2019-05-27 14:55:01 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* INET An implementation of the TCP/IP protocol suite for the LINUX
|
|
|
|
* operating system. INET is implemented using the BSD Socket
|
|
|
|
* interface as the means of communication with the user level.
|
|
|
|
*
|
|
|
|
* IPv4 Forwarding Information Base: policy rules.
|
|
|
|
*
|
|
|
|
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
|
2010-10-05 04:00:18 +08:00
|
|
|
* Thomas Graf <tgraf@suug.ch>
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Fixes:
|
2010-10-05 04:00:18 +08:00
|
|
|
* Rani Assaf : local_rule cannot be deleted
|
2005-04-17 06:20:36 +08:00
|
|
|
* Marc Boucher : routing by fwmark
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/netlink.h>
|
2006-08-04 18:39:22 +08:00
|
|
|
#include <linux/inetdevice.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/init.h>
|
2006-03-21 09:18:53 +08:00
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/rcupdate.h>
|
2011-07-15 23:47:34 +08:00
|
|
|
#include <linux/export.h>
|
2022-02-04 21:58:14 +08:00
|
|
|
#include <net/inet_dscp.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <net/ip.h>
|
|
|
|
#include <net/route.h>
|
|
|
|
#include <net/tcp.h>
|
|
|
|
#include <net/ip_fib.h>
|
2019-06-04 11:19:49 +08:00
|
|
|
#include <net/nexthop.h>
|
2006-08-04 18:39:22 +08:00
|
|
|
#include <net/fib_rules.h>
|
2020-07-27 06:48:16 +08:00
|
|
|
#include <linux/indirect_call_wrapper.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-10-05 04:00:18 +08:00
|
|
|
struct fib4_rule {
|
2006-08-04 18:39:22 +08:00
|
|
|
struct fib_rule common;
|
|
|
|
u8 dst_len;
|
|
|
|
u8 src_len;
|
2022-02-04 21:58:14 +08:00
|
|
|
dscp_t dscp;
|
2006-09-28 09:40:00 +08:00
|
|
|
__be32 src;
|
|
|
|
__be32 srcmask;
|
|
|
|
__be32 dst;
|
|
|
|
__be32 dstmask;
|
2011-01-14 20:36:42 +08:00
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
2006-08-04 18:39:22 +08:00
|
|
|
u32 tclassid;
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
ipv4: fib_rules: Check if rule is a default rule
Currently, when non-default (custom) FIB rules are used, devices capable
of layer 3 offloading flush their tables and let the kernel do the
forwarding instead.
When these devices' drivers are loaded they register to the FIB
notification chain, which lets them know about the existence of any
custom FIB rules. This is done by sending a RULE_ADD notification based
on the value of 'net->ipv4.fib_has_custom_rules'.
This approach is problematic when VRF offload is taken into account, as
upon the creation of the first VRF netdev, a l3mdev rule is programmed
to direct skbs to the VRF's table.
Instead of merely reading the above value and sending a single RULE_ADD
notification, we should iterate over all the FIB rules and send a
detailed notification for each, thereby allowing offloading drivers to
sanitize the rules they don't support and potentially flush their
tables.
While l3mdev rules are uniquely marked, the default rules are not.
Therefore, when they are being notified they might invoke offloading
drivers to unnecessarily flush their tables.
Solve this by adding an helper to check if a FIB rule is a default rule.
Namely, its selector should match all packets and its action should
point to the local, main or default tables.
As noted by David Ahern, uniquely marking the default rules is
insufficient. When using VRFs, it's common to avoid false hits by moving
the rule for the local table to just before the main table:
Default configuration:
$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Common configuration with VRFs:
$ ip rule show
1000: from all lookup [l3mdev-table]
32765: from all lookup local
32766: from all lookup main
32767: from all lookup default
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-16 16:08:12 +08:00
|
|
|
static bool fib4_rule_matchall(const struct fib_rule *rule)
|
|
|
|
{
|
|
|
|
struct fib4_rule *r = container_of(rule, struct fib4_rule, common);
|
|
|
|
|
2022-02-04 21:58:14 +08:00
|
|
|
if (r->dst_len || r->src_len || r->dscp)
|
ipv4: fib_rules: Check if rule is a default rule
Currently, when non-default (custom) FIB rules are used, devices capable
of layer 3 offloading flush their tables and let the kernel do the
forwarding instead.
When these devices' drivers are loaded they register to the FIB
notification chain, which lets them know about the existence of any
custom FIB rules. This is done by sending a RULE_ADD notification based
on the value of 'net->ipv4.fib_has_custom_rules'.
This approach is problematic when VRF offload is taken into account, as
upon the creation of the first VRF netdev, a l3mdev rule is programmed
to direct skbs to the VRF's table.
Instead of merely reading the above value and sending a single RULE_ADD
notification, we should iterate over all the FIB rules and send a
detailed notification for each, thereby allowing offloading drivers to
sanitize the rules they don't support and potentially flush their
tables.
While l3mdev rules are uniquely marked, the default rules are not.
Therefore, when they are being notified they might invoke offloading
drivers to unnecessarily flush their tables.
Solve this by adding an helper to check if a FIB rule is a default rule.
Namely, its selector should match all packets and its action should
point to the local, main or default tables.
As noted by David Ahern, uniquely marking the default rules is
insufficient. When using VRFs, it's common to avoid false hits by moving
the rule for the local table to just before the main table:
Default configuration:
$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Common configuration with VRFs:
$ ip rule show
1000: from all lookup [l3mdev-table]
32765: from all lookup local
32766: from all lookup main
32767: from all lookup default
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-16 16:08:12 +08:00
|
|
|
return false;
|
|
|
|
return fib_rule_matchall(rule);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool fib4_rule_default(const struct fib_rule *rule)
|
|
|
|
{
|
|
|
|
if (!fib4_rule_matchall(rule) || rule->action != FR_ACT_TO_TBL ||
|
|
|
|
rule->l3mdev)
|
|
|
|
return false;
|
|
|
|
if (rule->table != RT_TABLE_LOCAL && rule->table != RT_TABLE_MAIN &&
|
|
|
|
rule->table != RT_TABLE_DEFAULT)
|
|
|
|
return false;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(fib4_rule_default);
|
|
|
|
|
2019-10-03 17:49:30 +08:00
|
|
|
int fib4_rules_dump(struct net *net, struct notifier_block *nb,
|
|
|
|
struct netlink_ext_ack *extack)
|
2017-08-03 19:28:14 +08:00
|
|
|
{
|
2019-10-03 17:49:30 +08:00
|
|
|
return fib_rules_dump(net, nb, AF_INET, extack);
|
2017-08-03 19:28:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
unsigned int fib4_rules_seq_read(struct net *net)
|
|
|
|
{
|
|
|
|
return fib_rules_seq_read(net, AF_INET);
|
|
|
|
}
|
|
|
|
|
2015-06-24 01:45:37 +08:00
|
|
|
int __fib_lookup(struct net *net, struct flowi4 *flp,
|
|
|
|
struct fib_result *res, unsigned int flags)
|
2006-08-04 18:39:22 +08:00
|
|
|
{
|
|
|
|
struct fib_lookup_arg arg = {
|
|
|
|
.result = res,
|
2015-06-24 01:45:37 +08:00
|
|
|
.flags = flags,
|
2006-08-04 18:39:22 +08:00
|
|
|
};
|
|
|
|
int err;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-09-11 03:09:52 +08:00
|
|
|
/* update flow if oif or iif point to device enslaved to l3mdev */
|
|
|
|
l3mdev_update_flow(net, flowi4_to_flowi(flp));
|
|
|
|
|
2011-03-12 08:54:08 +08:00
|
|
|
err = fib_rules_lookup(net->ipv4.rules_ops, flowi4_to_flowi(flp), 0, &arg);
|
2012-07-13 23:21:29 +08:00
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
|
|
|
if (arg.rule)
|
|
|
|
res->tclassid = ((struct fib4_rule *)arg.rule)->tclassid;
|
|
|
|
else
|
|
|
|
res->tclassid = 0;
|
|
|
|
#endif
|
2014-11-14 19:14:32 +08:00
|
|
|
|
|
|
|
if (err == -ESRCH)
|
|
|
|
err = -ENETUNREACH;
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
return err;
|
|
|
|
}
|
2012-07-06 13:13:13 +08:00
|
|
|
EXPORT_SYMBOL_GPL(__fib_lookup);
|
2006-08-04 18:39:22 +08:00
|
|
|
|
2020-07-27 06:48:16 +08:00
|
|
|
INDIRECT_CALLABLE_SCOPE int fib4_rule_action(struct fib_rule *rule,
|
|
|
|
struct flowi *flp, int flags,
|
|
|
|
struct fib_lookup_arg *arg)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2006-08-04 18:39:22 +08:00
|
|
|
int err = -EAGAIN;
|
|
|
|
struct fib_table *tbl;
|
2016-06-09 01:55:39 +08:00
|
|
|
u32 tb_id;
|
2006-08-04 18:39:22 +08:00
|
|
|
|
|
|
|
switch (rule->action) {
|
|
|
|
case FR_ACT_TO_TBL:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case FR_ACT_UNREACHABLE:
|
2015-01-01 02:56:24 +08:00
|
|
|
return -ENETUNREACH;
|
2006-08-04 18:39:22 +08:00
|
|
|
|
|
|
|
case FR_ACT_PROHIBIT:
|
2015-01-01 02:56:24 +08:00
|
|
|
return -EACCES;
|
2006-08-04 18:39:22 +08:00
|
|
|
|
|
|
|
case FR_ACT_BLACKHOLE:
|
|
|
|
default:
|
2015-01-01 02:56:24 +08:00
|
|
|
return -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2006-08-04 18:39:22 +08:00
|
|
|
|
2015-01-01 02:56:24 +08:00
|
|
|
rcu_read_lock();
|
|
|
|
|
2016-06-09 01:55:39 +08:00
|
|
|
tb_id = fib_rule_get_table(rule, arg);
|
|
|
|
tbl = fib_get_table(rule->fr_net, tb_id);
|
2015-01-01 02:56:24 +08:00
|
|
|
if (tbl)
|
|
|
|
err = fib_table_lookup(tbl, &flp->u.ip4,
|
|
|
|
(struct fib_result *)arg->result,
|
|
|
|
arg->flags);
|
2006-08-04 18:39:22 +08:00
|
|
|
|
2015-01-01 02:56:24 +08:00
|
|
|
rcu_read_unlock();
|
2005-04-17 06:20:36 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2020-07-27 06:48:16 +08:00
|
|
|
INDIRECT_CALLABLE_SCOPE bool fib4_rule_suppress(struct fib_rule *rule,
|
2021-11-23 20:48:32 +08:00
|
|
|
int flags,
|
2020-07-27 06:48:16 +08:00
|
|
|
struct fib_lookup_arg *arg)
|
2013-08-01 08:17:15 +08:00
|
|
|
{
|
2013-08-02 23:19:56 +08:00
|
|
|
struct fib_result *result = (struct fib_result *) arg->result;
|
2013-12-11 06:21:25 +08:00
|
|
|
struct net_device *dev = NULL;
|
|
|
|
|
2019-06-04 11:19:49 +08:00
|
|
|
if (result->fi) {
|
2019-06-04 11:19:50 +08:00
|
|
|
struct fib_nh_common *nhc = fib_info_nhc(result->fi, 0);
|
2019-06-04 11:19:49 +08:00
|
|
|
|
2019-06-04 11:19:50 +08:00
|
|
|
dev = nhc->nhc_dev;
|
2019-06-04 11:19:49 +08:00
|
|
|
}
|
2013-08-02 23:19:56 +08:00
|
|
|
|
2013-08-01 08:17:15 +08:00
|
|
|
/* do not accept result if the route does
|
|
|
|
* not meet the required prefix length
|
|
|
|
*/
|
2013-08-03 20:14:43 +08:00
|
|
|
if (result->prefixlen <= rule->suppress_prefixlen)
|
2013-08-02 23:19:56 +08:00
|
|
|
goto suppress_route;
|
|
|
|
|
|
|
|
/* do not accept result if the route uses a device
|
|
|
|
* belonging to a forbidden interface group
|
|
|
|
*/
|
|
|
|
if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
|
|
|
|
goto suppress_route;
|
|
|
|
|
2013-08-01 08:17:15 +08:00
|
|
|
return false;
|
2013-08-02 23:19:56 +08:00
|
|
|
|
|
|
|
suppress_route:
|
|
|
|
if (!(arg->flags & FIB_LOOKUP_NOREF))
|
|
|
|
fib_info_put(result->fi);
|
|
|
|
return true;
|
2013-08-01 08:17:15 +08:00
|
|
|
}
|
2006-08-04 18:39:22 +08:00
|
|
|
|
2020-07-27 06:48:16 +08:00
|
|
|
INDIRECT_CALLABLE_SCOPE int fib4_rule_match(struct fib_rule *rule,
|
|
|
|
struct flowi *fl, int flags)
|
2006-08-04 18:39:22 +08:00
|
|
|
{
|
|
|
|
struct fib4_rule *r = (struct fib4_rule *) rule;
|
2011-03-12 15:02:42 +08:00
|
|
|
struct flowi4 *fl4 = &fl->u.ip4;
|
|
|
|
__be32 daddr = fl4->daddr;
|
|
|
|
__be32 saddr = fl4->saddr;
|
2006-08-04 18:39:22 +08:00
|
|
|
|
|
|
|
if (((saddr ^ r->src) & r->srcmask) ||
|
|
|
|
((daddr ^ r->dst) & r->dstmask))
|
|
|
|
return 0;
|
|
|
|
|
2022-02-04 21:58:14 +08:00
|
|
|
if (r->dscp && r->dscp != inet_dsfield_to_dscp(fl4->flowi4_tos))
|
2006-08-04 18:39:22 +08:00
|
|
|
return 0;
|
|
|
|
|
2018-03-01 11:41:06 +08:00
|
|
|
if (rule->ip_proto && (rule->ip_proto != fl4->flowi4_proto))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (fib_rule_port_range_set(&rule->sport_range) &&
|
|
|
|
!fib_rule_port_inrange(&rule->sport_range, fl4->fl4_sport))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (fib_rule_port_range_set(&rule->dport_range) &&
|
|
|
|
!fib_rule_port_inrange(&rule->dport_range, fl4->fl4_dport))
|
|
|
|
return 0;
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-10 19:24:11 +08:00
|
|
|
static struct fib_table *fib_empty_table(struct net *net)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2018-12-29 14:45:23 +08:00
|
|
|
u32 id = 1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-29 14:45:23 +08:00
|
|
|
while (1) {
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!fib_get_table(net, id))
|
2008-01-10 19:24:11 +08:00
|
|
|
return fib_new_table(net, id);
|
2018-12-29 14:45:23 +08:00
|
|
|
|
|
|
|
if (id++ == RT_TABLE_MAX)
|
|
|
|
break;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
|
2009-05-11 13:52:49 +08:00
|
|
|
struct fib_rule_hdr *frh,
|
2018-04-22 00:41:31 +08:00
|
|
|
struct nlattr **tb,
|
|
|
|
struct netlink_ext_ack *extack)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(skb->sk);
|
2006-08-04 18:39:22 +08:00
|
|
|
int err = -EINVAL;
|
|
|
|
struct fib4_rule *rule4 = (struct fib4_rule *) rule;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2022-02-04 21:58:14 +08:00
|
|
|
if (!inet_validate_dscp(frh->tos)) {
|
|
|
|
NL_SET_ERR_MSG(extack,
|
|
|
|
"Invalid dsfield (tos): ECN bits must be 0");
|
2006-08-04 18:39:22 +08:00
|
|
|
goto errout;
|
2018-04-22 00:41:31 +08:00
|
|
|
}
|
2022-02-10 20:24:51 +08:00
|
|
|
/* IPv4 currently doesn't handle high order DSCP bits correctly */
|
|
|
|
if (frh->tos & ~IPTOS_TOS_MASK) {
|
|
|
|
NL_SET_ERR_MSG(extack, "Invalid tos");
|
|
|
|
goto errout;
|
|
|
|
}
|
2022-02-04 21:58:14 +08:00
|
|
|
rule4->dscp = inet_dsfield_to_dscp(frh->tos);
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2015-03-07 05:47:00 +08:00
|
|
|
/* split local/main if they are not already split */
|
|
|
|
err = fib_unmerge(net);
|
|
|
|
if (err)
|
|
|
|
goto errout;
|
|
|
|
|
2016-06-09 01:55:39 +08:00
|
|
|
if (rule->table == RT_TABLE_UNSPEC && !rule->l3mdev) {
|
2006-08-04 18:39:22 +08:00
|
|
|
if (rule->action == FR_ACT_TO_TBL) {
|
|
|
|
struct fib_table *table;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-10 19:27:51 +08:00
|
|
|
table = fib_empty_table(net);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!table) {
|
2006-08-04 18:39:22 +08:00
|
|
|
err = -ENOBUFS;
|
|
|
|
goto errout;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
rule->table = table->tb_id;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-03-25 03:46:02 +08:00
|
|
|
if (frh->src_len)
|
2015-03-29 22:59:26 +08:00
|
|
|
rule4->src = nla_get_in_addr(tb[FRA_SRC]);
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2007-03-25 03:46:02 +08:00
|
|
|
if (frh->dst_len)
|
2015-03-29 22:59:26 +08:00
|
|
|
rule4->dst = nla_get_in_addr(tb[FRA_DST]);
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2011-01-14 20:36:42 +08:00
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
2012-06-29 16:32:45 +08:00
|
|
|
if (tb[FRA_FLOW]) {
|
2006-08-04 18:39:22 +08:00
|
|
|
rule4->tclassid = nla_get_u32(tb[FRA_FLOW]);
|
2012-06-29 16:32:45 +08:00
|
|
|
if (rule4->tclassid)
|
2021-12-02 10:26:35 +08:00
|
|
|
atomic_inc(&net->ipv4.fib_num_tclassid_users);
|
2012-06-29 16:32:45 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
|
2018-03-01 11:42:41 +08:00
|
|
|
if (fib_rule_requires_fldissect(rule))
|
|
|
|
net->ipv4.fib_rules_require_fldissect++;
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
rule4->src_len = frh->src_len;
|
|
|
|
rule4->srcmask = inet_make_mask(rule4->src_len);
|
|
|
|
rule4->dst_len = frh->dst_len;
|
|
|
|
rule4->dstmask = inet_make_mask(rule4->dst_len);
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2012-07-06 13:13:13 +08:00
|
|
|
net->ipv4.fib_has_custom_rules = true;
|
2015-03-06 13:21:16 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
err = 0;
|
|
|
|
errout:
|
|
|
|
return err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-03-07 05:47:00 +08:00
|
|
|
static int fib4_rule_delete(struct fib_rule *rule)
|
2012-06-29 16:32:45 +08:00
|
|
|
{
|
2012-07-06 13:13:13 +08:00
|
|
|
struct net *net = rule->fr_net;
|
2015-03-07 05:47:00 +08:00
|
|
|
int err;
|
2012-06-29 16:32:45 +08:00
|
|
|
|
2015-03-07 05:47:00 +08:00
|
|
|
/* split local/main if they are not already split */
|
|
|
|
err = fib_unmerge(net);
|
|
|
|
if (err)
|
|
|
|
goto errout;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
|
|
|
if (((struct fib4_rule *)rule)->tclassid)
|
2021-12-02 10:26:35 +08:00
|
|
|
atomic_dec(&net->ipv4.fib_num_tclassid_users);
|
2012-06-29 16:32:45 +08:00
|
|
|
#endif
|
2012-07-06 13:13:13 +08:00
|
|
|
net->ipv4.fib_has_custom_rules = true;
|
2018-03-01 11:42:41 +08:00
|
|
|
|
|
|
|
if (net->ipv4.fib_rules_require_fldissect &&
|
|
|
|
fib_rule_requires_fldissect(rule))
|
|
|
|
net->ipv4.fib_rules_require_fldissect--;
|
2015-03-07 05:47:00 +08:00
|
|
|
errout:
|
|
|
|
return err;
|
2012-06-29 16:32:45 +08:00
|
|
|
}
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
static int fib4_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
|
|
|
|
struct nlattr **tb)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2006-08-04 18:39:22 +08:00
|
|
|
struct fib4_rule *rule4 = (struct fib4_rule *) rule;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
if (frh->src_len && (rule4->src_len != frh->src_len))
|
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
if (frh->dst_len && (rule4->dst_len != frh->dst_len))
|
|
|
|
return 0;
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2022-02-04 21:58:14 +08:00
|
|
|
if (frh->tos && inet_dscp_to_dsfield(rule4->dscp) != frh->tos)
|
2006-08-04 18:39:22 +08:00
|
|
|
return 0;
|
2006-03-21 09:18:53 +08:00
|
|
|
|
2011-01-14 20:36:42 +08:00
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
2006-08-04 18:39:22 +08:00
|
|
|
if (tb[FRA_FLOW] && (rule4->tclassid != nla_get_u32(tb[FRA_FLOW])))
|
|
|
|
return 0;
|
|
|
|
#endif
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-03-29 22:59:26 +08:00
|
|
|
if (frh->src_len && (rule4->src != nla_get_in_addr(tb[FRA_SRC])))
|
2006-08-04 18:39:22 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-03-29 22:59:26 +08:00
|
|
|
if (frh->dst_len && (rule4->dst != nla_get_in_addr(tb[FRA_DST])))
|
2006-08-04 18:39:22 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
return 1;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
static int fib4_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
|
2009-05-21 08:26:23 +08:00
|
|
|
struct fib_rule_hdr *frh)
|
2006-08-04 18:39:22 +08:00
|
|
|
{
|
|
|
|
struct fib4_rule *rule4 = (struct fib4_rule *) rule;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
frh->dst_len = rule4->dst_len;
|
|
|
|
frh->src_len = rule4->src_len;
|
2022-02-04 21:58:14 +08:00
|
|
|
frh->tos = inet_dscp_to_dsfield(rule4->dscp);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-04-02 08:39:02 +08:00
|
|
|
if ((rule4->dst_len &&
|
2015-03-29 22:59:25 +08:00
|
|
|
nla_put_in_addr(skb, FRA_DST, rule4->dst)) ||
|
2012-04-02 08:39:02 +08:00
|
|
|
(rule4->src_len &&
|
2015-03-29 22:59:25 +08:00
|
|
|
nla_put_in_addr(skb, FRA_SRC, rule4->src)))
|
2012-04-02 08:39:02 +08:00
|
|
|
goto nla_put_failure;
|
2011-01-14 20:36:42 +08:00
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
2012-04-02 08:39:02 +08:00
|
|
|
if (rule4->tclassid &&
|
|
|
|
nla_put_u32(skb, FRA_FLOW, rule4->tclassid))
|
|
|
|
goto nla_put_failure;
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
2006-08-04 18:39:22 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-04 18:39:22 +08:00
|
|
|
nla_put_failure:
|
|
|
|
return -ENOBUFS;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2006-11-11 06:10:15 +08:00
|
|
|
static size_t fib4_rule_nlmsg_payload(struct fib_rule *rule)
|
|
|
|
{
|
|
|
|
return nla_total_size(4) /* dst */
|
|
|
|
+ nla_total_size(4) /* src */
|
|
|
|
+ nla_total_size(4); /* flow */
|
|
|
|
}
|
|
|
|
|
2008-07-06 10:01:28 +08:00
|
|
|
static void fib4_rule_flush_cache(struct fib_rules_ops *ops)
|
2007-03-28 04:56:52 +08:00
|
|
|
{
|
2012-09-07 08:45:29 +08:00
|
|
|
rt_cache_flush(ops->fro_net);
|
2007-03-28 04:56:52 +08:00
|
|
|
}
|
|
|
|
|
2012-10-05 08:12:11 +08:00
|
|
|
static const struct fib_rules_ops __net_initconst fib4_rules_ops_template = {
|
2010-04-26 22:02:05 +08:00
|
|
|
.family = AF_INET,
|
2006-08-04 18:39:22 +08:00
|
|
|
.rule_size = sizeof(struct fib4_rule),
|
2007-03-25 03:46:02 +08:00
|
|
|
.addr_size = sizeof(u32),
|
2006-08-04 18:39:22 +08:00
|
|
|
.action = fib4_rule_action,
|
2013-08-01 08:17:15 +08:00
|
|
|
.suppress = fib4_rule_suppress,
|
2006-08-04 18:39:22 +08:00
|
|
|
.match = fib4_rule_match,
|
|
|
|
.configure = fib4_rule_configure,
|
2012-06-29 16:32:45 +08:00
|
|
|
.delete = fib4_rule_delete,
|
2006-08-04 18:39:22 +08:00
|
|
|
.compare = fib4_rule_compare,
|
|
|
|
.fill = fib4_rule_fill,
|
2006-11-11 06:10:15 +08:00
|
|
|
.nlmsg_payload = fib4_rule_nlmsg_payload,
|
2007-03-28 04:56:52 +08:00
|
|
|
.flush_cache = fib4_rule_flush_cache,
|
2006-08-04 18:39:22 +08:00
|
|
|
.nlgroup = RTNLGRP_IPV4_RULE,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
};
|
|
|
|
|
2008-01-10 19:27:51 +08:00
|
|
|
static int fib_default_rules_init(struct fib_rules_ops *ops)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2007-11-11 14:12:03 +08:00
|
|
|
int err;
|
|
|
|
|
2009-12-03 09:25:57 +08:00
|
|
|
err = fib_default_rule_add(ops, 0, RT_TABLE_LOCAL, 0);
|
2007-11-11 14:12:03 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
2008-01-10 19:27:51 +08:00
|
|
|
err = fib_default_rule_add(ops, 0x7FFE, RT_TABLE_MAIN, 0);
|
2007-11-11 14:12:03 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
2008-01-10 19:27:51 +08:00
|
|
|
err = fib_default_rule_add(ops, 0x7FFF, RT_TABLE_DEFAULT, 0);
|
2007-11-11 14:12:03 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
return 0;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-10 19:22:17 +08:00
|
|
|
int __net_init fib4_rules_init(struct net *net)
|
2007-11-11 14:12:03 +08:00
|
|
|
{
|
2008-01-10 19:21:49 +08:00
|
|
|
int err;
|
2008-01-10 19:27:51 +08:00
|
|
|
struct fib_rules_ops *ops;
|
|
|
|
|
2009-12-04 04:22:55 +08:00
|
|
|
ops = fib_rules_register(&fib4_rules_ops_template, net);
|
|
|
|
if (IS_ERR(ops))
|
|
|
|
return PTR_ERR(ops);
|
2008-01-10 19:21:49 +08:00
|
|
|
|
2008-01-10 19:27:51 +08:00
|
|
|
err = fib_default_rules_init(ops);
|
2008-01-10 19:21:49 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto fail;
|
2008-01-10 19:27:51 +08:00
|
|
|
net->ipv4.rules_ops = ops;
|
2012-07-06 13:13:13 +08:00
|
|
|
net->ipv4.fib_has_custom_rules = false;
|
2018-03-01 11:42:41 +08:00
|
|
|
net->ipv4.fib_rules_require_fldissect = 0;
|
2008-01-10 19:21:49 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
/* also cleans all rules already added */
|
2008-01-21 08:46:41 +08:00
|
|
|
fib_rules_unregister(ops);
|
2008-01-10 19:21:49 +08:00
|
|
|
return err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2008-01-10 19:22:17 +08:00
|
|
|
|
|
|
|
void __net_exit fib4_rules_exit(struct net *net)
|
|
|
|
{
|
2008-01-21 08:46:41 +08:00
|
|
|
fib_rules_unregister(net->ipv4.rules_ops);
|
2008-01-10 19:22:17 +08:00
|
|
|
}
|