
| 790 | if (next->rt6i_node) |
| 791 | rcu_assign_pointer(fn->rr_ptr, next); |
| 792 | spin_unlock_bh(&leaf->rt6i_table->tb6_lock); |
| 793 | } |
| 794 | } |
| 795 | |
| 796 | return match ? match : net->ipv6.ip6_null_entry; |
| 797 | } |
| 798 | |
| 799 | static bool rt6_is_gw_or_nonexthop(const struct rt6_info *rt) |
| 800 | { |
| 801 | return (rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY)); |
| 802 | } |
| 803 | |
| 804 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 805 | int rt6_route_rcv(struct net_device *dev, u8 *opt, int len, |
| 806 | const struct in6_addr *gwaddr) |
| 807 | { |
| 808 | struct net *net = dev_net(dev); |
| 809 | struct route_info *rinfo = (struct route_info *) opt; |
| 810 | struct in6_addr prefix_buf, *prefix; |
| 811 | unsigned int pref; |
| 812 | unsigned long lifetime; |
| 813 | struct rt6_info *rt; |
| 814 | |
| 815 | if (len < sizeof(struct route_info)) { |
| 816 | return -EINVAL; |
| 817 | } |
| 818 | |
| 819 | /* Sanity check for prefix_len and length */ |
| 820 | if (rinfo->length > 3) { |
| 821 | return -EINVAL; |
| 822 | } else if (rinfo->prefix_len > 128) { |
| 823 | return -EINVAL; |
| 824 | } else if (rinfo->prefix_len > 64) { |
| 825 | if (rinfo->length < 2) { |
| 826 | return -EINVAL; |
| 827 | } |
| 828 | } else if (rinfo->prefix_len > 0) { |
| 829 | if (rinfo->length < 1) { |
| 830 | return -EINVAL; |
| 831 | } |
| 832 | } |
| 833 | |
| 834 | pref = rinfo->route_pref; |
| 835 | if (pref == ICMPV6_ROUTER_PREF_INVALID) |
| 836 | return -EINVAL; |
| 837 | |
| 838 | lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ); |
| 839 | |
| 840 | if (rinfo->length == 3) |
| 841 | prefix = (struct in6_addr *)rinfo->prefix; |
| 842 | else { |
| 843 | /* this function is safe */ |
| 844 | ipv6_addr_prefix(&prefix_buf, |
| 845 | (struct in6_addr *)rinfo->prefix, |
| 846 | rinfo->prefix_len); |
| 847 | prefix = &prefix_buf; |
| 848 | } |
| 849 | |
| 850 | if (rinfo->prefix_len == 0) |
| 851 | rt = rt6_get_dflt_router(gwaddr, dev); |
| 852 | else |
| 853 | rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, |
| 854 | gwaddr, dev); |
| 855 | |
| 856 | if (rt && !lifetime) { |
| 857 | ip6_del_rt(rt); |
| 858 | rt = NULL; |
| 859 | } |
| 860 | |
| 861 | if (!rt && lifetime) |
| 862 | rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, |
| 863 | dev, pref); |
| 864 | else if (rt) |
| 865 | rt->rt6i_flags = RTF_ROUTEINFO | |
| 866 | (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); |
| 867 | |
| 868 | if (rt) { |
| 869 | if (!addrconf_finite_timeout(lifetime)) |
| 870 | rt6_clean_expires(rt); |
| 871 | else |
| 872 | rt6_set_expires(rt, jiffies + HZ * lifetime); |
| 873 | |
| 874 | ip6_rt_put(rt); |
| 875 | } |
| 876 | return 0; |
| 877 | } |
| 878 | #endif |
| 879 | |
| 880 | static struct fib6_node* fib6_backtrack(struct fib6_node *fn, |
| 881 | struct in6_addr *saddr) |
| 882 | { |
| 883 | struct fib6_node *pn, *sn; |
| 884 | while (1) { |
| 885 | if (fn->fn_flags & RTN_TL_ROOT) |
| 886 | return NULL; |
| 887 | pn = rcu_dereference(fn->parent); |
| 888 | sn = FIB6_SUBTREE(pn); |
| 889 | if (sn && sn != fn) |
| 890 | fn = fib6_lookup(sn, NULL, saddr); |
| 891 | else |
| 892 | fn = pn; |
| 893 | if (fn->fn_flags & RTN_RTINFO) |
| 894 | return fn; |
| 895 | } |
| 896 | } |
| 897 | |
| 898 | static bool ip6_hold_safe(struct net *net, struct rt6_info **prt, |
| 899 | bool null_fallback) |
| 900 | { |
| 901 | struct rt6_info *rt = *prt; |
| 902 | |
| 903 | if (dst_hold_safe(&rt->dst)) |
| 904 | return true; |
| 905 | if (null_fallback) { |
| 906 | rt = net->ipv6.ip6_null_entry; |
| 907 | dst_hold(&rt->dst); |
| 908 | } else { |
| 909 | rt = NULL; |
| 910 | } |
| 911 | *prt = rt; |
| 912 | return false; |
| 913 | } |
| 914 | |
| 915 | static struct rt6_info *ip6_pol_route_lookup(struct net *net, |
| 916 | struct fib6_table *table, |
| 917 | struct flowi6 *fl6, int flags) |
| 918 | { |
| 919 | struct rt6_info *rt, *rt_cache; |
| 920 | struct fib6_node *fn; |
| 921 | |
| 922 | rcu_read_lock(); |
| 923 | fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); |
| 924 | restart: |
| 925 | rt = rcu_dereference(fn->leaf); |
| 926 | if (!rt) { |
| 927 | rt = net->ipv6.ip6_null_entry; |
| 928 | } else { |
| 929 | rt = rt6_device_match(net, rt, &fl6->saddr, |
| 930 | fl6->flowi6_oif, flags); |
| 931 | if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0) |
| 932 | rt = rt6_multipath_select(rt, fl6, |
| 933 | fl6->flowi6_oif, flags); |
| 934 | } |
| 935 | if (rt == net->ipv6.ip6_null_entry) { |
| 936 | fn = fib6_backtrack(fn, &fl6->saddr); |
| 937 | if (fn) |
| 938 | goto restart; |
| 939 | } |
| 940 | /* Search through exception table */ |
| 941 | rt_cache = rt6_find_cached_rt(rt, &fl6->daddr, &fl6->saddr); |
| 942 | if (rt_cache) |
| 943 | rt = rt_cache; |
| 944 | |
| 945 | if (ip6_hold_safe(net, &rt, true)) |
| 946 | dst_use_noref(&rt->dst, jiffies); |
| 947 | |
| 948 | rcu_read_unlock(); |
| 949 | |
| 950 | trace_fib6_table_lookup(net, rt, table, fl6); |
| 951 | |
| 952 | return rt; |
| 953 | |
| 954 | } |
| 955 | |
| 956 | struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6, |
| 957 | int flags) |
| 958 | { |
| 959 | return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup); |
| 960 | } |
| 961 | EXPORT_SYMBOL_GPL(ip6_route_lookup); |
| 962 | |
| 963 | struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr, |
| 964 | const struct in6_addr *saddr, int oif, int strict) |
| 965 | { |
| 966 | struct flowi6 fl6 = { |
| 967 | .flowi6_oif = oif, |
| 968 | .daddr = *daddr, |
| 969 | }; |
| 970 | struct dst_entry *dst; |
| 971 | int flags = strict ? RT6_LOOKUP_F_IFACE : 0; |
| 972 | |
| 973 | if (saddr) { |
| 974 | memcpy(&fl6.saddr, saddr, sizeof(*saddr)); |
| 975 | flags |= RT6_LOOKUP_F_HAS_SADDR; |
| 976 | } |
| 977 | |
| 978 | dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup); |
| 979 | if (dst->error == 0) |
| 980 | return (struct rt6_info *) dst; |
| 981 | |
| 982 | dst_release(dst); |
| 983 | |
| 984 | return NULL; |
| 985 | } |
| 986 | EXPORT_SYMBOL(rt6_lookup); |
| 987 | |
| 988 | /* ip6_ins_rt is called with FREE table->tb6_lock. |
| 989 | * It takes new route entry, the addition fails by any reason the |
| 990 | * route is released. |
| 991 | * Caller must hold dst before calling it. |
| 992 | */ |
| 993 | |
| 994 | static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info, |
| 995 | struct mx6_config *mxc, |
| 996 | struct netlink_ext_ack *extack) |
| 997 | { |
| 998 | int err; |
| 999 | struct fib6_table *table; |
| 1000 | |
| 1001 | table = rt->rt6i_table; |
| 1002 | spin_lock_bh(&table->tb6_lock); |
| 1003 | err = fib6_add(&table->tb6_root, rt, info, mxc, extack); |
| 1004 | spin_unlock_bh(&table->tb6_lock); |
| 1005 | |
| 1006 | return err; |
| 1007 | } |
| 1008 | |
| 1009 | int ip6_ins_rt(struct rt6_info *rt) |
| 1010 | { |
| 1011 | struct nl_info info = { .nl_net = dev_net(rt->dst.dev), }; |
| 1012 | struct mx6_config mxc = { .mx = NULL, }; |
| 1013 | |
| 1014 | /* Hold dst to account for the reference from the fib6 tree */ |
| 1015 | dst_hold(&rt->dst); |
| 1016 | return __ip6_ins_rt(rt, &info, &mxc, NULL); |
| 1017 | } |
| 1018 | |
| 1019 | /* called with rcu_lock held */ |
| 1020 | static struct net_device *ip6_rt_get_dev_rcu(struct rt6_info *rt) |
| 1021 | { |
| 1022 | struct net_device *dev = rt->dst.dev; |
| 1023 | |
| 1024 | if (rt->rt6i_flags & (RTF_LOCAL | RTF_ANYCAST)) { |
| 1025 | /* for copies of local routes, dst->dev needs to be the |
| 1026 | * device if it is a master device, the master device if |
| 1027 | * device is enslaved, and the loopback as the default |
| 1028 | */ |
| 1029 | if (netif_is_l3_slave(dev) && |
| 1030 | !rt6_need_strict(&rt->rt6i_dst.addr)) |
| 1031 | dev = l3mdev_master_dev_rcu(dev); |
| 1032 | else if (!netif_is_l3_master(dev)) |
| 1033 | dev = dev_net(dev)->loopback_dev; |
| 1034 | /* last case is netif_is_l3_master(dev) is true in which |
| 1035 | * case we want dev returned to be dev |
| 1036 | */ |
| 1037 | } |
| 1038 | |
| 1039 | return dev; |
| 1040 | } |
| 1041 | |
| 1042 | static struct rt6_info *ip6_rt_cache_alloc(struct rt6_info *ort, |
| 1043 | const struct in6_addr *daddr, |
| 1044 | const struct in6_addr *saddr) |
| 1045 | { |
| 1046 | struct net_device *dev; |
| 1047 | struct rt6_info *rt; |
| 1048 | |
| 1049 | /* |
| 1050 | * Clone the route. |
| 1051 | */ |
| 1052 | |
| 1053 | if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU)) |
| 1054 | ort = ort->from; |
| 1055 | |
| 1056 | rcu_read_lock(); |
| 1057 | dev = ip6_rt_get_dev_rcu(ort); |
| 1058 | rt = __ip6_dst_alloc(dev_net(dev), dev, 0); |
| 1059 | rcu_read_unlock(); |
| 1060 | if (!rt) |
| 1061 | return NULL; |
| 1062 | |
| 1063 | ip6_rt_copy_init(rt, ort); |
| 1064 | rt->rt6i_flags |= RTF_CACHE; |
| 1065 | rt->rt6i_metric = 0; |
| 1066 | rt->dst.flags |= DST_HOST; |
| 1067 | rt->rt6i_dst.addr = *daddr; |
| 1068 | rt->rt6i_dst.plen = 128; |
| 1069 | |
| 1070 | if (!rt6_is_gw_or_nonexthop(ort)) { |
| 1071 | if (ort->rt6i_dst.plen != 128 && |
| 1072 | ipv6_addr_equal(&ort->rt6i_dst.addr, daddr)) |
| 1073 | rt->rt6i_flags |= RTF_ANYCAST; |
| 1074 | #ifdef CONFIG_IPV6_SUBTREES |
| 1075 | if (rt->rt6i_src.plen && saddr) { |
| 1076 | rt->rt6i_src.addr = *saddr; |
| 1077 | rt->rt6i_src.plen = 128; |
| 1078 | } |
| 1079 | #endif |
| 1080 | } |
| 1081 | |
| 1082 | return rt; |
| 1083 | } |
| 1084 | |
| 1085 | static struct rt6_info *ip6_rt_pcpu_alloc(struct rt6_info *rt) |
| 1086 | { |
| 1087 | struct net_device *dev; |
| 1088 | struct rt6_info *pcpu_rt; |
| 1089 | |
| 1090 | rcu_read_lock(); |
| 1091 | dev = ip6_rt_get_dev_rcu(rt); |
| 1092 | pcpu_rt = __ip6_dst_alloc(dev_net(dev), dev, rt->dst.flags); |
| 1093 | rcu_read_unlock(); |
| 1094 | if (!pcpu_rt) |
| 1095 | return NULL; |
| 1096 | ip6_rt_copy_init(pcpu_rt, rt); |
| 1097 | pcpu_rt->rt6i_protocol = rt->rt6i_protocol; |
| 1098 | pcpu_rt->rt6i_flags |= RTF_PCPU; |
| 1099 | return pcpu_rt; |
| 1100 | } |
| 1101 | |
| 1102 | /* It should be called with rcu_read_lock() acquired */ |
| 1103 | static struct rt6_info *rt6_get_pcpu_route(struct rt6_info *rt) |
| 1104 | { |
| 1105 | struct rt6_info *pcpu_rt, **p; |
| 1106 | |
| 1107 | p = this_cpu_ptr(rt->rt6i_pcpu); |
| 1108 | pcpu_rt = *p; |
| 1109 | |
| 1110 | if (pcpu_rt && ip6_hold_safe(NULL, &pcpu_rt, false)) |
| 1111 | rt6_dst_from_metrics_check(pcpu_rt); |
| 1112 | |
| 1113 | return pcpu_rt; |
| 1114 | } |
| 1115 | |
| 1116 | static struct rt6_info *rt6_make_pcpu_route(struct rt6_info *rt) |
| 1117 | { |
| 1118 | struct rt6_info *pcpu_rt, *prev, **p; |
| 1119 | |
| 1120 | pcpu_rt = ip6_rt_pcpu_alloc(rt); |
| 1121 | if (!pcpu_rt) { |
| 1122 | struct net *net = dev_net(rt->dst.dev); |
| 1123 | |
| 1124 | dst_hold(&net->ipv6.ip6_null_entry->dst); |
| 1125 | return net->ipv6.ip6_null_entry; |
| 1126 | } |
| 1127 | |
| 1128 | dst_hold(&pcpu_rt->dst); |
| 1129 | p = this_cpu_ptr(rt->rt6i_pcpu); |
| 1130 | prev = cmpxchg(p, NULL, pcpu_rt); |
| 1131 | BUG_ON(prev); |
| 1132 | |
| 1133 | rt6_dst_from_metrics_check(pcpu_rt); |
| 1134 | return pcpu_rt; |
| 1135 | } |
| 1136 | |
| 1137 | /* exception hash table implementation |
| 1138 | */ |
| 1139 | static DEFINE_SPINLOCK(rt6_exception_lock); |
| 1140 | |
| 1141 | /* Remove rt6_ex from hash table and free the memory |
| 1142 | * Caller must hold rt6_exception_lock |
| 1143 | */ |
| 1144 | static void rt6_remove_exception(struct rt6_exception_bucket *bucket, |
| 1145 | struct rt6_exception *rt6_ex) |
| 1146 | { |
| 1147 | struct net *net; |
| 1148 | |
| 1149 | if (!bucket || !rt6_ex) |
| 1150 | return; |
| 1151 | |
| 1152 | net = dev_net(rt6_ex->rt6i->dst.dev); |
| 1153 | rt6_ex->rt6i->rt6i_node = NULL; |
| 1154 | hlist_del_rcu(&rt6_ex->hlist); |
| 1155 | rt6_release(rt6_ex->rt6i); |
| 1156 | kfree_rcu(rt6_ex, rcu); |
| 1157 | WARN_ON_ONCE(!bucket->depth); |
| 1158 | bucket->depth--; |
| 1159 | net->ipv6.rt6_stats->fib_rt_cache--; |
| 1160 | } |
| 1161 | |
| 1162 | /* Remove oldest rt6_ex in bucket and free the memory |
| 1163 | * Caller must hold rt6_exception_lock |
| 1164 | */ |
| 1165 | static void rt6_exception_remove_oldest(struct rt6_exception_bucket *bucket) |
| 1166 | { |
| 1167 | struct rt6_exception *rt6_ex, *oldest = NULL; |
| 1168 | |
| 1169 | if (!bucket) |
| 1170 | return; |
| 1171 | |
| 1172 | hlist_for_each_entry(rt6_ex, &bucket->chain, hlist) { |
| 1173 | if (!oldest || time_before(rt6_ex->stamp, oldest->stamp)) |
| 1174 | oldest = rt6_ex; |
| 1175 | } |
| 1176 | rt6_remove_exception(bucket, oldest); |
| 1177 | } |
| 1178 | |
| 1179 | static u32 rt6_exception_hash(const struct in6_addr *dst, |
| 1180 | const struct in6_addr *src) |
| 1181 | { |
| 1182 | static u32 seed __read_mostly; |
| 1183 | u32 val; |
| 1184 | |
| 1185 | net_get_random_once(&seed, sizeof(seed)); |
| 1186 | val = jhash(dst, sizeof(*dst), seed); |
| 1187 | |
| 1188 | #ifdef CONFIG_IPV6_SUBTREES |
| 1189 | if (src) |
| 1190 | val = jhash(src, sizeof(*src), val); |
| 1191 | #endif |
| 1192 | return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); |
| 1193 | } |
| 1194 | |
| 1195 | /* Helper function to find the cached rt in the hash table |
| 1196 | * and update bucket pointer to point to the bucket for this |
| 1197 | * (daddr, saddr) pair |
| 1198 | * Caller must hold rt6_exception_lock |
| 1199 | */ |
| 1200 | static struct rt6_exception * |
| 1201 | __rt6_find_exception_spinlock(struct rt6_exception_bucket **bucket, |
| 1202 | const struct in6_addr *daddr, |
| 1203 | const struct in6_addr *saddr) |
| 1204 | { |
| 1205 | struct rt6_exception *rt6_ex; |
| 1206 | u32 hval; |
| 1207 | |
| 1208 | if (!(*bucket) || !daddr) |
| 1209 | return NULL; |
| 1210 | |
| 1211 | hval = rt6_exception_hash(daddr, saddr); |
| 1212 | *bucket += hval; |
| 1213 | |
| 1214 | hlist_for_each_entry(rt6_ex, &(*bucket)->chain, hlist) { |
| 1215 | struct rt6_info *rt6 = rt6_ex->rt6i; |
| 1216 | bool matched = ipv6_addr_equal(daddr, &rt6->rt6i_dst.addr); |
| 1217 | |
| 1218 | #ifdef CONFIG_IPV6_SUBTREES |
| 1219 | if (matched && saddr) |
| 1220 | matched = ipv6_addr_equal(saddr, &rt6->rt6i_src.addr); |
| 1221 | #endif |
| 1222 | if (matched) |
| 1223 | return rt6_ex; |
| 1224 | } |
| 1225 | return NULL; |
| 1226 | } |
| 1227 | |
| 1228 | /* Helper function to find the cached rt in the hash table |
| 1229 | * and update bucket pointer to point to the bucket for this |
| 1230 | * (daddr, saddr) pair |
| 1231 | * Caller must hold rcu_read_lock() |
| 1232 | */ |
| 1233 | static struct rt6_exception * |
| 1234 | __rt6_find_exception_rcu(struct rt6_exception_bucket **bucket, |
| 1235 | const struct in6_addr *daddr, |
| 1236 | const struct in6_addr *saddr) |
| 1237 | { |
| 1238 | struct rt6_exception *rt6_ex; |
| 1239 | u32 hval; |
| 1240 | |
| 1241 | WARN_ON_ONCE(!rcu_read_lock_held()); |
| 1242 | |
| 1243 | if (!(*bucket) || !daddr) |
| 1244 | return NULL; |
| 1245 | |
| 1246 | hval = rt6_exception_hash(daddr, saddr); |
| 1247 | *bucket += hval; |
| 1248 | |
| 1249 | hlist_for_each_entry_rcu(rt6_ex, &(*bucket)->chain, hlist) { |
| 1250 | struct rt6_info *rt6 = rt6_ex->rt6i; |
| 1251 | bool matched = ipv6_addr_equal(daddr, &rt6->rt6i_dst.addr); |
| 1252 | |
| 1253 | #ifdef CONFIG_IPV6_SUBTREES |
| 1254 | if (matched && saddr) |
| 1255 | matched = ipv6_addr_equal(saddr, &rt6->rt6i_src.addr); |
| 1256 | #endif |
| 1257 | if (matched) |
| 1258 | return rt6_ex; |
| 1259 | } |
| 1260 | return NULL; |
| 1261 | } |
| 1262 | |
| 1263 | static int rt6_insert_exception(struct rt6_info *nrt, |
| 1264 | struct rt6_info *ort) |
| 1265 | { |
| 1266 | struct net *net = dev_net(ort->dst.dev); |
| 1267 | struct rt6_exception_bucket *bucket; |
| 1268 | struct in6_addr *src_key = NULL; |
| 1269 | struct rt6_exception *rt6_ex; |
| 1270 | int err = 0; |
| 1271 | |
| 1272 | /* ort can't be a cache or pcpu route */ |
| 1273 | if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU)) |
| 1274 | ort = ort->from; |
| 1275 | WARN_ON_ONCE(ort->rt6i_flags & (RTF_CACHE | RTF_PCPU)); |
| 1276 | |
| 1277 | spin_lock_bh(&rt6_exception_lock); |
| 1278 | |
| 1279 | if (ort->exception_bucket_flushed) { |
| 1280 | err = -EINVAL; |
| 1281 | goto out; |
| 1282 | } |
| 1283 | |
| 1284 | bucket = rcu_dereference_protected(ort->rt6i_exception_bucket, |
| 1285 | lockdep_is_held(&rt6_exception_lock)); |
| 1286 | if (!bucket) { |
| 1287 | bucket = kcalloc(FIB6_EXCEPTION_BUCKET_SIZE, sizeof(*bucket), |
| 1288 | GFP_ATOMIC); |
| 1289 | if (!bucket) { |
| 1290 | err = -ENOMEM; |
| 1291 | goto out; |
| 1292 | } |
| 1293 | rcu_assign_pointer(ort->rt6i_exception_bucket, bucket); |
| 1294 | } |
| 1295 | |
| 1296 | #ifdef CONFIG_IPV6_SUBTREES |
| 1297 | /* rt6i_src.plen != 0 indicates ort is in subtree |
| 1298 | * and exception table is indexed by a hash of |
| 1299 | * both rt6i_dst and rt6i_src. |
| 1300 | * Otherwise, the exception table is indexed by |
| 1301 | * a hash of only rt6i_dst. |
| 1302 | */ |
| 1303 | if (ort->rt6i_src.plen) |
| 1304 | src_key = &nrt->rt6i_src.addr; |
| 1305 | #endif |
| 1306 | |
| 1307 | /* Update rt6i_prefsrc as it could be changed |
| 1308 | * in rt6_remove_prefsrc() |
| 1309 | */ |
| 1310 | nrt->rt6i_prefsrc = ort->rt6i_prefsrc; |
| 1311 | /* rt6_mtu_change() might lower mtu on ort. |
| 1312 | * Only insert this exception route if its mtu |
| 1313 | * is less than ort's mtu value. |
| 1314 | */ |
| 1315 | if (nrt->rt6i_pmtu >= dst_mtu(&ort->dst)) { |
| 1316 | err = -EINVAL; |
| 1317 | goto out; |
| 1318 | } |
| 1319 | |
| 1320 | rt6_ex = __rt6_find_exception_spinlock(&bucket, &nrt->rt6i_dst.addr, |
| 1321 | src_key); |
| 1322 | if (rt6_ex) |
| 1323 | rt6_remove_exception(bucket, rt6_ex); |
| 1324 | |
| 1325 | rt6_ex = kzalloc(sizeof(*rt6_ex), GFP_ATOMIC); |
| 1326 | if (!rt6_ex) { |
| 1327 | err = -ENOMEM; |
| 1328 | goto out; |
| 1329 | } |
| 1330 | rt6_ex->rt6i = nrt; |
| 1331 | rt6_ex->stamp = jiffies; |
| 1332 | atomic_inc(&nrt->rt6i_ref); |
| 1333 | nrt->rt6i_node = ort->rt6i_node; |
| 1334 | hlist_add_head_rcu(&rt6_ex->hlist, &bucket->chain); |
| 1335 | bucket->depth++; |
| 1336 | net->ipv6.rt6_stats->fib_rt_cache++; |
| 1337 | |
| 1338 | if (bucket->depth > FIB6_MAX_DEPTH) |
| 1339 | rt6_exception_remove_oldest(bucket); |
| 1340 | |
| 1341 | out: |
| 1342 | spin_unlock_bh(&rt6_exception_lock); |
| 1343 | |
| 1344 | /* Update fn->fn_sernum to invalidate all cached dst */ |
| 1345 | if (!err) { |
| 1346 | spin_lock_bh(&ort->rt6i_table->tb6_lock); |
| 1347 | fib6_update_sernum(ort); |
| 1348 | spin_unlock_bh(&ort->rt6i_table->tb6_lock); |
| 1349 | fib6_force_start_gc(net); |
| 1350 | } |
| 1351 | |
| 1352 | return err; |
| 1353 | } |
| 1354 | |
| 1355 | void rt6_flush_exceptions(struct rt6_info *rt) |
| 1356 | { |
| 1357 | struct rt6_exception_bucket *bucket; |
| 1358 | struct rt6_exception *rt6_ex; |
| 1359 | struct hlist_node *tmp; |
| 1360 | int i; |
| 1361 | |
| 1362 | spin_lock_bh(&rt6_exception_lock); |
| 1363 | /* Prevent rt6_insert_exception() to recreate the bucket list */ |
| 1364 | rt->exception_bucket_flushed = 1; |
| 1365 | |
| 1366 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, |
| 1367 | lockdep_is_held(&rt6_exception_lock)); |
| 1368 | if (!bucket) |
| 1369 | goto out; |
| 1370 | |
| 1371 | for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) { |
| 1372 | hlist_for_each_entry_safe(rt6_ex, tmp, &bucket->chain, hlist) |
| 1373 | rt6_remove_exception(bucket, rt6_ex); |
| 1374 | WARN_ON_ONCE(bucket->depth); |
| 1375 | bucket++; |
| 1376 | } |
| 1377 | |
| 1378 | out: |
| 1379 | spin_unlock_bh(&rt6_exception_lock); |
| 1380 | } |
| 1381 | |
| 1382 | /* Find cached rt in the hash table inside passed in rt |
| 1383 | * Caller has to hold rcu_read_lock() |
| 1384 | */ |
| 1385 | static struct rt6_info *rt6_find_cached_rt(struct rt6_info *rt, |
| 1386 | struct in6_addr *daddr, |
| 1387 | struct in6_addr *saddr) |
| 1388 | { |
| 1389 | struct rt6_exception_bucket *bucket; |
| 1390 | struct in6_addr *src_key = NULL; |
| 1391 | struct rt6_exception *rt6_ex; |
| 1392 | struct rt6_info *res = NULL; |
| 1393 | |
| 1394 | bucket = rcu_dereference(rt->rt6i_exception_bucket); |
| 1395 | |
| 1396 | #ifdef CONFIG_IPV6_SUBTREES |
| 1397 | /* rt6i_src.plen != 0 indicates rt is in subtree |
| 1398 | * and exception table is indexed by a hash of |
| 1399 | * both rt6i_dst and rt6i_src. |
| 1400 | * Otherwise, the exception table is indexed by |
| 1401 | * a hash of only rt6i_dst. |
| 1402 | */ |
| 1403 | if (rt->rt6i_src.plen) |
| 1404 | src_key = saddr; |
| 1405 | #endif |
| 1406 | rt6_ex = __rt6_find_exception_rcu(&bucket, daddr, src_key); |
| 1407 | |
| 1408 | if (rt6_ex && !rt6_check_expired(rt6_ex->rt6i)) |
| 1409 | res = rt6_ex->rt6i; |
| 1410 | |
| 1411 | return res; |
| 1412 | } |
| 1413 | |
| 1414 | /* Remove the passed in cached rt from the hash table that contains it */ |
| 1415 | int rt6_remove_exception_rt(struct rt6_info *rt) |
| 1416 | { |
| 1417 | struct rt6_exception_bucket *bucket; |
| 1418 | struct rt6_info *from = rt->from; |
| 1419 | struct in6_addr *src_key = NULL; |
| 1420 | struct rt6_exception *rt6_ex; |
| 1421 | int err; |
| 1422 | |
| 1423 | if (!from || |
| 1424 | !(rt->rt6i_flags & RTF_CACHE)) |
| 1425 | return -EINVAL; |
| 1426 | |
| 1427 | if (!rcu_access_pointer(from->rt6i_exception_bucket)) |
| 1428 | return -ENOENT; |
| 1429 | |
| 1430 | spin_lock_bh(&rt6_exception_lock); |
| 1431 | bucket = rcu_dereference_protected(from->rt6i_exception_bucket, |
| 1432 | lockdep_is_held(&rt6_exception_lock)); |
| 1433 | #ifdef CONFIG_IPV6_SUBTREES |
| 1434 | /* rt6i_src.plen != 0 indicates 'from' is in subtree |
| 1435 | * and exception table is indexed by a hash of |
| 1436 | * both rt6i_dst and rt6i_src. |
| 1437 | * Otherwise, the exception table is indexed by |
| 1438 | * a hash of only rt6i_dst. |
| 1439 | */ |
| 1440 | if (from->rt6i_src.plen) |
| 1441 | src_key = &rt->rt6i_src.addr; |
| 1442 | #endif |
| 1443 | rt6_ex = __rt6_find_exception_spinlock(&bucket, |
| 1444 | &rt->rt6i_dst.addr, |
| 1445 | src_key); |
| 1446 | if (rt6_ex) { |
| 1447 | rt6_remove_exception(bucket, rt6_ex); |
| 1448 | err = 0; |
| 1449 | } else { |
| 1450 | err = -ENOENT; |
| 1451 | } |
| 1452 | |
| 1453 | spin_unlock_bh(&rt6_exception_lock); |
| 1454 | return err; |
| 1455 | } |
| 1456 | |
| 1457 | /* Find rt6_ex which contains the passed in rt cache and |
| 1458 | * refresh its stamp |
| 1459 | */ |
| 1460 | static void rt6_update_exception_stamp_rt(struct rt6_info *rt) |
| 1461 | { |
| 1462 | struct rt6_exception_bucket *bucket; |
| 1463 | struct rt6_info *from = rt->from; |
| 1464 | struct in6_addr *src_key = NULL; |
| 1465 | struct rt6_exception *rt6_ex; |
| 1466 | |
| 1467 | if (!from || |
| 1468 | !(rt->rt6i_flags & RTF_CACHE)) |
| 1469 | return; |
| 1470 | |
| 1471 | rcu_read_lock(); |
| 1472 | bucket = rcu_dereference(from->rt6i_exception_bucket); |
| 1473 | |
| 1474 | #ifdef CONFIG_IPV6_SUBTREES |
| 1475 | /* rt6i_src.plen != 0 indicates 'from' is in subtree |
| 1476 | * and exception table is indexed by a hash of |
| 1477 | * both rt6i_dst and rt6i_src. |
| 1478 | * Otherwise, the exception table is indexed by |
| 1479 | * a hash of only rt6i_dst. |
| 1480 | */ |
| 1481 | if (from->rt6i_src.plen) |
| 1482 | src_key = &rt->rt6i_src.addr; |
| 1483 | #endif |
| 1484 | rt6_ex = __rt6_find_exception_rcu(&bucket, |
| 1485 | &rt->rt6i_dst.addr, |
| 1486 | src_key); |
| 1487 | if (rt6_ex) |
| 1488 | rt6_ex->stamp = jiffies; |
| 1489 | |
| 1490 | rcu_read_unlock(); |
| 1491 | } |
| 1492 | |
| 1493 | static void rt6_exceptions_remove_prefsrc(struct rt6_info *rt) |
| 1494 | { |
| 1495 | struct rt6_exception_bucket *bucket; |
| 1496 | struct rt6_exception *rt6_ex; |
| 1497 | int i; |
| 1498 | |
| 1499 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, |
| 1500 | lockdep_is_held(&rt6_exception_lock)); |
| 1501 | |
| 1502 | if (bucket) { |
| 1503 | for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) { |
| 1504 | hlist_for_each_entry(rt6_ex, &bucket->chain, hlist) { |
| 1505 | rt6_ex->rt6i->rt6i_prefsrc.plen = 0; |
| 1506 | } |
| 1507 | bucket++; |
| 1508 | } |
| 1509 | } |
| 1510 | } |
| 1511 | |
| 1512 | static bool rt6_mtu_change_route_allowed(struct inet6_dev *idev, |
| 1513 | struct rt6_info *rt, int mtu) |
| 1514 | { |
| 1515 | /* If the new MTU is lower than the route PMTU, this new MTU will be the |
| 1516 | * lowest MTU in the path: always allow updating the route PMTU to |
| 1517 | * reflect PMTU decreases. |
| 1518 | * |
| 1519 | * If the new MTU is higher, and the route PMTU is equal to the local |
| 1520 | * MTU, this means the old MTU is the lowest in the path, so allow |
| 1521 | * updating it: if other nodes now have lower MTUs, PMTU discovery will |
| 1522 | * handle this. |
| 1523 | */ |
| 1524 | |
| 1525 | if (dst_mtu(&rt->dst) >= mtu) |
| 1526 | return true; |
| 1527 | |
| 1528 | if (dst_mtu(&rt->dst) == idev->cnf.mtu6) |
| 1529 | return true; |
| 1530 | |
| 1531 | return false; |
| 1532 | } |
| 1533 | |
| 1534 | static void rt6_exceptions_update_pmtu(struct inet6_dev *idev, |
| 1535 | struct rt6_info *rt, int mtu) |
| 1536 | { |
| 1537 | struct rt6_exception_bucket *bucket; |
| 1538 | struct rt6_exception *rt6_ex; |
| 1539 | int i; |
| 1540 | |
| 1541 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, |
| 1542 | lockdep_is_held(&rt6_exception_lock)); |
| 1543 | |
| 1544 | if (!bucket) |
| 1545 | return; |
| 1546 | |
| 1547 | for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) { |
| 1548 | hlist_for_each_entry(rt6_ex, &bucket->chain, hlist) { |
| 1549 | struct rt6_info *entry = rt6_ex->rt6i; |
| 1550 | |
| 1551 | /* For RTF_CACHE with rt6i_pmtu == 0 (i.e. a redirected |
| 1552 | * route), the metrics of its rt->dst.from have already |
| 1553 | * been updated. |
| 1554 | */ |
| 1555 | if (entry->rt6i_pmtu && |
| 1556 | rt6_mtu_change_route_allowed(idev, entry, mtu)) |
| 1557 | entry->rt6i_pmtu = mtu; |
| 1558 | } |
| 1559 | bucket++; |
| 1560 | } |
| 1561 | } |
| 1562 | |
| 1563 | #define RTF_CACHE_GATEWAY (RTF_GATEWAY | RTF_CACHE) |
| 1564 | |
| 1565 | static void rt6_exceptions_clean_tohost(struct rt6_info *rt, |
| 1566 | struct in6_addr *gateway) |
| 1567 | { |
| 1568 | struct rt6_exception_bucket *bucket; |
| 1569 | struct rt6_exception *rt6_ex; |
| 1570 | struct hlist_node *tmp; |
| 1571 | int i; |
| 1572 | |
| 1573 | if (!rcu_access_pointer(rt->rt6i_exception_bucket)) |
| 1574 | return; |
| 1575 | |
| 1576 | spin_lock_bh(&rt6_exception_lock); |
| 1577 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, |
| 1578 | lockdep_is_held(&rt6_exception_lock)); |
| 1579 | |
| 1580 | if (bucket) { |
| 1581 | for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) { |
| 1582 | hlist_for_each_entry_safe(rt6_ex, tmp, |
| 1583 | &bucket->chain, hlist) { |
| 1584 | struct rt6_info *entry = rt6_ex->rt6i; |
| 1585 | |
| 1586 | if ((entry->rt6i_flags & RTF_CACHE_GATEWAY) == |
| 1587 | RTF_CACHE_GATEWAY && |
| 1588 | ipv6_addr_equal(gateway, |
| 1589 | &entry->rt6i_gateway)) { |
| 1590 | rt6_remove_exception(bucket, rt6_ex); |
| 1591 | } |
| 1592 | } |
| 1593 | bucket++; |
| 1594 | } |
| 1595 | } |
| 1596 | |
| 1597 | spin_unlock_bh(&rt6_exception_lock); |
| 1598 | } |
| 1599 | |
| 1600 | static void rt6_age_examine_exception(struct rt6_exception_bucket *bucket, |
| 1601 | struct rt6_exception *rt6_ex, |
| 1602 | struct fib6_gc_args *gc_args, |
| 1603 | unsigned long now) |
| 1604 | { |
| 1605 | struct rt6_info *rt = rt6_ex->rt6i; |
| 1606 | |
| 1607 | /* we are pruning and obsoleting aged-out and non gateway exceptions |
| 1608 | * even if others have still references to them, so that on next |
| 1609 | * dst_check() such references can be dropped. |
| 1610 | * EXPIRES exceptions - e.g. pmtu-generated ones are pruned when |
| 1611 | * expired, independently from their aging, as per RFC 8201 section 4 |
| 1612 | */ |
| 1613 | if (!(rt->rt6i_flags & RTF_EXPIRES)) { |
| 1614 | if (time_after_eq(now, rt->dst.lastuse + gc_args->timeout)) { |
| 1615 | RT6_TRACE("aging clone %p\n", rt); |
| 1616 | rt6_remove_exception(bucket, rt6_ex); |
| 1617 | return; |
| 1618 | } |
| 1619 | } else if (time_after(jiffies, rt->dst.expires)) { |
| 1620 | RT6_TRACE("purging expired route %p\n", rt); |
| 1621 | rt6_remove_exception(bucket, rt6_ex); |
| 1622 | return; |
| 1623 | } |
| 1624 | |
| 1625 | if (rt->rt6i_flags & RTF_GATEWAY) { |
| 1626 | struct neighbour *neigh; |
| 1627 | __u8 neigh_flags = 0; |
| 1628 | |
| 1629 | neigh = dst_neigh_lookup(&rt->dst, &rt->rt6i_gateway); |
| 1630 | if (neigh) { |
| 1631 | neigh_flags = neigh->flags; |
| 1632 | neigh_release(neigh); |
| 1633 | } |
| 1634 | if (!(neigh_flags & NTF_ROUTER)) { |
| 1635 | RT6_TRACE("purging route %p via non-router but gateway\n", |
| 1636 | rt); |
| 1637 | rt6_remove_exception(bucket, rt6_ex); |
| 1638 | return; |
| 1639 | } |
| 1640 | } |
| 1641 | |
| 1642 | gc_args->more++; |
| 1643 | } |
| 1644 | |
| 1645 | void rt6_age_exceptions(struct rt6_info *rt, |
| 1646 | struct fib6_gc_args *gc_args, |
| 1647 | unsigned long now) |
| 1648 | { |
| 1649 | struct rt6_exception_bucket *bucket; |
| 1650 | struct rt6_exception *rt6_ex; |
| 1651 | struct hlist_node *tmp; |
| 1652 | int i; |
| 1653 | |
| 1654 | if (!rcu_access_pointer(rt->rt6i_exception_bucket)) |
| 1655 | return; |
| 1656 | |
| 1657 | spin_lock_bh(&rt6_exception_lock); |
| 1658 | bucket = rcu_dereference_protected(rt->rt6i_exception_bucket, |
| 1659 | lockdep_is_held(&rt6_exception_lock)); |
| 1660 | |
| 1661 | if (bucket) { |
| 1662 | for (i = 0; i < FIB6_EXCEPTION_BUCKET_SIZE; i++) { |
| 1663 | hlist_for_each_entry_safe(rt6_ex, tmp, |
| 1664 | &bucket->chain, hlist) { |
| 1665 | rt6_age_examine_exception(bucket, rt6_ex, |
| 1666 | gc_args, now); |
| 1667 | } |
| 1668 | bucket++; |
| 1669 | } |
| 1670 | } |
| 1671 | spin_unlock_bh(&rt6_exception_lock); |
| 1672 | } |
| 1673 | |
| 1674 | struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, |
| 1675 | int oif, struct flowi6 *fl6, int flags) |
| 1676 | { |
| 1677 | struct fib6_node *fn, *saved_fn; |
| 1678 | struct rt6_info *rt, *rt_cache; |
| 1679 | int strict = 0; |
| 1680 | |
| 1681 | strict |= flags & RT6_LOOKUP_F_IFACE; |
| 1682 | strict |= flags & RT6_LOOKUP_F_IGNORE_LINKSTATE; |
| 1683 | if (net->ipv6.devconf_all->forwarding == 0) |
| 1684 | strict |= RT6_LOOKUP_F_REACHABLE; |
| 1685 | |
| 1686 | rcu_read_lock(); |
| 1687 | |
| 1688 | fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); |
| 1689 | saved_fn = fn; |
| 1690 | |
| 1691 | if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) |
| 1692 | oif = 0; |
| 1693 | |
| 1694 | redo_rt6_select: |
| 1695 | rt = rt6_select(net, fn, oif, strict); |
| 1696 | if (rt->rt6i_nsiblings) |
| 1697 | rt = rt6_multipath_select(rt, fl6, oif, strict); |
| 1698 | if (rt == net->ipv6.ip6_null_entry) { |
| 1699 | fn = fib6_backtrack(fn, &fl6->saddr); |
| 1700 | if (fn) |
| 1701 | goto redo_rt6_select; |
| 1702 | else if (strict & RT6_LOOKUP_F_REACHABLE) { |
| 1703 | /* also consider unreachable route */ |
| 1704 | strict &= ~RT6_LOOKUP_F_REACHABLE; |
| 1705 | fn = saved_fn; |
| 1706 | goto redo_rt6_select; |
| 1707 | } |
| 1708 | } |
| 1709 | |
| 1710 | /*Search through exception table */ |
| 1711 | rt_cache = rt6_find_cached_rt(rt, &fl6->daddr, &fl6->saddr); |
| 1712 | if (rt_cache) |
| 1713 | rt = rt_cache; |
| 1714 | |
| 1715 | if (rt == net->ipv6.ip6_null_entry) { |
| 1716 | rcu_read_unlock(); |
| 1717 | dst_hold(&rt->dst); |
| 1718 | trace_fib6_table_lookup(net, rt, table, fl6); |
| 1719 | return rt; |
| 1720 | } else if (rt->rt6i_flags & RTF_CACHE) { |
| 1721 | if (ip6_hold_safe(net, &rt, true)) { |
| 1722 | dst_use_noref(&rt->dst, jiffies); |
| 1723 | rt6_dst_from_metrics_check(rt); |
| 1724 | } |
| 1725 | rcu_read_unlock(); |
| 1726 | trace_fib6_table_lookup(net, rt, table, fl6); |
| 1727 | return rt; |
| 1728 | } else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) && |
| 1729 | !(rt->rt6i_flags & RTF_GATEWAY))) { |
| 1730 | /* Create a RTF_CACHE clone which will not be |
| 1731 | * owned by the fib6 tree. It is for the special case where |
| 1732 | * the daddr in the skb during the neighbor look-up is different |
| 1733 | * from the fl6->daddr used to look-up route here. |
| 1734 | */ |
| 1735 | |
| 1736 | struct rt6_info *uncached_rt; |
| 1737 | |
| 1738 | if (ip6_hold_safe(net, &rt, true)) { |
| 1739 | dst_use_noref(&rt->dst, jiffies); |
| 1740 | } else { |
| 1741 | rcu_read_unlock(); |
| 1742 | uncached_rt = rt; |
| 1743 | goto uncached_rt_out; |
| 1744 | } |
| 1745 | rcu_read_unlock(); |
| 1746 | |
| 1747 | uncached_rt = ip6_rt_cache_alloc(rt, &fl6->daddr, NULL); |
| 1748 | dst_release(&rt->dst); |
| 1749 | |
| 1750 | if (uncached_rt) { |
| 1751 | /* Uncached_rt's refcnt is taken during ip6_rt_cache_alloc() |
| 1752 | * No need for another dst_hold() |
| 1753 | */ |
| 1754 | rt6_uncached_list_add(uncached_rt); |
| 1755 | atomic_inc(&net->ipv6.rt6_stats->fib_rt_uncache); |
| 1756 | } else { |
| 1757 | uncached_rt = net->ipv6.ip6_null_entry; |
| 1758 | dst_hold(&uncached_rt->dst); |
| 1759 | } |
| 1760 | |
| 1761 | uncached_rt_out: |
| 1762 | trace_fib6_table_lookup(net, uncached_rt, table, fl6); |
| 1763 | return uncached_rt; |
| 1764 | |
| 1765 | } else { |
| 1766 | /* Get a percpu copy */ |
| 1767 | |
| 1768 | struct rt6_info *pcpu_rt; |
| 1769 | |
| 1770 | dst_use_noref(&rt->dst, jiffies); |
| 1771 | local_bh_disable(); |
| 1772 | pcpu_rt = rt6_get_pcpu_route(rt); |
| 1773 | |
| 1774 | if (!pcpu_rt) { |
| 1775 | /* atomic_inc_not_zero() is needed when using rcu */ |
| 1776 | if (atomic_inc_not_zero(&rt->rt6i_ref)) { |
| 1777 | /* No dst_hold() on rt is needed because grabbing |
| 1778 | * rt->rt6i_ref makes sure rt can't be released. |
| 1779 | */ |
| 1780 | pcpu_rt = rt6_make_pcpu_route(rt); |
| 1781 | rt6_release(rt); |
| 1782 | } else { |
| 1783 | /* rt is already removed from tree */ |
| 1784 | pcpu_rt = net->ipv6.ip6_null_entry; |
| 1785 | dst_hold(&pcpu_rt->dst); |
| 1786 | } |
| 1787 | } |
| 1788 | local_bh_enable(); |
| 1789 | rcu_read_unlock(); |
| 1790 | trace_fib6_table_lookup(net, pcpu_rt, table, fl6); |
| 1791 | return pcpu_rt; |
| 1792 | } |
| 1793 | } |
| 1794 | EXPORT_SYMBOL_GPL(ip6_pol_route); |
| 1795 | |
| 1796 | static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, |
| 1797 | struct flowi6 *fl6, int flags) |
| 1798 | { |
| 1799 | return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); |
| 1800 | } |
| 1801 | |
| 1802 | struct dst_entry *ip6_route_input_lookup(struct net *net, |
| 1803 | struct net_device *dev, |
| 1804 | struct flowi6 *fl6, int flags) |
| 1805 | { |
| 1806 | if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG) |
| 1807 | flags |= RT6_LOOKUP_F_IFACE; |
| 1808 | |
| 1809 | return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input); |
| 1810 | } |
| 1811 | EXPORT_SYMBOL_GPL(ip6_route_input_lookup); |
| 1812 | |
| 1813 | static void ip6_multipath_l3_keys(const struct sk_buff *skb, |
| 1814 | struct flow_keys *keys) |
| 1815 | { |
| 1816 | const struct ipv6hdr *outer_iph = ipv6_hdr(skb); |
| 1817 | const struct ipv6hdr *key_iph = outer_iph; |
| 1818 | const struct ipv6hdr *inner_iph; |
| 1819 | const struct icmp6hdr *icmph; |
| 1820 | struct ipv6hdr _inner_iph; |
| 1821 | |
| 1822 | if (likely(outer_iph->nexthdr != IPPROTO_ICMPV6)) |
| 1823 | goto out; |
| 1824 | |
| 1825 | icmph = icmp6_hdr(skb); |
| 1826 | if (icmph->icmp6_type != ICMPV6_DEST_UNREACH && |
| 1827 | icmph->icmp6_type != ICMPV6_PKT_TOOBIG && |
| 1828 | icmph->icmp6_type != ICMPV6_TIME_EXCEED && |
| 1829 | icmph->icmp6_type != ICMPV6_PARAMPROB) |
| 1830 | goto out; |
| 1831 | |
| 1832 | inner_iph = skb_header_pointer(skb, |
| 1833 | skb_transport_offset(skb) + sizeof(*icmph), |
| 1834 | sizeof(_inner_iph), &_inner_iph); |
| 1835 | if (!inner_iph) |
| 1836 | goto out; |
| 1837 | |
| 1838 | key_iph = inner_iph; |
| 1839 | out: |
| 1840 | memset(keys, 0, sizeof(*keys)); |
| 1841 | keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; |
| 1842 | keys->addrs.v6addrs.src = key_iph->saddr; |
| 1843 | keys->addrs.v6addrs.dst = key_iph->daddr; |
| 1844 | keys->tags.flow_label = ip6_flowinfo(key_iph); |
| 1845 | keys->basic.ip_proto = key_iph->nexthdr; |
| 1846 | } |
| 1847 | |
| 1848 | /* if skb is set it will be used and fl6 can be NULL */ |
| 1849 | u32 rt6_multipath_hash(const struct flowi6 *fl6, const struct sk_buff *skb) |
| 1850 | { |
| 1851 | struct flow_keys hash_keys; |
| 1852 | |
| 1853 | if (skb) { |
| 1854 | ip6_multipath_l3_keys(skb, &hash_keys); |
| 1855 | return flow_hash_from_keys(&hash_keys) >> 1; |
| 1856 | } |
| 1857 | |
| 1858 | return get_hash_from_flowi6(fl6) >> 1; |
| 1859 | } |
| 1860 | |
| 1861 | void ip6_route_input(struct sk_buff *skb) |
| 1862 | { |
| 1863 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
| 1864 | struct net *net = dev_net(skb->dev); |
| 1865 | int flags = RT6_LOOKUP_F_HAS_SADDR; |
| 1866 | struct ip_tunnel_info *tun_info; |
| 1867 | struct flowi6 fl6 = { |
| 1868 | .flowi6_iif = skb->dev->ifindex, |
| 1869 | .daddr = iph->daddr, |
| 1870 | .saddr = iph->saddr, |
| 1871 | .flowlabel = ip6_flowinfo(iph), |
| 1872 | .flowi6_mark = skb->mark, |
| 1873 | .flowi6_proto = iph->nexthdr, |
| 1874 | }; |
| 1875 | |
| 1876 | tun_info = skb_tunnel_info(skb); |
| 1877 | if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX)) |
| 1878 | fl6.flowi6_tun_key.tun_id = tun_info->key.tun_id; |
| 1879 | if (unlikely(fl6.flowi6_proto == IPPROTO_ICMPV6)) |
| 1880 | fl6.mp_hash = rt6_multipath_hash(&fl6, skb); |
| 1881 | skb_dst_drop(skb); |
| 1882 | skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags)); |
| 1883 | } |
| 1884 | |
| 1885 | static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, |
| 1886 | struct flowi6 *fl6, int flags) |
| 1887 | { |
| 1888 | return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); |
| 1889 | } |
| 1890 | |
| 1891 | struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk, |
| 1892 | struct flowi6 *fl6, int flags) |
| 1893 | { |
| 1894 | bool any_src; |
| 1895 | |
| 1896 | if (rt6_need_strict(&fl6->daddr)) { |
| 1897 | struct dst_entry *dst; |
| 1898 | |
| 1899 | dst = l3mdev_link_scope_lookup(net, fl6); |
| 1900 | if (dst) |
| 1901 | return dst; |
| 1902 | } |
| 1903 | |
| 1904 | fl6->flowi6_iif = LOOPBACK_IFINDEX; |
| 1905 | |
| 1906 | any_src = ipv6_addr_any(&fl6->saddr); |
| 1907 | if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr) || |
| 1908 | (fl6->flowi6_oif && any_src)) |
| 1909 | flags |= RT6_LOOKUP_F_IFACE; |
| 1910 | |
| 1911 | if (!any_src) |
| 1912 | flags |= RT6_LOOKUP_F_HAS_SADDR; |
| 1913 | else if (sk) |
| 1914 | flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs); |
| 1915 | |
| 1916 | return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output); |
| 1917 | } |
| 1918 | EXPORT_SYMBOL_GPL(ip6_route_output_flags); |
| 1919 | |
| 1920 | struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig) |
| 1921 | { |
| 1922 | struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig; |
| 1923 | struct net_device *loopback_dev = net->loopback_dev; |
| 1924 | struct dst_entry *new = NULL; |
| 1925 | |
| 1926 | rt = dst_alloc(&ip6_dst_blackhole_ops, loopback_dev, 1, |
| 1927 | DST_OBSOLETE_DEAD, 0); |
| 1928 | if (rt) { |
| 1929 | rt6_info_init(rt); |
| 1930 | atomic_inc(&net->ipv6.rt6_stats->fib_rt_alloc); |
| 1931 | |
| 1932 | new = &rt->dst; |
| 1933 | new->__use = 1; |
| 1934 | new->input = dst_discard; |
| 1935 | new->output = dst_discard_out; |
| 1936 | |
| 1937 | dst_copy_metrics(new, &ort->dst); |
| 1938 | |
| 1939 | rt->rt6i_idev = in6_dev_get(loopback_dev); |
| 1940 | rt->rt6i_gateway = ort->rt6i_gateway; |
| 1941 | rt->rt6i_flags = ort->rt6i_flags & ~RTF_PCPU; |
| 1942 | rt->rt6i_metric = 0; |
| 1943 | |
| 1944 | memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key)); |
| 1945 | #ifdef CONFIG_IPV6_SUBTREES |
| 1946 | memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); |
| 1947 | #endif |
| 1948 | } |
| 1949 | |
| 1950 | dst_release(dst_orig); |
| 1951 | return new ? new : ERR_PTR(-ENOMEM); |
| 1952 | } |
| 1953 | |
| 1954 | /* |
| 1955 | * Destination cache support functions |
| 1956 | */ |
| 1957 | |
| 1958 | static void rt6_dst_from_metrics_check(struct rt6_info *rt) |
| 1959 | { |
| 1960 | if (rt->from && |
| 1961 | dst_metrics_ptr(&rt->dst) != dst_metrics_ptr(&rt->from->dst)) |
| 1962 | dst_init_metrics(&rt->dst, dst_metrics_ptr(&rt->from->dst), true); |
| 1963 | } |
| 1964 | |
| 1965 | static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie) |
| 1966 | { |
| 1967 | u32 rt_cookie = 0; |
| 1968 | |
| 1969 | if (!rt6_get_cookie_safe(rt, &rt_cookie) || rt_cookie != cookie) |
| 1970 | return NULL; |
| 1971 | |
| 1972 | if (rt6_check_expired(rt)) |
| 1973 | return NULL; |
| 1974 | |
| 1975 | return &rt->dst; |
| 1976 | } |
| 1977 | |
| 1978 | static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie) |
| 1979 | { |
| 1980 | if (!__rt6_check_expired(rt) && |
| 1981 | rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK && |
| 1982 | rt6_check(rt->from, cookie)) |
| 1983 | return &rt->dst; |
| 1984 | else |
| 1985 | return NULL; |
| 1986 | } |
| 1987 | |
| 1988 | static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie) |
| 1989 | { |
| 1990 | struct rt6_info *rt; |
| 1991 | |
| 1992 | rt = (struct rt6_info *) dst; |
| 1993 | |
| 1994 | /* All IPV6 dsts are created with ->obsolete set to the value |
| 1995 | * DST_OBSOLETE_FORCE_CHK which forces validation calls down |
| 1996 | * into this function always. |
| 1997 | */ |
| 1998 | |
| 1999 | rt6_dst_from_metrics_check(rt); |
| 2000 | |
| 2001 | if (rt->rt6i_flags & RTF_PCPU || |
| 2002 | (unlikely(!list_empty(&rt->rt6i_uncached)) && rt->from)) |
| 2003 | return rt6_dst_from_check(rt, cookie); |
| 2004 | else |
| 2005 | return rt6_check(rt, cookie); |
| 2006 | } |
| 2007 | |
| 2008 | static struct dst_entry *ip6_negative_advice(struct dst_entry *dst) |
| 2009 | { |
| 2010 | struct rt6_info *rt = (struct rt6_info *) dst; |
| 2011 | |
| 2012 | if (rt) { |
| 2013 | if (rt->rt6i_flags & RTF_CACHE) { |
| 2014 | if (rt6_check_expired(rt)) { |
| 2015 | ip6_del_rt(rt); |
| 2016 | dst = NULL; |
| 2017 | } |
| 2018 | } else { |
| 2019 | dst_release(dst); |
| 2020 | dst = NULL; |
| 2021 | } |
| 2022 | } |
| 2023 | return dst; |
| 2024 | } |
| 2025 | |
| 2026 | static void ip6_link_failure(struct sk_buff *skb) |
| 2027 | { |
| 2028 | struct rt6_info *rt; |
| 2029 | |
| 2030 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); |
| 2031 | |
| 2032 | rt = (struct rt6_info *) skb_dst(skb); |
| 2033 | if (rt) { |
| 2034 | if (rt->rt6i_flags & RTF_CACHE) { |
| 2035 | if (dst_hold_safe(&rt->dst)) |
| 2036 | ip6_del_rt(rt); |
| 2037 | } else { |
| 2038 | struct fib6_node *fn; |
| 2039 | |
| 2040 | rcu_read_lock(); |
| 2041 | fn = rcu_dereference(rt->rt6i_node); |
| 2042 | if (fn && (rt->rt6i_flags & RTF_DEFAULT)) |
| 2043 | fn->fn_sernum = -1; |
| 2044 | rcu_read_unlock(); |
| 2045 | } |
| 2046 | } |
| 2047 | } |
| 2048 | |
| 2049 | static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu) |
| 2050 | { |
| 2051 | struct net *net = dev_net(rt->dst.dev); |
| 2052 | |
| 2053 | rt->rt6i_flags |= RTF_MODIFIED; |
| 2054 | rt->rt6i_pmtu = mtu; |
| 2055 | rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires); |
| 2056 | } |
| 2057 | |
| 2058 | static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt) |
| 2059 | { |
| 2060 | return !(rt->rt6i_flags & RTF_CACHE) && |
| 2061 | (rt->rt6i_flags & RTF_PCPU || |
| 2062 | rcu_access_pointer(rt->rt6i_node)); |
| 2063 | } |
| 2064 | |
| 2065 | static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk, |
| 2066 | const struct ipv6hdr *iph, u32 mtu) |
| 2067 | { |
| 2068 | const struct in6_addr *daddr, *saddr; |
| 2069 | struct rt6_info *rt6 = (struct rt6_info *)dst; |
| 2070 | |
| 2071 | if (rt6->rt6i_flags & RTF_LOCAL) |
| 2072 | return; |
| 2073 | |
| 2074 | if (dst_metric_locked(dst, RTAX_MTU)) |
| 2075 | return; |
| 2076 | |
| 2077 | if (iph) { |
| 2078 | daddr = &iph->daddr; |
| 2079 | saddr = &iph->saddr; |
| 2080 | } else if (sk) { |
| 2081 | daddr = &sk->sk_v6_daddr; |
| 2082 | saddr = &inet6_sk(sk)->saddr; |
| 2083 | } else { |
| 2084 | daddr = NULL; |
| 2085 | saddr = NULL; |
| 2086 | } |
| 2087 | dst_confirm_neigh(dst, daddr); |
| 2088 | mtu = max_t(u32, mtu, IPV6_MIN_MTU); |
| 2089 | if (mtu >= dst_mtu(dst)) |
| 2090 | return; |
| 2091 | |
| 2092 | if (!rt6_cache_allowed_for_pmtu(rt6)) { |
| 2093 | rt6_do_update_pmtu(rt6, mtu); |
| 2094 | /* update rt6_ex->stamp for cache */ |
| 2095 | if (rt6->rt6i_flags & RTF_CACHE) |
| 2096 | rt6_update_exception_stamp_rt(rt6); |
| 2097 | } else if (daddr) { |
| 2098 | struct rt6_info *nrt6; |
| 2099 | |
| 2100 | nrt6 = ip6_rt_cache_alloc(rt6, daddr, saddr); |
| 2101 | if (nrt6) { |
| 2102 | rt6_do_update_pmtu(nrt6, mtu); |
| 2103 | if (rt6_insert_exception(nrt6, rt6)) |
| 2104 | dst_release_immediate(&nrt6->dst); |
| 2105 | } |
| 2106 | } |
| 2107 | } |
| 2108 | |
| 2109 | static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, |
| 2110 | struct sk_buff *skb, u32 mtu) |
| 2111 | { |
| 2112 | __ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu); |
| 2113 | } |
| 2114 | |
| 2115 | void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu, |
| 2116 | int oif, u32 mark, kuid_t uid) |
| 2117 | { |
| 2118 | const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; |
| 2119 | struct dst_entry *dst; |
| 2120 | struct flowi6 fl6; |
| 2121 | |
| 2122 | memset(&fl6, 0, sizeof(fl6)); |
| 2123 | fl6.flowi6_oif = oif; |
| 2124 | fl6.flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark); |
| 2125 | fl6.daddr = iph->daddr; |
| 2126 | fl6.saddr = iph->saddr; |
| 2127 | fl6.flowlabel = ip6_flowinfo(iph); |
| 2128 | fl6.flowi6_uid = uid; |
| 2129 | |
| 2130 | dst = ip6_route_output(net, NULL, &fl6); |
| 2131 | if (!dst->error) |
| 2132 | __ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu)); |
| 2133 | dst_release(dst); |
| 2134 | } |
| 2135 | EXPORT_SYMBOL_GPL(ip6_update_pmtu); |
| 2136 | |
| 2137 | void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu) |
| 2138 | { |
| 2139 | struct dst_entry *dst; |
| 2140 | |
| 2141 | ip6_update_pmtu(skb, sock_net(sk), mtu, |
| 2142 | sk->sk_bound_dev_if, sk->sk_mark, sk->sk_uid); |
| 2143 | |
| 2144 | dst = __sk_dst_get(sk); |
| 2145 | if (!dst || !dst->obsolete || |
| 2146 | dst->ops->check(dst, inet6_sk(sk)->dst_cookie)) |
| 2147 | return; |
| 2148 | |
| 2149 | bh_lock_sock(sk); |
| 2150 | if (!sock_owned_by_user(sk) && !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) |
| 2151 | ip6_datagram_dst_update(sk, false); |
| 2152 | bh_unlock_sock(sk); |
| 2153 | } |
| 2154 | EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu); |
| 2155 | |
| 2156 | /* Handle redirects */ |
| 2157 | struct ip6rd_flowi { |
| 2158 | struct flowi6 fl6; |
| 2159 | struct in6_addr gateway; |
| 2160 | }; |
| 2161 | |
| 2162 | static struct rt6_info *__ip6_route_redirect(struct net *net, |
| 2163 | struct fib6_table *table, |
| 2164 | struct flowi6 *fl6, |
| 2165 | int flags) |
| 2166 | { |
| 2167 | struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6; |
| 2168 | struct rt6_info *rt, *rt_cache; |
| 2169 | struct fib6_node *fn; |
| 2170 | |
| 2171 | /* Get the "current" route for this destination and |
| 2172 | * check if the redirect has come from appropriate router. |
| 2173 | * |
| 2174 | * RFC 4861 specifies that redirects should only be |
| 2175 | * accepted if they come from the nexthop to the target. |
| 2176 | * Due to the way the routes are chosen, this notion |
| 2177 | * is a bit fuzzy and one might need to check all possible |
| 2178 | * routes. |
| 2179 | */ |
| 2180 | |
| 2181 | rcu_read_lock(); |
| 2182 | fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); |
| 2183 | restart: |
| 2184 | for_each_fib6_node_rt_rcu(fn) { |
| 2185 | if (rt->rt6i_nh_flags & RTNH_F_DEAD) |
| 2186 | continue; |
| 2187 | if (rt6_check_expired(rt)) |
| 2188 | continue; |
| 2189 | if (rt->dst.error) |
| 2190 | break; |
| 2191 | if (!(rt->rt6i_flags & RTF_GATEWAY)) |
| 2192 | continue; |
| 2193 | if (fl6->flowi6_oif != rt->dst.dev->ifindex) |
| 2194 | continue; |
| 2195 | /* rt_cache's gateway might be different from its 'parent' |
| 2196 | * in the case of an ip redirect. |
| 2197 | * So we keep searching in the exception table if the gateway |
| 2198 | * is different. |
| 2199 | */ |
| 2200 | if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway)) { |
| 2201 | rt_cache = rt6_find_cached_rt(rt, |
| 2202 | &fl6->daddr, |
| 2203 | &fl6->saddr); |
| 2204 | if (rt_cache && |
| 2205 | ipv6_addr_equal(&rdfl->gateway, |
| 2206 | &rt_cache->rt6i_gateway)) { |
| 2207 | rt = rt_cache; |
| 2208 | break; |
| 2209 | } |
| 2210 | continue; |
| 2211 | } |
| 2212 | break; |
| 2213 | } |
| 2214 | |
| 2215 | if (!rt) |
| 2216 | rt = net->ipv6.ip6_null_entry; |
| 2217 | else if (rt->dst.error) { |
| 2218 | rt = net->ipv6.ip6_null_entry; |
| 2219 | goto out; |
| 2220 | } |
| 2221 | |
| 2222 | if (rt == net->ipv6.ip6_null_entry) { |
| 2223 | fn = fib6_backtrack(fn, &fl6->saddr); |
| 2224 | if (fn) |
| 2225 | goto restart; |
| 2226 | } |
| 2227 | |
| 2228 | out: |
| 2229 | ip6_hold_safe(net, &rt, true); |
| 2230 | |
| 2231 | rcu_read_unlock(); |
| 2232 | |
| 2233 | trace_fib6_table_lookup(net, rt, table, fl6); |
| 2234 | return rt; |
| 2235 | }; |
| 2236 | |
| 2237 | static struct dst_entry *ip6_route_redirect(struct net *net, |
| 2238 | const struct flowi6 *fl6, |
| 2239 | const struct in6_addr *gateway) |
| 2240 | { |
| 2241 | int flags = RT6_LOOKUP_F_HAS_SADDR; |
| 2242 | struct ip6rd_flowi rdfl; |
| 2243 | |
| 2244 | rdfl.fl6 = *fl6; |
| 2245 | rdfl.gateway = *gateway; |
| 2246 | |
| 2247 | return fib6_rule_lookup(net, &rdfl.fl6, |
| 2248 | flags, __ip6_route_redirect); |
| 2249 | } |
| 2250 | |
| 2251 | void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark, |
| 2252 | kuid_t uid) |
| 2253 | { |
| 2254 | const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; |
| 2255 | struct dst_entry *dst; |
| 2256 | struct flowi6 fl6; |
| 2257 | |
| 2258 | memset(&fl6, 0, sizeof(fl6)); |
| 2259 | fl6.flowi6_iif = LOOPBACK_IFINDEX; |
| 2260 | fl6.flowi6_oif = oif; |
| 2261 | fl6.flowi6_mark = mark; |
| 2262 | fl6.daddr = iph->daddr; |
| 2263 | fl6.saddr = iph->saddr; |
| 2264 | fl6.flowlabel = ip6_flowinfo(iph); |
| 2265 | fl6.flowi6_uid = uid; |
| 2266 | |
| 2267 | dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr); |
| 2268 | rt6_do_redirect(dst, NULL, skb); |
| 2269 | dst_release(dst); |
| 2270 | } |
| 2271 | EXPORT_SYMBOL_GPL(ip6_redirect); |
| 2272 | |
| 2273 | void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif, |
| 2274 | u32 mark) |
| 2275 | { |
| 2276 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
| 2277 | const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb); |
| 2278 | struct dst_entry *dst; |
| 2279 | struct flowi6 fl6; |
| 2280 | |
| 2281 | memset(&fl6, 0, sizeof(fl6)); |
| 2282 | fl6.flowi6_iif = LOOPBACK_IFINDEX; |
| 2283 | fl6.flowi6_oif = oif; |
| 2284 | fl6.flowi6_mark = mark; |
| 2285 | fl6.daddr = msg->dest; |
| 2286 | fl6.saddr = iph->daddr; |
| 2287 | fl6.flowi6_uid = sock_net_uid(net, NULL); |
| 2288 | |
| 2289 | dst = ip6_route_redirect(net, &fl6, &iph->saddr); |
| 2290 | rt6_do_redirect(dst, NULL, skb); |
| 2291 | dst_release(dst); |
| 2292 | } |
| 2293 | |
| 2294 | void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk) |
| 2295 | { |
| 2296 | ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark, |
| 2297 | sk->sk_uid); |
| 2298 | } |
| 2299 | EXPORT_SYMBOL_GPL(ip6_sk_redirect); |
| 2300 | |
| 2301 | static unsigned int ip6_default_advmss(const struct dst_entry *dst) |
| 2302 | { |
| 2303 | struct net_device *dev = dst->dev; |
| 2304 | unsigned int mtu = dst_mtu(dst); |
| 2305 | struct net *net = dev_net(dev); |
| 2306 | |
| 2307 | mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr); |
| 2308 | |
| 2309 | if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss) |
| 2310 | mtu = net->ipv6.sysctl.ip6_rt_min_advmss; |
| 2311 | |
| 2312 | /* |
| 2313 | * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and |
| 2314 | * corresponding MSS is IPV6_MAXPLEN - tcp_header_size. |
| 2315 | * IPV6_MAXPLEN is also valid and means: "any MSS, |
| 2316 | * rely only on pmtu discovery" |
| 2317 | */ |
| 2318 | if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr)) |
| 2319 | mtu = IPV6_MAXPLEN; |
| 2320 | return mtu; |
| 2321 | } |
| 2322 | |
| 2323 | static unsigned int ip6_mtu(const struct dst_entry *dst) |
| 2324 | { |
| 2325 | const struct rt6_info *rt = (const struct rt6_info *)dst; |
| 2326 | unsigned int mtu = rt->rt6i_pmtu; |
| 2327 | struct inet6_dev *idev; |
| 2328 | |
| 2329 | if (mtu) |
| 2330 | goto out; |
| 2331 | |
| 2332 | mtu = dst_metric_raw(dst, RTAX_MTU); |
| 2333 | if (mtu) |
| 2334 | goto out; |
| 2335 | |
| 2336 | mtu = IPV6_MIN_MTU; |
| 2337 | |
| 2338 | rcu_read_lock(); |
| 2339 | idev = __in6_dev_get(dst->dev); |
| 2340 | if (idev) |
| 2341 | mtu = idev->cnf.mtu6; |
| 2342 | rcu_read_unlock(); |
| 2343 | |
| 2344 | out: |
| 2345 | mtu = min_t(unsigned int, mtu, IP6_MAX_MTU); |
| 2346 | |
| 2347 | return mtu - lwtunnel_headroom(dst->lwtstate, mtu); |
| 2348 | } |
| 2349 | |
| 2350 | struct dst_entry *icmp6_dst_alloc(struct net_device *dev, |
| 2351 | struct flowi6 *fl6) |
| 2352 | { |
| 2353 | struct dst_entry *dst; |
| 2354 | struct rt6_info *rt; |
| 2355 | struct inet6_dev *idev = in6_dev_get(dev); |
| 2356 | struct net *net = dev_net(dev); |
| 2357 | |
| 2358 | if (unlikely(!idev)) |
| 2359 | return ERR_PTR(-ENODEV); |
| 2360 | |
| 2361 | rt = ip6_dst_alloc(net, dev, 0); |
| 2362 | if (unlikely(!rt)) { |
| 2363 | in6_dev_put(idev); |
| 2364 | dst = ERR_PTR(-ENOMEM); |
| 2365 | goto out; |
| 2366 | } |
| 2367 | |
| 2368 | rt->dst.flags |= DST_HOST; |
| 2369 | rt->dst.input = ip6_input; |
| 2370 | rt->dst.output = ip6_output; |
| 2371 | rt->rt6i_gateway = fl6->daddr; |
| 2372 | rt->rt6i_dst.addr = fl6->daddr; |
| 2373 | rt->rt6i_dst.plen = 128; |
| 2374 | rt->rt6i_idev = idev; |
| 2375 | dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0); |
| 2376 | |
| 2377 | /* Add this dst into uncached_list so that rt6_disable_ip() can |
| 2378 | * do proper release of the net_device |
| 2379 | */ |
| 2380 | rt6_uncached_list_add(rt); |
| 2381 | atomic_inc(&net->ipv6.rt6_stats->fib_rt_uncache); |
| 2382 | |
| 2383 | dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0); |
| 2384 | |
| 2385 | out: |
| 2386 | return dst; |
| 2387 | } |
| 2388 | |
| 2389 | static int ip6_dst_gc(struct dst_ops *ops) |
| 2390 | { |
| 2391 | struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops); |
| 2392 | int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval; |
| 2393 | int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size; |
| 2394 | int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity; |
| 2395 | int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout; |
| 2396 | unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc; |
| 2397 | int entries; |
| 2398 | |
| 2399 | entries = dst_entries_get_fast(ops); |
| 2400 | if (time_after(rt_last_gc + rt_min_interval, jiffies) && |
| 2401 | entries <= rt_max_size) |
| 2402 | goto out; |
| 2403 | |
| 2404 | net->ipv6.ip6_rt_gc_expire++; |
| 2405 | fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true); |
| 2406 | entries = dst_entries_get_slow(ops); |
| 2407 | if (entries < ops->gc_thresh) |
| 2408 | net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1; |
| 2409 | out: |
| 2410 | net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity; |
| 2411 | return entries > rt_max_size; |
| 2412 | } |
| 2413 | |
| 2414 | static int ip6_convert_metrics(struct mx6_config *mxc, |
| 2415 | const struct fib6_config *cfg) |
| 2416 | { |
| 2417 | struct net *net = cfg->fc_nlinfo.nl_net; |
| 2418 | bool ecn_ca = false; |
| 2419 | struct nlattr *nla; |
| 2420 | int remaining; |
| 2421 | u32 *mp; |
| 2422 | |
| 2423 | if (!cfg->fc_mx) |
| 2424 | return 0; |
| 2425 | |
| 2426 | mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL); |
| 2427 | if (unlikely(!mp)) |
| 2428 | return -ENOMEM; |
| 2429 | |
| 2430 | nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) { |
| 2431 | int type = nla_type(nla); |
| 2432 | u32 val; |
| 2433 | |
| 2434 | if (!type) |
| 2435 | continue; |
| 2436 | if (unlikely(type > RTAX_MAX)) |
| 2437 | goto err; |
| 2438 | |
| 2439 | if (type == RTAX_CC_ALGO) { |
| 2440 | char tmp[TCP_CA_NAME_MAX]; |
| 2441 | |
| 2442 | nla_strlcpy(tmp, nla, sizeof(tmp)); |
| 2443 | val = tcp_ca_get_key_by_name(net, tmp, &ecn_ca); |
| 2444 | if (val == TCP_CA_UNSPEC) |
| 2445 | goto err; |
| 2446 | } else { |
| 2447 | val = nla_get_u32(nla); |
| 2448 | } |
| 2449 | if (type == RTAX_HOPLIMIT && val > 255) |
| 2450 | val = 255; |
| 2451 | if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK)) |
| 2452 | goto err; |
| 2453 | |
| 2454 | mp[type - 1] = val; |
| 2455 | __set_bit(type - 1, mxc->mx_valid); |
| 2456 | } |
| 2457 | |
| 2458 | if (ecn_ca) { |
| 2459 | __set_bit(RTAX_FEATURES - 1, mxc->mx_valid); |
| 2460 | mp[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA; |
| 2461 | } |
| 2462 | |
| 2463 | mxc->mx = mp; |
| 2464 | return 0; |
| 2465 | err: |
| 2466 | kfree(mp); |
| 2467 | return -EINVAL; |
| 2468 | } |
| 2469 | |
| 2470 | static struct rt6_info *ip6_nh_lookup_table(struct net *net, |
| 2471 | struct fib6_config *cfg, |
| 2472 | const struct in6_addr *gw_addr, |
| 2473 | u32 tbid, int flags) |
| 2474 | { |
| 2475 | struct flowi6 fl6 = { |
| 2476 | .flowi6_oif = cfg->fc_ifindex, |
| 2477 | .daddr = *gw_addr, |
| 2478 | .saddr = cfg->fc_prefsrc, |
| 2479 | }; |
| 2480 | struct fib6_table *table; |
| 2481 | struct rt6_info *rt; |
| 2482 | |
| 2483 | table = fib6_get_table(net, tbid); |
| 2484 | if (!table) |
| 2485 | return NULL; |
| 2486 | |
| 2487 | if (!ipv6_addr_any(&cfg->fc_prefsrc)) |
| 2488 | flags |= RT6_LOOKUP_F_HAS_SADDR; |
| 2489 | |
| 2490 | flags |= RT6_LOOKUP_F_IGNORE_LINKSTATE; |
| 2491 | rt = ip6_pol_route(net, table, cfg->fc_ifindex, &fl6, flags); |
| 2492 | |
| 2493 | /* if table lookup failed, fall back to full lookup */ |
| 2494 | if (rt == net->ipv6.ip6_null_entry) { |
| 2495 | ip6_rt_put(rt); |
| 2496 | rt = NULL; |
| 2497 | } |
| 2498 | |
| 2499 | return rt; |
| 2500 | } |
| 2501 | |
| 2502 | static int ip6_route_check_nh_onlink(struct net *net, |
| 2503 | struct fib6_config *cfg, |
| 2504 | struct net_device *dev, |
| 2505 | struct netlink_ext_ack *extack) |
| 2506 | { |
| 2507 | u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN; |
| 2508 | const struct in6_addr *gw_addr = &cfg->fc_gateway; |
| 2509 | u32 flags = RTF_LOCAL | RTF_ANYCAST | RTF_REJECT; |
| 2510 | struct rt6_info *grt; |
| 2511 | int err; |
| 2512 | |
| 2513 | err = 0; |
| 2514 | grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0); |
| 2515 | if (grt) { |
| 2516 | if (!grt->dst.error && |
| 2517 | (grt->rt6i_flags & flags || dev != grt->dst.dev)) { |
| 2518 | NL_SET_ERR_MSG(extack, |
| 2519 | "Nexthop has invalid gateway or device mismatch"); |
| 2520 | err = -EINVAL; |
| 2521 | } |
| 2522 | |
| 2523 | ip6_rt_put(grt); |
| 2524 | } |
| 2525 | |
| 2526 | return err; |
| 2527 | } |
| 2528 | |
| 2529 | static int ip6_route_check_nh(struct net *net, |
| 2530 | struct fib6_config *cfg, |
| 2531 | struct net_device **_dev, |
| 2532 | struct inet6_dev **idev) |
| 2533 | { |
| 2534 | const struct in6_addr *gw_addr = &cfg->fc_gateway; |
| 2535 | struct net_device *dev = _dev ? *_dev : NULL; |
| 2536 | struct rt6_info *grt = NULL; |
| 2537 | int err = -EHOSTUNREACH; |
| 2538 | |
| 2539 | if (cfg->fc_table) { |
| 2540 | int flags = RT6_LOOKUP_F_IFACE; |
| 2541 | |
| 2542 | grt = ip6_nh_lookup_table(net, cfg, gw_addr, |
| 2543 | cfg->fc_table, flags); |
| 2544 | if (grt) { |
| 2545 | if (grt->rt6i_flags & RTF_GATEWAY || |
| 2546 | (dev && dev != grt->dst.dev)) { |
| 2547 | ip6_rt_put(grt); |
| 2548 | grt = NULL; |
| 2549 | } |
| 2550 | } |
| 2551 | } |
| 2552 | |
| 2553 | if (!grt) |
| 2554 | grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, 1); |
| 2555 | |
| 2556 | if (!grt) |
| 2557 | goto out; |
| 2558 | |
| 2559 | if (dev) { |
| 2560 | if (dev != grt->dst.dev) { |
| 2561 | ip6_rt_put(grt); |
| 2562 | goto out; |
| 2563 | } |
| 2564 | } else { |
| 2565 | *_dev = dev = grt->dst.dev; |
| 2566 | *idev = grt->rt6i_idev; |
| 2567 | dev_hold(dev); |
| 2568 | in6_dev_hold(grt->rt6i_idev); |
| 2569 | } |
| 2570 | |
| 2571 | if (!(grt->rt6i_flags & RTF_GATEWAY)) |
| 2572 | err = 0; |
| 2573 | |
| 2574 | ip6_rt_put(grt); |
| 2575 | |
| 2576 | out: |
| 2577 | return err; |
| 2578 | } |
| 2579 | |
| 2580 | static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg, |
| 2581 | struct netlink_ext_ack *extack) |
| 2582 | { |
| 2583 | struct net *net = cfg->fc_nlinfo.nl_net; |
| 2584 | struct rt6_info *rt = NULL; |
| 2585 | struct net_device *dev = NULL; |
| 2586 | struct inet6_dev *idev = NULL; |
| 2587 | struct fib6_table *table; |
| 2588 | int addr_type; |
| 2589 | int err = -EINVAL; |
| 2590 | |
| 2591 | /* RTF_PCPU is an internal flag; can not be set by userspace */ |
| 2592 | if (cfg->fc_flags & RTF_PCPU) { |
| 2593 | NL_SET_ERR_MSG(extack, "Userspace can not set RTF_PCPU"); |
| 2594 | goto out; |
| 2595 | } |
| 2596 | |
| 2597 | /* RTF_CACHE is an internal flag; can not be set by userspace */ |
| 2598 | if (cfg->fc_flags & RTF_CACHE) { |
| 2599 | NL_SET_ERR_MSG(extack, "Userspace can not set RTF_CACHE"); |
| 2600 | goto out; |
| 2601 | } |
| 2602 | |
| 2603 | if (cfg->fc_dst_len > 128) { |
| 2604 | NL_SET_ERR_MSG(extack, "Invalid prefix length"); |
| 2605 | goto out; |
| 2606 | } |
| 2607 | if (cfg->fc_src_len > 128) { |
| 2608 | NL_SET_ERR_MSG(extack, "Invalid source address length"); |
| 2609 | goto out; |
| 2610 | } |
| 2611 | #ifndef CONFIG_IPV6_SUBTREES |
| 2612 | if (cfg->fc_src_len) { |
| 2613 | NL_SET_ERR_MSG(extack, |
| 2614 | "Specifying source address requires IPV6_SUBTREES to be enabled"); |
| 2615 | goto out; |
| 2616 | } |
| 2617 | #endif |
| 2618 | if (cfg->fc_ifindex) { |
| 2619 | err = -ENODEV; |
| 2620 | dev = dev_get_by_index(net, cfg->fc_ifindex); |
| 2621 | if (!dev) |
| 2622 | goto out; |
| 2623 | idev = in6_dev_get(dev); |
| 2624 | if (!idev) |
| 2625 | goto out; |
| 2626 | } |
| 2627 | |
| 2628 | if (cfg->fc_metric == 0) |
| 2629 | cfg->fc_metric = IP6_RT_PRIO_USER; |
| 2630 | |
| 2631 | if (cfg->fc_flags & RTNH_F_ONLINK) { |
| 2632 | if (!dev) { |
| 2633 | NL_SET_ERR_MSG(extack, |
| 2634 | "Nexthop device required for onlink"); |
| 2635 | err = -ENODEV; |
| 2636 | goto out; |
| 2637 | } |
| 2638 | |
| 2639 | if (!(dev->flags & IFF_UP)) { |
| 2640 | NL_SET_ERR_MSG(extack, "Nexthop device is not up"); |
| 2641 | err = -ENETDOWN; |
| 2642 | goto out; |
| 2643 | } |
| 2644 | } |
| 2645 | |
| 2646 | err = -ENOBUFS; |
| 2647 | if (cfg->fc_nlinfo.nlh && |
| 2648 | !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) { |
| 2649 | table = fib6_get_table(net, cfg->fc_table); |
| 2650 | if (!table) { |
| 2651 | pr_warn("NLM_F_CREATE should be specified when creating new route\n"); |
| 2652 | table = fib6_new_table(net, cfg->fc_table); |
| 2653 | } |
| 2654 | } else { |
| 2655 | table = fib6_new_table(net, cfg->fc_table); |
| 2656 | } |
| 2657 | |
| 2658 | if (!table) |
| 2659 | goto out; |
| 2660 | |
| 2661 | rt = ip6_dst_alloc(net, NULL, |
| 2662 | (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT); |
| 2663 | |
| 2664 | if (!rt) { |
| 2665 | err = -ENOMEM; |
| 2666 | goto out; |
| 2667 | } |
| 2668 | |
| 2669 | if (cfg->fc_flags & RTF_EXPIRES) |
| 2670 | rt6_set_expires(rt, jiffies + |
| 2671 | clock_t_to_jiffies(cfg->fc_expires)); |
| 2672 | else |
| 2673 | rt6_clean_expires(rt); |
| 2674 | |
| 2675 | if (cfg->fc_protocol == RTPROT_UNSPEC) |
| 2676 | cfg->fc_protocol = RTPROT_BOOT; |
| 2677 | rt->rt6i_protocol = cfg->fc_protocol; |
| 2678 | |
| 2679 | addr_type = ipv6_addr_type(&cfg->fc_dst); |
| 2680 | |
| 2681 | if (addr_type & IPV6_ADDR_MULTICAST) |
| 2682 | rt->dst.input = ip6_mc_input; |
| 2683 | else if (cfg->fc_flags & RTF_LOCAL) |
| 2684 | rt->dst.input = ip6_input; |
| 2685 | else |
| 2686 | rt->dst.input = ip6_forward; |
| 2687 | |
| 2688 | rt->dst.output = ip6_output; |
| 2689 | |
| 2690 | if (cfg->fc_encap) { |
| 2691 | struct lwtunnel_state *lwtstate; |
| 2692 | |
| 2693 | err = lwtunnel_build_state(cfg->fc_encap_type, |
| 2694 | cfg->fc_encap, AF_INET6, cfg, |
| 2695 | &lwtstate, extack); |
| 2696 | if (err) |
| 2697 | goto out; |
| 2698 | rt->dst.lwtstate = lwtstate_get(lwtstate); |
| 2699 | if (lwtunnel_output_redirect(rt->dst.lwtstate)) { |
| 2700 | rt->dst.lwtstate->orig_output = rt->dst.output; |
| 2701 | rt->dst.output = lwtunnel_output; |
| 2702 | } |
| 2703 | if (lwtunnel_input_redirect(rt->dst.lwtstate)) { |
| 2704 | rt->dst.lwtstate->orig_input = rt->dst.input; |
| 2705 | rt->dst.input = lwtunnel_input; |
| 2706 | } |
| 2707 | } |
| 2708 | |
| 2709 | ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len); |
| 2710 | rt->rt6i_dst.plen = cfg->fc_dst_len; |
| 2711 | if (rt->rt6i_dst.plen == 128) |
| 2712 | rt->dst.flags |= DST_HOST; |
| 2713 | |
| 2714 | #ifdef CONFIG_IPV6_SUBTREES |
| 2715 | ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len); |
| 2716 | rt->rt6i_src.plen = cfg->fc_src_len; |
| 2717 | #endif |
| 2718 | |
| 2719 | rt->rt6i_metric = cfg->fc_metric; |
| 2720 | rt->rt6i_nh_weight = 1; |
| 2721 | |
| 2722 | /* We cannot add true routes via loopback here, |
| 2723 | they would result in kernel looping; promote them to reject routes |
| 2724 | */ |
| 2725 | if ((cfg->fc_flags & RTF_REJECT) || |
| 2726 | (dev && (dev->flags & IFF_LOOPBACK) && |
| 2727 | !(addr_type & IPV6_ADDR_LOOPBACK) && |
| 2728 | !(cfg->fc_flags & RTF_LOCAL))) { |
| 2729 | /* hold loopback dev/idev if we haven't done so. */ |
| 2730 | if (dev != net->loopback_dev) { |
| 2731 | if (dev) { |
| 2732 | dev_put(dev); |
| 2733 | in6_dev_put(idev); |
| 2734 | } |
| 2735 | dev = net->loopback_dev; |
| 2736 | dev_hold(dev); |
| 2737 | idev = in6_dev_get(dev); |
| 2738 | if (!idev) { |
| 2739 | err = -ENODEV; |
| 2740 | goto out; |
| 2741 | } |
| 2742 | } |
| 2743 | rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP; |
| 2744 | switch (cfg->fc_type) { |
| 2745 | case RTN_BLACKHOLE: |
| 2746 | rt->dst.error = -EINVAL; |
| 2747 | rt->dst.output = dst_discard_out; |
| 2748 | rt->dst.input = dst_discard; |
| 2749 | break; |
| 2750 | case RTN_PROHIBIT: |
| 2751 | rt->dst.error = -EACCES; |
| 2752 | rt->dst.output = ip6_pkt_prohibit_out; |
| 2753 | rt->dst.input = ip6_pkt_prohibit; |
| 2754 | break; |
| 2755 | case RTN_THROW: |
| 2756 | case RTN_UNREACHABLE: |
| 2757 | default: |
| 2758 | rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN |
| 2759 | : (cfg->fc_type == RTN_UNREACHABLE) |
| 2760 | ? -EHOSTUNREACH : -ENETUNREACH; |
| 2761 | rt->dst.output = ip6_pkt_discard_out; |
| 2762 | rt->dst.input = ip6_pkt_discard; |
| 2763 | break; |
| 2764 | } |
| 2765 | goto install_route; |
| 2766 | } |
| 2767 | |
| 2768 | if (cfg->fc_flags & RTF_GATEWAY) { |
| 2769 | const struct in6_addr *gw_addr; |
| 2770 | int gwa_type; |
| 2771 | |
| 2772 | gw_addr = &cfg->fc_gateway; |
| 2773 | gwa_type = ipv6_addr_type(gw_addr); |
| 2774 | |
| 2775 | /* if gw_addr is local we will fail to detect this in case |
| 2776 | * address is still TENTATIVE (DAD in progress). rt6_lookup() |
| 2777 | * will return already-added prefix route via interface that |
| 2778 | * prefix route was assigned to, which might be non-loopback. |
| 2779 | */ |
| 2780 | err = -EINVAL; |
| 2781 | if (ipv6_chk_addr_and_flags(net, gw_addr, |
| 2782 | gwa_type & IPV6_ADDR_LINKLOCAL ? |
| 2783 | dev : NULL, 0, 0)) { |
| 2784 | NL_SET_ERR_MSG(extack, "Invalid gateway address"); |
| 2785 | goto out; |
| 2786 | } |
| 2787 | rt->rt6i_gateway = *gw_addr; |
| 2788 | |
| 2789 | if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) { |
| 2790 | /* IPv6 strictly inhibits using not link-local |
| 2791 | addresses as nexthop address. |
| 2792 | Otherwise, router will not able to send redirects. |
| 2793 | It is very good, but in some (rare!) circumstances |
| 2794 | (SIT, PtP, NBMA NOARP links) it is handy to allow |
| 2795 | some exceptions. --ANK |
| 2796 | We allow IPv4-mapped nexthops to support RFC4798-type |
| 2797 | addressing |
| 2798 | */ |
| 2799 | if (!(gwa_type & (IPV6_ADDR_UNICAST | |
| 2800 | IPV6_ADDR_MAPPED))) { |
| 2801 | NL_SET_ERR_MSG(extack, |
| 2802 | "Invalid gateway address"); |
| 2803 | goto out; |
| 2804 | } |
| 2805 | |
| 2806 | if (cfg->fc_flags & RTNH_F_ONLINK) { |
| 2807 | err = ip6_route_check_nh_onlink(net, cfg, dev, |
| 2808 | extack); |
| 2809 | } else { |
| 2810 | err = ip6_route_check_nh(net, cfg, &dev, &idev); |
| 2811 | } |
| 2812 | if (err) |
| 2813 | goto out; |
| 2814 | } |
| 2815 | err = -EINVAL; |
| 2816 | if (!dev) { |
| 2817 | NL_SET_ERR_MSG(extack, "Egress device not specified"); |
| 2818 | goto out; |
| 2819 | } else if (dev->flags & IFF_LOOPBACK) { |
| 2820 | NL_SET_ERR_MSG(extack, |
| 2821 | "Egress device can not be loopback device for this route"); |
| 2822 | goto out; |
| 2823 | } |
| 2824 | } |
| 2825 | |
| 2826 | err = -ENODEV; |
| 2827 | if (!dev) |
| 2828 | goto out; |
| 2829 | |
| 2830 | if (!(dev->flags & IFF_UP)) { |
| 2831 | NL_SET_ERR_MSG(extack, "Nexthop device is not up"); |
| 2832 | err = -ENETDOWN; |
| 2833 | goto out; |
| 2834 | } |
| 2835 | |
| 2836 | if (!ipv6_addr_any(&cfg->fc_prefsrc)) { |
| 2837 | if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) { |
| 2838 | NL_SET_ERR_MSG(extack, "Invalid source address"); |
| 2839 | err = -EINVAL; |
| 2840 | goto out; |
| 2841 | } |
| 2842 | rt->rt6i_prefsrc.addr = cfg->fc_prefsrc; |
| 2843 | rt->rt6i_prefsrc.plen = 128; |
| 2844 | } else |
| 2845 | rt->rt6i_prefsrc.plen = 0; |
| 2846 | |
| 2847 | rt->rt6i_flags = cfg->fc_flags; |
| 2848 | |
| 2849 | install_route: |
| 2850 | if (!(rt->rt6i_flags & (RTF_LOCAL | RTF_ANYCAST)) && |
| 2851 | !netif_carrier_ok(dev)) |
| 2852 | rt->rt6i_nh_flags |= RTNH_F_LINKDOWN; |
| 2853 | rt->rt6i_nh_flags |= (cfg->fc_flags & RTNH_F_ONLINK); |
| 2854 | rt->dst.dev = dev; |
| 2855 | rt->rt6i_idev = idev; |
| 2856 | rt->rt6i_table = table; |
| 2857 | |
| 2858 | cfg->fc_nlinfo.nl_net = dev_net(dev); |
| 2859 | |
| 2860 | return rt; |
| 2861 | out: |
| 2862 | if (dev) |
| 2863 | dev_put(dev); |
| 2864 | if (idev) |
| 2865 | in6_dev_put(idev); |
| 2866 | if (rt) |
| 2867 | dst_release_immediate(&rt->dst); |
| 2868 | |
| 2869 | return ERR_PTR(err); |
| 2870 | } |
| 2871 | |
| 2872 | int ip6_route_add(struct fib6_config *cfg, |
| 2873 | struct netlink_ext_ack *extack) |
| 2874 | { |
| 2875 | struct mx6_config mxc = { .mx = NULL, }; |
| 2876 | struct rt6_info *rt; |
| 2877 | int err; |
| 2878 | |
| 2879 | rt = ip6_route_info_create(cfg, extack); |
| 2880 | if (IS_ERR(rt)) { |
| 2881 | err = PTR_ERR(rt); |
| 2882 | rt = NULL; |
| 2883 | goto out; |
| 2884 | } |
| 2885 | |
| 2886 | err = ip6_convert_metrics(&mxc, cfg); |
| 2887 | if (err) |
| 2888 | goto out; |
| 2889 | |
| 2890 | err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, &mxc, extack); |
| 2891 | |
| 2892 | kfree(mxc.mx); |
| 2893 | |
| 2894 | return err; |
| 2895 | out: |
| 2896 | if (rt) |
| 2897 | dst_release_immediate(&rt->dst); |
| 2898 | |
| 2899 | return err; |
| 2900 | } |
| 2901 | |
| 2902 | static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info) |
| 2903 | { |
| 2904 | int err; |
| 2905 | struct fib6_table *table; |
| 2906 | struct net *net = dev_net(rt->dst.dev); |
| 2907 | |
| 2908 | if (rt == net->ipv6.ip6_null_entry) { |
| 2909 | err = -ENOENT; |
| 2910 | goto out; |
| 2911 | } |
| 2912 | |
| 2913 | table = rt->rt6i_table; |
| 2914 | spin_lock_bh(&table->tb6_lock); |
| 2915 | err = fib6_del(rt, info); |
| 2916 | spin_unlock_bh(&table->tb6_lock); |
| 2917 | |
| 2918 | out: |
| 2919 | ip6_rt_put(rt); |
| 2920 | return err; |
| 2921 | } |
| 2922 | |
| 2923 | int ip6_del_rt(struct rt6_info *rt) |
| 2924 | { |
| 2925 | struct nl_info info = { |
| 2926 | .nl_net = dev_net(rt->dst.dev), |
| 2927 | }; |
| 2928 | return __ip6_del_rt(rt, &info); |
| 2929 | } |
| 2930 | |
| 2931 | static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg) |
| 2932 | { |
| 2933 | struct nl_info *info = &cfg->fc_nlinfo; |
| 2934 | struct net *net = info->nl_net; |
| 2935 | struct sk_buff *skb = NULL; |
| 2936 | struct fib6_table *table; |
| 2937 | int err = -ENOENT; |
| 2938 | |
| 2939 | if (rt == net->ipv6.ip6_null_entry) |
| 2940 | goto out_put; |
| 2941 | table = rt->rt6i_table; |
| 2942 | spin_lock_bh(&table->tb6_lock); |
| 2943 | |
| 2944 | if (rt->rt6i_nsiblings && cfg->fc_delete_all_nh) { |
| 2945 | struct rt6_info *sibling, *next_sibling; |
| 2946 | |
| 2947 | /* prefer to send a single notification with all hops */ |
| 2948 | skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any()); |
| 2949 | if (skb) { |
| 2950 | u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0; |
| 2951 | |
| 2952 | if (rt6_fill_node(net, skb, rt, |
| 2953 | NULL, NULL, 0, RTM_DELROUTE, |
| 2954 | info->portid, seq, 0) < 0) { |
| 2955 | kfree_skb(skb); |
| 2956 | skb = NULL; |
| 2957 | } else |
| 2958 | info->skip_notify = 1; |
| 2959 | } |
| 2960 | |
| 2961 | list_for_each_entry_safe(sibling, next_sibling, |
| 2962 | &rt->rt6i_siblings, |
| 2963 | rt6i_siblings) { |
| 2964 | err = fib6_del(sibling, info); |
| 2965 | if (err) |
| 2966 | goto out_unlock; |
| 2967 | } |
| 2968 | } |
| 2969 | |
| 2970 | err = fib6_del(rt, info); |
| 2971 | out_unlock: |
| 2972 | spin_unlock_bh(&table->tb6_lock); |
| 2973 | out_put: |
| 2974 | ip6_rt_put(rt); |
| 2975 | |
| 2976 | if (skb) { |
| 2977 | rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE, |
| 2978 | info->nlh, gfp_any()); |
| 2979 | } |
| 2980 | return err; |
| 2981 | } |
| 2982 | |
| 2983 | static int ip6_route_del(struct fib6_config *cfg, |
| 2984 | struct netlink_ext_ack *extack) |
| 2985 | { |
| 2986 | struct rt6_info *rt, *rt_cache; |
| 2987 | struct fib6_table *table; |
| 2988 | struct fib6_node *fn; |
| 2989 | int err = -ESRCH; |
| 2990 | |
| 2991 | table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table); |
| 2992 | if (!table) { |
| 2993 | NL_SET_ERR_MSG(extack, "FIB table does not exist"); |
| 2994 | return err; |
| 2995 | } |
| 2996 | |
| 2997 | rcu_read_lock(); |
| 2998 | |
| 2999 | fn = fib6_locate(&table->tb6_root, |
| 3000 | &cfg->fc_dst, cfg->fc_dst_len, |
| 3001 | &cfg->fc_src, cfg->fc_src_len, |
| 3002 | !(cfg->fc_flags & RTF_CACHE)); |
| 3003 | |
| 3004 | if (fn) { |
| 3005 | for_each_fib6_node_rt_rcu(fn) { |
| 3006 | if (cfg->fc_flags & RTF_CACHE) { |
| 3007 | rt_cache = rt6_find_cached_rt(rt, &cfg->fc_dst, |
| 3008 | &cfg->fc_src); |
| 3009 | if (!rt_cache) |
| 3010 | continue; |
| 3011 | rt = rt_cache; |
| 3012 | } |
| 3013 | if (cfg->fc_ifindex && |
| 3014 | (!rt->dst.dev || |
| 3015 | rt->dst.dev->ifindex != cfg->fc_ifindex)) |
| 3016 | continue; |
| 3017 | if (cfg->fc_flags & RTF_GATEWAY && |
| 3018 | !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway)) |
| 3019 | continue; |
| 3020 | if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric) |
| 3021 | continue; |
| 3022 | if (cfg->fc_protocol && cfg->fc_protocol != rt->rt6i_protocol) |
| 3023 | continue; |
| 3024 | if (!dst_hold_safe(&rt->dst)) |
| 3025 | break; |
| 3026 | rcu_read_unlock(); |
| 3027 | |
| 3028 | /* if gateway was specified only delete the one hop */ |
| 3029 | if (cfg->fc_flags & RTF_GATEWAY) |
| 3030 | return __ip6_del_rt(rt, &cfg->fc_nlinfo); |
| 3031 | |
| 3032 | return __ip6_del_rt_siblings(rt, cfg); |
| 3033 | } |
| 3034 | } |
| 3035 | rcu_read_unlock(); |
| 3036 | |
| 3037 | return err; |
| 3038 | } |
| 3039 | |
| 3040 | static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb) |
| 3041 | { |
| 3042 | struct netevent_redirect netevent; |
| 3043 | struct rt6_info *rt, *nrt = NULL; |
| 3044 | struct ndisc_options ndopts; |
| 3045 | struct inet6_dev *in6_dev; |
| 3046 | struct neighbour *neigh; |
| 3047 | struct rd_msg *msg; |
| 3048 | int optlen, on_link; |
| 3049 | u8 *lladdr; |
| 3050 | |
| 3051 | optlen = skb_tail_pointer(skb) - skb_transport_header(skb); |
| 3052 | optlen -= sizeof(*msg); |
| 3053 | |
| 3054 | if (optlen < 0) { |
| 3055 | net_dbg_ratelimited("rt6_do_redirect: packet too short\n"); |
| 3056 | return; |
| 3057 | } |
| 3058 | |
| 3059 | msg = (struct rd_msg *)icmp6_hdr(skb); |
| 3060 | |
| 3061 | if (ipv6_addr_is_multicast(&msg->dest)) { |
| 3062 | net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n"); |
| 3063 | return; |
| 3064 | } |
| 3065 | |
| 3066 | on_link = 0; |
| 3067 | if (ipv6_addr_equal(&msg->dest, &msg->target)) { |
| 3068 | on_link = 1; |
| 3069 | } else if (ipv6_addr_type(&msg->target) != |
| 3070 | (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { |
| 3071 | net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n"); |
| 3072 | return; |
| 3073 | } |
| 3074 | |
| 3075 | in6_dev = __in6_dev_get(skb->dev); |
| 3076 | if (!in6_dev) |
| 3077 | return; |
| 3078 | if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) |
| 3079 | return; |
| 3080 | |
| 3081 | /* RFC2461 8.1: |
| 3082 | * The IP source address of the Redirect MUST be the same as the current |
| 3083 | * first-hop router for the specified ICMP Destination Address. |
| 3084 | */ |
| 3085 | |
| 3086 | if (!ndisc_parse_options(skb->dev, msg->opt, optlen, &ndopts)) { |
| 3087 | net_dbg_ratelimited("rt6_redirect: invalid ND options\n"); |
| 3088 | return; |
| 3089 | } |
| 3090 | |
| 3091 | lladdr = NULL; |
| 3092 | if (ndopts.nd_opts_tgt_lladdr) { |
| 3093 | lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, |
| 3094 | skb->dev); |
| 3095 | if (!lladdr) { |
| 3096 | net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n"); |
| 3097 | return; |
| 3098 | } |
| 3099 | } |
| 3100 | |
| 3101 | rt = (struct rt6_info *) dst; |
| 3102 | if (rt->rt6i_flags & RTF_REJECT) { |
| 3103 | net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n"); |
| 3104 | return; |
| 3105 | } |
| 3106 | |
| 3107 | /* Redirect received -> path was valid. |
| 3108 | * Look, redirects are sent only in response to data packets, |
| 3109 | * so that this nexthop apparently is reachable. --ANK |
| 3110 | */ |
| 3111 | dst_confirm_neigh(&rt->dst, &ipv6_hdr(skb)->saddr); |
| 3112 | |
| 3113 | neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1); |
| 3114 | if (!neigh) |
| 3115 | return; |
| 3116 | |
| 3117 | /* |
| 3118 | * We have finally decided to accept it. |
| 3119 | */ |
| 3120 | |
| 3121 | ndisc_update(skb->dev, neigh, lladdr, NUD_STALE, |
| 3122 | NEIGH_UPDATE_F_WEAK_OVERRIDE| |
| 3123 | NEIGH_UPDATE_F_OVERRIDE| |
| 3124 | (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER| |
| 3125 | NEIGH_UPDATE_F_ISROUTER)), |
| 3126 | NDISC_REDIRECT, &ndopts); |
| 3127 | |
| 3128 | nrt = ip6_rt_cache_alloc(rt, &msg->dest, NULL); |
| 3129 | if (!nrt) |
| 3130 | goto out; |
| 3131 | |
| 3132 | nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE; |
| 3133 | if (on_link) |
| 3134 | nrt->rt6i_flags &= ~RTF_GATEWAY; |
| 3135 | |
| 3136 | nrt->rt6i_protocol = RTPROT_REDIRECT; |
| 3137 | nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key; |
| 3138 | |
| 3139 | /* No need to remove rt from the exception table if rt is |
| 3140 | * a cached route because rt6_insert_exception() will |
| 3141 | * takes care of it |
| 3142 | */ |
| 3143 | if (rt6_insert_exception(nrt, rt)) { |
| 3144 | dst_release_immediate(&nrt->dst); |
| 3145 | goto out; |
| 3146 | } |
| 3147 | |
| 3148 | netevent.old = &rt->dst; |
| 3149 | netevent.new = &nrt->dst; |
| 3150 | netevent.daddr = &msg->dest; |
| 3151 | netevent.neigh = neigh; |
| 3152 | call_netevent_notifiers(NETEVENT_REDIRECT, &netevent); |
| 3153 | |
| 3154 | out: |
| 3155 | neigh_release(neigh); |
| 3156 | } |
| 3157 | |
| 3158 | /* |
| 3159 | * Misc support functions |
| 3160 | */ |
| 3161 | |
| 3162 | static void rt6_set_from(struct rt6_info *rt, struct rt6_info *from) |
| 3163 | { |
| 3164 | BUG_ON(from->from); |
| 3165 | |
| 3166 | rt->rt6i_flags &= ~RTF_EXPIRES; |
| 3167 | dst_hold(&from->dst); |
| 3168 | rt->from = from; |
| 3169 | dst_init_metrics(&rt->dst, dst_metrics_ptr(&from->dst), true); |
| 3170 | } |
| 3171 | |
| 3172 | static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort) |
| 3173 | { |
| 3174 | rt->dst.input = ort->dst.input; |
| 3175 | rt->dst.output = ort->dst.output; |
| 3176 | rt->rt6i_dst = ort->rt6i_dst; |
| 3177 | rt->dst.error = ort->dst.error; |
| 3178 | rt->rt6i_idev = ort->rt6i_idev; |
| 3179 | if (rt->rt6i_idev) |
| 3180 | in6_dev_hold(rt->rt6i_idev); |
| 3181 | rt->dst.lastuse = jiffies; |
| 3182 | rt->rt6i_gateway = ort->rt6i_gateway; |
| 3183 | rt->rt6i_flags = ort->rt6i_flags; |
| 3184 | rt6_set_from(rt, ort); |
| 3185 | rt->rt6i_metric = ort->rt6i_metric; |
| 3186 | #ifdef CONFIG_IPV6_SUBTREES |
| 3187 | rt->rt6i_src = ort->rt6i_src; |
| 3188 | #endif |
| 3189 | rt->rt6i_prefsrc = ort->rt6i_prefsrc; |
| 3190 | rt->rt6i_table = ort->rt6i_table; |
| 3191 | rt->dst.lwtstate = lwtstate_get(ort->dst.lwtstate); |
| 3192 | } |
| 3193 | |
| 3194 | #ifdef CONFIG_IPV6_ROUTE_INFO |
| 3195 | static struct rt6_info *rt6_get_route_info(struct net *net, |
| 3196 | const struct in6_addr *prefix, int prefixlen, |
| 3197 | const struct in6_addr *gwaddr, |
| 3198 | struct net_device *dev) |
| 3199 | { |
| 3200 | u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO; |
| 3201 | int ifindex = dev->ifindex; |
| 3202 | struct fib6_node *fn; |
| 3203 | struct rt6_info *rt = NULL; |
| 3204 | struct fib6_table *table; |
| 3205 | |
| 3206 | table = fib6_get_table(net, tb_id); |
| 3207 | if (!table) |
| 3208 | return NULL; |
| 3209 | |
| 3210 | rcu_read_lock(); |
| 3211 | fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0, true); |
| 3212 | if (!fn) |
| 3213 | goto out; |
| 3214 | |
| 3215 | for_each_fib6_node_rt_rcu(fn) { |
| 3216 | if (rt->dst.dev->ifindex != ifindex) |
| 3217 | continue; |
| 3218 | if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY)) |
| 3219 | continue; |
| 3220 | if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr)) |
| 3221 | continue; |
| 3222 | ip6_hold_safe(NULL, &rt, false); |
| 3223 | break; |
| 3224 | } |
| 3225 | out: |
| 3226 | rcu_read_unlock(); |
| 3227 | return rt; |
| 3228 | } |
| 3229 | |
| 3230 | static struct rt6_info *rt6_add_route_info(struct net *net, |
| 3231 | const struct in6_addr *prefix, int prefixlen, |
| 3232 | const struct in6_addr *gwaddr, |
| 3233 | struct net_device *dev, |
| 3234 | unsigned int pref) |
| 3235 | { |
| 3236 | struct fib6_config cfg = { |
| 3237 | .fc_metric = IP6_RT_PRIO_USER, |
| 3238 | .fc_ifindex = dev->ifindex, |
| 3239 | .fc_dst_len = prefixlen, |
| 3240 | .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO | |
| 3241 | RTF_UP | RTF_PREF(pref), |
| 3242 | .fc_protocol = RTPROT_RA, |
| 3243 | .fc_nlinfo.portid = 0, |
| 3244 | .fc_nlinfo.nlh = NULL, |
| 3245 | .fc_nlinfo.nl_net = net, |
| 3246 | }; |
| 3247 | |
| 3248 | cfg.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO, |
| 3249 | cfg.fc_dst = *prefix; |
| 3250 | cfg.fc_gateway = *gwaddr; |
| 3251 | |
| 3252 | /* We should treat it as a default route if prefix length is 0. */ |
| 3253 | if (!prefixlen) |
| 3254 | cfg.fc_flags |= RTF_DEFAULT; |
| 3255 | |
| 3256 | ip6_route_add(&cfg, NULL); |
| 3257 | |
| 3258 | return rt6_get_route_info(net, prefix, prefixlen, gwaddr, dev); |
| 3259 | } |
| 3260 | #endif |
| 3261 | |
| 3262 | struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev) |
| 3263 | { |
| 3264 | u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT; |
| 3265 | struct rt6_info *rt; |
| 3266 | struct fib6_table *table; |
| 3267 | |
| 3268 | table = fib6_get_table(dev_net(dev), tb_id); |
| 3269 | if (!table) |
| 3270 | return NULL; |
| 3271 | |
| 3272 | rcu_read_lock(); |
| 3273 | for_each_fib6_node_rt_rcu(&table->tb6_root) { |
| 3274 | if (dev == rt->dst.dev && |
| 3275 | ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) && |
| 3276 | ipv6_addr_equal(&rt->rt6i_gateway, addr)) |
| 3277 | break; |
| 3278 | } |
| 3279 | if (rt) |
| 3280 | ip6_hold_safe(NULL, &rt, false); |
| 3281 | rcu_read_unlock(); |
| 3282 | return rt; |
| 3283 | } |
| 3284 | |
| 3285 | struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr, |
| 3286 | struct net_device *dev, |
| 3287 | unsigned int pref) |
| 3288 | { |
| 3289 | struct fib6_config cfg = { |
| 3290 | .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT, |
| 3291 | .fc_metric = IP6_RT_PRIO_USER, |
| 3292 | .fc_ifindex = dev->ifindex, |
| 3293 | .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | |
| 3294 | RTF_UP | RTF_EXPIRES | RTF_PREF(pref), |
| 3295 | .fc_protocol = RTPROT_RA, |
| 3296 | .fc_nlinfo.portid = 0, |
| 3297 | .fc_nlinfo.nlh = NULL, |
| 3298 | .fc_nlinfo.nl_net = dev_net(dev), |
| 3299 | }; |
| 3300 | |
| 3301 | cfg.fc_gateway = *gwaddr; |
| 3302 | |
| 3303 | if (!ip6_route_add(&cfg, NULL)) { |
| 3304 | struct fib6_table *table; |
| 3305 | |
| 3306 | table = fib6_get_table(dev_net(dev), cfg.fc_table); |
| 3307 | if (table) |
| 3308 | table->flags |= RT6_TABLE_HAS_DFLT_ROUTER; |
| 3309 | } |
| 3310 | |
| 3311 | return rt6_get_dflt_router(gwaddr, dev); |
| 3312 | } |
| 3313 | |
| 3314 | static void __rt6_purge_dflt_routers(struct fib6_table *table) |
| 3315 | { |
| 3316 | struct rt6_info *rt; |
| 3317 | |
| 3318 | restart: |
| 3319 | rcu_read_lock(); |
| 3320 | for_each_fib6_node_rt_rcu(&table->tb6_root) { |
| 3321 | if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) && |
| 3322 | (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) { |
| 3323 | if (dst_hold_safe(&rt->dst)) { |
| 3324 | rcu_read_unlock(); |
| 3325 | ip6_del_rt(rt); |
| 3326 | } else { |
| 3327 | rcu_read_unlock(); |
| 3328 | } |
| 3329 | goto restart; |
| 3330 | } |
| 3331 | } |
| 3332 | rcu_read_unlock(); |
| 3333 | |
| 3334 | table->flags &= ~RT6_TABLE_HAS_DFLT_ROUTER; |
| 3335 | } |
| 3336 | |
| 3337 | void rt6_purge_dflt_routers(struct net *net) |
| 3338 | { |
| 3339 | struct fib6_table *table; |
| 3340 | struct hlist_head *head; |
| 3341 | unsigned int h; |
| 3342 | |
| 3343 | rcu_read_lock(); |
| 3344 | |
| 3345 | for (h = 0; h < FIB6_TABLE_HASHSZ; h++) { |
| 3346 | head = &net->ipv6.fib_table_hash[h]; |
| 3347 | hlist_for_each_entry_rcu(table, head, tb6_hlist) { |
| 3348 | if (table->flags & RT6_TABLE_HAS_DFLT_ROUTER) |
| 3349 | __rt6_purge_dflt_routers(table); |
| 3350 | } |
| 3351 | } |
| 3352 | |
| 3353 | rcu_read_unlock(); |
| 3354 | } |
| 3355 | |
| 3356 | static void rtmsg_to_fib6_config(struct net *net, |
| 3357 | struct in6_rtmsg *rtmsg, |
| 3358 | struct fib6_config *cfg) |
| 3359 | { |
| 3360 | memset(cfg, 0, sizeof(*cfg)); |
| 3361 | |
| 3362 | cfg->fc_table = l3mdev_fib_table_by_index(net, rtmsg->rtmsg_ifindex) ? |
| 3363 | : RT6_TABLE_MAIN; |
| 3364 | cfg->fc_ifindex = rtmsg->rtmsg_ifindex; |
| 3365 | cfg->fc_metric = rtmsg->rtmsg_metric; |
| 3366 | cfg->fc_expires = rtmsg->rtmsg_info; |
| 3367 | cfg->fc_dst_len = rtmsg->rtmsg_dst_len; |
| 3368 | cfg->fc_src_len = rtmsg->rtmsg_src_len; |
| 3369 | cfg->fc_flags = rtmsg->rtmsg_flags; |
| 3370 | |
| 3371 | cfg->fc_nlinfo.nl_net = net; |
| 3372 | |
| 3373 | cfg->fc_dst = rtmsg->rtmsg_dst; |
| 3374 | cfg->fc_src = rtmsg->rtmsg_src; |
| 3375 | cfg->fc_gateway = rtmsg->rtmsg_gateway; |
| 3376 | } |
| 3377 | |
| 3378 | int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg) |
| 3379 | { |
| 3380 | struct fib6_config cfg; |
| 3381 | struct in6_rtmsg rtmsg; |
| 3382 | int err; |
| 3383 | |
| 3384 | switch (cmd) { |
| 3385 | case SIOCADDRT: /* Add a route */ |
| 3386 | case SIOCDELRT: /* Delete a route */ |
| 3387 | if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) |
| 3388 | return -EPERM; |
| 3389 | err = copy_from_user(&rtmsg, arg, |
| 3390 | sizeof(struct in6_rtmsg)); |
| 3391 | if (err) |
| 3392 | return -EFAULT; |
| 3393 | |
| 3394 | rtmsg_to_fib6_config(net, &rtmsg, &cfg); |
| 3395 | |
| 3396 | rtnl_lock(); |
| 3397 | switch (cmd) { |
| 3398 | case SIOCADDRT: |
| 3399 | err = ip6_route_add(&cfg, NULL); |
| 3400 | break; |
| 3401 | case SIOCDELRT: |
| 3402 | err = ip6_route_del(&cfg, NULL); |
| 3403 | break; |
| 3404 | default: |
| 3405 | err = -EINVAL; |
| 3406 | } |
| 3407 | rtnl_unlock(); |
| 3408 | |
| 3409 | return err; |
| 3410 | } |
| 3411 | |
| 3412 | return -EINVAL; |
| 3413 | } |
| 3414 | |
| 3415 | /* |
| 3416 | * Drop the packet on the floor |
| 3417 | */ |
| 3418 | |
| 3419 | static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes) |
| 3420 | { |
| 3421 | int type; |
| 3422 | struct dst_entry *dst = skb_dst(skb); |
| 3423 | switch (ipstats_mib_noroutes) { |
| 3424 | case IPSTATS_MIB_INNOROUTES: |
| 3425 | type = ipv6_addr_type(&ipv6_hdr(skb)->daddr); |
| 3426 | if (type == IPV6_ADDR_ANY) { |
| 3427 | IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), |
| 3428 | IPSTATS_MIB_INADDRERRORS); |
| 3429 | break; |
| 3430 | } |
| 3431 | /* FALLTHROUGH */ |
| 3432 | case IPSTATS_MIB_OUTNOROUTES: |
| 3433 | IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), |
| 3434 | ipstats_mib_noroutes); |
| 3435 | break; |
| 3436 | } |
| 3437 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0); |
| 3438 | kfree_skb(skb); |
| 3439 | return 0; |
| 3440 | } |
| 3441 | |
| 3442 | static int ip6_pkt_discard(struct sk_buff *skb) |
| 3443 | { |
| 3444 | return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES); |
| 3445 | } |
| 3446 | |
| 3447 | static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 3448 | { |
| 3449 | skb->dev = skb_dst(skb)->dev; |
| 3450 | return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES); |
| 3451 | } |
| 3452 | |
| 3453 | static int ip6_pkt_prohibit(struct sk_buff *skb) |
| 3454 | { |
| 3455 | return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES); |
| 3456 | } |
| 3457 | |
| 3458 | static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 3459 | { |
| 3460 | skb->dev = skb_dst(skb)->dev; |
| 3461 | return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); |
| 3462 | } |
| 3463 | |
| 3464 | /* |
| 3465 | * Allocate a dst for local (unicast / anycast) address. |
| 3466 | */ |
| 3467 | |
| 3468 | struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev, |
| 3469 | const struct in6_addr *addr, |
| 3470 | bool anycast) |
| 3471 | { |
| 3472 | u32 tb_id; |
| 3473 | struct net *net = dev_net(idev->dev); |
| 3474 | struct net_device *dev = idev->dev; |
| 3475 | struct rt6_info *rt; |
| 3476 | |
| 3477 | rt = ip6_dst_alloc(net, dev, DST_NOCOUNT); |
| 3478 | if (!rt) |
| 3479 | return ERR_PTR(-ENOMEM); |
| 3480 | |
| 3481 | in6_dev_hold(idev); |
| 3482 | |
| 3483 | rt->dst.flags |= DST_HOST; |
| 3484 | rt->dst.input = ip6_input; |
| 3485 | rt->dst.output = ip6_output; |
| 3486 | rt->rt6i_idev = idev; |
| 3487 | |
| 3488 | rt->rt6i_protocol = RTPROT_KERNEL; |
| 3489 | rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; |
| 3490 | if (anycast) |
| 3491 | rt->rt6i_flags |= RTF_ANYCAST; |
| 3492 | else |
| 3493 | rt->rt6i_flags |= RTF_LOCAL; |
| 3494 | |
| 3495 | rt->rt6i_gateway = *addr; |
| 3496 | rt->rt6i_dst.addr = *addr; |
| 3497 | rt->rt6i_dst.plen = 128; |
| 3498 | tb_id = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL; |
| 3499 | rt->rt6i_table = fib6_get_table(net, tb_id); |
| 3500 | |
| 3501 | return rt; |
| 3502 | } |
| 3503 | |
| 3504 | /* remove deleted ip from prefsrc entries */ |
| 3505 | struct arg_dev_net_ip { |
| 3506 | struct net_device *dev; |
| 3507 | struct net *net; |
| 3508 | struct in6_addr *addr; |
| 3509 | }; |
| 3510 | |
| 3511 | static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg) |
| 3512 | { |
| 3513 | struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev; |
| 3514 | struct net *net = ((struct arg_dev_net_ip *)arg)->net; |
| 3515 | struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr; |
| 3516 | |
| 3517 | if (((void *)rt->dst.dev == dev || !dev) && |
| 3518 | rt != net->ipv6.ip6_null_entry && |
| 3519 | ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) { |
| 3520 | spin_lock_bh(&rt6_exception_lock); |
| 3521 | /* remove prefsrc entry */ |
| 3522 | rt->rt6i_prefsrc.plen = 0; |
| 3523 | /* need to update cache as well */ |
| 3524 | rt6_exceptions_remove_prefsrc(rt); |
| 3525 | spin_unlock_bh(&rt6_exception_lock); |
| 3526 | } |
| 3527 | return 0; |
| 3528 | } |
| 3529 | |
| 3530 | void rt6_remove_prefsrc(struct inet6_ifaddr *ifp) |
| 3531 | { |
| 3532 | struct net *net = dev_net(ifp->idev->dev); |
| 3533 | struct arg_dev_net_ip adni = { |
| 3534 | .dev = ifp->idev->dev, |
| 3535 | .net = net, |
| 3536 | .addr = &ifp->addr, |
| 3537 | }; |
| 3538 | fib6_clean_all(net, fib6_remove_prefsrc, &adni); |
| 3539 | } |
| 3540 | |
| 3541 | #define RTF_RA_ROUTER (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY) |
| 3542 | |
| 3543 | /* Remove routers and update dst entries when gateway turn into host. */ |
| 3544 | static int fib6_clean_tohost(struct rt6_info *rt, void *arg) |
| 3545 | { |
| 3546 | struct in6_addr *gateway = (struct in6_addr *)arg; |
| 3547 | |
| 3548 | if (((rt->rt6i_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) && |
| 3549 | ipv6_addr_equal(gateway, &rt->rt6i_gateway)) { |
| 3550 | return -1; |
| 3551 | } |
| 3552 | |
| 3553 | /* Further clean up cached routes in exception table. |
| 3554 | * This is needed because cached route may have a different |
| 3555 | * gateway than its 'parent' in the case of an ip redirect. |
| 3556 | */ |
| 3557 | rt6_exceptions_clean_tohost(rt, gateway); |
| 3558 | |
| 3559 | return 0; |
| 3560 | } |
| 3561 | |
| 3562 | void rt6_clean_tohost(struct net *net, struct in6_addr *gateway) |
| 3563 | { |
| 3564 | fib6_clean_all(net, fib6_clean_tohost, gateway); |
| 3565 | } |
| 3566 | |
| 3567 | struct arg_netdev_event { |
| 3568 | const struct net_device *dev; |
| 3569 | union { |
| 3570 | unsigned int nh_flags; |
| 3571 | unsigned long event; |
| 3572 | }; |
| 3573 | }; |
| 3574 | |
| 3575 | static struct rt6_info *rt6_multipath_first_sibling(const struct rt6_info *rt) |
| 3576 | { |
| 3577 | struct rt6_info *iter; |
| 3578 | struct fib6_node *fn; |
| 3579 | |
| 3580 | fn = rcu_dereference_protected(rt->rt6i_node, |
| 3581 | lockdep_is_held(&rt->rt6i_table->tb6_lock)); |
| 3582 | iter = rcu_dereference_protected(fn->leaf, |
| 3583 | lockdep_is_held(&rt->rt6i_table->tb6_lock)); |
| 3584 | while (iter) { |
| 3585 | if (iter->rt6i_metric == rt->rt6i_metric && |
| 3586 | rt6_qualify_for_ecmp(iter)) |
| 3587 | return iter; |
| 3588 | iter = rcu_dereference_protected(iter->rt6_next, |
| 3589 | lockdep_is_held(&rt->rt6i_table->tb6_lock)); |
| 3590 | } |
| 3591 | |
| 3592 | return NULL; |
| 3593 | } |
| 3594 | |
| 3595 | static bool rt6_is_dead(const struct rt6_info *rt) |
| 3596 | { |
| 3597 | if (rt->rt6i_nh_flags & RTNH_F_DEAD || |
| 3598 | (rt->rt6i_nh_flags & RTNH_F_LINKDOWN && |
| 3599 | rt->rt6i_idev->cnf.ignore_routes_with_linkdown)) |
| 3600 | return true; |
| 3601 | |
| 3602 | return false; |
| 3603 | } |
| 3604 | |
| 3605 | static int rt6_multipath_total_weight(const struct rt6_info *rt) |
| 3606 | { |
| 3607 | struct rt6_info *iter; |
| 3608 | int total = 0; |
| 3609 | |
| 3610 | if (!rt6_is_dead(rt)) |
| 3611 | total += rt->rt6i_nh_weight; |
| 3612 | |
| 3613 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) { |
| 3614 | if (!rt6_is_dead(iter)) |
| 3615 | total += iter->rt6i_nh_weight; |
| 3616 | } |
| 3617 | |
| 3618 | return total; |
| 3619 | } |
| 3620 | |
| 3621 | static void rt6_upper_bound_set(struct rt6_info *rt, int *weight, int total) |
| 3622 | { |
| 3623 | int upper_bound = -1; |
| 3624 | |
| 3625 | if (!rt6_is_dead(rt)) { |
| 3626 | *weight += rt->rt6i_nh_weight; |
| 3627 | upper_bound = DIV_ROUND_CLOSEST_ULL((u64) (*weight) << 31, |
| 3628 | total) - 1; |
| 3629 | } |
| 3630 | atomic_set(&rt->rt6i_nh_upper_bound, upper_bound); |
| 3631 | } |
| 3632 | |
| 3633 | static void rt6_multipath_upper_bound_set(struct rt6_info *rt, int total) |
| 3634 | { |
| 3635 | struct rt6_info *iter; |
| 3636 | int weight = 0; |
| 3637 | |
| 3638 | rt6_upper_bound_set(rt, &weight, total); |
| 3639 | |
| 3640 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) |
| 3641 | rt6_upper_bound_set(iter, &weight, total); |
| 3642 | } |
| 3643 | |
| 3644 | void rt6_multipath_rebalance(struct rt6_info *rt) |
| 3645 | { |
| 3646 | struct rt6_info *first; |
| 3647 | int total; |
| 3648 | |
| 3649 | /* In case the entire multipath route was marked for flushing, |
| 3650 | * then there is no need to rebalance upon the removal of every |
| 3651 | * sibling route. |
| 3652 | */ |
| 3653 | if (!rt->rt6i_nsiblings || rt->should_flush) |
| 3654 | return; |
| 3655 | |
| 3656 | /* During lookup routes are evaluated in order, so we need to |
| 3657 | * make sure upper bounds are assigned from the first sibling |
| 3658 | * onwards. |
| 3659 | */ |
| 3660 | first = rt6_multipath_first_sibling(rt); |
| 3661 | if (WARN_ON_ONCE(!first)) |
| 3662 | return; |
| 3663 | |
| 3664 | total = rt6_multipath_total_weight(first); |
| 3665 | rt6_multipath_upper_bound_set(first, total); |
| 3666 | } |
| 3667 | |
| 3668 | static int fib6_ifup(struct rt6_info *rt, void *p_arg) |
| 3669 | { |
| 3670 | const struct arg_netdev_event *arg = p_arg; |
| 3671 | const struct net *net = dev_net(arg->dev); |
| 3672 | |
| 3673 | if (rt != net->ipv6.ip6_null_entry && rt->dst.dev == arg->dev) { |
| 3674 | rt->rt6i_nh_flags &= ~arg->nh_flags; |
| 3675 | fib6_update_sernum_upto_root(dev_net(rt->dst.dev), rt); |
| 3676 | rt6_multipath_rebalance(rt); |
| 3677 | } |
| 3678 | |
| 3679 | return 0; |
| 3680 | } |
| 3681 | |
| 3682 | void rt6_sync_up(struct net_device *dev, unsigned int nh_flags) |
| 3683 | { |
| 3684 | struct arg_netdev_event arg = { |
| 3685 | .dev = dev, |
| 3686 | { |
| 3687 | .nh_flags = nh_flags, |
| 3688 | }, |
| 3689 | }; |
| 3690 | |
| 3691 | if (nh_flags & RTNH_F_DEAD && netif_carrier_ok(dev)) |
| 3692 | arg.nh_flags |= RTNH_F_LINKDOWN; |
| 3693 | |
| 3694 | fib6_clean_all(dev_net(dev), fib6_ifup, &arg); |
| 3695 | } |
| 3696 | |
| 3697 | static bool rt6_multipath_uses_dev(const struct rt6_info *rt, |
| 3698 | const struct net_device *dev) |
| 3699 | { |
| 3700 | struct rt6_info *iter; |
| 3701 | |
| 3702 | if (rt->dst.dev == dev) |
| 3703 | return true; |
| 3704 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) |
| 3705 | if (iter->dst.dev == dev) |
| 3706 | return true; |
| 3707 | |
| 3708 | return false; |
| 3709 | } |
| 3710 | |
| 3711 | static void rt6_multipath_flush(struct rt6_info *rt) |
| 3712 | { |
| 3713 | struct rt6_info *iter; |
| 3714 | |
| 3715 | rt->should_flush = 1; |
| 3716 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) |
| 3717 | iter->should_flush = 1; |
| 3718 | } |
| 3719 | |
| 3720 | static unsigned int rt6_multipath_dead_count(const struct rt6_info *rt, |
| 3721 | const struct net_device *down_dev) |
| 3722 | { |
| 3723 | struct rt6_info *iter; |
| 3724 | unsigned int dead = 0; |
| 3725 | |
| 3726 | if (rt->dst.dev == down_dev || rt->rt6i_nh_flags & RTNH_F_DEAD) |
| 3727 | dead++; |
| 3728 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) |
| 3729 | if (iter->dst.dev == down_dev || |
| 3730 | iter->rt6i_nh_flags & RTNH_F_DEAD) |
| 3731 | dead++; |
| 3732 | |
| 3733 | return dead; |
| 3734 | } |
| 3735 | |
| 3736 | static void rt6_multipath_nh_flags_set(struct rt6_info *rt, |
| 3737 | const struct net_device *dev, |
| 3738 | unsigned int nh_flags) |
| 3739 | { |
| 3740 | struct rt6_info *iter; |
| 3741 | |
| 3742 | if (rt->dst.dev == dev) |
| 3743 | rt->rt6i_nh_flags |= nh_flags; |
| 3744 | list_for_each_entry(iter, &rt->rt6i_siblings, rt6i_siblings) |
| 3745 | if (iter->dst.dev == dev) |
| 3746 | iter->rt6i_nh_flags |= nh_flags; |
| 3747 | } |
| 3748 | |
| 3749 | /* called with write lock held for table with rt */ |
| 3750 | static int fib6_ifdown(struct rt6_info *rt, void *p_arg) |
| 3751 | { |
| 3752 | const struct arg_netdev_event *arg = p_arg; |
| 3753 | const struct net_device *dev = arg->dev; |
| 3754 | const struct net *net = dev_net(dev); |
| 3755 | |
| 3756 | if (rt == net->ipv6.ip6_null_entry) |
| 3757 | return 0; |
| 3758 | |
| 3759 | switch (arg->event) { |
| 3760 | case NETDEV_UNREGISTER: |
| 3761 | return rt->dst.dev == dev ? -1 : 0; |
| 3762 | case NETDEV_DOWN: |
| 3763 | if (rt->should_flush) |
| 3764 | return -1; |
| 3765 | if (!rt->rt6i_nsiblings) |
| 3766 | return rt->dst.dev == dev ? -1 : 0; |
| 3767 | if (rt6_multipath_uses_dev(rt, dev)) { |
| 3768 | unsigned int count; |
| 3769 | |
| 3770 | count = rt6_multipath_dead_count(rt, dev); |
| 3771 | if (rt->rt6i_nsiblings + 1 == count) { |
| 3772 | rt6_multipath_flush(rt); |
| 3773 | return -1; |
| 3774 | } |
| 3775 | rt6_multipath_nh_flags_set(rt, dev, RTNH_F_DEAD | |
| 3776 | RTNH_F_LINKDOWN); |
| 3777 | fib6_update_sernum(rt); |
| 3778 | rt6_multipath_rebalance(rt); |
| 3779 | } |
| 3780 | return -2; |
| 3781 | case NETDEV_CHANGE: |
| 3782 | if (rt->dst.dev != dev || |
| 3783 | rt->rt6i_flags & (RTF_LOCAL | RTF_ANYCAST)) |
| 3784 | break; |
| 3785 | rt->rt6i_nh_flags |= RTNH_F_LINKDOWN; |
| 3786 | rt6_multipath_rebalance(rt); |
| 3787 | break; |
| 3788 | } |
| 3789 | |
| 3790 | return 0; |
| 3791 | } |
| 3792 | |
| 3793 | void rt6_sync_down_dev(struct net_device *dev, unsigned long event) |
| 3794 | { |
| 3795 | struct arg_netdev_event arg = { |
| 3796 | .dev = dev, |
| 3797 | { |
| 3798 | .event = event, |
| 3799 | }, |
| 3800 | }; |
| 3801 | |
| 3802 | fib6_clean_all(dev_net(dev), fib6_ifdown, &arg); |
| 3803 | } |
| 3804 | |
| 3805 | void rt6_disable_ip(struct net_device *dev, unsigned long event) |
| 3806 | { |
| 3807 | rt6_sync_down_dev(dev, event); |
| 3808 | rt6_uncached_list_flush_dev(dev_net(dev), dev); |
| 3809 | neigh_ifdown(&nd_tbl, dev); |
| 3810 | } |
| 3811 | |
| 3812 | struct rt6_mtu_change_arg { |
| 3813 | struct net_device *dev; |
| 3814 | unsigned int mtu; |
| 3815 | }; |
| 3816 | |
| 3817 | static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg) |
| 3818 | { |
| 3819 | struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg; |
| 3820 | struct inet6_dev *idev; |
| 3821 | |
| 3822 | /* In IPv6 pmtu discovery is not optional, |
| 3823 | so that RTAX_MTU lock cannot disable it. |
| 3824 | We still use this lock to block changes |
| 3825 | caused by addrconf/ndisc. |
| 3826 | */ |
| 3827 | |
| 3828 | idev = __in6_dev_get(arg->dev); |
| 3829 | if (!idev) |
| 3830 | return 0; |
| 3831 | |
| 3832 | /* For administrative MTU increase, there is no way to discover |
| 3833 | IPv6 PMTU increase, so PMTU increase should be updated here. |
| 3834 | Since RFC 1981 doesn't include administrative MTU increase |
| 3835 | update PMTU increase is a MUST. (i.e. jumbo frame) |
| 3836 | */ |
| 3837 | if (rt->dst.dev == arg->dev && |
| 3838 | !dst_metric_locked(&rt->dst, RTAX_MTU)) { |
| 3839 | spin_lock_bh(&rt6_exception_lock); |
| 3840 | if (dst_metric_raw(&rt->dst, RTAX_MTU) && |
| 3841 | rt6_mtu_change_route_allowed(idev, rt, arg->mtu)) |
| 3842 | dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu); |
| 3843 | rt6_exceptions_update_pmtu(idev, rt, arg->mtu); |
| 3844 | spin_unlock_bh(&rt6_exception_lock); |
| 3845 | } |
| 3846 | return 0; |
| 3847 | } |
| 3848 | |
| 3849 | void rt6_mtu_change(struct net_device *dev, unsigned int mtu) |
| 3850 | { |
| 3851 | struct rt6_mtu_change_arg arg = { |
| 3852 | .dev = dev, |
| 3853 | .mtu = mtu, |
| 3854 | }; |
| 3855 | |
| 3856 | fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg); |
| 3857 | } |
| 3858 | |
| 3859 | static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = { |
| 3860 | [RTA_GATEWAY] = { .len = sizeof(struct in6_addr) }, |
| 3861 | [RTA_OIF] = { .type = NLA_U32 }, |
| 3862 | [RTA_IIF] = { .type = NLA_U32 }, |
| 3863 | [RTA_PRIORITY] = { .type = NLA_U32 }, |
| 3864 | [RTA_METRICS] = { .type = NLA_NESTED }, |
| 3865 | [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, |
| 3866 | [RTA_PREF] = { .type = NLA_U8 }, |
| 3867 | [RTA_ENCAP_TYPE] = { .type = NLA_U16 }, |
| 3868 | [RTA_ENCAP] = { .type = NLA_NESTED }, |
| 3869 | [RTA_EXPIRES] = { .type = NLA_U32 }, |
| 3870 | [RTA_UID] = { .type = NLA_U32 }, |
| 3871 | [RTA_MARK] = { .type = NLA_U32 }, |
| 3872 | }; |
| 3873 | |
| 3874 | static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 3875 | struct fib6_config *cfg, |
| 3876 | struct netlink_ext_ack *extack) |
| 3877 | { |
| 3878 | struct rtmsg *rtm; |
| 3879 | struct nlattr *tb[RTA_MAX+1]; |
| 3880 | unsigned int pref; |
| 3881 | int err; |
| 3882 | |
| 3883 | err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy, |
| 3884 | NULL); |
| 3885 | if (err < 0) |
| 3886 | goto errout; |
| 3887 | |
| 3888 | err = -EINVAL; |
| 3889 | rtm = nlmsg_data(nlh); |
| 3890 | memset(cfg, 0, sizeof(*cfg)); |
| 3891 | |
| 3892 | cfg->fc_table = rtm->rtm_table; |
| 3893 | cfg->fc_dst_len = rtm->rtm_dst_len; |
| 3894 | cfg->fc_src_len = rtm->rtm_src_len; |
| 3895 | cfg->fc_flags = RTF_UP; |
| 3896 | cfg->fc_protocol = rtm->rtm_protocol; |
| 3897 | cfg->fc_type = rtm->rtm_type; |
| 3898 | |
| 3899 | if (rtm->rtm_type == RTN_UNREACHABLE || |
| 3900 | rtm->rtm_type == RTN_BLACKHOLE || |
| 3901 | rtm->rtm_type == RTN_PROHIBIT || |
| 3902 | rtm->rtm_type == RTN_THROW) |
| 3903 | cfg->fc_flags |= RTF_REJECT; |
| 3904 | |
| 3905 | if (rtm->rtm_type == RTN_LOCAL) |
| 3906 | cfg->fc_flags |= RTF_LOCAL; |
| 3907 | |
| 3908 | if (rtm->rtm_flags & RTM_F_CLONED) |
| 3909 | cfg->fc_flags |= RTF_CACHE; |
| 3910 | |
| 3911 | cfg->fc_flags |= (rtm->rtm_flags & RTNH_F_ONLINK); |
| 3912 | |
| 3913 | cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid; |
| 3914 | cfg->fc_nlinfo.nlh = nlh; |
| 3915 | cfg->fc_nlinfo.nl_net = sock_net(skb->sk); |
| 3916 | |
| 3917 | if (tb[RTA_GATEWAY]) { |
| 3918 | cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]); |
| 3919 | cfg->fc_flags |= RTF_GATEWAY; |
| 3920 | } |
| 3921 | |
| 3922 | if (tb[RTA_DST]) { |
| 3923 | int plen = (rtm->rtm_dst_len + 7) >> 3; |
| 3924 | |
| 3925 | if (nla_len(tb[RTA_DST]) < plen) |
| 3926 | goto errout; |
| 3927 | |
| 3928 | nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen); |
| 3929 | } |
| 3930 | |
| 3931 | if (tb[RTA_SRC]) { |
| 3932 | int plen = (rtm->rtm_src_len + 7) >> 3; |
| 3933 | |
| 3934 | if (nla_len(tb[RTA_SRC]) < plen) |
| 3935 | goto errout; |
| 3936 | |
| 3937 | nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen); |
| 3938 | } |
| 3939 | |
| 3940 | if (tb[RTA_PREFSRC]) |
| 3941 | cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]); |
| 3942 | |
| 3943 | if (tb[RTA_OIF]) |
| 3944 | cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]); |
| 3945 | |
| 3946 | if (tb[RTA_PRIORITY]) |
| 3947 | cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]); |
| 3948 | |
| 3949 | if (tb[RTA_METRICS]) { |
| 3950 | cfg->fc_mx = nla_data(tb[RTA_METRICS]); |
| 3951 | cfg->fc_mx_len = nla_len(tb[RTA_METRICS]); |
| 3952 | } |
| 3953 | |
| 3954 | if (tb[RTA_TABLE]) |
| 3955 | cfg->fc_table = nla_get_u32(tb[RTA_TABLE]); |
| 3956 | |
| 3957 | if (tb[RTA_MULTIPATH]) { |
| 3958 | cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]); |
| 3959 | cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]); |
| 3960 | |
| 3961 | err = lwtunnel_valid_encap_type_attr(cfg->fc_mp, |
| 3962 | cfg->fc_mp_len, extack); |
| 3963 | if (err < 0) |
| 3964 | goto errout; |
| 3965 | } |
| 3966 | |
| 3967 | if (tb[RTA_PREF]) { |
| 3968 | pref = nla_get_u8(tb[RTA_PREF]); |
| 3969 | if (pref != ICMPV6_ROUTER_PREF_LOW && |
| 3970 | pref != ICMPV6_ROUTER_PREF_HIGH) |
| 3971 | pref = ICMPV6_ROUTER_PREF_MEDIUM; |
| 3972 | cfg->fc_flags |= RTF_PREF(pref); |
| 3973 | } |
| 3974 | |
| 3975 | if (tb[RTA_ENCAP]) |
| 3976 | cfg->fc_encap = tb[RTA_ENCAP]; |
| 3977 | |
| 3978 | if (tb[RTA_ENCAP_TYPE]) { |
| 3979 | cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]); |
| 3980 | |
| 3981 | err = lwtunnel_valid_encap_type(cfg->fc_encap_type, extack); |
| 3982 | if (err < 0) |
| 3983 | goto errout; |
| 3984 | } |
| 3985 | |
| 3986 | if (tb[RTA_EXPIRES]) { |
| 3987 | unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ); |
| 3988 | |
| 3989 | if (addrconf_finite_timeout(timeout)) { |
| 3990 | cfg->fc_expires = jiffies_to_clock_t(timeout * HZ); |
| 3991 | cfg->fc_flags |= RTF_EXPIRES; |
| 3992 | } |
| 3993 | } |
| 3994 | |
| 3995 | err = 0; |
| 3996 | errout: |
| 3997 | return err; |
| 3998 | } |
| 3999 | |
| 4000 | struct rt6_nh { |
| 4001 | struct rt6_info *rt6_info; |
| 4002 | struct fib6_config r_cfg; |
| 4003 | struct mx6_config mxc; |
| 4004 | struct list_head next; |
| 4005 | }; |
| 4006 | |
| 4007 | static void ip6_print_replace_route_err(struct list_head *rt6_nh_list) |
| 4008 | { |
| 4009 | struct rt6_nh *nh; |
| 4010 | |
| 4011 | list_for_each_entry(nh, rt6_nh_list, next) { |
| 4012 | pr_warn("IPV6: multipath route replace failed (check consistency of installed routes): %pI6c nexthop %pI6c ifi %d\n", |
| 4013 | &nh->r_cfg.fc_dst, &nh->r_cfg.fc_gateway, |
| 4014 | nh->r_cfg.fc_ifindex); |
| 4015 | } |
| 4016 | } |
| 4017 | |
| 4018 | static int ip6_route_info_append(struct list_head *rt6_nh_list, |
| 4019 | struct rt6_info *rt, struct fib6_config *r_cfg) |
| 4020 | { |
| 4021 | struct rt6_nh *nh; |
| 4022 | int err = -EEXIST; |
| 4023 | |
| 4024 | list_for_each_entry(nh, rt6_nh_list, next) { |
| 4025 | /* check if rt6_info already exists */ |
| 4026 | if (rt6_duplicate_nexthop(nh->rt6_info, rt)) |
| 4027 | return err; |
| 4028 | } |
| 4029 | |
| 4030 | nh = kzalloc(sizeof(*nh), GFP_KERNEL); |
| 4031 | if (!nh) |
| 4032 | return -ENOMEM; |
| 4033 | nh->rt6_info = rt; |
| 4034 | err = ip6_convert_metrics(&nh->mxc, r_cfg); |
| 4035 | if (err) { |
| 4036 | kfree(nh); |
| 4037 | return err; |
| 4038 | } |
| 4039 | memcpy(&nh->r_cfg, r_cfg, sizeof(*r_cfg)); |
| 4040 | list_add_tail(&nh->next, rt6_nh_list); |
| 4041 | |
| 4042 | return 0; |
| 4043 | } |
| 4044 | |
| 4045 | static void ip6_route_mpath_notify(struct rt6_info *rt, |
| 4046 | struct rt6_info *rt_last, |
| 4047 | struct nl_info *info, |
| 4048 | __u16 nlflags) |
| 4049 | { |
| 4050 | /* if this is an APPEND route, then rt points to the first route |
| 4051 | * inserted and rt_last points to last route inserted. Userspace |
| 4052 | * wants a consistent dump of the route which starts at the first |
| 4053 | * nexthop. Since sibling routes are always added at the end of |
| 4054 | * the list, find the first sibling of the last route appended |
| 4055 | */ |
| 4056 | if ((nlflags & NLM_F_APPEND) && rt_last && rt_last->rt6i_nsiblings) { |
| 4057 | rt = list_first_entry(&rt_last->rt6i_siblings, |
| 4058 | struct rt6_info, |
| 4059 | rt6i_siblings); |
| 4060 | } |
| 4061 | |
| 4062 | if (rt) |
| 4063 | inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags); |
| 4064 | } |
| 4065 | |
| 4066 | static int ip6_route_multipath_add(struct fib6_config *cfg, |
| 4067 | struct netlink_ext_ack *extack) |
| 4068 | { |
| 4069 | struct rt6_info *rt_notif = NULL, *rt_last = NULL; |
| 4070 | struct nl_info *info = &cfg->fc_nlinfo; |
| 4071 | struct fib6_config r_cfg; |
| 4072 | struct rtnexthop *rtnh; |
| 4073 | struct rt6_info *rt; |
| 4074 | struct rt6_nh *err_nh; |
| 4075 | struct rt6_nh *nh, *nh_safe; |
| 4076 | __u16 nlflags; |
| 4077 | int remaining; |
| 4078 | int attrlen; |
| 4079 | int err = 1; |
| 4080 | int nhn = 0; |
| 4081 | int replace = (cfg->fc_nlinfo.nlh && |
| 4082 | (cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_REPLACE)); |
| 4083 | LIST_HEAD(rt6_nh_list); |
| 4084 | |
| 4085 | nlflags = replace ? NLM_F_REPLACE : NLM_F_CREATE; |
| 4086 | if (info->nlh && info->nlh->nlmsg_flags & NLM_F_APPEND) |
| 4087 | nlflags |= NLM_F_APPEND; |
| 4088 | |
| 4089 | remaining = cfg->fc_mp_len; |
| 4090 | rtnh = (struct rtnexthop *)cfg->fc_mp; |
| 4091 | |
| 4092 | /* Parse a Multipath Entry and build a list (rt6_nh_list) of |
| 4093 | * rt6_info structs per nexthop |
| 4094 | */ |
| 4095 | while (rtnh_ok(rtnh, remaining)) { |
| 4096 | memcpy(&r_cfg, cfg, sizeof(*cfg)); |
| 4097 | if (rtnh->rtnh_ifindex) |
| 4098 | r_cfg.fc_ifindex = rtnh->rtnh_ifindex; |
| 4099 | |
| 4100 | attrlen = rtnh_attrlen(rtnh); |
| 4101 | if (attrlen > 0) { |
| 4102 | struct nlattr *nla, *attrs = rtnh_attrs(rtnh); |
| 4103 | |
| 4104 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); |
| 4105 | if (nla) { |
| 4106 | r_cfg.fc_gateway = nla_get_in6_addr(nla); |
| 4107 | r_cfg.fc_flags |= RTF_GATEWAY; |
| 4108 | } |
| 4109 | r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP); |
| 4110 | nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); |
| 4111 | if (nla) |
| 4112 | r_cfg.fc_encap_type = nla_get_u16(nla); |
| 4113 | } |
| 4114 | |
| 4115 | r_cfg.fc_flags |= (rtnh->rtnh_flags & RTNH_F_ONLINK); |
| 4116 | rt = ip6_route_info_create(&r_cfg, extack); |
| 4117 | if (IS_ERR(rt)) { |
| 4118 | err = PTR_ERR(rt); |
| 4119 | rt = NULL; |
| 4120 | goto cleanup; |
| 4121 | } |
| 4122 | |
| 4123 | rt->rt6i_nh_weight = rtnh->rtnh_hops + 1; |
| 4124 | |
| 4125 | err = ip6_route_info_append(&rt6_nh_list, rt, &r_cfg); |
| 4126 | if (err) { |
| 4127 | dst_release_immediate(&rt->dst); |
| 4128 | goto cleanup; |
| 4129 | } |
| 4130 | |
| 4131 | rtnh = rtnh_next(rtnh, &remaining); |
| 4132 | } |
| 4133 | |
| 4134 | /* for add and replace send one notification with all nexthops. |
| 4135 | * Skip the notification in fib6_add_rt2node and send one with |
| 4136 | * the full route when done |
| 4137 | */ |
| 4138 | info->skip_notify = 1; |
| 4139 | |
| 4140 | err_nh = NULL; |
| 4141 | list_for_each_entry(nh, &rt6_nh_list, next) { |
| 4142 | rt_last = nh->rt6_info; |
| 4143 | err = __ip6_ins_rt(nh->rt6_info, info, &nh->mxc, extack); |
| 4144 | /* save reference to first route for notification */ |
| 4145 | if (!rt_notif && !err) |
| 4146 | rt_notif = nh->rt6_info; |
| 4147 | |
| 4148 | /* nh->rt6_info is used or freed at this point, reset to NULL*/ |
| 4149 | nh->rt6_info = NULL; |
| 4150 | if (err) { |
| 4151 | if (replace && nhn) |
| 4152 | ip6_print_replace_route_err(&rt6_nh_list); |
| 4153 | err_nh = nh; |
| 4154 | goto add_errout; |
| 4155 | } |
| 4156 | |
| 4157 | /* Because each route is added like a single route we remove |
| 4158 | * these flags after the first nexthop: if there is a collision, |
| 4159 | * we have already failed to add the first nexthop: |
| 4160 | * fib6_add_rt2node() has rejected it; when replacing, old |
| 4161 | * nexthops have been replaced by first new, the rest should |
| 4162 | * be added to it. |
| 4163 | */ |
| 4164 | cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | |
| 4165 | NLM_F_REPLACE); |
| 4166 | nhn++; |
| 4167 | } |
| 4168 | |
| 4169 | /* success ... tell user about new route */ |
| 4170 | ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags); |
| 4171 | goto cleanup; |
| 4172 | |
| 4173 | add_errout: |
| 4174 | /* send notification for routes that were added so that |
| 4175 | * the delete notifications sent by ip6_route_del are |
| 4176 | * coherent |
| 4177 | */ |
| 4178 | if (rt_notif) |
| 4179 | ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags); |
| 4180 | |
| 4181 | /* Delete routes that were already added */ |
| 4182 | list_for_each_entry(nh, &rt6_nh_list, next) { |
| 4183 | if (err_nh == nh) |
| 4184 | break; |
| 4185 | ip6_route_del(&nh->r_cfg, extack); |
| 4186 | } |
| 4187 | |
| 4188 | cleanup: |
| 4189 | list_for_each_entry_safe(nh, nh_safe, &rt6_nh_list, next) { |
| 4190 | if (nh->rt6_info) |
| 4191 | dst_release_immediate(&nh->rt6_info->dst); |
| 4192 | kfree(nh->mxc.mx); |
| 4193 | list_del(&nh->next); |
| 4194 | kfree(nh); |
| 4195 | } |
| 4196 | |
| 4197 | return err; |
| 4198 | } |
| 4199 | |
| 4200 | static int ip6_route_multipath_del(struct fib6_config *cfg, |
| 4201 | struct netlink_ext_ack *extack) |
| 4202 | { |
| 4203 | struct fib6_config r_cfg; |
| 4204 | struct rtnexthop *rtnh; |
| 4205 | int remaining; |
| 4206 | int attrlen; |
| 4207 | int err = 1, last_err = 0; |
| 4208 | |
| 4209 | remaining = cfg->fc_mp_len; |
| 4210 | rtnh = (struct rtnexthop *)cfg->fc_mp; |
| 4211 | |
| 4212 | /* Parse a Multipath Entry */ |
| 4213 | while (rtnh_ok(rtnh, remaining)) { |
| 4214 | memcpy(&r_cfg, cfg, sizeof(*cfg)); |
| 4215 | if (rtnh->rtnh_ifindex) |
| 4216 | r_cfg.fc_ifindex = rtnh->rtnh_ifindex; |
| 4217 | |
| 4218 | attrlen = rtnh_attrlen(rtnh); |
| 4219 | if (attrlen > 0) { |
| 4220 | struct nlattr *nla, *attrs = rtnh_attrs(rtnh); |
| 4221 | |
| 4222 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); |
| 4223 | if (nla) { |
| 4224 | nla_memcpy(&r_cfg.fc_gateway, nla, 16); |
| 4225 | r_cfg.fc_flags |= RTF_GATEWAY; |
| 4226 | } |
| 4227 | } |
| 4228 | err = ip6_route_del(&r_cfg, extack); |
| 4229 | if (err) |
| 4230 | last_err = err; |
| 4231 | |
| 4232 | rtnh = rtnh_next(rtnh, &remaining); |
| 4233 | } |
| 4234 | |
| 4235 | return last_err; |
| 4236 | } |
| 4237 | |
| 4238 | static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 4239 | struct netlink_ext_ack *extack) |
| 4240 | { |
| 4241 | struct fib6_config cfg; |
| 4242 | int err; |
| 4243 | |
| 4244 | err = rtm_to_fib6_config(skb, nlh, &cfg, extack); |
| 4245 | if (err < 0) |
| 4246 | return err; |
| 4247 | |
| 4248 | if (cfg.fc_mp) |
| 4249 | return ip6_route_multipath_del(&cfg, extack); |
| 4250 | else { |
| 4251 | cfg.fc_delete_all_nh = 1; |
| 4252 | return ip6_route_del(&cfg, extack); |
| 4253 | } |
| 4254 | } |
| 4255 | |
| 4256 | static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 4257 | struct netlink_ext_ack *extack) |
| 4258 | { |
| 4259 | struct fib6_config cfg; |
| 4260 | int err; |
| 4261 | |
| 4262 | err = rtm_to_fib6_config(skb, nlh, &cfg, extack); |
| 4263 | if (err < 0) |
| 4264 | return err; |
| 4265 | |
| 4266 | if (cfg.fc_mp) |
| 4267 | return ip6_route_multipath_add(&cfg, extack); |
| 4268 | else |
| 4269 | return ip6_route_add(&cfg, extack); |
| 4270 | } |
| 4271 | |
| 4272 | static size_t rt6_nlmsg_size(struct rt6_info *rt) |
| 4273 | { |
| 4274 | int nexthop_len = 0; |
| 4275 | |
| 4276 | if (rt->rt6i_nsiblings) { |
| 4277 | nexthop_len = nla_total_size(0) /* RTA_MULTIPATH */ |
| 4278 | + NLA_ALIGN(sizeof(struct rtnexthop)) |
| 4279 | + nla_total_size(16) /* RTA_GATEWAY */ |
| 4280 | + lwtunnel_get_encap_size(rt->dst.lwtstate); |
| 4281 | |
| 4282 | nexthop_len *= rt->rt6i_nsiblings; |
| 4283 | } |
| 4284 | |
| 4285 | return NLMSG_ALIGN(sizeof(struct rtmsg)) |
| 4286 | + nla_total_size(16) /* RTA_SRC */ |
| 4287 | + nla_total_size(16) /* RTA_DST */ |
| 4288 | + nla_total_size(16) /* RTA_GATEWAY */ |
| 4289 | + nla_total_size(16) /* RTA_PREFSRC */ |
| 4290 | + nla_total_size(4) /* RTA_TABLE */ |
| 4291 | + nla_total_size(4) /* RTA_IIF */ |
| 4292 | + nla_total_size(4) /* RTA_OIF */ |
| 4293 | + nla_total_size(4) /* RTA_PRIORITY */ |
| 4294 | + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */ |
| 4295 | + nla_total_size(sizeof(struct rta_cacheinfo)) |
| 4296 | + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */ |
| 4297 | + nla_total_size(1) /* RTA_PREF */ |
| 4298 | + lwtunnel_get_encap_size(rt->dst.lwtstate) |
| 4299 | + nexthop_len; |
| 4300 | } |
| 4301 | |
| 4302 | static int rt6_nexthop_info(struct sk_buff *skb, struct rt6_info *rt, |
| 4303 | unsigned int *flags, bool skip_oif) |
| 4304 | { |
| 4305 | if (rt->rt6i_nh_flags & RTNH_F_DEAD) |
| 4306 | *flags |= RTNH_F_DEAD; |
| 4307 | |
| 4308 | if (rt->rt6i_nh_flags & RTNH_F_LINKDOWN) { |
| 4309 | *flags |= RTNH_F_LINKDOWN; |
| 4310 | if (rt->rt6i_idev->cnf.ignore_routes_with_linkdown) |
| 4311 | *flags |= RTNH_F_DEAD; |
| 4312 | } |
| 4313 | |
| 4314 | if (rt->rt6i_flags & RTF_GATEWAY) { |
| 4315 | if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->rt6i_gateway) < 0) |
| 4316 | goto nla_put_failure; |
| 4317 | } |
| 4318 | |
| 4319 | *flags |= (rt->rt6i_nh_flags & RTNH_F_ONLINK); |
| 4320 | if (rt->rt6i_nh_flags & RTNH_F_OFFLOAD) |
| 4321 | *flags |= RTNH_F_OFFLOAD; |
| 4322 | |
| 4323 | /* not needed for multipath encoding b/c it has a rtnexthop struct */ |
| 4324 | if (!skip_oif && rt->dst.dev && |
| 4325 | nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex)) |
| 4326 | goto nla_put_failure; |
| 4327 | |
| 4328 | if (rt->dst.lwtstate && |
| 4329 | lwtunnel_fill_encap(skb, rt->dst.lwtstate) < 0) |
| 4330 | goto nla_put_failure; |
| 4331 | |
| 4332 | return 0; |
| 4333 | |
| 4334 | nla_put_failure: |
| 4335 | return -EMSGSIZE; |
| 4336 | } |
| 4337 | |
| 4338 | /* add multipath next hop */ |
| 4339 | static int rt6_add_nexthop(struct sk_buff *skb, struct rt6_info *rt) |
| 4340 | { |
| 4341 | struct rtnexthop *rtnh; |
| 4342 | unsigned int flags = 0; |
| 4343 | |
| 4344 | rtnh = nla_reserve_nohdr(skb, sizeof(*rtnh)); |
| 4345 | if (!rtnh) |
| 4346 | goto nla_put_failure; |
| 4347 | |
| 4348 | rtnh->rtnh_hops = rt->rt6i_nh_weight - 1; |
| 4349 | rtnh->rtnh_ifindex = rt->dst.dev ? rt->dst.dev->ifindex : 0; |
| 4350 | |
| 4351 | if (rt6_nexthop_info(skb, rt, &flags, true) < 0) |
| 4352 | goto nla_put_failure; |
| 4353 | |
| 4354 | rtnh->rtnh_flags = flags; |
| 4355 | |
| 4356 | /* length of rtnetlink header + attributes */ |
| 4357 | rtnh->rtnh_len = nlmsg_get_pos(skb) - (void *)rtnh; |
| 4358 | |
| 4359 | return 0; |
| 4360 | |
| 4361 | nla_put_failure: |
| 4362 | return -EMSGSIZE; |
| 4363 | } |
| 4364 | |
| 4365 | static int rt6_fill_node(struct net *net, |
| 4366 | struct sk_buff *skb, struct rt6_info *rt, |
| 4367 | struct in6_addr *dst, struct in6_addr *src, |
| 4368 | int iif, int type, u32 portid, u32 seq, |
| 4369 | unsigned int flags) |
| 4370 | { |
| 4371 | u32 metrics[RTAX_MAX]; |
| 4372 | struct rtmsg *rtm; |
| 4373 | struct nlmsghdr *nlh; |
| 4374 | long expires; |
| 4375 | u32 table; |
| 4376 | |
| 4377 | nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags); |
| 4378 | if (!nlh) |
| 4379 | return -EMSGSIZE; |
| 4380 | |
| 4381 | rtm = nlmsg_data(nlh); |
| 4382 | rtm->rtm_family = AF_INET6; |
| 4383 | rtm->rtm_dst_len = rt->rt6i_dst.plen; |
| 4384 | rtm->rtm_src_len = rt->rt6i_src.plen; |
| 4385 | rtm->rtm_tos = 0; |
| 4386 | if (rt->rt6i_table) |
| 4387 | table = rt->rt6i_table->tb6_id; |
| 4388 | else |
| 4389 | table = RT6_TABLE_UNSPEC; |
| 4390 | rtm->rtm_table = table; |
| 4391 | if (nla_put_u32(skb, RTA_TABLE, table)) |
| 4392 | goto nla_put_failure; |
| 4393 | if (rt->rt6i_flags & RTF_REJECT) { |
| 4394 | switch (rt->dst.error) { |
| 4395 | case -EINVAL: |
| 4396 | rtm->rtm_type = RTN_BLACKHOLE; |
| 4397 | break; |
| 4398 | case -EACCES: |
| 4399 | rtm->rtm_type = RTN_PROHIBIT; |
| 4400 | break; |
| 4401 | case -EAGAIN: |
| 4402 | rtm->rtm_type = RTN_THROW; |
| 4403 | break; |
| 4404 | default: |
| 4405 | rtm->rtm_type = RTN_UNREACHABLE; |
| 4406 | break; |
| 4407 | } |
| 4408 | } |
| 4409 | else if (rt->rt6i_flags & RTF_LOCAL) |
| 4410 | rtm->rtm_type = RTN_LOCAL; |
| 4411 | else if (rt->rt6i_flags & RTF_ANYCAST) |
| 4412 | rtm->rtm_type = RTN_ANYCAST; |
| 4413 | else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK)) |
| 4414 | rtm->rtm_type = RTN_LOCAL; |
| 4415 | else |
| 4416 | rtm->rtm_type = RTN_UNICAST; |
| 4417 | rtm->rtm_flags = 0; |
| 4418 | rtm->rtm_scope = RT_SCOPE_UNIVERSE; |
| 4419 | rtm->rtm_protocol = rt->rt6i_protocol; |
| 4420 | |
| 4421 | if (rt->rt6i_flags & RTF_CACHE) |
| 4422 | rtm->rtm_flags |= RTM_F_CLONED; |
| 4423 | |
| 4424 | if (dst) { |
| 4425 | if (nla_put_in6_addr(skb, RTA_DST, dst)) |
| 4426 | goto nla_put_failure; |
| 4427 | rtm->rtm_dst_len = 128; |
| 4428 | } else if (rtm->rtm_dst_len) |
| 4429 | if (nla_put_in6_addr(skb, RTA_DST, &rt->rt6i_dst.addr)) |
| 4430 | goto nla_put_failure; |
| 4431 | #ifdef CONFIG_IPV6_SUBTREES |
| 4432 | if (src) { |
| 4433 | if (nla_put_in6_addr(skb, RTA_SRC, src)) |
| 4434 | goto nla_put_failure; |
| 4435 | rtm->rtm_src_len = 128; |
| 4436 | } else if (rtm->rtm_src_len && |
| 4437 | nla_put_in6_addr(skb, RTA_SRC, &rt->rt6i_src.addr)) |
| 4438 | goto nla_put_failure; |
| 4439 | #endif |
| 4440 | if (iif) { |
| 4441 | #ifdef CONFIG_IPV6_MROUTE |
| 4442 | if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) { |
| 4443 | int err = ip6mr_get_route(net, skb, rtm, portid); |
| 4444 | |
| 4445 | if (err == 0) |
| 4446 | return 0; |
| 4447 | if (err < 0) |
| 4448 | goto nla_put_failure; |
| 4449 | } else |
| 4450 | #endif |
| 4451 | if (nla_put_u32(skb, RTA_IIF, iif)) |
| 4452 | goto nla_put_failure; |
| 4453 | } else if (dst) { |
| 4454 | struct in6_addr saddr_buf; |
| 4455 | if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 && |
| 4456 | nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) |
| 4457 | goto nla_put_failure; |
| 4458 | } |
| 4459 | |
| 4460 | if (rt->rt6i_prefsrc.plen) { |
| 4461 | struct in6_addr saddr_buf; |
| 4462 | saddr_buf = rt->rt6i_prefsrc.addr; |
| 4463 | if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) |
| 4464 | goto nla_put_failure; |
| 4465 | } |
| 4466 | |
| 4467 | memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics)); |
| 4468 | if (rt->rt6i_pmtu) |
| 4469 | metrics[RTAX_MTU - 1] = rt->rt6i_pmtu; |
| 4470 | if (rtnetlink_put_metrics(skb, metrics) < 0) |
| 4471 | goto nla_put_failure; |
| 4472 | |
| 4473 | if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric)) |
| 4474 | goto nla_put_failure; |
| 4475 | |
| 4476 | /* For multipath routes, walk the siblings list and add |
| 4477 | * each as a nexthop within RTA_MULTIPATH. |
| 4478 | */ |
| 4479 | if (rt->rt6i_nsiblings) { |
| 4480 | struct rt6_info *sibling, *next_sibling; |
| 4481 | struct nlattr *mp; |
| 4482 | |
| 4483 | mp = nla_nest_start(skb, RTA_MULTIPATH); |
| 4484 | if (!mp) |
| 4485 | goto nla_put_failure; |
| 4486 | |
| 4487 | if (rt6_add_nexthop(skb, rt) < 0) |
| 4488 | goto nla_put_failure; |
| 4489 | |
| 4490 | list_for_each_entry_safe(sibling, next_sibling, |
| 4491 | &rt->rt6i_siblings, rt6i_siblings) { |
| 4492 | if (rt6_add_nexthop(skb, sibling) < 0) |
| 4493 | goto nla_put_failure; |
| 4494 | } |
| 4495 | |
| 4496 | nla_nest_end(skb, mp); |
| 4497 | } else { |
| 4498 | if (rt6_nexthop_info(skb, rt, &rtm->rtm_flags, false) < 0) |
| 4499 | goto nla_put_failure; |
| 4500 | } |
| 4501 | |
| 4502 | expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0; |
| 4503 | |
| 4504 | if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0) |
| 4505 | goto nla_put_failure; |
| 4506 | |
| 4507 | if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags))) |
| 4508 | goto nla_put_failure; |
| 4509 | |
| 4510 | |
| 4511 | nlmsg_end(skb, nlh); |
| 4512 | return 0; |
| 4513 | |
| 4514 | nla_put_failure: |
| 4515 | nlmsg_cancel(skb, nlh); |
| 4516 | return -EMSGSIZE; |
| 4517 | } |
| 4518 | |
| 4519 | int rt6_dump_route(struct rt6_info *rt, void *p_arg) |
| 4520 | { |
| 4521 | struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; |
| 4522 | struct net *net = arg->net; |
| 4523 | |
| 4524 | if (rt == net->ipv6.ip6_null_entry) |
| 4525 | return 0; |
| 4526 | |
| 4527 | if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { |
| 4528 | struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); |
| 4529 | |
| 4530 | /* user wants prefix routes only */ |
| 4531 | if (rtm->rtm_flags & RTM_F_PREFIX && |
| 4532 | !(rt->rt6i_flags & RTF_PREFIX_RT)) { |
| 4533 | /* success since this is not a prefix route */ |
| 4534 | return 1; |
| 4535 | } |
| 4536 | } |
| 4537 | |
| 4538 | return rt6_fill_node(net, |
| 4539 | arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE, |
| 4540 | NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq, |
| 4541 | NLM_F_MULTI); |
| 4542 | } |
| 4543 | |
| 4544 | static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, |
| 4545 | struct netlink_ext_ack *extack) |
| 4546 | { |
| 4547 | struct net *net = sock_net(in_skb->sk); |
| 4548 | struct nlattr *tb[RTA_MAX+1]; |
| 4549 | int err, iif = 0, oif = 0; |
| 4550 | struct dst_entry *dst; |
| 4551 | struct rt6_info *rt; |
| 4552 | struct sk_buff *skb; |
| 4553 | struct rtmsg *rtm; |
| 4554 | struct flowi6 fl6; |
| 4555 | bool fibmatch; |
| 4556 | |
| 4557 | err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy, |
| 4558 | extack); |
| 4559 | if (err < 0) |
| 4560 | goto errout; |
| 4561 | |
| 4562 | err = -EINVAL; |
| 4563 | memset(&fl6, 0, sizeof(fl6)); |
| 4564 | rtm = nlmsg_data(nlh); |
| 4565 | fl6.flowlabel = ip6_make_flowinfo(rtm->rtm_tos, 0); |
| 4566 | fibmatch = !!(rtm->rtm_flags & RTM_F_FIB_MATCH); |
| 4567 | |
| 4568 | if (tb[RTA_SRC]) { |
| 4569 | if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr)) |
| 4570 | goto errout; |
| 4571 | |
| 4572 | fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]); |
| 4573 | } |
| 4574 | |
| 4575 | if (tb[RTA_DST]) { |
| 4576 | if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr)) |
| 4577 | goto errout; |
| 4578 | |
| 4579 | fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]); |
| 4580 | } |
| 4581 | |
| 4582 | if (tb[RTA_IIF]) |
| 4583 | iif = nla_get_u32(tb[RTA_IIF]); |
| 4584 | |
| 4585 | if (tb[RTA_OIF]) |
| 4586 | oif = nla_get_u32(tb[RTA_OIF]); |
| 4587 | |
| 4588 | if (tb[RTA_MARK]) |
| 4589 | fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]); |
| 4590 | |
| 4591 | if (tb[RTA_UID]) |
| 4592 | fl6.flowi6_uid = make_kuid(current_user_ns(), |
| 4593 | nla_get_u32(tb[RTA_UID])); |
| 4594 | else |
| 4595 | fl6.flowi6_uid = iif ? INVALID_UID : current_uid(); |
| 4596 | |
| 4597 | if (iif) { |
| 4598 | struct net_device *dev; |
| 4599 | int flags = 0; |
| 4600 | |
| 4601 | rcu_read_lock(); |
| 4602 | |
| 4603 | dev = dev_get_by_index_rcu(net, iif); |
| 4604 | if (!dev) { |
| 4605 | rcu_read_unlock(); |
| 4606 | err = -ENODEV; |
| 4607 | goto errout; |
| 4608 | } |
| 4609 | |
| 4610 | fl6.flowi6_iif = iif; |
| 4611 | |
| 4612 | if (!ipv6_addr_any(&fl6.saddr)) |
| 4613 | flags |= RT6_LOOKUP_F_HAS_SADDR; |
| 4614 | |
| 4615 | dst = ip6_route_input_lookup(net, dev, &fl6, flags); |
| 4616 | |
| 4617 | rcu_read_unlock(); |
| 4618 | } else { |
| 4619 | fl6.flowi6_oif = oif; |
| 4620 | |
| 4621 | dst = ip6_route_output(net, NULL, &fl6); |
| 4622 | } |
| 4623 | |
| 4624 | |
| 4625 | rt = container_of(dst, struct rt6_info, dst); |
| 4626 | if (rt->dst.error) { |
| 4627 | err = rt->dst.error; |
| 4628 | ip6_rt_put(rt); |
| 4629 | goto errout; |
| 4630 | } |
| 4631 | |
| 4632 | if (rt == net->ipv6.ip6_null_entry) { |
| 4633 | err = rt->dst.error; |
| 4634 | ip6_rt_put(rt); |
| 4635 | goto errout; |
| 4636 | } |
| 4637 | |
| 4638 | if (fibmatch && rt->from) { |
| 4639 | struct rt6_info *ort = rt->from; |
| 4640 | |
| 4641 | dst_hold(&ort->dst); |
| 4642 | ip6_rt_put(rt); |
| 4643 | rt = ort; |
| 4644 | } |
| 4645 | |
| 4646 | skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); |
| 4647 | if (!skb) { |
| 4648 | ip6_rt_put(rt); |
| 4649 | err = -ENOBUFS; |
| 4650 | goto errout; |
| 4651 | } |
| 4652 | |
| 4653 | skb_dst_set(skb, &rt->dst); |
| 4654 | if (fibmatch) |
| 4655 | err = rt6_fill_node(net, skb, rt, NULL, NULL, iif, |
| 4656 | RTM_NEWROUTE, NETLINK_CB(in_skb).portid, |
| 4657 | nlh->nlmsg_seq, 0); |
| 4658 | else |
| 4659 | err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif, |
| 4660 | RTM_NEWROUTE, NETLINK_CB(in_skb).portid, |
| 4661 | nlh->nlmsg_seq, 0); |
| 4662 | if (err < 0) { |
| 4663 | kfree_skb(skb); |
| 4664 | goto errout; |
| 4665 | } |
| 4666 | |
| 4667 | err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); |
| 4668 | errout: |
| 4669 | return err; |
| 4670 | } |
| 4671 | |
| 4672 | void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info, |
| 4673 | unsigned int nlm_flags) |
| 4674 | { |
| 4675 | struct sk_buff *skb; |
| 4676 | struct net *net = info->nl_net; |
| 4677 | u32 seq; |
| 4678 | int err; |
| 4679 | |
| 4680 | err = -ENOBUFS; |
| 4681 | seq = info->nlh ? info->nlh->nlmsg_seq : 0; |
| 4682 | |
| 4683 | skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any()); |
| 4684 | if (!skb) |
| 4685 | goto errout; |
| 4686 | |
| 4687 | err = rt6_fill_node(net, skb, rt, NULL, NULL, 0, |
| 4688 | event, info->portid, seq, nlm_flags); |
| 4689 | if (err < 0) { |
| 4690 | /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */ |
| 4691 | WARN_ON(err == -EMSGSIZE); |
| 4692 | kfree_skb(skb); |
| 4693 | goto errout; |
| 4694 | } |
| 4695 | rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE, |
| 4696 | info->nlh, gfp_any()); |
| 4697 | return; |
| 4698 | errout: |
| 4699 | if (err < 0) |
| 4700 | rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err); |
| 4701 | } |
| 4702 | |
| 4703 | static int ip6_route_dev_notify(struct notifier_block *this, |
| 4704 | unsigned long event, void *ptr) |
| 4705 | { |
| 4706 | struct net_device *dev = netdev_notifier_info_to_dev(ptr); |
| 4707 | struct net *net = dev_net(dev); |
| 4708 | |
| 4709 | if (!(dev->flags & IFF_LOOPBACK)) |
| 4710 | return NOTIFY_OK; |
| 4711 | |
| 4712 | if (event == NETDEV_REGISTER) { |
| 4713 | net->ipv6.ip6_null_entry->dst.dev = dev; |
| 4714 | net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev); |
| 4715 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 4716 | net->ipv6.ip6_prohibit_entry->dst.dev = dev; |
| 4717 | net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); |
| 4718 | net->ipv6.ip6_blk_hole_entry->dst.dev = dev; |
| 4719 | net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); |
| 4720 | #endif |
| 4721 | } else if (event == NETDEV_UNREGISTER && |
| 4722 | dev->reg_state != NETREG_UNREGISTERED) { |
| 4723 | /* NETDEV_UNREGISTER could be fired for multiple times by |
| 4724 | * netdev_wait_allrefs(). Make sure we only call this once. |
| 4725 | */ |
| 4726 | in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev); |
| 4727 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 4728 | in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev); |
| 4729 | in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev); |
| 4730 | #endif |
| 4731 | } |
| 4732 | |
| 4733 | return NOTIFY_OK; |
| 4734 | } |
| 4735 | |
| 4736 | /* |
| 4737 | * /proc |
| 4738 | */ |
| 4739 | |
| 4740 | #ifdef CONFIG_PROC_FS |
| 4741 | |
| 4742 | static const struct file_operations ipv6_route_proc_fops = { |
| 4743 | .open = ipv6_route_open, |
| 4744 | .read = seq_read, |
| 4745 | .llseek = seq_lseek, |
| 4746 | .release = seq_release_net, |
| 4747 | }; |
| 4748 | |
| 4749 | static int rt6_stats_seq_show(struct seq_file *seq, void *v) |
| 4750 | { |
| 4751 | struct net *net = (struct net *)seq->private; |
| 4752 | seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n", |
| 4753 | net->ipv6.rt6_stats->fib_nodes, |
| 4754 | net->ipv6.rt6_stats->fib_route_nodes, |
| 4755 | atomic_read(&net->ipv6.rt6_stats->fib_rt_alloc), |
| 4756 | net->ipv6.rt6_stats->fib_rt_entries, |
| 4757 | net->ipv6.rt6_stats->fib_rt_cache, |
| 4758 | dst_entries_get_slow(&net->ipv6.ip6_dst_ops), |
| 4759 | net->ipv6.rt6_stats->fib_discarded_routes); |
| 4760 | |
| 4761 | return 0; |
| 4762 | } |
| 4763 | |
| 4764 | static int rt6_stats_seq_open(struct inode *inode, struct file *file) |
| 4765 | { |
| 4766 | return single_open_net(inode, file, rt6_stats_seq_show); |
| 4767 | } |
| 4768 | |
| 4769 | static const struct file_operations rt6_stats_seq_fops = { |
| 4770 | .open = rt6_stats_seq_open, |
| 4771 | .read = seq_read, |
| 4772 | .llseek = seq_lseek, |
| 4773 | .release = single_release_net, |
| 4774 | }; |
| 4775 | #endif /* CONFIG_PROC_FS */ |
| 4776 | |
| 4777 | #ifdef CONFIG_SYSCTL |
| 4778 | |
| 4779 | static |
| 4780 | int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write, |
| 4781 | void __user *buffer, size_t *lenp, loff_t *ppos) |
| 4782 | { |
| 4783 | struct net *net; |
| 4784 | int delay; |
| 4785 | if (!write) |
| 4786 | return -EINVAL; |
| 4787 | |
| 4788 | net = (struct net *)ctl->extra1; |
| 4789 | delay = net->ipv6.sysctl.flush_delay; |
| 4790 | proc_dointvec(ctl, write, buffer, lenp, ppos); |
| 4791 | fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0); |
| 4792 | return 0; |
| 4793 | } |
| 4794 | |
| 4795 | struct ctl_table ipv6_route_table_template[] = { |
| 4796 | { |
| 4797 | .procname = "flush", |
| 4798 | .data = &init_net.ipv6.sysctl.flush_delay, |
| 4799 | .maxlen = sizeof(int), |
| 4800 | .mode = 0200, |
| 4801 | .proc_handler = ipv6_sysctl_rtcache_flush |
| 4802 | }, |
| 4803 | { |
| 4804 | .procname = "gc_thresh", |
| 4805 | .data = &ip6_dst_ops_template.gc_thresh, |
| 4806 | .maxlen = sizeof(int), |
| 4807 | .mode = 0644, |
| 4808 | .proc_handler = proc_dointvec, |
| 4809 | }, |
| 4810 | { |
| 4811 | .procname = "max_size", |
| 4812 | .data = &init_net.ipv6.sysctl.ip6_rt_max_size, |
| 4813 | .maxlen = sizeof(int), |
| 4814 | .mode = 0644, |
| 4815 | .proc_handler = proc_dointvec, |
| 4816 | }, |
| 4817 | { |
| 4818 | .procname = "gc_min_interval", |
| 4819 | .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, |
| 4820 | .maxlen = sizeof(int), |
| 4821 | .mode = 0644, |
| 4822 | .proc_handler = proc_dointvec_jiffies, |
| 4823 | }, |
| 4824 | { |
| 4825 | .procname = "gc_timeout", |
| 4826 | .data = &init_net.ipv6.sysctl.ip6_rt_gc_timeout, |
| 4827 | .maxlen = sizeof(int), |
| 4828 | .mode = 0644, |
| 4829 | .proc_handler = proc_dointvec_jiffies, |
| 4830 | }, |
| 4831 | { |
| 4832 | .procname = "gc_interval", |
| 4833 | .data = &init_net.ipv6.sysctl.ip6_rt_gc_interval, |
| 4834 | .maxlen = sizeof(int), |
| 4835 | .mode = 0644, |
| 4836 | .proc_handler = proc_dointvec_jiffies, |
| 4837 | }, |
| 4838 | { |
| 4839 | .procname = "gc_elasticity", |
| 4840 | .data = &init_net.ipv6.sysctl.ip6_rt_gc_elasticity, |
| 4841 | .maxlen = sizeof(int), |
| 4842 | .mode = 0644, |
| 4843 | .proc_handler = proc_dointvec, |
| 4844 | }, |
| 4845 | { |
| 4846 | .procname = "mtu_expires", |
| 4847 | .data = &init_net.ipv6.sysctl.ip6_rt_mtu_expires, |
| 4848 | .maxlen = sizeof(int), |
| 4849 | .mode = 0644, |
| 4850 | .proc_handler = proc_dointvec_jiffies, |
| 4851 | }, |
| 4852 | { |
| 4853 | .procname = "min_adv_mss", |
| 4854 | .data = &init_net.ipv6.sysctl.ip6_rt_min_advmss, |
| 4855 | .maxlen = sizeof(int), |
| 4856 | .mode = 0644, |
| 4857 | .proc_handler = proc_dointvec, |
| 4858 | }, |
| 4859 | { |
| 4860 | .procname = "gc_min_interval_ms", |
| 4861 | .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, |
| 4862 | .maxlen = sizeof(int), |
| 4863 | .mode = 0644, |
| 4864 | .proc_handler = proc_dointvec_ms_jiffies, |
| 4865 | }, |
| 4866 | { } |
| 4867 | }; |
| 4868 | |
| 4869 | struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) |
| 4870 | { |
| 4871 | struct ctl_table *table; |
| 4872 | |
| 4873 | table = kmemdup(ipv6_route_table_template, |
| 4874 | sizeof(ipv6_route_table_template), |
| 4875 | GFP_KERNEL); |
| 4876 | |
| 4877 | if (table) { |
| 4878 | table[0].data = &net->ipv6.sysctl.flush_delay; |
| 4879 | table[0].extra1 = net; |
| 4880 | table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh; |
| 4881 | table[2].data = &net->ipv6.sysctl.ip6_rt_max_size; |
| 4882 | table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; |
| 4883 | table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout; |
| 4884 | table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval; |
| 4885 | table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity; |
| 4886 | table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires; |
| 4887 | table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss; |
| 4888 | table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; |
| 4889 | |
| 4890 | /* Don't export sysctls to unprivileged users */ |
| 4891 | if (net->user_ns != &init_user_ns) |
| 4892 | table[0].procname = NULL; |
| 4893 | } |
| 4894 | |
| 4895 | return table; |
| 4896 | } |
| 4897 | #endif |
| 4898 | |
| 4899 | static int __net_init ip6_route_net_init(struct net *net) |
| 4900 | { |
| 4901 | int ret = -ENOMEM; |
| 4902 | |
| 4903 | memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template, |
| 4904 | sizeof(net->ipv6.ip6_dst_ops)); |
| 4905 | |
| 4906 | if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0) |
| 4907 | goto out_ip6_dst_ops; |
| 4908 | |
| 4909 | net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template, |
| 4910 | sizeof(*net->ipv6.ip6_null_entry), |
| 4911 | GFP_KERNEL); |
| 4912 | if (!net->ipv6.ip6_null_entry) |
| 4913 | goto out_ip6_dst_entries; |
| 4914 | net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops; |
| 4915 | dst_init_metrics(&net->ipv6.ip6_null_entry->dst, |
| 4916 | ip6_template_metrics, true); |
| 4917 | |
| 4918 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 4919 | net->ipv6.fib6_has_custom_rules = false; |
| 4920 | net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template, |
| 4921 | sizeof(*net->ipv6.ip6_prohibit_entry), |
| 4922 | GFP_KERNEL); |
| 4923 | if (!net->ipv6.ip6_prohibit_entry) |
| 4924 | goto out_ip6_null_entry; |
| 4925 | net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops; |
| 4926 | dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst, |
| 4927 | ip6_template_metrics, true); |
| 4928 | |
| 4929 | net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template, |
| 4930 | sizeof(*net->ipv6.ip6_blk_hole_entry), |
| 4931 | GFP_KERNEL); |
| 4932 | if (!net->ipv6.ip6_blk_hole_entry) |
| 4933 | goto out_ip6_prohibit_entry; |
| 4934 | net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; |
| 4935 | dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, |
| 4936 | ip6_template_metrics, true); |
| 4937 | #endif |
| 4938 | |
| 4939 | net->ipv6.sysctl.flush_delay = 0; |
| 4940 | net->ipv6.sysctl.ip6_rt_max_size = 4096; |
| 4941 | net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2; |
| 4942 | net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ; |
| 4943 | net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ; |
| 4944 | net->ipv6.sysctl.ip6_rt_gc_elasticity = 9; |
| 4945 | net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ; |
| 4946 | net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40; |
| 4947 | |
| 4948 | net->ipv6.ip6_rt_gc_expire = 30*HZ; |
| 4949 | |
| 4950 | ret = 0; |
| 4951 | out: |
| 4952 | return ret; |
| 4953 | |
| 4954 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 4955 | out_ip6_prohibit_entry: |
| 4956 | kfree(net->ipv6.ip6_prohibit_entry); |
| 4957 | out_ip6_null_entry: |
| 4958 | kfree(net->ipv6.ip6_null_entry); |
| 4959 | #endif |
| 4960 | out_ip6_dst_entries: |
| 4961 | dst_entries_destroy(&net->ipv6.ip6_dst_ops); |
| 4962 | out_ip6_dst_ops: |
| 4963 | goto out; |
| 4964 | } |
| 4965 | |
| 4966 | static void __net_exit ip6_route_net_exit(struct net *net) |
| 4967 | { |
| 4968 | kfree(net->ipv6.ip6_null_entry); |
| 4969 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 4970 | kfree(net->ipv6.ip6_prohibit_entry); |
| 4971 | kfree(net->ipv6.ip6_blk_hole_entry); |
| 4972 | #endif |
| 4973 | dst_entries_destroy(&net->ipv6.ip6_dst_ops); |
| 4974 | } |
| 4975 | |
| 4976 | static int __net_init ip6_route_net_init_late(struct net *net) |
| 4977 | { |
| 4978 | #ifdef CONFIG_PROC_FS |
| 4979 | proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops); |
| 4980 | proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops); |
| 4981 | #endif |
| 4982 | return 0; |
| 4983 | } |
| 4984 | |
| 4985 | static void __net_exit ip6_route_net_exit_late(struct net *net) |
| 4986 | { |
| 4987 | #ifdef CONFIG_PROC_FS |
| 4988 | remove_proc_entry("ipv6_route", net->proc_net); |
| 4989 | remove_proc_entry("rt6_stats", net->proc_net); |
| 4990 | #endif |
| 4991 | } |
| 4992 | |
| 4993 | static struct pernet_operations ip6_route_net_ops = { |
| 4994 | .init = ip6_route_net_init, |
| 4995 | .exit = ip6_route_net_exit, |
| 4996 | }; |
| 4997 | |
| 4998 | static int __net_init ipv6_inetpeer_init(struct net *net) |
| 4999 | { |
| 5000 | struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL); |
| 5001 | |
| 5002 | if (!bp) |
| 5003 | return -ENOMEM; |
| 5004 | inet_peer_base_init(bp); |
| 5005 | net->ipv6.peers = bp; |
| 5006 | return 0; |
| 5007 | } |
| 5008 | |
| 5009 | static void __net_exit ipv6_inetpeer_exit(struct net *net) |
| 5010 | { |
| 5011 | struct inet_peer_base *bp = net->ipv6.peers; |
| 5012 | |
| 5013 | net->ipv6.peers = NULL; |
| 5014 | inetpeer_invalidate_tree(bp); |
| 5015 | kfree(bp); |
| 5016 | } |
| 5017 | |
| 5018 | static struct pernet_operations ipv6_inetpeer_ops = { |
| 5019 | .init = ipv6_inetpeer_init, |
| 5020 | .exit = ipv6_inetpeer_exit, |
| 5021 | }; |
| 5022 | |
| 5023 | static struct pernet_operations ip6_route_net_late_ops = { |
| 5024 | .init = ip6_route_net_init_late, |
| 5025 | .exit = ip6_route_net_exit_late, |
| 5026 | }; |
| 5027 | |
| 5028 | static struct notifier_block ip6_route_dev_notifier = { |
| 5029 | .notifier_call = ip6_route_dev_notify, |
| 5030 | .priority = ADDRCONF_NOTIFY_PRIORITY - 10, |
| 5031 | }; |
| 5032 | |
| 5033 | void __init ip6_route_init_special_entries(void) |
| 5034 | { |
| 5035 | /* Registering of the loopback is done before this portion of code, |
| 5036 | * the loopback reference in rt6_info will not be taken, do it |
| 5037 | * manually for init_net */ |
| 5038 | init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev; |
| 5039 | init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
| 5040 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
| 5041 | init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev; |
| 5042 | init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
| 5043 | init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; |
| 5044 | init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
| 5045 | #endif |
| 5046 | } |
| 5047 | |
| 5048 | int __init ip6_route_init(void) |
| 5049 | { |
| 5050 | int ret; |
| 5051 | int cpu; |
| 5052 | |
| 5053 | ret = -ENOMEM; |
| 5054 | ip6_dst_ops_template.kmem_cachep = |
| 5055 | kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, |
| 5056 | SLAB_HWCACHE_ALIGN, NULL); |
| 5057 | if (!ip6_dst_ops_template.kmem_cachep) |
| 5058 | goto out; |
| 5059 | |
| 5060 | ret = dst_entries_init(&ip6_dst_blackhole_ops); |
| 5061 | if (ret) |
| 5062 | goto out_kmem_cache; |
| 5063 | |
| 5064 | ret = register_pernet_subsys(&ipv6_inetpeer_ops); |
| 5065 | if (ret) |
| 5066 | goto out_dst_entries; |
| 5067 | |
| 5068 | ret = register_pernet_subsys(&ip6_route_net_ops); |
| 5069 | if (ret) |
| 5070 | goto out_register_inetpeer; |
| 5071 | |
| 5072 | ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep; |
| 5073 | |
| 5074 | ret = fib6_init(); |
| 5075 | if (ret) |
| 5076 | goto out_register_subsys; |
| 5077 | |
| 5078 | ret = xfrm6_init(); |
| 5079 | if (ret) |
| 5080 | goto out_fib6_init; |
| 5081 | |
| 5082 | ret = fib6_rules_init(); |
| 5083 | if (ret) |
| 5084 | goto xfrm6_init; |
| 5085 | |
| 5086 | ret = register_pernet_subsys(&ip6_route_net_late_ops); |
| 5087 | if (ret) |
| 5088 | goto fib6_rules_init; |
| 5089 | |
| 5090 | ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_NEWROUTE, |
| 5091 | inet6_rtm_newroute, NULL, 0); |
| 5092 | if (ret < 0) |
| 5093 | goto out_register_late_subsys; |
| 5094 | |
| 5095 | ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_DELROUTE, |
| 5096 | inet6_rtm_delroute, NULL, 0); |
| 5097 | if (ret < 0) |
| 5098 | goto out_register_late_subsys; |
| 5099 | |
| 5100 | ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETROUTE, |
| 5101 | inet6_rtm_getroute, NULL, |
| 5102 | RTNL_FLAG_DOIT_UNLOCKED); |
| 5103 | if (ret < 0) |
| 5104 | goto out_register_late_subsys; |
| 5105 | |
| 5106 | ret = register_netdevice_notifier(&ip6_route_dev_notifier); |
| 5107 | if (ret) |
| 5108 | goto out_register_late_subsys; |
| 5109 | |
| 5110 | for_each_possible_cpu(cpu) { |
| 5111 | struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu); |
| 5112 | |
| 5113 | INIT_LIST_HEAD(&ul->head); |
| 5114 | spin_lock_init(&ul->lock); |
| 5115 | } |
| 5116 | |
| 5117 | out: |
| 5118 | return ret; |
| 5119 | |
| 5120 | out_register_late_subsys: |
| 5121 | rtnl_unregister_all(PF_INET6); |
| 5122 | unregister_pernet_subsys(&ip6_route_net_late_ops); |
| 5123 | fib6_rules_init: |
| 5124 | fib6_rules_cleanup(); |
| 5125 | xfrm6_init: |
| 5126 | xfrm6_fini(); |
| 5127 | out_fib6_init: |
| 5128 | fib6_gc_cleanup(); |
| 5129 | out_register_subsys: |
| 5130 | unregister_pernet_subsys(&ip6_route_net_ops); |
| 5131 | out_register_inetpeer: |
| 5132 | unregister_pernet_subsys(&ipv6_inetpeer_ops); |
| 5133 | out_dst_entries: |
| 5134 | dst_entries_destroy(&ip6_dst_blackhole_ops); |
| 5135 | out_kmem_cache: |
| 5136 | kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); |
| 5137 | goto out; |
| 5138 | } |
| 5139 | |
| 5140 | void ip6_route_cleanup(void) |
| 5141 | { |
| 5142 | unregister_netdevice_notifier(&ip6_route_dev_notifier); |
| 5143 | unregister_pernet_subsys(&ip6_route_net_late_ops); |
| 5144 | fib6_rules_cleanup(); |
| 5145 | xfrm6_fini(); |
| 5146 | fib6_gc_cleanup(); |
| 5147 | unregister_pernet_subsys(&ipv6_inetpeer_ops); |
| 5148 | unregister_pernet_subsys(&ip6_route_net_ops); |
| 5149 | dst_entries_destroy(&ip6_dst_blackhole_ops); |
| 5150 | kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); |
| 5151 | } |