[PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.
When looking up route for destination with rules with source address restrictions, we may need to find a source address for the traffic if not given. Based on patch from Noriaki TAKAMIYA [EMAIL PROTECTED]. Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED] --- include/linux/fib_rules.h |7 +-- net/ipv6/fib6_rules.c | 34 +++--- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h index 8270aac..2bbfa87 100644 --- a/include/linux/fib_rules.h +++ b/include/linux/fib_rules.h @@ -5,8 +5,11 @@ #include linux/rtnetlink.h /* rule is permanent, and cannot be deleted */ -#define FIB_RULE_PERMANENT 1 -#define FIB_RULE_INVERT2 +#define FIB_RULE_PERMANENT 0x0001 +#define FIB_RULE_INVERT0x0002 + +/* try to find source address in routing lookups */ +#defineFIB_RULE_FIND_SADDR 0x0001 struct fib_rule_hdr { diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c index f0f0e8c..514a743 100644 --- a/net/ipv6/fib6_rules.c +++ b/net/ipv6/fib6_rules.c @@ -17,6 +17,7 @@ #include net/fib_rules.h #include net/ipv6.h +#include net/addrconf.h #include net/ip6_route.h #include net/netlink.h @@ -95,8 +96,27 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp, if (table) rt = lookup(table, flp, flags); - if (rt != ip6_null_entry) + if (rt != ip6_null_entry) { + struct fib6_rule *r = (struct fib6_rule *)rule; + + /* +* If we need to find a source address for this traffic, +* we check the result if it meets requirement of the rule. +*/ + if ((rule-flags FIB_RULE_FIND_SADDR) + r-src.plen !(flags RT6_LOOKUP_F_HAS_SADDR)) { + struct in6_addr saddr; + if (ipv6_get_saddr(rt-u.dst, flp-fl6_dst, + saddr)) + goto again; + if (!ipv6_prefix_equal(saddr, r-src.addr, + r-src.plen)) + goto again; + ipv6_addr_copy(flp-fl6_src, saddr); + } goto out; + } +again: dst_release(rt-u.dst); rt = NULL; goto out; @@ -117,9 +137,17 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags) !ipv6_prefix_equal(fl-fl6_dst, r-dst.addr, r-dst.plen)) return 0; + /* +* If FIB_RULE_FIND_SADDR is set and we do not have a +* source address for the traffic, we defer check for +* source address. +*/ if (r-src.plen) { - if (!(flags RT6_LOOKUP_F_HAS_SADDR) || - !ipv6_prefix_equal(fl-fl6_src, r-src.addr, r-src.plen)) + if (flags RT6_LOOKUP_F_HAS_SADDR) { + if (!ipv6_prefix_equal(fl-fl6_src, r-src.addr, + r-src.plen)) + return 0; + } else if (!(r-common.flags FIB_RULE_FIND_SADDR)) return 0; } -- 1.4.4.1.g562ce - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.
* YOSHIFUJI Hideaki / ?$B5HF#1QL@ [EMAIL PROTECTED] 2007-03-27 22:45 When looking up route for destination with rules with source address restrictions, we may need to find a source address for the traffic if not given. Out of curiosity, what sort of rules would have this flag set? The majority of lookups don't provide a valid source address. This new address search could become very expensive, because none of the results are cached. Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED] --- include/linux/fib_rules.h |7 +-- net/ipv6/fib6_rules.c | 34 +++--- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h index 8270aac..2bbfa87 100644 --- a/include/linux/fib_rules.h +++ b/include/linux/fib_rules.h @@ -5,8 +5,11 @@ #include linux/rtnetlink.h /* rule is permanent, and cannot be deleted */ -#define FIB_RULE_PERMANENT 1 -#define FIB_RULE_INVERT 2 +#define FIB_RULE_PERMANENT 0x0001 +#define FIB_RULE_INVERT 0x0002 + +/* try to find source address in routing lookups */ +#define FIB_RULE_FIND_SADDR 0x0001 struct fib_rule_hdr { This chunk won't apply to latest net-2.6.22, I've added two more flags yesterday. - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.
In article [EMAIL PROTECTED] (at Tue, 27 Mar 2007 16:25:19 +0200), Thomas Graf [EMAIL PROTECTED] says: * YOSHIFUJI Hideaki / ?$B5HF#1QL@ [EMAIL PROTECTED] 2007-03-27 22:45 When looking up route for destination with rules with source address restrictions, we may need to find a source address for the traffic if not given. Out of curiosity, what sort of rules would have this flag set? The majority of lookups don't provide a valid source address. This new address search could become very expensive, because none of the results are cached. This flags is used for Mobile IPv6. Well, for non-connected sockets on hosts, yes, the process might not be light-weight. But, on routers, or once the socket is connected, source address should be always set. This chunk won't apply to latest net-2.6.22, I've added two more flags yesterday. Oops,... I'll send rebased version... --yoshfuji - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.
Hi, Wed, 28 Mar 2007 12:49:40 +0900 (JST) [Subject: Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.] YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] wrote... Out of curiosity, what sort of rules would have this flag set? The majority of lookups don't provide a valid source address. This new address search could become very expensive, because none of the results are cached. This flags is used for Mobile IPv6. Well, for non-connected sockets on hosts, yes, the process might not be light-weight. But, on routers, or once the socket is connected, source address should be always set. Even if you set the rule which has the condition regarding as the source address, this rule is not selected for the first packet because the source address is not chosen yet. This fix is required to do source address based routing using fib6_rules. #Even if the same routing with subtrees, the same problem is caused. Regards, -- Noriaki TAKAMIYA - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html