1 diff -urN linux-2.6.19.old/include/linux/netfilter_ipv4/ip_nat.h linux-2.6.19.dev/include/linux/netfilter_ipv4/ip_nat.h
2 --- linux-2.6.19.old/include/linux/netfilter_ipv4/ip_nat.h 2006-11-29 22:57:37.000000000 +0100
3 +++ linux-2.6.19.dev/include/linux/netfilter_ipv4/ip_nat.h 2006-12-14 03:13:53.000000000 +0100
8 +/* Call input routing for SNAT-ed traffic */
9 +extern unsigned int ip_nat_route_input(unsigned int hooknum,
10 + struct sk_buff **pskb,
11 + const struct net_device *in,
12 + const struct net_device *out,
13 + int (*okfn)(struct sk_buff *));
15 /* Set up the info structure to map into this range. */
16 extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
17 const struct ip_nat_range *range,
18 diff -urN linux-2.6.19.old/include/linux/rtnetlink.h linux-2.6.19.dev/include/linux/rtnetlink.h
19 --- linux-2.6.19.old/include/linux/rtnetlink.h 2006-11-29 22:57:37.000000000 +0100
20 +++ linux-2.6.19.dev/include/linux/rtnetlink.h 2006-12-14 03:13:53.000000000 +0100
22 #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
23 #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
24 #define RTNH_F_ONLINK 4 /* Gateway is forced on link */
25 +#define RTNH_F_SUSPECT 8 /* We don't know the real state */
26 +#define RTNH_F_BADSTATE (RTNH_F_DEAD | RTNH_F_SUSPECT)
28 /* Macros to handle hexthops */
30 diff -urN linux-2.6.19.old/include/net/flow.h linux-2.6.19.dev/include/net/flow.h
31 --- linux-2.6.19.old/include/net/flow.h 2006-11-29 22:57:37.000000000 +0100
32 +++ linux-2.6.19.dev/include/net/flow.h 2006-12-14 03:13:53.000000000 +0100
43 #define fl4_dst nl_u.ip4_u.daddr
44 #define fl4_src nl_u.ip4_u.saddr
45 #define fl4_fwmark nl_u.ip4_u.fwmark
46 +#define fl4_lsrc nl_u.ip4_u.lsrc
47 +#define fl4_gw nl_u.ip4_u.gw
48 #define fl4_tos nl_u.ip4_u.tos
49 #define fl4_scope nl_u.ip4_u.scope
51 diff -urN linux-2.6.19.old/include/net/ip_fib.h linux-2.6.19.dev/include/net/ip_fib.h
52 --- linux-2.6.19.old/include/net/ip_fib.h 2006-11-29 22:57:37.000000000 +0100
53 +++ linux-2.6.19.dev/include/net/ip_fib.h 2006-12-14 03:13:53.000000000 +0100
56 static inline void fib_select_default(const struct flowi *flp, struct fib_result *res)
58 - if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
59 + if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
60 + FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)
61 ip_fib_main_table->tb_select_default(ip_fib_main_table, flp, res);
66 #endif /* CONFIG_IP_MULTIPLE_TABLES */
68 +extern int fib_result_table(struct fib_result *res);
70 /* Exported by fib_frontend.c */
71 extern struct nla_policy rtm_ipv4_policy[];
72 extern void ip_fib_init(void);
74 extern void fib_proc_exit(void);
77 +extern rwlock_t fib_nhflags_lock;
79 #endif /* _NET_FIB_H */
80 diff -urN linux-2.6.19.old/include/net/route.h linux-2.6.19.dev/include/net/route.h
81 --- linux-2.6.19.old/include/net/route.h 2006-11-29 22:57:37.000000000 +0100
82 +++ linux-2.6.19.dev/include/net/route.h 2006-12-14 03:13:53.000000000 +0100
84 extern int ip_route_output_key(struct rtable **, struct flowi *flp);
85 extern int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
86 extern int ip_route_input(struct sk_buff*, __be32 dst, __be32 src, u8 tos, struct net_device *devin);
87 +extern int ip_route_input_lookup(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin, u32 lsrc);
88 extern unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu);
89 extern void ip_rt_send_redirect(struct sk_buff *skb);
91 diff -urN linux-2.6.19.old/net/ipv4/fib_frontend.c linux-2.6.19.dev/net/ipv4/fib_frontend.c
92 --- linux-2.6.19.old/net/ipv4/fib_frontend.c 2006-11-29 22:57:37.000000000 +0100
93 +++ linux-2.6.19.dev/net/ipv4/fib_frontend.c 2006-12-14 03:13:53.000000000 +0100
95 #define FIB_TABLE_HASHSZ 1
96 static struct hlist_head fib_table_hash[FIB_TABLE_HASHSZ];
98 +#define FIB_RES_TABLE(r) (RT_TABLE_MAIN)
102 #define FIB_TABLE_HASHSZ 256
108 +#define FIB_RES_TABLE(r) (fib_result_table(r))
110 #endif /* CONFIG_IP_MULTIPLE_TABLES */
112 static void fib_flush(void)
116 struct fib_result res;
118 + unsigned char prefixlen;
119 + unsigned char scope;
123 @@ -211,31 +219,35 @@
125 *spec_dst = FIB_RES_PREFSRC(res);
126 fib_combine_itag(itag, &res);
127 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
128 - if (FIB_RES_DEV(res) == dev || res.fi->fib_nhs > 1)
130 if (FIB_RES_DEV(res) == dev)
133 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
137 + table = FIB_RES_TABLE(&res);
138 + prefixlen = res.prefixlen;
145 fl.oif = dev->ifindex;
148 if (fib_lookup(&fl, &res) == 0) {
149 - if (res.type == RTN_UNICAST) {
150 + if (res.type == RTN_UNICAST &&
151 + ((table == FIB_RES_TABLE(&res) &&
152 + res.prefixlen >= prefixlen && res.scope >= scope) ||
154 *spec_dst = FIB_RES_PREFSRC(res);
155 ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
170 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
171 fib_sync_up(ifa->ifa_dev->dev);
179 } endfor_ifa(in_dev);
180 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
186 diff -urN linux-2.6.19.old/net/ipv4/fib_hash.c linux-2.6.19.dev/net/ipv4/fib_hash.c
187 --- linux-2.6.19.old/net/ipv4/fib_hash.c 2006-11-29 22:57:37.000000000 +0100
188 +++ linux-2.6.19.dev/net/ipv4/fib_hash.c 2006-12-14 03:13:53.000000000 +0100
189 @@ -275,30 +275,38 @@
193 -static int fn_hash_last_dflt=-1;
196 fn_hash_select_default(struct fib_table *tb, const struct flowi *flp, struct fib_result *res)
198 - int order, last_idx;
199 + int order, last_idx, last_dflt, last_nhsel;
200 + struct fib_alias *first_fa = NULL;
201 + struct hlist_head *head;
202 struct hlist_node *node;
204 struct fib_info *fi = NULL;
205 struct fib_info *last_resort;
206 struct fn_hash *t = (struct fn_hash*)tb->tb_data;
207 - struct fn_zone *fz = t->fn_zones[0];
208 + struct fn_zone *fz = t->fn_zones[res->prefixlen];
214 + k = fz_key(flp->fl4_dst, fz);
221 read_lock(&fib_hash_lock);
222 - hlist_for_each_entry(f, node, &fz->fz_hash[0], fn_hash) {
223 + head = &fz->fz_hash[fn_hash(k, fz)];
224 + hlist_for_each_entry(f, node, head, fn_hash) {
225 struct fib_alias *fa;
227 + if (f->fn_key != k)
230 list_for_each_entry(fa, &f->fn_alias, fa_list) {
231 struct fib_info *next_fi = fa->fa_info;
233 @@ -306,41 +314,52 @@
234 fa->fa_type != RTN_UNICAST)
238 + fa->fa_tos != flp->fl4_tos)
240 if (next_fi->fib_priority > res->fi->fib_priority)
242 - if (!next_fi->fib_nh[0].nh_gw ||
243 - next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
245 fa->fa_state |= FA_S_ACCESSED;
248 - if (next_fi != res->fi)
250 - } else if (!fib_detect_death(fi, order, &last_resort,
251 - &last_idx, &fn_hash_last_dflt)) {
253 + last_dflt = fa->fa_last_dflt;
256 + if (fi && !fib_detect_death(fi, order, &last_resort,
257 + &last_idx, &last_dflt, &last_nhsel, flp)) {
259 fib_info_put(res->fi);
261 atomic_inc(&fi->fib_clntref);
262 - fn_hash_last_dflt = order;
263 + first_fa->fa_last_dflt = order;
272 if (order <= 0 || fi == NULL) {
273 - fn_hash_last_dflt = -1;
274 + if (fi && fi->fib_nhs > 1 &&
275 + fib_detect_death(fi, order, &last_resort, &last_idx,
276 + &last_dflt, &last_nhsel, flp) &&
277 + last_resort == fi) {
278 + read_lock_bh(&fib_nhflags_lock);
279 + fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
280 + read_unlock_bh(&fib_nhflags_lock);
282 + if (first_fa) first_fa->fa_last_dflt = -1;
286 - if (!fib_detect_death(fi, order, &last_resort, &last_idx, &fn_hash_last_dflt)) {
287 + if (!fib_detect_death(fi, order, &last_resort, &last_idx,
288 + &last_dflt, &last_nhsel, flp)) {
290 fib_info_put(res->fi);
292 atomic_inc(&fi->fib_clntref);
293 - fn_hash_last_dflt = order;
294 + first_fa->fa_last_dflt = order;
299 res->fi = last_resort;
301 atomic_inc(&last_resort->fib_clntref);
302 + read_lock_bh(&fib_nhflags_lock);
303 + last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
304 + read_unlock_bh(&fib_nhflags_lock);
305 + first_fa->fa_last_dflt = last_idx;
307 - fn_hash_last_dflt = last_idx;
309 read_unlock(&fib_hash_lock);
312 write_lock_bh(&fib_hash_lock);
313 fi_drop = fa->fa_info;
315 + fa->fa_last_dflt = -1;
316 fa->fa_type = cfg->fc_type;
317 fa->fa_scope = cfg->fc_scope;
318 state = fa->fa_state;
320 new_fa->fa_type = cfg->fc_type;
321 new_fa->fa_scope = cfg->fc_scope;
322 new_fa->fa_state = 0;
323 + new_fa->fa_last_dflt = -1;
326 * Insert new entry to the list.
327 diff -urN linux-2.6.19.old/net/ipv4/fib_lookup.h linux-2.6.19.dev/net/ipv4/fib_lookup.h
328 --- linux-2.6.19.old/net/ipv4/fib_lookup.h 2006-11-29 22:57:37.000000000 +0100
329 +++ linux-2.6.19.dev/net/ipv4/fib_lookup.h 2006-12-14 03:13:53.000000000 +0100
331 struct list_head fa_list;
333 struct fib_info *fa_info;
340 extern int fib_detect_death(struct fib_info *fi, int order,
341 struct fib_info **last_resort,
342 - int *last_idx, int *dflt);
343 + int *last_idx, int *dflt, int *last_nhsel,
344 + const struct flowi *flp);
346 #endif /* _FIB_LOOKUP_H */
347 diff -urN linux-2.6.19.old/net/ipv4/fib_rules.c linux-2.6.19.dev/net/ipv4/fib_rules.c
348 --- linux-2.6.19.old/net/ipv4/fib_rules.c 2006-11-29 22:57:37.000000000 +0100
349 +++ linux-2.6.19.dev/net/ipv4/fib_rules.c 2006-12-14 03:13:53.000000000 +0100
354 +int fib_result_table(struct fib_result *res)
356 + return res->r->table;
359 int fib_lookup(struct flowi *flp, struct fib_result *res)
361 struct fib_lookup_arg arg = {
363 void fib_select_default(const struct flowi *flp, struct fib_result *res)
365 if (res->r && res->r->action == FR_ACT_TO_TBL &&
366 - FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) {
367 + ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
368 + FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)) {
369 struct fib_table *tb;
370 if ((tb = fib_get_table(res->r->table)) != NULL)
371 tb->tb_select_default(tb, flp, res);
372 diff -urN linux-2.6.19.old/net/ipv4/fib_semantics.c linux-2.6.19.dev/net/ipv4/fib_semantics.c
373 --- linux-2.6.19.old/net/ipv4/fib_semantics.c 2006-11-29 22:57:37.000000000 +0100
374 +++ linux-2.6.19.dev/net/ipv4/fib_semantics.c 2006-12-14 03:13:53.000000000 +0100
376 static struct hlist_head *fib_info_laddrhash;
377 static unsigned int fib_hash_size;
378 static unsigned int fib_info_cnt;
379 +rwlock_t fib_nhflags_lock = RW_LOCK_UNLOCKED;
381 #define DEVINDEX_HASHBITS 8
382 #define DEVINDEX_HASHSIZE (1U << DEVINDEX_HASHBITS)
384 #ifdef CONFIG_NET_CLS_ROUTE
385 nh->nh_tclassid != onh->nh_tclassid ||
387 - ((nh->nh_flags^onh->nh_flags)&~RTNH_F_DEAD))
388 + ((nh->nh_flags^onh->nh_flags)&~RTNH_F_BADSTATE))
391 } endfor_nexthops(fi);
393 nfi->fib_priority == fi->fib_priority &&
394 memcmp(nfi->fib_metrics, fi->fib_metrics,
395 sizeof(fi->fib_metrics)) == 0 &&
396 - ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_DEAD) == 0 &&
397 + ((nfi->fib_flags^fi->fib_flags)&~RTNH_F_BADSTATE) == 0 &&
398 (nfi->fib_nhs == 0 || nh_comp(fi, nfi) == 0))
401 @@ -319,26 +320,70 @@
404 int fib_detect_death(struct fib_info *fi, int order,
405 - struct fib_info **last_resort, int *last_idx, int *dflt)
406 + struct fib_info **last_resort, int *last_idx, int *dflt,
407 + int *last_nhsel, const struct flowi *flp)
410 - int state = NUD_NONE;
413 + struct fib_nh * nh;
415 + int flag, dead = 1;
417 + /* change_nexthops(fi) { */
418 + for (nhsel = 0, nh = fi->fib_nh; nhsel < fi->fib_nhs; nh++, nhsel++) {
419 + if (flp->oif && flp->oif != nh->nh_oif)
421 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw && nh->nh_gw &&
422 + nh->nh_scope == RT_SCOPE_LINK)
424 + if (nh->nh_flags & RTNH_F_DEAD)
427 - n = neigh_lookup(&arp_tbl, &fi->fib_nh[0].nh_gw, fi->fib_dev);
429 - state = n->nud_state;
432 - if (state==NUD_REACHABLE)
434 - if ((state&NUD_VALID) && order != *dflt)
436 - if ((state&NUD_VALID) ||
437 - (*last_idx<0 && order > *dflt)) {
441 + if (nh->nh_dev->flags & IFF_NOARP) {
447 + if (!nh->nh_gw || nh->nh_scope != RT_SCOPE_LINK)
448 + dst = flp->fl4_dst;
451 + n = neigh_lookup(&arp_tbl, &dst, nh->nh_dev);
453 + state = n->nud_state;
456 + if (state==NUD_REACHABLE ||
457 + ((state&NUD_VALID) && order != *dflt)) {
461 + if (!(state&NUD_VALID))
465 + if ((state&NUD_VALID) ||
466 + (*last_idx<0 && order >= *dflt)) {
469 + *last_nhsel = nhsel;
474 + read_lock_bh(&fib_nhflags_lock);
476 + nh->nh_flags |= RTNH_F_SUSPECT;
478 + nh->nh_flags &= ~RTNH_F_SUSPECT;
479 + read_unlock_bh(&fib_nhflags_lock);
482 + /* } endfor_nexthops(fi) */
487 #ifdef CONFIG_IP_ROUTE_MULTIPATH
490 if ((dev = __dev_get_by_index(nh->nh_oif)) == NULL)
492 - if (!(dev->flags&IFF_UP))
494 + if (!(dev->flags&IFF_UP)) {
495 + if (fi->fib_protocol != RTPROT_STATIC)
497 + nh->nh_flags |= RTNH_F_DEAD;
501 nh->nh_scope = RT_SCOPE_LINK;
502 @@ -529,24 +577,48 @@
503 /* It is not necessary, but requires a bit of thinking */
504 if (fl.fl4_scope < RT_SCOPE_LINK)
505 fl.fl4_scope = RT_SCOPE_LINK;
506 - if ((err = fib_lookup(&fl, &res)) != 0)
508 + err = fib_lookup(&fl, &res);
511 - if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
513 - nh->nh_scope = res.scope;
514 - nh->nh_oif = FIB_RES_OIF(res);
515 - if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
517 - dev_hold(nh->nh_dev);
519 - if (!(nh->nh_dev->flags & IFF_UP))
523 + struct in_device *in_dev;
525 + if (err != -ENETUNREACH ||
526 + fi->fib_protocol != RTPROT_STATIC)
529 + in_dev = inetdev_by_index(nh->nh_oif);
530 + if (in_dev == NULL ||
531 + in_dev->dev->flags & IFF_UP) {
533 + in_dev_put(in_dev);
536 + nh->nh_flags |= RTNH_F_DEAD;
537 + nh->nh_scope = RT_SCOPE_LINK;
538 + nh->nh_dev = in_dev->dev;
539 + dev_hold(nh->nh_dev);
540 + in_dev_put(in_dev);
543 + if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
545 + nh->nh_scope = res.scope;
546 + nh->nh_oif = FIB_RES_OIF(res);
547 + if ((nh->nh_dev = FIB_RES_DEV(res)) == NULL)
549 + dev_hold(nh->nh_dev);
550 + if (!(nh->nh_dev->flags & IFF_UP)) {
551 + if (fi->fib_protocol != RTPROT_STATIC) {
555 + nh->nh_flags |= RTNH_F_DEAD;
565 struct in_device *in_dev;
570 if (!(in_dev->dev->flags&IFF_UP)) {
571 - in_dev_put(in_dev);
573 + if (fi->fib_protocol != RTPROT_STATIC) {
574 + in_dev_put(in_dev);
577 + nh->nh_flags |= RTNH_F_DEAD;
579 nh->nh_dev = in_dev->dev;
580 dev_hold(nh->nh_dev);
583 if (nh->nh_flags&RTNH_F_DEAD)
585 - if (!flp->oif || flp->oif == nh->nh_oif)
587 + if (flp->oif && flp->oif != nh->nh_oif)
589 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
590 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
594 #ifdef CONFIG_IP_ROUTE_MULTIPATH
595 if (nhsel < fi->fib_nhs) {
596 @@ -1056,18 +1135,29 @@
599 change_nexthops(fi) {
600 - if (nh->nh_flags&RTNH_F_DEAD)
602 - else if (nh->nh_dev == dev &&
603 - nh->nh_scope != scope) {
604 - nh->nh_flags |= RTNH_F_DEAD;
605 + if (nh->nh_flags&RTNH_F_DEAD) {
606 + if (fi->fib_protocol!=RTPROT_STATIC ||
607 + nh->nh_dev == NULL ||
608 + __in_dev_get_rtnl(nh->nh_dev) == NULL ||
609 + nh->nh_dev->flags&IFF_UP)
611 + } else if (nh->nh_dev == dev &&
612 + nh->nh_scope != scope) {
613 + write_lock_bh(&fib_nhflags_lock);
614 #ifdef CONFIG_IP_ROUTE_MULTIPATH
615 - spin_lock_bh(&fib_multipath_lock);
616 + spin_lock(&fib_multipath_lock);
617 + nh->nh_flags |= RTNH_F_DEAD;
618 fi->fib_power -= nh->nh_power;
620 - spin_unlock_bh(&fib_multipath_lock);
621 + spin_unlock(&fib_multipath_lock);
623 + nh->nh_flags |= RTNH_F_DEAD;
626 + write_unlock_bh(&fib_nhflags_lock);
627 + if (fi->fib_protocol!=RTPROT_STATIC ||
629 + __in_dev_get_rtnl(dev) == NULL)
632 #ifdef CONFIG_IP_ROUTE_MULTIPATH
633 if (force > 1 && nh->nh_dev == dev) {
634 @@ -1086,11 +1176,8 @@
638 -#ifdef CONFIG_IP_ROUTE_MULTIPATH
641 - Dead device goes up. We wake up dead nexthops.
642 - It takes sense only on multipath routes.
643 + Dead device goes up or new address is added. We wake up dead nexthops.
646 int fib_sync_up(struct net_device *dev)
647 @@ -1100,8 +1187,10 @@
648 struct hlist_head *head;
649 struct hlist_node *node;
652 + struct fib_result res;
656 if (!(dev->flags&IFF_UP))
659 @@ -1109,6 +1198,7 @@
660 hash = fib_devindex_hashfn(dev->ifindex);
661 head = &fib_info_devhash[hash];
665 hlist_for_each_entry(nh, node, head, nh_hash) {
666 struct fib_info *fi = nh->nh_parent;
667 @@ -1121,19 +1211,37 @@
670 change_nexthops(fi) {
671 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
673 + if (!(nh->nh_flags&RTNH_F_DEAD))
676 if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP))
678 if (nh->nh_dev != dev || !__in_dev_get_rtnl(dev))
680 + if (nh->nh_gw && fi->fib_protocol == RTPROT_STATIC) {
681 + struct flowi fl = {
683 + { .daddr = nh->nh_gw,
684 + .scope = nh->nh_scope } },
687 + if (fib_lookup(&fl, &res) != 0)
689 + if (res.type != RTN_UNICAST &&
690 + res.type != RTN_LOCAL) {
694 + nh->nh_scope = res.scope;
699 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
700 spin_lock_bh(&fib_multipath_lock);
702 nh->nh_flags &= ~RTNH_F_DEAD;
703 spin_unlock_bh(&fib_multipath_lock);
705 } endfor_nexthops(fi)
708 @@ -1141,10 +1249,14 @@
718 +#ifdef CONFIG_IP_ROUTE_MULTIPATH
721 The algorithm is suboptimal, but it provides really
722 fair weighted route distribution.
723 @@ -1153,24 +1265,45 @@
724 void fib_select_multipath(const struct flowi *flp, struct fib_result *res)
726 struct fib_info *fi = res->fi;
730 spin_lock_bh(&fib_multipath_lock);
734 + change_nexthops(fi) {
735 + if (flp->oif != nh->nh_oif)
737 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
738 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
740 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
741 + if (nh->nh_power > w) {
746 + } endfor_nexthops(fi);
748 + spin_unlock_bh(&fib_multipath_lock);
756 if (fi->fib_power <= 0) {
758 change_nexthops(fi) {
759 - if (!(nh->nh_flags&RTNH_F_DEAD)) {
760 + if (!(nh->nh_flags&RTNH_F_BADSTATE)) {
761 power += nh->nh_weight;
762 nh->nh_power = nh->nh_weight;
764 } endfor_nexthops(fi);
765 fi->fib_power = power;
767 - spin_unlock_bh(&fib_multipath_lock);
768 - /* Race condition: route has just become dead. */
777 @@ -1180,20 +1313,40 @@
779 w = jiffies % fi->fib_power;
782 change_nexthops(fi) {
783 - if (!(nh->nh_flags&RTNH_F_DEAD) && nh->nh_power) {
784 + if (!(nh->nh_flags&RTNH_F_BADSTATE) && nh->nh_power) {
785 if ((w -= nh->nh_power) <= 0) {
788 - res->nh_sel = nhsel;
789 spin_unlock_bh(&fib_multipath_lock);
790 + res->nh_sel = nhsel;
795 + } endfor_nexthops(fi);
804 + if (!(nh->nh_flags&RTNH_F_DEAD)) {
805 + if (flp->oif && flp->oif != nh->nh_oif)
807 + if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
808 + nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
810 + spin_unlock_bh(&fib_multipath_lock);
811 + res->nh_sel = nhsel;
814 } endfor_nexthops(fi);
816 /* Race condition: route has just become dead. */
818 spin_unlock_bh(&fib_multipath_lock);
821 diff -urN linux-2.6.19.old/net/ipv4/netfilter/ip_nat_core.c linux-2.6.19.dev/net/ipv4/netfilter/ip_nat_core.c
822 --- linux-2.6.19.old/net/ipv4/netfilter/ip_nat_core.c 2006-11-29 22:57:37.000000000 +0100
823 +++ linux-2.6.19.dev/net/ipv4/netfilter/ip_nat_core.c 2006-12-14 03:13:53.000000000 +0100
825 EXPORT_SYMBOL_GPL(ip_nat_port_range_to_nfattr);
829 +ip_nat_route_input(unsigned int hooknum,
830 + struct sk_buff **pskb,
831 + const struct net_device *in,
832 + const struct net_device *out,
833 + int (*okfn)(struct sk_buff *))
835 + struct sk_buff *skb = *pskb;
837 + struct ip_conntrack *conn;
838 + enum ip_conntrack_info ctinfo;
839 + enum ip_conntrack_dir dir;
840 + unsigned long statusbit;
843 + if (!(conn = ip_conntrack_get(skb, &ctinfo)))
846 + if (!(conn->status & IPS_NAT_DONE_MASK))
848 + dir = CTINFO2DIR(ctinfo);
849 + statusbit = IPS_SRC_NAT;
850 + if (dir == IP_CT_DIR_REPLY)
851 + statusbit ^= IPS_NAT_MASK;
852 + if (!(conn->status & statusbit))
858 + if (skb->len < sizeof(struct iphdr))
861 + /* use daddr in other direction as masquerade address (lsrc) */
863 + saddr = conn->tuplehash[!dir].tuple.dst.ip;
864 + if (saddr == iph->saddr)
867 + if (ip_route_input_lookup(skb, iph->daddr, iph->saddr, iph->tos,
873 +EXPORT_SYMBOL_GPL(ip_nat_route_input);
875 static int __init ip_nat_init(void)
878 diff -urN linux-2.6.19.old/net/ipv4/netfilter/ip_nat_standalone.c linux-2.6.19.dev/net/ipv4/netfilter/ip_nat_standalone.c
879 --- linux-2.6.19.old/net/ipv4/netfilter/ip_nat_standalone.c 2006-11-29 22:57:37.000000000 +0100
880 +++ linux-2.6.19.dev/net/ipv4/netfilter/ip_nat_standalone.c 2006-12-14 03:13:53.000000000 +0100
882 .hooknum = NF_IP_LOCAL_OUT,
883 .priority = NF_IP_PRI_NAT_DST,
885 + /* Before routing, route before mangling */
887 + .hook = ip_nat_route_input,
888 + .owner = THIS_MODULE,
890 + .hooknum = NF_IP_PRE_ROUTING,
891 + .priority = NF_IP_PRI_LAST-1,
893 /* After packet filtering, change source */
896 diff -urN linux-2.6.19.old/net/ipv4/netfilter/ipt_MASQUERADE.c linux-2.6.19.dev/net/ipv4/netfilter/ipt_MASQUERADE.c
897 --- linux-2.6.19.old/net/ipv4/netfilter/ipt_MASQUERADE.c 2006-11-29 22:57:37.000000000 +0100
898 +++ linux-2.6.19.dev/net/ipv4/netfilter/ipt_MASQUERADE.c 2006-12-14 03:13:53.000000000 +0100
903 - rt = (struct rtable *)(*pskb)->dst;
904 - newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
906 - printk("MASQUERADE: %s ate my IP address\n", out->name);
910 + struct flowi fl = { .nl_u = { .ip4_u =
911 + { .daddr = (*pskb)->nh.iph->daddr,
912 + .tos = (RT_TOS((*pskb)->nh.iph->tos) |
914 + .gw = ((struct rtable *) (*pskb)->dst)->rt_gateway,
915 +#ifdef CONFIG_IP_ROUTE_FWMARK
916 + .fwmark = (*pskb)->nfmark
919 + .oif = out->ifindex };
920 + if (ip_route_output_key(&rt, &fl) != 0) {
921 + /* Funky routing can do this. */
922 + if (net_ratelimit())
923 + printk("MASQUERADE:"
924 + " No route: Rusty's brain broke!\n");
929 + newsrc = rt->rt_src;
930 + DEBUGP("newsrc = %u.%u.%u.%u\n", NIPQUAD(newsrc));
933 write_lock_bh(&masq_lock);
934 ct->nat.masq_index = out->ifindex;
935 write_unlock_bh(&masq_lock);
936 diff -urN linux-2.6.19.old/net/ipv4/route.c linux-2.6.19.dev/net/ipv4/route.c
937 --- linux-2.6.19.old/net/ipv4/route.c 2006-11-29 22:57:37.000000000 +0100
938 +++ linux-2.6.19.dev/net/ipv4/route.c 2006-12-14 03:13:53.000000000 +0100
939 @@ -1211,6 +1211,7 @@
941 /* Gateway is different ... */
942 rt->rt_gateway = new_gw;
943 + if (rt->fl.fl4_gw) rt->fl.fl4_gw = new_gw;
945 /* Redirect received -> path was valid */
946 dst_confirm(&rth->u.dst);
947 @@ -1647,6 +1648,7 @@
948 rth->fl.fl4_fwmark= skb->nfmark;
950 rth->fl.fl4_src = saddr;
951 + rth->fl.fl4_lsrc = 0;
953 #ifdef CONFIG_NET_CLS_ROUTE
954 rth->u.dst.tclassid = itag;
955 @@ -1657,6 +1659,7 @@
956 dev_hold(rth->u.dst.dev);
957 rth->idev = in_dev_get(rth->u.dst.dev);
959 + rth->fl.fl4_gw = 0;
960 rth->rt_gateway = daddr;
961 rth->rt_spec_dst= spec_dst;
962 rth->rt_type = RTN_MULTICAST;
963 @@ -1721,7 +1724,7 @@
964 struct fib_result* res,
965 struct in_device *in_dev,
966 __be32 daddr, __be32 saddr, u32 tos,
967 - struct rtable **result)
968 + u32 lsrc, struct rtable **result)
972 @@ -1755,6 +1758,7 @@
973 flags |= RTCF_DIRECTSRC;
975 if (out_dev == in_dev && err && !(flags & (RTCF_NAT | RTCF_MASQ)) &&
977 (IN_DEV_SHARED_MEDIA(out_dev) ||
978 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
979 flags |= RTCF_DOREDIRECT;
980 @@ -1794,6 +1798,7 @@
982 rth->fl.fl4_src = saddr;
984 + rth->fl.fl4_lsrc = lsrc;
985 rth->rt_gateway = daddr;
987 rth->fl.iif = in_dev->dev->ifindex;
988 @@ -1801,6 +1806,7 @@
989 dev_hold(rth->u.dst.dev);
990 rth->idev = in_dev_get(rth->u.dst.dev);
992 + rth->fl.fl4_gw = 0;
993 rth->rt_spec_dst= spec_dst;
995 rth->u.dst.input = ip_forward;
996 @@ -1822,19 +1828,21 @@
997 struct fib_result* res,
998 const struct flowi *fl,
999 struct in_device *in_dev,
1000 - __be32 daddr, __be32 saddr, u32 tos)
1001 + __be32 daddr, __be32 saddr, u32 tos,
1004 struct rtable* rth = NULL;
1008 + fib_select_default(fl, res);
1009 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1010 - if (res->fi && res->fi->fib_nhs > 1 && fl->oif == 0)
1011 + if (res->fi && res->fi->fib_nhs > 1)
1012 fib_select_multipath(fl, res);
1015 /* create a routing cache entry */
1016 - err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
1017 + err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, lsrc, &rth);
1021 @@ -1847,7 +1855,8 @@
1022 struct fib_result* res,
1023 const struct flowi *fl,
1024 struct in_device *in_dev,
1025 - __be32 daddr, __be32 saddr, u32 tos)
1026 + __be32 daddr, __be32 saddr, u32 tos,
1029 #ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
1030 struct rtable* rth = NULL, *rtres;
1031 @@ -1863,7 +1872,7 @@
1032 /* distinguish between multipath and singlepath */
1034 return ip_mkroute_input_def(skb, res, fl, in_dev, daddr,
1038 /* add all alternatives to the routing cache */
1039 for (hop = 0; hop < hopcount; hop++) {
1040 @@ -1875,7 +1884,7 @@
1042 /* create a routing cache entry */
1043 err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos,
1049 @@ -1895,7 +1904,7 @@
1050 skb->dst = &rtres->u.dst;
1052 #else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
1053 - return ip_mkroute_input_def(skb, res, fl, in_dev, daddr, saddr, tos);
1054 + return ip_mkroute_input_def(skb, res, fl, in_dev, daddr, saddr, tos, lsrc);
1055 #endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
1058 @@ -1911,20 +1920,20 @@
1061 static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1062 - u8 tos, struct net_device *dev)
1063 + u8 tos, struct net_device *dev, u32 lsrc)
1065 struct fib_result res;
1066 struct in_device *in_dev = in_dev_get(dev);
1067 struct flowi fl = { .nl_u = { .ip4_u =
1070 + .saddr = lsrc? : saddr,
1072 .scope = RT_SCOPE_UNIVERSE,
1073 #ifdef CONFIG_IP_ROUTE_FWMARK
1074 .fwmark = skb->nfmark
1077 - .iif = dev->ifindex };
1078 + .iif = lsrc? loopback_dev.ifindex : dev->ifindex };
1081 struct rtable * rth;
1082 @@ -1957,6 +1966,12 @@
1083 if (BADCLASS(daddr) || ZERONET(daddr) || LOOPBACK(daddr))
1084 goto martian_destination;
1087 + if (MULTICAST(lsrc) || BADCLASS(lsrc) ||
1088 + ZERONET(lsrc) || LOOPBACK(lsrc))
1093 * Now we are ready to route packet.
1095 @@ -1966,6 +1981,10 @@
1099 + if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT)
1101 + fl.iif = dev->ifindex;
1102 + fl.fl4_src = saddr;
1104 RT_CACHE_STAT_INC(in_slow_tot);
1106 @@ -1990,7 +2009,7 @@
1107 if (res.type != RTN_UNICAST)
1108 goto martian_destination;
1110 - err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos);
1111 + err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos, lsrc);
1112 if (err == -ENOBUFS)
1115 @@ -2005,6 +2024,8 @@
1117 if (skb->protocol != htons(ETH_P_IP))
1123 spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
1124 @@ -2047,6 +2068,7 @@
1125 rth->u.dst.dev = &loopback_dev;
1126 dev_hold(rth->u.dst.dev);
1127 rth->idev = in_dev_get(rth->u.dst.dev);
1128 + rth->fl.fl4_gw = 0;
1129 rth->rt_gateway = daddr;
1130 rth->rt_spec_dst= spec_dst;
1131 rth->u.dst.input= ip_local_deliver;
1132 @@ -2096,8 +2118,9 @@
1136 -int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1137 - u8 tos, struct net_device *dev)
1139 +ip_route_input_cached(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1140 + u8 tos, struct net_device *dev, u32 lsrc)
1142 struct rtable * rth;
1144 @@ -2112,6 +2135,7 @@
1145 if (rth->fl.fl4_dst == daddr &&
1146 rth->fl.fl4_src == saddr &&
1147 rth->fl.iif == iif &&
1148 + rth->fl.fl4_lsrc == lsrc &&
1150 #ifdef CONFIG_IP_ROUTE_FWMARK
1151 rth->fl.fl4_fwmark == skb->nfmark &&
1152 @@ -2160,7 +2184,19 @@
1156 - return ip_route_input_slow(skb, daddr, saddr, tos, dev);
1157 + return ip_route_input_slow(skb, daddr, saddr, tos, dev, lsrc);
1160 +int ip_route_input(struct sk_buff *skb, u32 daddr, u32 saddr,
1161 + u8 tos, struct net_device *dev)
1163 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, 0);
1166 +int ip_route_input_lookup(struct sk_buff *skb, u32 daddr, u32 saddr,
1167 + u8 tos, struct net_device *dev, u32 lsrc)
1169 + return ip_route_input_cached(skb, daddr, saddr, tos, dev, lsrc);
1172 static inline int __mkroute_output(struct rtable **result,
1173 @@ -2239,6 +2275,7 @@
1174 rth->fl.fl4_tos = tos;
1175 rth->fl.fl4_src = oldflp->fl4_src;
1176 rth->fl.oif = oldflp->oif;
1177 + rth->fl.fl4_gw = oldflp->fl4_gw;
1178 #ifdef CONFIG_IP_ROUTE_FWMARK
1179 rth->fl.fl4_fwmark= oldflp->fl4_fwmark;
1181 @@ -2381,6 +2418,7 @@
1182 struct flowi fl = { .nl_u = { .ip4_u =
1183 { .daddr = oldflp->fl4_dst,
1184 .saddr = oldflp->fl4_src,
1185 + .gw = oldflp->fl4_gw,
1186 .tos = tos & IPTOS_RT_MASK,
1187 .scope = ((tos & RTO_ONLINK) ?
1189 @@ -2486,6 +2524,7 @@
1190 dev_out = &loopback_dev;
1192 fl.oif = loopback_dev.ifindex;
1194 res.type = RTN_LOCAL;
1195 flags |= RTCF_LOCAL;
1197 @@ -2493,7 +2532,7 @@
1199 if (fib_lookup(&fl, &res)) {
1201 - if (oldflp->oif) {
1202 + if (oldflp->oif && dev_out->flags & IFF_UP) {
1203 /* Apparently, routing tables are wrong. Assume,
1204 that the destination is on link.
1206 @@ -2533,6 +2572,7 @@
1207 dev_out = &loopback_dev;
1209 fl.oif = dev_out->ifindex;
1212 fib_info_put(res.fi);
1214 @@ -2540,13 +2580,12 @@
1218 + if (res.type == RTN_UNICAST)
1219 + fib_select_default(&fl, &res);
1220 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1221 - if (res.fi->fib_nhs > 1 && fl.oif == 0)
1222 + if (res.fi->fib_nhs > 1)
1223 fib_select_multipath(&fl, &res);
1226 - if (!res.prefixlen && res.type == RTN_UNICAST && !fl.oif)
1227 - fib_select_default(&fl, &res);
1230 fl.fl4_src = FIB_RES_PREFSRC(res);
1231 @@ -2583,6 +2622,7 @@
1232 rth->fl.fl4_src == flp->fl4_src &&
1234 rth->fl.oif == flp->oif &&
1235 + rth->fl.fl4_gw == flp->fl4_gw &&
1236 #ifdef CONFIG_IP_ROUTE_FWMARK
1237 rth->fl.fl4_fwmark == flp->fl4_fwmark &&
1239 @@ -3221,3 +3261,4 @@
1240 EXPORT_SYMBOL(__ip_select_ident);
1241 EXPORT_SYMBOL(ip_route_input);
1242 EXPORT_SYMBOL(ip_route_output_key);
1243 +EXPORT_SYMBOL(ip_route_input_lookup);
projects / openwrt.git / blob