tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'fib_validate_loopback'

Cong Wang says:

====================
ipv4: fix flowi4_iif for input routing

This patchset fixes ->flowi4_iif for input routing and rp filter,
based on suggestion from Julian. See per patch for details.

v1 -> v2:
* merge the first two patches into one
* fix fib_check_nh() too
* add this cover letter
====================

Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Reviewed-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller bc383ea5 c98235cb

+16 -18
+9 -1
include/net/flow.h
··· 11 11 #include <linux/in6.h> 12 12 #include <linux/atomic.h> 13 13 14 + /* 15 + * ifindex generation is per-net namespace, and loopback is 16 + * always the 1st device in ns (see net_dev_init), thus any 17 + * loopback device should get ifindex 1 18 + */ 19 + 20 + #define LOOPBACK_IFINDEX 1 21 + 14 22 struct flowi_common { 15 23 int flowic_oif; 16 24 int flowic_iif; ··· 88 80 __be16 dport, __be16 sport) 89 81 { 90 82 fl4->flowi4_oif = oif; 91 - fl4->flowi4_iif = 0; 83 + fl4->flowi4_iif = LOOPBACK_IFINDEX; 92 84 fl4->flowi4_mark = mark; 93 85 fl4->flowi4_tos = tos; 94 86 fl4->flowi4_scope = scope;
+1 -8
include/net/net_namespace.h
··· 9 9 #include <linux/list.h> 10 10 #include <linux/sysctl.h> 11 11 12 + #include <net/flow.h> 12 13 #include <net/netns/core.h> 13 14 #include <net/netns/mib.h> 14 15 #include <net/netns/unix.h> ··· 131 130 struct sock *diag_nlsk; 132 131 atomic_t fnhe_genid; 133 132 }; 134 - 135 - /* 136 - * ifindex generation is per-net namespace, and loopback is 137 - * always the 1st device in ns (see net_dev_init), thus any 138 - * loopback device should get ifindex 1 139 - */ 140 - 141 - #define LOOPBACK_IFINDEX 1 142 133 143 134 #include <linux/seq_file_net.h> 144 135
+1 -1
net/ipv4/fib_frontend.c
··· 250 250 bool dev_match; 251 251 252 252 fl4.flowi4_oif = 0; 253 - fl4.flowi4_iif = oif; 253 + fl4.flowi4_iif = oif ? : LOOPBACK_IFINDEX; 254 254 fl4.daddr = src; 255 255 fl4.saddr = dst; 256 256 fl4.flowi4_tos = tos;
+1
net/ipv4/fib_semantics.c
··· 631 631 .daddr = nh->nh_gw, 632 632 .flowi4_scope = cfg->fc_scope + 1, 633 633 .flowi4_oif = nh->nh_oif, 634 + .flowi4_iif = LOOPBACK_IFINDEX, 634 635 }; 635 636 636 637 /* It is not necessary, but requires a bit of thinking */
+1 -1
net/ipv4/ipmr.c
··· 455 455 struct mr_table *mrt; 456 456 struct flowi4 fl4 = { 457 457 .flowi4_oif = dev->ifindex, 458 - .flowi4_iif = skb->skb_iif, 458 + .flowi4_iif = skb->skb_iif ? : LOOPBACK_IFINDEX, 459 459 .flowi4_mark = skb->mark, 460 460 }; 461 461 int err;
+1 -4
net/ipv4/netfilter/ipt_rpfilter.c
··· 89 89 if (ipv4_is_multicast(iph->daddr)) { 90 90 if (ipv4_is_zeronet(iph->saddr)) 91 91 return ipv4_is_local_multicast(iph->daddr) ^ invert; 92 - flow.flowi4_iif = 0; 93 - } else { 94 - flow.flowi4_iif = LOOPBACK_IFINDEX; 95 92 } 96 - 93 + flow.flowi4_iif = LOOPBACK_IFINDEX; 97 94 flow.daddr = iph->saddr; 98 95 flow.saddr = rpfilter_get_saddr(iph->daddr); 99 96 flow.flowi4_oif = 0;
+1 -2
net/ipv4/route.c
··· 1700 1700 1701 1701 if (res.type == RTN_LOCAL) { 1702 1702 err = fib_validate_source(skb, saddr, daddr, tos, 1703 - LOOPBACK_IFINDEX, 1704 - dev, in_dev, &itag); 1703 + 0, dev, in_dev, &itag); 1705 1704 if (err < 0) 1706 1705 goto martian_source_keep_err; 1707 1706 goto local_input;
+1 -1
net/ipv6/ip6mr.c
··· 700 700 struct mr6_table *mrt; 701 701 struct flowi6 fl6 = { 702 702 .flowi6_oif = dev->ifindex, 703 - .flowi6_iif = skb->skb_iif, 703 + .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX, 704 704 .flowi6_mark = skb->mark, 705 705 }; 706 706 int err;