diff options
| author | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
| commit | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch) | |
| tree | 0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/ipv4/ip_forward.c | |
Linux-2.6.12-rc2v2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!
Diffstat (limited to 'net/ipv4/ip_forward.c')
| -rw-r--r-- | net/ipv4/ip_forward.c | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c new file mode 100644 index 000000000000..77094aac6c28 --- /dev/null +++ b/net/ipv4/ip_forward.c | |||
| @@ -0,0 +1,127 @@ | |||
| 1 | /* | ||
| 2 | * INET An implementation of the TCP/IP protocol suite for the LINUX | ||
| 3 | * operating system. INET is implemented using the BSD Socket | ||
| 4 | * interface as the means of communication with the user level. | ||
| 5 | * | ||
| 6 | * The IP forwarding functionality. | ||
| 7 | * | ||
| 8 | * Version: $Id: ip_forward.c,v 1.48 2000/12/13 18:31:48 davem Exp $ | ||
| 9 | * | ||
| 10 | * Authors: see ip.c | ||
| 11 | * | ||
| 12 | * Fixes: | ||
| 13 | * Many : Split from ip.c , see ip_input.c for | ||
| 14 | * history. | ||
| 15 | * Dave Gregorich : NULL ip_rt_put fix for multicast | ||
| 16 | * routing. | ||
| 17 | * Jos Vos : Add call_out_firewall before sending, | ||
| 18 | * use output device for accounting. | ||
| 19 | * Jos Vos : Call forward firewall after routing | ||
| 20 | * (always use output device). | ||
| 21 | * Mike McLagan : Routing by source | ||
| 22 | */ | ||
| 23 | |||
| 24 | #include <linux/config.h> | ||
| 25 | #include <linux/types.h> | ||
| 26 | #include <linux/mm.h> | ||
| 27 | #include <linux/sched.h> | ||
| 28 | #include <linux/skbuff.h> | ||
| 29 | #include <linux/ip.h> | ||
| 30 | #include <linux/icmp.h> | ||
| 31 | #include <linux/netdevice.h> | ||
| 32 | #include <net/sock.h> | ||
| 33 | #include <net/ip.h> | ||
| 34 | #include <net/tcp.h> | ||
| 35 | #include <net/udp.h> | ||
| 36 | #include <net/icmp.h> | ||
| 37 | #include <linux/tcp.h> | ||
| 38 | #include <linux/udp.h> | ||
| 39 | #include <linux/netfilter_ipv4.h> | ||
| 40 | #include <net/checksum.h> | ||
| 41 | #include <linux/route.h> | ||
| 42 | #include <net/route.h> | ||
| 43 | #include <net/xfrm.h> | ||
| 44 | |||
| 45 | static inline int ip_forward_finish(struct sk_buff *skb) | ||
| 46 | { | ||
| 47 | struct ip_options * opt = &(IPCB(skb)->opt); | ||
| 48 | |||
| 49 | IP_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); | ||
| 50 | |||
| 51 | if (unlikely(opt->optlen)) | ||
| 52 | ip_forward_options(skb); | ||
| 53 | |||
| 54 | return dst_output(skb); | ||
| 55 | } | ||
| 56 | |||
| 57 | int ip_forward(struct sk_buff *skb) | ||
| 58 | { | ||
| 59 | struct iphdr *iph; /* Our header */ | ||
| 60 | struct rtable *rt; /* Route we use */ | ||
| 61 | struct ip_options * opt = &(IPCB(skb)->opt); | ||
| 62 | |||
| 63 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb)) | ||
| 64 | goto drop; | ||
| 65 | |||
| 66 | if (IPCB(skb)->opt.router_alert && ip_call_ra_chain(skb)) | ||
| 67 | return NET_RX_SUCCESS; | ||
| 68 | |||
| 69 | if (skb->pkt_type != PACKET_HOST) | ||
| 70 | goto drop; | ||
| 71 | |||
| 72 | skb->ip_summed = CHECKSUM_NONE; | ||
| 73 | |||
| 74 | /* | ||
| 75 | * According to the RFC, we must first decrease the TTL field. If | ||
| 76 | * that reaches zero, we must reply an ICMP control message telling | ||
| 77 | * that the packet's lifetime expired. | ||
| 78 | */ | ||
| 79 | |||
| 80 | iph = skb->nh.iph; | ||
| 81 | |||
| 82 | if (iph->ttl <= 1) | ||
| 83 | goto too_many_hops; | ||
| 84 | |||
| 85 | if (!xfrm4_route_forward(skb)) | ||
| 86 | goto drop; | ||
| 87 | |||
| 88 | iph = skb->nh.iph; | ||
| 89 | rt = (struct rtable*)skb->dst; | ||
| 90 | |||
| 91 | if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway) | ||
| 92 | goto sr_failed; | ||
| 93 | |||
| 94 | /* We are about to mangle packet. Copy it! */ | ||
| 95 | if (skb_cow(skb, LL_RESERVED_SPACE(rt->u.dst.dev)+rt->u.dst.header_len)) | ||
| 96 | goto drop; | ||
| 97 | iph = skb->nh.iph; | ||
| 98 | |||
| 99 | /* Decrease ttl after skb cow done */ | ||
| 100 | ip_decrease_ttl(iph); | ||
| 101 | |||
| 102 | /* | ||
| 103 | * We now generate an ICMP HOST REDIRECT giving the route | ||
| 104 | * we calculated. | ||
| 105 | */ | ||
| 106 | if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr) | ||
| 107 | ip_rt_send_redirect(skb); | ||
| 108 | |||
| 109 | skb->priority = rt_tos2priority(iph->tos); | ||
| 110 | |||
| 111 | return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev, | ||
| 112 | ip_forward_finish); | ||
| 113 | |||
| 114 | sr_failed: | ||
| 115 | /* | ||
| 116 | * Strict routing permits no gatewaying | ||
| 117 | */ | ||
| 118 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0); | ||
| 119 | goto drop; | ||
| 120 | |||
| 121 | too_many_hops: | ||
| 122 | /* Tell the sender its packet died... */ | ||
| 123 | icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0); | ||
| 124 | drop: | ||
| 125 | kfree_skb(skb); | ||
| 126 | return NET_RX_DROP; | ||
| 127 | } | ||