1. 25 4月, 2016 1 次提交
  2. 23 3月, 2016 1 次提交
  3. 14 3月, 2016 1 次提交
  4. 14 12月, 2015 1 次提交
  5. 02 11月, 2015 1 次提交
    • J
      ipv4: fix to not remove local route on link down · 4f823def
      Julian Anastasov 提交于
      When fib_netdev_event calls fib_disable_ip on NETDEV_DOWN event
      we should not delete the local routes if the local address
      is still present. The confusion comes from the fact that both
      fib_netdev_event and fib_inetaddr_event use the NETDEV_DOWN
      constant. Fix it by returning back the variable 'force'.
      
      Steps to reproduce:
      modprobe dummy
      ifconfig dummy0 192.168.168.1 up
      ifconfig dummy0 down
      ip route list table local | grep dummy | grep host
      local 192.168.168.1 dev dummy0  proto kernel  scope host  src 192.168.168.1
      
      Fixes: 8a3d0316 ("net: track link-status of ipv4 nexthops")
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4f823def
  6. 23 10月, 2015 1 次提交
    • P
      ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address · 7b131180
      Paolo Abeni 提交于
      Currently adding a new ipv4 address always cause the creation of the
      related network route, with default metric. When a host has multiple
      interfaces on the same network, multiple routes with the same metric
      are created.
      
      If the userspace wants to set specific metric on each routes, i.e.
      giving better metric to ethernet links in respect to Wi-Fi ones,
      the network routes must be deleted and recreated, which is error-prone.
      
      This patch implements the support for IFA_F_NOPREFIXROUTE for ipv4
      address. When an address is added with such flag set, no associated
      network route is created, no network route is deleted when
      said IP is gone and it's up to the user space manage such route.
      Signed-off-by: NPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7b131180
  7. 30 9月, 2015 3 次提交
  8. 02 9月, 2015 1 次提交
  9. 30 8月, 2015 1 次提交
  10. 14 8月, 2015 4 次提交
  11. 22 7月, 2015 2 次提交
  12. 24 6月, 2015 2 次提交
    • A
      net: ipv4 sysctl option to ignore routes when nexthop link is down · 0eeb075f
      Andy Gospodarek 提交于
      This feature is only enabled with the new per-interface or ipv4 global
      sysctls called 'ignore_routes_with_linkdown'.
      
      net.ipv4.conf.all.ignore_routes_with_linkdown = 0
      net.ipv4.conf.default.ignore_routes_with_linkdown = 0
      net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
      ...
      
      When the above sysctls are set, will report to userspace that a route is
      dead and will no longer resolve to this nexthop when performing a fib
      lookup.  This will signal to userspace that the route will not be
      selected.  The signalling of a RTNH_F_DEAD is only passed to userspace
      if the sysctl is enabled and link is down.  This was done as without it
      the netlink listeners would have no idea whether or not a nexthop would
      be selected.   The kernel only sets RTNH_F_DEAD internally if the
      interface has IFF_UP cleared.
      
      With the new sysctl set, the following behavior can be observed
      (interface p8p1 is link-down):
      
      default via 10.0.5.2 dev p9p1
      10.0.5.0/24 dev p9p1  proto kernel  scope link  src 10.0.5.15
      70.0.0.0/24 dev p7p1  proto kernel  scope link  src 70.0.0.1
      80.0.0.0/24 dev p8p1  proto kernel  scope link  src 80.0.0.1 dead linkdown
      90.0.0.0/24 via 80.0.0.2 dev p8p1  metric 1 dead linkdown
      90.0.0.0/24 via 70.0.0.2 dev p7p1  metric 2
      90.0.0.1 via 70.0.0.2 dev p7p1  src 70.0.0.1
          cache
      local 80.0.0.1 dev lo  src 80.0.0.1
          cache <local>
      80.0.0.2 via 10.0.5.2 dev p9p1  src 10.0.5.15
          cache
      
      While the route does remain in the table (so it can be modified if
      needed rather than being wiped away as it would be if IFF_UP was
      cleared), the proper next-hop is chosen automatically when the link is
      down.  Now interface p8p1 is linked-up:
      
      default via 10.0.5.2 dev p9p1
      10.0.5.0/24 dev p9p1  proto kernel  scope link  src 10.0.5.15
      70.0.0.0/24 dev p7p1  proto kernel  scope link  src 70.0.0.1
      80.0.0.0/24 dev p8p1  proto kernel  scope link  src 80.0.0.1
      90.0.0.0/24 via 80.0.0.2 dev p8p1  metric 1
      90.0.0.0/24 via 70.0.0.2 dev p7p1  metric 2
      192.168.56.0/24 dev p2p1  proto kernel  scope link  src 192.168.56.2
      90.0.0.1 via 80.0.0.2 dev p8p1  src 80.0.0.1
          cache
      local 80.0.0.1 dev lo  src 80.0.0.1
          cache <local>
      80.0.0.2 dev p8p1  src 80.0.0.1
          cache
      
      and the output changes to what one would expect.
      
      If the sysctl is not set, the following output would be expected when
      p8p1 is down:
      
      default via 10.0.5.2 dev p9p1
      10.0.5.0/24 dev p9p1  proto kernel  scope link  src 10.0.5.15
      70.0.0.0/24 dev p7p1  proto kernel  scope link  src 70.0.0.1
      80.0.0.0/24 dev p8p1  proto kernel  scope link  src 80.0.0.1 linkdown
      90.0.0.0/24 via 80.0.0.2 dev p8p1  metric 1 linkdown
      90.0.0.0/24 via 70.0.0.2 dev p7p1  metric 2
      
      Since the dead flag does not appear, there should be no expectation that
      the kernel would skip using this route due to link being down.
      
      v2: Split kernel changes into 2 patches, this actually makes a
      behavioral change if the sysctl is set.  Also took suggestion from Alex
      to simplify code by only checking sysctl during fib lookup and
      suggestion from Scott to add a per-interface sysctl.
      
      v3: Code clean-ups to make it more readable and efficient as well as a
      reverse path check fix.
      
      v4: Drop binary sysctl
      
      v5: Whitespace fixups from Dave
      
      v6: Style changes from Dave and checkpatch suggestions
      
      v7: One more checkpatch fixup
      Signed-off-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Signed-off-by: NDinesh Dutt <ddutt@cumulusnetworks.com>
      Acked-by: NScott Feldman <sfeldma@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0eeb075f
    • A
      net: track link-status of ipv4 nexthops · 8a3d0316
      Andy Gospodarek 提交于
      Add a fib flag called RTNH_F_LINKDOWN to any ipv4 nexthops that are
      reachable via an interface where carrier is off.  No action is taken,
      but additional flags are passed to userspace to indicate carrier status.
      
      This also includes a cleanup to fib_disable_ip to more clearly indicate
      what event made the function call to replace the more cryptic force
      option previously used.
      
      v2: Split out kernel functionality into 2 patches, this patch simply
      sets and clears new nexthop flag RTNH_F_LINKDOWN.
      
      v3: Cleanups suggested by Alex as well as a bug noticed in
      fib_sync_down_dev and fib_sync_up when multipath was not enabled.
      
      v5: Whitespace and variable declaration fixups suggested by Dave.
      
      v6: Style fixups noticed by Dave; ran checkpatch to be sure I got them
      all.
      Signed-off-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Signed-off-by: NDinesh Dutt <ddutt@cumulusnetworks.com>
      Acked-by: NScott Feldman <sfeldma@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8a3d0316
  13. 04 4月, 2015 1 次提交
  14. 03 4月, 2015 1 次提交
    • W
      net: move fib_rules_unregister() under rtnl lock · 419df12f
      WANG Cong 提交于
      We have to hold rtnl lock for fib_rules_unregister()
      otherwise the following race could happen:
      
      fib_rules_unregister():	fib_nl_delrule():
      ...				...
      ...				ops = lookup_rules_ops();
      list_del_rcu(&ops->list);
      				list_for_each_entry(ops->rules) {
      fib_rules_cleanup_ops(ops);	  ...
        list_del_rcu();		  list_del_rcu();
      				}
      
      Note, net->rules_mod_lock is actually not needed at all,
      either upper layer netns code or rtnl lock guarantees
      we are safe.
      
      Cc: Alexander Duyck <alexander.h.duyck@redhat.com>
      Cc: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      419df12f
  15. 01 4月, 2015 2 次提交
    • A
      fib_trie: Cleanup ip_fib_net_exit code path · 6e47d6ca
      Alexander Duyck 提交于
      While fixing a recent issue I noticed that we are doing some unnecessary
      work inside the loop for ip_fib_net_exit.  As such I am pulling out the
      initialization to NULL for the locally stored fib_local, fib_main, and
      fib_default.
      
      In addition I am restoring the original code for flushing the table as
      there is no need to split up the fib_table_flush and hlist_del work since
      the code for packing the tnodes with multiple key vectors was dropped.
      Signed-off-by: NAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6e47d6ca
    • A
      fib_trie: Fix warning on fib4_rules_exit · ad88d051
      Alexander Duyck 提交于
      This fixes the following warning:
      
       BUG: sleeping function called from invalid context at mm/slub.c:1268
       in_atomic(): 1, irqs_disabled(): 0, pid: 6, name: kworker/u8:0
       INFO: lockdep is turned off.
       CPU: 3 PID: 6 Comm: kworker/u8:0 Tainted: G        W       4.0.0-rc5+ #895
       Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
       Workqueue: netns cleanup_net
        0000000000000006 ffff88011953fa68 ffffffff81a203b6 000000002c3a2c39
        ffff88011952a680 ffff88011953fa98 ffffffff8109daf0 ffff8801186c6aa8
        ffffffff81fbc9e5 00000000000004f4 0000000000000000 ffff88011953fac8
       Call Trace:
        [<ffffffff81a203b6>] dump_stack+0x4c/0x65
        [<ffffffff8109daf0>] ___might_sleep+0x1c3/0x1cb
        [<ffffffff8109db70>] __might_sleep+0x78/0x80
        [<ffffffff8117a60e>] slab_pre_alloc_hook+0x31/0x8f
        [<ffffffff8117d4f6>] __kmalloc+0x69/0x14e
        [<ffffffff818ed0e1>] ? kzalloc.constprop.20+0xe/0x10
        [<ffffffff818ed0e1>] kzalloc.constprop.20+0xe/0x10
        [<ffffffff818ef622>] fib_trie_table+0x27/0x8b
        [<ffffffff818ef6bd>] fib_trie_unmerge+0x37/0x2a6
        [<ffffffff810b06e1>] ? arch_local_irq_save+0x9/0xc
        [<ffffffff818e9793>] fib_unmerge+0x2d/0xb3
        [<ffffffff818f5f56>] fib4_rule_delete+0x1f/0x52
        [<ffffffff817f1c3f>] ? fib_rules_unregister+0x30/0xb2
        [<ffffffff817f1c8b>] fib_rules_unregister+0x7c/0xb2
        [<ffffffff818f64a1>] fib4_rules_exit+0x15/0x18
        [<ffffffff818e8c0a>] ip_fib_net_exit+0x23/0xf2
        [<ffffffff818e91f8>] fib_net_exit+0x32/0x36
        [<ffffffff817c8352>] ops_exit_list+0x45/0x57
        [<ffffffff817c8d3d>] cleanup_net+0x13c/0x1cd
        [<ffffffff8108b05d>] process_one_work+0x255/0x4ad
        [<ffffffff8108af69>] ? process_one_work+0x161/0x4ad
        [<ffffffff8108b4b1>] worker_thread+0x1cd/0x2ab
        [<ffffffff8108b2e4>] ? process_scheduled_works+0x2f/0x2f
        [<ffffffff81090686>] kthread+0xd4/0xdc
        [<ffffffff8109ec8f>] ? local_clock+0x19/0x22
        [<ffffffff810905b2>] ? __kthread_parkme+0x83/0x83
        [<ffffffff81a2c0c8>] ret_from_fork+0x58/0x90
        [<ffffffff810905b2>] ? __kthread_parkme+0x83/0x83
      
      The issue was that as a part of exiting the default rules were being
      deleted which resulted in the local trie being unmerged.  By moving the
      freeing of the FIB tables up we can avoid the unmerge since there is no
      local table left when we call the fib4_rules_exit function.
      
      Fixes: 0ddcf43d ("ipv4: FIB Local/MAIN table collapse")
      Reported-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ad88d051
  16. 13 3月, 2015 1 次提交
  17. 12 3月, 2015 3 次提交
  18. 06 3月, 2015 1 次提交
  19. 05 3月, 2015 1 次提交
  20. 01 1月, 2015 2 次提交
  21. 23 8月, 2014 1 次提交
    • S
      ipv4: Restore accept_local behaviour in fib_validate_source() · 1dced6a8
      Sébastien Barré 提交于
      Commit 7a9bc9b8 ("ipv4: Elide fib_validate_source() completely when possible.")
      introduced a short-circuit to avoid calling fib_validate_source when not
      needed. That change took rp_filter into account, but not accept_local.
      This resulted in a change of behaviour: with rp_filter and accept_local
      off, incoming packets with a local address in the source field should be
      dropped.
      
      Here is how to reproduce the change pre/post 7a9bc9b8 commit:
      -configure the same IPv4 address on hosts A and B.
      -try to send an ARP request from B to A.
      -The ARP request will be dropped before that commit, but accepted and answered
      after that commit.
      
      This adds a check for ACCEPT_LOCAL, to maintain full
      fib validation in case it is 0. We also leave __fib_validate_source() earlier
      when possible, based on the same check as fib_validate_source(), once the
      accept_local stuff is verified.
      
      Cc: Gregory Detal <gregory.detal@uclouvain.be>
      Cc: Christoph Paasch <christoph.paasch@uclouvain.be>
      Cc: Hannes Frederic Sowa <hannes@redhat.com>
      Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: NSébastien Barré <sebastien.barre@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1dced6a8
  22. 17 4月, 2014 1 次提交
    • C
      ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif · 6a662719
      Cong Wang 提交于
      As suggested by Julian:
      
      	Simply, flowi4_iif must not contain 0, it does not
      	look logical to ignore all ip rules with specified iif.
      
      because in fib_rule_match() we do:
      
              if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
                      goto out;
      
      flowi4_iif should be LOOPBACK_IFINDEX by default.
      
      We need to move LOOPBACK_IFINDEX to include/net/flow.h:
      
      1) It is mostly used by flowi_iif
      
      2) Fix the following compile error if we use it in flow.h
      by the patches latter:
      
      In file included from include/linux/netfilter.h:277:0,
                       from include/net/netns/netfilter.h:5,
                       from include/net/net_namespace.h:21,
                       from include/linux/netdevice.h:43,
                       from include/linux/icmpv6.h:12,
                       from include/linux/ipv6.h:61,
                       from include/net/ipv6.h:16,
                       from include/linux/sunrpc/clnt.h:27,
                       from include/linux/nfs_fs.h:30,
                       from init/do_mounts.c:32:
      include/net/flow.h: In function ‘flowi4_init_output’:
      include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)
      
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: Julian Anastasov <ja@ssi.bg>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NCong Wang <cwang@twopensource.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6a662719
  23. 25 3月, 2014 1 次提交
  24. 25 1月, 2014 1 次提交
  25. 19 10月, 2013 1 次提交
  26. 28 6月, 2013 1 次提交
    • P
      netlink: fix splat in skb_clone with large messages · 3a36515f
      Pablo Neira 提交于
      Since (c05cdb1b netlink: allow large data transfers from user-space),
      netlink splats if it invokes skb_clone on large netlink skbs since:
      
      * skb_shared_info was not correctly initialized.
      * skb->destructor is not set in the cloned skb.
      
      This was spotted by trinity:
      
      [  894.990671] BUG: unable to handle kernel paging request at ffffc9000047b001
      [  894.991034] IP: [<ffffffff81a212c4>] skb_clone+0x24/0xc0
      [...]
      [  894.991034] Call Trace:
      [  894.991034]  [<ffffffff81ad299a>] nl_fib_input+0x6a/0x240
      [  894.991034]  [<ffffffff81c3b7e6>] ? _raw_read_unlock+0x26/0x40
      [  894.991034]  [<ffffffff81a5f189>] netlink_unicast+0x169/0x1e0
      [  894.991034]  [<ffffffff81a601e1>] netlink_sendmsg+0x251/0x3d0
      
      Fix it by:
      
      1) introducing a new netlink_skb_clone function that is used in nl_fib_input,
         that sets our special skb->destructor in the cloned skb. Moreover, handle
         the release of the large cloned skb head area in the destructor path.
      
      2) not allowing large skbuffs in the netlink broadcast path. I cannot find
         any reasonable use of the large data transfer using netlink in that path,
         moreover this helps to skip extra skb_clone handling.
      
      I found two more netlink clients that are cloning the skbs, but they are
      not in the sendmsg path. Therefore, the sole client cloning that I found
      seems to be the fib frontend.
      
      Thanks to Eric Dumazet for helping to address this issue.
      Reported-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3a36515f
  27. 29 5月, 2013 1 次提交
  28. 29 3月, 2013 1 次提交
  29. 22 3月, 2013 1 次提交