From 75bff8f023e02b045a8f68f36fa7da98dca124b8 Mon Sep 17 00:00:00 2001
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Mon, 21 Aug 2006 19:22:01 +0900
Subject: [PATCH] [IPV6] ROUTE: Routing by FWMARK.
Based on patch by Jean Lorchat <lorchat@sfc.wide.ad.jp>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
include/linux/fib_rules.h | 2 +-
include/net/flow.h | 2 ++
net/ipv6/Kconfig | 7 +++++++
net/ipv6/fib6_rules.c | 23 +++++++++++++++++++++++
net/ipv6/route.c | 1 +
5 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
index 19a82b6c1c1f..2987549d6044 100644
--- a/include/linux/fib_rules.h
+++ b/include/linux/fib_rules.h
@@ -34,7 +34,7 @@ enum
FRA_UNUSED3,
FRA_UNUSED4,
FRA_UNUSED5,
- FRA_FWMARK, /* netfilter mark (IPv4) */
+ FRA_FWMARK, /* netfilter mark (IPv4/IPv6) */
FRA_FLOW, /* flow/class id */
FRA_UNUSED6,
FRA_UNUSED7,
diff --git a/include/net/flow.h b/include/net/flow.h
index e0522914316e..3ca210ec1379 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -26,6 +26,7 @@ struct flowi {
struct {
struct in6_addr daddr;
struct in6_addr saddr;
+ __u32 fwmark;
__u32 flowlabel;
} ip6_u;
@@ -42,6 +43,7 @@ struct flowi {
#define fld_scope nl_u.dn_u.scope
#define fl6_dst nl_u.ip6_u.daddr
#define fl6_src nl_u.ip6_u.saddr
+#define fl6_fwmark nl_u.ip6_u.fwmark
#define fl6_flowlabel nl_u.ip6_u.flowlabel
#define fl4_dst nl_u.ip4_u.daddr
#define fl4_src nl_u.ip4_u.saddr
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 21e0cc808f44..a2d211da2aba 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -173,3 +173,10 @@ config IPV6_MULTIPLE_TABLES
---help---
Support multiple routing tables.
+config IPV6_ROUTE_FWMARK
+ bool "IPv6: use netfilter MARK value as routing key"
+ depends on IPV6_MULTIPLE_TABLES && NETFILTER
+ ---help---
+ If you say Y here, you will be able to specify different routes for
+ packets with different mark values (see iptables(8), MARK target).
+
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 91f6233d8efd..aebd9e2b85a8 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -26,6 +26,9 @@ struct fib6_rule
struct fib_rule common;
struct rt6key src;
struct rt6key dst;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ u8 fwmark;
+#endif
u8 tclass;
};
@@ -124,6 +127,11 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff))
return 0;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (r->fwmark && (r->fwmark != fl->fl6_fwmark))
+ return 0;
+#endif
+
return 1;
}
@@ -164,6 +172,11 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
nla_memcpy(&rule6->dst.addr, tb[FRA_DST],
sizeof(struct in6_addr));
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (tb[FRA_FWMARK])
+ rule6->fwmark = nla_get_u32(tb[FRA_FWMARK]);
+#endif
+
rule6->src.plen = frh->src_len;
rule6->dst.plen = frh->dst_len;
rule6->tclass = frh->tos;
@@ -195,6 +208,11 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr)))
return 0;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (tb[FRA_FWMARK] && (rule6->fwmark != nla_get_u32(tb[FRA_FWMARK])))
+ return 0;
+#endif
+
return 1;
}
@@ -216,6 +234,11 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
NLA_PUT(skb, FRA_SRC, sizeof(struct in6_addr),
&rule6->src.addr);
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (rule6->fwmark)
+ NLA_PUT_U32(skb, FRA_FWMARK, rule6->fwmark);
+#endif
+
return 0;
nla_put_failure:
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 20691285aee5..649350bd9299 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -703,6 +703,7 @@ void ip6_route_input(struct sk_buff *skb)
.ip6_u = {
.daddr = iph->daddr,
.saddr = iph->saddr,
+ .fwmark = skb->nfmark,
.flowlabel = (* (u32 *) iph)&IPV6_FLOWINFO_MASK,
},
},
--
GitLab