ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags
The neighbor look-up used to depend on the rt6i_gateway (if there is a gateway) or the rt6i_dst (if it is a RTF_CACHE clone) as the nexthop address. Note that rt6i_dst is set to fl6->daddr for the RTF_CACHE clone where fl6->daddr is the one used to do the route look-up. Now, we only create RTF_CACHE clone after encountering exception. When doing the neighbor look-up with a route that is neither a gateway nor a RTF_CACHE clone, the daddr in skb will be used as the nexthop. In some cases, the daddr in skb is not the one used to do the route look-up. One example is in ip_vs_dr_xmit_v6() where the real nexthop server address is different from the one in the skb. This patch is going to follow the IPv4 approach and ask the ip6_pol_route() callers to set the FLOWI_FLAG_KNOWN_NH properly. In the next patch, ip6_pol_route() will honor the FLOWI_FLAG_KNOWN_NH and create a RTF_CACHE clone. Signed-off-by: Martin KaFai Lau <kafai@fb.com> Acked-by: Julian Anastasov <ja@ssi.bg> Tested-by: Julian Anastasov <ja@ssi.bg> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b197df4f0f
commit
48e8aa6e31
3 changed files with 13 additions and 4 deletions
|
@ -865,6 +865,9 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
|
|||
fl6.flowi6_oif = np->ucast_oif;
|
||||
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
|
||||
|
||||
if (inet->hdrincl)
|
||||
fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;
|
||||
|
||||
dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
|
||||
if (IS_ERR(dst)) {
|
||||
err = PTR_ERR(dst);
|
||||
|
|
|
@ -364,13 +364,16 @@ err_unreach:
|
|||
#ifdef CONFIG_IP_VS_IPV6
|
||||
static struct dst_entry *
|
||||
__ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr,
|
||||
struct in6_addr *ret_saddr, int do_xfrm)
|
||||
struct in6_addr *ret_saddr, int do_xfrm, int rt_mode)
|
||||
{
|
||||
struct dst_entry *dst;
|
||||
struct flowi6 fl6 = {
|
||||
.daddr = *daddr,
|
||||
};
|
||||
|
||||
if (rt_mode & IP_VS_RT_MODE_KNOWN_NH)
|
||||
fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
|
||||
|
||||
dst = ip6_route_output(net, NULL, &fl6);
|
||||
if (dst->error)
|
||||
goto out_err;
|
||||
|
@ -427,7 +430,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
|
|||
}
|
||||
dst = __ip_vs_route_output_v6(net, &dest->addr.in6,
|
||||
&dest_dst->dst_saddr.in6,
|
||||
do_xfrm);
|
||||
do_xfrm, rt_mode);
|
||||
if (!dst) {
|
||||
__ip_vs_dst_set(dest, NULL, NULL, 0);
|
||||
spin_unlock_bh(&dest->dst_lock);
|
||||
|
@ -446,7 +449,8 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
|
|||
*ret_saddr = dest_dst->dst_saddr.in6;
|
||||
} else {
|
||||
noref = 0;
|
||||
dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm);
|
||||
dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm,
|
||||
rt_mode);
|
||||
if (!dst)
|
||||
goto err_unreach;
|
||||
rt = (struct rt6_info *) dst;
|
||||
|
@ -1164,7 +1168,8 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
|
|||
local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, &cp->daddr.in6,
|
||||
NULL, ipvsh, 0,
|
||||
IP_VS_RT_MODE_LOCAL |
|
||||
IP_VS_RT_MODE_NON_LOCAL);
|
||||
IP_VS_RT_MODE_NON_LOCAL |
|
||||
IP_VS_RT_MODE_KNOWN_NH);
|
||||
if (local < 0)
|
||||
goto tx_error;
|
||||
if (local) {
|
||||
|
|
|
@ -152,6 +152,7 @@ tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info)
|
|||
fl6.daddr = info->gw.in6;
|
||||
fl6.flowlabel = ((iph->flow_lbl[0] & 0xF) << 16) |
|
||||
(iph->flow_lbl[1] << 8) | iph->flow_lbl[2];
|
||||
fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
|
||||
dst = ip6_route_output(net, NULL, &fl6);
|
||||
if (dst->error) {
|
||||
dst_release(dst);
|
||||
|
|
Loading…
Reference in a new issue