linux/net/ipv6
Lorenzo Colitti 1b3c61dc1a net: Use fwmark reflection in PMTU discovery.
Currently, routing lookups used for Path PMTU Discovery in
absence of a socket or on unmarked sockets use a mark of 0.
This causes PMTUD not to work when using routing based on
netfilter fwmark mangling and fwmark ip rules, such as:

  iptables -j MARK --set-mark 17
  ip rule add fwmark 17 lookup 100

This patch causes these route lookups to use the fwmark from the
received ICMP error when the fwmark_reflect sysctl is enabled.
This allows the administrator to make PMTUD work by configuring
appropriate fwmark rules to mark the inbound ICMP packets.

Black-box tested using user-mode linux by pointing different
fwmarks at routing tables egressing on different interfaces, and
using iptables mangling to mark packets inbound on each interface
with the interface's fwmark. ICMPv4 and ICMPv6 PMTU discovery
work as expected when mark reflection is enabled and fail when
it is disabled.

Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-13 18:35:09 -04:00
..
netfilter net: rename local_df to ignore_df 2014-05-12 14:03:41 -04:00
addrconf_core.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
addrconf.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
addrlabel.c ipv6:fix checkpatch errors with assignment in if condition 2014-02-17 16:57:29 -05:00
af_inet6.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
ah6.c ah6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
anycast.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
datagram.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
esp6.c esp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c net: add a sysctl to reflect the fwmark on replies 2014-05-13 18:35:08 -04:00
inet6_connection_sock.c ipv4: add a sock pointer to ip_queue_xmit() 2014-04-15 12:58:34 -04:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c net: Implmement RFC 6936 (zero RX csums for UDP/IPv6) 2014-05-05 15:26:30 -04:00
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-12 13:19:14 -04:00
ip6_flowlabel.c net: ipv6: Introduce ip6_sk_dst_hoplimit. 2014-04-30 13:31:26 -04:00
ip6_gre.c gre6: Call skb_checksum_simple_validate 2014-05-08 23:47:50 -04:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: Fix memory leak if TPROXY used with TCP early demux 2014-01-27 16:22:11 -08:00
ip6_offload.c ipv4: ipv6: better estimate tunnel header cut for correct ufo handling 2014-02-25 18:27:06 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c net: rename local_df to ignore_df 2014-05-12 14:03:41 -04:00
ip6_tunnel.c ip6_tunnel: use the right netns in ioctl handler 2014-04-16 15:16:02 -04:00
ip6_vti.c vti6: Enable namespace changing 2014-03-14 07:28:09 +01:00
ip6mr.c net: ipv6: more places need LOOPBACK_IFINDEX for flowi6_iif 2014-04-28 14:47:03 -04:00
ipcomp6.c ipcomp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
ipv6_sockglue.c ipv6: yet another new IPV6_MTU_DISCOVER option IPV6_PMTUDISC_OMIT 2014-02-26 15:51:01 -05:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
mcast.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
mip6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ndisc.c neigh: use tbl->family to distinguish ipv4 from ipv6 2013-12-09 20:56:12 -05:00
netfilter.c netfilter: Fix potential use after free in ip6_route_me_harder() 2014-05-09 02:36:39 +02:00
output_core.c ipv6: strengthen fallback fragmentation id generation 2014-03-31 16:33:38 -04:00
ping.c net: ipv6: Introduce ip6_sk_dst_hoplimit. 2014-04-30 13:31:26 -04:00
proc.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
protocol.c net: remove outdated comment for ipv4 and ipv6 protocol handler 2013-11-28 18:47:51 -05:00
raw.c net: ipv6: Introduce ip6_sk_dst_hoplimit. 2014-04-30 13:31:26 -04:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c net: Use fwmark reflection in PMTU discovery. 2014-05-13 18:35:09 -04:00
sit.c sit: use the right netns in ioctl handler 2014-04-16 15:16:02 -04:00
syncookies.c net: Remove FLOWI_FLAG_CAN_SLEEP 2013-12-06 07:24:39 +01:00
sysctl_net_ipv6.c net: add a sysctl to reflect the fwmark on replies 2014-05-13 18:35:08 -04:00
tcp_ipv6.c net: add a sysctl to reflect the fwmark on replies 2014-05-13 18:35:08 -04:00
tcpv6_offload.c net-gro: Prepare GRO stack for the upcoming tunneling support 2013-12-12 13:47:53 -05:00
tunnel6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipv6: reuse ip6_frag_id from ip6_ufo_append_data 2014-02-22 00:28:21 -05:00
udp.c net: Verify UDP checksum before handoff to encap 2014-05-08 23:47:50 -04:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c net: rename local_df to ignore_df 2014-05-12 14:03:41 -04:00
xfrm6_policy.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_protocol.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00