提交 b0c110ca 编写于 作者: J jamal 提交者: David S. Miller

net: Fix RPF to work with policy routing

Policy routing is not looked up by mark on reverse path filtering.
This fixes it.
Signed-off-by: NJamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 14d18a81
...@@ -210,7 +210,8 @@ extern struct fib_table *fib_get_table(struct net *net, u32 id); ...@@ -210,7 +210,8 @@ extern struct fib_table *fib_get_table(struct net *net, u32 id);
extern const struct nla_policy rtm_ipv4_policy[]; extern const struct nla_policy rtm_ipv4_policy[];
extern void ip_fib_init(void); extern void ip_fib_init(void);
extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
struct net_device *dev, __be32 *spec_dst, u32 *itag); struct net_device *dev, __be32 *spec_dst,
u32 *itag, u32 mark);
extern void fib_select_default(struct net *net, const struct flowi *flp, extern void fib_select_default(struct net *net, const struct flowi *flp,
struct fib_result *res); struct fib_result *res);
......
...@@ -229,14 +229,17 @@ unsigned int inet_dev_addr_type(struct net *net, const struct net_device *dev, ...@@ -229,14 +229,17 @@ unsigned int inet_dev_addr_type(struct net *net, const struct net_device *dev,
*/ */
int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
struct net_device *dev, __be32 *spec_dst, u32 *itag) struct net_device *dev, __be32 *spec_dst,
u32 *itag, u32 mark)
{ {
struct in_device *in_dev; struct in_device *in_dev;
struct flowi fl = { .nl_u = { .ip4_u = struct flowi fl = { .nl_u = { .ip4_u =
{ .daddr = src, { .daddr = src,
.saddr = dst, .saddr = dst,
.tos = tos } }, .tos = tos } },
.mark = mark,
.iif = oif }; .iif = oif };
struct fib_result res; struct fib_result res;
int no_addr, rpf; int no_addr, rpf;
int ret; int ret;
......
...@@ -1854,7 +1854,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, ...@@ -1854,7 +1854,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
goto e_inval; goto e_inval;
spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
} else if (fib_validate_source(saddr, 0, tos, 0, } else if (fib_validate_source(saddr, 0, tos, 0,
dev, &spec_dst, &itag) < 0) dev, &spec_dst, &itag, 0) < 0)
goto e_inval; goto e_inval;
rth = dst_alloc(&ipv4_dst_ops); rth = dst_alloc(&ipv4_dst_ops);
...@@ -1967,7 +1967,7 @@ static int __mkroute_input(struct sk_buff *skb, ...@@ -1967,7 +1967,7 @@ static int __mkroute_input(struct sk_buff *skb,
err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res), err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res),
in_dev->dev, &spec_dst, &itag); in_dev->dev, &spec_dst, &itag, skb->mark);
if (err < 0) { if (err < 0) {
ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
saddr); saddr);
...@@ -2141,7 +2141,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, ...@@ -2141,7 +2141,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
int result; int result;
result = fib_validate_source(saddr, daddr, tos, result = fib_validate_source(saddr, daddr, tos,
net->loopback_dev->ifindex, net->loopback_dev->ifindex,
dev, &spec_dst, &itag); dev, &spec_dst, &itag, skb->mark);
if (result < 0) if (result < 0)
goto martian_source; goto martian_source;
if (result) if (result)
...@@ -2170,7 +2170,7 @@ out: return err; ...@@ -2170,7 +2170,7 @@ out: return err;
spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
else { else {
err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst, err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst,
&itag); &itag, skb->mark);
if (err < 0) if (err < 0)
goto martian_source; goto martian_source;
if (err) if (err)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册