]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commitdiff
net: Fix RPF to work with policy routing
authorjamal <hadi@cyberus.ca>
Sun, 18 Oct 2009 02:12:33 +0000 (02:12 +0000)
committerDavid S. Miller <davem@davemloft.net>
Fri, 30 Oct 2009 05:49:12 +0000 (22:49 -0700)
Policy routing is not looked up by mark on reverse path filtering.
This fixes it.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/ip_fib.h
net/ipv4/fib_frontend.c
net/ipv4/route.c

index ef91fe924ba42ddf5a0748836726098ec2a95f9a..4d22fabc7719de9b6b620ebfeba29332a2b31e2e 100644 (file)
@@ -210,7 +210,8 @@ extern struct fib_table *fib_get_table(struct net *net, u32 id);
 extern const struct nla_policy rtm_ipv4_policy[];
 extern void            ip_fib_init(void);
 extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
-                              struct net_device *dev, __be32 *spec_dst, u32 *itag);
+                              struct net_device *dev, __be32 *spec_dst,
+                              u32 *itag, u32 mark);
 extern void fib_select_default(struct net *net, const struct flowi *flp,
                               struct fib_result *res);
 
index e2f950592566ac93267dbd20bc85473d4a759d48..aa00398be80e6f8114da351f07bd0ba585577f17 100644 (file)
@@ -229,14 +229,17 @@ unsigned int inet_dev_addr_type(struct net *net, const struct net_device *dev,
  */
 
 int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
-                       struct net_device *dev, __be32 *spec_dst, u32 *itag)
+                       struct net_device *dev, __be32 *spec_dst,
+                       u32 *itag, u32 mark)
 {
        struct in_device *in_dev;
        struct flowi fl = { .nl_u = { .ip4_u =
                                      { .daddr = src,
                                        .saddr = dst,
                                        .tos = tos } },
+                           .mark = mark,
                            .iif = oif };
+
        struct fib_result res;
        int no_addr, rpf;
        int ret;
index bb41992520268b08c49f345e2170aeb644c56b7d..5b1050a5d874e35ffd608f8e6d0bbb2f1a5204f4 100644 (file)
@@ -1854,7 +1854,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
                        goto e_inval;
                spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
        } else if (fib_validate_source(saddr, 0, tos, 0,
-                                       dev, &spec_dst, &itag) < 0)
+                                       dev, &spec_dst, &itag, 0) < 0)
                goto e_inval;
 
        rth = dst_alloc(&ipv4_dst_ops);
@@ -1967,7 +1967,7 @@ static int __mkroute_input(struct sk_buff *skb,
 
 
        err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res),
-                                 in_dev->dev, &spec_dst, &itag);
+                                 in_dev->dev, &spec_dst, &itag, skb->mark);
        if (err < 0) {
                ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
                                         saddr);
@@ -2141,7 +2141,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
                int result;
                result = fib_validate_source(saddr, daddr, tos,
                                             net->loopback_dev->ifindex,
-                                            dev, &spec_dst, &itag);
+                                            dev, &spec_dst, &itag, skb->mark);
                if (result < 0)
                        goto martian_source;
                if (result)
@@ -2170,7 +2170,7 @@ brd_input:
                spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
        else {
                err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst,
-                                         &itag);
+                                         &itag, skb->mark);
                if (err < 0)
                        goto martian_source;
                if (err)