1 diff -urp v2.6.28/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h
2 --- v2.6.28/linux/include/linux/rtnetlink.h 2008-12-25 10:12:24.000000000 +0200
3 +++ linux/include/linux/rtnetlink.h 2009-02-06 09:43:23.000000000 +0200
4 @@ -304,6 +304,8 @@ struct rtnexthop
5 #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
6 #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
7 #define RTNH_F_ONLINK 4 /* Gateway is forced on link */
8 +#define RTNH_F_SUSPECT 8 /* We don't know the real state */
9 +#define RTNH_F_BADSTATE (RTNH_F_DEAD | RTNH_F_SUSPECT)
11 /* Macros to handle hexthops */
13 diff -urp v2.6.28/linux/include/net/flow.h linux/include/net/flow.h
14 --- v2.6.28/linux/include/net/flow.h 2008-12-25 10:12:24.000000000 +0200
15 +++ linux/include/net/flow.h 2009-02-06 09:43:23.000000000 +0200
16 @@ -19,6 +19,8 @@ struct flowi {
25 @@ -43,6 +45,8 @@ struct flowi {
26 #define fl6_flowlabel nl_u.ip6_u.flowlabel
27 #define fl4_dst nl_u.ip4_u.daddr
28 #define fl4_src nl_u.ip4_u.saddr
29 +#define fl4_lsrc nl_u.ip4_u.lsrc
30 +#define fl4_gw nl_u.ip4_u.gw
31 #define fl4_tos nl_u.ip4_u.tos
32 #define fl4_scope nl_u.ip4_u.scope
34 diff -urp v2.6.28/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
35 --- v2.6.28/linux/include/net/ip_fib.h 2008-04-17 09:58:08.000000000 +0300
36 +++ linux/include/net/ip_fib.h 2009-02-06 09:43:23.000000000 +0200
37 @@ -207,6 +207,8 @@ extern int fib_lookup(struct net *n, str
38 extern struct fib_table *fib_new_table(struct net *net, u32 id);
39 extern struct fib_table *fib_get_table(struct net *net, u32 id);
41 +extern int fib_result_table(struct fib_result *res);
43 #endif /* CONFIG_IP_MULTIPLE_TABLES */
45 /* Exported by fib_frontend.c */
46 @@ -276,4 +278,6 @@ static inline void fib_proc_exit(struct
50 +extern rwlock_t fib_nhflags_lock;
52 #endif /* _NET_FIB_H */
53 diff -urp v2.6.28/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h
54 --- v2.6.28/linux/include/net/netfilter/nf_nat.h 2008-04-17 09:58:08.000000000 +0300
55 +++ linux/include/net/netfilter/nf_nat.h 2009-02-06 09:43:23.000000000 +0200
56 @@ -77,6 +77,13 @@ struct nf_conn_nat
60 +/* Call input routing for SNAT-ed traffic */
61 +extern unsigned int ip_nat_route_input(unsigned int hooknum,
62 + struct sk_buff *skb,
63 + const struct net_device *in,
64 + const struct net_device *out,
65 + int (*okfn)(struct sk_buff *));
67 /* Set up the info structure to map into this range. */
68 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
69 const struct nf_nat_range *range,
70 diff -urp v2.6.28/linux/include/net/route.h linux/include/net/route.h
71 --- v2.6.28/linux/include/net/route.h 2008-12-25 10:12:24.000000000 +0200
72 +++ linux/include/net/route.h 2009-02-06 09:43:23.000000000 +0200
73 @@ -116,6 +116,7 @@ extern int __ip_route_output_key(struct
74 extern int ip_route_output_key(struct net *, struct rtable **, struct flowi *flp);
75 extern int ip_route_output_flow(struct net *, struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
76 extern int ip_route_input(struct sk_buff*, __be32 dst, __be32 src, u8 tos, struct net_device *devin);
77 +extern int ip_route_input_lookup(struct sk_buff*, __be32 dst, __be32 src, u8 tos, struct net_device *devin, __be32 lsrc);
78 extern unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph, unsigned short new_mtu, struct net_device *dev);
79 extern void ip_rt_send_redirect(struct sk_buff *skb);
81 diff -urp v2.6.28/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c
82 --- v2.6.28/linux/net/bridge/br_netfilter.c 2008-12-25 10:12:25.000000000 +0200
83 +++ linux/net/bridge/br_netfilter.c 2009-02-06 09:43:23.000000000 +0200
84 @@ -341,6 +341,10 @@ static int br_nf_pre_routing_finish(stru
85 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
88 + /* Old skb->dst is not expected, it is lost in all cases */
89 + dst_release(skb->dst);
92 if (nf_bridge->mask & BRNF_PKT_TYPE) {
93 skb->pkt_type = PACKET_OTHERHOST;
94 nf_bridge->mask ^= BRNF_PKT_TYPE;
95 diff -urp v2.6.28/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
96 --- v2.6.28/linux/net/ipv4/fib_frontend.c 2008-10-11 12:46:16.000000000 +0300
97 +++ linux/net/ipv4/fib_frontend.c 2009-02-06 09:43:23.000000000 +0200
100 #ifndef CONFIG_IP_MULTIPLE_TABLES
102 +#define FIB_RES_TABLE(r) (RT_TABLE_MAIN)
104 static int __net_init fib4_rules_init(struct net *net)
106 struct fib_table *local_table, *main_table;
107 @@ -71,6 +73,8 @@ fail:
111 +#define FIB_RES_TABLE(r) (fib_result_table(r))
113 struct fib_table *fib_new_table(struct net *net, u32 id)
115 struct fib_table *tb;
116 @@ -125,7 +129,8 @@ void fib_select_default(struct net *net,
117 table = res->r->table;
119 tb = fib_get_table(net, table);
120 - if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
121 + if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
122 + FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)
123 tb->tb_select_default(tb, flp, res);
126 @@ -239,6 +244,9 @@ int fib_validate_source(__be32 src, __be
129 struct fib_result res;
131 + unsigned char prefixlen;
132 + unsigned char scope;
136 @@ -262,31 +270,35 @@ int fib_validate_source(__be32 src, __be
138 *spec_dst = FIB_RES_PREFSRC(res);
139 fib_combine_itag(itag, &res);
140 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
141 - if (FIB_RES_DEV(res) == dev || res.fi->fib_nhs > 1)
143 if (FIB_RES_DEV(res) == dev)
146 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
150 + table = FIB_RES_TABLE(&res);
151 + prefixlen = res.prefixlen;
158 fl.oif = dev->ifindex;
161 if (fib_lookup(net, &fl, &res) == 0) {
162 - if (res.type == RTN_UNICAST) {
163 + if (res.type == RTN_UNICAST &&
164 + ((table == FIB_RES_TABLE(&res) &&
165 + res.prefixlen >= prefixlen && res.scope >= scope) ||
167 *spec_dst = FIB_RES_PREFSRC(res);
168 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
179 @@ -909,9 +921,7 @@ static int fib_inetaddr_event(struct not
183 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
186 rt_cache_flush(dev_net(dev), -1);
189 @@ -947,9 +957,7 @@ static int fib_netdev_event(struct notif
192 } endfor_ifa(in_dev);
193 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
196 rt_cache_flush(dev_net(dev), -1);
199 diff -urp v2.6.28/linux/net/ipv4/fib_hash.c linux/net/ipv4/fib_hash.c
200 --- v2.6.28/linux/net/ipv4/fib_hash.c 2008-10-11 12:46:16.000000000 +0300
201 +++ linux/net/ipv4/fib_hash.c 2009-02-06 09:43:23.000000000 +0200
202 @@ -278,25 +278,35 @@ out:
204 fn_hash_select_default(struct fib_table *tb, const struct flowi *flp, struct fib_result *res)
206 - int order, last_idx;
207 + int order, last_idx, last_dflt, last_nhsel;
208 + struct fib_alias *first_fa = NULL;
209 + struct hlist_head *head;
210 struct hlist_node *node;
212 struct fib_info *fi = NULL;
213 struct fib_info *last_resort;
214 struct fn_hash *t = (struct fn_hash *)tb->tb_data;
215 - struct fn_zone *fz = t->fn_zones[0];
216 + struct fn_zone *fz = t->fn_zones[res->prefixlen];
222 + k = fz_key(flp->fl4_dst, fz);
229 read_lock(&fib_hash_lock);
230 - hlist_for_each_entry(f, node, &fz->fz_hash[0], fn_hash) {
231 + head = &fz->fz_hash[fn_hash(k, fz)];
232 + hlist_for_each_entry(f, node, head, fn_hash) {
233 struct fib_alias *fa;
235 + if (f->fn_key != k)
238 list_for_each_entry(fa, &f->fn_alias, fa_list) {
239 struct fib_info *next_fi = fa->fa_info;
241 @@ -304,42 +314,56 @@ fn_hash_select_default(struct fib_table
242 fa->fa_type != RTN_UNICAST)
246 + fa->fa_tos != flp->fl4_tos)
248 if (next_fi->fib_priority > res->fi->fib_priority)
250 - if (!next_fi->fib_nh[0].nh_gw ||
251 - next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
253 fa->fa_state |= FA_S_ACCESSED;
256 - if (next_fi != res->fi)
258 - } else if (!fib_detect_death(fi, order, &last_resort,
259 - &last_idx, tb->tb_default)) {
261 + last_dflt = fa->fa_last_dflt;
264 + if (fi && !fib_detect_death(fi, order, &last_resort,
265 + &last_idx, &last_dflt, &last_nhsel, flp)) {
266 fib_result_assign(res, fi);
267 - tb->tb_default = order;
268 + first_fa->fa_last_dflt = order;
277 if (order <= 0 || fi == NULL) {
278 - tb->tb_default = -1;
279 + if (fi && fi->fib_nhs > 1 &&
280 + fib_detect_death(fi, order, &last_resort, &last_idx,
281 + &last_dflt, &last_nhsel, flp) &&
282 + last_resort == fi) {
283 + read_lock_bh(&fib_nhflags_lock);
284 + fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
285 + read_unlock_bh(&fib_nhflags_lock);
287 + if (first_fa) first_fa->fa_last_dflt = -1;
291 if (!fib_detect_death(fi, order, &last_resort, &last_idx,
293 + &last_dflt, &last_nhsel, flp)) {
294 fib_result_assign(res, fi);
295 - tb->tb_default = order;
296 + first_fa->fa_last_dflt = order;
301 + if (last_idx >= 0) {
302 fib_result_assign(res, last_resort);
303 - tb->tb_default = last_idx;
304 + read_lock_bh(&fib_nhflags_lock);
305 + last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
306 + read_unlock_bh(&fib_nhflags_lock);
307 + first_fa->fa_last_dflt = last_idx;
310 read_unlock(&fib_hash_lock);
312 @@ -463,6 +487,7 @@ static int fn_hash_insert(struct fib_tab
313 write_lock_bh(&fib_hash_lock);
314 fi_drop = fa->fa_info;
316 + fa->fa_last_dflt = -1;
317 fa->fa_type = cfg->fc_type;
318 fa->fa_scope = cfg->fc_scope;
319 state = fa->fa_state;
320 @@ -517,6 +542,7 @@ static int fn_hash_insert(struct fib_tab
321 new_fa->fa_type = cfg->fc_type;
322 new_fa->fa_scope = cfg->fc_scope;
323 new_fa->fa_state = 0;
324 + new_fa->fa_last_dflt = -1;
327 * Insert new entry to the list.
328 diff -urp v2.6.28/linux/net/ipv4/fib_lookup.h linux/net/ipv4/fib_lookup.h
329 --- v2.6.28/linux/net/ipv4/fib_lookup.h 2008-04-17 09:58:09.000000000 +0300
330 +++ linux/net/ipv4/fib_lookup.h 2009-02-06 09:43:23.000000000 +0200
333 struct list_head fa_list;
334 struct fib_info *fa_info;
339 @@ -38,7 +39,8 @@ extern struct fib_alias *fib_find_alias(
341 extern int fib_detect_death(struct fib_info *fi, int order,
342 struct fib_info **last_resort,
343 - int *last_idx, int dflt);
344 + int *last_idx, int *dflt, int *last_nhsel,
345 + const struct flowi *flp);
347 static inline void fib_result_assign(struct fib_result *res,
349 diff -urp v2.6.28/linux/net/ipv4/fib_rules.c linux/net/ipv4/fib_rules.c
350 --- v2.6.28/linux/net/ipv4/fib_rules.c 2008-10-11 12:46:16.000000000 +0300
351 +++ linux/net/ipv4/fib_rules.c 2009-02-06 09:43:23.000000000 +0200
352 @@ -54,6 +54,11 @@ u32 fib_rules_tclass(struct fib_result *
356 +int fib_result_table(struct fib_result *res)
358 + return res->r->table;
361 int fib_lookup(struct net *net, struct flowi *flp, struct fib_result *res)
363 struct fib_lookup_arg arg = {
364 diff -urp v2.6.28/linux/net/ipv4/fib_semantics.c linux/net/ipv4/fib_semantics.c
365 --- v2.6.28/linux/net/ipv4/fib_semantics.c 2008-10-11 12:46:16.000000000 +0300
366 +++ linux/net/ipv4/fib_semantics.c 2009-02-06 09:43:23.000000000 +0200
367 @@ -50,6 +50,7 @@ static struct hlist_head *fib_info_hash;
368 static struct hlist_head *fib_info_laddrhash;
369 static unsigned int fib_hash_size;
370 static unsigned int fib_info_cnt;
371 +rwlock_t fib_nhflags_lock = RW_LOCK_UNLOCKED;
373 #define DEVINDEX_HASHBITS 8
374 #define DEVINDEX_HASHSIZE (1U << DEVINDEX_HASHBITS)
375 @@ -186,7 +187,7 @@ static __inline__ int nh_comp(const stru
376 #ifdef CONFIG_NET_CLS_ROUTE
377 nh->nh_tclassid != onh->nh_tclassid ||
379 - ((nh->nh_flags^onh->nh_flags)&~RTNH_F_DEAD))
380 + ((nh->nh_flags^onh->nh_flags)&~RTNH_F_BADSTATE))
383 } endfor_nexthops(fi);
384 @@ -237,7 +238,7 @@ static struct fib_info *fib_find_info(co
385 nfi->fib_priority == fi->fib_priority &&
386 memcmp(nfi->fib_metrics, fi->fib_metrics,
387 sizeof(fi->fib_metrics)) == 0 &&
388 - ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_DEAD) == 0 &&
389 + ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_BADSTATE) == 0 &&
390 (nfi->fib_nhs == 0 || nh_comp(fi, nfi) == 0))
393 @@ -348,26 +349,70 @@ struct fib_alias *fib_find_alias(struct
396 int fib_detect_death(struct fib_info *fi, int order,
397 - struct fib_info **last_resort, int *last_idx, int dflt)
398 + struct fib_info **last_resort, int *last_idx, int *dflt,
399 + int *last_nhsel, const struct flowi *flp)
402 - int state = NUD_NONE;
405 + struct fib_nh * nh;
407 + int flag, dead = 1;
409 + /* change_nexthops(fi) { */
410 + for (nhsel = 0, nh = fi->fib_nh; nhsel < fi->fib_nhs; nh++, nhsel++) {
411 + if (flp->oif && flp->oif != nh->nh_oif)
413 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw && nh->nh_gw &&
414 + nh->nh_scope == RT_SCOPE_LINK)
416 + if (nh->nh_flags & RTNH_F_DEAD)
419 - n = neigh_lookup(&arp_tbl, &fi->fib_nh[0].nh_gw, fi->fib_dev);
421 - state = n->nud_state;
424 - if (state == NUD_REACHABLE)
426 - if ((state&NUD_VALID) && order != dflt)
428 - if ((state&NUD_VALID) ||
429 - (*last_idx<0 && order > dflt)) {
433 + if (nh->nh_dev->flags & IFF_NOARP) {
439 + if (!nh->nh_gw || nh->nh_scope != RT_SCOPE_LINK)
440 + dst = flp->fl4_dst;
443 + n = neigh_lookup(&arp_tbl, &dst, nh->nh_dev);
445 + state = n->nud_state;
448 + if (state == NUD_REACHABLE ||
449 + ((state&NUD_VALID) && order != *dflt)) {
453 + if (!(state&NUD_VALID))
457 + if ((state&NUD_VALID) ||
458 + (*last_idx<0 && order >= *dflt)) {
461 + *last_nhsel = nhsel;
466 + read_lock_bh(&fib_nhflags_lock);
468 + nh->nh_flags |= RTNH_F_SUSPECT;
470 + nh->nh_flags &= ~RTNH_F_SUSPECT;
471 + read_unlock_bh(&fib_nhflags_lock);
474 + /* } endfor_nexthops(fi) */
479 #ifdef CONFIG_IP_ROUTE_MULTIPATH
480 @@ -539,8 +584,11 @@ static int fib_check_nh(struct fib_confi
482 if ((dev = __dev_get_by_index(net, nh->nh_oif)) == NULL)
484 - if (!(dev->flags&IFF_UP))
486 + if (!(dev->flags&IFF_UP)) {
487 + if (fi->fib_protocol != RTPROT_STATIC)
489 + nh->nh_flags |= RTNH_F_DEAD;
493 nh->nh_scope = RT_SCOPE_LINK;
494 @@ -560,24 +608,48 @@ static int fib_check_nh(struct fib_confi
495 /* It is not necessary, but requires a bit of thinking */
496 if (fl.fl4_scope < RT_SCOPE_LINK)
497 fl.fl4_scope = RT_SCOPE_LINK;
498 - if ((err = fib_lookup(net, &fl, &res)) != 0)
500 + err = fib_lookup(net, &fl, &res);
503 - if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
505 - nh->nh_scope = res.scope;
506 - nh->nh_oif = FIB_RES_OIF(res);
507 - if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
509 - dev_hold(nh->nh_dev);
511 - if (!(nh->nh_dev->flags & IFF_UP))
515 + struct in_device *in_dev;
517 + if (err != -ENETUNREACH ||
518 + fi->fib_protocol != RTPROT_STATIC)
521 + in_dev = inetdev_by_index(net, nh->nh_oif);
522 + if (in_dev == NULL ||
523 + in_dev->dev->flags & IFF_UP) {
525 + in_dev_put(in_dev);
528 + nh->nh_flags |= RTNH_F_DEAD;
529 + nh->nh_scope = RT_SCOPE_LINK;
530 + nh->nh_dev = in_dev->dev;
531 + dev_hold(nh->nh_dev);
532 + in_dev_put(in_dev);
535 + if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
537 + nh->nh_scope = res.scope;
538 + nh->nh_oif = FIB_RES_OIF(res);
539 + if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
541 + dev_hold(nh->nh_dev);
542 + if (!(nh->nh_dev->flags & IFF_UP)) {
543 + if (fi->fib_protocol != RTPROT_STATIC) {
547 + nh->nh_flags |= RTNH_F_DEAD;
557 struct in_device *in_dev;
559 @@ -588,8 +660,11 @@ out:
562 if (!(in_dev->dev->flags&IFF_UP)) {
563 - in_dev_put(in_dev);
565 + if (fi->fib_protocol != RTPROT_STATIC) {
566 + in_dev_put(in_dev);
569 + nh->nh_flags |= RTNH_F_DEAD;
571 nh->nh_dev = in_dev->dev;
572 dev_hold(nh->nh_dev);
573 @@ -899,8 +974,12 @@ int fib_semantic_match(struct list_head
575 if (nh->nh_flags&RTNH_F_DEAD)
577 - if (!flp->oif || flp->oif == nh->nh_oif)
579 + if (flp->oif && flp->oif != nh->nh_oif)
581 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
582 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
586 #ifdef CONFIG_IP_ROUTE_MULTIPATH
587 if (nhsel < fi->fib_nhs) {
588 @@ -1080,18 +1159,29 @@ int fib_sync_down_dev(struct net_device
591 change_nexthops(fi) {
592 - if (nh->nh_flags&RTNH_F_DEAD)
594 - else if (nh->nh_dev == dev &&
595 - nh->nh_scope != scope) {
596 - nh->nh_flags |= RTNH_F_DEAD;
597 + if (nh->nh_flags&RTNH_F_DEAD) {
598 + if (fi->fib_protocol!=RTPROT_STATIC ||
599 + nh->nh_dev == NULL ||
600 + __in_dev_get_rtnl(nh->nh_dev) == NULL ||
601 + nh->nh_dev->flags&IFF_UP)
603 + } else if (nh->nh_dev == dev &&
604 + nh->nh_scope != scope) {
605 + write_lock_bh(&fib_nhflags_lock);
606 #ifdef CONFIG_IP_ROUTE_MULTIPATH
607 - spin_lock_bh(&fib_multipath_lock);
608 + spin_lock(&fib_multipath_lock);
609 + nh->nh_flags |= RTNH_F_DEAD;
610 fi->fib_power -= nh->nh_power;
612 - spin_unlock_bh(&fib_multipath_lock);
613 + spin_unlock(&fib_multipath_lock);
615 + nh->nh_flags |= RTNH_F_DEAD;
618 + write_unlock_bh(&fib_nhflags_lock);
619 + if (fi->fib_protocol!=RTPROT_STATIC ||
621 + __in_dev_get_rtnl(dev) == NULL)
624 #ifdef CONFIG_IP_ROUTE_MULTIPATH
625 if (force > 1 && nh->nh_dev == dev) {
626 @@ -1109,11 +1199,8 @@ int fib_sync_down_dev(struct net_device
630 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
633 - Dead device goes up. We wake up dead nexthops.
634 - It takes sense only on multipath routes.
635 + Dead device goes up or new address is added. We wake up dead nexthops.
638 int fib_sync_up(struct net_device *dev)
639 @@ -1123,8 +1210,10 @@ int fib_sync_up(struct net_device *dev)
640 struct hlist_head *head;
641 struct hlist_node *node;
644 + struct fib_result res;
648 if (!(dev->flags&IFF_UP))
651 @@ -1132,6 +1221,7 @@ int fib_sync_up(struct net_device *dev)
652 hash = fib_devindex_hashfn(dev->ifindex);
653 head = &fib_info_devhash[hash];
657 hlist_for_each_entry(nh, node, head, nh_hash) {
658 struct fib_info *fi = nh->nh_parent;
659 @@ -1144,19 +1234,39 @@ int fib_sync_up(struct net_device *dev)
662 change_nexthops(fi) {
663 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
665 + if (!(nh->nh_flags&RTNH_F_DEAD))
668 if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP))
670 if (nh->nh_dev != dev || !__in_dev_get_rtnl(dev))
672 + if (nh->nh_gw && fi->fib_protocol == RTPROT_STATIC) {
673 + struct flowi fl = {
675 + { .daddr = nh->nh_gw,
676 + .scope = nh->nh_scope } },
679 + if (fib_lookup(dev_net(dev), &fl, &res) != 0)
681 + if (res.type != RTN_UNICAST &&
682 + res.type != RTN_LOCAL) {
686 + nh->nh_scope = res.scope;
691 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
692 spin_lock_bh(&fib_multipath_lock);
695 nh->nh_flags &= ~RTNH_F_DEAD;
696 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
697 spin_unlock_bh(&fib_multipath_lock);
699 } endfor_nexthops(fi)
702 @@ -1164,10 +1274,14 @@ int fib_sync_up(struct net_device *dev)
712 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
715 The algorithm is suboptimal, but it provides really
716 fair weighted route distribution.
717 @@ -1176,24 +1290,45 @@ int fib_sync_up(struct net_device *dev)
718 void fib_select_multipath(const struct flowi *flp, struct fib_result *res)
720 struct fib_info *fi = res->fi;
724 spin_lock_bh(&fib_multipath_lock);
728 + change_nexthops(fi) {
729 + if (flp->oif != nh->nh_oif)
731 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
732 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
734 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
735 + if (nh->nh_power > w) {
740 + } endfor_nexthops(fi);
742 + spin_unlock_bh(&fib_multipath_lock);
750 if (fi->fib_power <= 0) {
752 change_nexthops(fi) {
753 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
754 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
755 power += nh->nh_weight;
756 nh->nh_power = nh->nh_weight;
758 } endfor_nexthops(fi);
759 fi->fib_power = power;
761 - spin_unlock_bh(&fib_multipath_lock);
762 - /* Race condition: route has just become dead. */
771 @@ -1203,20 +1338,40 @@ void fib_select_multipath(const struct f
773 w = jiffies % fi->fib_power;
776 change_nexthops(fi) {
777 - if (!(nh->nh_flags&RTNH_F_DEAD) && nh->nh_power) {
778 + if (!(nh->nh_flags&RTNH_F_BADSTATE) && nh->nh_power) {
779 if ((w -= nh->nh_power) <= 0) {
782 - res->nh_sel = nhsel;
783 spin_unlock_bh(&fib_multipath_lock);
784 + res->nh_sel = nhsel;
789 + } endfor_nexthops(fi);
798 + if (!(nh->nh_flags&RTNH_F_DEAD)) {
799 + if (flp->oif && flp->oif != nh->nh_oif)
801 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
802 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
804 + spin_unlock_bh(&fib_multipath_lock);
805 + res->nh_sel = nhsel;
808 } endfor_nexthops(fi);
810 /* Race condition: route has just become dead. */
812 spin_unlock_bh(&fib_multipath_lock);
815 diff -urp v2.6.28/linux/net/ipv4/fib_trie.c linux/net/ipv4/fib_trie.c
816 --- v2.6.28/linux/net/ipv4/fib_trie.c 2008-10-11 12:46:16.000000000 +0300
817 +++ linux/net/ipv4/fib_trie.c 2009-02-06 09:43:23.000000000 +0200
818 @@ -1261,6 +1261,7 @@ static int fn_trie_insert(struct fib_tab
819 fi_drop = fa->fa_info;
820 new_fa->fa_tos = fa->fa_tos;
821 new_fa->fa_info = fi;
822 + new_fa->fa_last_dflt = -1;
823 new_fa->fa_type = cfg->fc_type;
824 new_fa->fa_scope = cfg->fc_scope;
825 state = fa->fa_state;
826 @@ -1301,6 +1302,7 @@ static int fn_trie_insert(struct fib_tab
827 new_fa->fa_type = cfg->fc_type;
828 new_fa->fa_scope = cfg->fc_scope;
829 new_fa->fa_state = 0;
830 + new_fa->fa_last_dflt = -1;
832 * Insert new entry to the list.
834 @@ -1802,24 +1804,31 @@ static void fn_trie_select_default(struc
835 struct fib_result *res)
837 struct trie *t = (struct trie *) tb->tb_data;
838 - int order, last_idx;
839 + int order, last_idx, last_dflt, last_nhsel;
840 + struct fib_alias *first_fa = NULL;
841 struct fib_info *fi = NULL;
842 struct fib_info *last_resort;
843 struct fib_alias *fa = NULL;
844 struct list_head *fa_head;
854 + mask = inet_make_mask(res->prefixlen);
855 + key = ntohl(flp->fl4_dst & mask);
859 - l = fib_find_node(t, 0);
860 + l = fib_find_node(t, key);
864 - fa_head = get_fa_head(l, 0);
865 + fa_head = get_fa_head(l, res->prefixlen);
869 @@ -1833,39 +1842,52 @@ static void fn_trie_select_default(struc
870 fa->fa_type != RTN_UNICAST)
874 + fa->fa_tos != flp->fl4_tos)
876 if (next_fi->fib_priority > res->fi->fib_priority)
878 - if (!next_fi->fib_nh[0].nh_gw ||
879 - next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
881 fa->fa_state |= FA_S_ACCESSED;
884 - if (next_fi != res->fi)
886 - } else if (!fib_detect_death(fi, order, &last_resort,
887 - &last_idx, tb->tb_default)) {
889 + last_dflt = fa->fa_last_dflt;
892 + if (fi && !fib_detect_death(fi, order, &last_resort,
893 + &last_idx, &last_dflt, &last_nhsel, flp)) {
894 fib_result_assign(res, fi);
895 - tb->tb_default = order;
896 + first_fa->fa_last_dflt = order;
902 if (order <= 0 || fi == NULL) {
903 - tb->tb_default = -1;
904 + if (fi && fi->fib_nhs > 1 &&
905 + fib_detect_death(fi, order, &last_resort, &last_idx,
906 + &last_dflt, &last_nhsel, flp) &&
907 + last_resort == fi) {
908 + read_lock_bh(&fib_nhflags_lock);
909 + fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
910 + read_unlock_bh(&fib_nhflags_lock);
912 + if (first_fa) first_fa->fa_last_dflt = -1;
916 if (!fib_detect_death(fi, order, &last_resort, &last_idx,
918 + &last_dflt, &last_nhsel, flp)) {
919 fib_result_assign(res, fi);
920 - tb->tb_default = order;
921 + first_fa->fa_last_dflt = order;
925 + if (last_idx >= 0) {
926 fib_result_assign(res, last_resort);
927 - tb->tb_default = last_idx;
928 + read_lock_bh(&fib_nhflags_lock);
929 + last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
930 + read_unlock_bh(&fib_nhflags_lock);
931 + first_fa->fa_last_dflt = last_idx;
936 diff -urp v2.6.28/linux/net/ipv4/netfilter/ipt_MASQUERADE.c linux/net/ipv4/netfilter/ipt_MASQUERADE.c
937 --- v2.6.28/linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2008-12-25 10:12:25.000000000 +0200
938 +++ linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2009-02-06 09:43:23.000000000 +0200
939 @@ -54,7 +54,7 @@ masquerade_tg(struct sk_buff *skb, const
940 enum ip_conntrack_info ctinfo;
941 struct nf_nat_range newrange;
942 const struct nf_nat_multi_range_compat *mr;
943 - const struct rtable *rt;
947 NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
948 @@ -72,13 +72,28 @@ masquerade_tg(struct sk_buff *skb, const
953 - newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
955 - printk("MASQUERADE: %s ate my IP address\n", par->out->name);
959 + struct flowi fl = { .nl_u = { .ip4_u =
960 + { .daddr = ip_hdr(skb)->daddr,
961 + .tos = (RT_TOS(ip_hdr(skb)->tos) |
963 + .gw = skb->rtable->rt_gateway,
966 + .oif = par->out->ifindex };
967 + if (ip_route_output_key(dev_net(par->out), &rt, &fl) != 0) {
968 + /* Funky routing can do this. */
969 + if (net_ratelimit())
970 + printk("MASQUERADE:"
971 + " No route: Rusty's brain broke!\n");
976 + newsrc = rt->rt_src;
979 write_lock_bh(&masq_lock);
980 nat->masq_index = par->out->ifindex;
981 write_unlock_bh(&masq_lock);
982 diff -urp v2.6.28/linux/net/ipv4/netfilter/nf_nat_core.c linux/net/ipv4/netfilter/nf_nat_core.c
983 --- v2.6.28/linux/net/ipv4/netfilter/nf_nat_core.c 2008-12-25 10:12:25.000000000 +0200
984 +++ linux/net/ipv4/netfilter/nf_nat_core.c 2009-02-06 09:43:23.000000000 +0200
985 @@ -710,6 +710,52 @@ static struct pernet_operations nf_nat_n
986 .exit = nf_nat_net_exit,
990 +ip_nat_route_input(unsigned int hooknum,
991 + struct sk_buff *skb,
992 + const struct net_device *in,
993 + const struct net_device *out,
994 + int (*okfn)(struct sk_buff *))
997 + struct nf_conn *conn;
998 + enum ip_conntrack_info ctinfo;
999 + enum ip_conntrack_dir dir;
1000 + unsigned long statusbit;
1003 + if (!(conn = nf_ct_get(skb, &ctinfo)))
1006 + if (!(conn->status & IPS_NAT_DONE_MASK))
1008 + dir = CTINFO2DIR(ctinfo);
1009 + statusbit = IPS_SRC_NAT;
1010 + if (dir == IP_CT_DIR_REPLY)
1011 + statusbit ^= IPS_NAT_MASK;
1012 + if (!(conn->status & statusbit))
1018 + if (skb->len < sizeof(struct iphdr))
1021 + /* use daddr in other direction as masquerade address (lsrc) */
1022 + iph = ip_hdr(skb);
1023 + saddr = conn->tuplehash[!dir].tuple.dst.u3.ip;
1024 + if (saddr == iph->saddr)
1027 + if (ip_route_input_lookup(skb, iph->daddr, iph->saddr, iph->tos,
1033 +EXPORT_SYMBOL_GPL(ip_nat_route_input);
1035 static int __init nf_nat_init(void)
1038 diff -urp v2.6.28/linux/net/ipv4/netfilter/nf_nat_standalone.c linux/net/ipv4/netfilter/nf_nat_standalone.c
1039 --- v2.6.28/linux/net/ipv4/netfilter/nf_nat_standalone.c 2008-07-14 09:58:50.000000000 +0300
1040 +++ linux/net/ipv4/netfilter/nf_nat_standalone.c 2009-02-06 09:43:23.000000000 +0200
1041 @@ -256,6 +256,14 @@ static struct nf_hook_ops nf_nat_ops[] _
1042 .hooknum = NF_INET_PRE_ROUTING,
1043 .priority = NF_IP_PRI_NAT_DST,
1045 + /* Before routing, route before mangling */
1047 + .hook = ip_nat_route_input,
1048 + .owner = THIS_MODULE,
1050 + .hooknum = NF_INET_PRE_ROUTING,
1051 + .priority = NF_IP_PRI_LAST-1,
1053 /* After packet filtering, change source */
1056 diff -urp v2.6.28/linux/net/ipv4/route.c linux/net/ipv4/route.c
1057 --- v2.6.28/linux/net/ipv4/route.c 2008-12-25 10:12:25.000000000 +0200
1058 +++ linux/net/ipv4/route.c 2009-02-06 09:43:43.000000000 +0200
1059 @@ -679,6 +679,7 @@ static inline int compare_keys(struct fl
1060 return ((__force u32)((fl1->nl_u.ip4_u.daddr ^ fl2->nl_u.ip4_u.daddr) |
1061 (fl1->nl_u.ip4_u.saddr ^ fl2->nl_u.ip4_u.saddr)) |
1062 (fl1->mark ^ fl2->mark) |
1063 + ((__force u32)(fl1->nl_u.ip4_u.lsrc ^ fl2->nl_u.ip4_u.lsrc)) |
1064 (*(u16 *)&fl1->nl_u.ip4_u.tos ^
1065 *(u16 *)&fl2->nl_u.ip4_u.tos) |
1066 (fl1->oif ^ fl2->oif) |
1067 @@ -1286,6 +1287,7 @@ void ip_rt_redirect(__be32 old_gw, __be3
1069 /* Gateway is different ... */
1070 rt->rt_gateway = new_gw;
1071 + if (rt->fl.fl4_gw) rt->fl.fl4_gw = new_gw;
1073 /* Redirect received -> path was valid */
1074 dst_confirm(&rth->u.dst);
1075 @@ -1735,6 +1737,7 @@ static int ip_route_input_mc(struct sk_b
1076 rth->fl.fl4_tos = tos;
1077 rth->fl.mark = skb->mark;
1078 rth->fl.fl4_src = saddr;
1079 + rth->fl.fl4_lsrc = 0;
1080 rth->rt_src = saddr;
1081 #ifdef CONFIG_NET_CLS_ROUTE
1082 rth->u.dst.tclassid = itag;
1083 @@ -1745,6 +1748,7 @@ static int ip_route_input_mc(struct sk_b
1084 dev_hold(rth->u.dst.dev);
1085 rth->idev = in_dev_get(rth->u.dst.dev);
1087 + rth->fl.fl4_gw = 0;
1088 rth->rt_gateway = daddr;
1089 rth->rt_spec_dst= spec_dst;
1090 rth->rt_genid = rt_genid(dev_net(dev));
1091 @@ -1810,7 +1814,7 @@ static int __mkroute_input(struct sk_buf
1092 struct fib_result *res,
1093 struct in_device *in_dev,
1094 __be32 daddr, __be32 saddr, u32 tos,
1095 - struct rtable **result)
1096 + __be32 lsrc, struct rtable **result)
1100 @@ -1844,6 +1848,7 @@ static int __mkroute_input(struct sk_buf
1101 flags |= RTCF_DIRECTSRC;
1103 if (out_dev == in_dev && err &&
1105 (IN_DEV_SHARED_MEDIA(out_dev) ||
1106 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1107 flags |= RTCF_DOREDIRECT;
1108 @@ -1877,6 +1882,7 @@ static int __mkroute_input(struct sk_buf
1109 rth->fl.mark = skb->mark;
1110 rth->fl.fl4_src = saddr;
1111 rth->rt_src = saddr;
1112 + rth->fl.fl4_lsrc = lsrc;
1113 rth->rt_gateway = daddr;
1115 rth->fl.iif = in_dev->dev->ifindex;
1116 @@ -1884,6 +1890,7 @@ static int __mkroute_input(struct sk_buf
1117 dev_hold(rth->u.dst.dev);
1118 rth->idev = in_dev_get(rth->u.dst.dev);
1120 + rth->fl.fl4_gw = 0;
1121 rth->rt_spec_dst= spec_dst;
1123 rth->u.dst.input = ip_forward;
1124 @@ -1904,21 +1911,23 @@ static int __mkroute_input(struct sk_buf
1126 static int ip_mkroute_input(struct sk_buff *skb,
1127 struct fib_result *res,
1129 const struct flowi *fl,
1130 struct in_device *in_dev,
1131 - __be32 daddr, __be32 saddr, u32 tos)
1132 + __be32 daddr, __be32 saddr, u32 tos, __be32 lsrc)
1134 struct rtable* rth = NULL;
1138 + fib_select_default(net, fl, res);
1139 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1140 - if (res->fi && res->fi->fib_nhs > 1 && fl->oif == 0)
1141 + if (res->fi && res->fi->fib_nhs > 1)
1142 fib_select_multipath(fl, res);
1145 /* create a routing cache entry */
1146 - err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
1147 + err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, lsrc, &rth);
1151 @@ -1939,18 +1948,19 @@ static int ip_mkroute_input(struct sk_bu
1154 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1155 - u8 tos, struct net_device *dev)
1156 + u8 tos, struct net_device *dev, __be32 lsrc)
1158 struct fib_result res;
1159 struct in_device *in_dev = in_dev_get(dev);
1160 struct flowi fl = { .nl_u = { .ip4_u =
1163 + .saddr = lsrc? : saddr,
1165 .scope = RT_SCOPE_UNIVERSE,
1168 - .iif = dev->ifindex };
1170 + dev_net(dev)->loopback_dev->ifindex : dev->ifindex };
1173 struct rtable * rth;
1174 @@ -1986,6 +1996,12 @@ static int ip_route_input_slow(struct sk
1175 ipv4_is_loopback(daddr))
1176 goto martian_destination;
1179 + if (ipv4_is_multicast(lsrc) || ipv4_is_lbcast(lsrc) ||
1180 + ipv4_is_zeronet(lsrc) || ipv4_is_loopback(lsrc))
1185 * Now we are ready to route packet.
1187 @@ -1995,6 +2011,8 @@ static int ip_route_input_slow(struct sk
1191 + fl.iif = dev->ifindex;
1192 + fl.fl4_src = saddr;
1194 RT_CACHE_STAT_INC(in_slow_tot);
1196 @@ -2019,7 +2037,7 @@ static int ip_route_input_slow(struct sk
1197 if (res.type != RTN_UNICAST)
1198 goto martian_destination;
1200 - err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos);
1201 + err = ip_mkroute_input(skb, &res, net, &fl, in_dev, daddr, saddr, tos, lsrc);
1205 @@ -2029,6 +2047,8 @@ out: return err;
1207 if (skb->protocol != htons(ETH_P_IP))
1212 if (ipv4_is_zeronet(saddr))
1213 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
1214 @@ -2070,6 +2090,7 @@ local_input:
1215 rth->u.dst.dev = net->loopback_dev;
1216 dev_hold(rth->u.dst.dev);
1217 rth->idev = in_dev_get(rth->u.dst.dev);
1218 + rth->fl.fl4_gw = 0;
1219 rth->rt_gateway = daddr;
1220 rth->rt_spec_dst= spec_dst;
1221 rth->u.dst.input= ip_local_deliver;
1222 @@ -2121,8 +2142,9 @@ martian_source:
1226 -int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1227 - u8 tos, struct net_device *dev)
1229 +ip_route_input_cached(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1230 + u8 tos, struct net_device *dev, __be32 lsrc)
1232 struct rtable * rth;
1234 @@ -2139,6 +2161,7 @@ int ip_route_input(struct sk_buff *skb,
1235 if (((rth->fl.fl4_dst ^ daddr) |
1236 (rth->fl.fl4_src ^ saddr) |
1237 (rth->fl.iif ^ iif) |
1238 + (rth->fl.fl4_lsrc ^ lsrc) |
1240 (rth->fl.fl4_tos ^ tos)) == 0 &&
1241 rth->fl.mark == skb->mark &&
1242 @@ -2186,7 +2209,19 @@ int ip_route_input(struct sk_buff *skb,
1246 - return ip_route_input_slow(skb, daddr, saddr, tos, dev);
1247 + return ip_route_input_slow(skb, daddr, saddr, tos, dev, lsrc);
1250 +int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1251 + u8 tos, struct net_device *dev)
1253 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, 0);
1256 +int ip_route_input_lookup(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1257 + u8 tos, struct net_device *dev, __be32 lsrc)
1259 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, lsrc);
1262 static int __mkroute_output(struct rtable **result,
1263 @@ -2258,6 +2293,7 @@ static int __mkroute_output(struct rtabl
1264 rth->fl.fl4_tos = tos;
1265 rth->fl.fl4_src = oldflp->fl4_src;
1266 rth->fl.oif = oldflp->oif;
1267 + rth->fl.fl4_gw = oldflp->fl4_gw;
1268 rth->fl.mark = oldflp->mark;
1269 rth->rt_dst = fl->fl4_dst;
1270 rth->rt_src = fl->fl4_src;
1271 @@ -2339,6 +2375,7 @@ static int ip_route_output_slow(struct n
1272 struct flowi fl = { .nl_u = { .ip4_u =
1273 { .daddr = oldflp->fl4_dst,
1274 .saddr = oldflp->fl4_src,
1275 + .gw = oldflp->fl4_gw,
1276 .tos = tos & IPTOS_RT_MASK,
1277 .scope = ((tos & RTO_ONLINK) ?
1279 @@ -2450,6 +2487,7 @@ static int ip_route_output_slow(struct n
1280 dev_out = net->loopback_dev;
1282 fl.oif = net->loopback_dev->ifindex;
1284 res.type = RTN_LOCAL;
1285 flags |= RTCF_LOCAL;
1287 @@ -2457,7 +2495,7 @@ static int ip_route_output_slow(struct n
1289 if (fib_lookup(net, &fl, &res)) {
1291 - if (oldflp->oif) {
1292 + if (oldflp->oif && dev_out->flags & IFF_UP) {
1293 /* Apparently, routing tables are wrong. Assume,
1294 that the destination is on link.
1296 @@ -2497,6 +2535,7 @@ static int ip_route_output_slow(struct n
1297 dev_out = net->loopback_dev;
1299 fl.oif = dev_out->ifindex;
1302 fib_info_put(res.fi);
1304 @@ -2504,13 +2543,12 @@ static int ip_route_output_slow(struct n
1308 + if (res.type == RTN_UNICAST)
1309 + fib_select_default(net, &fl, &res);
1310 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1311 - if (res.fi->fib_nhs > 1 && fl.oif == 0)
1312 + if (res.fi->fib_nhs > 1)
1313 fib_select_multipath(&fl, &res);
1316 - if (!res.prefixlen && res.type == RTN_UNICAST && !fl.oif)
1317 - fib_select_default(net, &fl, &res);
1320 fl.fl4_src = FIB_RES_PREFSRC(res);
1321 @@ -2548,6 +2586,7 @@ int __ip_route_output_key(struct net *ne
1322 rth->fl.fl4_src == flp->fl4_src &&
1324 rth->fl.oif == flp->oif &&
1325 + rth->fl.fl4_gw == flp->fl4_gw &&
1326 rth->fl.mark == flp->mark &&
1327 !((rth->fl.fl4_tos ^ flp->fl4_tos) &
1328 (IPTOS_RT_MASK | RTO_ONLINK)) &&
1329 @@ -3322,3 +3361,4 @@ void __init ip_static_sysctl_init(void)
1330 EXPORT_SYMBOL(__ip_select_ident);
1331 EXPORT_SYMBOL(ip_route_input);
1332 EXPORT_SYMBOL(ip_route_output_key);
1333 +EXPORT_SYMBOL(ip_route_input_lookup);
projects / packages / kernel.git / blob