提交 0315e382 编写于 作者: N Nikola Forró 提交者: David S. Miller

net: Fix behaviour of unreachable, blackhole and prohibit routes

Man page of ip-route(8) says following about route types:

  unreachable - these destinations are unreachable.  Packets are dis‐
  carded and the ICMP message host unreachable is generated.  The local
  senders get an EHOSTUNREACH error.

  blackhole - these destinations are unreachable.  Packets are dis‐
  carded silently.  The local senders get an EINVAL error.

  prohibit - these destinations are unreachable.  Packets are discarded
  and the ICMP message communication administratively prohibited is
  generated.  The local senders get an EACCES error.

In the inet6 address family, this was correct, except the local senders
got ENETUNREACH error instead of EHOSTUNREACH in case of unreachable route.
In the inet address family, all three route types generated ICMP message
net unreachable, and the local senders got ENETUNREACH error.

In both address families all three route types now behave consistently
with documentation.
Signed-off-by: NNikola Forró <nforro@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 ba5ca784
...@@ -236,8 +236,11 @@ static inline int fib_lookup(struct net *net, const struct flowi4 *flp, ...@@ -236,8 +236,11 @@ static inline int fib_lookup(struct net *net, const struct flowi4 *flp,
rcu_read_lock(); rcu_read_lock();
tb = fib_get_table(net, RT_TABLE_MAIN); tb = fib_get_table(net, RT_TABLE_MAIN);
if (tb && !fib_table_lookup(tb, flp, res, flags | FIB_LOOKUP_NOREF)) if (tb)
err = 0; err = fib_table_lookup(tb, flp, res, flags | FIB_LOOKUP_NOREF);
if (err == -EAGAIN)
err = -ENETUNREACH;
rcu_read_unlock(); rcu_read_unlock();
...@@ -258,7 +261,7 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp, ...@@ -258,7 +261,7 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp,
struct fib_result *res, unsigned int flags) struct fib_result *res, unsigned int flags)
{ {
struct fib_table *tb; struct fib_table *tb;
int err; int err = -ENETUNREACH;
flags |= FIB_LOOKUP_NOREF; flags |= FIB_LOOKUP_NOREF;
if (net->ipv4.fib_has_custom_rules) if (net->ipv4.fib_has_custom_rules)
...@@ -268,15 +271,20 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp, ...@@ -268,15 +271,20 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp,
res->tclassid = 0; res->tclassid = 0;
for (err = 0; !err; err = -ENETUNREACH) { tb = rcu_dereference_rtnl(net->ipv4.fib_main);
tb = rcu_dereference_rtnl(net->ipv4.fib_main); if (tb)
if (tb && !fib_table_lookup(tb, flp, res, flags)) err = fib_table_lookup(tb, flp, res, flags);
break;
if (!err)
goto out;
tb = rcu_dereference_rtnl(net->ipv4.fib_default);
if (tb)
err = fib_table_lookup(tb, flp, res, flags);
tb = rcu_dereference_rtnl(net->ipv4.fib_default); out:
if (tb && !fib_table_lookup(tb, flp, res, flags)) if (err == -EAGAIN)
break; err = -ENETUNREACH;
}
rcu_read_unlock(); rcu_read_unlock();
......
...@@ -2045,6 +2045,7 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4) ...@@ -2045,6 +2045,7 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
struct fib_result res; struct fib_result res;
struct rtable *rth; struct rtable *rth;
int orig_oif; int orig_oif;
int err = -ENETUNREACH;
res.tclassid = 0; res.tclassid = 0;
res.fi = NULL; res.fi = NULL;
...@@ -2153,7 +2154,8 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4) ...@@ -2153,7 +2154,8 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
goto make_route; goto make_route;
} }
if (fib_lookup(net, fl4, &res, 0)) { err = fib_lookup(net, fl4, &res, 0);
if (err) {
res.fi = NULL; res.fi = NULL;
res.table = NULL; res.table = NULL;
if (fl4->flowi4_oif) { if (fl4->flowi4_oif) {
...@@ -2181,7 +2183,7 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4) ...@@ -2181,7 +2183,7 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4)
res.type = RTN_UNICAST; res.type = RTN_UNICAST;
goto make_route; goto make_route;
} }
rth = ERR_PTR(-ENETUNREACH); rth = ERR_PTR(err);
goto out; goto out;
} }
......
...@@ -1885,9 +1885,11 @@ int ip6_route_info_create(struct fib6_config *cfg, struct rt6_info **rt_ret) ...@@ -1885,9 +1885,11 @@ int ip6_route_info_create(struct fib6_config *cfg, struct rt6_info **rt_ret)
rt->dst.input = ip6_pkt_prohibit; rt->dst.input = ip6_pkt_prohibit;
break; break;
case RTN_THROW: case RTN_THROW:
case RTN_UNREACHABLE:
default: default:
rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN
: -ENETUNREACH; : (cfg->fc_type == RTN_UNREACHABLE)
? -EHOSTUNREACH : -ENETUNREACH;
rt->dst.output = ip6_pkt_discard_out; rt->dst.output = ip6_pkt_discard_out;
rt->dst.input = ip6_pkt_discard; rt->dst.input = ip6_pkt_discard;
break; break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册