fix /etc/config/firewall
[openwrt.git] / openwrt / target / linux / generic-2.6 / patches / 201-multiple_default_gateways.patch
1 diff -ur v2.6.14/linux/include/linux/netfilter_ipv4/ip_nat.h linux/include/linux/netfilter_ipv4/ip_nat.h
2 --- v2.6.14/linux/include/linux/netfilter_ipv4/ip_nat.h 2005-10-29 14:15:09.000000000 +0300
3 +++ linux/include/linux/netfilter_ipv4/ip_nat.h 2005-10-29 18:11:32.885759304 +0300
4 @@ -63,6 +63,13 @@
5
6 struct ip_conntrack;
7
8 +/* Call input routing for SNAT-ed traffic */
9 +extern unsigned int ip_nat_route_input(unsigned int hooknum,
10 + struct sk_buff **pskb,
11 + const struct net_device *in,
12 + const struct net_device *out,
13 + int (*okfn)(struct sk_buff *));
14 +
15 /* Set up the info structure to map into this range. */
16 extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
17 const struct ip_nat_range *range,
18 diff -ur v2.6.14/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h
19 --- v2.6.14/linux/include/linux/rtnetlink.h 2005-10-29 14:15:09.000000000 +0300
20 +++ linux/include/linux/rtnetlink.h 2005-10-29 18:11:21.299520680 +0300
21 @@ -292,6 +292,8 @@
22 #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
23 #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
24 #define RTNH_F_ONLINK 4 /* Gateway is forced on link */
25 +#define RTNH_F_SUSPECT 8 /* We don't know the real state */
26 +#define RTNH_F_BADSTATE (RTNH_F_DEAD | RTNH_F_SUSPECT)
27
28 /* Macros to handle hexthops */
29
30 diff -ur v2.6.14/linux/include/net/flow.h linux/include/net/flow.h
31 --- v2.6.14/linux/include/net/flow.h 2005-06-18 08:50:52.000000000 +0300
32 +++ linux/include/net/flow.h 2005-10-29 18:11:32.885759304 +0300
33 @@ -19,6 +19,8 @@
34 __u32 daddr;
35 __u32 saddr;
36 __u32 fwmark;
37 + __u32 lsrc;
38 + __u32 gw;
39 __u8 tos;
40 __u8 scope;
41 } ip4_u;
42 @@ -46,6 +48,8 @@
43 #define fl4_dst nl_u.ip4_u.daddr
44 #define fl4_src nl_u.ip4_u.saddr
45 #define fl4_fwmark nl_u.ip4_u.fwmark
46 +#define fl4_lsrc nl_u.ip4_u.lsrc
47 +#define fl4_gw nl_u.ip4_u.gw
48 #define fl4_tos nl_u.ip4_u.tos
49 #define fl4_scope nl_u.ip4_u.scope
50
51 diff -ur v2.6.14/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
52 --- v2.6.14/linux/include/net/ip_fib.h 2005-10-29 14:15:09.000000000 +0300
53 +++ linux/include/net/ip_fib.h 2005-10-29 18:11:21.300520528 +0300
54 @@ -195,7 +195,8 @@
55
56 static inline void fib_select_default(const struct flowi *flp, struct fib_result *res)
57 {
58 - if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
59 + if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
60 + FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)
61 ip_fib_main_table->tb_select_default(ip_fib_main_table, flp, res);
62 }
63
64 @@ -207,6 +208,7 @@
65 extern int fib_lookup(const struct flowi *flp, struct fib_result *res);
66 extern struct fib_table *__fib_new_table(int id);
67 extern void fib_rule_put(struct fib_rule *r);
68 +extern int fib_result_table(struct fib_result *res);
69
70 static inline struct fib_table *fib_get_table(int id)
71 {
72 @@ -300,4 +302,6 @@
73 extern void fib_proc_exit(void);
74 #endif
75
76 +extern rwlock_t fib_nhflags_lock;
77 +
78 #endif /* _NET_FIB_H */
79 diff -ur v2.6.14/linux/include/net/route.h linux/include/net/route.h
80 --- v2.6.14/linux/include/net/route.h 2005-10-29 14:15:09.000000000 +0300
81 +++ linux/include/net/route.h 2005-10-29 18:11:32.885759304 +0300
82 @@ -117,6 +117,7 @@
83 extern int ip_route_output_key(struct rtable **, struct flowi *flp);
84 extern int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
85 extern int ip_route_input(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin);
86 +extern int ip_route_input_lookup(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin, u32 lsrc);
87 extern unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu);
88 extern void ip_rt_send_redirect(struct sk_buff *skb);
89
90 diff -ur v2.6.14/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
91 --- v2.6.14/linux/net/ipv4/fib_frontend.c 2005-10-29 14:15:09.000000000 +0300
92 +++ linux/net/ipv4/fib_frontend.c 2005-10-29 18:11:21.300520528 +0300
93 @@ -54,6 +54,8 @@
94 struct fib_table *ip_fib_local_table;
95 struct fib_table *ip_fib_main_table;
96
97 +#define FIB_RES_TABLE(r) (RT_TABLE_MAIN)
98 +
99 #else
100
101 #define RT_TABLE_MIN 1
102 @@ -71,6 +73,7 @@
103 return tb;
104 }
105
106 +#define FIB_RES_TABLE(r) (fib_result_table(r))
107
108 #endif /* CONFIG_IP_MULTIPLE_TABLES */
109
110 @@ -168,6 +171,9 @@
111 .tos = tos } },
112 .iif = oif };
113 struct fib_result res;
114 + int table;
115 + unsigned char prefixlen;
116 + unsigned char scope;
117 int no_addr, rpf;
118 int ret;
119
120 @@ -189,31 +195,35 @@
121 goto e_inval_res;
122 *spec_dst = FIB_RES_PREFSRC(res);
123 fib_combine_itag(itag, &res);
124 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
125 - if (FIB_RES_DEV(res) == dev || res.fi->fib_nhs > 1)
126 -#else
127 if (FIB_RES_DEV(res) == dev)
128 -#endif
129 {
130 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
131 fib_res_put(&res);
132 return ret;
133 }
134 + table = FIB_RES_TABLE(&res);
135 + prefixlen = res.prefixlen;
136 + scope = res.scope;
137 fib_res_put(&res);
138 if (no_addr)
139 goto last_resort;
140 - if (rpf)
141 - goto e_inval;
142 fl.oif = dev->ifindex;
143
144 ret = 0;
145 if (fib_lookup(&fl, &res) == 0) {
146 - if (res.type == RTN_UNICAST) {
147 + if (res.type == RTN_UNICAST &&
148 + ((table == FIB_RES_TABLE(&res) &&
149 + res.prefixlen >= prefixlen && res.scope >= scope) ||
150 + !rpf)) {
151 *spec_dst = FIB_RES_PREFSRC(res);
152 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
153 + fib_res_put(&res);
154 + return ret;
155 }
156 fib_res_put(&res);
157 }
158 + if (rpf)
159 + goto e_inval;
160 return ret;
161
162 last_resort:
163 @@ -584,9 +594,7 @@
164 switch (event) {
165 case NETDEV_UP:
166 fib_add_ifaddr(ifa);
167 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
168 fib_sync_up(ifa->ifa_dev->dev);
169 -#endif
170 rt_cache_flush(-1);
171 break;
172 case NETDEV_DOWN:
173 @@ -622,9 +630,7 @@
174 for_ifa(in_dev) {
175 fib_add_ifaddr(ifa);
176 } endfor_ifa(in_dev);
177 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
178 fib_sync_up(dev);
179 -#endif
180 rt_cache_flush(-1);
181 break;
182 case NETDEV_DOWN:
183 diff -ur v2.6.14/linux/net/ipv4/fib_hash.c linux/net/ipv4/fib_hash.c
184 --- v2.6.14/linux/net/ipv4/fib_hash.c 2005-10-29 14:15:09.000000000 +0300
185 +++ linux/net/ipv4/fib_hash.c 2005-10-29 18:11:21.301520376 +0300
186 @@ -276,30 +276,38 @@
187 return err;
188 }
189
190 -static int fn_hash_last_dflt=-1;
191 -
192 static void
193 fn_hash_select_default(struct fib_table *tb, const struct flowi *flp, struct fib_result *res)
194 {
195 - int order, last_idx;
196 + int order, last_idx, last_dflt, last_nhsel;
197 + struct fib_alias *first_fa = NULL;
198 + struct hlist_head *head;
199 struct hlist_node *node;
200 struct fib_node *f;
201 struct fib_info *fi = NULL;
202 struct fib_info *last_resort;
203 struct fn_hash *t = (struct fn_hash*)tb->tb_data;
204 - struct fn_zone *fz = t->fn_zones[0];
205 + struct fn_zone *fz = t->fn_zones[res->prefixlen];
206 + u32 k;
207
208 if (fz == NULL)
209 return;
210
211 + k = fz_key(flp->fl4_dst, fz);
212 + last_dflt = -2;
213 + last_nhsel = 0;
214 last_idx = -1;
215 last_resort = NULL;
216 order = -1;
217
218 read_lock(&fib_hash_lock);
219 - hlist_for_each_entry(f, node, &fz->fz_hash[0], fn_hash) {
220 + head = &fz->fz_hash[fn_hash(k, fz)];
221 + hlist_for_each_entry(f, node, head, fn_hash) {
222 struct fib_alias *fa;
223
224 + if (f->fn_key != k)
225 + continue;
226 +
227 list_for_each_entry(fa, &f->fn_alias, fa_list) {
228 struct fib_info *next_fi = fa->fa_info;
229
230 @@ -307,41 +315,52 @@
231 fa->fa_type != RTN_UNICAST)
232 continue;
233
234 + if (fa->fa_tos &&
235 + fa->fa_tos != flp->fl4_tos)
236 + continue;
237 if (next_fi->fib_priority > res->fi->fib_priority)
238 break;
239 - if (!next_fi->fib_nh[0].nh_gw ||
240 - next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
241 - continue;
242 fa->fa_state |= FA_S_ACCESSED;
243
244 - if (fi == NULL) {
245 - if (next_fi != res->fi)
246 - break;
247 - } else if (!fib_detect_death(fi, order, &last_resort,
248 - &last_idx, &fn_hash_last_dflt)) {
249 + if (!first_fa) {
250 + last_dflt = fa->fa_last_dflt;
251 + first_fa = fa;
252 + }
253 + if (fi && !fib_detect_death(fi, order, &last_resort,
254 + &last_idx, &last_dflt, &last_nhsel, flp)) {
255 if (res->fi)
256 fib_info_put(res->fi);
257 res->fi = fi;
258 atomic_inc(&fi->fib_clntref);
259 - fn_hash_last_dflt = order;
260 + first_fa->fa_last_dflt = order;
261 goto out;
262 }
263 fi = next_fi;
264 order++;
265 }
266 + break;
267 }
268
269 if (order <= 0 || fi == NULL) {
270 - fn_hash_last_dflt = -1;
271 + if (fi && fi->fib_nhs > 1 &&
272 + fib_detect_death(fi, order, &last_resort, &last_idx,
273 + &last_dflt, &last_nhsel, flp) &&
274 + last_resort == fi) {
275 + read_lock_bh(&fib_nhflags_lock);
276 + fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
277 + read_unlock_bh(&fib_nhflags_lock);
278 + }
279 + if (first_fa) first_fa->fa_last_dflt = -1;
280 goto out;
281 }
282
283 - if (!fib_detect_death(fi, order, &last_resort, &last_idx, &fn_hash_last_dflt)) {
284 + if (!fib_detect_death(fi, order, &last_resort, &last_idx,
285 + &last_dflt, &last_nhsel, flp)) {
286 if (res->fi)
287 fib_info_put(res->fi);
288 res->fi = fi;
289 atomic_inc(&fi->fib_clntref);
290 - fn_hash_last_dflt = order;
291 + first_fa->fa_last_dflt = order;
292 goto out;
293 }
294
295 @@ -351,8 +370,11 @@
296 res->fi = last_resort;
297 if (last_resort)
298 atomic_inc(&last_resort->fib_clntref);
299 + read_lock_bh(&fib_nhflags_lock);
300 + last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
301 + read_unlock_bh(&fib_nhflags_lock);
302 + first_fa->fa_last_dflt = last_idx;
303 }
304 - fn_hash_last_dflt = last_idx;
305 out:
306 read_unlock(&fib_hash_lock);
307 }
308 @@ -451,6 +473,7 @@
309 write_lock_bh(&fib_hash_lock);
310 fi_drop = fa->fa_info;
311 fa->fa_info = fi;
312 + fa->fa_last_dflt = -1;
313 fa->fa_type = type;
314 fa->fa_scope = r->rtm_scope;
315 state = fa->fa_state;
316 @@ -510,6 +533,7 @@
317 new_fa->fa_type = type;
318 new_fa->fa_scope = r->rtm_scope;
319 new_fa->fa_state = 0;
320 + new_fa->fa_last_dflt = -1;
321
322 /*
323 * Insert new entry to the list.
324 diff -ur v2.6.14/linux/net/ipv4/fib_lookup.h linux/net/ipv4/fib_lookup.h
325 --- v2.6.14/linux/net/ipv4/fib_lookup.h 2005-10-29 14:15:09.000000000 +0300
326 +++ linux/net/ipv4/fib_lookup.h 2005-10-29 18:11:21.302520224 +0300
327 @@ -9,6 +9,7 @@
328 struct list_head fa_list;
329 struct rcu_head rcu;
330 struct fib_info *fa_info;
331 + int fa_last_dflt;
332 u8 fa_tos;
333 u8 fa_type;
334 u8 fa_scope;
335 @@ -40,6 +41,7 @@
336 u8 tos, u32 prio);
337 extern int fib_detect_death(struct fib_info *fi, int order,
338 struct fib_info **last_resort,
339 - int *last_idx, int *dflt);
340 + int *last_idx, int *dflt, int *last_nhsel,
341 + const struct flowi *flp);
342
343 #endif /* _FIB_LOOKUP_H */
344 diff -ur v2.6.14/linux/net/ipv4/fib_rules.c linux/net/ipv4/fib_rules.c
345 --- v2.6.14/linux/net/ipv4/fib_rules.c 2005-08-29 07:51:29.000000000 +0300
346 +++ linux/net/ipv4/fib_rules.c 2005-10-29 18:11:21.302520224 +0300
347 @@ -280,6 +280,11 @@
348 }
349 }
350
351 +int fib_result_table(struct fib_result *res)
352 +{
353 + return res->r->r_table;
354 +}
355 +
356 int fib_lookup(const struct flowi *flp, struct fib_result *res)
357 {
358 int err;
359 @@ -342,7 +347,8 @@
360 void fib_select_default(const struct flowi *flp, struct fib_result *res)
361 {
362 if (res->r && res->r->r_action == RTN_UNICAST &&
363 - FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) {
364 + ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
365 + FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)) {
366 struct fib_table *tb;
367 if ((tb = fib_get_table(res->r->r_table)) != NULL)
368 tb->tb_select_default(tb, flp, res);
369 diff -ur v2.6.14/linux/net/ipv4/fib_semantics.c linux/net/ipv4/fib_semantics.c
370 --- v2.6.14/linux/net/ipv4/fib_semantics.c 2005-10-29 14:15:09.000000000 +0300
371 +++ linux/net/ipv4/fib_semantics.c 2005-10-29 18:11:32.886759152 +0300
372 @@ -53,6 +53,7 @@
373 static struct hlist_head *fib_info_laddrhash;
374 static unsigned int fib_hash_size;
375 static unsigned int fib_info_cnt;
376 +rwlock_t fib_nhflags_lock = RW_LOCK_UNLOCKED;
377
378 #define DEVINDEX_HASHBITS 8
379 #define DEVINDEX_HASHSIZE (1U << DEVINDEX_HASHBITS)
380 @@ -188,7 +189,7 @@
381 #ifdef CONFIG_NET_CLS_ROUTE
382 nh->nh_tclassid != onh->nh_tclassid ||
383 #endif
384 - ((nh->nh_flags^onh->nh_flags)&~RTNH_F_DEAD))
385 + ((nh->nh_flags^onh->nh_flags)&~RTNH_F_BADSTATE))
386 return -1;
387 onh++;
388 } endfor_nexthops(fi);
389 @@ -225,7 +226,7 @@
390 nfi->fib_priority == fi->fib_priority &&
391 memcmp(nfi->fib_metrics, fi->fib_metrics,
392 sizeof(fi->fib_metrics)) == 0 &&
393 - ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_DEAD) == 0 &&
394 + ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_BADSTATE) == 0 &&
395 (nfi->fib_nhs == 0 || nh_comp(fi, nfi) == 0))
396 return fi;
397 }
398 @@ -317,26 +318,70 @@
399 }
400
401 int fib_detect_death(struct fib_info *fi, int order,
402 - struct fib_info **last_resort, int *last_idx, int *dflt)
403 + struct fib_info **last_resort, int *last_idx, int *dflt,
404 + int *last_nhsel, const struct flowi *flp)
405 {
406 struct neighbour *n;
407 - int state = NUD_NONE;
408 + int nhsel;
409 + int state;
410 + struct fib_nh * nh;
411 + u32 dst;
412 + int flag, dead = 1;
413 +
414 + /* change_nexthops(fi) { */
415 + for (nhsel = 0, nh = fi->fib_nh; nhsel < fi->fib_nhs; nh++, nhsel++) {
416 + if (flp->oif && flp->oif != nh->nh_oif)
417 + continue;
418 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw && nh->nh_gw &&
419 + nh->nh_scope == RT_SCOPE_LINK)
420 + continue;
421 + if (nh->nh_flags & RTNH_F_DEAD)
422 + continue;
423
424 - n = neigh_lookup(&arp_tbl, &fi->fib_nh[0].nh_gw, fi->fib_dev);
425 - if (n) {
426 - state = n->nud_state;
427 - neigh_release(n);
428 - }
429 - if (state==NUD_REACHABLE)
430 - return 0;
431 - if ((state&NUD_VALID) && order != *dflt)
432 - return 0;
433 - if ((state&NUD_VALID) ||
434 - (*last_idx<0 && order > *dflt)) {
435 - *last_resort = fi;
436 - *last_idx = order;
437 + flag = 0;
438 + if (nh->nh_dev->flags & IFF_NOARP) {
439 + dead = 0;
440 + goto setfl;
441 + }
442 +
443 + dst = nh->nh_gw;
444 + if (!nh->nh_gw || nh->nh_scope != RT_SCOPE_LINK)
445 + dst = flp->fl4_dst;
446 +
447 + state = NUD_NONE;
448 + n = neigh_lookup(&arp_tbl, &dst, nh->nh_dev);
449 + if (n) {
450 + state = n->nud_state;
451 + neigh_release(n);
452 + }
453 + if (state==NUD_REACHABLE ||
454 + ((state&NUD_VALID) && order != *dflt)) {
455 + dead = 0;
456 + goto setfl;
457 + }
458 + if (!(state&NUD_VALID))
459 + flag = 1;
460 + if (!dead)
461 + goto setfl;
462 + if ((state&NUD_VALID) ||
463 + (*last_idx<0 && order >= *dflt)) {
464 + *last_resort = fi;
465 + *last_idx = order;
466 + *last_nhsel = nhsel;
467 + }
468 +
469 + setfl:
470 +
471 + read_lock_bh(&fib_nhflags_lock);
472 + if (flag)
473 + nh->nh_flags |= RTNH_F_SUSPECT;
474 + else
475 + nh->nh_flags &= ~RTNH_F_SUSPECT;
476 + read_unlock_bh(&fib_nhflags_lock);
477 }
478 - return 1;
479 + /* } endfor_nexthops(fi) */
480 +
481 + return dead;
482 }
483
484 #ifdef CONFIG_IP_ROUTE_MULTIPATH
485 @@ -507,8 +552,11 @@
486 return -EINVAL;
487 if ((dev = __dev_get_by_index(nh->nh_oif)) == NULL)
488 return -ENODEV;
489 - if (!(dev->flags&IFF_UP))
490 - return -ENETDOWN;
491 + if (!(dev->flags&IFF_UP)) {
492 + if (fi->fib_protocol != RTPROT_STATIC)
493 + return -ENETDOWN;
494 + nh->nh_flags |= RTNH_F_DEAD;
495 + }
496 nh->nh_dev = dev;
497 dev_hold(dev);
498 nh->nh_scope = RT_SCOPE_LINK;
499 @@ -523,24 +571,48 @@
500 /* It is not necessary, but requires a bit of thinking */
501 if (fl.fl4_scope < RT_SCOPE_LINK)
502 fl.fl4_scope = RT_SCOPE_LINK;
503 - if ((err = fib_lookup(&fl, &res)) != 0)
504 - return err;
505 + err = fib_lookup(&fl, &res);
506 }
507 - err = -EINVAL;
508 - if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
509 - goto out;
510 - nh->nh_scope = res.scope;
511 - nh->nh_oif = FIB_RES_OIF(res);
512 - if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
513 - goto out;
514 - dev_hold(nh->nh_dev);
515 - err = -ENETDOWN;
516 - if (!(nh->nh_dev->flags & IFF_UP))
517 - goto out;
518 - err = 0;
519 + if (err) {
520 + struct in_device *in_dev;
521 +
522 + if (err != -ENETUNREACH ||
523 + fi->fib_protocol != RTPROT_STATIC)
524 + return err;
525 +
526 + in_dev = inetdev_by_index(nh->nh_oif);
527 + if (in_dev == NULL ||
528 + in_dev->dev->flags & IFF_UP) {
529 + if (in_dev)
530 + in_dev_put(in_dev);
531 + return err;
532 + }
533 + nh->nh_flags |= RTNH_F_DEAD;
534 + nh->nh_scope = RT_SCOPE_LINK;
535 + nh->nh_dev = in_dev->dev;
536 + dev_hold(nh->nh_dev);
537 + in_dev_put(in_dev);
538 + } else {
539 + err = -EINVAL;
540 + if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
541 + goto out;
542 + nh->nh_scope = res.scope;
543 + nh->nh_oif = FIB_RES_OIF(res);
544 + if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
545 + goto out;
546 + dev_hold(nh->nh_dev);
547 + if (!(nh->nh_dev->flags & IFF_UP)) {
548 + if (fi->fib_protocol != RTPROT_STATIC) {
549 + err = -ENETDOWN;
550 + goto out;
551 + }
552 + nh->nh_flags |= RTNH_F_DEAD;
553 + }
554 + err = 0;
555 out:
556 - fib_res_put(&res);
557 - return err;
558 + fib_res_put(&res);
559 + return err;
560 + }
561 } else {
562 struct in_device *in_dev;
563
564 @@ -551,8 +623,11 @@
565 if (in_dev == NULL)
566 return -ENODEV;
567 if (!(in_dev->dev->flags&IFF_UP)) {
568 - in_dev_put(in_dev);
569 - return -ENETDOWN;
570 + if (fi->fib_protocol != RTPROT_STATIC) {
571 + in_dev_put(in_dev);
572 + return -ENETDOWN;
573 + }
574 + nh->nh_flags |= RTNH_F_DEAD;
575 }
576 nh->nh_dev = in_dev->dev;
577 dev_hold(nh->nh_dev);
578 @@ -890,8 +965,12 @@
579 for_nexthops(fi) {
580 if (nh->nh_flags&RTNH_F_DEAD)
581 continue;
582 - if (!flp->oif || flp->oif == nh->nh_oif)
583 - break;
584 + if (flp->oif && flp->oif != nh->nh_oif)
585 + continue;
586 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
587 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
588 + continue;
589 + break;
590 }
591 #ifdef CONFIG_IP_ROUTE_MULTIPATH
592 if (nhsel < fi->fib_nhs) {
593 @@ -1197,18 +1276,29 @@
594 prev_fi = fi;
595 dead = 0;
596 change_nexthops(fi) {
597 - if (nh->nh_flags&RTNH_F_DEAD)
598 - dead++;
599 - else if (nh->nh_dev == dev &&
600 - nh->nh_scope != scope) {
601 - nh->nh_flags |= RTNH_F_DEAD;
602 + if (nh->nh_flags&RTNH_F_DEAD) {
603 + if (fi->fib_protocol!=RTPROT_STATIC ||
604 + nh->nh_dev == NULL ||
605 + __in_dev_get_rtnl(nh->nh_dev) == NULL ||
606 + nh->nh_dev->flags&IFF_UP)
607 + dead++;
608 + } else if (nh->nh_dev == dev &&
609 + nh->nh_scope != scope) {
610 + write_lock_bh(&fib_nhflags_lock);
611 #ifdef CONFIG_IP_ROUTE_MULTIPATH
612 - spin_lock_bh(&fib_multipath_lock);
613 + spin_lock(&fib_multipath_lock);
614 + nh->nh_flags |= RTNH_F_DEAD;
615 fi->fib_power -= nh->nh_power;
616 nh->nh_power = 0;
617 - spin_unlock_bh(&fib_multipath_lock);
618 + spin_unlock(&fib_multipath_lock);
619 +#else
620 + nh->nh_flags |= RTNH_F_DEAD;
621 #endif
622 - dead++;
623 + write_unlock_bh(&fib_nhflags_lock);
624 + if (fi->fib_protocol!=RTPROT_STATIC ||
625 + force ||
626 + __in_dev_get_rtnl(dev) == NULL)
627 + dead++;
628 }
629 #ifdef CONFIG_IP_ROUTE_MULTIPATH
630 if (force > 1 && nh->nh_dev == dev) {
631 @@ -1227,11 +1317,8 @@
632 return ret;
633 }
634
635 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
636 -
637 /*
638 - Dead device goes up. We wake up dead nexthops.
639 - It takes sense only on multipath routes.
640 + Dead device goes up or new address is added. We wake up dead nexthops.
641 */
642
643 int fib_sync_up(struct net_device *dev)
644 @@ -1241,8 +1328,10 @@
645 struct hlist_head *head;
646 struct hlist_node *node;
647 struct fib_nh *nh;
648 - int ret;
649 + struct fib_result res;
650 + int ret, rep;
651
652 +repeat:
653 if (!(dev->flags&IFF_UP))
654 return 0;
655
656 @@ -1250,6 +1339,7 @@
657 hash = fib_devindex_hashfn(dev->ifindex);
658 head = &fib_info_devhash[hash];
659 ret = 0;
660 + rep = 0;
661
662 hlist_for_each_entry(nh, node, head, nh_hash) {
663 struct fib_info *fi = nh->nh_parent;
664 @@ -1262,19 +1352,37 @@
665 prev_fi = fi;
666 alive = 0;
667 change_nexthops(fi) {
668 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
669 - alive++;
670 + if (!(nh->nh_flags&RTNH_F_DEAD))
671 continue;
672 - }
673 if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP))
674 continue;
675 if (nh->nh_dev != dev || !__in_dev_get_rtnl(dev))
676 continue;
677 + if (nh->nh_gw && fi->fib_protocol == RTPROT_STATIC) {
678 + struct flowi fl = {
679 + .nl_u = { .ip4_u =
680 + { .daddr = nh->nh_gw,
681 + .scope = nh->nh_scope } },
682 + .oif = nh->nh_oif,
683 + };
684 + if (fib_lookup(&fl, &res) != 0)
685 + continue;
686 + if (res.type != RTN_UNICAST &&
687 + res.type != RTN_LOCAL) {
688 + fib_res_put(&res);
689 + continue;
690 + }
691 + nh->nh_scope = res.scope;
692 + fib_res_put(&res);
693 + rep = 1;
694 + }
695 alive++;
696 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
697 spin_lock_bh(&fib_multipath_lock);
698 nh->nh_power = 0;
699 nh->nh_flags &= ~RTNH_F_DEAD;
700 spin_unlock_bh(&fib_multipath_lock);
701 +#endif
702 } endfor_nexthops(fi)
703
704 if (alive > 0) {
705 @@ -1282,10 +1390,14 @@
706 ret++;
707 }
708 }
709 + if (rep)
710 + goto repeat;
711
712 return ret;
713 }
714
715 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
716 +
717 /*
718 The algorithm is suboptimal, but it provides really
719 fair weighted route distribution.
720 @@ -1294,24 +1406,45 @@
721 void fib_select_multipath(const struct flowi *flp, struct fib_result *res)
722 {
723 struct fib_info *fi = res->fi;
724 - int w;
725 + int w, alive;
726
727 spin_lock_bh(&fib_multipath_lock);
728 + if (flp->oif) {
729 + int sel = -1;
730 + w = -1;
731 + change_nexthops(fi) {
732 + if (flp->oif != nh->nh_oif)
733 + continue;
734 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
735 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
736 + continue;
737 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
738 + if (nh->nh_power > w) {
739 + w = nh->nh_power;
740 + sel = nhsel;
741 + }
742 + }
743 + } endfor_nexthops(fi);
744 + if (sel >= 0) {
745 + spin_unlock_bh(&fib_multipath_lock);
746 + res->nh_sel = sel;
747 + return;
748 + }
749 + goto last_resort;
750 + }
751 +
752 +repeat:
753 if (fi->fib_power <= 0) {
754 int power = 0;
755 change_nexthops(fi) {
756 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
757 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
758 power += nh->nh_weight;
759 nh->nh_power = nh->nh_weight;
760 }
761 } endfor_nexthops(fi);
762 fi->fib_power = power;
763 - if (power <= 0) {
764 - spin_unlock_bh(&fib_multipath_lock);
765 - /* Race condition: route has just become dead. */
766 - res->nh_sel = 0;
767 - return;
768 - }
769 + if (power <= 0)
770 + goto last_resort;
771 }
772
773
774 @@ -1321,20 +1454,40 @@
775
776 w = jiffies % fi->fib_power;
777
778 + alive = 0;
779 change_nexthops(fi) {
780 - if (!(nh->nh_flags&RTNH_F_DEAD) && nh->nh_power) {
781 + if (!(nh->nh_flags&RTNH_F_BADSTATE) && nh->nh_power) {
782 if ((w -= nh->nh_power) <= 0) {
783 nh->nh_power--;
784 fi->fib_power--;
785 - res->nh_sel = nhsel;
786 spin_unlock_bh(&fib_multipath_lock);
787 + res->nh_sel = nhsel;
788 return;
789 }
790 + alive = 1;
791 + }
792 + } endfor_nexthops(fi);
793 + if (alive) {
794 + fi->fib_power = 0;
795 + goto repeat;
796 + }
797 +
798 +last_resort:
799 +
800 + for_nexthops(fi) {
801 + if (!(nh->nh_flags&RTNH_F_DEAD)) {
802 + if (flp->oif && flp->oif != nh->nh_oif)
803 + continue;
804 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
805 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
806 + continue;
807 + spin_unlock_bh(&fib_multipath_lock);
808 + res->nh_sel = nhsel;
809 + return;
810 }
811 } endfor_nexthops(fi);
812
813 /* Race condition: route has just become dead. */
814 - res->nh_sel = 0;
815 spin_unlock_bh(&fib_multipath_lock);
816 }
817 #endif
818 diff -ur v2.6.14/linux/net/ipv4/netfilter/ip_nat_core.c linux/net/ipv4/netfilter/ip_nat_core.c
819 --- v2.6.14/linux/net/ipv4/netfilter/ip_nat_core.c 2005-10-29 14:15:09.000000000 +0300
820 +++ linux/net/ipv4/netfilter/ip_nat_core.c 2005-10-29 18:11:32.887759000 +0300
821 @@ -591,6 +591,53 @@
822 EXPORT_SYMBOL_GPL(ip_nat_port_range_to_nfattr);
823 #endif
824
825 +unsigned int
826 +ip_nat_route_input(unsigned int hooknum,
827 + struct sk_buff **pskb,
828 + const struct net_device *in,
829 + const struct net_device *out,
830 + int (*okfn)(struct sk_buff *))
831 +{
832 + struct sk_buff *skb = *pskb;
833 + struct iphdr *iph;
834 + struct ip_conntrack *conn;
835 + enum ip_conntrack_info ctinfo;
836 + enum ip_conntrack_dir dir;
837 + unsigned long statusbit;
838 + u32 saddr;
839 +
840 + if (!(conn = ip_conntrack_get(skb, &ctinfo)))
841 + return NF_ACCEPT;
842 +
843 + if (!(conn->status & IPS_NAT_DONE_MASK))
844 + return NF_ACCEPT;
845 + dir = CTINFO2DIR(ctinfo);
846 + statusbit = IPS_SRC_NAT;
847 + if (dir == IP_CT_DIR_REPLY)
848 + statusbit ^= IPS_NAT_MASK;
849 + if (!(conn->status & statusbit))
850 + return NF_ACCEPT;
851 +
852 + if (skb->dst)
853 + return NF_ACCEPT;
854 +
855 + if (skb->len < sizeof(struct iphdr))
856 + return NF_ACCEPT;
857 +
858 + /* use daddr in other direction as masquerade address (lsrc) */
859 + iph = skb->nh.iph;
860 + saddr = conn->tuplehash[!dir].tuple.dst.ip;
861 + if (saddr == iph->saddr)
862 + return NF_ACCEPT;
863 +
864 + if (ip_route_input_lookup(skb, iph->daddr, iph->saddr, iph->tos,
865 + skb->dev, saddr))
866 + return NF_DROP;
867 +
868 + return NF_ACCEPT;
869 +}
870 +EXPORT_SYMBOL_GPL(ip_nat_route_input);
871 +
872 static int __init ip_nat_init(void)
873 {
874 size_t i;
875 diff -ur v2.6.14/linux/net/ipv4/netfilter/ip_nat_standalone.c linux/net/ipv4/netfilter/ip_nat_standalone.c
876 --- v2.6.14/linux/net/ipv4/netfilter/ip_nat_standalone.c 2005-10-29 14:15:09.000000000 +0300
877 +++ linux/net/ipv4/netfilter/ip_nat_standalone.c 2005-10-29 18:11:32.887759000 +0300
878 @@ -266,6 +266,14 @@
879 .priority = NF_IP_PRI_NAT_DST,
880 };
881
882 +/* Before routing, route before mangling */
883 +static struct nf_hook_ops ip_nat_inr_ops = {
884 + .hook = ip_nat_route_input,
885 + .pf = PF_INET,
886 + .hooknum = NF_IP_PRE_ROUTING,
887 + .priority = NF_IP_PRI_LAST-1,
888 +};
889 +
890 /* After packet filtering, change source */
891 static struct nf_hook_ops ip_nat_out_ops = {
892 .hook = ip_nat_out,
893 @@ -330,10 +338,15 @@
894 printk("ip_nat_init: can't register in hook.\n");
895 goto cleanup_rule_init;
896 }
897 + ret = nf_register_hook(&ip_nat_inr_ops);
898 + if (ret < 0) {
899 + printk("ip_nat_init: can't register inr hook.\n");
900 + goto cleanup_inops;
901 + }
902 ret = nf_register_hook(&ip_nat_out_ops);
903 if (ret < 0) {
904 printk("ip_nat_init: can't register out hook.\n");
905 - goto cleanup_inops;
906 + goto cleanup_inrops;
907 }
908 ret = nf_register_hook(&ip_nat_adjust_in_ops);
909 if (ret < 0) {
910 @@ -367,6 +380,8 @@
911 nf_unregister_hook(&ip_nat_adjust_in_ops);
912 cleanup_outops:
913 nf_unregister_hook(&ip_nat_out_ops);
914 + cleanup_inrops:
915 + nf_unregister_hook(&ip_nat_inr_ops);
916 cleanup_inops:
917 nf_unregister_hook(&ip_nat_in_ops);
918 cleanup_rule_init:
919 diff -ur v2.6.14/linux/net/ipv4/netfilter/ipt_MASQUERADE.c linux/net/ipv4/netfilter/ipt_MASQUERADE.c
920 --- v2.6.14/linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2005-10-29 14:15:09.000000000 +0300
921 +++ linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2005-10-29 18:11:32.887759000 +0300
922 @@ -97,13 +97,31 @@
923 return NF_ACCEPT;
924
925 mr = targinfo;
926 - rt = (struct rtable *)(*pskb)->dst;
927 - newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
928 - if (!newsrc) {
929 - printk("MASQUERADE: %s ate my IP address\n", out->name);
930 - return NF_DROP;
931 +
932 + {
933 + struct flowi fl = { .nl_u = { .ip4_u =
934 + { .daddr = (*pskb)->nh.iph->daddr,
935 + .tos = (RT_TOS((*pskb)->nh.iph->tos) |
936 + RTO_CONN),
937 + .gw = ((struct rtable *) (*pskb)->dst)->rt_gateway,
938 +#ifdef CONFIG_IP_ROUTE_FWMARK
939 + .fwmark = (*pskb)->nfmark
940 +#endif
941 + } },
942 + .oif = out->ifindex };
943 + if (ip_route_output_key(&rt, &fl) != 0) {
944 + /* Funky routing can do this. */
945 + if (net_ratelimit())
946 + printk("MASQUERADE:"
947 + " No route: Rusty's brain broke!\n");
948 + return NF_DROP;
949 + }
950 }
951
952 + newsrc = rt->rt_src;
953 + DEBUGP("newsrc = %u.%u.%u.%u\n", NIPQUAD(newsrc));
954 + ip_rt_put(rt);
955 +
956 write_lock_bh(&masq_lock);
957 ct->nat.masq_index = out->ifindex;
958 write_unlock_bh(&masq_lock);
959 diff -ur v2.6.14/linux/net/ipv4/route.c linux/net/ipv4/route.c
960 --- v2.6.14/linux/net/ipv4/route.c 2005-10-29 14:15:09.000000000 +0300
961 +++ linux/net/ipv4/route.c 2005-10-29 18:11:32.889758696 +0300
962 @@ -1197,6 +1197,7 @@
963
964 /* Gateway is different ... */
965 rt->rt_gateway = new_gw;
966 + if (rt->fl.fl4_gw) rt->fl.fl4_gw = new_gw;
967
968 /* Redirect received -> path was valid */
969 dst_confirm(&rth->u.dst);
970 @@ -1632,6 +1633,7 @@
971 rth->fl.fl4_fwmark= skb->nfmark;
972 #endif
973 rth->fl.fl4_src = saddr;
974 + rth->fl.fl4_lsrc = 0;
975 rth->rt_src = saddr;
976 #ifdef CONFIG_NET_CLS_ROUTE
977 rth->u.dst.tclassid = itag;
978 @@ -1642,6 +1644,7 @@
979 dev_hold(rth->u.dst.dev);
980 rth->idev = in_dev_get(rth->u.dst.dev);
981 rth->fl.oif = 0;
982 + rth->fl.fl4_gw = 0;
983 rth->rt_gateway = daddr;
984 rth->rt_spec_dst= spec_dst;
985 rth->rt_type = RTN_MULTICAST;
986 @@ -1706,7 +1709,7 @@
987 struct fib_result* res,
988 struct in_device *in_dev,
989 u32 daddr, u32 saddr, u32 tos,
990 - struct rtable **result)
991 + u32 lsrc, struct rtable **result)
992 {
993
994 struct rtable *rth;
995 @@ -1739,6 +1742,7 @@
996 flags |= RTCF_DIRECTSRC;
997
998 if (out_dev == in_dev && err && !(flags & (RTCF_NAT | RTCF_MASQ)) &&
999 + !lsrc &&
1000 (IN_DEV_SHARED_MEDIA(out_dev) ||
1001 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1002 flags |= RTCF_DOREDIRECT;
1003 @@ -1778,6 +1782,7 @@
1004 #endif
1005 rth->fl.fl4_src = saddr;
1006 rth->rt_src = saddr;
1007 + rth->fl.fl4_lsrc = lsrc;
1008 rth->rt_gateway = daddr;
1009 rth->rt_iif =
1010 rth->fl.iif = in_dev->dev->ifindex;
1011 @@ -1785,6 +1790,7 @@
1012 dev_hold(rth->u.dst.dev);
1013 rth->idev = in_dev_get(rth->u.dst.dev);
1014 rth->fl.oif = 0;
1015 + rth->fl.fl4_gw = 0;
1016 rth->rt_spec_dst= spec_dst;
1017
1018 rth->u.dst.input = ip_forward;
1019 @@ -1806,19 +1812,20 @@
1020 struct fib_result* res,
1021 const struct flowi *fl,
1022 struct in_device *in_dev,
1023 - u32 daddr, u32 saddr, u32 tos)
1024 + u32 daddr, u32 saddr, u32 tos, u32 lsrc)
1025 {
1026 struct rtable* rth = NULL;
1027 int err;
1028 unsigned hash;
1029
1030 + fib_select_default(fl, res);
1031 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1032 - if (res->fi && res->fi->fib_nhs > 1 && fl->oif == 0)
1033 + if (res->fi && res->fi->fib_nhs > 1)
1034 fib_select_multipath(fl, res);
1035 #endif
1036
1037 /* create a routing cache entry */
1038 - err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
1039 + err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, lsrc, &rth);
1040 if (err)
1041 return err;
1042
1043 @@ -1831,7 +1838,7 @@
1044 struct fib_result* res,
1045 const struct flowi *fl,
1046 struct in_device *in_dev,
1047 - u32 daddr, u32 saddr, u32 tos)
1048 + u32 daddr, u32 saddr, u32 tos, u32 lsrc)
1049 {
1050 #ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
1051 struct rtable* rth = NULL, *rtres;
1052 @@ -1847,7 +1854,7 @@
1053 /* distinguish between multipath and singlepath */
1054 if (hopcount < 2)
1055 return ip_mkroute_input_def(skb, res, fl, in_dev, daddr,
1056 - saddr, tos);
1057 + saddr, tos, 0);
1058
1059 /* add all alternatives to the routing cache */
1060 for (hop = 0; hop < hopcount; hop++) {
1061 @@ -1859,7 +1866,7 @@
1062
1063 /* create a routing cache entry */
1064 err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos,
1065 - &rth);
1066 + 0, &rth);
1067 if (err)
1068 return err;
1069
1070 @@ -1879,7 +1886,7 @@
1071 skb->dst = &rtres->u.dst;
1072 return err;
1073 #else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
1074 - return ip_mkroute_input_def(skb, res, fl, in_dev, daddr, saddr, tos);
1075 + return ip_mkroute_input_def(skb, res, fl, in_dev, daddr, saddr, tos, lsrc);
1076 #endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
1077 }
1078
1079 @@ -1895,20 +1902,20 @@
1080 */
1081
1082 static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr,
1083 - u8 tos, struct net_device *dev)
1084 + u8 tos, struct net_device *dev, u32 lsrc)
1085 {
1086 struct fib_result res;
1087 struct in_device *in_dev = in_dev_get(dev);
1088 struct flowi fl = { .nl_u = { .ip4_u =
1089 { .daddr = daddr,
1090 - .saddr = saddr,
1091 + .saddr = lsrc? : saddr,
1092 .tos = tos,
1093 .scope = RT_SCOPE_UNIVERSE,
1094 #ifdef CONFIG_IP_ROUTE_FWMARK
1095 .fwmark = skb->nfmark
1096 #endif
1097 } },
1098 - .iif = dev->ifindex };
1099 + .iif = lsrc? loopback_dev.ifindex : dev->ifindex };
1100 unsigned flags = 0;
1101 u32 itag = 0;
1102 struct rtable * rth;
1103 @@ -1941,6 +1948,12 @@
1104 if (BADCLASS(daddr) || ZERONET(daddr) || LOOPBACK(daddr))
1105 goto martian_destination;
1106
1107 + if (lsrc) {
1108 + if (MULTICAST(lsrc) || BADCLASS(lsrc) ||
1109 + ZERONET(lsrc) || LOOPBACK(lsrc))
1110 + goto e_inval;
1111 + }
1112 +
1113 /*
1114 * Now we are ready to route packet.
1115 */
1116 @@ -1950,6 +1963,10 @@
1117 goto no_route;
1118 }
1119 free_res = 1;
1120 + if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT)
1121 + goto e_inval;
1122 + fl.iif = dev->ifindex;
1123 + fl.fl4_src = saddr;
1124
1125 RT_CACHE_STAT_INC(in_slow_tot);
1126
1127 @@ -1974,7 +1991,7 @@
1128 if (res.type != RTN_UNICAST)
1129 goto martian_destination;
1130
1131 - err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos);
1132 + err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos, lsrc);
1133 if (err == -ENOBUFS)
1134 goto e_nobufs;
1135 if (err == -EINVAL)
1136 @@ -1989,6 +2006,8 @@
1137 brd_input:
1138 if (skb->protocol != htons(ETH_P_IP))
1139 goto e_inval;
1140 + if (lsrc)
1141 + goto e_inval;
1142
1143 if (ZERONET(saddr))
1144 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
1145 @@ -2031,6 +2050,7 @@
1146 rth->u.dst.dev = &loopback_dev;
1147 dev_hold(rth->u.dst.dev);
1148 rth->idev = in_dev_get(rth->u.dst.dev);
1149 + rth->fl.fl4_gw = 0;
1150 rth->rt_gateway = daddr;
1151 rth->rt_spec_dst= spec_dst;
1152 rth->u.dst.input= ip_local_deliver;
1153 @@ -2080,8 +2100,9 @@
1154 goto e_inval;
1155 }
1156
1157 -int ip_route_input(struct sk_buff *skb, u32 daddr, u32 saddr,
1158 - u8 tos, struct net_device *dev)
1159 +static inline int
1160 +ip_route_input_cached(struct sk_buff *skb, u32 daddr, u32 saddr,
1161 + u8 tos, struct net_device *dev, u32 lsrc)
1162 {
1163 struct rtable * rth;
1164 unsigned hash;
1165 @@ -2096,6 +2117,7 @@
1166 if (rth->fl.fl4_dst == daddr &&
1167 rth->fl.fl4_src == saddr &&
1168 rth->fl.iif == iif &&
1169 + rth->fl.fl4_lsrc == lsrc &&
1170 rth->fl.oif == 0 &&
1171 #ifdef CONFIG_IP_ROUTE_FWMARK
1172 rth->fl.fl4_fwmark == skb->nfmark &&
1173 @@ -2144,7 +2166,19 @@
1174 rcu_read_unlock();
1175 return -EINVAL;
1176 }
1177 - return ip_route_input_slow(skb, daddr, saddr, tos, dev);
1178 + return ip_route_input_slow(skb, daddr, saddr, tos, dev, lsrc);
1179 +}
1180 +
1181 +int ip_route_input(struct sk_buff *skb, u32 daddr, u32 saddr,
1182 + u8 tos, struct net_device *dev)
1183 +{
1184 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, 0);
1185 +}
1186 +
1187 +int ip_route_input_lookup(struct sk_buff *skb, u32 daddr, u32 saddr,
1188 + u8 tos, struct net_device *dev, u32 lsrc)
1189 +{
1190 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, lsrc);
1191 }
1192
1193 static inline int __mkroute_output(struct rtable **result,
1194 @@ -2223,6 +2257,7 @@
1195 rth->fl.fl4_tos = tos;
1196 rth->fl.fl4_src = oldflp->fl4_src;
1197 rth->fl.oif = oldflp->oif;
1198 + rth->fl.fl4_gw = oldflp->fl4_gw;
1199 #ifdef CONFIG_IP_ROUTE_FWMARK
1200 rth->fl.fl4_fwmark= oldflp->fl4_fwmark;
1201 #endif
1202 @@ -2370,6 +2405,7 @@
1203 struct flowi fl = { .nl_u = { .ip4_u =
1204 { .daddr = oldflp->fl4_dst,
1205 .saddr = oldflp->fl4_src,
1206 + .gw = oldflp->fl4_gw,
1207 .tos = tos & IPTOS_RT_MASK,
1208 .scope = ((tos & RTO_ONLINK) ?
1209 RT_SCOPE_LINK :
1210 @@ -2475,6 +2511,7 @@
1211 dev_out = &loopback_dev;
1212 dev_hold(dev_out);
1213 fl.oif = loopback_dev.ifindex;
1214 + fl.fl4_gw = 0;
1215 res.type = RTN_LOCAL;
1216 flags |= RTCF_LOCAL;
1217 goto make_route;
1218 @@ -2482,7 +2519,7 @@
1219
1220 if (fib_lookup(&fl, &res)) {
1221 res.fi = NULL;
1222 - if (oldflp->oif) {
1223 + if (oldflp->oif && dev_out->flags & IFF_UP) {
1224 /* Apparently, routing tables are wrong. Assume,
1225 that the destination is on link.
1226
1227 @@ -2522,6 +2559,7 @@
1228 dev_out = &loopback_dev;
1229 dev_hold(dev_out);
1230 fl.oif = dev_out->ifindex;
1231 + fl.fl4_gw = 0;
1232 if (res.fi)
1233 fib_info_put(res.fi);
1234 res.fi = NULL;
1235 @@ -2529,13 +2567,12 @@
1236 goto make_route;
1237 }
1238
1239 + if (res.type == RTN_UNICAST)
1240 + fib_select_default(&fl, &res);
1241 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1242 - if (res.fi->fib_nhs > 1 && fl.oif == 0)
1243 + if (res.fi->fib_nhs > 1)
1244 fib_select_multipath(&fl, &res);
1245 - else
1246 #endif
1247 - if (!res.prefixlen && res.type == RTN_UNICAST && !fl.oif)
1248 - fib_select_default(&fl, &res);
1249
1250 if (!fl.fl4_src)
1251 fl.fl4_src = FIB_RES_PREFSRC(res);
1252 @@ -2572,6 +2609,7 @@
1253 rth->fl.fl4_src == flp->fl4_src &&
1254 rth->fl.iif == 0 &&
1255 rth->fl.oif == flp->oif &&
1256 + rth->fl.fl4_gw == flp->fl4_gw &&
1257 #ifdef CONFIG_IP_ROUTE_FWMARK
1258 rth->fl.fl4_fwmark == flp->fl4_fwmark &&
1259 #endif
1260 @@ -3211,3 +3249,4 @@
1261 EXPORT_SYMBOL(__ip_select_ident);
1262 EXPORT_SYMBOL(ip_route_input);
1263 EXPORT_SYMBOL(ip_route_output_key);
1264 +EXPORT_SYMBOL(ip_route_input_lookup);
This page took 0.105637 seconds and 5 git commands to generate.