Message ID | 20130730065317.GH13357@zirkel.wertarbyte.de |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
From: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Date: Tue, 30 Jul 2013 08:53:17 +0200 > @@ -101,6 +101,17 @@ errout: > return err; > } > > +static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { ... > @@ -119,6 +119,18 @@ out: > return err; > } > > +static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { > + struct rt6_info *rt = (struct rt6_info *) arg->result; > + /* > + * do not accept result if the route does > + * not meet the required prefix length > + */ Please format this stuff correctly. Functions are declared like this: static type NAME(TYPE ARG1, TYPE ARG2) { } You don't put the openning curly brace at the end of the line with the closing parenthesis of the argument list. Next, comments are to be formatted: /* Like * this. */ Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Dies schrieb David Miller (davem@davemloft.net): > > +static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { > ... > > @@ -119,6 +119,18 @@ out: > > return err; > > } > > > > +static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { > > + struct rt6_info *rt = (struct rt6_info *) arg->result; > > + /* > > + * do not accept result if the route does > > + * not meet the required prefix length > > + */ > > Please format this stuff correctly. > > Functions are declared like this: > > static type NAME(TYPE ARG1, TYPE ARG2) > { > } Noted and fixed. > You don't put the openning curly brace at the end of the line with the > closing parenthesis of the argument list. > > Next, comments are to be formatted: > > /* Like > * this. > */ Well, to be fair, most comments in the existing code base actually use the style I employed (in fact, I was copying it), so it seems like a blurry line at least. /* * If we need to find a source address for this traffic, * we check the result if it meets requirement of the rule. */ -----8<---- /* * If FIB_RULE_FIND_SADDR is set and we do not have a * source address for the traffic, we defer check for * source address. */ -----8<---- /* The lock is not required here, the list in unreacheable * at the moment this function is called */ -----8<---- /* compatibility: if the mark value is non-zero all bits * are compared unless a mask is explicitly specified. */ -----8<---- /* * There are unresolved goto rules in the list, check if * any of them are pointing to this new rule. */ -----8<---- /* * Check if this rule is a target to any of them. If so, * disable them. As this operation is eventually very * expensive, it is only performed if goto rules have * actually been added. */ -----8<---- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Date: Tue, 30 Jul 2013 09:23:05 +0200 > Well, to be fair, most comments in the existing code base actually use the style > I employed (in fact, I was copying it), so it seems like a blurry line at least. Existing mistakes are not excuses for duplicating them :-) They are a good excuse to send a patch fixing them, however. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h index e361f48..2f286dc 100644 --- a/include/net/fib_rules.h +++ b/include/net/fib_rules.h @@ -18,6 +18,7 @@ struct fib_rule { u32 pref; u32 flags; u32 table; + u8 table_prefixlen_min; u8 action; u32 target; struct fib_rule __rcu *ctarget; @@ -46,6 +47,8 @@ struct fib_rules_ops { int (*action)(struct fib_rule *, struct flowi *, int, struct fib_lookup_arg *); + bool (*suppress)(struct fib_rule *, + struct fib_lookup_arg *); int (*match)(struct fib_rule *, struct flowi *, int); int (*configure)(struct fib_rule *, @@ -80,6 +83,7 @@ struct fib_rules_ops { [FRA_FWMARK] = { .type = NLA_U32 }, \ [FRA_FWMASK] = { .type = NLA_U32 }, \ [FRA_TABLE] = { .type = NLA_U32 }, \ + [FRA_TABLE_PREFIXLEN_MIN] = { .type = NLA_U8 }, \ [FRA_GOTO] = { .type = NLA_U32 } static inline void fib_rule_get(struct fib_rule *rule) diff --git a/include/uapi/linux/fib_rules.h b/include/uapi/linux/fib_rules.h index 51da65b..59cd31b 100644 --- a/include/uapi/linux/fib_rules.h +++ b/include/uapi/linux/fib_rules.h @@ -45,7 +45,7 @@ enum { FRA_FLOW, /* flow/class id */ FRA_UNUSED6, FRA_UNUSED7, - FRA_UNUSED8, + FRA_TABLE_PREFIXLEN_MIN, FRA_TABLE, /* Extended table id */ FRA_FWMASK, /* mask for netfilter mark */ FRA_OIFNAME, diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index 2173544..809efd5 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c @@ -226,6 +226,10 @@ jumped: else err = ops->action(rule, fl, flags, arg); + if (!err && ops->suppress && ops->suppress(rule, arg)) { + continue; + } + if (err != -EAGAIN) { if ((arg->flags & FIB_LOOKUP_NOREF) || likely(atomic_inc_not_zero(&rule->refcnt))) { @@ -337,6 +341,8 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh) rule->action = frh->action; rule->flags = frh->flags; rule->table = frh_get_table(frh, tb); + if (tb[FRA_TABLE_PREFIXLEN_MIN]) + rule->table_prefixlen_min = nla_get_u8(tb[FRA_TABLE_PREFIXLEN_MIN]); if (!tb[FRA_PRIORITY] && ops->default_pref) rule->pref = ops->default_pref(ops); @@ -523,6 +529,7 @@ static inline size_t fib_rule_nlmsg_size(struct fib_rules_ops *ops, + nla_total_size(IFNAMSIZ) /* FRA_OIFNAME */ + nla_total_size(4) /* FRA_PRIORITY */ + nla_total_size(4) /* FRA_TABLE */ + + nla_total_size(1) /* FRA_TABLE_PREFIXLEN_MIN */ + nla_total_size(4) /* FRA_FWMARK */ + nla_total_size(4); /* FRA_FWMASK */ @@ -548,6 +555,8 @@ static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule, frh->table = rule->table; if (nla_put_u32(skb, FRA_TABLE, rule->table)) goto nla_put_failure; + if (nla_put_u8(skb, FRA_TABLE_PREFIXLEN_MIN, rule->table_prefixlen_min)) + goto nla_put_failure; frh->res1 = 0; frh->res2 = 0; frh->action = rule->action; diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index 26aa65d..f93beb6 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c @@ -101,6 +101,17 @@ errout: return err; } +static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { + /* do not accept result if the route does not meet the required prefix length */ + struct fib_result *result = (struct fib_result *) arg->result; + if (result->prefixlen < rule->table_prefixlen_min) { + if (!(arg->flags & FIB_LOOKUP_NOREF)) { + fib_info_put(result->fi); + } + return true; + } + return false; +} static int fib4_rule_match(struct fib_rule *rule, struct flowi *fl, int flags) { @@ -267,6 +278,7 @@ static const struct fib_rules_ops __net_initconst fib4_rules_ops_template = { .rule_size = sizeof(struct fib4_rule), .addr_size = sizeof(u32), .action = fib4_rule_action, + .suppress = fib4_rule_suppress, .match = fib4_rule_match, .configure = fib4_rule_configure, .delete = fib4_rule_delete, diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c index 4c8bac7..63372ab 100644 --- a/net/ipv6/fib6_rules.c +++ b/net/ipv6/fib6_rules.c @@ -119,6 +119,18 @@ out: return err; } +static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { + struct rt6_info *rt = (struct rt6_info *) arg->result; + /* + * do not accept result if the route does + * not meet the required prefix length + */ + if (rt->rt6i_dst.plen < rule->table_prefixlen_min) { + ip6_rt_put(rt); + return true; + } + return false; +} static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags) { @@ -252,6 +264,7 @@ static const struct fib_rules_ops __net_initconst fib6_rules_ops_template = { .addr_size = sizeof(struct in6_addr), .action = fib6_rule_action, .match = fib6_rule_match, + .suppress = fib6_rule_suppress, .configure = fib6_rule_configure, .compare = fib6_rule_compare, .fill = fib6_rule_fill,