diff options
| author | jamal <hadi@cyberus.ca> | 2009-10-17 22:12:33 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-10-30 01:49:12 -0400 |
| commit | b0c110ca8e89f2c9cd52ec7fb1b98c5b7aa78496 (patch) | |
| tree | 613bb6966bce4b5dc63e5090aff04254f7dbb709 | |
| parent | 14d18a81b5171d4433e41129619c75748b4f4d26 (diff) | |
net: Fix RPF to work with policy routing
Policy routing is not looked up by mark on reverse path filtering.
This fixes it.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/ip_fib.h | 3 | ||||
| -rw-r--r-- | net/ipv4/fib_frontend.c | 5 | ||||
| -rw-r--r-- | net/ipv4/route.c | 8 |
3 files changed, 10 insertions, 6 deletions
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index ef91fe924ba4..4d22fabc7719 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h | |||
| @@ -210,7 +210,8 @@ extern struct fib_table *fib_get_table(struct net *net, u32 id); | |||
| 210 | extern const struct nla_policy rtm_ipv4_policy[]; | 210 | extern const struct nla_policy rtm_ipv4_policy[]; |
| 211 | extern void ip_fib_init(void); | 211 | extern void ip_fib_init(void); |
| 212 | extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, | 212 | extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, |
| 213 | struct net_device *dev, __be32 *spec_dst, u32 *itag); | 213 | struct net_device *dev, __be32 *spec_dst, |
| 214 | u32 *itag, u32 mark); | ||
| 214 | extern void fib_select_default(struct net *net, const struct flowi *flp, | 215 | extern void fib_select_default(struct net *net, const struct flowi *flp, |
| 215 | struct fib_result *res); | 216 | struct fib_result *res); |
| 216 | 217 | ||
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index e2f950592566..aa00398be80e 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c | |||
| @@ -229,14 +229,17 @@ unsigned int inet_dev_addr_type(struct net *net, const struct net_device *dev, | |||
| 229 | */ | 229 | */ |
| 230 | 230 | ||
| 231 | int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, | 231 | int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, |
| 232 | struct net_device *dev, __be32 *spec_dst, u32 *itag) | 232 | struct net_device *dev, __be32 *spec_dst, |
| 233 | u32 *itag, u32 mark) | ||
| 233 | { | 234 | { |
| 234 | struct in_device *in_dev; | 235 | struct in_device *in_dev; |
| 235 | struct flowi fl = { .nl_u = { .ip4_u = | 236 | struct flowi fl = { .nl_u = { .ip4_u = |
| 236 | { .daddr = src, | 237 | { .daddr = src, |
| 237 | .saddr = dst, | 238 | .saddr = dst, |
| 238 | .tos = tos } }, | 239 | .tos = tos } }, |
| 240 | .mark = mark, | ||
| 239 | .iif = oif }; | 241 | .iif = oif }; |
| 242 | |||
| 240 | struct fib_result res; | 243 | struct fib_result res; |
| 241 | int no_addr, rpf; | 244 | int no_addr, rpf; |
| 242 | int ret; | 245 | int ret; |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index bb4199252026..5b1050a5d874 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -1854,7 +1854,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, | |||
| 1854 | goto e_inval; | 1854 | goto e_inval; |
| 1855 | spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); | 1855 | spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); |
| 1856 | } else if (fib_validate_source(saddr, 0, tos, 0, | 1856 | } else if (fib_validate_source(saddr, 0, tos, 0, |
| 1857 | dev, &spec_dst, &itag) < 0) | 1857 | dev, &spec_dst, &itag, 0) < 0) |
| 1858 | goto e_inval; | 1858 | goto e_inval; |
| 1859 | 1859 | ||
| 1860 | rth = dst_alloc(&ipv4_dst_ops); | 1860 | rth = dst_alloc(&ipv4_dst_ops); |
| @@ -1967,7 +1967,7 @@ static int __mkroute_input(struct sk_buff *skb, | |||
| 1967 | 1967 | ||
| 1968 | 1968 | ||
| 1969 | err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res), | 1969 | err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res), |
| 1970 | in_dev->dev, &spec_dst, &itag); | 1970 | in_dev->dev, &spec_dst, &itag, skb->mark); |
| 1971 | if (err < 0) { | 1971 | if (err < 0) { |
| 1972 | ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, | 1972 | ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, |
| 1973 | saddr); | 1973 | saddr); |
| @@ -2141,7 +2141,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, | |||
| 2141 | int result; | 2141 | int result; |
| 2142 | result = fib_validate_source(saddr, daddr, tos, | 2142 | result = fib_validate_source(saddr, daddr, tos, |
| 2143 | net->loopback_dev->ifindex, | 2143 | net->loopback_dev->ifindex, |
| 2144 | dev, &spec_dst, &itag); | 2144 | dev, &spec_dst, &itag, skb->mark); |
| 2145 | if (result < 0) | 2145 | if (result < 0) |
| 2146 | goto martian_source; | 2146 | goto martian_source; |
| 2147 | if (result) | 2147 | if (result) |
| @@ -2170,7 +2170,7 @@ brd_input: | |||
| 2170 | spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); | 2170 | spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK); |
| 2171 | else { | 2171 | else { |
| 2172 | err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst, | 2172 | err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst, |
| 2173 | &itag); | 2173 | &itag, skb->mark); |
| 2174 | if (err < 0) | 2174 | if (err < 0) |
| 2175 | goto martian_source; | 2175 | goto martian_source; |
| 2176 | if (err) | 2176 | if (err) |