OpenWrt – Diff between revs 2 and 3
?pathlinks?
Rev 2 | Rev 3 | |||
---|---|---|---|---|
Line 64... | Line 64... | |||
64 | }; |
64 | }; |
|
Line 65... | Line 65... | |||
65 | |
65 | |
|
66 | static void rt_fibinfo_free(struct rtable __rcu **rtp) |
66 | static void rt_fibinfo_free(struct rtable __rcu **rtp) |
|
67 | --- a/net/ipv4/fib_trie.c |
67 | --- a/net/ipv4/fib_trie.c |
|
68 | +++ b/net/ipv4/fib_trie.c |
68 | +++ b/net/ipv4/fib_trie.c |
|
69 | @@ -2406,6 +2406,7 @@ static const char *const rtn_type_names[ |
69 | @@ -2396,6 +2396,7 @@ static const char *const rtn_type_names[ |
|
70 | [RTN_THROW] = "THROW", |
70 | [RTN_THROW] = "THROW", |
|
71 | [RTN_NAT] = "NAT", |
71 | [RTN_NAT] = "NAT", |
|
72 | [RTN_XRESOLVE] = "XRESOLVE", |
72 | [RTN_XRESOLVE] = "XRESOLVE", |
|
73 | + [RTN_POLICY_FAILED] = "POLICY_FAILED", |
73 | + [RTN_POLICY_FAILED] = "POLICY_FAILED", |
|
Line 74... | Line 74... | |||
74 | }; |
74 | }; |
|
75 | |
75 | |
|
76 | static inline const char *rtn_type(char *buf, size_t len, unsigned int t) |
76 | static inline const char *rtn_type(char *buf, size_t len, unsigned int t) |
|
77 | --- a/net/ipv4/ipmr.c |
77 | --- a/net/ipv4/ipmr.c |
|
78 | +++ b/net/ipv4/ipmr.c |
78 | +++ b/net/ipv4/ipmr.c |
|
79 | @@ -159,6 +159,7 @@ static int ipmr_rule_action(struct fib_r |
79 | @@ -157,6 +157,7 @@ static int ipmr_rule_action(struct fib_r |
|
80 | case FR_ACT_UNREACHABLE: |
80 | case FR_ACT_UNREACHABLE: |
|
81 | return -ENETUNREACH; |
81 | return -ENETUNREACH; |
|
82 | case FR_ACT_PROHIBIT: |
82 | case FR_ACT_PROHIBIT: |
|
Line 97... | Line 97... | |||
97 | } |
97 | } |
|
Line 98... | Line 98... | |||
98 | |
98 | |
|
99 | tb_id = fib_rule_get_table(rule, arg); |
99 | tb_id = fib_rule_get_table(rule, arg); |
|
100 | --- a/net/ipv6/ip6mr.c |
100 | --- a/net/ipv6/ip6mr.c |
|
101 | +++ b/net/ipv6/ip6mr.c |
101 | +++ b/net/ipv6/ip6mr.c |
|
102 | @@ -169,6 +169,8 @@ static int ip6mr_rule_action(struct fib_ |
102 | @@ -167,6 +167,8 @@ static int ip6mr_rule_action(struct fib_ |
|
103 | return -ENETUNREACH; |
103 | return -ENETUNREACH; |
|
104 | case FR_ACT_PROHIBIT: |
104 | case FR_ACT_PROHIBIT: |
|
105 | return -EACCES; |
105 | return -EACCES; |
|
106 | + case FR_ACT_POLICY_FAILED: |
106 | + case FR_ACT_POLICY_FAILED: |
|
Line 139... | Line 139... | |||
139 | +}; |
139 | +}; |
|
140 | + |
140 | + |
|
141 | static const struct rt6_info ip6_blk_hole_entry_template = { |
141 | static const struct rt6_info ip6_blk_hole_entry_template = { |
|
142 | .dst = { |
142 | .dst = { |
|
143 | .__refcnt = ATOMIC_INIT(1), |
143 | .__refcnt = ATOMIC_INIT(1), |
|
144 | @@ -1970,6 +1987,11 @@ static struct rt6_info *ip6_route_info_c |
144 | @@ -1967,6 +1984,11 @@ static struct rt6_info *ip6_route_info_c |
|
145 | rt->dst.output = ip6_pkt_prohibit_out; |
145 | rt->dst.output = ip6_pkt_prohibit_out; |
|
146 | rt->dst.input = ip6_pkt_prohibit; |
146 | rt->dst.input = ip6_pkt_prohibit; |
|
147 | break; |
147 | break; |
|
148 | + case RTN_POLICY_FAILED: |
148 | + case RTN_POLICY_FAILED: |
|
149 | + rt->dst.error = -EACCES; |
149 | + rt->dst.error = -EACCES; |
|
Line 151... | Line 151... | |||
151 | + rt->dst.input = ip6_pkt_policy_failed; |
151 | + rt->dst.input = ip6_pkt_policy_failed; |
|
152 | + break; |
152 | + break; |
|
153 | case RTN_THROW: |
153 | case RTN_THROW: |
|
154 | case RTN_UNREACHABLE: |
154 | case RTN_UNREACHABLE: |
|
155 | default: |
155 | default: |
|
156 | @@ -2613,6 +2635,17 @@ static int ip6_pkt_prohibit_out(struct n |
156 | @@ -2610,6 +2632,17 @@ static int ip6_pkt_prohibit_out(struct n |
|
157 | return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); |
157 | return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); |
|
158 | } |
158 | } |
|
Line 159... | Line 159... | |||
159 | |
159 | |
|
160 | +static int ip6_pkt_policy_failed(struct sk_buff *skb) |
160 | +static int ip6_pkt_policy_failed(struct sk_buff *skb) |
|
Line 169... | Line 169... | |||
169 | +} |
169 | +} |
|
170 | + |
170 | + |
|
171 | /* |
171 | /* |
|
172 | * Allocate a dst for local (unicast / anycast) address. |
172 | * Allocate a dst for local (unicast / anycast) address. |
|
173 | */ |
173 | */ |
|
174 | @@ -2850,7 +2883,8 @@ static int rtm_to_fib6_config(struct sk_ |
174 | @@ -2847,7 +2880,8 @@ static int rtm_to_fib6_config(struct sk_ |
|
175 | if (rtm->rtm_type == RTN_UNREACHABLE || |
175 | if (rtm->rtm_type == RTN_UNREACHABLE || |
|
176 | rtm->rtm_type == RTN_BLACKHOLE || |
176 | rtm->rtm_type == RTN_BLACKHOLE || |
|
177 | rtm->rtm_type == RTN_PROHIBIT || |
177 | rtm->rtm_type == RTN_PROHIBIT || |
|
178 | - rtm->rtm_type == RTN_THROW) |
178 | - rtm->rtm_type == RTN_THROW) |
|
179 | + rtm->rtm_type == RTN_THROW || |
179 | + rtm->rtm_type == RTN_THROW || |
|
180 | + rtm->rtm_type == RTN_POLICY_FAILED) |
180 | + rtm->rtm_type == RTN_POLICY_FAILED) |
|
181 | cfg->fc_flags |= RTF_REJECT; |
181 | cfg->fc_flags |= RTF_REJECT; |
|
Line 182... | Line 182... | |||
182 | |
182 | |
|
183 | if (rtm->rtm_type == RTN_LOCAL) |
183 | if (rtm->rtm_type == RTN_LOCAL) |
|
184 | @@ -3222,6 +3256,9 @@ static int rt6_fill_node(struct net *net |
184 | @@ -3219,6 +3253,9 @@ static int rt6_fill_node(struct net *net |
|
185 | case -EACCES: |
185 | case -EACCES: |
|
186 | rtm->rtm_type = RTN_PROHIBIT; |
186 | rtm->rtm_type = RTN_PROHIBIT; |
|
187 | break; |
187 | break; |
|
188 | + case -EPERM: |
188 | + case -EPERM: |
|
189 | + rtm->rtm_type = RTN_POLICY_FAILED; |
189 | + rtm->rtm_type = RTN_POLICY_FAILED; |
|
190 | + break; |
190 | + break; |
|
191 | case -EAGAIN: |
191 | case -EAGAIN: |
|
192 | rtm->rtm_type = RTN_THROW; |
192 | rtm->rtm_type = RTN_THROW; |
|
193 | break; |
193 | break; |
|
194 | @@ -3498,6 +3535,8 @@ static int ip6_route_dev_notify(struct n |
194 | @@ -3495,6 +3532,8 @@ static int ip6_route_dev_notify(struct n |
|
195 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
195 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
|
196 | net->ipv6.ip6_prohibit_entry->dst.dev = dev; |
196 | net->ipv6.ip6_prohibit_entry->dst.dev = dev; |
|
197 | net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); |
197 | net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); |
|
198 | + net->ipv6.ip6_policy_failed_entry->dst.dev = dev; |
198 | + net->ipv6.ip6_policy_failed_entry->dst.dev = dev; |
|
199 | + net->ipv6.ip6_policy_failed_entry->rt6i_idev = in6_dev_get(dev); |
199 | + net->ipv6.ip6_policy_failed_entry->rt6i_idev = in6_dev_get(dev); |
|
200 | net->ipv6.ip6_blk_hole_entry->dst.dev = dev; |
200 | net->ipv6.ip6_blk_hole_entry->dst.dev = dev; |
|
201 | net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); |
201 | net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); |
|
202 | #endif |
202 | #endif |
|
203 | @@ -3509,6 +3548,7 @@ static int ip6_route_dev_notify(struct n |
203 | @@ -3506,6 +3545,7 @@ static int ip6_route_dev_notify(struct n |
|
204 | in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); |
204 | in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); |
|
205 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
205 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
|
206 | in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); |
206 | in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); |
|
207 | + in6_dev_put(net->ipv6.ip6_policy_failed_entry->rt6i_idev); |
207 | + in6_dev_put(net->ipv6.ip6_policy_failed_entry->rt6i_idev); |
|
208 | in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); |
208 | in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); |
|
209 | #endif |
209 | #endif |
|
210 | } |
210 | } |
|
211 | @@ -3724,6 +3764,17 @@ static int __net_init ip6_route_net_init |
211 | @@ -3721,6 +3761,17 @@ static int __net_init ip6_route_net_init |
|
212 | net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; |
212 | net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; |
|
213 | dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, |
213 | dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, |
|
214 | ip6_template_metrics, true); |
214 | ip6_template_metrics, true); |
|
215 | + |
215 | + |
|
Line 224... | Line 224... | |||
224 | + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, |
224 | + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, |
|
225 | + ip6_template_metrics, true); |
225 | + ip6_template_metrics, true); |
|
226 | #endif |
226 | #endif |
|
Line 227... | Line 227... | |||
227 | |
227 | |
|
228 | net->ipv6.sysctl.flush_delay = 0; |
228 | net->ipv6.sysctl.flush_delay = 0; |
|
229 | @@ -3742,6 +3793,8 @@ out: |
229 | @@ -3739,6 +3790,8 @@ out: |
|
Line 230... | Line 230... | |||
230 | return ret; |
230 | return ret; |
|
231 | |
231 | |
|
232 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
232 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
|
233 | +out_ip6_blk_hole_entry: |
233 | +out_ip6_blk_hole_entry: |
|
234 | + kfree(net->ipv6.ip6_blk_hole_entry); |
234 | + kfree(net->ipv6.ip6_blk_hole_entry); |
|
235 | out_ip6_prohibit_entry: |
235 | out_ip6_prohibit_entry: |
|
236 | kfree(net->ipv6.ip6_prohibit_entry); |
236 | kfree(net->ipv6.ip6_prohibit_entry); |
|
237 | out_ip6_null_entry: |
237 | out_ip6_null_entry: |
|
238 | @@ -3759,6 +3812,7 @@ static void __net_exit ip6_route_net_exi |
238 | @@ -3756,6 +3809,7 @@ static void __net_exit ip6_route_net_exi |
|
239 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
239 | #ifdef CONFIG_IPV6_MULTIPLE_TABLES |
|
240 | kfree(net->ipv6.ip6_prohibit_entry); |
240 | kfree(net->ipv6.ip6_prohibit_entry); |
|
241 | kfree(net->ipv6.ip6_blk_hole_entry); |
241 | kfree(net->ipv6.ip6_blk_hole_entry); |
|
242 | + kfree(net->ipv6.ip6_policy_failed_entry); |
242 | + kfree(net->ipv6.ip6_policy_failed_entry); |
|
243 | #endif |
243 | #endif |
|
244 | dst_entries_destroy(&net->ipv6.ip6_dst_ops); |
244 | dst_entries_destroy(&net->ipv6.ip6_dst_ops); |
|
245 | } |
245 | } |
|
246 | @@ -3832,6 +3886,9 @@ void __init ip6_route_init_special_entri |
246 | @@ -3829,6 +3883,9 @@ void __init ip6_route_init_special_entri |
|
247 | init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
247 | init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
|
248 | init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; |
248 | init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; |
|
249 | init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |
249 | init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |