route.generic

VRRP双机热备份协议源吗

diff -ru -x*~ linux-lt-2.3.99-pre3.prev/Documentation/networking/ip-sysctl.txt linux-lt-2.3.99-pre3/Documentation/networking/ip-sysctl.txt
--- linux-lt-2.3.99-pre3.prev/Documentation/networking/ip-sysctl.txt	Sun Jan 23 03:54:56 2000
+++ linux-lt-2.3.99-pre3/Documentation/networking/ip-sysctl.txt	Tue Mar 28 19:40:59 2000
@@ -262,13 +262,21 @@
 	Do proxy arp.
 
 shared_media - BOOLEAN
-	Send(router) or accept(host) RFC1620 shared media redirects.
+	Do not check the new gateway specified in incoming ICMP redirect
+	messages for belonging to a directly attached network (i.e. the
+	routing table has for this address an entry pointing to the given
+	device, doesn't have a gateway, and with scope not wider SCOPE_LINK).
+	If this variable is TRUE then new gateways are only checked for being a
+	unicast addresses.  If it is FALSE then the full check described
+	above is performed.  See RFC1620 for background information about
+	shared media.
 	Overrides ip_secure_redirects.
 	default TRUE
 
 secure_redirects - BOOLEAN
-	Accept ICMP redirect messages only for gateways,
-	listed in default gateway list.
+	Accept ICMP redirect messages only for gateways already listed as
+	gateways in the routing tables.  This check is performed only when
+	`shared_media' is FALSE.
 	default TRUE
 
 send_redirects - BOOLEAN
@@ -287,6 +295,19 @@
 	default TRUE (router)
 		FALSE (host)
 
+source_check - BOOLEAN
+	Check source address for outgoing packets.
+	If source_check is turned on all outgoing packets (including going
+	through a loopback interface) are checked for the source address
+	being local.  An address is considered as local for this purposes if
+	a route lookup in the opposite direction (i.e. with source and
+	destination addresses being reversed) gives a unicast local route
+	entry.
+	Note: source addresses are always checked for being not a multicast,
+	limited broadcast, zero net, or loopback (for non-loopback
+	interfaces) independetly of the setting of the option.
+	default TRUE
+
 rp_filter - BOOLEAN
 	1 - do source validation by reversed path, as specified in RFC1812
 	    Recommended option for single homed hosts and stub network
@@ -305,4 +326,8 @@
 Updated by:
 Andi Kleen
 ak@muc.de
+
+Andrey Savochkin
+saw@msu.ru
+
 $Id: ip-sysctl.txt,v 1.13 2000/01/18 08:24:09 davem Exp $
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/linux/in_route.h linux-lt-2.3.99-pre3/include/linux/in_route.h
--- linux-lt-2.3.99-pre3.prev/include/linux/in_route.h	Fri Jun 12 13:52:33 1998
+++ linux-lt-2.3.99-pre3/include/linux/in_route.h	Tue Mar 28 19:39:49 2000
@@ -4,6 +4,7 @@
 /* IPv4 routing cache flags */
 
 #define RTCF_DEAD	RTNH_F_DEAD
+#define RTCF_PERVASIVE	RTNH_F_PERVASIVE
 #define RTCF_ONLINK	RTNH_F_ONLINK
 
 /* Obsolete flag. About to be deleted */
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/linux/inetdevice.h linux-lt-2.3.99-pre3/include/linux/inetdevice.h
--- linux-lt-2.3.99-pre3.prev/include/linux/inetdevice.h	Tue Aug 24 01:01:02 1999
+++ linux-lt-2.3.99-pre3/include/linux/inetdevice.h	Tue Mar 28 19:39:49 2000
@@ -9,6 +9,7 @@
 	int	send_redirects;
 	int	secure_redirects;
 	int	shared_media;
+	int	source_check;
 	int	accept_source_route;
 	int	rp_filter;
 	int	proxy_arp;
@@ -46,6 +47,7 @@
 #define IN_DEV_SHARED_MEDIA(in_dev)	(ipv4_devconf.shared_media || (in_dev)->cnf.shared_media)
 #define IN_DEV_TX_REDIRECTS(in_dev)	(ipv4_devconf.send_redirects || (in_dev)->cnf.send_redirects)
 #define IN_DEV_SEC_REDIRECTS(in_dev)	(ipv4_devconf.secure_redirects || (in_dev)->cnf.secure_redirects)
+#define IN_DEV_SRC_CHECK(in_dev)	(ipv4_devconf.source_check || (in_dev)->cnf.source_check)
 #define IN_DEV_IDTAG(in_dev)		((in_dev)->cnf.tag)
 
 #define IN_DEV_RX_REDIRECTS(in_dev) \
@@ -73,7 +75,6 @@
 extern int unregister_inetaddr_notifier(struct notifier_block *nb);
 
 extern struct net_device 	*ip_dev_find(u32 addr);
-extern int		inet_addr_onlink(struct in_device *in_dev, u32 a, u32 b);
 extern int		devinet_ioctl(unsigned int cmd, void *);
 extern void		devinet_init(void);
 extern struct in_device *inetdev_init(struct net_device *dev);
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/linux/rtnetlink.h linux-lt-2.3.99-pre3/include/linux/rtnetlink.h
--- linux-lt-2.3.99-pre3.prev/include/linux/rtnetlink.h	Thu Feb 10 12:08:09 2000
+++ linux-lt-2.3.99-pre3/include/linux/rtnetlink.h	Tue Mar 28 19:39:49 2000
@@ -224,9 +224,11 @@
 
 /* rtnh_flags */
 
-#define RTNH_F_DEAD		1	/* Nexthop is dead (used by multipath)	*/
-#define RTNH_F_PERVASIVE	2	/* Do recursive gateway lookup	*/
-#define RTNH_F_ONLINK		4	/* Gateway is forced on link	*/
+#define RTNH_F_DEAD		0x01	/* Nexthop is dead (used by multipath)	*/
+#define RTNH_F_PERVASIVE	0x02	/* Omit gateway & pref_src test	*/
+#define RTNH_F_ONLINK		0x04	/* Gateway is forced on link	*/
+#define RTNH_F_GLUE		0x08	/* Nexthop is glued		*/
+#define RTNH_F_USEFIRST		0x10	/* Use only it (for multipath)	*/
 
 /* Macros to handle hexthops */
 
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/linux/sysctl.h linux-lt-2.3.99-pre3/include/linux/sysctl.h
--- linux-lt-2.3.99-pre3.prev/include/linux/sysctl.h	Thu Mar  9 01:16:24 2000
+++ linux-lt-2.3.99-pre3/include/linux/sysctl.h	Tue Mar 28 19:39:49 2000
@@ -302,7 +302,8 @@
 	NET_IPV4_CONF_ACCEPT_SOURCE_ROUTE=9,
 	NET_IPV4_CONF_BOOTP_RELAY=10,
 	NET_IPV4_CONF_LOG_MARTIANS=11,
-	NET_IPV4_CONF_TAG=12
+	NET_IPV4_CONF_TAG=12,
+	NET_IPV4_CONF_SRC_CHECK=13,
 };
 
 /* /proc/sys/net/ipv6 */
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/net/ip_fib.h linux-lt-2.3.99-pre3/include/net/ip_fib.h
--- linux-lt-2.3.99-pre3.prev/include/net/ip_fib.h	Tue Aug 24 01:01:02 1999
+++ linux-lt-2.3.99-pre3/include/net/ip_fib.h	Tue Mar 28 19:39:49 2000
@@ -217,7 +217,8 @@
 extern int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
 			 u8 tb_id, u8 type, u8 scope, void *dst, int dst_len, u8 tos,
 			 struct fib_info *fi);
-extern int fib_sync_down(u32 local, struct net_device *dev, int force);
+extern int fib_sync_addr_down(u32 local);
+extern int fib_sync_dev_down(struct net_device *dev, int force);
 extern int fib_sync_up(struct net_device *dev);
 extern int fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
 			       struct kern_rta *rta, struct rtentry *r);
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/include/net/route.h linux-lt-2.3.99-pre3/include/net/route.h
--- linux-lt-2.3.99-pre3.prev/include/net/route.h	Sun Mar 19 04:11:22 2000
+++ linux-lt-2.3.99-pre3/include/net/route.h	Tue Mar 28 19:39:49 2000
@@ -106,6 +106,9 @@
 extern void		ip_rt_send_redirect(struct sk_buff *skb);
 
 extern unsigned		inet_addr_type(u32 addr);
+extern int		inet_addr_onlink(struct net_device *, u32 dst, u32 src, u8 tos);
+extern int		fib_local_source(u32 saddr, u32 daddr, u8 tos, struct net_device *);
+extern u32		fib_select_addr(struct net_device *, u32 dst, int scope);
 extern void		ip_rt_multicast_event(struct in_device *);
 extern int		ip_rt_ioctl(unsigned int cmd, void *arg);
 extern void		ip_rt_get_source(u8 *src, struct rtable *rt);
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/net/ipv4/af_inet.c linux-lt-2.3.99-pre3/net/ipv4/af_inet.c
--- linux-lt-2.3.99-pre3.prev/net/ipv4/af_inet.c	Tue Feb 22 09:35:06 2000
+++ linux-lt-2.3.99-pre3/net/ipv4/af_inet.c	Tue Mar 28 19:43:30 2000
@@ -463,6 +463,15 @@
 		return -EINVAL;
 		
 	chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
+	/* The source address check is omitted here.
+	 * We may allow to bind sockets to any address for listening purposes.
+	 * Such sockets will get only those packets which were considered as
+	 * "local" by routing (i.e. configured to go locally by the
+	 * administrator).
+	 * Outgoing packets are checked by output routing (see
+	 * ip_route_output_slow and outrt_check_src in net/ipv4/route.c).
+	 * 1999/11/13  SAW
+	 */
 
 	snum = ntohs(addr->sin_port);
 	if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/net/ipv4/arp.c linux-lt-2.3.99-pre3/net/ipv4/arp.c
--- linux-lt-2.3.99-pre3.prev/net/ipv4/arp.c	Sun Jan 23 03:54:57 2000
+++ linux-lt-2.3.99-pre3/net/ipv4/arp.c	Tue Mar 28 19:39:50 2000
@@ -333,10 +333,11 @@
 	u32 target = *(u32*)neigh->primary_key;
 	int probes = atomic_read(&neigh->probes);
 
-	if (skb && inet_addr_type(skb->nh.iph->saddr) == RTN_LOCAL)
+	if (skb && fib_local_source(skb->nh.iph->saddr, target,
+			skb->nh.iph->tos, dev) == 0)
 		saddr = skb->nh.iph->saddr;
 	else
-		saddr = inet_select_addr(dev, target, RT_SCOPE_LINK);
+		saddr = fib_select_addr(dev, target, RT_SCOPE_LINK);
 
 	if ((probes -= neigh->parms->ucast_probes) < 0) {
 		if (!(neigh->nud_state&NUD_VALID))
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/net/ipv4/devinet.c linux-lt-2.3.99-pre3/net/ipv4/devinet.c
--- linux-lt-2.3.99-pre3.prev/net/ipv4/devinet.c	Sun Jan  9 13:36:20 2000
+++ linux-lt-2.3.99-pre3/net/ipv4/devinet.c	Tue Mar 28 19:39:50 2000
@@ -58,8 +58,8 @@
 #include <net/route.h>
 #include <net/ip_fib.h>
 
-struct ipv4_devconf ipv4_devconf = { 1, 1, 1, 1, 0, };
-static struct ipv4_devconf ipv4_devconf_dflt = { 1, 1, 1, 1, 1, };
+struct ipv4_devconf ipv4_devconf = { 1, 1, 1, 1, 1, 0, };
+static struct ipv4_devconf ipv4_devconf_dflt = { 1, 1, 1, 1, 1, 1, };
 
 #ifdef CONFIG_RTNETLINK
 static void rtmsg_ifa(int event, struct in_ifaddr *);
@@ -186,21 +186,6 @@
 	in_dev_put(in_dev);
 }
 
-int inet_addr_onlink(struct in_device *in_dev, u32 a, u32 b)
-{
-	read_lock(&in_dev->lock);
-	for_primary_ifa(in_dev) {
-		if (inet_ifa_match(a, ifa)) {
-			if (!b || inet_ifa_match(b, ifa)) {
-				read_unlock(&in_dev->lock);
-				return 1;
-			}
-		}
-	} endfor_ifa(in_dev);
-	read_unlock(&in_dev->lock);
-	return 0;
-} 
-
 static void
 inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap, int destroy)
 {
@@ -1027,7 +1012,7 @@
 static struct devinet_sysctl_table
 {
 	struct ctl_table_header *sysctl_header;
-	ctl_table devinet_vars[13];
+	ctl_table devinet_vars[14];
 	ctl_table devinet_dev[2];
 	ctl_table devinet_conf_dir[2];
 	ctl_table devinet_proto_dir[2];
@@ -1066,6 +1051,9 @@
          &proc_dointvec},
         {NET_IPV4_CONF_LOG_MARTIANS, "log_martians",
          &ipv4_devconf.log_martians, sizeof(int), 0644, NULL,
+         &proc_dointvec},
+        {NET_IPV4_CONF_SRC_CHECK, "source_check",
+         &ipv4_devconf.source_check, sizeof(int), 0644, NULL,
          &proc_dointvec},
 	{NET_IPV4_CONF_TAG, "tag",
 	 &ipv4_devconf.tag, sizeof(int), 0644, NULL,
diff -ru -x*~ linux-lt-2.3.99-pre3.prev/net/ipv4/fib_frontend.c linux-lt-2.3.99-pre3/net/ipv4/fib_frontend.c
--- linux-lt-2.3.99-pre3.prev/net/ipv4/fib_frontend.c	Thu Dec 23 11:55:38 1999
+++ linux-lt-2.3.99-pre3/net/ipv4/fib_frontend.c	Tue Mar 28 19:39:50 2000
@@ -30,6 +30,7 @@
 #include <linux/in.h>
 #include <linux/inet.h>
 #include <linux/netdevice.h>
+#include <linux/inetdevice.h>
 #include <linux/if_arp.h>
 #include <linux/proc_fs.h>
 #include <linux/skbuff.h>
@@ -168,11 +169,31 @@
 	return dev;
 }
 
+int fib_local_source(u32 saddr, u32 daddr, u8 tos, struct net_device *dev)
+{
+	struct rt_key		key;
+	struct fib_result	res;
+
+	memset(&key, 0, sizeof(key));
+	key.src = daddr;
+	key.dst = saddr;
+	key.tos = tos;
+	key.iif = dev->ifindex;
+	if (fib_lookup(&key, &res) == 0) {
+		unsigned ret;
+		ret = res.type;
+		fib_res_put(&res);
+		if (ret != RTN_LOCAL)
+			return -EINVAL;
+	}
+	return 0;
+}
+
 unsigned inet_addr_type(u32 addr)
 {
 	struct rt_key		key;
 	struct fib_result	res;
-	unsigned ret = RTN_BROADCAST;
+	unsigned		ret;
 
 	if (ZERONET(addr) || BADCLASS(addr))
 		return RTN_BROADCAST;
@@ -180,21 +201,57 @@
 		return RTN_MULTICAST;
 
 	memset(&key, 0, sizeof(key));
+	key.src = addr;
 	key.dst = addr;
-#ifdef CONFIG_IP_MULTIPLE_TABLES
-	res.r = NULL;
-#endif
 	
-	if (local_table) {
-		ret = RTN_UNICAST;
-		if (local_table->tb_lookup(local_table, &key, &res) == 0) {
-			ret = res.type;
-			fib_res_put(&res);
-		}
+	ret = RTN_UNICAST;
+	if (fib_lookup(&key, &res) == 0) {
+		ret = res.type;
+		fib_res_put(&res);
 	}
 	return ret;
 }
 
+u32 fib_select_addr(struct net_device *dev, u32 dst, int scope)
+{
+	struct rt_key		key;
+	struct fib_result	res;
+	u32			ret;
+
+	memset(&key, 0, sizeof(key));
+	key.src = dst;
+	key.dst = dst;
+	key.oif = dev->ifindex;
+	key.scope = scope;
+	
+	if (fib_lookup(&key, &res) == 0) {
+		ret = FIB_RES_PREFSRC(res);
+		fib_res_put(&res);
+	} else
+		ret = inet_select_addr(dev, dst, scope);
+	return ret;
+}
+
+/* Check if dst is a UNICAST address and reachable via device dev */
+int inet_addr_onlink(struct net_device *dev, u32 dst, u32 src, u8 tos)
+{
+	struct rt_key key;
+	struct fib_result res;
+	int ret;
+
+	key.src = src;
+	key.dst = dst;
+	key.tos = tos;
+	key.iif = 0;
+	key.oif = 0;
+	key.scope = RT_SCOPE_LINK;
+	if (fib_lookup(&key, &res) != 0)
+		return 0;
+	ret = (res.type == RTN_UNICAST && FIB_RES_DEV(res) == dev);
+	fib_res_put(&res);
+	return ret;
+}
+
 /* Given (packet source, input interface) and optional (dst, oif, tos):
    - (main) check, that source is valid i.e. not broadcast or our local
      address.
@@ -559,7 +616,7 @@
 			   First of all, we scan fib_info list searching
 			   for stray nexthop entries, then ignite fib_flush.
 			*/
-			if (fib_sync_down(ifa->ifa_local, NULL, 0))
+			if (fib_sync_addr_down(ifa->ifa_local))
 				fib_flush();
 		}
 	}
@@ -571,7 +628,7 @@
 
 static void fib_disable_ip(struct net_device *dev, int force)
 {
-	if (fib_sync_down(0, dev, force))
+	if (fib_sync_dev_down(dev, force))
 		fib_flush();
 	rt_cache_flush(0);
 	arp_ifdown(dev);
@@ -591,8 +648,10 @@
 			/* Last address was deleted from this interface.
 			   Disable IP.
 			 */
+			printk("fib_inetaddr_event: dev down, fib_disable_ip(1)\n");