1 /* 2 * Linux INET6 implementation 3 * FIB front-end. 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 */ 13 14 /* Changes: 15 * 16 * YOSHIFUJI Hideaki @USAGI 17 * reworked default router selection. 18 * - respect outgoing interface 19 * - select from (probably) reachable routers (i.e. 20 * routers in REACHABLE, STALE, DELAY or PROBE states). 21 * - always select the same router if it is (probably) 22 * reachable. otherwise, round-robin the list. 23 * Ville Nuorvala 24 * Fixed routing subtrees. 25 */ 26 27 #define pr_fmt(fmt) "IPv6: " fmt 28 29 #include <linux/capability.h> 30 #include <linux/errno.h> 31 #include <linux/export.h> 32 #include <linux/types.h> 33 #include <linux/times.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/net.h> 37 #include <linux/route.h> 38 #include <linux/netdevice.h> 39 #include <linux/in6.h> 40 #include <linux/mroute6.h> 41 #include <linux/init.h> 42 #include <linux/if_arp.h> 43 #include <linux/proc_fs.h> 44 #include <linux/seq_file.h> 45 #include <linux/nsproxy.h> 46 #include <linux/slab.h> 47 #include <net/net_namespace.h> 48 #include <net/snmp.h> 49 #include <net/ipv6.h> 50 #include <net/ip6_fib.h> 51 #include <net/ip6_route.h> 52 #include <net/ndisc.h> 53 #include <net/addrconf.h> 54 #include <net/tcp.h> 55 #include <linux/rtnetlink.h> 56 #include <net/dst.h> 57 #include <net/xfrm.h> 58 #include <net/netevent.h> 59 #include <net/netlink.h> 60 #include <net/nexthop.h> 61 62 #include <asm/uaccess.h> 63 64 #ifdef CONFIG_SYSCTL 65 #include <linux/sysctl.h> 66 #endif 67 68 enum rt6_nud_state { 69 RT6_NUD_FAIL_HARD = -2, 70 RT6_NUD_FAIL_SOFT = -1, 71 RT6_NUD_SUCCEED = 1 72 }; 73 74 static struct rt6_info *ip6_rt_copy(struct rt6_info *ort, 75 const struct in6_addr *dest); 76 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie); 77 static unsigned int ip6_default_advmss(const struct dst_entry *dst); 78 static unsigned int ip6_mtu(const struct dst_entry *dst); 79 static struct dst_entry *ip6_negative_advice(struct dst_entry *); 80 static void ip6_dst_destroy(struct dst_entry *); 81 static void ip6_dst_ifdown(struct dst_entry *, 82 struct net_device *dev, int how); 83 static int ip6_dst_gc(struct dst_ops *ops); 84 85 static int ip6_pkt_discard(struct sk_buff *skb); 86 static int ip6_pkt_discard_out(struct sk_buff *skb); 87 static void ip6_link_failure(struct sk_buff *skb); 88 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, 89 struct sk_buff *skb, u32 mtu); 90 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, 91 struct sk_buff *skb); 92 static int rt6_score_route(struct rt6_info *rt, int oif, int strict); 93 94 #ifdef CONFIG_IPV6_ROUTE_INFO 95 static struct rt6_info *rt6_add_route_info(struct net *net, 96 const struct in6_addr *prefix, int prefixlen, 97 const struct in6_addr *gwaddr, int ifindex, 98 unsigned int pref); 99 static struct rt6_info *rt6_get_route_info(struct net *net, 100 const struct in6_addr *prefix, int prefixlen, 101 const struct in6_addr *gwaddr, int ifindex); 102 #endif 103 104 static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old) 105 { 106 struct rt6_info *rt = (struct rt6_info *) dst; 107 struct inet_peer *peer; 108 u32 *p = NULL; 109 110 if (!(rt->dst.flags & DST_HOST)) 111 return NULL; 112 113 peer = rt6_get_peer_create(rt); 114 if (peer) { 115 u32 *old_p = __DST_METRICS_PTR(old); 116 unsigned long prev, new; 117 118 p = peer->metrics; 119 if (inet_metrics_new(peer)) 120 memcpy(p, old_p, sizeof(u32) * RTAX_MAX); 121 122 new = (unsigned long) p; 123 prev = cmpxchg(&dst->_metrics, old, new); 124 125 if (prev != old) { 126 p = __DST_METRICS_PTR(prev); 127 if (prev & DST_METRICS_READ_ONLY) 128 p = NULL; 129 } 130 } 131 return p; 132 } 133 134 static inline const void *choose_neigh_daddr(struct rt6_info *rt, 135 struct sk_buff *skb, 136 const void *daddr) 137 { 138 struct in6_addr *p = &rt->rt6i_gateway; 139 140 if (!ipv6_addr_any(p)) 141 return (const void *) p; 142 else if (skb) 143 return &ipv6_hdr(skb)->daddr; 144 return daddr; 145 } 146 147 static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst, 148 struct sk_buff *skb, 149 const void *daddr) 150 { 151 struct rt6_info *rt = (struct rt6_info *) dst; 152 struct neighbour *n; 153 154 daddr = choose_neigh_daddr(rt, skb, daddr); 155 n = __ipv6_neigh_lookup(dst->dev, daddr); 156 if (n) 157 return n; 158 return neigh_create(&nd_tbl, daddr, dst->dev); 159 } 160 161 static struct dst_ops ip6_dst_ops_template = { 162 .family = AF_INET6, 163 .protocol = cpu_to_be16(ETH_P_IPV6), 164 .gc = ip6_dst_gc, 165 .gc_thresh = 1024, 166 .check = ip6_dst_check, 167 .default_advmss = ip6_default_advmss, 168 .mtu = ip6_mtu, 169 .cow_metrics = ipv6_cow_metrics, 170 .destroy = ip6_dst_destroy, 171 .ifdown = ip6_dst_ifdown, 172 .negative_advice = ip6_negative_advice, 173 .link_failure = ip6_link_failure, 174 .update_pmtu = ip6_rt_update_pmtu, 175 .redirect = rt6_do_redirect, 176 .local_out = __ip6_local_out, 177 .neigh_lookup = ip6_neigh_lookup, 178 }; 179 180 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst) 181 { 182 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); 183 184 return mtu ? : dst->dev->mtu; 185 } 186 187 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk, 188 struct sk_buff *skb, u32 mtu) 189 { 190 } 191 192 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk, 193 struct sk_buff *skb) 194 { 195 } 196 197 static u32 *ip6_rt_blackhole_cow_metrics(struct dst_entry *dst, 198 unsigned long old) 199 { 200 return NULL; 201 } 202 203 static struct dst_ops ip6_dst_blackhole_ops = { 204 .family = AF_INET6, 205 .protocol = cpu_to_be16(ETH_P_IPV6), 206 .destroy = ip6_dst_destroy, 207 .check = ip6_dst_check, 208 .mtu = ip6_blackhole_mtu, 209 .default_advmss = ip6_default_advmss, 210 .update_pmtu = ip6_rt_blackhole_update_pmtu, 211 .redirect = ip6_rt_blackhole_redirect, 212 .cow_metrics = ip6_rt_blackhole_cow_metrics, 213 .neigh_lookup = ip6_neigh_lookup, 214 }; 215 216 static const u32 ip6_template_metrics[RTAX_MAX] = { 217 [RTAX_HOPLIMIT - 1] = 0, 218 }; 219 220 static const struct rt6_info ip6_null_entry_template = { 221 .dst = { 222 .__refcnt = ATOMIC_INIT(1), 223 .__use = 1, 224 .obsolete = DST_OBSOLETE_FORCE_CHK, 225 .error = -ENETUNREACH, 226 .input = ip6_pkt_discard, 227 .output = ip6_pkt_discard_out, 228 }, 229 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 230 .rt6i_protocol = RTPROT_KERNEL, 231 .rt6i_metric = ~(u32) 0, 232 .rt6i_ref = ATOMIC_INIT(1), 233 }; 234 235 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 236 237 static int ip6_pkt_prohibit(struct sk_buff *skb); 238 static int ip6_pkt_prohibit_out(struct sk_buff *skb); 239 240 static const struct rt6_info ip6_prohibit_entry_template = { 241 .dst = { 242 .__refcnt = ATOMIC_INIT(1), 243 .__use = 1, 244 .obsolete = DST_OBSOLETE_FORCE_CHK, 245 .error = -EACCES, 246 .input = ip6_pkt_prohibit, 247 .output = ip6_pkt_prohibit_out, 248 }, 249 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 250 .rt6i_protocol = RTPROT_KERNEL, 251 .rt6i_metric = ~(u32) 0, 252 .rt6i_ref = ATOMIC_INIT(1), 253 }; 254 255 static const struct rt6_info ip6_blk_hole_entry_template = { 256 .dst = { 257 .__refcnt = ATOMIC_INIT(1), 258 .__use = 1, 259 .obsolete = DST_OBSOLETE_FORCE_CHK, 260 .error = -EINVAL, 261 .input = dst_discard, 262 .output = dst_discard, 263 }, 264 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 265 .rt6i_protocol = RTPROT_KERNEL, 266 .rt6i_metric = ~(u32) 0, 267 .rt6i_ref = ATOMIC_INIT(1), 268 }; 269 270 #endif 271 272 /* allocate dst with ip6_dst_ops */ 273 static inline struct rt6_info *ip6_dst_alloc(struct net *net, 274 struct net_device *dev, 275 int flags, 276 struct fib6_table *table) 277 { 278 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, 279 0, DST_OBSOLETE_FORCE_CHK, flags); 280 281 if (rt) { 282 struct dst_entry *dst = &rt->dst; 283 284 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); 285 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers); 286 rt->rt6i_genid = rt_genid_ipv6(net); 287 INIT_LIST_HEAD(&rt->rt6i_siblings); 288 } 289 return rt; 290 } 291 292 static void ip6_dst_destroy(struct dst_entry *dst) 293 { 294 struct rt6_info *rt = (struct rt6_info *)dst; 295 struct inet6_dev *idev = rt->rt6i_idev; 296 struct dst_entry *from = dst->from; 297 298 if (!(rt->dst.flags & DST_HOST)) 299 dst_destroy_metrics_generic(dst); 300 301 if (idev) { 302 rt->rt6i_idev = NULL; 303 in6_dev_put(idev); 304 } 305 306 dst->from = NULL; 307 dst_release(from); 308 309 if (rt6_has_peer(rt)) { 310 struct inet_peer *peer = rt6_peer_ptr(rt); 311 inet_putpeer(peer); 312 } 313 } 314 315 void rt6_bind_peer(struct rt6_info *rt, int create) 316 { 317 struct inet_peer_base *base; 318 struct inet_peer *peer; 319 320 base = inetpeer_base_ptr(rt->_rt6i_peer); 321 if (!base) 322 return; 323 324 peer = inet_getpeer_v6(base, &rt->rt6i_dst.addr, create); 325 if (peer) { 326 if (!rt6_set_peer(rt, peer)) 327 inet_putpeer(peer); 328 } 329 } 330 331 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev, 332 int how) 333 { 334 struct rt6_info *rt = (struct rt6_info *)dst; 335 struct inet6_dev *idev = rt->rt6i_idev; 336 struct net_device *loopback_dev = 337 dev_net(dev)->loopback_dev; 338 339 if (dev != loopback_dev) { 340 if (idev && idev->dev == dev) { 341 struct inet6_dev *loopback_idev = 342 in6_dev_get(loopback_dev); 343 if (loopback_idev) { 344 rt->rt6i_idev = loopback_idev; 345 in6_dev_put(idev); 346 } 347 } 348 } 349 } 350 351 static bool rt6_check_expired(const struct rt6_info *rt) 352 { 353 if (rt->rt6i_flags & RTF_EXPIRES) { 354 if (time_after(jiffies, rt->dst.expires)) 355 return true; 356 } else if (rt->dst.from) { 357 return rt6_check_expired((struct rt6_info *) rt->dst.from); 358 } 359 return false; 360 } 361 362 static bool rt6_need_strict(const struct in6_addr *daddr) 363 { 364 return ipv6_addr_type(daddr) & 365 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK); 366 } 367 368 /* Multipath route selection: 369 * Hash based function using packet header and flowlabel. 370 * Adapted from fib_info_hashfn() 371 */ 372 static int rt6_info_hash_nhsfn(unsigned int candidate_count, 373 const struct flowi6 *fl6) 374 { 375 unsigned int val = fl6->flowi6_proto; 376 377 val ^= ipv6_addr_hash(&fl6->daddr); 378 val ^= ipv6_addr_hash(&fl6->saddr); 379 380 /* Work only if this not encapsulated */ 381 switch (fl6->flowi6_proto) { 382 case IPPROTO_UDP: 383 case IPPROTO_TCP: 384 case IPPROTO_SCTP: 385 val ^= (__force u16)fl6->fl6_sport; 386 val ^= (__force u16)fl6->fl6_dport; 387 break; 388 389 case IPPROTO_ICMPV6: 390 val ^= (__force u16)fl6->fl6_icmp_type; 391 val ^= (__force u16)fl6->fl6_icmp_code; 392 break; 393 } 394 /* RFC6438 recommands to use flowlabel */ 395 val ^= (__force u32)fl6->flowlabel; 396 397 /* Perhaps, we need to tune, this function? */ 398 val = val ^ (val >> 7) ^ (val >> 12); 399 return val % candidate_count; 400 } 401 402 static struct rt6_info *rt6_multipath_select(struct rt6_info *match, 403 struct flowi6 *fl6, int oif, 404 int strict) 405 { 406 struct rt6_info *sibling, *next_sibling; 407 int route_choosen; 408 409 route_choosen = rt6_info_hash_nhsfn(match->rt6i_nsiblings + 1, fl6); 410 /* Don't change the route, if route_choosen == 0 411 * (siblings does not include ourself) 412 */ 413 if (route_choosen) 414 list_for_each_entry_safe(sibling, next_sibling, 415 &match->rt6i_siblings, rt6i_siblings) { 416 route_choosen--; 417 if (route_choosen == 0) { 418 if (rt6_score_route(sibling, oif, strict) < 0) 419 break; 420 match = sibling; 421 break; 422 } 423 } 424 return match; 425 } 426 427 /* 428 * Route lookup. Any table->tb6_lock is implied. 429 */ 430 431 static inline struct rt6_info *rt6_device_match(struct net *net, 432 struct rt6_info *rt, 433 const struct in6_addr *saddr, 434 int oif, 435 int flags) 436 { 437 struct rt6_info *local = NULL; 438 struct rt6_info *sprt; 439 440 if (!oif && ipv6_addr_any(saddr)) 441 goto out; 442 443 for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) { 444 struct net_device *dev = sprt->dst.dev; 445 446 if (oif) { 447 if (dev->ifindex == oif) 448 return sprt; 449 if (dev->flags & IFF_LOOPBACK) { 450 if (!sprt->rt6i_idev || 451 sprt->rt6i_idev->dev->ifindex != oif) { 452 if (flags & RT6_LOOKUP_F_IFACE && oif) 453 continue; 454 if (local && (!oif || 455 local->rt6i_idev->dev->ifindex == oif)) 456 continue; 457 } 458 local = sprt; 459 } 460 } else { 461 if (ipv6_chk_addr(net, saddr, dev, 462 flags & RT6_LOOKUP_F_IFACE)) 463 return sprt; 464 } 465 } 466 467 if (oif) { 468 if (local) 469 return local; 470 471 if (flags & RT6_LOOKUP_F_IFACE) 472 return net->ipv6.ip6_null_entry; 473 } 474 out: 475 return rt; 476 } 477 478 #ifdef CONFIG_IPV6_ROUTER_PREF 479 static void rt6_probe(struct rt6_info *rt) 480 { 481 struct neighbour *neigh; 482 /* 483 * Okay, this does not seem to be appropriate 484 * for now, however, we need to check if it 485 * is really so; aka Router Reachability Probing. 486 * 487 * Router Reachability Probe MUST be rate-limited 488 * to no more than one per minute. 489 */ 490 if (!rt || !(rt->rt6i_flags & RTF_GATEWAY)) 491 return; 492 rcu_read_lock_bh(); 493 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); 494 if (neigh) { 495 write_lock(&neigh->lock); 496 if (neigh->nud_state & NUD_VALID) 497 goto out; 498 } 499 500 if (!neigh || 501 time_after(jiffies, neigh->updated + rt->rt6i_idev->cnf.rtr_probe_interval)) { 502 struct in6_addr mcaddr; 503 struct in6_addr *target; 504 505 if (neigh) { 506 neigh->updated = jiffies; 507 write_unlock(&neigh->lock); 508 } 509 510 target = (struct in6_addr *)&rt->rt6i_gateway; 511 addrconf_addr_solict_mult(target, &mcaddr); 512 ndisc_send_ns(rt->dst.dev, NULL, target, &mcaddr, NULL); 513 } else { 514 out: 515 write_unlock(&neigh->lock); 516 } 517 rcu_read_unlock_bh(); 518 } 519 #else 520 static inline void rt6_probe(struct rt6_info *rt) 521 { 522 } 523 #endif 524 525 /* 526 * Default Router Selection (RFC 2461 6.3.6) 527 */ 528 static inline int rt6_check_dev(struct rt6_info *rt, int oif) 529 { 530 struct net_device *dev = rt->dst.dev; 531 if (!oif || dev->ifindex == oif) 532 return 2; 533 if ((dev->flags & IFF_LOOPBACK) && 534 rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif) 535 return 1; 536 return 0; 537 } 538 539 static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt) 540 { 541 struct neighbour *neigh; 542 enum rt6_nud_state ret = RT6_NUD_FAIL_HARD; 543 544 if (rt->rt6i_flags & RTF_NONEXTHOP || 545 !(rt->rt6i_flags & RTF_GATEWAY)) 546 return RT6_NUD_SUCCEED; 547 548 rcu_read_lock_bh(); 549 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway); 550 if (neigh) { 551 read_lock(&neigh->lock); 552 if (neigh->nud_state & NUD_VALID) 553 ret = RT6_NUD_SUCCEED; 554 #ifdef CONFIG_IPV6_ROUTER_PREF 555 else if (!(neigh->nud_state & NUD_FAILED)) 556 ret = RT6_NUD_SUCCEED; 557 #endif 558 read_unlock(&neigh->lock); 559 } else { 560 ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ? 561 RT6_NUD_SUCCEED : RT6_NUD_FAIL_SOFT; 562 } 563 rcu_read_unlock_bh(); 564 565 return ret; 566 } 567 568 static int rt6_score_route(struct rt6_info *rt, int oif, 569 int strict) 570 { 571 int m; 572 573 m = rt6_check_dev(rt, oif); 574 if (!m && (strict & RT6_LOOKUP_F_IFACE)) 575 return RT6_NUD_FAIL_HARD; 576 #ifdef CONFIG_IPV6_ROUTER_PREF 577 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2; 578 #endif 579 if (strict & RT6_LOOKUP_F_REACHABLE) { 580 int n = rt6_check_neigh(rt); 581 if (n < 0) 582 return n; 583 } 584 return m; 585 } 586 587 static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict, 588 int *mpri, struct rt6_info *match, 589 bool *do_rr) 590 { 591 int m; 592 bool match_do_rr = false; 593 594 if (rt6_check_expired(rt)) 595 goto out; 596 597 m = rt6_score_route(rt, oif, strict); 598 if (m == RT6_NUD_FAIL_SOFT && !IS_ENABLED(CONFIG_IPV6_ROUTER_PREF)) { 599 match_do_rr = true; 600 m = 0; /* lowest valid score */ 601 } else if (m < 0) { 602 goto out; 603 } 604 605 if (strict & RT6_LOOKUP_F_REACHABLE) 606 rt6_probe(rt); 607 608 if (m > *mpri) { 609 *do_rr = match_do_rr; 610 *mpri = m; 611 match = rt; 612 } 613 out: 614 return match; 615 } 616 617 static struct rt6_info *find_rr_leaf(struct fib6_node *fn, 618 struct rt6_info *rr_head, 619 u32 metric, int oif, int strict, 620 bool *do_rr) 621 { 622 struct rt6_info *rt, *match; 623 int mpri = -1; 624 625 match = NULL; 626 for (rt = rr_head; rt && rt->rt6i_metric == metric; 627 rt = rt->dst.rt6_next) 628 match = find_match(rt, oif, strict, &mpri, match, do_rr); 629 for (rt = fn->leaf; rt && rt != rr_head && rt->rt6i_metric == metric; 630 rt = rt->dst.rt6_next) 631 match = find_match(rt, oif, strict, &mpri, match, do_rr); 632 633 return match; 634 } 635 636 static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict) 637 { 638 struct rt6_info *match, *rt0; 639 struct net *net; 640 bool do_rr = false; 641 642 rt0 = fn->rr_ptr; 643 if (!rt0) 644 fn->rr_ptr = rt0 = fn->leaf; 645 646 match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict, 647 &do_rr); 648 649 if (do_rr) { 650 struct rt6_info *next = rt0->dst.rt6_next; 651 652 /* no entries matched; do round-robin */ 653 if (!next || next->rt6i_metric != rt0->rt6i_metric) 654 next = fn->leaf; 655 656 if (next != rt0) 657 fn->rr_ptr = next; 658 } 659 660 net = dev_net(rt0->dst.dev); 661 return match ? match : net->ipv6.ip6_null_entry; 662 } 663 664 #ifdef CONFIG_IPV6_ROUTE_INFO 665 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len, 666 const struct in6_addr *gwaddr) 667 { 668 struct net *net = dev_net(dev); 669 struct route_info *rinfo = (struct route_info *) opt; 670 struct in6_addr prefix_buf, *prefix; 671 unsigned int pref; 672 unsigned long lifetime; 673 struct rt6_info *rt; 674 675 if (len < sizeof(struct route_info)) { 676 return -EINVAL; 677 } 678 679 /* Sanity check for prefix_len and length */ 680 if (rinfo->length > 3) { 681 return -EINVAL; 682 } else if (rinfo->prefix_len > 128) { 683 return -EINVAL; 684 } else if (rinfo->prefix_len > 64) { 685 if (rinfo->length < 2) { 686 return -EINVAL; 687 } 688 } else if (rinfo->prefix_len > 0) { 689 if (rinfo->length < 1) { 690 return -EINVAL; 691 } 692 } 693 694 pref = rinfo->route_pref; 695 if (pref == ICMPV6_ROUTER_PREF_INVALID) 696 return -EINVAL; 697 698 lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ); 699 700 if (rinfo->length == 3) 701 prefix = (struct in6_addr *)rinfo->prefix; 702 else { 703 /* this function is safe */ 704 ipv6_addr_prefix(&prefix_buf, 705 (struct in6_addr *)rinfo->prefix, 706 rinfo->prefix_len); 707 prefix = &prefix_buf; 708 } 709 710 rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, gwaddr, 711 dev->ifindex); 712 713 if (rt && !lifetime) { 714 ip6_del_rt(rt); 715 rt = NULL; 716 } 717 718 if (!rt && lifetime) 719 rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, dev->ifindex, 720 pref); 721 else if (rt) 722 rt->rt6i_flags = RTF_ROUTEINFO | 723 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 724 725 if (rt) { 726 if (!addrconf_finite_timeout(lifetime)) 727 rt6_clean_expires(rt); 728 else 729 rt6_set_expires(rt, jiffies + HZ * lifetime); 730 731 ip6_rt_put(rt); 732 } 733 return 0; 734 } 735 #endif 736 737 #define BACKTRACK(__net, saddr) \ 738 do { \ 739 if (rt == __net->ipv6.ip6_null_entry) { \ 740 struct fib6_node *pn; \ 741 while (1) { \ 742 if (fn->fn_flags & RTN_TL_ROOT) \ 743 goto out; \ 744 pn = fn->parent; \ 745 if (FIB6_SUBTREE(pn) && FIB6_SUBTREE(pn) != fn) \ 746 fn = fib6_lookup(FIB6_SUBTREE(pn), NULL, saddr); \ 747 else \ 748 fn = pn; \ 749 if (fn->fn_flags & RTN_RTINFO) \ 750 goto restart; \ 751 } \ 752 } \ 753 } while (0) 754 755 static struct rt6_info *ip6_pol_route_lookup(struct net *net, 756 struct fib6_table *table, 757 struct flowi6 *fl6, int flags) 758 { 759 struct fib6_node *fn; 760 struct rt6_info *rt; 761 762 read_lock_bh(&table->tb6_lock); 763 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 764 restart: 765 rt = fn->leaf; 766 rt = rt6_device_match(net, rt, &fl6->saddr, fl6->flowi6_oif, flags); 767 if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0) 768 rt = rt6_multipath_select(rt, fl6, fl6->flowi6_oif, flags); 769 BACKTRACK(net, &fl6->saddr); 770 out: 771 dst_use(&rt->dst, jiffies); 772 read_unlock_bh(&table->tb6_lock); 773 return rt; 774 775 } 776 777 struct dst_entry * ip6_route_lookup(struct net *net, struct flowi6 *fl6, 778 int flags) 779 { 780 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup); 781 } 782 EXPORT_SYMBOL_GPL(ip6_route_lookup); 783 784 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr, 785 const struct in6_addr *saddr, int oif, int strict) 786 { 787 struct flowi6 fl6 = { 788 .flowi6_oif = oif, 789 .daddr = *daddr, 790 }; 791 struct dst_entry *dst; 792 int flags = strict ? RT6_LOOKUP_F_IFACE : 0; 793 794 if (saddr) { 795 memcpy(&fl6.saddr, saddr, sizeof(*saddr)); 796 flags |= RT6_LOOKUP_F_HAS_SADDR; 797 } 798 799 dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup); 800 if (dst->error == 0) 801 return (struct rt6_info *) dst; 802 803 dst_release(dst); 804 805 return NULL; 806 } 807 808 EXPORT_SYMBOL(rt6_lookup); 809 810 /* ip6_ins_rt is called with FREE table->tb6_lock. 811 It takes new route entry, the addition fails by any reason the 812 route is freed. In any case, if caller does not hold it, it may 813 be destroyed. 814 */ 815 816 static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info) 817 { 818 int err; 819 struct fib6_table *table; 820 821 table = rt->rt6i_table; 822 write_lock_bh(&table->tb6_lock); 823 err = fib6_add(&table->tb6_root, rt, info); 824 write_unlock_bh(&table->tb6_lock); 825 826 return err; 827 } 828 829 int ip6_ins_rt(struct rt6_info *rt) 830 { 831 struct nl_info info = { 832 .nl_net = dev_net(rt->dst.dev), 833 }; 834 return __ip6_ins_rt(rt, &info); 835 } 836 837 static struct rt6_info *rt6_alloc_cow(struct rt6_info *ort, 838 const struct in6_addr *daddr, 839 const struct in6_addr *saddr) 840 { 841 struct rt6_info *rt; 842 843 /* 844 * Clone the route. 845 */ 846 847 rt = ip6_rt_copy(ort, daddr); 848 849 if (rt) { 850 if (!(rt->rt6i_flags & RTF_GATEWAY)) { 851 if (ort->rt6i_dst.plen != 128 && 852 ipv6_addr_equal(&ort->rt6i_dst.addr, daddr)) 853 rt->rt6i_flags |= RTF_ANYCAST; 854 rt->rt6i_gateway = *daddr; 855 } 856 857 rt->rt6i_flags |= RTF_CACHE; 858 859 #ifdef CONFIG_IPV6_SUBTREES 860 if (rt->rt6i_src.plen && saddr) { 861 rt->rt6i_src.addr = *saddr; 862 rt->rt6i_src.plen = 128; 863 } 864 #endif 865 } 866 867 return rt; 868 } 869 870 static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, 871 const struct in6_addr *daddr) 872 { 873 struct rt6_info *rt = ip6_rt_copy(ort, daddr); 874 875 if (rt) 876 rt->rt6i_flags |= RTF_CACHE; 877 return rt; 878 } 879 880 static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif, 881 struct flowi6 *fl6, int flags) 882 { 883 struct fib6_node *fn; 884 struct rt6_info *rt, *nrt; 885 int strict = 0; 886 int attempts = 3; 887 int err; 888 int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; 889 890 strict |= flags & RT6_LOOKUP_F_IFACE; 891 892 relookup: 893 read_lock_bh(&table->tb6_lock); 894 895 restart_2: 896 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 897 898 restart: 899 rt = rt6_select(fn, oif, strict | reachable); 900 if (rt->rt6i_nsiblings) 901 rt = rt6_multipath_select(rt, fl6, oif, strict | reachable); 902 BACKTRACK(net, &fl6->saddr); 903 if (rt == net->ipv6.ip6_null_entry || 904 rt->rt6i_flags & RTF_CACHE) 905 goto out; 906 907 dst_hold(&rt->dst); 908 read_unlock_bh(&table->tb6_lock); 909 910 if (!(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY))) 911 nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); 912 else if (!(rt->dst.flags & DST_HOST)) 913 nrt = rt6_alloc_clone(rt, &fl6->daddr); 914 else 915 goto out2; 916 917 ip6_rt_put(rt); 918 rt = nrt ? : net->ipv6.ip6_null_entry; 919 920 dst_hold(&rt->dst); 921 if (nrt) { 922 err = ip6_ins_rt(nrt); 923 if (!err) 924 goto out2; 925 } 926 927 if (--attempts <= 0) 928 goto out2; 929 930 /* 931 * Race condition! In the gap, when table->tb6_lock was 932 * released someone could insert this route. Relookup. 933 */ 934 ip6_rt_put(rt); 935 goto relookup; 936 937 out: 938 if (reachable) { 939 reachable = 0; 940 goto restart_2; 941 } 942 dst_hold(&rt->dst); 943 read_unlock_bh(&table->tb6_lock); 944 out2: 945 rt->dst.lastuse = jiffies; 946 rt->dst.__use++; 947 948 return rt; 949 } 950 951 static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, 952 struct flowi6 *fl6, int flags) 953 { 954 return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); 955 } 956 957 static struct dst_entry *ip6_route_input_lookup(struct net *net, 958 struct net_device *dev, 959 struct flowi6 *fl6, int flags) 960 { 961 if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG) 962 flags |= RT6_LOOKUP_F_IFACE; 963 964 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input); 965 } 966 967 void ip6_route_input(struct sk_buff *skb) 968 { 969 const struct ipv6hdr *iph = ipv6_hdr(skb); 970 struct net *net = dev_net(skb->dev); 971 int flags = RT6_LOOKUP_F_HAS_SADDR; 972 struct flowi6 fl6 = { 973 .flowi6_iif = skb->dev->ifindex, 974 .daddr = iph->daddr, 975 .saddr = iph->saddr, 976 .flowlabel = ip6_flowinfo(iph), 977 .flowi6_mark = skb->mark, 978 .flowi6_proto = iph->nexthdr, 979 }; 980 981 skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags)); 982 } 983 984 static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, 985 struct flowi6 *fl6, int flags) 986 { 987 return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); 988 } 989 990 struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk, 991 struct flowi6 *fl6) 992 { 993 int flags = 0; 994 995 fl6->flowi6_iif = LOOPBACK_IFINDEX; 996 997 if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr)) 998 flags |= RT6_LOOKUP_F_IFACE; 999 1000 if (!ipv6_addr_any(&fl6->saddr)) 1001 flags |= RT6_LOOKUP_F_HAS_SADDR; 1002 else if (sk) 1003 flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs); 1004 1005 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output); 1006 } 1007 1008 EXPORT_SYMBOL(ip6_route_output); 1009 1010 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig) 1011 { 1012 struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig; 1013 struct dst_entry *new = NULL; 1014 1015 rt = dst_alloc(&ip6_dst_blackhole_ops, ort->dst.dev, 1, DST_OBSOLETE_NONE, 0); 1016 if (rt) { 1017 new = &rt->dst; 1018 1019 memset(new + 1, 0, sizeof(*rt) - sizeof(*new)); 1020 rt6_init_peer(rt, net->ipv6.peers); 1021 1022 new->__use = 1; 1023 new->input = dst_discard; 1024 new->output = dst_discard; 1025 1026 if (dst_metrics_read_only(&ort->dst)) 1027 new->_metrics = ort->dst._metrics; 1028 else 1029 dst_copy_metrics(new, &ort->dst); 1030 rt->rt6i_idev = ort->rt6i_idev; 1031 if (rt->rt6i_idev) 1032 in6_dev_hold(rt->rt6i_idev); 1033 1034 rt->rt6i_gateway = ort->rt6i_gateway; 1035 rt->rt6i_flags = ort->rt6i_flags; 1036 rt->rt6i_metric = 0; 1037 1038 memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key)); 1039 #ifdef CONFIG_IPV6_SUBTREES 1040 memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); 1041 #endif 1042 1043 dst_free(new); 1044 } 1045 1046 dst_release(dst_orig); 1047 return new ? new : ERR_PTR(-ENOMEM); 1048 } 1049 1050 /* 1051 * Destination cache support functions 1052 */ 1053 1054 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie) 1055 { 1056 struct rt6_info *rt; 1057 1058 rt = (struct rt6_info *) dst; 1059 1060 /* All IPV6 dsts are created with ->obsolete set to the value 1061 * DST_OBSOLETE_FORCE_CHK which forces validation calls down 1062 * into this function always. 1063 */ 1064 if (rt->rt6i_genid != rt_genid_ipv6(dev_net(rt->dst.dev))) 1065 return NULL; 1066 1067 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) 1068 return dst; 1069 1070 return NULL; 1071 } 1072 1073 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst) 1074 { 1075 struct rt6_info *rt = (struct rt6_info *) dst; 1076 1077 if (rt) { 1078 if (rt->rt6i_flags & RTF_CACHE) { 1079 if (rt6_check_expired(rt)) { 1080 ip6_del_rt(rt); 1081 dst = NULL; 1082 } 1083 } else { 1084 dst_release(dst); 1085 dst = NULL; 1086 } 1087 } 1088 return dst; 1089 } 1090 1091 static void ip6_link_failure(struct sk_buff *skb) 1092 { 1093 struct rt6_info *rt; 1094 1095 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); 1096 1097 rt = (struct rt6_info *) skb_dst(skb); 1098 if (rt) { 1099 if (rt->rt6i_flags & RTF_CACHE) { 1100 dst_hold(&rt->dst); 1101 if (ip6_del_rt(rt)) 1102 dst_free(&rt->dst); 1103 } else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) { 1104 rt->rt6i_node->fn_sernum = -1; 1105 } 1106 } 1107 } 1108 1109 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, 1110 struct sk_buff *skb, u32 mtu) 1111 { 1112 struct rt6_info *rt6 = (struct rt6_info*)dst; 1113 1114 dst_confirm(dst); 1115 if (mtu < dst_mtu(dst) && rt6->rt6i_dst.plen == 128) { 1116 struct net *net = dev_net(dst->dev); 1117 1118 rt6->rt6i_flags |= RTF_MODIFIED; 1119 if (mtu < IPV6_MIN_MTU) { 1120 u32 features = dst_metric(dst, RTAX_FEATURES); 1121 mtu = IPV6_MIN_MTU; 1122 features |= RTAX_FEATURE_ALLFRAG; 1123 dst_metric_set(dst, RTAX_FEATURES, features); 1124 } 1125 dst_metric_set(dst, RTAX_MTU, mtu); 1126 rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires); 1127 } 1128 } 1129 1130 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu, 1131 int oif, u32 mark) 1132 { 1133 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; 1134 struct dst_entry *dst; 1135 struct flowi6 fl6; 1136 1137 memset(&fl6, 0, sizeof(fl6)); 1138 fl6.flowi6_oif = oif; 1139 fl6.flowi6_mark = mark; 1140 fl6.daddr = iph->daddr; 1141 fl6.saddr = iph->saddr; 1142 fl6.flowlabel = ip6_flowinfo(iph); 1143 1144 dst = ip6_route_output(net, NULL, &fl6); 1145 if (!dst->error) 1146 ip6_rt_update_pmtu(dst, NULL, skb, ntohl(mtu)); 1147 dst_release(dst); 1148 } 1149 EXPORT_SYMBOL_GPL(ip6_update_pmtu); 1150 1151 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu) 1152 { 1153 ip6_update_pmtu(skb, sock_net(sk), mtu, 1154 sk->sk_bound_dev_if, sk->sk_mark); 1155 } 1156 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu); 1157 1158 /* Handle redirects */ 1159 struct ip6rd_flowi { 1160 struct flowi6 fl6; 1161 struct in6_addr gateway; 1162 }; 1163 1164 static struct rt6_info *__ip6_route_redirect(struct net *net, 1165 struct fib6_table *table, 1166 struct flowi6 *fl6, 1167 int flags) 1168 { 1169 struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6; 1170 struct rt6_info *rt; 1171 struct fib6_node *fn; 1172 1173 /* Get the "current" route for this destination and 1174 * check if the redirect has come from approriate router. 1175 * 1176 * RFC 4861 specifies that redirects should only be 1177 * accepted if they come from the nexthop to the target. 1178 * Due to the way the routes are chosen, this notion 1179 * is a bit fuzzy and one might need to check all possible 1180 * routes. 1181 */ 1182 1183 read_lock_bh(&table->tb6_lock); 1184 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); 1185 restart: 1186 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 1187 if (rt6_check_expired(rt)) 1188 continue; 1189 if (rt->dst.error) 1190 break; 1191 if (!(rt->rt6i_flags & RTF_GATEWAY)) 1192 continue; 1193 if (fl6->flowi6_oif != rt->dst.dev->ifindex) 1194 continue; 1195 if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway)) 1196 continue; 1197 break; 1198 } 1199 1200 if (!rt) 1201 rt = net->ipv6.ip6_null_entry; 1202 else if (rt->dst.error) { 1203 rt = net->ipv6.ip6_null_entry; 1204 goto out; 1205 } 1206 BACKTRACK(net, &fl6->saddr); 1207 out: 1208 dst_hold(&rt->dst); 1209 1210 read_unlock_bh(&table->tb6_lock); 1211 1212 return rt; 1213 }; 1214 1215 static struct dst_entry *ip6_route_redirect(struct net *net, 1216 const struct flowi6 *fl6, 1217 const struct in6_addr *gateway) 1218 { 1219 int flags = RT6_LOOKUP_F_HAS_SADDR; 1220 struct ip6rd_flowi rdfl; 1221 1222 rdfl.fl6 = *fl6; 1223 rdfl.gateway = *gateway; 1224 1225 return fib6_rule_lookup(net, &rdfl.fl6, 1226 flags, __ip6_route_redirect); 1227 } 1228 1229 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark) 1230 { 1231 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data; 1232 struct dst_entry *dst; 1233 struct flowi6 fl6; 1234 1235 memset(&fl6, 0, sizeof(fl6)); 1236 fl6.flowi6_oif = oif; 1237 fl6.flowi6_mark = mark; 1238 fl6.daddr = iph->daddr; 1239 fl6.saddr = iph->saddr; 1240 fl6.flowlabel = ip6_flowinfo(iph); 1241 1242 dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr); 1243 rt6_do_redirect(dst, NULL, skb); 1244 dst_release(dst); 1245 } 1246 EXPORT_SYMBOL_GPL(ip6_redirect); 1247 1248 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif, 1249 u32 mark) 1250 { 1251 const struct ipv6hdr *iph = ipv6_hdr(skb); 1252 const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb); 1253 struct dst_entry *dst; 1254 struct flowi6 fl6; 1255 1256 memset(&fl6, 0, sizeof(fl6)); 1257 fl6.flowi6_oif = oif; 1258 fl6.flowi6_mark = mark; 1259 fl6.daddr = msg->dest; 1260 fl6.saddr = iph->daddr; 1261 1262 dst = ip6_route_redirect(net, &fl6, &iph->saddr); 1263 rt6_do_redirect(dst, NULL, skb); 1264 dst_release(dst); 1265 } 1266 1267 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk) 1268 { 1269 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark); 1270 } 1271 EXPORT_SYMBOL_GPL(ip6_sk_redirect); 1272 1273 static unsigned int ip6_default_advmss(const struct dst_entry *dst) 1274 { 1275 struct net_device *dev = dst->dev; 1276 unsigned int mtu = dst_mtu(dst); 1277 struct net *net = dev_net(dev); 1278 1279 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr); 1280 1281 if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss) 1282 mtu = net->ipv6.sysctl.ip6_rt_min_advmss; 1283 1284 /* 1285 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and 1286 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size. 1287 * IPV6_MAXPLEN is also valid and means: "any MSS, 1288 * rely only on pmtu discovery" 1289 */ 1290 if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr)) 1291 mtu = IPV6_MAXPLEN; 1292 return mtu; 1293 } 1294 1295 static unsigned int ip6_mtu(const struct dst_entry *dst) 1296 { 1297 struct inet6_dev *idev; 1298 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU); 1299 1300 if (mtu) 1301 return mtu; 1302 1303 mtu = IPV6_MIN_MTU; 1304 1305 rcu_read_lock(); 1306 idev = __in6_dev_get(dst->dev); 1307 if (idev) 1308 mtu = idev->cnf.mtu6; 1309 rcu_read_unlock(); 1310 1311 return mtu; 1312 } 1313 1314 static struct dst_entry *icmp6_dst_gc_list; 1315 static DEFINE_SPINLOCK(icmp6_dst_lock); 1316 1317 struct dst_entry *icmp6_dst_alloc(struct net_device *dev, 1318 struct flowi6 *fl6) 1319 { 1320 struct dst_entry *dst; 1321 struct rt6_info *rt; 1322 struct inet6_dev *idev = in6_dev_get(dev); 1323 struct net *net = dev_net(dev); 1324 1325 if (unlikely(!idev)) 1326 return ERR_PTR(-ENODEV); 1327 1328 rt = ip6_dst_alloc(net, dev, 0, NULL); 1329 if (unlikely(!rt)) { 1330 in6_dev_put(idev); 1331 dst = ERR_PTR(-ENOMEM); 1332 goto out; 1333 } 1334 1335 rt->dst.flags |= DST_HOST; 1336 rt->dst.output = ip6_output; 1337 atomic_set(&rt->dst.__refcnt, 1); 1338 rt->rt6i_dst.addr = fl6->daddr; 1339 rt->rt6i_dst.plen = 128; 1340 rt->rt6i_idev = idev; 1341 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0); 1342 1343 spin_lock_bh(&icmp6_dst_lock); 1344 rt->dst.next = icmp6_dst_gc_list; 1345 icmp6_dst_gc_list = &rt->dst; 1346 spin_unlock_bh(&icmp6_dst_lock); 1347 1348 fib6_force_start_gc(net); 1349 1350 dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0); 1351 1352 out: 1353 return dst; 1354 } 1355 1356 int icmp6_dst_gc(void) 1357 { 1358 struct dst_entry *dst, **pprev; 1359 int more = 0; 1360 1361 spin_lock_bh(&icmp6_dst_lock); 1362 pprev = &icmp6_dst_gc_list; 1363 1364 while ((dst = *pprev) != NULL) { 1365 if (!atomic_read(&dst->__refcnt)) { 1366 *pprev = dst->next; 1367 dst_free(dst); 1368 } else { 1369 pprev = &dst->next; 1370 ++more; 1371 } 1372 } 1373 1374 spin_unlock_bh(&icmp6_dst_lock); 1375 1376 return more; 1377 } 1378 1379 static void icmp6_clean_all(int (*func)(struct rt6_info *rt, void *arg), 1380 void *arg) 1381 { 1382 struct dst_entry *dst, **pprev; 1383 1384 spin_lock_bh(&icmp6_dst_lock); 1385 pprev = &icmp6_dst_gc_list; 1386 while ((dst = *pprev) != NULL) { 1387 struct rt6_info *rt = (struct rt6_info *) dst; 1388 if (func(rt, arg)) { 1389 *pprev = dst->next; 1390 dst_free(dst); 1391 } else { 1392 pprev = &dst->next; 1393 } 1394 } 1395 spin_unlock_bh(&icmp6_dst_lock); 1396 } 1397 1398 static int ip6_dst_gc(struct dst_ops *ops) 1399 { 1400 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops); 1401 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval; 1402 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size; 1403 int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity; 1404 int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout; 1405 unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc; 1406 int entries; 1407 1408 entries = dst_entries_get_fast(ops); 1409 if (time_after(rt_last_gc + rt_min_interval, jiffies) && 1410 entries <= rt_max_size) 1411 goto out; 1412 1413 net->ipv6.ip6_rt_gc_expire++; 1414 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, entries > rt_max_size); 1415 entries = dst_entries_get_slow(ops); 1416 if (entries < ops->gc_thresh) 1417 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1; 1418 out: 1419 net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity; 1420 return entries > rt_max_size; 1421 } 1422 1423 /* 1424 * 1425 */ 1426 1427 int ip6_route_add(struct fib6_config *cfg) 1428 { 1429 int err; 1430 struct net *net = cfg->fc_nlinfo.nl_net; 1431 struct rt6_info *rt = NULL; 1432 struct net_device *dev = NULL; 1433 struct inet6_dev *idev = NULL; 1434 struct fib6_table *table; 1435 int addr_type; 1436 1437 if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128) 1438 return -EINVAL; 1439 #ifndef CONFIG_IPV6_SUBTREES 1440 if (cfg->fc_src_len) 1441 return -EINVAL; 1442 #endif 1443 if (cfg->fc_ifindex) { 1444 err = -ENODEV; 1445 dev = dev_get_by_index(net, cfg->fc_ifindex); 1446 if (!dev) 1447 goto out; 1448 idev = in6_dev_get(dev); 1449 if (!idev) 1450 goto out; 1451 } 1452 1453 if (cfg->fc_metric == 0) 1454 cfg->fc_metric = IP6_RT_PRIO_USER; 1455 1456 err = -ENOBUFS; 1457 if (cfg->fc_nlinfo.nlh && 1458 !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) { 1459 table = fib6_get_table(net, cfg->fc_table); 1460 if (!table) { 1461 pr_warn("NLM_F_CREATE should be specified when creating new route\n"); 1462 table = fib6_new_table(net, cfg->fc_table); 1463 } 1464 } else { 1465 table = fib6_new_table(net, cfg->fc_table); 1466 } 1467 1468 if (!table) 1469 goto out; 1470 1471 rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table); 1472 1473 if (!rt) { 1474 err = -ENOMEM; 1475 goto out; 1476 } 1477 1478 if (cfg->fc_flags & RTF_EXPIRES) 1479 rt6_set_expires(rt, jiffies + 1480 clock_t_to_jiffies(cfg->fc_expires)); 1481 else 1482 rt6_clean_expires(rt); 1483 1484 if (cfg->fc_protocol == RTPROT_UNSPEC) 1485 cfg->fc_protocol = RTPROT_BOOT; 1486 rt->rt6i_protocol = cfg->fc_protocol; 1487 1488 addr_type = ipv6_addr_type(&cfg->fc_dst); 1489 1490 if (addr_type & IPV6_ADDR_MULTICAST) 1491 rt->dst.input = ip6_mc_input; 1492 else if (cfg->fc_flags & RTF_LOCAL) 1493 rt->dst.input = ip6_input; 1494 else 1495 rt->dst.input = ip6_forward; 1496 1497 rt->dst.output = ip6_output; 1498 1499 ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len); 1500 rt->rt6i_dst.plen = cfg->fc_dst_len; 1501 if (rt->rt6i_dst.plen == 128) 1502 rt->dst.flags |= DST_HOST; 1503 1504 if (!(rt->dst.flags & DST_HOST) && cfg->fc_mx) { 1505 u32 *metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL); 1506 if (!metrics) { 1507 err = -ENOMEM; 1508 goto out; 1509 } 1510 dst_init_metrics(&rt->dst, metrics, 0); 1511 } 1512 #ifdef CONFIG_IPV6_SUBTREES 1513 ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len); 1514 rt->rt6i_src.plen = cfg->fc_src_len; 1515 #endif 1516 1517 rt->rt6i_metric = cfg->fc_metric; 1518 1519 /* We cannot add true routes via loopback here, 1520 they would result in kernel looping; promote them to reject routes 1521 */ 1522 if ((cfg->fc_flags & RTF_REJECT) || 1523 (dev && (dev->flags & IFF_LOOPBACK) && 1524 !(addr_type & IPV6_ADDR_LOOPBACK) && 1525 !(cfg->fc_flags & RTF_LOCAL))) { 1526 /* hold loopback dev/idev if we haven't done so. */ 1527 if (dev != net->loopback_dev) { 1528 if (dev) { 1529 dev_put(dev); 1530 in6_dev_put(idev); 1531 } 1532 dev = net->loopback_dev; 1533 dev_hold(dev); 1534 idev = in6_dev_get(dev); 1535 if (!idev) { 1536 err = -ENODEV; 1537 goto out; 1538 } 1539 } 1540 rt->dst.output = ip6_pkt_discard_out; 1541 rt->dst.input = ip6_pkt_discard; 1542 rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP; 1543 switch (cfg->fc_type) { 1544 case RTN_BLACKHOLE: 1545 rt->dst.error = -EINVAL; 1546 break; 1547 case RTN_PROHIBIT: 1548 rt->dst.error = -EACCES; 1549 break; 1550 case RTN_THROW: 1551 rt->dst.error = -EAGAIN; 1552 break; 1553 default: 1554 rt->dst.error = -ENETUNREACH; 1555 break; 1556 } 1557 goto install_route; 1558 } 1559 1560 if (cfg->fc_flags & RTF_GATEWAY) { 1561 const struct in6_addr *gw_addr; 1562 int gwa_type; 1563 1564 gw_addr = &cfg->fc_gateway; 1565 rt->rt6i_gateway = *gw_addr; 1566 gwa_type = ipv6_addr_type(gw_addr); 1567 1568 if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) { 1569 struct rt6_info *grt; 1570 1571 /* IPv6 strictly inhibits using not link-local 1572 addresses as nexthop address. 1573 Otherwise, router will not able to send redirects. 1574 It is very good, but in some (rare!) circumstances 1575 (SIT, PtP, NBMA NOARP links) it is handy to allow 1576 some exceptions. --ANK 1577 */ 1578 err = -EINVAL; 1579 if (!(gwa_type & IPV6_ADDR_UNICAST)) 1580 goto out; 1581 1582 grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, 1); 1583 1584 err = -EHOSTUNREACH; 1585 if (!grt) 1586 goto out; 1587 if (dev) { 1588 if (dev != grt->dst.dev) { 1589 ip6_rt_put(grt); 1590 goto out; 1591 } 1592 } else { 1593 dev = grt->dst.dev; 1594 idev = grt->rt6i_idev; 1595 dev_hold(dev); 1596 in6_dev_hold(grt->rt6i_idev); 1597 } 1598 if (!(grt->rt6i_flags & RTF_GATEWAY)) 1599 err = 0; 1600 ip6_rt_put(grt); 1601 1602 if (err) 1603 goto out; 1604 } 1605 err = -EINVAL; 1606 if (!dev || (dev->flags & IFF_LOOPBACK)) 1607 goto out; 1608 } 1609 1610 err = -ENODEV; 1611 if (!dev) 1612 goto out; 1613 1614 if (!ipv6_addr_any(&cfg->fc_prefsrc)) { 1615 if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) { 1616 err = -EINVAL; 1617 goto out; 1618 } 1619 rt->rt6i_prefsrc.addr = cfg->fc_prefsrc; 1620 rt->rt6i_prefsrc.plen = 128; 1621 } else 1622 rt->rt6i_prefsrc.plen = 0; 1623 1624 rt->rt6i_flags = cfg->fc_flags; 1625 1626 install_route: 1627 if (cfg->fc_mx) { 1628 struct nlattr *nla; 1629 int remaining; 1630 1631 nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) { 1632 int type = nla_type(nla); 1633 1634 if (type) { 1635 if (type > RTAX_MAX) { 1636 err = -EINVAL; 1637 goto out; 1638 } 1639 1640 dst_metric_set(&rt->dst, type, nla_get_u32(nla)); 1641 } 1642 } 1643 } 1644 1645 rt->dst.dev = dev; 1646 rt->rt6i_idev = idev; 1647 rt->rt6i_table = table; 1648 1649 cfg->fc_nlinfo.nl_net = dev_net(dev); 1650 1651 return __ip6_ins_rt(rt, &cfg->fc_nlinfo); 1652 1653 out: 1654 if (dev) 1655 dev_put(dev); 1656 if (idev) 1657 in6_dev_put(idev); 1658 if (rt) 1659 dst_free(&rt->dst); 1660 return err; 1661 } 1662 1663 static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info) 1664 { 1665 int err; 1666 struct fib6_table *table; 1667 struct net *net = dev_net(rt->dst.dev); 1668 1669 if (rt == net->ipv6.ip6_null_entry) { 1670 err = -ENOENT; 1671 goto out; 1672 } 1673 1674 table = rt->rt6i_table; 1675 write_lock_bh(&table->tb6_lock); 1676 err = fib6_del(rt, info); 1677 write_unlock_bh(&table->tb6_lock); 1678 1679 out: 1680 ip6_rt_put(rt); 1681 return err; 1682 } 1683 1684 int ip6_del_rt(struct rt6_info *rt) 1685 { 1686 struct nl_info info = { 1687 .nl_net = dev_net(rt->dst.dev), 1688 }; 1689 return __ip6_del_rt(rt, &info); 1690 } 1691 1692 static int ip6_route_del(struct fib6_config *cfg) 1693 { 1694 struct fib6_table *table; 1695 struct fib6_node *fn; 1696 struct rt6_info *rt; 1697 int err = -ESRCH; 1698 1699 table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table); 1700 if (!table) 1701 return err; 1702 1703 read_lock_bh(&table->tb6_lock); 1704 1705 fn = fib6_locate(&table->tb6_root, 1706 &cfg->fc_dst, cfg->fc_dst_len, 1707 &cfg->fc_src, cfg->fc_src_len); 1708 1709 if (fn) { 1710 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 1711 if (cfg->fc_ifindex && 1712 (!rt->dst.dev || 1713 rt->dst.dev->ifindex != cfg->fc_ifindex)) 1714 continue; 1715 if (cfg->fc_flags & RTF_GATEWAY && 1716 !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway)) 1717 continue; 1718 if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric) 1719 continue; 1720 dst_hold(&rt->dst); 1721 read_unlock_bh(&table->tb6_lock); 1722 1723 return __ip6_del_rt(rt, &cfg->fc_nlinfo); 1724 } 1725 } 1726 read_unlock_bh(&table->tb6_lock); 1727 1728 return err; 1729 } 1730 1731 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb) 1732 { 1733 struct net *net = dev_net(skb->dev); 1734 struct netevent_redirect netevent; 1735 struct rt6_info *rt, *nrt = NULL; 1736 struct ndisc_options ndopts; 1737 struct inet6_dev *in6_dev; 1738 struct neighbour *neigh; 1739 struct rd_msg *msg; 1740 int optlen, on_link; 1741 u8 *lladdr; 1742 1743 optlen = skb_tail_pointer(skb) - skb_transport_header(skb); 1744 optlen -= sizeof(*msg); 1745 1746 if (optlen < 0) { 1747 net_dbg_ratelimited("rt6_do_redirect: packet too short\n"); 1748 return; 1749 } 1750 1751 msg = (struct rd_msg *)icmp6_hdr(skb); 1752 1753 if (ipv6_addr_is_multicast(&msg->dest)) { 1754 net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n"); 1755 return; 1756 } 1757 1758 on_link = 0; 1759 if (ipv6_addr_equal(&msg->dest, &msg->target)) { 1760 on_link = 1; 1761 } else if (ipv6_addr_type(&msg->target) != 1762 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1763 net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n"); 1764 return; 1765 } 1766 1767 in6_dev = __in6_dev_get(skb->dev); 1768 if (!in6_dev) 1769 return; 1770 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) 1771 return; 1772 1773 /* RFC2461 8.1: 1774 * The IP source address of the Redirect MUST be the same as the current 1775 * first-hop router for the specified ICMP Destination Address. 1776 */ 1777 1778 if (!ndisc_parse_options(msg->opt, optlen, &ndopts)) { 1779 net_dbg_ratelimited("rt6_redirect: invalid ND options\n"); 1780 return; 1781 } 1782 1783 lladdr = NULL; 1784 if (ndopts.nd_opts_tgt_lladdr) { 1785 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1786 skb->dev); 1787 if (!lladdr) { 1788 net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n"); 1789 return; 1790 } 1791 } 1792 1793 rt = (struct rt6_info *) dst; 1794 if (rt == net->ipv6.ip6_null_entry) { 1795 net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n"); 1796 return; 1797 } 1798 1799 /* Redirect received -> path was valid. 1800 * Look, redirects are sent only in response to data packets, 1801 * so that this nexthop apparently is reachable. --ANK 1802 */ 1803 dst_confirm(&rt->dst); 1804 1805 neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1); 1806 if (!neigh) 1807 return; 1808 1809 /* 1810 * We have finally decided to accept it. 1811 */ 1812 1813 neigh_update(neigh, lladdr, NUD_STALE, 1814 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1815 NEIGH_UPDATE_F_OVERRIDE| 1816 (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1817 NEIGH_UPDATE_F_ISROUTER)) 1818 ); 1819 1820 nrt = ip6_rt_copy(rt, &msg->dest); 1821 if (!nrt) 1822 goto out; 1823 1824 nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE; 1825 if (on_link) 1826 nrt->rt6i_flags &= ~RTF_GATEWAY; 1827 1828 nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key; 1829 1830 if (ip6_ins_rt(nrt)) 1831 goto out; 1832 1833 netevent.old = &rt->dst; 1834 netevent.new = &nrt->dst; 1835 netevent.daddr = &msg->dest; 1836 netevent.neigh = neigh; 1837 call_netevent_notifiers(NETEVENT_REDIRECT, &netevent); 1838 1839 if (rt->rt6i_flags & RTF_CACHE) { 1840 rt = (struct rt6_info *) dst_clone(&rt->dst); 1841 ip6_del_rt(rt); 1842 } 1843 1844 out: 1845 neigh_release(neigh); 1846 } 1847 1848 /* 1849 * Misc support functions 1850 */ 1851 1852 static struct rt6_info *ip6_rt_copy(struct rt6_info *ort, 1853 const struct in6_addr *dest) 1854 { 1855 struct net *net = dev_net(ort->dst.dev); 1856 struct rt6_info *rt = ip6_dst_alloc(net, ort->dst.dev, 0, 1857 ort->rt6i_table); 1858 1859 if (rt) { 1860 rt->dst.input = ort->dst.input; 1861 rt->dst.output = ort->dst.output; 1862 rt->dst.flags |= DST_HOST; 1863 1864 rt->rt6i_dst.addr = *dest; 1865 rt->rt6i_dst.plen = 128; 1866 dst_copy_metrics(&rt->dst, &ort->dst); 1867 rt->dst.error = ort->dst.error; 1868 rt->rt6i_idev = ort->rt6i_idev; 1869 if (rt->rt6i_idev) 1870 in6_dev_hold(rt->rt6i_idev); 1871 rt->dst.lastuse = jiffies; 1872 1873 rt->rt6i_gateway = ort->rt6i_gateway; 1874 rt->rt6i_flags = ort->rt6i_flags; 1875 if ((ort->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF)) == 1876 (RTF_DEFAULT | RTF_ADDRCONF)) 1877 rt6_set_from(rt, ort); 1878 rt->rt6i_metric = 0; 1879 1880 #ifdef CONFIG_IPV6_SUBTREES 1881 memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); 1882 #endif 1883 memcpy(&rt->rt6i_prefsrc, &ort->rt6i_prefsrc, sizeof(struct rt6key)); 1884 rt->rt6i_table = ort->rt6i_table; 1885 } 1886 return rt; 1887 } 1888 1889 #ifdef CONFIG_IPV6_ROUTE_INFO 1890 static struct rt6_info *rt6_get_route_info(struct net *net, 1891 const struct in6_addr *prefix, int prefixlen, 1892 const struct in6_addr *gwaddr, int ifindex) 1893 { 1894 struct fib6_node *fn; 1895 struct rt6_info *rt = NULL; 1896 struct fib6_table *table; 1897 1898 table = fib6_get_table(net, RT6_TABLE_INFO); 1899 if (!table) 1900 return NULL; 1901 1902 read_lock_bh(&table->tb6_lock); 1903 fn = fib6_locate(&table->tb6_root, prefix ,prefixlen, NULL, 0); 1904 if (!fn) 1905 goto out; 1906 1907 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) { 1908 if (rt->dst.dev->ifindex != ifindex) 1909 continue; 1910 if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY)) 1911 continue; 1912 if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr)) 1913 continue; 1914 dst_hold(&rt->dst); 1915 break; 1916 } 1917 out: 1918 read_unlock_bh(&table->tb6_lock); 1919 return rt; 1920 } 1921 1922 static struct rt6_info *rt6_add_route_info(struct net *net, 1923 const struct in6_addr *prefix, int prefixlen, 1924 const struct in6_addr *gwaddr, int ifindex, 1925 unsigned int pref) 1926 { 1927 struct fib6_config cfg = { 1928 .fc_table = RT6_TABLE_INFO, 1929 .fc_metric = IP6_RT_PRIO_USER, 1930 .fc_ifindex = ifindex, 1931 .fc_dst_len = prefixlen, 1932 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO | 1933 RTF_UP | RTF_PREF(pref), 1934 .fc_nlinfo.portid = 0, 1935 .fc_nlinfo.nlh = NULL, 1936 .fc_nlinfo.nl_net = net, 1937 }; 1938 1939 cfg.fc_dst = *prefix; 1940 cfg.fc_gateway = *gwaddr; 1941 1942 /* We should treat it as a default route if prefix length is 0. */ 1943 if (!prefixlen) 1944 cfg.fc_flags |= RTF_DEFAULT; 1945 1946 ip6_route_add(&cfg); 1947 1948 return rt6_get_route_info(net, prefix, prefixlen, gwaddr, ifindex); 1949 } 1950 #endif 1951 1952 struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev) 1953 { 1954 struct rt6_info *rt; 1955 struct fib6_table *table; 1956 1957 table = fib6_get_table(dev_net(dev), RT6_TABLE_DFLT); 1958 if (!table) 1959 return NULL; 1960 1961 read_lock_bh(&table->tb6_lock); 1962 for (rt = table->tb6_root.leaf; rt; rt=rt->dst.rt6_next) { 1963 if (dev == rt->dst.dev && 1964 ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) && 1965 ipv6_addr_equal(&rt->rt6i_gateway, addr)) 1966 break; 1967 } 1968 if (rt) 1969 dst_hold(&rt->dst); 1970 read_unlock_bh(&table->tb6_lock); 1971 return rt; 1972 } 1973 1974 struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr, 1975 struct net_device *dev, 1976 unsigned int pref) 1977 { 1978 struct fib6_config cfg = { 1979 .fc_table = RT6_TABLE_DFLT, 1980 .fc_metric = IP6_RT_PRIO_USER, 1981 .fc_ifindex = dev->ifindex, 1982 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | 1983 RTF_UP | RTF_EXPIRES | RTF_PREF(pref), 1984 .fc_nlinfo.portid = 0, 1985 .fc_nlinfo.nlh = NULL, 1986 .fc_nlinfo.nl_net = dev_net(dev), 1987 }; 1988 1989 cfg.fc_gateway = *gwaddr; 1990 1991 ip6_route_add(&cfg); 1992 1993 return rt6_get_dflt_router(gwaddr, dev); 1994 } 1995 1996 void rt6_purge_dflt_routers(struct net *net) 1997 { 1998 struct rt6_info *rt; 1999 struct fib6_table *table; 2000 2001 /* NOTE: Keep consistent with rt6_get_dflt_router */ 2002 table = fib6_get_table(net, RT6_TABLE_DFLT); 2003 if (!table) 2004 return; 2005 2006 restart: 2007 read_lock_bh(&table->tb6_lock); 2008 for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) { 2009 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) && 2010 (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) { 2011 dst_hold(&rt->dst); 2012 read_unlock_bh(&table->tb6_lock); 2013 ip6_del_rt(rt); 2014 goto restart; 2015 } 2016 } 2017 read_unlock_bh(&table->tb6_lock); 2018 } 2019 2020 static void rtmsg_to_fib6_config(struct net *net, 2021 struct in6_rtmsg *rtmsg, 2022 struct fib6_config *cfg) 2023 { 2024 memset(cfg, 0, sizeof(*cfg)); 2025 2026 cfg->fc_table = RT6_TABLE_MAIN; 2027 cfg->fc_ifindex = rtmsg->rtmsg_ifindex; 2028 cfg->fc_metric = rtmsg->rtmsg_metric; 2029 cfg->fc_expires = rtmsg->rtmsg_info; 2030 cfg->fc_dst_len = rtmsg->rtmsg_dst_len; 2031 cfg->fc_src_len = rtmsg->rtmsg_src_len; 2032 cfg->fc_flags = rtmsg->rtmsg_flags; 2033 2034 cfg->fc_nlinfo.nl_net = net; 2035 2036 cfg->fc_dst = rtmsg->rtmsg_dst; 2037 cfg->fc_src = rtmsg->rtmsg_src; 2038 cfg->fc_gateway = rtmsg->rtmsg_gateway; 2039 } 2040 2041 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg) 2042 { 2043 struct fib6_config cfg; 2044 struct in6_rtmsg rtmsg; 2045 int err; 2046 2047 switch(cmd) { 2048 case SIOCADDRT: /* Add a route */ 2049 case SIOCDELRT: /* Delete a route */ 2050 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 2051 return -EPERM; 2052 err = copy_from_user(&rtmsg, arg, 2053 sizeof(struct in6_rtmsg)); 2054 if (err) 2055 return -EFAULT; 2056 2057 rtmsg_to_fib6_config(net, &rtmsg, &cfg); 2058 2059 rtnl_lock(); 2060 switch (cmd) { 2061 case SIOCADDRT: 2062 err = ip6_route_add(&cfg); 2063 break; 2064 case SIOCDELRT: 2065 err = ip6_route_del(&cfg); 2066 break; 2067 default: 2068 err = -EINVAL; 2069 } 2070 rtnl_unlock(); 2071 2072 return err; 2073 } 2074 2075 return -EINVAL; 2076 } 2077 2078 /* 2079 * Drop the packet on the floor 2080 */ 2081 2082 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes) 2083 { 2084 int type; 2085 struct dst_entry *dst = skb_dst(skb); 2086 switch (ipstats_mib_noroutes) { 2087 case IPSTATS_MIB_INNOROUTES: 2088 type = ipv6_addr_type(&ipv6_hdr(skb)->daddr); 2089 if (type == IPV6_ADDR_ANY) { 2090 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), 2091 IPSTATS_MIB_INADDRERRORS); 2092 break; 2093 } 2094 /* FALLTHROUGH */ 2095 case IPSTATS_MIB_OUTNOROUTES: 2096 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst), 2097 ipstats_mib_noroutes); 2098 break; 2099 } 2100 icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0); 2101 kfree_skb(skb); 2102 return 0; 2103 } 2104 2105 static int ip6_pkt_discard(struct sk_buff *skb) 2106 { 2107 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES); 2108 } 2109 2110 static int ip6_pkt_discard_out(struct sk_buff *skb) 2111 { 2112 skb->dev = skb_dst(skb)->dev; 2113 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES); 2114 } 2115 2116 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 2117 2118 static int ip6_pkt_prohibit(struct sk_buff *skb) 2119 { 2120 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES); 2121 } 2122 2123 static int ip6_pkt_prohibit_out(struct sk_buff *skb) 2124 { 2125 skb->dev = skb_dst(skb)->dev; 2126 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); 2127 } 2128 2129 #endif 2130 2131 /* 2132 * Allocate a dst for local (unicast / anycast) address. 2133 */ 2134 2135 struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev, 2136 const struct in6_addr *addr, 2137 bool anycast) 2138 { 2139 struct net *net = dev_net(idev->dev); 2140 struct rt6_info *rt = ip6_dst_alloc(net, net->loopback_dev, 0, NULL); 2141 2142 if (!rt) { 2143 net_warn_ratelimited("Maximum number of routes reached, consider increasing route/max_size\n"); 2144 return ERR_PTR(-ENOMEM); 2145 } 2146 2147 in6_dev_hold(idev); 2148 2149 rt->dst.flags |= DST_HOST; 2150 rt->dst.input = ip6_input; 2151 rt->dst.output = ip6_output; 2152 rt->rt6i_idev = idev; 2153 2154 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2155 if (anycast) 2156 rt->rt6i_flags |= RTF_ANYCAST; 2157 else 2158 rt->rt6i_flags |= RTF_LOCAL; 2159 2160 rt->rt6i_dst.addr = *addr; 2161 rt->rt6i_dst.plen = 128; 2162 rt->rt6i_table = fib6_get_table(net, RT6_TABLE_LOCAL); 2163 2164 atomic_set(&rt->dst.__refcnt, 1); 2165 2166 return rt; 2167 } 2168 2169 int ip6_route_get_saddr(struct net *net, 2170 struct rt6_info *rt, 2171 const struct in6_addr *daddr, 2172 unsigned int prefs, 2173 struct in6_addr *saddr) 2174 { 2175 struct inet6_dev *idev = ip6_dst_idev((struct dst_entry*)rt); 2176 int err = 0; 2177 if (rt->rt6i_prefsrc.plen) 2178 *saddr = rt->rt6i_prefsrc.addr; 2179 else 2180 err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL, 2181 daddr, prefs, saddr); 2182 return err; 2183 } 2184 2185 /* remove deleted ip from prefsrc entries */ 2186 struct arg_dev_net_ip { 2187 struct net_device *dev; 2188 struct net *net; 2189 struct in6_addr *addr; 2190 }; 2191 2192 static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg) 2193 { 2194 struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev; 2195 struct net *net = ((struct arg_dev_net_ip *)arg)->net; 2196 struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr; 2197 2198 if (((void *)rt->dst.dev == dev || !dev) && 2199 rt != net->ipv6.ip6_null_entry && 2200 ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) { 2201 /* remove prefsrc entry */ 2202 rt->rt6i_prefsrc.plen = 0; 2203 } 2204 return 0; 2205 } 2206 2207 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp) 2208 { 2209 struct net *net = dev_net(ifp->idev->dev); 2210 struct arg_dev_net_ip adni = { 2211 .dev = ifp->idev->dev, 2212 .net = net, 2213 .addr = &ifp->addr, 2214 }; 2215 fib6_clean_all(net, fib6_remove_prefsrc, 0, &adni); 2216 } 2217 2218 struct arg_dev_net { 2219 struct net_device *dev; 2220 struct net *net; 2221 }; 2222 2223 static int fib6_ifdown(struct rt6_info *rt, void *arg) 2224 { 2225 const struct arg_dev_net *adn = arg; 2226 const struct net_device *dev = adn->dev; 2227 2228 if ((rt->dst.dev == dev || !dev) && 2229 rt != adn->net->ipv6.ip6_null_entry) 2230 return -1; 2231 2232 return 0; 2233 } 2234 2235 void rt6_ifdown(struct net *net, struct net_device *dev) 2236 { 2237 struct arg_dev_net adn = { 2238 .dev = dev, 2239 .net = net, 2240 }; 2241 2242 fib6_clean_all(net, fib6_ifdown, 0, &adn); 2243 icmp6_clean_all(fib6_ifdown, &adn); 2244 } 2245 2246 struct rt6_mtu_change_arg { 2247 struct net_device *dev; 2248 unsigned int mtu; 2249 }; 2250 2251 static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg) 2252 { 2253 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg; 2254 struct inet6_dev *idev; 2255 2256 /* In IPv6 pmtu discovery is not optional, 2257 so that RTAX_MTU lock cannot disable it. 2258 We still use this lock to block changes 2259 caused by addrconf/ndisc. 2260 */ 2261 2262 idev = __in6_dev_get(arg->dev); 2263 if (!idev) 2264 return 0; 2265 2266 /* For administrative MTU increase, there is no way to discover 2267 IPv6 PMTU increase, so PMTU increase should be updated here. 2268 Since RFC 1981 doesn't include administrative MTU increase 2269 update PMTU increase is a MUST. (i.e. jumbo frame) 2270 */ 2271 /* 2272 If new MTU is less than route PMTU, this new MTU will be the 2273 lowest MTU in the path, update the route PMTU to reflect PMTU 2274 decreases; if new MTU is greater than route PMTU, and the 2275 old MTU is the lowest MTU in the path, update the route PMTU 2276 to reflect the increase. In this case if the other nodes' MTU 2277 also have the lowest MTU, TOO BIG MESSAGE will be lead to 2278 PMTU discouvery. 2279 */ 2280 if (rt->dst.dev == arg->dev && 2281 !dst_metric_locked(&rt->dst, RTAX_MTU) && 2282 (dst_mtu(&rt->dst) >= arg->mtu || 2283 (dst_mtu(&rt->dst) < arg->mtu && 2284 dst_mtu(&rt->dst) == idev->cnf.mtu6))) { 2285 dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu); 2286 } 2287 return 0; 2288 } 2289 2290 void rt6_mtu_change(struct net_device *dev, unsigned int mtu) 2291 { 2292 struct rt6_mtu_change_arg arg = { 2293 .dev = dev, 2294 .mtu = mtu, 2295 }; 2296 2297 fib6_clean_all(dev_net(dev), rt6_mtu_change_route, 0, &arg); 2298 } 2299 2300 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = { 2301 [RTA_GATEWAY] = { .len = sizeof(struct in6_addr) }, 2302 [RTA_OIF] = { .type = NLA_U32 }, 2303 [RTA_IIF] = { .type = NLA_U32 }, 2304 [RTA_PRIORITY] = { .type = NLA_U32 }, 2305 [RTA_METRICS] = { .type = NLA_NESTED }, 2306 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, 2307 }; 2308 2309 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh, 2310 struct fib6_config *cfg) 2311 { 2312 struct rtmsg *rtm; 2313 struct nlattr *tb[RTA_MAX+1]; 2314 int err; 2315 2316 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); 2317 if (err < 0) 2318 goto errout; 2319 2320 err = -EINVAL; 2321 rtm = nlmsg_data(nlh); 2322 memset(cfg, 0, sizeof(*cfg)); 2323 2324 cfg->fc_table = rtm->rtm_table; 2325 cfg->fc_dst_len = rtm->rtm_dst_len; 2326 cfg->fc_src_len = rtm->rtm_src_len; 2327 cfg->fc_flags = RTF_UP; 2328 cfg->fc_protocol = rtm->rtm_protocol; 2329 cfg->fc_type = rtm->rtm_type; 2330 2331 if (rtm->rtm_type == RTN_UNREACHABLE || 2332 rtm->rtm_type == RTN_BLACKHOLE || 2333 rtm->rtm_type == RTN_PROHIBIT || 2334 rtm->rtm_type == RTN_THROW) 2335 cfg->fc_flags |= RTF_REJECT; 2336 2337 if (rtm->rtm_type == RTN_LOCAL) 2338 cfg->fc_flags |= RTF_LOCAL; 2339 2340 cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid; 2341 cfg->fc_nlinfo.nlh = nlh; 2342 cfg->fc_nlinfo.nl_net = sock_net(skb->sk); 2343 2344 if (tb[RTA_GATEWAY]) { 2345 nla_memcpy(&cfg->fc_gateway, tb[RTA_GATEWAY], 16); 2346 cfg->fc_flags |= RTF_GATEWAY; 2347 } 2348 2349 if (tb[RTA_DST]) { 2350 int plen = (rtm->rtm_dst_len + 7) >> 3; 2351 2352 if (nla_len(tb[RTA_DST]) < plen) 2353 goto errout; 2354 2355 nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen); 2356 } 2357 2358 if (tb[RTA_SRC]) { 2359 int plen = (rtm->rtm_src_len + 7) >> 3; 2360 2361 if (nla_len(tb[RTA_SRC]) < plen) 2362 goto errout; 2363 2364 nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen); 2365 } 2366 2367 if (tb[RTA_PREFSRC]) 2368 nla_memcpy(&cfg->fc_prefsrc, tb[RTA_PREFSRC], 16); 2369 2370 if (tb[RTA_OIF]) 2371 cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]); 2372 2373 if (tb[RTA_PRIORITY]) 2374 cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]); 2375 2376 if (tb[RTA_METRICS]) { 2377 cfg->fc_mx = nla_data(tb[RTA_METRICS]); 2378 cfg->fc_mx_len = nla_len(tb[RTA_METRICS]); 2379 } 2380 2381 if (tb[RTA_TABLE]) 2382 cfg->fc_table = nla_get_u32(tb[RTA_TABLE]); 2383 2384 if (tb[RTA_MULTIPATH]) { 2385 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]); 2386 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]); 2387 } 2388 2389 err = 0; 2390 errout: 2391 return err; 2392 } 2393 2394 static int ip6_route_multipath(struct fib6_config *cfg, int add) 2395 { 2396 struct fib6_config r_cfg; 2397 struct rtnexthop *rtnh; 2398 int remaining; 2399 int attrlen; 2400 int err = 0, last_err = 0; 2401 2402 beginning: 2403 rtnh = (struct rtnexthop *)cfg->fc_mp; 2404 remaining = cfg->fc_mp_len; 2405 2406 /* Parse a Multipath Entry */ 2407 while (rtnh_ok(rtnh, remaining)) { 2408 memcpy(&r_cfg, cfg, sizeof(*cfg)); 2409 if (rtnh->rtnh_ifindex) 2410 r_cfg.fc_ifindex = rtnh->rtnh_ifindex; 2411 2412 attrlen = rtnh_attrlen(rtnh); 2413 if (attrlen > 0) { 2414 struct nlattr *nla, *attrs = rtnh_attrs(rtnh); 2415 2416 nla = nla_find(attrs, attrlen, RTA_GATEWAY); 2417 if (nla) { 2418 nla_memcpy(&r_cfg.fc_gateway, nla, 16); 2419 r_cfg.fc_flags |= RTF_GATEWAY; 2420 } 2421 } 2422 err = add ? ip6_route_add(&r_cfg) : ip6_route_del(&r_cfg); 2423 if (err) { 2424 last_err = err; 2425 /* If we are trying to remove a route, do not stop the 2426 * loop when ip6_route_del() fails (because next hop is 2427 * already gone), we should try to remove all next hops. 2428 */ 2429 if (add) { 2430 /* If add fails, we should try to delete all 2431 * next hops that have been already added. 2432 */ 2433 add = 0; 2434 goto beginning; 2435 } 2436 } 2437 /* Because each route is added like a single route we remove 2438 * this flag after the first nexthop (if there is a collision, 2439 * we have already fail to add the first nexthop: 2440 * fib6_add_rt2node() has reject it). 2441 */ 2442 cfg->fc_nlinfo.nlh->nlmsg_flags &= ~NLM_F_EXCL; 2443 rtnh = rtnh_next(rtnh, &remaining); 2444 } 2445 2446 return last_err; 2447 } 2448 2449 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh) 2450 { 2451 struct fib6_config cfg; 2452 int err; 2453 2454 err = rtm_to_fib6_config(skb, nlh, &cfg); 2455 if (err < 0) 2456 return err; 2457 2458 if (cfg.fc_mp) 2459 return ip6_route_multipath(&cfg, 0); 2460 else 2461 return ip6_route_del(&cfg); 2462 } 2463 2464 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh) 2465 { 2466 struct fib6_config cfg; 2467 int err; 2468 2469 err = rtm_to_fib6_config(skb, nlh, &cfg); 2470 if (err < 0) 2471 return err; 2472 2473 if (cfg.fc_mp) 2474 return ip6_route_multipath(&cfg, 1); 2475 else 2476 return ip6_route_add(&cfg); 2477 } 2478 2479 static inline size_t rt6_nlmsg_size(void) 2480 { 2481 return NLMSG_ALIGN(sizeof(struct rtmsg)) 2482 + nla_total_size(16) /* RTA_SRC */ 2483 + nla_total_size(16) /* RTA_DST */ 2484 + nla_total_size(16) /* RTA_GATEWAY */ 2485 + nla_total_size(16) /* RTA_PREFSRC */ 2486 + nla_total_size(4) /* RTA_TABLE */ 2487 + nla_total_size(4) /* RTA_IIF */ 2488 + nla_total_size(4) /* RTA_OIF */ 2489 + nla_total_size(4) /* RTA_PRIORITY */ 2490 + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */ 2491 + nla_total_size(sizeof(struct rta_cacheinfo)); 2492 } 2493 2494 static int rt6_fill_node(struct net *net, 2495 struct sk_buff *skb, struct rt6_info *rt, 2496 struct in6_addr *dst, struct in6_addr *src, 2497 int iif, int type, u32 portid, u32 seq, 2498 int prefix, int nowait, unsigned int flags) 2499 { 2500 struct rtmsg *rtm; 2501 struct nlmsghdr *nlh; 2502 long expires; 2503 u32 table; 2504 2505 if (prefix) { /* user wants prefix routes only */ 2506 if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { 2507 /* success since this is not a prefix route */ 2508 return 1; 2509 } 2510 } 2511 2512 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags); 2513 if (!nlh) 2514 return -EMSGSIZE; 2515 2516 rtm = nlmsg_data(nlh); 2517 rtm->rtm_family = AF_INET6; 2518 rtm->rtm_dst_len = rt->rt6i_dst.plen; 2519 rtm->rtm_src_len = rt->rt6i_src.plen; 2520 rtm->rtm_tos = 0; 2521 if (rt->rt6i_table) 2522 table = rt->rt6i_table->tb6_id; 2523 else 2524 table = RT6_TABLE_UNSPEC; 2525 rtm->rtm_table = table; 2526 if (nla_put_u32(skb, RTA_TABLE, table)) 2527 goto nla_put_failure; 2528 if (rt->rt6i_flags & RTF_REJECT) { 2529 switch (rt->dst.error) { 2530 case -EINVAL: 2531 rtm->rtm_type = RTN_BLACKHOLE; 2532 break; 2533 case -EACCES: 2534 rtm->rtm_type = RTN_PROHIBIT; 2535 break; 2536 case -EAGAIN: 2537 rtm->rtm_type = RTN_THROW; 2538 break; 2539 default: 2540 rtm->rtm_type = RTN_UNREACHABLE; 2541 break; 2542 } 2543 } 2544 else if (rt->rt6i_flags & RTF_LOCAL) 2545 rtm->rtm_type = RTN_LOCAL; 2546 else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK)) 2547 rtm->rtm_type = RTN_LOCAL; 2548 else 2549 rtm->rtm_type = RTN_UNICAST; 2550 rtm->rtm_flags = 0; 2551 rtm->rtm_scope = RT_SCOPE_UNIVERSE; 2552 rtm->rtm_protocol = rt->rt6i_protocol; 2553 if (rt->rt6i_flags & RTF_DYNAMIC) 2554 rtm->rtm_protocol = RTPROT_REDIRECT; 2555 else if (rt->rt6i_flags & RTF_ADDRCONF) { 2556 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ROUTEINFO)) 2557 rtm->rtm_protocol = RTPROT_RA; 2558 else 2559 rtm->rtm_protocol = RTPROT_KERNEL; 2560 } 2561 2562 if (rt->rt6i_flags & RTF_CACHE) 2563 rtm->rtm_flags |= RTM_F_CLONED; 2564 2565 if (dst) { 2566 if (nla_put(skb, RTA_DST, 16, dst)) 2567 goto nla_put_failure; 2568 rtm->rtm_dst_len = 128; 2569 } else if (rtm->rtm_dst_len) 2570 if (nla_put(skb, RTA_DST, 16, &rt->rt6i_dst.addr)) 2571 goto nla_put_failure; 2572 #ifdef CONFIG_IPV6_SUBTREES 2573 if (src) { 2574 if (nla_put(skb, RTA_SRC, 16, src)) 2575 goto nla_put_failure; 2576 rtm->rtm_src_len = 128; 2577 } else if (rtm->rtm_src_len && 2578 nla_put(skb, RTA_SRC, 16, &rt->rt6i_src.addr)) 2579 goto nla_put_failure; 2580 #endif 2581 if (iif) { 2582 #ifdef CONFIG_IPV6_MROUTE 2583 if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) { 2584 int err = ip6mr_get_route(net, skb, rtm, nowait); 2585 if (err <= 0) { 2586 if (!nowait) { 2587 if (err == 0) 2588 return 0; 2589 goto nla_put_failure; 2590 } else { 2591 if (err == -EMSGSIZE) 2592 goto nla_put_failure; 2593 } 2594 } 2595 } else 2596 #endif 2597 if (nla_put_u32(skb, RTA_IIF, iif)) 2598 goto nla_put_failure; 2599 } else if (dst) { 2600 struct in6_addr saddr_buf; 2601 if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 && 2602 nla_put(skb, RTA_PREFSRC, 16, &saddr_buf)) 2603 goto nla_put_failure; 2604 } 2605 2606 if (rt->rt6i_prefsrc.plen) { 2607 struct in6_addr saddr_buf; 2608 saddr_buf = rt->rt6i_prefsrc.addr; 2609 if (nla_put(skb, RTA_PREFSRC, 16, &saddr_buf)) 2610 goto nla_put_failure; 2611 } 2612 2613 if (rtnetlink_put_metrics(skb, dst_metrics_ptr(&rt->dst)) < 0) 2614 goto nla_put_failure; 2615 2616 if (rt->rt6i_flags & RTF_GATEWAY) { 2617 if (nla_put(skb, RTA_GATEWAY, 16, &rt->rt6i_gateway) < 0) 2618 goto nla_put_failure; 2619 } 2620 2621 if (rt->dst.dev && 2622 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex)) 2623 goto nla_put_failure; 2624 if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric)) 2625 goto nla_put_failure; 2626 2627 expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0; 2628 2629 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0) 2630 goto nla_put_failure; 2631 2632 return nlmsg_end(skb, nlh); 2633 2634 nla_put_failure: 2635 nlmsg_cancel(skb, nlh); 2636 return -EMSGSIZE; 2637 } 2638 2639 int rt6_dump_route(struct rt6_info *rt, void *p_arg) 2640 { 2641 struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; 2642 int prefix; 2643 2644 if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { 2645 struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); 2646 prefix = (rtm->rtm_flags & RTM_F_PREFIX) != 0; 2647 } else 2648 prefix = 0; 2649 2650 return rt6_fill_node(arg->net, 2651 arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE, 2652 NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq, 2653 prefix, 0, NLM_F_MULTI); 2654 } 2655 2656 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh) 2657 { 2658 struct net *net = sock_net(in_skb->sk); 2659 struct nlattr *tb[RTA_MAX+1]; 2660 struct rt6_info *rt; 2661 struct sk_buff *skb; 2662 struct rtmsg *rtm; 2663 struct flowi6 fl6; 2664 int err, iif = 0, oif = 0; 2665 2666 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); 2667 if (err < 0) 2668 goto errout; 2669 2670 err = -EINVAL; 2671 memset(&fl6, 0, sizeof(fl6)); 2672 2673 if (tb[RTA_SRC]) { 2674 if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr)) 2675 goto errout; 2676 2677 fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]); 2678 } 2679 2680 if (tb[RTA_DST]) { 2681 if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr)) 2682 goto errout; 2683 2684 fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]); 2685 } 2686 2687 if (tb[RTA_IIF]) 2688 iif = nla_get_u32(tb[RTA_IIF]); 2689 2690 if (tb[RTA_OIF]) 2691 oif = nla_get_u32(tb[RTA_OIF]); 2692 2693 if (iif) { 2694 struct net_device *dev; 2695 int flags = 0; 2696 2697 dev = __dev_get_by_index(net, iif); 2698 if (!dev) { 2699 err = -ENODEV; 2700 goto errout; 2701 } 2702 2703 fl6.flowi6_iif = iif; 2704 2705 if (!ipv6_addr_any(&fl6.saddr)) 2706 flags |= RT6_LOOKUP_F_HAS_SADDR; 2707 2708 rt = (struct rt6_info *)ip6_route_input_lookup(net, dev, &fl6, 2709 flags); 2710 } else { 2711 fl6.flowi6_oif = oif; 2712 2713 rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6); 2714 } 2715 2716 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 2717 if (!skb) { 2718 ip6_rt_put(rt); 2719 err = -ENOBUFS; 2720 goto errout; 2721 } 2722 2723 /* Reserve room for dummy headers, this skb can pass 2724 through good chunk of routing engine. 2725 */ 2726 skb_reset_mac_header(skb); 2727 skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr)); 2728 2729 skb_dst_set(skb, &rt->dst); 2730 2731 err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif, 2732 RTM_NEWROUTE, NETLINK_CB(in_skb).portid, 2733 nlh->nlmsg_seq, 0, 0, 0); 2734 if (err < 0) { 2735 kfree_skb(skb); 2736 goto errout; 2737 } 2738 2739 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2740 errout: 2741 return err; 2742 } 2743 2744 void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info) 2745 { 2746 struct sk_buff *skb; 2747 struct net *net = info->nl_net; 2748 u32 seq; 2749 int err; 2750 2751 err = -ENOBUFS; 2752 seq = info->nlh ? info->nlh->nlmsg_seq : 0; 2753 2754 skb = nlmsg_new(rt6_nlmsg_size(), gfp_any()); 2755 if (!skb) 2756 goto errout; 2757 2758 err = rt6_fill_node(net, skb, rt, NULL, NULL, 0, 2759 event, info->portid, seq, 0, 0, 0); 2760 if (err < 0) { 2761 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */ 2762 WARN_ON(err == -EMSGSIZE); 2763 kfree_skb(skb); 2764 goto errout; 2765 } 2766 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE, 2767 info->nlh, gfp_any()); 2768 return; 2769 errout: 2770 if (err < 0) 2771 rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err); 2772 } 2773 2774 static int ip6_route_dev_notify(struct notifier_block *this, 2775 unsigned long event, void *ptr) 2776 { 2777 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 2778 struct net *net = dev_net(dev); 2779 2780 if (event == NETDEV_REGISTER && (dev->flags & IFF_LOOPBACK)) { 2781 net->ipv6.ip6_null_entry->dst.dev = dev; 2782 net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev); 2783 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 2784 net->ipv6.ip6_prohibit_entry->dst.dev = dev; 2785 net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); 2786 net->ipv6.ip6_blk_hole_entry->dst.dev = dev; 2787 net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); 2788 #endif 2789 } 2790 2791 return NOTIFY_OK; 2792 } 2793 2794 /* 2795 * /proc 2796 */ 2797 2798 #ifdef CONFIG_PROC_FS 2799 2800 static const struct file_operations ipv6_route_proc_fops = { 2801 .owner = THIS_MODULE, 2802 .open = ipv6_route_open, 2803 .read = seq_read, 2804 .llseek = seq_lseek, 2805 .release = seq_release_net, 2806 }; 2807 2808 static int rt6_stats_seq_show(struct seq_file *seq, void *v) 2809 { 2810 struct net *net = (struct net *)seq->private; 2811 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n", 2812 net->ipv6.rt6_stats->fib_nodes, 2813 net->ipv6.rt6_stats->fib_route_nodes, 2814 net->ipv6.rt6_stats->fib_rt_alloc, 2815 net->ipv6.rt6_stats->fib_rt_entries, 2816 net->ipv6.rt6_stats->fib_rt_cache, 2817 dst_entries_get_slow(&net->ipv6.ip6_dst_ops), 2818 net->ipv6.rt6_stats->fib_discarded_routes); 2819 2820 return 0; 2821 } 2822 2823 static int rt6_stats_seq_open(struct inode *inode, struct file *file) 2824 { 2825 return single_open_net(inode, file, rt6_stats_seq_show); 2826 } 2827 2828 static const struct file_operations rt6_stats_seq_fops = { 2829 .owner = THIS_MODULE, 2830 .open = rt6_stats_seq_open, 2831 .read = seq_read, 2832 .llseek = seq_lseek, 2833 .release = single_release_net, 2834 }; 2835 #endif /* CONFIG_PROC_FS */ 2836 2837 #ifdef CONFIG_SYSCTL 2838 2839 static 2840 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write, 2841 void __user *buffer, size_t *lenp, loff_t *ppos) 2842 { 2843 struct net *net; 2844 int delay; 2845 if (!write) 2846 return -EINVAL; 2847 2848 net = (struct net *)ctl->extra1; 2849 delay = net->ipv6.sysctl.flush_delay; 2850 proc_dointvec(ctl, write, buffer, lenp, ppos); 2851 fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0); 2852 return 0; 2853 } 2854 2855 struct ctl_table ipv6_route_table_template[] = { 2856 { 2857 .procname = "flush", 2858 .data = &init_net.ipv6.sysctl.flush_delay, 2859 .maxlen = sizeof(int), 2860 .mode = 0200, 2861 .proc_handler = ipv6_sysctl_rtcache_flush 2862 }, 2863 { 2864 .procname = "gc_thresh", 2865 .data = &ip6_dst_ops_template.gc_thresh, 2866 .maxlen = sizeof(int), 2867 .mode = 0644, 2868 .proc_handler = proc_dointvec, 2869 }, 2870 { 2871 .procname = "max_size", 2872 .data = &init_net.ipv6.sysctl.ip6_rt_max_size, 2873 .maxlen = sizeof(int), 2874 .mode = 0644, 2875 .proc_handler = proc_dointvec, 2876 }, 2877 { 2878 .procname = "gc_min_interval", 2879 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, 2880 .maxlen = sizeof(int), 2881 .mode = 0644, 2882 .proc_handler = proc_dointvec_jiffies, 2883 }, 2884 { 2885 .procname = "gc_timeout", 2886 .data = &init_net.ipv6.sysctl.ip6_rt_gc_timeout, 2887 .maxlen = sizeof(int), 2888 .mode = 0644, 2889 .proc_handler = proc_dointvec_jiffies, 2890 }, 2891 { 2892 .procname = "gc_interval", 2893 .data = &init_net.ipv6.sysctl.ip6_rt_gc_interval, 2894 .maxlen = sizeof(int), 2895 .mode = 0644, 2896 .proc_handler = proc_dointvec_jiffies, 2897 }, 2898 { 2899 .procname = "gc_elasticity", 2900 .data = &init_net.ipv6.sysctl.ip6_rt_gc_elasticity, 2901 .maxlen = sizeof(int), 2902 .mode = 0644, 2903 .proc_handler = proc_dointvec, 2904 }, 2905 { 2906 .procname = "mtu_expires", 2907 .data = &init_net.ipv6.sysctl.ip6_rt_mtu_expires, 2908 .maxlen = sizeof(int), 2909 .mode = 0644, 2910 .proc_handler = proc_dointvec_jiffies, 2911 }, 2912 { 2913 .procname = "min_adv_mss", 2914 .data = &init_net.ipv6.sysctl.ip6_rt_min_advmss, 2915 .maxlen = sizeof(int), 2916 .mode = 0644, 2917 .proc_handler = proc_dointvec, 2918 }, 2919 { 2920 .procname = "gc_min_interval_ms", 2921 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval, 2922 .maxlen = sizeof(int), 2923 .mode = 0644, 2924 .proc_handler = proc_dointvec_ms_jiffies, 2925 }, 2926 { } 2927 }; 2928 2929 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) 2930 { 2931 struct ctl_table *table; 2932 2933 table = kmemdup(ipv6_route_table_template, 2934 sizeof(ipv6_route_table_template), 2935 GFP_KERNEL); 2936 2937 if (table) { 2938 table[0].data = &net->ipv6.sysctl.flush_delay; 2939 table[0].extra1 = net; 2940 table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh; 2941 table[2].data = &net->ipv6.sysctl.ip6_rt_max_size; 2942 table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; 2943 table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout; 2944 table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval; 2945 table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity; 2946 table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires; 2947 table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss; 2948 table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval; 2949 2950 /* Don't export sysctls to unprivileged users */ 2951 if (net->user_ns != &init_user_ns) 2952 table[0].procname = NULL; 2953 } 2954 2955 return table; 2956 } 2957 #endif 2958 2959 static int __net_init ip6_route_net_init(struct net *net) 2960 { 2961 int ret = -ENOMEM; 2962 2963 memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template, 2964 sizeof(net->ipv6.ip6_dst_ops)); 2965 2966 if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0) 2967 goto out_ip6_dst_ops; 2968 2969 net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template, 2970 sizeof(*net->ipv6.ip6_null_entry), 2971 GFP_KERNEL); 2972 if (!net->ipv6.ip6_null_entry) 2973 goto out_ip6_dst_entries; 2974 net->ipv6.ip6_null_entry->dst.path = 2975 (struct dst_entry *)net->ipv6.ip6_null_entry; 2976 net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops; 2977 dst_init_metrics(&net->ipv6.ip6_null_entry->dst, 2978 ip6_template_metrics, true); 2979 2980 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 2981 net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template, 2982 sizeof(*net->ipv6.ip6_prohibit_entry), 2983 GFP_KERNEL); 2984 if (!net->ipv6.ip6_prohibit_entry) 2985 goto out_ip6_null_entry; 2986 net->ipv6.ip6_prohibit_entry->dst.path = 2987 (struct dst_entry *)net->ipv6.ip6_prohibit_entry; 2988 net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops; 2989 dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst, 2990 ip6_template_metrics, true); 2991 2992 net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template, 2993 sizeof(*net->ipv6.ip6_blk_hole_entry), 2994 GFP_KERNEL); 2995 if (!net->ipv6.ip6_blk_hole_entry) 2996 goto out_ip6_prohibit_entry; 2997 net->ipv6.ip6_blk_hole_entry->dst.path = 2998 (struct dst_entry *)net->ipv6.ip6_blk_hole_entry; 2999 net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; 3000 dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, 3001 ip6_template_metrics, true); 3002 #endif 3003 3004 net->ipv6.sysctl.flush_delay = 0; 3005 net->ipv6.sysctl.ip6_rt_max_size = 4096; 3006 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2; 3007 net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ; 3008 net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ; 3009 net->ipv6.sysctl.ip6_rt_gc_elasticity = 9; 3010 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ; 3011 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40; 3012 3013 net->ipv6.ip6_rt_gc_expire = 30*HZ; 3014 3015 ret = 0; 3016 out: 3017 return ret; 3018 3019 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3020 out_ip6_prohibit_entry: 3021 kfree(net->ipv6.ip6_prohibit_entry); 3022 out_ip6_null_entry: 3023 kfree(net->ipv6.ip6_null_entry); 3024 #endif 3025 out_ip6_dst_entries: 3026 dst_entries_destroy(&net->ipv6.ip6_dst_ops); 3027 out_ip6_dst_ops: 3028 goto out; 3029 } 3030 3031 static void __net_exit ip6_route_net_exit(struct net *net) 3032 { 3033 kfree(net->ipv6.ip6_null_entry); 3034 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3035 kfree(net->ipv6.ip6_prohibit_entry); 3036 kfree(net->ipv6.ip6_blk_hole_entry); 3037 #endif 3038 dst_entries_destroy(&net->ipv6.ip6_dst_ops); 3039 } 3040 3041 static int __net_init ip6_route_net_init_late(struct net *net) 3042 { 3043 #ifdef CONFIG_PROC_FS 3044 proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops); 3045 proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops); 3046 #endif 3047 return 0; 3048 } 3049 3050 static void __net_exit ip6_route_net_exit_late(struct net *net) 3051 { 3052 #ifdef CONFIG_PROC_FS 3053 remove_proc_entry("ipv6_route", net->proc_net); 3054 remove_proc_entry("rt6_stats", net->proc_net); 3055 #endif 3056 } 3057 3058 static struct pernet_operations ip6_route_net_ops = { 3059 .init = ip6_route_net_init, 3060 .exit = ip6_route_net_exit, 3061 }; 3062 3063 static int __net_init ipv6_inetpeer_init(struct net *net) 3064 { 3065 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL); 3066 3067 if (!bp) 3068 return -ENOMEM; 3069 inet_peer_base_init(bp); 3070 net->ipv6.peers = bp; 3071 return 0; 3072 } 3073 3074 static void __net_exit ipv6_inetpeer_exit(struct net *net) 3075 { 3076 struct inet_peer_base *bp = net->ipv6.peers; 3077 3078 net->ipv6.peers = NULL; 3079 inetpeer_invalidate_tree(bp); 3080 kfree(bp); 3081 } 3082 3083 static struct pernet_operations ipv6_inetpeer_ops = { 3084 .init = ipv6_inetpeer_init, 3085 .exit = ipv6_inetpeer_exit, 3086 }; 3087 3088 static struct pernet_operations ip6_route_net_late_ops = { 3089 .init = ip6_route_net_init_late, 3090 .exit = ip6_route_net_exit_late, 3091 }; 3092 3093 static struct notifier_block ip6_route_dev_notifier = { 3094 .notifier_call = ip6_route_dev_notify, 3095 .priority = 0, 3096 }; 3097 3098 int __init ip6_route_init(void) 3099 { 3100 int ret; 3101 3102 ret = -ENOMEM; 3103 ip6_dst_ops_template.kmem_cachep = 3104 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, 3105 SLAB_HWCACHE_ALIGN, NULL); 3106 if (!ip6_dst_ops_template.kmem_cachep) 3107 goto out; 3108 3109 ret = dst_entries_init(&ip6_dst_blackhole_ops); 3110 if (ret) 3111 goto out_kmem_cache; 3112 3113 ret = register_pernet_subsys(&ipv6_inetpeer_ops); 3114 if (ret) 3115 goto out_dst_entries; 3116 3117 ret = register_pernet_subsys(&ip6_route_net_ops); 3118 if (ret) 3119 goto out_register_inetpeer; 3120 3121 ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep; 3122 3123 /* Registering of the loopback is done before this portion of code, 3124 * the loopback reference in rt6_info will not be taken, do it 3125 * manually for init_net */ 3126 init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev; 3127 init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3128 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 3129 init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev; 3130 init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3131 init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; 3132 init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); 3133 #endif 3134 ret = fib6_init(); 3135 if (ret) 3136 goto out_register_subsys; 3137 3138 ret = xfrm6_init(); 3139 if (ret) 3140 goto out_fib6_init; 3141 3142 ret = fib6_rules_init(); 3143 if (ret) 3144 goto xfrm6_init; 3145 3146 ret = register_pernet_subsys(&ip6_route_net_late_ops); 3147 if (ret) 3148 goto fib6_rules_init; 3149 3150 ret = -ENOBUFS; 3151 if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, NULL) || 3152 __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, NULL) || 3153 __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL, NULL)) 3154 goto out_register_late_subsys; 3155 3156 ret = register_netdevice_notifier(&ip6_route_dev_notifier); 3157 if (ret) 3158 goto out_register_late_subsys; 3159 3160 out: 3161 return ret; 3162 3163 out_register_late_subsys: 3164 unregister_pernet_subsys(&ip6_route_net_late_ops); 3165 fib6_rules_init: 3166 fib6_rules_cleanup(); 3167 xfrm6_init: 3168 xfrm6_fini(); 3169 out_fib6_init: 3170 fib6_gc_cleanup(); 3171 out_register_subsys: 3172 unregister_pernet_subsys(&ip6_route_net_ops); 3173 out_register_inetpeer: 3174 unregister_pernet_subsys(&ipv6_inetpeer_ops); 3175 out_dst_entries: 3176 dst_entries_destroy(&ip6_dst_blackhole_ops); 3177 out_kmem_cache: 3178 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); 3179 goto out; 3180 } 3181 3182 void ip6_route_cleanup(void) 3183 { 3184 unregister_netdevice_notifier(&ip6_route_dev_notifier); 3185 unregister_pernet_subsys(&ip6_route_net_late_ops); 3186 fib6_rules_cleanup(); 3187 xfrm6_fini(); 3188 fib6_gc_cleanup(); 3189 unregister_pernet_subsys(&ipv6_inetpeer_ops); 3190 unregister_pernet_subsys(&ip6_route_net_ops); 3191 dst_entries_destroy(&ip6_dst_blackhole_ops); 3192 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep); 3193 } 3194