Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0c110ca authored by jamal's avatar jamal Committed by David S. Miller
Browse files

net: Fix RPF to work with policy routing 



Policy routing is not looked up by mark on reverse path filtering.
This fixes it.

Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 14d18a81

include/net/ip_fib.h

+2 −1
Original line number Diff line number Diff line
@@ -210,7 +210,8 @@ extern struct fib_table *fib_get_table(struct net *net, u32 id); 
extern const struct nla_policy rtm_ipv4_policy[];

extern void		ip_fib_init(void);

extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,

			       struct net_device *dev, __be32 *spec_dst, u32 *itag);

			       struct net_device *dev, __be32 *spec_dst,

			       u32 *itag, u32 mark);

extern void fib_select_default(struct net *net, const struct flowi *flp,

			       struct fib_result *res);

net/ipv4/fib_frontend.c

+4 −1
Original line number Diff line number Diff line
@@ -229,14 +229,17 @@ unsigned int inet_dev_addr_type(struct net *net, const struct net_device *dev, 
 */



int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,

			struct net_device *dev, __be32 *spec_dst, u32 *itag)

			struct net_device *dev, __be32 *spec_dst,

			u32 *itag, u32 mark)

{

	struct in_device *in_dev;

	struct flowi fl = { .nl_u = { .ip4_u =

				      { .daddr = src,

					.saddr = dst,

					.tos = tos } },

			    .mark = mark,

			    .iif = oif };



	struct fib_result res;

	int no_addr, rpf;

	int ret;

net/ipv4/route.c

+4 −4
Original line number Diff line number Diff line
@@ -1854,7 +1854,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, 
			goto e_inval;

		spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);

	} else if (fib_validate_source(saddr, 0, tos, 0,

					dev, &spec_dst, &itag) < 0)

					dev, &spec_dst, &itag, 0) < 0)

		goto e_inval;



	rth = dst_alloc(&ipv4_dst_ops);
@@ -1967,7 +1967,7 @@ static int __mkroute_input(struct sk_buff *skb, 




	err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res),

				  in_dev->dev, &spec_dst, &itag);

				  in_dev->dev, &spec_dst, &itag, skb->mark);

	if (err < 0) {

		ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,

					 saddr);
@@ -2141,7 +2141,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, 
		int result;

		result = fib_validate_source(saddr, daddr, tos,

					     net->loopback_dev->ifindex,

					     dev, &spec_dst, &itag);

					     dev, &spec_dst, &itag, skb->mark);

		if (result < 0)

			goto martian_source;

		if (result)
@@ -2170,7 +2170,7 @@ out: return err; 
		spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);

	else {

		err = fib_validate_source(saddr, 0, tos, 0, dev, &spec_dst,

					  &itag);

					  &itag, skb->mark);

		if (err < 0)

			goto martian_source;

		if (err)