| blob | 11a77fb330dab4d3e504ce881166aea91e502957 |
1 /* LWIP service - route.c - route management */
2 /*
3 * This module provides a destination-based routing implementation, roughly
4 * matching the routing as done traditionally by the BSDs and by current NetBSD
5 * in particular. As such, this implementation almost completely replaces
6 * lwIP's own more limited (and less rigid) routing algorithms. It does this
7 * using a combination of overriding lwIP functions (ip4_route, ip6_route) with
8 * weak-symbol patching, and lwIP-provided gateway hooks. Especially the
9 * former gives us a level of control that lwIP's routing hooks do not provide:
10 * not only does such overriding give us the ability to flag that no route was
11 * found at all, we also bypass a number of default decisions taken by lwIP
12 * where the routing hooks are not called at all.
13 *
14 * As a result, the routing tables as visible to the user are an almost
15 * completely accurate reflection of the routing decisions taken by this TCP/IP
16 * stack in practice. There is currently only one exception: for IPv4 gateway
17 * selection, lwIP will bypass the gateway hook if the given address is on the
18 * local subnet according to the locally assigned IP address and subnet mask.
19 * This exception should practically affect noone, though.
20 *
21 * Our routing implementation differs from NetBSD's in various aspects, though.
22 * Perhaps the most important one, also noted elsewhere, is that we do not
23 * support the coexistence of an all-bits-set network route and a host route
24 * for the same IP address. If necessary, this issue can be resolved.
25 *
26 * We use a custom concept of "immutable" routes for local addresses, which are
27 * a somewhat special case as explained in the ifaddr module. Since those
28 * RTF_LOCAL routes cannot be deleted, a small change is made to the route(8)
29 * flush-all command to skip them. Packets directed at local addresses on
30 * non-loopback interfaces are handled in a way that differs from NetBSD's,
31 * too. This is explained in the ifdev module.
32 *
33 * The BSDs support special routes that reject or blackhole packets, based on
34 * routing flags. We support such routes as well, but implement them somewhat
35 * differently from the BSDs: such packets always get routed over a loopback
36 * interface (regardless of their associated interface), in order to save on
37 * routing lookups for packets in the common case.
38 *
39 * As general rules of thumb: if there is no route to a destination, assignment
40 * of a local address will already fail with a "no route to host" error. If
41 * there is an RTF_REJECT route, a local address will be assigned, but actual
42 * packets will be routed to a loopback interface and result in a "no route to
43 * host" error upon reception there - this is what NetBSD seems to do too, even
44 * though the documentation says that RTF_REJECT routes generate ICMP messages
45 * instead. RTF_BLACKHOLE behaves similarly to RTF_REJECT, except that the
46 * packet is simply discarded upon receipt by the loopback interface.
47 *
48 * In various places, both here and elsewhere, we check to make sure that on
49 * routing and output, scoped IPv6 source and destination addresses never leave
50 * their zone. For example, a packet must not be sent to an outgoing interface
51 * if its source address is a link-local address with a zone for another
52 * interface. lwIP does not check for such violations, and so we must make
53 * sure that this does not happen ourselves.
54 *
55 * Normally, one would tell lwIP to use a particular default IPv4 gateway by
56 * associating the gateway address to a particular interface, and then setting
57 * that interface as default interface (netif_default). We explicitly do
58 * neither of these things. Instead, the routing hooks should return the
59 * default route whenever applicable, and the gateway hooks should return the
60 * default route's gateway IP address whenever needed.
61 *
62 * Due to lwIP's limited set of error codes, we do not properly distinguish
63 * between cases where EHOSTUNREACH or ENETUNREACH should be thrown, and throw
64 * the former in most cases.
65 */
76 /*
77 * The maximum number of uint8_t bytes needed to represent a routing address.
78 * This value is the maximum of 4 (for IPv4) and 16 (for IPv6).
79 */
80 #define ROUTE_ADDR_MAX (MAX(IP4_BITS, IP6_BITS) / NBBY)
82 /*
83 * We use a shared routing entry data structure for IPv4 and IPv6 routing
84 * entries. The result is cleaner code at the cost of (currently) about 2.3KB
85 * of memory wasted (costing 12 bytes per address for three addresses for 64 of
86 * the 128 routing entries that would be for IPv4), although with the benefit
87 * that either address family may use more than half of the routing entries.
88 * From that 2.3KB, 1KB can be reclaimed by moving the destination address and
89 * mask into the rttree_entry data structure, at the cost of its generality.
90 */
105 };
106 #define re_ifdev re_pu.repu_ifdev
107 #define re_next re_pu.repu_next
108 #define re_gw4 re_gu.regu_gw4
109 #define re_gw6 re_gu.regu_gw6
111 /* Routes for local addresses are immutable, for reasons explained in ifdev. */
112 #define route_is_immutable(route) ((route)->re_flags & RTF_LOCAL)
114 /*
115 * We override a subset of the BSD routing flags in order to store our own
116 * local settings. In particular, we have to have a way to store whether a
117 * route is for an IPv4 or IPv6 destination address. We override BSD's
118 * RTF_DONE flag for this: RTF_DONE is only used with routing sockets, and
119 * never associated with actual routes. In contrast, RTF_IPV6 is only used
120 * with actual routes, and never sent across routing sockets. In general,
121 * overriding flags is preferable to adding new ones, as BSD might later add
122 * more flags itself as well, while it can never remove existing flags.
123 */
126 /* The total number of routing entries (IPv4 and IPv6 combined). */
127 #define NR_ROUTE_ENTRY 128
133 /* The routing trees. There are two: one for IPv4 and one for IPv6. */
134 #define ROUTE_TREE_V4 0
135 #define ROUTE_TREE_V6 1
136 #define NR_ROUTE_TREE 2
140 /* We support a single cached routing entry per address family (IPv4, IPv6). */
149 /*
150 * Initialize the routing cache. There are a lot of trivial functions here,
151 * but this is designed to be extended in the future.
152 */
153 static void
155 {
159 }
161 /*
162 * Look up the given IPv4 address in the routing cache. If there is a match,
163 * return TRUE with the associated route in 'route', possibly NULL if a
164 * negative result was cached. Return FALSE if the routing cache does not
165 * cache the given IPv4 address.
166 */
169 {
177 }
179 /*
180 * Add the given IPv4 address and the given routing entry (NULL for negative
181 * caching) to the routing cache.
182 */
185 {
190 }
192 /*
193 * Reset the IPv4 routing cache.
194 */
195 static void
197 {
200 }
202 /*
203 * Look up the given IPv6 address in the routing cache. If there is a match,
204 * return TRUE with the associated route in 'route', possibly NULL if a
205 * negative result was cached. Return FALSE if the routing cache does not
206 * cache the given IPv6 address.
207 */
210 {
218 }
220 /*
221 * Add the given IPv6 address and the given routing entry (NULL for negative
222 * caching) to the routing cache. Caching of scoped addresses without zones is
223 * not supported.
224 */
227 {
232 }
234 /*
235 * Reset the IPv6 routing cache.
236 */
237 static void
239 {
242 }
244 /*
245 * Initialize the routing module.
246 */
247 void
249 {
252 /* Initialize the routing trees. */
256 /* Initialize the list of free routing entries. */
261 re_next);
263 /* Reset the routing cache. */
265 }
267 /*
268 * Prepare for a routing tree operation by converting the given IPv4 address
269 * into a raw address that can be used in that routing tree operation.
270 */
273 {
279 }
281 /*
282 * Prepare for a routing tree operation by converting the given IPv6 address
283 * into a raw address that can be used in that routing tree operation. If the
284 * given prefix length allows for it, also incorporate the address zone.
285 */
289 {
293 /*
294 * TODO: in most cases, we could actually return a pointer to the
295 * address contained in the given lwIP IP address structure. However,
296 * doing so would make a lot things quite a bit messier around here,
297 * but the small performance gain may still make it worth it.
298 */
301 /*
302 * Embed the zone ID into the address, KAME style. This is the
303 * easiest way to have link-local addresses for multiple interfaces
304 * coexist in a single routing tree. Do this only if the full zone ID
305 * would be included in the prefix though, or we might de-normalize the
306 * address.
307 */
310 }
312 /*
313 * Prepare for a routing tree operation by converting the given IP address into
314 * a raw address that can be used in that routing tree operation. The given
315 * address's zone ID is embedded "KAME-style" into the raw (IPv6) address when
316 * applicable and if the given prefix length allows for it. Return the index
317 * of the routing tree to use (ROUTE_TREE_V4 or ROUTE_TREE_V6).
318 */
319 static unsigned int
322 {
337 }
338 }
340 /*
341 * The given routing tree (ROUTE_TREE_V4 or ROUTE_TREE_V6) has been updated.
342 * Invalidate any cache entries that may now have become stale, both locally
343 * and in lwIP.
344 */
345 static void
347 {
352 /*
353 * Also clear the lwIP ND6 destination cache, which may now
354 * contain entries for the wrong gateway.
355 */
359 }
361 /*
362 * Add a route to the appropriate routing table. The address, address zone,
363 * prefix, and RTF_HOST flag in the flags field make up the identity of the
364 * route. If the flags field contains RTF_GATEWAY, a gateway must be given;
365 * otherwise, it must be NULL. The route is associated with the given
366 * interface, which may not be NULL. The caller must ensure that the flags
367 * field does not contain unsupported flags. On success, return OK, and also
368 * also announce the addition. On failure, return a negative error code.
369 */
370 int
374 {
383 /* Get a routing entry, if any are available. */
389 /*
390 * Perform sanity checks on the input, and fill in enough of the
391 * routing entry to be able to try and add it to the routing tree.
392 */
418 }
420 /* Generate the (raw) network mask. This is protocol agnostic! */
423 /* The given address must be normalized to its mask. */
428 /*
429 * Attempt to add the routing entry. Host-type entries do not have an
430 * associated mask, enabling ever-so-slightly faster matching.
431 */
437 /*
438 * Success. Finish the routing entry. Remove the entry from the free
439 * list before assigning re_ifdev, as these two use the same memory.
440 */
446 /*
447 * Store the gateway if one is given. Store the address in lwIP format
448 * because that is the easiest way use it later again. Store it as a
449 * union to keep the route entry structure as small as possible. Store
450 * the address without its zone, because the gateway's address zone is
451 * implied by its associated ifdev.
452 *
453 * If no gateway is given, this is a link-type route, i.e., a route for
454 * a local network, with all nodes directly connected and reachable.
455 */
460 else
462 }
464 /* We have made routing changes. */
467 /* Announce the route addition. */
471 }
473 /*
474 * Check whether it is possible to add a route for the given destination to the
475 * corresponding routing table, that is, a subsequent route_add() call for this
476 * destination address is guaranteed to succeed (if all its parameters are
477 * valid). Return TRUE if adding the route is guaranteed to succeed, or FALSE
478 * if creating a route for the given destination would fail.
479 */
480 int
483 {
489 /*
490 * The corresponding routing tree must not already contain an exact
491 * match for the destination. If the routing tree implementation is
492 * ever extended with support for coexisting host and net entries with
493 * the same prefix, we should also pass in 'is_host' here.
494 */
498 /* There must be a routing entry on the free list as well. */
500 }
502 /*
503 * Find a route with the exact given route identity. Return the route if
504 * found, or NULL if no route exists with this identity.
505 */
508 {
522 /*
523 * As long as the routing tree code does not support coexisting host
524 * and net entries with the same prefix, we have to check the type.
525 */
530 }
532 /*
533 * A route lookup failed for the given IP address. Generate an RTM_MISS
534 * message on routing sockets.
535 */
536 static void
538 {
540 socklen_t addr_len;
547 }
549 /*
550 * A route lookup failed for the given IPv4 address. Generate an RTM_MISS
551 * message on routing sockets.
552 */
553 static void
555 {
556 ip_addr_t ipaddr;
561 }
563 /*
564 * A route lookup failed for the given IPv6 address. Generate an RTM_MISS
565 * message on routing sockets.
566 */
567 static void
569 {
570 ip_addr_t ipaddr;
575 }
577 /*
578 * Look up the most narrow matching routing entry for the given IPv4 address.
579 * Return the routing entry if one exists at all, or NULL otherwise. This
580 * function performs caching.
581 */
584 {
588 /*
589 * Look up the route for the destination IP address, unless we have a
590 * cached route entry. We cache negatives in order to avoid generating
591 * lots of RTM_MISS messages for the same destination in a row.
592 */
601 /* Cache the result, even if we found no route. */
605 }
607 /*
608 * Look up the most narrow matching routing entry for the given IPv6 address,
609 * taking into account its zone ID if applicable. Return the routing entry if
610 * one exists at all, or NULL otherwise. This function performs caching.
611 */
614 {
619 /*
620 * We do not support caching of addresses that should have a zone but
621 * do not: in different contexts, such addresses could yield different
622 * routes.
623 */
634 /* Cache the result, even if no route was found. */
639 }
641 /*
642 * Look up the most narrow matching routing entry for the given IP address,
643 * taking into account its zone ID if applicable. Return the routing entry if
644 * one exists at all, or NULL otherwise. This function performs caching.
645 */
648 {
652 else
654 }
656 /*
657 * Change an existing routing entry. Its flags are always updated to the new
658 * set of given flags, although certain flags are always preserved. If the
659 * new flags set has RTF_GATEWAY set and 'gateway' is not NULL, update the
660 * gateway associated with the route. If 'ifdev' is not NULL, reassociate the
661 * route with the given interface; this will not affect the zone of the
662 * route's destination address. On success, return OK, and also announce the
663 * change. On failure, return a negative error code.
664 */
665 static int
669 {
674 /* Update the associated interface (only) if a new one is given. */
678 /*
679 * These flags may not be changed. RTF_UP should always be set anyway.
680 * RTF_HOST and RTF_IPV6 are part of the route's identity. RTF_LOCAL
681 * should be preserved as well, although we will not get here if either
682 * the old or the new flags have it set anyway.
683 */
686 /* Always update the flags. There is no way not to. */
689 /*
690 * If a new gateway is given *and* RTF_GATEWAY is set, update the
691 * gateway. If RTF_GATEWAY is not set, this is a link-type route with
692 * no gateway. If no new gateway is given, we keep the gateway as is.
693 */
698 else
700 }
702 /* We have made routing changes. */
705 /* Announce the route change. */
709 }
711 /*
712 * Delete the given route, and announce its deletion.
713 */
714 void
716 {
719 /* First announce the deletion, while the route is still around. */
724 /* Then actually delete the route. */
729 /* We have made routing changes. */
731 }
733 /*
734 * Delete all routes associated with the given interface, typically as part of
735 * destroying the interface.
736 */
737 void
739 {
744 /*
745 * Delete all routes associated with the given interface. Fortunately,
746 * we need not also delete addresses zoned to the given interface,
747 * because no route can be created with a zone ID that does not match
748 * the associated interface. That is the main reason why we ignore
749 * zone IDs for gateways when adding or changing routes..
750 */
760 else
762 }
763 }
764 }
766 /*
767 * Process a routing command specifically for an IPv4 or IPv6 route, as one of
768 * the specific continuations of processing started by route_process(). The
769 * RTM_ routing command is given as 'type'. The route destination is given as
770 * 'dst_addr'; its address type determines whether the operation is for IPv4 or
771 * IPv6. The sockaddr structures for 'mask' and 'gateway' are passed on as is
772 * and may have to be parsed here if not NULL. 'ifdev' is the interface to be
773 * associated with a route; it is non-NULL only if an interface name (IFP) or
774 * address (IFA) was given. The RTF_ flags field 'flags' has been checked
775 * against the globally supported flags, but may have to be checked for flags
776 * that do not apply to IPv4/IPv6 routes. Return OK or a negative error code,
777 * following the same semantics as route_process().
778 */
779 static int
784 {
799 /*
800 * For network entries, a network mask must be provided in all cases.
801 * For host entries, the network mask is ignored, and we use a prefix
802 * with all bits set.
803 */
814 else
816 }
820 /*
821 * Determine the gateway and interface for the routing entry, if
822 * applicable.
823 */
825 /*
826 * The RTF_UP flag must always be set, but only if the flags
827 * field is used at all.
828 */
840 /*
841 * We use the zone of the gateway to help determine the
842 * interface, but we do not reject a mismatching zone
843 * here. The reason for this is that we do not want
844 * routes that have zones for an interface other than
845 * the one associated with the route, as that could
846 * create a world of trouble: packets leaving their
847 * zone, complications with cleaning up interfaces..
848 */
857 else
859 }
861 /*
862 * If we still have no interface at this point, see if
863 * we can find one based on just the gateway address.
864 * See if a locally attached network owns the address.
865 * That may not succeed, leaving ifdev set to NULL.
866 */
869 }
871 /*
872 * When adding routes, all necessary information must be given.
873 * When changing routes, we can leave some settings as is.
874 */
879 /* TODO: try harder to find a matching interface.. */
882 }
883 }
885 /*
886 * All route commands except RTM_ADD require that a route exists for
887 * the given identity, although RTM_GET, when requesting a host entry,
888 * may return a wider (network) route based on just the destination
889 * address.
890 */
892 /* For RTM_GET (only), a host query may return a net route. */
895 else
904 /* Process the actual routing command. */
910 /* Routes for local addresses are immutable. */
917 /* Routes for local addresses are immutable. */
926 /*
927 * TODO: implement even the suggestion that we support this.
928 * For now, we do not keep per-route metrics, let alone change
929 * them dynamically ourselves, so "locking" metrics is really
930 * not a concept that applies to us. We may however have to
931 * save the lock mask and return it in queries..
932 */
933 /* FALLTHROUGH */
935 /* Simply generate a message for the route we just found. */
942 }
943 }
945 /*
946 * Process a routing command from a routing socket. The RTM_ type of command
947 * is given as 'type', and is one of RTM_ADD, RTM_CHANGE, RTM_DELETE, RTM_GET,
948 * RTM_LOCK. In addition, the function takes a set of sockaddr pointers as
949 * provided by the routing command. Each of these sockaddr pointers may be
950 * NULL; if not NULL, the structure is at least large enough to contain the
951 * address length (sa_len) and family (sa_family), and the length never exceeds
952 * the amount of memory used to store the sockaddr structure. However, the
953 * length itself has not yet been checked against the expected protocol
954 * structure and could even be zero. The command's RTF_ routing flags and
955 * metrics are provided as well. On success, return OK, in which case the
956 * caller assumes that a routing socket announcement for the processed command
957 * has been sent already (passing on 'rtr' to the announcement function as is).
958 * On failure, return a negative error code; in that case, the caller will send
959 * a failure response on the original routing socket itself.
960 */
961 int
967 {
975 /*
976 * The identity of a route is determined by its destination address,
977 * destination zone, prefix length, and whether it is a host entry
978 * or not. If it is a host entry (RTF_HOST is set), the prefix length
979 * is implied by the protocol; otherwise it should be obtained from the
980 * given netmask if necessary. For link-local addresses, the zone ID
981 * must be embedded KAME-style in the destination address. A
982 * destination address must always be given. The destination address
983 * also determines the overall address family.
984 */
992 #ifdef INET6
999 }
1005 /*
1006 * Perform a generic test on the given flags. This covers everything
1007 * we support at all, plus a few flags we ignore. Specific route types
1008 * may have further restrictions; those tests are performed later.
1009 */
1018 /*
1019 * If an interface address or name is given, use that to
1020 * identify the target interface. If both are given, make sure
1021 * that both identify the same interface--a hopefully helpful
1022 * feature to detect wrong route(8) usage (NetBSD simply takes
1023 * IFP over IFA). An empty interface name is ignored on the
1024 * basis that libc link_addr(3) is broken.
1025 */
1035 }
1038 /*
1039 * This is similar to retrieval of source addresses in
1040 * ipsock, with the difference that we do not impose
1041 * that a zone ID be given for link-local addresses.
1042 */
1052 else
1054 }
1056 /*
1057 * If the destination address has a zone, then it must not
1058 * conflict with the interface, if one was given. If not, we
1059 * may use it to decide the interface to use for the route.
1060 */
1071 }
1072 }
1073 }
1075 /*
1076 * For now, no initializers are supported by any of the sub-processing
1077 * routines, so outright reject requests that set any initializers.
1078 * Most importantly, we do not support per-route MTU settings (RTV_MTU)
1079 * because lwIP would not use them, and we do not support non-zero
1080 * expiry (RTV_EXPIRE) because for IPv4/IPv6 routes it is not a widely
1081 * used feature and for ARP/NDP we would have to change lwIP.
1082 * dhcpcd(8) does supply RTV_MTU, we have to ignore that option rather
1083 * than reject it, unfortunately. arp(8) always sets RTV_EXPIRE, so we
1084 * reject only non-zero expiry there.
1085 */
1090 /*
1091 * From here on, the processing differs for ARP, NDP, and IP routes.
1092 * As of writing, our userland is from NetBSD 7, which puts link-local
1093 * route entries in its main route tables. This means we would have to
1094 * search for existing routes before we can determine whether, say, a
1095 * RTM_GET request is for an IP or an ARP route entry. As of NetBSD 8,
1096 * the link-local administration is separated, and all requests use the
1097 * RTF_LLDATA flag to indicate that they are for ARP/NDP routes rather
1098 * than IP routes. Since that change makes things much cleaner for us,
1099 * we borrow from the future, patching arp(8) and ndp(8) to add the
1100 * RTF_LLDATA flag now, so that we can implement a clean split here.
1101 */
1105 else
1107 rtr);
1108 }
1110 /*
1111 * Return the routing flags (RTF_) for the given routing entry. Strip out any
1112 * internal flags.
1113 */
1114 unsigned int
1116 {
1119 }
1121 /*
1122 * Return TRUE if the given routing entry is for the IPv6 address family, or
1123 * FALSE if it is for IPv4.
1124 */
1125 int
1127 {
1130 }
1132 /*
1133 * Return the interface associated with the given routing entry. The resulting
1134 * interface is never NULL.
1135 */
1138 {
1141 }
1143 /*
1144 * Convert the given raw routing address pointed to by 'rtaddr' into a
1145 * lwIP-style IP address 'ipaddr' of type 'type', which must by IPADDR_TYPE_V4
1146 * or IPADDR_TYPE_V6.
1147 */
1148 static void
1150 {
1154 /*
1155 * Convert the routing address to a lwIP-type IP address. Take out the
1156 * KAME-style embedded zone, if needed.
1157 */
1180 }
1186 }
1187 }
1189 /*
1190 * Obtain information about an IPv4 or IPv6 routing entry, by filling 'addr',
1191 * 'mask', 'gateway', and optionally (if not NULL) 'ifp' and 'ifa' with
1192 * sockaddr-type data for each of those fields. Also store the associated
1193 * interface in 'ifdevp', the routing entry's flags in 'flags', and the route's
1194 * usage count in 'use'.
1195 */
1196 void
1201 {
1205 socklen_t addr_len;
1210 /* Get the destination address. */
1218 /* Get the network mask, if applicable. */
1227 /* Get the gateway, which may be an IP address or a local link. */
1235 else
1244 }
1246 /* Get the associated interface name. */
1253 }
1255 /* Get the associated source address, if we can determine one. */
1266 }
1268 /* Get other fields. */
1272 }
1274 /*
1275 * Enumerate IPv4 routing entries. Return the first IPv4 routing entry if
1276 * 'last' is NULL, or the next routing entry after 'last' if it is not NULL.
1277 * In both cases, the return value may be NULL if there are no more routes.
1278 */
1281 {
1287 }
1289 /*
1290 * Enumerate IPv6 routing entries. Return the first IPv6 routing entry if
1291 * 'last' is NULL, or the next routing entry after 'last' if it is not NULL.
1292 * In both cases, the return value may be NULL if there are no more routes.
1293 */
1296 {
1302 }
1304 /*
1305 * lwIP IPv4 routing function. Given an IPv4 destination address, look up and
1306 * return the target interface, or NULL if there is no route to the address.
1307 *
1308 * This is a full replacement of the corresponding lwIP function, which should
1309 * be overridden with weak symbols, using patches against the lwIP source code.
1310 * As such, the lwIP headers should already provide the correct prototype for
1311 * this function. If not, something will have changed in the lwIP
1312 * implementation, and this code must be revised accordingly.
1313 */
1316 {
1320 /*
1321 * Look up the route for the destination IPv4 address. If no route is
1322 * found at all, return NULL to the caller.
1323 */
1328 }
1330 /*
1331 * For now, we increase the use counter only for actual route lookups,
1332 * and not for gateway lookups or user queries. As of writing,
1333 * route(8) does not print this number anyway..
1334 */
1337 /*
1338 * For all packets that are supposed to be rejected or blackholed, use
1339 * a loopback interface, regardless of the interface to which the route
1340 * is associated (even though it will typically be lo0 anyway). The
1341 * reason for this is that on packet output, we perform another route
1342 * route lookup just to check for rejection/blackholing, but for
1343 * efficiency reasons, we limit such checks to loopback interfaces:
1344 * loopback traffic will typically use only one IP address anyway, thus
1345 * limiting route misses from such rejection/blackhole route lookups as
1346 * much as we can. The lookup is implemented in route_output_v4(). We
1347 * divert only if the target interface is not a loopback interface
1348 * already, mainly to allow userland tests to create blackhole routes
1349 * to a specific loopback interface for testing purposes.
1350 *
1351 * It is not correct to return NULL for RTF_REJECT routes here, because
1352 * this could cause e.g. connect() calls to fail immediately, which is
1353 * not how rejection should work. Related: a previous incarnation of
1354 * support for these flags used a dedicated netif to eliminate the
1355 * extra route lookup on regular output altogether, but in the current
1356 * situation, that netif would have to be assigned (IPv4 and IPv6)
1357 * addresses in order not to break e.g. connect() in the same way.
1358 */
1362 else
1366 }
1368 /*
1369 * lwIP IPv4 routing hook. Since this hook is called only from lwIP's own
1370 * ip4_route() implementation, this hook must never fire. If it does, either
1371 * something is wrong with overriding ip4_route(), or lwIP added other places
1372 * from which this hook is called. Both cases are highly problematic and must
1373 * be resolved somehow, which is why we simply call panic() here.
1374 */
1377 {
1380 }
1382 /*
1383 * lwIP IPv4 ARP gateway hook.
1384 */
1387 {
1391 /* Look up the route for the destination IP address. */
1395 /*
1396 * This case could only ever trigger as a result of lwIP taking its own
1397 * routing decisions instead of calling the IPv4 routing hook. While
1398 * not impossible, such cases should be extremely rare. We cannot
1399 * provide a meaningful gateway address in this case either, though.
1400 */
1405 }
1407 /*
1408 * If this route has a gateway, return the IP address of the gateway.
1409 * Otherwise, the route is for a local network, and we would typically
1410 * not get here because lwIP performs the local-network check itself.
1411 * It is possible that the local network consists of more than one IP
1412 * range, and the user has configured a route for the other range. In
1413 * that case, return the IP address of the actual destination.
1414 *
1415 * We store a packed version of the IPv4 address, so reconstruct the
1416 * unpacked version to a static variable first - for consistency with
1417 * the IPv6 code.
1418 */
1425 }
1427 /*
1428 * lwIP IPv6 routing function. Given an IPv6 source and destination address,
1429 * look up and return the target interface, or NULL if there is no route to the
1430 * address. Our routing algorithm is destination-based, meaning that the
1431 * source address must be considered only to resolve zone ambiguity.
1432 *
1433 * This is a full replacement of the corresponding lwIP function, which should
1434 * be overridden with weak symbols, using patches against the lwIP source code.
1435 * As such, the lwIP headers should already provide the correct prototype for
1436 * this function. If not, something will have changed in the lwIP
1437 * implementation, and this code must be revised accordingly.
1438 */
1441 {
1444 ip6_addr_t dst_addr;
1450 /*
1451 * If the destination address is scoped but has no zone, use the source
1452 * address to determine a zone, which we then set on the destination
1453 * address to find the route, if successful. Obviously, the interface
1454 * is not going to be different from the zone, but we do need to check
1455 * other aspects of the route (e.g., one might want to null-route all
1456 * multicast traffic). In the case that no source address is given at
1457 * all, first see if the destination address happens to be a locally
1458 * assigned address. In theory this could yield multiple matches, so
1459 * pick the first one. If not even that helps, we have absolutely
1460 * nothing we can use to refine route selection. We could pick an
1461 * arbitrary interface in that case, but we currently don't.
1462 */
1475 else
1477 }
1485 }
1486 }
1490 /*
1491 * Look up the route for the destination IPv6 address. If no route is
1492 * found at all, return NULL to the caller.
1493 */
1495 /*
1496 * Since we rely on userland to create routes for on-link
1497 * prefixes and default routers, we do not have to call lwIP's
1498 * nd6_find_route() here.
1499 */
1501 /* Generate an RTM_MISS message. */
1505 }
1507 /*
1508 * We have found a route based on the destination address. If we did
1509 * not pick the destination address zone based on the source address,
1510 * we should now check for source address zone violations. Note that
1511 * if even the destination address zone violates its target interface,
1512 * this case will be caught by route_lookup_v6().
1513 */
1520 /*
1521 * See ip4_route() for an explanation of the use of loopback here. For
1522 * the IPv6 case, the matching logic is in route_output_v6().
1523 */
1527 else
1530 /*
1531 * If the selected interface would cause the destination address to
1532 * leave its zone, fail route selection altogether. This case may
1533 * trigger especially for reject routes, for which the interface change
1534 * to loopback may introduce a zone violation.
1535 */
1541 }
1543 /*
1544 * lwIP IPv6 (source) routing hook. Since this hook is called only from lwIP's
1545 * own ip6_route() implementation, this hook must never fire. If it does,
1546 * either something is wrong with overriding ip6_route(), or lwIP added other
1547 * places from which this hook is called. Both cases are highly problematic
1548 * and must be resolved somehow, which is why we simply call panic() here.
1549 */
1552 {
1555 }
1557 /*
1558 * lwIP IPv6 ND6 gateway hook.
1559 */
1562 {
1570 /* Look up the route for the destination IP address. */
1574 /* As for IPv4. */
1579 }
1581 /*
1582 * We save memory by storing a packed (zoneless) version of the IPv6
1583 * gateway address. That means we cannot return a pointer to it here.
1584 * Instead, we have to resort to expanding the address into a static
1585 * variable. The caller will immediately make a copy anyway, though.
1586 */
1594 }
1596 /*
1597 * Check whether a packet is allowed to be sent to the given destination IPv4
1598 * address 'ipaddr' on the interface 'ifdev', according to route information.
1599 * Return TRUE if the packet should be sent. Return FALSE if the packet should
1600 * be rejected or discarded, with 'err' set to the error to return to lwIP.
1601 */
1602 int
1604 {
1607 /* See if we should reject/blackhole packets to this destination. */
1613 else
1617 }
1620 }
1622 /*
1623 * Check whether a packet is allowed to be sent to the given destination IPv6
1624 * address 'ipaddr' on the interface 'ifdev', according to route information.
1625 * Return TRUE if the packet should be sent. Return FALSE if the packet should
1626 * be rejected or discarded, with 'err' set to the error to return to lwIP.
1627 */
1628 int
1630 {
1633 /* Do one more zone violation test, just in case. It's cheap. */
1639 }
1641 /* See if we should reject/blackhole packets to this destination. */
1647 else
1651 }
1654 }