]> err.no Git - linux-2.6/commitdiff
[IPV6] ROUTE: Routing by FWMARK.
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Mon, 21 Aug 2006 10:22:01 +0000 (19:22 +0900)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 22 Sep 2006 22:18:00 +0000 (15:18 -0700)
Based on patch by Jean Lorchat <lorchat@sfc.wide.ad.jp>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
include/linux/fib_rules.h
include/net/flow.h
net/ipv6/Kconfig
net/ipv6/fib6_rules.c
net/ipv6/route.c

index 19a82b6c1c1f5e3795c84fc936b5d9e7d392fe00..2987549d604441f034722c0019af1ba6bd5d9cf3 100644 (file)
@@ -34,7 +34,7 @@ enum
        FRA_UNUSED3,
        FRA_UNUSED4,
        FRA_UNUSED5,
-       FRA_FWMARK,     /* netfilter mark (IPv4) */
+       FRA_FWMARK,     /* netfilter mark (IPv4/IPv6) */
        FRA_FLOW,       /* flow/class id */
        FRA_UNUSED6,
        FRA_UNUSED7,
index e0522914316e3f659f80f06942a15e55c6ffaeba..3ca210ec1379f549e0e2f0d4e3fd821283b70709 100644 (file)
@@ -26,6 +26,7 @@ struct flowi {
                struct {
                        struct in6_addr         daddr;
                        struct in6_addr         saddr;
+                       __u32                   fwmark;
                        __u32                   flowlabel;
                } ip6_u;
 
@@ -42,6 +43,7 @@ struct flowi {
 #define fld_scope      nl_u.dn_u.scope
 #define fl6_dst                nl_u.ip6_u.daddr
 #define fl6_src                nl_u.ip6_u.saddr
+#define fl6_fwmark     nl_u.ip6_u.fwmark
 #define fl6_flowlabel  nl_u.ip6_u.flowlabel
 #define fl4_dst                nl_u.ip4_u.daddr
 #define fl4_src                nl_u.ip4_u.saddr
index 21e0cc808f44e0ac9deac27674400d352ff3f342..a2d211da2abac43dd8f9807372f0d0c096cd0099 100644 (file)
@@ -173,3 +173,10 @@ config IPV6_MULTIPLE_TABLES
        ---help---
          Support multiple routing tables.
 
+config IPV6_ROUTE_FWMARK
+       bool "IPv6: use netfilter MARK value as routing key"
+       depends on IPV6_MULTIPLE_TABLES && NETFILTER
+       ---help---
+         If you say Y here, you will be able to specify different routes for
+         packets with different mark values (see iptables(8), MARK target).
+
index 91f6233d8efd47955b6aa9da1a0d850bf693075e..aebd9e2b85a881bfbca634063c085d527d3cbe2d 100644 (file)
@@ -26,6 +26,9 @@ struct fib6_rule
        struct fib_rule         common;
        struct rt6key           src;
        struct rt6key           dst;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+       u8                      fwmark;
+#endif
        u8                      tclass;
 };
 
@@ -124,6 +127,11 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
        if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff))
                return 0;
 
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+       if (r->fwmark && (r->fwmark != fl->fl6_fwmark))
+               return 0;
+#endif
+
        return 1;
 }
 
@@ -164,6 +172,11 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
                nla_memcpy(&rule6->dst.addr, tb[FRA_DST],
                           sizeof(struct in6_addr));
 
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+       if (tb[FRA_FWMARK])
+               rule6->fwmark = nla_get_u32(tb[FRA_FWMARK]);
+#endif
+
        rule6->src.plen = frh->src_len;
        rule6->dst.plen = frh->dst_len;
        rule6->tclass = frh->tos;
@@ -195,6 +208,11 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
            nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr)))
                return 0;
 
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+       if (tb[FRA_FWMARK] && (rule6->fwmark != nla_get_u32(tb[FRA_FWMARK])))
+               return 0;
+#endif
+
        return 1;
 }
 
@@ -216,6 +234,11 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
                NLA_PUT(skb, FRA_SRC, sizeof(struct in6_addr),
                        &rule6->src.addr);
 
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+       if (rule6->fwmark)
+               NLA_PUT_U32(skb, FRA_FWMARK, rule6->fwmark);
+#endif
+
        return 0;
 
 nla_put_failure:
index 20691285aee513035b657943fa972be7657cc592..649350bd9299932ad4bdeddb34c4ac0cdd390b4a 100644 (file)
@@ -703,6 +703,7 @@ void ip6_route_input(struct sk_buff *skb)
                        .ip6_u = {
                                .daddr = iph->daddr,
                                .saddr = iph->saddr,
+                               .fwmark = skb->nfmark,
                                .flowlabel = (* (u32 *) iph)&IPV6_FLOWINFO_MASK,
                        },
                },