Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48e8aa6e authored by Martin KaFai Lau's avatar Martin KaFai Lau Committed by David S. Miller
Browse files

ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags 



The neighbor look-up used to depend on the rt6i_gateway (if
there is a gateway) or the rt6i_dst (if it is a RTF_CACHE clone)
as the nexthop address.  Note that rt6i_dst is set to fl6->daddr
for the RTF_CACHE clone where fl6->daddr is the one used to do
the route look-up.

Now, we only create RTF_CACHE clone after encountering exception.
When doing the neighbor look-up with a route that is neither a gateway
nor a RTF_CACHE clone, the daddr in skb will be used as the nexthop.

In some cases, the daddr in skb is not the one used to do
the route look-up.  One example is in ip_vs_dr_xmit_v6() where the
real nexthop server address is different from the one in the skb.

This patch is going to follow the IPv4 approach and ask the
ip6_pol_route() callers to set the FLOWI_FLAG_KNOWN_NH properly.

In the next patch, ip6_pol_route() will honor the FLOWI_FLAG_KNOWN_NH
and create a RTF_CACHE clone.

Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
Tested-by: default avatarJulian Anastasov <ja@ssi.bg>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b197df4f

net/ipv6/raw.c

+3 −0
Original line number Original line Diff line number Diff line
@@ -865,6 +865,9 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 
		fl6.flowi6_oif = np->ucast_oif;

		fl6.flowi6_oif = np->ucast_oif;

	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));

	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));





	if (inet->hdrincl)

		fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;



	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);

	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);

	if (IS_ERR(dst)) {

	if (IS_ERR(dst)) {

		err = PTR_ERR(dst);

		err = PTR_ERR(dst);

net/netfilter/ipvs/ip_vs_xmit.c

+9 −4
Original line number Original line Diff line number Diff line
@@ -364,13 +364,16 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest, 
#ifdef CONFIG_IP_VS_IPV6

#ifdef CONFIG_IP_VS_IPV6

static struct dst_entry *

static struct dst_entry *

__ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr,

__ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr,

			struct in6_addr *ret_saddr, int do_xfrm)

			struct in6_addr *ret_saddr, int do_xfrm, int rt_mode)

{

{

	struct dst_entry *dst;

	struct dst_entry *dst;

	struct flowi6 fl6 = {

	struct flowi6 fl6 = {

		.daddr = *daddr,

		.daddr = *daddr,

	};

	};





	if (rt_mode & IP_VS_RT_MODE_KNOWN_NH)

		fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;



	dst = ip6_route_output(net, NULL, &fl6);

	dst = ip6_route_output(net, NULL, &fl6);

	if (dst->error)

	if (dst->error)

		goto out_err;

		goto out_err;
@@ -427,7 +430,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest, 
			}

			}

			dst = __ip_vs_route_output_v6(net, &dest->addr.in6,

			dst = __ip_vs_route_output_v6(net, &dest->addr.in6,

						      &dest_dst->dst_saddr.in6,

						      &dest_dst->dst_saddr.in6,

						      do_xfrm);

						      do_xfrm, rt_mode);

			if (!dst) {

			if (!dst) {

				__ip_vs_dst_set(dest, NULL, NULL, 0);

				__ip_vs_dst_set(dest, NULL, NULL, 0);

				spin_unlock_bh(&dest->dst_lock);

				spin_unlock_bh(&dest->dst_lock);
@@ -446,7 +449,8 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest, 
			*ret_saddr = dest_dst->dst_saddr.in6;

			*ret_saddr = dest_dst->dst_saddr.in6;

	} else {

	} else {

		noref = 0;

		noref = 0;

		dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm);

		dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm,

					      rt_mode);

		if (!dst)

		if (!dst)

			goto err_unreach;

			goto err_unreach;

		rt = (struct rt6_info *) dst;

		rt = (struct rt6_info *) dst;
@@ -1164,7 +1168,8 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, 
	local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, &cp->daddr.in6,

	local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, &cp->daddr.in6,

				      NULL, ipvsh, 0,

				      NULL, ipvsh, 0,

				      IP_VS_RT_MODE_LOCAL |

				      IP_VS_RT_MODE_LOCAL |

				      IP_VS_RT_MODE_NON_LOCAL);

				      IP_VS_RT_MODE_NON_LOCAL |

				      IP_VS_RT_MODE_KNOWN_NH);

	if (local < 0)

	if (local < 0)

		goto tx_error;

		goto tx_error;

	if (local) {

	if (local) {

net/netfilter/xt_TEE.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -152,6 +152,7 @@ tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info) 
	fl6.daddr = info->gw.in6;

	fl6.daddr = info->gw.in6;

	fl6.flowlabel = ((iph->flow_lbl[0] & 0xF) << 16) |

	fl6.flowlabel = ((iph->flow_lbl[0] & 0xF) << 16) |

			   (iph->flow_lbl[1] << 8) | iph->flow_lbl[2];

			   (iph->flow_lbl[1] << 8) | iph->flow_lbl[2];

	fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;

	dst = ip6_route_output(net, NULL, &fl6);

	dst = ip6_route_output(net, NULL, &fl6);

	if (dst->error) {

	if (dst->error) {

		dst_release(dst);

		dst_release(dst);