pkg/tcpip/stack/route.go - third_party/gvisor.dev/gvisor/netstack - Git at Google

 // Copyright 2018 The gVisor Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package stack

 import (
 	"fmt"

 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
 )

 // Route represents a route through the networking stack to a given destination.
 //
 // It is safe to call Route's methods from multiple goroutines.
 type Route struct {
 	routeInfo routeInfo

 	// localAddressNIC is the interface the address is associated with.
 	// TODO(gvisor.dev/issue/4548): Remove this field once we can query the
 	// address's assigned status without the NIC.
 	localAddressNIC *nic

 	mu struct {
 		sync.RWMutex

 		// localAddressEndpoint is the local address this route is associated with.
 		localAddressEndpoint AssignableAddressEndpoint

 		// remoteLinkAddress is the link-layer (MAC) address of the next hop in the
 		// route.
 		remoteLinkAddress tcpip.LinkAddress
 	}

 	// outgoingNIC is the interface this route uses to write packets.
 	outgoingNIC *nic

 	// linkRes is set if link address resolution is enabled for this protocol on
 	// the route's NIC.
 	linkRes *linkResolver
 }

 type routeInfo struct {
 	RemoteAddress tcpip.Address

 	LocalAddress tcpip.Address

 	LocalLinkAddress tcpip.LinkAddress

 	NextHop tcpip.Address

 	NetProto tcpip.NetworkProtocolNumber

 	Loop PacketLooping
 }

 // RemoteAddress returns the route's destination.
 func (r *Route) RemoteAddress() tcpip.Address {
 	return r.routeInfo.RemoteAddress
 }

 // LocalAddress returns the route's local address.
 func (r *Route) LocalAddress() tcpip.Address {
 	return r.routeInfo.LocalAddress
 }

 // LocalLinkAddress returns the route's local link-layer address.
 func (r *Route) LocalLinkAddress() tcpip.LinkAddress {
 	return r.routeInfo.LocalLinkAddress
 }

 // NextHop returns the next node in the route's path to the destination.
 func (r *Route) NextHop() tcpip.Address {
 	return r.routeInfo.NextHop
 }

 // NetProto returns the route's network-layer protocol number.
 func (r *Route) NetProto() tcpip.NetworkProtocolNumber {
 	return r.routeInfo.NetProto
 }

 // Loop returns the route's required packet looping.
 func (r *Route) Loop() PacketLooping {
 	return r.routeInfo.Loop
 }

 // RouteInfo contains all of Route's exported fields.
 type RouteInfo struct {
 	routeInfo

 	// RemoteLinkAddress is the link-layer (MAC) address of the next hop in the
 	// route.
 	RemoteLinkAddress tcpip.LinkAddress
 }

 // Fields returns a RouteInfo with all of the known values for the route's
 // fields.
 //
 // If any fields are unknown (e.g. remote link address when it is waiting for
 // link address resolution), they will be unset.
 func (r *Route) Fields() RouteInfo {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	return r.fieldsLocked()
 }

 func (r *Route) fieldsLocked() RouteInfo {
 	return RouteInfo{
 		routeInfo:         r.routeInfo,
 		RemoteLinkAddress: r.mu.remoteLinkAddress,
 	}
 }

 // constructAndValidateRoute validates and initializes a route. It takes
 // ownership of the provided local address.
 //
 // Returns an empty route if validation fails.
 func constructAndValidateRoute(netProto tcpip.NetworkProtocolNumber, addressEndpoint AssignableAddressEndpoint, localAddressNIC, outgoingNIC *nic, gateway, localAddr, remoteAddr tcpip.Address, handleLocal, multicastLoop bool) *Route {
 	if len(localAddr) == 0 {
 		localAddr = addressEndpoint.AddressWithPrefix().Address
 	}

 	if localAddressNIC != outgoingNIC && header.IsV6LinkLocalAddress(localAddr) {
 		addressEndpoint.DecRef()
 		return nil
 	}

 	// If no remote address is provided, use the local address.
 	if len(remoteAddr) == 0 {
 		remoteAddr = localAddr
 	}

 	r := makeRoute(
 		netProto,
 		gateway,
 		localAddr,
 		remoteAddr,
 		outgoingNIC,
 		localAddressNIC,
 		addressEndpoint,
 		handleLocal,
 		multicastLoop,
 	)

 	return r
 }

 // makeRoute initializes a new route. It takes ownership of the provided
 // AssignableAddressEndpoint.
 func makeRoute(netProto tcpip.NetworkProtocolNumber, gateway, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC *nic, localAddressEndpoint AssignableAddressEndpoint, handleLocal, multicastLoop bool) *Route {
 	if localAddressNIC.stack != outgoingNIC.stack {
 		panic(fmt.Sprintf("cannot create a route with NICs from different stacks"))
 	}

 	if len(localAddr) == 0 {
 		localAddr = localAddressEndpoint.AddressWithPrefix().Address
 	}

 	loop := PacketOut

 	// TODO(gvisor.dev/issue/4689): Loopback interface loops back packets at the
 	// link endpoint level. We can remove this check once loopback interfaces
 	// loop back packets at the network layer.
 	if !outgoingNIC.IsLoopback() {
 		if handleLocal && localAddr != "" && remoteAddr == localAddr {
 			loop = PacketLoop
 		} else if multicastLoop && (header.IsV4MulticastAddress(remoteAddr) || header.IsV6MulticastAddress(remoteAddr)) {
 			loop |= PacketLoop
 		} else if remoteAddr == header.IPv4Broadcast {
 			loop |= PacketLoop
 		} else if subnet := localAddressEndpoint.AddressWithPrefix().Subnet(); subnet.IsBroadcast(remoteAddr) {
 			loop |= PacketLoop
 		}
 	}

 	r := makeRouteInner(netProto, localAddr, remoteAddr, outgoingNIC, localAddressNIC, localAddressEndpoint, loop)
 	if r.Loop()&PacketOut == 0 {
 		// Packet will not leave the stack, no need for a gateway or a remote link
 		// address.
 		return r
 	}

 	if r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityResolutionRequired != 0 {
 		if linkRes, ok := r.outgoingNIC.linkAddrResolvers[r.NetProto()]; ok {
 			r.linkRes = linkRes
 		}
 	}

 	if len(gateway) > 0 {
 		r.routeInfo.NextHop = gateway
 		return r
 	}

 	if r.linkRes == nil {
 		return r
 	}

 	if linkAddr, ok := r.linkRes.resolver.ResolveStaticAddress(r.RemoteAddress()); ok {
 		r.ResolveWith(linkAddr)
 		return r
 	}

 	if subnet := localAddressEndpoint.Subnet(); subnet.IsBroadcast(remoteAddr) {
 		r.ResolveWith(header.EthernetBroadcastAddress)
 		return r
 	}

 	if r.RemoteAddress() == r.LocalAddress() {
 		// Local link address is already known.
 		r.ResolveWith(r.LocalLinkAddress())
 	}

 	return r
 }

 func makeRouteInner(netProto tcpip.NetworkProtocolNumber, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC *nic, localAddressEndpoint AssignableAddressEndpoint, loop PacketLooping) *Route {
 	r := &Route{
 		routeInfo: routeInfo{
 			NetProto:         netProto,
 			LocalAddress:     localAddr,
 			LocalLinkAddress: outgoingNIC.LinkEndpoint.LinkAddress(),
 			RemoteAddress:    remoteAddr,
 			Loop:             loop,
 		},
 		localAddressNIC: localAddressNIC,
 		outgoingNIC:     outgoingNIC,
 	}

 	r.mu.Lock()
 	r.mu.localAddressEndpoint = localAddressEndpoint
 	r.mu.Unlock()

 	return r
 }

 // makeLocalRoute initializes a new local route. It takes ownership of the
 // provided AssignableAddressEndpoint.
 //
 // A local route is a route to a destination that is local to the stack.
 func makeLocalRoute(netProto tcpip.NetworkProtocolNumber, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC *nic, localAddressEndpoint AssignableAddressEndpoint) *Route {
 	loop := PacketLoop
 	// TODO(gvisor.dev/issue/4689): Loopback interface loops back packets at the
 	// link endpoint level. We can remove this check once loopback interfaces
 	// loop back packets at the network layer.
 	if outgoingNIC.IsLoopback() {
 		loop = PacketOut
 	}
 	return makeRouteInner(netProto, localAddr, remoteAddr, outgoingNIC, localAddressNIC, localAddressEndpoint, loop)
 }

 // RemoteLinkAddress returns the link-layer (MAC) address of the next hop in
 // the route.
 func (r *Route) RemoteLinkAddress() tcpip.LinkAddress {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	return r.mu.remoteLinkAddress
 }

 // NICID returns the id of the NIC from which this route originates.
 func (r *Route) NICID() tcpip.NICID {
 	return r.outgoingNIC.ID()
 }

 // MaxHeaderLength forwards the call to the network endpoint's implementation.
 func (r *Route) MaxHeaderLength() uint16 {
 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).MaxHeaderLength()
 }

 // Stats returns a mutable copy of current stats.
 func (r *Route) Stats() tcpip.Stats {
 	return r.outgoingNIC.stack.Stats()
 }

 // PseudoHeaderChecksum forwards the call to the network endpoint's
 // implementation.
 func (r *Route) PseudoHeaderChecksum(protocol tcpip.TransportProtocolNumber, totalLen uint16) uint16 {
 	return header.PseudoHeaderChecksum(protocol, r.LocalAddress(), r.RemoteAddress(), totalLen)
 }

 // RequiresTXTransportChecksum returns false if the route does not require
 // transport checksums to be populated.
 func (r *Route) RequiresTXTransportChecksum() bool {
 	if r.local() {
 		return false
 	}
 	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityTXChecksumOffload == 0
 }

 // HasSoftwareGSOCapability returns true if the route supports software GSO.
 func (r *Route) HasSoftwareGSOCapability() bool {
 	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilitySoftwareGSO != 0
 }

 // HasHardwareGSOCapability returns true if the route supports hardware GSO.
 func (r *Route) HasHardwareGSOCapability() bool {
 	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityHardwareGSO != 0
 }

 // HasSaveRestoreCapability returns true if the route supports save/restore.
 func (r *Route) HasSaveRestoreCapability() bool {
 	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilitySaveRestore != 0
 }

 // HasDisconncetOkCapability returns true if the route supports disconnecting.
 func (r *Route) HasDisconncetOkCapability() bool {
 	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityDisconnectOk != 0
 }

 // GSOMaxSize returns the maximum GSO packet size.
 func (r *Route) GSOMaxSize() uint32 {
 	if gso, ok := r.outgoingNIC.LinkEndpoint.(GSOEndpoint); ok {
 		return gso.GSOMaxSize()
 	}
 	return 0
 }

 // ResolveWith immediately resolves a route with the specified remote link
 // address.
 func (r *Route) ResolveWith(addr tcpip.LinkAddress) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 	r.mu.remoteLinkAddress = addr
 }

 // ResolvedFieldsResult is the result of a route resolution attempt.
 type ResolvedFieldsResult struct {
 	RouteInfo RouteInfo
 	Err       tcpip.Error
 }

 // ResolvedFields attempts to resolve the remote link address if it is not
 // known.
 //
 // If a callback is provided, it will be called before ResolvedFields returns
 // when address resolution is not required. If address resolution is required,
 // the callback will be called once address resolution is complete, regardless
 // of success or failure.
 //
 // Note, the route will not cache the remote link address when address
 // resolution completes.
 func (r *Route) ResolvedFields(afterResolve func(ResolvedFieldsResult)) tcpip.Error {
 	_, _, err := r.resolvedFields(afterResolve)
 	return err
 }

 // resolvedFields is like ResolvedFields but also returns a notification channel
 // when address resolution is required. This channel will become readable once
 // address resolution is complete.
 //
 // The route's fields will also be returned, regardless of whether address
 // resolution is required or not.
 func (r *Route) resolvedFields(afterResolve func(ResolvedFieldsResult)) (RouteInfo, <-chan struct{}, tcpip.Error) {
 	r.mu.RLock()
 	fields := r.fieldsLocked()
 	resolutionRequired := r.isResolutionRequiredRLocked()
 	r.mu.RUnlock()
 	if !resolutionRequired {
 		if afterResolve != nil {
 			afterResolve(ResolvedFieldsResult{RouteInfo: fields, Err: nil})
 		}
 		return fields, nil, nil
 	}

 	// If specified, the local address used for link address resolution must be an
 	// address on the outgoing interface.
 	var linkAddressResolutionRequestLocalAddr tcpip.Address
 	if r.localAddressNIC == r.outgoingNIC {
 		linkAddressResolutionRequestLocalAddr = r.LocalAddress()
 	}

 	afterResolveFields := fields
 	linkAddr, ch, err := r.linkRes.getNeighborLinkAddress(r.nextHop(), linkAddressResolutionRequestLocalAddr, func(r LinkResolutionResult) {
 		if afterResolve != nil {
 			if r.Err == nil {
 				afterResolveFields.RemoteLinkAddress = r.LinkAddress
 			}

 			afterResolve(ResolvedFieldsResult{RouteInfo: afterResolveFields, Err: r.Err})
 		}
 	})
 	if err == nil {
 		fields.RemoteLinkAddress = linkAddr
 	}
 	return fields, ch, err
 }

 func (r *Route) nextHop() tcpip.Address {
 	if len(r.NextHop()) == 0 {
 		return r.RemoteAddress()
 	}
 	return r.NextHop()
 }

 // local returns true if the route is a local route.
 func (r *Route) local() bool {
 	return r.Loop() == PacketLoop || r.outgoingNIC.IsLoopback()
 }

 // IsResolutionRequired returns true if Resolve() must be called to resolve
 // the link address before the route can be written to.
 //
 // The NICs the route is associated with must not be locked.
 func (r *Route) IsResolutionRequired() bool {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	return r.isResolutionRequiredRLocked()
 }

 func (r *Route) isResolutionRequiredRLocked() bool {
 	return len(r.mu.remoteLinkAddress) == 0 && r.linkRes != nil && r.isValidForOutgoingRLocked() && !r.local()
 }

 func (r *Route) isValidForOutgoing() bool {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	return r.isValidForOutgoingRLocked()
 }

 func (r *Route) isValidForOutgoingRLocked() bool {
 	if !r.outgoingNIC.Enabled() {
 		return false
 	}

 	localAddressEndpoint := r.mu.localAddressEndpoint
 	if localAddressEndpoint == nil || !r.localAddressNIC.isValidForOutgoing(localAddressEndpoint) {
 		return false
 	}

 	// If the source NIC and outgoing NIC are different, make sure the stack has
 	// forwarding enabled, or the packet will be handled locally.
 	if r.outgoingNIC != r.localAddressNIC && !r.outgoingNIC.stack.Forwarding(r.NetProto()) && (!r.outgoingNIC.stack.handleLocal || !r.outgoingNIC.hasAddress(r.NetProto(), r.RemoteAddress())) {
 		return false
 	}

 	return true
 }

 // WritePacket writes the packet through the given route.
 func (r *Route) WritePacket(gso *GSO, params NetworkHeaderParams, pkt *PacketBuffer) tcpip.Error {
 	if !r.isValidForOutgoing() {
 		return &tcpip.ErrInvalidEndpointState{}
 	}

 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WritePacket(r, gso, params, pkt)
 }

 // WritePackets writes a list of n packets through the given route and returns
 // the number of packets written.
 func (r *Route) WritePackets(gso *GSO, pkts PacketBufferList, params NetworkHeaderParams) (int, tcpip.Error) {
 	if !r.isValidForOutgoing() {
 		return 0, &tcpip.ErrInvalidEndpointState{}
 	}

 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WritePackets(r, gso, pkts, params)
 }

 // WriteHeaderIncludedPacket writes a packet already containing a network
 // header through the given route.
 func (r *Route) WriteHeaderIncludedPacket(pkt *PacketBuffer) tcpip.Error {
 	if !r.isValidForOutgoing() {
 		return &tcpip.ErrInvalidEndpointState{}
 	}

 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WriteHeaderIncludedPacket(r, pkt)
 }

 // DefaultTTL returns the default TTL of the underlying network endpoint.
 func (r *Route) DefaultTTL() uint8 {
 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).DefaultTTL()
 }

 // MTU returns the MTU of the underlying network endpoint.
 func (r *Route) MTU() uint32 {
 	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).MTU()
 }

 // Release decrements the reference counter of the resources associated with the
 // route.
 func (r *Route) Release() {
 	r.mu.Lock()
 	defer r.mu.Unlock()

 	if ep := r.mu.localAddressEndpoint; ep != nil {
 		ep.DecRef()
 	}
 }

 // Acquire increments the reference counter of the resources associated with the
 // route.
 func (r *Route) Acquire() {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	r.acquireLocked()
 }

 func (r *Route) acquireLocked() {
 	if ep := r.mu.localAddressEndpoint; ep != nil {
 		if !ep.IncRef() {
 			panic(fmt.Sprintf("failed to increment reference count for local address endpoint = %s", r.LocalAddress()))
 		}
 	}
 }

 // Stack returns the instance of the Stack that owns this route.
 func (r *Route) Stack() *Stack {
 	return r.outgoingNIC.stack
 }

 func (r *Route) isV4Broadcast(addr tcpip.Address) bool {
 	if addr == header.IPv4Broadcast {
 		return true
 	}

 	r.mu.RLock()
 	localAddressEndpoint := r.mu.localAddressEndpoint
 	r.mu.RUnlock()
 	if localAddressEndpoint == nil {
 		return false
 	}

 	subnet := localAddressEndpoint.Subnet()
 	return subnet.IsBroadcast(addr)
 }

 // IsOutboundBroadcast returns true if the route is for an outbound broadcast
 // packet.
 func (r *Route) IsOutboundBroadcast() bool {
 	// Only IPv4 has a notion of broadcast.
 	return r.isV4Broadcast(r.RemoteAddress())
 }

 // ConfirmReachable informs the network/link layer that the neighbour used for
 // the route is reachable.
 //
 // "Reachable" is defined as having full-duplex communication between the
 // local and remote ends of the route.
 func (r *Route) ConfirmReachable() {
 	if r.linkRes != nil {
 		r.linkRes.confirmReachable(r.nextHop())
 	}
 }
	// Copyright 2018 The gVisor Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package stack

	import (
	"fmt"

	"gvisor.dev/gvisor/pkg/sync"
	"gvisor.dev/gvisor/pkg/tcpip"
	"gvisor.dev/gvisor/pkg/tcpip/header"
	)

	// Route represents a route through the networking stack to a given destination.
	//
	// It is safe to call Route's methods from multiple goroutines.
	type Route struct {
	routeInfo routeInfo

	// localAddressNIC is the interface the address is associated with.
	// TODO(gvisor.dev/issue/4548): Remove this field once we can query the
	// address's assigned status without the NIC.
	localAddressNIC *nic

	mu struct {
	sync.RWMutex

	// localAddressEndpoint is the local address this route is associated with.
	localAddressEndpoint AssignableAddressEndpoint

	// remoteLinkAddress is the link-layer (MAC) address of the next hop in the
	// route.
	remoteLinkAddress tcpip.LinkAddress
	}

	// outgoingNIC is the interface this route uses to write packets.
	outgoingNIC *nic

	// linkRes is set if link address resolution is enabled for this protocol on
	// the route's NIC.
	linkRes *linkResolver
	}

	type routeInfo struct {
	RemoteAddress tcpip.Address

	LocalAddress tcpip.Address

	LocalLinkAddress tcpip.LinkAddress

	NextHop tcpip.Address

	NetProto tcpip.NetworkProtocolNumber

	Loop PacketLooping
	}

	// RemoteAddress returns the route's destination.
	func (r *Route) RemoteAddress() tcpip.Address {
	return r.routeInfo.RemoteAddress
	}

	// LocalAddress returns the route's local address.
	func (r *Route) LocalAddress() tcpip.Address {
	return r.routeInfo.LocalAddress
	}

	// LocalLinkAddress returns the route's local link-layer address.
	func (r *Route) LocalLinkAddress() tcpip.LinkAddress {
	return r.routeInfo.LocalLinkAddress
	}

	// NextHop returns the next node in the route's path to the destination.
	func (r *Route) NextHop() tcpip.Address {
	return r.routeInfo.NextHop
	}

	// NetProto returns the route's network-layer protocol number.
	func (r *Route) NetProto() tcpip.NetworkProtocolNumber {
	return r.routeInfo.NetProto
	}

	// Loop returns the route's required packet looping.
	func (r *Route) Loop() PacketLooping {
	return r.routeInfo.Loop
	}

	// RouteInfo contains all of Route's exported fields.
	type RouteInfo struct {
	routeInfo

	// RemoteLinkAddress is the link-layer (MAC) address of the next hop in the
	// route.
	RemoteLinkAddress tcpip.LinkAddress
	}

	// Fields returns a RouteInfo with all of the known values for the route's
	// fields.
	//
	// If any fields are unknown (e.g. remote link address when it is waiting for
	// link address resolution), they will be unset.
	func (r *Route) Fields() RouteInfo {
	r.mu.RLock()
	defer r.mu.RUnlock()
	return r.fieldsLocked()
	}

	func (r *Route) fieldsLocked() RouteInfo {
	return RouteInfo{
	routeInfo: r.routeInfo,
	RemoteLinkAddress: r.mu.remoteLinkAddress,
	}
	}

	// constructAndValidateRoute validates and initializes a route. It takes
	// ownership of the provided local address.
	//
	// Returns an empty route if validation fails.
	func constructAndValidateRoute(netProto tcpip.NetworkProtocolNumber, addressEndpoint AssignableAddressEndpoint, localAddressNIC, outgoingNIC nic, gateway, localAddr, remoteAddr tcpip.Address, handleLocal, multicastLoop bool) Route {
	if len(localAddr) == 0 {
	localAddr = addressEndpoint.AddressWithPrefix().Address
	}

	if localAddressNIC != outgoingNIC && header.IsV6LinkLocalAddress(localAddr) {
	addressEndpoint.DecRef()
	return nil
	}

	// If no remote address is provided, use the local address.
	if len(remoteAddr) == 0 {
	remoteAddr = localAddr
	}

	r := makeRoute(
	netProto,
	gateway,
	localAddr,
	remoteAddr,
	outgoingNIC,
	localAddressNIC,
	addressEndpoint,
	handleLocal,
	multicastLoop,
	)

	return r
	}

	// makeRoute initializes a new route. It takes ownership of the provided
	// AssignableAddressEndpoint.
	func makeRoute(netProto tcpip.NetworkProtocolNumber, gateway, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC nic, localAddressEndpoint AssignableAddressEndpoint, handleLocal, multicastLoop bool) Route {
	if localAddressNIC.stack != outgoingNIC.stack {
	panic(fmt.Sprintf("cannot create a route with NICs from different stacks"))
	}

	if len(localAddr) == 0 {
	localAddr = localAddressEndpoint.AddressWithPrefix().Address
	}

	loop := PacketOut

	// TODO(gvisor.dev/issue/4689): Loopback interface loops back packets at the
	// link endpoint level. We can remove this check once loopback interfaces
	// loop back packets at the network layer.
	if !outgoingNIC.IsLoopback() {
	if handleLocal && localAddr != "" && remoteAddr == localAddr {
	loop = PacketLoop
	} else if multicastLoop && (header.IsV4MulticastAddress(remoteAddr) \|\| header.IsV6MulticastAddress(remoteAddr)) {
	loop \|= PacketLoop
	} else if remoteAddr == header.IPv4Broadcast {
	loop \|= PacketLoop
	} else if subnet := localAddressEndpoint.AddressWithPrefix().Subnet(); subnet.IsBroadcast(remoteAddr) {
	loop \|= PacketLoop
	}
	}

	r := makeRouteInner(netProto, localAddr, remoteAddr, outgoingNIC, localAddressNIC, localAddressEndpoint, loop)
	if r.Loop()&PacketOut == 0 {
	// Packet will not leave the stack, no need for a gateway or a remote link
	// address.
	return r
	}

	if r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityResolutionRequired != 0 {
	if linkRes, ok := r.outgoingNIC.linkAddrResolvers[r.NetProto()]; ok {
	r.linkRes = linkRes
	}
	}

	if len(gateway) > 0 {
	r.routeInfo.NextHop = gateway
	return r
	}

	if r.linkRes == nil {
	return r
	}

	if linkAddr, ok := r.linkRes.resolver.ResolveStaticAddress(r.RemoteAddress()); ok {
	r.ResolveWith(linkAddr)
	return r
	}

	if subnet := localAddressEndpoint.Subnet(); subnet.IsBroadcast(remoteAddr) {
	r.ResolveWith(header.EthernetBroadcastAddress)
	return r
	}

	if r.RemoteAddress() == r.LocalAddress() {
	// Local link address is already known.
	r.ResolveWith(r.LocalLinkAddress())
	}

	return r
	}

	func makeRouteInner(netProto tcpip.NetworkProtocolNumber, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC nic, localAddressEndpoint AssignableAddressEndpoint, loop PacketLooping) Route {
	r := &Route{
	routeInfo: routeInfo{
	NetProto: netProto,
	LocalAddress: localAddr,
	LocalLinkAddress: outgoingNIC.LinkEndpoint.LinkAddress(),
	RemoteAddress: remoteAddr,
	Loop: loop,
	},
	localAddressNIC: localAddressNIC,
	outgoingNIC: outgoingNIC,
	}

	r.mu.Lock()
	r.mu.localAddressEndpoint = localAddressEndpoint
	r.mu.Unlock()

	return r
	}

	// makeLocalRoute initializes a new local route. It takes ownership of the
	// provided AssignableAddressEndpoint.
	//
	// A local route is a route to a destination that is local to the stack.
	func makeLocalRoute(netProto tcpip.NetworkProtocolNumber, localAddr, remoteAddr tcpip.Address, outgoingNIC, localAddressNIC nic, localAddressEndpoint AssignableAddressEndpoint) Route {
	loop := PacketLoop
	// TODO(gvisor.dev/issue/4689): Loopback interface loops back packets at the
	// link endpoint level. We can remove this check once loopback interfaces
	// loop back packets at the network layer.
	if outgoingNIC.IsLoopback() {
	loop = PacketOut
	}
	return makeRouteInner(netProto, localAddr, remoteAddr, outgoingNIC, localAddressNIC, localAddressEndpoint, loop)
	}

	// RemoteLinkAddress returns the link-layer (MAC) address of the next hop in
	// the route.
	func (r *Route) RemoteLinkAddress() tcpip.LinkAddress {
	r.mu.RLock()
	defer r.mu.RUnlock()
	return r.mu.remoteLinkAddress
	}

	// NICID returns the id of the NIC from which this route originates.
	func (r *Route) NICID() tcpip.NICID {
	return r.outgoingNIC.ID()
	}

	// MaxHeaderLength forwards the call to the network endpoint's implementation.
	func (r *Route) MaxHeaderLength() uint16 {
	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).MaxHeaderLength()
	}

	// Stats returns a mutable copy of current stats.
	func (r *Route) Stats() tcpip.Stats {
	return r.outgoingNIC.stack.Stats()
	}

	// PseudoHeaderChecksum forwards the call to the network endpoint's
	// implementation.
	func (r *Route) PseudoHeaderChecksum(protocol tcpip.TransportProtocolNumber, totalLen uint16) uint16 {
	return header.PseudoHeaderChecksum(protocol, r.LocalAddress(), r.RemoteAddress(), totalLen)
	}

	// RequiresTXTransportChecksum returns false if the route does not require
	// transport checksums to be populated.
	func (r *Route) RequiresTXTransportChecksum() bool {
	if r.local() {
	return false
	}
	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityTXChecksumOffload == 0
	}

	// HasSoftwareGSOCapability returns true if the route supports software GSO.
	func (r *Route) HasSoftwareGSOCapability() bool {
	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilitySoftwareGSO != 0
	}

	// HasHardwareGSOCapability returns true if the route supports hardware GSO.
	func (r *Route) HasHardwareGSOCapability() bool {
	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityHardwareGSO != 0
	}

	// HasSaveRestoreCapability returns true if the route supports save/restore.
	func (r *Route) HasSaveRestoreCapability() bool {
	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilitySaveRestore != 0
	}

	// HasDisconncetOkCapability returns true if the route supports disconnecting.
	func (r *Route) HasDisconncetOkCapability() bool {
	return r.outgoingNIC.LinkEndpoint.Capabilities()&CapabilityDisconnectOk != 0
	}

	// GSOMaxSize returns the maximum GSO packet size.
	func (r *Route) GSOMaxSize() uint32 {
	if gso, ok := r.outgoingNIC.LinkEndpoint.(GSOEndpoint); ok {
	return gso.GSOMaxSize()
	}
	return 0
	}

	// ResolveWith immediately resolves a route with the specified remote link
	// address.
	func (r *Route) ResolveWith(addr tcpip.LinkAddress) {
	r.mu.Lock()
	defer r.mu.Unlock()
	r.mu.remoteLinkAddress = addr
	}

	// ResolvedFieldsResult is the result of a route resolution attempt.
	type ResolvedFieldsResult struct {
	RouteInfo RouteInfo
	Err tcpip.Error
	}

	// ResolvedFields attempts to resolve the remote link address if it is not
	// known.
	//
	// If a callback is provided, it will be called before ResolvedFields returns
	// when address resolution is not required. If address resolution is required,
	// the callback will be called once address resolution is complete, regardless
	// of success or failure.
	//
	// Note, the route will not cache the remote link address when address
	// resolution completes.
	func (r *Route) ResolvedFields(afterResolve func(ResolvedFieldsResult)) tcpip.Error {
	_, _, err := r.resolvedFields(afterResolve)
	return err
	}

	// resolvedFields is like ResolvedFields but also returns a notification channel
	// when address resolution is required. This channel will become readable once
	// address resolution is complete.
	//
	// The route's fields will also be returned, regardless of whether address
	// resolution is required or not.
	func (r *Route) resolvedFields(afterResolve func(ResolvedFieldsResult)) (RouteInfo, <-chan struct{}, tcpip.Error) {
	r.mu.RLock()
	fields := r.fieldsLocked()
	resolutionRequired := r.isResolutionRequiredRLocked()
	r.mu.RUnlock()
	if !resolutionRequired {
	if afterResolve != nil {
	afterResolve(ResolvedFieldsResult{RouteInfo: fields, Err: nil})
	}
	return fields, nil, nil
	}

	// If specified, the local address used for link address resolution must be an
	// address on the outgoing interface.
	var linkAddressResolutionRequestLocalAddr tcpip.Address
	if r.localAddressNIC == r.outgoingNIC {
	linkAddressResolutionRequestLocalAddr = r.LocalAddress()
	}

	afterResolveFields := fields
	linkAddr, ch, err := r.linkRes.getNeighborLinkAddress(r.nextHop(), linkAddressResolutionRequestLocalAddr, func(r LinkResolutionResult) {
	if afterResolve != nil {
	if r.Err == nil {
	afterResolveFields.RemoteLinkAddress = r.LinkAddress
	}

	afterResolve(ResolvedFieldsResult{RouteInfo: afterResolveFields, Err: r.Err})
	}
	})
	if err == nil {
	fields.RemoteLinkAddress = linkAddr
	}
	return fields, ch, err
	}

	func (r *Route) nextHop() tcpip.Address {
	if len(r.NextHop()) == 0 {
	return r.RemoteAddress()
	}
	return r.NextHop()
	}

	// local returns true if the route is a local route.
	func (r *Route) local() bool {
	return r.Loop() == PacketLoop \|\| r.outgoingNIC.IsLoopback()
	}

	// IsResolutionRequired returns true if Resolve() must be called to resolve
	// the link address before the route can be written to.
	//
	// The NICs the route is associated with must not be locked.
	func (r *Route) IsResolutionRequired() bool {
	r.mu.RLock()
	defer r.mu.RUnlock()
	return r.isResolutionRequiredRLocked()
	}

	func (r *Route) isResolutionRequiredRLocked() bool {
	return len(r.mu.remoteLinkAddress) == 0 && r.linkRes != nil && r.isValidForOutgoingRLocked() && !r.local()
	}

	func (r *Route) isValidForOutgoing() bool {
	r.mu.RLock()
	defer r.mu.RUnlock()
	return r.isValidForOutgoingRLocked()
	}

	func (r *Route) isValidForOutgoingRLocked() bool {
	if !r.outgoingNIC.Enabled() {
	return false
	}

	localAddressEndpoint := r.mu.localAddressEndpoint
	if localAddressEndpoint == nil \|\| !r.localAddressNIC.isValidForOutgoing(localAddressEndpoint) {
	return false
	}

	// If the source NIC and outgoing NIC are different, make sure the stack has
	// forwarding enabled, or the packet will be handled locally.
	if r.outgoingNIC != r.localAddressNIC && !r.outgoingNIC.stack.Forwarding(r.NetProto()) && (!r.outgoingNIC.stack.handleLocal \|\| !r.outgoingNIC.hasAddress(r.NetProto(), r.RemoteAddress())) {
	return false
	}

	return true
	}

	// WritePacket writes the packet through the given route.
	func (r Route) WritePacket(gso GSO, params NetworkHeaderParams, pkt *PacketBuffer) tcpip.Error {
	if !r.isValidForOutgoing() {
	return &tcpip.ErrInvalidEndpointState{}
	}

	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WritePacket(r, gso, params, pkt)
	}

	// WritePackets writes a list of n packets through the given route and returns
	// the number of packets written.
	func (r Route) WritePackets(gso GSO, pkts PacketBufferList, params NetworkHeaderParams) (int, tcpip.Error) {
	if !r.isValidForOutgoing() {
	return 0, &tcpip.ErrInvalidEndpointState{}
	}

	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WritePackets(r, gso, pkts, params)
	}

	// WriteHeaderIncludedPacket writes a packet already containing a network
	// header through the given route.
	func (r Route) WriteHeaderIncludedPacket(pkt PacketBuffer) tcpip.Error {
	if !r.isValidForOutgoing() {
	return &tcpip.ErrInvalidEndpointState{}
	}

	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).WriteHeaderIncludedPacket(r, pkt)
	}

	// DefaultTTL returns the default TTL of the underlying network endpoint.
	func (r *Route) DefaultTTL() uint8 {
	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).DefaultTTL()
	}

	// MTU returns the MTU of the underlying network endpoint.
	func (r *Route) MTU() uint32 {
	return r.outgoingNIC.getNetworkEndpoint(r.NetProto()).MTU()
	}

	// Release decrements the reference counter of the resources associated with the
	// route.
	func (r *Route) Release() {
	r.mu.Lock()
	defer r.mu.Unlock()

	if ep := r.mu.localAddressEndpoint; ep != nil {
	ep.DecRef()
	}
	}

	// Acquire increments the reference counter of the resources associated with the
	// route.
	func (r *Route) Acquire() {
	r.mu.RLock()
	defer r.mu.RUnlock()
	r.acquireLocked()
	}

	func (r *Route) acquireLocked() {
	if ep := r.mu.localAddressEndpoint; ep != nil {
	if !ep.IncRef() {
	panic(fmt.Sprintf("failed to increment reference count for local address endpoint = %s", r.LocalAddress()))
	}
	}
	}

	// Stack returns the instance of the Stack that owns this route.
	func (r Route) Stack() Stack {
	return r.outgoingNIC.stack
	}

	func (r *Route) isV4Broadcast(addr tcpip.Address) bool {
	if addr == header.IPv4Broadcast {
	return true
	}

	r.mu.RLock()
	localAddressEndpoint := r.mu.localAddressEndpoint
	r.mu.RUnlock()
	if localAddressEndpoint == nil {
	return false
	}

	subnet := localAddressEndpoint.Subnet()
	return subnet.IsBroadcast(addr)
	}

	// IsOutboundBroadcast returns true if the route is for an outbound broadcast
	// packet.
	func (r *Route) IsOutboundBroadcast() bool {
	// Only IPv4 has a notion of broadcast.
	return r.isV4Broadcast(r.RemoteAddress())
	}

	// ConfirmReachable informs the network/link layer that the neighbour used for
	// the route is reachable.
	//
	// "Reachable" is defined as having full-duplex communication between the
	// local and remote ends of the route.
	func (r *Route) ConfirmReachable() {
	if r.linkRes != nil {
	r.linkRes.confirmReachable(r.nextHop())
	}
	}