fib_rules: add route suppression based on ifgroup

This change adds the ability to suppress a routing decision based upon the interface group the selected interface belongs to. This allows it to exclude specific devices from a routing decision. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Stefan Tomanek <stefan.tomanek@wertarbyte.de> 2013-08-02 11:19:56 -0400
committer: David S. Miller <davem@davemloft.net> 2013-08-02 18:24:22 -0400
commit: 6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad (patch)
tree: f2d7afebf4534ea50273165f4b0798aed704a37c /net/ipv4
parent: d1c53c8e870cdedb6fc9550f41c558bab45b5219 (diff)
1 files changed, 17 insertions, 6 deletions
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 9f2906679d1f..b78fd28970c9 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -103,16 +103,27 @@ errout:
 static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg)
 {
+        struct fib_result *result = (struct fib_result *) arg->result;
+        struct net_device *dev = result->fi->fib_dev;
        /* do not accept result if the route does
         * not meet the required prefix length
         */
-        struct fib_result *result = (struct fib_result *) arg->result;
+        if (result->prefixlen < rule->table_prefixlen_min)
-        if (result->prefixlen < rule->table_prefixlen_min) {
+                goto suppress_route;
-                if (!(arg->flags & FIB_LOOKUP_NOREF))
-                        fib_info_put(result->fi);
+        /* do not accept result if the route uses a device
-                return true;
+         * belonging to a forbidden interface group
-        }
+         */
+        if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
+                goto suppress_route;
        return false;
+suppress_route:
+        if (!(arg->flags & FIB_LOOKUP_NOREF))
+                fib_info_put(result->fi);
+        return true;
 }
 static int fib4_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
author	Stefan Tomanek <stefan.tomanek@wertarbyte.de>	2013-08-02 11:19:56 -0400
committer	David S. Miller <davem@davemloft.net>	2013-08-02 18:24:22 -0400
commit	6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad (patch)
tree	f2d7afebf4534ea50273165f4b0798aed704a37c /net/ipv4
parent	d1c53c8e870cdedb6fc9550f41c558bab45b5219 (diff)

diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index 9f2906679d1f..b78fd28970c9 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c
@@ -103,16 +103,27 @@ errout:
103		103
104	static bool fib4_rule_suppress(struct fib_rule rule, struct fib_lookup_arg arg)	104	static bool fib4_rule_suppress(struct fib_rule rule, struct fib_lookup_arg arg)
105	{	105	{
		106	struct fib_result result = (struct fib_result ) arg->result;
		107	struct net_device *dev = result->fi->fib_dev;
		108
106	/* do not accept result if the route does	109	/* do not accept result if the route does
107	* not meet the required prefix length	110	* not meet the required prefix length
108	*/	111	*/
109	struct fib_result result = (struct fib_result ) arg->result;	112	if (result->prefixlen < rule->table_prefixlen_min)
110	if (result->prefixlen < rule->table_prefixlen_min) {	113	goto suppress_route;
111	if (!(arg->flags & FIB_LOOKUP_NOREF))	114
112	fib_info_put(result->fi);	115	/* do not accept result if the route uses a device
113	return true;	116	* belonging to a forbidden interface group
114	}	117	*/
		118	if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
		119	goto suppress_route;
		120
115	return false;	121	return false;
		122
		123	suppress_route:
		124	if (!(arg->flags & FIB_LOOKUP_NOREF))
		125	fib_info_put(result->fi);
		126	return true;
116	}	127	}
117		128
118	static int fib4_rule_match(struct fib_rule rule, struct flowi fl, int flags)	129	static int fib4_rule_match(struct fib_rule rule, struct flowi fl, int flags)