-diff -ur v2.6.14/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
---- v2.6.14/linux/include/net/ip_fib.h 2005-10-29 14:15:09.000000000 +0300
-+++ linux/include/net/ip_fib.h 2005-10-29 18:11:21.300520528 +0300
-@@ -195,7 +195,8 @@
-
- static inline void fib_select_default(const struct flowi *flp, struct fib_result *res)
- {
-- if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
-+ if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
-+ FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)
- ip_fib_main_table->tb_select_default(ip_fib_main_table, flp, res);
- }
-
-@@ -207,6 +208,7 @@
- extern int fib_lookup(const struct flowi *flp, struct fib_result *res);
- extern struct fib_table *__fib_new_table(int id);
- extern void fib_rule_put(struct fib_rule *r);
-+extern int fib_result_table(struct fib_result *res);
-
- static inline struct fib_table *fib_get_table(int id)
- {
-@@ -300,4 +302,6 @@
- extern void fib_proc_exit(void);
- #endif
-
-+extern rwlock_t fib_nhflags_lock;
-+
- #endif /* _NET_FIB_H */
-diff -ur v2.6.14/linux/include/net/route.h linux/include/net/route.h
---- v2.6.14/linux/include/net/route.h 2005-10-29 14:15:09.000000000 +0300
-+++ linux/include/net/route.h 2005-10-29 18:11:32.885759304 +0300
-@@ -117,6 +117,7 @@
- extern int ip_route_output_key(struct rtable **, struct flowi *flp);
- extern int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
- extern int ip_route_input(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin);
-+extern int ip_route_input_lookup(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin, u32 lsrc);
- extern unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu);
- extern void ip_rt_send_redirect(struct sk_buff *skb);
-
-diff -ur v2.6.14/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
---- v2.6.14/linux/net/ipv4/fib_frontend.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/fib_frontend.c 2005-10-29 18:11:21.300520528 +0300
-@@ -54,6 +54,8 @@
- struct fib_table *ip_fib_local_table;
- struct fib_table *ip_fib_main_table;
-
-+#define FIB_RES_TABLE(r) (RT_TABLE_MAIN)
-+
- #else
-
- #define RT_TABLE_MIN 1
-@@ -71,6 +73,7 @@
- return tb;
- }
-
-+#define FIB_RES_TABLE(r) (fib_result_table(r))
-
- #endif /* CONFIG_IP_MULTIPLE_TABLES */
-
-@@ -168,6 +171,9 @@
- .tos = tos } },
- .iif = oif };
- struct fib_result res;
-+ int table;
-+ unsigned char prefixlen;
-+ unsigned char scope;
- int no_addr, rpf;
- int ret;
-
-@@ -189,31 +195,35 @@
- goto e_inval_res;
- *spec_dst = FIB_RES_PREFSRC(res);
- fib_combine_itag(itag, &res);
--#ifdef CONFIG_IP_ROUTE_MULTIPATH
-- if (FIB_RES_DEV(res) == dev || res.fi->fib_nhs > 1)
--#else
- if (FIB_RES_DEV(res) == dev)
--#endif
- {
- ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
- fib_res_put(&res);
- return ret;
- }
-+ table = FIB_RES_TABLE(&res);
-+ prefixlen = res.prefixlen;
-+ scope = res.scope;
- fib_res_put(&res);
- if (no_addr)
- goto last_resort;
-- if (rpf)
-- goto e_inval;
- fl.oif = dev->ifindex;
-
- ret = 0;
- if (fib_lookup(&fl, &res) == 0) {
-- if (res.type == RTN_UNICAST) {
-+ if (res.type == RTN_UNICAST &&
-+ ((table == FIB_RES_TABLE(&res) &&
-+ res.prefixlen >= prefixlen && res.scope >= scope) ||
-+ !rpf)) {
- *spec_dst = FIB_RES_PREFSRC(res);
- ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
-+ fib_res_put(&res);
-+ return ret;
- }
- fib_res_put(&res);
- }
-+ if (rpf)
-+ goto e_inval;
- return ret;
-
- last_resort:
-@@ -584,9 +594,7 @@
- switch (event) {
- case NETDEV_UP:
- fib_add_ifaddr(ifa);
--#ifdef CONFIG_IP_ROUTE_MULTIPATH
- fib_sync_up(ifa->ifa_dev->dev);
--#endif
- rt_cache_flush(-1);
- break;
- case NETDEV_DOWN:
-@@ -622,9 +630,7 @@
- for_ifa(in_dev) {
- fib_add_ifaddr(ifa);
- } endfor_ifa(in_dev);
--#ifdef CONFIG_IP_ROUTE_MULTIPATH
- fib_sync_up(dev);
--#endif
- rt_cache_flush(-1);
- break;
- case NETDEV_DOWN:
-diff -ur v2.6.14/linux/net/ipv4/fib_hash.c linux/net/ipv4/fib_hash.c
---- v2.6.14/linux/net/ipv4/fib_hash.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/fib_hash.c 2005-10-29 18:11:21.301520376 +0300
-@@ -276,30 +276,38 @@
- return err;
- }
-
--static int fn_hash_last_dflt=-1;
--
- static void
- fn_hash_select_default(struct fib_table *tb, const struct flowi *flp, struct fib_result *res)
- {
-- int order, last_idx;
-+ int order, last_idx, last_dflt, last_nhsel;
-+ struct fib_alias *first_fa = NULL;
-+ struct hlist_head *head;
- struct hlist_node *node;
- struct fib_node *f;
- struct fib_info *fi = NULL;
- struct fib_info *last_resort;
- struct fn_hash *t = (struct fn_hash*)tb->tb_data;
-- struct fn_zone *fz = t->fn_zones[0];
-+ struct fn_zone *fz = t->fn_zones[res->prefixlen];
-+ u32 k;
-
- if (fz == NULL)
- return;
-
-+ k = fz_key(flp->fl4_dst, fz);
-+ last_dflt = -2;
-+ last_nhsel = 0;
- last_idx = -1;
- last_resort = NULL;
- order = -1;
-
- read_lock(&fib_hash_lock);
-- hlist_for_each_entry(f, node, &fz->fz_hash[0], fn_hash) {
-+ head = &fz->fz_hash[fn_hash(k, fz)];
-+ hlist_for_each_entry(f, node, head, fn_hash) {
- struct fib_alias *fa;
-
-+ if (f->fn_key != k)
-+ continue;
-+
- list_for_each_entry(fa, &f->fn_alias, fa_list) {
- struct fib_info *next_fi = fa->fa_info;
-
-@@ -307,41 +315,52 @@
- fa->fa_type != RTN_UNICAST)
- continue;
-
-+ if (fa->fa_tos &&
-+ fa->fa_tos != flp->fl4_tos)
-+ continue;
- if (next_fi->fib_priority > res->fi->fib_priority)
- break;
-- if (!next_fi->fib_nh[0].nh_gw ||
-- next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
-- continue;
- fa->fa_state |= FA_S_ACCESSED;
-
-- if (fi == NULL) {
-- if (next_fi != res->fi)
-- break;
-- } else if (!fib_detect_death(fi, order, &last_resort,
-- &last_idx, &fn_hash_last_dflt)) {
-+ if (!first_fa) {
-+ last_dflt = fa->fa_last_dflt;
-+ first_fa = fa;
-+ }
-+ if (fi && !fib_detect_death(fi, order, &last_resort,
-+ &last_idx, &last_dflt, &last_nhsel, flp)) {
- if (res->fi)
- fib_info_put(res->fi);
- res->fi = fi;
- atomic_inc(&fi->fib_clntref);
-- fn_hash_last_dflt = order;
-+ first_fa->fa_last_dflt = order;
- goto out;
- }
- fi = next_fi;
- order++;
- }
-+ break;
- }
-
- if (order <= 0 || fi == NULL) {
-- fn_hash_last_dflt = -1;
-+ if (fi && fi->fib_nhs > 1 &&
-+ fib_detect_death(fi, order, &last_resort, &last_idx,
-+ &last_dflt, &last_nhsel, flp) &&
-+ last_resort == fi) {
-+ read_lock_bh(&fib_nhflags_lock);
-+ fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
-+ read_unlock_bh(&fib_nhflags_lock);
-+ }
-+ if (first_fa) first_fa->fa_last_dflt = -1;
- goto out;
- }
-
-- if (!fib_detect_death(fi, order, &last_resort, &last_idx, &fn_hash_last_dflt)) {
-+ if (!fib_detect_death(fi, order, &last_resort, &last_idx,
-+ &last_dflt, &last_nhsel, flp)) {
- if (res->fi)
- fib_info_put(res->fi);
- res->fi = fi;
- atomic_inc(&fi->fib_clntref);
-- fn_hash_last_dflt = order;
-+ first_fa->fa_last_dflt = order;
- goto out;
- }
-
-@@ -351,8 +370,11 @@
- res->fi = last_resort;
- if (last_resort)
- atomic_inc(&last_resort->fib_clntref);
-+ read_lock_bh(&fib_nhflags_lock);
-+ last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
-+ read_unlock_bh(&fib_nhflags_lock);
-+ first_fa->fa_last_dflt = last_idx;
- }
-- fn_hash_last_dflt = last_idx;
- out:
- read_unlock(&fib_hash_lock);
- }
-@@ -451,6 +473,7 @@
- write_lock_bh(&fib_hash_lock);
- fi_drop = fa->fa_info;
- fa->fa_info = fi;
-+ fa->fa_last_dflt = -1;
- fa->fa_type = type;
- fa->fa_scope = r->rtm_scope;
- state = fa->fa_state;
-@@ -510,6 +533,7 @@
- new_fa->fa_type = type;
- new_fa->fa_scope = r->rtm_scope;
- new_fa->fa_state = 0;
-+ new_fa->fa_last_dflt = -1;
-
- /*
- * Insert new entry to the list.
-diff -ur v2.6.14/linux/net/ipv4/fib_lookup.h linux/net/ipv4/fib_lookup.h
---- v2.6.14/linux/net/ipv4/fib_lookup.h 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/fib_lookup.h 2005-10-29 18:11:21.302520224 +0300
-@@ -9,6 +9,7 @@
- struct list_head fa_list;
- struct rcu_head rcu;
- struct fib_info *fa_info;
-+ int fa_last_dflt;
- u8 fa_tos;
- u8 fa_type;
- u8 fa_scope;
-@@ -40,6 +41,7 @@
- u8 tos, u32 prio);
- extern int fib_detect_death(struct fib_info *fi, int order,
- struct fib_info **last_resort,
-- int *last_idx, int *dflt);
-+ int *last_idx, int *dflt, int *last_nhsel,
-+ const struct flowi *flp);
-
- #endif /* _FIB_LOOKUP_H */
-diff -ur v2.6.14/linux/net/ipv4/fib_rules.c linux/net/ipv4/fib_rules.c
---- v2.6.14/linux/net/ipv4/fib_rules.c 2005-08-29 07:51:29.000000000 +0300
-+++ linux/net/ipv4/fib_rules.c 2005-10-29 18:11:21.302520224 +0300
-@@ -280,6 +280,11 @@
- }
- }
-
-+int fib_result_table(struct fib_result *res)
-+{
-+ return res->r->r_table;
-+}
-+
- int fib_lookup(const struct flowi *flp, struct fib_result *res)
- {
- int err;
-@@ -342,7 +347,8 @@
- void fib_select_default(const struct flowi *flp, struct fib_result *res)
- {
- if (res->r && res->r->r_action == RTN_UNICAST &&
-- FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) {
-+ ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
-+ FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)) {
- struct fib_table *tb;
- if ((tb = fib_get_table(res->r->r_table)) != NULL)
- tb->tb_select_default(tb, flp, res);
-diff -ur v2.6.14/linux/net/ipv4/fib_semantics.c linux/net/ipv4/fib_semantics.c
---- v2.6.14/linux/net/ipv4/fib_semantics.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/fib_semantics.c 2005-10-29 18:11:32.886759152 +0300
-@@ -53,6 +53,7 @@
- static struct hlist_head *fib_info_laddrhash;
- static unsigned int fib_hash_size;
- static unsigned int fib_info_cnt;
-+rwlock_t fib_nhflags_lock = RW_LOCK_UNLOCKED;
-
- #define DEVINDEX_HASHBITS 8
- #define DEVINDEX_HASHSIZE (1U << DEVINDEX_HASHBITS)
-@@ -188,7 +189,7 @@
- #ifdef CONFIG_NET_CLS_ROUTE
- nh->nh_tclassid != onh->nh_tclassid ||
- #endif
-- ((nh->nh_flags^onh->nh_flags)&~RTNH_F_DEAD))
-+ ((nh->nh_flags^onh->nh_flags)&~RTNH_F_BADSTATE))
- return -1;
- onh++;
- } endfor_nexthops(fi);
-@@ -225,7 +226,7 @@
- nfi->fib_priority == fi->fib_priority &&
- memcmp(nfi->fib_metrics, fi->fib_metrics,
- sizeof(fi->fib_metrics)) == 0 &&
-- ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_DEAD) == 0 &&
-+ ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_BADSTATE) == 0 &&
- (nfi->fib_nhs == 0 || nh_comp(fi, nfi) == 0))
- return fi;
- }
-@@ -317,26 +318,70 @@
- }
-
- int fib_detect_death(struct fib_info *fi, int order,
-- struct fib_info **last_resort, int *last_idx, int *dflt)
-+ struct fib_info **last_resort, int *last_idx, int *dflt,
-+ int *last_nhsel, const struct flowi *flp)
- {
- struct neighbour *n;
-- int state = NUD_NONE;
-+ int nhsel;
-+ int state;
-+ struct fib_nh * nh;
-+ u32 dst;
-+ int flag, dead = 1;
-+
-+ /* change_nexthops(fi) { */
-+ for (nhsel = 0, nh = fi->fib_nh; nhsel < fi->fib_nhs; nh++, nhsel++) {
-+ if (flp->oif && flp->oif != nh->nh_oif)
-+ continue;
-+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw && nh->nh_gw &&
-+ nh->nh_scope == RT_SCOPE_LINK)
-+ continue;
-+ if (nh->nh_flags & RTNH_F_DEAD)
-+ continue;
-
-- n = neigh_lookup(&arp_tbl, &fi->fib_nh[0].nh_gw, fi->fib_dev);
-- if (n) {
-- state = n->nud_state;
-- neigh_release(n);
-- }
-- if (state==NUD_REACHABLE)
-- return 0;
-- if ((state&NUD_VALID) && order != *dflt)
-- return 0;
-- if ((state&NUD_VALID) ||
-- (*last_idx<0 && order > *dflt)) {
-- *last_resort = fi;
-- *last_idx = order;
-+ flag = 0;
-+ if (nh->nh_dev->flags & IFF_NOARP) {
-+ dead = 0;
-+ goto setfl;
-+ }
-+
-+ dst = nh->nh_gw;
-+ if (!nh->nh_gw || nh->nh_scope != RT_SCOPE_LINK)
-+ dst = flp->fl4_dst;
-+
-+ state = NUD_NONE;
-+ n = neigh_lookup(&arp_tbl, &dst, nh->nh_dev);
-+ if (n) {
-+ state = n->nud_state;
-+ neigh_release(n);
-+ }
-+ if (state==NUD_REACHABLE ||
-+ ((state&NUD_VALID) && order != *dflt)) {
-+ dead = 0;
-+ goto setfl;
-+ }
-+ if (!(state&NUD_VALID))
-+ flag = 1;
-+ if (!dead)
-+ goto setfl;
-+ if ((state&NUD_VALID) ||
-+ (*last_idx<0 && order >= *dflt)) {
-+ *last_resort = fi;
-+ *last_idx = order;
-+ *last_nhsel = nhsel;
-+ }
-+
-+ setfl:
-+
-+ read_lock_bh(&fib_nhflags_lock);
-+ if (flag)
-+ nh->nh_flags |= RTNH_F_SUSPECT;
-+ else
-+ nh->nh_flags &= ~RTNH_F_SUSPECT;
-+ read_unlock_bh(&fib_nhflags_lock);
- }
-- return 1;
-+ /* } endfor_nexthops(fi) */
-+
-+ return dead;
- }
-
- #ifdef CONFIG_IP_ROUTE_MULTIPATH
-@@ -507,8 +552,11 @@
- return -EINVAL;
- if ((dev = __dev_get_by_index(nh->nh_oif)) == NULL)
- return -ENODEV;
-- if (!(dev->flags&IFF_UP))
-- return -ENETDOWN;
-+ if (!(dev->flags&IFF_UP)) {
-+ if (fi->fib_protocol != RTPROT_STATIC)
-+ return -ENETDOWN;
-+ nh->nh_flags |= RTNH_F_DEAD;
-+ }
- nh->nh_dev = dev;
- dev_hold(dev);
- nh->nh_scope = RT_SCOPE_LINK;
-@@ -523,24 +571,48 @@
- /* It is not necessary, but requires a bit of thinking */
- if (fl.fl4_scope < RT_SCOPE_LINK)
- fl.fl4_scope = RT_SCOPE_LINK;
-- if ((err = fib_lookup(&fl, &res)) != 0)
-- return err;
-+ err = fib_lookup(&fl, &res);
- }
-- err = -EINVAL;
-- if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
-- goto out;
-- nh->nh_scope = res.scope;
-- nh->nh_oif = FIB_RES_OIF(res);
-- if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
-- goto out;
-- dev_hold(nh->nh_dev);
-- err = -ENETDOWN;
-- if (!(nh->nh_dev->flags & IFF_UP))
-- goto out;
-- err = 0;
-+ if (err) {
-+ struct in_device *in_dev;
-+
-+ if (err != -ENETUNREACH ||
-+ fi->fib_protocol != RTPROT_STATIC)
-+ return err;
-+
-+ in_dev = inetdev_by_index(nh->nh_oif);
-+ if (in_dev == NULL ||
-+ in_dev->dev->flags & IFF_UP) {
-+ if (in_dev)
-+ in_dev_put(in_dev);
-+ return err;
-+ }
-+ nh->nh_flags |= RTNH_F_DEAD;
-+ nh->nh_scope = RT_SCOPE_LINK;
-+ nh->nh_dev = in_dev->dev;
-+ dev_hold(nh->nh_dev);
-+ in_dev_put(in_dev);
-+ } else {
-+ err = -EINVAL;
-+ if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
-+ goto out;
-+ nh->nh_scope = res.scope;
-+ nh->nh_oif = FIB_RES_OIF(res);
-+ if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
-+ goto out;
-+ dev_hold(nh->nh_dev);
-+ if (!(nh->nh_dev->flags & IFF_UP)) {
-+ if (fi->fib_protocol != RTPROT_STATIC) {
-+ err = -ENETDOWN;
-+ goto out;
-+ }
-+ nh->nh_flags |= RTNH_F_DEAD;
-+ }
-+ err = 0;
- out:
-- fib_res_put(&res);
-- return err;
-+ fib_res_put(&res);
-+ return err;
-+ }
- } else {
- struct in_device *in_dev;
-
-@@ -551,8 +623,11 @@
- if (in_dev == NULL)
- return -ENODEV;
- if (!(in_dev->dev->flags&IFF_UP)) {
-- in_dev_put(in_dev);
-- return -ENETDOWN;
-+ if (fi->fib_protocol != RTPROT_STATIC) {
-+ in_dev_put(in_dev);
-+ return -ENETDOWN;
-+ }
-+ nh->nh_flags |= RTNH_F_DEAD;
- }
- nh->nh_dev = in_dev->dev;
- dev_hold(nh->nh_dev);
-@@ -890,8 +965,12 @@
- for_nexthops(fi) {
- if (nh->nh_flags&RTNH_F_DEAD)
- continue;
-- if (!flp->oif || flp->oif == nh->nh_oif)
-- break;
-+ if (flp->oif && flp->oif != nh->nh_oif)
-+ continue;
-+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
-+ nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
-+ continue;
-+ break;
- }
- #ifdef CONFIG_IP_ROUTE_MULTIPATH
- if (nhsel < fi->fib_nhs) {
-@@ -1197,18 +1276,29 @@
- prev_fi = fi;
- dead = 0;
- change_nexthops(fi) {
-- if (nh->nh_flags&RTNH_F_DEAD)
-- dead++;
-- else if (nh->nh_dev == dev &&
-- nh->nh_scope != scope) {
-- nh->nh_flags |= RTNH_F_DEAD;
-+ if (nh->nh_flags&RTNH_F_DEAD) {
-+ if (fi->fib_protocol!=RTPROT_STATIC ||
-+ nh->nh_dev == NULL ||
-+ __in_dev_get_rtnl(nh->nh_dev) == NULL ||
-+ nh->nh_dev->flags&IFF_UP)
-+ dead++;
-+ } else if (nh->nh_dev == dev &&
-+ nh->nh_scope != scope) {
-+ write_lock_bh(&fib_nhflags_lock);
- #ifdef CONFIG_IP_ROUTE_MULTIPATH
-- spin_lock_bh(&fib_multipath_lock);
-+ spin_lock(&fib_multipath_lock);
-+ nh->nh_flags |= RTNH_F_DEAD;
- fi->fib_power -= nh->nh_power;
- nh->nh_power = 0;
-- spin_unlock_bh(&fib_multipath_lock);
-+ spin_unlock(&fib_multipath_lock);
-+#else
-+ nh->nh_flags |= RTNH_F_DEAD;
- #endif
-- dead++;
-+ write_unlock_bh(&fib_nhflags_lock);
-+ if (fi->fib_protocol!=RTPROT_STATIC ||
-+ force ||
-+ __in_dev_get_rtnl(dev) == NULL)
-+ dead++;
- }
- #ifdef CONFIG_IP_ROUTE_MULTIPATH
- if (force > 1 && nh->nh_dev == dev) {
-@@ -1227,11 +1317,8 @@
- return ret;
- }
-
--#ifdef CONFIG_IP_ROUTE_MULTIPATH
--
- /*
-- Dead device goes up. We wake up dead nexthops.
-- It takes sense only on multipath routes.
-+ Dead device goes up or new address is added. We wake up dead nexthops.
- */
-
- int fib_sync_up(struct net_device *dev)
-@@ -1241,8 +1328,10 @@
- struct hlist_head *head;
- struct hlist_node *node;
- struct fib_nh *nh;
-- int ret;
-+ struct fib_result res;
-+ int ret, rep;
-
-+repeat:
- if (!(dev->flags&IFF_UP))
- return 0;
-
-@@ -1250,6 +1339,7 @@
- hash = fib_devindex_hashfn(dev->ifindex);
- head = &fib_info_devhash[hash];
- ret = 0;
-+ rep = 0;
-
- hlist_for_each_entry(nh, node, head, nh_hash) {
- struct fib_info *fi = nh->nh_parent;
-@@ -1262,19 +1352,37 @@
- prev_fi = fi;
- alive = 0;
- change_nexthops(fi) {
-- if (!(nh->nh_flags&RTNH_F_DEAD)) {
-- alive++;
-+ if (!(nh->nh_flags&RTNH_F_DEAD))
- continue;
-- }
- if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP))
- continue;
- if (nh->nh_dev != dev || !__in_dev_get_rtnl(dev))
- continue;
-+ if (nh->nh_gw && fi->fib_protocol == RTPROT_STATIC) {
-+ struct flowi fl = {
-+ .nl_u = { .ip4_u =
-+ { .daddr = nh->nh_gw,
-+ .scope = nh->nh_scope } },
-+ .oif = nh->nh_oif,
-+ };
-+ if (fib_lookup(&fl, &res) != 0)
-+ continue;
-+ if (res.type != RTN_UNICAST &&
-+ res.type != RTN_LOCAL) {
-+ fib_res_put(&res);
-+ continue;
-+ }
-+ nh->nh_scope = res.scope;
-+ fib_res_put(&res);
-+ rep = 1;
-+ }
- alive++;
-+#ifdef CONFIG_IP_ROUTE_MULTIPATH
- spin_lock_bh(&fib_multipath_lock);
- nh->nh_power = 0;
- nh->nh_flags &= ~RTNH_F_DEAD;
- spin_unlock_bh(&fib_multipath_lock);
-+#endif
- } endfor_nexthops(fi)
-
- if (alive > 0) {
-@@ -1282,10 +1390,14 @@
- ret++;
- }
- }
-+ if (rep)
-+ goto repeat;
-
- return ret;
- }
-
-+#ifdef CONFIG_IP_ROUTE_MULTIPATH
-+
- /*
- The algorithm is suboptimal, but it provides really
- fair weighted route distribution.
-@@ -1294,24 +1406,45 @@
- void fib_select_multipath(const struct flowi *flp, struct fib_result *res)
- {
- struct fib_info *fi = res->fi;
-- int w;
-+ int w, alive;
-
- spin_lock_bh(&fib_multipath_lock);
-+ if (flp->oif) {
-+ int sel = -1;
-+ w = -1;
-+ change_nexthops(fi) {
-+ if (flp->oif != nh->nh_oif)
-+ continue;
-+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
-+ nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
-+ continue;
-+ if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
-+ if (nh->nh_power > w) {
-+ w = nh->nh_power;
-+ sel = nhsel;
-+ }
-+ }
-+ } endfor_nexthops(fi);
-+ if (sel >= 0) {
-+ spin_unlock_bh(&fib_multipath_lock);
-+ res->nh_sel = sel;
-+ return;
-+ }
-+ goto last_resort;
-+ }
-+
-+repeat:
- if (fi->fib_power <= 0) {
- int power = 0;
- change_nexthops(fi) {
-- if (!(nh->nh_flags&RTNH_F_DEAD)) {
-+ if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
- power += nh->nh_weight;
- nh->nh_power = nh->nh_weight;
- }
- } endfor_nexthops(fi);
- fi->fib_power = power;
-- if (power <= 0) {
-- spin_unlock_bh(&fib_multipath_lock);
-- /* Race condition: route has just become dead. */
-- res->nh_sel = 0;
-- return;
-- }
-+ if (power <= 0)
-+ goto last_resort;
- }
-
-
-@@ -1321,20 +1454,40 @@
-
- w = jiffies % fi->fib_power;
-
-+ alive = 0;
- change_nexthops(fi) {
-- if (!(nh->nh_flags&RTNH_F_DEAD) && nh->nh_power) {
-+ if (!(nh->nh_flags&RTNH_F_BADSTATE) && nh->nh_power) {
- if ((w -= nh->nh_power) <= 0) {
- nh->nh_power--;
- fi->fib_power--;
-- res->nh_sel = nhsel;
- spin_unlock_bh(&fib_multipath_lock);
-+ res->nh_sel = nhsel;
- return;
- }
-+ alive = 1;
-+ }
-+ } endfor_nexthops(fi);
-+ if (alive) {
-+ fi->fib_power = 0;
-+ goto repeat;
-+ }
-+
-+last_resort:
-+
-+ for_nexthops(fi) {
-+ if (!(nh->nh_flags&RTNH_F_DEAD)) {
-+ if (flp->oif && flp->oif != nh->nh_oif)
-+ continue;
-+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
-+ nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
-+ continue;
-+ spin_unlock_bh(&fib_multipath_lock);
-+ res->nh_sel = nhsel;
-+ return;
- }
- } endfor_nexthops(fi);
-
- /* Race condition: route has just become dead. */
-- res->nh_sel = 0;
- spin_unlock_bh(&fib_multipath_lock);
- }
- #endif
-diff -ur v2.6.14/linux/net/ipv4/netfilter/ip_nat_core.c linux/net/ipv4/netfilter/ip_nat_core.c
---- v2.6.14/linux/net/ipv4/netfilter/ip_nat_core.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/netfilter/ip_nat_core.c 2005-10-29 18:11:32.887759000 +0300
-@@ -591,6 +591,53 @@
- EXPORT_SYMBOL_GPL(ip_nat_port_range_to_nfattr);
- #endif
-
-+unsigned int
-+ip_nat_route_input(unsigned int hooknum,
-+ struct sk_buff **pskb,
-+ const struct net_device *in,
-+ const struct net_device *out,
-+ int (*okfn)(struct sk_buff *))
-+{
-+ struct sk_buff *skb = *pskb;
-+ struct iphdr *iph;
-+ struct ip_conntrack *conn;
-+ enum ip_conntrack_info ctinfo;
-+ enum ip_conntrack_dir dir;
-+ unsigned long statusbit;
-+ u32 saddr;
-+
-+ if (!(conn = ip_conntrack_get(skb, &ctinfo)))
-+ return NF_ACCEPT;
-+
-+ if (!(conn->status & IPS_NAT_DONE_MASK))
-+ return NF_ACCEPT;
-+ dir = CTINFO2DIR(ctinfo);
-+ statusbit = IPS_SRC_NAT;
-+ if (dir == IP_CT_DIR_REPLY)
-+ statusbit ^= IPS_NAT_MASK;
-+ if (!(conn->status & statusbit))
-+ return NF_ACCEPT;
-+
-+ if (skb->dst)
-+ return NF_ACCEPT;
-+
-+ if (skb->len < sizeof(struct iphdr))
-+ return NF_ACCEPT;
-+
-+ /* use daddr in other direction as masquerade address (lsrc) */
-+ iph = skb->nh.iph;
-+ saddr = conn->tuplehash[!dir].tuple.dst.ip;
-+ if (saddr == iph->saddr)
-+ return NF_ACCEPT;
-+
-+ if (ip_route_input_lookup(skb, iph->daddr, iph->saddr, iph->tos,
-+ skb->dev, saddr))
-+ return NF_DROP;
-+
-+ return NF_ACCEPT;
-+}
-+EXPORT_SYMBOL_GPL(ip_nat_route_input);
-+
- static int __init ip_nat_init(void)
- {
- size_t i;
-diff -ur v2.6.14/linux/net/ipv4/netfilter/ip_nat_standalone.c linux/net/ipv4/netfilter/ip_nat_standalone.c
---- v2.6.14/linux/net/ipv4/netfilter/ip_nat_standalone.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/netfilter/ip_nat_standalone.c 2005-10-29 18:11:32.887759000 +0300
-@@ -266,6 +266,14 @@
- .priority = NF_IP_PRI_NAT_DST,
- };
-
-+/* Before routing, route before mangling */
-+static struct nf_hook_ops ip_nat_inr_ops = {
-+ .hook = ip_nat_route_input,
-+ .pf = PF_INET,
-+ .hooknum = NF_IP_PRE_ROUTING,
-+ .priority = NF_IP_PRI_LAST-1,
-+};
-+
- /* After packet filtering, change source */
- static struct nf_hook_ops ip_nat_out_ops = {
- .hook = ip_nat_out,
-@@ -330,10 +338,15 @@
- printk("ip_nat_init: can't register in hook.\n");
- goto cleanup_rule_init;
- }
-+ ret = nf_register_hook(&ip_nat_inr_ops);
-+ if (ret < 0) {
-+ printk("ip_nat_init: can't register inr hook.\n");
-+ goto cleanup_inops;
-+ }
- ret = nf_register_hook(&ip_nat_out_ops);
- if (ret < 0) {
- printk("ip_nat_init: can't register out hook.\n");
-- goto cleanup_inops;
-+ goto cleanup_inrops;
- }
- ret = nf_register_hook(&ip_nat_adjust_in_ops);
- if (ret < 0) {
-@@ -367,6 +380,8 @@
- nf_unregister_hook(&ip_nat_adjust_in_ops);
- cleanup_outops:
- nf_unregister_hook(&ip_nat_out_ops);
-+ cleanup_inrops:
-+ nf_unregister_hook(&ip_nat_inr_ops);
- cleanup_inops:
- nf_unregister_hook(&ip_nat_in_ops);
- cleanup_rule_init:
-diff -ur v2.6.14/linux/net/ipv4/netfilter/ipt_MASQUERADE.c linux/net/ipv4/netfilter/ipt_MASQUERADE.c
---- v2.6.14/linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2005-10-29 18:11:32.887759000 +0300
-@@ -97,13 +97,31 @@
- return NF_ACCEPT;
-
- mr = targinfo;
-- rt = (struct rtable *)(*pskb)->dst;
-- newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
-- if (!newsrc) {
-- printk("MASQUERADE: %s ate my IP address\n", out->name);
-- return NF_DROP;
-+
-+ {
-+ struct flowi fl = { .nl_u = { .ip4_u =
-+ { .daddr = (*pskb)->nh.iph->daddr,
-+ .tos = (RT_TOS((*pskb)->nh.iph->tos) |
-+ RTO_CONN),
-+ .gw = ((struct rtable *) (*pskb)->dst)->rt_gateway,
-+#ifdef CONFIG_IP_ROUTE_FWMARK
-+ .fwmark = (*pskb)->nfmark
-+#endif
-+ } },
-+ .oif = out->ifindex };
-+ if (ip_route_output_key(&rt, &fl) != 0) {
-+ /* Funky routing can do this. */
-+ if (net_ratelimit())
-+ printk("MASQUERADE:"
-+ " No route: Rusty's brain broke!\n");
-+ return NF_DROP;
-+ }
- }
-
-+ newsrc = rt->rt_src;
-+ DEBUGP("newsrc = %u.%u.%u.%u\n", NIPQUAD(newsrc));
-+ ip_rt_put(rt);
-+
- write_lock_bh(&masq_lock);
- ct->nat.masq_index = out->ifindex;
- write_unlock_bh(&masq_lock);
-diff -ur v2.6.14/linux/net/ipv4/route.c linux/net/ipv4/route.c
---- v2.6.14/linux/net/ipv4/route.c 2005-10-29 14:15:09.000000000 +0300
-+++ linux/net/ipv4/route.c 2005-10-29 18:11:32.889758696 +0300
-@@ -1197,6 +1197,7 @@