X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=include%2Fnet%2Froute.h;h=fdbdb9271d7fb322a2942f9ad17d2695fdda61c3;hb=b678027cb77b079bc8e5b94172995d173bdb494b;hp=30d6cae3841af7ef73ffe09f3c6895c1b4cdb6db;hpb=26ff6801f751cd47e44c2e9507ec08b447f2d2b9;p=~andy%2Flinux

diff --git a/include/net/route.h b/include/net/route.h
index 30d6cae3841..fdbdb9271d7 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -35,16 +35,8 @@
 #include <linux/cache.h>
 #include <linux/security.h>
 
-#ifndef __KERNEL__
-#warning This file is not supposed to be used outside of kernel.
-#endif
-
 #define RTO_ONLINK	0x01
 
-#define RTO_CONN	0
-/* RTO_CONN is not used (being alias for 0), but preserved not to break
- * some modules referring to it. */
-
 #define RT_CONN_FLAGS(sk)   (RT_TOS(inet_sk(sk)->tos) | sock_flag(sk, SOCK_LOCALROUTE))
 
 struct fib_nh;
@@ -64,6 +56,7 @@ struct rtable {
 
 	__be32			rt_dst;	/* Path destination	*/
 	__be32			rt_src;	/* Path source		*/
+	int			rt_route_iif;
 	int			rt_iif;
 	int			rt_oif;
 	__u32			rt_mark;
@@ -80,12 +73,12 @@ struct rtable {
 
 static inline bool rt_is_input_route(struct rtable *rt)
 {
-	return rt->rt_iif != 0;
+	return rt->rt_route_iif != 0;
 }
 
 static inline bool rt_is_output_route(struct rtable *rt)
 {
-	return rt->rt_iif == 0;
+	return rt->rt_route_iif == 0;
 }
 
 struct ip_rt_acct {
@@ -149,17 +142,12 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct sock
 						   __be16 dport, __be16 sport,
 						   __u8 proto, __u8 tos, int oif)
 {
-	struct flowi4 fl4 = {
-		.flowi4_oif = oif,
-		.flowi4_flags = sk ? inet_sk_flowi_flags(sk) : 0,
-		.flowi4_mark = sk ? sk->sk_mark : 0,
-		.daddr = daddr,
-		.saddr = saddr,
-		.flowi4_tos = tos,
-		.flowi4_proto = proto,
-		.fl4_dport = dport,
-		.fl4_sport = sport,
-	};
+	struct flowi4 fl4;
+
+	flowi4_init_output(&fl4, oif, sk ? sk->sk_mark : 0, tos,
+			   RT_SCOPE_UNIVERSE, proto,
+			   sk ? inet_sk_flowi_flags(sk) : 0,
+			   daddr, saddr, dport, sport);
 	if (sk)
 		security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
 	return ip_route_output_flow(net, &fl4, sk);
@@ -195,7 +183,8 @@ static inline int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 s
 	return ip_route_input_common(skb, dst, src, tos, devin, true);
 }
 
-extern unsigned short	ip_rt_frag_needed(struct net *net, struct iphdr *iph, unsigned short new_mtu, struct net_device *dev);
+extern unsigned short	ip_rt_frag_needed(struct net *net, const struct iphdr *iph,
+					  unsigned short new_mtu, struct net_device *dev);
 extern void		ip_rt_send_redirect(struct sk_buff *skb);
 
 extern unsigned		inet_addr_type(struct net *net, __be32 addr);
@@ -207,6 +196,7 @@ extern int		ip_rt_dump(struct sk_buff *skb,  struct netlink_callback *cb);
 
 struct in_ifaddr;
 extern void fib_add_ifaddr(struct in_ifaddr *);
+extern void fib_del_ifaddr(struct in_ifaddr *, struct in_ifaddr *);
 
 static inline void ip_rt_put(struct rtable * rt)
 {
@@ -223,66 +213,83 @@ static inline char rt_tos2priority(u8 tos)
 	return ip_tos2prio[IPTOS_TOS(tos)>>1];
 }
 
-static inline struct rtable *ip_route_connect(__be32 dst, __be32 src, u32 tos,
+/* ip_route_connect() and ip_route_newports() work in tandem whilst
+ * binding a socket for a new outgoing connection.
+ *
+ * In order to use IPSEC properly, we must, in the end, have a
+ * route that was looked up using all available keys including source
+ * and destination ports.
+ *
+ * However, if a source port needs to be allocated (the user specified
+ * a wildcard source port) we need to obtain addressing information
+ * in order to perform that allocation.
+ *
+ * So ip_route_connect() looks up a route using wildcarded source and
+ * destination ports in the key, simply so that we can get a pair of
+ * addresses to use for port allocation.
+ *
+ * Later, once the ports are allocated, ip_route_newports() will make
+ * another route lookup if needed to make sure we catch any IPSEC
+ * rules keyed on the port information.
+ *
+ * The callers allocate the flow key on their stack, and must pass in
+ * the same flowi4 object to both the ip_route_connect() and the
+ * ip_route_newports() calls.
+ */
+
+static inline void ip_route_connect_init(struct flowi4 *fl4, __be32 dst, __be32 src,
+					 u32 tos, int oif, u8 protocol,
+					 __be16 sport, __be16 dport,
+					 struct sock *sk, bool can_sleep)
+{
+	__u8 flow_flags = 0;
+
+	if (inet_sk(sk)->transparent)
+		flow_flags |= FLOWI_FLAG_ANYSRC;
+	if (protocol == IPPROTO_TCP)
+		flow_flags |= FLOWI_FLAG_PRECOW_METRICS;
+	if (can_sleep)
+		flow_flags |= FLOWI_FLAG_CAN_SLEEP;
+
+	flowi4_init_output(fl4, oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE,
+			   protocol, flow_flags, dst, src, dport, sport);
+}
+
+static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
+					      __be32 dst, __be32 src, u32 tos,
 					      int oif, u8 protocol,
 					      __be16 sport, __be16 dport,
 					      struct sock *sk, bool can_sleep)
 {
-	struct flowi4 fl4 = {
-		.flowi4_oif = oif,
-		.flowi4_mark = sk->sk_mark,
-		.daddr = dst,
-		.saddr = src,
-		.flowi4_tos = tos,
-		.flowi4_proto = protocol,
-		.fl4_sport = sport,
-		.fl4_dport = dport,
-	};
 	struct net *net = sock_net(sk);
 	struct rtable *rt;
 
-	if (inet_sk(sk)->transparent)
-		fl4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
-	if (protocol == IPPROTO_TCP)
-		fl4.flowi4_flags |= FLOWI_FLAG_PRECOW_METRICS;
-	if (can_sleep)
-		fl4.flowi4_flags |= FLOWI_FLAG_CAN_SLEEP;
+	ip_route_connect_init(fl4, dst, src, tos, oif, protocol,
+			      sport, dport, sk, can_sleep);
 
 	if (!dst || !src) {
-		rt = __ip_route_output_key(net, &fl4);
+		rt = __ip_route_output_key(net, fl4);
 		if (IS_ERR(rt))
 			return rt;
-		fl4.daddr = rt->rt_dst;
-		fl4.saddr = rt->rt_src;
+		fl4->daddr = rt->rt_dst;
+		fl4->saddr = rt->rt_src;
 		ip_rt_put(rt);
 	}
-	security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
-	return ip_route_output_flow(net, &fl4, sk);
+	security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+	return ip_route_output_flow(net, fl4, sk);
 }
 
-static inline struct rtable *ip_route_newports(struct rtable *rt,
-					       u8 protocol, __be16 orig_sport,
-					       __be16 orig_dport, __be16 sport,
-					       __be16 dport, struct sock *sk)
+static inline struct rtable *ip_route_newports(struct flowi4 *fl4, struct rtable *rt,
+					       __be16 orig_sport, __be16 orig_dport,
+					       __be16 sport, __be16 dport,
+					       struct sock *sk)
 {
 	if (sport != orig_sport || dport != orig_dport) {
-		struct flowi4 fl4 = {
-			.flowi4_oif = rt->rt_oif,
-			.flowi4_mark = rt->rt_mark,
-			.daddr = rt->rt_key_dst,
-			.saddr = rt->rt_key_src,
-			.flowi4_tos = rt->rt_tos,
-			.flowi4_proto = protocol,
-			.fl4_sport = sport,
-			.fl4_dport = dport
-		};
-		if (inet_sk(sk)->transparent)
-			fl4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
-		if (protocol == IPPROTO_TCP)
-			fl4.flowi4_flags |= FLOWI_FLAG_PRECOW_METRICS;
+		fl4->fl4_dport = dport;
+		fl4->fl4_sport = sport;
 		ip_rt_put(rt);
-		security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
-		return ip_route_output_flow(sock_net(sk), &fl4, sk);
+		security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+		return ip_route_output_flow(sock_net(sk), fl4, sk);
 	}
 	return rt;
 }