Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e5d6fed authored by Roopa Prabhu's avatar Roopa Prabhu Committed by David S. Miller
Browse files

ipv6: route: dissect flow in input path if fib rules need it 



Dissect flow in fwd path if fib rules require it. Controlled by
a flag to avoid penatly for the common case. Flag is set when fib
rules with sport, dport and proto match that require flow dissect
are installed. Also passes the dissected hash keys to the multipath
hash function when applicable to avoid dissecting the flow again.
icmp packets will continue to use inner header for hash
calculations.

Signed-off-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
Acked-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e37b1e97

include/net/ip6_fib.h

+25 −0
Original line number Diff line number Diff line
@@ -415,6 +415,24 @@ void fib6_rules_cleanup(void); 
bool fib6_rule_default(const struct fib_rule *rule);

int fib6_rules_dump(struct net *net, struct notifier_block *nb);

unsigned int fib6_rules_seq_read(struct net *net);



static inline bool fib6_rules_early_flow_dissect(struct net *net,

						 struct sk_buff *skb,

						 struct flowi6 *fl6,

						 struct flow_keys *flkeys)

{

	unsigned int flag = FLOW_DISSECTOR_F_STOP_AT_ENCAP;



	if (!net->ipv6.fib6_rules_require_fldissect)

		return false;



	skb_flow_dissect_flow_keys(skb, flkeys, flag);

	fl6->fl6_sport = flkeys->ports.src;

	fl6->fl6_dport = flkeys->ports.dst;

	fl6->flowi6_proto = flkeys->basic.ip_proto;



	return true;

}

#else

static inline int               fib6_rules_init(void)

{
@@ -436,5 +454,12 @@ static inline unsigned int fib6_rules_seq_read(struct net *net) 
{

	return 0;

}

static inline bool fib6_rules_early_flow_dissect(struct net *net,

						 struct sk_buff *skb,

						 struct flowi6 *fl6,

						 struct flow_keys *flkeys)

{

	return false;

}

#endif

#endif

include/net/ip6_route.h

+3 −1
Original line number Diff line number Diff line
@@ -127,7 +127,8 @@ static inline int ip6_route_get_saddr(struct net *net, struct rt6_info *rt, 


struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,

			    const struct in6_addr *saddr, int oif, int flags);

u32 rt6_multipath_hash(const struct flowi6 *fl6, const struct sk_buff *skb);

u32 rt6_multipath_hash(const struct flowi6 *fl6, const struct sk_buff *skb,

		       struct flow_keys *hkeys);



struct dst_entry *icmp6_dst_alloc(struct net_device *dev, struct flowi6 *fl6);
@@ -266,4 +267,5 @@ static inline bool rt6_duplicate_nexthop(struct rt6_info *a, struct rt6_info *b) 
	       ipv6_addr_equal(&a->rt6i_gateway, &b->rt6i_gateway) &&

	       !lwtunnel_cmp_encap(a->dst.lwtstate, b->dst.lwtstate);

}



#endif

include/net/netns/ipv6.h

+2 −1
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ struct netns_ipv6 { 
	unsigned int		 ip6_rt_gc_expire;

	unsigned long		 ip6_rt_last_gc;

#ifdef CONFIG_IPV6_MULTIPLE_TABLES

	unsigned int		fib6_rules_require_fldissect;

	bool			fib6_has_custom_rules;

	struct rt6_info         *ip6_prohibit_entry;

	struct rt6_info         *ip6_blk_hole_entry;

net/ipv6/fib6_rules.c

+16 −0
Original line number Diff line number Diff line
@@ -269,12 +269,26 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb, 
	rule6->dst.plen = frh->dst_len;

	rule6->tclass = frh->tos;



	if (fib_rule_requires_fldissect(rule))

		net->ipv6.fib6_rules_require_fldissect++;



	net->ipv6.fib6_has_custom_rules = true;

	err = 0;

errout:

	return err;

}



static int fib6_rule_delete(struct fib_rule *rule)

{

	struct net *net = rule->fr_net;



	if (net->ipv6.fib6_rules_require_fldissect &&

	    fib_rule_requires_fldissect(rule))

		net->ipv6.fib6_rules_require_fldissect--;



	return 0;

}



static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,

			     struct nlattr **tb)

{
@@ -334,6 +348,7 @@ static const struct fib_rules_ops __net_initconst fib6_rules_ops_template = { 
	.match			= fib6_rule_match,

	.suppress		= fib6_rule_suppress,

	.configure		= fib6_rule_configure,

	.delete			= fib6_rule_delete,

	.compare		= fib6_rule_compare,

	.fill			= fib6_rule_fill,

	.nlmsg_payload		= fib6_rule_nlmsg_payload,
@@ -361,6 +376,7 @@ static int __net_init fib6_rules_net_init(struct net *net) 
		goto out_fib6_rules_ops;



	net->ipv6.fib6_rules_ops = ops;

	net->ipv6.fib6_rules_require_fldissect = 0;

out:

	return err;

net/ipv6/icmp.c

+1 −1
Original line number Diff line number Diff line
@@ -522,7 +522,7 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, 
	fl6.fl6_icmp_type = type;

	fl6.fl6_icmp_code = code;

	fl6.flowi6_uid = sock_net_uid(net, NULL);

	fl6.mp_hash = rt6_multipath_hash(&fl6, skb);

	fl6.mp_hash = rt6_multipath_hash(&fl6, skb, NULL);

	security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));



	sk = icmpv6_xmit_lock(net);