From patchwork Thu Sep 20 20:50:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 972731 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="MjhuOuWe"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42GTQx5krsz9sBJ for ; Fri, 21 Sep 2018 06:51:05 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388434AbeIUCgW (ORCPT ); Thu, 20 Sep 2018 22:36:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:46524 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728787AbeIUCgV (ORCPT ); Thu, 20 Sep 2018 22:36:21 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E86E2214C2; Thu, 20 Sep 2018 20:51:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1537476661; bh=C67pLZWZ4R+R5+4rPcdD9X/SefYZwfl9Abqa2pQ4qy8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MjhuOuWeOc7dXYJQBi2D+kpmWxWer9sPBH5rT6n7/mTOs0Oti6OzGjkAjwrfALeTQ BjOwHMHCXAcKEkWw5U+LbPEPrmQkAijIS4xFA10+v2izbaxeksOgTsMDbNgfVDOlSc 3yKSJiunj0FsNn0sxmR2ViSYCi70WWXmHrcBosVo= From: dsahern@kernel.org To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, fw@strlen.de, David Ahern Subject: [PATCH net-next 1/3] net/ipv4: Move device validation to helper Date: Thu, 20 Sep 2018 13:50:47 -0700 Message-Id: <20180920205049.15143-2-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180920205049.15143-1-dsahern@kernel.org> References: <20180920205049.15143-1-dsahern@kernel.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: David Ahern Move the device matching check in __fib_validate_source to a helper and export it for use by netfilter modules. Code move only; no functional change intended. Signed-off-by: David Ahern --- include/net/ip_fib.h | 1 + net/ipv4/fib_frontend.c | 44 +++++++++++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 69c91d1934c1..f7c109e37298 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -373,6 +373,7 @@ static inline bool fib4_rules_early_flow_dissect(struct net *net, extern const struct nla_policy rtm_ipv4_policy[]; void ip_fib_init(void); __be32 fib_compute_spec_dst(struct sk_buff *skb); +bool fib_info_nh_uses_dev(struct fib_info *fi, const struct net_device *dev); int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, u8 tos, int oif, struct net_device *dev, struct in_device *idev, u32 *itag); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 2998b0e47d4b..222b968de94c 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -315,6 +315,32 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb) return inet_select_addr(dev, ip_hdr(skb)->saddr, scope); } +bool fib_info_nh_uses_dev(struct fib_info *fi, const struct net_device *dev) +{ + bool dev_match = false; + int ret; + +#ifdef CONFIG_IP_ROUTE_MULTIPATH + for (ret = 0; ret < fi->fib_nhs; ret++) { + struct fib_nh *nh = &fi->fib_nh[ret]; + + if (nh->nh_dev == dev) { + dev_match = true; + break; + } else if (l3mdev_master_ifindex_rcu(nh->nh_dev) == dev->ifindex) { + dev_match = true; + break; + } + } +#else + if (fi->fib_nh[0].nh_dev == dev) + dev_match = true; +#endif + + return dev_match; +} +EXPORT_SYMBOL_GPL(fib_info_nh_uses_dev); + /* Given (packet source, input interface) and optional (dst, oif, tos): * - (main) check, that source is valid i.e. not broadcast or our local * address. @@ -361,24 +387,8 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) goto e_inval; fib_combine_itag(itag, &res); - dev_match = false; - -#ifdef CONFIG_IP_ROUTE_MULTIPATH - for (ret = 0; ret < res.fi->fib_nhs; ret++) { - struct fib_nh *nh = &res.fi->fib_nh[ret]; - if (nh->nh_dev == dev) { - dev_match = true; - break; - } else if (l3mdev_master_ifindex_rcu(nh->nh_dev) == dev->ifindex) { - dev_match = true; - break; - } - } -#else - if (FIB_RES_DEV(res) == dev) - dev_match = true; -#endif + dev_match = fib_info_nh_uses_dev(res.fi, dev); if (dev_match) { ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST; return ret; From patchwork Thu Sep 20 20:50:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 972735 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="jAb/2w6D"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42GTR131sXz9sBJ for ; Fri, 21 Sep 2018 06:51:09 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388396AbeIUCgW (ORCPT ); Thu, 20 Sep 2018 22:36:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:46532 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731592AbeIUCgV (ORCPT ); Thu, 20 Sep 2018 22:36:21 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 327352150E; Thu, 20 Sep 2018 20:51:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1537476661; bh=XDIv/JhUnFBjOUS1S6ngQ8CvwK4xV36UpZGne2fUhxI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jAb/2w6DIWEjYNHIbdc4Wg5TLEoJsDuLqvQwOxCqCTRfJcyc3v+YFWQ78sUoQJhHF KDQ7yaZyflbpAlrs/yhy7XWfBeitPfGXBJACUc4irbFQv3zMiHkROhHqC+r1JhK6Xo Nm++RKMScMYk24nITTDqxuxMHv/7Von5szIUbETw= From: dsahern@kernel.org To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, fw@strlen.de, David Ahern Subject: [PATCH net-next 2/3] netfilter: rpfilter: Convert rpfilter_lookup_reverse to new dev helper Date: Thu, 20 Sep 2018 13:50:48 -0700 Message-Id: <20180920205049.15143-3-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180920205049.15143-1-dsahern@kernel.org> References: <20180920205049.15143-1-dsahern@kernel.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: David Ahern Convert rpfilter_lookup_reverse to the new device checking helper and remove the duplicate code. Signed-off-by: David Ahern --- net/ipv4/netfilter/ipt_rpfilter.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c index 12843c9ef142..0b10d8812828 100644 --- a/net/ipv4/netfilter/ipt_rpfilter.c +++ b/net/ipv4/netfilter/ipt_rpfilter.c @@ -36,7 +36,6 @@ static bool rpfilter_lookup_reverse(struct net *net, struct flowi4 *fl4, const struct net_device *dev, u8 flags) { struct fib_result res; - bool dev_match; int ret __maybe_unused; if (fib_lookup(net, fl4, &res, FIB_LOOKUP_IGNORE_LINKSTATE)) @@ -46,21 +45,7 @@ static bool rpfilter_lookup_reverse(struct net *net, struct flowi4 *fl4, if (res.type != RTN_LOCAL || !(flags & XT_RPFILTER_ACCEPT_LOCAL)) return false; } - dev_match = false; -#ifdef CONFIG_IP_ROUTE_MULTIPATH - for (ret = 0; ret < res.fi->fib_nhs; ret++) { - struct fib_nh *nh = &res.fi->fib_nh[ret]; - - if (nh->nh_dev == dev) { - dev_match = true; - break; - } - } -#else - if (FIB_RES_DEV(res) == dev) - dev_match = true; -#endif - return dev_match || flags & XT_RPFILTER_LOOSE; + return fib_info_nh_uses_dev(res.fi, dev) || flags & XT_RPFILTER_LOOSE; } static bool From patchwork Thu Sep 20 20:50:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 972732 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="ngF/ZZPX"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42GTQy41P1z9sBW for ; Fri, 21 Sep 2018 06:51:06 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388477AbeIUCg0 (ORCPT ); Thu, 20 Sep 2018 22:36:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:46536 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727659AbeIUCgW (ORCPT ); Thu, 20 Sep 2018 22:36:22 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7060221535; Thu, 20 Sep 2018 20:51:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1537476661; bh=unW9toWT2UednS+TfZXYUnT+NWTcRsCh7RfpMoqocu4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ngF/ZZPXTsdF44rgXXlbzkM0wBWxohjM9zofuODlz0SVZ/w5Ue0Mkn2pIaJkZOx3v mOXReRWjwbeTMUII7tRAoRSvJdHzi6DT+TWhgtouq8MJ4zaCqJUog3l9ahGgQDiOZL pZsfGRXaNZPSN5JanX1hTNZm4PZ2imQjUfR/h/2E= From: dsahern@kernel.org To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, fw@strlen.de, David Ahern Subject: [PATCH net-next 3/3] netfilter: nft_fib: Convert nft_fib4_eval to new dev helper Date: Thu, 20 Sep 2018 13:50:49 -0700 Message-Id: <20180920205049.15143-4-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180920205049.15143-1-dsahern@kernel.org> References: <20180920205049.15143-1-dsahern@kernel.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: David Ahern Convert nft_fib4_eval to the new device checking helper and remove the duplicate code. Signed-off-by: David Ahern --- net/ipv4/netfilter/nft_fib_ipv4.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c index e50976e3c213..94eb25bc8d7e 100644 --- a/net/ipv4/netfilter/nft_fib_ipv4.c +++ b/net/ipv4/netfilter/nft_fib_ipv4.c @@ -76,10 +76,7 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, .flowi4_iif = LOOPBACK_IFINDEX, }; const struct net_device *oif; - struct net_device *found; -#ifdef CONFIG_IP_ROUTE_MULTIPATH - int i; -#endif + const struct net_device *found; /* * Do not set flowi4_oif, it restricts results (for example, asking @@ -146,25 +143,13 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, if (!oif) { found = FIB_RES_DEV(res); - goto ok; - } - -#ifdef CONFIG_IP_ROUTE_MULTIPATH - for (i = 0; i < res.fi->fib_nhs; i++) { - struct fib_nh *nh = &res.fi->fib_nh[i]; + } else { + if (!fib_info_nh_uses_dev(res.fi, oif)) + return; - if (nh->nh_dev == oif) { - found = nh->nh_dev; - goto ok; - } + found = oif; } - return; -#else - found = FIB_RES_DEV(res); - if (found != oif) - return; -#endif -ok: + switch (priv->result) { case NFT_FIB_RESULT_OIF: *dest = found->ifindex;