diff options
| author | David S. Miller <davem@davemloft.net> | 2010-12-23 15:03:57 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-12-23 15:03:57 -0500 |
| commit | e058464990c2ef1f3ecd6b83a154913c3c06f02a (patch) | |
| tree | 1c949b22d8ed6ac0c1419f2bf2c372d8833b41d4 | |
| parent | 0e214ad81545a35c5e62a4c2d6cf7275fd7a545f (diff) | |
Revert "ipv4: Allow configuring subnets as local addresses"
This reverts commit 4465b469008bc03b98a1b8df4e9ae501b6c69d4b.
Conflicts:
net/ipv4/fib_frontend.c
As reported by Ben Greear, this causes regressions:
> Change 4465b469008bc03b98a1b8df4e9ae501b6c69d4b caused rules
> to stop matching the input device properly because the
> FLOWI_FLAG_MATCH_ANY_IIF is always defined in ip_dev_find().
>
> This breaks rules such as:
>
> ip rule add pref 512 lookup local
> ip rule del pref 0 lookup local
> ip link set eth2 up
> ip -4 addr add 172.16.0.102/24 broadcast 172.16.0.255 dev eth2
> ip rule add to 172.16.0.102 iif eth2 lookup local pref 10
> ip rule add iif eth2 lookup 10001 pref 20
> ip route add 172.16.0.0/24 dev eth2 table 10001
> ip route add unreachable 0/0 table 10001
>
> If you had a second interface 'eth0' that was on a different
> subnet, pinging a system on that interface would fail:
>
> [root@ct503-60 ~]# ping 192.168.100.1
> connect: Invalid argument
Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/flow.h | 1 | ||||
| -rw-r--r-- | net/core/fib_rules.c | 3 | ||||
| -rw-r--r-- | net/ipv4/fib_frontend.c | 10 |
3 files changed, 9 insertions, 5 deletions
diff --git a/include/net/flow.h b/include/net/flow.h index 0ac3fb5e0973..bb08692a20b0 100644 --- a/include/net/flow.h +++ b/include/net/flow.h | |||
| @@ -49,7 +49,6 @@ struct flowi { | |||
| 49 | __u8 proto; | 49 | __u8 proto; |
| 50 | __u8 flags; | 50 | __u8 flags; |
| 51 | #define FLOWI_FLAG_ANYSRC 0x01 | 51 | #define FLOWI_FLAG_ANYSRC 0x01 |
| 52 | #define FLOWI_FLAG_MATCH_ANY_IIF 0x02 | ||
| 53 | union { | 52 | union { |
| 54 | struct { | 53 | struct { |
| 55 | __be16 sport; | 54 | __be16 sport; |
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index 82a4369ae150..a20e5d3bbfa0 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c | |||
| @@ -181,8 +181,7 @@ static int fib_rule_match(struct fib_rule *rule, struct fib_rules_ops *ops, | |||
| 181 | { | 181 | { |
| 182 | int ret = 0; | 182 | int ret = 0; |
| 183 | 183 | ||
| 184 | if (rule->iifindex && (rule->iifindex != fl->iif) && | 184 | if (rule->iifindex && (rule->iifindex != fl->iif)) |
| 185 | !(fl->flags & FLOWI_FLAG_MATCH_ANY_IIF)) | ||
| 186 | goto out; | 185 | goto out; |
| 187 | 186 | ||
| 188 | if (rule->oifindex && (rule->oifindex != fl->oif)) | 187 | if (rule->oifindex && (rule->oifindex != fl->oif)) |
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index eb6f69a8f27a..c19c1f739fba 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c | |||
| @@ -163,13 +163,19 @@ struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) | |||
| 163 | .daddr = addr | 163 | .daddr = addr |
| 164 | } | 164 | } |
| 165 | }, | 165 | }, |
| 166 | .flags = FLOWI_FLAG_MATCH_ANY_IIF | ||
| 167 | }; | 166 | }; |
| 168 | struct fib_result res = { 0 }; | 167 | struct fib_result res = { 0 }; |
| 169 | struct net_device *dev = NULL; | 168 | struct net_device *dev = NULL; |
| 169 | struct fib_table *local_table; | ||
| 170 | |||
| 171 | #ifdef CONFIG_IP_MULTIPLE_TABLES | ||
| 172 | res.r = NULL; | ||
| 173 | #endif | ||
| 170 | 174 | ||
| 171 | rcu_read_lock(); | 175 | rcu_read_lock(); |
| 172 | if (fib_lookup(net, &fl, &res)) { | 176 | local_table = fib_get_table(net, RT_TABLE_LOCAL); |
| 177 | if (!local_table || | ||
| 178 | fib_table_lookup(local_table, &fl, &res, FIB_LOOKUP_NOREF)) { | ||
| 173 | rcu_read_unlock(); | 179 | rcu_read_unlock(); |
| 174 | return NULL; | 180 | return NULL; |
| 175 | } | 181 | } |