projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vti6: better validate user provided tunnel names
[GitHub/LineageOS/android_kernel_motorola_exynos9610.git] / net / ipv6 / route.c
1 /*
2 * Linux INET6 implementation
3 * FIB front-end.
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 */
13
14 /* Changes:
15 *
16 * YOSHIFUJI Hideaki @USAGI
17 * reworked default router selection.
18 * - respect outgoing interface
19 * - select from (probably) reachable routers (i.e.
20 * routers in REACHABLE, STALE, DELAY or PROBE states).
21 * - always select the same router if it is (probably)
22 * reachable. otherwise, round-robin the list.
23 * Ville Nuorvala
24 * Fixed routing subtrees.
25 */
26
27 #define pr_fmt(fmt) "IPv6: " fmt
28
29 #include <linux/capability.h>
30 #include <linux/errno.h>
31 #include <linux/export.h>
32 #include <linux/types.h>
33 #include <linux/times.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/net.h>
37 #include <linux/route.h>
38 #include <linux/netdevice.h>
39 #include <linux/in6.h>
40 #include <linux/mroute6.h>
41 #include <linux/init.h>
42 #include <linux/if_arp.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <linux/nsproxy.h>
46 #include <linux/slab.h>
47 #include <net/net_namespace.h>
48 #include <net/snmp.h>
49 #include <net/ipv6.h>
50 #include <net/ip6_fib.h>
51 #include <net/ip6_route.h>
52 #include <net/ndisc.h>
53 #include <net/addrconf.h>
54 #include <net/tcp.h>
55 #include <linux/rtnetlink.h>
56 #include <net/dst.h>
57 #include <net/dst_metadata.h>
58 #include <net/xfrm.h>
59 #include <net/netevent.h>
60 #include <net/netlink.h>
61 #include <net/nexthop.h>
62 #include <net/lwtunnel.h>
63 #include <net/ip_tunnels.h>
64 #include <net/l3mdev.h>
65 #include <trace/events/fib6.h>
66
67 #include <linux/uaccess.h>
68
69 #ifdef CONFIG_SYSCTL
70 #include <linux/sysctl.h>
71 #endif
72
73 enum rt6_nud_state {
74 RT6_NUD_FAIL_HARD = -3,
75 RT6_NUD_FAIL_PROBE = -2,
76 RT6_NUD_FAIL_DO_RR = -1,
77 RT6_NUD_SUCCEED = 1
78 };
79
80 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort);
81 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie);
82 static unsigned int ip6_default_advmss(const struct dst_entry *dst);
83 static unsigned int ip6_mtu(const struct dst_entry *dst);
84 static struct dst_entry *ip6_negative_advice(struct dst_entry *);
85 static void ip6_dst_destroy(struct dst_entry *);
86 static void ip6_dst_ifdown(struct dst_entry *,
87 struct net_device *dev, int how);
88 static int ip6_dst_gc(struct dst_ops *ops);
89
90 static int ip6_pkt_discard(struct sk_buff *skb);
91 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
92 static int ip6_pkt_prohibit(struct sk_buff *skb);
93 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
94 static void ip6_link_failure(struct sk_buff *skb);
95 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
96 struct sk_buff *skb, u32 mtu);
97 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk,
98 struct sk_buff *skb);
99 static void rt6_dst_from_metrics_check(struct rt6_info *rt);
100 static int rt6_score_route(struct rt6_info *rt, int oif, int strict);
101 static size_t rt6_nlmsg_size(struct rt6_info *rt);
102 static int rt6_fill_node(struct net *net,
103 struct sk_buff *skb, struct rt6_info *rt,
104 struct in6_addr *dst, struct in6_addr *src,
105 int iif, int type, u32 portid, u32 seq,
106 unsigned int flags);
107
108 #ifdef CONFIG_IPV6_ROUTE_INFO
109 static struct rt6_info *rt6_add_route_info(struct net *net,
110 const struct in6_addr *prefix, int prefixlen,
111 const struct in6_addr *gwaddr,
112 struct net_device *dev,
113 unsigned int pref);
114 static struct rt6_info *rt6_get_route_info(struct net *net,
115 const struct in6_addr *prefix, int prefixlen,
116 const struct in6_addr *gwaddr,
117 struct net_device *dev);
118 #endif
119
120 struct uncached_list {
121 spinlock_t lock;
122 struct list_head head;
123 };
124
125 static DEFINE_PER_CPU_ALIGNED(struct uncached_list, rt6_uncached_list);
126
127 static void rt6_uncached_list_add(struct rt6_info *rt)
128 {
129 struct uncached_list *ul = raw_cpu_ptr(&rt6_uncached_list);
130
131 rt->rt6i_uncached_list = ul;
132
133 spin_lock_bh(&ul->lock);
134 list_add_tail(&rt->rt6i_uncached, &ul->head);
135 spin_unlock_bh(&ul->lock);
136 }
137
138 static void rt6_uncached_list_del(struct rt6_info *rt)
139 {
140 if (!list_empty(&rt->rt6i_uncached)) {
141 struct uncached_list *ul = rt->rt6i_uncached_list;
142
143 spin_lock_bh(&ul->lock);
144 list_del(&rt->rt6i_uncached);
145 spin_unlock_bh(&ul->lock);
146 }
147 }
148
149 static void rt6_uncached_list_flush_dev(struct net *net, struct net_device *dev)
150 {
151 struct net_device *loopback_dev = net->loopback_dev;
152 int cpu;
153
154 if (dev == loopback_dev)
155 return;
156
157 for_each_possible_cpu(cpu) {
158 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
159 struct rt6_info *rt;
160
161 spin_lock_bh(&ul->lock);
162 list_for_each_entry(rt, &ul->head, rt6i_uncached) {
163 struct inet6_dev *rt_idev = rt->rt6i_idev;
164 struct net_device *rt_dev = rt->dst.dev;
165
166 if (rt_idev->dev == dev) {
167 rt->rt6i_idev = in6_dev_get(loopback_dev);
168 in6_dev_put(rt_idev);
169 }
170
171 if (rt_dev == dev) {
172 rt->dst.dev = loopback_dev;
173 dev_hold(rt->dst.dev);
174 dev_put(rt_dev);
175 }
176 }
177 spin_unlock_bh(&ul->lock);
178 }
179 }
180
181 static u32 *rt6_pcpu_cow_metrics(struct rt6_info *rt)
182 {
183 return dst_metrics_write_ptr(rt->dst.from);
184 }
185
186 static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old)
187 {
188 struct rt6_info *rt = (struct rt6_info *)dst;
189
190 if (rt->rt6i_flags & RTF_PCPU)
191 return rt6_pcpu_cow_metrics(rt);
192 else if (rt->rt6i_flags & RTF_CACHE)
193 return NULL;
194 else
195 return dst_cow_metrics_generic(dst, old);
196 }
197
198 static inline const void *choose_neigh_daddr(struct rt6_info *rt,
199 struct sk_buff *skb,
200 const void *daddr)
201 {
202 struct in6_addr *p = &rt->rt6i_gateway;
203
204 if (!ipv6_addr_any(p))
205 return (const void *) p;
206 else if (skb)
207 return &ipv6_hdr(skb)->daddr;
208 return daddr;
209 }
210
211 static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst,
212 struct sk_buff *skb,
213 const void *daddr)
214 {
215 struct rt6_info *rt = (struct rt6_info *) dst;
216 struct neighbour *n;
217
218 daddr = choose_neigh_daddr(rt, skb, daddr);
219 n = __ipv6_neigh_lookup(dst->dev, daddr);
220 if (n)
221 return n;
222 return neigh_create(&nd_tbl, daddr, dst->dev);
223 }
224
225 static void ip6_confirm_neigh(const struct dst_entry *dst, const void *daddr)
226 {
227 struct net_device *dev = dst->dev;
228 struct rt6_info *rt = (struct rt6_info *)dst;
229
230 daddr = choose_neigh_daddr(rt, NULL, daddr);
231 if (!daddr)
232 return;
233 if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))
234 return;
235 if (ipv6_addr_is_multicast((const struct in6_addr *)daddr))
236 return;
237 __ipv6_confirm_neigh(dev, daddr);
238 }
239
240 static struct dst_ops ip6_dst_ops_template = {
241 .family = AF_INET6,
242 .gc = ip6_dst_gc,
243 .gc_thresh = 1024,
244 .check = ip6_dst_check,
245 .default_advmss = ip6_default_advmss,
246 .mtu = ip6_mtu,
247 .cow_metrics = ipv6_cow_metrics,
248 .destroy = ip6_dst_destroy,
249 .ifdown = ip6_dst_ifdown,
250 .negative_advice = ip6_negative_advice,
251 .link_failure = ip6_link_failure,
252 .update_pmtu = ip6_rt_update_pmtu,
253 .redirect = rt6_do_redirect,
254 .local_out = __ip6_local_out,
255 .neigh_lookup = ip6_neigh_lookup,
256 .confirm_neigh = ip6_confirm_neigh,
257 };
258
259 static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst)
260 {
261 unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
262
263 return mtu ? : dst->dev->mtu;
264 }
265
266 static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
267 struct sk_buff *skb, u32 mtu)
268 {
269 }
270
271 static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
272 struct sk_buff *skb)
273 {
274 }
275
276 static struct dst_ops ip6_dst_blackhole_ops = {
277 .family = AF_INET6,
278 .destroy = ip6_dst_destroy,
279 .check = ip6_dst_check,
280 .mtu = ip6_blackhole_mtu,
281 .default_advmss = ip6_default_advmss,
282 .update_pmtu = ip6_rt_blackhole_update_pmtu,
283 .redirect = ip6_rt_blackhole_redirect,
284 .cow_metrics = dst_cow_metrics_generic,
285 .neigh_lookup = ip6_neigh_lookup,
286 };
287
288 static const u32 ip6_template_metrics[RTAX_MAX] = {
289 [RTAX_HOPLIMIT - 1] = 0,
290 };
291
292 static const struct rt6_info ip6_null_entry_template = {
293 .dst = {
294 .__refcnt = ATOMIC_INIT(1),
295 .__use = 1,
296 .obsolete = DST_OBSOLETE_FORCE_CHK,
297 .error = -ENETUNREACH,
298 .input = ip6_pkt_discard,
299 .output = ip6_pkt_discard_out,
300 },
301 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
302 .rt6i_protocol = RTPROT_KERNEL,
303 .rt6i_metric = ~(u32) 0,
304 .rt6i_ref = ATOMIC_INIT(1),
305 };
306
307 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
308
309 static const struct rt6_info ip6_prohibit_entry_template = {
310 .dst = {
311 .__refcnt = ATOMIC_INIT(1),
312 .__use = 1,
313 .obsolete = DST_OBSOLETE_FORCE_CHK,
314 .error = -EACCES,
315 .input = ip6_pkt_prohibit,
316 .output = ip6_pkt_prohibit_out,
317 },
318 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
319 .rt6i_protocol = RTPROT_KERNEL,
320 .rt6i_metric = ~(u32) 0,
321 .rt6i_ref = ATOMIC_INIT(1),
322 };
323
324 static const struct rt6_info ip6_blk_hole_entry_template = {
325 .dst = {
326 .__refcnt = ATOMIC_INIT(1),
327 .__use = 1,
328 .obsolete = DST_OBSOLETE_FORCE_CHK,
329 .error = -EINVAL,
330 .input = dst_discard,
331 .output = dst_discard_out,
332 },
333 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
334 .rt6i_protocol = RTPROT_KERNEL,
335 .rt6i_metric = ~(u32) 0,
336 .rt6i_ref = ATOMIC_INIT(1),
337 };
338
339 #endif
340
341 static void rt6_info_init(struct rt6_info *rt)
342 {
343 struct dst_entry *dst = &rt->dst;
344
345 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
346 INIT_LIST_HEAD(&rt->rt6i_siblings);
347 INIT_LIST_HEAD(&rt->rt6i_uncached);
348 }
349
350 /* allocate dst with ip6_dst_ops */
351 static struct rt6_info *__ip6_dst_alloc(struct net *net,
352 struct net_device *dev,
353 int flags)
354 {
355 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
356 1, DST_OBSOLETE_FORCE_CHK, flags);
357
358 if (rt)
359 rt6_info_init(rt);
360
361 return rt;
362 }
363
364 struct rt6_info *ip6_dst_alloc(struct net *net,
365 struct net_device *dev,
366 int flags)
367 {
368 struct rt6_info *rt = __ip6_dst_alloc(net, dev, flags);
369
370 if (rt) {
371 rt->rt6i_pcpu = alloc_percpu_gfp(struct rt6_info *, GFP_ATOMIC);
372 if (rt->rt6i_pcpu) {
373 int cpu;
374
375 for_each_possible_cpu(cpu) {
376 struct rt6_info **p;
377
378 p = per_cpu_ptr(rt->rt6i_pcpu, cpu);
379 /* no one shares rt */
380 *p = NULL;
381 }
382 } else {
383 dst_release_immediate(&rt->dst);
384 return NULL;
385 }
386 }
387
388 return rt;
389 }
390 EXPORT_SYMBOL(ip6_dst_alloc);
391
392 static void ip6_dst_destroy(struct dst_entry *dst)
393 {
394 struct rt6_info *rt = (struct rt6_info *)dst;
395 struct dst_entry *from = dst->from;
396 struct inet6_dev *idev;
397
398 dst_destroy_metrics_generic(dst);
399 free_percpu(rt->rt6i_pcpu);
400 rt6_uncached_list_del(rt);
401
402 idev = rt->rt6i_idev;
403 if (idev) {
404 rt->rt6i_idev = NULL;
405 in6_dev_put(idev);
406 }
407
408 dst->from = NULL;
409 dst_release(from);
410 }
411
412 static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
413 int how)
414 {
415 struct rt6_info *rt = (struct rt6_info *)dst;
416 struct inet6_dev *idev = rt->rt6i_idev;
417 struct net_device *loopback_dev =
418 dev_net(dev)->loopback_dev;
419
420 if (idev && idev->dev != loopback_dev) {
421 struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev);
422 if (loopback_idev) {
423 rt->rt6i_idev = loopback_idev;
424 in6_dev_put(idev);
425 }
426 }
427 }
428
429 static bool __rt6_check_expired(const struct rt6_info *rt)
430 {
431 if (rt->rt6i_flags & RTF_EXPIRES)
432 return time_after(jiffies, rt->dst.expires);
433 else
434 return false;
435 }
436
437 static bool rt6_check_expired(const struct rt6_info *rt)
438 {
439 if (rt->rt6i_flags & RTF_EXPIRES) {
440 if (time_after(jiffies, rt->dst.expires))
441 return true;
442 } else if (rt->dst.from) {
443 return rt->dst.obsolete != DST_OBSOLETE_FORCE_CHK ||
444 rt6_check_expired((struct rt6_info *)rt->dst.from);
445 }
446 return false;
447 }
448
449 static struct rt6_info *rt6_multipath_select(struct rt6_info *match,
450 struct flowi6 *fl6, int oif,
451 int strict)
452 {
453 struct rt6_info *sibling, *next_sibling;
454 int route_choosen;
455
456 /* We might have already computed the hash for ICMPv6 errors. In such
457 * case it will always be non-zero. Otherwise now is the time to do it.
458 */
459 if (!fl6->mp_hash)
460 fl6->mp_hash = rt6_multipath_hash(fl6, NULL);
461
462 route_choosen = fl6->mp_hash % (match->rt6i_nsiblings + 1);
463 /* Don't change the route, if route_choosen == 0
464 * (siblings does not include ourself)
465 */
466 if (route_choosen)
467 list_for_each_entry_safe(sibling, next_sibling,
468 &match->rt6i_siblings, rt6i_siblings) {
469 route_choosen--;
470 if (route_choosen == 0) {
471 if (rt6_score_route(sibling, oif, strict) < 0)
472 break;
473 match = sibling;
474 break;
475 }
476 }
477 return match;
478 }
479
480 /*
481 * Route lookup. Any table->tb6_lock is implied.
482 */
483
484 static inline struct rt6_info *rt6_device_match(struct net *net,
485 struct rt6_info *rt,
486 const struct in6_addr *saddr,
487 int oif,
488 int flags)
489 {
490 struct rt6_info *local = NULL;
491 struct rt6_info *sprt;
492
493 if (!oif && ipv6_addr_any(saddr))
494 goto out;
495
496 for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) {
497 struct net_device *dev = sprt->dst.dev;
498
499 if (oif) {
500 if (dev->ifindex == oif)
501 return sprt;
502 if (dev->flags & IFF_LOOPBACK) {
503 if (!sprt->rt6i_idev ||
504 sprt->rt6i_idev->dev->ifindex != oif) {
505 if (flags & RT6_LOOKUP_F_IFACE)
506 continue;
507 if (local &&
508 local->rt6i_idev->dev->ifindex == oif)
509 continue;
510 }
511 local = sprt;
512 }
513 } else {
514 if (ipv6_chk_addr(net, saddr, dev,
515 flags & RT6_LOOKUP_F_IFACE))
516 return sprt;
517 }
518 }
519
520 if (oif) {
521 if (local)
522 return local;
523
524 if (flags & RT6_LOOKUP_F_IFACE)
525 return net->ipv6.ip6_null_entry;
526 }
527 out:
528 return rt;
529 }
530
531 #ifdef CONFIG_IPV6_ROUTER_PREF
532 struct __rt6_probe_work {
533 struct work_struct work;
534 struct in6_addr target;
535 struct net_device *dev;
536 };
537
538 static void rt6_probe_deferred(struct work_struct *w)
539 {
540 struct in6_addr mcaddr;
541 struct __rt6_probe_work *work =
542 container_of(w, struct __rt6_probe_work, work);
543
544 addrconf_addr_solict_mult(&work->target, &mcaddr);
545 ndisc_send_ns(work->dev, &work->target, &mcaddr, NULL, 0);
546 dev_put(work->dev);
547 kfree(work);
548 }
549
550 static void rt6_probe(struct rt6_info *rt)
551 {
552 struct __rt6_probe_work *work;
553 struct neighbour *neigh;
554 /*
555 * Okay, this does not seem to be appropriate
556 * for now, however, we need to check if it
557 * is really so; aka Router Reachability Probing.
558 *
559 * Router Reachability Probe MUST be rate-limited
560 * to no more than one per minute.
561 */
562 if (!rt || !(rt->rt6i_flags & RTF_GATEWAY))
563 return;
564 rcu_read_lock_bh();
565 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
566 if (neigh) {
567 if (neigh->nud_state & NUD_VALID)
568 goto out;
569
570 work = NULL;
571 write_lock(&neigh->lock);
572 if (!(neigh->nud_state & NUD_VALID) &&
573 time_after(jiffies,
574 neigh->updated +
575 rt->rt6i_idev->cnf.rtr_probe_interval)) {
576 work = kmalloc(sizeof(*work), GFP_ATOMIC);
577 if (work)
578 __neigh_set_probe_once(neigh);
579 }
580 write_unlock(&neigh->lock);
581 } else {
582 work = kmalloc(sizeof(*work), GFP_ATOMIC);
583 }
584
585 if (work) {
586 INIT_WORK(&work->work, rt6_probe_deferred);
587 work->target = rt->rt6i_gateway;
588 dev_hold(rt->dst.dev);
589 work->dev = rt->dst.dev;
590 schedule_work(&work->work);
591 }
592
593 out:
594 rcu_read_unlock_bh();
595 }
596 #else
597 static inline void rt6_probe(struct rt6_info *rt)
598 {
599 }
600 #endif
601
602 /*
603 * Default Router Selection (RFC 2461 6.3.6)
604 */
605 static inline int rt6_check_dev(struct rt6_info *rt, int oif)
606 {
607 struct net_device *dev = rt->dst.dev;
608 if (!oif || dev->ifindex == oif)
609 return 2;
610 if ((dev->flags & IFF_LOOPBACK) &&
611 rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif)
612 return 1;
613 return 0;
614 }
615
616 static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt)
617 {
618 struct neighbour *neigh;
619 enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
620
621 if (rt->rt6i_flags & RTF_NONEXTHOP ||
622 !(rt->rt6i_flags & RTF_GATEWAY))
623 return RT6_NUD_SUCCEED;
624
625 rcu_read_lock_bh();
626 neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
627 if (neigh) {
628 read_lock(&neigh->lock);
629 if (neigh->nud_state & NUD_VALID)
630 ret = RT6_NUD_SUCCEED;
631 #ifdef CONFIG_IPV6_ROUTER_PREF
632 else if (!(neigh->nud_state & NUD_FAILED))
633 ret = RT6_NUD_SUCCEED;
634 else
635 ret = RT6_NUD_FAIL_PROBE;
636 #endif
637 read_unlock(&neigh->lock);
638 } else {
639 ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ?
640 RT6_NUD_SUCCEED : RT6_NUD_FAIL_DO_RR;
641 }
642 rcu_read_unlock_bh();
643
644 return ret;
645 }
646
647 static int rt6_score_route(struct rt6_info *rt, int oif,
648 int strict)
649 {
650 int m;
651
652 m = rt6_check_dev(rt, oif);
653 if (!m && (strict & RT6_LOOKUP_F_IFACE))
654 return RT6_NUD_FAIL_HARD;
655 #ifdef CONFIG_IPV6_ROUTER_PREF
656 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
657 #endif
658 if (strict & RT6_LOOKUP_F_REACHABLE) {
659 int n = rt6_check_neigh(rt);
660 if (n < 0)
661 return n;
662 }
663 return m;
664 }
665
666 static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict,
667 int *mpri, struct rt6_info *match,
668 bool *do_rr)
669 {
670 int m;
671 bool match_do_rr = false;
672 struct inet6_dev *idev = rt->rt6i_idev;
673 struct net_device *dev = rt->dst.dev;
674
675 if (dev && !netif_carrier_ok(dev) &&
676 idev->cnf.ignore_routes_with_linkdown &&
677 !(strict & RT6_LOOKUP_F_IGNORE_LINKSTATE))
678 goto out;
679
680 if (rt6_check_expired(rt))
681 goto out;
682
683 m = rt6_score_route(rt, oif, strict);
684 if (m == RT6_NUD_FAIL_DO_RR) {
685 match_do_rr = true;
686 m = 0; /* lowest valid score */
687 } else if (m == RT6_NUD_FAIL_HARD) {
688 goto out;
689 }
690
691 if (strict & RT6_LOOKUP_F_REACHABLE)
692 rt6_probe(rt);
693
694 /* note that m can be RT6_NUD_FAIL_PROBE at this point */
695 if (m > *mpri) {
696 *do_rr = match_do_rr;
697 *mpri = m;
698 match = rt;
699 }
700 out:
701 return match;
702 }
703
704 static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
705 struct rt6_info *rr_head,
706 u32 metric, int oif, int strict,
707 bool *do_rr)
708 {
709 struct rt6_info *rt, *match, *cont;
710 int mpri = -1;
711
712 match = NULL;
713 cont = NULL;
714 for (rt = rr_head; rt; rt = rt->dst.rt6_next) {
715 if (rt->rt6i_metric != metric) {
716 cont = rt;
717 break;
718 }
719
720 match = find_match(rt, oif, strict, &mpri, match, do_rr);
721 }
722
723 for (rt = fn->leaf; rt && rt != rr_head; rt = rt->dst.rt6_next) {
724 if (rt->rt6i_metric != metric) {
725 cont = rt;
726 break;
727 }
728
729 match = find_match(rt, oif, strict, &mpri, match, do_rr);
730 }
731
732 if (match || !cont)
733 return match;
734
735 for (rt = cont; rt; rt = rt->dst.rt6_next)
736 match = find_match(rt, oif, strict, &mpri, match, do_rr);
737
738 return match;
739 }
740
741 static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
742 {
743 struct rt6_info *match, *rt0;
744 struct net *net;
745 bool do_rr = false;
746
747 rt0 = fn->rr_ptr;
748 if (!rt0)
749 fn->rr_ptr = rt0 = fn->leaf;
750
751 match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict,
752 &do_rr);
753
754 if (do_rr) {
755 struct rt6_info *next = rt0->dst.rt6_next;
756
757 /* no entries matched; do round-robin */
758 if (!next || next->rt6i_metric != rt0->rt6i_metric)
759 next = fn->leaf;
760
761 if (next != rt0)
762 fn->rr_ptr = next;
763 }
764
765 net = dev_net(rt0->dst.dev);
766 return match ? match : net->ipv6.ip6_null_entry;
767 }
768
769 static bool rt6_is_gw_or_nonexthop(const struct rt6_info *rt)
770 {
771 return (rt->rt6i_flags & (RTF_NONEXTHOP | RTF_GATEWAY));
772 }
773
774 #ifdef CONFIG_IPV6_ROUTE_INFO
775 int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
776 const struct in6_addr *gwaddr)
777 {
778 struct net *net = dev_net(dev);
779 struct route_info *rinfo = (struct route_info *) opt;
780 struct in6_addr prefix_buf, *prefix;
781 unsigned int pref;
782 unsigned long lifetime;
783 struct rt6_info *rt;
784
785 if (len < sizeof(struct route_info)) {
786 return -EINVAL;
787 }
788
789 /* Sanity check for prefix_len and length */
790 if (rinfo->length > 3) {
791 return -EINVAL;
792 } else if (rinfo->prefix_len > 128) {
793 return -EINVAL;
794 } else if (rinfo->prefix_len > 64) {
795 if (rinfo->length < 2) {
796 return -EINVAL;
797 }
798 } else if (rinfo->prefix_len > 0) {
799 if (rinfo->length < 1) {
800 return -EINVAL;
801 }
802 }
803
804 pref = rinfo->route_pref;
805 if (pref == ICMPV6_ROUTER_PREF_INVALID)
806 return -EINVAL;
807
808 lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ);
809
810 if (rinfo->length == 3)
811 prefix = (struct in6_addr *)rinfo->prefix;
812 else {
813 /* this function is safe */
814 ipv6_addr_prefix(&prefix_buf,
815 (struct in6_addr *)rinfo->prefix,
816 rinfo->prefix_len);
817 prefix = &prefix_buf;
818 }
819
820 if (rinfo->prefix_len == 0)
821 rt = rt6_get_dflt_router(gwaddr, dev);
822 else
823 rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
824 gwaddr, dev);
825
826 if (rt && !lifetime) {
827 ip6_del_rt(rt);
828 rt = NULL;
829 }
830
831 if (!rt && lifetime)
832 rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr,
833 dev, pref);
834 else if (rt)
835 rt->rt6i_flags = RTF_ROUTEINFO |
836 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
837
838 if (rt) {
839 if (!addrconf_finite_timeout(lifetime))
840 rt6_clean_expires(rt);
841 else
842 rt6_set_expires(rt, jiffies + HZ * lifetime);
843
844 ip6_rt_put(rt);
845 }
846 return 0;
847 }
848 #endif
849
850 static struct fib6_node* fib6_backtrack(struct fib6_node *fn,
851 struct in6_addr *saddr)
852 {
853 struct fib6_node *pn;
854 while (1) {
855 if (fn->fn_flags & RTN_TL_ROOT)
856 return NULL;
857 pn = fn->parent;
858 if (FIB6_SUBTREE(pn) && FIB6_SUBTREE(pn) != fn)
859 fn = fib6_lookup(FIB6_SUBTREE(pn), NULL, saddr);
860 else
861 fn = pn;
862 if (fn->fn_flags & RTN_RTINFO)
863 return fn;
864 }
865 }
866
867 static struct rt6_info *ip6_pol_route_lookup(struct net *net,
868 struct fib6_table *table,
869 struct flowi6 *fl6, int flags)
870 {
871 struct fib6_node *fn;
872 struct rt6_info *rt;
873
874 if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
875 flags &= ~RT6_LOOKUP_F_IFACE;
876
877 read_lock_bh(&table->tb6_lock);
878 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
879 restart:
880 rt = fn->leaf;
881 rt = rt6_device_match(net, rt, &fl6->saddr, fl6->flowi6_oif, flags);
882 if (rt->rt6i_nsiblings && fl6->flowi6_oif == 0)
883 rt = rt6_multipath_select(rt, fl6, fl6->flowi6_oif, flags);
884 if (rt == net->ipv6.ip6_null_entry) {
885 fn = fib6_backtrack(fn, &fl6->saddr);
886 if (fn)
887 goto restart;
888 }
889 dst_use(&rt->dst, jiffies);
890 read_unlock_bh(&table->tb6_lock);
891
892 trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
893
894 return rt;
895
896 }
897
898 struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6,
899 int flags)
900 {
901 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_lookup);
902 }
903 EXPORT_SYMBOL_GPL(ip6_route_lookup);
904
905 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
906 const struct in6_addr *saddr, int oif, int strict)
907 {
908 struct flowi6 fl6 = {
909 .flowi6_oif = oif,
910 .daddr = *daddr,
911 };
912 struct dst_entry *dst;
913 int flags = strict ? RT6_LOOKUP_F_IFACE : 0;
914
915 if (saddr) {
916 memcpy(&fl6.saddr, saddr, sizeof(*saddr));
917 flags |= RT6_LOOKUP_F_HAS_SADDR;
918 }
919
920 dst = fib6_rule_lookup(net, &fl6, flags, ip6_pol_route_lookup);
921 if (dst->error == 0)
922 return (struct rt6_info *) dst;
923
924 dst_release(dst);
925
926 return NULL;
927 }
928 EXPORT_SYMBOL(rt6_lookup);
929
930 /* ip6_ins_rt is called with FREE table->tb6_lock.
931 * It takes new route entry, the addition fails by any reason the
932 * route is released.
933 * Caller must hold dst before calling it.
934 */
935
936 static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info,
937 struct mx6_config *mxc,
938 struct netlink_ext_ack *extack)
939 {
940 int err;
941 struct fib6_table *table;
942
943 table = rt->rt6i_table;
944 write_lock_bh(&table->tb6_lock);
945 err = fib6_add(&table->tb6_root, rt, info, mxc, extack);
946 write_unlock_bh(&table->tb6_lock);
947
948 return err;
949 }
950
951 int ip6_ins_rt(struct rt6_info *rt)
952 {
953 struct nl_info info = { .nl_net = dev_net(rt->dst.dev), };
954 struct mx6_config mxc = { .mx = NULL, };
955
956 /* Hold dst to account for the reference from the fib6 tree */
957 dst_hold(&rt->dst);
958 return __ip6_ins_rt(rt, &info, &mxc, NULL);
959 }
960
961 /* called with rcu_lock held */
962 static struct net_device *ip6_rt_get_dev_rcu(struct rt6_info *rt)
963 {
964 struct net_device *dev = rt->dst.dev;
965
966 if (rt->rt6i_flags & (RTF_LOCAL | RTF_ANYCAST)) {
967 /* for copies of local routes, dst->dev needs to be the
968 * device if it is a master device, the master device if
969 * device is enslaved, and the loopback as the default
970 */
971 if (netif_is_l3_slave(dev) &&
972 !rt6_need_strict(&rt->rt6i_dst.addr))
973 dev = l3mdev_master_dev_rcu(dev);
974 else if (!netif_is_l3_master(dev))
975 dev = dev_net(dev)->loopback_dev;
976 /* last case is netif_is_l3_master(dev) is true in which
977 * case we want dev returned to be dev
978 */
979 }
980
981 return dev;
982 }
983
984 static struct rt6_info *ip6_rt_cache_alloc(struct rt6_info *ort,
985 const struct in6_addr *daddr,
986 const struct in6_addr *saddr)
987 {
988 struct net_device *dev;
989 struct rt6_info *rt;
990
991 /*
992 * Clone the route.
993 */
994
995 if (ort->rt6i_flags & (RTF_CACHE | RTF_PCPU))
996 ort = (struct rt6_info *)ort->dst.from;
997
998 rcu_read_lock();
999 dev = ip6_rt_get_dev_rcu(ort);
1000 rt = __ip6_dst_alloc(dev_net(dev), dev, 0);
1001 rcu_read_unlock();
1002 if (!rt)
1003 return NULL;
1004
1005 ip6_rt_copy_init(rt, ort);
1006 rt->rt6i_flags |= RTF_CACHE;
1007 rt->rt6i_metric = 0;
1008 rt->dst.flags |= DST_HOST;
1009 rt->rt6i_dst.addr = *daddr;
1010 rt->rt6i_dst.plen = 128;
1011
1012 if (!rt6_is_gw_or_nonexthop(ort)) {
1013 if (ort->rt6i_dst.plen != 128 &&
1014 ipv6_addr_equal(&ort->rt6i_dst.addr, daddr))
1015 rt->rt6i_flags |= RTF_ANYCAST;
1016 #ifdef CONFIG_IPV6_SUBTREES
1017 if (rt->rt6i_src.plen && saddr) {
1018 rt->rt6i_src.addr = *saddr;
1019 rt->rt6i_src.plen = 128;
1020 }
1021 #endif
1022 }
1023
1024 return rt;
1025 }
1026
1027 static struct rt6_info *ip6_rt_pcpu_alloc(struct rt6_info *rt)
1028 {
1029 struct net_device *dev;
1030 struct rt6_info *pcpu_rt;
1031
1032 rcu_read_lock();
1033 dev = ip6_rt_get_dev_rcu(rt);
1034 pcpu_rt = __ip6_dst_alloc(dev_net(dev), dev, rt->dst.flags);
1035 rcu_read_unlock();
1036 if (!pcpu_rt)
1037 return NULL;
1038 ip6_rt_copy_init(pcpu_rt, rt);
1039 pcpu_rt->rt6i_protocol = rt->rt6i_protocol;
1040 pcpu_rt->rt6i_flags |= RTF_PCPU;
1041 return pcpu_rt;
1042 }
1043
1044 /* It should be called with read_lock_bh(&tb6_lock) acquired */
1045 static struct rt6_info *rt6_get_pcpu_route(struct rt6_info *rt)
1046 {
1047 struct rt6_info *pcpu_rt, **p;
1048
1049 p = this_cpu_ptr(rt->rt6i_pcpu);
1050 pcpu_rt = *p;
1051
1052 if (pcpu_rt) {
1053 dst_hold(&pcpu_rt->dst);
1054 rt6_dst_from_metrics_check(pcpu_rt);
1055 }
1056 return pcpu_rt;
1057 }
1058
1059 static struct rt6_info *rt6_make_pcpu_route(struct rt6_info *rt)
1060 {
1061 struct fib6_table *table = rt->rt6i_table;
1062 struct rt6_info *pcpu_rt, *prev, **p;
1063
1064 pcpu_rt = ip6_rt_pcpu_alloc(rt);
1065 if (!pcpu_rt) {
1066 struct net *net = dev_net(rt->dst.dev);
1067
1068 dst_hold(&net->ipv6.ip6_null_entry->dst);
1069 return net->ipv6.ip6_null_entry;
1070 }
1071
1072 read_lock_bh(&table->tb6_lock);
1073 if (rt->rt6i_pcpu) {
1074 p = this_cpu_ptr(rt->rt6i_pcpu);
1075 prev = cmpxchg(p, NULL, pcpu_rt);
1076 if (prev) {
1077 /* If someone did it before us, return prev instead */
1078 dst_release_immediate(&pcpu_rt->dst);
1079 pcpu_rt = prev;
1080 }
1081 } else {
1082 /* rt has been removed from the fib6 tree
1083 * before we have a chance to acquire the read_lock.
1084 * In this case, don't brother to create a pcpu rt
1085 * since rt is going away anyway. The next
1086 * dst_check() will trigger a re-lookup.
1087 */
1088 dst_release_immediate(&pcpu_rt->dst);
1089 pcpu_rt = rt;
1090 }
1091 dst_hold(&pcpu_rt->dst);
1092 rt6_dst_from_metrics_check(pcpu_rt);
1093 read_unlock_bh(&table->tb6_lock);
1094 return pcpu_rt;
1095 }
1096
1097 struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
1098 int oif, struct flowi6 *fl6, int flags)
1099 {
1100 struct fib6_node *fn, *saved_fn;
1101 struct rt6_info *rt;
1102 int strict = 0;
1103
1104 strict |= flags & RT6_LOOKUP_F_IFACE;
1105 strict |= flags & RT6_LOOKUP_F_IGNORE_LINKSTATE;
1106 if (net->ipv6.devconf_all->forwarding == 0)
1107 strict |= RT6_LOOKUP_F_REACHABLE;
1108
1109 read_lock_bh(&table->tb6_lock);
1110
1111 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1112 saved_fn = fn;
1113
1114 if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
1115 oif = 0;
1116
1117 redo_rt6_select:
1118 rt = rt6_select(fn, oif, strict);
1119 if (rt->rt6i_nsiblings)
1120 rt = rt6_multipath_select(rt, fl6, oif, strict);
1121 if (rt == net->ipv6.ip6_null_entry) {
1122 fn = fib6_backtrack(fn, &fl6->saddr);
1123 if (fn)
1124 goto redo_rt6_select;
1125 else if (strict & RT6_LOOKUP_F_REACHABLE) {
1126 /* also consider unreachable route */
1127 strict &= ~RT6_LOOKUP_F_REACHABLE;
1128 fn = saved_fn;
1129 goto redo_rt6_select;
1130 }
1131 }
1132
1133
1134 if (rt == net->ipv6.ip6_null_entry || (rt->rt6i_flags & RTF_CACHE)) {
1135 dst_use(&rt->dst, jiffies);
1136 read_unlock_bh(&table->tb6_lock);
1137
1138 rt6_dst_from_metrics_check(rt);
1139
1140 trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
1141 return rt;
1142 } else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) &&
1143 !(rt->rt6i_flags & RTF_GATEWAY))) {
1144 /* Create a RTF_CACHE clone which will not be
1145 * owned by the fib6 tree. It is for the special case where
1146 * the daddr in the skb during the neighbor look-up is different
1147 * from the fl6->daddr used to look-up route here.
1148 */
1149
1150 struct rt6_info *uncached_rt;
1151
1152 dst_use(&rt->dst, jiffies);
1153 read_unlock_bh(&table->tb6_lock);
1154
1155 uncached_rt = ip6_rt_cache_alloc(rt, &fl6->daddr, NULL);
1156 dst_release(&rt->dst);
1157
1158 if (uncached_rt) {
1159 /* Uncached_rt's refcnt is taken during ip6_rt_cache_alloc()
1160 * No need for another dst_hold()
1161 */
1162 rt6_uncached_list_add(uncached_rt);
1163 } else {
1164 uncached_rt = net->ipv6.ip6_null_entry;
1165 dst_hold(&uncached_rt->dst);
1166 }
1167
1168 trace_fib6_table_lookup(net, uncached_rt, table->tb6_id, fl6);
1169 return uncached_rt;
1170
1171 } else {
1172 /* Get a percpu copy */
1173
1174 struct rt6_info *pcpu_rt;
1175
1176 rt->dst.lastuse = jiffies;
1177 rt->dst.__use++;
1178 pcpu_rt = rt6_get_pcpu_route(rt);
1179
1180 if (pcpu_rt) {
1181 read_unlock_bh(&table->tb6_lock);
1182 } else {
1183 /* We have to do the read_unlock first
1184 * because rt6_make_pcpu_route() may trigger
1185 * ip6_dst_gc() which will take the write_lock.
1186 */
1187 dst_hold(&rt->dst);
1188 read_unlock_bh(&table->tb6_lock);
1189 pcpu_rt = rt6_make_pcpu_route(rt);
1190 dst_release(&rt->dst);
1191 }
1192
1193 trace_fib6_table_lookup(net, pcpu_rt, table->tb6_id, fl6);
1194 return pcpu_rt;
1195
1196 }
1197 }
1198 EXPORT_SYMBOL_GPL(ip6_pol_route);
1199
1200 static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
1201 struct flowi6 *fl6, int flags)
1202 {
1203 return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags);
1204 }
1205
1206 struct dst_entry *ip6_route_input_lookup(struct net *net,
1207 struct net_device *dev,
1208 struct flowi6 *fl6, int flags)
1209 {
1210 if (rt6_need_strict(&fl6->daddr) && dev->type != ARPHRD_PIMREG)
1211 flags |= RT6_LOOKUP_F_IFACE;
1212
1213 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_input);
1214 }
1215 EXPORT_SYMBOL_GPL(ip6_route_input_lookup);
1216
1217 static void ip6_multipath_l3_keys(const struct sk_buff *skb,
1218 struct flow_keys *keys)
1219 {
1220 const struct ipv6hdr *outer_iph = ipv6_hdr(skb);
1221 const struct ipv6hdr *key_iph = outer_iph;
1222 const struct ipv6hdr *inner_iph;
1223 const struct icmp6hdr *icmph;
1224 struct ipv6hdr _inner_iph;
1225
1226 if (likely(outer_iph->nexthdr != IPPROTO_ICMPV6))
1227 goto out;
1228
1229 icmph = icmp6_hdr(skb);
1230 if (icmph->icmp6_type != ICMPV6_DEST_UNREACH &&
1231 icmph->icmp6_type != ICMPV6_PKT_TOOBIG &&
1232 icmph->icmp6_type != ICMPV6_TIME_EXCEED &&
1233 icmph->icmp6_type != ICMPV6_PARAMPROB)
1234 goto out;
1235
1236 inner_iph = skb_header_pointer(skb,
1237 skb_transport_offset(skb) + sizeof(*icmph),
1238 sizeof(_inner_iph), &_inner_iph);
1239 if (!inner_iph)
1240 goto out;
1241
1242 key_iph = inner_iph;
1243 out:
1244 memset(keys, 0, sizeof(*keys));
1245 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1246 keys->addrs.v6addrs.src = key_iph->saddr;
1247 keys->addrs.v6addrs.dst = key_iph->daddr;
1248 keys->tags.flow_label = ip6_flowinfo(key_iph);
1249 keys->basic.ip_proto = key_iph->nexthdr;
1250 }
1251
1252 /* if skb is set it will be used and fl6 can be NULL */
1253 u32 rt6_multipath_hash(const struct flowi6 *fl6, const struct sk_buff *skb)
1254 {
1255 struct flow_keys hash_keys;
1256
1257 if (skb) {
1258 ip6_multipath_l3_keys(skb, &hash_keys);
1259 return flow_hash_from_keys(&hash_keys);
1260 }
1261
1262 return get_hash_from_flowi6(fl6);
1263 }
1264
1265 void ip6_route_input(struct sk_buff *skb)
1266 {
1267 const struct ipv6hdr *iph = ipv6_hdr(skb);
1268 struct net *net = dev_net(skb->dev);
1269 int flags = RT6_LOOKUP_F_HAS_SADDR;
1270 struct ip_tunnel_info *tun_info;
1271 struct flowi6 fl6 = {
1272 .flowi6_iif = skb->dev->ifindex,
1273 .daddr = iph->daddr,
1274 .saddr = iph->saddr,
1275 .flowlabel = ip6_flowinfo(iph),
1276 .flowi6_mark = skb->mark,
1277 .flowi6_proto = iph->nexthdr,
1278 };
1279
1280 tun_info = skb_tunnel_info(skb);
1281 if (tun_info && !(tun_info->mode & IP_TUNNEL_INFO_TX))
1282 fl6.flowi6_tun_key.tun_id = tun_info->key.tun_id;
1283 if (unlikely(fl6.flowi6_proto == IPPROTO_ICMPV6))
1284 fl6.mp_hash = rt6_multipath_hash(&fl6, skb);
1285 skb_dst_drop(skb);
1286 skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags));
1287 }
1288
1289 static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
1290 struct flowi6 *fl6, int flags)
1291 {
1292 return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
1293 }
1294
1295 struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk,
1296 struct flowi6 *fl6, int flags)
1297 {
1298 bool any_src;
1299
1300 if (rt6_need_strict(&fl6->daddr)) {
1301 struct dst_entry *dst;
1302
1303 dst = l3mdev_link_scope_lookup(net, fl6);
1304 if (dst)
1305 return dst;
1306 }
1307
1308 fl6->flowi6_iif = LOOPBACK_IFINDEX;
1309
1310 any_src = ipv6_addr_any(&fl6->saddr);
1311 if ((sk && sk->sk_bound_dev_if) || rt6_need_strict(&fl6->daddr) ||
1312 (fl6->flowi6_oif && any_src))
1313 flags |= RT6_LOOKUP_F_IFACE;
1314
1315 if (!any_src)
1316 flags |= RT6_LOOKUP_F_HAS_SADDR;
1317 else if (sk)
1318 flags |= rt6_srcprefs2flags(inet6_sk(sk)->srcprefs);
1319
1320 return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output);
1321 }
1322 EXPORT_SYMBOL_GPL(ip6_route_output_flags);
1323
1324 struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
1325 {
1326 struct rt6_info *rt, *ort = (struct rt6_info *) dst_orig;
1327 struct net_device *loopback_dev = net->loopback_dev;
1328 struct dst_entry *new = NULL;
1329
1330 rt = dst_alloc(&ip6_dst_blackhole_ops, loopback_dev, 1,
1331 DST_OBSOLETE_DEAD, 0);
1332 if (rt) {
1333 rt6_info_init(rt);
1334
1335 new = &rt->dst;
1336 new->__use = 1;
1337 new->input = dst_discard;
1338 new->output = dst_discard_out;
1339
1340 dst_copy_metrics(new, &ort->dst);
1341
1342 rt->rt6i_idev = in6_dev_get(loopback_dev);
1343 rt->rt6i_gateway = ort->rt6i_gateway;
1344 rt->rt6i_flags = ort->rt6i_flags & ~RTF_PCPU;
1345 rt->rt6i_metric = 0;
1346
1347 memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key));
1348 #ifdef CONFIG_IPV6_SUBTREES
1349 memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key));
1350 #endif
1351 }
1352
1353 dst_release(dst_orig);
1354 return new ? new : ERR_PTR(-ENOMEM);
1355 }
1356
1357 /*
1358 * Destination cache support functions
1359 */
1360
1361 static void rt6_dst_from_metrics_check(struct rt6_info *rt)
1362 {
1363 if (rt->dst.from &&
1364 dst_metrics_ptr(&rt->dst) != dst_metrics_ptr(rt->dst.from))
1365 dst_init_metrics(&rt->dst, dst_metrics_ptr(rt->dst.from), true);
1366 }
1367
1368 static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie)
1369 {
1370 u32 rt_cookie = 0;
1371
1372 if (!rt6_get_cookie_safe(rt, &rt_cookie) || rt_cookie != cookie)
1373 return NULL;
1374
1375 if (rt6_check_expired(rt))
1376 return NULL;
1377
1378 return &rt->dst;
1379 }
1380
1381 static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie)
1382 {
1383 if (!__rt6_check_expired(rt) &&
1384 rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK &&
1385 rt6_check((struct rt6_info *)(rt->dst.from), cookie))
1386 return &rt->dst;
1387 else
1388 return NULL;
1389 }
1390
1391 static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
1392 {
1393 struct rt6_info *rt;
1394
1395 rt = (struct rt6_info *) dst;
1396
1397 /* All IPV6 dsts are created with ->obsolete set to the value
1398 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1399 * into this function always.
1400 */
1401
1402 rt6_dst_from_metrics_check(rt);
1403
1404 if (rt->rt6i_flags & RTF_PCPU ||
1405 (unlikely(!list_empty(&rt->rt6i_uncached)) && rt->dst.from))
1406 return rt6_dst_from_check(rt, cookie);
1407 else
1408 return rt6_check(rt, cookie);
1409 }
1410
1411 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
1412 {
1413 struct rt6_info *rt = (struct rt6_info *) dst;
1414
1415 if (rt) {
1416 if (rt->rt6i_flags & RTF_CACHE) {
1417 if (rt6_check_expired(rt)) {
1418 ip6_del_rt(rt);
1419 dst = NULL;
1420 }
1421 } else {
1422 dst_release(dst);
1423 dst = NULL;
1424 }
1425 }
1426 return dst;
1427 }
1428
1429 static void ip6_link_failure(struct sk_buff *skb)
1430 {
1431 struct rt6_info *rt;
1432
1433 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
1434
1435 rt = (struct rt6_info *) skb_dst(skb);
1436 if (rt) {
1437 if (rt->rt6i_flags & RTF_CACHE) {
1438 if (dst_hold_safe(&rt->dst))
1439 ip6_del_rt(rt);
1440 } else {
1441 struct fib6_node *fn;
1442
1443 rcu_read_lock();
1444 fn = rcu_dereference(rt->rt6i_node);
1445 if (fn && (rt->rt6i_flags & RTF_DEFAULT))
1446 fn->fn_sernum = -1;
1447 rcu_read_unlock();
1448 }
1449 }
1450 }
1451
1452 static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
1453 {
1454 struct net *net = dev_net(rt->dst.dev);
1455
1456 rt->rt6i_flags |= RTF_MODIFIED;
1457 rt->rt6i_pmtu = mtu;
1458 rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
1459 }
1460
1461 static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
1462 {
1463 return !(rt->rt6i_flags & RTF_CACHE) &&
1464 (rt->rt6i_flags & RTF_PCPU ||
1465 rcu_access_pointer(rt->rt6i_node));
1466 }
1467
1468 static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
1469 const struct ipv6hdr *iph, u32 mtu)
1470 {
1471 const struct in6_addr *daddr, *saddr;
1472 struct rt6_info *rt6 = (struct rt6_info *)dst;
1473
1474 if (rt6->rt6i_flags & RTF_LOCAL)
1475 return;
1476
1477 if (dst_metric_locked(dst, RTAX_MTU))
1478 return;
1479
1480 if (iph) {
1481 daddr = &iph->daddr;
1482 saddr = &iph->saddr;
1483 } else if (sk) {
1484 daddr = &sk->sk_v6_daddr;
1485 saddr = &inet6_sk(sk)->saddr;
1486 } else {
1487 daddr = NULL;
1488 saddr = NULL;
1489 }
1490 dst_confirm_neigh(dst, daddr);
1491 mtu = max_t(u32, mtu, IPV6_MIN_MTU);
1492 if (mtu >= dst_mtu(dst))
1493 return;
1494
1495 if (!rt6_cache_allowed_for_pmtu(rt6)) {
1496 rt6_do_update_pmtu(rt6, mtu);
1497 } else if (daddr) {
1498 struct rt6_info *nrt6;
1499
1500 nrt6 = ip6_rt_cache_alloc(rt6, daddr, saddr);
1501 if (nrt6) {
1502 rt6_do_update_pmtu(nrt6, mtu);
1503
1504 /* ip6_ins_rt(nrt6) will bump the
1505 * rt6->rt6i_node->fn_sernum
1506 * which will fail the next rt6_check() and
1507 * invalidate the sk->sk_dst_cache.
1508 */
1509 ip6_ins_rt(nrt6);
1510 /* Release the reference taken in
1511 * ip6_rt_cache_alloc()
1512 */
1513 dst_release(&nrt6->dst);
1514 }
1515 }
1516 }
1517
1518 static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
1519 struct sk_buff *skb, u32 mtu)
1520 {
1521 __ip6_rt_update_pmtu(dst, sk, skb ? ipv6_hdr(skb) : NULL, mtu);
1522 }
1523
1524 void ip6_update_pmtu(struct sk_buff *skb, struct net *net, __be32 mtu,
1525 int oif, u32 mark, kuid_t uid)
1526 {
1527 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1528 struct dst_entry *dst;
1529 struct flowi6 fl6;
1530
1531 memset(&fl6, 0, sizeof(fl6));
1532 fl6.flowi6_oif = oif;
1533 fl6.flowi6_mark = mark ? mark : IP6_REPLY_MARK(net, skb->mark);
1534 fl6.daddr = iph->daddr;
1535 fl6.saddr = iph->saddr;
1536 fl6.flowlabel = ip6_flowinfo(iph);
1537 fl6.flowi6_uid = uid;
1538
1539 dst = ip6_route_output(net, NULL, &fl6);
1540 if (!dst->error)
1541 __ip6_rt_update_pmtu(dst, NULL, iph, ntohl(mtu));
1542 dst_release(dst);
1543 }
1544 EXPORT_SYMBOL_GPL(ip6_update_pmtu);
1545
1546 void ip6_sk_update_pmtu(struct sk_buff *skb, struct sock *sk, __be32 mtu)
1547 {
1548 struct dst_entry *dst;
1549
1550 ip6_update_pmtu(skb, sock_net(sk), mtu,
1551 sk->sk_bound_dev_if, sk->sk_mark, sk->sk_uid);
1552
1553 dst = __sk_dst_get(sk);
1554 if (!dst || !dst->obsolete ||
1555 dst->ops->check(dst, inet6_sk(sk)->dst_cookie))
1556 return;
1557
1558 bh_lock_sock(sk);
1559 if (!sock_owned_by_user(sk) && !ipv6_addr_v4mapped(&sk->sk_v6_daddr))
1560 ip6_datagram_dst_update(sk, false);
1561 bh_unlock_sock(sk);
1562 }
1563 EXPORT_SYMBOL_GPL(ip6_sk_update_pmtu);
1564
1565 /* Handle redirects */
1566 struct ip6rd_flowi {
1567 struct flowi6 fl6;
1568 struct in6_addr gateway;
1569 };
1570
1571 static struct rt6_info *__ip6_route_redirect(struct net *net,
1572 struct fib6_table *table,
1573 struct flowi6 *fl6,
1574 int flags)
1575 {
1576 struct ip6rd_flowi *rdfl = (struct ip6rd_flowi *)fl6;
1577 struct rt6_info *rt;
1578 struct fib6_node *fn;
1579
1580 /* Get the "current" route for this destination and
1581 * check if the redirect has come from appropriate router.
1582 *
1583 * RFC 4861 specifies that redirects should only be
1584 * accepted if they come from the nexthop to the target.
1585 * Due to the way the routes are chosen, this notion
1586 * is a bit fuzzy and one might need to check all possible
1587 * routes.
1588 */
1589
1590 read_lock_bh(&table->tb6_lock);
1591 fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr);
1592 restart:
1593 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
1594 if (rt6_check_expired(rt))
1595 continue;
1596 if (rt->dst.error)
1597 break;
1598 if (!(rt->rt6i_flags & RTF_GATEWAY))
1599 continue;
1600 if (fl6->flowi6_oif != rt->dst.dev->ifindex)
1601 continue;
1602 if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway))
1603 continue;
1604 break;
1605 }
1606
1607 if (!rt)
1608 rt = net->ipv6.ip6_null_entry;
1609 else if (rt->dst.error) {
1610 rt = net->ipv6.ip6_null_entry;
1611 goto out;
1612 }
1613
1614 if (rt == net->ipv6.ip6_null_entry) {
1615 fn = fib6_backtrack(fn, &fl6->saddr);
1616 if (fn)
1617 goto restart;
1618 }
1619
1620 out:
1621 dst_hold(&rt->dst);
1622
1623 read_unlock_bh(&table->tb6_lock);
1624
1625 trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
1626 return rt;
1627 };
1628
1629 static struct dst_entry *ip6_route_redirect(struct net *net,
1630 const struct flowi6 *fl6,
1631 const struct in6_addr *gateway)
1632 {
1633 int flags = RT6_LOOKUP_F_HAS_SADDR;
1634 struct ip6rd_flowi rdfl;
1635
1636 rdfl.fl6 = *fl6;
1637 rdfl.gateway = *gateway;
1638
1639 return fib6_rule_lookup(net, &rdfl.fl6,
1640 flags, __ip6_route_redirect);
1641 }
1642
1643 void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark,
1644 kuid_t uid)
1645 {
1646 const struct ipv6hdr *iph = (struct ipv6hdr *) skb->data;
1647 struct dst_entry *dst;
1648 struct flowi6 fl6;
1649
1650 memset(&fl6, 0, sizeof(fl6));
1651 fl6.flowi6_iif = LOOPBACK_IFINDEX;
1652 fl6.flowi6_oif = oif;
1653 fl6.flowi6_mark = mark;
1654 fl6.daddr = iph->daddr;
1655 fl6.saddr = iph->saddr;
1656 fl6.flowlabel = ip6_flowinfo(iph);
1657 fl6.flowi6_uid = uid;
1658
1659 dst = ip6_route_redirect(net, &fl6, &ipv6_hdr(skb)->saddr);
1660 rt6_do_redirect(dst, NULL, skb);
1661 dst_release(dst);
1662 }
1663 EXPORT_SYMBOL_GPL(ip6_redirect);
1664
1665 void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
1666 u32 mark)
1667 {
1668 const struct ipv6hdr *iph = ipv6_hdr(skb);
1669 const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb);
1670 struct dst_entry *dst;
1671 struct flowi6 fl6;
1672
1673 memset(&fl6, 0, sizeof(fl6));
1674 fl6.flowi6_iif = LOOPBACK_IFINDEX;
1675 fl6.flowi6_oif = oif;
1676 fl6.flowi6_mark = mark;
1677 fl6.daddr = msg->dest;
1678 fl6.saddr = iph->daddr;
1679 fl6.flowi6_uid = sock_net_uid(net, NULL);
1680
1681 dst = ip6_route_redirect(net, &fl6, &iph->saddr);
1682 rt6_do_redirect(dst, NULL, skb);
1683 dst_release(dst);
1684 }
1685
1686 void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk)
1687 {
1688 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark,
1689 sk->sk_uid);
1690 }
1691 EXPORT_SYMBOL_GPL(ip6_sk_redirect);
1692
1693 static unsigned int ip6_default_advmss(const struct dst_entry *dst)
1694 {
1695 struct net_device *dev = dst->dev;
1696 unsigned int mtu = dst_mtu(dst);
1697 struct net *net = dev_net(dev);
1698
1699 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
1700
1701 if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
1702 mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
1703
1704 /*
1705 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
1706 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size.
1707 * IPV6_MAXPLEN is also valid and means: "any MSS,
1708 * rely only on pmtu discovery"
1709 */
1710 if (mtu > IPV6_MAXPLEN - sizeof(struct tcphdr))
1711 mtu = IPV6_MAXPLEN;
1712 return mtu;
1713 }
1714
1715 static unsigned int ip6_mtu(const struct dst_entry *dst)
1716 {
1717 const struct rt6_info *rt = (const struct rt6_info *)dst;
1718 unsigned int mtu = rt->rt6i_pmtu;
1719 struct inet6_dev *idev;
1720
1721 if (mtu)
1722 goto out;
1723
1724 mtu = dst_metric_raw(dst, RTAX_MTU);
1725 if (mtu)
1726 goto out;
1727
1728 mtu = IPV6_MIN_MTU;
1729
1730 rcu_read_lock();
1731 idev = __in6_dev_get(dst->dev);
1732 if (idev)
1733 mtu = idev->cnf.mtu6;
1734 rcu_read_unlock();
1735
1736 out:
1737 mtu = min_t(unsigned int, mtu, IP6_MAX_MTU);
1738
1739 return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
1740 }
1741
1742 struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
1743 struct flowi6 *fl6)
1744 {
1745 struct dst_entry *dst;
1746 struct rt6_info *rt;
1747 struct inet6_dev *idev = in6_dev_get(dev);
1748 struct net *net = dev_net(dev);
1749
1750 if (unlikely(!idev))
1751 return ERR_PTR(-ENODEV);
1752
1753 rt = ip6_dst_alloc(net, dev, 0);
1754 if (unlikely(!rt)) {
1755 in6_dev_put(idev);
1756 dst = ERR_PTR(-ENOMEM);
1757 goto out;
1758 }
1759
1760 rt->dst.flags |= DST_HOST;
1761 rt->dst.input = ip6_input;
1762 rt->dst.output = ip6_output;
1763 rt->rt6i_gateway = fl6->daddr;
1764 rt->rt6i_dst.addr = fl6->daddr;
1765 rt->rt6i_dst.plen = 128;
1766 rt->rt6i_idev = idev;
1767 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0);
1768
1769 /* Add this dst into uncached_list so that rt6_ifdown() can
1770 * do proper release of the net_device
1771 */
1772 rt6_uncached_list_add(rt);
1773
1774 dst = xfrm_lookup(net, &rt->dst, flowi6_to_flowi(fl6), NULL, 0);
1775
1776 out:
1777 return dst;
1778 }
1779
1780 static int ip6_dst_gc(struct dst_ops *ops)
1781 {
1782 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
1783 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
1784 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
1785 int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
1786 int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
1787 unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
1788 int entries;
1789
1790 entries = dst_entries_get_fast(ops);
1791 if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
1792 entries <= rt_max_size)
1793 goto out;
1794
1795 net->ipv6.ip6_rt_gc_expire++;
1796 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, true);
1797 entries = dst_entries_get_slow(ops);
1798 if (entries < ops->gc_thresh)
1799 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
1800 out:
1801 net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
1802 return entries > rt_max_size;
1803 }
1804
1805 static int ip6_convert_metrics(struct mx6_config *mxc,
1806 const struct fib6_config *cfg)
1807 {
1808 bool ecn_ca = false;
1809 struct nlattr *nla;
1810 int remaining;
1811 u32 *mp;
1812
1813 if (!cfg->fc_mx)
1814 return 0;
1815
1816 mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
1817 if (unlikely(!mp))
1818 return -ENOMEM;
1819
1820 nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) {
1821 int type = nla_type(nla);
1822 u32 val;
1823
1824 if (!type)
1825 continue;
1826 if (unlikely(type > RTAX_MAX))
1827 goto err;
1828
1829 if (type == RTAX_CC_ALGO) {
1830 char tmp[TCP_CA_NAME_MAX];
1831
1832 nla_strlcpy(tmp, nla, sizeof(tmp));
1833 val = tcp_ca_get_key_by_name(tmp, &ecn_ca);
1834 if (val == TCP_CA_UNSPEC)
1835 goto err;
1836 } else {
1837 val = nla_get_u32(nla);
1838 }
1839 if (type == RTAX_HOPLIMIT && val > 255)
1840 val = 255;
1841 if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
1842 goto err;
1843
1844 mp[type - 1] = val;
1845 __set_bit(type - 1, mxc->mx_valid);
1846 }
1847
1848 if (ecn_ca) {
1849 __set_bit(RTAX_FEATURES - 1, mxc->mx_valid);
1850 mp[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA;
1851 }
1852
1853 mxc->mx = mp;
1854 return 0;
1855 err:
1856 kfree(mp);
1857 return -EINVAL;
1858 }
1859
1860 static struct rt6_info *ip6_nh_lookup_table(struct net *net,
1861 struct fib6_config *cfg,
1862 const struct in6_addr *gw_addr)
1863 {
1864 struct flowi6 fl6 = {
1865 .flowi6_oif = cfg->fc_ifindex,
1866 .daddr = *gw_addr,
1867 .saddr = cfg->fc_prefsrc,
1868 };
1869 struct fib6_table *table;
1870 struct rt6_info *rt;
1871 int flags = RT6_LOOKUP_F_IFACE | RT6_LOOKUP_F_IGNORE_LINKSTATE;
1872
1873 table = fib6_get_table(net, cfg->fc_table);
1874 if (!table)
1875 return NULL;
1876
1877 if (!ipv6_addr_any(&cfg->fc_prefsrc))
1878 flags |= RT6_LOOKUP_F_HAS_SADDR;
1879
1880 rt = ip6_pol_route(net, table, cfg->fc_ifindex, &fl6, flags);
1881
1882 /* if table lookup failed, fall back to full lookup */
1883 if (rt == net->ipv6.ip6_null_entry) {
1884 ip6_rt_put(rt);
1885 rt = NULL;
1886 }
1887
1888 return rt;
1889 }
1890
1891 static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
1892 struct netlink_ext_ack *extack)
1893 {
1894 struct net *net = cfg->fc_nlinfo.nl_net;
1895 struct rt6_info *rt = NULL;
1896 struct net_device *dev = NULL;
1897 struct inet6_dev *idev = NULL;
1898 struct fib6_table *table;
1899 int addr_type;
1900 int err = -EINVAL;
1901
1902 /* RTF_PCPU is an internal flag; can not be set by userspace */
1903 if (cfg->fc_flags & RTF_PCPU) {
1904 NL_SET_ERR_MSG(extack, "Userspace can not set RTF_PCPU");
1905 goto out;
1906 }
1907
1908 if (cfg->fc_dst_len > 128) {
1909 NL_SET_ERR_MSG(extack, "Invalid prefix length");
1910 goto out;
1911 }
1912 if (cfg->fc_src_len > 128) {
1913 NL_SET_ERR_MSG(extack, "Invalid source address length");
1914 goto out;
1915 }
1916 #ifndef CONFIG_IPV6_SUBTREES
1917 if (cfg->fc_src_len) {
1918 NL_SET_ERR_MSG(extack,
1919 "Specifying source address requires IPV6_SUBTREES to be enabled");
1920 goto out;
1921 }
1922 #endif
1923 if (cfg->fc_ifindex) {
1924 err = -ENODEV;
1925 dev = dev_get_by_index(net, cfg->fc_ifindex);
1926 if (!dev)
1927 goto out;
1928 idev = in6_dev_get(dev);
1929 if (!idev)
1930 goto out;
1931 }
1932
1933 if (cfg->fc_metric == 0)
1934 cfg->fc_metric = IP6_RT_PRIO_USER;
1935
1936 err = -ENOBUFS;
1937 if (cfg->fc_nlinfo.nlh &&
1938 !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) {
1939 table = fib6_get_table(net, cfg->fc_table);
1940 if (!table) {
1941 pr_warn("NLM_F_CREATE should be specified when creating new route\n");
1942 table = fib6_new_table(net, cfg->fc_table);
1943 }
1944 } else {
1945 table = fib6_new_table(net, cfg->fc_table);
1946 }
1947
1948 if (!table)
1949 goto out;
1950
1951 rt = ip6_dst_alloc(net, NULL,
1952 (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT);
1953
1954 if (!rt) {
1955 err = -ENOMEM;
1956 goto out;
1957 }
1958
1959 if (cfg->fc_flags & RTF_EXPIRES)
1960 rt6_set_expires(rt, jiffies +
1961 clock_t_to_jiffies(cfg->fc_expires));
1962 else
1963 rt6_clean_expires(rt);
1964
1965 if (cfg->fc_protocol == RTPROT_UNSPEC)
1966 cfg->fc_protocol = RTPROT_BOOT;
1967 rt->rt6i_protocol = cfg->fc_protocol;
1968
1969 addr_type = ipv6_addr_type(&cfg->fc_dst);
1970
1971 if (addr_type & IPV6_ADDR_MULTICAST)
1972 rt->dst.input = ip6_mc_input;
1973 else if (cfg->fc_flags & RTF_LOCAL)
1974 rt->dst.input = ip6_input;
1975 else
1976 rt->dst.input = ip6_forward;
1977
1978 rt->dst.output = ip6_output;
1979
1980 if (cfg->fc_encap) {
1981 struct lwtunnel_state *lwtstate;
1982
1983 err = lwtunnel_build_state(cfg->fc_encap_type,
1984 cfg->fc_encap, AF_INET6, cfg,
1985 &lwtstate, extack);
1986 if (err)
1987 goto out;
1988 rt->dst.lwtstate = lwtstate_get(lwtstate);
1989 if (lwtunnel_output_redirect(rt->dst.lwtstate)) {
1990 rt->dst.lwtstate->orig_output = rt->dst.output;
1991 rt->dst.output = lwtunnel_output;
1992 }
1993 if (lwtunnel_input_redirect(rt->dst.lwtstate)) {
1994 rt->dst.lwtstate->orig_input = rt->dst.input;
1995 rt->dst.input = lwtunnel_input;
1996 }
1997 }
1998
1999 ipv6_addr_prefix(&rt->rt6i_dst.addr, &cfg->fc_dst, cfg->fc_dst_len);
2000 rt->rt6i_dst.plen = cfg->fc_dst_len;
2001 if (rt->rt6i_dst.plen == 128)
2002 rt->dst.flags |= DST_HOST;
2003
2004 #ifdef CONFIG_IPV6_SUBTREES
2005 ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len);
2006 rt->rt6i_src.plen = cfg->fc_src_len;
2007 #endif
2008
2009 rt->rt6i_metric = cfg->fc_metric;
2010
2011 /* We cannot add true routes via loopback here,
2012 they would result in kernel looping; promote them to reject routes
2013 */
2014 if ((cfg->fc_flags & RTF_REJECT) ||
2015 (dev && (dev->flags & IFF_LOOPBACK) &&
2016 !(addr_type & IPV6_ADDR_LOOPBACK) &&
2017 !(cfg->fc_flags & RTF_LOCAL))) {
2018 /* hold loopback dev/idev if we haven't done so. */
2019 if (dev != net->loopback_dev) {
2020 if (dev) {
2021 dev_put(dev);
2022 in6_dev_put(idev);
2023 }
2024 dev = net->loopback_dev;
2025 dev_hold(dev);
2026 idev = in6_dev_get(dev);
2027 if (!idev) {
2028 err = -ENODEV;
2029 goto out;
2030 }
2031 }
2032 rt->rt6i_flags = RTF_REJECT|RTF_NONEXTHOP;
2033 switch (cfg->fc_type) {
2034 case RTN_BLACKHOLE:
2035 rt->dst.error = -EINVAL;
2036 rt->dst.output = dst_discard_out;
2037 rt->dst.input = dst_discard;
2038 break;
2039 case RTN_PROHIBIT:
2040 rt->dst.error = -EACCES;
2041 rt->dst.output = ip6_pkt_prohibit_out;
2042 rt->dst.input = ip6_pkt_prohibit;
2043 break;
2044 case RTN_THROW:
2045 case RTN_UNREACHABLE:
2046 default:
2047 rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN
2048 : (cfg->fc_type == RTN_UNREACHABLE)
2049 ? -EHOSTUNREACH : -ENETUNREACH;
2050 rt->dst.output = ip6_pkt_discard_out;
2051 rt->dst.input = ip6_pkt_discard;
2052 break;
2053 }
2054 goto install_route;
2055 }
2056
2057 if (cfg->fc_flags & RTF_GATEWAY) {
2058 const struct in6_addr *gw_addr;
2059 int gwa_type;
2060
2061 gw_addr = &cfg->fc_gateway;
2062 gwa_type = ipv6_addr_type(gw_addr);
2063
2064 /* if gw_addr is local we will fail to detect this in case
2065 * address is still TENTATIVE (DAD in progress). rt6_lookup()
2066 * will return already-added prefix route via interface that
2067 * prefix route was assigned to, which might be non-loopback.
2068 */
2069 err = -EINVAL;
2070 if (ipv6_chk_addr_and_flags(net, gw_addr,
2071 gwa_type & IPV6_ADDR_LINKLOCAL ?
2072 dev : NULL, 0, 0)) {
2073 NL_SET_ERR_MSG(extack, "Invalid gateway address");
2074 goto out;
2075 }
2076 rt->rt6i_gateway = *gw_addr;
2077
2078 if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) {
2079 struct rt6_info *grt = NULL;
2080
2081 /* IPv6 strictly inhibits using not link-local
2082 addresses as nexthop address.
2083 Otherwise, router will not able to send redirects.
2084 It is very good, but in some (rare!) circumstances
2085 (SIT, PtP, NBMA NOARP links) it is handy to allow
2086 some exceptions. --ANK
2087 We allow IPv4-mapped nexthops to support RFC4798-type
2088 addressing
2089 */
2090 if (!(gwa_type & (IPV6_ADDR_UNICAST |
2091 IPV6_ADDR_MAPPED))) {
2092 NL_SET_ERR_MSG(extack,
2093 "Invalid gateway address");
2094 goto out;
2095 }
2096
2097 if (cfg->fc_table) {
2098 grt = ip6_nh_lookup_table(net, cfg, gw_addr);
2099
2100 if (grt) {
2101 if (grt->rt6i_flags & RTF_GATEWAY ||
2102 (dev && dev != grt->dst.dev)) {
2103 ip6_rt_put(grt);
2104 grt = NULL;
2105 }
2106 }
2107 }
2108
2109 if (!grt)
2110 grt = rt6_lookup(net, gw_addr, NULL,
2111 cfg->fc_ifindex, 1);
2112
2113 err = -EHOSTUNREACH;
2114 if (!grt)
2115 goto out;
2116 if (dev) {
2117 if (dev != grt->dst.dev) {
2118 ip6_rt_put(grt);
2119 goto out;
2120 }
2121 } else {
2122 dev = grt->dst.dev;
2123 idev = grt->rt6i_idev;
2124 dev_hold(dev);
2125 in6_dev_hold(grt->rt6i_idev);
2126 }
2127 if (!(grt->rt6i_flags & RTF_GATEWAY))
2128 err = 0;
2129 ip6_rt_put(grt);
2130
2131 if (err)
2132 goto out;
2133 }
2134 err = -EINVAL;
2135 if (!dev) {
2136 NL_SET_ERR_MSG(extack, "Egress device not specified");
2137 goto out;
2138 } else if (dev->flags & IFF_LOOPBACK) {
2139 NL_SET_ERR_MSG(extack,
2140 "Egress device can not be loopback device for this route");
2141 goto out;
2142 }
2143 }
2144
2145 err = -ENODEV;
2146 if (!dev)
2147 goto out;
2148
2149 if (!ipv6_addr_any(&cfg->fc_prefsrc)) {
2150 if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) {
2151 NL_SET_ERR_MSG(extack, "Invalid source address");
2152 err = -EINVAL;
2153 goto out;
2154 }
2155 rt->rt6i_prefsrc.addr = cfg->fc_prefsrc;
2156 rt->rt6i_prefsrc.plen = 128;
2157 } else
2158 rt->rt6i_prefsrc.plen = 0;
2159
2160 rt->rt6i_flags = cfg->fc_flags;
2161
2162 install_route:
2163 rt->dst.dev = dev;
2164 rt->rt6i_idev = idev;
2165 rt->rt6i_table = table;
2166
2167 cfg->fc_nlinfo.nl_net = dev_net(dev);
2168
2169 return rt;
2170 out:
2171 if (dev)
2172 dev_put(dev);
2173 if (idev)
2174 in6_dev_put(idev);
2175 if (rt)
2176 dst_release_immediate(&rt->dst);
2177
2178 return ERR_PTR(err);
2179 }
2180
2181 int ip6_route_add(struct fib6_config *cfg,
2182 struct netlink_ext_ack *extack)
2183 {
2184 struct mx6_config mxc = { .mx = NULL, };
2185 struct rt6_info *rt;
2186 int err;
2187
2188 rt = ip6_route_info_create(cfg, extack);
2189 if (IS_ERR(rt)) {
2190 err = PTR_ERR(rt);
2191 rt = NULL;
2192 goto out;
2193 }
2194
2195 err = ip6_convert_metrics(&mxc, cfg);
2196 if (err)
2197 goto out;
2198
2199 err = __ip6_ins_rt(rt, &cfg->fc_nlinfo, &mxc, extack);
2200
2201 kfree(mxc.mx);
2202
2203 return err;
2204 out:
2205 if (rt)
2206 dst_release_immediate(&rt->dst);
2207
2208 return err;
2209 }
2210
2211 static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
2212 {
2213 int err;
2214 struct fib6_table *table;
2215 struct net *net = dev_net(rt->dst.dev);
2216
2217 if (rt == net->ipv6.ip6_null_entry) {
2218 err = -ENOENT;
2219 goto out;
2220 }
2221
2222 table = rt->rt6i_table;
2223 write_lock_bh(&table->tb6_lock);
2224 err = fib6_del(rt, info);
2225 write_unlock_bh(&table->tb6_lock);
2226
2227 out:
2228 ip6_rt_put(rt);
2229 return err;
2230 }
2231
2232 int ip6_del_rt(struct rt6_info *rt)
2233 {
2234 struct nl_info info = {
2235 .nl_net = dev_net(rt->dst.dev),
2236 };
2237 return __ip6_del_rt(rt, &info);
2238 }
2239
2240 static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg)
2241 {
2242 struct nl_info *info = &cfg->fc_nlinfo;
2243 struct net *net = info->nl_net;
2244 struct sk_buff *skb = NULL;
2245 struct fib6_table *table;
2246 int err = -ENOENT;
2247
2248 if (rt == net->ipv6.ip6_null_entry)
2249 goto out_put;
2250 table = rt->rt6i_table;
2251 write_lock_bh(&table->tb6_lock);
2252
2253 if (rt->rt6i_nsiblings && cfg->fc_delete_all_nh) {
2254 struct rt6_info *sibling, *next_sibling;
2255
2256 /* prefer to send a single notification with all hops */
2257 skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
2258 if (skb) {
2259 u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0;
2260
2261 if (rt6_fill_node(net, skb, rt,
2262 NULL, NULL, 0, RTM_DELROUTE,
2263 info->portid, seq, 0) < 0) {
2264 kfree_skb(skb);
2265 skb = NULL;
2266 } else
2267 info->skip_notify = 1;
2268 }
2269
2270 list_for_each_entry_safe(sibling, next_sibling,
2271 &rt->rt6i_siblings,
2272 rt6i_siblings) {
2273 err = fib6_del(sibling, info);
2274 if (err)
2275 goto out_unlock;
2276 }
2277 }
2278
2279 err = fib6_del(rt, info);
2280 out_unlock:
2281 write_unlock_bh(&table->tb6_lock);
2282 out_put:
2283 ip6_rt_put(rt);
2284
2285 if (skb) {
2286 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
2287 info->nlh, gfp_any());
2288 }
2289 return err;
2290 }
2291
2292 static int ip6_route_del(struct fib6_config *cfg,
2293 struct netlink_ext_ack *extack)
2294 {
2295 struct fib6_table *table;
2296 struct fib6_node *fn;
2297 struct rt6_info *rt;
2298 int err = -ESRCH;
2299
2300 table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table);
2301 if (!table) {
2302 NL_SET_ERR_MSG(extack, "FIB table does not exist");
2303 return err;
2304 }
2305
2306 read_lock_bh(&table->tb6_lock);
2307
2308 fn = fib6_locate(&table->tb6_root,
2309 &cfg->fc_dst, cfg->fc_dst_len,
2310 &cfg->fc_src, cfg->fc_src_len);
2311
2312 if (fn) {
2313 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2314 if ((rt->rt6i_flags & RTF_CACHE) &&
2315 !(cfg->fc_flags & RTF_CACHE))
2316 continue;
2317 if (cfg->fc_ifindex &&
2318 (!rt->dst.dev ||
2319 rt->dst.dev->ifindex != cfg->fc_ifindex))
2320 continue;
2321 if (cfg->fc_flags & RTF_GATEWAY &&
2322 !ipv6_addr_equal(&cfg->fc_gateway, &rt->rt6i_gateway))
2323 continue;
2324 if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric)
2325 continue;
2326 if (cfg->fc_protocol && cfg->fc_protocol != rt->rt6i_protocol)
2327 continue;
2328 dst_hold(&rt->dst);
2329 read_unlock_bh(&table->tb6_lock);
2330
2331 /* if gateway was specified only delete the one hop */
2332 if (cfg->fc_flags & RTF_GATEWAY)
2333 return __ip6_del_rt(rt, &cfg->fc_nlinfo);
2334
2335 return __ip6_del_rt_siblings(rt, cfg);
2336 }
2337 }
2338 read_unlock_bh(&table->tb6_lock);
2339
2340 return err;
2341 }
2342
2343 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
2344 {
2345 struct netevent_redirect netevent;
2346 struct rt6_info *rt, *nrt = NULL;
2347 struct ndisc_options ndopts;
2348 struct inet6_dev *in6_dev;
2349 struct neighbour *neigh;
2350 struct rd_msg *msg;
2351 int optlen, on_link;
2352 u8 *lladdr;
2353
2354 optlen = skb_tail_pointer(skb) - skb_transport_header(skb);
2355 optlen -= sizeof(*msg);
2356
2357 if (optlen < 0) {
2358 net_dbg_ratelimited("rt6_do_redirect: packet too short\n");
2359 return;
2360 }
2361
2362 msg = (struct rd_msg *)icmp6_hdr(skb);
2363
2364 if (ipv6_addr_is_multicast(&msg->dest)) {
2365 net_dbg_ratelimited("rt6_do_redirect: destination address is multicast\n");
2366 return;
2367 }
2368
2369 on_link = 0;
2370 if (ipv6_addr_equal(&msg->dest, &msg->target)) {
2371 on_link = 1;
2372 } else if (ipv6_addr_type(&msg->target) !=
2373 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
2374 net_dbg_ratelimited("rt6_do_redirect: target address is not link-local unicast\n");
2375 return;
2376 }
2377
2378 in6_dev = __in6_dev_get(skb->dev);
2379 if (!in6_dev)
2380 return;
2381 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
2382 return;
2383
2384 /* RFC2461 8.1:
2385 * The IP source address of the Redirect MUST be the same as the current
2386 * first-hop router for the specified ICMP Destination Address.
2387 */
2388
2389 if (!ndisc_parse_options(skb->dev, msg->opt, optlen, &ndopts)) {
2390 net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
2391 return;
2392 }
2393
2394 lladdr = NULL;
2395 if (ndopts.nd_opts_tgt_lladdr) {
2396 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
2397 skb->dev);
2398 if (!lladdr) {
2399 net_dbg_ratelimited("rt6_redirect: invalid link-layer address length\n");
2400 return;
2401 }
2402 }
2403
2404 rt = (struct rt6_info *) dst;
2405 if (rt->rt6i_flags & RTF_REJECT) {
2406 net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
2407 return;
2408 }
2409
2410 /* Redirect received -> path was valid.
2411 * Look, redirects are sent only in response to data packets,
2412 * so that this nexthop apparently is reachable. --ANK
2413 */
2414 dst_confirm_neigh(&rt->dst, &ipv6_hdr(skb)->saddr);
2415
2416 neigh = __neigh_lookup(&nd_tbl, &msg->target, skb->dev, 1);
2417 if (!neigh)
2418 return;
2419
2420 /*
2421 * We have finally decided to accept it.
2422 */
2423
2424 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
2425 NEIGH_UPDATE_F_WEAK_OVERRIDE|
2426 NEIGH_UPDATE_F_OVERRIDE|
2427 (on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
2428 NEIGH_UPDATE_F_ISROUTER)),
2429 NDISC_REDIRECT, &ndopts);
2430
2431 nrt = ip6_rt_cache_alloc(rt, &msg->dest, NULL);
2432 if (!nrt)
2433 goto out;
2434
2435 nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE;
2436 if (on_link)
2437 nrt->rt6i_flags &= ~RTF_GATEWAY;
2438
2439 nrt->rt6i_protocol = RTPROT_REDIRECT;
2440 nrt->rt6i_gateway = *(struct in6_addr *)neigh->primary_key;
2441
2442 if (ip6_ins_rt(nrt))
2443 goto out_release;
2444
2445 netevent.old = &rt->dst;
2446 netevent.new = &nrt->dst;
2447 netevent.daddr = &msg->dest;
2448 netevent.neigh = neigh;
2449 call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
2450
2451 if (rt->rt6i_flags & RTF_CACHE) {
2452 rt = (struct rt6_info *) dst_clone(&rt->dst);
2453 ip6_del_rt(rt);
2454 }
2455
2456 out_release:
2457 /* Release the reference taken in
2458 * ip6_rt_cache_alloc()
2459 */
2460 dst_release(&nrt->dst);
2461
2462 out:
2463 neigh_release(neigh);
2464 }
2465
2466 /*
2467 * Misc support functions
2468 */
2469
2470 static void rt6_set_from(struct rt6_info *rt, struct rt6_info *from)
2471 {
2472 BUG_ON(from->dst.from);
2473
2474 rt->rt6i_flags &= ~RTF_EXPIRES;
2475 dst_hold(&from->dst);
2476 rt->dst.from = &from->dst;
2477 dst_init_metrics(&rt->dst, dst_metrics_ptr(&from->dst), true);
2478 }
2479
2480 static void ip6_rt_copy_init(struct rt6_info *rt, struct rt6_info *ort)
2481 {
2482 rt->dst.input = ort->dst.input;
2483 rt->dst.output = ort->dst.output;
2484 rt->rt6i_dst = ort->rt6i_dst;
2485 rt->dst.error = ort->dst.error;
2486 rt->rt6i_idev = ort->rt6i_idev;
2487 if (rt->rt6i_idev)
2488 in6_dev_hold(rt->rt6i_idev);
2489 rt->dst.lastuse = jiffies;
2490 rt->rt6i_gateway = ort->rt6i_gateway;
2491 rt->rt6i_flags = ort->rt6i_flags;
2492 rt6_set_from(rt, ort);
2493 rt->rt6i_metric = ort->rt6i_metric;
2494 #ifdef CONFIG_IPV6_SUBTREES
2495 rt->rt6i_src = ort->rt6i_src;
2496 #endif
2497 rt->rt6i_prefsrc = ort->rt6i_prefsrc;
2498 rt->rt6i_table = ort->rt6i_table;
2499 rt->dst.lwtstate = lwtstate_get(ort->dst.lwtstate);
2500 }
2501
2502 #ifdef CONFIG_IPV6_ROUTE_INFO
2503 static struct rt6_info *rt6_get_route_info(struct net *net,
2504 const struct in6_addr *prefix, int prefixlen,
2505 const struct in6_addr *gwaddr,
2506 struct net_device *dev)
2507 {
2508 u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO;
2509 int ifindex = dev->ifindex;
2510 struct fib6_node *fn;
2511 struct rt6_info *rt = NULL;
2512 struct fib6_table *table;
2513
2514 table = fib6_get_table(net, tb_id);
2515 if (!table)
2516 return NULL;
2517
2518 read_lock_bh(&table->tb6_lock);
2519 fn = fib6_locate(&table->tb6_root, prefix, prefixlen, NULL, 0);
2520 if (!fn)
2521 goto out;
2522
2523 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2524 if (rt->dst.dev->ifindex != ifindex)
2525 continue;
2526 if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
2527 continue;
2528 if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr))
2529 continue;
2530 dst_hold(&rt->dst);
2531 break;
2532 }
2533 out:
2534 read_unlock_bh(&table->tb6_lock);
2535 return rt;
2536 }
2537
2538 static struct rt6_info *rt6_add_route_info(struct net *net,
2539 const struct in6_addr *prefix, int prefixlen,
2540 const struct in6_addr *gwaddr,
2541 struct net_device *dev,
2542 unsigned int pref)
2543 {
2544 struct fib6_config cfg = {
2545 .fc_metric = IP6_RT_PRIO_USER,
2546 .fc_ifindex = dev->ifindex,
2547 .fc_dst_len = prefixlen,
2548 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO |
2549 RTF_UP | RTF_PREF(pref),
2550 .fc_protocol = RTPROT_RA,
2551 .fc_nlinfo.portid = 0,
2552 .fc_nlinfo.nlh = NULL,
2553 .fc_nlinfo.nl_net = net,
2554 };
2555
2556 cfg.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO,
2557 cfg.fc_dst = *prefix;
2558 cfg.fc_gateway = *gwaddr;
2559
2560 /* We should treat it as a default route if prefix length is 0. */
2561 if (!prefixlen)
2562 cfg.fc_flags |= RTF_DEFAULT;
2563
2564 ip6_route_add(&cfg, NULL);
2565
2566 return rt6_get_route_info(net, prefix, prefixlen, gwaddr, dev);
2567 }
2568 #endif
2569
2570 struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev)
2571 {
2572 u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT;
2573 struct rt6_info *rt;
2574 struct fib6_table *table;
2575
2576 table = fib6_get_table(dev_net(dev), tb_id);
2577 if (!table)
2578 return NULL;
2579
2580 read_lock_bh(&table->tb6_lock);
2581 for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2582 if (dev == rt->dst.dev &&
2583 ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) &&
2584 ipv6_addr_equal(&rt->rt6i_gateway, addr))
2585 break;
2586 }
2587 if (rt)
2588 dst_hold(&rt->dst);
2589 read_unlock_bh(&table->tb6_lock);
2590 return rt;
2591 }
2592
2593 struct rt6_info *rt6_add_dflt_router(const struct in6_addr *gwaddr,
2594 struct net_device *dev,
2595 unsigned int pref)
2596 {
2597 struct fib6_config cfg = {
2598 .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
2599 .fc_metric = IP6_RT_PRIO_USER,
2600 .fc_ifindex = dev->ifindex,
2601 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
2602 RTF_UP | RTF_EXPIRES | RTF_PREF(pref),
2603 .fc_protocol = RTPROT_RA,
2604 .fc_nlinfo.portid = 0,
2605 .fc_nlinfo.nlh = NULL,
2606 .fc_nlinfo.nl_net = dev_net(dev),
2607 };
2608
2609 cfg.fc_gateway = *gwaddr;
2610
2611 if (!ip6_route_add(&cfg, NULL)) {
2612 struct fib6_table *table;
2613
2614 table = fib6_get_table(dev_net(dev), cfg.fc_table);
2615 if (table)
2616 table->flags |= RT6_TABLE_HAS_DFLT_ROUTER;
2617 }
2618
2619 return rt6_get_dflt_router(gwaddr, dev);
2620 }
2621
2622 static void __rt6_purge_dflt_routers(struct fib6_table *table)
2623 {
2624 struct rt6_info *rt;
2625
2626 restart:
2627 read_lock_bh(&table->tb6_lock);
2628 for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
2629 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
2630 (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) {
2631 dst_hold(&rt->dst);
2632 read_unlock_bh(&table->tb6_lock);
2633 ip6_del_rt(rt);
2634 goto restart;
2635 }
2636 }
2637 read_unlock_bh(&table->tb6_lock);
2638
2639 table->flags &= ~RT6_TABLE_HAS_DFLT_ROUTER;
2640 }
2641
2642 void rt6_purge_dflt_routers(struct net *net)
2643 {
2644 struct fib6_table *table;
2645 struct hlist_head *head;
2646 unsigned int h;
2647
2648 rcu_read_lock();
2649
2650 for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
2651 head = &net->ipv6.fib_table_hash[h];
2652 hlist_for_each_entry_rcu(table, head, tb6_hlist) {
2653 if (table->flags & RT6_TABLE_HAS_DFLT_ROUTER)
2654 __rt6_purge_dflt_routers(table);
2655 }
2656 }
2657
2658 rcu_read_unlock();
2659 }
2660
2661 static void rtmsg_to_fib6_config(struct net *net,
2662 struct in6_rtmsg *rtmsg,
2663 struct fib6_config *cfg)
2664 {
2665 memset(cfg, 0, sizeof(*cfg));
2666
2667 cfg->fc_table = l3mdev_fib_table_by_index(net, rtmsg->rtmsg_ifindex) ?
2668 : RT6_TABLE_MAIN;
2669 cfg->fc_ifindex = rtmsg->rtmsg_ifindex;
2670 cfg->fc_metric = rtmsg->rtmsg_metric;
2671 cfg->fc_expires = rtmsg->rtmsg_info;
2672 cfg->fc_dst_len = rtmsg->rtmsg_dst_len;
2673 cfg->fc_src_len = rtmsg->rtmsg_src_len;
2674 cfg->fc_flags = rtmsg->rtmsg_flags;
2675
2676 cfg->fc_nlinfo.nl_net = net;
2677
2678 cfg->fc_dst = rtmsg->rtmsg_dst;
2679 cfg->fc_src = rtmsg->rtmsg_src;
2680 cfg->fc_gateway = rtmsg->rtmsg_gateway;
2681 }
2682
2683 int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
2684 {
2685 struct fib6_config cfg;
2686 struct in6_rtmsg rtmsg;
2687 int err;
2688
2689 switch (cmd) {
2690 case SIOCADDRT: /* Add a route */
2691 case SIOCDELRT: /* Delete a route */
2692 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2693 return -EPERM;
2694 err = copy_from_user(&rtmsg, arg,
2695 sizeof(struct in6_rtmsg));
2696 if (err)
2697 return -EFAULT;
2698
2699 rtmsg_to_fib6_config(net, &rtmsg, &cfg);
2700
2701 rtnl_lock();
2702 switch (cmd) {
2703 case SIOCADDRT:
2704 err = ip6_route_add(&cfg, NULL);
2705 break;
2706 case SIOCDELRT:
2707 err = ip6_route_del(&cfg, NULL);
2708 break;
2709 default:
2710 err = -EINVAL;
2711 }
2712 rtnl_unlock();
2713
2714 return err;
2715 }
2716
2717 return -EINVAL;
2718 }
2719
2720 /*
2721 * Drop the packet on the floor
2722 */
2723
2724 static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
2725 {
2726 int type;
2727 struct dst_entry *dst = skb_dst(skb);
2728 switch (ipstats_mib_noroutes) {
2729 case IPSTATS_MIB_INNOROUTES:
2730 type = ipv6_addr_type(&ipv6_hdr(skb)->daddr);
2731 if (type == IPV6_ADDR_ANY) {
2732 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2733 IPSTATS_MIB_INADDRERRORS);
2734 break;
2735 }
2736 /* FALLTHROUGH */
2737 case IPSTATS_MIB_OUTNOROUTES:
2738 IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
2739 ipstats_mib_noroutes);
2740 break;
2741 }
2742 icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0);
2743 kfree_skb(skb);
2744 return 0;
2745 }
2746
2747 static int ip6_pkt_discard(struct sk_buff *skb)
2748 {
2749 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_INNOROUTES);
2750 }
2751
2752 static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2753 {
2754 skb->dev = skb_dst(skb)->dev;
2755 return ip6_pkt_drop(skb, ICMPV6_NOROUTE, IPSTATS_MIB_OUTNOROUTES);
2756 }
2757
2758 static int ip6_pkt_prohibit(struct sk_buff *skb)
2759 {
2760 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_INNOROUTES);
2761 }
2762
2763 static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb)
2764 {
2765 skb->dev = skb_dst(skb)->dev;
2766 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
2767 }
2768
2769 /*
2770 * Allocate a dst for local (unicast / anycast) address.
2771 */
2772
2773 struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2774 const struct in6_addr *addr,
2775 bool anycast)
2776 {
2777 u32 tb_id;
2778 struct net *net = dev_net(idev->dev);
2779 struct net_device *dev = idev->dev;
2780 struct rt6_info *rt;
2781
2782 rt = ip6_dst_alloc(net, dev, DST_NOCOUNT);
2783 if (!rt)
2784 return ERR_PTR(-ENOMEM);
2785
2786 in6_dev_hold(idev);
2787
2788 rt->dst.flags |= DST_HOST;
2789 rt->dst.input = ip6_input;
2790 rt->dst.output = ip6_output;
2791 rt->rt6i_idev = idev;
2792
2793 rt->rt6i_protocol = RTPROT_KERNEL;
2794 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
2795 if (anycast)
2796 rt->rt6i_flags |= RTF_ANYCAST;
2797 else
2798 rt->rt6i_flags |= RTF_LOCAL;
2799
2800 rt->rt6i_gateway = *addr;
2801 rt->rt6i_dst.addr = *addr;
2802 rt->rt6i_dst.plen = 128;
2803 tb_id = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL;
2804 rt->rt6i_table = fib6_get_table(net, tb_id);
2805
2806 return rt;
2807 }
2808
2809 /* remove deleted ip from prefsrc entries */
2810 struct arg_dev_net_ip {
2811 struct net_device *dev;
2812 struct net *net;
2813 struct in6_addr *addr;
2814 };
2815
2816 static int fib6_remove_prefsrc(struct rt6_info *rt, void *arg)
2817 {
2818 struct net_device *dev = ((struct arg_dev_net_ip *)arg)->dev;
2819 struct net *net = ((struct arg_dev_net_ip *)arg)->net;
2820 struct in6_addr *addr = ((struct arg_dev_net_ip *)arg)->addr;
2821
2822 if (((void *)rt->dst.dev == dev || !dev) &&
2823 rt != net->ipv6.ip6_null_entry &&
2824 ipv6_addr_equal(addr, &rt->rt6i_prefsrc.addr)) {
2825 /* remove prefsrc entry */
2826 rt->rt6i_prefsrc.plen = 0;
2827 }
2828 return 0;
2829 }
2830
2831 void rt6_remove_prefsrc(struct inet6_ifaddr *ifp)
2832 {
2833 struct net *net = dev_net(ifp->idev->dev);
2834 struct arg_dev_net_ip adni = {
2835 .dev = ifp->idev->dev,
2836 .net = net,
2837 .addr = &ifp->addr,
2838 };
2839 fib6_clean_all(net, fib6_remove_prefsrc, &adni);
2840 }
2841
2842 #define RTF_RA_ROUTER (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY)
2843 #define RTF_CACHE_GATEWAY (RTF_GATEWAY | RTF_CACHE)
2844
2845 /* Remove routers and update dst entries when gateway turn into host. */
2846 static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
2847 {
2848 struct in6_addr *gateway = (struct in6_addr *)arg;
2849
2850 if ((((rt->rt6i_flags & RTF_RA_ROUTER) == RTF_RA_ROUTER) ||
2851 ((rt->rt6i_flags & RTF_CACHE_GATEWAY) == RTF_CACHE_GATEWAY)) &&
2852 ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
2853 return -1;
2854 }
2855 return 0;
2856 }
2857
2858 void rt6_clean_tohost(struct net *net, struct in6_addr *gateway)
2859 {
2860 fib6_clean_all(net, fib6_clean_tohost, gateway);
2861 }
2862
2863 struct arg_dev_net {
2864 struct net_device *dev;
2865 struct net *net;
2866 };
2867
2868 /* called with write lock held for table with rt */
2869 static int fib6_ifdown(struct rt6_info *rt, void *arg)
2870 {
2871 const struct arg_dev_net *adn = arg;
2872 const struct net_device *dev = adn->dev;
2873
2874 if ((rt->dst.dev == dev || !dev) &&
2875 rt != adn->net->ipv6.ip6_null_entry &&
2876 (rt->rt6i_nsiblings == 0 ||
2877 (dev && netdev_unregistering(dev)) ||
2878 !rt->rt6i_idev->cnf.ignore_routes_with_linkdown))
2879 return -1;
2880
2881 return 0;
2882 }
2883
2884 void rt6_ifdown(struct net *net, struct net_device *dev)
2885 {
2886 struct arg_dev_net adn = {
2887 .dev = dev,
2888 .net = net,
2889 };
2890
2891 fib6_clean_all(net, fib6_ifdown, &adn);
2892 if (dev)
2893 rt6_uncached_list_flush_dev(net, dev);
2894 }
2895
2896 struct rt6_mtu_change_arg {
2897 struct net_device *dev;
2898 unsigned int mtu;
2899 };
2900
2901 static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg)
2902 {
2903 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg;
2904 struct inet6_dev *idev;
2905
2906 /* In IPv6 pmtu discovery is not optional,
2907 so that RTAX_MTU lock cannot disable it.
2908 We still use this lock to block changes
2909 caused by addrconf/ndisc.
2910 */
2911
2912 idev = __in6_dev_get(arg->dev);
2913 if (!idev)
2914 return 0;
2915
2916 /* For administrative MTU increase, there is no way to discover
2917 IPv6 PMTU increase, so PMTU increase should be updated here.
2918 Since RFC 1981 doesn't include administrative MTU increase
2919 update PMTU increase is a MUST. (i.e. jumbo frame)
2920 */
2921 /*
2922 If new MTU is less than route PMTU, this new MTU will be the
2923 lowest MTU in the path, update the route PMTU to reflect PMTU
2924 decreases; if new MTU is greater than route PMTU, and the
2925 old MTU is the lowest MTU in the path, update the route PMTU
2926 to reflect the increase. In this case if the other nodes' MTU
2927 also have the lowest MTU, TOO BIG MESSAGE will be lead to
2928 PMTU discovery.
2929 */
2930 if (rt->dst.dev == arg->dev &&
2931 dst_metric_raw(&rt->dst, RTAX_MTU) &&
2932 !dst_metric_locked(&rt->dst, RTAX_MTU)) {
2933 if (rt->rt6i_flags & RTF_CACHE) {
2934 /* For RTF_CACHE with rt6i_pmtu == 0
2935 * (i.e. a redirected route),
2936 * the metrics of its rt->dst.from has already
2937 * been updated.
2938 */
2939 if (rt->rt6i_pmtu && rt->rt6i_pmtu > arg->mtu)
2940 rt->rt6i_pmtu = arg->mtu;
2941 } else if (dst_mtu(&rt->dst) >= arg->mtu ||
2942 (dst_mtu(&rt->dst) < arg->mtu &&
2943 dst_mtu(&rt->dst) == idev->cnf.mtu6)) {
2944 dst_metric_set(&rt->dst, RTAX_MTU, arg->mtu);
2945 }
2946 }
2947 return 0;
2948 }
2949
2950 void rt6_mtu_change(struct net_device *dev, unsigned int mtu)
2951 {
2952 struct rt6_mtu_change_arg arg = {
2953 .dev = dev,
2954 .mtu = mtu,
2955 };
2956
2957 fib6_clean_all(dev_net(dev), rt6_mtu_change_route, &arg);
2958 }
2959
2960 static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
2961 [RTA_GATEWAY] = { .len = sizeof(struct in6_addr) },
2962 [RTA_OIF] = { .type = NLA_U32 },
2963 [RTA_IIF] = { .type = NLA_U32 },
2964 [RTA_PRIORITY] = { .type = NLA_U32 },
2965 [RTA_METRICS] = { .type = NLA_NESTED },
2966 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) },
2967 [RTA_PREF] = { .type = NLA_U8 },
2968 [RTA_ENCAP_TYPE] = { .type = NLA_U16 },
2969 [RTA_ENCAP] = { .type = NLA_NESTED },
2970 [RTA_EXPIRES] = { .type = NLA_U32 },
2971 [RTA_UID] = { .type = NLA_U32 },
2972 [RTA_MARK] = { .type = NLA_U32 },
2973 };
2974
2975 static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
2976 struct fib6_config *cfg,
2977 struct netlink_ext_ack *extack)
2978 {
2979 struct rtmsg *rtm;
2980 struct nlattr *tb[RTA_MAX+1];
2981 unsigned int pref;
2982 int err;
2983
2984 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy,
2985 NULL);
2986 if (err < 0)
2987 goto errout;
2988
2989 err = -EINVAL;
2990 rtm = nlmsg_data(nlh);
2991 memset(cfg, 0, sizeof(*cfg));
2992
2993 cfg->fc_table = rtm->rtm_table;
2994 cfg->fc_dst_len = rtm->rtm_dst_len;
2995 cfg->fc_src_len = rtm->rtm_src_len;
2996 cfg->fc_flags = RTF_UP;
2997 cfg->fc_protocol = rtm->rtm_protocol;
2998 cfg->fc_type = rtm->rtm_type;
2999
3000 if (rtm->rtm_type == RTN_UNREACHABLE ||
3001 rtm->rtm_type == RTN_BLACKHOLE ||
3002 rtm->rtm_type == RTN_PROHIBIT ||
3003 rtm->rtm_type == RTN_THROW)
3004 cfg->fc_flags |= RTF_REJECT;
3005
3006 if (rtm->rtm_type == RTN_LOCAL)
3007 cfg->fc_flags |= RTF_LOCAL;
3008
3009 if (rtm->rtm_flags & RTM_F_CLONED)
3010 cfg->fc_flags |= RTF_CACHE;
3011
3012 cfg->fc_nlinfo.portid = NETLINK_CB(skb).portid;
3013 cfg->fc_nlinfo.nlh = nlh;
3014 cfg->fc_nlinfo.nl_net = sock_net(skb->sk);
3015
3016 if (tb[RTA_GATEWAY]) {
3017 cfg->fc_gateway = nla_get_in6_addr(tb[RTA_GATEWAY]);
3018 cfg->fc_flags |= RTF_GATEWAY;
3019 }
3020
3021 if (tb[RTA_DST]) {
3022 int plen = (rtm->rtm_dst_len + 7) >> 3;
3023
3024 if (nla_len(tb[RTA_DST]) < plen)
3025 goto errout;
3026
3027 nla_memcpy(&cfg->fc_dst, tb[RTA_DST], plen);
3028 }
3029
3030 if (tb[RTA_SRC]) {
3031 int plen = (rtm->rtm_src_len + 7) >> 3;
3032
3033 if (nla_len(tb[RTA_SRC]) < plen)
3034 goto errout;
3035
3036 nla_memcpy(&cfg->fc_src, tb[RTA_SRC], plen);
3037 }
3038
3039 if (tb[RTA_PREFSRC])
3040 cfg->fc_prefsrc = nla_get_in6_addr(tb[RTA_PREFSRC]);
3041
3042 if (tb[RTA_OIF])
3043 cfg->fc_ifindex = nla_get_u32(tb[RTA_OIF]);
3044
3045 if (tb[RTA_PRIORITY])
3046 cfg->fc_metric = nla_get_u32(tb[RTA_PRIORITY]);
3047
3048 if (tb[RTA_METRICS]) {
3049 cfg->fc_mx = nla_data(tb[RTA_METRICS]);
3050 cfg->fc_mx_len = nla_len(tb[RTA_METRICS]);
3051 }
3052
3053 if (tb[RTA_TABLE])
3054 cfg->fc_table = nla_get_u32(tb[RTA_TABLE]);
3055
3056 if (tb[RTA_MULTIPATH]) {
3057 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
3058 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
3059
3060 err = lwtunnel_valid_encap_type_attr(cfg->fc_mp,
3061 cfg->fc_mp_len, extack);
3062 if (err < 0)
3063 goto errout;
3064 }
3065
3066 if (tb[RTA_PREF]) {
3067 pref = nla_get_u8(tb[RTA_PREF]);
3068 if (pref != ICMPV6_ROUTER_PREF_LOW &&
3069 pref != ICMPV6_ROUTER_PREF_HIGH)
3070 pref = ICMPV6_ROUTER_PREF_MEDIUM;
3071 cfg->fc_flags |= RTF_PREF(pref);
3072 }
3073
3074 if (tb[RTA_ENCAP])
3075 cfg->fc_encap = tb[RTA_ENCAP];
3076
3077 if (tb[RTA_ENCAP_TYPE]) {
3078 cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
3079
3080 err = lwtunnel_valid_encap_type(cfg->fc_encap_type, extack);
3081 if (err < 0)
3082 goto errout;
3083 }
3084
3085 if (tb[RTA_EXPIRES]) {
3086 unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ);
3087
3088 if (addrconf_finite_timeout(timeout)) {
3089 cfg->fc_expires = jiffies_to_clock_t(timeout * HZ);
3090 cfg->fc_flags |= RTF_EXPIRES;
3091 }
3092 }
3093
3094 err = 0;
3095 errout:
3096 return err;
3097 }
3098
3099 struct rt6_nh {
3100 struct rt6_info *rt6_info;
3101 struct fib6_config r_cfg;
3102 struct mx6_config mxc;
3103 struct list_head next;
3104 };
3105
3106 static void ip6_print_replace_route_err(struct list_head *rt6_nh_list)
3107 {
3108 struct rt6_nh *nh;
3109
3110 list_for_each_entry(nh, rt6_nh_list, next) {
3111 pr_warn("IPV6: multipath route replace failed (check consistency of installed routes): %pI6c nexthop %pI6c ifi %d\n",
3112 &nh->r_cfg.fc_dst, &nh->r_cfg.fc_gateway,
3113 nh->r_cfg.fc_ifindex);
3114 }
3115 }
3116
3117 static int ip6_route_info_append(struct list_head *rt6_nh_list,
3118 struct rt6_info *rt, struct fib6_config *r_cfg)
3119 {
3120 struct rt6_nh *nh;
3121 int err = -EEXIST;
3122
3123 list_for_each_entry(nh, rt6_nh_list, next) {
3124 /* check if rt6_info already exists */
3125 if (rt6_duplicate_nexthop(nh->rt6_info, rt))
3126 return err;
3127 }
3128
3129 nh = kzalloc(sizeof(*nh), GFP_KERNEL);
3130 if (!nh)
3131 return -ENOMEM;
3132 nh->rt6_info = rt;
3133 err = ip6_convert_metrics(&nh->mxc, r_cfg);
3134 if (err) {
3135 kfree(nh);
3136 return err;
3137 }
3138 memcpy(&nh->r_cfg, r_cfg, sizeof(*r_cfg));
3139 list_add_tail(&nh->next, rt6_nh_list);
3140
3141 return 0;
3142 }
3143
3144 static void ip6_route_mpath_notify(struct rt6_info *rt,
3145 struct rt6_info *rt_last,
3146 struct nl_info *info,
3147 __u16 nlflags)
3148 {
3149 /* if this is an APPEND route, then rt points to the first route
3150 * inserted and rt_last points to last route inserted. Userspace
3151 * wants a consistent dump of the route which starts at the first
3152 * nexthop. Since sibling routes are always added at the end of
3153 * the list, find the first sibling of the last route appended
3154 */
3155 if ((nlflags & NLM_F_APPEND) && rt_last && rt_last->rt6i_nsiblings) {
3156 rt = list_first_entry(&rt_last->rt6i_siblings,
3157 struct rt6_info,
3158 rt6i_siblings);
3159 }
3160
3161 if (rt)
3162 inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags);
3163 }
3164
3165 static int ip6_route_multipath_add(struct fib6_config *cfg,
3166 struct netlink_ext_ack *extack)
3167 {
3168 struct rt6_info *rt_notif = NULL, *rt_last = NULL;
3169 struct nl_info *info = &cfg->fc_nlinfo;
3170 struct fib6_config r_cfg;
3171 struct rtnexthop *rtnh;
3172 struct rt6_info *rt;
3173 struct rt6_nh *err_nh;
3174 struct rt6_nh *nh, *nh_safe;
3175 __u16 nlflags;
3176 int remaining;
3177 int attrlen;
3178 int err = 1;
3179 int nhn = 0;
3180 int replace = (cfg->fc_nlinfo.nlh &&
3181 (cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_REPLACE));
3182 LIST_HEAD(rt6_nh_list);
3183
3184 nlflags = replace ? NLM_F_REPLACE : NLM_F_CREATE;
3185 if (info->nlh && info->nlh->nlmsg_flags & NLM_F_APPEND)
3186 nlflags |= NLM_F_APPEND;
3187
3188 remaining = cfg->fc_mp_len;
3189 rtnh = (struct rtnexthop *)cfg->fc_mp;
3190
3191 /* Parse a Multipath Entry and build a list (rt6_nh_list) of
3192 * rt6_info structs per nexthop
3193 */
3194 while (rtnh_ok(rtnh, remaining)) {
3195 memcpy(&r_cfg, cfg, sizeof(*cfg));
3196 if (rtnh->rtnh_ifindex)
3197 r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
3198
3199 attrlen = rtnh_attrlen(rtnh);
3200 if (attrlen > 0) {
3201 struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
3202
3203 nla = nla_find(attrs, attrlen, RTA_GATEWAY);
3204 if (nla) {
3205 r_cfg.fc_gateway = nla_get_in6_addr(nla);
3206 r_cfg.fc_flags |= RTF_GATEWAY;
3207 }
3208 r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
3209 nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
3210 if (nla)
3211 r_cfg.fc_encap_type = nla_get_u16(nla);
3212 }
3213
3214 rt = ip6_route_info_create(&r_cfg, extack);
3215 if (IS_ERR(rt)) {
3216 err = PTR_ERR(rt);
3217 rt = NULL;
3218 goto cleanup;
3219 }
3220
3221 err = ip6_route_info_append(&rt6_nh_list, rt, &r_cfg);
3222 if (err) {
3223 dst_release_immediate(&rt->dst);
3224 goto cleanup;
3225 }
3226
3227 rtnh = rtnh_next(rtnh, &remaining);
3228 }
3229
3230 /* for add and replace send one notification with all nexthops.
3231 * Skip the notification in fib6_add_rt2node and send one with
3232 * the full route when done
3233 */
3234 info->skip_notify = 1;
3235
3236 err_nh = NULL;
3237 list_for_each_entry(nh, &rt6_nh_list, next) {
3238 rt_last = nh->rt6_info;
3239 err = __ip6_ins_rt(nh->rt6_info, info, &nh->mxc, extack);
3240 /* save reference to first route for notification */
3241 if (!rt_notif && !err)
3242 rt_notif = nh->rt6_info;
3243
3244 /* nh->rt6_info is used or freed at this point, reset to NULL*/
3245 nh->rt6_info = NULL;
3246 if (err) {
3247 if (replace && nhn)
3248 ip6_print_replace_route_err(&rt6_nh_list);
3249 err_nh = nh;
3250 goto add_errout;
3251 }
3252
3253 /* Because each route is added like a single route we remove
3254 * these flags after the first nexthop: if there is a collision,
3255 * we have already failed to add the first nexthop:
3256 * fib6_add_rt2node() has rejected it; when replacing, old
3257 * nexthops have been replaced by first new, the rest should
3258 * be added to it.
3259 */
3260 cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
3261 NLM_F_REPLACE);
3262 nhn++;
3263 }
3264
3265 /* success ... tell user about new route */
3266 ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags);
3267 goto cleanup;
3268
3269 add_errout:
3270 /* send notification for routes that were added so that
3271 * the delete notifications sent by ip6_route_del are
3272 * coherent
3273 */
3274 if (rt_notif)
3275 ip6_route_mpath_notify(rt_notif, rt_last, info, nlflags);
3276
3277 /* Delete routes that were already added */
3278 list_for_each_entry(nh, &rt6_nh_list, next) {
3279 if (err_nh == nh)
3280 break;
3281 ip6_route_del(&nh->r_cfg, extack);
3282 }
3283
3284 cleanup:
3285 list_for_each_entry_safe(nh, nh_safe, &rt6_nh_list, next) {
3286 if (nh->rt6_info)
3287 dst_release_immediate(&nh->rt6_info->dst);
3288 kfree(nh->mxc.mx);
3289 list_del(&nh->next);
3290 kfree(nh);
3291 }
3292
3293 return err;
3294 }
3295
3296 static int ip6_route_multipath_del(struct fib6_config *cfg,
3297 struct netlink_ext_ack *extack)
3298 {
3299 struct fib6_config r_cfg;
3300 struct rtnexthop *rtnh;
3301 int remaining;
3302 int attrlen;
3303 int err = 1, last_err = 0;
3304
3305 remaining = cfg->fc_mp_len;
3306 rtnh = (struct rtnexthop *)cfg->fc_mp;
3307
3308 /* Parse a Multipath Entry */
3309 while (rtnh_ok(rtnh, remaining)) {
3310 memcpy(&r_cfg, cfg, sizeof(*cfg));
3311 if (rtnh->rtnh_ifindex)
3312 r_cfg.fc_ifindex = rtnh->rtnh_ifindex;
3313
3314 attrlen = rtnh_attrlen(rtnh);
3315 if (attrlen > 0) {
3316 struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
3317
3318 nla = nla_find(attrs, attrlen, RTA_GATEWAY);
3319 if (nla) {
3320 nla_memcpy(&r_cfg.fc_gateway, nla, 16);
3321 r_cfg.fc_flags |= RTF_GATEWAY;
3322 }
3323 }
3324 err = ip6_route_del(&r_cfg, extack);
3325 if (err)
3326 last_err = err;
3327
3328 rtnh = rtnh_next(rtnh, &remaining);
3329 }
3330
3331 return last_err;
3332 }
3333
3334 static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
3335 struct netlink_ext_ack *extack)
3336 {
3337 struct fib6_config cfg;
3338 int err;
3339
3340 err = rtm_to_fib6_config(skb, nlh, &cfg, extack);
3341 if (err < 0)
3342 return err;
3343
3344 if (cfg.fc_mp)
3345 return ip6_route_multipath_del(&cfg, extack);
3346 else {
3347 cfg.fc_delete_all_nh = 1;
3348 return ip6_route_del(&cfg, extack);
3349 }
3350 }
3351
3352 static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
3353 struct netlink_ext_ack *extack)
3354 {
3355 struct fib6_config cfg;
3356 int err;
3357
3358 err = rtm_to_fib6_config(skb, nlh, &cfg, extack);
3359 if (err < 0)
3360 return err;
3361
3362 if (cfg.fc_mp)
3363 return ip6_route_multipath_add(&cfg, extack);
3364 else
3365 return ip6_route_add(&cfg, extack);
3366 }
3367
3368 static size_t rt6_nlmsg_size(struct rt6_info *rt)
3369 {
3370 int nexthop_len = 0;
3371
3372 if (rt->rt6i_nsiblings) {
3373 nexthop_len = nla_total_size(0) /* RTA_MULTIPATH */
3374 + NLA_ALIGN(sizeof(struct rtnexthop))
3375 + nla_total_size(16) /* RTA_GATEWAY */
3376 + lwtunnel_get_encap_size(rt->dst.lwtstate);
3377
3378 nexthop_len *= rt->rt6i_nsiblings;
3379 }
3380
3381 return NLMSG_ALIGN(sizeof(struct rtmsg))
3382 + nla_total_size(16) /* RTA_SRC */
3383 + nla_total_size(16) /* RTA_DST */
3384 + nla_total_size(16) /* RTA_GATEWAY */
3385 + nla_total_size(16) /* RTA_PREFSRC */
3386 + nla_total_size(4) /* RTA_TABLE */
3387 + nla_total_size(4) /* RTA_IIF */
3388 + nla_total_size(4) /* RTA_OIF */
3389 + nla_total_size(4) /* RTA_PRIORITY */
3390 + RTAX_MAX * nla_total_size(4) /* RTA_METRICS */
3391 + nla_total_size(sizeof(struct rta_cacheinfo))
3392 + nla_total_size(TCP_CA_NAME_MAX) /* RTAX_CC_ALGO */
3393 + nla_total_size(1) /* RTA_PREF */
3394 + lwtunnel_get_encap_size(rt->dst.lwtstate)
3395 + nexthop_len;
3396 }
3397
3398 static int rt6_nexthop_info(struct sk_buff *skb, struct rt6_info *rt,
3399 unsigned int *flags, bool skip_oif)
3400 {
3401 if (!netif_running(rt->dst.dev) || !netif_carrier_ok(rt->dst.dev)) {
3402 *flags |= RTNH_F_LINKDOWN;
3403 if (rt->rt6i_idev->cnf.ignore_routes_with_linkdown)
3404 *flags |= RTNH_F_DEAD;
3405 }
3406
3407 if (rt->rt6i_flags & RTF_GATEWAY) {
3408 if (nla_put_in6_addr(skb, RTA_GATEWAY, &rt->rt6i_gateway) < 0)
3409 goto nla_put_failure;
3410 }
3411
3412 if (rt->rt6i_nh_flags & RTNH_F_OFFLOAD)
3413 *flags |= RTNH_F_OFFLOAD;
3414
3415 /* not needed for multipath encoding b/c it has a rtnexthop struct */
3416 if (!skip_oif && rt->dst.dev &&
3417 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
3418 goto nla_put_failure;
3419
3420 if (rt->dst.lwtstate &&
3421 lwtunnel_fill_encap(skb, rt->dst.lwtstate) < 0)
3422 goto nla_put_failure;
3423
3424 return 0;
3425
3426 nla_put_failure:
3427 return -EMSGSIZE;
3428 }
3429
3430 /* add multipath next hop */
3431 static int rt6_add_nexthop(struct sk_buff *skb, struct rt6_info *rt)
3432 {
3433 struct rtnexthop *rtnh;
3434 unsigned int flags = 0;
3435
3436 rtnh = nla_reserve_nohdr(skb, sizeof(*rtnh));
3437 if (!rtnh)
3438 goto nla_put_failure;
3439
3440 rtnh->rtnh_hops = 0;
3441 rtnh->rtnh_ifindex = rt->dst.dev ? rt->dst.dev->ifindex : 0;
3442
3443 if (rt6_nexthop_info(skb, rt, &flags, true) < 0)
3444 goto nla_put_failure;
3445
3446 rtnh->rtnh_flags = flags;
3447
3448 /* length of rtnetlink header + attributes */
3449 rtnh->rtnh_len = nlmsg_get_pos(skb) - (void *)rtnh;
3450
3451 return 0;
3452
3453 nla_put_failure:
3454 return -EMSGSIZE;
3455 }
3456
3457 static int rt6_fill_node(struct net *net,
3458 struct sk_buff *skb, struct rt6_info *rt,
3459 struct in6_addr *dst, struct in6_addr *src,
3460 int iif, int type, u32 portid, u32 seq,
3461 unsigned int flags)
3462 {
3463 u32 metrics[RTAX_MAX];
3464 struct rtmsg *rtm;
3465 struct nlmsghdr *nlh;
3466 long expires;
3467 u32 table;
3468
3469 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*rtm), flags);
3470 if (!nlh)
3471 return -EMSGSIZE;
3472
3473 rtm = nlmsg_data(nlh);
3474 rtm->rtm_family = AF_INET6;
3475 rtm->rtm_dst_len = rt->rt6i_dst.plen;
3476 rtm->rtm_src_len = rt->rt6i_src.plen;
3477 rtm->rtm_tos = 0;
3478 if (rt->rt6i_table)
3479 table = rt->rt6i_table->tb6_id;
3480 else
3481 table = RT6_TABLE_UNSPEC;
3482 rtm->rtm_table = table;
3483 if (nla_put_u32(skb, RTA_TABLE, table))
3484 goto nla_put_failure;
3485 if (rt->rt6i_flags & RTF_REJECT) {
3486 switch (rt->dst.error) {
3487 case -EINVAL:
3488 rtm->rtm_type = RTN_BLACKHOLE;
3489 break;
3490 case -EACCES:
3491 rtm->rtm_type = RTN_PROHIBIT;
3492 break;
3493 case -EAGAIN:
3494 rtm->rtm_type = RTN_THROW;
3495 break;
3496 default:
3497 rtm->rtm_type = RTN_UNREACHABLE;
3498 break;
3499 }
3500 }
3501 else if (rt->rt6i_flags & RTF_LOCAL)
3502 rtm->rtm_type = RTN_LOCAL;
3503 else if (rt->rt6i_flags & RTF_ANYCAST)
3504 rtm->rtm_type = RTN_ANYCAST;
3505 else if (rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK))
3506 rtm->rtm_type = RTN_LOCAL;
3507 else
3508 rtm->rtm_type = RTN_UNICAST;
3509 rtm->rtm_flags = 0;
3510 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
3511 rtm->rtm_protocol = rt->rt6i_protocol;
3512
3513 if (rt->rt6i_flags & RTF_CACHE)
3514 rtm->rtm_flags |= RTM_F_CLONED;
3515
3516 if (dst) {
3517 if (nla_put_in6_addr(skb, RTA_DST, dst))
3518 goto nla_put_failure;
3519 rtm->rtm_dst_len = 128;
3520 } else if (rtm->rtm_dst_len)
3521 if (nla_put_in6_addr(skb, RTA_DST, &rt->rt6i_dst.addr))
3522 goto nla_put_failure;
3523 #ifdef CONFIG_IPV6_SUBTREES
3524 if (src) {
3525 if (nla_put_in6_addr(skb, RTA_SRC, src))
3526 goto nla_put_failure;
3527 rtm->rtm_src_len = 128;
3528 } else if (rtm->rtm_src_len &&
3529 nla_put_in6_addr(skb, RTA_SRC, &rt->rt6i_src.addr))
3530 goto nla_put_failure;
3531 #endif
3532 if (iif) {
3533 #ifdef CONFIG_IPV6_MROUTE
3534 if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) {
3535 int err = ip6mr_get_route(net, skb, rtm, portid);
3536
3537 if (err == 0)
3538 return 0;
3539 if (err < 0)
3540 goto nla_put_failure;
3541 } else
3542 #endif
3543 if (nla_put_u32(skb, RTA_IIF, iif))
3544 goto nla_put_failure;
3545 } else if (dst) {
3546 struct in6_addr saddr_buf;
3547 if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 &&
3548 nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3549 goto nla_put_failure;
3550 }
3551
3552 if (rt->rt6i_prefsrc.plen) {
3553 struct in6_addr saddr_buf;
3554 saddr_buf = rt->rt6i_prefsrc.addr;
3555 if (nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf))
3556 goto nla_put_failure;
3557 }
3558
3559 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
3560 if (rt->rt6i_pmtu)
3561 metrics[RTAX_MTU - 1] = rt->rt6i_pmtu;
3562 if (rtnetlink_put_metrics(skb, metrics) < 0)
3563 goto nla_put_failure;
3564
3565 if (nla_put_u32(skb, RTA_PRIORITY, rt->rt6i_metric))
3566 goto nla_put_failure;
3567
3568 /* For multipath routes, walk the siblings list and add
3569 * each as a nexthop within RTA_MULTIPATH.
3570 */
3571 if (rt->rt6i_nsiblings) {
3572 struct rt6_info *sibling, *next_sibling;
3573 struct nlattr *mp;
3574
3575 mp = nla_nest_start(skb, RTA_MULTIPATH);
3576 if (!mp)
3577 goto nla_put_failure;
3578
3579 if (rt6_add_nexthop(skb, rt) < 0)
3580 goto nla_put_failure;
3581
3582 list_for_each_entry_safe(sibling, next_sibling,
3583 &rt->rt6i_siblings, rt6i_siblings) {
3584 if (rt6_add_nexthop(skb, sibling) < 0)
3585 goto nla_put_failure;
3586 }
3587
3588 nla_nest_end(skb, mp);
3589 } else {
3590 if (rt6_nexthop_info(skb, rt, &rtm->rtm_flags, false) < 0)
3591 goto nla_put_failure;
3592 }
3593
3594 expires = (rt->rt6i_flags & RTF_EXPIRES) ? rt->dst.expires - jiffies : 0;
3595
3596 if (rtnl_put_cacheinfo(skb, &rt->dst, 0, expires, rt->dst.error) < 0)
3597 goto nla_put_failure;
3598
3599 if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags)))
3600 goto nla_put_failure;
3601
3602
3603 nlmsg_end(skb, nlh);
3604 return 0;
3605
3606 nla_put_failure:
3607 nlmsg_cancel(skb, nlh);
3608 return -EMSGSIZE;
3609 }
3610
3611 int rt6_dump_route(struct rt6_info *rt, void *p_arg)
3612 {
3613 struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
3614 struct net *net = arg->net;
3615
3616 if (rt == net->ipv6.ip6_null_entry)
3617 return 0;
3618
3619 if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) {
3620 struct rtmsg *rtm = nlmsg_data(arg->cb->nlh);
3621
3622 /* user wants prefix routes only */
3623 if (rtm->rtm_flags & RTM_F_PREFIX &&
3624 !(rt->rt6i_flags & RTF_PREFIX_RT)) {
3625 /* success since this is not a prefix route */
3626 return 1;
3627 }
3628 }
3629
3630 return rt6_fill_node(net,
3631 arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE,
3632 NETLINK_CB(arg->cb->skb).portid, arg->cb->nlh->nlmsg_seq,
3633 NLM_F_MULTI);
3634 }
3635
3636 static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
3637 struct netlink_ext_ack *extack)
3638 {
3639 struct net *net = sock_net(in_skb->sk);
3640 struct nlattr *tb[RTA_MAX+1];
3641 int err, iif = 0, oif = 0;
3642 struct dst_entry *dst;
3643 struct rt6_info *rt;
3644 struct sk_buff *skb;
3645 struct rtmsg *rtm;
3646 struct flowi6 fl6;
3647 bool fibmatch;
3648
3649 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy,
3650 extack);
3651 if (err < 0)
3652 goto errout;
3653
3654 err = -EINVAL;
3655 memset(&fl6, 0, sizeof(fl6));
3656 rtm = nlmsg_data(nlh);
3657 fl6.flowlabel = ip6_make_flowinfo(rtm->rtm_tos, 0);
3658 fibmatch = !!(rtm->rtm_flags & RTM_F_FIB_MATCH);
3659
3660 if (tb[RTA_SRC]) {
3661 if (nla_len(tb[RTA_SRC]) < sizeof(struct in6_addr))
3662 goto errout;
3663
3664 fl6.saddr = *(struct in6_addr *)nla_data(tb[RTA_SRC]);
3665 }
3666
3667 if (tb[RTA_DST]) {
3668 if (nla_len(tb[RTA_DST]) < sizeof(struct in6_addr))
3669 goto errout;
3670
3671 fl6.daddr = *(struct in6_addr *)nla_data(tb[RTA_DST]);
3672 }
3673
3674 if (tb[RTA_IIF])
3675 iif = nla_get_u32(tb[RTA_IIF]);
3676
3677 if (tb[RTA_OIF])
3678 oif = nla_get_u32(tb[RTA_OIF]);
3679
3680 if (tb[RTA_MARK])
3681 fl6.flowi6_mark = nla_get_u32(tb[RTA_MARK]);
3682
3683 if (tb[RTA_UID])
3684 fl6.flowi6_uid = make_kuid(current_user_ns(),
3685 nla_get_u32(tb[RTA_UID]));
3686 else
3687 fl6.flowi6_uid = iif ? INVALID_UID : current_uid();
3688
3689 if (iif) {
3690 struct net_device *dev;
3691 int flags = 0;
3692
3693 rcu_read_lock();
3694
3695 dev = dev_get_by_index_rcu(net, iif);
3696 if (!dev) {
3697 rcu_read_unlock();
3698 err = -ENODEV;
3699 goto errout;
3700 }
3701
3702 fl6.flowi6_iif = iif;
3703
3704 if (!ipv6_addr_any(&fl6.saddr))
3705 flags |= RT6_LOOKUP_F_HAS_SADDR;
3706
3707 dst = ip6_route_input_lookup(net, dev, &fl6, flags);
3708
3709 rcu_read_unlock();
3710 } else {
3711 fl6.flowi6_oif = oif;
3712
3713 dst = ip6_route_output(net, NULL, &fl6);
3714 }
3715
3716
3717 rt = container_of(dst, struct rt6_info, dst);
3718 if (rt->dst.error) {
3719 err = rt->dst.error;
3720 ip6_rt_put(rt);
3721 goto errout;
3722 }
3723
3724 if (rt == net->ipv6.ip6_null_entry) {
3725 err = rt->dst.error;
3726 ip6_rt_put(rt);
3727 goto errout;
3728 }
3729
3730 if (fibmatch && rt->dst.from) {
3731 struct rt6_info *ort = container_of(rt->dst.from,
3732 struct rt6_info, dst);
3733
3734 dst_hold(&ort->dst);
3735 ip6_rt_put(rt);
3736 rt = ort;
3737 }
3738
3739 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3740 if (!skb) {
3741 ip6_rt_put(rt);
3742 err = -ENOBUFS;
3743 goto errout;
3744 }
3745
3746 skb_dst_set(skb, &rt->dst);
3747 if (fibmatch)
3748 err = rt6_fill_node(net, skb, rt, NULL, NULL, iif,
3749 RTM_NEWROUTE, NETLINK_CB(in_skb).portid,
3750 nlh->nlmsg_seq, 0);
3751 else
3752 err = rt6_fill_node(net, skb, rt, &fl6.daddr, &fl6.saddr, iif,
3753 RTM_NEWROUTE, NETLINK_CB(in_skb).portid,
3754 nlh->nlmsg_seq, 0);
3755 if (err < 0) {
3756 kfree_skb(skb);
3757 goto errout;
3758 }
3759
3760 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
3761 errout:
3762 return err;
3763 }
3764
3765 void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info,
3766 unsigned int nlm_flags)
3767 {
3768 struct sk_buff *skb;
3769 struct net *net = info->nl_net;
3770 u32 seq;
3771 int err;
3772
3773 err = -ENOBUFS;
3774 seq = info->nlh ? info->nlh->nlmsg_seq : 0;
3775
3776 skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
3777 if (!skb)
3778 goto errout;
3779
3780 err = rt6_fill_node(net, skb, rt, NULL, NULL, 0,
3781 event, info->portid, seq, nlm_flags);
3782 if (err < 0) {
3783 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
3784 WARN_ON(err == -EMSGSIZE);
3785 kfree_skb(skb);
3786 goto errout;
3787 }
3788 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
3789 info->nlh, gfp_any());
3790 return;
3791 errout:
3792 if (err < 0)
3793 rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
3794 }
3795
3796 static int ip6_route_dev_notify(struct notifier_block *this,
3797 unsigned long event, void *ptr)
3798 {
3799 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3800 struct net *net = dev_net(dev);
3801
3802 if (!(dev->flags & IFF_LOOPBACK))
3803 return NOTIFY_OK;
3804
3805 if (event == NETDEV_REGISTER) {
3806 net->ipv6.ip6_null_entry->dst.dev = dev;
3807 net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev);
3808 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3809 net->ipv6.ip6_prohibit_entry->dst.dev = dev;
3810 net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
3811 net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
3812 net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
3813 #endif
3814 } else if (event == NETDEV_UNREGISTER &&
3815 dev->reg_state != NETREG_UNREGISTERED) {
3816 /* NETDEV_UNREGISTER could be fired for multiple times by
3817 * netdev_wait_allrefs(). Make sure we only call this once.
3818 */
3819 in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
3820 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
3821 in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
3822 in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
3823 #endif
3824 }
3825
3826 return NOTIFY_OK;
3827 }
3828
3829 /*
3830 * /proc
3831 */
3832
3833 #ifdef CONFIG_PROC_FS
3834
3835 static const struct file_operations ipv6_route_proc_fops = {
3836 .owner = THIS_MODULE,
3837 .open = ipv6_route_open,
3838 .read = seq_read,
3839 .llseek = seq_lseek,
3840 .release = seq_release_net,
3841 };
3842
3843 static int rt6_stats_seq_show(struct seq_file *seq, void *v)
3844 {
3845 struct net *net = (struct net *)seq->private;
3846 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n",
3847 net->ipv6.rt6_stats->fib_nodes,
3848 net->ipv6.rt6_stats->fib_route_nodes,
3849 net->ipv6.rt6_stats->fib_rt_alloc,
3850 net->ipv6.rt6_stats->fib_rt_entries,
3851 net->ipv6.rt6_stats->fib_rt_cache,
3852 dst_entries_get_slow(&net->ipv6.ip6_dst_ops),
3853 net->ipv6.rt6_stats->fib_discarded_routes);
3854
3855 return 0;
3856 }
3857
3858 static int rt6_stats_seq_open(struct inode *inode, struct file *file)
3859 {
3860 return single_open_net(inode, file, rt6_stats_seq_show);
3861 }
3862
3863 static const struct file_operations rt6_stats_seq_fops = {
3864 .owner = THIS_MODULE,
3865 .open = rt6_stats_seq_open,
3866 .read = seq_read,
3867 .llseek = seq_lseek,
3868 .release = single_release_net,
3869 };
3870 #endif /* CONFIG_PROC_FS */
3871
3872 #ifdef CONFIG_SYSCTL
3873
3874 static
3875 int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
3876 void __user *buffer, size_t *lenp, loff_t *ppos)
3877 {
3878 struct net *net;
3879 int delay;
3880 if (!write)
3881 return -EINVAL;
3882
3883 net = (struct net *)ctl->extra1;
3884 delay = net->ipv6.sysctl.flush_delay;
3885 proc_dointvec(ctl, write, buffer, lenp, ppos);
3886 fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0);
3887 return 0;
3888 }
3889
3890 struct ctl_table ipv6_route_table_template[] = {
3891 {
3892 .procname = "flush",
3893 .data = &init_net.ipv6.sysctl.flush_delay,
3894 .maxlen = sizeof(int),
3895 .mode = 0200,
3896 .proc_handler = ipv6_sysctl_rtcache_flush
3897 },
3898 {
3899 .procname = "gc_thresh",
3900 .data = &ip6_dst_ops_template.gc_thresh,
3901 .maxlen = sizeof(int),
3902 .mode = 0644,
3903 .proc_handler = proc_dointvec,
3904 },
3905 {
3906 .procname = "max_size",
3907 .data = &init_net.ipv6.sysctl.ip6_rt_max_size,
3908 .maxlen = sizeof(int),
3909 .mode = 0644,
3910 .proc_handler = proc_dointvec,
3911 },
3912 {
3913 .procname = "gc_min_interval",
3914 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3915 .maxlen = sizeof(int),
3916 .mode = 0644,
3917 .proc_handler = proc_dointvec_jiffies,
3918 },
3919 {
3920 .procname = "gc_timeout",
3921 .data = &init_net.ipv6.sysctl.ip6_rt_gc_timeout,
3922 .maxlen = sizeof(int),
3923 .mode = 0644,
3924 .proc_handler = proc_dointvec_jiffies,
3925 },
3926 {
3927 .procname = "gc_interval",
3928 .data = &init_net.ipv6.sysctl.ip6_rt_gc_interval,
3929 .maxlen = sizeof(int),
3930 .mode = 0644,
3931 .proc_handler = proc_dointvec_jiffies,
3932 },
3933 {
3934 .procname = "gc_elasticity",
3935 .data = &init_net.ipv6.sysctl.ip6_rt_gc_elasticity,
3936 .maxlen = sizeof(int),
3937 .mode = 0644,
3938 .proc_handler = proc_dointvec,
3939 },
3940 {
3941 .procname = "mtu_expires",
3942 .data = &init_net.ipv6.sysctl.ip6_rt_mtu_expires,
3943 .maxlen = sizeof(int),
3944 .mode = 0644,
3945 .proc_handler = proc_dointvec_jiffies,
3946 },
3947 {
3948 .procname = "min_adv_mss",
3949 .data = &init_net.ipv6.sysctl.ip6_rt_min_advmss,
3950 .maxlen = sizeof(int),
3951 .mode = 0644,
3952 .proc_handler = proc_dointvec,
3953 },
3954 {
3955 .procname = "gc_min_interval_ms",
3956 .data = &init_net.ipv6.sysctl.ip6_rt_gc_min_interval,
3957 .maxlen = sizeof(int),
3958 .mode = 0644,
3959 .proc_handler = proc_dointvec_ms_jiffies,
3960 },
3961 { }
3962 };
3963
3964 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
3965 {
3966 struct ctl_table *table;
3967
3968 table = kmemdup(ipv6_route_table_template,
3969 sizeof(ipv6_route_table_template),
3970 GFP_KERNEL);
3971
3972 if (table) {
3973 table[0].data = &net->ipv6.sysctl.flush_delay;
3974 table[0].extra1 = net;
3975 table[1].data = &net->ipv6.ip6_dst_ops.gc_thresh;
3976 table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
3977 table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3978 table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
3979 table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
3980 table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
3981 table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
3982 table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
3983 table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
3984
3985 /* Don't export sysctls to unprivileged users */
3986 if (net->user_ns != &init_user_ns)
3987 table[0].procname = NULL;
3988 }
3989
3990 return table;
3991 }
3992 #endif
3993
3994 static int __net_init ip6_route_net_init(struct net *net)
3995 {
3996 int ret = -ENOMEM;
3997
3998 memcpy(&net->ipv6.ip6_dst_ops, &ip6_dst_ops_template,
3999 sizeof(net->ipv6.ip6_dst_ops));
4000
4001 if (dst_entries_init(&net->ipv6.ip6_dst_ops) < 0)
4002 goto out_ip6_dst_ops;
4003
4004 net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template,
4005 sizeof(*net->ipv6.ip6_null_entry),
4006 GFP_KERNEL);
4007 if (!net->ipv6.ip6_null_entry)
4008 goto out_ip6_dst_entries;
4009 net->ipv6.ip6_null_entry->dst.path =
4010 (struct dst_entry *)net->ipv6.ip6_null_entry;
4011 net->ipv6.ip6_null_entry->dst.ops = &net->ipv6.ip6_dst_ops;
4012 dst_init_metrics(&net->ipv6.ip6_null_entry->dst,
4013 ip6_template_metrics, true);
4014
4015 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
4016 net->ipv6.fib6_has_custom_rules = false;
4017 net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
4018 sizeof(*net->ipv6.ip6_prohibit_entry),
4019 GFP_KERNEL);
4020 if (!net->ipv6.ip6_prohibit_entry)
4021 goto out_ip6_null_entry;
4022 net->ipv6.ip6_prohibit_entry->dst.path =
4023 (struct dst_entry *)net->ipv6.ip6_prohibit_entry;
4024 net->ipv6.ip6_prohibit_entry->dst.ops = &net->ipv6.ip6_dst_ops;
4025 dst_init_metrics(&net->ipv6.ip6_prohibit_entry->dst,
4026 ip6_template_metrics, true);
4027
4028 net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
4029 sizeof(*net->ipv6.ip6_blk_hole_entry),
4030 GFP_KERNEL);
4031 if (!net->ipv6.ip6_blk_hole_entry)
4032 goto out_ip6_prohibit_entry;
4033 net->ipv6.ip6_blk_hole_entry->dst.path =
4034 (struct dst_entry *)net->ipv6.ip6_blk_hole_entry;
4035 net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
4036 dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
4037 ip6_template_metrics, true);
4038 #endif
4039
4040 net->ipv6.sysctl.flush_delay = 0;
4041 net->ipv6.sysctl.ip6_rt_max_size = 4096;
4042 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
4043 net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;
4044 net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ;
4045 net->ipv6.sysctl.ip6_rt_gc_elasticity = 9;
4046 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
4047 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
4048
4049 net->ipv6.ip6_rt_gc_expire = 30*HZ;
4050
4051 ret = 0;
4052 out:
4053 return ret;
4054
4055 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
4056 out_ip6_prohibit_entry:
4057 kfree(net->ipv6.ip6_prohibit_entry);
4058 out_ip6_null_entry:
4059 kfree(net->ipv6.ip6_null_entry);
4060 #endif
4061 out_ip6_dst_entries:
4062 dst_entries_destroy(&net->ipv6.ip6_dst_ops);
4063 out_ip6_dst_ops:
4064 goto out;
4065 }
4066
4067 static void __net_exit ip6_route_net_exit(struct net *net)
4068 {
4069 kfree(net->ipv6.ip6_null_entry);
4070 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
4071 kfree(net->ipv6.ip6_prohibit_entry);
4072 kfree(net->ipv6.ip6_blk_hole_entry);
4073 #endif
4074 dst_entries_destroy(&net->ipv6.ip6_dst_ops);
4075 }
4076
4077 static int __net_init ip6_route_net_init_late(struct net *net)
4078 {
4079 #ifdef CONFIG_PROC_FS
4080 proc_create("ipv6_route", 0, net->proc_net, &ipv6_route_proc_fops);
4081 proc_create("rt6_stats", S_IRUGO, net->proc_net, &rt6_stats_seq_fops);
4082 #endif
4083 return 0;
4084 }
4085
4086 static void __net_exit ip6_route_net_exit_late(struct net *net)
4087 {
4088 #ifdef CONFIG_PROC_FS
4089 remove_proc_entry("ipv6_route", net->proc_net);
4090 remove_proc_entry("rt6_stats", net->proc_net);
4091 #endif
4092 }
4093
4094 static struct pernet_operations ip6_route_net_ops = {
4095 .init = ip6_route_net_init,
4096 .exit = ip6_route_net_exit,
4097 };
4098
4099 static int __net_init ipv6_inetpeer_init(struct net *net)
4100 {
4101 struct inet_peer_base *bp = kmalloc(sizeof(*bp), GFP_KERNEL);
4102
4103 if (!bp)
4104 return -ENOMEM;
4105 inet_peer_base_init(bp);
4106 net->ipv6.peers = bp;
4107 return 0;
4108 }
4109
4110 static void __net_exit ipv6_inetpeer_exit(struct net *net)
4111 {
4112 struct inet_peer_base *bp = net->ipv6.peers;
4113
4114 net->ipv6.peers = NULL;
4115 inetpeer_invalidate_tree(bp);
4116 kfree(bp);
4117 }
4118
4119 static struct pernet_operations ipv6_inetpeer_ops = {
4120 .init = ipv6_inetpeer_init,
4121 .exit = ipv6_inetpeer_exit,
4122 };
4123
4124 static struct pernet_operations ip6_route_net_late_ops = {
4125 .init = ip6_route_net_init_late,
4126 .exit = ip6_route_net_exit_late,
4127 };
4128
4129 static struct notifier_block ip6_route_dev_notifier = {
4130 .notifier_call = ip6_route_dev_notify,
4131 .priority = ADDRCONF_NOTIFY_PRIORITY - 10,
4132 };
4133
4134 void __init ip6_route_init_special_entries(void)
4135 {
4136 /* Registering of the loopback is done before this portion of code,
4137 * the loopback reference in rt6_info will not be taken, do it
4138 * manually for init_net */
4139 init_net.ipv6.ip6_null_entry->dst.dev = init_net.loopback_dev;
4140 init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
4141 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
4142 init_net.ipv6.ip6_prohibit_entry->dst.dev = init_net.loopback_dev;
4143 init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
4144 init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
4145 init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
4146 #endif
4147 }
4148
4149 int __init ip6_route_init(void)
4150 {
4151 int ret;
4152 int cpu;
4153
4154 ret = -ENOMEM;
4155 ip6_dst_ops_template.kmem_cachep =
4156 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0,
4157 SLAB_HWCACHE_ALIGN, NULL);
4158 if (!ip6_dst_ops_template.kmem_cachep)
4159 goto out;
4160
4161 ret = dst_entries_init(&ip6_dst_blackhole_ops);
4162 if (ret)
4163 goto out_kmem_cache;
4164
4165 ret = register_pernet_subsys(&ipv6_inetpeer_ops);
4166 if (ret)
4167 goto out_dst_entries;
4168
4169 ret = register_pernet_subsys(&ip6_route_net_ops);
4170 if (ret)
4171 goto out_register_inetpeer;
4172
4173 ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops_template.kmem_cachep;
4174
4175 ret = fib6_init();
4176 if (ret)
4177 goto out_register_subsys;
4178
4179 ret = xfrm6_init();
4180 if (ret)
4181 goto out_fib6_init;
4182
4183 ret = fib6_rules_init();
4184 if (ret)
4185 goto xfrm6_init;
4186
4187 ret = register_pernet_subsys(&ip6_route_net_late_ops);
4188 if (ret)
4189 goto fib6_rules_init;
4190
4191 ret = -ENOBUFS;
4192 if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, 0) ||
4193 __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, 0) ||
4194 __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL,
4195 RTNL_FLAG_DOIT_UNLOCKED))
4196 goto out_register_late_subsys;
4197
4198 ret = register_netdevice_notifier(&ip6_route_dev_notifier);
4199 if (ret)
4200 goto out_register_late_subsys;
4201
4202 for_each_possible_cpu(cpu) {
4203 struct uncached_list *ul = per_cpu_ptr(&rt6_uncached_list, cpu);
4204
4205 INIT_LIST_HEAD(&ul->head);
4206 spin_lock_init(&ul->lock);
4207 }
4208
4209 out:
4210 return ret;
4211
4212 out_register_late_subsys:
4213 unregister_pernet_subsys(&ip6_route_net_late_ops);
4214 fib6_rules_init:
4215 fib6_rules_cleanup();
4216 xfrm6_init:
4217 xfrm6_fini();
4218 out_fib6_init:
4219 fib6_gc_cleanup();
4220 out_register_subsys:
4221 unregister_pernet_subsys(&ip6_route_net_ops);
4222 out_register_inetpeer:
4223 unregister_pernet_subsys(&ipv6_inetpeer_ops);
4224 out_dst_entries:
4225 dst_entries_destroy(&ip6_dst_blackhole_ops);
4226 out_kmem_cache:
4227 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
4228 goto out;
4229 }
4230
4231 void ip6_route_cleanup(void)
4232 {
4233 unregister_netdevice_notifier(&ip6_route_dev_notifier);
4234 unregister_pernet_subsys(&ip6_route_net_late_ops);
4235 fib6_rules_cleanup();
4236 xfrm6_fini();
4237 fib6_gc_cleanup();
4238 unregister_pernet_subsys(&ipv6_inetpeer_ops);
4239 unregister_pernet_subsys(&ip6_route_net_ops);
4240 dst_entries_destroy(&ip6_dst_blackhole_ops);
4241 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
4242 }