ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif

As suggested by Julian: Simply, flowi4_iif must not contain 0, it does not look logical to ignore all ip rules with specified iif. because in fib_rule_match() we do: if (rule->iifindex && (rule->iifindex != fl->flowi_iif)) goto out; flowi4_iif should be LOOPBACK_IFINDEX by default. We need to move LOOPBACK_IFINDEX to include/net/flow.h: 1) It is mostly used by flowi_iif 2) Fix the following compile error if we use it in flow.h by the patches latter: In file included from include/linux/netfilter.h:277:0, from include/net/netns/netfilter.h:5, from include/net/net_namespace.h:21, from include/linux/netdevice.h:43, from include/linux/icmpv6.h:12, from include/linux/ipv6.h:61, from include/net/ipv6.h:16, from include/linux/sunrpc/clnt.h:27, from include/linux/nfs_fs.h:30, from init/do_mounts.c:32: include/net/flow.h: In function ‘flowi4_init_output’: include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function) Cc: Eric Biederman <ebiederm@xmission.com> Cc: Julian Anastasov <ja@ssi.bg> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Cong Wang <cwang@twopensource.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Cong Wang <cwang@twopensource.com> 2014-04-15 19:25:34 -0400
committer: David S. Miller <davem@davemloft.net> 2014-04-16 15:05:11 -0400
commit: 6a662719c9868b3d6c7d26b3a085f0cd3cc15e64 (patch)
tree: 66bcb1ab0be053a656cffd10960dc7f3ca6564f9
parent: c98235cb8584a72e95786e17d695a8e5fafcd766 (diff)
7 files changed, 15 insertions, 16 deletions
diff --git a/include/net/flow.h b/include/net/flow.h
index 64fd24836650..8109a159d1b3 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -11,6 +11,14 @@
 #include <linux/in6.h>
 #include <linux/atomic.h>
+/*
+ * ifindex generation is per-net namespace, and loopback is
+ * always the 1st device in ns (see net_dev_init), thus any
+ * loopback device should get ifindex 1
+ */
+#define LOOPBACK_IFINDEX        1
 struct flowi_common {
        int     flowic_oif;
        int     flowic_iif;
@@ -80,7 +88,7 @@ static inline void flowi4_init_output(struct flowi4 *fl4, int oif,
                                      __be16 dport, __be16 sport)
 {
        fl4->flowi4_oif = oif;
-        fl4->flowi4_iif = 0;
+        fl4->flowi4_iif = LOOPBACK_IFINDEX;
        fl4->flowi4_mark = mark;
        fl4->flowi4_tos = tos;
        fl4->flowi4_scope = scope;
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 79387f73f875..5f9eb260990f 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -9,6 +9,7 @@
 #include <linux/list.h>
 #include <linux/sysctl.h>
+#include <net/flow.h>
 #include <net/netns/core.h>
 #include <net/netns/mib.h>
 #include <net/netns/unix.h>
@@ -131,14 +132,6 @@ struct net {
        atomic_t                fnhe_genid;
 };
-/*
- * ifindex generation is per-net namespace, and loopback is
- * always the 1st device in ns (see net_dev_init), thus any
- * loopback device should get ifindex 1
- */
-#define LOOPBACK_IFINDEX        1
 #include <linux/seq_file_net.h>
 /* Init's network namespace */
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 1a629f870274..255aa9946fe7 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -250,7 +250,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
        bool dev_match;
        fl4.flowi4_oif = 0;
-        fl4.flowi4_iif = oif;
+        fl4.flowi4_iif = oif ? : LOOPBACK_IFINDEX;
        fl4.daddr = src;
        fl4.saddr = dst;
        fl4.flowi4_tos = tos;
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index b53f0bf84dca..8a043f03c88e 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -631,6 +631,7 @@ static int fib_check_nh(struct fib_config *cfg, struct fib_info *fi,
                                .daddr = nh->nh_gw,
                                .flowi4_scope = cfg->fc_scope + 1,
                                .flowi4_oif = nh->nh_oif,
+                                .flowi4_iif = LOOPBACK_IFINDEX,
                        };
                        /* It is not necessary, but requires a bit of thinking */
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 28863570dd60..d84dc8d4c916 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -455,7 +455,7 @@ static netdev_tx_t reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
        struct mr_table *mrt;
        struct flowi4 fl4 = {
                .flowi4_oif     = dev->ifindex,
-                .flowi4_iif     = skb->skb_iif,
+                .flowi4_iif     = skb->skb_iif ? : LOOPBACK_IFINDEX,
                .flowi4_mark    = skb->mark,
        };
        int err;
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index c49dcd0284a0..4bfaedf9b34e 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -89,11 +89,8 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
        if (ipv4_is_multicast(iph->daddr)) {
                if (ipv4_is_zeronet(iph->saddr))
                        return ipv4_is_local_multicast(iph->daddr) ^ invert;
-                flow.flowi4_iif = 0;
-        } else {
-                flow.flowi4_iif = LOOPBACK_IFINDEX;
        }
+        flow.flowi4_iif = LOOPBACK_IFINDEX;
        flow.daddr = iph->saddr;
        flow.saddr = rpfilter_get_saddr(iph->daddr);
        flow.flowi4_oif = 0;
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 8737400af0a0..8659067da28e 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -700,7 +700,7 @@ static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
        struct mr6_table *mrt;
        struct flowi6 fl6 = {
                .flowi6_oif     = dev->ifindex,
-                .flowi6_iif     = skb->skb_iif,
+                .flowi6_iif     = skb->skb_iif ? : LOOPBACK_IFINDEX,
                .flowi6_mark    = skb->mark,
        };
        int err;
author	Cong Wang <cwang@twopensource.com>	2014-04-15 19:25:34 -0400
committer	David S. Miller <davem@davemloft.net>	2014-04-16 15:05:11 -0400
commit	6a662719c9868b3d6c7d26b3a085f0cd3cc15e64 (patch)
tree	66bcb1ab0be053a656cffd10960dc7f3ca6564f9
parent	c98235cb8584a72e95786e17d695a8e5fafcd766 (diff)

diff --git a/include/net/flow.h b/include/net/flow.h index 64fd24836650..8109a159d1b3 100644 --- a/include/net/flow.h +++ b/include/net/flow.h
@@ -11,6 +11,14 @@
11	#include <linux/in6.h>	11	#include <linux/in6.h>
12	#include <linux/atomic.h>	12	#include <linux/atomic.h>
13		13
		14	/*
		15	* ifindex generation is per-net namespace, and loopback is
		16	* always the 1st device in ns (see net_dev_init), thus any
		17	* loopback device should get ifindex 1
		18	*/
		19
		20	#define LOOPBACK_IFINDEX 1
		21
14	struct flowi_common {	22	struct flowi_common {
15	int flowic_oif;	23	int flowic_oif;
16	int flowic_iif;	24	int flowic_iif;
@@ -80,7 +88,7 @@ static inline void flowi4_init_output(struct flowi4 *fl4, int oif,
80	__be16 dport, __be16 sport)	88	__be16 dport, __be16 sport)
81	{	89	{
82	fl4->flowi4_oif = oif;	90	fl4->flowi4_oif = oif;
83	fl4->flowi4_iif = 0;	91	fl4->flowi4_iif = LOOPBACK_IFINDEX;
84	fl4->flowi4_mark = mark;	92	fl4->flowi4_mark = mark;
85	fl4->flowi4_tos = tos;	93	fl4->flowi4_tos = tos;
86	fl4->flowi4_scope = scope;	94	fl4->flowi4_scope = scope;


diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 79387f73f875..5f9eb260990f 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h
@@ -9,6 +9,7 @@
9	#include <linux/list.h>	9	#include <linux/list.h>
10	#include <linux/sysctl.h>	10	#include <linux/sysctl.h>
11		11
		12	#include <net/flow.h>
12	#include <net/netns/core.h>	13	#include <net/netns/core.h>
13	#include <net/netns/mib.h>	14	#include <net/netns/mib.h>
14	#include <net/netns/unix.h>	15	#include <net/netns/unix.h>
@@ -131,14 +132,6 @@ struct net {
131	atomic_t fnhe_genid;	132	atomic_t fnhe_genid;
132	};	133	};
133		134
134	/*
135	* ifindex generation is per-net namespace, and loopback is
136	* always the 1st device in ns (see net_dev_init), thus any
137	* loopback device should get ifindex 1
138	*/
139
140	#define LOOPBACK_IFINDEX 1
141
142	#include <linux/seq_file_net.h>	135	#include <linux/seq_file_net.h>
143		136
144	/* Init's network namespace */	137	/* Init's network namespace */


diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 1a629f870274..255aa9946fe7 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c
@@ -250,7 +250,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
250	bool dev_match;	250	bool dev_match;
251		251
252	fl4.flowi4_oif = 0;	252	fl4.flowi4_oif = 0;
253	fl4.flowi4_iif = oif;	253	fl4.flowi4_iif = oif ? : LOOPBACK_IFINDEX;
254	fl4.daddr = src;	254	fl4.daddr = src;
255	fl4.saddr = dst;	255	fl4.saddr = dst;
256	fl4.flowi4_tos = tos;	256	fl4.flowi4_tos = tos;


diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index b53f0bf84dca..8a043f03c88e 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c
@@ -631,6 +631,7 @@ static int fib_check_nh(struct fib_config cfg, struct fib_info fi,
631	.daddr = nh->nh_gw,	631	.daddr = nh->nh_gw,
632	.flowi4_scope = cfg->fc_scope + 1,	632	.flowi4_scope = cfg->fc_scope + 1,
633	.flowi4_oif = nh->nh_oif,	633	.flowi4_oif = nh->nh_oif,
		634	.flowi4_iif = LOOPBACK_IFINDEX,
634	};	635	};
635		636
636	/* It is not necessary, but requires a bit of thinking */	637	/* It is not necessary, but requires a bit of thinking */


diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index 28863570dd60..d84dc8d4c916 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c
@@ -455,7 +455,7 @@ static netdev_tx_t reg_vif_xmit(struct sk_buff skb, struct net_device dev)
455	struct mr_table *mrt;	455	struct mr_table *mrt;
456	struct flowi4 fl4 = {	456	struct flowi4 fl4 = {
457	.flowi4_oif = dev->ifindex,	457	.flowi4_oif = dev->ifindex,
458	.flowi4_iif = skb->skb_iif,	458	.flowi4_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
459	.flowi4_mark = skb->mark,	459	.flowi4_mark = skb->mark,
460	};	460	};
461	int err;	461	int err;


diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c index c49dcd0284a0..4bfaedf9b34e 100644 --- a/net/ipv4/netfilter/ipt_rpfilter.c +++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -89,11 +89,8 @@ static bool rpfilter_mt(const struct sk_buff skb, struct xt_action_param par)
89	if (ipv4_is_multicast(iph->daddr)) {	89	if (ipv4_is_multicast(iph->daddr)) {
90	if (ipv4_is_zeronet(iph->saddr))	90	if (ipv4_is_zeronet(iph->saddr))
91	return ipv4_is_local_multicast(iph->daddr) ^ invert;	91	return ipv4_is_local_multicast(iph->daddr) ^ invert;
92	flow.flowi4_iif = 0;
93	} else {
94	flow.flowi4_iif = LOOPBACK_IFINDEX;
95	}	92	}
96		93	flow.flowi4_iif = LOOPBACK_IFINDEX;
97	flow.daddr = iph->saddr;	94	flow.daddr = iph->saddr;
98	flow.saddr = rpfilter_get_saddr(iph->daddr);	95	flow.saddr = rpfilter_get_saddr(iph->daddr);
99	flow.flowi4_oif = 0;	96	flow.flowi4_oif = 0;


diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c index 8737400af0a0..8659067da28e 100644 --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c
@@ -700,7 +700,7 @@ static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
700	struct mr6_table *mrt;	700	struct mr6_table *mrt;
701	struct flowi6 fl6 = {	701	struct flowi6 fl6 = {
702	.flowi6_oif = dev->ifindex,	702	.flowi6_oif = dev->ifindex,
703	.flowi6_iif = skb->skb_iif,	703	.flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
704	.flowi6_mark = skb->mark,	704	.flowi6_mark = skb->mark,
705	};	705	};
706	int err;	706	int err;