diff options
| author | David Ahern <dsa@cumulusnetworks.com> | 2016-07-04 21:47:41 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-07-05 14:50:05 -0400 |
| commit | 73e20b761acf8678de2d55d92b90a623b8558a77 (patch) | |
| tree | dc072e0c887e95e6d9e75474d5b26617176ba659 | |
| parent | 8297f2d9ef6c2c31c87807f2f110ddfd0c379443 (diff) | |
net: vrf: Add support for PREROUTING rules on vrf device
Add support for PREROUTING rules with skb->dev set to the vrf device.
INPUT rules are already allowed. Provides symmetry with the output path
which allows POSTROUTING rules.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/vrf.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index b3762822b653..1ce7420322ee 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c | |||
| @@ -779,6 +779,25 @@ static int vrf_get_saddr(struct net_device *dev, struct flowi4 *fl4) | |||
| 779 | return rc; | 779 | return rc; |
| 780 | } | 780 | } |
| 781 | 781 | ||
| 782 | static int vrf_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) | ||
| 783 | { | ||
| 784 | return 0; | ||
| 785 | } | ||
| 786 | |||
| 787 | static struct sk_buff *vrf_rcv_nfhook(u8 pf, unsigned int hook, | ||
| 788 | struct sk_buff *skb, | ||
| 789 | struct net_device *dev) | ||
| 790 | { | ||
| 791 | struct net *net = dev_net(dev); | ||
| 792 | |||
| 793 | nf_reset(skb); | ||
| 794 | |||
| 795 | if (NF_HOOK(pf, hook, net, NULL, skb, dev, NULL, vrf_rcv_finish) < 0) | ||
| 796 | skb = NULL; /* kfree_skb(skb) handled by nf code */ | ||
| 797 | |||
| 798 | return skb; | ||
| 799 | } | ||
| 800 | |||
| 782 | #if IS_ENABLED(CONFIG_IPV6) | 801 | #if IS_ENABLED(CONFIG_IPV6) |
| 783 | /* neighbor handling is done with actual device; do not want | 802 | /* neighbor handling is done with actual device; do not want |
| 784 | * to flip skb->dev for those ndisc packets. This really fails | 803 | * to flip skb->dev for those ndisc packets. This really fails |
| @@ -899,6 +918,7 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, | |||
| 899 | if (need_strict) | 918 | if (need_strict) |
| 900 | vrf_ip6_input_dst(skb, vrf_dev, orig_iif); | 919 | vrf_ip6_input_dst(skb, vrf_dev, orig_iif); |
| 901 | 920 | ||
| 921 | skb = vrf_rcv_nfhook(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, vrf_dev); | ||
| 902 | out: | 922 | out: |
| 903 | return skb; | 923 | return skb; |
| 904 | } | 924 | } |
| @@ -929,6 +949,7 @@ static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev, | |||
| 929 | dev_queue_xmit_nit(skb, vrf_dev); | 949 | dev_queue_xmit_nit(skb, vrf_dev); |
| 930 | skb_pull(skb, skb->mac_len); | 950 | skb_pull(skb, skb->mac_len); |
| 931 | 951 | ||
| 952 | skb = vrf_rcv_nfhook(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, vrf_dev); | ||
| 932 | out: | 953 | out: |
| 933 | return skb; | 954 | return skb; |
| 934 | } | 955 | } |