DECnet: don't leak uninitialized stack byte
[linux-2.6.git] / net / decnet / dn_route.c
1 /*
2  * DECnet       An implementation of the DECnet protocol suite for the LINUX
3  *              operating system.  DECnet is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              DECnet Routing Functions (Endnode and Router)
7  *
8  * Authors:     Steve Whitehouse <SteveW@ACM.org>
9  *              Eduardo Marcelo Serrat <emserrat@geocities.com>
10  *
11  * Changes:
12  *              Steve Whitehouse : Fixes to allow "intra-ethernet" and
13  *                                 "return-to-sender" bits on outgoing
14  *                                 packets.
15  *              Steve Whitehouse : Timeouts for cached routes.
16  *              Steve Whitehouse : Use dst cache for input routes too.
17  *              Steve Whitehouse : Fixed error values in dn_send_skb.
18  *              Steve Whitehouse : Rework routing functions to better fit
19  *                                 DECnet routing design
20  *              Alexey Kuznetsov : New SMP locking
21  *              Steve Whitehouse : More SMP locking changes & dn_cache_dump()
22  *              Steve Whitehouse : Prerouting NF hook, now really is prerouting.
23  *                                 Fixed possible skb leak in rtnetlink funcs.
24  *              Steve Whitehouse : Dave Miller's dynamic hash table sizing and
25  *                                 Alexey Kuznetsov's finer grained locking
26  *                                 from ipv4/route.c.
27  *              Steve Whitehouse : Routing is now starting to look like a
28  *                                 sensible set of code now, mainly due to
29  *                                 my copying the IPv4 routing code. The
30  *                                 hooks here are modified and will continue
31  *                                 to evolve for a while.
32  *              Steve Whitehouse : Real SMP at last :-) Also new netfilter
33  *                                 stuff. Look out raw sockets your days
34  *                                 are numbered!
35  *              Steve Whitehouse : Added return-to-sender functions. Added
36  *                                 backlog congestion level return codes.
37  *              Steve Whitehouse : Fixed bug where routes were set up with
38  *                                 no ref count on net devices.
39  *              Steve Whitehouse : RCU for the route cache
40  *              Steve Whitehouse : Preparations for the flow cache
41  *              Steve Whitehouse : Prepare for nonlinear skbs
42  */
43
44 /******************************************************************************
45     (c) 1995-1998 E.M. Serrat           emserrat@geocities.com
46
47     This program is free software; you can redistribute it and/or modify
48     it under the terms of the GNU General Public License as published by
49     the Free Software Foundation; either version 2 of the License, or
50     any later version.
51
52     This program is distributed in the hope that it will be useful,
53     but WITHOUT ANY WARRANTY; without even the implied warranty of
54     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
55     GNU General Public License for more details.
56 *******************************************************************************/
57
58 #include <linux/errno.h>
59 #include <linux/types.h>
60 #include <linux/socket.h>
61 #include <linux/in.h>
62 #include <linux/kernel.h>
63 #include <linux/sockios.h>
64 #include <linux/net.h>
65 #include <linux/netdevice.h>
66 #include <linux/inet.h>
67 #include <linux/route.h>
68 #include <linux/in_route.h>
69 #include <linux/slab.h>
70 #include <net/sock.h>
71 #include <linux/mm.h>
72 #include <linux/proc_fs.h>
73 #include <linux/seq_file.h>
74 #include <linux/init.h>
75 #include <linux/rtnetlink.h>
76 #include <linux/string.h>
77 #include <linux/netfilter_decnet.h>
78 #include <linux/rcupdate.h>
79 #include <linux/times.h>
80 #include <asm/errno.h>
81 #include <net/net_namespace.h>
82 #include <net/netlink.h>
83 #include <net/neighbour.h>
84 #include <net/dst.h>
85 #include <net/flow.h>
86 #include <net/fib_rules.h>
87 #include <net/dn.h>
88 #include <net/dn_dev.h>
89 #include <net/dn_nsp.h>
90 #include <net/dn_route.h>
91 #include <net/dn_neigh.h>
92 #include <net/dn_fib.h>
93
94 struct dn_rt_hash_bucket
95 {
96         struct dn_route *chain;
97         spinlock_t lock;
98 };
99
100 extern struct neigh_table dn_neigh_table;
101
102
103 static unsigned char dn_hiord_addr[6] = {0xAA,0x00,0x04,0x00,0x00,0x00};
104
105 static const int dn_rt_min_delay = 2 * HZ;
106 static const int dn_rt_max_delay = 10 * HZ;
107 static const int dn_rt_mtu_expires = 10 * 60 * HZ;
108
109 static unsigned long dn_rt_deadline;
110
111 static int dn_dst_gc(struct dst_ops *ops);
112 static struct dst_entry *dn_dst_check(struct dst_entry *, __u32);
113 static struct dst_entry *dn_dst_negative_advice(struct dst_entry *);
114 static void dn_dst_link_failure(struct sk_buff *);
115 static void dn_dst_update_pmtu(struct dst_entry *dst, u32 mtu);
116 static int dn_route_input(struct sk_buff *);
117 static void dn_run_flush(unsigned long dummy);
118
119 static struct dn_rt_hash_bucket *dn_rt_hash_table;
120 static unsigned dn_rt_hash_mask;
121
122 static struct timer_list dn_route_timer;
123 static DEFINE_TIMER(dn_rt_flush_timer, dn_run_flush, 0, 0);
124 int decnet_dst_gc_interval = 2;
125
126 static struct dst_ops dn_dst_ops = {
127         .family =               PF_DECnet,
128         .protocol =             cpu_to_be16(ETH_P_DNA_RT),
129         .gc_thresh =            128,
130         .gc =                   dn_dst_gc,
131         .check =                dn_dst_check,
132         .negative_advice =      dn_dst_negative_advice,
133         .link_failure =         dn_dst_link_failure,
134         .update_pmtu =          dn_dst_update_pmtu,
135 };
136
137 static __inline__ unsigned dn_hash(__le16 src, __le16 dst)
138 {
139         __u16 tmp = (__u16 __force)(src ^ dst);
140         tmp ^= (tmp >> 3);
141         tmp ^= (tmp >> 5);
142         tmp ^= (tmp >> 10);
143         return dn_rt_hash_mask & (unsigned)tmp;
144 }
145
146 static inline void dnrt_free(struct dn_route *rt)
147 {
148         call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
149 }
150
151 static inline void dnrt_drop(struct dn_route *rt)
152 {
153         dst_release(&rt->dst);
154         call_rcu_bh(&rt->dst.rcu_head, dst_rcu_free);
155 }
156
157 static void dn_dst_check_expire(unsigned long dummy)
158 {
159         int i;
160         struct dn_route *rt, **rtp;
161         unsigned long now = jiffies;
162         unsigned long expire = 120 * HZ;
163
164         for(i = 0; i <= dn_rt_hash_mask; i++) {
165                 rtp = &dn_rt_hash_table[i].chain;
166
167                 spin_lock(&dn_rt_hash_table[i].lock);
168                 while((rt=*rtp) != NULL) {
169                         if (atomic_read(&rt->dst.__refcnt) ||
170                                         (now - rt->dst.lastuse) < expire) {
171                                 rtp = &rt->dst.dn_next;
172                                 continue;
173                         }
174                         *rtp = rt->dst.dn_next;
175                         rt->dst.dn_next = NULL;
176                         dnrt_free(rt);
177                 }
178                 spin_unlock(&dn_rt_hash_table[i].lock);
179
180                 if ((jiffies - now) > 0)
181                         break;
182         }
183
184         mod_timer(&dn_route_timer, now + decnet_dst_gc_interval * HZ);
185 }
186
187 static int dn_dst_gc(struct dst_ops *ops)
188 {
189         struct dn_route *rt, **rtp;
190         int i;
191         unsigned long now = jiffies;
192         unsigned long expire = 10 * HZ;
193
194         for(i = 0; i <= dn_rt_hash_mask; i++) {
195
196                 spin_lock_bh(&dn_rt_hash_table[i].lock);
197                 rtp = &dn_rt_hash_table[i].chain;
198
199                 while((rt=*rtp) != NULL) {
200                         if (atomic_read(&rt->dst.__refcnt) ||
201                                         (now - rt->dst.lastuse) < expire) {
202                                 rtp = &rt->dst.dn_next;
203                                 continue;
204                         }
205                         *rtp = rt->dst.dn_next;
206                         rt->dst.dn_next = NULL;
207                         dnrt_drop(rt);
208                         break;
209                 }
210                 spin_unlock_bh(&dn_rt_hash_table[i].lock);
211         }
212
213         return 0;
214 }
215
216 /*
217  * The decnet standards don't impose a particular minimum mtu, what they
218  * do insist on is that the routing layer accepts a datagram of at least
219  * 230 bytes long. Here we have to subtract the routing header length from
220  * 230 to get the minimum acceptable mtu. If there is no neighbour, then we
221  * assume the worst and use a long header size.
222  *
223  * We update both the mtu and the advertised mss (i.e. the segment size we
224  * advertise to the other end).
225  */
226 static void dn_dst_update_pmtu(struct dst_entry *dst, u32 mtu)
227 {
228         u32 min_mtu = 230;
229         struct dn_dev *dn = dst->neighbour ?
230                             (struct dn_dev *)dst->neighbour->dev->dn_ptr : NULL;
231
232         if (dn && dn->use_long == 0)
233                 min_mtu -= 6;
234         else
235                 min_mtu -= 21;
236
237         if (dst_metric(dst, RTAX_MTU) > mtu && mtu >= min_mtu) {
238                 if (!(dst_metric_locked(dst, RTAX_MTU))) {
239                         dst->metrics[RTAX_MTU-1] = mtu;
240                         dst_set_expires(dst, dn_rt_mtu_expires);
241                 }
242                 if (!(dst_metric_locked(dst, RTAX_ADVMSS))) {
243                         u32 mss = mtu - DN_MAX_NSP_DATA_HEADER;
244                         if (dst_metric(dst, RTAX_ADVMSS) > mss)
245                                 dst->metrics[RTAX_ADVMSS-1] = mss;
246                 }
247         }
248 }
249
250 /*
251  * When a route has been marked obsolete. (e.g. routing cache flush)
252  */
253 static struct dst_entry *dn_dst_check(struct dst_entry *dst, __u32 cookie)
254 {
255         return NULL;
256 }
257
258 static struct dst_entry *dn_dst_negative_advice(struct dst_entry *dst)
259 {
260         dst_release(dst);
261         return NULL;
262 }
263
264 static void dn_dst_link_failure(struct sk_buff *skb)
265 {
266 }
267
268 static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
269 {
270         return ((fl1->nl_u.dn_u.daddr ^ fl2->nl_u.dn_u.daddr) |
271                 (fl1->nl_u.dn_u.saddr ^ fl2->nl_u.dn_u.saddr) |
272                 (fl1->mark ^ fl2->mark) |
273                 (fl1->nl_u.dn_u.scope ^ fl2->nl_u.dn_u.scope) |
274                 (fl1->oif ^ fl2->oif) |
275                 (fl1->iif ^ fl2->iif)) == 0;
276 }
277
278 static int dn_insert_route(struct dn_route *rt, unsigned hash, struct dn_route **rp)
279 {
280         struct dn_route *rth, **rthp;
281         unsigned long now = jiffies;
282
283         rthp = &dn_rt_hash_table[hash].chain;
284
285         spin_lock_bh(&dn_rt_hash_table[hash].lock);
286         while((rth = *rthp) != NULL) {
287                 if (compare_keys(&rth->fl, &rt->fl)) {
288                         /* Put it first */
289                         *rthp = rth->dst.dn_next;
290                         rcu_assign_pointer(rth->dst.dn_next,
291                                            dn_rt_hash_table[hash].chain);
292                         rcu_assign_pointer(dn_rt_hash_table[hash].chain, rth);
293
294                         dst_use(&rth->dst, now);
295                         spin_unlock_bh(&dn_rt_hash_table[hash].lock);
296
297                         dnrt_drop(rt);
298                         *rp = rth;
299                         return 0;
300                 }
301                 rthp = &rth->dst.dn_next;
302         }
303
304         rcu_assign_pointer(rt->dst.dn_next, dn_rt_hash_table[hash].chain);
305         rcu_assign_pointer(dn_rt_hash_table[hash].chain, rt);
306
307         dst_use(&rt->dst, now);
308         spin_unlock_bh(&dn_rt_hash_table[hash].lock);
309         *rp = rt;
310         return 0;
311 }
312
313 static void dn_run_flush(unsigned long dummy)
314 {
315         int i;
316         struct dn_route *rt, *next;
317
318         for(i = 0; i < dn_rt_hash_mask; i++) {
319                 spin_lock_bh(&dn_rt_hash_table[i].lock);
320
321                 if ((rt = xchg(&dn_rt_hash_table[i].chain, NULL)) == NULL)
322                         goto nothing_to_declare;
323
324                 for(; rt; rt=next) {
325                         next = rt->dst.dn_next;
326                         rt->dst.dn_next = NULL;
327                         dst_free((struct dst_entry *)rt);
328                 }
329
330 nothing_to_declare:
331                 spin_unlock_bh(&dn_rt_hash_table[i].lock);
332         }
333 }
334
335 static DEFINE_SPINLOCK(dn_rt_flush_lock);
336
337 void dn_rt_cache_flush(int delay)
338 {
339         unsigned long now = jiffies;
340         int user_mode = !in_interrupt();
341
342         if (delay < 0)
343                 delay = dn_rt_min_delay;
344
345         spin_lock_bh(&dn_rt_flush_lock);
346
347         if (del_timer(&dn_rt_flush_timer) && delay > 0 && dn_rt_deadline) {
348                 long tmo = (long)(dn_rt_deadline - now);
349
350                 if (user_mode && tmo < dn_rt_max_delay - dn_rt_min_delay)
351                         tmo = 0;
352
353                 if (delay > tmo)
354                         delay = tmo;
355         }
356
357         if (delay <= 0) {
358                 spin_unlock_bh(&dn_rt_flush_lock);
359                 dn_run_flush(0);
360                 return;
361         }
362
363         if (dn_rt_deadline == 0)
364                 dn_rt_deadline = now + dn_rt_max_delay;
365
366         dn_rt_flush_timer.expires = now + delay;
367         add_timer(&dn_rt_flush_timer);
368         spin_unlock_bh(&dn_rt_flush_lock);
369 }
370
371 /**
372  * dn_return_short - Return a short packet to its sender
373  * @skb: The packet to return
374  *
375  */
376 static int dn_return_short(struct sk_buff *skb)
377 {
378         struct dn_skb_cb *cb;
379         unsigned char *ptr;
380         __le16 *src;
381         __le16 *dst;
382
383         /* Add back headers */
384         skb_push(skb, skb->data - skb_network_header(skb));
385
386         if ((skb = skb_unshare(skb, GFP_ATOMIC)) == NULL)
387                 return NET_RX_DROP;
388
389         cb = DN_SKB_CB(skb);
390         /* Skip packet length and point to flags */
391         ptr = skb->data + 2;
392         *ptr++ = (cb->rt_flags & ~DN_RT_F_RQR) | DN_RT_F_RTS;
393
394         dst = (__le16 *)ptr;
395         ptr += 2;
396         src = (__le16 *)ptr;
397         ptr += 2;
398         *ptr = 0; /* Zero hop count */
399
400         swap(*src, *dst);
401
402         skb->pkt_type = PACKET_OUTGOING;
403         dn_rt_finish_output(skb, NULL, NULL);
404         return NET_RX_SUCCESS;
405 }
406
407 /**
408  * dn_return_long - Return a long packet to its sender
409  * @skb: The long format packet to return
410  *
411  */
412 static int dn_return_long(struct sk_buff *skb)
413 {
414         struct dn_skb_cb *cb;
415         unsigned char *ptr;
416         unsigned char *src_addr, *dst_addr;
417         unsigned char tmp[ETH_ALEN];
418
419         /* Add back all headers */
420         skb_push(skb, skb->data - skb_network_header(skb));
421
422         if ((skb = skb_unshare(skb, GFP_ATOMIC)) == NULL)
423                 return NET_RX_DROP;
424
425         cb = DN_SKB_CB(skb);
426         /* Ignore packet length and point to flags */
427         ptr = skb->data + 2;
428
429         /* Skip padding */
430         if (*ptr & DN_RT_F_PF) {
431                 char padlen = (*ptr & ~DN_RT_F_PF);
432                 ptr += padlen;
433         }
434
435         *ptr++ = (cb->rt_flags & ~DN_RT_F_RQR) | DN_RT_F_RTS;
436         ptr += 2;
437         dst_addr = ptr;
438         ptr += 8;
439         src_addr = ptr;
440         ptr += 6;
441         *ptr = 0; /* Zero hop count */
442
443         /* Swap source and destination */
444         memcpy(tmp, src_addr, ETH_ALEN);
445         memcpy(src_addr, dst_addr, ETH_ALEN);
446         memcpy(dst_addr, tmp, ETH_ALEN);
447
448         skb->pkt_type = PACKET_OUTGOING;
449         dn_rt_finish_output(skb, dst_addr, src_addr);
450         return NET_RX_SUCCESS;
451 }
452
453 /**
454  * dn_route_rx_packet - Try and find a route for an incoming packet
455  * @skb: The packet to find a route for
456  *
457  * Returns: result of input function if route is found, error code otherwise
458  */
459 static int dn_route_rx_packet(struct sk_buff *skb)
460 {
461         struct dn_skb_cb *cb = DN_SKB_CB(skb);
462         int err;
463
464         if ((err = dn_route_input(skb)) == 0)
465                 return dst_input(skb);
466
467         if (decnet_debug_level & 4) {
468                 char *devname = skb->dev ? skb->dev->name : "???";
469                 struct dn_skb_cb *cb = DN_SKB_CB(skb);
470                 printk(KERN_DEBUG
471                         "DECnet: dn_route_rx_packet: rt_flags=0x%02x dev=%s len=%d src=0x%04hx dst=0x%04hx err=%d type=%d\n",
472                         (int)cb->rt_flags, devname, skb->len,
473                         le16_to_cpu(cb->src), le16_to_cpu(cb->dst),
474                         err, skb->pkt_type);
475         }
476
477         if ((skb->pkt_type == PACKET_HOST) && (cb->rt_flags & DN_RT_F_RQR)) {
478                 switch(cb->rt_flags & DN_RT_PKT_MSK) {
479                         case DN_RT_PKT_SHORT:
480                                 return dn_return_short(skb);
481                         case DN_RT_PKT_LONG:
482                                 return dn_return_long(skb);
483                 }
484         }
485
486         kfree_skb(skb);
487         return NET_RX_DROP;
488 }
489
490 static int dn_route_rx_long(struct sk_buff *skb)
491 {
492         struct dn_skb_cb *cb = DN_SKB_CB(skb);
493         unsigned char *ptr = skb->data;
494
495         if (!pskb_may_pull(skb, 21)) /* 20 for long header, 1 for shortest nsp */
496                 goto drop_it;
497
498         skb_pull(skb, 20);
499         skb_reset_transport_header(skb);
500
501         /* Destination info */
502         ptr += 2;
503         cb->dst = dn_eth2dn(ptr);
504         if (memcmp(ptr, dn_hiord_addr, 4) != 0)
505                 goto drop_it;
506         ptr += 6;
507
508
509         /* Source info */
510         ptr += 2;
511         cb->src = dn_eth2dn(ptr);
512         if (memcmp(ptr, dn_hiord_addr, 4) != 0)
513                 goto drop_it;
514         ptr += 6;
515         /* Other junk */
516         ptr++;
517         cb->hops = *ptr++; /* Visit Count */
518
519         return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL,
520                        dn_route_rx_packet);
521
522 drop_it:
523         kfree_skb(skb);
524         return NET_RX_DROP;
525 }
526
527
528
529 static int dn_route_rx_short(struct sk_buff *skb)
530 {
531         struct dn_skb_cb *cb = DN_SKB_CB(skb);
532         unsigned char *ptr = skb->data;
533
534         if (!pskb_may_pull(skb, 6)) /* 5 for short header + 1 for shortest nsp */
535                 goto drop_it;
536
537         skb_pull(skb, 5);
538         skb_reset_transport_header(skb);
539
540         cb->dst = *(__le16 *)ptr;
541         ptr += 2;
542         cb->src = *(__le16 *)ptr;
543         ptr += 2;
544         cb->hops = *ptr & 0x3f;
545
546         return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL,
547                        dn_route_rx_packet);
548
549 drop_it:
550         kfree_skb(skb);
551         return NET_RX_DROP;
552 }
553
554 static int dn_route_discard(struct sk_buff *skb)
555 {
556         /*
557          * I know we drop the packet here, but thats considered success in
558          * this case
559          */
560         kfree_skb(skb);
561         return NET_RX_SUCCESS;
562 }
563
564 static int dn_route_ptp_hello(struct sk_buff *skb)
565 {
566         dn_dev_hello(skb);
567         dn_neigh_pointopoint_hello(skb);
568         return NET_RX_SUCCESS;
569 }
570
571 int dn_route_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
572 {
573         struct dn_skb_cb *cb;
574         unsigned char flags = 0;
575         __u16 len = le16_to_cpu(*(__le16 *)skb->data);
576         struct dn_dev *dn = (struct dn_dev *)dev->dn_ptr;
577         unsigned char padlen = 0;
578
579         if (!net_eq(dev_net(dev), &init_net))
580                 goto dump_it;
581
582         if (dn == NULL)
583                 goto dump_it;
584
585         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
586                 goto out;
587
588         if (!pskb_may_pull(skb, 3))
589                 goto dump_it;
590
591         skb_pull(skb, 2);
592
593         if (len > skb->len)
594                 goto dump_it;
595
596         skb_trim(skb, len);
597
598         flags = *skb->data;
599
600         cb = DN_SKB_CB(skb);
601         cb->stamp = jiffies;
602         cb->iif = dev->ifindex;
603
604         /*
605          * If we have padding, remove it.
606          */
607         if (flags & DN_RT_F_PF) {
608                 padlen = flags & ~DN_RT_F_PF;
609                 if (!pskb_may_pull(skb, padlen + 1))
610                         goto dump_it;
611                 skb_pull(skb, padlen);
612                 flags = *skb->data;
613         }
614
615         skb_reset_network_header(skb);
616
617         /*
618          * Weed out future version DECnet
619          */
620         if (flags & DN_RT_F_VER)
621                 goto dump_it;
622
623         cb->rt_flags = flags;
624
625         if (decnet_debug_level & 1)
626                 printk(KERN_DEBUG
627                         "dn_route_rcv: got 0x%02x from %s [%d %d %d]\n",
628                         (int)flags, (dev) ? dev->name : "???", len, skb->len,
629                         padlen);
630
631         if (flags & DN_RT_PKT_CNTL) {
632                 if (unlikely(skb_linearize(skb)))
633                         goto dump_it;
634
635                 switch(flags & DN_RT_CNTL_MSK) {
636                         case DN_RT_PKT_INIT:
637                                 dn_dev_init_pkt(skb);
638                                 break;
639                         case DN_RT_PKT_VERI:
640                                 dn_dev_veri_pkt(skb);
641                                 break;
642                 }
643
644                 if (dn->parms.state != DN_DEV_S_RU)
645                         goto dump_it;
646
647                 switch(flags & DN_RT_CNTL_MSK) {
648                         case DN_RT_PKT_HELO:
649                                 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
650                                                skb, skb->dev, NULL,
651                                                dn_route_ptp_hello);
652
653                         case DN_RT_PKT_L1RT:
654                         case DN_RT_PKT_L2RT:
655                                 return NF_HOOK(NFPROTO_DECNET, NF_DN_ROUTE,
656                                                skb, skb->dev, NULL,
657                                                dn_route_discard);
658                         case DN_RT_PKT_ERTH:
659                                 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
660                                                skb, skb->dev, NULL,
661                                                dn_neigh_router_hello);
662
663                         case DN_RT_PKT_EEDH:
664                                 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
665                                                skb, skb->dev, NULL,
666                                                dn_neigh_endnode_hello);
667                 }
668         } else {
669                 if (dn->parms.state != DN_DEV_S_RU)
670                         goto dump_it;
671
672                 skb_pull(skb, 1); /* Pull flags */
673
674                 switch(flags & DN_RT_PKT_MSK) {
675                         case DN_RT_PKT_LONG:
676                                 return dn_route_rx_long(skb);
677                         case DN_RT_PKT_SHORT:
678                                 return dn_route_rx_short(skb);
679                 }
680         }
681
682 dump_it:
683         kfree_skb(skb);
684 out:
685         return NET_RX_DROP;
686 }
687
688 static int dn_output(struct sk_buff *skb)
689 {
690         struct dst_entry *dst = skb_dst(skb);
691         struct dn_route *rt = (struct dn_route *)dst;
692         struct net_device *dev = dst->dev;
693         struct dn_skb_cb *cb = DN_SKB_CB(skb);
694         struct neighbour *neigh;
695
696         int err = -EINVAL;
697
698         if ((neigh = dst->neighbour) == NULL)
699                 goto error;
700
701         skb->dev = dev;
702
703         cb->src = rt->rt_saddr;
704         cb->dst = rt->rt_daddr;
705
706         /*
707          * Always set the Intra-Ethernet bit on all outgoing packets
708          * originated on this node. Only valid flag from upper layers
709          * is return-to-sender-requested. Set hop count to 0 too.
710          */
711         cb->rt_flags &= ~DN_RT_F_RQR;
712         cb->rt_flags |= DN_RT_F_IE;
713         cb->hops = 0;
714
715         return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, skb, NULL, dev,
716                        neigh->output);
717
718 error:
719         if (net_ratelimit())
720                 printk(KERN_DEBUG "dn_output: This should not happen\n");
721
722         kfree_skb(skb);
723
724         return err;
725 }
726
727 static int dn_forward(struct sk_buff *skb)
728 {
729         struct dn_skb_cb *cb = DN_SKB_CB(skb);
730         struct dst_entry *dst = skb_dst(skb);
731         struct dn_dev *dn_db = dst->dev->dn_ptr;
732         struct dn_route *rt;
733         struct neighbour *neigh = dst->neighbour;
734         int header_len;
735 #ifdef CONFIG_NETFILTER
736         struct net_device *dev = skb->dev;
737 #endif
738
739         if (skb->pkt_type != PACKET_HOST)
740                 goto drop;
741
742         /* Ensure that we have enough space for headers */
743         rt = (struct dn_route *)skb_dst(skb);
744         header_len = dn_db->use_long ? 21 : 6;
745         if (skb_cow(skb, LL_RESERVED_SPACE(rt->dst.dev)+header_len))
746                 goto drop;
747
748         /*
749          * Hop count exceeded.
750          */
751         if (++cb->hops > 30)
752                 goto drop;
753
754         skb->dev = rt->dst.dev;
755
756         /*
757          * If packet goes out same interface it came in on, then set
758          * the Intra-Ethernet bit. This has no effect for short
759          * packets, so we don't need to test for them here.
760          */
761         cb->rt_flags &= ~DN_RT_F_IE;
762         if (rt->rt_flags & RTCF_DOREDIRECT)
763                 cb->rt_flags |= DN_RT_F_IE;
764
765         return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, skb, dev, skb->dev,
766                        neigh->output);
767
768 drop:
769         kfree_skb(skb);
770         return NET_RX_DROP;
771 }
772
773 /*
774  * Used to catch bugs. This should never normally get
775  * called.
776  */
777 static int dn_rt_bug(struct sk_buff *skb)
778 {
779         if (net_ratelimit()) {
780                 struct dn_skb_cb *cb = DN_SKB_CB(skb);
781
782                 printk(KERN_DEBUG "dn_rt_bug: skb from:%04x to:%04x\n",
783                                 le16_to_cpu(cb->src), le16_to_cpu(cb->dst));
784         }
785
786         kfree_skb(skb);
787
788         return NET_RX_DROP;
789 }
790
791 static int dn_rt_set_next_hop(struct dn_route *rt, struct dn_fib_res *res)
792 {
793         struct dn_fib_info *fi = res->fi;
794         struct net_device *dev = rt->dst.dev;
795         struct neighbour *n;
796         unsigned mss;
797
798         if (fi) {
799                 if (DN_FIB_RES_GW(*res) &&
800                     DN_FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
801                         rt->rt_gateway = DN_FIB_RES_GW(*res);
802                 memcpy(rt->dst.metrics, fi->fib_metrics,
803                        sizeof(rt->dst.metrics));
804         }
805         rt->rt_type = res->type;
806
807         if (dev != NULL && rt->dst.neighbour == NULL) {
808                 n = __neigh_lookup_errno(&dn_neigh_table, &rt->rt_gateway, dev);
809                 if (IS_ERR(n))
810                         return PTR_ERR(n);
811                 rt->dst.neighbour = n;
812         }
813
814         if (dst_metric(&rt->dst, RTAX_MTU) == 0 ||
815             dst_metric(&rt->dst, RTAX_MTU) > rt->dst.dev->mtu)
816                 rt->dst.metrics[RTAX_MTU-1] = rt->dst.dev->mtu;
817         mss = dn_mss_from_pmtu(dev, dst_mtu(&rt->dst));
818         if (dst_metric(&rt->dst, RTAX_ADVMSS) == 0 ||
819             dst_metric(&rt->dst, RTAX_ADVMSS) > mss)
820                 rt->dst.metrics[RTAX_ADVMSS-1] = mss;
821         return 0;
822 }
823
824 static inline int dn_match_addr(__le16 addr1, __le16 addr2)
825 {
826         __u16 tmp = le16_to_cpu(addr1) ^ le16_to_cpu(addr2);
827         int match = 16;
828         while(tmp) {
829                 tmp >>= 1;
830                 match--;
831         }
832         return match;
833 }
834
835 static __le16 dnet_select_source(const struct net_device *dev, __le16 daddr, int scope)
836 {
837         __le16 saddr = 0;
838         struct dn_dev *dn_db = dev->dn_ptr;
839         struct dn_ifaddr *ifa;
840         int best_match = 0;
841         int ret;
842
843         read_lock(&dev_base_lock);
844         for(ifa = dn_db->ifa_list; ifa; ifa = ifa->ifa_next) {
845                 if (ifa->ifa_scope > scope)
846                         continue;
847                 if (!daddr) {
848                         saddr = ifa->ifa_local;
849                         break;
850                 }
851                 ret = dn_match_addr(daddr, ifa->ifa_local);
852                 if (ret > best_match)
853                         saddr = ifa->ifa_local;
854                 if (best_match == 0)
855                         saddr = ifa->ifa_local;
856         }
857         read_unlock(&dev_base_lock);
858
859         return saddr;
860 }
861
862 static inline __le16 __dn_fib_res_prefsrc(struct dn_fib_res *res)
863 {
864         return dnet_select_source(DN_FIB_RES_DEV(*res), DN_FIB_RES_GW(*res), res->scope);
865 }
866
867 static inline __le16 dn_fib_rules_map_destination(__le16 daddr, struct dn_fib_res *res)
868 {
869         __le16 mask = dnet_make_mask(res->prefixlen);
870         return (daddr&~mask)|res->fi->fib_nh->nh_gw;
871 }
872
873 static int dn_route_output_slow(struct dst_entry **pprt, const struct flowi *oldflp, int try_hard)
874 {
875         struct flowi fl = { .nl_u = { .dn_u =
876                                       { .daddr = oldflp->fld_dst,
877                                         .saddr = oldflp->fld_src,
878                                         .scope = RT_SCOPE_UNIVERSE,
879                                      } },
880                             .mark = oldflp->mark,
881                             .iif = init_net.loopback_dev->ifindex,
882                             .oif = oldflp->oif };
883         struct dn_route *rt = NULL;
884         struct net_device *dev_out = NULL, *dev;
885         struct neighbour *neigh = NULL;
886         unsigned hash;
887         unsigned flags = 0;
888         struct dn_fib_res res = { .fi = NULL, .type = RTN_UNICAST };
889         int err;
890         int free_res = 0;
891         __le16 gateway = 0;
892
893         if (decnet_debug_level & 16)
894                 printk(KERN_DEBUG
895                        "dn_route_output_slow: dst=%04x src=%04x mark=%d"
896                        " iif=%d oif=%d\n", le16_to_cpu(oldflp->fld_dst),
897                        le16_to_cpu(oldflp->fld_src),
898                        oldflp->mark, init_net.loopback_dev->ifindex, oldflp->oif);
899
900         /* If we have an output interface, verify its a DECnet device */
901         if (oldflp->oif) {
902                 dev_out = dev_get_by_index(&init_net, oldflp->oif);
903                 err = -ENODEV;
904                 if (dev_out && dev_out->dn_ptr == NULL) {
905                         dev_put(dev_out);
906                         dev_out = NULL;
907                 }
908                 if (dev_out == NULL)
909                         goto out;
910         }
911
912         /* If we have a source address, verify that its a local address */
913         if (oldflp->fld_src) {
914                 err = -EADDRNOTAVAIL;
915
916                 if (dev_out) {
917                         if (dn_dev_islocal(dev_out, oldflp->fld_src))
918                                 goto source_ok;
919                         dev_put(dev_out);
920                         goto out;
921                 }
922                 rcu_read_lock();
923                 for_each_netdev_rcu(&init_net, dev) {
924                         if (!dev->dn_ptr)
925                                 continue;
926                         if (!dn_dev_islocal(dev, oldflp->fld_src))
927                                 continue;
928                         if ((dev->flags & IFF_LOOPBACK) &&
929                             oldflp->fld_dst &&
930                             !dn_dev_islocal(dev, oldflp->fld_dst))
931                                 continue;
932
933                         dev_out = dev;
934                         break;
935                 }
936                 rcu_read_unlock();
937                 if (dev_out == NULL)
938                         goto out;
939                 dev_hold(dev_out);
940 source_ok:
941                 ;
942         }
943
944         /* No destination? Assume its local */
945         if (!fl.fld_dst) {
946                 fl.fld_dst = fl.fld_src;
947
948                 err = -EADDRNOTAVAIL;
949                 if (dev_out)
950                         dev_put(dev_out);
951                 dev_out = init_net.loopback_dev;
952                 dev_hold(dev_out);
953                 if (!fl.fld_dst) {
954                         fl.fld_dst =
955                         fl.fld_src = dnet_select_source(dev_out, 0,
956                                                        RT_SCOPE_HOST);
957                         if (!fl.fld_dst)
958                                 goto out;
959                 }
960                 fl.oif = init_net.loopback_dev->ifindex;
961                 res.type = RTN_LOCAL;
962                 goto make_route;
963         }
964
965         if (decnet_debug_level & 16)
966                 printk(KERN_DEBUG
967                        "dn_route_output_slow: initial checks complete."
968                        " dst=%o4x src=%04x oif=%d try_hard=%d\n",
969                        le16_to_cpu(fl.fld_dst), le16_to_cpu(fl.fld_src),
970                        fl.oif, try_hard);
971
972         /*
973          * N.B. If the kernel is compiled without router support then
974          * dn_fib_lookup() will evaluate to non-zero so this if () block
975          * will always be executed.
976          */
977         err = -ESRCH;
978         if (try_hard || (err = dn_fib_lookup(&fl, &res)) != 0) {
979                 struct dn_dev *dn_db;
980                 if (err != -ESRCH)
981                         goto out;
982                 /*
983                  * Here the fallback is basically the standard algorithm for
984                  * routing in endnodes which is described in the DECnet routing
985                  * docs
986                  *
987                  * If we are not trying hard, look in neighbour cache.
988                  * The result is tested to ensure that if a specific output
989                  * device/source address was requested, then we honour that
990                  * here
991                  */
992                 if (!try_hard) {
993                         neigh = neigh_lookup_nodev(&dn_neigh_table, &init_net, &fl.fld_dst);
994                         if (neigh) {
995                                 if ((oldflp->oif &&
996                                     (neigh->dev->ifindex != oldflp->oif)) ||
997                                     (oldflp->fld_src &&
998                                     (!dn_dev_islocal(neigh->dev,
999                                                       oldflp->fld_src)))) {
1000                                         neigh_release(neigh);
1001                                         neigh = NULL;
1002                                 } else {
1003                                         if (dev_out)
1004                                                 dev_put(dev_out);
1005                                         if (dn_dev_islocal(neigh->dev, fl.fld_dst)) {
1006                                                 dev_out = init_net.loopback_dev;
1007                                                 res.type = RTN_LOCAL;
1008                                         } else {
1009                                                 dev_out = neigh->dev;
1010                                         }
1011                                         dev_hold(dev_out);
1012                                         goto select_source;
1013                                 }
1014                         }
1015                 }
1016
1017                 /* Not there? Perhaps its a local address */
1018                 if (dev_out == NULL)
1019                         dev_out = dn_dev_get_default();
1020                 err = -ENODEV;
1021                 if (dev_out == NULL)
1022                         goto out;
1023                 dn_db = dev_out->dn_ptr;
1024                 /* Possible improvement - check all devices for local addr */
1025                 if (dn_dev_islocal(dev_out, fl.fld_dst)) {
1026                         dev_put(dev_out);
1027                         dev_out = init_net.loopback_dev;
1028                         dev_hold(dev_out);
1029                         res.type = RTN_LOCAL;
1030                         goto select_source;
1031                 }
1032                 /* Not local either.... try sending it to the default router */
1033                 neigh = neigh_clone(dn_db->router);
1034                 BUG_ON(neigh && neigh->dev != dev_out);
1035
1036                 /* Ok then, we assume its directly connected and move on */
1037 select_source:
1038                 if (neigh)
1039                         gateway = ((struct dn_neigh *)neigh)->addr;
1040                 if (gateway == 0)
1041                         gateway = fl.fld_dst;
1042                 if (fl.fld_src == 0) {
1043                         fl.fld_src = dnet_select_source(dev_out, gateway,
1044                                                          res.type == RTN_LOCAL ?
1045                                                          RT_SCOPE_HOST :
1046                                                          RT_SCOPE_LINK);
1047                         if (fl.fld_src == 0 && res.type != RTN_LOCAL)
1048                                 goto e_addr;
1049                 }
1050                 fl.oif = dev_out->ifindex;
1051                 goto make_route;
1052         }
1053         free_res = 1;
1054
1055         if (res.type == RTN_NAT)
1056                 goto e_inval;
1057
1058         if (res.type == RTN_LOCAL) {
1059                 if (!fl.fld_src)
1060                         fl.fld_src = fl.fld_dst;
1061                 if (dev_out)
1062                         dev_put(dev_out);
1063                 dev_out = init_net.loopback_dev;
1064                 dev_hold(dev_out);
1065                 fl.oif = dev_out->ifindex;
1066                 if (res.fi)
1067                         dn_fib_info_put(res.fi);
1068                 res.fi = NULL;
1069                 goto make_route;
1070         }
1071
1072         if (res.fi->fib_nhs > 1 && fl.oif == 0)
1073                 dn_fib_select_multipath(&fl, &res);
1074
1075         /*
1076          * We could add some logic to deal with default routes here and
1077          * get rid of some of the special casing above.
1078          */
1079
1080         if (!fl.fld_src)
1081                 fl.fld_src = DN_FIB_RES_PREFSRC(res);
1082
1083         if (dev_out)
1084                 dev_put(dev_out);
1085         dev_out = DN_FIB_RES_DEV(res);
1086         dev_hold(dev_out);
1087         fl.oif = dev_out->ifindex;
1088         gateway = DN_FIB_RES_GW(res);
1089
1090 make_route:
1091         if (dev_out->flags & IFF_LOOPBACK)
1092                 flags |= RTCF_LOCAL;
1093
1094         rt = dst_alloc(&dn_dst_ops);
1095         if (rt == NULL)
1096                 goto e_nobufs;
1097
1098         atomic_set(&rt->dst.__refcnt, 1);
1099         rt->dst.flags   = DST_HOST;
1100
1101         rt->fl.fld_src    = oldflp->fld_src;
1102         rt->fl.fld_dst    = oldflp->fld_dst;
1103         rt->fl.oif        = oldflp->oif;
1104         rt->fl.iif        = 0;
1105         rt->fl.mark       = oldflp->mark;
1106
1107         rt->rt_saddr      = fl.fld_src;
1108         rt->rt_daddr      = fl.fld_dst;
1109         rt->rt_gateway    = gateway ? gateway : fl.fld_dst;
1110         rt->rt_local_src  = fl.fld_src;
1111
1112         rt->rt_dst_map    = fl.fld_dst;
1113         rt->rt_src_map    = fl.fld_src;
1114
1115         rt->dst.dev = dev_out;
1116         dev_hold(dev_out);
1117         rt->dst.neighbour = neigh;
1118         neigh = NULL;
1119
1120         rt->dst.lastuse = jiffies;
1121         rt->dst.output  = dn_output;
1122         rt->dst.input   = dn_rt_bug;
1123         rt->rt_flags      = flags;
1124         if (flags & RTCF_LOCAL)
1125                 rt->dst.input = dn_nsp_rx;
1126
1127         err = dn_rt_set_next_hop(rt, &res);
1128         if (err)
1129                 goto e_neighbour;
1130
1131         hash = dn_hash(rt->fl.fld_src, rt->fl.fld_dst);
1132         dn_insert_route(rt, hash, (struct dn_route **)pprt);
1133
1134 done:
1135         if (neigh)
1136                 neigh_release(neigh);
1137         if (free_res)
1138                 dn_fib_res_put(&res);
1139         if (dev_out)
1140                 dev_put(dev_out);
1141 out:
1142         return err;
1143
1144 e_addr:
1145         err = -EADDRNOTAVAIL;
1146         goto done;
1147 e_inval:
1148         err = -EINVAL;
1149         goto done;
1150 e_nobufs:
1151         err = -ENOBUFS;
1152         goto done;
1153 e_neighbour:
1154         dst_free(&rt->dst);
1155         goto e_nobufs;
1156 }
1157
1158
1159 /*
1160  * N.B. The flags may be moved into the flowi at some future stage.
1161  */
1162 static int __dn_route_output_key(struct dst_entry **pprt, const struct flowi *flp, int flags)
1163 {
1164         unsigned hash = dn_hash(flp->fld_src, flp->fld_dst);
1165         struct dn_route *rt = NULL;
1166
1167         if (!(flags & MSG_TRYHARD)) {
1168                 rcu_read_lock_bh();
1169                 for (rt = rcu_dereference_bh(dn_rt_hash_table[hash].chain); rt;
1170                         rt = rcu_dereference_bh(rt->dst.dn_next)) {
1171                         if ((flp->fld_dst == rt->fl.fld_dst) &&
1172                             (flp->fld_src == rt->fl.fld_src) &&
1173                             (flp->mark == rt->fl.mark) &&
1174                             (rt->fl.iif == 0) &&
1175                             (rt->fl.oif == flp->oif)) {
1176                                 dst_use(&rt->dst, jiffies);
1177                                 rcu_read_unlock_bh();
1178                                 *pprt = &rt->dst;
1179                                 return 0;
1180                         }
1181                 }
1182                 rcu_read_unlock_bh();
1183         }
1184
1185         return dn_route_output_slow(pprt, flp, flags);
1186 }
1187
1188 static int dn_route_output_key(struct dst_entry **pprt, struct flowi *flp, int flags)
1189 {
1190         int err;
1191
1192         err = __dn_route_output_key(pprt, flp, flags);
1193         if (err == 0 && flp->proto) {
1194                 err = xfrm_lookup(&init_net, pprt, flp, NULL, 0);
1195         }
1196         return err;
1197 }
1198
1199 int dn_route_output_sock(struct dst_entry **pprt, struct flowi *fl, struct sock *sk, int flags)
1200 {
1201         int err;
1202
1203         err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD);
1204         if (err == 0 && fl->proto) {
1205                 err = xfrm_lookup(&init_net, pprt, fl, sk,
1206                                  (flags & MSG_DONTWAIT) ? 0 : XFRM_LOOKUP_WAIT);
1207         }
1208         return err;
1209 }
1210
1211 static int dn_route_input_slow(struct sk_buff *skb)
1212 {
1213         struct dn_route *rt = NULL;
1214         struct dn_skb_cb *cb = DN_SKB_CB(skb);
1215         struct net_device *in_dev = skb->dev;
1216         struct net_device *out_dev = NULL;
1217         struct dn_dev *dn_db;
1218         struct neighbour *neigh = NULL;
1219         unsigned hash;
1220         int flags = 0;
1221         __le16 gateway = 0;
1222         __le16 local_src = 0;
1223         struct flowi fl = { .nl_u = { .dn_u =
1224                                      { .daddr = cb->dst,
1225                                        .saddr = cb->src,
1226                                        .scope = RT_SCOPE_UNIVERSE,
1227                                     } },
1228                             .mark = skb->mark,
1229                             .iif = skb->dev->ifindex };
1230         struct dn_fib_res res = { .fi = NULL, .type = RTN_UNREACHABLE };
1231         int err = -EINVAL;
1232         int free_res = 0;
1233
1234         dev_hold(in_dev);
1235
1236         if ((dn_db = in_dev->dn_ptr) == NULL)
1237                 goto out;
1238
1239         /* Zero source addresses are not allowed */
1240         if (fl.fld_src == 0)
1241                 goto out;
1242
1243         /*
1244          * In this case we've just received a packet from a source
1245          * outside ourselves pretending to come from us. We don't
1246          * allow it any further to prevent routing loops, spoofing and
1247          * other nasties. Loopback packets already have the dst attached
1248          * so this only affects packets which have originated elsewhere.
1249          */
1250         err  = -ENOTUNIQ;
1251         if (dn_dev_islocal(in_dev, cb->src))
1252                 goto out;
1253
1254         err = dn_fib_lookup(&fl, &res);
1255         if (err) {
1256                 if (err != -ESRCH)
1257                         goto out;
1258                 /*
1259                  * Is the destination us ?
1260                  */
1261                 if (!dn_dev_islocal(in_dev, cb->dst))
1262                         goto e_inval;
1263
1264                 res.type = RTN_LOCAL;
1265         } else {
1266                 __le16 src_map = fl.fld_src;
1267                 free_res = 1;
1268
1269                 out_dev = DN_FIB_RES_DEV(res);
1270                 if (out_dev == NULL) {
1271                         if (net_ratelimit())
1272                                 printk(KERN_CRIT "Bug in dn_route_input_slow() "
1273                                                  "No output device\n");
1274                         goto e_inval;
1275                 }
1276                 dev_hold(out_dev);
1277
1278                 if (res.r)
1279                         src_map = fl.fld_src; /* no NAT support for now */
1280
1281                 gateway = DN_FIB_RES_GW(res);
1282                 if (res.type == RTN_NAT) {
1283                         fl.fld_dst = dn_fib_rules_map_destination(fl.fld_dst, &res);
1284                         dn_fib_res_put(&res);
1285                         free_res = 0;
1286                         if (dn_fib_lookup(&fl, &res))
1287                                 goto e_inval;
1288                         free_res = 1;
1289                         if (res.type != RTN_UNICAST)
1290                                 goto e_inval;
1291                         flags |= RTCF_DNAT;
1292                         gateway = fl.fld_dst;
1293                 }
1294                 fl.fld_src = src_map;
1295         }
1296
1297         switch(res.type) {
1298         case RTN_UNICAST:
1299                 /*
1300                  * Forwarding check here, we only check for forwarding
1301                  * being turned off, if you want to only forward intra
1302                  * area, its up to you to set the routing tables up
1303                  * correctly.
1304                  */
1305                 if (dn_db->parms.forwarding == 0)
1306                         goto e_inval;
1307
1308                 if (res.fi->fib_nhs > 1 && fl.oif == 0)
1309                         dn_fib_select_multipath(&fl, &res);
1310
1311                 /*
1312                  * Check for out_dev == in_dev. We use the RTCF_DOREDIRECT
1313                  * flag as a hint to set the intra-ethernet bit when
1314                  * forwarding. If we've got NAT in operation, we don't do
1315                  * this optimisation.
1316                  */
1317                 if (out_dev == in_dev && !(flags & RTCF_NAT))
1318                         flags |= RTCF_DOREDIRECT;
1319
1320                 local_src = DN_FIB_RES_PREFSRC(res);
1321
1322         case RTN_BLACKHOLE:
1323         case RTN_UNREACHABLE:
1324                 break;
1325         case RTN_LOCAL:
1326                 flags |= RTCF_LOCAL;
1327                 fl.fld_src = cb->dst;
1328                 fl.fld_dst = cb->src;
1329
1330                 /* Routing tables gave us a gateway */
1331                 if (gateway)
1332                         goto make_route;
1333
1334                 /* Packet was intra-ethernet, so we know its on-link */
1335                 if (cb->rt_flags & DN_RT_F_IE) {
1336                         gateway = cb->src;
1337                         flags |= RTCF_DIRECTSRC;
1338                         goto make_route;
1339                 }
1340
1341                 /* Use the default router if there is one */
1342                 neigh = neigh_clone(dn_db->router);
1343                 if (neigh) {
1344                         gateway = ((struct dn_neigh *)neigh)->addr;
1345                         goto make_route;
1346                 }
1347
1348                 /* Close eyes and pray */
1349                 gateway = cb->src;
1350                 flags |= RTCF_DIRECTSRC;
1351                 goto make_route;
1352         default:
1353                 goto e_inval;
1354         }
1355
1356 make_route:
1357         rt = dst_alloc(&dn_dst_ops);
1358         if (rt == NULL)
1359                 goto e_nobufs;
1360
1361         rt->rt_saddr      = fl.fld_src;
1362         rt->rt_daddr      = fl.fld_dst;
1363         rt->rt_gateway    = fl.fld_dst;
1364         if (gateway)
1365                 rt->rt_gateway = gateway;
1366         rt->rt_local_src  = local_src ? local_src : rt->rt_saddr;
1367
1368         rt->rt_dst_map    = fl.fld_dst;
1369         rt->rt_src_map    = fl.fld_src;
1370
1371         rt->fl.fld_src    = cb->src;
1372         rt->fl.fld_dst    = cb->dst;
1373         rt->fl.oif        = 0;
1374         rt->fl.iif        = in_dev->ifindex;
1375         rt->fl.mark       = fl.mark;
1376
1377         rt->dst.flags = DST_HOST;
1378         rt->dst.neighbour = neigh;
1379         rt->dst.dev = out_dev;
1380         rt->dst.lastuse = jiffies;
1381         rt->dst.output = dn_rt_bug;
1382         switch(res.type) {
1383                 case RTN_UNICAST:
1384                         rt->dst.input = dn_forward;
1385                         break;
1386                 case RTN_LOCAL:
1387                         rt->dst.output = dn_output;
1388                         rt->dst.input = dn_nsp_rx;
1389                         rt->dst.dev = in_dev;
1390                         flags |= RTCF_LOCAL;
1391                         break;
1392                 default:
1393                 case RTN_UNREACHABLE:
1394                 case RTN_BLACKHOLE:
1395                         rt->dst.input = dst_discard;
1396         }
1397         rt->rt_flags = flags;
1398         if (rt->dst.dev)
1399                 dev_hold(rt->dst.dev);
1400
1401         err = dn_rt_set_next_hop(rt, &res);
1402         if (err)
1403                 goto e_neighbour;
1404
1405         hash = dn_hash(rt->fl.fld_src, rt->fl.fld_dst);
1406         dn_insert_route(rt, hash, &rt);
1407         skb_dst_set(skb, &rt->dst);
1408
1409 done:
1410         if (neigh)
1411                 neigh_release(neigh);
1412         if (free_res)
1413                 dn_fib_res_put(&res);
1414         dev_put(in_dev);
1415         if (out_dev)
1416                 dev_put(out_dev);
1417 out:
1418         return err;
1419
1420 e_inval:
1421         err = -EINVAL;
1422         goto done;
1423
1424 e_nobufs:
1425         err = -ENOBUFS;
1426         goto done;
1427
1428 e_neighbour:
1429         dst_free(&rt->dst);
1430         goto done;
1431 }
1432
1433 static int dn_route_input(struct sk_buff *skb)
1434 {
1435         struct dn_route *rt;
1436         struct dn_skb_cb *cb = DN_SKB_CB(skb);
1437         unsigned hash = dn_hash(cb->src, cb->dst);
1438
1439         if (skb_dst(skb))
1440                 return 0;
1441
1442         rcu_read_lock();
1443         for(rt = rcu_dereference(dn_rt_hash_table[hash].chain); rt != NULL;
1444             rt = rcu_dereference(rt->dst.dn_next)) {
1445                 if ((rt->fl.fld_src == cb->src) &&
1446                     (rt->fl.fld_dst == cb->dst) &&
1447                     (rt->fl.oif == 0) &&
1448                     (rt->fl.mark == skb->mark) &&
1449                     (rt->fl.iif == cb->iif)) {
1450                         dst_use(&rt->dst, jiffies);
1451                         rcu_read_unlock();
1452                         skb_dst_set(skb, (struct dst_entry *)rt);
1453                         return 0;
1454                 }
1455         }
1456         rcu_read_unlock();
1457
1458         return dn_route_input_slow(skb);
1459 }
1460
1461 static int dn_rt_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
1462                            int event, int nowait, unsigned int flags)
1463 {
1464         struct dn_route *rt = (struct dn_route *)skb_dst(skb);
1465         struct rtmsg *r;
1466         struct nlmsghdr *nlh;
1467         unsigned char *b = skb_tail_pointer(skb);
1468         long expires;
1469
1470         nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*r), flags);
1471         r = NLMSG_DATA(nlh);
1472         r->rtm_family = AF_DECnet;
1473         r->rtm_dst_len = 16;
1474         r->rtm_src_len = 0;
1475         r->rtm_tos = 0;
1476         r->rtm_table = RT_TABLE_MAIN;
1477         RTA_PUT_U32(skb, RTA_TABLE, RT_TABLE_MAIN);
1478         r->rtm_type = rt->rt_type;
1479         r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
1480         r->rtm_scope = RT_SCOPE_UNIVERSE;
1481         r->rtm_protocol = RTPROT_UNSPEC;
1482         if (rt->rt_flags & RTCF_NOTIFY)
1483                 r->rtm_flags |= RTM_F_NOTIFY;
1484         RTA_PUT(skb, RTA_DST, 2, &rt->rt_daddr);
1485         if (rt->fl.fld_src) {
1486                 r->rtm_src_len = 16;
1487                 RTA_PUT(skb, RTA_SRC, 2, &rt->fl.fld_src);
1488         }
1489         if (rt->dst.dev)
1490                 RTA_PUT(skb, RTA_OIF, sizeof(int), &rt->dst.dev->ifindex);
1491         /*
1492          * Note to self - change this if input routes reverse direction when
1493          * they deal only with inputs and not with replies like they do
1494          * currently.
1495          */
1496         RTA_PUT(skb, RTA_PREFSRC, 2, &rt->rt_local_src);
1497         if (rt->rt_daddr != rt->rt_gateway)
1498                 RTA_PUT(skb, RTA_GATEWAY, 2, &rt->rt_gateway);
1499         if (rtnetlink_put_metrics(skb, rt->dst.metrics) < 0)
1500                 goto rtattr_failure;
1501         expires = rt->dst.expires ? rt->dst.expires - jiffies : 0;
1502         if (rtnl_put_cacheinfo(skb, &rt->dst, 0, 0, 0, expires,
1503                                rt->dst.error) < 0)
1504                 goto rtattr_failure;
1505         if (rt->fl.iif)
1506                 RTA_PUT(skb, RTA_IIF, sizeof(int), &rt->fl.iif);
1507
1508         nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1509         return skb->len;
1510
1511 nlmsg_failure:
1512 rtattr_failure:
1513         nlmsg_trim(skb, b);
1514         return -1;
1515 }
1516
1517 /*
1518  * This is called by both endnodes and routers now.
1519  */
1520 static int dn_cache_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void *arg)
1521 {
1522         struct net *net = sock_net(in_skb->sk);
1523         struct rtattr **rta = arg;
1524         struct rtmsg *rtm = NLMSG_DATA(nlh);
1525         struct dn_route *rt = NULL;
1526         struct dn_skb_cb *cb;
1527         int err;
1528         struct sk_buff *skb;
1529         struct flowi fl;
1530
1531         if (!net_eq(net, &init_net))
1532                 return -EINVAL;
1533
1534         memset(&fl, 0, sizeof(fl));
1535         fl.proto = DNPROTO_NSP;
1536
1537         skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1538         if (skb == NULL)
1539                 return -ENOBUFS;
1540         skb_reset_mac_header(skb);
1541         cb = DN_SKB_CB(skb);
1542
1543         if (rta[RTA_SRC-1])
1544                 memcpy(&fl.fld_src, RTA_DATA(rta[RTA_SRC-1]), 2);
1545         if (rta[RTA_DST-1])
1546                 memcpy(&fl.fld_dst, RTA_DATA(rta[RTA_DST-1]), 2);
1547         if (rta[RTA_IIF-1])
1548                 memcpy(&fl.iif, RTA_DATA(rta[RTA_IIF-1]), sizeof(int));
1549
1550         if (fl.iif) {
1551                 struct net_device *dev;
1552                 if ((dev = dev_get_by_index(&init_net, fl.iif)) == NULL) {
1553                         kfree_skb(skb);
1554                         return -ENODEV;
1555                 }
1556                 if (!dev->dn_ptr) {
1557                         dev_put(dev);
1558                         kfree_skb(skb);
1559                         return -ENODEV;
1560                 }
1561                 skb->protocol = htons(ETH_P_DNA_RT);
1562                 skb->dev = dev;
1563                 cb->src = fl.fld_src;
1564                 cb->dst = fl.fld_dst;
1565                 local_bh_disable();
1566                 err = dn_route_input(skb);
1567                 local_bh_enable();
1568                 memset(cb, 0, sizeof(struct dn_skb_cb));
1569                 rt = (struct dn_route *)skb_dst(skb);
1570                 if (!err && -rt->dst.error)
1571                         err = rt->dst.error;
1572         } else {
1573                 int oif = 0;
1574                 if (rta[RTA_OIF - 1])
1575                         memcpy(&oif, RTA_DATA(rta[RTA_OIF - 1]), sizeof(int));
1576                 fl.oif = oif;
1577                 err = dn_route_output_key((struct dst_entry **)&rt, &fl, 0);
1578         }
1579
1580         if (skb->dev)
1581                 dev_put(skb->dev);
1582         skb->dev = NULL;
1583         if (err)
1584                 goto out_free;
1585         skb_dst_set(skb, &rt->dst);
1586         if (rtm->rtm_flags & RTM_F_NOTIFY)
1587                 rt->rt_flags |= RTCF_NOTIFY;
1588
1589         err = dn_rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0);
1590
1591         if (err == 0)
1592                 goto out_free;
1593         if (err < 0) {
1594                 err = -EMSGSIZE;
1595                 goto out_free;
1596         }
1597
1598         return rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid);
1599
1600 out_free:
1601         kfree_skb(skb);
1602         return err;
1603 }
1604
1605 /*
1606  * For routers, this is called from dn_fib_dump, but for endnodes its
1607  * called directly from the rtnetlink dispatch table.
1608  */
1609 int dn_cache_dump(struct sk_buff *skb, struct netlink_callback *cb)
1610 {
1611         struct net *net = sock_net(skb->sk);
1612         struct dn_route *rt;
1613         int h, s_h;
1614         int idx, s_idx;
1615
1616         if (!net_eq(net, &init_net))
1617                 return 0;
1618
1619         if (NLMSG_PAYLOAD(cb->nlh, 0) < sizeof(struct rtmsg))
1620                 return -EINVAL;
1621         if (!(((struct rtmsg *)NLMSG_DATA(cb->nlh))->rtm_flags&RTM_F_CLONED))
1622                 return 0;
1623
1624         s_h = cb->args[0];
1625         s_idx = idx = cb->args[1];
1626         for(h = 0; h <= dn_rt_hash_mask; h++) {
1627                 if (h < s_h)
1628                         continue;
1629                 if (h > s_h)
1630                         s_idx = 0;
1631                 rcu_read_lock_bh();
1632                 for(rt = rcu_dereference_bh(dn_rt_hash_table[h].chain), idx = 0;
1633                         rt;
1634                         rt = rcu_dereference_bh(rt->dst.dn_next), idx++) {
1635                         if (idx < s_idx)
1636                                 continue;
1637                         skb_dst_set(skb, dst_clone(&rt->dst));
1638                         if (dn_rt_fill_info(skb, NETLINK_CB(cb->skb).pid,
1639                                         cb->nlh->nlmsg_seq, RTM_NEWROUTE,
1640                                         1, NLM_F_MULTI) <= 0) {
1641                                 skb_dst_drop(skb);
1642                                 rcu_read_unlock_bh();
1643                                 goto done;
1644                         }
1645                         skb_dst_drop(skb);
1646                 }
1647                 rcu_read_unlock_bh();
1648         }
1649
1650 done:
1651         cb->args[0] = h;
1652         cb->args[1] = idx;
1653         return skb->len;
1654 }
1655
1656 #ifdef CONFIG_PROC_FS
1657 struct dn_rt_cache_iter_state {
1658         int bucket;
1659 };
1660
1661 static struct dn_route *dn_rt_cache_get_first(struct seq_file *seq)
1662 {
1663         struct dn_route *rt = NULL;
1664         struct dn_rt_cache_iter_state *s = seq->private;
1665
1666         for(s->bucket = dn_rt_hash_mask; s->bucket >= 0; --s->bucket) {
1667                 rcu_read_lock_bh();
1668                 rt = rcu_dereference_bh(dn_rt_hash_table[s->bucket].chain);
1669                 if (rt)
1670                         break;
1671                 rcu_read_unlock_bh();
1672         }
1673         return rt;
1674 }
1675
1676 static struct dn_route *dn_rt_cache_get_next(struct seq_file *seq, struct dn_route *rt)
1677 {
1678         struct dn_rt_cache_iter_state *s = seq->private;
1679
1680         rt = rt->dst.dn_next;
1681         while(!rt) {
1682                 rcu_read_unlock_bh();
1683                 if (--s->bucket < 0)
1684                         break;
1685                 rcu_read_lock_bh();
1686                 rt = dn_rt_hash_table[s->bucket].chain;
1687         }
1688         return rcu_dereference_bh(rt);
1689 }
1690
1691 static void *dn_rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
1692 {
1693         struct dn_route *rt = dn_rt_cache_get_first(seq);
1694
1695         if (rt) {
1696                 while(*pos && (rt = dn_rt_cache_get_next(seq, rt)))
1697                         --*pos;
1698         }
1699         return *pos ? NULL : rt;
1700 }
1701
1702 static void *dn_rt_cache_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1703 {
1704         struct dn_route *rt = dn_rt_cache_get_next(seq, v);
1705         ++*pos;
1706         return rt;
1707 }
1708
1709 static void dn_rt_cache_seq_stop(struct seq_file *seq, void *v)
1710 {
1711         if (v)
1712                 rcu_read_unlock_bh();
1713 }
1714
1715 static int dn_rt_cache_seq_show(struct seq_file *seq, void *v)
1716 {
1717         struct dn_route *rt = v;
1718         char buf1[DN_ASCBUF_LEN], buf2[DN_ASCBUF_LEN];
1719
1720         seq_printf(seq, "%-8s %-7s %-7s %04d %04d %04d\n",
1721                         rt->dst.dev ? rt->dst.dev->name : "*",
1722                         dn_addr2asc(le16_to_cpu(rt->rt_daddr), buf1),
1723                         dn_addr2asc(le16_to_cpu(rt->rt_saddr), buf2),
1724                         atomic_read(&rt->dst.__refcnt),
1725                         rt->dst.__use,
1726                         (int) dst_metric(&rt->dst, RTAX_RTT));
1727         return 0;
1728 }
1729
1730 static const struct seq_operations dn_rt_cache_seq_ops = {
1731         .start  = dn_rt_cache_seq_start,
1732         .next   = dn_rt_cache_seq_next,
1733         .stop   = dn_rt_cache_seq_stop,
1734         .show   = dn_rt_cache_seq_show,
1735 };
1736
1737 static int dn_rt_cache_seq_open(struct inode *inode, struct file *file)
1738 {
1739         return seq_open_private(file, &dn_rt_cache_seq_ops,
1740                         sizeof(struct dn_rt_cache_iter_state));
1741 }
1742
1743 static const struct file_operations dn_rt_cache_seq_fops = {
1744         .owner   = THIS_MODULE,
1745         .open    = dn_rt_cache_seq_open,
1746         .read    = seq_read,
1747         .llseek  = seq_lseek,
1748         .release = seq_release_private,
1749 };
1750
1751 #endif /* CONFIG_PROC_FS */
1752
1753 void __init dn_route_init(void)
1754 {
1755         int i, goal, order;
1756
1757         dn_dst_ops.kmem_cachep =
1758                 kmem_cache_create("dn_dst_cache", sizeof(struct dn_route), 0,
1759                                   SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1760         dst_entries_init(&dn_dst_ops);
1761         setup_timer(&dn_route_timer, dn_dst_check_expire, 0);
1762         dn_route_timer.expires = jiffies + decnet_dst_gc_interval * HZ;
1763         add_timer(&dn_route_timer);
1764
1765         goal = totalram_pages >> (26 - PAGE_SHIFT);
1766
1767         for(order = 0; (1UL << order) < goal; order++)
1768                 /* NOTHING */;
1769
1770         /*
1771          * Only want 1024 entries max, since the table is very, very unlikely
1772          * to be larger than that.
1773          */
1774         while(order && ((((1UL << order) * PAGE_SIZE) /
1775                                 sizeof(struct dn_rt_hash_bucket)) >= 2048))
1776                 order--;
1777
1778         do {
1779                 dn_rt_hash_mask = (1UL << order) * PAGE_SIZE /
1780                         sizeof(struct dn_rt_hash_bucket);
1781                 while(dn_rt_hash_mask & (dn_rt_hash_mask - 1))
1782                         dn_rt_hash_mask--;
1783                 dn_rt_hash_table = (struct dn_rt_hash_bucket *)
1784                         __get_free_pages(GFP_ATOMIC, order);
1785         } while (dn_rt_hash_table == NULL && --order > 0);
1786
1787         if (!dn_rt_hash_table)
1788                 panic("Failed to allocate DECnet route cache hash table\n");
1789
1790         printk(KERN_INFO
1791                 "DECnet: Routing cache hash table of %u buckets, %ldKbytes\n",
1792                 dn_rt_hash_mask,
1793                 (long)(dn_rt_hash_mask*sizeof(struct dn_rt_hash_bucket))/1024);
1794
1795         dn_rt_hash_mask--;
1796         for(i = 0; i <= dn_rt_hash_mask; i++) {
1797                 spin_lock_init(&dn_rt_hash_table[i].lock);
1798                 dn_rt_hash_table[i].chain = NULL;
1799         }
1800
1801         dn_dst_ops.gc_thresh = (dn_rt_hash_mask + 1);
1802
1803         proc_net_fops_create(&init_net, "decnet_cache", S_IRUGO, &dn_rt_cache_seq_fops);
1804
1805 #ifdef CONFIG_DECNET_ROUTER
1806         rtnl_register(PF_DECnet, RTM_GETROUTE, dn_cache_getroute, dn_fib_dump);
1807 #else
1808         rtnl_register(PF_DECnet, RTM_GETROUTE, dn_cache_getroute,
1809                       dn_cache_dump);
1810 #endif
1811 }
1812
1813 void __exit dn_route_cleanup(void)
1814 {
1815         del_timer(&dn_route_timer);
1816         dn_run_flush(0);
1817
1818         proc_net_remove(&init_net, "decnet_cache");
1819         dst_entries_destroy(&dn_dst_ops);
1820 }
1821