fib_rules: add route suppression based on ifgroup

This change adds the ability to suppress a routing decision based upon the
interface group the selected interface belongs to. This allows it to
exclude specific devices from a routing decision.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 13 insertions, 3 deletions

diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 554a4fbabfb3..36283267e2f8 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -122,14 +122,24 @@ out:
 static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg)
 {
         struct rt6_info *rt = (struct rt6_info *) arg->result;
+        struct net_device *dev = rt->rt6i_idev->dev;
         /* do not accept result if the route does
          * not meet the required prefix length
          */
-        if (rt->rt6i_dst.plen < rule->table_prefixlen_min) {
+        if (rt->rt6i_dst.plen < rule->table_prefixlen_min)
+                goto suppress_route;
+
+        /* do not accept result if the route uses a device
+         * belonging to a forbidden interface group
+         */
+        if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
+                goto suppress_route;
+
+        return false;
+
+suppress_route:
                 ip6_rt_put(rt);
                 return true;
-        }
-        return false;
 }
 
 static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)